Reserve the "pg_" namespace for roles

This will prevent users from creating roles which begin with "pg_" and
will check for those roles before allowing an upgrade using pg_upgrade.

This will allow for default roles to be provided at initdb time.

Reviews by José Luis Tallón and Robert Haas

1 files changed, 13 insertions, 0 deletions

diff --git a/src/backend/commands/foreigncmds.c b/src/backend/commands/foreigncmds.c
index 804bab2e1f5..88cefb7f958 100644
--- a/src/backend/commands/foreigncmds.c
+++ b/src/backend/commands/foreigncmds.c
@@ -1148,6 +1148,10 @@ CreateUserMapping(CreateUserMappingStmt *stmt)
 	else
 		useId = get_rolespec_oid(stmt->user, false);
 
+	/* Additional check to protect reserved role names */
+	check_rolespec_name(stmt->user,
+						"Cannot specify reserved role as mapping user.");
+
 	/* Check that the server exists. */
 	srv = GetForeignServerByName(stmt->servername, false);
 
@@ -1248,6 +1252,10 @@ AlterUserMapping(AlterUserMappingStmt *stmt)
 	else
 		useId = get_rolespec_oid(stmt->user, false);
 
+	/* Additional check to protect reserved role names */
+	check_rolespec_name(stmt->user,
+						"Cannot alter reserved role mapping user.");
+
 	srv = GetForeignServerByName(stmt->servername, false);
 
 	umId = GetSysCacheOid2(USERMAPPINGUSERSERVER,
@@ -1337,6 +1345,11 @@ RemoveUserMapping(DropUserMappingStmt *stmt)
 	else
 	{
 		useId = get_rolespec_oid(stmt->user, stmt->missing_ok);
+
+		/* Additional check to protect reserved role names */
+		check_rolespec_name(stmt->user,
+							"Cannot remove reserved role mapping user.");
+
 		if (!OidIsValid(useId))
 		{
 			/*