mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-12-21 08:29:39 +08:00
0f05840bf4
The main change here is to call security_compute_create_name_raw() rather than security_compute_create_raw(). This ups the minimum requirement for libselinux from 2.0.99 to 2.1.10, but it looks like most distributions will have picked that up before 9.3 is out. KaiGai Kohei
221 lines
5.1 KiB
C
221 lines
5.1 KiB
C
/* -------------------------------------------------------------------------
|
|
*
|
|
* contrib/sepgsql/schema.c
|
|
*
|
|
* Routines corresponding to schema objects
|
|
*
|
|
* Copyright (c) 2010-2013, PostgreSQL Global Development Group
|
|
*
|
|
* -------------------------------------------------------------------------
|
|
*/
|
|
#include "postgres.h"
|
|
|
|
#include "access/genam.h"
|
|
#include "access/heapam.h"
|
|
#include "access/htup_details.h"
|
|
#include "access/sysattr.h"
|
|
#include "catalog/dependency.h"
|
|
#include "catalog/indexing.h"
|
|
#include "catalog/pg_database.h"
|
|
#include "catalog/pg_namespace.h"
|
|
#include "commands/seclabel.h"
|
|
#include "miscadmin.h"
|
|
#include "utils/fmgroids.h"
|
|
#include "utils/lsyscache.h"
|
|
#include "utils/tqual.h"
|
|
|
|
#include "sepgsql.h"
|
|
|
|
/*
|
|
* sepgsql_schema_post_create
|
|
*
|
|
* This routine assigns a default security label on a newly defined
|
|
* schema.
|
|
*/
|
|
void
|
|
sepgsql_schema_post_create(Oid namespaceId)
|
|
{
|
|
Relation rel;
|
|
ScanKeyData skey;
|
|
SysScanDesc sscan;
|
|
HeapTuple tuple;
|
|
char *tcontext;
|
|
char *ncontext;
|
|
char audit_name[NAMEDATALEN + 20];
|
|
const char *nsp_name;
|
|
ObjectAddress object;
|
|
Form_pg_namespace nspForm;
|
|
|
|
/*
|
|
* Compute a default security label when we create a new schema object
|
|
* under the working database.
|
|
*
|
|
* XXX - uncoming version of libselinux supports to take object name to
|
|
* handle special treatment on default security label; such as special
|
|
* label on "pg_temp" schema.
|
|
*/
|
|
rel = heap_open(NamespaceRelationId, AccessShareLock);
|
|
|
|
ScanKeyInit(&skey,
|
|
ObjectIdAttributeNumber,
|
|
BTEqualStrategyNumber, F_OIDEQ,
|
|
ObjectIdGetDatum(namespaceId));
|
|
|
|
sscan = systable_beginscan(rel, NamespaceOidIndexId, true,
|
|
SnapshotSelf, 1, &skey);
|
|
tuple = systable_getnext(sscan);
|
|
if (!HeapTupleIsValid(tuple))
|
|
elog(ERROR, "catalog lookup failed for namespace %u", namespaceId);
|
|
|
|
nspForm = (Form_pg_namespace) GETSTRUCT(tuple);
|
|
nsp_name = NameStr(nspForm->nspname);
|
|
if (strncmp(nsp_name, "pg_temp_", 8) == 0)
|
|
nsp_name = "pg_temp";
|
|
else if (strncmp(nsp_name, "pg_toast_temp_", 14) == 0)
|
|
nsp_name = "pg_toast_temp";
|
|
|
|
tcontext = sepgsql_get_label(DatabaseRelationId, MyDatabaseId, 0);
|
|
ncontext = sepgsql_compute_create(sepgsql_get_client_label(),
|
|
tcontext,
|
|
SEPG_CLASS_DB_SCHEMA,
|
|
nsp_name);
|
|
/*
|
|
* check db_schema:{create}
|
|
*/
|
|
snprintf(audit_name, sizeof(audit_name), "schema %s", nsp_name);
|
|
sepgsql_avc_check_perms_label(ncontext,
|
|
SEPG_CLASS_DB_SCHEMA,
|
|
SEPG_DB_SCHEMA__CREATE,
|
|
audit_name,
|
|
true);
|
|
systable_endscan(sscan);
|
|
heap_close(rel, AccessShareLock);
|
|
|
|
/*
|
|
* Assign the default security label on a new procedure
|
|
*/
|
|
object.classId = NamespaceRelationId;
|
|
object.objectId = namespaceId;
|
|
object.objectSubId = 0;
|
|
SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
|
|
|
|
pfree(ncontext);
|
|
pfree(tcontext);
|
|
}
|
|
|
|
/*
|
|
* sepgsql_schema_drop
|
|
*
|
|
* It checks privileges to drop the supplied schema object.
|
|
*/
|
|
void
|
|
sepgsql_schema_drop(Oid namespaceId)
|
|
{
|
|
ObjectAddress object;
|
|
char *audit_name;
|
|
|
|
/*
|
|
* check db_schema:{drop} permission
|
|
*/
|
|
object.classId = NamespaceRelationId;
|
|
object.objectId = namespaceId;
|
|
object.objectSubId = 0;
|
|
audit_name = getObjectDescription(&object);
|
|
|
|
sepgsql_avc_check_perms(&object,
|
|
SEPG_CLASS_DB_SCHEMA,
|
|
SEPG_DB_SCHEMA__DROP,
|
|
audit_name,
|
|
true);
|
|
pfree(audit_name);
|
|
}
|
|
|
|
/*
|
|
* sepgsql_schema_relabel
|
|
*
|
|
* It checks privileges to relabel the supplied schema
|
|
* by the `seclabel'.
|
|
*/
|
|
void
|
|
sepgsql_schema_relabel(Oid namespaceId, const char *seclabel)
|
|
{
|
|
ObjectAddress object;
|
|
char *audit_name;
|
|
|
|
object.classId = NamespaceRelationId;
|
|
object.objectId = namespaceId;
|
|
object.objectSubId = 0;
|
|
audit_name = getObjectDescription(&object);
|
|
|
|
/*
|
|
* check db_schema:{setattr relabelfrom} permission
|
|
*/
|
|
sepgsql_avc_check_perms(&object,
|
|
SEPG_CLASS_DB_SCHEMA,
|
|
SEPG_DB_SCHEMA__SETATTR |
|
|
SEPG_DB_SCHEMA__RELABELFROM,
|
|
audit_name,
|
|
true);
|
|
|
|
/*
|
|
* check db_schema:{relabelto} permission
|
|
*/
|
|
sepgsql_avc_check_perms_label(seclabel,
|
|
SEPG_CLASS_DB_SCHEMA,
|
|
SEPG_DB_SCHEMA__RELABELTO,
|
|
audit_name,
|
|
true);
|
|
pfree(audit_name);
|
|
}
|
|
|
|
/*
|
|
* sepgsql_schema_check_perms
|
|
*
|
|
* utility routine to check db_schema:{xxx} permissions
|
|
*/
|
|
static void
|
|
check_schema_perms(Oid namespaceId, uint32 required)
|
|
{
|
|
ObjectAddress object;
|
|
char *audit_name;
|
|
|
|
object.classId = NamespaceRelationId;
|
|
object.objectId = namespaceId;
|
|
object.objectSubId = 0;
|
|
audit_name = getObjectDescription(&object);
|
|
|
|
sepgsql_avc_check_perms(&object,
|
|
SEPG_CLASS_DB_SCHEMA,
|
|
required,
|
|
audit_name,
|
|
true);
|
|
pfree(audit_name);
|
|
}
|
|
|
|
/* db_schema:{setattr} permission */
|
|
void
|
|
sepgsql_schema_setattr(Oid namespaceId)
|
|
{
|
|
check_schema_perms(namespaceId, SEPG_DB_SCHEMA__SETATTR);
|
|
}
|
|
|
|
void
|
|
sepgsql_schema_add_name(Oid namespaceId)
|
|
{
|
|
check_schema_perms(namespaceId, SEPG_DB_SCHEMA__ADD_NAME);
|
|
}
|
|
|
|
void
|
|
sepgsql_schema_remove_name(Oid namespaceId)
|
|
{
|
|
check_schema_perms(namespaceId, SEPG_DB_SCHEMA__REMOVE_NAME);
|
|
}
|
|
|
|
void
|
|
sepgsql_schema_rename(Oid namespaceId)
|
|
{
|
|
check_schema_perms(namespaceId,
|
|
SEPG_DB_SCHEMA__ADD_NAME |
|
|
SEPG_DB_SCHEMA__REMOVE_NAME);
|
|
}
|