database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-21 15:54:08 +03:00
Code

Allow pg_read_all_stats to access all stats views again

Browse Source 
The views pg_stat_progress_* had not gotten the memo that
pg_read_all_stats is supposed to be able to read all statistics. Also
make a pass over all text-returning pg_stat_xyz functions that could
return "insufficient privilege" and make sure they also respect
pg_read_all_status.

Reported-by: Andrey M. Borodin
Reviewed-by: Andrey M. Borodin, Kyotaro Horiguchi
Discussion: https://postgr.es/m/13145F2F-8458-4977-9D2D-7B2E862E5722@yandex-team.ru
This commit is contained in:
Magnus Hagander 2020-04-20 12:53:40 +02:00
parent 63ecdaf758
commit d0bb66572e
1 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/backend/utils/adt/pgstatfuncs.c
View File

@ -31,6 +31,8 @@
#define UINT32_ACCESS_ONCE(var) ((uint32)(*((volatile uint32 *)&(var)))) #define UINT32_ACCESS_ONCE(var) ((uint32)(*((volatile uint32 *)&(var))))
#define HAS_PGSTAT_PERMISSIONS(role) (is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS) || has_privs_of_role(GetUserId(), role))
/* Global bgwriter statistics, from bgwriter.c */ /* Global bgwriter statistics, from bgwriter.c */
extern PgStat_MsgBgWriter bgwriterStats; extern PgStat_MsgBgWriter bgwriterStats;
@ -512,7 +514,7 @@ pg_stat_get_progress_info(PG_FUNCTION_ARGS)
values[1] = ObjectIdGetDatum(beentry->st_databaseid); values[1] = ObjectIdGetDatum(beentry->st_databaseid);
/* show rest of the values including relid only to role members */ /* show rest of the values including relid only to role members */
if (has_privs_of_role(GetUserId(), beentry->st_userid)) if (HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
{ {
values[2] = ObjectIdGetDatum(beentry->st_progress_command_target); values[2] = ObjectIdGetDatum(beentry->st_progress_command_target);
for (i = 0; i < PGSTAT_NUM_PROGRESS_PARAM; i++) for (i = 0; i < PGSTAT_NUM_PROGRESS_PARAM; i++)
@ -660,8 +662,7 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
} }
/* Values only available to role member or pg_read_all_stats */ /* Values only available to role member or pg_read_all_stats */
if (has_privs_of_role(GetUserId(), beentry->st_userid) || if (HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS))
{ {
SockAddr zero_clientaddr; SockAddr zero_clientaddr;
@ -915,7 +916,7 @@ pg_stat_get_backend_activity(PG_FUNCTION_ARGS)
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL) if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
activity = "<backend information not available>"; activity = "<backend information not available>";
else if (!has_privs_of_role(GetUserId(), beentry->st_userid)) else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
activity = "<insufficient privilege>"; activity = "<insufficient privilege>";
else if (*(beentry->st_activity) == '\0') else if (*(beentry->st_activity) == '\0')
activity = "<command string not enabled>"; activity = "<command string not enabled>";
@ -935,7 +936,7 @@ pg_stat_get_backend_wait_event_type(PG_FUNCTION_ARGS)
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL) if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
wait_event_type = "<backend information not available>"; wait_event_type = "<backend information not available>";
else if (!has_privs_of_role(GetUserId(), beentry->st_userid)) else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
wait_event_type = "<insufficient privilege>"; wait_event_type = "<insufficient privilege>";
else if ((proc = BackendPidGetProc(beentry->st_procpid)) != NULL) else if ((proc = BackendPidGetProc(beentry->st_procpid)) != NULL)
wait_event_type = pgstat_get_wait_event_type(proc->wait_event_info); wait_event_type = pgstat_get_wait_event_type(proc->wait_event_info);
@ -956,7 +957,7 @@ pg_stat_get_backend_wait_event(PG_FUNCTION_ARGS)
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL) if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
wait_event = "<backend information not available>"; wait_event = "<backend information not available>";
else if (!has_privs_of_role(GetUserId(), beentry->st_userid)) else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
wait_event = "<insufficient privilege>"; wait_event = "<insufficient privilege>";
else if ((proc = BackendPidGetProc(beentry->st_procpid)) != NULL) else if ((proc = BackendPidGetProc(beentry->st_procpid)) != NULL)
wait_event = pgstat_get_wait_event(proc->wait_event_info); wait_event = pgstat_get_wait_event(proc->wait_event_info);
@ -978,7 +979,7 @@ pg_stat_get_backend_activity_start(PG_FUNCTION_ARGS)
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL) if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
PG_RETURN_NULL(); PG_RETURN_NULL();
if (!has_privs_of_role(GetUserId(), beentry->st_userid)) else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
PG_RETURN_NULL(); PG_RETURN_NULL();
result = beentry->st_activity_start_timestamp; result = beentry->st_activity_start_timestamp;
@ -1004,7 +1005,7 @@ pg_stat_get_backend_xact_start(PG_FUNCTION_ARGS)
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL) if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
PG_RETURN_NULL(); PG_RETURN_NULL();
if (!has_privs_of_role(GetUserId(), beentry->st_userid)) else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
PG_RETURN_NULL(); PG_RETURN_NULL();
result = beentry->st_xact_start_timestamp; result = beentry->st_xact_start_timestamp;
@ -1026,7 +1027,7 @@ pg_stat_get_backend_start(PG_FUNCTION_ARGS)
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL) if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
PG_RETURN_NULL(); PG_RETURN_NULL();
if (!has_privs_of_role(GetUserId(), beentry->st_userid)) else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
PG_RETURN_NULL(); PG_RETURN_NULL();
result = beentry->st_proc_start_timestamp; result = beentry->st_proc_start_timestamp;
@ -1050,7 +1051,7 @@ pg_stat_get_backend_client_addr(PG_FUNCTION_ARGS)
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL) if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
PG_RETURN_NULL(); PG_RETURN_NULL();
if (!has_privs_of_role(GetUserId(), beentry->st_userid)) else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
PG_RETURN_NULL(); PG_RETURN_NULL();
/* A zeroed client addr means we don't know */ /* A zeroed client addr means we don't know */
@ -1097,7 +1098,7 @@ pg_stat_get_backend_client_port(PG_FUNCTION_ARGS)
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL) if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
PG_RETURN_NULL(); PG_RETURN_NULL();
if (!has_privs_of_role(GetUserId(), beentry->st_userid)) else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
PG_RETURN_NULL(); PG_RETURN_NULL();
/* A zeroed client addr means we don't know */ /* A zeroed client addr means we don't know */