diff options
| author | Magnus Hagander <magnus@hagander.net> | 2020-04-20 12:53:40 +0200 |
|---|---|---|
| committer | Magnus Hagander <magnus@hagander.net> | 2020-04-20 12:53:40 +0200 |
| commit | 7e4e574744c13aac613909a59bf38ef5aae5bd8c (patch) | |
| tree | f01b8c3822726ed1694413c838907137b536c2d8 /src/backend/utils/adt/pgstatfuncs.c | |
| parent | 9aece5cd05f1b21b67eac0dc4f105853eec3e4eb (diff) | |
| download | postgresql-7e4e574744c13aac613909a59bf38ef5aae5bd8c.tar.gz postgresql-7e4e574744c13aac613909a59bf38ef5aae5bd8c.zip | |
Allow pg_read_all_stats to access all stats views again
The views pg_stat_progress_* had not gotten the memo that
pg_read_all_stats is supposed to be able to read all statistics. Also
make a pass over all text-returning pg_stat_xyz functions that could
return "insufficient privilege" and make sure they also respect
pg_read_all_status.
Reported-by: Andrey M. Borodin
Reviewed-by: Andrey M. Borodin, Kyotaro Horiguchi
Discussion: https://postgr.es/m/13145F2F-8458-4977-9D2D-7B2E862E5722@yandex-team.ru
Diffstat (limited to 'src/backend/utils/adt/pgstatfuncs.c')
| -rw-r--r-- | src/backend/utils/adt/pgstatfuncs.c | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/src/backend/utils/adt/pgstatfuncs.c b/src/backend/utils/adt/pgstatfuncs.c index 175f4fd26bb..446044609eb 100644 --- a/src/backend/utils/adt/pgstatfuncs.c +++ b/src/backend/utils/adt/pgstatfuncs.c @@ -33,6 +33,8 @@ #define UINT32_ACCESS_ONCE(var) ((uint32)(*((volatile uint32 *)&(var)))) +#define HAS_PGSTAT_PERMISSIONS(role) (is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS) || has_privs_of_role(GetUserId(), role)) + /* Global bgwriter statistics, from bgwriter.c */ extern PgStat_MsgBgWriter bgwriterStats; @@ -537,7 +539,7 @@ pg_stat_get_progress_info(PG_FUNCTION_ARGS) values[1] = ObjectIdGetDatum(beentry->st_databaseid); /* show rest of the values including relid only to role members */ - if (has_privs_of_role(GetUserId(), beentry->st_userid)) + if (HAS_PGSTAT_PERMISSIONS(beentry->st_userid)) { values[2] = ObjectIdGetDatum(beentry->st_progress_command_target); for (i = 0; i < PGSTAT_NUM_PROGRESS_PARAM; i++) @@ -669,8 +671,7 @@ pg_stat_get_activity(PG_FUNCTION_ARGS) nulls[16] = true; /* Values only available to role member or pg_read_all_stats */ - if (has_privs_of_role(GetUserId(), beentry->st_userid) || - is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS)) + if (HAS_PGSTAT_PERMISSIONS(beentry->st_userid)) { SockAddr zero_clientaddr; char *clipped_activity; @@ -1007,7 +1008,7 @@ pg_stat_get_backend_activity(PG_FUNCTION_ARGS) if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL) activity = "<backend information not available>"; - else if (!has_privs_of_role(GetUserId(), beentry->st_userid)) + else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid)) activity = "<insufficient privilege>"; else if (*(beentry->st_activity_raw) == '\0') activity = "<command string not enabled>"; @@ -1031,7 +1032,7 @@ pg_stat_get_backend_wait_event_type(PG_FUNCTION_ARGS) if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL) wait_event_type = "<backend information not available>"; - else if (!has_privs_of_role(GetUserId(), beentry->st_userid)) + else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid)) wait_event_type = "<insufficient privilege>"; else if ((proc = BackendPidGetProc(beentry->st_procpid)) != NULL) wait_event_type = pgstat_get_wait_event_type(proc->wait_event_info); @@ -1052,7 +1053,7 @@ pg_stat_get_backend_wait_event(PG_FUNCTION_ARGS) if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL) wait_event = "<backend information not available>"; - else if (!has_privs_of_role(GetUserId(), beentry->st_userid)) + else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid)) wait_event = "<insufficient privilege>"; else if ((proc = BackendPidGetProc(beentry->st_procpid)) != NULL) wait_event = pgstat_get_wait_event(proc->wait_event_info); @@ -1074,7 +1075,7 @@ pg_stat_get_backend_activity_start(PG_FUNCTION_ARGS) if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL) PG_RETURN_NULL(); - if (!has_privs_of_role(GetUserId(), beentry->st_userid)) + else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid)) PG_RETURN_NULL(); result = beentry->st_activity_start_timestamp; @@ -1100,7 +1101,7 @@ pg_stat_get_backend_xact_start(PG_FUNCTION_ARGS) if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL) PG_RETURN_NULL(); - if (!has_privs_of_role(GetUserId(), beentry->st_userid)) + else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid)) PG_RETURN_NULL(); result = beentry->st_xact_start_timestamp; @@ -1122,7 +1123,7 @@ pg_stat_get_backend_start(PG_FUNCTION_ARGS) if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL) PG_RETURN_NULL(); - if (!has_privs_of_role(GetUserId(), beentry->st_userid)) + else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid)) PG_RETURN_NULL(); result = beentry->st_proc_start_timestamp; @@ -1146,7 +1147,7 @@ pg_stat_get_backend_client_addr(PG_FUNCTION_ARGS) if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL) PG_RETURN_NULL(); - if (!has_privs_of_role(GetUserId(), beentry->st_userid)) + else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid)) PG_RETURN_NULL(); /* A zeroed client addr means we don't know */ @@ -1193,7 +1194,7 @@ pg_stat_get_backend_client_port(PG_FUNCTION_ARGS) if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL) PG_RETURN_NULL(); - if (!has_privs_of_role(GetUserId(), beentry->st_userid)) + else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid)) PG_RETURN_NULL(); /* A zeroed client addr means we don't know */ |