From 262fa3be0911a5e8ed7c310012cb064e5e39f470 Mon Sep 17 00:00:00 2001
From: Egor Suvorov <egor@neon.tech>
Date: Thu, 22 Sep 2022 17:07:08 +0300
Subject: [PATCH] pageserver pg proto: add missing auth checks (#2494)

Fixes #1858
---
 pageserver/src/page_service.rs | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/pageserver/src/page_service.rs b/pageserver/src/page_service.rs
index 368b4c8bee..758faa4d9a 100644
--- a/pageserver/src/page_service.rs
+++ b/pageserver/src/page_service.rs
@@ -1023,6 +1023,9 @@ impl postgres_backend_async::Handler for PageServerHandler {
             let params = params_raw.split(' ').collect::<Vec<_>>();
             ensure!(params.len() == 1, "invalid param number for config command");
             let tenant_id = TenantId::from_str(params[0])?;
+
+            self.check_permission(Some(tenant_id))?;
+
             let tenant = tenant_mgr::get_tenant(tenant_id, true)?;
             pgb.write_message(&BeMessage::RowDescription(&[
                 RowDescriptor::int8_col(b"checkpoint_distance"),
@@ -1067,14 +1070,14 @@ impl postgres_backend_async::Handler for PageServerHandler {
             let caps = re
                 .captures(query_string)
                 .with_context(|| format!("invalid get_lsn_by_timestamp: '{}'", query_string))?;
-
             let tenant_id = TenantId::from_str(caps.get(1).unwrap().as_str())?;
             let timeline_id = TimelineId::from_str(caps.get(2).unwrap().as_str())?;
-            let timeline = get_local_timeline(tenant_id, timeline_id)?;
-
             let timestamp = humantime::parse_rfc3339(caps.get(3).unwrap().as_str())?;
             let timestamp_pg = to_pg_timestamp(timestamp);
 
+            self.check_permission(Some(tenant_id))?;
+
+            let timeline = get_local_timeline(tenant_id, timeline_id)?;
             pgb.write_message(&BeMessage::RowDescription(&[RowDescriptor::text_col(
                 b"lsn",
             )]))?;