From ce9d503cdbc2e227f4776ef0562f633c67b30f13 Mon Sep 17 00:00:00 2001
From: Ibrar Ahmed <ibrar.ahmad@gmail.com>
Date: Thu, 11 Feb 2021 12:41:21 +0000
Subject: [PATCH] PG-175: Only Superuser / Privileged user can view IP address.

---
 pg_stat_monitor--1.0.sql |  3 ++-
 pg_stat_monitor.c        | 10 ++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/pg_stat_monitor--1.0.sql b/pg_stat_monitor--1.0.sql
index 6486360..4f0ff39 100644
--- a/pg_stat_monitor--1.0.sql
+++ b/pg_stat_monitor--1.0.sql
@@ -28,7 +28,7 @@ CREATE FUNCTION pg_stat_monitor(IN showtext boolean,
     OUT bucket              int,
     OUT userid              oid,
     OUT dbid                oid,
-    OUT client_ip           bigint,
+    OUT client_ip           int8,
 
     OUT queryid             text,
     OUT query               text,
@@ -202,6 +202,7 @@ end loop;
 END
 $$ language plpgsql;
 
+GRANT SELECT ON pg_stat_monitor TO PUBLIC;
 GRANT SELECT ON pg_stat_monitor_settings TO PUBLIC;
 -- Don't want this to be available to non-superusers.
 REVOKE ALL ON FUNCTION pg_stat_monitor_reset() FROM PUBLIC;
diff --git a/pg_stat_monitor.c b/pg_stat_monitor.c
index 544f664..9a1bb7b 100644
--- a/pg_stat_monitor.c
+++ b/pg_stat_monitor.c
@@ -1,3 +1,4 @@
+
 /*-------------------------------------------------------------------------
  *
  * pg_stat_monitor.c
@@ -38,6 +39,7 @@ do                                                   \
 void _PG_init(void);
 void _PG_fini(void);
 
+int64 v = 5631;
 /*---- Local variables ----*/
 
 /* Current nesting depth of ExecutorRun+ProcessUtility calls */
@@ -1145,7 +1147,11 @@ pg_stat_monitor_internal(FunctionCallInfo fcinfo,
 		values[i++] = ObjectIdGetDatum(entry->key.bucket_id);
 		values[i++] = ObjectIdGetDatum(entry->key.userid);
 		values[i++] = ObjectIdGetDatum(entry->key.dbid);
-		values[i++] = Int64GetDatumFast(entry->key.ip);
+		/* Superusers or members of pg_read_all_stats members are allowed */
+		if (is_allowed_role || entry->key.userid == userid)
+			values[i++] = Int64GetDatumFast(entry->key.ip);
+		else
+			values[i++] = Int64GetDatumFast(0);
 
 		/* copy counters to a local variable to keep locking time short */
 		{
@@ -1154,9 +1160,9 @@ pg_stat_monitor_internal(FunctionCallInfo fcinfo,
 			tmp = e->counters;
 			SpinLockRelease(&e->mutex);
 		}
+		values[i++] = CStringGetTextDatum(queryid_txt);
 		if (is_allowed_role || entry->key.userid == userid)
 		{
-			values[i++] = CStringGetTextDatum(queryid_txt);
 			if (showtext)
 			{
 					if (query_txt)