diff options
| author | Michael Paquier <michael@paquier.xyz> | 2020-06-14 12:40:37 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2020-06-14 12:40:37 +0900 |
| commit | cc072641d41c55c6aa24a331fc1f8029e0a8d799 (patch) | |
| tree | b2e41e350248c66fc5528a380150795ccc13f349 /contrib/test_decoding | |
| parent | 23cbeda50b94c817bed4f7d2127ee09c4e8c8b86 (diff) | |
Replace superuser check by ACLs for replication origin functions
This patch removes the hardcoded check for superuser privileges when
executing replication origin functions. Instead, execution is revoked
from public, meaning that those functions can be executed by a superuser
and that access to them can be granted.
Author: Martín Marqués
Reviewed-by: Kyotaro Horiguchi, Michael Paquier, Masahiko Sawada
Discussion: https:/postgr.es/m/CAPdiE1xJMZOKQL3dgHMUrPqysZkgwzSMXETfKkHYnBAB7-0VRQ@mail.gmail.com
Diffstat (limited to 'contrib/test_decoding')
| -rw-r--r-- | contrib/test_decoding/expected/replorigin.out | 29 | ||||
| -rw-r--r-- | contrib/test_decoding/sql/replorigin.sql | 18 |
2 files changed, 47 insertions, 0 deletions
diff --git a/contrib/test_decoding/expected/replorigin.out b/contrib/test_decoding/expected/replorigin.out index 3b249f4856f..80773187554 100644 --- a/contrib/test_decoding/expected/replorigin.out +++ b/contrib/test_decoding/expected/replorigin.out @@ -1,5 +1,34 @@ -- predictability SET synchronous_commit = on; +-- superuser required by default +CREATE ROLE regress_origin_replication REPLICATION; +SET ROLE regress_origin_replication; +SELECT pg_replication_origin_advance('regress_test_decoding: perm', '0/1'); +ERROR: permission denied for function pg_replication_origin_advance +SELECT pg_replication_origin_create('regress_test_decoding: perm'); +ERROR: permission denied for function pg_replication_origin_create +SELECT pg_replication_origin_drop('regress_test_decoding: perm'); +ERROR: permission denied for function pg_replication_origin_drop +SELECT pg_replication_origin_oid('regress_test_decoding: perm'); +ERROR: permission denied for function pg_replication_origin_oid +SELECT pg_replication_origin_progress('regress_test_decoding: perm', false); +ERROR: permission denied for function pg_replication_origin_progress +SELECT pg_replication_origin_session_is_setup(); +ERROR: permission denied for function pg_replication_origin_session_is_setup +SELECT pg_replication_origin_session_progress(false); +ERROR: permission denied for function pg_replication_origin_session_progress +SELECT pg_replication_origin_session_reset(); +ERROR: permission denied for function pg_replication_origin_session_reset +SELECT pg_replication_origin_session_setup('regress_test_decoding: perm'); +ERROR: permission denied for function pg_replication_origin_session_setup +SELECT pg_replication_origin_xact_reset(); +ERROR: permission denied for function pg_replication_origin_xact_reset +SELECT pg_replication_origin_xact_setup('0/1', '2013-01-01 00:00'); +ERROR: permission denied for function pg_replication_origin_xact_setup +SELECT pg_show_replication_origin_status(); +ERROR: permission denied for function pg_show_replication_origin_status +RESET ROLE; +DROP ROLE regress_origin_replication; CREATE TABLE origin_tbl(id serial primary key, data text); CREATE TABLE target_tbl(id serial primary key, data text); SELECT pg_replication_origin_create('regress_test_decoding: regression_slot'); diff --git a/contrib/test_decoding/sql/replorigin.sql b/contrib/test_decoding/sql/replorigin.sql index 8979b306160..b68f819fa1f 100644 --- a/contrib/test_decoding/sql/replorigin.sql +++ b/contrib/test_decoding/sql/replorigin.sql @@ -1,6 +1,24 @@ -- predictability SET synchronous_commit = on; +-- superuser required by default +CREATE ROLE regress_origin_replication REPLICATION; +SET ROLE regress_origin_replication; +SELECT pg_replication_origin_advance('regress_test_decoding: perm', '0/1'); +SELECT pg_replication_origin_create('regress_test_decoding: perm'); +SELECT pg_replication_origin_drop('regress_test_decoding: perm'); +SELECT pg_replication_origin_oid('regress_test_decoding: perm'); +SELECT pg_replication_origin_progress('regress_test_decoding: perm', false); +SELECT pg_replication_origin_session_is_setup(); +SELECT pg_replication_origin_session_progress(false); +SELECT pg_replication_origin_session_reset(); +SELECT pg_replication_origin_session_setup('regress_test_decoding: perm'); +SELECT pg_replication_origin_xact_reset(); +SELECT pg_replication_origin_xact_setup('0/1', '2013-01-01 00:00'); +SELECT pg_show_replication_origin_status(); +RESET ROLE; +DROP ROLE regress_origin_replication; + CREATE TABLE origin_tbl(id serial primary key, data text); CREATE TABLE target_tbl(id serial primary key, data text); |