PostgreSQL Source Code  git master
seclabel.c
Go to the documentation of this file.
1 /* -------------------------------------------------------------------------
2  *
3  * seclabel.c
4  * routines to support security label feature.
5  *
6  * Portions Copyright (c) 1996-2021, PostgreSQL Global Development Group
7  * Portions Copyright (c) 1994, Regents of the University of California
8  *
9  * -------------------------------------------------------------------------
10  */
11 #include "postgres.h"
12 
13 #include "access/genam.h"
14 #include "access/htup_details.h"
15 #include "access/relation.h"
16 #include "access/table.h"
17 #include "catalog/catalog.h"
18 #include "catalog/indexing.h"
19 #include "catalog/pg_seclabel.h"
20 #include "catalog/pg_shseclabel.h"
21 #include "commands/seclabel.h"
22 #include "miscadmin.h"
23 #include "utils/builtins.h"
24 #include "utils/fmgroids.h"
25 #include "utils/memutils.h"
26 #include "utils/rel.h"
27 
28 typedef struct
29 {
30  const char *provider_name;
31  check_object_relabel_type hook;
32 } LabelProvider;
33 
34 static List *label_provider_list = NIL;
35 
36 static bool
37 SecLabelSupportsObjectType(ObjectType objtype)
38 {
39  switch (objtype)
40  {
41  case OBJECT_AGGREGATE:
42  case OBJECT_COLUMN:
43  case OBJECT_DATABASE:
44  case OBJECT_DOMAIN:
45  case OBJECT_EVENT_TRIGGER:
46  case OBJECT_FOREIGN_TABLE:
47  case OBJECT_FUNCTION:
48  case OBJECT_LANGUAGE:
49  case OBJECT_LARGEOBJECT:
50  case OBJECT_MATVIEW:
51  case OBJECT_PROCEDURE:
52  case OBJECT_PUBLICATION:
53  case OBJECT_ROLE:
54  case OBJECT_ROUTINE:
55  case OBJECT_SCHEMA:
56  case OBJECT_SEQUENCE:
57  case OBJECT_SUBSCRIPTION:
58  case OBJECT_TABLE:
59  case OBJECT_TABLESPACE:
60  case OBJECT_TYPE:
61  case OBJECT_VIEW:
62  return true;
63 
64  case OBJECT_ACCESS_METHOD:
65  case OBJECT_AMOP:
66  case OBJECT_AMPROC:
67  case OBJECT_ATTRIBUTE:
68  case OBJECT_CAST:
69  case OBJECT_COLLATION:
70  case OBJECT_CONVERSION:
71  case OBJECT_DEFAULT:
72  case OBJECT_DEFACL:
73  case OBJECT_DOMCONSTRAINT:
74  case OBJECT_EXTENSION:
75  case OBJECT_FDW:
76  case OBJECT_FOREIGN_SERVER:
77  case OBJECT_INDEX:
78  case OBJECT_OPCLASS:
79  case OBJECT_OPERATOR:
80  case OBJECT_OPFAMILY:
81  case OBJECT_POLICY:
82  case OBJECT_PUBLICATION_REL:
83  case OBJECT_RULE:
84  case OBJECT_STATISTIC_EXT:
85  case OBJECT_TABCONSTRAINT:
86  case OBJECT_TRANSFORM:
87  case OBJECT_TRIGGER:
88  case OBJECT_TSCONFIGURATION:
89  case OBJECT_TSDICTIONARY:
90  case OBJECT_TSPARSER:
91  case OBJECT_TSTEMPLATE:
92  case OBJECT_USER_MAPPING:
93  return false;
94 
95  /*
96  * There's intentionally no default: case here; we want the
97  * compiler to warn if a new ObjectType hasn't been handled above.
98  */
99  }
100 
101  /* Shouldn't get here, but if we do, say "no support" */
102  return false;
103 }
104 
105 /*
106  * ExecSecLabelStmt --
107  *
108  * Apply a security label to a database object.
109  *
110  * Returns the ObjectAddress of the object to which the policy was applied.
111  */
112 ObjectAddress
113 ExecSecLabelStmt(SecLabelStmt *stmt)
114 {
115  LabelProvider *provider = NULL;
116  ObjectAddress address;
117  Relation relation;
118  ListCell *lc;
119 
120  /*
121  * Find the named label provider, or if none specified, check whether
122  * there's exactly one, and if so use it.
123  */
124  if (stmt->provider == NULL)
125  {
126  if (label_provider_list == NIL)
127  ereport(ERROR,
128  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
129  errmsg("no security label providers have been loaded")));
130  if (list_length(label_provider_list) != 1)
131  ereport(ERROR,
132  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
133  errmsg("must specify provider when multiple security label providers have been loaded")));
134  provider = (LabelProvider *) linitial(label_provider_list);
135  }
136  else
137  {
138  foreach(lc, label_provider_list)
139  {
140  LabelProvider *lp = lfirst(lc);
141 
142  if (strcmp(stmt->provider, lp->provider_name) == 0)
143  {
144  provider = lp;
145  break;
146  }
147  }
148  if (provider == NULL)
149  ereport(ERROR,
150  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
151  errmsg("security label provider \"%s\" is not loaded",
152  stmt->provider)));
153  }
154 
155  if (!SecLabelSupportsObjectType(stmt->objtype))
156  ereport(ERROR,
157  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
158  errmsg("security labels are not supported for this type of object")));
159 
160  /*
161  * Translate the parser representation which identifies this object into
162  * an ObjectAddress. get_object_address() will throw an error if the
163  * object does not exist, and will also acquire a lock on the target to
164  * guard against concurrent modifications.
165  */
166  address = get_object_address(stmt->objtype, stmt->object,
167  &relation, ShareUpdateExclusiveLock, false);
168 
169  /* Require ownership of the target object. */
170  check_object_ownership(GetUserId(), stmt->objtype, address,
171  stmt->object, relation);
172 
173  /* Perform other integrity checks as needed. */
174  switch (stmt->objtype)
175  {
176  case OBJECT_COLUMN:
177 
178  /*
179  * Allow security labels only on columns of tables, views,
180  * materialized views, composite types, and foreign tables (which
181  * are the only relkinds for which pg_dump will dump labels).
182  */
183  if (relation->rd_rel->relkind != RELKIND_RELATION &&
184  relation->rd_rel->relkind != RELKIND_VIEW &&
185  relation->rd_rel->relkind != RELKIND_MATVIEW &&
186  relation->rd_rel->relkind != RELKIND_COMPOSITE_TYPE &&
187  relation->rd_rel->relkind != RELKIND_FOREIGN_TABLE &&
188  relation->rd_rel->relkind != RELKIND_PARTITIONED_TABLE)
189  ereport(ERROR,
190  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
191  errmsg("cannot set security label on relation \"%s\"",
192  RelationGetRelationName(relation)),
193  errdetail_relkind_not_supported(relation->rd_rel->relkind)));
194  break;
195  default:
196  break;
197  }
198 
199  /* Provider gets control here, may throw ERROR to veto new label. */
200  provider->hook(&address, stmt->label);
201 
202  /* Apply new label. */
203  SetSecurityLabel(&address, provider->provider_name, stmt->label);
204 
205  /*
206  * If get_object_address() opened the relation for us, we close it to keep
207  * the reference count correct - but we retain any locks acquired by
208  * get_object_address() until commit time, to guard against concurrent
209  * activity.
210  */
211  if (relation != NULL)
212  relation_close(relation, NoLock);
213 
214  return address;
215 }
216 
217 /*
218  * GetSharedSecurityLabel returns the security label for a shared object for
219  * a given provider, or NULL if there is no such label.
220  */
221 static char *
222 GetSharedSecurityLabel(const ObjectAddress *object, const char *provider)
223 {
224  Relation pg_shseclabel;
225  ScanKeyData keys[3];
226  SysScanDesc scan;
227  HeapTuple tuple;
228  Datum datum;
229  bool isnull;
230  char *seclabel = NULL;
231 
232  ScanKeyInit(&keys[0],
233  Anum_pg_shseclabel_objoid,
234  BTEqualStrategyNumber, F_OIDEQ,
235  ObjectIdGetDatum(object->objectId));
236  ScanKeyInit(&keys[1],
237  Anum_pg_shseclabel_classoid,
238  BTEqualStrategyNumber, F_OIDEQ,
239  ObjectIdGetDatum(object->classId));
240  ScanKeyInit(&keys[2],
241  Anum_pg_shseclabel_provider,
242  BTEqualStrategyNumber, F_TEXTEQ,
243  CStringGetTextDatum(provider));
244 
245  pg_shseclabel = table_open(SharedSecLabelRelationId, AccessShareLock);
246 
247  scan = systable_beginscan(pg_shseclabel, SharedSecLabelObjectIndexId, true,
248  NULL, 3, keys);
249 
250  tuple = systable_getnext(scan);
251  if (HeapTupleIsValid(tuple))
252  {
253  datum = heap_getattr(tuple, Anum_pg_shseclabel_label,
254  RelationGetDescr(pg_shseclabel), &isnull);
255  if (!isnull)
256  seclabel = TextDatumGetCString(datum);
257  }
258  systable_endscan(scan);
259 
260  table_close(pg_shseclabel, AccessShareLock);
261 
262  return seclabel;
263 }
264 
265 /*
266  * GetSecurityLabel returns the security label for a shared or database object
267  * for a given provider, or NULL if there is no such label.
268  */
269 char *
270 GetSecurityLabel(const ObjectAddress *object, const char *provider)
271 {
272  Relation pg_seclabel;
273  ScanKeyData keys[4];
274  SysScanDesc scan;
275  HeapTuple tuple;
276  Datum datum;
277  bool isnull;
278  char *seclabel = NULL;
279 
280  /* Shared objects have their own security label catalog. */
281  if (IsSharedRelation(object->classId))
282  return GetSharedSecurityLabel(object, provider);
283 
284  /* Must be an unshared object, so examine pg_seclabel. */
285  ScanKeyInit(&keys[0],
286  Anum_pg_seclabel_objoid,
287  BTEqualStrategyNumber, F_OIDEQ,
288  ObjectIdGetDatum(object->objectId));
289  ScanKeyInit(&keys[1],
290  Anum_pg_seclabel_classoid,
291  BTEqualStrategyNumber, F_OIDEQ,
292  ObjectIdGetDatum(object->classId));
293  ScanKeyInit(&keys[2],
294  Anum_pg_seclabel_objsubid,
295  BTEqualStrategyNumber, F_INT4EQ,
296  Int32GetDatum(object->objectSubId));
297  ScanKeyInit(&keys[3],
298  Anum_pg_seclabel_provider,
299  BTEqualStrategyNumber, F_TEXTEQ,
300  CStringGetTextDatum(provider));
301 
302  pg_seclabel = table_open(SecLabelRelationId, AccessShareLock);
303 
304  scan = systable_beginscan(pg_seclabel, SecLabelObjectIndexId, true,
305  NULL, 4, keys);
306 
307  tuple = systable_getnext(scan);
308  if (HeapTupleIsValid(tuple))
309  {
310  datum = heap_getattr(tuple, Anum_pg_seclabel_label,
311  RelationGetDescr(pg_seclabel), &isnull);
312  if (!isnull)
313  seclabel = TextDatumGetCString(datum);
314  }
315  systable_endscan(scan);
316 
317  table_close(pg_seclabel, AccessShareLock);
318 
319  return seclabel;
320 }
321 
322 /*
323  * SetSharedSecurityLabel is a helper function of SetSecurityLabel to
324  * handle shared database objects.
325  */
326 static void
327 SetSharedSecurityLabel(const ObjectAddress *object,
328  const char *provider, const char *label)
329 {
330  Relation pg_shseclabel;
331  ScanKeyData keys[4];
332  SysScanDesc scan;
333  HeapTuple oldtup;
334  HeapTuple newtup = NULL;
335  Datum values[Natts_pg_shseclabel];
336  bool nulls[Natts_pg_shseclabel];
337  bool replaces[Natts_pg_shseclabel];
338 
339  /* Prepare to form or update a tuple, if necessary. */
340  memset(nulls, false, sizeof(nulls));
341  memset(replaces, false, sizeof(replaces));
342  values[Anum_pg_shseclabel_objoid - 1] = ObjectIdGetDatum(object->objectId);
343  values[Anum_pg_shseclabel_classoid - 1] = ObjectIdGetDatum(object->classId);
344  values[Anum_pg_shseclabel_provider - 1] = CStringGetTextDatum(provider);
345  if (label != NULL)
346  values[Anum_pg_shseclabel_label - 1] = CStringGetTextDatum(label);
347 
348  /* Use the index to search for a matching old tuple */
349  ScanKeyInit(&keys[0],
350  Anum_pg_shseclabel_objoid,
351  BTEqualStrategyNumber, F_OIDEQ,
352  ObjectIdGetDatum(object->objectId));
353  ScanKeyInit(&keys[1],
354  Anum_pg_shseclabel_classoid,
355  BTEqualStrategyNumber, F_OIDEQ,
356  ObjectIdGetDatum(object->classId));
357  ScanKeyInit(&keys[2],
358  Anum_pg_shseclabel_provider,
359  BTEqualStrategyNumber, F_TEXTEQ,
360  CStringGetTextDatum(provider));
361 
362  pg_shseclabel = table_open(SharedSecLabelRelationId, RowExclusiveLock);
363 
364  scan = systable_beginscan(pg_shseclabel, SharedSecLabelObjectIndexId, true,
365  NULL, 3, keys);
366 
367  oldtup = systable_getnext(scan);
368  if (HeapTupleIsValid(oldtup))
369  {
370  if (label == NULL)
371  CatalogTupleDelete(pg_shseclabel, &oldtup->t_self);
372  else
373  {
374  replaces[Anum_pg_shseclabel_label - 1] = true;
375  newtup = heap_modify_tuple(oldtup, RelationGetDescr(pg_shseclabel),
376  values, nulls, replaces);
377  CatalogTupleUpdate(pg_shseclabel, &oldtup->t_self, newtup);
378  }
379  }
380  systable_endscan(scan);
381 
382  /* If we didn't find an old tuple, insert a new one */
383  if (newtup == NULL && label != NULL)
384  {
385  newtup = heap_form_tuple(RelationGetDescr(pg_shseclabel),
386  values, nulls);
387  CatalogTupleInsert(pg_shseclabel, newtup);
388  }
389 
390  if (newtup != NULL)
391  heap_freetuple(newtup);
392 
393  table_close(pg_shseclabel, RowExclusiveLock);
394 }
395 
396 /*
397  * SetSecurityLabel attempts to set the security label for the specified
398  * provider on the specified object to the given value. NULL means that any
399  * existing label should be deleted.
400  */
401 void
402 SetSecurityLabel(const ObjectAddress *object,
403  const char *provider, const char *label)
404 {
405  Relation pg_seclabel;
406  ScanKeyData keys[4];
407  SysScanDesc scan;
408  HeapTuple oldtup;
409  HeapTuple newtup = NULL;
410  Datum values[Natts_pg_seclabel];
411  bool nulls[Natts_pg_seclabel];
412  bool replaces[Natts_pg_seclabel];
413 
414  /* Shared objects have their own security label catalog. */
415  if (IsSharedRelation(object->classId))
416  {
417  SetSharedSecurityLabel(object, provider, label);
418  return;
419  }
420 
421  /* Prepare to form or update a tuple, if necessary. */
422  memset(nulls, false, sizeof(nulls));
423  memset(replaces, false, sizeof(replaces));
424  values[Anum_pg_seclabel_objoid - 1] = ObjectIdGetDatum(object->objectId);
425  values[Anum_pg_seclabel_classoid - 1] = ObjectIdGetDatum(object->classId);
426  values[Anum_pg_seclabel_objsubid - 1] = Int32GetDatum(object->objectSubId);
427  values[Anum_pg_seclabel_provider - 1] = CStringGetTextDatum(provider);
428  if (label != NULL)
429  values[Anum_pg_seclabel_label - 1] = CStringGetTextDatum(label);
430 
431  /* Use the index to search for a matching old tuple */
432  ScanKeyInit(&keys[0],
433  Anum_pg_seclabel_objoid,
434  BTEqualStrategyNumber, F_OIDEQ,
435  ObjectIdGetDatum(object->objectId));
436  ScanKeyInit(&keys[1],
437  Anum_pg_seclabel_classoid,
438  BTEqualStrategyNumber, F_OIDEQ,
439  ObjectIdGetDatum(object->classId));
440  ScanKeyInit(&keys[2],
441  Anum_pg_seclabel_objsubid,
442  BTEqualStrategyNumber, F_INT4EQ,
443  Int32GetDatum(object->objectSubId));
444  ScanKeyInit(&keys[3],
445  Anum_pg_seclabel_provider,
446  BTEqualStrategyNumber, F_TEXTEQ,
447  CStringGetTextDatum(provider));
448 
449  pg_seclabel = table_open(SecLabelRelationId, RowExclusiveLock);
450 
451  scan = systable_beginscan(pg_seclabel, SecLabelObjectIndexId, true,
452  NULL, 4, keys);
453 
454  oldtup = systable_getnext(scan);
455  if (HeapTupleIsValid(oldtup))
456  {
457  if (label == NULL)
458  CatalogTupleDelete(pg_seclabel, &oldtup->t_self);
459  else
460  {
461  replaces[Anum_pg_seclabel_label - 1] = true;
462  newtup = heap_modify_tuple(oldtup, RelationGetDescr(pg_seclabel),
463  values, nulls, replaces);
464  CatalogTupleUpdate(pg_seclabel, &oldtup->t_self, newtup);
465  }
466  }
467  systable_endscan(scan);
468 
469  /* If we didn't find an old tuple, insert a new one */
470  if (newtup == NULL && label != NULL)
471  {
472  newtup = heap_form_tuple(RelationGetDescr(pg_seclabel),
473  values, nulls);
474  CatalogTupleInsert(pg_seclabel, newtup);
475  }
476 
477  /* Update indexes, if necessary */
478  if (newtup != NULL)
479  heap_freetuple(newtup);
480 
481  table_close(pg_seclabel, RowExclusiveLock);
482 }
483 
484 /*
485  * DeleteSharedSecurityLabel is a helper function of DeleteSecurityLabel
486  * to handle shared database objects.
487  */
488 void
489 DeleteSharedSecurityLabel(Oid objectId, Oid classId)
490 {
491  Relation pg_shseclabel;
492  ScanKeyData skey[2];
493  SysScanDesc scan;
494  HeapTuple oldtup;
495 
496  ScanKeyInit(&skey[0],
497  Anum_pg_shseclabel_objoid,
498  BTEqualStrategyNumber, F_OIDEQ,
499  ObjectIdGetDatum(objectId));
500  ScanKeyInit(&skey[1],
501  Anum_pg_shseclabel_classoid,
502  BTEqualStrategyNumber, F_OIDEQ,
503  ObjectIdGetDatum(classId));
504 
505  pg_shseclabel = table_open(SharedSecLabelRelationId, RowExclusiveLock);
506 
507  scan = systable_beginscan(pg_shseclabel, SharedSecLabelObjectIndexId, true,
508  NULL, 2, skey);
509  while (HeapTupleIsValid(oldtup = systable_getnext(scan)))
510  CatalogTupleDelete(pg_shseclabel, &oldtup->t_self);
511  systable_endscan(scan);
512 
513  table_close(pg_shseclabel, RowExclusiveLock);
514 }
515 
516 /*
517  * DeleteSecurityLabel removes all security labels for an object (and any
518  * sub-objects, if applicable).
519  */
520 void
521 DeleteSecurityLabel(const ObjectAddress *object)
522 {
523  Relation pg_seclabel;
524  ScanKeyData skey[3];
525  SysScanDesc scan;
526  HeapTuple oldtup;
527  int nkeys;
528 
529  /* Shared objects have their own security label catalog. */
530  if (IsSharedRelation(object->classId))
531  {
532  Assert(object->objectSubId == 0);
533  DeleteSharedSecurityLabel(object->objectId, object->classId);
534  return;
535  }
536 
537  ScanKeyInit(&skey[0],
538  Anum_pg_seclabel_objoid,
539  BTEqualStrategyNumber, F_OIDEQ,
540  ObjectIdGetDatum(object->objectId));
541  ScanKeyInit(&skey[1],
542  Anum_pg_seclabel_classoid,
543  BTEqualStrategyNumber, F_OIDEQ,
544  ObjectIdGetDatum(object->classId));
545  if (object->objectSubId != 0)
546  {
547  ScanKeyInit(&skey[2],
548  Anum_pg_seclabel_objsubid,
549  BTEqualStrategyNumber, F_INT4EQ,
550  Int32GetDatum(object->objectSubId));
551  nkeys = 3;
552  }
553  else
554  nkeys = 2;
555 
556  pg_seclabel = table_open(SecLabelRelationId, RowExclusiveLock);
557 
558  scan = systable_beginscan(pg_seclabel, SecLabelObjectIndexId, true,
559  NULL, nkeys, skey);
560  while (HeapTupleIsValid(oldtup = systable_getnext(scan)))
561  CatalogTupleDelete(pg_seclabel, &oldtup->t_self);
562  systable_endscan(scan);
563 
564  table_close(pg_seclabel, RowExclusiveLock);
565 }
566 
567 void
568 register_label_provider(const char *provider_name, check_object_relabel_type hook)
569 {
570  LabelProvider *provider;
571  MemoryContext oldcxt;
572 
573  oldcxt = MemoryContextSwitchTo(TopMemoryContext);
574  provider = palloc(sizeof(LabelProvider));
575  provider->provider_name = pstrdup(provider_name);
576  provider->hook = hook;
577  label_provider_list = lappend(label_provider_list, provider);
578  MemoryContextSwitchTo(oldcxt);
579 }
errdetail_relkind_not_supported
int errdetail_relkind_not_supported(char relkind)
Definition: pg_class.c:24
NIL
#define NIL
Definition: pg_list.h:65
SecLabelStmt::objtype
ObjectType objtype
Definition: parsenodes.h:2792
table_close
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
SecLabelStmt::object
Node * object
Definition: parsenodes.h:2793
systable_endscan
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:595
SetSecurityLabel
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:402
RelationGetDescr
#define RelationGetDescr(relation)
Definition: rel.h:503
ExecSecLabelStmt
ObjectAddress ExecSecLabelStmt(SecLabelStmt *stmt)
Definition: seclabel.c:113
GetUserId
Oid GetUserId(void)
Definition: miscinit.c:478
pstrdup
char * pstrdup(const char *in)
Definition: mcxt.c:1299
GetSharedSecurityLabel
static char * GetSharedSecurityLabel(const ObjectAddress *object, const char *provider)
Definition: seclabel.c:222
DeleteSecurityLabel
void DeleteSecurityLabel(const ObjectAddress *object)
Definition: seclabel.c:521
MemoryContextSwitchTo
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:109
AccessShareLock
#define AccessShareLock
Definition: lockdefs.h:36
SecLabelStmt::provider
char * provider
Definition: parsenodes.h:2794
errcode
int errcode(int sqlerrcode)
Definition: elog.c:698
LabelProvider::provider_name
const char * provider_name
Definition: seclabel.c:30
CatalogTupleDelete
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
Definition: indexing.c:350
pg_seclabel.h
heap_form_tuple
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, Datum *values, bool *isnull)
Definition: heaptuple.c:1020
RelationData::rd_rel
Form_pg_class rd_rel
Definition: rel.h:109
heap_freetuple
void heap_freetuple(HeapTuple htup)
Definition: heaptuple.c:1338
Oid
unsigned int Oid
Definition: postgres_ext.h:31
systable_beginscan
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:383
label_provider_list
static List * label_provider_list
Definition: seclabel.c:34
systable_getnext
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:502
linitial
#define linitial(l)
Definition: pg_list.h:174
ObjectIdGetDatum
#define ObjectIdGetDatum(X)
Definition: postgres.h:551
ERROR
#define ERROR
Definition: elog.h:46
GetSecurityLabel
char * GetSecurityLabel(const ObjectAddress *object, const char *provider)
Definition: seclabel.c:270
SecLabelStmt::label
char * label
Definition: parsenodes.h:2795
HeapTupleData::t_self
ItemPointerData t_self
Definition: htup.h:65
provider
static JitProviderCallbacks provider
Definition: jit.c:43
NoLock
#define NoLock
Definition: lockdefs.h:34
RowExclusiveLock
#define RowExclusiveLock
Definition: lockdefs.h:38
prepared_statement::stmt
struct statement * stmt
Definition: ecpglib_extern.h:96
RelationGetRelationName
#define RelationGetRelationName(relation)
Definition: rel.h:511
check_object_relabel_type
void(* check_object_relabel_type)(const ObjectAddress *object, const char *seclabel)
Definition: seclabel.h:29
htup_details.h
pg_shseclabel.h
TopMemoryContext
MemoryContext TopMemoryContext
Definition: mcxt.c:48
ObjectType
ObjectType
Definition: parsenodes.h:1775
lappend
List * lappend(List *list, void *datum)
Definition: list.c:336
heap_getattr
#define heap_getattr(tup, attnum, tupleDesc, isnull)
Definition: htup_details.h:761
TextDatumGetCString
#define TextDatumGetCString(d)
Definition: builtins.h:83
Datum
uintptr_t Datum
Definition: postgres.h:411
LabelProvider::hook
check_object_relabel_type hook
Definition: seclabel.c:31
label
static char * label
Definition: pg_basebackup.c:133
IsSharedRelation
bool IsSharedRelation(Oid relationId)
Definition: catalog.c:244
register_label_provider
void register_label_provider(const char *provider_name, check_object_relabel_type hook)
Definition: seclabel.c:568
ereport
#define ereport(elevel,...)
Definition: elog.h:157
SetSharedSecurityLabel
static void SetSharedSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:327
ShareUpdateExclusiveLock
#define ShareUpdateExclusiveLock
Definition: lockdefs.h:39
HeapTupleIsValid
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
relation_close
void relation_close(Relation relation, LOCKMODE lockmode)
Definition: relation.c:206
Assert
#define Assert(condition)
Definition: c.h:804
lfirst
#define lfirst(lc)
Definition: pg_list.h:169
get_object_address
ObjectAddress get_object_address(ObjectType objtype, Node *object, Relation *relp, LOCKMODE lockmode, bool missing_ok)
Definition: objectaddress.c:929
CatalogTupleUpdate
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:301
list_length
static int list_length(const List *l)
Definition: pg_list.h:149
DeleteSharedSecurityLabel
void DeleteSharedSecurityLabel(Oid objectId, Oid classId)
Definition: seclabel.c:489
values
static Datum values[MAXATTR]
Definition: bootstrap.c:166
check_object_ownership
void check_object_ownership(Oid roleid, ObjectType objtype, ObjectAddress address, Node *object, Relation relation)
Definition: objectaddress.c:2366
Int32GetDatum
#define Int32GetDatum(X)
Definition: postgres.h:523
palloc
void * palloc(Size size)
Definition: mcxt.c:1062
errmsg
int errmsg(const char *fmt,...)
Definition: elog.c:909
ScanKeyInit
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
CStringGetTextDatum
#define CStringGetTextDatum(s)
Definition: builtins.h:82
SecLabelSupportsObjectType
static bool SecLabelSupportsObjectType(ObjectType objtype)
Definition: seclabel.c:37
table_open
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
heap_modify_tuple
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
Definition: heaptuple.c:1113
List
Definition: pg_list.h:50
CatalogTupleInsert
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
Definition: indexing.c:221
BTEqualStrategyNumber
#define BTEqualStrategyNumber
Definition: stratnum.h:31