#include "postgres.h"
#include "access/genam.h"
#include "access/htup_details.h"
#include "access/sysattr.h"
#include "access/table.h"
#include "catalog/dependency.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_proc.h"
#include "catalog/pg_type.h"
#include "commands/seclabel.h"
#include "lib/stringinfo.h"
#include "sepgsql.h"
#include "utils/builtins.h"
#include "utils/fmgroids.h"
#include "utils/lsyscache.h"
#include "utils/snapmgr.h"
#include "utils/syscache.h"

Include dependency graph for proc.c:

Function Documentation

◆ sepgsql_proc_drop()

void sepgsql_proc_drop ( Oid functionId )

Definition at line 155 of file proc.c.

{
    ObjectAddress object;
    char       *audit_name;
 
    /*
     * check db_schema:{remove_name} permission
     */
    object.classId = NamespaceRelationId;
    object.objectId = get_func_namespace(functionId);
    object.objectSubId = 0;
    audit_name = getObjectIdentity(&object, false);
 
    sepgsql_avc_check_perms(&object,
                            SEPG_CLASS_DB_SCHEMA,
                            SEPG_DB_SCHEMA__REMOVE_NAME,
                            audit_name,
                            true);
    pfree(audit_name);
 
    /*
     * check db_procedure:{drop} permission
     */
    object.classId = ProcedureRelationId;
    object.objectId = functionId;
    object.objectSubId = 0;
    audit_name = getObjectIdentity(&object, false);
 
    sepgsql_avc_check_perms(&object,
                            SEPG_CLASS_DB_PROCEDURE,
                            SEPG_DB_PROCEDURE__DROP,
                            audit_name,
                            true);
    pfree(audit_name);
}

References ObjectAddress::classId, fb(), get_func_namespace(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_PROCEDURE, SEPG_CLASS_DB_SCHEMA, SEPG_DB_PROCEDURE__DROP, SEPG_DB_SCHEMA__REMOVE_NAME, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

◆ sepgsql_proc_execute()

void sepgsql_proc_execute ( Oid functionId )

Definition at line 315 of file proc.c.

{
    ObjectAddress object;
    char       *audit_name;
 
    /*
     * check db_procedure:{execute} permission
     */
    object.classId = ProcedureRelationId;
    object.objectId = functionId;
    object.objectSubId = 0;
    audit_name = getObjectIdentity(&object, false);
    sepgsql_avc_check_perms(&object,
                            SEPG_CLASS_DB_PROCEDURE,
                            SEPG_DB_PROCEDURE__EXECUTE,
                            audit_name,
                            true);
    pfree(audit_name);
}

References ObjectAddress::classId, fb(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_PROCEDURE, SEPG_DB_PROCEDURE__EXECUTE, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

◆ sepgsql_proc_post_create()

void sepgsql_proc_post_create ( Oid functionId )

Definition at line 37 of file proc.c.

{
    Relation    rel;
    ScanKeyData skey;
    SysScanDesc sscan;
    HeapTuple   tuple;
    char       *nsp_name;
    char       *scontext;
    char       *tcontext;
    char       *ncontext;
    uint32      required;
    int         i;
    StringInfoData audit_name;
    ObjectAddress object;
    Form_pg_proc proForm;
 
    /*
     * Fetch namespace of the new procedure. Because pg_proc entry is not
     * visible right now, we need to scan the catalog using SnapshotSelf.
     */
    rel = table_open(ProcedureRelationId, AccessShareLock);
 
    ScanKeyInit(&skey,
                Anum_pg_proc_oid,
                BTEqualStrategyNumber, F_OIDEQ,
                ObjectIdGetDatum(functionId));
 
    sscan = systable_beginscan(rel, ProcedureOidIndexId, true,
                               SnapshotSelf, 1, &skey);
 
    tuple = systable_getnext(sscan);
    if (!HeapTupleIsValid(tuple))
        elog(ERROR, "could not find tuple for function %u", functionId);
 
    proForm = (Form_pg_proc) GETSTRUCT(tuple);
 
    /*
     * check db_schema:{add_name} permission of the namespace
     */
    object.classId = NamespaceRelationId;
    object.objectId = proForm->pronamespace;
    object.objectSubId = 0;
    sepgsql_avc_check_perms(&object,
                            SEPG_CLASS_DB_SCHEMA,
                            SEPG_DB_SCHEMA__ADD_NAME,
                            getObjectIdentity(&object, false),
                            true);
 
    /*
     * XXX - db_language:{implement} also should be checked here
     */
 
 
    /*
     * Compute a default security label when we create a new procedure object
     * under the specified namespace.
     */
    scontext = sepgsql_get_client_label();
    tcontext = sepgsql_get_label(NamespaceRelationId,
                                 proForm->pronamespace, 0);
    ncontext = sepgsql_compute_create(scontext, tcontext,
                                      SEPG_CLASS_DB_PROCEDURE,
                                      NameStr(proForm->proname));
 
    /*
     * check db_procedure:{create (install)} permission
     */
    initStringInfo(&audit_name);
    nsp_name = get_namespace_name(proForm->pronamespace);
    appendStringInfo(&audit_name, "%s(",
                     quote_qualified_identifier(nsp_name, NameStr(proForm->proname)));
    for (i = 0; i < proForm->pronargs; i++)
    {
        if (i > 0)
            appendStringInfoChar(&audit_name, ',');
 
        object.classId = TypeRelationId;
        object.objectId = proForm->proargtypes.values[i];
        object.objectSubId = 0;
        appendStringInfoString(&audit_name, getObjectIdentity(&object, false));
    }
    appendStringInfoChar(&audit_name, ')');
 
    required = SEPG_DB_PROCEDURE__CREATE;
    if (proForm->proleakproof)
        required |= SEPG_DB_PROCEDURE__INSTALL;
 
    sepgsql_avc_check_perms_label(ncontext,
                                  SEPG_CLASS_DB_PROCEDURE,
                                  required,
                                  audit_name.data,
                                  true);
 
    /*
     * Assign the default security label on a new procedure
     */
    object.classId = ProcedureRelationId;
    object.objectId = functionId;
    object.objectSubId = 0;
    SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
 
    /*
     * Cleanup
     */
    systable_endscan(sscan);
    table_close(rel, AccessShareLock);
 
    pfree(audit_name.data);
    pfree(tcontext);
    pfree(ncontext);
}

References AccessShareLock, appendStringInfo(), appendStringInfoChar(), appendStringInfoString(), BTEqualStrategyNumber, elog, ERROR, fb(), get_namespace_name(), getObjectIdentity(), GETSTRUCT(), HeapTupleIsValid, i, initStringInfo(), NameStr, ObjectIdGetDatum(), pfree(), quote_qualified_identifier(), ScanKeyInit(), SEPG_CLASS_DB_PROCEDURE, SEPG_CLASS_DB_SCHEMA, SEPG_DB_PROCEDURE__CREATE, SEPG_DB_PROCEDURE__INSTALL, SEPG_DB_SCHEMA__ADD_NAME, sepgsql_avc_check_perms(), sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by sepgsql_object_access().

◆ sepgsql_proc_relabel()

void sepgsql_proc_relabel	(	Oid	functionId,
		const char *	seclabel
	)

Definition at line 198 of file proc.c.

{
    ObjectAddress object;
    char       *audit_name;
 
    object.classId = ProcedureRelationId;
    object.objectId = functionId;
    object.objectSubId = 0;
    audit_name = getObjectIdentity(&object, false);
 
    /*
     * check db_procedure:{setattr relabelfrom} permission
     */
    sepgsql_avc_check_perms(&object,
                            SEPG_CLASS_DB_PROCEDURE,
                            SEPG_DB_PROCEDURE__SETATTR |
                            SEPG_DB_PROCEDURE__RELABELFROM,
                            audit_name,
                            true);
 
    /*
     * check db_procedure:{relabelto} permission
     */
    sepgsql_avc_check_perms_label(seclabel,
                                  SEPG_CLASS_DB_PROCEDURE,
                                  SEPG_DB_PROCEDURE__RELABELTO,
                                  audit_name,
                                  true);
    pfree(audit_name);
}

References ObjectAddress::classId, fb(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_PROCEDURE, SEPG_DB_PROCEDURE__RELABELFROM, SEPG_DB_PROCEDURE__RELABELTO, SEPG_DB_PROCEDURE__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().

Referenced by sepgsql_object_relabel().

◆ sepgsql_proc_setattr()

void sepgsql_proc_setattr ( Oid functionId )

Definition at line 235 of file proc.c.

{
    Relation    rel;
    ScanKeyData skey;
    SysScanDesc sscan;
    HeapTuple   oldtup;
    HeapTuple   newtup;
    Form_pg_proc oldform;
    Form_pg_proc newform;
    uint32      required;
    ObjectAddress object;
    char       *audit_name;
 
    /*
     * Fetch newer catalog
     */
    rel = table_open(ProcedureRelationId, AccessShareLock);
 
    ScanKeyInit(&skey,
                Anum_pg_proc_oid,
                BTEqualStrategyNumber, F_OIDEQ,
                ObjectIdGetDatum(functionId));
 
    sscan = systable_beginscan(rel, ProcedureOidIndexId, true,
                               SnapshotSelf, 1, &skey);
    newtup = systable_getnext(sscan);
    if (!HeapTupleIsValid(newtup))
        elog(ERROR, "could not find tuple for function %u", functionId);
    newform = (Form_pg_proc) GETSTRUCT(newtup);
 
    /*
     * Fetch older catalog
     */
    oldtup = SearchSysCache1(PROCOID, ObjectIdGetDatum(functionId));
    if (!HeapTupleIsValid(oldtup))
        elog(ERROR, "cache lookup failed for function %u", functionId);
    oldform = (Form_pg_proc) GETSTRUCT(oldtup);
 
    /*
     * Does this ALTER command takes operation to namespace?
     */
    if (newform->pronamespace != oldform->pronamespace)
    {
        sepgsql_schema_remove_name(oldform->pronamespace);
        sepgsql_schema_add_name(oldform->pronamespace);
    }
    if (strcmp(NameStr(newform->proname), NameStr(oldform->proname)) != 0)
        sepgsql_schema_rename(oldform->pronamespace);
 
    /*
     * check db_procedure:{setattr (install)} permission
     */
    required = SEPG_DB_PROCEDURE__SETATTR;
    if (!oldform->proleakproof && newform->proleakproof)
        required |= SEPG_DB_PROCEDURE__INSTALL;
 
    object.classId = ProcedureRelationId;
    object.objectId = functionId;
    object.objectSubId = 0;
    audit_name = getObjectIdentity(&object, false);
 
    sepgsql_avc_check_perms(&object,
                            SEPG_CLASS_DB_PROCEDURE,
                            required,
                            audit_name,
                            true);
    /* cleanups */
    pfree(audit_name);
 
    ReleaseSysCache(oldtup);
    systable_endscan(sscan);
    table_close(rel, AccessShareLock);
}

References AccessShareLock, BTEqualStrategyNumber, elog, ERROR, fb(), getObjectIdentity(), GETSTRUCT(), HeapTupleIsValid, NameStr, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), ScanKeyInit(), SearchSysCache1(), SEPG_CLASS_DB_PROCEDURE, SEPG_DB_PROCEDURE__INSTALL, SEPG_DB_PROCEDURE__SETATTR, sepgsql_avc_check_perms(), sepgsql_schema_add_name(), sepgsql_schema_remove_name(), sepgsql_schema_rename(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by sepgsql_object_access().

Functions
void	sepgsql_proc_post_create (Oid functionId)

void	sepgsql_proc_drop (Oid functionId)

void	sepgsql_proc_relabel (Oid functionId, const char *seclabel)

void	sepgsql_proc_setattr (Oid functionId)

void	sepgsql_proc_execute (Oid functionId)

Functions

Function Documentation

◆ sepgsql_proc_drop()

◆ sepgsql_proc_execute()

◆ sepgsql_proc_post_create()

◆ sepgsql_proc_relabel()

◆ sepgsql_proc_setattr()