From 62eff25c15f634682568314ff049642c16ccfc00 Mon Sep 17 00:00:00 2001 From: Alexander Korotkov Date: Mon, 5 Dec 2022 16:00:33 +0300 Subject: [PATCH v7] Add USER SET parameter values for pg_db_role_setting The USER SET flag specifies that the variable should be set on behalf of an ordinary role. That lets ordinary roles set placeholder variables, which permission requirements are not known yet. Such a value wouldn't be used if the variable finally appear to require superuser privileges. The catalog schema isn't changed. Instead, the new flag "(s)" is appended to the variable name when values are stored in pg_db_role_setting. We don't allow braces in variable names, thus there is no conflict. However, we still bump the catversion because the previous code could have an error interpreting the new flag. This commit is inspired by the previous work by Steve Chavez. Discussion: https://postgr.es/m/CAPpHfdsLd6E--epnGqXENqLP6dLwuNZrPMcNYb3wJ87WR7UBOQ%40mail.gmail.com Author: Alexander Korotkov, Steve Chavez Reviewed-by: Pavel Borisov, Steve Chavez --- doc/src/sgml/catalogs.sgml | 6 +- doc/src/sgml/ref/alter_database.sgml | 15 +- doc/src/sgml/ref/alter_role.sgml | 22 ++- doc/src/sgml/ref/alter_user.sgml | 2 +- doc/src/sgml/ref/psql-ref.sgml | 8 + src/backend/catalog/pg_db_role_setting.c | 4 +- src/backend/commands/functioncmds.c | 2 +- src/backend/parser/gram.y | 20 +++ src/backend/utils/misc/guc.c | 125 +++++++++++----- src/backend/utils/misc/guc_funcs.c | 12 +- src/bin/pg_dump/dumputils.c | 18 ++- src/bin/psql/tab-complete.c | 4 + src/include/common/guc-common.h | 32 ++++ src/include/nodes/parsenodes.h | 1 + src/include/utils/guc.h | 4 +- src/test/modules/Makefile | 1 + src/test/modules/meson.build | 1 + .../test_pg_db_role_setting/.gitignore | 4 + .../modules/test_pg_db_role_setting/Makefile | 29 ++++ .../expected/test_pg_db_role_setting.out | 137 ++++++++++++++++++ .../test_pg_db_role_setting/meson.build | 35 +++++ .../sql/test_pg_db_role_setting.sql | 63 ++++++++ .../test_pg_db_role_setting--1.0.sql | 7 + .../test_pg_db_role_setting.c | 57 ++++++++ .../test_pg_db_role_setting.control | 7 + 25 files changed, 570 insertions(+), 46 deletions(-) create mode 100644 src/include/common/guc-common.h create mode 100644 src/test/modules/test_pg_db_role_setting/.gitignore create mode 100644 src/test/modules/test_pg_db_role_setting/Makefile create mode 100644 src/test/modules/test_pg_db_role_setting/expected/test_pg_db_role_setting.out create mode 100644 src/test/modules/test_pg_db_role_setting/meson.build create mode 100644 src/test/modules/test_pg_db_role_setting/sql/test_pg_db_role_setting.sql create mode 100644 src/test/modules/test_pg_db_role_setting/test_pg_db_role_setting--1.0.sql create mode 100644 src/test/modules/test_pg_db_role_setting/test_pg_db_role_setting.c create mode 100644 src/test/modules/test_pg_db_role_setting/test_pg_db_role_setting.control diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml index 9ed2b020b7d..ca9a0f3e1af 100644 --- a/doc/src/sgml/catalogs.sgml +++ b/doc/src/sgml/catalogs.sgml @@ -3191,7 +3191,11 @@ SCRAM-SHA-256$<iteration count>:&l setconfig text[] - Defaults for run-time configuration variables + Defaults for run-time configuration variables. Contains a set of strings + in the form of varname=value or + varname(u)=value. The (s) + name suffix signs the USER SET + value. diff --git a/doc/src/sgml/ref/alter_database.sgml b/doc/src/sgml/ref/alter_database.sgml index 89ed261b4c2..181e9d36205 100644 --- a/doc/src/sgml/ref/alter_database.sgml +++ b/doc/src/sgml/ref/alter_database.sgml @@ -37,7 +37,7 @@ ALTER DATABASE name SET TABLESPACE ALTER DATABASE name REFRESH COLLATION VERSION -ALTER DATABASE name SET configuration_parameter { TO | = } { value | DEFAULT } +ALTER DATABASE name SET configuration_parameter { TO | = } { value | value USER SET | DEFAULT } ALTER DATABASE name SET configuration_parameter FROM CURRENT ALTER DATABASE name RESET configuration_parameter ALTER DATABASE name RESET ALL @@ -206,6 +206,19 @@ ALTER DATABASE name RESET ALL + + + USER SET + + + Specifies that variable should be set on behalf of ordinary role. + That lets non-superuser and non-replication role to set placeholder + variables, with permission requirements is not known yet; + see . The variable won't + be set if it appears to require superuser privileges. + + + diff --git a/doc/src/sgml/ref/alter_role.sgml b/doc/src/sgml/ref/alter_role.sgml index 5aa5648ae7b..1e9c93d6d35 100644 --- a/doc/src/sgml/ref/alter_role.sgml +++ b/doc/src/sgml/ref/alter_role.sgml @@ -38,7 +38,7 @@ ALTER ROLE role_specification [ WIT ALTER ROLE name RENAME TO new_name -ALTER ROLE { role_specification | ALL } [ IN DATABASE database_name ] SET configuration_parameter { TO | = } { value | DEFAULT } +ALTER ROLE { role_specification | ALL } [ IN DATABASE database_name ] SET configuration_parameter { TO | = } { value | value USER SET | DEFAULT } ALTER ROLE { role_specification | ALL } [ IN DATABASE database_name ] SET configuration_parameter FROM CURRENT ALTER ROLE { role_specification | ALL } [ IN DATABASE database_name ] RESET configuration_parameter ALTER ROLE { role_specification | ALL } [ IN DATABASE database_name ] RESET ALL @@ -234,6 +234,19 @@ ALTER ROLE { role_specification | A + + + USER SET + + + Specifies that variable should be set on behalf of ordinary role. + That lets non-superuser and non-replication role to set placeholder + variables, with permission requirements is not known yet; + see . The variable won't + be set if it appears to require superuser privileges. + + + @@ -329,6 +342,13 @@ ALTER ROLE worker_bee SET maintenance_work_mem = 100000; ALTER ROLE fred IN DATABASE devel SET client_min_messages = DEBUG; + + + + Give a role a non-default placeholder setting on behalf of ordinary user. + + +ALTER ROLE fred SET my.param = 'value' USER SET; diff --git a/doc/src/sgml/ref/alter_user.sgml b/doc/src/sgml/ref/alter_user.sgml index 0ee89f54c5c..24f737d5870 100644 --- a/doc/src/sgml/ref/alter_user.sgml +++ b/doc/src/sgml/ref/alter_user.sgml @@ -38,7 +38,7 @@ ALTER USER role_specification [ WIT ALTER USER name RENAME TO new_name -ALTER USER { role_specification | ALL } [ IN DATABASE database_name ] SET configuration_parameter { TO | = } { value | DEFAULT } +ALTER USER { role_specification | ALL } [ IN DATABASE database_name ] SET configuration_parameter { TO | = } { value | value USER SET | DEFAULT } ALTER USER { role_specification | ALL } [ IN DATABASE database_name ] SET configuration_parameter FROM CURRENT ALTER USER { role_specification | ALL } [ IN DATABASE database_name ] RESET configuration_parameter ALTER USER { role_specification | ALL } [ IN DATABASE database_name ] RESET ALL diff --git a/doc/src/sgml/ref/psql-ref.sgml b/doc/src/sgml/ref/psql-ref.sgml index d3dd638b148..b518a4bd284 100644 --- a/doc/src/sgml/ref/psql-ref.sgml +++ b/doc/src/sgml/ref/psql-ref.sgml @@ -1891,6 +1891,14 @@ INSERT INTO tbl1 VALUES ($1, $2) \bind 'first value' 'second value' \g not role-specific or database-specific, respectively. + + The settings comprises a set of strings in the form of + varname=value or varname(u)=value. + The (s) name suffix signs the + USER SET + value. + + The ALTER ROLE and ALTER DATABASE diff --git a/src/backend/catalog/pg_db_role_setting.c b/src/backend/catalog/pg_db_role_setting.c index 42387f4e304..4b9a39a953d 100644 --- a/src/backend/catalog/pg_db_role_setting.c +++ b/src/backend/catalog/pg_db_role_setting.c @@ -115,7 +115,7 @@ AlterSetting(Oid databaseid, Oid roleid, VariableSetStmt *setstmt) /* Update (valuestr is NULL in RESET cases) */ if (valuestr) - a = GUCArrayAdd(a, setstmt->name, valuestr); + a = GUCArrayAdd(a, setstmt->name, valuestr, setstmt->user_set); else a = GUCArrayDelete(a, setstmt->name); @@ -141,7 +141,7 @@ AlterSetting(Oid databaseid, Oid roleid, VariableSetStmt *setstmt) memset(nulls, false, sizeof(nulls)); - a = GUCArrayAdd(NULL, setstmt->name, valuestr); + a = GUCArrayAdd(NULL, setstmt->name, valuestr, setstmt->user_set); values[Anum_pg_db_role_setting_setdatabase - 1] = ObjectIdGetDatum(databaseid); diff --git a/src/backend/commands/functioncmds.c b/src/backend/commands/functioncmds.c index 57489f65f2e..dd882576d70 100644 --- a/src/backend/commands/functioncmds.c +++ b/src/backend/commands/functioncmds.c @@ -662,7 +662,7 @@ update_proconfig_value(ArrayType *a, List *set_items) char *valuestr = ExtractSetVariableArgs(sstmt); if (valuestr) - a = GUCArrayAdd(a, sstmt->name, valuestr); + a = GUCArrayAdd(a, sstmt->name, valuestr, sstmt->user_set); else /* RESET */ a = GUCArrayDelete(a, sstmt->name); } diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index b1ae5f834cd..adc3f8ced3b 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -1621,6 +1621,26 @@ generic_set: n->args = $3; $$ = n; } + | var_name TO var_list USER SET + { + VariableSetStmt *n = makeNode(VariableSetStmt); + + n->kind = VAR_SET_VALUE; + n->name = $1; + n->args = $3; + n->user_set = true; + $$ = n; + } + | var_name '=' var_list USER SET + { + VariableSetStmt *n = makeNode(VariableSetStmt); + + n->kind = VAR_SET_VALUE; + n->name = $1; + n->args = $3; + n->user_set = true; + $$ = n; + } | var_name TO DEFAULT { VariableSetStmt *n = makeNode(VariableSetStmt); diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index 28313b3a94a..eca72d62b6c 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -225,7 +225,6 @@ static bool reporting_enabled; /* true to enable GUC_REPORT */ static int GUCNestLevel = 0; /* 1 when in main transaction */ - static int guc_var_compare(const void *a, const void *b); static uint32 guc_name_hash(const void *key, Size keysize); static int guc_name_match(const void *key1, const void *key2, Size keysize); @@ -245,7 +244,7 @@ static void reapply_stacked_values(struct config_generic *variable, GucContext curscontext, GucSource cursource, Oid cursrole); static bool validate_option_array_item(const char *name, const char *value, - bool skipIfNoPermissions); + bool user_set, bool skipIfNoPermissions); static void write_auto_conf_file(int fd, const char *filename, ConfigVariable *head); static void replace_auto_config_value(ConfigVariable **head_p, ConfigVariable **tail_p, const char *name, const char *value); @@ -6161,13 +6160,16 @@ RestoreGUCState(void *gucstate) /* * A little "long argument" simulation, although not quite GNU - * compliant. Takes a string of the form "some-option=some value" and - * returns name = "some_option" and value = "some value" in palloc'ed - * storage. Note that '-' is converted to '_' in the option name. If - * there is no '=' in the input string then value will be NULL. + * compliant. Takes a string of the form "some-option=some value" or + * "some-option(u)=some value" and returns name = "some_option" and + * value = "some value" in palloc'ed storage. If user_set is not null then + * the presence of "(u)" flag is stored there. Note that '-' is converted + * to '_' in the option name. If there is no '=' in the input string then + * value will be NULL. */ -void -ParseLongOption(const char *string, char **name, char **value) +static void +ParseLongOptionInternal(const char *string, char **name, char **value, + bool *user_set) { size_t equal_pos; char *cp; @@ -6178,25 +6180,41 @@ ParseLongOption(const char *string, char **name, char **value) equal_pos = strcspn(string, "="); - if (string[equal_pos] == '=') + if (GUC_ARRAY_IS_USERSET_SIGN_BEFORE(string, string + equal_pos)) + { + *name = palloc(equal_pos - GUC_ARRAY_USERSET_SIGN_LEN + 1); + strlcpy(*name, string, equal_pos - GUC_ARRAY_USERSET_SIGN_LEN + 1); + if (user_set) + *user_set = true; + } + else { *name = palloc(equal_pos + 1); strlcpy(*name, string, equal_pos + 1); + if (user_set) + *user_set = false; + } + if (string[equal_pos] == '=') *value = pstrdup(&string[equal_pos + 1]); - } else - { - /* no equal sign in string */ - *name = pstrdup(string); *value = NULL; - } for (cp = *name; *cp; cp++) if (*cp == '-') *cp = '_'; } +/* + * The exported version of ParseLongOptionInternal(). Doesn't need user_set + * argument since no external users need it. + */ +void +ParseLongOption(const char *string, char **name, char **value) +{ + ParseLongOptionInternal(string, name, value, NULL); +} + /* * Handle options fetched from pg_db_role_setting.setconfig, @@ -6222,6 +6240,7 @@ ProcessGUCArray(ArrayType *array, char *s; char *name; char *value; + bool user_set; d = array_ref(array, 1, &i, -1 /* varlenarray */ , @@ -6235,7 +6254,7 @@ ProcessGUCArray(ArrayType *array, s = TextDatumGetCString(d); - ParseLongOption(s, &name, &value); + ParseLongOptionInternal(s, &name, &value, &user_set); if (!value) { ereport(WARNING, @@ -6246,9 +6265,19 @@ ProcessGUCArray(ArrayType *array, continue; } - (void) set_config_option(name, value, - context, source, - action, true, 0, false); + /* + * USER SET values are appliciable only for PGC_USERSET parameters. + * We use InvalidOid as role in order to evade possible privileges of + * the current user. + */ + if (!user_set) + (void) set_config_option(name, value, + context, source, + action, true, 0, false); + else + (void) set_config_option_ext(name, value, + PGC_USERSET, source, InvalidOid, + action, true, 0, false); pfree(name); pfree(value); @@ -6262,7 +6291,8 @@ ProcessGUCArray(ArrayType *array, * to indicate the current table entry is NULL. */ ArrayType * -GUCArrayAdd(ArrayType *array, const char *name, const char *value) +GUCArrayAdd(ArrayType *array, const char *name, const char *value, + bool user_set) { struct config_generic *record; Datum datum; @@ -6273,7 +6303,7 @@ GUCArrayAdd(ArrayType *array, const char *name, const char *value) Assert(value); /* test if the option is valid and we're allowed to set it */ - (void) validate_option_array_item(name, value, false); + (void) validate_option_array_item(name, value, user_set, false); /* normalize name (converts obsolete GUC names to modern spellings) */ record = find_option(name, false, true, WARNING); @@ -6281,7 +6311,11 @@ GUCArrayAdd(ArrayType *array, const char *name, const char *value) name = record->name; /* build new item for array */ - newval = psprintf("%s=%s", name, value); + if (user_set) + newval = psprintf("%s" GUC_ARRAY_USERSET_SIGN "=%s", + name, value); + else + newval = psprintf("%s=%s", name, value); datum = CStringGetTextDatum(newval); if (array) @@ -6311,9 +6345,17 @@ GUCArrayAdd(ArrayType *array, const char *name, const char *value) continue; current = TextDatumGetCString(d); - /* check for match up through and including '=' */ - if (strncmp(current, newval, strlen(name) + 1) == 0) + /* check for the name match */ + if (strncmp(current, newval, strlen(name)) == 0 && + GUC_ARRAY_IS_NAME_BORDER(current + strlen(name))) { + /* + * Recheck permissons if we found an option without USER SET + * flag while we're setting an optionn with USER SET flag. + */ + if (current[strlen(name)] == '=' && user_set) + (void) validate_option_array_item(name, value, + false, false); index = i; break; } @@ -6349,9 +6391,6 @@ GUCArrayDelete(ArrayType *array, const char *name) Assert(name); - /* test if the option is valid and we're allowed to set it */ - (void) validate_option_array_item(name, NULL, false); - /* normalize name (converts obsolete GUC names to modern spellings) */ record = find_option(name, false, true, WARNING); if (record) @@ -6381,9 +6420,15 @@ GUCArrayDelete(ArrayType *array, const char *name) val = TextDatumGetCString(d); /* ignore entry if it's what we want to delete */ - if (strncmp(val, name, strlen(name)) == 0 - && val[strlen(name)] == '=') + if (strncmp(val, name, strlen(name)) == 0 && + GUC_ARRAY_IS_NAME_BORDER(val + strlen(name))) + { + /* test if the option is valid and we're allowed to set it */ + (void) validate_option_array_item(name, NULL, + GUC_ARRAY_IS_USERSET_SIGN(val + strlen(name)), + false); continue; + } /* else add it to the output array */ if (newarray) @@ -6433,6 +6478,7 @@ GUCArrayReset(ArrayType *array) char *val; char *eqsgn; bool isnull; + bool user_set = false; d = array_ref(array, 1, &i, -1 /* varlenarray */ , @@ -6445,10 +6491,18 @@ GUCArrayReset(ArrayType *array) val = TextDatumGetCString(d); eqsgn = strchr(val, '='); - *eqsgn = '\0'; + if (GUC_ARRAY_IS_USERSET_SIGN_BEFORE(val, eqsgn)) + { + *(eqsgn - GUC_ARRAY_USERSET_SIGN_LEN) = '\0'; + user_set = true; + } + else + { + *eqsgn = '\0'; + } /* skip if we have permission to delete it */ - if (validate_option_array_item(val, NULL, true)) + if (validate_option_array_item(val, NULL, user_set, true)) continue; /* else add it to the output array */ @@ -6474,15 +6528,16 @@ GUCArrayReset(ArrayType *array) * Validate a proposed option setting for GUCArrayAdd/Delete/Reset. * * name is the option name. value is the proposed value for the Add case, - * or NULL for the Delete/Reset cases. If skipIfNoPermissions is true, it's - * not an error to have no permissions to set the option. + * or NULL for the Delete/Reset cases. user_set indicates this is the USER SET + * option. If skipIfNoPermissions is true, it's not an error to have no + * permissions to set the option. * * Returns true if OK, false if skipIfNoPermissions is true and user does not * have permission to change this option (all other error cases result in an * error being thrown). */ static bool -validate_option_array_item(const char *name, const char *value, +validate_option_array_item(const char *name, const char *value, bool user_set, bool skipIfNoPermissions) { @@ -6518,8 +6573,10 @@ validate_option_array_item(const char *name, const char *value, { /* * We cannot do any meaningful check on the value, so only permissions - * are useful to check. + * are useful to check. USER SET options are always allowed. */ + if (user_set) + return true; if (superuser() || pg_parameter_aclcheck(name, GetUserId(), ACL_SET) == ACLCHECK_OK) return true; diff --git a/src/backend/utils/misc/guc_funcs.c b/src/backend/utils/misc/guc_funcs.c index 108b3bd1290..963921710cd 100644 --- a/src/backend/utils/misc/guc_funcs.c +++ b/src/backend/utils/misc/guc_funcs.c @@ -166,12 +166,22 @@ ExecSetVariableStmt(VariableSetStmt *stmt, bool isTopLevel) char * ExtractSetVariableArgs(VariableSetStmt *stmt) { + switch (stmt->kind) { case VAR_SET_VALUE: return flatten_set_variable_args(stmt->name, stmt->args); case VAR_SET_CURRENT: - return GetConfigOptionByName(stmt->name, NULL, false); + { + struct config_generic *record; + char *result; + + result = GetConfigOptionByName(stmt->name, NULL, false); + record = find_option(stmt->name, false, false, ERROR); + stmt->user_set = (record->scontext == PGC_USERSET); + + return result; + } default: return NULL; } diff --git a/src/bin/pg_dump/dumputils.c b/src/bin/pg_dump/dumputils.c index 9311417f18c..dd0cf4e3a2e 100644 --- a/src/bin/pg_dump/dumputils.c +++ b/src/bin/pg_dump/dumputils.c @@ -16,6 +16,7 @@ #include +#include "common/guc-common.h" #include "dumputils.h" #include "fe_utils/string_utils.h" @@ -806,8 +807,8 @@ SplitGUCList(char *rawstring, char separator, /* * Helper function for dumping "ALTER DATABASE/ROLE SET ..." commands. * - * Parse the contents of configitem (a "name=value" string), wrap it in - * a complete ALTER command, and append it to buf. + * Parse the contents of configitem (a "name=value" or "name(u)=value" string), + * wrap it in a complete ALTER command, and append it to buf. * * type is DATABASE or ROLE, and name is the name of the database or role. * If we need an "IN" clause, type2 and name2 similarly define what to put @@ -822,6 +823,7 @@ makeAlterConfigCommand(PGconn *conn, const char *configitem, { char *mine; char *pos; + bool user_set = false; /* Parse the configitem. If we can't find an "=", silently do nothing. */ mine = pg_strdup(configitem); @@ -831,7 +833,13 @@ makeAlterConfigCommand(PGconn *conn, const char *configitem, pg_free(mine); return; } - *pos++ = '\0'; + if (GUC_ARRAY_IS_USERSET_SIGN_BEFORE(mine, pos)) + { + user_set = true; + *(pos - GUC_ARRAY_USERSET_SIGN_LEN) = '\0'; + } + else + *pos++ = '\0'; /* Build the command, with suitable quoting for everything. */ appendPQExpBuffer(buf, "ALTER %s %s ", type, fmtId(name)); @@ -874,6 +882,10 @@ makeAlterConfigCommand(PGconn *conn, const char *configitem, else appendStringLiteralConn(buf, pos, conn); + /* Add USER SET flag if specified in the string */ + if (user_set) + appendPQExpBufferStr(buf, "USER SET;\n"); + appendPQExpBufferStr(buf, ";\n"); pg_free(mine); diff --git a/src/bin/psql/tab-complete.c b/src/bin/psql/tab-complete.c index 89e7317c233..7d222680f53 100644 --- a/src/bin/psql/tab-complete.c +++ b/src/bin/psql/tab-complete.c @@ -4442,6 +4442,10 @@ psql_completion(const char *text, int start, int end) } } } + /* Complete ALTER DATABASE|ROLE|USER ... SET ... TO ... USER SET */ + else if (HeadMatches("ALTER", "DATABASE|ROLE|USER") && + TailMatches("SET", MatchAny, "TO|=", MatchAny)) + COMPLETE_WITH("USER SET"); /* START TRANSACTION */ else if (Matches("START")) diff --git a/src/include/common/guc-common.h b/src/include/common/guc-common.h new file mode 100644 index 00000000000..d2a84c3a574 --- /dev/null +++ b/src/include/common/guc-common.h @@ -0,0 +1,32 @@ +/*------------------------------------------------------------------------- + * + * guc-common.h + * Common declarations for Grand Unified Configuration. + * + * + * Portions Copyright (c) 1996-2022, PostgreSQL Global Development Group + * Portions Copyright (c) 1994, Regents of the University of California + * + * src/include/common/guc-common.h + * + *------------------------------------------------------------------------- + */ +#ifndef GUC_COMMON_H +#define GUC_COMMON_H + +/* + * The designator of USER SET value in GUC array. GUC name is not allowed + * to contain parentheses, so no conflict is possible. + */ +#define GUC_ARRAY_USERSET_SIGN "(u)" +#define GUC_ARRAY_USERSET_SIGN_LEN \ + (sizeof(GUC_ARRAY_USERSET_SIGN) - 1) +#define GUC_ARRAY_IS_USERSET_SIGN(s) \ + (strncmp((s), GUC_ARRAY_USERSET_SIGN, GUC_ARRAY_USERSET_SIGN_LEN) == 0) +#define GUC_ARRAY_IS_USERSET_SIGN_BEFORE(start, eqsign) \ + ((eqsign) - (start) >= GUC_ARRAY_USERSET_SIGN_LEN && \ + GUC_ARRAY_IS_USERSET_SIGN((eqsign) - GUC_ARRAY_USERSET_SIGN_LEN)) +#define GUC_ARRAY_IS_NAME_BORDER(s) \ + ((*(s)) == '=' || GUC_ARRAY_IS_USERSET_SIGN(s)) + +#endif /* GUC_COMMON_H */ diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index f17846e30e2..e8c9e0e8db0 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -2231,6 +2231,7 @@ typedef struct VariableSetStmt char *name; /* variable to be set */ List *args; /* List of A_Const nodes */ bool is_local; /* SET LOCAL? */ + bool user_set; } VariableSetStmt; /* ---------------------- diff --git a/src/include/utils/guc.h b/src/include/utils/guc.h index b3aaff9665b..9802973f086 100644 --- a/src/include/utils/guc.h +++ b/src/include/utils/guc.h @@ -12,6 +12,7 @@ #ifndef GUC_H #define GUC_H +#include "common/guc-common.h" #include "nodes/parsenodes.h" #include "tcop/dest.h" #include "utils/array.h" @@ -393,7 +394,8 @@ extern char *GetConfigOptionByName(const char *name, const char **varname, extern void ProcessGUCArray(ArrayType *array, GucContext context, GucSource source, GucAction action); -extern ArrayType *GUCArrayAdd(ArrayType *array, const char *name, const char *value); +extern ArrayType *GUCArrayAdd(ArrayType *array, const char *name, + const char *value, bool user_set); extern ArrayType *GUCArrayDelete(ArrayType *array, const char *name); extern ArrayType *GUCArrayReset(ArrayType *array); diff --git a/src/test/modules/Makefile b/src/test/modules/Makefile index 96addded814..c629cbe3830 100644 --- a/src/test/modules/Makefile +++ b/src/test/modules/Makefile @@ -25,6 +25,7 @@ SUBDIRS = \ test_misc \ test_oat_hooks \ test_parser \ + test_pg_db_role_setting \ test_pg_dump \ test_predtest \ test_rbtree \ diff --git a/src/test/modules/meson.build b/src/test/modules/meson.build index 1d265448549..911a768a294 100644 --- a/src/test/modules/meson.build +++ b/src/test/modules/meson.build @@ -19,6 +19,7 @@ subdir('test_lfind') subdir('test_misc') subdir('test_oat_hooks') subdir('test_parser') +subdir('test_pg_db_role_setting') subdir('test_pg_dump') subdir('test_predtest') subdir('test_rbtree') diff --git a/src/test/modules/test_pg_db_role_setting/.gitignore b/src/test/modules/test_pg_db_role_setting/.gitignore new file mode 100644 index 00000000000..5dcb3ff9723 --- /dev/null +++ b/src/test/modules/test_pg_db_role_setting/.gitignore @@ -0,0 +1,4 @@ +# Generated subdirectories +/log/ +/results/ +/tmp_check/ diff --git a/src/test/modules/test_pg_db_role_setting/Makefile b/src/test/modules/test_pg_db_role_setting/Makefile new file mode 100644 index 00000000000..aacd78f74c5 --- /dev/null +++ b/src/test/modules/test_pg_db_role_setting/Makefile @@ -0,0 +1,29 @@ +# src/test/modules/test_pg_db_role_setting/Makefile + +MODULE_big = test_pg_db_role_setting +OBJS = \ + $(WIN32RES) \ + test_pg_db_role_setting.o +EXTENSION = test_pg_db_role_setting +DATA = test_pg_db_role_setting--1.0.sql + +PGFILEDESC = "test_pg_db_role_setting - tests for default GUC values stored in pg_db_role_settings" + +REGRESS = test_pg_db_role_setting + +# disable installcheck for now +NO_INSTALLCHECK = 1 +# and also for now force NO_LOCALE and UTF8 +ENCODING = UTF8 +NO_LOCALE = 1 + +ifdef USE_PGXS +PG_CONFIG = pg_config +PGXS := $(shell $(PG_CONFIG) --pgxs) +include $(PGXS) +else +subdir = src/test/modules/test_pg_db_role_setting +top_builddir = ../../../.. +include $(top_builddir)/src/Makefile.global +include $(top_srcdir)/contrib/contrib-global.mk +endif diff --git a/src/test/modules/test_pg_db_role_setting/expected/test_pg_db_role_setting.out b/src/test/modules/test_pg_db_role_setting/expected/test_pg_db_role_setting.out new file mode 100644 index 00000000000..7544e454b4c --- /dev/null +++ b/src/test/modules/test_pg_db_role_setting/expected/test_pg_db_role_setting.out @@ -0,0 +1,137 @@ +CREATE EXTENSION test_pg_db_role_setting; +CREATE USER super_user SUPERUSER; +CREATE USER regular_user; +\c - regular_user +-- successfully set a placeholder value +SET test_pg_db_role_setting.superuser_param = 'aaa'; +-- module is loaded, the placeholder value is thrown away +SELECT load_test_pg_db_role_setting(); +WARNING: permission denied to set parameter "test_pg_db_role_setting.superuser_param" + load_test_pg_db_role_setting +------------------------------ + +(1 row) + +SHOW test_pg_db_role_setting.superuser_param; + test_pg_db_role_setting.superuser_param +----------------------------------------- + superuser_param_value +(1 row) + +SHOW test_pg_db_role_setting.user_param; + test_pg_db_role_setting.user_param +------------------------------------ + user_param_value +(1 row) + +\c - regular_user +-- fail, not privileges +ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'aaa'; +ERROR: permission denied to set parameter "test_pg_db_role_setting.superuser_param" +ALTER ROLE regular_user SET test_pg_db_role_setting.user_param = 'bbb'; +ERROR: permission denied to set parameter "test_pg_db_role_setting.user_param" +-- success for USER SET parameters +ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'aaa' USER SET; +ALTER ROLE regular_user SET test_pg_db_role_setting.user_param = 'bbb' USER SET; +SELECT setconfig FROM pg_db_role_setting WHERE setrole = 'regular_user'::regrole; + setconfig +-------------------------------------------------------------------------------------------- + {test_pg_db_role_setting.superuser_param(u)=aaa,test_pg_db_role_setting.user_param(u)=bbb} +(1 row) + +\c - regular_user +-- successfully set placeholders +SHOW test_pg_db_role_setting.superuser_param; + test_pg_db_role_setting.superuser_param +----------------------------------------- + aaa +(1 row) + +SHOW test_pg_db_role_setting.user_param; + test_pg_db_role_setting.user_param +------------------------------------ + bbb +(1 row) + +-- module is loaded, the placeholder value of superuser param is thrown away +SELECT load_test_pg_db_role_setting(); +WARNING: permission denied to set parameter "test_pg_db_role_setting.superuser_param" + load_test_pg_db_role_setting +------------------------------ + +(1 row) + +SHOW test_pg_db_role_setting.superuser_param; + test_pg_db_role_setting.superuser_param +----------------------------------------- + superuser_param_value +(1 row) + +SHOW test_pg_db_role_setting.user_param; + test_pg_db_role_setting.user_param +------------------------------------ + bbb +(1 row) + +\c - super_user +ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'aaa'; +SELECT setconfig FROM pg_db_role_setting WHERE setrole = 'regular_user'::regrole; + setconfig +----------------------------------------------------------------------------------------- + {test_pg_db_role_setting.superuser_param=aaa,test_pg_db_role_setting.user_param(u)=bbb} +(1 row) + +\c - regular_user +-- don't have a priviledge to change superuser value to user set one +ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'ccc' USER SET; +ERROR: permission denied to set parameter "test_pg_db_role_setting.superuser_param" +\c - super_user +SELECT load_test_pg_db_role_setting(); + load_test_pg_db_role_setting +------------------------------ + +(1 row) + +-- give the privilege to set SUSET param to the regular user +GRANT SET ON PARAMETER test_pg_db_role_setting.superuser_param TO regular_user; +\c - regular_user +ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'ccc'; +SELECT setconfig FROM pg_db_role_setting WHERE setrole = 'regular_user'::regrole; + setconfig +----------------------------------------------------------------------------------------- + {test_pg_db_role_setting.superuser_param=ccc,test_pg_db_role_setting.user_param(u)=bbb} +(1 row) + +\c - regular_user +-- successfully set placeholders +SHOW test_pg_db_role_setting.superuser_param; + test_pg_db_role_setting.superuser_param +----------------------------------------- + ccc +(1 row) + +SHOW test_pg_db_role_setting.user_param; + test_pg_db_role_setting.user_param +------------------------------------ + bbb +(1 row) + +-- module is loaded, and placeholder values are succesfully set +SELECT load_test_pg_db_role_setting(); + load_test_pg_db_role_setting +------------------------------ + +(1 row) + +SHOW test_pg_db_role_setting.superuser_param; + test_pg_db_role_setting.superuser_param +----------------------------------------- + ccc +(1 row) + +SHOW test_pg_db_role_setting.user_param; + test_pg_db_role_setting.user_param +------------------------------------ + bbb +(1 row) + diff --git a/src/test/modules/test_pg_db_role_setting/meson.build b/src/test/modules/test_pg_db_role_setting/meson.build new file mode 100644 index 00000000000..3a6410cca21 --- /dev/null +++ b/src/test/modules/test_pg_db_role_setting/meson.build @@ -0,0 +1,35 @@ +# FIXME: prevent install during main install, but not during test :/ + +test_pg_db_role_setting_sources = files( + 'test_pg_db_role_setting.c', +) + +if host_system == 'windows' + test_pg_db_role_setting_sources += rc_lib_gen.process(win32ver_rc, extra_args: [ + '--NAME', 'test_pg_db_role_setting', + '--FILEDESC', 'test_pg_db_role_setting - tests for default GUC values stored in pg_db_role_settings',]) +endif + +test_pg_db_role_setting = shared_module('test_pg_db_role_setting', + test_pg_db_role_setting_sources, + kwargs: pg_mod_args, +) +testprep_targets += test_pg_db_role_setting + +install_data( + 'test_pg_db_role_setting.control', + 'test_pg_db_role_setting--1.0.sql', + kwargs: contrib_data_args, +) + +tests += { + 'name': 'test_pg_db_role_setting', + 'sd': meson.current_source_dir(), + 'bd': meson.current_build_dir(), + 'regress': { + 'sql': [ + 'test_pg_db_role_setting', + ], + 'regress_args': ['--no-locale', '--encoding=UTF8'], + }, +} diff --git a/src/test/modules/test_pg_db_role_setting/sql/test_pg_db_role_setting.sql b/src/test/modules/test_pg_db_role_setting/sql/test_pg_db_role_setting.sql new file mode 100644 index 00000000000..451781d014e --- /dev/null +++ b/src/test/modules/test_pg_db_role_setting/sql/test_pg_db_role_setting.sql @@ -0,0 +1,63 @@ +CREATE EXTENSION test_pg_db_role_setting; +CREATE USER super_user SUPERUSER; +CREATE USER regular_user; + +\c - regular_user +-- successfully set a placeholder value +SET test_pg_db_role_setting.superuser_param = 'aaa'; + +-- module is loaded, the placeholder value is thrown away +SELECT load_test_pg_db_role_setting(); + +SHOW test_pg_db_role_setting.superuser_param; +SHOW test_pg_db_role_setting.user_param; + +\c - regular_user +-- fail, not privileges +ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'aaa'; +ALTER ROLE regular_user SET test_pg_db_role_setting.user_param = 'bbb'; +-- success for USER SET parameters +ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'aaa' USER SET; +ALTER ROLE regular_user SET test_pg_db_role_setting.user_param = 'bbb' USER SET; + +SELECT setconfig FROM pg_db_role_setting WHERE setrole = 'regular_user'::regrole; + +\c - regular_user +-- successfully set placeholders +SHOW test_pg_db_role_setting.superuser_param; +SHOW test_pg_db_role_setting.user_param; + +-- module is loaded, the placeholder value of superuser param is thrown away +SELECT load_test_pg_db_role_setting(); + +SHOW test_pg_db_role_setting.superuser_param; +SHOW test_pg_db_role_setting.user_param; + +\c - super_user +ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'aaa'; +SELECT setconfig FROM pg_db_role_setting WHERE setrole = 'regular_user'::regrole; + +\c - regular_user +-- don't have a priviledge to change superuser value to user set one +ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'ccc' USER SET; + +\c - super_user +SELECT load_test_pg_db_role_setting(); +-- give the privilege to set SUSET param to the regular user +GRANT SET ON PARAMETER test_pg_db_role_setting.superuser_param TO regular_user; + +\c - regular_user +ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'ccc'; + +SELECT setconfig FROM pg_db_role_setting WHERE setrole = 'regular_user'::regrole; + +\c - regular_user +-- successfully set placeholders +SHOW test_pg_db_role_setting.superuser_param; +SHOW test_pg_db_role_setting.user_param; + +-- module is loaded, and placeholder values are succesfully set +SELECT load_test_pg_db_role_setting(); + +SHOW test_pg_db_role_setting.superuser_param; +SHOW test_pg_db_role_setting.user_param; diff --git a/src/test/modules/test_pg_db_role_setting/test_pg_db_role_setting--1.0.sql b/src/test/modules/test_pg_db_role_setting/test_pg_db_role_setting--1.0.sql new file mode 100644 index 00000000000..1ed3d285c7e --- /dev/null +++ b/src/test/modules/test_pg_db_role_setting/test_pg_db_role_setting--1.0.sql @@ -0,0 +1,7 @@ +/* src/test/modules/test_pg_db_role_setting/test_pg_db_role_setting--1.0.sql */ + +-- complain if script is sourced in psql, rather than via CREATE EXTENSION +\echo Use "CREATE EXTENSION test_pg_db_role_setting" to load this file. \quit + +CREATE FUNCTION load_test_pg_db_role_setting() RETURNS void + AS 'MODULE_PATHNAME' LANGUAGE C; diff --git a/src/test/modules/test_pg_db_role_setting/test_pg_db_role_setting.c b/src/test/modules/test_pg_db_role_setting/test_pg_db_role_setting.c new file mode 100644 index 00000000000..01b41b9c9a6 --- /dev/null +++ b/src/test/modules/test_pg_db_role_setting/test_pg_db_role_setting.c @@ -0,0 +1,57 @@ +/*-------------------------------------------------------------------------- + * + * test_pg_db_role_setting.c + * Code for testing mandatory access control (MAC) using object access hooks. + * + * Copyright (c) 2015-2022, PostgreSQL Global Development Group + * + * IDENTIFICATION + * src/test/modules/test_pg_db_role_setting/test_pg_db_role_setting.c + * + * ------------------------------------------------------------------------- + */ + +#include "postgres.h" + +#include "utils/guc.h" + +PG_MODULE_MAGIC; + +PG_FUNCTION_INFO_V1(load_test_pg_db_role_setting); + +static char *superuser_param; +static char *user_param; + +/* + * Module load callback + */ +void +_PG_init(void) +{ + DefineCustomStringVariable("test_pg_db_role_setting.superuser_param", + "Sample superuser parameter.", + NULL, + &superuser_param, + "superuser_param_value", + PGC_SUSET, + 0, + NULL, NULL, NULL); + + DefineCustomStringVariable("test_pg_db_role_setting.user_param", + "Sample user parameter.", + NULL, + &user_param, + "user_param_value", + PGC_USERSET, + 0, + NULL, NULL, NULL); +} + +/* + * Empty function, which is used just to trigger load of this module. + */ +Datum +load_test_pg_db_role_setting(PG_FUNCTION_ARGS) +{ + PG_RETURN_VOID(); +} diff --git a/src/test/modules/test_pg_db_role_setting/test_pg_db_role_setting.control b/src/test/modules/test_pg_db_role_setting/test_pg_db_role_setting.control new file mode 100644 index 00000000000..9678cff376d --- /dev/null +++ b/src/test/modules/test_pg_db_role_setting/test_pg_db_role_setting.control @@ -0,0 +1,7 @@ +# test_pg_db_role_setting extension +comment = 'test_pg_db_role_setting - tests for default GUC values stored in pg_db_role_setting' +default_version = '1.0' +module_pathname = '$libdir/test_pg_db_role_setting' +relocatable = true +superuser = false +trusted = true -- 2.24.3 (Apple Git-128)