From ad11556f52297605a2a4a8ed2ff7cfb682992aad Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Tue, 19 May 2020 14:45:27 +0200 Subject: [PATCH] Disallow --role combined with --use-set-session-authorization These options are not compatible, so make sure to disallow them being used in conjunction. --- src/bin/pg_dump/pg_restore.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/bin/pg_dump/pg_restore.c b/src/bin/pg_dump/pg_restore.c index 544ae3bc5c..c9002ef468 100644 --- a/src/bin/pg_dump/pg_restore.c +++ b/src/bin/pg_dump/pg_restore.c @@ -334,6 +334,19 @@ main(int argc, char **argv) exit_nicely(1); } + /* + * The first SET SESSION AUTHORIZATION command will override the SET ROLE + * command, making these options incompatible. SET SESSION AUTHORIZATION + * also insists on the originally authenticated user be a superuser, which + * goes against the usecase for --role which is to start the restore from + * a non-superuser role. + */ + if (use_setsessauth && opts->use_role) + { + pg_log_error("options --role and --use-set-session-authorization cannot be used together"); + exit_nicely(1); + } + /* * -C is not compatible with -1, because we can't create a database inside * a transaction block. -- 2.21.1 (Apple Git-122.3)