PostgreSQL Source Code git master
Functions
usercontext.c File Reference
#include "postgres.h"
#include "miscadmin.h"
#include "utils/acl.h"
#include "utils/guc.h"
#include "utils/usercontext.h"
Include dependency graph for usercontext.c:

Go to the source code of this file.

Functions

void SwitchToUntrustedUser (Oid userid, UserContext *context)
 
void RestoreUserContext (UserContext *context)
 

Function Documentation

◆ RestoreUserContext()

void RestoreUserContext ( UserContext context)

Definition at line 87 of file usercontext.c.

88{
89 if (context->save_nestlevel != -1)
90 AtEOXact_GUC(false, context->save_nestlevel);
91 SetUserIdAndSecContext(context->save_userid, context->save_sec_context);
92}
AtEOXact_GUC
void AtEOXact_GUC(bool isCommit, int nestLevel)
Definition: guc.c:2137
SetUserIdAndSecContext
void SetUserIdAndSecContext(Oid userid, int sec_context)
Definition: miscinit.c:619
UserContext::save_sec_context
int save_sec_context
Definition: usercontext.h:18
UserContext::save_userid
Oid save_userid
Definition: usercontext.h:17
UserContext::save_nestlevel
int save_nestlevel
Definition: usercontext.h:19

References AtEOXact_GUC(), UserContext::save_nestlevel, UserContext::save_sec_context, UserContext::save_userid, and SetUserIdAndSecContext().

Referenced by apply_handle_delete(), apply_handle_insert(), apply_handle_update(), copy_sequence(), ExecuteTruncateGuts(), and LogicalRepSyncTableStart().

◆ SwitchToUntrustedUser()

void SwitchToUntrustedUser ( Oid  userid,
UserContext context 
)

Definition at line 33 of file usercontext.c.

34{
35 /* Get the current user ID and security context. */
36 GetUserIdAndSecContext(&context->save_userid,
37 &context->save_sec_context);
38
39 /* Check that we have sufficient privileges to assume the target role. */
40 if (!member_can_set_role(context->save_userid, userid))
41 ereport(ERROR,
42 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
43 errmsg("role \"%s\" cannot SET ROLE to \"%s\"",
44 GetUserNameFromId(context->save_userid, false),
45 GetUserNameFromId(userid, false))));
46
47 /*
48 * Try to prevent the user to which we're switching from assuming the
49 * privileges of the current user, unless they can SET ROLE to that user
50 * anyway.
51 */
52 if (member_can_set_role(userid, context->save_userid))
53 {
54 /*
55 * Each user can SET ROLE to the other, so there's no point in
56 * imposing any security restrictions. Just let the user do whatever
57 * they want.
58 */
59 SetUserIdAndSecContext(userid, context->save_sec_context);
60 context->save_nestlevel = -1;
61 }
62 else
63 {
64 int sec_context = context->save_sec_context;
65
66 /*
67 * This user can SET ROLE to the target user, but not the other way
68 * around, so protect ourselves against the target user by setting
69 * SECURITY_RESTRICTED_OPERATION to prevent certain changes to the
70 * session state. Also set up a new GUC nest level, so that we can
71 * roll back any GUC changes that may be made by code running as the
72 * target user, inasmuch as they could be malicious.
73 */
74 sec_context |= SECURITY_RESTRICTED_OPERATION;
75 SetUserIdAndSecContext(userid, sec_context);
76 context->save_nestlevel = NewGUCNestLevel();
77 }
78}
member_can_set_role
bool member_can_set_role(Oid member, Oid role)
Definition: acl.c:5318
errcode
int errcode(int sqlerrcode)
Definition: elog.c:863
errmsg
int errmsg(const char *fmt,...)
Definition: elog.c:1080
ERROR
#define ERROR
Definition: elog.h:39
ereport
#define ereport(elevel,...)
Definition: elog.h:150
NewGUCNestLevel
int NewGUCNestLevel(void)
Definition: guc.c:2110
SECURITY_RESTRICTED_OPERATION
#define SECURITY_RESTRICTED_OPERATION
Definition: miscadmin.h:319
GetUserIdAndSecContext
void GetUserIdAndSecContext(Oid *userid, int *sec_context)
Definition: miscinit.c:612
GetUserNameFromId
char * GetUserNameFromId(Oid roleid, bool noerr)
Definition: miscinit.c:988

References ereport, errcode(), errmsg(), ERROR, GetUserIdAndSecContext(), GetUserNameFromId(), member_can_set_role(), NewGUCNestLevel(), UserContext::save_nestlevel, UserContext::save_sec_context, UserContext::save_userid, SECURITY_RESTRICTED_OPERATION, and SetUserIdAndSecContext().

Referenced by apply_handle_delete(), apply_handle_insert(), apply_handle_update(), copy_sequence(), ExecuteTruncateGuts(), and LogicalRepSyncTableStart().