NotificationsYou must be signed in to change notification settings
Fork28
Star153

Commit05f245a

Vladimir Ershov

committed

fix roles access && SPI_connect problem

1 parent4aa57e8 commit05f245aCopy full SHA for 05f245a

File tree

7 files changed

+124

-99

lines changed

7 files changed

+124

-99

lines changed

`‎pgpro_scheduler--1.0.sql‎`

Lines changed: 23 additions & 46 deletions

Original file line number	Diff line number	Diff line change
`@@ -111,6 +111,19 @@ CREATE TYPE schedule.cron_job AS(`
`111`	`111`	`-- FUNCTIONS --`
`112`	`112`	`---------------`
`113`	`113`
	`114`	`+CREATEFUNCTIONschedule.onlySuperUser() RETURNSbooleanAS`
	`115`	`+$BODY$`
	`116`	`+DECLARE`
	`117`	`+is_superuserboolean;`
	`118`	`+BEGIN`
	`119`	`+EXECUTE'SELECT rolsuper FROM pg_roles WHERE rolname = session_user'`
	`120`	`+INTO is_superuser;`
	`121`	`+IF NOT is_superuser THEN`
	`122`	`+RAISE EXCEPTION'access denied';`
	`123`	`+END IF;`
	`124`	`+END`
	`125`	`+$BODY$ LANGUAGE plpgsql;`
	`126`	`+`
`114`	`127`	`CREATEFUNCTIONschedule.on_cron_update() RETURNS TRIGGER`
`115`	`128`	`AS $BODY$`
`116`	`129`	`DECLARE`
`@@ -148,8 +161,8 @@ BEGIN`
`148`	`161`	`RAISE EXCEPTION'there is no such job with id %', jobId;`
`149`	`162`	`WHEN TOO_MANY_ROWS THEN`
`150`	`163`	`RAISE EXCEPTION'there are more than one job with id %', jobId;`
`151`		`- END;`
`152`		`- EXECUTE'SELECTusesuper FROMpg_user WHEREusename = session_user'`
	`164`	`+ END;`
	`165`	`+ EXECUTE'SELECTrolsuper FROMpg_roles WHERErolname = session_user'`
`153`	`166`	`INTO is_superuser;`
`154`	`167`	`IF is_superuser THEN`
`155`	`168`	`RETURN true;`
`@@ -306,7 +319,7 @@ BEGIN`
`306`	`319`	`IF params?'run_as'AND params->>'run_as'<>session_user THEN`
`307`	`320`	`executor := params->>'run_as';`
`308`	`321`	`BEGIN`
`309`		`-SELECT* INTO STRICT recFROMpg_userWHEREusename= executor;`
	`322`	`+SELECT* INTO STRICT recFROMpg_rolesWHERErolname= executor;`
`310`	`323`	`EXCEPTION`
`311`	`324`	`WHEN NO_DATA_FOUND THEN`
`312`	`325`	`RAISE EXCEPTION'there is no such user %', executor;`
`@@ -703,14 +716,9 @@ LANGUAGE plpgsql;`
`703`	`716`	`CREATEFUNCTIONschedule.clean_log() RETURNSINTAS`
`704`	`717`	$BODY$
`705`	`718`	`DECLARE`
`706`		`-is_superuserboolean;`
`707`	`719`	`cntinteger;`
`708`	`720`	`BEGIN`
`709`		`-EXECUTE'SELECT usesuper FROM pg_user WHERE usename = session_user'`
`710`		`-INTO is_superuser;`
`711`		`-IF NOT is_superuser THEN`
`712`		`-RAISE EXCEPTION'access denied';`
`713`		`-END IF;`
	`721`	`+SELECT onlySuperUser();`
`714`	`722`
`715`	`723`	`WITH aAS (DELETEFROMschedule.log RETURNING1)`
`716`	`724`	`SELECTcount(*) INTO cntFROM a;`
`@@ -742,13 +750,8 @@ $BODY$`
`742`	`750`	`DECLARE`
`743`	`751`	`iischedule.cron;`
`744`	`752`	`ooschedule.cron_rec;`
`745`		`-is_superuserboolean;`
`746`	`753`	`BEGIN`
`747`		`-EXECUTE'SELECT usesuper FROM pg_user WHERE usename = session_user'`
`748`		`-INTO is_superuser;`
`749`		`-IF NOT is_superuser THEN`
`750`		`-RAISE EXCEPTION'access denied: only superuser allowed';`
`751`		`-END IF;`
	`754`	`+SELECT onlySuperUser();`
`752`	`755`
`753`	`756`	`FOR iiINSELECT*FROMschedule.cron LOOP`
`754`	`757`	`oo :=schedule._make_cron_rec(ii);`
`@@ -781,14 +784,9 @@ $BODY$`
`781`	`784`	`DECLARE`
`782`	`785`	`iischedule.cron;`
`783`	`786`	`ooschedule.cron_rec;`
`784`		`-is_superuserboolean;`
`785`	`787`	`BEGIN`
`786`	`788`	`IF usename<>session_user THEN`
`787`		`-EXECUTE'SELECT usesuper FROM pg_user WHERE usename = session_user'`
`788`		`-INTO is_superuser;`
`789`		`-IF NOT is_superuser THEN`
`790`		`-RAISE EXCEPTION'access denied';`
`791`		`-END IF;`
	`789`	`+SELECT onlySuperUser();`
`792`	`790`	`END IF;`
`793`	`791`
`794`	`792`	`FOR iiINSELECT*FROMschedule.cronWHERE owner= usename LOOP`
`@@ -822,14 +820,9 @@ $BODY$`
`822`	`820`	`DECLARE`
`823`	`821`	`iischedule.cron;`
`824`	`822`	`ooschedule.cron_rec;`
`825`		`-is_superuserboolean;`
`826`	`823`	`BEGIN`
`827`	`824`	`IF usename<>session_user THEN`
`828`		`-EXECUTE'SELECT usesuper FROM pg_user WHERE usename = session_user'`
`829`		`-INTO is_superuser;`
`830`		`-IF NOT is_superuser THEN`
`831`		`-RAISE EXCEPTION'access denied';`
`832`		`-END IF;`
	`825`	`+SELECT onlySuperUser();`
`833`	`826`	`END IF;`
`834`	`827`
`835`	`828`	`FOR iiINSELECT*FROMschedule.cronWHERE executor= usename LOOP`
`@@ -847,7 +840,6 @@ $BODY$`
`847`	`840`	`DECLARE`
`848`	`841`	`ii record;`
`849`	`842`	`ooschedule.cron_job;`
`850`		`-is_superuserboolean;`
`851`	`843`	`BEGIN`
`852`	`844`	`FOR iiINSELECT*FROMschedule.atas at,schedule.cronas cronWHEREcron.executor=session_userANDcron.id=at.cronANDat.active LOOP`
`853`	`845`	`oo.cron=ii.id;`
`@@ -882,13 +874,8 @@ $BODY$`
`882`	`874`	`DECLARE`
`883`	`875`	`ii record;`
`884`	`876`	`ooschedule.cron_job;`
`885`		`-is_superuserboolean;`
`886`	`877`	`BEGIN`
`887`		`-EXECUTE'SELECT usesuper FROM pg_user WHERE usename = session_user'`
`888`		`-INTO is_superuser;`
`889`		`-IF NOT is_superuser THEN`
`890`		`-RAISE EXCEPTION'access denied';`
`891`		`-END IF;`
	`878`	`+SELECT onlySuperUser();`
`892`	`879`	`FOR iiINSELECT*FROMschedule.atas at,schedule.cronas cronWHEREcron.id=at.cronANDat.active LOOP`
`893`	`880`	`oo.cron=ii.id;`
`894`	`881`	`oo.node=ii.node;`
`@@ -922,14 +909,9 @@ $BODY$`
`922`	`909`	`DECLARE`
`923`	`910`	`ii record;`
`924`	`911`	`ooschedule.cron_job;`
`925`		`-is_superuserboolean;`
`926`	`912`	`BEGIN`
`927`	`913`	`IF usename<>session_user THEN`
`928`		`-EXECUTE'SELECT usesuper FROM pg_user WHERE usename = session_user'`
`929`		`-INTO is_superuser;`
`930`		`-IF NOT is_superuser THEN`
`931`		`-RAISE EXCEPTION'access denied';`
`932`		`-END IF;`
	`914`	`+SELECT onlySuperUser();`
`933`	`915`	`END IF;`
`934`	`916`
`935`	`917`	`FOR iiINSELECT*FROMschedule.atas at,schedule.cronas cronWHEREcron.executor= usenameANDcron.id=at.cronANDat.active LOOP`
`@@ -983,15 +965,10 @@ $BODY$`
`983`	`965`	`DECLARE`
`984`	`966`	`ii record;`
`985`	`967`	`ooschedule.cron_job;`
`986`		`-is_superuserboolean;`
`987`	`968`	`sql_cmdtext;`
`988`	`969`	`BEGIN`
`989`	`970`	`IF usename<>session_user THEN`
`990`		`-EXECUTE'SELECT usesuper FROM pg_user WHERE usename = session_user'`
`991`		`-INTO is_superuser;`
`992`		`-IF NOT is_superuser THEN`
`993`		`-RAISE EXCEPTION'access denied';`
`994`		`-END IF;`
	`971`	`+SELECT onlySuperUser();`
`995`	`972`	`END IF;`
`996`	`973`
`997`	`974`	`IF usename='___all___' THEN`

`‎src/sched_manager_poll.c‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -210,7 +210,7 @@ pid_t registerManagerWorker(schd_manager_t *man)`
`210`	`210`	`worker.bgw_flags=BGWORKER_SHMEM_ACCESS \|`
`211`	`211`	`BGWORKER_BACKEND_DATABASE_CONNECTION;`
`212`	`212`	`worker.bgw_start_time=BgWorkerStart_ConsistentState;`
`213`		`-worker.bgw_restart_time=1;/BGW_NEVER_RESTART; /`
	`213`	`+worker.bgw_restart_time=BGW_NEVER_RESTART;`
`214`	`214`	`worker.bgw_main=NULL;`
`215`	`215`	`worker.bgw_main_arg=UInt32GetDatum(dsm_segment_handle(man->shared));`
`216`	`216`	`sprintf(worker.bgw_library_name,"pgpro_scheduler");`

`‎src/scheduler_executor.c‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -213,7 +213,7 @@ int set_session_authorization(char username, char *error)`
`213`	`213`	`Datumvalues[1];`
`214`	`214`	`boolis_superuser;`
`215`	`215`	`intret;`
`216`		`-char*sql="selectusesysid, usesuper from pg_catalog.pg_user whereusename = $1";`
	`216`	`+char*sql="selectoid, rolsuper from pg_catalog.pg_roles whererolname = $1";`
`217`	`217`	`charbuff[1024];`
`218`	`218`
`219`	`219`	`values[0]=CStringGetTextDatum(username);`

`‎src/scheduler_manager.c‎`

Lines changed: 9 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -69,24 +69,26 @@ int checkSchedulerNamespace(void)`
`69`	`69`	`}`
`70`	`70`	`elseif(count>1\|\|count==0 )`
`71`	`71`	`{`
`72`		`-elog(LOG,"Scheduler manager: %s: cannot check namespace:found %d namespaces",`
`73`		`-MyBgworkerEntry->bgw_name,count);`
	`72`	`+elog(LOG,"Scheduler manager: %s: cannot check namespace:"`
	`73`	`+"found %d namespaces",MyBgworkerEntry->bgw_name,count);`
`74`	`74`	`}`
`75`	`75`	`elseif(count==-2)`
`76`	`76`	`{`
`77`		`-elog(LOG,"Scheduler manager: %s: cannot check namespace:count return null",`
`78`		`-MyBgworkerEntry->bgw_name);`
	`77`	`+elog(LOG,"Scheduler manager: %s: cannot check namespace:"`
	`78`	`+"count return null",MyBgworkerEntry->bgw_name);`
`79`	`79`	`}`
`80`	`80`	`elseif(count!=1)`
`81`	`81`	`{`
`82`		`-elog(ERROR,"Scheduler manager: %s: cannot check namespace:unknown error %d",`
`83`		`-MyBgworkerEntry->bgw_name,count);`
	`82`	`+elog(ERROR,"Scheduler manager: %s: cannot check namespace:"`
	`83`	`+"unknown error %d",MyBgworkerEntry->bgw_name,count);`
`84`	`84`	`}`
`85`	`85`
`86`	`86`	`SPI_finish();`
`87`	`87`	`PopActiveSnapshot();`
`88`	`88`	`CommitTransactionCommand();`
`89`		`-if(count)SetConfigOption("search_path","schedule",PGC_USERSET,PGC_S_SESSION);`
	`89`	`+if(count) {`
	`90`	`+SetConfigOption("search_path",schema,PGC_USERSET,PGC_S_SESSION);`
	`91`	`+}`
`90`	`92`
`91`	`93`	`returncount;`
`92`	`94`	`}`

`‎src/scheduler_spi_utils.c‎`

Lines changed: 65 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,41 @@`
`10`	`10`	`#include"catalog/pg_type.h"`
`11`	`11`	`#include"memutils.h"`
`12`	`12`
	`13`	`+voidSTART_SNAP(void)`
	`14`	`+{`
	`15`	`+SetCurrentStatementStartTimestamp();`
	`16`	`+StartTransactionCommand();`
	`17`	`+PushActiveSnapshot(GetTransactionSnapshot());`
	`18`	`+}`
	`19`	`+`
	`20`	`+voidSTOP_SNAP(void)`
	`21`	`+{`
	`22`	`+PopActiveSnapshot();`
	`23`	`+CommitTransactionCommand();`
	`24`	`+}`
	`25`	`+`
	`26`	`+voidSTART_SPI_SNAP(void)`
	`27`	`+{`
	`28`	`+SetCurrentStatementStartTimestamp();`
	`29`	`+StartTransactionCommand();`
	`30`	`+PushActiveSnapshot(GetTransactionSnapshot());`
	`31`	`+SPI_connect();`
	`32`	`+}`
	`33`	`+`
	`34`	`+voidSTOP_SPI_SNAP(void)`
	`35`	`+{`
	`36`	`+SPI_finish();`
	`37`	`+PopActiveSnapshot();`
	`38`	`+CommitTransactionCommand();`
	`39`	`+}`
	`40`	`+`
	`41`	`+voidABORT_SPI_SNAP(void)`
	`42`	`+{`
	`43`	`+PopActiveSnapshot();`
	`44`	`+AbortCurrentTransaction();`
	`45`	`+SPI_finish();`
	`46`	`+}`
	`47`	`+`
`13`	`48`	`char_copy_string(charstr)`
`14`	`49`	`{`
`15`	`50`	`intlen=strlen(str);`
`@@ -202,9 +237,12 @@ int execute_spi_sql_with_args(const char sql, int n, Oid argtypes, Datum *valu`
`202`	`237`	`intret=-100;`
`203`	`238`	`ErrorData*edata;`
`204`	`239`	`MemoryContextold;`
	`240`	`+interrorSet=0;`
	`241`	`+charother[100];`
`205`	`242`
`206`	`243`	`*error=NULL;`
`207`	`244`
	`245`	`+`
`208`	`246`	`PG_TRY();`
`209`	`247`	`{`
`210`	`248`	`ret=SPI_execute_with_args(sql,n,argtypes,values,nulls, false,0);`
`@@ -226,17 +264,43 @@ int execute_spi_sql_with_args(const char sql, int n, Oid argtypes, Datum *valu`
`226`	`264`	`{`
`227`	`265`	`*error=_copy_string("unknown error");`
`228`	`266`	`}`
	`267`	`+errorSet=1;`
`229`	`268`	`FreeErrorData(edata);`
`230`	`269`	`MemoryContextSwitchTo(old);`
`231`	`270`	`FlushErrorState();`
`232`	`271`	`}`
`233`	`272`	`PG_END_TRY();`
`234`	`273`
	`274`	`+if(!errorSet&&ret<0)`
	`275`	`+{`
	`276`	`+if(ret==SPI_ERROR_CONNECT)`
	`277`	`+{`
	`278`	`+*error=_copy_string("Connection error");`
	`279`	`+}`
	`280`	`+elseif(ret==SPI_ERROR_COPY)`
	`281`	`+{`
	`282`	`+*error=_copy_string("COPY error");`
	`283`	`+}`
	`284`	`+elseif(ret==SPI_ERROR_OPUNKNOWN)`
	`285`	`+{`
	`286`	`+*error=_copy_string("SPI_ERROR_OPUNKNOWN");`
	`287`	`+}`
	`288`	`+elseif(ret==SPI_ERROR_UNCONNECTED)`
	`289`	`+{`
	`290`	`+*error=_copy_string("Unconnected call");`
	`291`	`+}`
	`292`	`+else`
	`293`	`+{`
	`294`	`+sprintf(other,"error number: %d",ret);`
	`295`	`+*error=_copy_string(other);`
	`296`	`+}`
	`297`	`+}`
	`298`	`+`
`235`	`299`	`returnret;`
`236`	`300`	`}`
`237`	`301`
`238`	`302`	`intexecute_spi(constcharsql,char*error)`
`239`		`-{`
	`303`	`+{`
`240`	`304`	`returnexecute_spi_sql_with_args(sql,0,NULL,NULL,NULL,error);`
`241`	`305`	`}`
`242`	`306`

`‎src/scheduler_spi_utils.h‎`

Lines changed: 5 additions & 24 deletions

Original file line number	Diff line number	Diff line change
`@@ -9,30 +9,11 @@`
`9`	`9`
`10`	`10`	`#defineselect_count_sql(SQL) select_oneintvalue_sql(SQL, 0);`
`11`	`11`
`12`		`-#defineSTART_SNAP() \`
`13`		`- SetCurrentStatementStartTimestamp(); \`
`14`		`-StartTransactionCommand(); \`
`15`		`-PushActiveSnapshot(GetTransactionSnapshot());`
`16`		`-`
`17`		`-#defineSTOP_SNAP() \`
`18`		`-PopActiveSnapshot(); \`
`19`		`-CommitTransactionCommand();`
`20`		`-`
`21`		`-#defineSTART_SPI_SNAP() \`
`22`		`- SetCurrentStatementStartTimestamp(); \`
`23`		`-StartTransactionCommand(); \`
`24`		`-AssertState(SPI_connect() == SPI_OK_CONNECT); \`
`25`		`-PushActiveSnapshot(GetTransactionSnapshot());`
`26`		`-`
`27`		`-#defineSTOP_SPI_SNAP() \`
`28`		`-SPI_finish(); \`
`29`		`-PopActiveSnapshot(); \`
`30`		`-CommitTransactionCommand();`
`31`		`-`
`32`		`-#defineABORT_SPI_SNAP() \`
`33`		`-PopActiveSnapshot(); \`
`34`		`-AbortCurrentTransaction(); \`
`35`		`-SPI_finish();`
	`12`	`+voidSTART_SNAP(void);`
	`13`	`+voidSTOP_SNAP(void);`
	`14`	`+voidSTART_SPI_SNAP(void);`
	`15`	`+voidSTOP_SPI_SNAP(void);`
	`16`	`+voidABORT_SPI_SNAP(void);`
`36`	`17`
`37`	`18`	`char_copy_string(charstr);`
`38`	`19`	`TimestampTzget_timestamp_from_spi(introw_n,intpos,TimestampTzdef);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit05f245a

File tree

7 files changed

7 files changed

`‎pgpro_scheduler--1.0.sql‎`

`‎src/sched_manager_poll.c‎`

`‎src/scheduler_executor.c‎`

`‎src/scheduler_manager.c‎`

`‎src/scheduler_spi_utils.c‎`

`‎src/scheduler_spi_utils.h‎`

0 commit comments