diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2009-01-05 16:54:37 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2009-01-05 16:54:37 +0000 |
| commit | b0a6ad70a12b6949fdebffa8ca1650162bf0254a (patch) | |
| tree | 5f54962ab205dc20a48f8398bc39403f193b93ab /src/bin/pg_dump/pg_dump.c | |
| parent | f42a7f1e62d8fa8dc6a1e5cc351cd6ffa4ec1b22 (diff) | |
| download | postgresql-b0a6ad70a12b6949fdebffa8ca1650162bf0254a.tar.gz postgresql-b0a6ad70a12b6949fdebffa8ca1650162bf0254a.zip | |
Add a --role option to pg_dump, pg_dumpall, and pg_restore. This allows
performing dumps and restores in accordance with a security policy that
forbids logging in directly as superuser, but instead specifies that you
should log into an admin account and then SET ROLE to the superuser.
In passing, clean up some ugly and mostly-broken code for quoting shell
arguments in pg_dumpall.
Benedek László, with some help from Tom Lane
Diffstat (limited to 'src/bin/pg_dump/pg_dump.c')
| -rw-r--r-- | src/bin/pg_dump/pg_dump.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index 75ece39cc42..1935958dd3e 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -12,7 +12,7 @@ * by PostgreSQL * * IDENTIFICATION - * $PostgreSQL: pgsql/src/bin/pg_dump/pg_dump.c,v 1.511 2009/01/01 17:23:54 momjian Exp $ + * $PostgreSQL: pgsql/src/bin/pg_dump/pg_dump.c,v 1.512 2009/01/05 16:54:37 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -227,6 +227,7 @@ main(int argc, char **argv) bool outputBlobs = false; int outputNoOwner = 0; char *outputSuperuser = NULL; + char *use_role = NULL; int my_version; int optindex; RestoreOptions *ropt; @@ -274,6 +275,7 @@ main(int argc, char **argv) {"disable-triggers", no_argument, &disable_triggers, 1}, {"lock-wait-timeout", required_argument, NULL, 2}, {"no-tablespaces", no_argument, &outputNoTablespaces, 1}, + {"role", required_argument, NULL, 3}, {"use-set-session-authorization", no_argument, &use_setsessauth, 1}, {NULL, 0, NULL, 0} @@ -447,11 +449,14 @@ main(int argc, char **argv) /* This covers the long options equivalent to -X xxx. */ break; - case 2: - /* lock-wait-timeout */ + case 2: /* lock-wait-timeout */ lockWaitTimeout = optarg; break; + case 3: /* SET ROLE */ + use_role = optarg; + break; + default: fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname); exit(1); @@ -570,6 +575,16 @@ main(int argc, char **argv) std_strings = PQparameterStatus(g_conn, "standard_conforming_strings"); g_fout->std_strings = (std_strings && strcmp(std_strings, "on") == 0); + /* Set the role if requested */ + if (use_role && g_fout->remoteVersion >= 80100) + { + PQExpBuffer query = createPQExpBuffer(); + + appendPQExpBuffer(query, "SET ROLE %s", fmtId(use_role)); + do_sql_command(g_conn, query->data); + destroyPQExpBuffer(query); + } + /* Set the datestyle to ISO to ensure the dump's portability */ do_sql_command(g_conn, "SET DATESTYLE = ISO"); @@ -807,6 +822,7 @@ help(const char *progname) printf(_(" --disable-dollar-quoting disable dollar quoting, use SQL standard quoting\n")); printf(_(" --disable-triggers disable triggers during data-only restore\n")); printf(_(" --no-tablespaces do not dump tablespace assignments\n")); + printf(_(" --role=ROLENAME do SET ROLE before dump\n")); printf(_(" --use-set-session-authorization\n" " use SESSION AUTHORIZATION commands instead of\n" " ALTER OWNER commands to set ownership\n")); |