24 #include "utils/fmgroids.h" 126 if (label_provider_list ==
NIL)
128 (
errcode(ERRCODE_INVALID_PARAMETER_VALUE),
129 errmsg(
"no security label providers have been loaded")));
132 (
errcode(ERRCODE_INVALID_PARAMETER_VALUE),
133 errmsg(
"must specify provider when multiple security label providers have been loaded")));
138 foreach(lc, label_provider_list)
148 if (provider == NULL)
150 (
errcode(ERRCODE_INVALID_PARAMETER_VALUE),
151 errmsg(
"security label provider \"%s\" is not loaded",
157 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
158 errmsg(
"security labels are not supported for this type of object")));
183 if (relation->
rd_rel->relkind != RELKIND_RELATION &&
184 relation->
rd_rel->relkind != RELKIND_VIEW &&
185 relation->
rd_rel->relkind != RELKIND_MATVIEW &&
186 relation->
rd_rel->relkind != RELKIND_COMPOSITE_TYPE &&
187 relation->
rd_rel->relkind != RELKIND_FOREIGN_TABLE &&
188 relation->
rd_rel->relkind != RELKIND_PARTITIONED_TABLE)
190 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
191 errmsg(
"\"%s\" is not a table, view, materialized view, composite type, or foreign table",
210 if (relation != NULL)
229 char *seclabel = NULL;
232 Anum_pg_shseclabel_objoid,
236 Anum_pg_shseclabel_classoid,
240 Anum_pg_shseclabel_provider,
277 char *seclabel = NULL;
285 Anum_pg_seclabel_objoid,
289 Anum_pg_seclabel_classoid,
293 Anum_pg_seclabel_objsubid,
297 Anum_pg_seclabel_provider,
335 bool nulls[Natts_pg_shseclabel];
336 bool replaces[Natts_pg_shseclabel];
339 memset(nulls,
false,
sizeof(nulls));
340 memset(replaces,
false,
sizeof(replaces));
349 Anum_pg_shseclabel_objoid,
353 Anum_pg_shseclabel_classoid,
357 Anum_pg_shseclabel_provider,
373 replaces[Anum_pg_shseclabel_label - 1] =
true;
375 values, nulls, replaces);
382 if (newtup == NULL && label != NULL)
410 bool nulls[Natts_pg_seclabel];
411 bool replaces[Natts_pg_seclabel];
421 memset(nulls,
false,
sizeof(nulls));
422 memset(replaces,
false,
sizeof(replaces));
432 Anum_pg_seclabel_objoid,
436 Anum_pg_seclabel_classoid,
440 Anum_pg_seclabel_objsubid,
444 Anum_pg_seclabel_provider,
460 replaces[Anum_pg_seclabel_label - 1] =
true;
462 values, nulls, replaces);
469 if (newtup == NULL && label != NULL)
496 Anum_pg_shseclabel_objoid,
500 Anum_pg_shseclabel_classoid,
537 Anum_pg_seclabel_objoid,
541 Anum_pg_seclabel_classoid,
547 Anum_pg_seclabel_objsubid,
575 provider->
hook = hook;
576 label_provider_list =
lappend(label_provider_list, provider);
void table_close(Relation relation, LOCKMODE lockmode)
void systable_endscan(SysScanDesc sysscan)
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
#define RelationGetDescr(relation)
ObjectAddress ExecSecLabelStmt(SecLabelStmt *stmt)
char * pstrdup(const char *in)
static char * GetSharedSecurityLabel(const ObjectAddress *object, const char *provider)
void DeleteSecurityLabel(const ObjectAddress *object)
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
int errcode(int sqlerrcode)
const char * provider_name
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, Datum *values, bool *isnull)
void heap_freetuple(HeapTuple htup)
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
#define SharedSecLabelObjectIndexId
static List * label_provider_list
HeapTuple systable_getnext(SysScanDesc sysscan)
#define ObjectIdGetDatum(X)
char * GetSecurityLabel(const ObjectAddress *object, const char *provider)
#define SecLabelObjectIndexId
static JitProviderCallbacks provider
#define RelationGetRelationName(relation)
void(* check_object_relabel_type)(const ObjectAddress *object, const char *seclabel)
MemoryContext TopMemoryContext
List * lappend(List *list, void *datum)
#define heap_getattr(tup, attnum, tupleDesc, isnull)
#define TextDatumGetCString(d)
check_object_relabel_type hook
bool IsSharedRelation(Oid relationId)
void register_label_provider(const char *provider_name, check_object_relabel_type hook)
#define ereport(elevel,...)
static void SetSharedSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
#define ShareUpdateExclusiveLock
#define HeapTupleIsValid(tuple)
void relation_close(Relation relation, LOCKMODE lockmode)
#define Assert(condition)
ObjectAddress get_object_address(ObjectType objtype, Node *object, Relation *relp, LOCKMODE lockmode, bool missing_ok)
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
static int list_length(const List *l)
void DeleteSharedSecurityLabel(Oid objectId, Oid classId)
static Datum values[MAXATTR]
void check_object_ownership(Oid roleid, ObjectType objtype, ObjectAddress address, Node *object, Relation relation)
int errmsg(const char *fmt,...)
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
#define CStringGetTextDatum(s)
static bool SecLabelSupportsObjectType(ObjectType objtype)
Relation table_open(Oid relationId, LOCKMODE lockmode)
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
#define BTEqualStrategyNumber