PostgreSQL Source Code  git master
seclabel.h File Reference
Include dependency graph for seclabel.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Typedefs

typedef void(* check_object_relabel_type) (const ObjectAddress *object, const char *seclabel)
 

Functions

char * GetSecurityLabel (const ObjectAddress *object, const char *provider)
 
void SetSecurityLabel (const ObjectAddress *object, const char *provider, const char *label)
 
void DeleteSecurityLabel (const ObjectAddress *object)
 
void DeleteSharedSecurityLabel (Oid objectId, Oid classId)
 
ObjectAddress ExecSecLabelStmt (SecLabelStmt *stmt)
 
void register_label_provider (const char *provider, check_object_relabel_type hook)
 

Typedef Documentation

◆ check_object_relabel_type

typedef void(* check_object_relabel_type) (const ObjectAddress *object, const char *seclabel)

Definition at line 29 of file seclabel.h.

Function Documentation

◆ DeleteSecurityLabel()

void DeleteSecurityLabel ( const ObjectAddress object)

Definition at line 522 of file seclabel.c.

523 {
524  Relation pg_seclabel;
525  ScanKeyData skey[3];
526  SysScanDesc scan;
527  HeapTuple oldtup;
528  int nkeys;
529 
530  /* Shared objects have their own security label catalog. */
531  if (IsSharedRelation(object->classId))
532  {
533  Assert(object->objectSubId == 0);
534  DeleteSharedSecurityLabel(object->objectId, object->classId);
535  return;
536  }
537 
538  ScanKeyInit(&skey[0],
539  Anum_pg_seclabel_objoid,
540  BTEqualStrategyNumber, F_OIDEQ,
541  ObjectIdGetDatum(object->objectId));
542  ScanKeyInit(&skey[1],
543  Anum_pg_seclabel_classoid,
544  BTEqualStrategyNumber, F_OIDEQ,
545  ObjectIdGetDatum(object->classId));
546  if (object->objectSubId != 0)
547  {
548  ScanKeyInit(&skey[2],
549  Anum_pg_seclabel_objsubid,
550  BTEqualStrategyNumber, F_INT4EQ,
551  Int32GetDatum(object->objectSubId));
552  nkeys = 3;
553  }
554  else
555  nkeys = 2;
556 
557  pg_seclabel = table_open(SecLabelRelationId, RowExclusiveLock);
558 
559  scan = systable_beginscan(pg_seclabel, SecLabelObjectIndexId, true,
560  NULL, nkeys, skey);
561  while (HeapTupleIsValid(oldtup = systable_getnext(scan)))
562  CatalogTupleDelete(pg_seclabel, &oldtup->t_self);
563  systable_endscan(scan);
564 
565  table_close(pg_seclabel, RowExclusiveLock);
566 }
bool IsSharedRelation(Oid relationId)
Definition: catalog.c:244
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:598
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:505
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:386
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
Definition: indexing.c:350
Assert(fmt[strlen(fmt) - 1] !='\n')
#define RowExclusiveLock
Definition: lockdefs.h:38
#define ObjectIdGetDatum(X)
Definition: postgres.h:551
#define Int32GetDatum(X)
Definition: postgres.h:523
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
void DeleteSharedSecurityLabel(Oid objectId, Oid classId)
Definition: seclabel.c:490
#define BTEqualStrategyNumber
Definition: stratnum.h:31
ItemPointerData t_self
Definition: htup.h:65
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39

References Assert(), BTEqualStrategyNumber, CatalogTupleDelete(), ObjectAddress::classId, DeleteSharedSecurityLabel(), HeapTupleIsValid, Int32GetDatum, IsSharedRelation(), ObjectAddress::objectId, ObjectIdGetDatum, ObjectAddress::objectSubId, RowExclusiveLock, ScanKeyInit(), systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), and table_open().

Referenced by deleteOneObject().

◆ DeleteSharedSecurityLabel()

void DeleteSharedSecurityLabel ( Oid  objectId,
Oid  classId 
)

Definition at line 490 of file seclabel.c.

491 {
492  Relation pg_shseclabel;
493  ScanKeyData skey[2];
494  SysScanDesc scan;
495  HeapTuple oldtup;
496 
497  ScanKeyInit(&skey[0],
498  Anum_pg_shseclabel_objoid,
499  BTEqualStrategyNumber, F_OIDEQ,
500  ObjectIdGetDatum(objectId));
501  ScanKeyInit(&skey[1],
502  Anum_pg_shseclabel_classoid,
503  BTEqualStrategyNumber, F_OIDEQ,
504  ObjectIdGetDatum(classId));
505 
506  pg_shseclabel = table_open(SharedSecLabelRelationId, RowExclusiveLock);
507 
508  scan = systable_beginscan(pg_shseclabel, SharedSecLabelObjectIndexId, true,
509  NULL, 2, skey);
510  while (HeapTupleIsValid(oldtup = systable_getnext(scan)))
511  CatalogTupleDelete(pg_shseclabel, &oldtup->t_self);
512  systable_endscan(scan);
513 
514  table_close(pg_shseclabel, RowExclusiveLock);
515 }

References BTEqualStrategyNumber, CatalogTupleDelete(), HeapTupleIsValid, ObjectIdGetDatum, RowExclusiveLock, ScanKeyInit(), systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), and table_open().

Referenced by DeleteSecurityLabel(), dropdb(), DropRole(), and DropTableSpace().

◆ ExecSecLabelStmt()

ObjectAddress ExecSecLabelStmt ( SecLabelStmt stmt)

Definition at line 114 of file seclabel.c.

115 {
116  LabelProvider *provider = NULL;
117  ObjectAddress address;
118  Relation relation;
119  ListCell *lc;
120 
121  /*
122  * Find the named label provider, or if none specified, check whether
123  * there's exactly one, and if so use it.
124  */
125  if (stmt->provider == NULL)
126  {
127  if (label_provider_list == NIL)
128  ereport(ERROR,
129  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
130  errmsg("no security label providers have been loaded")));
132  ereport(ERROR,
133  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
134  errmsg("must specify provider when multiple security label providers have been loaded")));
136  }
137  else
138  {
139  foreach(lc, label_provider_list)
140  {
141  LabelProvider *lp = lfirst(lc);
142 
143  if (strcmp(stmt->provider, lp->provider_name) == 0)
144  {
145  provider = lp;
146  break;
147  }
148  }
149  if (provider == NULL)
150  ereport(ERROR,
151  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
152  errmsg("security label provider \"%s\" is not loaded",
153  stmt->provider)));
154  }
155 
157  ereport(ERROR,
158  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
159  errmsg("security labels are not supported for this type of object")));
160 
161  /*
162  * Translate the parser representation which identifies this object into
163  * an ObjectAddress. get_object_address() will throw an error if the
164  * object does not exist, and will also acquire a lock on the target to
165  * guard against concurrent modifications.
166  */
167  address = get_object_address(stmt->objtype, stmt->object,
168  &relation, ShareUpdateExclusiveLock, false);
169 
170  /* Require ownership of the target object. */
171  check_object_ownership(GetUserId(), stmt->objtype, address,
172  stmt->object, relation);
173 
174  /* Perform other integrity checks as needed. */
175  switch (stmt->objtype)
176  {
177  case OBJECT_COLUMN:
178 
179  /*
180  * Allow security labels only on columns of tables, views,
181  * materialized views, composite types, and foreign tables (which
182  * are the only relkinds for which pg_dump will dump labels).
183  */
184  if (relation->rd_rel->relkind != RELKIND_RELATION &&
185  relation->rd_rel->relkind != RELKIND_VIEW &&
186  relation->rd_rel->relkind != RELKIND_MATVIEW &&
187  relation->rd_rel->relkind != RELKIND_COMPOSITE_TYPE &&
188  relation->rd_rel->relkind != RELKIND_FOREIGN_TABLE &&
189  relation->rd_rel->relkind != RELKIND_PARTITIONED_TABLE)
190  ereport(ERROR,
191  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
192  errmsg("cannot set security label on relation \"%s\"",
193  RelationGetRelationName(relation)),
194  errdetail_relkind_not_supported(relation->rd_rel->relkind)));
195  break;
196  default:
197  break;
198  }
199 
200  /* Provider gets control here, may throw ERROR to veto new label. */
201  provider->hook(&address, stmt->label);
202 
203  /* Apply new label. */
204  SetSecurityLabel(&address, provider->provider_name, stmt->label);
205 
206  /*
207  * If get_object_address() opened the relation for us, we close it to keep
208  * the reference count correct - but we retain any locks acquired by
209  * get_object_address() until commit time, to guard against concurrent
210  * activity.
211  */
212  if (relation != NULL)
213  relation_close(relation, NoLock);
214 
215  return address;
216 }
int errcode(int sqlerrcode)
Definition: elog.c:693
int errmsg(const char *fmt,...)
Definition: elog.c:904
#define ERROR
Definition: elog.h:33
#define ereport(elevel,...)
Definition: elog.h:143
static JitProviderCallbacks provider
Definition: jit.c:43
#define NoLock
Definition: lockdefs.h:34
#define ShareUpdateExclusiveLock
Definition: lockdefs.h:39
Oid GetUserId(void)
Definition: miscinit.c:495
void check_object_ownership(Oid roleid, ObjectType objtype, ObjectAddress address, Node *object, Relation relation)
ObjectAddress get_object_address(ObjectType objtype, Node *object, Relation *relp, LOCKMODE lockmode, bool missing_ok)
@ OBJECT_COLUMN
Definition: parsenodes.h:1795
int errdetail_relkind_not_supported(char relkind)
Definition: pg_class.c:24
#define lfirst(lc)
Definition: pg_list.h:169
static int list_length(const List *l)
Definition: pg_list.h:149
#define NIL
Definition: pg_list.h:65
#define linitial(l)
Definition: pg_list.h:174
#define RelationGetRelationName(relation)
Definition: rel.h:512
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:403
static List * label_provider_list
Definition: seclabel.c:34
static bool SecLabelSupportsObjectType(ObjectType objtype)
Definition: seclabel.c:37
void relation_close(Relation relation, LOCKMODE lockmode)
Definition: relation.c:206
const char * provider_name
Definition: seclabel.c:30
Form_pg_class rd_rel
Definition: rel.h:109
ObjectType objtype
Definition: parsenodes.h:2806
Node * object
Definition: parsenodes.h:2807
char * provider
Definition: parsenodes.h:2808
char * label
Definition: parsenodes.h:2809

References check_object_ownership(), ereport, errcode(), errdetail_relkind_not_supported(), errmsg(), ERROR, get_object_address(), GetUserId(), SecLabelStmt::label, label_provider_list, lfirst, linitial, list_length(), NIL, NoLock, SecLabelStmt::object, OBJECT_COLUMN, SecLabelStmt::objtype, provider, SecLabelStmt::provider, LabelProvider::provider_name, RelationData::rd_rel, relation_close(), RelationGetRelationName, SecLabelSupportsObjectType(), SetSecurityLabel(), and ShareUpdateExclusiveLock.

Referenced by ProcessUtilitySlow(), and standard_ProcessUtility().

◆ GetSecurityLabel()

char* GetSecurityLabel ( const ObjectAddress object,
const char *  provider 
)

Definition at line 271 of file seclabel.c.

272 {
273  Relation pg_seclabel;
274  ScanKeyData keys[4];
275  SysScanDesc scan;
276  HeapTuple tuple;
277  Datum datum;
278  bool isnull;
279  char *seclabel = NULL;
280 
281  /* Shared objects have their own security label catalog. */
282  if (IsSharedRelation(object->classId))
283  return GetSharedSecurityLabel(object, provider);
284 
285  /* Must be an unshared object, so examine pg_seclabel. */
286  ScanKeyInit(&keys[0],
287  Anum_pg_seclabel_objoid,
288  BTEqualStrategyNumber, F_OIDEQ,
289  ObjectIdGetDatum(object->objectId));
290  ScanKeyInit(&keys[1],
291  Anum_pg_seclabel_classoid,
292  BTEqualStrategyNumber, F_OIDEQ,
293  ObjectIdGetDatum(object->classId));
294  ScanKeyInit(&keys[2],
295  Anum_pg_seclabel_objsubid,
296  BTEqualStrategyNumber, F_INT4EQ,
297  Int32GetDatum(object->objectSubId));
298  ScanKeyInit(&keys[3],
299  Anum_pg_seclabel_provider,
300  BTEqualStrategyNumber, F_TEXTEQ,
302 
303  pg_seclabel = table_open(SecLabelRelationId, AccessShareLock);
304 
305  scan = systable_beginscan(pg_seclabel, SecLabelObjectIndexId, true,
306  NULL, 4, keys);
307 
308  tuple = systable_getnext(scan);
309  if (HeapTupleIsValid(tuple))
310  {
311  datum = heap_getattr(tuple, Anum_pg_seclabel_label,
312  RelationGetDescr(pg_seclabel), &isnull);
313  if (!isnull)
314  seclabel = TextDatumGetCString(datum);
315  }
316  systable_endscan(scan);
317 
318  table_close(pg_seclabel, AccessShareLock);
319 
320  return seclabel;
321 }
#define CStringGetTextDatum(s)
Definition: builtins.h:85
#define TextDatumGetCString(d)
Definition: builtins.h:86
#define heap_getattr(tup, attnum, tupleDesc, isnull)
Definition: htup_details.h:756
#define AccessShareLock
Definition: lockdefs.h:36
uintptr_t Datum
Definition: postgres.h:411
#define RelationGetDescr(relation)
Definition: rel.h:504
static char * GetSharedSecurityLabel(const ObjectAddress *object, const char *provider)
Definition: seclabel.c:223

References AccessShareLock, BTEqualStrategyNumber, ObjectAddress::classId, CStringGetTextDatum, GetSharedSecurityLabel(), heap_getattr, HeapTupleIsValid, Int32GetDatum, IsSharedRelation(), ObjectAddress::objectId, ObjectIdGetDatum, ObjectAddress::objectSubId, provider, RelationGetDescr, ScanKeyInit(), systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), table_open(), and TextDatumGetCString.

Referenced by sepgsql_avc_check_perms(), sepgsql_avc_trusted_proc(), and sepgsql_get_label().

◆ register_label_provider()

void register_label_provider ( const char *  provider,
check_object_relabel_type  hook 
)

Definition at line 569 of file seclabel.c.

570 {
572  MemoryContext oldcxt;
573 
575  provider = palloc(sizeof(LabelProvider));
576  provider->provider_name = pstrdup(provider_name);
577  provider->hook = hook;
579  MemoryContextSwitchTo(oldcxt);
580 }
List * lappend(List *list, void *datum)
Definition: list.c:336
char * pstrdup(const char *in)
Definition: mcxt.c:1299
MemoryContext TopMemoryContext
Definition: mcxt.c:48
void * palloc(Size size)
Definition: mcxt.c:1062
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:109

References label_provider_list, lappend(), MemoryContextSwitchTo(), palloc(), provider, pstrdup(), and TopMemoryContext.

Referenced by _PG_init().

◆ SetSecurityLabel()

void SetSecurityLabel ( const ObjectAddress object,
const char *  provider,
const char *  label 
)

Definition at line 403 of file seclabel.c.

405 {
406  Relation pg_seclabel;
407  ScanKeyData keys[4];
408  SysScanDesc scan;
409  HeapTuple oldtup;
410  HeapTuple newtup = NULL;
411  Datum values[Natts_pg_seclabel];
412  bool nulls[Natts_pg_seclabel];
413  bool replaces[Natts_pg_seclabel];
414 
415  /* Shared objects have their own security label catalog. */
416  if (IsSharedRelation(object->classId))
417  {
419  return;
420  }
421 
422  /* Prepare to form or update a tuple, if necessary. */
423  memset(nulls, false, sizeof(nulls));
424  memset(replaces, false, sizeof(replaces));
425  values[Anum_pg_seclabel_objoid - 1] = ObjectIdGetDatum(object->objectId);
426  values[Anum_pg_seclabel_classoid - 1] = ObjectIdGetDatum(object->classId);
427  values[Anum_pg_seclabel_objsubid - 1] = Int32GetDatum(object->objectSubId);
428  values[Anum_pg_seclabel_provider - 1] = CStringGetTextDatum(provider);
429  if (label != NULL)
430  values[Anum_pg_seclabel_label - 1] = CStringGetTextDatum(label);
431 
432  /* Use the index to search for a matching old tuple */
433  ScanKeyInit(&keys[0],
434  Anum_pg_seclabel_objoid,
435  BTEqualStrategyNumber, F_OIDEQ,
436  ObjectIdGetDatum(object->objectId));
437  ScanKeyInit(&keys[1],
438  Anum_pg_seclabel_classoid,
439  BTEqualStrategyNumber, F_OIDEQ,
440  ObjectIdGetDatum(object->classId));
441  ScanKeyInit(&keys[2],
442  Anum_pg_seclabel_objsubid,
443  BTEqualStrategyNumber, F_INT4EQ,
444  Int32GetDatum(object->objectSubId));
445  ScanKeyInit(&keys[3],
446  Anum_pg_seclabel_provider,
447  BTEqualStrategyNumber, F_TEXTEQ,
449 
450  pg_seclabel = table_open(SecLabelRelationId, RowExclusiveLock);
451 
452  scan = systable_beginscan(pg_seclabel, SecLabelObjectIndexId, true,
453  NULL, 4, keys);
454 
455  oldtup = systable_getnext(scan);
456  if (HeapTupleIsValid(oldtup))
457  {
458  if (label == NULL)
459  CatalogTupleDelete(pg_seclabel, &oldtup->t_self);
460  else
461  {
462  replaces[Anum_pg_seclabel_label - 1] = true;
463  newtup = heap_modify_tuple(oldtup, RelationGetDescr(pg_seclabel),
464  values, nulls, replaces);
465  CatalogTupleUpdate(pg_seclabel, &oldtup->t_self, newtup);
466  }
467  }
468  systable_endscan(scan);
469 
470  /* If we didn't find an old tuple, insert a new one */
471  if (newtup == NULL && label != NULL)
472  {
473  newtup = heap_form_tuple(RelationGetDescr(pg_seclabel),
474  values, nulls);
475  CatalogTupleInsert(pg_seclabel, newtup);
476  }
477 
478  /* Update indexes, if necessary */
479  if (newtup != NULL)
480  heap_freetuple(newtup);
481 
482  table_close(pg_seclabel, RowExclusiveLock);
483 }
static Datum values[MAXATTR]
Definition: bootstrap.c:156
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, Datum *values, bool *isnull)
Definition: heaptuple.c:1020
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
Definition: heaptuple.c:1113
void heap_freetuple(HeapTuple htup)
Definition: heaptuple.c:1338
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:301
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
Definition: indexing.c:221
static char * label
static void SetSharedSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:328

References BTEqualStrategyNumber, CatalogTupleDelete(), CatalogTupleInsert(), CatalogTupleUpdate(), ObjectAddress::classId, CStringGetTextDatum, heap_form_tuple(), heap_freetuple(), heap_modify_tuple(), HeapTupleIsValid, Int32GetDatum, IsSharedRelation(), label, ObjectAddress::objectId, ObjectIdGetDatum, ObjectAddress::objectSubId, provider, RelationGetDescr, RowExclusiveLock, ScanKeyInit(), SetSharedSecurityLabel(), systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), table_open(), and values.

Referenced by exec_object_restorecon(), ExecSecLabelStmt(), sepgsql_attribute_post_create(), sepgsql_database_post_create(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), and sepgsql_schema_post_create().