Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit 7e4e574

Browse files
mhagandermhagander
committed
Allow pg_read_all_stats to access all stats views again
The views pg_stat_progress_* had not gotten the memo that pg_read_all_stats is supposed to be able to read all statistics. Also make a pass over all text-returning pg_stat_xyz functions that could return "insufficient privilege" and make sure they also respect pg_read_all_status. Reported-by: Andrey M. Borodin Reviewed-by: Andrey M. Borodin, Kyotaro Horiguchi Discussion: https://postgr.es/m/13145F2F-8458-4977-9D2D-7B2E862E5722@yandex-team.ru
1 parent 9aece5c commit 7e4e574

File tree

1 file changed

+12
-11
lines changed

1 file changed

+12
-11
lines changed

src/backend/utils/adt/pgstatfuncs.c

+12-11
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,8 @@
3333

3434
#define UINT32_ACCESS_ONCE(var) ((uint32)(*((volatile uint32 *)&(var))))
3535

36+
#define HAS_PGSTAT_PERMISSIONS(role) (is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS) || has_privs_of_role(GetUserId(), role))
37+
3638
/* Global bgwriter statistics, from bgwriter.c */
3739
extern PgStat_MsgBgWriter bgwriterStats;
3840

@@ -537,7 +539,7 @@ pg_stat_get_progress_info(PG_FUNCTION_ARGS)
537539
values[1] = ObjectIdGetDatum(beentry->st_databaseid);
538540

539541
/* show rest of the values including relid only to role members */
540-
if (has_privs_of_role(GetUserId(), beentry->st_userid))
542+
if (HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
541543
{
542544
values[2] = ObjectIdGetDatum(beentry->st_progress_command_target);
543545
for (i = 0; i < PGSTAT_NUM_PROGRESS_PARAM; i++)
@@ -669,8 +671,7 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
669671
nulls[16] = true;
670672

671673
/* Values only available to role member or pg_read_all_stats */
672-
if (has_privs_of_role(GetUserId(), beentry->st_userid) ||
673-
is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS))
674+
if (HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
674675
{
675676
SockAddr zero_clientaddr;
676677
char *clipped_activity;
@@ -1007,7 +1008,7 @@ pg_stat_get_backend_activity(PG_FUNCTION_ARGS)
10071008

10081009
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
10091010
activity = "<backend information not available>";
1010-
else if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1011+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
10111012
activity = "<insufficient privilege>";
10121013
else if (*(beentry->st_activity_raw) == '\0')
10131014
activity = "<command string not enabled>";
@@ -1031,7 +1032,7 @@ pg_stat_get_backend_wait_event_type(PG_FUNCTION_ARGS)
10311032

10321033
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
10331034
wait_event_type = "<backend information not available>";
1034-
else if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1035+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
10351036
wait_event_type = "<insufficient privilege>";
10361037
else if ((proc = BackendPidGetProc(beentry->st_procpid)) != NULL)
10371038
wait_event_type = pgstat_get_wait_event_type(proc->wait_event_info);
@@ -1052,7 +1053,7 @@ pg_stat_get_backend_wait_event(PG_FUNCTION_ARGS)
10521053

10531054
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
10541055
wait_event = "<backend information not available>";
1055-
else if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1056+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
10561057
wait_event = "<insufficient privilege>";
10571058
else if ((proc = BackendPidGetProc(beentry->st_procpid)) != NULL)
10581059
wait_event = pgstat_get_wait_event(proc->wait_event_info);
@@ -1074,7 +1075,7 @@ pg_stat_get_backend_activity_start(PG_FUNCTION_ARGS)
10741075
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
10751076
PG_RETURN_NULL();
10761077

1077-
if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1078+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
10781079
PG_RETURN_NULL();
10791080

10801081
result = beentry->st_activity_start_timestamp;
@@ -1100,7 +1101,7 @@ pg_stat_get_backend_xact_start(PG_FUNCTION_ARGS)
11001101
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
11011102
PG_RETURN_NULL();
11021103

1103-
if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1104+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
11041105
PG_RETURN_NULL();
11051106

11061107
result = beentry->st_xact_start_timestamp;
@@ -1122,7 +1123,7 @@ pg_stat_get_backend_start(PG_FUNCTION_ARGS)
11221123
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
11231124
PG_RETURN_NULL();
11241125

1125-
if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1126+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
11261127
PG_RETURN_NULL();
11271128

11281129
result = beentry->st_proc_start_timestamp;
@@ -1146,7 +1147,7 @@ pg_stat_get_backend_client_addr(PG_FUNCTION_ARGS)
11461147
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
11471148
PG_RETURN_NULL();
11481149

1149-
if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1150+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
11501151
PG_RETURN_NULL();
11511152

11521153
/* A zeroed client addr means we don't know */
@@ -1193,7 +1194,7 @@ pg_stat_get_backend_client_port(PG_FUNCTION_ARGS)
11931194
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
11941195
PG_RETURN_NULL();
11951196

1196-
if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1197+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
11971198
PG_RETURN_NULL();
11981199

11991200
/* A zeroed client addr means we don't know */

0 commit comments

Comments
 (0)