Skip to content

Commit 6b029f7

Browse files
author
jcoleman
committed
Fix broken insufficient privileges detection
This hasn't worked for quite some time because `pg_stat_activity` columns `state_change` and `backend_type` are `null` when the user isn't a superuser.
1 parent 5883be3 commit 6b029f7

File tree

2 files changed

+30
-3
lines changed

2 files changed

+30
-3
lines changed

check_postgres.pl

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6931,7 +6931,7 @@ sub check_query_time {
69316931
msg('queries'),
69326932
msg('query-time'),
69336933
'query_start',
6934-
q{query_start IS NOT NULL AND current_query NOT LIKE '<IDLE>%'});
6934+
q{current_query NOT LIKE '<IDLE>%'});
69356935

69366936
return;
69376937

@@ -8703,7 +8703,7 @@ sub check_txn_idle {
87038703
$SQL3 =~ s/query_start/state_change/g;
87048704

87058705
## For Pg 10 and above, consider only client backends
8706-
($SQL4 = $SQL3) =~ s/ WHERE / WHERE backend_type = 'client backend' AND /;
8706+
($SQL4 = $SQL3) =~ s/ WHERE / WHERE (backend_type = 'client backend' OR backend_type IS NULL) AND /;
87078707

87088708
my $info = run_command($SQL, { emptyok => 1 , version => [ "<8.3 $SQL2", ">9.6 $SQL4", ">9.1 $SQL3" ] } );
87098709

t/02_query_time.t

Lines changed: 28 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ use 5.008;
66
use strict;
77
use warnings;
88
use Data::Dumper;
9-
use Test::More tests => 13;
9+
use Test::More tests => 14;
1010
use lib 't','.';
1111
use CP_Testing;
1212

@@ -75,4 +75,31 @@ like ($cp->run(q{-w 1 -vv}), qr{$label WARNING:}, $t);
7575
$dbh->rollback();
7676
$dbh->disconnect();
7777

78+
waitpid $child, 0;
79+
80+
## Tests for non-superuser
81+
82+
my $cp_nosuper = CP_Testing->new( {default_action => 'query_time', testuser => 'non_superuser', testuser_is_nosuper => 1 } );
83+
84+
# Test that a non-superuser shows the unknown data alert.
85+
$child = fork();
86+
if (0 == $child) {
87+
my $kiddbh = $cp->test_database_handle();
88+
$cp->database_sleep($kiddbh, 3);
89+
$kiddbh->rollback();
90+
$kiddbh->disconnect();
91+
exit;
92+
}
93+
94+
my $dbh_nosuper = $cp_nosuper->test_database_handle();
95+
sleep 1;
96+
$t = qq{$S detects non-superuser access};
97+
like ($cp_nosuper->run(q{-w 1 -vv}), qr{$label UNKNOWN.+superuser}, $t);
98+
$dbh_nosuper->rollback();
99+
$dbh_nosuper->disconnect();
100+
101+
$dbh->disconnect();
102+
103+
waitpid $child, 0;
104+
78105
exit;

0 commit comments

Comments
 (0)