* this cannot be distinguished from a string variable with a NULL value!),
* otherwise throw an ereport and don't return.
*
- * If restrict_superuser is true, we also enforce that only superusers can
- * see GUC_SUPERUSER_ONLY variables. This should only be passed as true
- * in user-driven calls.
+ * If restrict_privileged is true, we also enforce that only superusers and
+ * members of the pg_read_all_settings role can see GUC_SUPERUSER_ONLY
+ * variables. This should only be passed as true in user-driven calls.
*
* The string is *not* allocated for modification and is really only
* valid until the next call to configuration related functions.
*/
const char *
-GetConfigOption(const char *name, bool missing_ok, bool restrict_superuser)
+GetConfigOption(const char *name, bool missing_ok, bool restrict_privileged)
{
struct config_generic *record;
static char buffer[256];
errmsg("unrecognized configuration parameter \"%s\"",
name)));
}
- if (restrict_superuser &&
+ if (restrict_privileged &&
(record->flags & GUC_SUPERUSER_ONLY) &&
!is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_SETTINGS))
ereport(ERROR,
static void
ShowAllGUCConfig(DestReceiver *dest)
{
- bool am_superuser = superuser();
int i;
TupOutputState *tstate;
TupleDesc tupdesc;
char *setting;
if ((conf->flags & GUC_NO_SHOW_ALL) ||
- ((conf->flags & GUC_SUPERUSER_ONLY) && !am_superuser))
+ ((conf->flags & GUC_SUPERUSER_ONLY) &&
+ !is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_SETTINGS)))
continue;
/* assign to the values array */
/*
* If the setting came from a config file, set the source location. For
* security reasons, we don't show source file/line number for
- * non-superusers.
+ * insufficiently-privileged users.
*/
- if (conf->source == PGC_S_FILE && superuser())
+ if (conf->source == PGC_S_FILE &&
+ is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_SETTINGS))
{
values[14] = conf->sourcefile;
snprintf(buffer, sizeof(buffer), "%d", conf->sourceline);
extern void EmitWarningsOnPlaceholders(const char *className);
extern const char *GetConfigOption(const char *name, bool missing_ok,
- bool restrict_superuser);
+ bool restrict_privileged);
extern const char *GetConfigOptionResetString(const char *name);
extern int GetConfigOptionFlags(const char *name, bool missing_ok);
extern void ProcessConfigFile(GucContext context);