PostgreSQL Source Code  git master
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros
proc.c
Go to the documentation of this file.
1 /* -------------------------------------------------------------------------
2  *
3  * contrib/sepgsql/proc.c
4  *
5  * Routines corresponding to procedure objects
6  *
7  * Copyright (c) 2010-2017, PostgreSQL Global Development Group
8  *
9  * -------------------------------------------------------------------------
10  */
11 #include "postgres.h"
12 
13 #include "access/genam.h"
14 #include "access/heapam.h"
15 #include "access/htup_details.h"
16 #include "access/sysattr.h"
17 #include "catalog/dependency.h"
18 #include "catalog/indexing.h"
19 #include "catalog/pg_namespace.h"
20 #include "catalog/pg_proc.h"
21 #include "catalog/pg_type.h"
22 #include "commands/seclabel.h"
23 #include "lib/stringinfo.h"
24 #include "utils/builtins.h"
25 #include "utils/fmgroids.h"
26 #include "utils/lsyscache.h"
27 #include "utils/syscache.h"
28 #include "utils/tqual.h"
29 
30 #include "sepgsql.h"
31 
32 /*
33  * sepgsql_proc_post_create
34  *
35  * This routine assigns a default security label on a newly defined
36  * procedure.
37  */
38 void
40 {
41  Relation rel;
42  ScanKeyData skey;
43  SysScanDesc sscan;
44  HeapTuple tuple;
45  char *nsp_name;
46  char *scontext;
47  char *tcontext;
48  char *ncontext;
49  uint32 required;
50  int i;
51  StringInfoData audit_name;
52  ObjectAddress object;
53  Form_pg_proc proForm;
54 
55  /*
56  * Fetch namespace of the new procedure. Because pg_proc entry is not
57  * visible right now, we need to scan the catalog using SnapshotSelf.
58  */
60 
61  ScanKeyInit(&skey,
63  BTEqualStrategyNumber, F_OIDEQ,
64  ObjectIdGetDatum(functionId));
65 
66  sscan = systable_beginscan(rel, ProcedureOidIndexId, true,
67  SnapshotSelf, 1, &skey);
68 
69  tuple = systable_getnext(sscan);
70  if (!HeapTupleIsValid(tuple))
71  elog(ERROR, "catalog lookup failed for proc %u", functionId);
72 
73  proForm = (Form_pg_proc) GETSTRUCT(tuple);
74 
75  /*
76  * check db_schema:{add_name} permission of the namespace
77  */
78  object.classId = NamespaceRelationId;
79  object.objectId = proForm->pronamespace;
80  object.objectSubId = 0;
84  getObjectIdentity(&object),
85  true);
86 
87  /*
88  * XXX - db_language:{implement} also should be checked here
89  */
90 
91 
92  /*
93  * Compute a default security label when we create a new procedure object
94  * under the specified namespace.
95  */
96  scontext = sepgsql_get_client_label();
98  proForm->pronamespace, 0);
99  ncontext = sepgsql_compute_create(scontext, tcontext,
101  NameStr(proForm->proname));
102 
103  /*
104  * check db_procedure:{create (install)} permission
105  */
106  initStringInfo(&audit_name);
107  nsp_name = get_namespace_name(proForm->pronamespace);
108  appendStringInfo(&audit_name, "%s(",
109  quote_qualified_identifier(nsp_name, NameStr(proForm->proname)));
110  for (i = 0; i < proForm->pronargs; i++)
111  {
112  if (i > 0)
113  appendStringInfoChar(&audit_name, ',');
114 
115  object.classId = TypeRelationId;
116  object.objectId = proForm->proargtypes.values[i];
117  object.objectSubId = 0;
118  appendStringInfoString(&audit_name, getObjectIdentity(&object));
119  }
120  appendStringInfoChar(&audit_name, ')');
121 
122  required = SEPG_DB_PROCEDURE__CREATE;
123  if (proForm->proleakproof)
124  required |= SEPG_DB_PROCEDURE__INSTALL;
125 
128  required,
129  audit_name.data,
130  true);
131 
132  /*
133  * Assign the default security label on a new procedure
134  */
135  object.classId = ProcedureRelationId;
136  object.objectId = functionId;
137  object.objectSubId = 0;
138  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
139 
140  /*
141  * Cleanup
142  */
143  systable_endscan(sscan);
145 
146  pfree(audit_name.data);
147  pfree(tcontext);
148  pfree(ncontext);
149 }
150 
151 /*
152  * sepgsql_proc_drop
153  *
154  * It checks privileges to drop the supplied function.
155  */
156 void
158 {
159  ObjectAddress object;
160  char *audit_name;
161 
162  /*
163  * check db_schema:{remove_name} permission
164  */
165  object.classId = NamespaceRelationId;
166  object.objectId = get_func_namespace(functionId);
167  object.objectSubId = 0;
168  audit_name = getObjectIdentity(&object);
169 
170  sepgsql_avc_check_perms(&object,
173  audit_name,
174  true);
175  pfree(audit_name);
176 
177  /*
178  * check db_procedure:{drop} permission
179  */
180  object.classId = ProcedureRelationId;
181  object.objectId = functionId;
182  object.objectSubId = 0;
183  audit_name = getObjectIdentity(&object);
184 
185  sepgsql_avc_check_perms(&object,
188  audit_name,
189  true);
190  pfree(audit_name);
191 }
192 
193 /*
194  * sepgsql_proc_relabel
195  *
196  * It checks privileges to relabel the supplied function
197  * by the `seclabel'.
198  */
199 void
200 sepgsql_proc_relabel(Oid functionId, const char *seclabel)
201 {
202  ObjectAddress object;
203  char *audit_name;
204 
205  object.classId = ProcedureRelationId;
206  object.objectId = functionId;
207  object.objectSubId = 0;
208  audit_name = getObjectIdentity(&object);
209 
210  /*
211  * check db_procedure:{setattr relabelfrom} permission
212  */
213  sepgsql_avc_check_perms(&object,
217  audit_name,
218  true);
219 
220  /*
221  * check db_procedure:{relabelto} permission
222  */
226  audit_name,
227  true);
228  pfree(audit_name);
229 }
230 
231 /*
232  * sepgsql_proc_setattr
233  *
234  * It checks privileges to alter the supplied function.
235  */
236 void
238 {
239  Relation rel;
240  ScanKeyData skey;
241  SysScanDesc sscan;
242  HeapTuple oldtup;
243  HeapTuple newtup;
244  Form_pg_proc oldform;
245  Form_pg_proc newform;
246  uint32 required;
247  ObjectAddress object;
248  char *audit_name;
249 
250  /*
251  * Fetch newer catalog
252  */
254 
255  ScanKeyInit(&skey,
257  BTEqualStrategyNumber, F_OIDEQ,
258  ObjectIdGetDatum(functionId));
259 
260  sscan = systable_beginscan(rel, ProcedureOidIndexId, true,
261  SnapshotSelf, 1, &skey);
262  newtup = systable_getnext(sscan);
263  if (!HeapTupleIsValid(newtup))
264  elog(ERROR, "catalog lookup failed for function %u", functionId);
265  newform = (Form_pg_proc) GETSTRUCT(newtup);
266 
267  /*
268  * Fetch older catalog
269  */
270  oldtup = SearchSysCache1(PROCOID, ObjectIdGetDatum(functionId));
271  if (!HeapTupleIsValid(oldtup))
272  elog(ERROR, "cache lookup failed for function %u", functionId);
273  oldform = (Form_pg_proc) GETSTRUCT(oldtup);
274 
275  /*
276  * Does this ALTER command takes operation to namespace?
277  */
278  if (newform->pronamespace != oldform->pronamespace)
279  {
280  sepgsql_schema_remove_name(oldform->pronamespace);
281  sepgsql_schema_add_name(oldform->pronamespace);
282  }
283  if (strcmp(NameStr(newform->proname), NameStr(oldform->proname)) != 0)
284  sepgsql_schema_rename(oldform->pronamespace);
285 
286  /*
287  * check db_procedure:{setattr (install)} permission
288  */
289  required = SEPG_DB_PROCEDURE__SETATTR;
290  if (!oldform->proleakproof && newform->proleakproof)
291  required |= SEPG_DB_PROCEDURE__INSTALL;
292 
293  object.classId = ProcedureRelationId;
294  object.objectId = functionId;
295  object.objectSubId = 0;
296  audit_name = getObjectIdentity(&object);
297 
298  sepgsql_avc_check_perms(&object,
300  required,
301  audit_name,
302  true);
303  /* cleanups */
304  pfree(audit_name);
305 
306  ReleaseSysCache(oldtup);
307  systable_endscan(sscan);
309 }
310 
311 /*
312  * sepgsql_proc_execute
313  *
314  * It checks privileges to execute the supplied function
315  */
316 void
318 {
319  ObjectAddress object;
320  char *audit_name;
321 
322  /*
323  * check db_procedure:{execute} permission
324  */
325  object.classId = ProcedureRelationId;
326  object.objectId = functionId;
327  object.objectSubId = 0;
328  audit_name = getObjectIdentity(&object);
329  sepgsql_avc_check_perms(&object,
332  audit_name,
333  true);
334  pfree(audit_name);
335 }
#define SEPG_DB_PROCEDURE__DROP
Definition: sepgsql.h:160
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:346
#define ProcedureOidIndexId
Definition: indexing.h:216
#define SEPG_DB_PROCEDURE__EXECUTE
Definition: sepgsql.h:165
#define NamespaceRelationId
Definition: pg_namespace.h:34
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:499
#define GETSTRUCT(TUP)
Definition: htup_details.h:656
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:327
Oid get_func_namespace(Oid funcid)
Definition: lsyscache.c:1404
#define ObjectIdAttributeNumber
Definition: sysattr.h:22
#define ProcedureRelationId
Definition: pg_proc.h:33
void sepgsql_schema_add_name(Oid namespaceId)
Definition: schema.c:219
char * sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
Definition: label.c:455
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:428
void sepgsql_schema_remove_name(Oid namespaceId)
Definition: schema.c:225
#define AccessShareLock
Definition: lockdefs.h:36
void sepgsql_proc_setattr(Oid functionId)
Definition: proc.c:237
#define heap_close(r, l)
Definition: heapam.h:97
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45
unsigned int Oid
Definition: postgres_ext.h:31
#define TypeRelationId
Definition: pg_type.h:34
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:328
void sepgsql_proc_execute(Oid functionId)
Definition: proc.c:317
#define SearchSysCache1(cacheId, key1)
Definition: syscache.h:152
void sepgsql_proc_drop(Oid functionId)
Definition: proc.c:157
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:416
void pfree(void *pointer)
Definition: mcxt.c:950
void appendStringInfo(StringInfo str, const char *fmt,...)
Definition: stringinfo.c:110
#define SEPG_DB_PROCEDURE__CREATE
Definition: sepgsql.h:159
#define ObjectIdGetDatum(X)
Definition: postgres.h:513
#define ERROR
Definition: elog.h:43
char * getObjectIdentity(const ObjectAddress *object)
void appendStringInfoString(StringInfo str, const char *s)
Definition: stringinfo.c:189
#define SEPG_DB_PROCEDURE__RELABELFROM
Definition: sepgsql.h:163
char * get_namespace_name(Oid nspid)
Definition: lsyscache.c:3006
void sepgsql_schema_rename(Oid namespaceId)
Definition: schema.c:231
#define SEPG_CLASS_DB_PROCEDURE
Definition: sepgsql.h:48
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
unsigned int uint32
Definition: c.h:268
#define SEPG_DB_PROCEDURE__RELABELTO
Definition: sepgsql.h:164
#define SnapshotSelf
Definition: tqual.h:27
void sepgsql_proc_post_create(Oid functionId)
Definition: proc.c:39
void appendStringInfoChar(StringInfo str, char ch)
Definition: stringinfo.c:201
void initStringInfo(StringInfo str)
Definition: stringinfo.c:65
char * quote_qualified_identifier(const char *qualifier, const char *ident)
Definition: ruleutils.c:10281
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1116
Relation heap_open(Oid relationId, LOCKMODE lockmode)
Definition: heapam.c:1287
#define SEPG_DB_SCHEMA__ADD_NAME
Definition: sepgsql.h:134
FormData_pg_proc * Form_pg_proc
Definition: pg_proc.h:83
#define HeapTupleIsValid(tuple)
Definition: htup.h:77
char * sepgsql_get_client_label(void)
Definition: label.c:83
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:837
void sepgsql_proc_relabel(Oid functionId, const char *seclabel)
Definition: proc.c:200
int i
#define NameStr(name)
Definition: c.h:499
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
#define elog
Definition: elog.h:219
#define SEPG_DB_PROCEDURE__SETATTR
Definition: sepgsql.h:162
#define SEPG_DB_SCHEMA__REMOVE_NAME
Definition: sepgsql.h:135
#define BTEqualStrategyNumber
Definition: stratnum.h:31
#define SEPG_DB_PROCEDURE__INSTALL
Definition: sepgsql.h:167