-
Notifications
You must be signed in to change notification settings - Fork 214
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add SECURITY LABEL provider to acceptance test postgres db.
- Loading branch information
Showing
6 changed files
with
95 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
FROM postgres:${PGVERSION:-latest} | ||
|
||
RUN apt-get update && apt-get install -y build-essential postgresql-server-dev-all | ||
COPY dummy_seclabel /opt/dummy_seclabel | ||
WORKDIR /opt/dummy_seclabel | ||
RUN make |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# src/test/modules/dummy_seclabel/Makefile | ||
|
||
MODULES = dummy_seclabel | ||
PGFILEDESC = "dummy_seclabel - regression testing of the SECURITY LABEL statement" | ||
|
||
EXTENSION = dummy_seclabel | ||
DATA = dummy_seclabel--1.0.sql | ||
|
||
REGRESS = dummy_seclabel | ||
|
||
PG_CONFIG = pg_config | ||
PGXS := $(shell $(PG_CONFIG) --pgxs) | ||
include $(PGXS) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
/* src/test/modules/dummy_seclabel/dummy_seclabel--1.0.sql */ | ||
|
||
-- complain if script is sourced in psql, rather than via CREATE EXTENSION | ||
\echo Use "CREATE EXTENSION dummy_seclabel" to load this file. \quit | ||
|
||
CREATE FUNCTION dummy_seclabel_dummy() | ||
RETURNS pg_catalog.void | ||
AS 'MODULE_PATHNAME' LANGUAGE C; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
/* | ||
* dummy_seclabel.c | ||
* | ||
* Dummy security label provider. | ||
* | ||
* This module does not provide anything worthwhile from a security | ||
* perspective, but allows regression testing independent of platform-specific | ||
* features like SELinux. | ||
* | ||
* Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group | ||
* Portions Copyright (c) 1994, Regents of the University of California | ||
*/ | ||
#include "postgres.h" | ||
|
||
#include "commands/seclabel.h" | ||
#include "fmgr.h" | ||
#include "miscadmin.h" | ||
#include "utils/rel.h" | ||
|
||
PG_MODULE_MAGIC; | ||
|
||
PG_FUNCTION_INFO_V1(dummy_seclabel_dummy); | ||
|
||
static void | ||
dummy_object_relabel(const ObjectAddress *object, const char *seclabel) | ||
{ | ||
if (seclabel == NULL || | ||
strcmp(seclabel, "unclassified") == 0 || | ||
strcmp(seclabel, "classified") == 0) | ||
return; | ||
|
||
if (strcmp(seclabel, "secret") == 0 || | ||
strcmp(seclabel, "top secret") == 0) | ||
{ | ||
if (!superuser()) | ||
ereport(ERROR, | ||
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), | ||
errmsg("only superuser can set '%s' label", seclabel))); | ||
return; | ||
} | ||
ereport(ERROR, | ||
(errcode(ERRCODE_INVALID_NAME), | ||
errmsg("'%s' is not a valid security label", seclabel))); | ||
} | ||
|
||
void | ||
_PG_init(void) | ||
{ | ||
register_label_provider("dummy", dummy_object_relabel); | ||
} | ||
|
||
/* | ||
* This function is here just so that the extension is not completely empty | ||
* and the dynamic library is loaded when CREATE EXTENSION runs. | ||
*/ | ||
Datum | ||
dummy_seclabel_dummy(PG_FUNCTION_ARGS) | ||
{ | ||
PG_RETURN_VOID(); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
comment = 'Test code for SECURITY LABEL feature' | ||
default_version = '1.0' | ||
module_pathname = '$libdir/dummy_seclabel' | ||
relocatable = true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters