diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml
index 96cb9185c2..41e3e1b547 100644
--- a/doc/src/sgml/catalogs.sgml
+++ b/doc/src/sgml/catalogs.sgml
@@ -6324,9 +6324,8 @@
- Access to this catalog is restricted from normal users. Normal users can
- use the view to get some information
- about subscriptions.
+ Access to the column subconninfo is revoked from
+ normal users, because it could contain plain-text passwords.
diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql
index ada542c530..ba980de86b 100644
--- a/src/backend/catalog/system_views.sql
+++ b/src/backend/catalog/system_views.sql
@@ -900,7 +900,11 @@ CREATE VIEW pg_replication_origin_status AS
REVOKE ALL ON pg_replication_origin_status FROM public;
+-- All columns of pg_subscription except subconninfo are readable.
REVOKE ALL ON pg_subscription FROM public;
+GRANT SELECT (subdbid, subname, subowner, subenabled, subslotname, subpublications)
+ ON pg_subscription TO public;
+
--
-- We have a few function definitions in here, too.
diff --git a/src/bin/psql/tab-complete.c b/src/bin/psql/tab-complete.c
index 115cb5ce71..4a65ff5b62 100644
--- a/src/bin/psql/tab-complete.c
+++ b/src/bin/psql/tab-complete.c
@@ -845,6 +845,18 @@ static const SchemaQuery Query_for_list_of_matviews = {
" FROM pg_catalog.pg_am "\
" WHERE substring(pg_catalog.quote_ident(amname),1,%d)='%s'"
+#define Query_for_list_of_publications \
+" SELECT pg_catalog.quote_ident(pubname) "\
+" FROM pg_catalog.pg_publication "\
+" WHERE substring(pg_catalog.quote_ident(pubname),1,%d)='%s'"
+
+#define Query_for_list_of_subscriptions \
+" SELECT pg_catalog.quote_ident(s.subname) "\
+" FROM pg_catalog.pg_subscription s, pg_catalog.pg_database d "\
+" WHERE substring(pg_catalog.quote_ident(s.subname),1,%d)='%s' "\
+" AND d.datname = pg_catalog.current_database() "\
+" AND s.subdbid = d.oid"
+
/* the silly-looking length condition is just to eat up the current word */
#define Query_for_list_of_arguments \
"SELECT pg_catalog.oidvectortypes(proargtypes)||')' "\
@@ -985,13 +997,13 @@ static const pgsql_thing_t words_after_create[] = {
{"OWNED", NULL, NULL, THING_NO_CREATE}, /* for DROP OWNED BY ... */
{"PARSER", Query_for_list_of_ts_parsers, NULL, THING_NO_SHOW},
{"POLICY", NULL, NULL},
- {"PUBLICATION", NULL, NULL},
+ {"PUBLICATION", Query_for_list_of_publications},
{"ROLE", Query_for_list_of_roles},
{"RULE", "SELECT pg_catalog.quote_ident(rulename) FROM pg_catalog.pg_rules WHERE substring(pg_catalog.quote_ident(rulename),1,%d)='%s'"},
{"SCHEMA", Query_for_list_of_schemas},
{"SEQUENCE", NULL, &Query_for_list_of_sequences},
{"SERVER", Query_for_list_of_servers},
- {"SUBSCRIPTION", NULL, NULL},
+ {"SUBSCRIPTION", Query_for_list_of_subscriptions},
{"TABLE", NULL, &Query_for_list_of_tables},
{"TABLESPACE", Query_for_list_of_tablespaces},
{"TEMP", NULL, NULL, THING_NO_DROP}, /* for CREATE TEMP TABLE ... */
@@ -2374,8 +2386,13 @@ psql_completion(const char *text, int start, int end)
/* CREATE SUBSCRIPTION */
else if (Matches3("CREATE", "SUBSCRIPTION", MatchAny))
COMPLETE_WITH_CONST("CONNECTION");
- else if (Matches5("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION",MatchAny))
+ else if (Matches5("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION", MatchAny))
COMPLETE_WITH_CONST("PUBLICATION");
+ else if (Matches6("CREATE", "SUBSCRIPTION", MatchAny, "CONNECTION",
+ MatchAny, "PUBLICATION"))
+ {
+ /* complete with nothing here as this refers to remote publications */
+ }
/* Complete "CREATE SUBSCRIPTION ... WITH ( " */
else if (HeadMatches2("CREATE", "SUBSCRIPTION") && TailMatches2("WITH", "("))
COMPLETE_WITH_LIST5("ENABLED", "DISABLED", "CREATE SLOT",
diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h
index 57fbc9509e..438378d8fa 100644
--- a/src/include/catalog/catversion.h
+++ b/src/include/catalog/catversion.h
@@ -53,6 +53,6 @@
*/
/* yyyymmddN */
-#define CATALOG_VERSION_NO 201703031
+#define CATALOG_VERSION_NO 201703032
#endif
diff --git a/src/include/catalog/pg_subscription.h b/src/include/catalog/pg_subscription.h
index 75b618accd..0811880a8f 100644
--- a/src/include/catalog/pg_subscription.h
+++ b/src/include/catalog/pg_subscription.h
@@ -27,6 +27,8 @@
* seems weird, but the replication launcher process needs to access all of
* them to be able to start the workers, so we have to put them in a shared,
* nailed catalog.
+ *
+ * NOTE: When adding a column, also update system_views.sql.
*/
CATALOG(pg_subscription,6100) BKI_SHARED_RELATION BKI_ROWTYPE_OID(6101) BKI_SCHEMA_MACRO
{