PostgreSQL Source Code  git master
dummy_seclabel.c
Go to the documentation of this file.
1 /*
2  * dummy_seclabel.c
3  *
4  * Dummy security label provider.
5  *
6  * This module does not provide anything worthwhile from a security
7  * perspective, but allows regression testing independent of platform-specific
8  * features like SELinux.
9  *
10  * Portions Copyright (c) 1996-2024, PostgreSQL Global Development Group
11  * Portions Copyright (c) 1994, Regents of the University of California
12  */
13 #include "postgres.h"
14 
15 #include "commands/seclabel.h"
16 #include "fmgr.h"
17 #include "miscadmin.h"
18 #include "utils/rel.h"
19 
21 
23 
24 static void
25 dummy_object_relabel(const ObjectAddress *object, const char *seclabel)
26 {
27  if (seclabel == NULL ||
28  strcmp(seclabel, "unclassified") == 0 ||
29  strcmp(seclabel, "classified") == 0)
30  return;
31 
32  if (strcmp(seclabel, "secret") == 0 ||
33  strcmp(seclabel, "top secret") == 0)
34  {
35  if (!superuser())
36  ereport(ERROR,
37  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
38  errmsg("only superuser can set '%s' label", seclabel)));
39  return;
40  }
41  ereport(ERROR,
42  (errcode(ERRCODE_INVALID_NAME),
43  errmsg("'%s' is not a valid security label", seclabel)));
44 }
45 
46 void
47 _PG_init(void)
48 {
50 }
51 
52 /*
53  * This function is here just so that the extension is not completely empty
54  * and the dynamic library is loaded when CREATE EXTENSION runs.
55  */
56 Datum
58 {
60 }
void _PG_init(void)
PG_MODULE_MAGIC
PG_FUNCTION_INFO_V1(dummy_seclabel_dummy)
static void dummy_object_relabel(const ObjectAddress *object, const char *seclabel)
Datum dummy_seclabel_dummy(PG_FUNCTION_ARGS)
int errcode(int sqlerrcode)
Definition: elog.c:857
int errmsg(const char *fmt,...)
Definition: elog.c:1070
#define ERROR
Definition: elog.h:39
#define ereport(elevel,...)
Definition: elog.h:149
#define PG_RETURN_VOID()
Definition: fmgr.h:349
#define PG_FUNCTION_ARGS
Definition: fmgr.h:193
uintptr_t Datum
Definition: postgres.h:64
void register_label_provider(const char *provider_name, check_object_relabel_type hook)
Definition: seclabel.c:570
bool superuser(void)
Definition: superuser.c:46