Restrict pg_relation_size to relation owner, pg_database_size to DB owner,
and pg_tablespace_size to superusers. Perhaps we could weaken the first case to just require SELECT privilege, but that doesn't work for the other cases, so use ownership as the common concept.
This commit is contained in:
parent
741e952b54
commit
cc26599b72
@ -5,7 +5,7 @@
|
|||||||
* Copyright (c) 2002-2007, PostgreSQL Global Development Group
|
* Copyright (c) 2002-2007, PostgreSQL Global Development Group
|
||||||
*
|
*
|
||||||
* IDENTIFICATION
|
* IDENTIFICATION
|
||||||
* $PostgreSQL: pgsql/src/backend/utils/adt/dbsize.c,v 1.12 2007/03/11 05:22:00 alvherre Exp $
|
* $PostgreSQL: pgsql/src/backend/utils/adt/dbsize.c,v 1.13 2007/08/27 01:19:14 tgl Exp $
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@ -22,6 +22,7 @@
|
|||||||
#include "commands/tablespace.h"
|
#include "commands/tablespace.h"
|
||||||
#include "miscadmin.h"
|
#include "miscadmin.h"
|
||||||
#include "storage/fd.h"
|
#include "storage/fd.h"
|
||||||
|
#include "utils/acl.h"
|
||||||
#include "utils/builtins.h"
|
#include "utils/builtins.h"
|
||||||
#include "utils/syscache.h"
|
#include "utils/syscache.h"
|
||||||
#include "utils/relcache.h"
|
#include "utils/relcache.h"
|
||||||
@ -121,6 +122,10 @@ pg_database_size_oid(PG_FUNCTION_ARGS)
|
|||||||
{
|
{
|
||||||
Oid dbOid = PG_GETARG_OID(0);
|
Oid dbOid = PG_GETARG_OID(0);
|
||||||
|
|
||||||
|
if (!pg_database_ownercheck(dbOid, GetUserId()))
|
||||||
|
aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
|
||||||
|
get_database_name(dbOid));
|
||||||
|
|
||||||
PG_RETURN_INT64(calculate_database_size(dbOid));
|
PG_RETURN_INT64(calculate_database_size(dbOid));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -136,6 +141,10 @@ pg_database_size_name(PG_FUNCTION_ARGS)
|
|||||||
errmsg("database \"%s\" does not exist",
|
errmsg("database \"%s\" does not exist",
|
||||||
NameStr(*dbName))));
|
NameStr(*dbName))));
|
||||||
|
|
||||||
|
if (!pg_database_ownercheck(dbOid, GetUserId()))
|
||||||
|
aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_DATABASE,
|
||||||
|
NameStr(*dbName));
|
||||||
|
|
||||||
PG_RETURN_INT64(calculate_database_size(dbOid));
|
PG_RETURN_INT64(calculate_database_size(dbOid));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -203,6 +212,11 @@ pg_tablespace_size_oid(PG_FUNCTION_ARGS)
|
|||||||
{
|
{
|
||||||
Oid tblspcOid = PG_GETARG_OID(0);
|
Oid tblspcOid = PG_GETARG_OID(0);
|
||||||
|
|
||||||
|
if (!superuser())
|
||||||
|
ereport(ERROR,
|
||||||
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||||
|
(errmsg("must be superuser to use pg_tablespace_size"))));
|
||||||
|
|
||||||
PG_RETURN_INT64(calculate_tablespace_size(tblspcOid));
|
PG_RETURN_INT64(calculate_tablespace_size(tblspcOid));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -212,6 +226,11 @@ pg_tablespace_size_name(PG_FUNCTION_ARGS)
|
|||||||
Name tblspcName = PG_GETARG_NAME(0);
|
Name tblspcName = PG_GETARG_NAME(0);
|
||||||
Oid tblspcOid = get_tablespace_oid(NameStr(*tblspcName));
|
Oid tblspcOid = get_tablespace_oid(NameStr(*tblspcName));
|
||||||
|
|
||||||
|
if (!superuser())
|
||||||
|
ereport(ERROR,
|
||||||
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||||
|
(errmsg("must be superuser to use pg_tablespace_size"))));
|
||||||
|
|
||||||
if (!OidIsValid(tblspcOid))
|
if (!OidIsValid(tblspcOid))
|
||||||
ereport(ERROR,
|
ereport(ERROR,
|
||||||
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
||||||
@ -270,6 +289,10 @@ pg_relation_size_oid(PG_FUNCTION_ARGS)
|
|||||||
|
|
||||||
rel = relation_open(relOid, AccessShareLock);
|
rel = relation_open(relOid, AccessShareLock);
|
||||||
|
|
||||||
|
if (!pg_class_ownercheck(RelationGetRelid(rel), GetUserId()))
|
||||||
|
aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
|
||||||
|
RelationGetRelationName(rel));
|
||||||
|
|
||||||
size = calculate_relation_size(&(rel->rd_node));
|
size = calculate_relation_size(&(rel->rd_node));
|
||||||
|
|
||||||
relation_close(rel, AccessShareLock);
|
relation_close(rel, AccessShareLock);
|
||||||
@ -288,6 +311,10 @@ pg_relation_size_name(PG_FUNCTION_ARGS)
|
|||||||
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
||||||
rel = relation_openrv(relrv, AccessShareLock);
|
rel = relation_openrv(relrv, AccessShareLock);
|
||||||
|
|
||||||
|
if (!pg_class_ownercheck(RelationGetRelid(rel), GetUserId()))
|
||||||
|
aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
|
||||||
|
RelationGetRelationName(rel));
|
||||||
|
|
||||||
size = calculate_relation_size(&(rel->rd_node));
|
size = calculate_relation_size(&(rel->rd_node));
|
||||||
|
|
||||||
relation_close(rel, AccessShareLock);
|
relation_close(rel, AccessShareLock);
|
||||||
@ -309,6 +336,11 @@ calculate_total_relation_size(Oid Relid)
|
|||||||
ListCell *cell;
|
ListCell *cell;
|
||||||
|
|
||||||
heapRel = relation_open(Relid, AccessShareLock);
|
heapRel = relation_open(Relid, AccessShareLock);
|
||||||
|
|
||||||
|
if (!pg_class_ownercheck(RelationGetRelid(heapRel), GetUserId()))
|
||||||
|
aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
|
||||||
|
RelationGetRelationName(heapRel));
|
||||||
|
|
||||||
toastOid = heapRel->rd_rel->reltoastrelid;
|
toastOid = heapRel->rd_rel->reltoastrelid;
|
||||||
|
|
||||||
/* Get the heap size */
|
/* Get the heap size */
|
||||||
@ -348,6 +380,8 @@ pg_total_relation_size_oid(PG_FUNCTION_ARGS)
|
|||||||
{
|
{
|
||||||
Oid relid = PG_GETARG_OID(0);
|
Oid relid = PG_GETARG_OID(0);
|
||||||
|
|
||||||
|
/* permission check is inside calculate_total_relation_size */
|
||||||
|
|
||||||
PG_RETURN_INT64(calculate_total_relation_size(relid));
|
PG_RETURN_INT64(calculate_total_relation_size(relid));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -361,6 +395,8 @@ pg_total_relation_size_name(PG_FUNCTION_ARGS)
|
|||||||
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
||||||
relid = RangeVarGetRelid(relrv, false);
|
relid = RangeVarGetRelid(relrv, false);
|
||||||
|
|
||||||
|
/* permission check is inside calculate_total_relation_size */
|
||||||
|
|
||||||
PG_RETURN_INT64(calculate_total_relation_size(relid));
|
PG_RETURN_INT64(calculate_total_relation_size(relid));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user