程序博客网 > 开源股票软件 python

Postgresql小特性:为nosuper用户预留连接数

来源:互联网 发布:开源股票软件 python 编辑:程序博客网 时间:2024/05/18 08:56

需求描述

场景

在某些场景下,希望保证某个nosuper用户必须能连上数据库。(superuser权限过大)

postgresql原生只可以给超级用户预留连接数,该特性可以使指定的某个用户(reserved_user_name)使用给超级用户预留的连接数。

功能说明

1、增加参数

reserved_user_name = ”

2、参数说明

指定的用户名与superuser共享superuser_reserved_connections预留的连接数。

测试结果

当前数据库服务器参数

max_connections = 5             superuser_reserved_connections = 3    reserved_user_name = 'tu1'

当前用户情况

postgres=# select rolname,rolsuper from pg_authid;      rolname      | rolsuper-------------------+---------- jackgo            | t pg_signal_backend | f tu1               | f tu2               | f

当前连接情况

postgres=# select datname, usename from pg_stat_activity; datname  | usename----------+--------- postgres | jackgo postgres | jackgo postgres | jackgo(3 rows)

使用超级用户连接结果

[jackgo@MiWiFi-R1CM-srv:~]<PG96-60>$psqlpsql (9.6.2)Type "help" for help.postgres=#

使用指定用户tu1连接结果

[jackgo@MiWiFi-R1CM-srv:~]<PG96-60>$psql -U tu1psql (9.6.2)Type "help" for help.postgres=>

使用其他用户连接结果

[jackgo@MiWiFi-R1CM-srv:~]<PG96-60>$psql -U tu2psql: FATAL:  remaining connection slots are reserved for non-replication superuser connections

源码

diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.cold mode 100644new mode 100755index 533252a..2cf0037--- a/src/backend/postmaster/postmaster.c+++ b/src/backend/postmaster/postmaster.c@@ -207,6 +207,7 @@ char       *ListenAddresses;  * count against the limit.  */ int            ReservedBackends;+char        *ReservedUserName = NULL; /* The socket(s) we're listening to. */ #define MAXLISTEN  64diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.cold mode 100644new mode 100755index 0a4295b..fb72bee--- a/src/backend/utils/init/postinit.c+++ b/src/backend/utils/init/postinit.c@@ -560,6 +560,7 @@ InitPostgres(const char *in_dbname, Oid dboid, const char *username, {    bool        bootstrap = IsBootstrapProcessingMode();    bool        am_superuser;+    bool        am_reserveduser = false;    char       *fullpath;    char        dbname[NAMEDATALEN];@@ -735,6 +736,7 @@ InitPostgres(const char *in_dbname, Oid dboid, const char *username,        PerformAuthentication(MyProcPort);        InitializeSessionUserId(username, useroid);        am_superuser = superuser();+        am_reserveduser = reserveduser();    }    /*@@ -770,8 +772,12 @@ InitPostgres(const char *in_dbname, Oid dboid, const char *username,     * replication connections currently require superuser privileges, we     * don't allow them to consume the reserved slots, which are intended for     * interactive use.+     *+    * Put am_reserveduser in the AND logic.So am_reserveduser doesn't have to +    * consider whether it's a super user.     */    if ((!am_superuser || am_walsender) &&+        !am_reserveduser &&        ReservedBackends > 0 &&        !HaveNFreeProcs(ReservedBackends))        ereport(FATAL,diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.cold mode 100644new mode 100755index 4f1891f..250d18c--- a/src/backend/utils/misc/guc.c+++ b/src/backend/utils/misc/guc.c@@ -3552,6 +3552,18 @@ static struct config_string ConfigureNamesString[] =        check_cluster_name, NULL, NULL    },+    {+        {"reserved_user_name", PGC_SIGHUP, CONN_AUTH_SETTINGS,+            gettext_noop("Sets the reserved user name."),+            NULL,+            GUC_SUPERUSER_ONLY+        },+        &ReservedUserName,+        "",+        NULL, NULL, NULL+    },++    /* End-of-list marker */    {        {NULL, 0, 0, NULL, NULL}, NULL, NULL, NULL, NULL, NULLdiff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sampleold mode 100644new mode 100755index fa6c0ea..8676106--- a/src/backend/utils/misc/postgresql.conf.sample+++ b/src/backend/utils/misc/postgresql.conf.sample@@ -63,6 +63,7 @@ #port = 5432               # (change requires restart) #max_connections = 100         # (change requires restart) #superuser_reserved_connections = 3    # (change requires restart)+#reserved_user_name = ''       # (change requires restart) #unix_socket_directories = '/tmp'  # comma-separated list of directories                    # (change requires restart) #unix_socket_group = ''            # (change requires restart)diff --git a/src/backend/utils/misc/superuser.c b/src/backend/utils/misc/superuser.cold mode 100644new mode 100755index dd70e02..0c3a252--- a/src/backend/utils/misc/superuser.c+++ b/src/backend/utils/misc/superuser.c@@ -24,7 +24,9 @@ #include "catalog/pg_authid.h" #include "utils/inval.h" #include "utils/syscache.h"+#include "utils/acl.h" #include "miscadmin.h"+#include "postmaster/postmaster.h" /*@@ -96,6 +98,40 @@ superuser_arg(Oid roleid)    return result; }++bool+reserveduser(void)+{+   return reserveduser_arg(GetUserId());+}++bool+reserveduser_arg(Oid roleid)+{+    bool       result;+    Oid         reservedoid;++    if (ReservedUserName && !(*ReservedUserName))+    {+        result = false;+    }++    reservedoid = get_role_oid(ReservedUserName, true);++    if (!OidIsValid(reservedoid))+    {+        result = false;+    }++    if (roleid == reservedoid)+    {+        result = true;+    }+    +    return result;+}++ /*  * RoleidCallback  *     Syscache inval callback functiondiff --git a/src/include/miscadmin.h b/src/include/miscadmin.hold mode 100644new mode 100755index 78545da..6399632--- a/src/include/miscadmin.h+++ b/src/include/miscadmin.h@@ -326,6 +326,8 @@ extern void SwitchBackToLocalLatch(void); /* in utils/misc/superuser.c */ extern bool superuser(void);   /* current user is superuser */ extern bool superuser_arg(Oid roleid); /* given user is superuser */+extern bool reserveduser(void);    /* current user is reserveduser */+extern bool reserveduser_arg(Oid roleid);  /* given user is reserveduser */ /*****************************************************************************diff --git a/src/include/postmaster/postmaster.h b/src/include/postmaster/postmaster.hold mode 100644new mode 100755index b2d7776..99edac8--- a/src/include/postmaster/postmaster.h+++ b/src/include/postmaster/postmaster.h@@ -16,6 +16,8 @@ /* GUC options */ extern bool EnableSSL; extern int ReservedBackends;+extern char *ReservedUserName;+ extern int PostPortNumber; extern int Unix_socket_permissions; extern char *Unix_socket_group;
阅读全文
0 0
开源股票软件 python 开源股票软件 python
原创粉丝点击
热门IT博客
c语言韩信点兵算法c语言韩信点兵算法
怎么查网络延迟怎么查网络延迟
java sessionscoped
李约瑟问题知乎
淘宝网妹儿粑粑饵料
期刊投稿系统源码
discuz阿里云cdn设置
淘宝中国软件有限公司
剑网三光头捏脸数据
c51单片机引脚图
淘宝会员号
淘宝儿童演出服
苹果电脑拼图软件
oceanbase数据库文档
java支付平台开发demo
淘宝01店手机网可靠吗
感染少女数据
js 数组 slice
红包透视软件
c语言经典面试题
热门问题 老师的惩罚 人脸识别 我在镇武司摸鱼那些年 重生之率土为王 我在大康的咸鱼生活 盘龙之生命进化 天生仙种 凡人之先天五行 春回大明朝 姑娘不必设防,我是瞎子 乳腺癌两阳一阴怎么办 孕妇查出甲亢怎么办 甲亢吃赛治过敏怎么办 甲亢过敏怎么办 肛瘘术后复发怎么办 顺产后长头肛疼怎么办 痔疮难受便秘怎么办 怀孕前就有痔疮怎么办 疥疮复发怎么办 痔疮严重怎么办 痔疮手术便秘怎么办 痔疮一期怎么办 内疮肿了怎么办 痔疮肿疼怎么办 孕妇痔疮肿胀怎么办 外痔肿疼怎么办 痔疮肿痛怎么办 痔疮疼出血怎么办 内痔出血疼怎么办 肺部刺伤怎么办 腋臭术后发炎怎么办 术后抽烟了怎么办 内痔斑痕怎么办了 内痔出血严重怎么办 得盆腔炎后遗症怎么办? 急性盆腔炎发烧怎么办 盆腔炎急性发作怎么办 支原体感染尿频怎么办 肛裂不愈合怎么办 肛瘘反复发作怎么办 肛裂长肉芽怎么办 肛瘘术后水肿怎么办 陈旧性肛裂怎么办 屎是黑的怎么办 小儿大便粗怎么办 大便绿黑色怎么办 婴儿大便干带血怎么办 感染hiv怎么办 肛门刺痛怎么办 小孩子便血怎么办 儿童便血怎么办

程序博客网,程序员的互联网技术博客家园。csdn论坛精品 msdn技术资料都在这里