Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitb620fda

Browse files
committed
sepgql: Use getObjectIdentity rather than getObjectDescription.
KaiGai Kohei, based on a suggestion from Álvaro Herrera
1 parentbe55f3b commitb620fda

File tree

7 files changed

+351
-330
lines changed

7 files changed

+351
-330
lines changed

‎contrib/sepgsql/database.c

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
#include"catalog/indexing.h"
2020
#include"commands/dbcommands.h"
2121
#include"commands/seclabel.h"
22+
#include"utils/builtins.h"
2223
#include"utils/fmgroids.h"
2324
#include"utils/tqual.h"
2425
#include"sepgsql.h"
@@ -38,9 +39,9 @@ sepgsql_database_post_create(Oid databaseId, const char *dtemplate)
3839
HeapTupletuple;
3940
char*tcontext;
4041
char*ncontext;
41-
charaudit_name[NAMEDATALEN+20];
4242
ObjectAddressobject;
4343
Form_pg_databasedatForm;
44+
StringInfoDataaudit_name;
4445

4546
/*
4647
* Oid of the source database is not saved in pg_database catalog, so we
@@ -61,11 +62,12 @@ sepgsql_database_post_create(Oid databaseId, const char *dtemplate)
6162
/*
6263
* check db_database:{getattr} permission
6364
*/
64-
snprintf(audit_name,sizeof(audit_name),"database %s",dtemplate);
65+
initStringInfo(&audit_name);
66+
appendStringInfo(&audit_name,"%s",quote_identifier(dtemplate));
6567
sepgsql_avc_check_perms_label(tcontext,
6668
SEPG_CLASS_DB_DATABASE,
6769
SEPG_DB_DATABASE__GETATTR,
68-
audit_name,
70+
audit_name.data,
6971
true);
7072

7173
/*
@@ -98,12 +100,13 @@ sepgsql_database_post_create(Oid databaseId, const char *dtemplate)
98100
/*
99101
* check db_database:{create} permission
100102
*/
101-
snprintf(audit_name,sizeof(audit_name),
102-
"database %s",NameStr(datForm->datname));
103+
resetStringInfo(&audit_name);
104+
appendStringInfo(&audit_name,"%s",
105+
quote_identifier(NameStr(datForm->datname)));
103106
sepgsql_avc_check_perms_label(ncontext,
104107
SEPG_CLASS_DB_DATABASE,
105108
SEPG_DB_DATABASE__CREATE,
106-
audit_name,
109+
audit_name.data,
107110
true);
108111

109112
systable_endscan(sscan);
@@ -139,7 +142,7 @@ sepgsql_database_drop(Oid databaseId)
139142
object.classId=DatabaseRelationId;
140143
object.objectId=databaseId;
141144
object.objectSubId=0;
142-
audit_name=getObjectDescription(&object);
145+
audit_name=getObjectIdentity(&object);
143146

144147
sepgsql_avc_check_perms(&object,
145148
SEPG_CLASS_DB_DATABASE,
@@ -166,7 +169,7 @@ sepgsql_database_setattr(Oid databaseId)
166169
object.classId=DatabaseRelationId;
167170
object.objectId=databaseId;
168171
object.objectSubId=0;
169-
audit_name=getObjectDescription(&object);
172+
audit_name=getObjectIdentity(&object);
170173

171174
sepgsql_avc_check_perms(&object,
172175
SEPG_CLASS_DB_DATABASE,
@@ -190,7 +193,7 @@ sepgsql_database_relabel(Oid databaseId, const char *seclabel)
190193
object.classId=DatabaseRelationId;
191194
object.objectId=databaseId;
192195
object.objectSubId=0;
193-
audit_name=getObjectDescription(&object);
196+
audit_name=getObjectIdentity(&object);
194197

195198
/*
196199
* check db_database:{setattr relabelfrom} permission

‎contrib/sepgsql/dml.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -187,7 +187,7 @@ check_relation_privileges(Oid relOid,
187187
object.classId=RelationRelationId;
188188
object.objectId=relOid;
189189
object.objectSubId=0;
190-
audit_name=getObjectDescription(&object);
190+
audit_name=getObjectIdentity(&object);
191191
switch (relkind)
192192
{
193193
caseRELKIND_RELATION:

‎contrib/sepgsql/expected/alter.out

Lines changed: 84 additions & 84 deletions
Large diffs are not rendered by default.

‎contrib/sepgsql/expected/ddl.out

Lines changed: 195 additions & 195 deletions
Large diffs are not rendered by default.

‎contrib/sepgsql/proc.c

Lines changed: 15 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
#include"catalog/indexing.h"
1919
#include"catalog/pg_namespace.h"
2020
#include"catalog/pg_proc.h"
21+
#include"catalog/pg_type.h"
2122
#include"commands/seclabel.h"
2223
#include"lib/stringinfo.h"
2324
#include"utils/builtins.h"
@@ -41,6 +42,7 @@ sepgsql_proc_post_create(Oid functionId)
4142
ScanKeyDataskey;
4243
SysScanDescsscan;
4344
HeapTupletuple;
45+
char*nsp_name;
4446
char*scontext;
4547
char*tcontext;
4648
char*ncontext;
@@ -79,7 +81,7 @@ sepgsql_proc_post_create(Oid functionId)
7981
sepgsql_avc_check_perms(&object,
8082
SEPG_CLASS_DB_SCHEMA,
8183
SEPG_DB_SCHEMA__ADD_NAME,
82-
getObjectDescription(&object),
84+
getObjectIdentity(&object),
8385
true);
8486

8587
/*
@@ -102,14 +104,18 @@ sepgsql_proc_post_create(Oid functionId)
102104
* check db_procedure:{create (install)} permission
103105
*/
104106
initStringInfo(&audit_name);
105-
appendStringInfo(&audit_name,"function %s(",NameStr(proForm->proname));
107+
nsp_name=get_namespace_name(proForm->pronamespace);
108+
appendStringInfo(&audit_name,"%s(",
109+
quote_qualified_identifier(nsp_name,NameStr(proForm->proname)));
106110
for (i=0;i<proForm->pronargs;i++)
107111
{
108-
Oidtypeoid=proForm->proargtypes.values[i];
109-
110112
if (i>0)
111113
appendStringInfoChar(&audit_name,',');
112-
appendStringInfoString(&audit_name,format_type_be(typeoid));
114+
115+
object.classId=TypeRelationId;
116+
object.objectId=proForm->proargtypes.values[i];
117+
object.objectSubId=0;
118+
appendStringInfoString(&audit_name,getObjectIdentity(&object));
113119
}
114120
appendStringInfoChar(&audit_name,')');
115121

@@ -159,7 +165,7 @@ sepgsql_proc_drop(Oid functionId)
159165
object.classId=NamespaceRelationId;
160166
object.objectId=get_func_namespace(functionId);
161167
object.objectSubId=0;
162-
audit_name=getObjectDescription(&object);
168+
audit_name=getObjectIdentity(&object);
163169

164170
sepgsql_avc_check_perms(&object,
165171
SEPG_CLASS_DB_SCHEMA,
@@ -174,7 +180,7 @@ sepgsql_proc_drop(Oid functionId)
174180
object.classId=ProcedureRelationId;
175181
object.objectId=functionId;
176182
object.objectSubId=0;
177-
audit_name=getObjectDescription(&object);
183+
audit_name=getObjectIdentity(&object);
178184

179185
sepgsql_avc_check_perms(&object,
180186
SEPG_CLASS_DB_PROCEDURE,
@@ -199,7 +205,7 @@ sepgsql_proc_relabel(Oid functionId, const char *seclabel)
199205
object.classId=ProcedureRelationId;
200206
object.objectId=functionId;
201207
object.objectSubId=0;
202-
audit_name=getObjectDescription(&object);
208+
audit_name=getObjectIdentity(&object);
203209

204210
/*
205211
* check db_procedure:{setattr relabelfrom} permission
@@ -287,7 +293,7 @@ sepgsql_proc_setattr(Oid functionId)
287293
object.classId=ProcedureRelationId;
288294
object.objectId=functionId;
289295
object.objectSubId=0;
290-
audit_name=getObjectDescription(&object);
296+
audit_name=getObjectIdentity(&object);
291297

292298
sepgsql_avc_check_perms(&object,
293299
SEPG_CLASS_DB_PROCEDURE,

‎contrib/sepgsql/relation.c

Lines changed: 35 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,8 @@
2020
#include"catalog/pg_class.h"
2121
#include"catalog/pg_namespace.h"
2222
#include"commands/seclabel.h"
23+
#include"lib/stringinfo.h"
24+
#include"utils/builtins.h"
2325
#include"utils/fmgroids.h"
2426
#include"utils/catcache.h"
2527
#include"utils/lsyscache.h"
@@ -49,9 +51,9 @@ sepgsql_attribute_post_create(Oid relOid, AttrNumber attnum)
4951
char*scontext;
5052
char*tcontext;
5153
char*ncontext;
52-
charaudit_name[2*NAMEDATALEN+20];
5354
ObjectAddressobject;
5455
Form_pg_attributeattForm;
56+
StringInfoDataaudit_name;
5557

5658
/*
5759
* Only attributes within regular relation have individual security
@@ -94,12 +96,18 @@ sepgsql_attribute_post_create(Oid relOid, AttrNumber attnum)
9496
/*
9597
* check db_column:{create} permission
9698
*/
97-
snprintf(audit_name,sizeof(audit_name),"table %s column %s",
98-
get_rel_name(relOid),NameStr(attForm->attname));
99+
object.classId=RelationRelationId;
100+
object.objectId=relOid;
101+
object.objectSubId=0;
102+
103+
initStringInfo(&audit_name);
104+
appendStringInfo(&audit_name,"%s.%s",
105+
getObjectIdentity(&object),
106+
quote_identifier(NameStr(attForm->attname)));
99107
sepgsql_avc_check_perms_label(ncontext,
100108
SEPG_CLASS_DB_COLUMN,
101109
SEPG_DB_COLUMN__CREATE,
102-
audit_name,
110+
audit_name.data,
103111
true);
104112

105113
/*
@@ -137,7 +145,7 @@ sepgsql_attribute_drop(Oid relOid, AttrNumber attnum)
137145
object.classId=RelationRelationId;
138146
object.objectId=relOid;
139147
object.objectSubId=attnum;
140-
audit_name=getObjectDescription(&object);
148+
audit_name=getObjectIdentity(&object);
141149

142150
sepgsql_avc_check_perms(&object,
143151
SEPG_CLASS_DB_COLUMN,
@@ -168,7 +176,7 @@ sepgsql_attribute_relabel(Oid relOid, AttrNumber attnum,
168176
object.classId=RelationRelationId;
169177
object.objectId=relOid;
170178
object.objectSubId=attnum;
171-
audit_name=getObjectDescription(&object);
179+
audit_name=getObjectIdentity(&object);
172180

173181
/*
174182
* check db_column:{setattr relabelfrom} permission
@@ -211,7 +219,7 @@ sepgsql_attribute_setattr(Oid relOid, AttrNumber attnum)
211219
object.classId=RelationRelationId;
212220
object.objectId=relOid;
213221
object.objectSubId=attnum;
214-
audit_name=getObjectDescription(&object);
222+
audit_name=getObjectIdentity(&object);
215223

216224
sepgsql_avc_check_perms(&object,
217225
SEPG_CLASS_DB_COLUMN,
@@ -236,12 +244,12 @@ sepgsql_relation_post_create(Oid relOid)
236244
Form_pg_classclassForm;
237245
ObjectAddressobject;
238246
uint16tclass;
239-
constchar*tclass_text;
240247
char*scontext;/* subject */
241248
char*tcontext;/* schema */
242249
char*rcontext;/* relation */
243250
char*ccontext;/* column */
244-
charaudit_name[2*NAMEDATALEN+20];
251+
char*nsp_name;
252+
StringInfoDataaudit_name;
245253

246254
/*
247255
* Fetch catalog record of the new relation. Because pg_class entry is not
@@ -277,22 +285,19 @@ sepgsql_relation_post_create(Oid relOid)
277285
sepgsql_avc_check_perms(&object,
278286
SEPG_CLASS_DB_SCHEMA,
279287
SEPG_DB_SCHEMA__ADD_NAME,
280-
getObjectDescription(&object),
288+
getObjectIdentity(&object),
281289
true);
282290

283291
switch (classForm->relkind)
284292
{
285293
caseRELKIND_RELATION:
286294
tclass=SEPG_CLASS_DB_TABLE;
287-
tclass_text="table";
288295
break;
289296
caseRELKIND_SEQUENCE:
290297
tclass=SEPG_CLASS_DB_SEQUENCE;
291-
tclass_text="sequence";
292298
break;
293299
caseRELKIND_VIEW:
294300
tclass=SEPG_CLASS_DB_VIEW;
295-
tclass_text="view";
296301
break;
297302
caseRELKIND_INDEX:
298303
/* deal with indexes specially; no need for tclass */
@@ -316,12 +321,15 @@ sepgsql_relation_post_create(Oid relOid)
316321
/*
317322
* check db_xxx:{create} permission
318323
*/
319-
snprintf(audit_name,sizeof(audit_name),"%s %s",
320-
tclass_text,NameStr(classForm->relname));
324+
nsp_name=get_namespace_name(classForm->relnamespace);
325+
initStringInfo(&audit_name);
326+
appendStringInfo(&audit_name,"%s.%s",
327+
quote_identifier(nsp_name),
328+
quote_identifier(NameStr(classForm->relname)));
321329
sepgsql_avc_check_perms_label(rcontext,
322330
tclass,
323331
SEPG_DB_DATABASE__CREATE,
324-
audit_name,
332+
audit_name.data,
325333
true);
326334

327335
/*
@@ -358,10 +366,11 @@ sepgsql_relation_post_create(Oid relOid)
358366
{
359367
attForm= (Form_pg_attribute)GETSTRUCT(atup);
360368

361-
snprintf(audit_name,sizeof(audit_name),"%s %s column %s",
362-
tclass_text,
363-
NameStr(classForm->relname),
364-
NameStr(attForm->attname));
369+
resetStringInfo(&audit_name);
370+
appendStringInfo(&audit_name,"%s.%s.%s",
371+
quote_identifier(nsp_name),
372+
quote_identifier(NameStr(classForm->relname)),
373+
quote_identifier(NameStr(attForm->attname)));
365374

366375
ccontext=sepgsql_compute_create(scontext,
367376
rcontext,
@@ -374,7 +383,7 @@ sepgsql_relation_post_create(Oid relOid)
374383
sepgsql_avc_check_perms_label(ccontext,
375384
SEPG_CLASS_DB_COLUMN,
376385
SEPG_DB_COLUMN__CREATE,
377-
audit_name,
386+
audit_name.data,
378387
true);
379388

380389
object.classId=RelationRelationId;
@@ -436,7 +445,7 @@ sepgsql_relation_drop(Oid relOid)
436445
object.classId=NamespaceRelationId;
437446
object.objectId=get_rel_namespace(relOid);
438447
object.objectSubId=0;
439-
audit_name=getObjectDescription(&object);
448+
audit_name=getObjectIdentity(&object);
440449

441450
sepgsql_avc_check_perms(&object,
442451
SEPG_CLASS_DB_SCHEMA,
@@ -458,7 +467,7 @@ sepgsql_relation_drop(Oid relOid)
458467
object.classId=RelationRelationId;
459468
object.objectId=relOid;
460469
object.objectSubId=0;
461-
audit_name=getObjectDescription(&object);
470+
audit_name=getObjectIdentity(&object);
462471

463472
sepgsql_avc_check_perms(&object,
464473
tclass,
@@ -489,7 +498,7 @@ sepgsql_relation_drop(Oid relOid)
489498
object.classId=RelationRelationId;
490499
object.objectId=relOid;
491500
object.objectSubId=attForm->attnum;
492-
audit_name=getObjectDescription(&object);
501+
audit_name=getObjectIdentity(&object);
493502

494503
sepgsql_avc_check_perms(&object,
495504
SEPG_CLASS_DB_COLUMN,
@@ -531,7 +540,7 @@ sepgsql_relation_relabel(Oid relOid, const char *seclabel)
531540
object.classId=RelationRelationId;
532541
object.objectId=relOid;
533542
object.objectSubId=0;
534-
audit_name=getObjectDescription(&object);
543+
audit_name=getObjectIdentity(&object);
535544

536545
/*
537546
* check db_xxx:{setattr relabelfrom} permission
@@ -641,7 +650,7 @@ sepgsql_relation_setattr(Oid relOid)
641650
object.classId=RelationRelationId;
642651
object.objectId=relOid;
643652
object.objectSubId=0;
644-
audit_name=getObjectDescription(&object);
653+
audit_name=getObjectIdentity(&object);
645654

646655
sepgsql_avc_check_perms(&object,
647656
tclass,

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp