PostgreSQL Source Code  git master
test_rls_hooks.c
Go to the documentation of this file.
1 /*--------------------------------------------------------------------------
2  *
3  * test_rls_hooks.c
4  * Code for testing RLS hooks.
5  *
6  * Copyright (c) 2015-2022, PostgreSQL Global Development Group
7  *
8  * IDENTIFICATION
9  * src/test/modules/test_rls_hooks/test_rls_hooks.c
10  *
11  * -------------------------------------------------------------------------
12  */
13 
14 #include "postgres.h"
15 
16 #include "catalog/pg_type.h"
17 #include "fmgr.h"
18 #include "miscadmin.h"
19 #include "nodes/makefuncs.h"
20 #include "parser/parse_clause.h"
21 #include "parser/parse_collate.h"
22 #include "parser/parse_node.h"
23 #include "parser/parse_relation.h"
24 #include "rewrite/rowsecurity.h"
25 #include "test_rls_hooks.h"
26 #include "utils/acl.h"
27 #include "utils/rel.h"
28 #include "utils/relcache.h"
29 
31 
32 void _PG_init(void);
33 
34 /* Install hooks */
35 void
36 _PG_init(void)
37 {
38  /* Set our hooks */
41 }
42 
43 /*
44  * Return permissive policies to be added
45  */
46 List *
48 {
49  List *policies = NIL;
50  RowSecurityPolicy *policy = palloc0(sizeof(RowSecurityPolicy));
51  Datum role;
52  FuncCall *n;
53  Node *e;
54  ColumnRef *c;
55  ParseState *qual_pstate;
56  ParseNamespaceItem *nsitem;
57 
58  if (strcmp(RelationGetRelationName(relation), "rls_test_permissive") != 0 &&
59  strcmp(RelationGetRelationName(relation), "rls_test_both") != 0)
60  return NIL;
61 
62  qual_pstate = make_parsestate(NULL);
63 
64  nsitem = addRangeTableEntryForRelation(qual_pstate,
65  relation, AccessShareLock,
66  NULL, false, false);
67  addNSItemToQuery(qual_pstate, nsitem, false, true, true);
68 
70 
71  policy->policy_name = pstrdup("extension policy");
72  policy->polcmd = '*';
73  policy->roles = construct_array(&role, 1, OIDOID, sizeof(Oid), true, TYPALIGN_INT);
74 
75  /*
76  * policy->qual = (Expr *) makeConst(BOOLOID, -1, InvalidOid,
77  * sizeof(bool), BoolGetDatum(true), false, true);
78  */
79 
80  n = makeFuncCall(list_make2(makeString("pg_catalog"),
81  makeString("current_user")),
82  NIL,
84  -1);
85 
86  c = makeNode(ColumnRef);
87  c->fields = list_make1(makeString("username"));
88  c->location = 0;
89 
90  e = (Node *) makeSimpleA_Expr(AEXPR_OP, "=", (Node *) n, (Node *) c, 0);
91 
92  policy->qual = (Expr *) transformWhereClause(qual_pstate, copyObject(e),
94  "POLICY");
95  /* Fix up collation information */
96  assign_expr_collations(qual_pstate, (Node *) policy->qual);
97 
98  policy->with_check_qual = copyObject(policy->qual);
99  policy->hassublinks = false;
100 
101  policies = list_make1(policy);
102 
103  return policies;
104 }
105 
106 /*
107  * Return restrictive policies to be added
108  *
109  * Note that a permissive policy must exist or the default-deny policy
110  * will be included and nothing will be visible. If no filtering should
111  * be done except for the restrictive policy, then a single "USING (true)"
112  * permissive policy can be used; see the regression tests.
113  */
114 List *
116 {
117  List *policies = NIL;
118  RowSecurityPolicy *policy = palloc0(sizeof(RowSecurityPolicy));
119  Datum role;
120  FuncCall *n;
121  Node *e;
122  ColumnRef *c;
123  ParseState *qual_pstate;
124  ParseNamespaceItem *nsitem;
125 
126  if (strcmp(RelationGetRelationName(relation), "rls_test_restrictive") != 0 &&
127  strcmp(RelationGetRelationName(relation), "rls_test_both") != 0)
128  return NIL;
129 
130  qual_pstate = make_parsestate(NULL);
131 
132  nsitem = addRangeTableEntryForRelation(qual_pstate,
133  relation, AccessShareLock,
134  NULL, false, false);
135  addNSItemToQuery(qual_pstate, nsitem, false, true, true);
136 
138 
139  policy->policy_name = pstrdup("extension policy");
140  policy->polcmd = '*';
141  policy->roles = construct_array(&role, 1, OIDOID, sizeof(Oid), true, TYPALIGN_INT);
142 
143  n = makeFuncCall(list_make2(makeString("pg_catalog"),
144  makeString("current_user")),
145  NIL,
147  -1);
148 
149  c = makeNode(ColumnRef);
150  c->fields = list_make1(makeString("supervisor"));
151  c->location = 0;
152 
153  e = (Node *) makeSimpleA_Expr(AEXPR_OP, "=", (Node *) n, (Node *) c, 0);
154 
155  policy->qual = (Expr *) transformWhereClause(qual_pstate, copyObject(e),
157  "POLICY");
158  /* Fix up collation information */
159  assign_expr_collations(qual_pstate, (Node *) policy->qual);
160 
161  policy->with_check_qual = copyObject(policy->qual);
162  policy->hassublinks = false;
163 
164  policies = list_make1(policy);
165 
166  return policies;
167 }
#define ACL_ID_PUBLIC
Definition: acl.h:46
ArrayType * construct_array(Datum *elems, int nelems, Oid elmtype, int elmlen, bool elmbyval, char elmalign)
Definition: arrayfuncs.c:3319
#define AccessShareLock
Definition: lockdefs.h:36
FuncCall * makeFuncCall(List *name, List *args, CoercionForm funcformat, int location)
Definition: makefuncs.c:586
A_Expr * makeSimpleA_Expr(A_Expr_Kind kind, char *name, Node *lexpr, Node *rexpr, int location)
Definition: makefuncs.c:49
char * pstrdup(const char *in)
Definition: mcxt.c:1305
void * palloc0(Size size)
Definition: mcxt.c:1099
#define copyObject(obj)
Definition: nodes.h:689
CmdType
Definition: nodes.h:719
#define makeNode(_type_)
Definition: nodes.h:621
Node * transformWhereClause(ParseState *pstate, Node *clause, ParseExprKind exprKind, const char *constructName)
void assign_expr_collations(ParseState *pstate, Node *expr)
ParseState * make_parsestate(ParseState *parentParseState)
Definition: parse_node.c:43
@ EXPR_KIND_POLICY
Definition: parse_node.h:77
ParseNamespaceItem * addRangeTableEntryForRelation(ParseState *pstate, Relation rel, int lockmode, Alias *alias, bool inh, bool inFromCl)
void addNSItemToQuery(ParseState *pstate, ParseNamespaceItem *nsitem, bool addToJoinList, bool addToRelNameSpace, bool addToVarNameSpace)
@ AEXPR_OP
Definition: parsenodes.h:271
#define NIL
Definition: pg_list.h:65
#define list_make1(x1)
Definition: pg_list.h:206
#define list_make2(x1, x2)
Definition: pg_list.h:208
uintptr_t Datum
Definition: postgres.h:411
#define ObjectIdGetDatum(X)
Definition: postgres.h:551
unsigned int Oid
Definition: postgres_ext.h:31
char * c
e
Definition: preproc-init.c:82
@ COERCE_EXPLICIT_CALL
Definition: primnodes.h:492
#define RelationGetRelationName(relation)
Definition: rel.h:523
row_security_policy_hook_type row_security_policy_hook_permissive
Definition: rowsecurity.c:96
row_security_policy_hook_type row_security_policy_hook_restrictive
Definition: rowsecurity.c:97
Definition: pg_list.h:51
Definition: nodes.h:574
ArrayType * roles
Definition: rowsecurity.h:24
Expr * with_check_qual
Definition: rowsecurity.h:27
void _PG_init(void)
PG_MODULE_MAGIC
List * test_rls_hooks_restrictive(CmdType cmdtype, Relation relation)
List * test_rls_hooks_permissive(CmdType cmdtype, Relation relation)
String * makeString(char *str)
Definition: value.c:63