Age Owner TLA Line data Source code
1 : /*
2 : * dummy_seclabel.c
3 : *
4 : * Dummy security label provider.
5 : *
6 : * This module does not provide anything worthwhile from a security
7 : * perspective, but allows regression testing independent of platform-specific
8 : * features like SELinux.
9 : *
10 : * Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group
11 : * Portions Copyright (c) 1994, Regents of the University of California
12 : */
13 : #include "postgres.h"
14 :
15 : #include "commands/seclabel.h"
16 : #include "fmgr.h"
17 : #include "miscadmin.h"
18 : #include "utils/rel.h"
19 :
4577 rhaas 20 CBC 1 : PG_MODULE_MAGIC;
21 :
3050 alvherre 22 1 : PG_FUNCTION_INFO_V1(dummy_seclabel_dummy);
23 :
4577 rhaas 24 ECB : static void
4577 rhaas 25 CBC 18 : dummy_object_relabel(const ObjectAddress *object, const char *seclabel)
4577 rhaas 26 ECB : {
4577 rhaas 27 CBC 18 : if (seclabel == NULL ||
4577 rhaas 28 GIC 18 : strcmp(seclabel, "unclassified") == 0 ||
4577 rhaas 29 CBC 14 : strcmp(seclabel, "classified") == 0)
30 13 : return;
31 :
32 5 : if (strcmp(seclabel, "secret") == 0 ||
33 3 : strcmp(seclabel, "top secret") == 0)
34 : {
4577 rhaas 35 GIC 3 : if (!superuser())
4577 rhaas 36 CBC 2 : ereport(ERROR,
37 : (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
4577 rhaas 38 ECB : errmsg("only superuser can set '%s' label", seclabel)));
4577 rhaas 39 GIC 1 : return;
40 : }
41 2 : ereport(ERROR,
42 : (errcode(ERRCODE_INVALID_NAME),
43 : errmsg("'%s' is not a valid security label", seclabel)));
4577 rhaas 44 ECB : }
45 :
46 : void
4577 rhaas 47 CBC 1 : _PG_init(void)
48 : {
4577 rhaas 49 GIC 1 : register_label_provider("dummy", dummy_object_relabel);
50 1 : }
51 :
52 : /*
53 : * This function is here just so that the extension is not completely empty
3050 alvherre 54 EUB : * and the dynamic library is loaded when CREATE EXTENSION runs.
55 : */
56 : Datum
3050 alvherre 57 UIC 0 : dummy_seclabel_dummy(PG_FUNCTION_ARGS)
58 : {
59 0 : PG_RETURN_VOID();
60 : }
|