Postgresql小特性:为nosuper用户预留连接数
2017-09-12 15:33
1056 查看
需求描述
场景
在某些场景下,希望保证某个nosuper用户必须能连上数据库。(superuser权限过大)postgresql原生只可以给超级用户预留连接数,该特性可以使指定的某个用户(reserved_user_name)使用给超级用户预留的连接数。
功能说明
1、增加参数reserved_user_name = ”
2、参数说明
指定的用户名与superuser共享superuser_reserved_connections预留的连接数。
测试结果
当前数据库服务器参数max_connections = 5 superuser_reserved_connections = 3 reserved_user_name = 'tu1'
当前用户情况
postgres=# select rolname,rolsuper from pg_authid; rolname | rolsuper -------------------+---------- jackgo | t pg_signal_backend | f tu1 | f tu2 | f
当前连接情况
postgres=# select datname, usename from pg_stat_activity; datname | usename ----------+--------- postgres | jackgo postgres | jackgo postgres | jackgo (3 rows)
使用超级用户连接结果
[jackgo@MiWiFi-R1CM-srv:~]<PG96-60>$psql psql (9.6.2) Type "help" for help. postgres=#
使用指定用户tu1连接结果
[jackgo@MiWiFi-R1CM-srv:~]<PG96-60>$psql -U tu1 psql (9.6.2) Type "help" for help. postgres=>
使用其他用户连接结果
[jackgo@MiWiFi-R1CM-srv:~]<PG96-60>$psql -U tu2 psql: FATAL: remaining connection slots are reserved for non-replication superuser connections
源码
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c old mode 100644 new mode 100755 index 533252a..2cf0037 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -207,6 +207,7 @@ char *ListenAddresses; * count against the limit. */ int ReservedBackends; +char *ReservedUserName = NULL; /* The socket(s) we're listening to. */ #define MAXLISTEN 64 diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c old mode 100644 new mode 100755 index 0a4295b..fb72bee --- a/src/backend/utils/init/postinit.c +++ b/src/backend/utils/init/postinit.c @@ -560,6 +560,7 @@ InitPostgres(const char *in_dbname, Oid dboid, const char *username, { bool bootstrap = IsBootstrapProcessingMode(); bool am_superuser; + bool am_reserveduser = false; char *fullpath; char dbname[NAMEDATALEN]; @@ -735,6 +736,7 @@ InitPostgres(const char *in_dbname, Oid dboid, const char *username, PerformAuthentication(MyProcPort); InitializeSessionUserId(username, useroid); am_superuser = superuser(); + am_reserveduser = reserveduser(); } /* @@ -770,8 +772,12 @@ InitPostgres(const char *in_dbname, Oid dboid, const char *username, * replication connections currently require superuser privileges, we * don't allow them to consume the reserved slots, which are intended for * interactive use. + * + * Put am_reserveduser in the AND logic.So am_reserveduser doesn't have to + * consider whether it's a super user. */ if ((!am_superuser || am_walsender) && + !am_reserveduser && ReservedBackends > 0 && !HaveNFreeProcs(ReservedBackends)) ereport(FATAL, diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c old mode 100644 new mode 100755 index 4f1891f..250d18c --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -3552,6 +3552,18 @@ static struct config_string ConfigureNamesString[] = check_cluster_name, NULL, NULL }, + { + {"reserved_user_name", PGC_SIGHUP, CONN_AUTH_SETTINGS, + gettext_noop("Sets the reserved user name."), + NULL, + GUC_SUPERUSER_ONLY + }, + &ReservedUserName, + "", + NULL, NULL, NULL + }, + + /* End-of-list marker */ { {NULL, 0, 0, NULL, NULL}, NULL, NULL, NULL, NULL, NULL diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample old mode 100644 new mode 100755 index fa6c0ea..8676106 --- a/src/backend/utils/misc/postgresql.conf.sample +++ b/src/backend/utils/misc/postgresql.conf.sample @@ -63,6 +63,7 @@ #port = 5432 # (change requires restart) #max_connections = 100 # (change requires restart) #superuser_reserved_connections = 3 # (change requires restart) +#reserved_user_name = '' # (change requires restart) #unix_socket_directories = '/tmp' # comma-separated list of directories # (change requires restart) #unix_socket_group = '' # (change requires restart) diff --git a/src/backend/utils/misc/superuser.c b/src/backend/utils/misc/superuser.c old mode 100644 new mode 100755 index dd70e02..0c3a252 --- a/src/backend/utils/misc/superuser.c +++ b/src/backend/utils/misc/superuser.c @@ -24,7 +24,9 @@ #include "catalog/pg_authid.h" #include "utils/inval.h" #include "utils/syscache.h" +#include "utils/acl.h" #include "miscadmin.h" +#include "postmaster/postmaster.h" /* @@ -96,6 +98,40 @@ superuser_arg(Oid roleid) return result; } + +bool +reserveduser(void) +{ + return reserveduser_arg(GetUserId()); +} + +bool +reserveduser_arg(Oid roleid) +{ + bool result; + Oid reservedoid; + + if (ReservedUserName && !(*ReservedUserName)) + { + result = false; + } + + reservedoid = get_role_oid(ReservedUserName, true); + + if (!OidIsValid(reservedoid)) + { + result = false; + } + + if (roleid == reservedoid) + { + result = true; + } + + return result; +} + + /* * RoleidCallback * Syscache inval callback function diff --git a/src/include/miscadmin.h b/src/include/miscadmin.h old mode 100644 new mode 100755 index 78545da..6399632 --- a/src/include/miscadmin.h +++ b/src/include/miscadmin.h @@ -326,6 +326,8 @@ extern void SwitchBackToLocalLatch(void); /* in utils/misc/superuser.c */ extern bool superuser(void); /* current user is superuser */ extern bool superuser_arg(Oid roleid); /* given user is superuser */ +extern bool reserveduser(void); /* current user is reserveduser */ +extern bool reserveduser_arg(Oid roleid); /* given user is reserveduser */ /***************************************************************************** diff --git a/src/include/postmaster/postmaster.h b/src/include/postmaster/postmaster.h old mode 100644 new mode 100755 index b2d7776..99edac8 --- a/src/include/postmaster/postmaster.h +++ b/src/include/postmaster/postmaster.h @@ -16,6 +16,8 @@ /* GUC options */ extern bool EnableSSL; extern int ReservedBackends; +extern char *ReservedUserName; + extern int PostPortNumber; extern int Unix_socket_permissions; extern char *Unix_socket_group;
相关文章推荐
- PostgreSQL用户应掌握的高级SQL特性 - PGSQL
- PostgreSQL9.0新特性介绍: alter default privileges,解决只读用户的问题
- PostgreSQL9.0新特性介绍: alter default privileges,解决只读用户的问题
- PostgreSQL9.0新特性介绍: alter default privileges,解决只读用户的问题
- PostgreSQL9.0新特性介绍: alter default privileges,解决只读用户的问题
- postgresql 致命错误: 已保留的连接位置为执行非复制请求的超级用户预留
- 使用EventBus,debug不报错,release版本报错:its super classes have no public methods with the @Subscribe annotat
- CX51 用户手册----NOINTPROMOTE 伪指令
- postgresql 实现用户自定义方法生成脚本的备份及恢复
- 给postgresql的登陆用户设置只读模式
- cvsNT 2.5.03.2382添加用户后出现"no such user"错误的解决方法
- PostgreSQL用户创建删除及error while loading shared lib...
- HTTP 错误 403.9 - 禁止访问:连接的用户过多 XP IIS服务器连接数的修改
- PostgreSQL 9.5新特性
- Linux root 用户下 selenium 运行chrome --no-sandbox的问题的解决
- PostgreSQL教程(三):高级特性
- 北京2011-11-05 PostgreSQL用户交流会
- PostgreSQL中国用户会DBA2000培训计划北京第二课笔记
- PostgreSQL中的数据库实例、模式、用户(角色)、表空间
- postgresql查询所有系统表,当前用户,当前时间戳