Move connect.h from fe_utils to src/include/common.

nmisch · nmisch · commit d4d0ec9e79af · 2020-08-10T09:22:58.000-07:00
Any libpq client can use the header.  Clients include backend components
postgres_fdw, dblink, and logical replication apply worker.  Back-patch
to v10, because another fix needs this.  In released branches, just copy
the header and keep the original.
diff --git a/src/include/common/connect.h b/src/include/common/connect.h
@@ -0,0 +1,28 @@
+/*-------------------------------------------------------------------------
+ *
+ * Interfaces in support of FE/BE connections.
+ *
+ *
+ * Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
+ * Portions Copyright (c) 1994, Regents of the University of California
+ *
+ * src/include/common/connect.h
+ *
+ *-------------------------------------------------------------------------
+ */
+#ifndef CONNECT_H
+#define CONNECT_H
+
+/*
+ * This SQL statement installs an always-secure search path, so malicious
+ * users can't take control.  CREATE of an unqualified name will fail, because
+ * this selects no creation schema.  This does not demote pg_temp, so it is
+ * suitable where we control the entire FE/BE connection but not suitable in
+ * SECURITY DEFINER functions.  This is portable to PostgreSQL 7.3, which
+ * introduced schemas.  When connected to an older version from code that
+ * might work with the old server, skip this.
+ */
+#define ALWAYS_SECURE_SEARCH_PATH_SQL \
+	"SELECT pg_catalog.set_config('search_path', '', false);"
+
+#endif							/* CONNECT_H */
