diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2009-01-05 16:54:37 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2009-01-05 16:54:37 +0000 |
| commit | b0a6ad70a12b6949fdebffa8ca1650162bf0254a (patch) | |
| tree | 5f54962ab205dc20a48f8398bc39403f193b93ab /src/bin/pg_dump/pg_restore.c | |
| parent | f42a7f1e62d8fa8dc6a1e5cc351cd6ffa4ec1b22 (diff) | |
| download | postgresql-b0a6ad70a12b6949fdebffa8ca1650162bf0254a.tar.gz postgresql-b0a6ad70a12b6949fdebffa8ca1650162bf0254a.zip | |
Add a --role option to pg_dump, pg_dumpall, and pg_restore. This allows
performing dumps and restores in accordance with a security policy that
forbids logging in directly as superuser, but instead specifies that you
should log into an admin account and then SET ROLE to the superuser.
In passing, clean up some ugly and mostly-broken code for quoting shell
arguments in pg_dumpall.
Benedek László, with some help from Tom Lane
Diffstat (limited to 'src/bin/pg_dump/pg_restore.c')
| -rw-r--r-- | src/bin/pg_dump/pg_restore.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/src/bin/pg_dump/pg_restore.c b/src/bin/pg_dump/pg_restore.c index 95bb61b72fe..c0171fe8928 100644 --- a/src/bin/pg_dump/pg_restore.c +++ b/src/bin/pg_dump/pg_restore.c @@ -34,7 +34,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/bin/pg_dump/pg_restore.c,v 1.89 2008/12/11 07:34:08 petere Exp $ + * $PostgreSQL: pgsql/src/bin/pg_dump/pg_restore.c,v 1.90 2009/01/05 16:54:37 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -51,6 +51,9 @@ #include "getopt_long.h" +extern char *optarg; +extern int optind; + #ifndef HAVE_INT_OPTRESET int optreset; #endif @@ -72,8 +75,6 @@ main(int argc, char **argv) int exit_code; Archive *AH; char *inputFileSpec; - extern int optind; - extern char *optarg; static int disable_triggers = 0; static int no_data_for_failed_tables = 0; static int outputNoTablespaces = 0; @@ -114,6 +115,7 @@ main(int argc, char **argv) {"disable-triggers", no_argument, &disable_triggers, 1}, {"no-data-for-failed-tables", no_argument, &no_data_for_failed_tables, 1}, {"no-tablespaces", no_argument, &outputNoTablespaces, 1}, + {"role", required_argument, NULL, 2}, {"use-set-session-authorization", no_argument, &use_setsessauth, 1}, {NULL, 0, NULL, 0} @@ -261,13 +263,17 @@ main(int argc, char **argv) } break; + case '1': /* Restore data in a single transaction */ + opts->single_txn = true; + opts->exit_on_error = true; + break; + case 0: /* This covers the long options equivalent to -X xxx. */ break; - case '1': /* Restore data in a single transaction */ - opts->single_txn = true; - opts->exit_on_error = true; + case 2: /* SET ROLE */ + opts->use_role = optarg; break; default: @@ -405,6 +411,7 @@ usage(const char *progname) " do not restore data of tables that could not be\n" " created\n")); printf(_(" --no-tablespaces do not dump tablespace assignments\n")); + printf(_(" --role=ROLENAME do SET ROLE before restore\n")); printf(_(" --use-set-session-authorization\n" " use SESSION AUTHORIZATION commands instead of\n" " OWNER TO commands\n")); |