NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit0c8910a

committed

Teach SHOW ALL to honor pg_read_all_settings membership

Also, fix the pg_settings view to display source filename and linenumber when invoked by a pg_read_all_settings member. This addition byme (Álvaro).Also, fix wording of the comment in GetConfigOption regarding therestriction it implements, renaming the parameter for extra clarity.Noted by Michaël.These were all oversight in commit25fff40; backpatch to pg10,where that commit first appeared.Author: Laurenz AlbeReviewed-by: Michaël Paquier, Álvaro HerreraDiscussion:https://postgr.es/m/1519917758.6586.8.camel@cybertec.at

1 parentacad8b4 commit0c8910aCopy full SHA for 0c8910a

File tree

2 files changed

+11

-10

lines changed

src
- backend/utils/misc
  - guc.c
- include/utils
  - guc.h

2 files changed

+11

-10

lines changed

`‎src/backend/utils/misc/guc.c‎`

Lines changed: 10 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -6930,15 +6930,15 @@ SetConfigOption(const char name, const char value,`
`6930`	`6930`	`* this cannot be distinguished from a string variable with a NULL value!),`
`6931`	`6931`	`* otherwise throw an ereport and don't return.`
`6932`	`6932`	`*`
`6933`		`- * Ifrestrict_superuser is true, we also enforce that only superuserscan`
`6934`		`- *see GUC_SUPERUSER_ONLY variables. This should only be passed as true`
`6935`		`- * in user-driven calls.`
	`6933`	`+ * Ifrestrict_privileged is true, we also enforce that only superusersand`
	`6934`	`+ *members of the pg_read_all_settings role can see GUC_SUPERUSER_ONLY`
	`6935`	`+ *variables. This should only be passed as truein user-driven calls.`
`6936`	`6936`	`*`
`6937`	`6937`	`* The string is not allocated for modification and is really only`
`6938`	`6938`	`* valid until the next call to configuration related functions.`
`6939`	`6939`	`*/`
`6940`	`6940`	`constchar*`
`6941`		`-GetConfigOption(constchar*name,boolmissing_ok,boolrestrict_superuser)`
	`6941`	`+GetConfigOption(constchar*name,boolmissing_ok,boolrestrict_privileged)`
`6942`	`6942`	`{`
`6943`	`6943`	`structconfig_generic*record;`
`6944`	`6944`	`staticcharbuffer[256];`
`@@ -6953,7 +6953,7 @@ GetConfigOption(const char *name, bool missing_ok, bool restrict_superuser)`
`6953`	`6953`	`errmsg("unrecognized configuration parameter \"%s\"",`
`6954`	`6954`	`name)));`
`6955`	`6955`	`}`
`6956`		`-if (restrict_superuser&&`
	`6956`	`+if (restrict_privileged&&`
`6957`	`6957`	`(record->flags&GUC_SUPERUSER_ONLY)&&`
`6958`	`6958`	`!is_member_of_role(GetUserId(),DEFAULT_ROLE_READ_ALL_SETTINGS))`
`6959`	`6959`	`ereport(ERROR,`
`@@ -8242,7 +8242,6 @@ ShowGUCConfigOption(const char name, DestReceiver dest)`
`8242`	`8242`	`staticvoid`
`8243`	`8243`	`ShowAllGUCConfig(DestReceiver*dest)`
`8244`	`8244`	`{`
`8245`		`-boolam_superuser=superuser();`
`8246`	`8245`	`inti;`
`8247`	`8246`	`TupOutputState*tstate;`
`8248`	`8247`	`TupleDesctupdesc;`
`@@ -8267,7 +8266,8 @@ ShowAllGUCConfig(DestReceiver *dest)`
`8267`	`8266`	`char*setting;`
`8268`	`8267`
`8269`	`8268`	`if ((conf->flags&GUC_NO_SHOW_ALL)\|\|`
`8270`		`-((conf->flags&GUC_SUPERUSER_ONLY)&& !am_superuser))`
	`8269`	`+((conf->flags&GUC_SUPERUSER_ONLY)&&`
	`8270`	`+ !is_member_of_role(GetUserId(),DEFAULT_ROLE_READ_ALL_SETTINGS)))`
`8271`	`8271`	`continue;`
`8272`	`8272`
`8273`	`8273`	`/* assign to the values array */`
`@@ -8593,9 +8593,10 @@ GetConfigOptionByNum(int varnum, const char *values, bool noshow)`
`8593`	`8593`	`/*`
`8594`	`8594`	`* If the setting came from a config file, set the source location. For`
`8595`	`8595`	`* security reasons, we don't show source file/line number for`
`8596`		`- *non-superusers.`
	`8596`	`+ *insufficiently-privileged users.`
`8597`	`8597`	`*/`
`8598`		`-if (conf->source==PGC_S_FILE&&superuser())`
	`8598`	`+if (conf->source==PGC_S_FILE&&`
	`8599`	`+is_member_of_role(GetUserId(),DEFAULT_ROLE_READ_ALL_SETTINGS))`
`8599`	`8600`	`{`
`8600`	`8601`	`values[14]=conf->sourcefile;`
`8601`	`8602`	`snprintf(buffer,sizeof(buffer),"%d",conf->sourceline);`

`‎src/include/utils/guc.h‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -347,7 +347,7 @@ extern void DefineCustomEnumVariable(`
`347`	`347`	`externvoidEmitWarningsOnPlaceholders(constchar*className);`
`348`	`348`
`349`	`349`	`externconstcharGetConfigOption(constcharname,boolmissing_ok,`
`350`		`-boolrestrict_superuser);`
	`350`	`+boolrestrict_privileged);`
`351`	`351`	`externconstcharGetConfigOptionResetString(constcharname);`
`352`	`352`	`externintGetConfigOptionFlags(constchar*name,boolmissing_ok);`
`353`	`353`	`externvoidProcessConfigFile(GucContextcontext);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit0c8910a

File tree

2 files changed

2 files changed

`‎src/backend/utils/misc/guc.c‎`

`‎src/include/utils/guc.h‎`

0 commit comments