PostgreSQL Source Code  git master
test_rls_hooks.c
Go to the documentation of this file.
1 /*--------------------------------------------------------------------------
2  *
3  * test_rls_hooks.c
4  * Code for testing RLS hooks.
5  *
6  * Copyright (c) 2015-2019, PostgreSQL Global Development Group
7  *
8  * IDENTIFICATION
9  * src/test/modules/test_rls_hooks/test_rls_hooks.c
10  *
11  * -------------------------------------------------------------------------
12  */
13 
14 #include "postgres.h"
15 
16 #include "fmgr.h"
17 #include "miscadmin.h"
18 
19 #include "test_rls_hooks.h"
20 
21 #include "catalog/pg_type.h"
22 #include "nodes/makefuncs.h"
23 #include "nodes/makefuncs.h"
24 #include "parser/parse_clause.h"
25 #include "parser/parse_collate.h"
26 #include "parser/parse_node.h"
27 #include "parser/parse_relation.h"
28 #include "rewrite/rowsecurity.h"
29 #include "utils/acl.h"
30 #include "utils/rel.h"
31 #include "utils/relcache.h"
32 
34 
35 /* Saved hook values in case of unload */
38 
39 void _PG_init(void);
40 void _PG_fini(void);
41 
42 /* Install hooks */
43 void
44 _PG_init(void)
45 {
46  /* Save values for unload */
49 
50  /* Set our hooks */
53 }
54 
55 /* Uninstall hooks */
56 void
57 _PG_fini(void)
58 {
61 }
62 
63 /*
64  * Return permissive policies to be added
65  */
66 List *
68 {
69  List *policies = NIL;
70  RowSecurityPolicy *policy = palloc0(sizeof(RowSecurityPolicy));
71  Datum role;
72  FuncCall *n;
73  Node *e;
74  ColumnRef *c;
75  ParseState *qual_pstate;
76  RangeTblEntry *rte;
77 
78  if (strcmp(RelationGetRelationName(relation), "rls_test_permissive") != 0 &&
79  strcmp(RelationGetRelationName(relation), "rls_test_both") != 0)
80  return NIL;
81 
82  qual_pstate = make_parsestate(NULL);
83 
84  rte = addRangeTableEntryForRelation(qual_pstate, relation, AccessShareLock,
85  NULL, false, false);
86  addRTEtoQuery(qual_pstate, rte, false, true, true);
87 
89 
90  policy->policy_name = pstrdup("extension policy");
91  policy->polcmd = '*';
92  policy->roles = construct_array(&role, 1, OIDOID, sizeof(Oid), true, 'i');
93 
94  /*
95  * policy->qual = (Expr *) makeConst(BOOLOID, -1, InvalidOid,
96  * sizeof(bool), BoolGetDatum(true), false, true);
97  */
98 
99  n = makeFuncCall(list_make2(makeString("pg_catalog"),
100  makeString("current_user")), NIL, 0);
101 
102  c = makeNode(ColumnRef);
103  c->fields = list_make1(makeString("username"));
104  c->location = 0;
105 
106  e = (Node *) makeSimpleA_Expr(AEXPR_OP, "=", (Node *) n, (Node *) c, 0);
107 
108  policy->qual = (Expr *) transformWhereClause(qual_pstate, copyObject(e),
110  "POLICY");
111  /* Fix up collation information */
112  assign_expr_collations(qual_pstate, (Node *) policy->qual);
113 
114  policy->with_check_qual = copyObject(policy->qual);
115  policy->hassublinks = false;
116 
117  policies = list_make1(policy);
118 
119  return policies;
120 }
121 
122 /*
123  * Return restrictive policies to be added
124  *
125  * Note that a permissive policy must exist or the default-deny policy
126  * will be included and nothing will be visible. If no filtering should
127  * be done except for the restrictive policy, then a single "USING (true)"
128  * permissive policy can be used; see the regression tests.
129  */
130 List *
132 {
133  List *policies = NIL;
134  RowSecurityPolicy *policy = palloc0(sizeof(RowSecurityPolicy));
135  Datum role;
136  FuncCall *n;
137  Node *e;
138  ColumnRef *c;
139  ParseState *qual_pstate;
140  RangeTblEntry *rte;
141 
142 
143  if (strcmp(RelationGetRelationName(relation), "rls_test_restrictive") != 0 &&
144  strcmp(RelationGetRelationName(relation), "rls_test_both") != 0)
145  return NIL;
146 
147  qual_pstate = make_parsestate(NULL);
148 
149  rte = addRangeTableEntryForRelation(qual_pstate, relation, AccessShareLock,
150  NULL, false, false);
151  addRTEtoQuery(qual_pstate, rte, false, true, true);
152 
154 
155  policy->policy_name = pstrdup("extension policy");
156  policy->polcmd = '*';
157  policy->roles = construct_array(&role, 1, OIDOID, sizeof(Oid), true, 'i');
158 
159  n = makeFuncCall(list_make2(makeString("pg_catalog"),
160  makeString("current_user")), NIL, 0);
161 
162  c = makeNode(ColumnRef);
163  c->fields = list_make1(makeString("supervisor"));
164  c->location = 0;
165 
166  e = (Node *) makeSimpleA_Expr(AEXPR_OP, "=", (Node *) n, (Node *) c, 0);
167 
168  policy->qual = (Expr *) transformWhereClause(qual_pstate, copyObject(e),
170  "POLICY");
171  /* Fix up collation information */
172  assign_expr_collations(qual_pstate, (Node *) policy->qual);
173 
174  policy->with_check_qual = copyObject(policy->qual);
175  policy->hassublinks = false;
176 
177  policies = list_make1(policy);
178 
179  return policies;
180 }
#define list_make2(x1, x2)
Definition: pg_list.h:229
void _PG_fini(void)
Value * makeString(char *str)
Definition: value.c:53
static row_security_policy_hook_type prev_row_security_policy_hook_permissive
#define NIL
Definition: pg_list.h:65
void _PG_init(void)
PG_MODULE_MAGIC
char * pstrdup(const char *in)
Definition: mcxt.c:1186
ArrayType * construct_array(Datum *elems, int nelems, Oid elmtype, int elmlen, bool elmbyval, char elmalign)
Definition: arrayfuncs.c:3291
#define AccessShareLock
Definition: lockdefs.h:36
Definition: nodes.h:525
row_security_policy_hook_type row_security_policy_hook_permissive
Definition: rowsecurity.c:96
List * test_rls_hooks_permissive(CmdType cmdtype, Relation relation)
unsigned int Oid
Definition: postgres_ext.h:31
A_Expr * makeSimpleA_Expr(A_Expr_Kind kind, char *name, Node *lexpr, Node *rexpr, int location)
Definition: makefuncs.c:48
ParseState * make_parsestate(ParseState *parentParseState)
Definition: parse_node.c:44
int location
Definition: parsenodes.h:236
static row_security_policy_hook_type prev_row_security_policy_hook_restrictive
#define list_make1(x1)
Definition: pg_list.h:227
void assign_expr_collations(ParseState *pstate, Node *expr)
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
List *(* row_security_policy_hook_type)(CmdType cmdtype, Relation relation)
Definition: rowsecurity.h:37
char * c
RangeTblEntry * addRangeTableEntryForRelation(ParseState *pstate, Relation rel, int lockmode, Alias *alias, bool inh, bool inFromCl)
Expr * with_check_qual
Definition: rowsecurity.h:27
row_security_policy_hook_type row_security_policy_hook_restrictive
Definition: rowsecurity.c:97
#define RelationGetRelationName(relation)
Definition: rel.h:453
ArrayType * roles
Definition: rowsecurity.h:24
void addRTEtoQuery(ParseState *pstate, RangeTblEntry *rte, bool addToJoinList, bool addToRelNameSpace, bool addToVarNameSpace)
FuncCall * makeFuncCall(List *name, List *args, int location)
Definition: makefuncs.c:583
void * palloc0(Size size)
Definition: mcxt.c:980
uintptr_t Datum
Definition: postgres.h:367
#define makeNode(_type_)
Definition: nodes.h:573
List * test_rls_hooks_restrictive(CmdType cmdtype, Relation relation)
Node * transformWhereClause(ParseState *pstate, Node *clause, ParseExprKind exprKind, const char *constructName)
e
Definition: preproc-init.c:82
#define ACL_ID_PUBLIC
Definition: acl.h:46
#define copyObject(obj)
Definition: nodes.h:641
Definition: pg_list.h:50
CmdType
Definition: nodes.h:668
List * fields
Definition: parsenodes.h:235