NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitbf03889

committed

GetUserId() changes to has_privs_of_role()

The pg_stat and pg_signal-related functions have been using GetUserId()instead of has_privs_of_role() for checking if the current user shouldbe able to see details in pg_stat_activity or signal other processes,requiring a user to do 'SET ROLE' for inheirited roles for a permissionscheck, unlike other permissions checks.This patch changes that behavior to, instead, act like most otherpermission checks and use has_privs_of_role(), removing the 'SET ROLE'need. Documentation and error messages updated accordingly.Per discussion with Alvaro, Peter, Adam (though not using Adam's patch),and Robert.Reviewed by Jeevan Chalke.

1 parent12968cf commitbf03889Copy full SHA for bf03889

File tree

3 files changed

+47

-24

lines changed

doc/src/sgml
- func.sgml
src/backend/utils/adt
- misc.c
- pgstatfuncs.c

3 files changed

+47

-24

lines changed

`‎doc/src/sgml/func.sgml`

Lines changed: 6 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -16328,9 +16328,9 @@ SELECT set_config('log_statement_stats', 'off', false);`
`16328`	`16328`	`<literal><function>pg_cancel_backend(<parameter>pid</parameter> <type>int</>)</function></literal>`
`16329`	`16329`	`</entry>`
`16330`	`16330`	`<entry><type>boolean</type></entry>`
`16331`		`- <entry>Cancel a backend's current query.You can execute this against`
`16332`		`-another backend that has exactlythesameroleas the user calling the`
`16333`		`-function. In all other cases, you must be asuperuser.`
	`16331`	`+ <entry>Cancel a backend's current query.This is also allowed if the`
	`16332`	`+calling role is a member ofthe rolewhose backend is being cancelled,`
	`16333`	`+however only superusers can cancelsuperuser backends.`
`16334`	`16334`	`</entry>`
`16335`	`16335`	`</row>`
`16336`	`16336`	`<row>`
`@@ -16352,10 +16352,9 @@ SELECT set_config('log_statement_stats', 'off', false);`
`16352`	`16352`	`<literal><function>pg_terminate_backend(<parameter>pid</parameter> <type>int</>)</function></literal>`
`16353`	`16353`	`</entry>`
`16354`	`16354`	`<entry><type>boolean</type></entry>`
`16355`		`- <entry>Terminate a backend. You can execute this against`
`16356`		`- another backend that has exactly the same role as the user`
`16357`		`- calling the function. In all other cases, you must be a`
`16358`		`- superuser.`
	`16355`	`+ <entry>Terminate a backend. This is also allowed if the calling role`
	`16356`	`+ is a member of the role whose backend is being terminated, however only`
	`16357`	`+ superusers can terminate superuser backends.`
`16359`	`16358`	`</entry>`
`16360`	`16359`	`</row>`
`16361`	`16360`	`</tbody>`

`‎src/backend/utils/adt/misc.c`

Lines changed: 31 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,7 @@`
`37`	`37`	`#include"utils/lsyscache.h"`
`38`	`38`	`#include"utils/ruleutils.h"`
`39`	`39`	`#include"tcop/tcopprot.h"`
	`40`	`+#include"utils/acl.h"`
`40`	`41`	`#include"utils/builtins.h"`
`41`	`42`	`#include"utils/timestamp.h"`
`42`	`43`
`@@ -81,14 +82,17 @@ current_query(PG_FUNCTION_ARGS)`
`81`	`82`	`* role as the backend being signaled. For "dangerous" signals, an explicit`
`82`	`83`	`* check for superuser needs to be done prior to calling this function.`
`83`	`84`	`*`
`84`		`- * Returns 0 on success, 1 on general failure, and 2 on permission error.`
	`85`	`+ * Returns 0 on success, 1 on general failure, 2 on normal permission error`
	`86`	`+ * and 3 if the caller needs to be a superuser.`
	`87`	`+ *`
`85`	`88`	`* In the event of a general failure (return code 1), a warning message will`
`86`	`89`	`* be emitted. For permission errors, doing that is the responsibility of`
`87`	`90`	`* the caller.`
`88`	`91`	`*/`
`89`	`92`	`#defineSIGNAL_BACKEND_SUCCESS 0`
`90`	`93`	`#defineSIGNAL_BACKEND_ERROR 1`
`91`	`94`	`#defineSIGNAL_BACKEND_NOPERMISSION 2`
	`95`	`+#defineSIGNAL_BACKEND_NOSUPERUSER 3`
`92`	`96`	`staticint`
`93`	`97`	`pg_signal_backend(intpid,intsig)`
`94`	`98`	`{`
`@@ -113,7 +117,12 @@ pg_signal_backend(int pid, int sig)`
`113`	`117`	`returnSIGNAL_BACKEND_ERROR;`
`114`	`118`	`}`
`115`	`119`
`116`		`-if (!(superuser()\|\|proc->roleId==GetUserId()))`
	`120`	`+/* Only allow superusers to signal superuser-owned backends. */`
	`121`	`+if (superuser_arg(proc->roleId)&& !superuser())`
	`122`	`+returnSIGNAL_BACKEND_NOSUPERUSER;`
	`123`	`+`
	`124`	`+/* Users can signal backends they have role membership in. */`
	`125`	`+if (!has_privs_of_role(GetUserId(),proc->roleId))`
`117`	`126`	`returnSIGNAL_BACKEND_NOPERMISSION;`
`118`	`127`
`119`	`128`	`/*`
`@@ -141,35 +150,49 @@ pg_signal_backend(int pid, int sig)`
`141`	`150`	`}`
`142`	`151`
`143`	`152`	`/*`
`144`		`- * Signal to cancel a backend process. This is allowed if you are superuser or`
`145`		`- * have the same role as the process being canceled.`
	`153`	`+ * Signal to cancel a backend process. This is allowed if you are a member of`
	`154`	`+ * the role whose process is being canceled.`
	`155`	`+ *`
	`156`	`+ * Note that only superusers can signal superuser-owned processes.`
`146`	`157`	`*/`
`147`	`158`	`Datum`
`148`	`159`	`pg_cancel_backend(PG_FUNCTION_ARGS)`
`149`	`160`	`{`
`150`	`161`	`intr=pg_signal_backend(PG_GETARG_INT32(0),SIGINT);`
`151`	`162`
	`163`	`+if (r==SIGNAL_BACKEND_NOSUPERUSER)`
	`164`	`+ereport(ERROR,`
	`165`	`+(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
	`166`	`+ (errmsg("must be a superuser to cancel superuser query"))));`
	`167`	`+`
`152`	`168`	`if (r==SIGNAL_BACKEND_NOPERMISSION)`
`153`	`169`	`ereport(ERROR,`
`154`	`170`	`(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
`155`		`- (errmsg("must besuperuser or have thesameroleto cancel queries running in other server processes"))));`
	`171`	`+ (errmsg("must bea member of the rolewhose query is being cancelled"))));`
`156`	`172`
`157`	`173`	`PG_RETURN_BOOL(r==SIGNAL_BACKEND_SUCCESS);`
`158`	`174`	`}`
`159`	`175`
`160`	`176`	`/*`
`161`		`- * Signal to terminate a backend process. This is allowed if you are superuser`
`162`		`- * or have the same role as the process being terminated.`
	`177`	`+ * Signal to terminate a backend process. This is allowed if you are a member`
	`178`	`+ * of the role whose process is being terminated.`
	`179`	`+ *`
	`180`	`+ * Note that only superusers can signal superuser-owned processes.`
`163`	`181`	`*/`
`164`	`182`	`Datum`
`165`	`183`	`pg_terminate_backend(PG_FUNCTION_ARGS)`
`166`	`184`	`{`
`167`	`185`	`intr=pg_signal_backend(PG_GETARG_INT32(0),SIGTERM);`
`168`	`186`
	`187`	`+if (r==SIGNAL_BACKEND_NOSUPERUSER)`
	`188`	`+ereport(ERROR,`
	`189`	`+(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
	`190`	`+ (errmsg("must be a superuser to terminate superuser process"))));`
	`191`	`+`
`169`	`192`	`if (r==SIGNAL_BACKEND_NOPERMISSION)`
`170`	`193`	`ereport(ERROR,`
`171`	`194`	`(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
`172`		`- (errmsg("must besuperuser or have thesameroleto terminate other server processes"))));`
	`195`	`+ (errmsg("must bea member of the rolewhose process is being terminated"))));`
`173`	`196`
`174`	`197`	`PG_RETURN_BOOL(r==SIGNAL_BACKEND_SUCCESS);`
`175`	`198`	`}`

`‎src/backend/utils/adt/pgstatfuncs.c`

Lines changed: 10 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@`
`20`	`20`	`#include"libpq/ip.h"`
`21`	`21`	`#include"miscadmin.h"`
`22`	`22`	`#include"pgstat.h"`
	`23`	`+#include"utils/acl.h"`
`23`	`24`	`#include"utils/builtins.h"`
`24`	`25`	`#include"utils/inet.h"`
`25`	`26`	`#include"utils/timestamp.h"`
`@@ -675,8 +676,8 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)`
`675`	`676`	`else`
`676`	`677`	`nulls[15]= true;`
`677`	`678`
`678`		`-/* Values only available tosame user or superuser */`
`679`		`-if (superuser()\|\|beentry->st_userid==GetUserId())`
	`679`	`+/* Values only available torole member */`
	`680`	`+if (has_privs_of_role(GetUserId(),beentry->st_userid))`
`680`	`681`	`{`
`681`	`682`	`SockAddrzero_clientaddr;`
`682`	`683`
`@@ -878,7 +879,7 @@ pg_stat_get_backend_activity(PG_FUNCTION_ARGS)`
`878`	`879`
`879`	`880`	`if ((beentry=pgstat_fetch_stat_beentry(beid))==NULL)`
`880`	`881`	`activity="<backend information not available>";`
`881`		`-elseif (!superuser()&&beentry->st_userid!=GetUserId())`
	`882`	`+elseif (!has_privs_of_role(GetUserId(),beentry->st_userid))`
`882`	`883`	`activity="<insufficient privilege>";`
`883`	`884`	`elseif (*(beentry->st_activity)=='\0')`
`884`	`885`	`activity="<command string not enabled>";`
`@@ -899,7 +900,7 @@ pg_stat_get_backend_waiting(PG_FUNCTION_ARGS)`
`899`	`900`	`if ((beentry=pgstat_fetch_stat_beentry(beid))==NULL)`
`900`	`901`	`PG_RETURN_NULL();`
`901`	`902`
`902`		`-if (!superuser()&&beentry->st_userid!=GetUserId())`
	`903`	`+if (!has_privs_of_role(GetUserId(),beentry->st_userid))`
`903`	`904`	`PG_RETURN_NULL();`
`904`	`905`
`905`	`906`	`result=beentry->st_waiting;`
`@@ -918,7 +919,7 @@ pg_stat_get_backend_activity_start(PG_FUNCTION_ARGS)`
`918`	`919`	`if ((beentry=pgstat_fetch_stat_beentry(beid))==NULL)`
`919`	`920`	`PG_RETURN_NULL();`
`920`	`921`
`921`		`-if (!superuser()&&beentry->st_userid!=GetUserId())`
	`922`	`+if (!has_privs_of_role(GetUserId(),beentry->st_userid))`
`922`	`923`	`PG_RETURN_NULL();`
`923`	`924`
`924`	`925`	`result=beentry->st_activity_start_timestamp;`
`@@ -944,7 +945,7 @@ pg_stat_get_backend_xact_start(PG_FUNCTION_ARGS)`
`944`	`945`	`if ((beentry=pgstat_fetch_stat_beentry(beid))==NULL)`
`945`	`946`	`PG_RETURN_NULL();`
`946`	`947`
`947`		`-if (!superuser()&&beentry->st_userid!=GetUserId())`
	`948`	`+if (!has_privs_of_role(GetUserId(),beentry->st_userid))`
`948`	`949`	`PG_RETURN_NULL();`
`949`	`950`
`950`	`951`	`result=beentry->st_xact_start_timestamp;`
`@@ -966,7 +967,7 @@ pg_stat_get_backend_start(PG_FUNCTION_ARGS)`
`966`	`967`	`if ((beentry=pgstat_fetch_stat_beentry(beid))==NULL)`
`967`	`968`	`PG_RETURN_NULL();`
`968`	`969`
`969`		`-if (!superuser()&&beentry->st_userid!=GetUserId())`
	`970`	`+if (!has_privs_of_role(GetUserId(),beentry->st_userid))`
`970`	`971`	`PG_RETURN_NULL();`
`971`	`972`
`972`	`973`	`result=beentry->st_proc_start_timestamp;`
`@@ -990,7 +991,7 @@ pg_stat_get_backend_client_addr(PG_FUNCTION_ARGS)`
`990`	`991`	`if ((beentry=pgstat_fetch_stat_beentry(beid))==NULL)`
`991`	`992`	`PG_RETURN_NULL();`
`992`	`993`
`993`		`-if (!superuser()&&beentry->st_userid!=GetUserId())`
	`994`	`+if (!has_privs_of_role(GetUserId(),beentry->st_userid))`
`994`	`995`	`PG_RETURN_NULL();`
`995`	`996`
`996`	`997`	`/* A zeroed client addr means we don't know */`
`@@ -1037,7 +1038,7 @@ pg_stat_get_backend_client_port(PG_FUNCTION_ARGS)`
`1037`	`1038`	`if ((beentry=pgstat_fetch_stat_beentry(beid))==NULL)`
`1038`	`1039`	`PG_RETURN_NULL();`
`1039`	`1040`
`1040`		`-if (!superuser()&&beentry->st_userid!=GetUserId())`
	`1041`	`+if (!has_privs_of_role(GetUserId(),beentry->st_userid))`
`1041`	`1042`	`PG_RETURN_NULL();`
`1042`	`1043`
`1043`	`1044`	`/* A zeroed client addr means we don't know */`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitbf03889

File tree

3 files changed

3 files changed

`‎doc/src/sgml/func.sgml`

`‎src/backend/utils/adt/misc.c`

`‎src/backend/utils/adt/pgstatfuncs.c`

0 commit comments