From 669b633dadb8ad7e3ebab373e68e63840454e8ae Mon Sep 17 00:00:00 2001 From: Mark Dilger Date: Tue, 22 Mar 2022 09:13:58 -0700 Subject: [PATCH v1] Fix build farm failures in test_oat_hooks The behavior of this regression test was unstable. Fix that. --- .../expected/test_oat_hooks.out | 12 ----- .../modules/test_oat_hooks/test_oat_hooks.c | 47 ------------------- 2 files changed, 59 deletions(-) diff --git a/src/test/modules/test_oat_hooks/expected/test_oat_hooks.out b/src/test/modules/test_oat_hooks/expected/test_oat_hooks.out index 2035769580..07247b4b24 100644 --- a/src/test/modules/test_oat_hooks/expected/test_oat_hooks.out +++ b/src/test/modules/test_oat_hooks/expected/test_oat_hooks.out @@ -46,15 +46,11 @@ NOTICE: in process utility: superuser attempting GrantStmt NOTICE: in process utility: superuser finished GrantStmt -- Do a few things as superuser SELECT * FROM regress_test_table; -NOTICE: in executor check perms: superuser attempting execute -NOTICE: in executor check perms: superuser finished execute t --- (0 rows) SELECT regress_test_func('arg'); -NOTICE: in executor check perms: superuser attempting execute -NOTICE: in executor check perms: superuser finished execute regress_test_func ------------------- arg @@ -93,15 +89,11 @@ LINE 1: SELECT * FROM regress_test_table; NOTICE: in object access: non-superuser finished namespace search (subId=0) [no report on violation, allowed] LINE 1: SELECT * FROM regress_test_table; ^ -NOTICE: in executor check perms: non-superuser attempting execute -NOTICE: in executor check perms: non-superuser finished execute t --- (0 rows) SELECT regress_test_func('arg'); -NOTICE: in executor check perms: non-superuser attempting execute -NOTICE: in executor check perms: non-superuser finished execute regress_test_func ------------------- arg @@ -166,15 +158,11 @@ LINE 1: SELECT * FROM regress_test_table; NOTICE: in object access: superuser finished namespace search (subId=0) [no report on violation, allowed] LINE 1: SELECT * FROM regress_test_table; ^ -NOTICE: in executor check perms: superuser attempting execute -NOTICE: in executor check perms: superuser finished execute t --- (0 rows) SELECT regress_test_func('arg'); -NOTICE: in executor check perms: superuser attempting execute -NOTICE: in executor check perms: superuser finished execute regress_test_func ------------------- arg diff --git a/src/test/modules/test_oat_hooks/test_oat_hooks.c b/src/test/modules/test_oat_hooks/test_oat_hooks.c index b1709f4d63..ed2c79652e 100644 --- a/src/test/modules/test_oat_hooks/test_oat_hooks.c +++ b/src/test/modules/test_oat_hooks/test_oat_hooks.c @@ -36,7 +36,6 @@ static bool REGRESS_audit = false; /* Saved hook values in case of unload */ static object_access_hook_type next_object_access_hook = NULL; static object_access_hook_type_str next_object_access_hook_str = NULL; -static ExecutorCheckPerms_hook_type next_exec_check_perms_hook = NULL; static ProcessUtility_hook_type next_ProcessUtility_hook = NULL; /* Test Object Access Type Hook hooks */ @@ -45,7 +44,6 @@ static void REGRESS_object_access_hook_str(ObjectAccessType access, int subId, void *arg); static void REGRESS_object_access_hook(ObjectAccessType access, Oid classId, Oid objectId, int subId, void *arg); -static bool REGRESS_exec_check_perms(List *rangeTabls, bool do_abort); static void REGRESS_utility_command(PlannedStmt *pstmt, const char *queryString, bool readOnlyTree, ProcessUtilityContext context, @@ -171,10 +169,6 @@ _PG_init(void) next_object_access_hook_str = object_access_hook_str; object_access_hook_str = REGRESS_object_access_hook_str; - /* DML permission check */ - next_exec_check_perms_hook = ExecutorCheckPerms_hook; - ExecutorCheckPerms_hook = REGRESS_exec_check_perms; - /* ProcessUtility hook */ next_ProcessUtility_hook = ProcessUtility_hook; ProcessUtility_hook = REGRESS_utility_command; @@ -190,9 +184,6 @@ _PG_fini(void) if (object_access_hook_str == REGRESS_object_access_hook_str) object_access_hook_str = next_object_access_hook_str; - if (ExecutorCheckPerms_hook == REGRESS_exec_check_perms) - ExecutorCheckPerms_hook = next_exec_check_perms_hook; - if (ProcessUtility_hook == REGRESS_utility_command) ProcessUtility_hook = next_ProcessUtility_hook; } @@ -232,12 +223,6 @@ audit_success(const char *hook, char *action, char *objName) emit_audit_message("finished", hook, action, objName); } -static void -audit_failure(const char *hook, char *action, char *objName) -{ - emit_audit_message("denied", hook, action, objName); -} - static void REGRESS_object_access_hook_str(ObjectAccessType access, Oid classId, const char *objName, int subId, void *arg) { @@ -302,38 +287,6 @@ REGRESS_object_access_hook (ObjectAccessType access, Oid classId, Oid objectId, accesstype_arg_to_string(access, arg)); } -static bool -REGRESS_exec_check_perms(List *rangeTabls, bool do_abort) -{ - bool am_super = superuser_arg(GetUserId()); - bool allow = true; - - audit_attempt("executor check perms", pstrdup("execute"), NULL); - - /* Perform our check */ - allow = !REGRESS_deny_exec_perms || am_super; - if (do_abort && !allow) - ereport(ERROR, - (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - errmsg("permission denied: %s", "execute"))); - - /* Forward to next hook in the chain */ - if (next_exec_check_perms_hook && - !(*next_exec_check_perms_hook) (rangeTabls, do_abort)) - allow = false; - - if (allow) - audit_success("executor check perms", - pstrdup("execute"), - NULL); - else - audit_failure("executor check perms", - pstrdup("execute"), - NULL); - - return allow; -} - static void REGRESS_utility_command(PlannedStmt *pstmt, const char *queryString, -- 2.35.1