aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/backend/utils/misc/guc.c68
-rw-r--r--src/include/utils/guc.h4
-rw-r--r--src/include/utils/guc_tables.h6
3 files changed, 53 insertions, 25 deletions
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index 5b5a2a309f6..366ef77cf62 100644
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -10,7 +10,7 @@
* Written by Peter Eisentraut <peter_e@gmx.net>.
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.245 2004/10/17 22:01:51 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.246 2004/10/22 19:48:19 tgl Exp $
*
*--------------------------------------------------------------------
*/
@@ -1522,7 +1522,8 @@ static struct config_string ConfigureNamesString[] =
gettext_noop("If a dynamically loadable module needs to be opened and "
"the specified name does not have a directory component (i.e., the "
"name does not contain a slash), the system will search this path for "
- "the specified file.")
+ "the specified file."),
+ GUC_SUPERUSER_ONLY
},
&Dynamic_library_path,
"$libdir", NULL, NULL
@@ -1531,7 +1532,8 @@ static struct config_string ConfigureNamesString[] =
{
{"krb_server_keyfile", PGC_POSTMASTER, CONN_AUTH_SECURITY,
gettext_noop("Sets the location of the Kerberos server key file."),
- NULL
+ NULL,
+ GUC_SUPERUSER_ONLY
},
&pg_krb_server_keyfile,
PG_KRB_SRVTAB, NULL, NULL
@@ -1608,7 +1610,7 @@ static struct config_string ConfigureNamesString[] =
{"preload_libraries", PGC_POSTMASTER, RESOURCES_KERNEL,
gettext_noop("Lists shared libraries to preload into server."),
NULL,
- GUC_LIST_INPUT | GUC_LIST_QUOTE
+ GUC_LIST_INPUT | GUC_LIST_QUOTE | GUC_SUPERUSER_ONLY
},
&preload_libraries_string,
"", NULL, NULL
@@ -1680,7 +1682,8 @@ static struct config_string ConfigureNamesString[] =
{"log_directory", PGC_SIGHUP, LOGGING_WHERE,
gettext_noop("Sets the destination directory for log files."),
gettext_noop("May be specified as relative to the data directory "
- "or as absolute path.")
+ "or as absolute path."),
+ GUC_SUPERUSER_ONLY
},
&Log_directory,
"pg_log", assign_canonical_path, NULL
@@ -1688,7 +1691,8 @@ static struct config_string ConfigureNamesString[] =
{
{"log_filename", PGC_SIGHUP, LOGGING_WHERE,
gettext_noop("Sets the file name pattern for log files."),
- NULL
+ NULL,
+ GUC_SUPERUSER_ONLY
},
&Log_filename,
"postgresql-%Y-%m-%d_%H%M%S.log", NULL, NULL
@@ -1747,7 +1751,8 @@ static struct config_string ConfigureNamesString[] =
{
{"unix_socket_directory", PGC_POSTMASTER, CONN_AUTH_SETTINGS,
gettext_noop("Sets the directory where the Unix-domain socket will be created."),
- NULL
+ NULL,
+ GUC_SUPERUSER_ONLY
},
&UnixSocketDir,
"", assign_canonical_path, NULL
@@ -1774,7 +1779,7 @@ static struct config_string ConfigureNamesString[] =
{
{"custom_variable_classes", PGC_POSTMASTER, RESOURCES_KERNEL,
- gettext_noop("Sets the list of known custom variable classes"),
+ gettext_noop("Sets the list of known custom variable classes."),
NULL,
GUC_LIST_INPUT | GUC_LIST_QUOTE
},
@@ -1785,7 +1790,8 @@ static struct config_string ConfigureNamesString[] =
{
{"data_directory", PGC_POSTMASTER, FILE_LOCATIONS,
gettext_noop("Sets the server's data directory."),
- NULL
+ NULL,
+ GUC_SUPERUSER_ONLY
},
&data_directory,
NULL, NULL, NULL
@@ -1795,7 +1801,7 @@ static struct config_string ConfigureNamesString[] =
{"config_file", PGC_POSTMASTER, FILE_LOCATIONS,
gettext_noop("Sets the server's main configuration file."),
NULL,
- GUC_DISALLOW_IN_FILE
+ GUC_DISALLOW_IN_FILE | GUC_SUPERUSER_ONLY
},
&ConfigFileName,
NULL, NULL, NULL
@@ -1804,7 +1810,8 @@ static struct config_string ConfigureNamesString[] =
{
{"hba_file", PGC_POSTMASTER, FILE_LOCATIONS,
gettext_noop("Sets the server's \"hba\" configuration file"),
- NULL
+ NULL,
+ GUC_SUPERUSER_ONLY
},
&HbaFileName,
NULL, NULL, NULL
@@ -1813,7 +1820,8 @@ static struct config_string ConfigureNamesString[] =
{
{"ident_file", PGC_POSTMASTER, FILE_LOCATIONS,
gettext_noop("Sets the server's \"ident\" configuration file"),
- NULL
+ NULL,
+ GUC_SUPERUSER_ONLY
},
&IdentFileName,
NULL, NULL, NULL
@@ -1822,7 +1830,8 @@ static struct config_string ConfigureNamesString[] =
{
{"external_pid_file", PGC_POSTMASTER, FILE_LOCATIONS,
gettext_noop("Writes the postmaster PID to the specified file."),
- NULL
+ NULL,
+ GUC_SUPERUSER_ONLY
},
&external_pid_file,
NULL, assign_canonical_path, NULL
@@ -1874,6 +1883,8 @@ static int guc_var_compare(const void *a, const void *b);
static int guc_name_compare(const char *namea, const char *nameb);
static void push_old_value(struct config_generic * gconf);
static void ReportGUCOption(struct config_generic * record);
+static void ShowGUCConfigOption(const char *name, DestReceiver *dest);
+static void ShowAllGUCConfig(DestReceiver *dest);
static char *_ShowOption(struct config_generic * record);
static bool check_userlimit_privilege(struct config_generic *record,
GucSource source, int elevel);
@@ -3966,6 +3977,10 @@ GetConfigOption(const char *name)
ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("unrecognized configuration parameter \"%s\"", name)));
+ if ((record->flags & GUC_SUPERUSER_ONLY) && !superuser())
+ ereport(ERROR,
+ (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ errmsg("must be superuser to examine \"%s\"", name)));
switch (record->vartype)
{
@@ -4002,6 +4017,10 @@ GetConfigOptionResetString(const char *name)
ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("unrecognized configuration parameter \"%s\"", name)));
+ if ((record->flags & GUC_SUPERUSER_ONLY) && !superuser())
+ ereport(ERROR,
+ (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ errmsg("must be superuser to examine \"%s\"", name)));
switch (record->vartype)
{
@@ -4268,8 +4287,7 @@ define_custom_variable(struct config_generic * variable)
}
static void
-init_custom_variable(
- struct config_generic * gen,
+init_custom_variable(struct config_generic * gen,
const char *name,
const char *short_desc,
const char *long_desc,
@@ -4462,7 +4480,7 @@ ResetPGVariable(const char *name)
/*
* SHOW command
*/
-void
+static void
ShowGUCConfigOption(const char *name, DestReceiver *dest)
{
TupOutputState *tstate;
@@ -4490,9 +4508,10 @@ ShowGUCConfigOption(const char *name, DestReceiver *dest)
/*
* SHOW ALL command
*/
-void
+static void
ShowAllGUCConfig(DestReceiver *dest)
{
+ bool am_superuser = superuser();
int i;
TupOutputState *tstate;
TupleDesc tupdesc;
@@ -4512,7 +4531,8 @@ ShowAllGUCConfig(DestReceiver *dest)
{
struct config_generic *conf = guc_variables[i];
- if (conf->flags & GUC_NO_SHOW_ALL)
+ if ((conf->flags & GUC_NO_SHOW_ALL) ||
+ ((conf->flags & GUC_SUPERUSER_ONLY) && !am_superuser))
continue;
/* assign to the values array */
@@ -4544,6 +4564,10 @@ GetConfigOptionByName(const char *name, const char **varname)
ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("unrecognized configuration parameter \"%s\"", name)));
+ if ((record->flags & GUC_SUPERUSER_ONLY) && !superuser())
+ ereport(ERROR,
+ (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ errmsg("must be superuser to examine \"%s\"", name)));
if (varname)
*varname = record->name;
@@ -4567,7 +4591,13 @@ GetConfigOptionByNum(int varnum, const char **values, bool *noshow)
conf = guc_variables[varnum];
if (noshow)
- *noshow = (conf->flags & GUC_NO_SHOW_ALL) ? true : false;
+ {
+ if ((conf->flags & GUC_NO_SHOW_ALL) ||
+ ((conf->flags & GUC_SUPERUSER_ONLY) && !superuser()))
+ *noshow = true;
+ else
+ *noshow = false;
+ }
/* first get the generic attributes */
diff --git a/src/include/utils/guc.h b/src/include/utils/guc.h
index 38eba48aae6..0559264dd10 100644
--- a/src/include/utils/guc.h
+++ b/src/include/utils/guc.h
@@ -7,7 +7,7 @@
* Copyright (c) 2000-2004, PostgreSQL Global Development Group
* Written by Peter Eisentraut <peter_e@gmx.net>.
*
- * $PostgreSQL: pgsql/src/include/utils/guc.h,v 1.53 2004/10/09 23:13:22 tgl Exp $
+ * $PostgreSQL: pgsql/src/include/utils/guc.h,v 1.54 2004/10/22 19:48:19 tgl Exp $
*--------------------------------------------------------------------
*/
#ifndef GUC_H
@@ -194,8 +194,6 @@ extern void ParseLongOption(const char *string, char **name, char **value);
extern bool set_config_option(const char *name, const char *value,
GucContext context, GucSource source,
bool isLocal, bool changeVal);
-extern void ShowGUCConfigOption(const char *name, DestReceiver *dest);
-extern void ShowAllGUCConfig(DestReceiver *dest);
extern char *GetConfigOptionByName(const char *name, const char **varname);
extern void GetConfigOptionByNum(int varnum, const char **values, bool *noshow);
extern int GetNumConfigOptions(void);
diff --git a/src/include/utils/guc_tables.h b/src/include/utils/guc_tables.h
index 718fac30cbf..f22bb9a781d 100644
--- a/src/include/utils/guc_tables.h
+++ b/src/include/utils/guc_tables.h
@@ -7,7 +7,7 @@
*
* Portions Copyright (c) 1996-2004, PostgreSQL Global Development Group
*
- * $PostgreSQL: pgsql/src/include/utils/guc_tables.h,v 1.17 2004/10/08 01:36:36 tgl Exp $
+ * $PostgreSQL: pgsql/src/include/utils/guc_tables.h,v 1.18 2004/10/22 19:48:19 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@@ -123,8 +123,8 @@ struct config_generic
#define GUC_REPORT 0x0010 /* auto-report changes to client */
#define GUC_NOT_IN_SAMPLE 0x0020 /* not in postgresql.conf.sample */
#define GUC_DISALLOW_IN_FILE 0x0040 /* can't set in postgresql.conf */
-#define GUC_CUSTOM_PLACEHOLDER 0x0080 /* placeholder for a custom
- * variable */
+#define GUC_CUSTOM_PLACEHOLDER 0x0080 /* placeholder for custom variable */
+#define GUC_SUPERUSER_ONLY 0x0100 /* show only to superusers */
/* bit values in status field */
#define GUC_HAVE_TENTATIVE 0x0001 /* tentative value is defined */