PostgreSQL Source Code  git master
seclabel.c File Reference
#include "postgres.h"
#include "access/genam.h"
#include "access/htup_details.h"
#include "access/relation.h"
#include "access/table.h"
#include "catalog/catalog.h"
#include "catalog/indexing.h"
#include "catalog/pg_seclabel.h"
#include "catalog/pg_shseclabel.h"
#include "commands/seclabel.h"
#include "miscadmin.h"
#include "utils/builtins.h"
#include "utils/fmgroids.h"
#include "utils/memutils.h"
#include "utils/rel.h"
Include dependency graph for seclabel.c:

Go to the source code of this file.

Data Structures

struct  LabelProvider
 

Functions

static bool SecLabelSupportsObjectType (ObjectType objtype)
 
ObjectAddress ExecSecLabelStmt (SecLabelStmt *stmt)
 
static char * GetSharedSecurityLabel (const ObjectAddress *object, const char *provider)
 
char * GetSecurityLabel (const ObjectAddress *object, const char *provider)
 
static void SetSharedSecurityLabel (const ObjectAddress *object, const char *provider, const char *label)
 
void SetSecurityLabel (const ObjectAddress *object, const char *provider, const char *label)
 
void DeleteSharedSecurityLabel (Oid objectId, Oid classId)
 
void DeleteSecurityLabel (const ObjectAddress *object)
 
void register_label_provider (const char *provider_name, check_object_relabel_type hook)
 

Variables

static Listlabel_provider_list = NIL
 

Function Documentation

◆ DeleteSecurityLabel()

void DeleteSecurityLabel ( const ObjectAddress object)

Definition at line 520 of file seclabel.c.

References Assert, BTEqualStrategyNumber, CatalogTupleDelete(), ObjectAddress::classId, DeleteSharedSecurityLabel(), HeapTupleIsValid, Int32GetDatum, IsSharedRelation(), ObjectAddress::objectId, ObjectIdGetDatum, ObjectAddress::objectSubId, RowExclusiveLock, ScanKeyInit(), SecLabelObjectIndexId, systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), and table_open().

Referenced by deleteOneObject().

521 {
522  Relation pg_seclabel;
523  ScanKeyData skey[3];
524  SysScanDesc scan;
525  HeapTuple oldtup;
526  int nkeys;
527 
528  /* Shared objects have their own security label catalog. */
529  if (IsSharedRelation(object->classId))
530  {
531  Assert(object->objectSubId == 0);
532  DeleteSharedSecurityLabel(object->objectId, object->classId);
533  return;
534  }
535 
536  ScanKeyInit(&skey[0],
537  Anum_pg_seclabel_objoid,
538  BTEqualStrategyNumber, F_OIDEQ,
539  ObjectIdGetDatum(object->objectId));
540  ScanKeyInit(&skey[1],
541  Anum_pg_seclabel_classoid,
542  BTEqualStrategyNumber, F_OIDEQ,
543  ObjectIdGetDatum(object->classId));
544  if (object->objectSubId != 0)
545  {
546  ScanKeyInit(&skey[2],
547  Anum_pg_seclabel_objsubid,
548  BTEqualStrategyNumber, F_INT4EQ,
549  Int32GetDatum(object->objectSubId));
550  nkeys = 3;
551  }
552  else
553  nkeys = 2;
554 
555  pg_seclabel = table_open(SecLabelRelationId, RowExclusiveLock);
556 
557  scan = systable_beginscan(pg_seclabel, SecLabelObjectIndexId, true,
558  NULL, nkeys, skey);
559  while (HeapTupleIsValid(oldtup = systable_getnext(scan)))
560  CatalogTupleDelete(pg_seclabel, &oldtup->t_self);
561  systable_endscan(scan);
562 
563  table_close(pg_seclabel, RowExclusiveLock);
564 }
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:569
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
Definition: indexing.c:350
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:357
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:476
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
ItemPointerData t_self
Definition: htup.h:65
#define RowExclusiveLock
Definition: lockdefs.h:38
#define SecLabelObjectIndexId
Definition: indexing.h:328
bool IsSharedRelation(Oid relationId)
Definition: catalog.c:238
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
#define Assert(condition)
Definition: c.h:746
void DeleteSharedSecurityLabel(Oid objectId, Oid classId)
Definition: seclabel.c:488
#define Int32GetDatum(X)
Definition: postgres.h:479
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
#define BTEqualStrategyNumber
Definition: stratnum.h:31

◆ DeleteSharedSecurityLabel()

void DeleteSharedSecurityLabel ( Oid  objectId,
Oid  classId 
)

Definition at line 488 of file seclabel.c.

References BTEqualStrategyNumber, CatalogTupleDelete(), HeapTupleIsValid, ObjectIdGetDatum, RowExclusiveLock, ScanKeyInit(), SharedSecLabelObjectIndexId, systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), and table_open().

Referenced by DeleteSecurityLabel(), dropdb(), DropRole(), and DropTableSpace().

489 {
490  Relation pg_shseclabel;
491  ScanKeyData skey[2];
492  SysScanDesc scan;
493  HeapTuple oldtup;
494 
495  ScanKeyInit(&skey[0],
496  Anum_pg_shseclabel_objoid,
497  BTEqualStrategyNumber, F_OIDEQ,
498  ObjectIdGetDatum(objectId));
499  ScanKeyInit(&skey[1],
500  Anum_pg_shseclabel_classoid,
501  BTEqualStrategyNumber, F_OIDEQ,
502  ObjectIdGetDatum(classId));
503 
504  pg_shseclabel = table_open(SharedSecLabelRelationId, RowExclusiveLock);
505 
506  scan = systable_beginscan(pg_shseclabel, SharedSecLabelObjectIndexId, true,
507  NULL, 2, skey);
508  while (HeapTupleIsValid(oldtup = systable_getnext(scan)))
509  CatalogTupleDelete(pg_shseclabel, &oldtup->t_self);
510  systable_endscan(scan);
511 
512  table_close(pg_shseclabel, RowExclusiveLock);
513 }
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:569
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
Definition: indexing.c:350
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:357
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:476
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
ItemPointerData t_self
Definition: htup.h:65
#define RowExclusiveLock
Definition: lockdefs.h:38
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
#define SharedSecLabelObjectIndexId
Definition: indexing.h:331
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
#define BTEqualStrategyNumber
Definition: stratnum.h:31

◆ ExecSecLabelStmt()

ObjectAddress ExecSecLabelStmt ( SecLabelStmt stmt)

Definition at line 113 of file seclabel.c.

References check_object_ownership(), ereport, errcode(), errmsg(), ERROR, get_object_address(), GetUserId(), LabelProvider::hook, SecLabelStmt::label, lfirst, linitial, list_length(), NIL, NoLock, SecLabelStmt::object, OBJECT_COLUMN, SecLabelStmt::objtype, provider, SecLabelStmt::provider, LabelProvider::provider_name, RelationData::rd_rel, relation_close(), RelationGetRelationName, SecLabelSupportsObjectType(), SetSecurityLabel(), and ShareUpdateExclusiveLock.

Referenced by ProcessUtilitySlow(), and standard_ProcessUtility().

114 {
115  LabelProvider *provider = NULL;
116  ObjectAddress address;
117  Relation relation;
118  ListCell *lc;
119 
120  /*
121  * Find the named label provider, or if none specified, check whether
122  * there's exactly one, and if so use it.
123  */
124  if (stmt->provider == NULL)
125  {
126  if (label_provider_list == NIL)
127  ereport(ERROR,
128  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
129  errmsg("no security label providers have been loaded")));
131  ereport(ERROR,
132  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
133  errmsg("must specify provider when multiple security label providers have been loaded")));
135  }
136  else
137  {
138  foreach(lc, label_provider_list)
139  {
140  LabelProvider *lp = lfirst(lc);
141 
142  if (strcmp(stmt->provider, lp->provider_name) == 0)
143  {
144  provider = lp;
145  break;
146  }
147  }
148  if (provider == NULL)
149  ereport(ERROR,
150  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
151  errmsg("security label provider \"%s\" is not loaded",
152  stmt->provider)));
153  }
154 
156  ereport(ERROR,
157  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
158  errmsg("security labels are not supported for this type of object")));
159 
160  /*
161  * Translate the parser representation which identifies this object into
162  * an ObjectAddress. get_object_address() will throw an error if the
163  * object does not exist, and will also acquire a lock on the target to
164  * guard against concurrent modifications.
165  */
166  address = get_object_address(stmt->objtype, stmt->object,
167  &relation, ShareUpdateExclusiveLock, false);
168 
169  /* Require ownership of the target object. */
170  check_object_ownership(GetUserId(), stmt->objtype, address,
171  stmt->object, relation);
172 
173  /* Perform other integrity checks as needed. */
174  switch (stmt->objtype)
175  {
176  case OBJECT_COLUMN:
177 
178  /*
179  * Allow security labels only on columns of tables, views,
180  * materialized views, composite types, and foreign tables (which
181  * are the only relkinds for which pg_dump will dump labels).
182  */
183  if (relation->rd_rel->relkind != RELKIND_RELATION &&
184  relation->rd_rel->relkind != RELKIND_VIEW &&
185  relation->rd_rel->relkind != RELKIND_MATVIEW &&
186  relation->rd_rel->relkind != RELKIND_COMPOSITE_TYPE &&
187  relation->rd_rel->relkind != RELKIND_FOREIGN_TABLE &&
188  relation->rd_rel->relkind != RELKIND_PARTITIONED_TABLE)
189  ereport(ERROR,
190  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
191  errmsg("\"%s\" is not a table, view, materialized view, composite type, or foreign table",
192  RelationGetRelationName(relation))));
193  break;
194  default:
195  break;
196  }
197 
198  /* Provider gets control here, may throw ERROR to veto new label. */
199  provider->hook(&address, stmt->label);
200 
201  /* Apply new label. */
202  SetSecurityLabel(&address, provider->provider_name, stmt->label);
203 
204  /*
205  * If get_object_address() opened the relation for us, we close it to keep
206  * the reference count correct - but we retain any locks acquired by
207  * get_object_address() until commit time, to guard against concurrent
208  * activity.
209  */
210  if (relation != NULL)
211  relation_close(relation, NoLock);
212 
213  return address;
214 }
#define NIL
Definition: pg_list.h:65
ObjectType objtype
Definition: parsenodes.h:2694
Node * object
Definition: parsenodes.h:2695
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:401
Oid GetUserId(void)
Definition: miscinit.c:476
char * provider
Definition: parsenodes.h:2696
int errcode(int sqlerrcode)
Definition: elog.c:610
const char * provider_name
Definition: seclabel.c:30
Form_pg_class rd_rel
Definition: rel.h:109
static List * label_provider_list
Definition: seclabel.c:34
#define linitial(l)
Definition: pg_list.h:174
#define ERROR
Definition: elog.h:43
char * label
Definition: parsenodes.h:2697
static JitProviderCallbacks provider
Definition: jit.c:43
#define NoLock
Definition: lockdefs.h:34
#define RelationGetRelationName(relation)
Definition: rel.h:490
check_object_relabel_type hook
Definition: seclabel.c:31
#define ereport(elevel,...)
Definition: elog.h:144
#define ShareUpdateExclusiveLock
Definition: lockdefs.h:39
void relation_close(Relation relation, LOCKMODE lockmode)
Definition: relation.c:206
#define lfirst(lc)
Definition: pg_list.h:169
ObjectAddress get_object_address(ObjectType objtype, Node *object, Relation *relp, LOCKMODE lockmode, bool missing_ok)
static int list_length(const List *l)
Definition: pg_list.h:149
void check_object_ownership(Oid roleid, ObjectType objtype, ObjectAddress address, Node *object, Relation relation)
int errmsg(const char *fmt,...)
Definition: elog.c:821
static bool SecLabelSupportsObjectType(ObjectType objtype)
Definition: seclabel.c:37

◆ GetSecurityLabel()

char* GetSecurityLabel ( const ObjectAddress object,
const char *  provider 
)

Definition at line 269 of file seclabel.c.

References AccessShareLock, BTEqualStrategyNumber, ObjectAddress::classId, CStringGetTextDatum, GetSharedSecurityLabel(), heap_getattr, HeapTupleIsValid, Int32GetDatum, IsSharedRelation(), ObjectAddress::objectId, ObjectIdGetDatum, ObjectAddress::objectSubId, RelationGetDescr, ScanKeyInit(), SecLabelObjectIndexId, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), table_open(), and TextDatumGetCString.

Referenced by sepgsql_avc_check_perms(), sepgsql_avc_trusted_proc(), and sepgsql_get_label().

270 {
271  Relation pg_seclabel;
272  ScanKeyData keys[4];
273  SysScanDesc scan;
274  HeapTuple tuple;
275  Datum datum;
276  bool isnull;
277  char *seclabel = NULL;
278 
279  /* Shared objects have their own security label catalog. */
280  if (IsSharedRelation(object->classId))
281  return GetSharedSecurityLabel(object, provider);
282 
283  /* Must be an unshared object, so examine pg_seclabel. */
284  ScanKeyInit(&keys[0],
285  Anum_pg_seclabel_objoid,
286  BTEqualStrategyNumber, F_OIDEQ,
287  ObjectIdGetDatum(object->objectId));
288  ScanKeyInit(&keys[1],
289  Anum_pg_seclabel_classoid,
290  BTEqualStrategyNumber, F_OIDEQ,
291  ObjectIdGetDatum(object->classId));
292  ScanKeyInit(&keys[2],
293  Anum_pg_seclabel_objsubid,
294  BTEqualStrategyNumber, F_INT4EQ,
295  Int32GetDatum(object->objectSubId));
296  ScanKeyInit(&keys[3],
297  Anum_pg_seclabel_provider,
298  BTEqualStrategyNumber, F_TEXTEQ,
300 
301  pg_seclabel = table_open(SecLabelRelationId, AccessShareLock);
302 
303  scan = systable_beginscan(pg_seclabel, SecLabelObjectIndexId, true,
304  NULL, 4, keys);
305 
306  tuple = systable_getnext(scan);
307  if (HeapTupleIsValid(tuple))
308  {
309  datum = heap_getattr(tuple, Anum_pg_seclabel_label,
310  RelationGetDescr(pg_seclabel), &isnull);
311  if (!isnull)
312  seclabel = TextDatumGetCString(datum);
313  }
314  systable_endscan(scan);
315 
316  table_close(pg_seclabel, AccessShareLock);
317 
318  return seclabel;
319 }
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:569
#define RelationGetDescr(relation)
Definition: rel.h:482
static char * GetSharedSecurityLabel(const ObjectAddress *object, const char *provider)
Definition: seclabel.c:221
#define AccessShareLock
Definition: lockdefs.h:36
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:357
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:476
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
static JitProviderCallbacks provider
Definition: jit.c:43
#define SecLabelObjectIndexId
Definition: indexing.h:328
#define heap_getattr(tup, attnum, tupleDesc, isnull)
Definition: htup_details.h:762
#define TextDatumGetCString(d)
Definition: builtins.h:87
uintptr_t Datum
Definition: postgres.h:367
bool IsSharedRelation(Oid relationId)
Definition: catalog.c:238
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
#define Int32GetDatum(X)
Definition: postgres.h:479
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
#define CStringGetTextDatum(s)
Definition: builtins.h:86
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
#define BTEqualStrategyNumber
Definition: stratnum.h:31

◆ GetSharedSecurityLabel()

static char* GetSharedSecurityLabel ( const ObjectAddress object,
const char *  provider 
)
static

Definition at line 221 of file seclabel.c.

References AccessShareLock, BTEqualStrategyNumber, ObjectAddress::classId, CStringGetTextDatum, heap_getattr, HeapTupleIsValid, ObjectAddress::objectId, ObjectIdGetDatum, RelationGetDescr, ScanKeyInit(), SharedSecLabelObjectIndexId, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), table_open(), and TextDatumGetCString.

Referenced by GetSecurityLabel().

222 {
223  Relation pg_shseclabel;
224  ScanKeyData keys[3];
225  SysScanDesc scan;
226  HeapTuple tuple;
227  Datum datum;
228  bool isnull;
229  char *seclabel = NULL;
230 
231  ScanKeyInit(&keys[0],
232  Anum_pg_shseclabel_objoid,
233  BTEqualStrategyNumber, F_OIDEQ,
234  ObjectIdGetDatum(object->objectId));
235  ScanKeyInit(&keys[1],
236  Anum_pg_shseclabel_classoid,
237  BTEqualStrategyNumber, F_OIDEQ,
238  ObjectIdGetDatum(object->classId));
239  ScanKeyInit(&keys[2],
240  Anum_pg_shseclabel_provider,
241  BTEqualStrategyNumber, F_TEXTEQ,
243 
244  pg_shseclabel = table_open(SharedSecLabelRelationId, AccessShareLock);
245 
246  scan = systable_beginscan(pg_shseclabel, SharedSecLabelObjectIndexId, true,
247  NULL, 3, keys);
248 
249  tuple = systable_getnext(scan);
250  if (HeapTupleIsValid(tuple))
251  {
252  datum = heap_getattr(tuple, Anum_pg_shseclabel_label,
253  RelationGetDescr(pg_shseclabel), &isnull);
254  if (!isnull)
255  seclabel = TextDatumGetCString(datum);
256  }
257  systable_endscan(scan);
258 
259  table_close(pg_shseclabel, AccessShareLock);
260 
261  return seclabel;
262 }
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:569
#define RelationGetDescr(relation)
Definition: rel.h:482
#define AccessShareLock
Definition: lockdefs.h:36
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:357
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:476
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
static JitProviderCallbacks provider
Definition: jit.c:43
#define heap_getattr(tup, attnum, tupleDesc, isnull)
Definition: htup_details.h:762
#define TextDatumGetCString(d)
Definition: builtins.h:87
uintptr_t Datum
Definition: postgres.h:367
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
#define SharedSecLabelObjectIndexId
Definition: indexing.h:331
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
#define CStringGetTextDatum(s)
Definition: builtins.h:86
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
#define BTEqualStrategyNumber
Definition: stratnum.h:31

◆ register_label_provider()

void register_label_provider ( const char *  provider_name,
check_object_relabel_type  hook 
)

Definition at line 567 of file seclabel.c.

References LabelProvider::hook, lappend(), MemoryContextSwitchTo(), palloc(), provider, LabelProvider::provider_name, pstrdup(), and TopMemoryContext.

Referenced by _PG_init().

568 {
570  MemoryContext oldcxt;
571 
573  provider = palloc(sizeof(LabelProvider));
574  provider->provider_name = pstrdup(provider_name);
575  provider->hook = hook;
577  MemoryContextSwitchTo(oldcxt);
578 }
char * pstrdup(const char *in)
Definition: mcxt.c:1187
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:109
const char * provider_name
Definition: seclabel.c:30
static List * label_provider_list
Definition: seclabel.c:34
static JitProviderCallbacks provider
Definition: jit.c:43
MemoryContext TopMemoryContext
Definition: mcxt.c:44
List * lappend(List *list, void *datum)
Definition: list.c:321
check_object_relabel_type hook
Definition: seclabel.c:31
void * palloc(Size size)
Definition: mcxt.c:950

◆ SecLabelSupportsObjectType()

static bool SecLabelSupportsObjectType ( ObjectType  objtype)
static

Definition at line 37 of file seclabel.c.

References OBJECT_ACCESS_METHOD, OBJECT_AGGREGATE, OBJECT_AMOP, OBJECT_AMPROC, OBJECT_ATTRIBUTE, OBJECT_CAST, OBJECT_COLLATION, OBJECT_COLUMN, OBJECT_CONVERSION, OBJECT_DATABASE, OBJECT_DEFACL, OBJECT_DEFAULT, OBJECT_DOMAIN, OBJECT_DOMCONSTRAINT, OBJECT_EVENT_TRIGGER, OBJECT_EXTENSION, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FOREIGN_TABLE, OBJECT_FUNCTION, OBJECT_INDEX, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_MATVIEW, OBJECT_OPCLASS, OBJECT_OPERATOR, OBJECT_OPFAMILY, OBJECT_POLICY, OBJECT_PROCEDURE, OBJECT_PUBLICATION, OBJECT_PUBLICATION_REL, OBJECT_ROLE, OBJECT_ROUTINE, OBJECT_RULE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_STATISTIC_EXT, OBJECT_SUBSCRIPTION, OBJECT_TABCONSTRAINT, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TRANSFORM, OBJECT_TRIGGER, OBJECT_TSCONFIGURATION, OBJECT_TSDICTIONARY, OBJECT_TSPARSER, OBJECT_TSTEMPLATE, OBJECT_TYPE, OBJECT_USER_MAPPING, and OBJECT_VIEW.

Referenced by ExecSecLabelStmt().

38 {
39  switch (objtype)
40  {
41  case OBJECT_AGGREGATE:
42  case OBJECT_COLUMN:
43  case OBJECT_DATABASE:
44  case OBJECT_DOMAIN:
47  case OBJECT_FUNCTION:
48  case OBJECT_LANGUAGE:
49  case OBJECT_LARGEOBJECT:
50  case OBJECT_MATVIEW:
51  case OBJECT_PROCEDURE:
52  case OBJECT_PUBLICATION:
53  case OBJECT_ROLE:
54  case OBJECT_ROUTINE:
55  case OBJECT_SCHEMA:
56  case OBJECT_SEQUENCE:
58  case OBJECT_TABLE:
59  case OBJECT_TABLESPACE:
60  case OBJECT_TYPE:
61  case OBJECT_VIEW:
62  return true;
63 
65  case OBJECT_AMOP:
66  case OBJECT_AMPROC:
67  case OBJECT_ATTRIBUTE:
68  case OBJECT_CAST:
69  case OBJECT_COLLATION:
70  case OBJECT_CONVERSION:
71  case OBJECT_DEFAULT:
72  case OBJECT_DEFACL:
74  case OBJECT_EXTENSION:
75  case OBJECT_FDW:
77  case OBJECT_INDEX:
78  case OBJECT_OPCLASS:
79  case OBJECT_OPERATOR:
80  case OBJECT_OPFAMILY:
81  case OBJECT_POLICY:
83  case OBJECT_RULE:
86  case OBJECT_TRANSFORM:
87  case OBJECT_TRIGGER:
90  case OBJECT_TSPARSER:
91  case OBJECT_TSTEMPLATE:
93  return false;
94 
95  /*
96  * There's intentionally no default: case here; we want the
97  * compiler to warn if a new ObjectType hasn't been handled above.
98  */
99  }
100 
101  /* Shouldn't get here, but if we do, say "no support" */
102  return false;
103 }

◆ SetSecurityLabel()

void SetSecurityLabel ( const ObjectAddress object,
const char *  provider,
const char *  label 
)

Definition at line 401 of file seclabel.c.

References BTEqualStrategyNumber, CatalogTupleDelete(), CatalogTupleInsert(), CatalogTupleUpdate(), ObjectAddress::classId, CStringGetTextDatum, heap_form_tuple(), heap_freetuple(), heap_modify_tuple(), HeapTupleIsValid, Int32GetDatum, IsSharedRelation(), ObjectAddress::objectId, ObjectIdGetDatum, ObjectAddress::objectSubId, RelationGetDescr, RowExclusiveLock, ScanKeyInit(), SecLabelObjectIndexId, SetSharedSecurityLabel(), systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), table_open(), and values.

Referenced by exec_object_restorecon(), ExecSecLabelStmt(), sepgsql_attribute_post_create(), sepgsql_database_post_create(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), and sepgsql_schema_post_create().

403 {
404  Relation pg_seclabel;
405  ScanKeyData keys[4];
406  SysScanDesc scan;
407  HeapTuple oldtup;
408  HeapTuple newtup = NULL;
409  Datum values[Natts_pg_seclabel];
410  bool nulls[Natts_pg_seclabel];
411  bool replaces[Natts_pg_seclabel];
412 
413  /* Shared objects have their own security label catalog. */
414  if (IsSharedRelation(object->classId))
415  {
417  return;
418  }
419 
420  /* Prepare to form or update a tuple, if necessary. */
421  memset(nulls, false, sizeof(nulls));
422  memset(replaces, false, sizeof(replaces));
423  values[Anum_pg_seclabel_objoid - 1] = ObjectIdGetDatum(object->objectId);
424  values[Anum_pg_seclabel_classoid - 1] = ObjectIdGetDatum(object->classId);
425  values[Anum_pg_seclabel_objsubid - 1] = Int32GetDatum(object->objectSubId);
426  values[Anum_pg_seclabel_provider - 1] = CStringGetTextDatum(provider);
427  if (label != NULL)
428  values[Anum_pg_seclabel_label - 1] = CStringGetTextDatum(label);
429 
430  /* Use the index to search for a matching old tuple */
431  ScanKeyInit(&keys[0],
432  Anum_pg_seclabel_objoid,
433  BTEqualStrategyNumber, F_OIDEQ,
434  ObjectIdGetDatum(object->objectId));
435  ScanKeyInit(&keys[1],
436  Anum_pg_seclabel_classoid,
437  BTEqualStrategyNumber, F_OIDEQ,
438  ObjectIdGetDatum(object->classId));
439  ScanKeyInit(&keys[2],
440  Anum_pg_seclabel_objsubid,
441  BTEqualStrategyNumber, F_INT4EQ,
442  Int32GetDatum(object->objectSubId));
443  ScanKeyInit(&keys[3],
444  Anum_pg_seclabel_provider,
445  BTEqualStrategyNumber, F_TEXTEQ,
447 
448  pg_seclabel = table_open(SecLabelRelationId, RowExclusiveLock);
449 
450  scan = systable_beginscan(pg_seclabel, SecLabelObjectIndexId, true,
451  NULL, 4, keys);
452 
453  oldtup = systable_getnext(scan);
454  if (HeapTupleIsValid(oldtup))
455  {
456  if (label == NULL)
457  CatalogTupleDelete(pg_seclabel, &oldtup->t_self);
458  else
459  {
460  replaces[Anum_pg_seclabel_label - 1] = true;
461  newtup = heap_modify_tuple(oldtup, RelationGetDescr(pg_seclabel),
462  values, nulls, replaces);
463  CatalogTupleUpdate(pg_seclabel, &oldtup->t_self, newtup);
464  }
465  }
466  systable_endscan(scan);
467 
468  /* If we didn't find an old tuple, insert a new one */
469  if (newtup == NULL && label != NULL)
470  {
471  newtup = heap_form_tuple(RelationGetDescr(pg_seclabel),
472  values, nulls);
473  CatalogTupleInsert(pg_seclabel, newtup);
474  }
475 
476  /* Update indexes, if necessary */
477  if (newtup != NULL)
478  heap_freetuple(newtup);
479 
480  table_close(pg_seclabel, RowExclusiveLock);
481 }
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:569
#define RelationGetDescr(relation)
Definition: rel.h:482
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
Definition: indexing.c:350
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, Datum *values, bool *isnull)
Definition: heaptuple.c:1020
void heap_freetuple(HeapTuple htup)
Definition: heaptuple.c:1338
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:357
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:476
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
ItemPointerData t_self
Definition: htup.h:65
static JitProviderCallbacks provider
Definition: jit.c:43
#define RowExclusiveLock
Definition: lockdefs.h:38
#define SecLabelObjectIndexId
Definition: indexing.h:328
uintptr_t Datum
Definition: postgres.h:367
static char * label
bool IsSharedRelation(Oid relationId)
Definition: catalog.c:238
static void SetSharedSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:326
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:301
static Datum values[MAXATTR]
Definition: bootstrap.c:165
#define Int32GetDatum(X)
Definition: postgres.h:479
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
#define CStringGetTextDatum(s)
Definition: builtins.h:86
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
Definition: heaptuple.c:1113
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
Definition: indexing.c:221
#define BTEqualStrategyNumber
Definition: stratnum.h:31

◆ SetSharedSecurityLabel()

static void SetSharedSecurityLabel ( const ObjectAddress object,
const char *  provider,
const char *  label 
)
static

Definition at line 326 of file seclabel.c.

References BTEqualStrategyNumber, CatalogTupleDelete(), CatalogTupleInsert(), CatalogTupleUpdate(), ObjectAddress::classId, CStringGetTextDatum, heap_form_tuple(), heap_freetuple(), heap_modify_tuple(), HeapTupleIsValid, ObjectAddress::objectId, ObjectIdGetDatum, RelationGetDescr, RowExclusiveLock, ScanKeyInit(), SharedSecLabelObjectIndexId, systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), table_open(), and values.

Referenced by SetSecurityLabel().

328 {
329  Relation pg_shseclabel;
330  ScanKeyData keys[4];
331  SysScanDesc scan;
332  HeapTuple oldtup;
333  HeapTuple newtup = NULL;
334  Datum values[Natts_pg_shseclabel];
335  bool nulls[Natts_pg_shseclabel];
336  bool replaces[Natts_pg_shseclabel];
337 
338  /* Prepare to form or update a tuple, if necessary. */
339  memset(nulls, false, sizeof(nulls));
340  memset(replaces, false, sizeof(replaces));
341  values[Anum_pg_shseclabel_objoid - 1] = ObjectIdGetDatum(object->objectId);
342  values[Anum_pg_shseclabel_classoid - 1] = ObjectIdGetDatum(object->classId);
343  values[Anum_pg_shseclabel_provider - 1] = CStringGetTextDatum(provider);
344  if (label != NULL)
345  values[Anum_pg_shseclabel_label - 1] = CStringGetTextDatum(label);
346 
347  /* Use the index to search for a matching old tuple */
348  ScanKeyInit(&keys[0],
349  Anum_pg_shseclabel_objoid,
350  BTEqualStrategyNumber, F_OIDEQ,
351  ObjectIdGetDatum(object->objectId));
352  ScanKeyInit(&keys[1],
353  Anum_pg_shseclabel_classoid,
354  BTEqualStrategyNumber, F_OIDEQ,
355  ObjectIdGetDatum(object->classId));
356  ScanKeyInit(&keys[2],
357  Anum_pg_shseclabel_provider,
358  BTEqualStrategyNumber, F_TEXTEQ,
360 
361  pg_shseclabel = table_open(SharedSecLabelRelationId, RowExclusiveLock);
362 
363  scan = systable_beginscan(pg_shseclabel, SharedSecLabelObjectIndexId, true,
364  NULL, 3, keys);
365 
366  oldtup = systable_getnext(scan);
367  if (HeapTupleIsValid(oldtup))
368  {
369  if (label == NULL)
370  CatalogTupleDelete(pg_shseclabel, &oldtup->t_self);
371  else
372  {
373  replaces[Anum_pg_shseclabel_label - 1] = true;
374  newtup = heap_modify_tuple(oldtup, RelationGetDescr(pg_shseclabel),
375  values, nulls, replaces);
376  CatalogTupleUpdate(pg_shseclabel, &oldtup->t_self, newtup);
377  }
378  }
379  systable_endscan(scan);
380 
381  /* If we didn't find an old tuple, insert a new one */
382  if (newtup == NULL && label != NULL)
383  {
384  newtup = heap_form_tuple(RelationGetDescr(pg_shseclabel),
385  values, nulls);
386  CatalogTupleInsert(pg_shseclabel, newtup);
387  }
388 
389  if (newtup != NULL)
390  heap_freetuple(newtup);
391 
392  table_close(pg_shseclabel, RowExclusiveLock);
393 }
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:569
#define RelationGetDescr(relation)
Definition: rel.h:482
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
Definition: indexing.c:350
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, Datum *values, bool *isnull)
Definition: heaptuple.c:1020
void heap_freetuple(HeapTuple htup)
Definition: heaptuple.c:1338
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:357
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:476
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
ItemPointerData t_self
Definition: htup.h:65
static JitProviderCallbacks provider
Definition: jit.c:43
#define RowExclusiveLock
Definition: lockdefs.h:38
uintptr_t Datum
Definition: postgres.h:367
static char * label
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:301
#define SharedSecLabelObjectIndexId
Definition: indexing.h:331
static Datum values[MAXATTR]
Definition: bootstrap.c:165
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
#define CStringGetTextDatum(s)
Definition: builtins.h:86
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
Definition: heaptuple.c:1113
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
Definition: indexing.c:221
#define BTEqualStrategyNumber
Definition: stratnum.h:31

Variable Documentation

◆ label_provider_list

List* label_provider_list = NIL
static

Definition at line 34 of file seclabel.c.