diff options
| author | Michael Paquier <michael@paquier.xyz> | 2023-10-12 09:24:17 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2023-10-12 09:24:17 +0900 |
| commit | e7689190b3d58404abbafe2d3312c3268a51cca3 (patch) | |
| tree | 4ce8a0d0de6b99fd05ca0ab526fa4ea863d8a4f4 /src/backend/utils/init/postinit.c | |
| parent | b6a77c6a6ccf698787201b001cbbbf9c89fe5715 (diff) | |
Add option to bgworkers to allow the bypass of role login check
This adds a new option called BGWORKER_BYPASS_ROLELOGINCHECK to the
flags available to BackgroundWorkerInitializeConnection() and
BackgroundWorkerInitializeConnectionByOid().
This gives the possibility to bgworkers to bypass the role login check,
making possible the use of a role that has no login rights while not
being a superuser. PostgresInit() gains a new flag called
INIT_PG_OVERRIDE_ROLE_LOGIN, taking advantage of the refactoring done in
4800a5dfb4c4.
Regression tests are added to worker_spi to check the behavior of this
new option with bgworkers.
Author: Bertrand Drouvot
Reviewed-by: Nathan Bossart, Michael Paquier, Bharath Rupireddy
Discussion: https://postgr.es/m/bcc36259-7850-4882-97ef-d6b905d2fc51@gmail.com
Diffstat (limited to 'src/backend/utils/init/postinit.c')
| -rw-r--r-- | src/backend/utils/init/postinit.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c index 449541e9422..e60ecd1e366 100644 --- a/src/backend/utils/init/postinit.c +++ b/src/backend/utils/init/postinit.c @@ -684,6 +684,7 @@ BaseInit(void) * flags: * - INIT_PG_LOAD_SESSION_LIBS to honor [session|local]_preload_libraries. * - INIT_PG_OVERRIDE_ALLOW_CONNS to connect despite !datallowconn. + * - INIT_PG_OVERRIDE_ROLE_LOGIN to connect despite !rolcanlogin. * out_dbname: optional output parameter, see below; pass NULL if not used * * The database can be specified by name, using the in_dbname parameter, or by @@ -901,7 +902,8 @@ InitPostgres(const char *in_dbname, Oid dboid, } else { - InitializeSessionUserId(username, useroid); + InitializeSessionUserId(username, useroid, + (flags & INIT_PG_OVERRIDE_ROLE_LOGIN) != 0); am_superuser = superuser(); } } @@ -910,7 +912,7 @@ InitPostgres(const char *in_dbname, Oid dboid, /* normal multiuser case */ Assert(MyProcPort != NULL); PerformAuthentication(MyProcPort); - InitializeSessionUserId(username, useroid); + InitializeSessionUserId(username, useroid, false); /* ensure that auth_method is actually valid, aka authn_id is not NULL */ if (MyClientConnectionInfo.authn_id) InitializeSystemUser(MyClientConnectionInfo.authn_id, |