Reserve the "pg_" namespace for roles

This will prevent users from creating roles which begin with "pg_" and will check for those roles before allowing an upgrade using pg_upgrade. This will allow for default roles to be provided at initdb time. Reviews by José Luis Tallón and Robert Haas
author: Stephen Frost <sfrost@snowman.net> 2016-04-08 16:56:27 -0400
committer: Stephen Frost <sfrost@snowman.net> 2016-04-08 16:56:27 -0400
commit: 293007898d3fa5a815c1c5814df53627553f114d (patch)
tree: 462f41b12ee37a4f0de5b6707bd49b734cb24668 /src/backend/commands/variable.c
parent: fa6075e5515c6878b2c1fe1c6435dd7ed847857d (diff)
download: postgresql-293007898d3fa5a815c1c5814df53627553f114d.tar.gz
postgresql-293007898d3fa5a815c1c5814df53627553f114d.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c
index f801faacd29..57da0149d9f 100644
--- a/src/backend/commands/variable.c
+++ b/src/backend/commands/variable.c
@@ -854,6 +854,9 @@ check_role(char **newval, void **extra, GucSource source)
 		roleid = InvalidOid;
 		is_superuser = false;
 	}
+	/* Do not allow setting role to a reserved role. */
+	else if (strncmp(*newval, "pg_", 3) == 0)
+		return false;
 	else
 	{
 		if (!IsTransactionState())
author	Stephen Frost <sfrost@snowman.net>	2016-04-08 16:56:27 -0400
committer	Stephen Frost <sfrost@snowman.net>	2016-04-08 16:56:27 -0400
commit	293007898d3fa5a815c1c5814df53627553f114d (patch)
tree	462f41b12ee37a4f0de5b6707bd49b734cb24668 /src/backend/commands/variable.c
parent	fa6075e5515c6878b2c1fe1c6435dd7ed847857d (diff)
download	postgresql-293007898d3fa5a815c1c5814df53627553f114d.tar.gz postgresql-293007898d3fa5a815c1c5814df53627553f114d.zip