fix roles access && SPI_connect problem

Author: Vladimir Ershov

pgpro_scheduler--1.0.sql

@@ -111,6 +111,19 @@ CREATE TYPE schedule.cron_job AS(
 -- FUNCTIONS --
 ---------------
 
+CREATE FUNCTION schedule.onlySuperUser() RETURNS boolean  AS
+$BODY$
+DECLARE
+	is_superuser boolean;
+BEGIN
+	EXECUTE 'SELECT rolsuper FROM pg_roles WHERE rolname = session_user'
+	INTO is_superuser;
+		IF NOT is_superuser THEN
+			RAISE EXCEPTION 'access denied';
+	END IF;
+END
+$BODY$  LANGUAGE plpgsql;
+
 CREATE FUNCTION schedule.on_cron_update() RETURNS TRIGGER
 AS $BODY$
 DECLARE
@@ -148,8 +161,8 @@ BEGIN
 	    RAISE EXCEPTION 'there is no such job with id %', jobId;
          WHEN TOO_MANY_ROWS THEN
 	    RAISE EXCEPTION 'there are more than one job with id %', jobId;
-   END;
-   EXECUTE 'SELECT usesuper FROM pg_user WHERE usename = session_user'
+   END;	
+   EXECUTE 'SELECT rolsuper FROM pg_roles WHERE rolname = session_user'
       INTO is_superuser;
    IF is_superuser THEN
       RETURN true;
@@ -306,7 +319,7 @@ BEGIN
    IF params?'run_as' AND  params->>'run_as' <> session_user THEN
       executor := params->>'run_as';
       BEGIN
-         SELECT * INTO STRICT rec FROM pg_user WHERE usename = executor;
+         SELECT * INTO STRICT rec FROM pg_roles WHERE rolname = executor;
          EXCEPTION
             WHEN NO_DATA_FOUND THEN
 	       RAISE EXCEPTION 'there is no such user %', executor;
@@ -703,14 +716,9 @@ LANGUAGE plpgsql;
 CREATE FUNCTION schedule.clean_log() RETURNS INT  AS
 $BODY$
 DECLARE
-	is_superuser boolean;
 	cnt integer;
 BEGIN
-	EXECUTE 'SELECT usesuper FROM pg_user WHERE usename = session_user'
-		INTO is_superuser;
-	IF NOT is_superuser THEN
-		RAISE EXCEPTION 'access denied';
-	END IF;
+    SELECT onlySuperUser();
 
 	WITH a AS (DELETE FROM schedule.log RETURNING 1)
 		SELECT count(*) INTO cnt FROM a;
@@ -742,13 +750,8 @@ $BODY$
 DECLARE
 	ii schedule.cron;
 	oo schedule.cron_rec;
-	is_superuser boolean;
 BEGIN
-	EXECUTE 'SELECT usesuper FROM pg_user WHERE usename = session_user'
-		INTO is_superuser;
-	IF NOT is_superuser THEN
-		RAISE EXCEPTION 'access denied: only superuser allowed';
-	END IF;
+    SELECT onlySuperUser();
 
 	FOR ii IN SELECT * FROM schedule.cron LOOP
 		oo := schedule._make_cron_rec(ii);
@@ -781,14 +784,9 @@ $BODY$
 DECLARE
 	ii schedule.cron;
 	oo schedule.cron_rec;
-	is_superuser boolean;
 BEGIN
 	IF usename <> session_user THEN
-		EXECUTE 'SELECT usesuper FROM pg_user WHERE usename = session_user'
-			INTO is_superuser;
-		IF NOT is_superuser THEN
-			RAISE EXCEPTION 'access denied';
-		END IF;
+    	SELECT onlySuperUser();
 	END IF;
 
 	FOR ii IN SELECT * FROM schedule.cron WHERE owner = usename LOOP
@@ -822,14 +820,9 @@ $BODY$
 DECLARE
 	ii schedule.cron;
 	oo schedule.cron_rec;
-	is_superuser boolean;
 BEGIN
 	IF usename <> session_user THEN
-		EXECUTE 'SELECT usesuper FROM pg_user WHERE usename = session_user'
-			INTO is_superuser;
-		IF NOT is_superuser THEN
-			RAISE EXCEPTION 'access denied';
-		END IF;
+    	SELECT onlySuperUser();
 	END IF;
 
 	FOR ii IN SELECT * FROM schedule.cron WHERE executor = usename LOOP
@@ -847,7 +840,6 @@ $BODY$
 DECLARE
 	ii record;
 	oo schedule.cron_job;
-	is_superuser boolean;
 BEGIN
 	FOR ii IN SELECT * FROM schedule.at as at, schedule.cron as cron WHERE cron.executor = session_user AND cron.id = at.cron AND at.active LOOP
 		oo.cron = ii.id;
@@ -882,13 +874,8 @@ $BODY$
 DECLARE
 	ii record;
 	oo schedule.cron_job;
-	is_superuser boolean;
 BEGIN
-	EXECUTE 'SELECT usesuper FROM pg_user WHERE usename = session_user'
-		INTO is_superuser;
-	IF NOT is_superuser THEN
-		RAISE EXCEPTION 'access denied';
-	END IF;
+    SELECT onlySuperUser();
 	FOR ii IN SELECT * FROM schedule.at as at, schedule.cron as cron WHERE cron.id = at.cron AND at.active LOOP
 		oo.cron = ii.id;
 		oo.node = ii.node;
@@ -922,14 +909,9 @@ $BODY$
 DECLARE
 	ii record;
 	oo schedule.cron_job;
-	is_superuser boolean;
 BEGIN
 	IF usename <> session_user THEN
-		EXECUTE 'SELECT usesuper FROM pg_user WHERE usename = session_user'
-			INTO is_superuser;
-		IF NOT is_superuser THEN
-			RAISE EXCEPTION 'access denied';
-		END IF;
+    	SELECT onlySuperUser();
 	END IF;
 
 	FOR ii IN SELECT * FROM schedule.at as at, schedule.cron as cron WHERE cron.executor = usename AND cron.id = at.cron AND at.active LOOP
@@ -983,15 +965,10 @@ $BODY$
 DECLARE
 	ii record;
 	oo schedule.cron_job;
-	is_superuser boolean;
 	sql_cmd text;
 BEGIN
 	IF usename <> session_user THEN
-		EXECUTE 'SELECT usesuper FROM pg_user WHERE usename = session_user'
-			INTO is_superuser;
-		IF NOT is_superuser THEN
-			RAISE EXCEPTION 'access denied';
-		END IF;
+    	SELECT onlySuperUser();
 	END IF;
 
 	IF usename = '___all___' THEN

src/sched_manager_poll.c

@@ -210,7 +210,7 @@ pid_t registerManagerWorker(schd_manager_t *man)
 	worker.bgw_flags = BGWORKER_SHMEM_ACCESS |
 		BGWORKER_BACKEND_DATABASE_CONNECTION;
 	worker.bgw_start_time = BgWorkerStart_ConsistentState;
-	worker.bgw_restart_time = 1; /* BGW_NEVER_RESTART; */
+	worker.bgw_restart_time = BGW_NEVER_RESTART;
 	worker.bgw_main = NULL;
 	worker.bgw_main_arg = UInt32GetDatum(dsm_segment_handle(man->shared));
 	sprintf(worker.bgw_library_name, "pgpro_scheduler");

src/scheduler_executor.c

@@ -213,7 +213,7 @@ int set_session_authorization(char *username, char **error)
 	Datum values[1];
 	bool is_superuser;
 	int ret;
-	char *sql = "select usesysid, usesuper from pg_catalog.pg_user where usename = $1";
+	char *sql = "select oid, rolsuper from pg_catalog.pg_roles where rolname = $1";
 	char buff[1024];
 
 	values[0] = CStringGetTextDatum(username);	

src/scheduler_manager.c

@@ -69,24 +69,26 @@ int checkSchedulerNamespace(void)
 	}
 	else if(count > 1 || count == 0 )
 	{
-		elog(LOG, "Scheduler manager: %s: cannot check namespace: found %d namespaces",
-											MyBgworkerEntry->bgw_name, count);
+		elog(LOG, "Scheduler manager: %s: cannot check namespace: "
+				  "found %d namespaces", MyBgworkerEntry->bgw_name, count);
 	}
 	else if(count == -2)
 	{
-		elog(LOG, "Scheduler manager: %s: cannot check namespace: count return null",
-											MyBgworkerEntry->bgw_name);
+		elog(LOG, "Scheduler manager: %s: cannot check namespace: "
+				  "count return null", MyBgworkerEntry->bgw_name);
 	}
 	else if(count != 1)
 	{
-		elog(ERROR, "Scheduler manager: %s: cannot check namespace: unknown error %d",
-											MyBgworkerEntry->bgw_name, count); 
+		elog(ERROR, "Scheduler manager: %s: cannot check namespace: "
+					"unknown error %d", MyBgworkerEntry->bgw_name, count); 
 	}
 
 	SPI_finish();
 	PopActiveSnapshot();
 	CommitTransactionCommand();
-	if(count) SetConfigOption("search_path", "schedule", PGC_USERSET, PGC_S_SESSION);
+	if(count) {
+		SetConfigOption("search_path", schema, PGC_USERSET, PGC_S_SESSION);
+	}
 
 	return count;
 }

src/scheduler_spi_utils.c

@@ -10,6 +10,41 @@
 #include "catalog/pg_type.h"
 #include "memutils.h"
 
+void START_SNAP(void)
+{
+	SetCurrentStatementStartTimestamp(); 
+	StartTransactionCommand(); 
+	PushActiveSnapshot(GetTransactionSnapshot());
+}
+
+void STOP_SNAP(void) 
+{
+	PopActiveSnapshot(); 
+	CommitTransactionCommand();
+}
+
+void START_SPI_SNAP(void)
+{
+	SetCurrentStatementStartTimestamp();
+	StartTransactionCommand();
+	PushActiveSnapshot(GetTransactionSnapshot());
+	SPI_connect();
+}
+
+void STOP_SPI_SNAP(void)
+{
+	SPI_finish();
+	PopActiveSnapshot(); 
+	CommitTransactionCommand();
+}
+
+void ABORT_SPI_SNAP(void) 
+{
+	PopActiveSnapshot();
+	AbortCurrentTransaction();
+	SPI_finish();
+}
+
 char *_copy_string(char *str)
 {
 	int len = strlen(str);
@@ -202,9 +237,12 @@ int execute_spi_sql_with_args(const char *sql, int n, Oid *argtypes, Datum *valu
 	int ret = -100;
 	ErrorData *edata;
 	MemoryContext old;
+	int errorSet = 0;
+	char other[100];
 
 	*error = NULL;
 
+
 	PG_TRY();
 	{
 		ret = SPI_execute_with_args(sql, n, argtypes, values, nulls, false, 0);
@@ -226,17 +264,43 @@ int execute_spi_sql_with_args(const char *sql, int n, Oid *argtypes, Datum *valu
 		{
 			*error = _copy_string("unknown error");
 		}
+		errorSet = 1;
 		FreeErrorData(edata);
 		MemoryContextSwitchTo(old);
 		FlushErrorState();
 	}
 	PG_END_TRY();
 
+	if(!errorSet && ret < 0)
+	{
+		if(ret == SPI_ERROR_CONNECT)
+		{
+			*error = _copy_string("Connection error");
+		}
+		else if(ret == SPI_ERROR_COPY)
+		{
+			*error = _copy_string("COPY error");
+		}
+		else if(ret == SPI_ERROR_OPUNKNOWN)
+		{
+			*error = _copy_string("SPI_ERROR_OPUNKNOWN");
+		}
+		else if(ret == SPI_ERROR_UNCONNECTED)
+		{
+			*error = _copy_string("Unconnected call");
+		}
+		else
+		{
+			sprintf(other, "error number: %d", ret);
+			*error = _copy_string(other);
+		}
+	}
+
 	return ret;
 }
 
 int execute_spi(const char *sql, char **error)
-{
+{	
 	return execute_spi_sql_with_args(sql, 0, NULL, NULL, NULL, error);
 }
 

src/scheduler_spi_utils.h

@@ -9,30 +9,11 @@
 
 #define select_count_sql(SQL) select_oneintvalue_sql(SQL, 0);
 
-#define START_SNAP() \
-    SetCurrentStatementStartTimestamp(); \
-	StartTransactionCommand(); \
-	PushActiveSnapshot(GetTransactionSnapshot());
-
-#define STOP_SNAP() \
-	PopActiveSnapshot(); \
-	CommitTransactionCommand(); 
-
-#define START_SPI_SNAP() \
-    SetCurrentStatementStartTimestamp(); \
-	StartTransactionCommand(); \
-	AssertState(SPI_connect() == SPI_OK_CONNECT); \
-	PushActiveSnapshot(GetTransactionSnapshot());
-
-#define STOP_SPI_SNAP() \
-	SPI_finish(); \
-	PopActiveSnapshot(); \
-	CommitTransactionCommand(); 
-
-#define ABORT_SPI_SNAP() \
-	PopActiveSnapshot(); \
-	AbortCurrentTransaction(); \
-	SPI_finish();
+void START_SNAP(void);
+void STOP_SNAP(void);
+void START_SPI_SNAP(void);
+void STOP_SPI_SNAP(void);
+void ABORT_SPI_SNAP(void);
 
 char *_copy_string(char *str);
 TimestampTz get_timestamp_from_spi(int row_n, int pos, TimestampTz def);