Add is_superuser parameter reporting, soon to be used by psql.

ea886339 · Tom Lane · 3e0bdfad · ea886339 · ea886339 · ea886339
Commit ea886339 authored Jun 27, 2003 by Tom Lane
8 changed files
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/libpq.sgml,v 1.126 2003/06/22 00:29:29 tgl Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/libpq.sgml,v 1.127 2003/06/27 19:08:37 tgl Exp $
 -->

 <chapter id="libpq">
@@ -812,7 +812,8 @@ is not known.
 Parameters reported as of the current release include
 <literal>server_version</> (cannot change after startup);
 <literal>server_encoding</> (also not presently changeable after start);
-<literal>client_encoding</>, and
+<literal>client_encoding</>,
+<literal>is_superuser</>, and
 <literal>DateStyle</>.
 </para>


--- a/doc/src/sgml/protocol.sgml
+++ b/doc/src/sgml/protocol.sgml
-<!-- $Header: /cvsroot/pgsql/doc/src/sgml/protocol.sgml,v 1.38 2003/05/08 14:35:24 tgl Exp $ -->
+<!-- $Header: /cvsroot/pgsql/doc/src/sgml/protocol.sgml,v 1.39 2003/06/27 19:08:37 tgl Exp $ -->

 <chapter id="protocol">
 <title>Frontend/Backend Protocol</title>
@@ -998,7 +998,8 @@
    <literal>server_version</> (a pseudo-parameter that cannot change after
    startup);
    <literal>server_encoding</> (also not presently changeable after start);
-    <literal>client_encoding</>, and
+    <literal>client_encoding</>,
+    <literal>is_superuser</>, and
    <literal>DateStyle</>.
    This set might change in the future, or even become configurable.
    Accordingly, a frontend should simply ignore ParameterStatus for

--- a/doc/src/sgml/ref/show.sgml
+++ b/doc/src/sgml/ref/show.sgml
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/show.sgml,v 1.27 2003/05/14 03:26:00 tgl Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/show.sgml,v 1.28 2003/06/27 19:08:37 tgl Exp $
 PostgreSQL documentation
 -->

@@ -97,6 +97,16 @@ SHOW ALL
         </para>
        </listitem>
       </varlistentry>
+
+       <varlistentry>
+        <term><literal>IS_SUPERUSER</literal></term>
+        <listitem>
+         <para>
+          True if the current session authorization identifier has
+	  superuser privileges.
+         </para>
+        </listitem>
+       </varlistentry>
      </variablelist>
     </para>
    </listitem>

--- a/src/backend/commands/variable.c
+++ b/src/backend/commands/variable.c
@@ -9,7 +9,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.78 2003/06/06 16:25:35 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.79 2003/06/27 19:08:37 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -721,25 +721,29 @@ assign_client_encoding(const char *value, bool doit, bool interactive)
 * When resetting session auth after an error, we can't expect to do catalog
 * lookups.  Hence, the stored form of the value must provide a numeric userid
 * that can be re-used directly.  We store the string in the form of
- * NAMEDATALEN 'x's followed by the numeric userid --- this cannot conflict
- * with any valid user name, because of the NAMEDATALEN limit on names.
+ * NAMEDATALEN 'x's, followed by T or F to indicate superuserness, followed
+ * by the numeric userid --- this cannot conflict with any valid user name,
+ * because of the NAMEDATALEN limit on names.
 */
 const char *
 assign_session_authorization(const char *value, bool doit, bool interactive)
 {
 	AclId		usesysid = 0;
+	bool		is_superuser = false;
 	char	   *result;

-	if (strspn(value, "x") == NAMEDATALEN)
+	if (strspn(value, "x") == NAMEDATALEN &&
+		(value[NAMEDATALEN] == 'T' || value[NAMEDATALEN] == 'F'))
 	{
 		/* might be a saved numeric userid */
 		char	   *endptr;

-		usesysid = (AclId) strtoul(value + NAMEDATALEN, &endptr, 10);
+		usesysid = (AclId) strtoul(value + NAMEDATALEN + 1, &endptr, 10);

-		if (endptr != value + NAMEDATALEN && *endptr == '\0')
+		if (endptr != value + NAMEDATALEN + 1 && *endptr == '\0')
 		{
-			/* syntactically valid, so use the numeric user ID */
+			/* syntactically valid, so use the numeric user ID and flag */
+			is_superuser = (value[NAMEDATALEN] == 'T');
 		}
 		else
 			usesysid = 0;
@@ -771,12 +775,13 @@ assign_session_authorization(const char *value, bool doit, bool interactive)
 		}

 		usesysid = ((Form_pg_shadow) GETSTRUCT(userTup))->usesysid;
-
+		is_superuser = ((Form_pg_shadow) GETSTRUCT(userTup))->usesuper;
+		
 		ReleaseSysCache(userTup);
 	}

 	if (doit)
-		SetSessionAuthorization(usesysid);
+		SetSessionAuthorization(usesysid, is_superuser);

 	result = (char *) malloc(NAMEDATALEN + 32);
 	if (!result)
@@ -784,7 +789,9 @@ assign_session_authorization(const char *value, bool doit, bool interactive)

 	memset(result, 'x', NAMEDATALEN);

-	snprintf(result + NAMEDATALEN, 32, "%lu", (unsigned long) usesysid);
+	snprintf(result + NAMEDATALEN, 32, "%c%lu",
+			 is_superuser ? 'T' : 'F',
+			 (unsigned long) usesysid);

 	return result;
 }

--- a/src/backend/utils/init/miscinit.c
+++ b/src/backend/utils/init/miscinit.c
@@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.103 2003/06/27 14:45:30 petere Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.104 2003/06/27 19:08:37 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -553,9 +553,12 @@ InitializeSessionUserId(const char *username)

 	SetSessionUserId(usesysid); /* sets CurrentUserId too */

-	/* Record username as a config option too */
+	/* Record username and superuser status as GUC settings too */
 	SetConfigOption("session_authorization", username,
 					PGC_BACKEND, PGC_S_OVERRIDE);
+	SetConfigOption("is_superuser",
+					AuthenticatedUserIsSuperuser ? "on" : "off",
+					PGC_INTERNAL, PGC_S_OVERRIDE);

 	/*
 	 * Set up user-specific configuration variables.  This is a good place
@@ -594,10 +597,13 @@ InitializeSessionUserIdStandalone(void)
 /*
 * Change session auth ID while running
 *
- * Only a superuser may set auth ID to something other than himself.
+ * Only a superuser may set auth ID to something other than himself.  Note
+ * that in case of multiple SETs in a single session, the original userid's
+ * superuserness is what matters.  But we set the GUC variable is_superuser
+ * to indicate whether the *current* session userid is a superuser.
 */
 void
-SetSessionAuthorization(AclId userid)
+SetSessionAuthorization(AclId userid, bool is_superuser)
 {
 	/* Must have authenticated already, else can't make permission check */
 	AssertState(AclIdIsValid(AuthenticatedUserId));
@@ -608,6 +614,10 @@ SetSessionAuthorization(AclId userid)

 	SetSessionUserId(userid);
 	SetUserId(userid);
+
+	SetConfigOption("is_superuser",
+					is_superuser ? "on" : "off",
+					PGC_INTERNAL, PGC_S_OVERRIDE);
 }



--- a/src/backend/utils/misc/check_guc
+++ b/src/backend/utils/misc/check_guc
@@ -16,9 +16,12 @@
 ## if an option is valid but shows up in only one file (guc.c but not
 ## postgresql.conf.sample), it should be listed here so that it 
 ## can be ignored
-INTENTIONALLY_NOT_INCLUDED="pre_auth_delay lc_messages lc_monetary \
-lc_numeric lc_time seed server_encoding session_authorization \
-transaction_isolation transaction_read_only zero_damaged_pages"
+INTENTIONALLY_NOT_INCLUDED="autocommit debug_deadlocks exit_on_error \
+is_superuser lc_collate lc_ctype lc_messages lc_monetary lc_numeric lc_time \
+pre_auth_delay seed server_encoding server_version session_authorization \
+trace_lock_oidmin trace_lock_table trace_locks trace_lwlocks trace_notify \
+trace_userlocks transaction_isolation transaction_read_only \
+zero_damaged_pages"

 ### What options are listed in postgresql.conf.sample, but don't appear 
 ### in guc.c?

--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -10,7 +10,7 @@
 * Written by Peter Eisentraut <peter_e@gmx.net>.
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.131 2003/06/11 22:13:22 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.132 2003/06/27 19:08:38 tgl Exp $
 *
 *--------------------------------------------------------------------
 */
@@ -138,6 +138,7 @@ static char *log_min_error_statement_str;
 static char *log_min_messages_str;
 static char *client_min_messages_str;
 static bool phony_autocommit;
+static bool session_auth_is_superuser;
 static double phony_random_seed;
 static char *client_encoding_string;
 static char *datestyle_string;
@@ -361,6 +362,13 @@ static struct config_bool
 		true, NULL, NULL
 	},

+	/* Not for general use --- used by SET SESSION AUTHORIZATION */
+	{
+		{"is_superuser", PGC_INTERNAL, GUC_REPORT | GUC_NO_SHOW_ALL | GUC_NO_RESET_ALL},
+		&session_auth_is_superuser,
+		false, NULL, NULL
+	},
+
 	{
 		{"tcpip_socket", PGC_POSTMASTER}, &NetServer,
 		false, NULL, NULL
@@ -894,6 +902,7 @@ static struct config_string
 		"SQL_ASCII", NULL, NULL
 	},

+	/* Can't be set in postgresql.conf */
 	{
 		{"server_version", PGC_INTERNAL, GUC_REPORT},
 		&server_version_string,

--- a/src/include/miscadmin.h
+++ b/src/include/miscadmin.h
@@ -12,7 +12,7 @@
 * Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $Id: miscadmin.h,v 1.124 2003/06/27 14:45:31 petere Exp $
+ * $Id: miscadmin.h,v 1.125 2003/06/27 19:08:38 tgl Exp $
 *
 * NOTES
 *	  some of the information in this file should be moved to
@@ -208,7 +208,7 @@ extern AclId GetSessionUserId(void);
 extern void SetSessionUserId(AclId userid);
 extern void InitializeSessionUserId(const char *username);
 extern void InitializeSessionUserIdStandalone(void);
-extern void SetSessionAuthorization(AclId userid);
+extern void SetSessionAuthorization(AclId userid, bool is_superuser);

 extern void SetDataDir(const char *dir);