pg_dump/pg_restore now always use SET SESSION AUTHORIZATION, not \connect,
to control object ownership. The use-set-session-authorization and no-reconnect switches are obsolete (still accepted on the command line, but they don't do anything). This is a precursor to fixing handling of CREATE SCHEMA, which will be a separate commit.
This commit is contained in:
parent
45de72b683
commit
6767cebc6f
|
@ -1,5 +1,5 @@
|
||||||
<!--
|
<!--
|
||||||
$Header: /cvsroot/pgsql/doc/src/sgml/ref/pg_dump.sgml,v 1.64 2003/09/11 21:42:20 momjian Exp $
|
$Header: /cvsroot/pgsql/doc/src/sgml/ref/pg_dump.sgml,v 1.65 2003/09/23 22:48:53 tgl Exp $
|
||||||
PostgreSQL documentation
|
PostgreSQL documentation
|
||||||
-->
|
-->
|
||||||
|
|
||||||
|
@ -318,16 +318,16 @@ PostgreSQL documentation
|
||||||
<term><option>--no-owner</option></term>
|
<term><option>--no-owner</option></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Do not output commands to set the
|
Do not output commands to set
|
||||||
object ownership to match the original database. Typically,
|
ownership of objects to match the original database.
|
||||||
<application>pg_dump</application> issues
|
By default, <application>pg_dump</application> issues
|
||||||
(<application>psql</application>-specific) <command>\connect</command>
|
<command>SET SESSION AUTHORIZATION</command>
|
||||||
statements to set ownership of schema elements. See also
|
statements to set ownership of created schema elements.
|
||||||
under <option>-R</option> and <option>-X
|
These statements
|
||||||
use-set-session-authorization</option>. Note that
|
will fail when the script is run unless it is started by a superuser
|
||||||
<option>-O</option> does not prevent all reconnections to the
|
(or the same user that owns all of the objects in the script).
|
||||||
database, only the ones that are exclusively used for
|
To make a script that can be restored by any user, but will give
|
||||||
ownership adjustments.
|
that user ownership of all the objects, specify <option>-O</>.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
|
@ -343,27 +343,8 @@ PostgreSQL documentation
|
||||||
<term><option>--no-reconnect</option></term>
|
<term><option>--no-reconnect</option></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Prohibit <application>pg_dump</application>
|
This option is obsolete but still accepted for backwards
|
||||||
from outputting a script that would require reconnections to
|
compatibility.
|
||||||
the database while being restored. An average restoration
|
|
||||||
script usually has to reconnect several times as different
|
|
||||||
users to set the original ownerships of the objects. This
|
|
||||||
option is a rather blunt instrument because it makes
|
|
||||||
<application>pg_dump</application> lose this ownership information,
|
|
||||||
<emphasis>unless</emphasis> you use the <option>-X
|
|
||||||
use-set-session-authorization</option> option.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
One possible reason why reconnections during restore might not
|
|
||||||
be desired is if the access to the database requires manual
|
|
||||||
interaction (e.g., passwords).
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
This option is only meaningful for the plain-text format. For
|
|
||||||
the other formats, you may specify the option when you
|
|
||||||
call <command>pg_restore</command>.
|
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
@ -385,8 +366,7 @@ PostgreSQL documentation
|
||||||
<para>
|
<para>
|
||||||
Specify the superuser user name to use when disabling triggers.
|
Specify the superuser user name to use when disabling triggers.
|
||||||
This is only relevant if <option>--disable-triggers</> is used.
|
This is only relevant if <option>--disable-triggers</> is used.
|
||||||
(Usually, it's better to specify
|
(Usually, it's better to leave this out, and instead start the
|
||||||
<option>--use-set-session-authorization</>, and then start the
|
|
||||||
resulting script as superuser.)
|
resulting script as superuser.)
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
@ -444,32 +424,10 @@ PostgreSQL documentation
|
||||||
<term><option>--use-set-session-authorization</></term>
|
<term><option>--use-set-session-authorization</></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Normally, if a (plain-text mode) script generated by
|
This option is obsolete but still accepted for backwards
|
||||||
<application>pg_dump</application> must alter the current database
|
compatibility.
|
||||||
user (e.g., to set correct object ownerships), it uses the
|
<application>pg_dump</application> now always behaves in the
|
||||||
<application>psql</application> <command>\connect</command> command.
|
way formerly selected by this option.
|
||||||
This command actually opens a new connection, which might
|
|
||||||
require manual interaction (e.g., passwords). If you use the
|
|
||||||
<option>-X use-set-session-authorization</option> option, then
|
|
||||||
<application>pg_dump</application> will instead output <xref
|
|
||||||
linkend="sql-set-session-authorization" endterm="sql-set-session-authorization-title"> commands. This has
|
|
||||||
the same effect, but it requires that the user restoring the
|
|
||||||
database from the generated script be a database superuser.
|
|
||||||
This option effectively overrides the <option>-R</option>
|
|
||||||
option.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
Since <xref linkend="sql-set-session-authorization" endterm="sql-set-session-authorization-title"> is a
|
|
||||||
standard SQL command, whereas <command>\connect</command> only
|
|
||||||
works in <application>psql</application>, this option also enhances
|
|
||||||
the theoretical portability of the output script.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
This option is only meaningful for the plain-text format. For
|
|
||||||
the other formats, you may specify the option when you
|
|
||||||
call <command>pg_restore</command>.
|
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
@ -490,10 +448,8 @@ PostgreSQL documentation
|
||||||
<para>
|
<para>
|
||||||
Presently, the commands emitted for <option>--disable-triggers</>
|
Presently, the commands emitted for <option>--disable-triggers</>
|
||||||
must be done as superuser. So, you should also specify
|
must be done as superuser. So, you should also specify
|
||||||
a superuser name with <option>-S</>, or preferably specify
|
a superuser name with <option>-S</>, or preferably be careful to
|
||||||
<option>--use-set-session-authorization</> and then be careful to
|
start the resulting script as a superuser.
|
||||||
start the resulting script as a superuser. If you give neither
|
|
||||||
option, the entire script must be run as superuser.
|
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
<!-- $Header: /cvsroot/pgsql/doc/src/sgml/ref/pg_restore.sgml,v 1.42 2003/09/11 21:42:20 momjian Exp $ -->
|
<!-- $Header: /cvsroot/pgsql/doc/src/sgml/ref/pg_restore.sgml,v 1.43 2003/09/23 22:48:53 tgl Exp $ -->
|
||||||
|
|
||||||
<refentry id="APP-PGRESTORE">
|
<refentry id="APP-PGRESTORE">
|
||||||
<refmeta>
|
<refmeta>
|
||||||
|
@ -261,10 +261,16 @@
|
||||||
<term><option>--no-owner</option></term>
|
<term><option>--no-owner</option></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Prevent any attempt to restore original object
|
Do not output commands to set
|
||||||
ownership. Objects will be owned by the user name used to
|
ownership of objects to match the original database.
|
||||||
attach to the database. See also under <option>-R</option> and
|
By default, <application>pg_restore</application> issues
|
||||||
<option>-X use-set-session-authorization</option>.
|
<command>SET SESSION AUTHORIZATION</command>
|
||||||
|
statements to set ownership of created schema elements.
|
||||||
|
These statements will fail unless the initial connection to the
|
||||||
|
database is made by a superuser
|
||||||
|
(or the same user that owns all of the objects in the script).
|
||||||
|
With <option>-O</option>, any user name can be used for the
|
||||||
|
initial connection, and this user will own all the created objects.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
@ -311,20 +317,8 @@
|
||||||
<term><option>--no-reconnect</option></term>
|
<term><option>--no-reconnect</option></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
While restoring an archive, <application>pg_restore</application>
|
This option is obsolete but still accepted for backwards
|
||||||
typically has to reconnect to the database several times with
|
compatibility.
|
||||||
different user names to set the correct ownership of the
|
|
||||||
created objects. If this is undesirable (e.g., because manual
|
|
||||||
interaction (passwords) would be necessary for each
|
|
||||||
reconnection), this option prevents
|
|
||||||
<application>pg_restore</application> from issuing any reconnection
|
|
||||||
requests. (A connection request while in plain text mode, not
|
|
||||||
connected to a database, is made by putting out a <xref
|
|
||||||
linkend="app-psql"> <command>\connect</command> command.)
|
|
||||||
However, this option is a rather blunt instrument because it
|
|
||||||
makes <application>pg_restore</application> lose all object ownership
|
|
||||||
information, <emphasis>unless</emphasis> you use the
|
|
||||||
<option>-X use-set-session-authorization</option> option.
|
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
@ -397,16 +391,10 @@
|
||||||
<term><option>--use-set-session-authorization</option></term>
|
<term><option>--use-set-session-authorization</option></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Normally, if restoring an archive requires altering the
|
This option is obsolete but still accepted for backwards
|
||||||
current database user (e.g., to set correct object
|
compatibility.
|
||||||
ownerships), a new connection to the database must be opened,
|
<application>pg_restore</application> now always behaves in the
|
||||||
which might require manual interaction (e.g., passwords). If
|
way formerly selected by this option.
|
||||||
you use the <option>-X use-set-session-authorization</option> option,
|
|
||||||
then <application>pg_restore</application> will instead use the <xref
|
|
||||||
linkend="sql-set-session-authorization" endterm="sql-set-session-authorization-title"> command. This has
|
|
||||||
the same effect, but it requires that the user restoring the
|
|
||||||
archive is a database superuser. This option effectively
|
|
||||||
overrides the <option>-R</option> option.
|
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
@ -428,8 +416,7 @@
|
||||||
Presently, the commands emitted for
|
Presently, the commands emitted for
|
||||||
<option>--disable-triggers</> must be done as superuser. So, you
|
<option>--disable-triggers</> must be done as superuser. So, you
|
||||||
should also specify a superuser name with <option>-S</>, or
|
should also specify a superuser name with <option>-S</>, or
|
||||||
preferably specify <option>--use-set-session-authorization</> and
|
preferably run <application>pg_restore</application> as a
|
||||||
run <application>pg_restore</application> as a
|
|
||||||
<productname>PostgreSQL</> superuser.
|
<productname>PostgreSQL</> superuser.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
*
|
*
|
||||||
*
|
*
|
||||||
* IDENTIFICATION
|
* IDENTIFICATION
|
||||||
* $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup.h,v 1.25 2003/08/28 20:21:34 tgl Exp $
|
* $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup.h,v 1.26 2003/09/23 22:48:53 tgl Exp $
|
||||||
*
|
*
|
||||||
*-------------------------------------------------------------------------
|
*-------------------------------------------------------------------------
|
||||||
*/
|
*/
|
||||||
|
@ -62,12 +62,7 @@ typedef int (*DataDumperPtr) (Archive *AH, char *oid, void *userArg);
|
||||||
typedef struct _restoreOptions
|
typedef struct _restoreOptions
|
||||||
{
|
{
|
||||||
int create; /* Issue commands to create the database */
|
int create; /* Issue commands to create the database */
|
||||||
int noOwner; /* Don't reconnect to database to match
|
int noOwner; /* Don't try to match original object owner */
|
||||||
* original object owner */
|
|
||||||
int noReconnect; /* Don't reconnect to database under any
|
|
||||||
* cirsumstances */
|
|
||||||
int use_setsessauth;/* use SET SESSSION AUTHORIZATION instead
|
|
||||||
* of \connect */
|
|
||||||
int disable_triggers; /* disable triggers during
|
int disable_triggers; /* disable triggers during
|
||||||
* data-only restore */
|
* data-only restore */
|
||||||
char *superuser; /* Username to use as superuser */
|
char *superuser; /* Username to use as superuser */
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
*
|
*
|
||||||
*
|
*
|
||||||
* IDENTIFICATION
|
* IDENTIFICATION
|
||||||
* $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_archiver.c,v 1.75 2003/08/28 20:21:34 tgl Exp $
|
* $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_archiver.c,v 1.76 2003/09/23 22:48:53 tgl Exp $
|
||||||
*
|
*
|
||||||
*-------------------------------------------------------------------------
|
*-------------------------------------------------------------------------
|
||||||
*/
|
*/
|
||||||
|
@ -49,8 +49,9 @@ static ArchiveHandle *_allocAH(const char *FileSpec, const ArchiveFormat fmt,
|
||||||
static int _printTocEntry(ArchiveHandle *AH, TocEntry *te, RestoreOptions *ropt, bool isData);
|
static int _printTocEntry(ArchiveHandle *AH, TocEntry *te, RestoreOptions *ropt, bool isData);
|
||||||
|
|
||||||
static void _doSetSessionAuth(ArchiveHandle *AH, const char *user);
|
static void _doSetSessionAuth(ArchiveHandle *AH, const char *user);
|
||||||
static void _reconnectAsOwner(ArchiveHandle *AH, const char *dbname, TocEntry *te);
|
static void _reconnectToDB(ArchiveHandle *AH, const char *dbname, const char *user);
|
||||||
static void _reconnectAsUser(ArchiveHandle *AH, const char *dbname, const char *user);
|
static void _becomeUser(ArchiveHandle *AH, const char *user);
|
||||||
|
static void _becomeOwner(ArchiveHandle *AH, TocEntry *te);
|
||||||
static void _selectOutputSchema(ArchiveHandle *AH, const char *schemaName);
|
static void _selectOutputSchema(ArchiveHandle *AH, const char *schemaName);
|
||||||
|
|
||||||
static teReqs _tocEntryRequired(TocEntry *te, RestoreOptions *ropt);
|
static teReqs _tocEntryRequired(TocEntry *te, RestoreOptions *ropt);
|
||||||
|
@ -144,10 +145,6 @@ RestoreArchive(Archive *AHX, RestoreOptions *ropt)
|
||||||
* initially connected to, not the one we will create, which is very
|
* initially connected to, not the one we will create, which is very
|
||||||
* bad...
|
* bad...
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if (ropt->create && ropt->noReconnect)
|
|
||||||
die_horribly(AH, modulename, "-C and -R are incompatible options\n");
|
|
||||||
|
|
||||||
if (ropt->create && ropt->dropSchema)
|
if (ropt->create && ropt->dropSchema)
|
||||||
die_horribly(AH, modulename, "-C and -c are incompatible options\n");
|
die_horribly(AH, modulename, "-C and -c are incompatible options\n");
|
||||||
|
|
||||||
|
@ -221,7 +218,7 @@ RestoreArchive(Archive *AHX, RestoreOptions *ropt)
|
||||||
/* We want the schema */
|
/* We want the schema */
|
||||||
ahlog(AH, 1, "dropping %s %s\n", te->desc, te->tag);
|
ahlog(AH, 1, "dropping %s %s\n", te->desc, te->tag);
|
||||||
/* Select owner and schema as necessary */
|
/* Select owner and schema as necessary */
|
||||||
_reconnectAsOwner(AH, NULL, te);
|
_becomeOwner(AH, te);
|
||||||
_selectOutputSchema(AH, te->namespace);
|
_selectOutputSchema(AH, te->namespace);
|
||||||
/* Drop it */
|
/* Drop it */
|
||||||
ahprintf(AH, "%s", te->dropStmt);
|
ahprintf(AH, "%s", te->dropStmt);
|
||||||
|
@ -260,7 +257,7 @@ RestoreArchive(Archive *AHX, RestoreOptions *ropt)
|
||||||
if (strcmp(te->desc, "DATABASE") == 0)
|
if (strcmp(te->desc, "DATABASE") == 0)
|
||||||
{
|
{
|
||||||
ahlog(AH, 1, "connecting to new database \"%s\" as user \"%s\"\n", te->tag, te->owner);
|
ahlog(AH, 1, "connecting to new database \"%s\" as user \"%s\"\n", te->tag, te->owner);
|
||||||
_reconnectAsUser(AH, te->tag, te->owner);
|
_reconnectToDB(AH, te->tag, te->owner);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -310,11 +307,8 @@ RestoreArchive(Archive *AHX, RestoreOptions *ropt)
|
||||||
{
|
{
|
||||||
_disableTriggersIfNecessary(AH, te, ropt);
|
_disableTriggersIfNecessary(AH, te, ropt);
|
||||||
|
|
||||||
/*
|
/* Select owner and schema as necessary */
|
||||||
* Reconnect if necessary (_disableTriggers may
|
_becomeOwner(AH, te);
|
||||||
* have reconnected)
|
|
||||||
*/
|
|
||||||
_reconnectAsOwner(AH, NULL, te);
|
|
||||||
_selectOutputSchema(AH, te->namespace);
|
_selectOutputSchema(AH, te->namespace);
|
||||||
|
|
||||||
ahlog(AH, 1, "restoring data for table \"%s\"\n", te->tag);
|
ahlog(AH, 1, "restoring data for table \"%s\"\n", te->tag);
|
||||||
|
@ -347,7 +341,7 @@ RestoreArchive(Archive *AHX, RestoreOptions *ropt)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
te = te->next;
|
te = te->next;
|
||||||
}
|
} /* end loop over TOC entries */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Now use blobs_xref (if used) to fixup any refs for tables that we
|
* Now use blobs_xref (if used) to fixup any refs for tables that we
|
||||||
|
@ -439,9 +433,6 @@ _canRestoreBlobs(ArchiveHandle *AH)
|
||||||
static void
|
static void
|
||||||
_disableTriggersIfNecessary(ArchiveHandle *AH, TocEntry *te, RestoreOptions *ropt)
|
_disableTriggersIfNecessary(ArchiveHandle *AH, TocEntry *te, RestoreOptions *ropt)
|
||||||
{
|
{
|
||||||
char *oldUser;
|
|
||||||
char *oldSchema;
|
|
||||||
|
|
||||||
/* This hack is only needed in a data-only restore */
|
/* This hack is only needed in a data-only restore */
|
||||||
if (!ropt->dataOnly || !ropt->disable_triggers)
|
if (!ropt->dataOnly || !ropt->disable_triggers)
|
||||||
return;
|
return;
|
||||||
|
@ -450,23 +441,12 @@ _disableTriggersIfNecessary(ArchiveHandle *AH, TocEntry *te, RestoreOptions *rop
|
||||||
if (te && strcmp(te->desc, "BLOBS") == 0)
|
if (te && strcmp(te->desc, "BLOBS") == 0)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
oldUser = strdup(AH->currUser);
|
|
||||||
oldSchema = strdup(AH->currSchema);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Become superuser if possible, since they are the only ones who can
|
* Become superuser if possible, since they are the only ones who can
|
||||||
* update pg_class. If -S was not given, but we are allowed to use
|
* update pg_class. If -S was not given, assume the initial user identity
|
||||||
* SET SESSION AUTHORIZATION, assume the initial user identity is a
|
* is a superuser.
|
||||||
* superuser. Otherwise we just have to bull ahead anyway.
|
|
||||||
*/
|
*/
|
||||||
if (ropt->superuser)
|
_becomeUser(AH, ropt->superuser);
|
||||||
{
|
|
||||||
_reconnectAsUser(AH, NULL, ropt->superuser);
|
|
||||||
/* be careful to preserve schema setting */
|
|
||||||
_selectOutputSchema(AH, oldSchema);
|
|
||||||
}
|
|
||||||
else if (AH->ropt->use_setsessauth)
|
|
||||||
_doSetSessionAuth(AH, NULL);
|
|
||||||
|
|
||||||
ahlog(AH, 1, "disabling triggers\n");
|
ahlog(AH, 1, "disabling triggers\n");
|
||||||
|
|
||||||
|
@ -487,28 +467,11 @@ _disableTriggersIfNecessary(ArchiveHandle *AH, TocEntry *te, RestoreOptions *rop
|
||||||
else
|
else
|
||||||
ahprintf(AH, "UPDATE pg_catalog.pg_class SET reltriggers = 0 FROM pg_catalog.pg_namespace "
|
ahprintf(AH, "UPDATE pg_catalog.pg_class SET reltriggers = 0 FROM pg_catalog.pg_namespace "
|
||||||
"WHERE relnamespace = pg_namespace.oid AND nspname !~ '^pg_';\n\n");
|
"WHERE relnamespace = pg_namespace.oid AND nspname !~ '^pg_';\n\n");
|
||||||
|
|
||||||
/*
|
|
||||||
* Restore original user and schema state.
|
|
||||||
*/
|
|
||||||
if (ropt->superuser)
|
|
||||||
{
|
|
||||||
_reconnectAsUser(AH, NULL, oldUser);
|
|
||||||
/* be careful to preserve schema setting */
|
|
||||||
_selectOutputSchema(AH, oldSchema);
|
|
||||||
}
|
|
||||||
else if (AH->ropt->use_setsessauth)
|
|
||||||
_doSetSessionAuth(AH, oldUser);
|
|
||||||
free(oldUser);
|
|
||||||
free(oldSchema);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
_enableTriggersIfNecessary(ArchiveHandle *AH, TocEntry *te, RestoreOptions *ropt)
|
_enableTriggersIfNecessary(ArchiveHandle *AH, TocEntry *te, RestoreOptions *ropt)
|
||||||
{
|
{
|
||||||
char *oldUser;
|
|
||||||
char *oldSchema;
|
|
||||||
|
|
||||||
/* This hack is only needed in a data-only restore */
|
/* This hack is only needed in a data-only restore */
|
||||||
if (!ropt->dataOnly || !ropt->disable_triggers)
|
if (!ropt->dataOnly || !ropt->disable_triggers)
|
||||||
return;
|
return;
|
||||||
|
@ -517,23 +480,12 @@ _enableTriggersIfNecessary(ArchiveHandle *AH, TocEntry *te, RestoreOptions *ropt
|
||||||
if (te && strcmp(te->desc, "BLOBS") == 0)
|
if (te && strcmp(te->desc, "BLOBS") == 0)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
oldUser = strdup(AH->currUser);
|
|
||||||
oldSchema = strdup(AH->currSchema);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Become superuser if possible, since they are the only ones who can
|
* Become superuser if possible, since they are the only ones who can
|
||||||
* update pg_class. If -S was not given, but we are allowed to use
|
* update pg_class. If -S was not given, assume the initial user identity
|
||||||
* SET SESSION AUTHORIZATION, assume the initial user identity is a
|
* is a superuser.
|
||||||
* superuser. Otherwise we just have to bull ahead anyway.
|
|
||||||
*/
|
*/
|
||||||
if (ropt->superuser)
|
_becomeUser(AH, ropt->superuser);
|
||||||
{
|
|
||||||
_reconnectAsUser(AH, NULL, ropt->superuser);
|
|
||||||
/* be careful to preserve schema setting */
|
|
||||||
_selectOutputSchema(AH, oldSchema);
|
|
||||||
}
|
|
||||||
else if (AH->ropt->use_setsessauth)
|
|
||||||
_doSetSessionAuth(AH, NULL);
|
|
||||||
|
|
||||||
ahlog(AH, 1, "enabling triggers\n");
|
ahlog(AH, 1, "enabling triggers\n");
|
||||||
|
|
||||||
|
@ -557,20 +509,6 @@ _enableTriggersIfNecessary(ArchiveHandle *AH, TocEntry *te, RestoreOptions *ropt
|
||||||
"(SELECT pg_catalog.count(*) FROM pg_catalog.pg_trigger where pg_class.oid = tgrelid) "
|
"(SELECT pg_catalog.count(*) FROM pg_catalog.pg_trigger where pg_class.oid = tgrelid) "
|
||||||
"FROM pg_catalog.pg_namespace "
|
"FROM pg_catalog.pg_namespace "
|
||||||
"WHERE relnamespace = pg_namespace.oid AND nspname !~ '^pg_';\n\n");
|
"WHERE relnamespace = pg_namespace.oid AND nspname !~ '^pg_';\n\n");
|
||||||
|
|
||||||
/*
|
|
||||||
* Restore original user and schema state.
|
|
||||||
*/
|
|
||||||
if (ropt->superuser)
|
|
||||||
{
|
|
||||||
_reconnectAsUser(AH, NULL, oldUser);
|
|
||||||
/* be careful to preserve schema setting */
|
|
||||||
_selectOutputSchema(AH, oldSchema);
|
|
||||||
}
|
|
||||||
else if (AH->ropt->use_setsessauth)
|
|
||||||
_doSetSessionAuth(AH, oldUser);
|
|
||||||
free(oldUser);
|
|
||||||
free(oldSchema);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -2087,8 +2025,8 @@ _tocEntryRequired(TocEntry *te, RestoreOptions *ropt)
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Issue a SET SESSION AUTHORIZATION command. Caller is responsible
|
* Issue a SET SESSION AUTHORIZATION command. Caller is responsible
|
||||||
* for updating state if appropriate. If user is NULL, the
|
* for updating state if appropriate. If user is NULL or an empty string,
|
||||||
* specification DEFAULT will be used.
|
* the specification DEFAULT will be used.
|
||||||
*/
|
*/
|
||||||
static void
|
static void
|
||||||
_doSetSessionAuth(ArchiveHandle *AH, const char *user)
|
_doSetSessionAuth(ArchiveHandle *AH, const char *user)
|
||||||
|
@ -2096,11 +2034,11 @@ _doSetSessionAuth(ArchiveHandle *AH, const char *user)
|
||||||
PQExpBuffer cmd = createPQExpBuffer();
|
PQExpBuffer cmd = createPQExpBuffer();
|
||||||
|
|
||||||
appendPQExpBuffer(cmd, "SET SESSION AUTHORIZATION ");
|
appendPQExpBuffer(cmd, "SET SESSION AUTHORIZATION ");
|
||||||
if (user)
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* SQL requires a string literal here. Might as well be correct.
|
* SQL requires a string literal here. Might as well be correct.
|
||||||
*/
|
*/
|
||||||
|
if (user && *user)
|
||||||
appendStringLiteral(cmd, user, false);
|
appendStringLiteral(cmd, user, false);
|
||||||
else
|
else
|
||||||
appendPQExpBuffer(cmd, "DEFAULT");
|
appendPQExpBuffer(cmd, "DEFAULT");
|
||||||
|
@ -2126,34 +2064,17 @@ _doSetSessionAuth(ArchiveHandle *AH, const char *user)
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Issue the commands to connect to the database as the specified user
|
* Issue the commands to connect to the specified database
|
||||||
* to the specified database. The database name may be NULL, then the
|
* as the specified user.
|
||||||
* current database is kept. If reconnects were disallowed by the
|
|
||||||
* user, this won't do anything.
|
|
||||||
*
|
*
|
||||||
* If we're currently restoring right into a database, this will
|
* If we're currently restoring right into a database, this will
|
||||||
* actually establish a connection. Otherwise it puts a \connect into
|
* actually establish a connection. Otherwise it puts a \connect into
|
||||||
* the script output.
|
* the script output.
|
||||||
*/
|
*/
|
||||||
static void
|
static void
|
||||||
_reconnectAsUser(ArchiveHandle *AH, const char *dbname, const char *user)
|
_reconnectToDB(ArchiveHandle *AH, const char *dbname, const char *user)
|
||||||
{
|
{
|
||||||
if (!user || strlen(user) == 0
|
if (RestoringToDB(AH))
|
||||||
|| (strcmp(AH->currUser, user) == 0 && !dbname))
|
|
||||||
return; /* no need to do anything */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Use SET SESSION AUTHORIZATION if allowed and no database change
|
|
||||||
* needed
|
|
||||||
*/
|
|
||||||
if (!dbname && AH->ropt->use_setsessauth)
|
|
||||||
_doSetSessionAuth(AH, user);
|
|
||||||
else if (AH->ropt && AH->ropt->noReconnect)
|
|
||||||
{
|
|
||||||
/* When -R was given, don't do anything. */
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
else if (RestoringToDB(AH))
|
|
||||||
ReconnectToServer(AH, dbname, user);
|
ReconnectToServer(AH, dbname, user);
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -2167,11 +2088,6 @@ _reconnectAsUser(ArchiveHandle *AH, const char *dbname, const char *user)
|
||||||
ahprintf(AH, qry->data);
|
ahprintf(AH, qry->data);
|
||||||
|
|
||||||
destroyPQExpBuffer(qry);
|
destroyPQExpBuffer(qry);
|
||||||
|
|
||||||
/* don't assume we still know the output schema */
|
|
||||||
if (AH->currSchema)
|
|
||||||
free(AH->currSchema);
|
|
||||||
AH->currSchema = strdup("");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -2182,21 +2098,50 @@ _reconnectAsUser(ArchiveHandle *AH, const char *dbname, const char *user)
|
||||||
free(AH->currUser);
|
free(AH->currUser);
|
||||||
|
|
||||||
AH->currUser = strdup(user);
|
AH->currUser = strdup(user);
|
||||||
|
|
||||||
|
/* don't assume we still know the output schema */
|
||||||
|
if (AH->currSchema)
|
||||||
|
free(AH->currSchema);
|
||||||
|
AH->currSchema = strdup("");
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Become the specified user, and update state to avoid redundant commands
|
||||||
|
*
|
||||||
|
* NULL or empty argument is taken to mean restoring the session default
|
||||||
|
*/
|
||||||
|
static void
|
||||||
|
_becomeUser(ArchiveHandle *AH, const char *user)
|
||||||
|
{
|
||||||
|
if (!user)
|
||||||
|
user = ""; /* avoid null pointers */
|
||||||
|
|
||||||
|
if (AH->currUser && strcmp(AH->currUser, user) == 0)
|
||||||
|
return; /* no need to do anything */
|
||||||
|
|
||||||
|
_doSetSessionAuth(AH, user);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* NOTE: currUser keeps track of what the imaginary session user in
|
||||||
|
* our script is
|
||||||
|
*/
|
||||||
|
if (AH->currUser)
|
||||||
|
free(AH->currUser);
|
||||||
|
|
||||||
|
AH->currUser = strdup(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Issues the commands to connect to the database (or the current one,
|
* Become the owner of the the given TOC entry object. If
|
||||||
* if NULL) as the owner of the the given TOC entry object. If
|
|
||||||
* changes in ownership are not allowed, this doesn't do anything.
|
* changes in ownership are not allowed, this doesn't do anything.
|
||||||
*/
|
*/
|
||||||
static void
|
static void
|
||||||
_reconnectAsOwner(ArchiveHandle *AH, const char *dbname, TocEntry *te)
|
_becomeOwner(ArchiveHandle *AH, TocEntry *te)
|
||||||
{
|
{
|
||||||
if (AH->ropt && AH->ropt->noOwner)
|
if (AH->ropt && AH->ropt->noOwner)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
_reconnectAsUser(AH, dbname, te->owner);
|
_becomeUser(AH, te->owner);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -2250,7 +2195,7 @@ _printTocEntry(ArchiveHandle *AH, TocEntry *te, RestoreOptions *ropt, bool isDat
|
||||||
char *pfx;
|
char *pfx;
|
||||||
|
|
||||||
/* Select owner and schema as necessary */
|
/* Select owner and schema as necessary */
|
||||||
_reconnectAsOwner(AH, NULL, te);
|
_becomeOwner(AH, te);
|
||||||
_selectOutputSchema(AH, te->namespace);
|
_selectOutputSchema(AH, te->namespace);
|
||||||
|
|
||||||
if (isData)
|
if (isData)
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
* by PostgreSQL
|
* by PostgreSQL
|
||||||
*
|
*
|
||||||
* IDENTIFICATION
|
* IDENTIFICATION
|
||||||
* $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_dump.c,v 1.348 2003/09/22 00:23:34 petere Exp $
|
* $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_dump.c,v 1.349 2003/09/23 22:48:53 tgl Exp $
|
||||||
*
|
*
|
||||||
*-------------------------------------------------------------------------
|
*-------------------------------------------------------------------------
|
||||||
*/
|
*/
|
||||||
|
@ -174,7 +174,6 @@ main(int argc, char **argv)
|
||||||
int outputCreate = 0;
|
int outputCreate = 0;
|
||||||
int outputBlobs = 0;
|
int outputBlobs = 0;
|
||||||
int outputNoOwner = 0;
|
int outputNoOwner = 0;
|
||||||
int outputNoReconnect = 0;
|
|
||||||
static int use_setsessauth = 0;
|
static int use_setsessauth = 0;
|
||||||
static int disable_triggers = 0;
|
static int disable_triggers = 0;
|
||||||
char *outputSuperuser = NULL;
|
char *outputSuperuser = NULL;
|
||||||
|
@ -322,8 +321,8 @@ main(int argc, char **argv)
|
||||||
pgport = optarg;
|
pgport = optarg;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'R': /* No reconnect */
|
case 'R':
|
||||||
outputNoReconnect = 1;
|
/* no-op, still accepted for backwards compatibility */
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 's': /* dump schema only */
|
case 's': /* dump schema only */
|
||||||
|
@ -369,7 +368,7 @@ main(int argc, char **argv)
|
||||||
*/
|
*/
|
||||||
case 'X':
|
case 'X':
|
||||||
if (strcmp(optarg, "use-set-session-authorization") == 0)
|
if (strcmp(optarg, "use-set-session-authorization") == 0)
|
||||||
use_setsessauth = 1;
|
/* no-op, still allowed for compatibility */ ;
|
||||||
else if (strcmp(optarg, "disable-triggers") == 0)
|
else if (strcmp(optarg, "disable-triggers") == 0)
|
||||||
disable_triggers = 1;
|
disable_triggers = 1;
|
||||||
else
|
else
|
||||||
|
@ -585,8 +584,6 @@ main(int argc, char **argv)
|
||||||
ropt->superuser = outputSuperuser;
|
ropt->superuser = outputSuperuser;
|
||||||
ropt->create = outputCreate;
|
ropt->create = outputCreate;
|
||||||
ropt->noOwner = outputNoOwner;
|
ropt->noOwner = outputNoOwner;
|
||||||
ropt->noReconnect = outputNoReconnect;
|
|
||||||
ropt->use_setsessauth = use_setsessauth;
|
|
||||||
ropt->disable_triggers = disable_triggers;
|
ropt->disable_triggers = disable_triggers;
|
||||||
|
|
||||||
if (compressLevel == -1)
|
if (compressLevel == -1)
|
||||||
|
@ -633,18 +630,13 @@ help(const char *progname)
|
||||||
printf(_(" -D, --column-inserts dump data as INSERT commands with column names\n"));
|
printf(_(" -D, --column-inserts dump data as INSERT commands with column names\n"));
|
||||||
printf(_(" -n, --schema=SCHEMA dump the named schema only\n"));
|
printf(_(" -n, --schema=SCHEMA dump the named schema only\n"));
|
||||||
printf(_(" -o, --oids include OIDs in dump\n"));
|
printf(_(" -o, --oids include OIDs in dump\n"));
|
||||||
printf(_(" -O, --no-owner do not output \\connect commands in plain\n"
|
printf(_(" -O, --no-owner do not output commands to set object ownership\n"
|
||||||
" text format\n"));
|
" in plain text format\n"));
|
||||||
printf(_(" -R, --no-reconnect disable ALL reconnections to the database in\n"
|
|
||||||
" plain text format\n"));
|
|
||||||
printf(_(" -s, --schema-only dump only the schema, no data\n"));
|
printf(_(" -s, --schema-only dump only the schema, no data\n"));
|
||||||
printf(_(" -S, --superuser=NAME specify the superuser user name to use in\n"
|
printf(_(" -S, --superuser=NAME specify the superuser user name to use in\n"
|
||||||
" plain text format\n"));
|
" plain text format\n"));
|
||||||
printf(_(" -t, --table=TABLE dump the named table only\n"));
|
printf(_(" -t, --table=TABLE dump the named table only\n"));
|
||||||
printf(_(" -x, --no-privileges do not dump privileges (grant/revoke)\n"));
|
printf(_(" -x, --no-privileges do not dump privileges (grant/revoke)\n"));
|
||||||
printf(_(" -X use-set-session-authorization, --use-set-session-authorization\n"
|
|
||||||
" output SET SESSION AUTHORIZATION commands rather\n"
|
|
||||||
" than \\connect commands\n"));
|
|
||||||
printf(_(" -X disable-triggers, --disable-triggers\n"
|
printf(_(" -X disable-triggers, --disable-triggers\n"
|
||||||
" disable triggers during data-only restore\n"));
|
" disable triggers during data-only restore\n"));
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
* Portions Copyright (c) 1994, Regents of the University of California
|
* Portions Copyright (c) 1994, Regents of the University of California
|
||||||
*
|
*
|
||||||
*
|
*
|
||||||
* $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_dumpall.c,v 1.27 2003/08/07 21:11:58 tgl Exp $
|
* $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_dumpall.c,v 1.28 2003/09/23 22:48:53 tgl Exp $
|
||||||
*
|
*
|
||||||
*-------------------------------------------------------------------------
|
*-------------------------------------------------------------------------
|
||||||
*/
|
*/
|
||||||
|
@ -659,8 +659,7 @@ runPgDump(const char *dbname)
|
||||||
const char *p;
|
const char *p;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
appendPQExpBuffer(cmd, "%s %s -X use-set-session-authorization -Fp '",
|
appendPQExpBuffer(cmd, "%s %s -Fp '", pgdumploc, pgdumpopts->data);
|
||||||
pgdumploc, pgdumpopts->data);
|
|
||||||
|
|
||||||
/* Shell quoting is not quite like SQL quoting, so can't use fmtId */
|
/* Shell quoting is not quite like SQL quoting, so can't use fmtId */
|
||||||
for (p = dbname; *p; p++)
|
for (p = dbname; *p; p++)
|
||||||
|
|
|
@ -34,7 +34,7 @@
|
||||||
*
|
*
|
||||||
*
|
*
|
||||||
* IDENTIFICATION
|
* IDENTIFICATION
|
||||||
* $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_restore.c,v 1.51 2003/08/28 20:21:34 tgl Exp $
|
* $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_restore.c,v 1.52 2003/09/23 22:48:53 tgl Exp $
|
||||||
*
|
*
|
||||||
*-------------------------------------------------------------------------
|
*-------------------------------------------------------------------------
|
||||||
*/
|
*/
|
||||||
|
@ -209,7 +209,7 @@ main(int argc, char **argv)
|
||||||
opts->rearrange = 1;
|
opts->rearrange = 1;
|
||||||
break;
|
break;
|
||||||
case 'R':
|
case 'R':
|
||||||
opts->noReconnect = 1;
|
/* no-op, still accepted for backwards compatibility */
|
||||||
break;
|
break;
|
||||||
case 'P': /* Function */
|
case 'P': /* Function */
|
||||||
opts->selTypes = 1;
|
opts->selTypes = 1;
|
||||||
|
@ -262,7 +262,7 @@ main(int argc, char **argv)
|
||||||
|
|
||||||
case 'X':
|
case 'X':
|
||||||
if (strcmp(optarg, "use-set-session-authorization") == 0)
|
if (strcmp(optarg, "use-set-session-authorization") == 0)
|
||||||
use_setsessauth = 1;
|
/* no-op, still allowed for compatibility */ ;
|
||||||
else if (strcmp(optarg, "disable-triggers") == 0)
|
else if (strcmp(optarg, "disable-triggers") == 0)
|
||||||
disable_triggers = 1;
|
disable_triggers = 1;
|
||||||
else
|
else
|
||||||
|
@ -290,7 +290,6 @@ main(int argc, char **argv)
|
||||||
else
|
else
|
||||||
fileSpec = NULL;
|
fileSpec = NULL;
|
||||||
|
|
||||||
opts->use_setsessauth = use_setsessauth;
|
|
||||||
opts->disable_triggers = disable_triggers;
|
opts->disable_triggers = disable_triggers;
|
||||||
|
|
||||||
if (opts->formatName)
|
if (opts->formatName)
|
||||||
|
@ -378,21 +377,16 @@ usage(const char *progname)
|
||||||
" output from this file\n"));
|
" output from this file\n"));
|
||||||
printf(_(" -N, --orig-order restore in original dump order\n"));
|
printf(_(" -N, --orig-order restore in original dump order\n"));
|
||||||
printf(_(" -o, --oid-order restore in OID order\n"));
|
printf(_(" -o, --oid-order restore in OID order\n"));
|
||||||
printf(_(" -O, --no-owner do not reconnect to database to match\n"
|
printf(_(" -O, --no-owner do not output commands to set object ownership\n"));
|
||||||
" object owner\n"));
|
|
||||||
printf(_(" -P, --function=NAME(args)\n"
|
printf(_(" -P, --function=NAME(args)\n"
|
||||||
" restore named function\n"));
|
" restore named function\n"));
|
||||||
printf(_(" -r, --rearrange rearrange output to put indexes etc. at end\n"));
|
printf(_(" -r, --rearrange rearrange output to put indexes etc. at end\n"));
|
||||||
printf(_(" -R, --no-reconnect disallow ALL reconnections to the database\n"));
|
|
||||||
printf(_(" -s, --schema-only restore only the schema, no data\n"));
|
printf(_(" -s, --schema-only restore only the schema, no data\n"));
|
||||||
printf(_(" -S, --superuser=NAME specify the superuser user name to use for\n"
|
printf(_(" -S, --superuser=NAME specify the superuser user name to use for\n"
|
||||||
" disabling triggers\n"));
|
" disabling triggers\n"));
|
||||||
printf(_(" -t, --table=NAME restore named table\n"));
|
printf(_(" -t, --table=NAME restore named table\n"));
|
||||||
printf(_(" -T, --trigger=NAME restore named trigger\n"));
|
printf(_(" -T, --trigger=NAME restore named trigger\n"));
|
||||||
printf(_(" -x, --no-privileges skip restoration of access privileges (grant/revoke)\n"));
|
printf(_(" -x, --no-privileges skip restoration of access privileges (grant/revoke)\n"));
|
||||||
printf(_(" -X use-set-session-authorization, --use-set-session-authorization\n"
|
|
||||||
" use SET SESSION AUTHORIZATION commands instead\n"
|
|
||||||
" of reconnecting, if possible\n"));
|
|
||||||
printf(_(" -X disable-triggers, --disable-triggers\n"
|
printf(_(" -X disable-triggers, --disable-triggers\n"
|
||||||
" disable triggers during data-only restore\n"));
|
" disable triggers during data-only restore\n"));
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue