Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
projects / postgresql.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9aece5c)
Allow pg_read_all_stats to access all stats views again
authorMagnus Hagander <magnus@hagander.net>
Mon, 20 Apr 2020 10:53:40 +0000 (12:53 +0200)
committerMagnus Hagander <magnus@hagander.net>
Mon, 20 Apr 2020 10:53:40 +0000 (12:53 +0200)
The views pg_stat_progress_* had not gotten the memo that
pg_read_all_stats is supposed to be able to read all statistics. Also
make a pass over all text-returning pg_stat_xyz functions that could
return "insufficient privilege" and make sure they also respect
pg_read_all_status.

Reported-by: Andrey M. Borodin
Reviewed-by: Andrey M. Borodin, Kyotaro Horiguchi
Discussion: https://postgr.es/m/13145F2F-8458-4977-9D2D-7B2E862E5722@yandex-team.ru

src/backend/utils/adt/pgstatfuncs.c patch | blob | blame | history

diff --git a/src/backend/utils/adt/pgstatfuncs.c b/src/backend/utils/adt/pgstatfuncs.c
index 175f4fd26bb1f5ff84a9e3cf409da4a17ed7c4d7..446044609eb92c249b83678ddc519d297b9a2c0f 100644 (file)
--- a/src/backend/utils/adt/pgstatfuncs.c
+++ b/src/backend/utils/adt/pgstatfuncs.c
@@ -33,6 +33,8 @@
 
 #define UINT32_ACCESS_ONCE(var)         ((uint32)(*((volatile uint32 *)&(var))))
 
+#define HAS_PGSTAT_PERMISSIONS(role)    (is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS) || has_privs_of_role(GetUserId(), role))
+
 /* Global bgwriter statistics, from bgwriter.c */
 extern PgStat_MsgBgWriter bgwriterStats;
 
@@ -537,7 +539,7 @@ pg_stat_get_progress_info(PG_FUNCTION_ARGS)
        values[1] = ObjectIdGetDatum(beentry->st_databaseid);
 
        /* show rest of the values including relid only to role members */
-       if (has_privs_of_role(GetUserId(), beentry->st_userid))
+       if (HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
        {
            values[2] = ObjectIdGetDatum(beentry->st_progress_command_target);
            for (i = 0; i < PGSTAT_NUM_PROGRESS_PARAM; i++)
@@ -669,8 +671,7 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
            nulls[16] = true;
 
        /* Values only available to role member or pg_read_all_stats */
-       if (has_privs_of_role(GetUserId(), beentry->st_userid) ||
-           is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS))
+       if (HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
        {
            SockAddr    zero_clientaddr;
            char       *clipped_activity;
@@ -1007,7 +1008,7 @@ pg_stat_get_backend_activity(PG_FUNCTION_ARGS)
 
    if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
        activity = "<backend information not available>";
-   else if (!has_privs_of_role(GetUserId(), beentry->st_userid))
+   else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
        activity = "<insufficient privilege>";
    else if (*(beentry->st_activity_raw) == '\0')
        activity = "<command string not enabled>";
@@ -1031,7 +1032,7 @@ pg_stat_get_backend_wait_event_type(PG_FUNCTION_ARGS)
 
    if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
        wait_event_type = "<backend information not available>";
-   else if (!has_privs_of_role(GetUserId(), beentry->st_userid))
+   else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
        wait_event_type = "<insufficient privilege>";
    else if ((proc = BackendPidGetProc(beentry->st_procpid)) != NULL)
        wait_event_type = pgstat_get_wait_event_type(proc->wait_event_info);
@@ -1052,7 +1053,7 @@ pg_stat_get_backend_wait_event(PG_FUNCTION_ARGS)
 
    if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
        wait_event = "<backend information not available>";
-   else if (!has_privs_of_role(GetUserId(), beentry->st_userid))
+   else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
        wait_event = "<insufficient privilege>";
    else if ((proc = BackendPidGetProc(beentry->st_procpid)) != NULL)
        wait_event = pgstat_get_wait_event(proc->wait_event_info);
@@ -1074,7 +1075,7 @@ pg_stat_get_backend_activity_start(PG_FUNCTION_ARGS)
    if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
        PG_RETURN_NULL();
 
-   if (!has_privs_of_role(GetUserId(), beentry->st_userid))
+   else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
        PG_RETURN_NULL();
 
    result = beentry->st_activity_start_timestamp;
@@ -1100,7 +1101,7 @@ pg_stat_get_backend_xact_start(PG_FUNCTION_ARGS)
    if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
        PG_RETURN_NULL();
 
-   if (!has_privs_of_role(GetUserId(), beentry->st_userid))
+   else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
        PG_RETURN_NULL();
 
    result = beentry->st_xact_start_timestamp;
@@ -1122,7 +1123,7 @@ pg_stat_get_backend_start(PG_FUNCTION_ARGS)
    if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
        PG_RETURN_NULL();
 
-   if (!has_privs_of_role(GetUserId(), beentry->st_userid))
+   else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
        PG_RETURN_NULL();
 
    result = beentry->st_proc_start_timestamp;
@@ -1146,7 +1147,7 @@ pg_stat_get_backend_client_addr(PG_FUNCTION_ARGS)
    if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
        PG_RETURN_NULL();
 
-   if (!has_privs_of_role(GetUserId(), beentry->st_userid))
+   else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
        PG_RETURN_NULL();
 
    /* A zeroed client addr means we don't know */
@@ -1193,7 +1194,7 @@ pg_stat_get_backend_client_port(PG_FUNCTION_ARGS)
    if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
        PG_RETURN_NULL();
 
-   if (!has_privs_of_role(GetUserId(), beentry->st_userid))
+   else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
        PG_RETURN_NULL();
 
    /* A zeroed client addr means we don't know */
This is the main PostgreSQL git repository.