Reserve the "pg_" namespace for roles

This will prevent users from creating roles which begin with "pg_" and will check for those roles before allowing an upgrade using pg_upgrade. This will allow for default roles to be provided at initdb time. Reviews by José Luis Tallón and Robert Haas
author: Stephen Frost 2016-04-08 20:56:27 +0000
committer: Stephen Frost 2016-04-08 20:56:27 +0000
commit: 293007898d3fa5a815c1c5814df53627553f114d (patch)
tree: 462f41b12ee37a4f0de5b6707bd49b734cb24668 /src/backend/commands/schemacmds.c
parent: fa6075e5515c6878b2c1fe1c6435dd7ed847857d (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/backend/commands/schemacmds.c b/src/backend/commands/schemacmds.c
index a60ceb8eba7..dea3299ced5 100644
--- a/src/backend/commands/schemacmds.c
+++ b/src/backend/commands/schemacmds.c
@@ -65,6 +65,10 @@ CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString)
 	else
 		owner_uid = saved_uid;
 
+	/* Additional check to protect reserved role names */
+	check_rolespec_name(stmt->authrole,
+						"Cannot specify reserved role as owner.");
+
 	/* fill schema name with the user name if not specified */
 	if (!schemaName)
 	{
author	Stephen Frost	2016-04-08 20:56:27 +0000
committer	Stephen Frost	2016-04-08 20:56:27 +0000
commit	293007898d3fa5a815c1c5814df53627553f114d (patch)
tree	462f41b12ee37a4f0de5b6707bd49b734cb24668 /src/backend/commands/schemacmds.c
parent	fa6075e5515c6878b2c1fe1c6435dd7ed847857d (diff)