Skip to content

Commit 7e4e574

Browse files
mhagandermhagander
committed
Allow pg_read_all_stats to access all stats views again
The views pg_stat_progress_* had not gotten the memo that pg_read_all_stats is supposed to be able to read all statistics. Also make a pass over all text-returning pg_stat_xyz functions that could return "insufficient privilege" and make sure they also respect pg_read_all_status. Reported-by: Andrey M. Borodin Reviewed-by: Andrey M. Borodin, Kyotaro Horiguchi Discussion: https://postgr.es/m/13145F2F-8458-4977-9D2D-7B2E862E5722@yandex-team.ru
1 parent 9aece5c commit 7e4e574

File tree

1 file changed

+12
-11
lines changed

1 file changed

+12
-11
lines changed

src/backend/utils/adt/pgstatfuncs.c

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,8 @@
3333

3434
#define UINT32_ACCESS_ONCE(var) ((uint32)(*((volatile uint32 *)&(var))))
3535

36+
#define HAS_PGSTAT_PERMISSIONS(role) (is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS) || has_privs_of_role(GetUserId(), role))
37+
3638
/* Global bgwriter statistics, from bgwriter.c */
3739
extern PgStat_MsgBgWriter bgwriterStats;
3840

@@ -537,7 +539,7 @@ pg_stat_get_progress_info(PG_FUNCTION_ARGS)
537539
values[1] = ObjectIdGetDatum(beentry->st_databaseid);
538540

539541
/* show rest of the values including relid only to role members */
540-
if (has_privs_of_role(GetUserId(), beentry->st_userid))
542+
if (HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
541543
{
542544
values[2] = ObjectIdGetDatum(beentry->st_progress_command_target);
543545
for (i = 0; i < PGSTAT_NUM_PROGRESS_PARAM; i++)
@@ -669,8 +671,7 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
669671
nulls[16] = true;
670672

671673
/* Values only available to role member or pg_read_all_stats */
672-
if (has_privs_of_role(GetUserId(), beentry->st_userid) ||
673-
is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS))
674+
if (HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
674675
{
675676
SockAddr zero_clientaddr;
676677
char *clipped_activity;
@@ -1007,7 +1008,7 @@ pg_stat_get_backend_activity(PG_FUNCTION_ARGS)
10071008

10081009
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
10091010
activity = "<backend information not available>";
1010-
else if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1011+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
10111012
activity = "<insufficient privilege>";
10121013
else if (*(beentry->st_activity_raw) == '\0')
10131014
activity = "<command string not enabled>";
@@ -1031,7 +1032,7 @@ pg_stat_get_backend_wait_event_type(PG_FUNCTION_ARGS)
10311032

10321033
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
10331034
wait_event_type = "<backend information not available>";
1034-
else if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1035+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
10351036
wait_event_type = "<insufficient privilege>";
10361037
else if ((proc = BackendPidGetProc(beentry->st_procpid)) != NULL)
10371038
wait_event_type = pgstat_get_wait_event_type(proc->wait_event_info);
@@ -1052,7 +1053,7 @@ pg_stat_get_backend_wait_event(PG_FUNCTION_ARGS)
10521053

10531054
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
10541055
wait_event = "<backend information not available>";
1055-
else if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1056+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
10561057
wait_event = "<insufficient privilege>";
10571058
else if ((proc = BackendPidGetProc(beentry->st_procpid)) != NULL)
10581059
wait_event = pgstat_get_wait_event(proc->wait_event_info);
@@ -1074,7 +1075,7 @@ pg_stat_get_backend_activity_start(PG_FUNCTION_ARGS)
10741075
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
10751076
PG_RETURN_NULL();
10761077

1077-
if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1078+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
10781079
PG_RETURN_NULL();
10791080

10801081
result = beentry->st_activity_start_timestamp;
@@ -1100,7 +1101,7 @@ pg_stat_get_backend_xact_start(PG_FUNCTION_ARGS)
11001101
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
11011102
PG_RETURN_NULL();
11021103

1103-
if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1104+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
11041105
PG_RETURN_NULL();
11051106

11061107
result = beentry->st_xact_start_timestamp;
@@ -1122,7 +1123,7 @@ pg_stat_get_backend_start(PG_FUNCTION_ARGS)
11221123
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
11231124
PG_RETURN_NULL();
11241125

1125-
if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1126+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
11261127
PG_RETURN_NULL();
11271128

11281129
result = beentry->st_proc_start_timestamp;
@@ -1146,7 +1147,7 @@ pg_stat_get_backend_client_addr(PG_FUNCTION_ARGS)
11461147
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
11471148
PG_RETURN_NULL();
11481149

1149-
if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1150+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
11501151
PG_RETURN_NULL();
11511152

11521153
/* A zeroed client addr means we don't know */
@@ -1193,7 +1194,7 @@ pg_stat_get_backend_client_port(PG_FUNCTION_ARGS)
11931194
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
11941195
PG_RETURN_NULL();
11951196

1196-
if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1197+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
11971198
PG_RETURN_NULL();
11981199

11991200
/* A zeroed client addr means we don't know */

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy