mirror of
https://github.com/postgres/postgres.git
synced 2025-11-15 03:41:20 +03:00
Add is_superuser parameter reporting, soon to be used by psql.
This commit is contained in:
Tom Lane
@@ -9,7 +9,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.78 2003/06/06 16:25:35 tgl Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.79 2003/06/27 19:08:37 tgl Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -721,25 +721,29 @@ assign_client_encoding(const char *value, bool doit, bool interactive)
|
||||
* When resetting session auth after an error, we can't expect to do catalog
|
||||
* lookups. Hence, the stored form of the value must provide a numeric userid
|
||||
* that can be re-used directly. We store the string in the form of
|
||||
* NAMEDATALEN 'x's followed by the numeric userid --- this cannot conflict
|
||||
* with any valid user name, because of the NAMEDATALEN limit on names.
|
||||
* NAMEDATALEN 'x's, followed by T or F to indicate superuserness, followed
|
||||
* by the numeric userid --- this cannot conflict with any valid user name,
|
||||
* because of the NAMEDATALEN limit on names.
|
||||
*/
|
||||
const char *
|
||||
assign_session_authorization(const char *value, bool doit, bool interactive)
|
||||
{
|
||||
AclId usesysid = 0;
|
||||
bool is_superuser = false;
|
||||
char *result;
|
||||
|
||||
if (strspn(value, "x") == NAMEDATALEN)
|
||||
if (strspn(value, "x") == NAMEDATALEN &&
|
||||
(value[NAMEDATALEN] == 'T' || value[NAMEDATALEN] == 'F'))
|
||||
{
|
||||
/* might be a saved numeric userid */
|
||||
char *endptr;
|
||||
|
||||
usesysid = (AclId) strtoul(value + NAMEDATALEN, &endptr, 10);
|
||||
usesysid = (AclId) strtoul(value + NAMEDATALEN + 1, &endptr, 10);
|
||||
|
||||
if (endptr != value + NAMEDATALEN && *endptr == '\0')
|
||||
if (endptr != value + NAMEDATALEN + 1 && *endptr == '\0')
|
||||
{
|
||||
/* syntactically valid, so use the numeric user ID */
|
||||
/* syntactically valid, so use the numeric user ID and flag */
|
||||
is_superuser = (value[NAMEDATALEN] == 'T');
|
||||
}
|
||||
else
|
||||
usesysid = 0;
|
||||
@@ -771,12 +775,13 @@ assign_session_authorization(const char *value, bool doit, bool interactive)
|
||||
}
|
||||
|
||||
usesysid = ((Form_pg_shadow) GETSTRUCT(userTup))->usesysid;
|
||||
|
||||
is_superuser = ((Form_pg_shadow) GETSTRUCT(userTup))->usesuper;
|
||||
|
||||
ReleaseSysCache(userTup);
|
||||
}
|
||||
|
||||
if (doit)
|
||||
SetSessionAuthorization(usesysid);
|
||||
SetSessionAuthorization(usesysid, is_superuser);
|
||||
|
||||
result = (char *) malloc(NAMEDATALEN + 32);
|
||||
if (!result)
|
||||
@@ -784,7 +789,9 @@ assign_session_authorization(const char *value, bool doit, bool interactive)
|
||||
|
||||
memset(result, 'x', NAMEDATALEN);
|
||||
|
||||
snprintf(result + NAMEDATALEN, 32, "%lu", (unsigned long) usesysid);
|
||||
snprintf(result + NAMEDATALEN, 32, "%c%lu",
|
||||
is_superuser ? 'T' : 'F',
|
||||
(unsigned long) usesysid);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.103 2003/06/27 14:45:30 petere Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.104 2003/06/27 19:08:37 tgl Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -553,9 +553,12 @@ InitializeSessionUserId(const char *username)
|
||||
|
||||
SetSessionUserId(usesysid); /* sets CurrentUserId too */
|
||||
|
||||
/* Record username as a config option too */
|
||||
/* Record username and superuser status as GUC settings too */
|
||||
SetConfigOption("session_authorization", username,
|
||||
PGC_BACKEND, PGC_S_OVERRIDE);
|
||||
SetConfigOption("is_superuser",
|
||||
AuthenticatedUserIsSuperuser ? "on" : "off",
|
||||
PGC_INTERNAL, PGC_S_OVERRIDE);
|
||||
|
||||
/*
|
||||
* Set up user-specific configuration variables. This is a good place
|
||||
@@ -594,10 +597,13 @@ InitializeSessionUserIdStandalone(void)
|
||||
/*
|
||||
* Change session auth ID while running
|
||||
*
|
||||
* Only a superuser may set auth ID to something other than himself.
|
||||
* Only a superuser may set auth ID to something other than himself. Note
|
||||
* that in case of multiple SETs in a single session, the original userid's
|
||||
* superuserness is what matters. But we set the GUC variable is_superuser
|
||||
* to indicate whether the *current* session userid is a superuser.
|
||||
*/
|
||||
void
|
||||
SetSessionAuthorization(AclId userid)
|
||||
SetSessionAuthorization(AclId userid, bool is_superuser)
|
||||
{
|
||||
/* Must have authenticated already, else can't make permission check */
|
||||
AssertState(AclIdIsValid(AuthenticatedUserId));
|
||||
@@ -608,6 +614,10 @@ SetSessionAuthorization(AclId userid)
|
||||
|
||||
SetSessionUserId(userid);
|
||||
SetUserId(userid);
|
||||
|
||||
SetConfigOption("is_superuser",
|
||||
is_superuser ? "on" : "off",
|
||||
PGC_INTERNAL, PGC_S_OVERRIDE);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -16,9 +16,12 @@
|
||||
## if an option is valid but shows up in only one file (guc.c but not
|
||||
## postgresql.conf.sample), it should be listed here so that it
|
||||
## can be ignored
|
||||
INTENTIONALLY_NOT_INCLUDED="pre_auth_delay lc_messages lc_monetary \
|
||||
lc_numeric lc_time seed server_encoding session_authorization \
|
||||
transaction_isolation transaction_read_only zero_damaged_pages"
|
||||
INTENTIONALLY_NOT_INCLUDED="autocommit debug_deadlocks exit_on_error \
|
||||
is_superuser lc_collate lc_ctype lc_messages lc_monetary lc_numeric lc_time \
|
||||
pre_auth_delay seed server_encoding server_version session_authorization \
|
||||
trace_lock_oidmin trace_lock_table trace_locks trace_lwlocks trace_notify \
|
||||
trace_userlocks transaction_isolation transaction_read_only \
|
||||
zero_damaged_pages"
|
||||
|
||||
### What options are listed in postgresql.conf.sample, but don't appear
|
||||
### in guc.c?
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
* Written by Peter Eisentraut <peter_e@gmx.net>.
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.131 2003/06/11 22:13:22 momjian Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.132 2003/06/27 19:08:38 tgl Exp $
|
||||
*
|
||||
*--------------------------------------------------------------------
|
||||
*/
|
||||
@@ -138,6 +138,7 @@ static char *log_min_error_statement_str;
|
||||
static char *log_min_messages_str;
|
||||
static char *client_min_messages_str;
|
||||
static bool phony_autocommit;
|
||||
static bool session_auth_is_superuser;
|
||||
static double phony_random_seed;
|
||||
static char *client_encoding_string;
|
||||
static char *datestyle_string;
|
||||
@@ -361,6 +362,13 @@ static struct config_bool
|
||||
true, NULL, NULL
|
||||
},
|
||||
|
||||
/* Not for general use --- used by SET SESSION AUTHORIZATION */
|
||||
{
|
||||
{"is_superuser", PGC_INTERNAL, GUC_REPORT | GUC_NO_SHOW_ALL | GUC_NO_RESET_ALL},
|
||||
&session_auth_is_superuser,
|
||||
false, NULL, NULL
|
||||
},
|
||||
|
||||
{
|
||||
{"tcpip_socket", PGC_POSTMASTER}, &NetServer,
|
||||
false, NULL, NULL
|
||||
@@ -894,6 +902,7 @@ static struct config_string
|
||||
"SQL_ASCII", NULL, NULL
|
||||
},
|
||||
|
||||
/* Can't be set in postgresql.conf */
|
||||
{
|
||||
{"server_version", PGC_INTERNAL, GUC_REPORT},
|
||||
&server_version_string,
|
||||
|
||||
Reference in New Issue
Block a user