LCOV - code coverage report
Current view: top level - src/test/modules/test_rls_hooks - test_rls_hooks.c (source / functions) Hit Total Coverage
Test: PostgreSQL 15devel Lines: 55 59 93.2 %
Date: 2021-11-29 05:09:10 Functions: 4 5 80.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*--------------------------------------------------------------------------
       2             :  *
       3             :  * test_rls_hooks.c
       4             :  *      Code for testing RLS hooks.
       5             :  *
       6             :  * Copyright (c) 2015-2021, PostgreSQL Global Development Group
       7             :  *
       8             :  * IDENTIFICATION
       9             :  *      src/test/modules/test_rls_hooks/test_rls_hooks.c
      10             :  *
      11             :  * -------------------------------------------------------------------------
      12             :  */
      13             : 
      14             : #include "postgres.h"
      15             : 
      16             : #include "catalog/pg_type.h"
      17             : #include "fmgr.h"
      18             : #include "miscadmin.h"
      19             : #include "nodes/makefuncs.h"
      20             : #include "parser/parse_clause.h"
      21             : #include "parser/parse_collate.h"
      22             : #include "parser/parse_node.h"
      23             : #include "parser/parse_relation.h"
      24             : #include "rewrite/rowsecurity.h"
      25             : #include "test_rls_hooks.h"
      26             : #include "utils/acl.h"
      27             : #include "utils/rel.h"
      28             : #include "utils/relcache.h"
      29             : 
      30           2 : PG_MODULE_MAGIC;
      31             : 
      32             : /* Saved hook values in case of unload */
      33             : static row_security_policy_hook_type prev_row_security_policy_hook_permissive = NULL;
      34             : static row_security_policy_hook_type prev_row_security_policy_hook_restrictive = NULL;
      35             : 
      36             : void        _PG_init(void);
      37             : void        _PG_fini(void);
      38             : 
      39             : /* Install hooks */
      40             : void
      41           2 : _PG_init(void)
      42             : {
      43             :     /* Save values for unload  */
      44           2 :     prev_row_security_policy_hook_permissive = row_security_policy_hook_permissive;
      45           2 :     prev_row_security_policy_hook_restrictive = row_security_policy_hook_restrictive;
      46             : 
      47             :     /* Set our hooks */
      48           2 :     row_security_policy_hook_permissive = test_rls_hooks_permissive;
      49           2 :     row_security_policy_hook_restrictive = test_rls_hooks_restrictive;
      50           2 : }
      51             : 
      52             : /* Uninstall hooks */
      53             : void
      54           0 : _PG_fini(void)
      55             : {
      56           0 :     row_security_policy_hook_permissive = prev_row_security_policy_hook_permissive;
      57           0 :     row_security_policy_hook_restrictive = prev_row_security_policy_hook_restrictive;
      58           0 : }
      59             : 
      60             : /*
      61             :  * Return permissive policies to be added
      62             :  */
      63             : List *
      64          60 : test_rls_hooks_permissive(CmdType cmdtype, Relation relation)
      65             : {
      66          60 :     List       *policies = NIL;
      67          60 :     RowSecurityPolicy *policy = palloc0(sizeof(RowSecurityPolicy));
      68             :     Datum       role;
      69             :     FuncCall   *n;
      70             :     Node       *e;
      71             :     ColumnRef  *c;
      72             :     ParseState *qual_pstate;
      73             :     ParseNamespaceItem *nsitem;
      74             : 
      75          60 :     if (strcmp(RelationGetRelationName(relation), "rls_test_permissive") != 0 &&
      76          42 :         strcmp(RelationGetRelationName(relation), "rls_test_both") != 0)
      77          20 :         return NIL;
      78             : 
      79          40 :     qual_pstate = make_parsestate(NULL);
      80             : 
      81          40 :     nsitem = addRangeTableEntryForRelation(qual_pstate,
      82             :                                            relation, AccessShareLock,
      83             :                                            NULL, false, false);
      84          40 :     addNSItemToQuery(qual_pstate, nsitem, false, true, true);
      85             : 
      86          40 :     role = ObjectIdGetDatum(ACL_ID_PUBLIC);
      87             : 
      88          40 :     policy->policy_name = pstrdup("extension policy");
      89          40 :     policy->polcmd = '*';
      90          40 :     policy->roles = construct_array(&role, 1, OIDOID, sizeof(Oid), true, TYPALIGN_INT);
      91             : 
      92             :     /*
      93             :      * policy->qual = (Expr *) makeConst(BOOLOID, -1, InvalidOid,
      94             :      * sizeof(bool), BoolGetDatum(true), false, true);
      95             :      */
      96             : 
      97          40 :     n = makeFuncCall(list_make2(makeString("pg_catalog"),
      98             :                                 makeString("current_user")),
      99             :                      NIL,
     100             :                      COERCE_EXPLICIT_CALL,
     101             :                      -1);
     102             : 
     103          40 :     c = makeNode(ColumnRef);
     104          40 :     c->fields = list_make1(makeString("username"));
     105          40 :     c->location = 0;
     106             : 
     107          40 :     e = (Node *) makeSimpleA_Expr(AEXPR_OP, "=", (Node *) n, (Node *) c, 0);
     108             : 
     109          40 :     policy->qual = (Expr *) transformWhereClause(qual_pstate, copyObject(e),
     110             :                                                  EXPR_KIND_POLICY,
     111             :                                                  "POLICY");
     112             :     /* Fix up collation information */
     113          40 :     assign_expr_collations(qual_pstate, (Node *) policy->qual);
     114             : 
     115          40 :     policy->with_check_qual = copyObject(policy->qual);
     116          40 :     policy->hassublinks = false;
     117             : 
     118          40 :     policies = list_make1(policy);
     119             : 
     120          40 :     return policies;
     121             : }
     122             : 
     123             : /*
     124             :  * Return restrictive policies to be added
     125             :  *
     126             :  * Note that a permissive policy must exist or the default-deny policy
     127             :  * will be included and nothing will be visible.  If no filtering should
     128             :  * be done except for the restrictive policy, then a single "USING (true)"
     129             :  * permissive policy can be used; see the regression tests.
     130             :  */
     131             : List *
     132          60 : test_rls_hooks_restrictive(CmdType cmdtype, Relation relation)
     133             : {
     134          60 :     List       *policies = NIL;
     135          60 :     RowSecurityPolicy *policy = palloc0(sizeof(RowSecurityPolicy));
     136             :     Datum       role;
     137             :     FuncCall   *n;
     138             :     Node       *e;
     139             :     ColumnRef  *c;
     140             :     ParseState *qual_pstate;
     141             :     ParseNamespaceItem *nsitem;
     142             : 
     143          60 :     if (strcmp(RelationGetRelationName(relation), "rls_test_restrictive") != 0 &&
     144          40 :         strcmp(RelationGetRelationName(relation), "rls_test_both") != 0)
     145          18 :         return NIL;
     146             : 
     147          42 :     qual_pstate = make_parsestate(NULL);
     148             : 
     149          42 :     nsitem = addRangeTableEntryForRelation(qual_pstate,
     150             :                                            relation, AccessShareLock,
     151             :                                            NULL, false, false);
     152          42 :     addNSItemToQuery(qual_pstate, nsitem, false, true, true);
     153             : 
     154          42 :     role = ObjectIdGetDatum(ACL_ID_PUBLIC);
     155             : 
     156          42 :     policy->policy_name = pstrdup("extension policy");
     157          42 :     policy->polcmd = '*';
     158          42 :     policy->roles = construct_array(&role, 1, OIDOID, sizeof(Oid), true, TYPALIGN_INT);
     159             : 
     160          42 :     n = makeFuncCall(list_make2(makeString("pg_catalog"),
     161             :                                 makeString("current_user")),
     162             :                      NIL,
     163             :                      COERCE_EXPLICIT_CALL,
     164             :                      -1);
     165             : 
     166          42 :     c = makeNode(ColumnRef);
     167          42 :     c->fields = list_make1(makeString("supervisor"));
     168          42 :     c->location = 0;
     169             : 
     170          42 :     e = (Node *) makeSimpleA_Expr(AEXPR_OP, "=", (Node *) n, (Node *) c, 0);
     171             : 
     172          42 :     policy->qual = (Expr *) transformWhereClause(qual_pstate, copyObject(e),
     173             :                                                  EXPR_KIND_POLICY,
     174             :                                                  "POLICY");
     175             :     /* Fix up collation information */
     176          42 :     assign_expr_collations(qual_pstate, (Node *) policy->qual);
     177             : 
     178          42 :     policy->with_check_qual = copyObject(policy->qual);
     179          42 :     policy->hassublinks = false;
     180             : 
     181          42 :     policies = list_make1(policy);
     182             : 
     183          42 :     return policies;
     184             : }

Generated by: LCOV version 1.14