LCOV - code coverage report
Current view: top level - src/test/modules/test_rls_hooks - test_rls_hooks.c (source / functions) Hit Total Coverage
Test: PostgreSQL 13beta1 Lines: 55 59 93.2 %
Date: 2020-06-01 00:06:26 Functions: 4 5 80.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*--------------------------------------------------------------------------
       2             :  *
       3             :  * test_rls_hooks.c
       4             :  *      Code for testing RLS hooks.
       5             :  *
       6             :  * Copyright (c) 2015-2020, PostgreSQL Global Development Group
       7             :  *
       8             :  * IDENTIFICATION
       9             :  *      src/test/modules/test_rls_hooks/test_rls_hooks.c
      10             :  *
      11             :  * -------------------------------------------------------------------------
      12             :  */
      13             : 
      14             : #include "postgres.h"
      15             : 
      16             : #include "catalog/pg_type.h"
      17             : #include "fmgr.h"
      18             : #include "miscadmin.h"
      19             : #include "nodes/makefuncs.h"
      20             : #include "parser/parse_clause.h"
      21             : #include "parser/parse_collate.h"
      22             : #include "parser/parse_node.h"
      23             : #include "parser/parse_relation.h"
      24             : #include "rewrite/rowsecurity.h"
      25             : #include "test_rls_hooks.h"
      26             : #include "utils/acl.h"
      27             : #include "utils/rel.h"
      28             : #include "utils/relcache.h"
      29             : 
      30           2 : PG_MODULE_MAGIC;
      31             : 
      32             : /* Saved hook values in case of unload */
      33             : static row_security_policy_hook_type prev_row_security_policy_hook_permissive = NULL;
      34             : static row_security_policy_hook_type prev_row_security_policy_hook_restrictive = NULL;
      35             : 
      36             : void        _PG_init(void);
      37             : void        _PG_fini(void);
      38             : 
      39             : /* Install hooks */
      40             : void
      41           2 : _PG_init(void)
      42             : {
      43             :     /* Save values for unload  */
      44           2 :     prev_row_security_policy_hook_permissive = row_security_policy_hook_permissive;
      45           2 :     prev_row_security_policy_hook_restrictive = row_security_policy_hook_restrictive;
      46             : 
      47             :     /* Set our hooks */
      48           2 :     row_security_policy_hook_permissive = test_rls_hooks_permissive;
      49           2 :     row_security_policy_hook_restrictive = test_rls_hooks_restrictive;
      50           2 : }
      51             : 
      52             : /* Uninstall hooks */
      53             : void
      54           0 : _PG_fini(void)
      55             : {
      56           0 :     row_security_policy_hook_permissive = prev_row_security_policy_hook_permissive;
      57           0 :     row_security_policy_hook_restrictive = prev_row_security_policy_hook_restrictive;
      58           0 : }
      59             : 
      60             : /*
      61             :  * Return permissive policies to be added
      62             :  */
      63             : List *
      64          60 : test_rls_hooks_permissive(CmdType cmdtype, Relation relation)
      65             : {
      66          60 :     List       *policies = NIL;
      67          60 :     RowSecurityPolicy *policy = palloc0(sizeof(RowSecurityPolicy));
      68             :     Datum       role;
      69             :     FuncCall   *n;
      70             :     Node       *e;
      71             :     ColumnRef  *c;
      72             :     ParseState *qual_pstate;
      73             :     ParseNamespaceItem *nsitem;
      74             : 
      75          60 :     if (strcmp(RelationGetRelationName(relation), "rls_test_permissive") != 0 &&
      76          42 :         strcmp(RelationGetRelationName(relation), "rls_test_both") != 0)
      77          20 :         return NIL;
      78             : 
      79          40 :     qual_pstate = make_parsestate(NULL);
      80             : 
      81          40 :     nsitem = addRangeTableEntryForRelation(qual_pstate,
      82             :                                            relation, AccessShareLock,
      83             :                                            NULL, false, false);
      84          40 :     addNSItemToQuery(qual_pstate, nsitem, false, true, true);
      85             : 
      86          40 :     role = ObjectIdGetDatum(ACL_ID_PUBLIC);
      87             : 
      88          40 :     policy->policy_name = pstrdup("extension policy");
      89          40 :     policy->polcmd = '*';
      90          40 :     policy->roles = construct_array(&role, 1, OIDOID, sizeof(Oid), true, TYPALIGN_INT);
      91             : 
      92             :     /*
      93             :      * policy->qual = (Expr *) makeConst(BOOLOID, -1, InvalidOid,
      94             :      * sizeof(bool), BoolGetDatum(true), false, true);
      95             :      */
      96             : 
      97          40 :     n = makeFuncCall(list_make2(makeString("pg_catalog"),
      98             :                                 makeString("current_user")), NIL, 0);
      99             : 
     100          40 :     c = makeNode(ColumnRef);
     101          40 :     c->fields = list_make1(makeString("username"));
     102          40 :     c->location = 0;
     103             : 
     104          40 :     e = (Node *) makeSimpleA_Expr(AEXPR_OP, "=", (Node *) n, (Node *) c, 0);
     105             : 
     106          40 :     policy->qual = (Expr *) transformWhereClause(qual_pstate, copyObject(e),
     107             :                                                  EXPR_KIND_POLICY,
     108             :                                                  "POLICY");
     109             :     /* Fix up collation information */
     110          40 :     assign_expr_collations(qual_pstate, (Node *) policy->qual);
     111             : 
     112          40 :     policy->with_check_qual = copyObject(policy->qual);
     113          40 :     policy->hassublinks = false;
     114             : 
     115          40 :     policies = list_make1(policy);
     116             : 
     117          40 :     return policies;
     118             : }
     119             : 
     120             : /*
     121             :  * Return restrictive policies to be added
     122             :  *
     123             :  * Note that a permissive policy must exist or the default-deny policy
     124             :  * will be included and nothing will be visible.  If no filtering should
     125             :  * be done except for the restrictive policy, then a single "USING (true)"
     126             :  * permissive policy can be used; see the regression tests.
     127             :  */
     128             : List *
     129          60 : test_rls_hooks_restrictive(CmdType cmdtype, Relation relation)
     130             : {
     131          60 :     List       *policies = NIL;
     132          60 :     RowSecurityPolicy *policy = palloc0(sizeof(RowSecurityPolicy));
     133             :     Datum       role;
     134             :     FuncCall   *n;
     135             :     Node       *e;
     136             :     ColumnRef  *c;
     137             :     ParseState *qual_pstate;
     138             :     ParseNamespaceItem *nsitem;
     139             : 
     140          60 :     if (strcmp(RelationGetRelationName(relation), "rls_test_restrictive") != 0 &&
     141          40 :         strcmp(RelationGetRelationName(relation), "rls_test_both") != 0)
     142          18 :         return NIL;
     143             : 
     144          42 :     qual_pstate = make_parsestate(NULL);
     145             : 
     146          42 :     nsitem = addRangeTableEntryForRelation(qual_pstate,
     147             :                                            relation, AccessShareLock,
     148             :                                            NULL, false, false);
     149          42 :     addNSItemToQuery(qual_pstate, nsitem, false, true, true);
     150             : 
     151          42 :     role = ObjectIdGetDatum(ACL_ID_PUBLIC);
     152             : 
     153          42 :     policy->policy_name = pstrdup("extension policy");
     154          42 :     policy->polcmd = '*';
     155          42 :     policy->roles = construct_array(&role, 1, OIDOID, sizeof(Oid), true, TYPALIGN_INT);
     156             : 
     157          42 :     n = makeFuncCall(list_make2(makeString("pg_catalog"),
     158             :                                 makeString("current_user")), NIL, 0);
     159             : 
     160          42 :     c = makeNode(ColumnRef);
     161          42 :     c->fields = list_make1(makeString("supervisor"));
     162          42 :     c->location = 0;
     163             : 
     164          42 :     e = (Node *) makeSimpleA_Expr(AEXPR_OP, "=", (Node *) n, (Node *) c, 0);
     165             : 
     166          42 :     policy->qual = (Expr *) transformWhereClause(qual_pstate, copyObject(e),
     167             :                                                  EXPR_KIND_POLICY,
     168             :                                                  "POLICY");
     169             :     /* Fix up collation information */
     170          42 :     assign_expr_collations(qual_pstate, (Node *) policy->qual);
     171             : 
     172          42 :     policy->with_check_qual = copyObject(policy->qual);
     173          42 :     policy->hassublinks = false;
     174             : 
     175          42 :     policies = list_make1(policy);
     176             : 
     177          42 :     return policies;
     178             : }

Generated by: LCOV version 1.13