Re: [HACKERS] alter user set local_preload_libraries.

Thu, 09 Oct 2014 10:59:54 -0700 

On Mon, Sep 15, 2014 at 1:33 AM, Tom Lane <t...@sss.pgh.pa.us> wrote:
> Peter Eisentraut <pete...@gmx.net> writes:
>> On 9/1/14 7:51 AM, Kyotaro HORIGUCHI wrote:
>>> The attached patch simply changes the context for local_... to
>>> PGC_USERSET and edits the doc.
>
>> I had this ready to commit, but then
>
>>     Invent PGC_SU_BACKEND and mark log_connections/log_disconnections
>> that way.
>
>> was committed in the meantime.
>
>> Does this affect what we should do with this change?
>
>> I guess one thing to look into would be whether we could leave
>> local_preload_libraries as PGC_BACKEND and change
>> session_preload_libraries to PGC_SU_BACKEND, and then investigate
>> whether we could allow settings made with ALTER ROLE / SET to change
>> PGC_BACKEND settings.
>
> Yeah, I was wondering about that while I was making the other commit.
> I did not touch those variables at the time, but it would make sense
> to restrict them as you suggest.

+1

Also I think that it's useful to allow ALTER ROLE/DATABASE SET to
set PGC_BACKEND and PGC_SU_BACKEND parameters. So, what
about applying the attached patch? This patch allows that and
changes the context of session_preload_libraries to PGC_SU_BACKEND.

Regards,

-- 
Fujii Masao

*** a/doc/src/sgml/config.sgml
--- b/doc/src/sgml/config.sgml
***************
*** 6260,6266 **** SET XML OPTION { DOCUMENT | CONTENT };
        <listitem>
         <para>
          This variable specifies one or more shared libraries that are to be
!         preloaded at connection start.  Only superusers can change this setting.
          The parameter value only takes effect at the start of the connection.
          Subsequent changes have no effect.  If a specified library is not
          found, the connection attempt will fail.
--- 6260,6267 ----
        <listitem>
         <para>
          This variable specifies one or more shared libraries that are to be
!         preloaded at connection start.  Only superusers can change this setting
!         at session start.
          The parameter value only takes effect at the start of the connection.
          Subsequent changes have no effect.  If a specified library is not
          found, the connection attempt will fail.
*** a/src/backend/utils/misc/guc.c
--- b/src/backend/utils/misc/guc.c
***************
*** 2892,2898 **** static struct config_string ConfigureNamesString[] =
  	},
  
  	{
! 		{"session_preload_libraries", PGC_SUSET, CLIENT_CONN_PRELOAD,
  			gettext_noop("Lists shared libraries to preload into each backend."),
  			NULL,
  			GUC_LIST_INPUT | GUC_LIST_QUOTE | GUC_SUPERUSER_ONLY
--- 2892,2898 ----
  	},
  
  	{
! 		{"session_preload_libraries", PGC_SU_BACKEND, CLIENT_CONN_PRELOAD,
  			gettext_noop("Lists shared libraries to preload into each backend."),
  			NULL,
  			GUC_LIST_INPUT | GUC_LIST_QUOTE | GUC_SUPERUSER_ONLY
***************
*** 5756,5762 **** set_config_option(const char *name, const char *value,
  			else if (context != PGC_POSTMASTER &&
  					 context != PGC_BACKEND &&
  					 context != PGC_SU_BACKEND &&
! 					 source != PGC_S_CLIENT)
  			{
  				ereport(elevel,
  						(errcode(ERRCODE_CANT_CHANGE_RUNTIME_PARAM),
--- 5756,5766 ----
  			else if (context != PGC_POSTMASTER &&
  					 context != PGC_BACKEND &&
  					 context != PGC_SU_BACKEND &&
! 					 source != PGC_S_CLIENT &&
! 					 source != PGC_S_DATABASE_USER &&
! 					 source != PGC_S_USER &&
! 					 source != PGC_S_DATABASE &&
! 					 source != PGC_S_GLOBAL)
  			{
  				ereport(elevel,
  						(errcode(ERRCODE_CANT_CHANGE_RUNTIME_PARAM),
***************
*** 8820,8827 **** validate_option_array_item(const char *name, const char *value,
  	 * There are three cases to consider:
  	 *
  	 * name is a known GUC variable.  Check the value normally, check
! 	 * permissions normally (ie, allow if variable is USERSET, or if it's
! 	 * SUSET and user is superuser).
  	 *
  	 * name is not known, but exists or can be created as a placeholder (i.e.,
  	 * it has a prefixed name).  We allow this case if you're a superuser,
--- 8824,8831 ----
  	 * There are three cases to consider:
  	 *
  	 * name is a known GUC variable.  Check the value normally, check
! 	 * permissions normally (ie, allow if variable is USERSET/BACKEND,
! 	 * or if it's SUSET/SU_BACKEND and user is superuser).
  	 *
  	 * name is not known, but exists or can be created as a placeholder (i.e.,
  	 * it has a prefixed name).  We allow this case if you're a superuser,
***************
*** 8861,8877 **** validate_option_array_item(const char *name, const char *value,
  	}
  
  	/* manual permissions check so we can avoid an error being thrown */
! 	if (gconf->context == PGC_USERSET)
  		 /* ok */ ;
! 	else if (gconf->context == PGC_SUSET && superuser())
  		 /* ok */ ;
  	else if (skipIfNoPermissions)
  		return false;
  	/* if a permissions error should be thrown, let set_config_option do it */
  
! 	/* test for permissions and valid option value */
  	(void) set_config_option(name, value,
! 							 superuser() ? PGC_SUSET : PGC_USERSET,
  							 PGC_S_TEST, GUC_ACTION_SET, false, 0);
  
  	return true;
--- 8865,8888 ----
  	}
  
  	/* manual permissions check so we can avoid an error being thrown */
! 	if (gconf->context == PGC_USERSET || gconf->context == PGC_BACKEND)
  		 /* ok */ ;
! 	else if ((gconf->context == PGC_SUSET ||
! 			  gconf->context == PGC_SU_BACKEND) &&
! 			 superuser())
  		 /* ok */ ;
  	else if (skipIfNoPermissions)
  		return false;
  	/* if a permissions error should be thrown, let set_config_option do it */
  
! 	/*
! 	 * Test for permissions and valid option value. Use PGC_BACKEND or
! 	 * PGC_SU_BACKEND as the context so that this test can validate
! 	 * PGC_USERSET, PGC_SUSET, PGC_BACKEND and PGC_SU_BACKEND
! 	 * parameters.
! 	 */
  	(void) set_config_option(name, value,
! 							 superuser() ? PGC_SU_BACKEND : PGC_BACKEND,
  							 PGC_S_TEST, GUC_ACTION_SET, false, 0);
  
  	return true;
*** a/src/bin/psql/tab-complete.c
--- b/src/bin/psql/tab-complete.c
***************
*** 560,565 **** static const SchemaQuery Query_for_list_of_matviews = {
--- 560,573 ----
  "  UNION ALL SELECT 'all') ss "\
  " WHERE substring(name,1,%d)='%s'"
  
+ #define Query_for_list_of_set_vars_in_db_role \
+ "SELECT name FROM "\
+ " (SELECT pg_catalog.lower(name) AS name FROM pg_catalog.pg_settings "\
+ "  WHERE context IN ('user', 'superuser', 'backend', 'superuser-backend')"\
+ "  UNION ALL SELECT 'tablespace' "\
+ "  UNION ALL SELECT 'all') ss "\
+ " WHERE substring(name,1,%d)='%s'"
+ 
  #define Query_for_list_of_show_vars \
  "SELECT name FROM "\
  " (SELECT pg_catalog.lower(name) AS name FROM pg_catalog.pg_settings "\
***************
*** 3385,3390 **** psql_completion(const char *text, int start, int end)
--- 3393,3403 ----
  
  /* SET, RESET, SHOW */
  	/* Complete with a variable name */
+ 	else if ((pg_strcasecmp(prev_wd, "SET") == 0 ||
+ 			  pg_strcasecmp(prev_wd, "RESET") == 0) &&
+ 			 (pg_strcasecmp(prev3_wd, "DATABASE") == 0 ||
+ 			  pg_strcasecmp(prev3_wd, "ROLE") == 0))
+ 		COMPLETE_WITH_QUERY(Query_for_list_of_set_vars_in_db_role);
  	else if ((pg_strcasecmp(prev_wd, "SET") == 0 &&
  			  pg_strcasecmp(prev3_wd, "UPDATE") != 0) ||
  			 pg_strcasecmp(prev_wd, "RESET") == 0)
*** a/src/test/regress/expected/alter_generic.out
--- b/src/test/regress/expected/alter_generic.out
***************
*** 679,681 **** drop cascades to text search parser alt_ts_prs2
--- 679,699 ----
  DROP USER regtest_alter_user1;
  DROP USER regtest_alter_user2;
  DROP USER regtest_alter_user3;
+ --
+ -- Text ALTER ROLE SET
+ --
+ CREATE ROLE settest_alter_user NOSUPERUSER;
+ ALTER ROLE settest_alter_user SET enable_bitmapscan TO off; -- OK
+ ALTER ROLE settest_alter_user SET log_disconnections TO on; -- OK
+ ALTER ROLE settest_alter_user SET log_checkpoints TO on; -- failed
+ ERROR:  parameter "log_checkpoints" cannot be changed now
+ SET SESSION AUTHORIZATION settest_alter_user;
+ ALTER ROLE settest_alter_user SET log_connections TO on; -- failed
+ ERROR:  permission denied to set parameter "log_connections"
+ SELECT rolconfig FROM pg_roles WHERE rolname = current_user;
+                    rolconfig                   
+ -----------------------------------------------
+  {enable_bitmapscan=off,log_disconnections=on}
+ (1 row)
+ 
+ \c -
*** a/src/test/regress/sql/alter_generic.sql
--- b/src/test/regress/sql/alter_generic.sql
***************
*** 553,555 **** DROP SCHEMA alt_nsp2 CASCADE;
--- 553,568 ----
  DROP USER regtest_alter_user1;
  DROP USER regtest_alter_user2;
  DROP USER regtest_alter_user3;
+ 
+ --
+ -- Text ALTER ROLE SET
+ --
+ 
+ CREATE ROLE settest_alter_user NOSUPERUSER;
+ ALTER ROLE settest_alter_user SET enable_bitmapscan TO off; -- OK
+ ALTER ROLE settest_alter_user SET log_disconnections TO on; -- OK
+ ALTER ROLE settest_alter_user SET log_checkpoints TO on; -- failed
+ SET SESSION AUTHORIZATION settest_alter_user;
+ ALTER ROLE settest_alter_user SET log_connections TO on; -- failed
+ SELECT rolconfig FROM pg_roles WHERE rolname = current_user;
+ \c -

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to