Hello Bryan,
I reviewed your patch and found one potential issue, please check it.
In pg_get_role_ddl_internal, the variable rolname is assigned from NameStr(roleform->rolname) (line 588), which means
itpoints directly into the tuple returned from pg_authid. After constructing the initial CREATE ROLE statement, the
codecalls ReleaseSysCache(tuple); (line 665), so the memory holding that NameData now belongs to the cache again.
However,the function continues to use rolname when building the subsequent ALTER ROLE statements (lines 756–765).
Becausethe tuple has already been released, rolname is a dangling pointer and we risk reading garbage or crashing
later.To fix this, copy the role name before releasing the syscache, e.g. rolname =
pstrdup(NameStr(roleform->rolname));,and free it at the end.
BR,
Yuan Li (Carol)
-----邮件原件-----
发件人: Bryan Green <dbryan.green@gmail.com>
发送时间: 2025年11月7日 0:21
收件人: Quan Zongliang <quanzongliang@yeah.net>; pgsql-hackers@lists.postgresql.org
主题: Re: [PATCH] Add pg_get_role_ddl() functions for role recreation
On 11/6/2025 1:20 AM, Quan Zongliang wrote:
>
>
> On 10/25/25 4:03 AM, Bryan Green wrote:
>> Attached is a patch adding two new functions for generating DDL to
>> recreate roles: pg_get_role_ddl() and pg_get_role_ddl_statements().
>>
> It is no longer apply to the latest code. Could you rebase this?
>
>> These functions return the CREATE ROLE statement and any ALTER ROLE
>> SET configuration parameters needed to recreate a role. The former
>> returns everything as a single text string, while the latter returns
>> each statement as a separate row for easier programmatic processing.
>>
>> The main use case is dumping role definitions for migration or backup
>> purposes without needing pg_dumpall. The functions handle all role
>> attributes (LOGIN, SUPERUSER, etc.) and both role-wide and
>> database-specific configuration parameters.
>>
>> We intentionally don't include passwords, since we can only see the
>> hashed values. System roles (names starting with "pg_") are rejected
>> with an error, as users shouldn't be recreating those anyway.
>>
>> To test:
>>
>> CREATE ROLE testrole LOGIN CREATEDB CONNECTION LIMIT 5;
>> ALTER ROLE testrole SET work_mem TO '64MB';
>> SELECT pg_get_role_ddl('testrole');
>>
>> Should produce:
>>
>> CREATE ROLE testrole LOGIN NOSUPERUSER CREATEDB NOCREATEROLE
>> INHERIT NOREPLICATION NOBYPASSRLS CONNECTION LIMIT 5;
>> ALTER ROLE testrole SET work_mem TO '64MB';
>>
>> The patch includes regression tests covering various role configurations.
>>
>> Co-authored-by: Mario Gonzalez and Bryan Green.
>>
>> Comments?
>>
>> BG
>
The rebased patch is attached.
Thanks,
--
Bryan Green
EDB: https://www.enterprisedb.com
