PostgreSQL Source Code git master
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
usercontext.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  UserContext
 

Typedefs

typedef struct UserContext UserContext
 

Functions

void SwitchToUntrustedUser (Oid userid, UserContext *context)
 
void RestoreUserContext (UserContext *context)
 

Typedef Documentation

◆ UserContext

typedef struct UserContext UserContext

Function Documentation

◆ RestoreUserContext()

void RestoreUserContext ( UserContext context)

Definition at line 87 of file usercontext.c.

88{
89 if (context->save_nestlevel != -1)
90 AtEOXact_GUC(false, context->save_nestlevel);
92}
void AtEOXact_GUC(bool isCommit, int nestLevel)
Definition: guc.c:2262
void SetUserIdAndSecContext(Oid userid, int sec_context)
Definition: miscinit.c:667
int save_sec_context
Definition: usercontext.h:18
Oid save_userid
Definition: usercontext.h:17
int save_nestlevel
Definition: usercontext.h:19

References AtEOXact_GUC(), UserContext::save_nestlevel, UserContext::save_sec_context, UserContext::save_userid, and SetUserIdAndSecContext().

Referenced by apply_handle_delete(), apply_handle_insert(), apply_handle_update(), ExecuteTruncateGuts(), and LogicalRepSyncTableStart().

◆ SwitchToUntrustedUser()

void SwitchToUntrustedUser ( Oid  userid,
UserContext context 
)

Definition at line 33 of file usercontext.c.

34{
35 /* Get the current user ID and security context. */
37 &context->save_sec_context);
38
39 /* Check that we have sufficient privileges to assume the target role. */
40 if (!member_can_set_role(context->save_userid, userid))
42 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
43 errmsg("role \"%s\" cannot SET ROLE to \"%s\"",
44 GetUserNameFromId(context->save_userid, false),
45 GetUserNameFromId(userid, false))));
46
47 /*
48 * Try to prevent the user to which we're switching from assuming the
49 * privileges of the current user, unless they can SET ROLE to that user
50 * anyway.
51 */
52 if (member_can_set_role(userid, context->save_userid))
53 {
54 /*
55 * Each user can SET ROLE to the other, so there's no point in
56 * imposing any security restrictions. Just let the user do whatever
57 * they want.
58 */
60 context->save_nestlevel = -1;
61 }
62 else
63 {
64 int sec_context = context->save_sec_context;
65
66 /*
67 * This user can SET ROLE to the target user, but not the other way
68 * around, so protect ourselves against the target user by setting
69 * SECURITY_RESTRICTED_OPERATION to prevent certain changes to the
70 * session state. Also set up a new GUC nest level, so that we can
71 * roll back any GUC changes that may be made by code running as the
72 * target user, inasmuch as they could be malicious.
73 */
74 sec_context |= SECURITY_RESTRICTED_OPERATION;
75 SetUserIdAndSecContext(userid, sec_context);
77 }
78}
bool member_can_set_role(Oid member, Oid role)
Definition: acl.c:5302
int errcode(int sqlerrcode)
Definition: elog.c:853
int errmsg(const char *fmt,...)
Definition: elog.c:1070
#define ERROR
Definition: elog.h:39
#define ereport(elevel,...)
Definition: elog.h:149
int NewGUCNestLevel(void)
Definition: guc.c:2235
#define SECURITY_RESTRICTED_OPERATION
Definition: miscadmin.h:318
void GetUserIdAndSecContext(Oid *userid, int *sec_context)
Definition: miscinit.c:660
char * GetUserNameFromId(Oid roleid, bool noerr)
Definition: miscinit.c:1036

References ereport, errcode(), errmsg(), ERROR, GetUserIdAndSecContext(), GetUserNameFromId(), member_can_set_role(), NewGUCNestLevel(), UserContext::save_nestlevel, UserContext::save_sec_context, UserContext::save_userid, SECURITY_RESTRICTED_OPERATION, and SetUserIdAndSecContext().

Referenced by apply_handle_delete(), apply_handle_insert(), apply_handle_update(), ExecuteTruncateGuts(), and LogicalRepSyncTableStart().