*** pgsql/src/backend/utils/misc/guc.c 2008/07/06 19:49:02 1.360.2.3 --- pgsql/src/backend/utils/misc/guc.c 2009/09/03 22:08:32 1.360.2.4 *************** *** 10,16 **** * Written by Peter Eisentraut . * * IDENTIFICATION ! * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.360.2.2 2008/05/26 18:54:43 tgl Exp $ * *-------------------------------------------------------------------- */ --- 10,16 ---- * Written by Peter Eisentraut . * * IDENTIFICATION ! * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.360.2.3 2008/07/06 19:49:02 tgl Exp $ * *-------------------------------------------------------------------- */ *************** static struct config_string ConfigureNam *** 2077,2083 **** {"role", PGC_USERSET, UNGROUPED, gettext_noop("Sets the current role."), NULL, ! GUC_IS_NAME | GUC_NO_SHOW_ALL | GUC_NO_RESET_ALL | GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE }, &role_string, "none", assign_role, show_role --- 2077,2083 ---- {"role", PGC_USERSET, UNGROUPED, gettext_noop("Sets the current role."), NULL, ! GUC_IS_NAME | GUC_NO_SHOW_ALL | GUC_NO_RESET_ALL | GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE | GUC_NOT_WHILE_SEC_DEF }, &role_string, "none", assign_role, show_role *************** static struct config_string ConfigureNam *** 2088,2094 **** {"session_authorization", PGC_USERSET, UNGROUPED, gettext_noop("Sets the session user name."), NULL, ! GUC_IS_NAME | GUC_REPORT | GUC_NO_SHOW_ALL | GUC_NO_RESET_ALL | GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE }, &session_authorization_string, NULL, assign_session_authorization, show_session_authorization --- 2088,2094 ---- {"session_authorization", PGC_USERSET, UNGROUPED, gettext_noop("Sets the session user name."), NULL, ! GUC_IS_NAME | GUC_REPORT | GUC_NO_SHOW_ALL | GUC_NO_RESET_ALL | GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE | GUC_NOT_WHILE_SEC_DEF }, &session_authorization_string, NULL, assign_session_authorization, show_session_authorization *************** set_config_option(const char *name, cons *** 4026,4031 **** --- 4026,4057 ---- } /* + * Disallow changing GUC_NOT_WHILE_SEC_DEF values if we are inside a + * security-definer function. We can reject this regardless of + * the context or source, mainly because sources that it might be + * reasonable to override for won't be seen while inside a function. + * + * Note: variables marked GUC_NOT_WHILE_SEC_DEF should probably be marked + * GUC_NO_RESET_ALL as well, because ResetAllOptions() doesn't check this. + * + * Note: this flag is currently used for "session_authorization" and + * "role". We need to prohibit this because when we exit the sec-def + * context, GUC won't be notified, leaving things out of sync. + * + * XXX it would be nice to allow these cases in future, with the behavior + * being that the SET's effects end when the security definer context is + * exited. + */ + if ((record->flags & GUC_NOT_WHILE_SEC_DEF) && InSecurityDefinerContext()) + { + ereport(elevel, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("cannot set parameter \"%s\" within security-definer function", + name))); + return false; + } + + /* * Should we set reset/stacked values? (If so, the behavior is not * transactional.) */