LCOV - code coverage report
Current view: top level - src/test/modules/test_rls_hooks - test_rls_hooks.c (source / functions) Hit Total Coverage
Test: PostgreSQL 13devel Lines: 55 59 93.2 %
Date: 2019-11-15 23:07:02 Functions: 4 5 80.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*--------------------------------------------------------------------------
       2             :  *
       3             :  * test_rls_hooks.c
       4             :  *      Code for testing RLS hooks.
       5             :  *
       6             :  * Copyright (c) 2015-2019, PostgreSQL Global Development Group
       7             :  *
       8             :  * IDENTIFICATION
       9             :  *      src/test/modules/test_rls_hooks/test_rls_hooks.c
      10             :  *
      11             :  * -------------------------------------------------------------------------
      12             :  */
      13             : 
      14             : #include "postgres.h"
      15             : 
      16             : #include "catalog/pg_type.h"
      17             : #include "fmgr.h"
      18             : #include "miscadmin.h"
      19             : #include "nodes/makefuncs.h"
      20             : #include "parser/parse_clause.h"
      21             : #include "parser/parse_collate.h"
      22             : #include "parser/parse_node.h"
      23             : #include "parser/parse_relation.h"
      24             : #include "rewrite/rowsecurity.h"
      25             : #include "test_rls_hooks.h"
      26             : #include "utils/acl.h"
      27             : #include "utils/rel.h"
      28             : #include "utils/relcache.h"
      29             : 
      30           2 : PG_MODULE_MAGIC;
      31             : 
      32             : /* Saved hook values in case of unload */
      33             : static row_security_policy_hook_type prev_row_security_policy_hook_permissive = NULL;
      34             : static row_security_policy_hook_type prev_row_security_policy_hook_restrictive = NULL;
      35             : 
      36             : void        _PG_init(void);
      37             : void        _PG_fini(void);
      38             : 
      39             : /* Install hooks */
      40             : void
      41           2 : _PG_init(void)
      42             : {
      43             :     /* Save values for unload  */
      44           2 :     prev_row_security_policy_hook_permissive = row_security_policy_hook_permissive;
      45           2 :     prev_row_security_policy_hook_restrictive = row_security_policy_hook_restrictive;
      46             : 
      47             :     /* Set our hooks */
      48           2 :     row_security_policy_hook_permissive = test_rls_hooks_permissive;
      49           2 :     row_security_policy_hook_restrictive = test_rls_hooks_restrictive;
      50           2 : }
      51             : 
      52             : /* Uninstall hooks */
      53             : void
      54           0 : _PG_fini(void)
      55             : {
      56           0 :     row_security_policy_hook_permissive = prev_row_security_policy_hook_permissive;
      57           0 :     row_security_policy_hook_restrictive = prev_row_security_policy_hook_restrictive;
      58           0 : }
      59             : 
      60             : /*
      61             :  * Return permissive policies to be added
      62             :  */
      63             : List *
      64          60 : test_rls_hooks_permissive(CmdType cmdtype, Relation relation)
      65             : {
      66          60 :     List       *policies = NIL;
      67          60 :     RowSecurityPolicy *policy = palloc0(sizeof(RowSecurityPolicy));
      68             :     Datum       role;
      69             :     FuncCall   *n;
      70             :     Node       *e;
      71             :     ColumnRef  *c;
      72             :     ParseState *qual_pstate;
      73             :     RangeTblEntry *rte;
      74             : 
      75         102 :     if (strcmp(RelationGetRelationName(relation), "rls_test_permissive") != 0 &&
      76          42 :         strcmp(RelationGetRelationName(relation), "rls_test_both") != 0)
      77          20 :         return NIL;
      78             : 
      79          40 :     qual_pstate = make_parsestate(NULL);
      80             : 
      81          40 :     rte = addRangeTableEntryForRelation(qual_pstate, relation, AccessShareLock,
      82             :                                         NULL, false, false);
      83          40 :     addRTEtoQuery(qual_pstate, rte, false, true, true);
      84             : 
      85          40 :     role = ObjectIdGetDatum(ACL_ID_PUBLIC);
      86             : 
      87          40 :     policy->policy_name = pstrdup("extension policy");
      88          40 :     policy->polcmd = '*';
      89          40 :     policy->roles = construct_array(&role, 1, OIDOID, sizeof(Oid), true, 'i');
      90             : 
      91             :     /*
      92             :      * policy->qual = (Expr *) makeConst(BOOLOID, -1, InvalidOid,
      93             :      * sizeof(bool), BoolGetDatum(true), false, true);
      94             :      */
      95             : 
      96          40 :     n = makeFuncCall(list_make2(makeString("pg_catalog"),
      97             :                                 makeString("current_user")), NIL, 0);
      98             : 
      99          40 :     c = makeNode(ColumnRef);
     100          40 :     c->fields = list_make1(makeString("username"));
     101          40 :     c->location = 0;
     102             : 
     103          40 :     e = (Node *) makeSimpleA_Expr(AEXPR_OP, "=", (Node *) n, (Node *) c, 0);
     104             : 
     105          40 :     policy->qual = (Expr *) transformWhereClause(qual_pstate, copyObject(e),
     106             :                                                  EXPR_KIND_POLICY,
     107             :                                                  "POLICY");
     108             :     /* Fix up collation information */
     109          40 :     assign_expr_collations(qual_pstate, (Node *) policy->qual);
     110             : 
     111          40 :     policy->with_check_qual = copyObject(policy->qual);
     112          40 :     policy->hassublinks = false;
     113             : 
     114          40 :     policies = list_make1(policy);
     115             : 
     116          40 :     return policies;
     117             : }
     118             : 
     119             : /*
     120             :  * Return restrictive policies to be added
     121             :  *
     122             :  * Note that a permissive policy must exist or the default-deny policy
     123             :  * will be included and nothing will be visible.  If no filtering should
     124             :  * be done except for the restrictive policy, then a single "USING (true)"
     125             :  * permissive policy can be used; see the regression tests.
     126             :  */
     127             : List *
     128          60 : test_rls_hooks_restrictive(CmdType cmdtype, Relation relation)
     129             : {
     130          60 :     List       *policies = NIL;
     131          60 :     RowSecurityPolicy *policy = palloc0(sizeof(RowSecurityPolicy));
     132             :     Datum       role;
     133             :     FuncCall   *n;
     134             :     Node       *e;
     135             :     ColumnRef  *c;
     136             :     ParseState *qual_pstate;
     137             :     RangeTblEntry *rte;
     138             : 
     139             : 
     140         100 :     if (strcmp(RelationGetRelationName(relation), "rls_test_restrictive") != 0 &&
     141          40 :         strcmp(RelationGetRelationName(relation), "rls_test_both") != 0)
     142          18 :         return NIL;
     143             : 
     144          42 :     qual_pstate = make_parsestate(NULL);
     145             : 
     146          42 :     rte = addRangeTableEntryForRelation(qual_pstate, relation, AccessShareLock,
     147             :                                         NULL, false, false);
     148          42 :     addRTEtoQuery(qual_pstate, rte, false, true, true);
     149             : 
     150          42 :     role = ObjectIdGetDatum(ACL_ID_PUBLIC);
     151             : 
     152          42 :     policy->policy_name = pstrdup("extension policy");
     153          42 :     policy->polcmd = '*';
     154          42 :     policy->roles = construct_array(&role, 1, OIDOID, sizeof(Oid), true, 'i');
     155             : 
     156          42 :     n = makeFuncCall(list_make2(makeString("pg_catalog"),
     157             :                                 makeString("current_user")), NIL, 0);
     158             : 
     159          42 :     c = makeNode(ColumnRef);
     160          42 :     c->fields = list_make1(makeString("supervisor"));
     161          42 :     c->location = 0;
     162             : 
     163          42 :     e = (Node *) makeSimpleA_Expr(AEXPR_OP, "=", (Node *) n, (Node *) c, 0);
     164             : 
     165          42 :     policy->qual = (Expr *) transformWhereClause(qual_pstate, copyObject(e),
     166             :                                                  EXPR_KIND_POLICY,
     167             :                                                  "POLICY");
     168             :     /* Fix up collation information */
     169          42 :     assign_expr_collations(qual_pstate, (Node *) policy->qual);
     170             : 
     171          42 :     policy->with_check_qual = copyObject(policy->qual);
     172          42 :     policy->hassublinks = false;
     173             : 
     174          42 :     policies = list_make1(policy);
     175             : 
     176          42 :     return policies;
     177             : }

Generated by: LCOV version 1.13