</para>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><option>--role=<replaceable class="parameter">rolename</replaceable></option></term>
+ <listitem>
+ <para>
+ Specifies a role name to be used to create the dump.
+ This option causes <application>pg_dump</> to issue a
+ <command>SET ROLE</> <replaceable class="parameter">rolename</>
+ command after connecting to the database. It is useful when the
+ authenticated user (specified by <option>-U</>) lacks privileges
+ needed by <application>pg_dump</>, but can switch to a role with
+ the required rights. Some installations have a policy against
+ logging in directly as a superuser, and use of this option allows
+ dumps to be made without violating the policy.
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</para>
</refsect1>
</para>
</listitem>
</varlistentry>
-
+
<varlistentry>
<term><option>-f <replaceable class="parameter">filename</replaceable></option></term>
<term><option>--file=<replaceable class="parameter">filename</replaceable></option></term>
Do not output commands to set
ownership of objects to match the original database.
By default, <application>pg_dumpall</application> issues
- <command>ALTER OWNER</> or
+ <command>ALTER OWNER</> or
<command>SET SESSION AUTHORIZATION</command>
statements to set ownership of created schema elements.
These statements
<variablelist>
<varlistentry>
- <term>-h <replaceable>host</replaceable></term>
- <term>--host=<replaceable>host</replaceable></term>
+ <term><option>-h <replaceable>host</replaceable></option></term>
+ <term><option>--host=<replaceable>host</replaceable></option></term>
<listitem>
<para>
Specifies the host name of the machine on which the database
</para>
</listitem>
</varlistentry>
-
+
<varlistentry>
- <term>-l <replaceable>dbname</replaceable></term>
- <term>--database=<replaceable>dbname</replaceable></term>
+ <term><option>-l <replaceable>dbname</replaceable></option></term>
+ <term><option>--database=<replaceable>dbname</replaceable></option></term>
<listitem>
<para>
Specifies the name of the database to connect to to dump global
</varlistentry>
<varlistentry>
- <term>-p <replaceable>port</replaceable></term>
- <term>--port=<replaceable>port</replaceable></term>
+ <term><option>-p <replaceable>port</replaceable></option></term>
+ <term><option>--port=<replaceable>port</replaceable></option></term>
<listitem>
<para>
Specifies the TCP port or local Unix domain socket file
</varlistentry>
<varlistentry>
- <term>-U <replaceable>username</replaceable></term>
- <term>--username=<replaceable>username</replaceable></term>
+ <term><option>-U <replaceable>username</replaceable></option></term>
+ <term><option>--username=<replaceable>username</replaceable></option></term>
<listitem>
<para>
User name to connect as.
</varlistentry>
<varlistentry>
- <term>-W</term>
- <term>--password</term>
+ <term><option>-W</option></term>
+ <term><option>--password</option></term>
<listitem>
<para>
Force <application>pg_dumpall</application> to prompt for a
- password before connecting to a database.
+ password before connecting to a database.
</para>
<para>
</para>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><option>--role=<replaceable class="parameter">rolename</replaceable></option></term>
+ <listitem>
+ <para>
+ Specifies a role name to be used to create the dump.
+ This option causes <application>pg_dumpall</> to issue a
+ <command>SET ROLE</> <replaceable class="parameter">rolename</>
+ command after connecting to the database. It is useful when the
+ authenticated user (specified by <option>-U</>) lacks privileges
+ needed by <application>pg_dumpall</>, but can switch to a role with
+ the required rights. Some installations have a policy against
+ logging in directly as a superuser, and use of this option allows
+ dumps to be made without violating the policy.
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</para>
</refsect1>
Check <xref linkend="app-pgdump"> for details on possible
error conditions.
</para>
- </refsect1>
+ </refsect1>
</refentry>
<listitem>
<para>
Exit if an error is encountered while sending SQL commands to
- the database. The default is to continue and to display a count of
+ the database. The default is to continue and to display a count of
errors at the end of the restoration.
</para>
</listitem>
Do not output commands to set
ownership of objects to match the original database.
By default, <application>pg_restore</application> issues
- <command>ALTER OWNER</> or
+ <command>ALTER OWNER</> or
<command>SET SESSION AUTHORIZATION</command>
statements to set ownership of created schema elements.
These statements will fail unless the initial connection to the
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>-1</option></term>
+ <term><option>--single-transaction</option></term>
+ <listitem>
+ <para>
+ Execute the restore as a single transaction (that is, wrap the
+ emitted commands in <command>BEGIN</>/<command>COMMIT</>). This
+ ensures that either all the commands complete successfully, or no
+ changes are applied. This option implies
+ <option>--exit-on-error</>.
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</para>
<listitem>
<para>
Force <application>pg_restore</application> to prompt for a
- password before connecting to a database.
+ password before connecting to a database.
</para>
<para>
</varlistentry>
<varlistentry>
- <term><option>-1</option></term>
- <term><option>--single-transaction</option></term>
+ <term><option>--role=<replaceable class="parameter">rolename</replaceable></option></term>
<listitem>
<para>
- Execute the restore as a single transaction (that is, wrap the
- emitted commands in <command>BEGIN</>/<command>COMMIT</>). This
- ensures that either all the commands complete successfully, or no
- changes are applied. This option implies
- <option>--exit-on-error</>.
+ Specifies a role name to be used to perform the restore.
+ This option causes <application>pg_restore</> to issue a
+ <command>SET ROLE</> <replaceable class="parameter">rolename</>
+ command after connecting to the database. It is useful when the
+ authenticated user (specified by <option>-U</>) lacks privileges
+ needed by <application>pg_restore</>, but can switch to a role with
+ the required rights. Some installations have a policy against
+ logging in directly as a superuser, and use of this option allows
+ restores to be performed without violating the policy.
</para>
</listitem>
</varlistentry>
int use_setsessauth;/* Use SET SESSION AUTHORIZATION commands
* instead of OWNER TO */
char *superuser; /* Username to use as superuser */
+ char *use_role; /* Issue SET ROLE to this */
int dataOnly;
int dropSchema;
char *filename;
opts = (RestoreOptions *) calloc(1, sizeof(RestoreOptions));
+ /* set any fields that shouldn't default to zeroes */
opts->format = archUnknown;
- opts->suppressDumpWarnings = false;
- opts->exit_on_error = false;
return opts;
}
ahprintf(AH, "SET standard_conforming_strings = %s;\n",
AH->public.std_strings ? "on" : "off");
+ /* Select the role to be used during restore */
+ if (AH->ropt && AH->ropt->use_role)
+ ahprintf(AH, "SET ROLE %s;\n", fmtId(AH->ropt->use_role));
+
/* Make sure function checking is disabled */
ahprintf(AH, "SET check_function_bodies = false;\n");
bool outputBlobs = false;
int outputNoOwner = 0;
char *outputSuperuser = NULL;
+ char *use_role = NULL;
int my_version;
int optindex;
RestoreOptions *ropt;
{"disable-triggers", no_argument, &disable_triggers, 1},
{"lock-wait-timeout", required_argument, NULL, 2},
{"no-tablespaces", no_argument, &outputNoTablespaces, 1},
+ {"role", required_argument, NULL, 3},
{"use-set-session-authorization", no_argument, &use_setsessauth, 1},
{NULL, 0, NULL, 0}
/* This covers the long options equivalent to -X xxx. */
break;
- case 2:
- /* lock-wait-timeout */
+ case 2: /* lock-wait-timeout */
lockWaitTimeout = optarg;
break;
+ case 3: /* SET ROLE */
+ use_role = optarg;
+ break;
+
default:
fprintf(stderr, _("Try \"%s --help\" for more information.\n"), progname);
exit(1);
std_strings = PQparameterStatus(g_conn, "standard_conforming_strings");
g_fout->std_strings = (std_strings && strcmp(std_strings, "on") == 0);
+ /* Set the role if requested */
+ if (use_role && g_fout->remoteVersion >= 80100)
+ {
+ PQExpBuffer query = createPQExpBuffer();
+
+ appendPQExpBuffer(query, "SET ROLE %s", fmtId(use_role));
+ do_sql_command(g_conn, query->data);
+ destroyPQExpBuffer(query);
+ }
+
/* Set the datestyle to ISO to ensure the dump's portability */
do_sql_command(g_conn, "SET DATESTYLE = ISO");
printf(_(" --disable-dollar-quoting disable dollar quoting, use SQL standard quoting\n"));
printf(_(" --disable-triggers disable triggers during data-only restore\n"));
printf(_(" --no-tablespaces do not dump tablespace assignments\n"));
+ printf(_(" --role=ROLENAME do SET ROLE before dump\n"));
printf(_(" --use-set-session-authorization\n"
" use SESSION AUTHORIZATION commands instead of\n"
" ALTER OWNER commands to set ownership\n"));
const char *type, const char *name);
static void dumpDatabases(PGconn *conn);
static void dumpTimestamp(char *msg);
+static void doShellQuoting(PQExpBuffer buf, const char *str);
static int runPgDump(const char *dbname);
static PGconn *connectDatabase(const char *dbname, const char *pghost, const char *pgport,
char *pgport = NULL;
char *pguser = NULL;
char *pgdb = NULL;
+ char *use_role = NULL;
bool force_password = false;
bool data_only = false;
bool globals_only = false;
*/
{"disable-dollar-quoting", no_argument, &disable_dollar_quoting, 1},
{"disable-triggers", no_argument, &disable_triggers, 1},
+ {"lock-wait-timeout", required_argument, NULL, 2},
{"no-tablespaces", no_argument, &no_tablespaces, 1},
+ {"role", required_argument, NULL, 3},
{"use-set-session-authorization", no_argument, &use_setsessauth, 1},
- {"lock-wait-timeout", required_argument, NULL, 2},
{NULL, 0, NULL, 0}
};
case 'f':
filename = optarg;
-#ifndef WIN32
- appendPQExpBuffer(pgdumpopts, " -f '%s'", filename);
-#else
- appendPQExpBuffer(pgdumpopts, " -f \"%s\"", filename);
-#endif
-
+ appendPQExpBuffer(pgdumpopts, " -f ");
+ doShellQuoting(pgdumpopts, filename);
break;
case 'g':
case 'h':
pghost = optarg;
-#ifndef WIN32
- appendPQExpBuffer(pgdumpopts, " -h '%s'", pghost);
-#else
- appendPQExpBuffer(pgdumpopts, " -h \"%s\"", pghost);
-#endif
-
+ appendPQExpBuffer(pgdumpopts, " -h ");
+ doShellQuoting(pgdumpopts, pghost);
break;
case 'i':
case 'p':
pgport = optarg;
-#ifndef WIN32
- appendPQExpBuffer(pgdumpopts, " -p '%s'", pgport);
-#else
- appendPQExpBuffer(pgdumpopts, " -p \"%s\"", pgport);
-#endif
+ appendPQExpBuffer(pgdumpopts, " -p ");
+ doShellQuoting(pgdumpopts, pgport);
break;
case 'r':
break;
case 'S':
-#ifndef WIN32
- appendPQExpBuffer(pgdumpopts, " -S '%s'", optarg);
-#else
- appendPQExpBuffer(pgdumpopts, " -S \"%s\"", optarg);
-#endif
+ appendPQExpBuffer(pgdumpopts, " -S ");
+ doShellQuoting(pgdumpopts, optarg);
break;
case 't':
case 'U':
pguser = optarg;
-#ifndef WIN32
- appendPQExpBuffer(pgdumpopts, " -U '%s'", pguser);
-#else
- appendPQExpBuffer(pgdumpopts, " -U \"%s\"", pguser);
-#endif
+ appendPQExpBuffer(pgdumpopts, " -U ");
+ doShellQuoting(pgdumpopts, pguser);
break;
case 'v':
break;
case 2:
- appendPQExpBuffer(pgdumpopts, " --lock-wait-timeout=");
- appendPQExpBuffer(pgdumpopts, "%s", optarg);
+ appendPQExpBuffer(pgdumpopts, " --lock-wait-timeout ");
+ doShellQuoting(pgdumpopts, optarg);
+ break;
+
+ case 3:
+ use_role = optarg;
+ appendPQExpBuffer(pgdumpopts, " --role ");
+ doShellQuoting(pgdumpopts, use_role);
break;
default:
if (!std_strings)
std_strings = "off";
+ /* Set the role if requested */
+ if (use_role && server_version >= 80100)
+ {
+ PQExpBuffer query = createPQExpBuffer();
+
+ appendPQExpBuffer(query, "SET ROLE %s", fmtId(use_role));
+ executeCommand(conn, query->data);
+ destroyPQExpBuffer(query);
+ }
+
fprintf(OPF, "--\n-- PostgreSQL database cluster dump\n--\n\n");
if (verbose)
dumpTimestamp("Started on");
" disable dollar quoting, use SQL standard quoting\n"));
printf(_(" --disable-triggers disable triggers during data-only restore\n"));
printf(_(" --no-tablespaces do not dump tablespace assignments\n"));
+ printf(_(" --role=ROLENAME do SET ROLE before dump\n"));
printf(_(" --use-set-session-authorization\n"
" use SESSION AUTHORIZATION commands instead of\n"
" OWNER TO commands\n"));
runPgDump(const char *dbname)
{
PQExpBuffer cmd = createPQExpBuffer();
- const char *p;
int ret;
+ appendPQExpBuffer(cmd, SYSTEMQUOTE "\"%s\" %s", pg_dump_bin,
+ pgdumpopts->data);
+
/*
- * Win32 has to use double-quotes for args, rather than single quotes.
- * Strangely enough, this is the only place we pass a database name on the
- * command line, except "postgres" which doesn't need quoting.
- *
* If we have a filename, use the undocumented plain-append pg_dump
* format.
*/
if (filename)
- {
-#ifndef WIN32
- appendPQExpBuffer(cmd, SYSTEMQUOTE"\"%s\" %s -Fa '", pg_dump_bin,
-#else
- appendPQExpBuffer(cmd, SYSTEMQUOTE"\"%s\" %s -Fa \"", pg_dump_bin,
-#endif
- pgdumpopts->data);
- }
+ appendPQExpBuffer(cmd, " -Fa ");
else
- {
-#ifndef WIN32
- appendPQExpBuffer(cmd, SYSTEMQUOTE "\"%s\" %s -Fp '", pg_dump_bin,
-#else
- appendPQExpBuffer(cmd, SYSTEMQUOTE "\"%s\" %s -Fp \"", pg_dump_bin,
-#endif
- pgdumpopts->data);
- }
-
-
- /* Shell quoting is not quite like SQL quoting, so can't use fmtId */
- for (p = dbname; *p; p++)
- {
-#ifndef WIN32
- if (*p == '\'')
- appendPQExpBuffer(cmd, "'\"'\"'");
-#else
- if (*p == '"')
- appendPQExpBuffer(cmd, "\\\"");
-#endif
- else
- appendPQExpBufferChar(cmd, *p);
- }
+ appendPQExpBuffer(cmd, " -Fp ");
-#ifndef WIN32
- appendPQExpBufferChar(cmd, '\'');
-#else
- appendPQExpBufferChar(cmd, '"');
-#endif
+ doShellQuoting(cmd, dbname);
appendPQExpBuffer(cmd, "%s", SYSTEMQUOTE);
}
-
/*
* Make a database connection with the given parameters. An
* interactive password prompt is automatically issued if required.
localtime(&now)) != 0)
fprintf(OPF, "-- %s %s\n\n", msg, buf);
}
+
+
+/*
+ * Append the given string to the shell command being built in the buffer,
+ * with suitable shell-style quoting.
+ */
+static void
+doShellQuoting(PQExpBuffer buf, const char *str)
+{
+ const char *p;
+
+#ifndef WIN32
+ appendPQExpBufferChar(buf, '\'');
+ for (p = str; *p; p++)
+ {
+ if (*p == '\'')
+ appendPQExpBuffer(buf, "'\"'\"'");
+ else
+ appendPQExpBufferChar(buf, *p);
+ }
+ appendPQExpBufferChar(buf, '\'');
+
+#else /* WIN32 */
+
+ appendPQExpBufferChar(buf, '"');
+ for (p = str; *p; p++)
+ {
+ if (*p == '"')
+ appendPQExpBuffer(buf, "\\\"");
+ else
+ appendPQExpBufferChar(buf, *p);
+ }
+ appendPQExpBufferChar(buf, '"');
+#endif /* WIN32 */
+}
#include "getopt_long.h"
+extern char *optarg;
+extern int optind;
+
#ifndef HAVE_INT_OPTRESET
int optreset;
#endif
int exit_code;
Archive *AH;
char *inputFileSpec;
- extern int optind;
- extern char *optarg;
static int disable_triggers = 0;
static int no_data_for_failed_tables = 0;
static int outputNoTablespaces = 0;
{"disable-triggers", no_argument, &disable_triggers, 1},
{"no-data-for-failed-tables", no_argument, &no_data_for_failed_tables, 1},
{"no-tablespaces", no_argument, &outputNoTablespaces, 1},
+ {"role", required_argument, NULL, 2},
{"use-set-session-authorization", no_argument, &use_setsessauth, 1},
{NULL, 0, NULL, 0}
}
break;
+ case '1': /* Restore data in a single transaction */
+ opts->single_txn = true;
+ opts->exit_on_error = true;
+ break;
+
case 0:
/* This covers the long options equivalent to -X xxx. */
break;
- case '1': /* Restore data in a single transaction */
- opts->single_txn = true;
- opts->exit_on_error = true;
+ case 2: /* SET ROLE */
+ opts->use_role = optarg;
break;
default:
" do not restore data of tables that could not be\n"
" created\n"));
printf(_(" --no-tablespaces do not dump tablespace assignments\n"));
+ printf(_(" --role=ROLENAME do SET ROLE before restore\n"));
printf(_(" --use-set-session-authorization\n"
" use SESSION AUTHORIZATION commands instead of\n"
" OWNER TO commands\n"));
projects / users / simon / postgres.git / commitdiff