aboutsummaryrefslogtreecommitdiff
path: root/src/backend/commands/variable.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/backend/commands/variable.c')
-rw-r--r--src/backend/commands/variable.c35
1 files changed, 34 insertions, 1 deletions
diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c
index d0f1168570e..2c234071d21 100644
--- a/src/backend/commands/variable.c
+++ b/src/backend/commands/variable.c
@@ -9,7 +9,7 @@
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/commands/variable.c,v 1.124 2008/01/01 19:45:49 momjian Exp $
+ * $PostgreSQL: pgsql/src/backend/commands/variable.c,v 1.125 2008/01/03 21:23:15 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@@ -717,6 +717,21 @@ assign_session_authorization(const char *value, bool doit, GucSource source)
/* not a saved ID, so look it up */
HeapTuple roleTup;
+ if (InSecurityDefinerContext())
+ {
+ /*
+ * Disallow SET SESSION AUTHORIZATION inside a security definer
+ * context. We need to do this because when we exit the context,
+ * GUC won't be notified, leaving things out of sync. Note that
+ * this test is positioned so that restoring a previously saved
+ * setting isn't prevented.
+ */
+ ereport(GUC_complaint_elevel(source),
+ (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
+ errmsg("cannot set session authorization within security-definer function")));
+ return NULL;
+ }
+
if (!IsTransactionState())
{
/*
@@ -823,6 +838,24 @@ assign_role(const char *value, bool doit, GucSource source)
}
}
+ if (roleid == InvalidOid && InSecurityDefinerContext())
+ {
+ /*
+ * Disallow SET ROLE inside a security definer context. We need to do
+ * this because when we exit the context, GUC won't be notified,
+ * leaving things out of sync. Note that this test is arranged so
+ * that restoring a previously saved setting isn't prevented.
+ *
+ * XXX it would be nice to allow this case in future, with the
+ * behavior being that the SET ROLE's effects end when the security
+ * definer context is exited.
+ */
+ ereport(GUC_complaint_elevel(source),
+ (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
+ errmsg("cannot set role within security-definer function")));
+ return NULL;
+ }
+
if (roleid == InvalidOid &&
strcmp(actual_rolename, "none") != 0)
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-22 15:27:37 +0000