Skip to content

Commit d0bb665

Browse files
mhagandermhagander
committed
Allow pg_read_all_stats to access all stats views again
The views pg_stat_progress_* had not gotten the memo that pg_read_all_stats is supposed to be able to read all statistics. Also make a pass over all text-returning pg_stat_xyz functions that could return "insufficient privilege" and make sure they also respect pg_read_all_status. Reported-by: Andrey M. Borodin Reviewed-by: Andrey M. Borodin, Kyotaro Horiguchi Discussion: https://postgr.es/m/13145F2F-8458-4977-9D2D-7B2E862E5722@yandex-team.ru
1 parent 63ecdaf commit d0bb665

File tree

1 file changed

+12
-11
lines changed

1 file changed

+12
-11
lines changed

src/backend/utils/adt/pgstatfuncs.c

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,8 @@
3131

3232
#define UINT32_ACCESS_ONCE(var) ((uint32)(*((volatile uint32 *)&(var))))
3333

34+
#define HAS_PGSTAT_PERMISSIONS(role) (is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS) || has_privs_of_role(GetUserId(), role))
35+
3436
/* Global bgwriter statistics, from bgwriter.c */
3537
extern PgStat_MsgBgWriter bgwriterStats;
3638

@@ -512,7 +514,7 @@ pg_stat_get_progress_info(PG_FUNCTION_ARGS)
512514
values[1] = ObjectIdGetDatum(beentry->st_databaseid);
513515

514516
/* show rest of the values including relid only to role members */
515-
if (has_privs_of_role(GetUserId(), beentry->st_userid))
517+
if (HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
516518
{
517519
values[2] = ObjectIdGetDatum(beentry->st_progress_command_target);
518520
for (i = 0; i < PGSTAT_NUM_PROGRESS_PARAM; i++)
@@ -660,8 +662,7 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
660662
}
661663

662664
/* Values only available to role member or pg_read_all_stats */
663-
if (has_privs_of_role(GetUserId(), beentry->st_userid) ||
664-
is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS))
665+
if (HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
665666
{
666667
SockAddr zero_clientaddr;
667668

@@ -915,7 +916,7 @@ pg_stat_get_backend_activity(PG_FUNCTION_ARGS)
915916

916917
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
917918
activity = "<backend information not available>";
918-
else if (!has_privs_of_role(GetUserId(), beentry->st_userid))
919+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
919920
activity = "<insufficient privilege>";
920921
else if (*(beentry->st_activity) == '\0')
921922
activity = "<command string not enabled>";
@@ -935,7 +936,7 @@ pg_stat_get_backend_wait_event_type(PG_FUNCTION_ARGS)
935936

936937
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
937938
wait_event_type = "<backend information not available>";
938-
else if (!has_privs_of_role(GetUserId(), beentry->st_userid))
939+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
939940
wait_event_type = "<insufficient privilege>";
940941
else if ((proc = BackendPidGetProc(beentry->st_procpid)) != NULL)
941942
wait_event_type = pgstat_get_wait_event_type(proc->wait_event_info);
@@ -956,7 +957,7 @@ pg_stat_get_backend_wait_event(PG_FUNCTION_ARGS)
956957

957958
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
958959
wait_event = "<backend information not available>";
959-
else if (!has_privs_of_role(GetUserId(), beentry->st_userid))
960+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
960961
wait_event = "<insufficient privilege>";
961962
else if ((proc = BackendPidGetProc(beentry->st_procpid)) != NULL)
962963
wait_event = pgstat_get_wait_event(proc->wait_event_info);
@@ -978,7 +979,7 @@ pg_stat_get_backend_activity_start(PG_FUNCTION_ARGS)
978979
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
979980
PG_RETURN_NULL();
980981

981-
if (!has_privs_of_role(GetUserId(), beentry->st_userid))
982+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
982983
PG_RETURN_NULL();
983984

984985
result = beentry->st_activity_start_timestamp;
@@ -1004,7 +1005,7 @@ pg_stat_get_backend_xact_start(PG_FUNCTION_ARGS)
10041005
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
10051006
PG_RETURN_NULL();
10061007

1007-
if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1008+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
10081009
PG_RETURN_NULL();
10091010

10101011
result = beentry->st_xact_start_timestamp;
@@ -1026,7 +1027,7 @@ pg_stat_get_backend_start(PG_FUNCTION_ARGS)
10261027
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
10271028
PG_RETURN_NULL();
10281029

1029-
if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1030+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
10301031
PG_RETURN_NULL();
10311032

10321033
result = beentry->st_proc_start_timestamp;
@@ -1050,7 +1051,7 @@ pg_stat_get_backend_client_addr(PG_FUNCTION_ARGS)
10501051
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
10511052
PG_RETURN_NULL();
10521053

1053-
if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1054+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
10541055
PG_RETURN_NULL();
10551056

10561057
/* A zeroed client addr means we don't know */
@@ -1097,7 +1098,7 @@ pg_stat_get_backend_client_port(PG_FUNCTION_ARGS)
10971098
if ((beentry = pgstat_fetch_stat_beentry(beid)) == NULL)
10981099
PG_RETURN_NULL();
10991100

1100-
if (!has_privs_of_role(GetUserId(), beentry->st_userid))
1101+
else if (!HAS_PGSTAT_PERMISSIONS(beentry->st_userid))
11011102
PG_RETURN_NULL();
11021103

11031104
/* A zeroed client addr means we don't know */

0 commit comments

Comments
 (0)