*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/commands/variable.c,v 1.130 2009/06/11 14:48:56 momjian Exp $
+ * $PostgreSQL: pgsql/src/backend/commands/variable.c,v 1.131 2009/09/03 22:08:05 tgl Exp $
*
*-------------------------------------------------------------------------
*/
/* not a saved ID, so look it up */
HeapTuple roleTup;
- if (InSecurityDefinerContext())
- {
- /*
- * Disallow SET SESSION AUTHORIZATION inside a security definer
- * context. We need to do this because when we exit the context,
- * GUC won't be notified, leaving things out of sync. Note that
- * this test is positioned so that restoring a previously saved
- * setting isn't prevented.
- */
- ereport(GUC_complaint_elevel(source),
- (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
- errmsg("cannot set session authorization within security-definer function")));
- return NULL;
- }
-
if (!IsTransactionState())
{
/*
}
}
- if (roleid == InvalidOid && InSecurityDefinerContext())
- {
- /*
- * Disallow SET ROLE inside a security definer context. We need to do
- * this because when we exit the context, GUC won't be notified,
- * leaving things out of sync. Note that this test is arranged so
- * that restoring a previously saved setting isn't prevented.
- *
- * XXX it would be nice to allow this case in future, with the
- * behavior being that the SET ROLE's effects end when the security
- * definer context is exited.
- */
- ereport(GUC_complaint_elevel(source),
- (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
- errmsg("cannot set role within security-definer function")));
- return NULL;
- }
-
if (roleid == InvalidOid &&
strcmp(actual_rolename, "none") != 0)
{
OSDN Git Service
