From e4e89eb5bbfdae30349b38344e9c604411174f6b Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Fri, 27 Jan 2023 12:13:41 -0500 Subject: Minor GUC code refactoring. Split out "ConfigOptionIsVisible" to perform the privilege check for GUC_SUPERUSER_ONLY GUCs (which these days can also be read by pg_read_all_settings role members), and move the should-we-show-it checks from GetConfigOptionValues to its sole caller. This commit also removes get_explain_guc_options's check of GUC_NO_SHOW_ALL, which seems to have got cargo-culted in there. While there's no obvious use-case for marking a GUC both GUC_EXPLAIN and GUC_NO_SHOW_ALL, if it were set up that way one would expect EXPLAIN to show it --- if that's not what you want, then don't set GUC_EXPLAIN. In passing, simplify the loop logic in show_all_settings. Nitin Jadhav, Bharath Rupireddy, Tom Lane Discussion: https://postgr.es/m/CAMm1aWYgfekpRK-Jz5=pM_bV+Om=ktGq1vxTZ_dr1Z6MV-qokA@mail.gmail.com --- src/backend/utils/misc/guc.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) (limited to 'src/backend/utils/misc/guc.c') diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index d52069f446a..978b3855682 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -4187,8 +4187,7 @@ GetConfigOption(const char *name, bool missing_ok, bool restrict_privileged) if (record == NULL) return NULL; if (restrict_privileged && - (record->flags & GUC_SUPERUSER_ONLY) && - !has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)) + !ConfigOptionIsVisible(record)) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("must be superuser or have privileges of pg_read_all_settings to examine \"%s\"", @@ -4234,8 +4233,7 @@ GetConfigOptionResetString(const char *name) record = find_option(name, false, false, ERROR); Assert(record != NULL); - if ((record->flags & GUC_SUPERUSER_ONLY) && - !has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)) + if (!ConfigOptionIsVisible(record)) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("must be superuser or have privileges of pg_read_all_settings to examine \"%s\"", @@ -5160,9 +5158,7 @@ get_explain_guc_options(int *num) continue; /* return only options visible to the current user */ - if ((conf->flags & GUC_NO_SHOW_ALL) || - ((conf->flags & GUC_SUPERUSER_ONLY) && - !has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS))) + if (!ConfigOptionIsVisible(conf)) continue; /* return only options that are different from their boot values */ @@ -5243,8 +5239,7 @@ GetConfigOptionByName(const char *name, const char **varname, bool missing_ok) return NULL; } - if ((record->flags & GUC_SUPERUSER_ONLY) && - !has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)) + if (!ConfigOptionIsVisible(record)) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("must be superuser or have privileges of pg_read_all_settings to examine \"%s\"", -- cgit v1.2.3