|
25 | 25 | #include"xact_handling.h" |
26 | 26 |
|
27 | 27 | #include"access/transam.h" |
| 28 | +#include"catalog/pg_authid.h" |
28 | 29 | #include"miscadmin.h" |
29 | 30 | #include"optimizer/cost.h" |
30 | 31 | #include"optimizer/restrictinfo.h" |
@@ -567,14 +568,35 @@ pathman_post_parse_analysis_hook(ParseState *pstate, Query *query) |
567 | 568 | /* Check that pg_pathman is the last extension loaded */ |
568 | 569 | if (post_parse_analyze_hook!=pathman_post_parse_analysis_hook) |
569 | 570 | { |
570 | | -char*spl_value;/* value of "shared_preload_libraries" GUC */ |
| 571 | +Oidsave_userid; |
| 572 | +intsave_sec_context; |
| 573 | +boolneed_priv_escalation= !superuser();/* we might be a SU */ |
| 574 | +char*spl_value;/* value of "shared_preload_libraries" GUC */ |
571 | 575 |
|
| 576 | +/* Do we have to escalate privileges? */ |
| 577 | +if (need_priv_escalation) |
| 578 | +{ |
| 579 | +/* Get current user's Oid and security context */ |
| 580 | +GetUserIdAndSecContext(&save_userid,&save_sec_context); |
| 581 | + |
| 582 | +/* Become superuser in order to bypass sequence ACL checks */ |
| 583 | +SetUserIdAndSecContext(BOOTSTRAP_SUPERUSERID, |
| 584 | +save_sec_context |SECURITY_LOCAL_USERID_CHANGE); |
| 585 | +} |
| 586 | + |
| 587 | +/* TODO: add a test for this case (non-privileged user etc) */ |
| 588 | + |
| 589 | +/* Only SU can read this GUC */ |
572 | 590 | #ifPG_VERSION_NUM >=90600 |
573 | 591 | spl_value=GetConfigOptionByName("shared_preload_libraries",NULL, false); |
574 | 592 | #else |
575 | 593 | spl_value=GetConfigOptionByName("shared_preload_libraries",NULL); |
576 | 594 | #endif |
577 | 595 |
|
| 596 | +/* Restore user's privileges */ |
| 597 | +if (need_priv_escalation) |
| 598 | +SetUserIdAndSecContext(save_userid,save_sec_context); |
| 599 | + |
578 | 600 | ereport(ERROR, |
579 | 601 | (errmsg("extension conflict has been detected"), |
580 | 602 | errdetail("shared_preload_libraries = \"%s\"",spl_value), |
|