From afdb3269a8257ed9bc7809f8d2c0c22603e81bc1 Mon Sep 17 00:00:00 2001 From: Matvey Arye Date: Wed, 19 Jun 2019 15:22:53 -0400 Subject: [PATCH] Require superuser for BGW start/stop/restart Start requiring superuser privileges to start/stop/restart background workers. --- src/loader/bgw_interface.c | 15 +++++++++++++++ test/expected/bgw_db_scheduler.out | 10 +++++++++- test/sql/bgw_db_scheduler.sql | 7 +++++++ 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/src/loader/bgw_interface.c b/src/loader/bgw_interface.c index 1c5a9d903..0aaa4c52a 100644 --- a/src/loader/bgw_interface.c +++ b/src/loader/bgw_interface.c @@ -61,17 +61,32 @@ ts_bgw_num_unreserved(PG_FUNCTION_ARGS) Datum ts_bgw_db_workers_start(PG_FUNCTION_ARGS) { + if (!superuser()) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + (errmsg("must be superuser to start background workers")))); + PG_RETURN_BOOL(ts_bgw_message_send_and_wait(START, MyDatabaseId)); } Datum ts_bgw_db_workers_stop(PG_FUNCTION_ARGS) { + if (!superuser()) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + (errmsg("must be superuser to stop background workers")))); + PG_RETURN_BOOL(ts_bgw_message_send_and_wait(STOP, MyDatabaseId)); } Datum ts_bgw_db_workers_restart(PG_FUNCTION_ARGS) { + if (!superuser()) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + (errmsg("must be superuser to restart background workers")))); + PG_RETURN_BOOL(ts_bgw_message_send_and_wait(RESTART, MyDatabaseId)); } diff --git a/test/expected/bgw_db_scheduler.out b/test/expected/bgw_db_scheduler.out index c1ca139d6..64178b38f 100644 --- a/test/expected/bgw_db_scheduler.out +++ b/test/expected/bgw_db_scheduler.out @@ -901,13 +901,21 @@ SELECT * FROM sorted_bgw_log; -- Test updating jobs list TRUNCATE bgw_log; +\set ON_ERROR_STOP 0 +SELECT _timescaledb_internal.stop_background_workers(); +ERROR: must be superuser to stop background workers +SELECT _timescaledb_internal.restart_background_workers(); +ERROR: must be superuser to restart background workers +SELECT _timescaledb_internal.start_background_workers(); +ERROR: must be superuser to start background workers +\set ON_ERROR_STOP 1 +\c :TEST_DBNAME :ROLE_SUPERUSER SELECT _timescaledb_internal.stop_background_workers(); stop_background_workers ------------------------- t (1 row) -\c :TEST_DBNAME :ROLE_SUPERUSER CREATE OR REPLACE FUNCTION ts_test_job_refresh() RETURNS TABLE( id INTEGER, application_name NAME, diff --git a/test/sql/bgw_db_scheduler.sql b/test/sql/bgw_db_scheduler.sql index 9f0053778..504d2ba48 100644 --- a/test/sql/bgw_db_scheduler.sql +++ b/test/sql/bgw_db_scheduler.sql @@ -381,9 +381,16 @@ SELECT * FROM sorted_bgw_log; -- Test updating jobs list TRUNCATE bgw_log; + +\set ON_ERROR_STOP 0 SELECT _timescaledb_internal.stop_background_workers(); +SELECT _timescaledb_internal.restart_background_workers(); +SELECT _timescaledb_internal.start_background_workers(); +\set ON_ERROR_STOP 1 \c :TEST_DBNAME :ROLE_SUPERUSER +SELECT _timescaledb_internal.stop_background_workers(); + CREATE OR REPLACE FUNCTION ts_test_job_refresh() RETURNS TABLE( id INTEGER, application_name NAME,