2011-01-24 09:44:48 +08:00
|
|
|
/* -------------------------------------------------------------------------
|
|
|
|
*
|
|
|
|
* contrib/sepgsql/proc.c
|
|
|
|
*
|
|
|
|
* Routines corresponding to procedure objects
|
|
|
|
*
|
2018-01-03 12:30:12 +08:00
|
|
|
* Copyright (c) 2010-2018, PostgreSQL Global Development Group
|
2011-01-24 09:44:48 +08:00
|
|
|
*
|
|
|
|
* -------------------------------------------------------------------------
|
|
|
|
*/
|
|
|
|
#include "postgres.h"
|
|
|
|
|
|
|
|
#include "access/genam.h"
|
|
|
|
#include "access/heapam.h"
|
2012-09-06 02:01:15 +08:00
|
|
|
#include "access/htup_details.h"
|
2011-01-24 09:44:48 +08:00
|
|
|
#include "access/sysattr.h"
|
2011-02-03 12:39:43 +08:00
|
|
|
#include "catalog/dependency.h"
|
2011-01-24 09:44:48 +08:00
|
|
|
#include "catalog/indexing.h"
|
|
|
|
#include "catalog/pg_namespace.h"
|
|
|
|
#include "catalog/pg_proc.h"
|
2013-04-12 20:35:55 +08:00
|
|
|
#include "catalog/pg_type.h"
|
2011-01-24 09:44:48 +08:00
|
|
|
#include "commands/seclabel.h"
|
2012-09-06 02:01:15 +08:00
|
|
|
#include "lib/stringinfo.h"
|
2011-12-21 22:12:43 +08:00
|
|
|
#include "utils/builtins.h"
|
2011-01-24 09:44:48 +08:00
|
|
|
#include "utils/fmgroids.h"
|
|
|
|
#include "utils/lsyscache.h"
|
2013-03-27 20:10:14 +08:00
|
|
|
#include "utils/syscache.h"
|
2011-01-24 09:44:48 +08:00
|
|
|
#include "utils/tqual.h"
|
|
|
|
|
|
|
|
#include "sepgsql.h"
|
|
|
|
|
|
|
|
/*
|
|
|
|
* sepgsql_proc_post_create
|
|
|
|
*
|
|
|
|
* This routine assigns a default security label on a newly defined
|
|
|
|
* procedure.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
sepgsql_proc_post_create(Oid functionId)
|
|
|
|
{
|
2011-04-10 23:42:00 +08:00
|
|
|
Relation rel;
|
|
|
|
ScanKeyData skey;
|
|
|
|
SysScanDesc sscan;
|
|
|
|
HeapTuple tuple;
|
2013-04-12 20:35:55 +08:00
|
|
|
char *nsp_name;
|
2011-04-10 23:42:00 +08:00
|
|
|
char *scontext;
|
|
|
|
char *tcontext;
|
|
|
|
char *ncontext;
|
2013-03-27 20:10:14 +08:00
|
|
|
uint32 required;
|
2011-12-21 22:12:43 +08:00
|
|
|
int i;
|
2012-06-11 03:20:04 +08:00
|
|
|
StringInfoData audit_name;
|
|
|
|
ObjectAddress object;
|
|
|
|
Form_pg_proc proForm;
|
2011-01-24 09:44:48 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Fetch namespace of the new procedure. Because pg_proc entry is not
|
|
|
|
* visible right now, we need to scan the catalog using SnapshotSelf.
|
|
|
|
*/
|
|
|
|
rel = heap_open(ProcedureRelationId, AccessShareLock);
|
|
|
|
|
|
|
|
ScanKeyInit(&skey,
|
|
|
|
ObjectIdAttributeNumber,
|
|
|
|
BTEqualStrategyNumber, F_OIDEQ,
|
|
|
|
ObjectIdGetDatum(functionId));
|
|
|
|
|
|
|
|
sscan = systable_beginscan(rel, ProcedureOidIndexId, true,
|
|
|
|
SnapshotSelf, 1, &skey);
|
|
|
|
|
|
|
|
tuple = systable_getnext(sscan);
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2017-06-05 04:20:03 +08:00
|
|
|
elog(ERROR, "could not find tuple for function %u", functionId);
|
2011-01-24 09:44:48 +08:00
|
|
|
|
2011-12-21 22:12:43 +08:00
|
|
|
proForm = (Form_pg_proc) GETSTRUCT(tuple);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* check db_schema:{add_name} permission of the namespace
|
|
|
|
*/
|
|
|
|
object.classId = NamespaceRelationId;
|
|
|
|
object.objectId = proForm->pronamespace;
|
|
|
|
object.objectSubId = 0;
|
|
|
|
sepgsql_avc_check_perms(&object,
|
|
|
|
SEPG_CLASS_DB_SCHEMA,
|
|
|
|
SEPG_DB_SCHEMA__ADD_NAME,
|
2013-04-12 20:35:55 +08:00
|
|
|
getObjectIdentity(&object),
|
2011-12-21 22:12:43 +08:00
|
|
|
true);
|
2012-06-11 03:20:04 +08:00
|
|
|
|
2011-12-21 22:12:43 +08:00
|
|
|
/*
|
|
|
|
* XXX - db_language:{implement} also should be checked here
|
|
|
|
*/
|
2011-01-24 09:44:48 +08:00
|
|
|
|
|
|
|
|
|
|
|
/*
|
2011-04-10 23:42:00 +08:00
|
|
|
* Compute a default security label when we create a new procedure object
|
|
|
|
* under the specified namespace.
|
2011-01-24 09:44:48 +08:00
|
|
|
*/
|
|
|
|
scontext = sepgsql_get_client_label();
|
2011-12-21 22:12:43 +08:00
|
|
|
tcontext = sepgsql_get_label(NamespaceRelationId,
|
|
|
|
proForm->pronamespace, 0);
|
2011-01-24 09:44:48 +08:00
|
|
|
ncontext = sepgsql_compute_create(scontext, tcontext,
|
2013-03-29 03:38:35 +08:00
|
|
|
SEPG_CLASS_DB_PROCEDURE,
|
|
|
|
NameStr(proForm->proname));
|
2011-01-24 09:44:48 +08:00
|
|
|
|
2011-12-21 22:12:43 +08:00
|
|
|
/*
|
2013-03-27 20:10:14 +08:00
|
|
|
* check db_procedure:{create (install)} permission
|
2011-12-21 22:12:43 +08:00
|
|
|
*/
|
|
|
|
initStringInfo(&audit_name);
|
2013-04-12 20:35:55 +08:00
|
|
|
nsp_name = get_namespace_name(proForm->pronamespace);
|
|
|
|
appendStringInfo(&audit_name, "%s(",
|
Phase 3 of pgindent updates.
Don't move parenthesized lines to the left, even if that means they
flow past the right margin.
By default, BSD indent lines up statement continuation lines that are
within parentheses so that they start just to the right of the preceding
left parenthesis. However, traditionally, if that resulted in the
continuation line extending to the right of the desired right margin,
then indent would push it left just far enough to not overrun the margin,
if it could do so without making the continuation line start to the left of
the current statement indent. That makes for a weird mix of indentations
unless one has been completely rigid about never violating the 80-column
limit.
This behavior has been pretty universally panned by Postgres developers.
Hence, disable it with indent's new -lpl switch, so that parenthesized
lines are always lined up with the preceding left paren.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-22 03:35:54 +08:00
|
|
|
quote_qualified_identifier(nsp_name, NameStr(proForm->proname)));
|
2012-06-11 03:20:04 +08:00
|
|
|
for (i = 0; i < proForm->pronargs; i++)
|
2011-12-21 22:12:43 +08:00
|
|
|
{
|
|
|
|
if (i > 0)
|
|
|
|
appendStringInfoChar(&audit_name, ',');
|
2013-04-12 20:35:55 +08:00
|
|
|
|
|
|
|
object.classId = TypeRelationId;
|
|
|
|
object.objectId = proForm->proargtypes.values[i];
|
|
|
|
object.objectSubId = 0;
|
|
|
|
appendStringInfoString(&audit_name, getObjectIdentity(&object));
|
2011-12-21 22:12:43 +08:00
|
|
|
}
|
|
|
|
appendStringInfoChar(&audit_name, ')');
|
|
|
|
|
2013-03-27 20:10:14 +08:00
|
|
|
required = SEPG_DB_PROCEDURE__CREATE;
|
|
|
|
if (proForm->proleakproof)
|
|
|
|
required |= SEPG_DB_PROCEDURE__INSTALL;
|
|
|
|
|
2011-12-21 22:12:43 +08:00
|
|
|
sepgsql_avc_check_perms_label(ncontext,
|
|
|
|
SEPG_CLASS_DB_PROCEDURE,
|
2013-03-27 20:10:14 +08:00
|
|
|
required,
|
2011-12-21 22:12:43 +08:00
|
|
|
audit_name.data,
|
|
|
|
true);
|
2012-06-11 03:20:04 +08:00
|
|
|
|
2011-01-24 09:44:48 +08:00
|
|
|
/*
|
|
|
|
* Assign the default security label on a new procedure
|
|
|
|
*/
|
|
|
|
object.classId = ProcedureRelationId;
|
|
|
|
object.objectId = functionId;
|
|
|
|
object.objectSubId = 0;
|
|
|
|
SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
|
|
|
|
|
2011-12-21 22:12:43 +08:00
|
|
|
/*
|
|
|
|
* Cleanup
|
|
|
|
*/
|
|
|
|
systable_endscan(sscan);
|
|
|
|
heap_close(rel, AccessShareLock);
|
|
|
|
|
|
|
|
pfree(audit_name.data);
|
2011-01-24 09:44:48 +08:00
|
|
|
pfree(tcontext);
|
|
|
|
pfree(ncontext);
|
|
|
|
}
|
|
|
|
|
2012-03-10 04:18:45 +08:00
|
|
|
/*
|
|
|
|
* sepgsql_proc_drop
|
|
|
|
*
|
|
|
|
* It checks privileges to drop the supplied function.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
sepgsql_proc_drop(Oid functionId)
|
|
|
|
{
|
2012-06-11 03:20:04 +08:00
|
|
|
ObjectAddress object;
|
|
|
|
char *audit_name;
|
2012-03-10 04:18:45 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* check db_schema:{remove_name} permission
|
|
|
|
*/
|
|
|
|
object.classId = NamespaceRelationId;
|
|
|
|
object.objectId = get_func_namespace(functionId);
|
|
|
|
object.objectSubId = 0;
|
2013-04-12 20:35:55 +08:00
|
|
|
audit_name = getObjectIdentity(&object);
|
2012-03-10 04:18:45 +08:00
|
|
|
|
|
|
|
sepgsql_avc_check_perms(&object,
|
|
|
|
SEPG_CLASS_DB_SCHEMA,
|
|
|
|
SEPG_DB_SCHEMA__REMOVE_NAME,
|
|
|
|
audit_name,
|
|
|
|
true);
|
|
|
|
pfree(audit_name);
|
|
|
|
|
2012-06-11 03:20:04 +08:00
|
|
|
/*
|
|
|
|
* check db_procedure:{drop} permission
|
|
|
|
*/
|
2012-03-10 04:18:45 +08:00
|
|
|
object.classId = ProcedureRelationId;
|
|
|
|
object.objectId = functionId;
|
|
|
|
object.objectSubId = 0;
|
2013-04-12 20:35:55 +08:00
|
|
|
audit_name = getObjectIdentity(&object);
|
2012-03-10 04:18:45 +08:00
|
|
|
|
2012-06-11 03:20:04 +08:00
|
|
|
sepgsql_avc_check_perms(&object,
|
|
|
|
SEPG_CLASS_DB_PROCEDURE,
|
|
|
|
SEPG_DB_PROCEDURE__DROP,
|
|
|
|
audit_name,
|
|
|
|
true);
|
2012-03-10 04:18:45 +08:00
|
|
|
pfree(audit_name);
|
|
|
|
}
|
|
|
|
|
2011-01-24 09:44:48 +08:00
|
|
|
/*
|
|
|
|
* sepgsql_proc_relabel
|
|
|
|
*
|
|
|
|
* It checks privileges to relabel the supplied function
|
|
|
|
* by the `seclabel'.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
sepgsql_proc_relabel(Oid functionId, const char *seclabel)
|
|
|
|
{
|
2012-06-11 03:20:04 +08:00
|
|
|
ObjectAddress object;
|
|
|
|
char *audit_name;
|
2011-01-24 09:44:48 +08:00
|
|
|
|
2011-09-01 20:37:33 +08:00
|
|
|
object.classId = ProcedureRelationId;
|
|
|
|
object.objectId = functionId;
|
|
|
|
object.objectSubId = 0;
|
2013-04-12 20:35:55 +08:00
|
|
|
audit_name = getObjectIdentity(&object);
|
2011-01-24 09:44:48 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* check db_procedure:{setattr relabelfrom} permission
|
|
|
|
*/
|
2011-09-01 20:37:33 +08:00
|
|
|
sepgsql_avc_check_perms(&object,
|
|
|
|
SEPG_CLASS_DB_PROCEDURE,
|
|
|
|
SEPG_DB_PROCEDURE__SETATTR |
|
|
|
|
SEPG_DB_PROCEDURE__RELABELFROM,
|
|
|
|
audit_name,
|
|
|
|
true);
|
2012-06-11 03:20:04 +08:00
|
|
|
|
2011-01-24 09:44:48 +08:00
|
|
|
/*
|
|
|
|
* check db_procedure:{relabelto} permission
|
|
|
|
*/
|
2011-09-01 20:37:33 +08:00
|
|
|
sepgsql_avc_check_perms_label(seclabel,
|
|
|
|
SEPG_CLASS_DB_PROCEDURE,
|
|
|
|
SEPG_DB_PROCEDURE__RELABELTO,
|
|
|
|
audit_name,
|
|
|
|
true);
|
2011-01-24 09:44:48 +08:00
|
|
|
pfree(audit_name);
|
|
|
|
}
|
2013-03-27 20:10:14 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* sepgsql_proc_setattr
|
|
|
|
*
|
|
|
|
* It checks privileges to alter the supplied function.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
sepgsql_proc_setattr(Oid functionId)
|
|
|
|
{
|
2013-05-30 04:58:43 +08:00
|
|
|
Relation rel;
|
|
|
|
ScanKeyData skey;
|
|
|
|
SysScanDesc sscan;
|
|
|
|
HeapTuple oldtup;
|
|
|
|
HeapTuple newtup;
|
|
|
|
Form_pg_proc oldform;
|
|
|
|
Form_pg_proc newform;
|
|
|
|
uint32 required;
|
|
|
|
ObjectAddress object;
|
|
|
|
char *audit_name;
|
2013-03-27 20:10:14 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Fetch newer catalog
|
|
|
|
*/
|
|
|
|
rel = heap_open(ProcedureRelationId, AccessShareLock);
|
|
|
|
|
|
|
|
ScanKeyInit(&skey,
|
|
|
|
ObjectIdAttributeNumber,
|
|
|
|
BTEqualStrategyNumber, F_OIDEQ,
|
|
|
|
ObjectIdGetDatum(functionId));
|
|
|
|
|
|
|
|
sscan = systable_beginscan(rel, ProcedureOidIndexId, true,
|
|
|
|
SnapshotSelf, 1, &skey);
|
|
|
|
newtup = systable_getnext(sscan);
|
|
|
|
if (!HeapTupleIsValid(newtup))
|
2017-06-05 04:20:03 +08:00
|
|
|
elog(ERROR, "could not find tuple for function %u", functionId);
|
2013-03-27 20:10:14 +08:00
|
|
|
newform = (Form_pg_proc) GETSTRUCT(newtup);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Fetch older catalog
|
|
|
|
*/
|
|
|
|
oldtup = SearchSysCache1(PROCOID, ObjectIdGetDatum(functionId));
|
|
|
|
if (!HeapTupleIsValid(oldtup))
|
|
|
|
elog(ERROR, "cache lookup failed for function %u", functionId);
|
|
|
|
oldform = (Form_pg_proc) GETSTRUCT(oldtup);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Does this ALTER command takes operation to namespace?
|
|
|
|
*/
|
|
|
|
if (newform->pronamespace != oldform->pronamespace)
|
|
|
|
{
|
|
|
|
sepgsql_schema_remove_name(oldform->pronamespace);
|
|
|
|
sepgsql_schema_add_name(oldform->pronamespace);
|
|
|
|
}
|
|
|
|
if (strcmp(NameStr(newform->proname), NameStr(oldform->proname)) != 0)
|
|
|
|
sepgsql_schema_rename(oldform->pronamespace);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* check db_procedure:{setattr (install)} permission
|
|
|
|
*/
|
|
|
|
required = SEPG_DB_PROCEDURE__SETATTR;
|
|
|
|
if (!oldform->proleakproof && newform->proleakproof)
|
|
|
|
required |= SEPG_DB_PROCEDURE__INSTALL;
|
|
|
|
|
|
|
|
object.classId = ProcedureRelationId;
|
|
|
|
object.objectId = functionId;
|
|
|
|
object.objectSubId = 0;
|
2013-04-12 20:35:55 +08:00
|
|
|
audit_name = getObjectIdentity(&object);
|
2013-03-27 20:10:14 +08:00
|
|
|
|
|
|
|
sepgsql_avc_check_perms(&object,
|
|
|
|
SEPG_CLASS_DB_PROCEDURE,
|
2013-05-30 04:58:43 +08:00
|
|
|
required,
|
2013-03-27 20:10:14 +08:00
|
|
|
audit_name,
|
|
|
|
true);
|
|
|
|
/* cleanups */
|
|
|
|
pfree(audit_name);
|
|
|
|
|
|
|
|
ReleaseSysCache(oldtup);
|
|
|
|
systable_endscan(sscan);
|
|
|
|
heap_close(rel, AccessShareLock);
|
|
|
|
}
|
2013-04-12 20:55:56 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* sepgsql_proc_execute
|
|
|
|
*
|
|
|
|
* It checks privileges to execute the supplied function
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
sepgsql_proc_execute(Oid functionId)
|
|
|
|
{
|
|
|
|
ObjectAddress object;
|
|
|
|
char *audit_name;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* check db_procedure:{execute} permission
|
|
|
|
*/
|
|
|
|
object.classId = ProcedureRelationId;
|
|
|
|
object.objectId = functionId;
|
|
|
|
object.objectSubId = 0;
|
2013-04-17 21:52:25 +08:00
|
|
|
audit_name = getObjectIdentity(&object);
|
2013-04-12 20:55:56 +08:00
|
|
|
sepgsql_avc_check_perms(&object,
|
|
|
|
SEPG_CLASS_DB_PROCEDURE,
|
|
|
|
SEPG_DB_PROCEDURE__EXECUTE,
|
|
|
|
audit_name,
|
|
|
|
true);
|
|
|
|
pfree(audit_name);
|
|
|
|
}
|