Skip to content

Commit

Permalink
Feat/rebuild only session user objects (#40)
Browse files Browse the repository at this point in the history 
* much simpler change to enforce view refresh ownership to only objects owned by the current session user.

* move owner test to outer query for masks to update.
  • Loading branch information
@michelp
michelp authored Nov 22, 2022
1 parent 8e49dde commit a8aea8e
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 12 deletions.
1 change: 0 additions & 1 deletion example/tce.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,4 +64,3 @@ SELECT format('ENCRYPT WITH KEY ID %s', (pgsodium.create_key('aead-det', 'bob_ke
AS seclabel \gset

SECURITY LABEL FOR pgsodium ON COLUMN bob_test.secret IS :'seclabel';

23 changes: 13 additions & 10 deletions sql/pgsodium--3.0.6--3.0.7.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,13 @@ SET search_path = '';


DROP FUNCTION pgsodium.create_mask_view(oid, integer, boolean);
CREATE FUNCTION pgsodium.create_mask_view(relid oid, subid integer, debug boolean = false, view_owner name = current_user)
CREATE FUNCTION pgsodium.create_mask_view(relid oid, subid integer, debug boolean = false)
RETURNS void AS
$$
DECLARE
body text;
source_name text;
view_owner text = session_user;
rule pgsodium.masking_rule;
BEGIN
SELECT * INTO STRICT rule FROM pgsodium.masking_rule WHERE attrelid = relid and attnum = subid ;
Expand Down Expand Up @@ -134,16 +135,16 @@ CREATE FUNCTION pgsodium.disable_security_label_trigger() RETURNS void AS
;

DROP FUNCTION pgsodium.update_mask(oid, boolean);
CREATE FUNCTION pgsodium.update_mask(target oid, debug boolean = false, view_owner name = current_user)
CREATE FUNCTION pgsodium.update_mask(target oid, debug boolean = false)
RETURNS void AS
$$
BEGIN
PERFORM pgsodium.disable_security_label_trigger();
PERFORM pgsodium.create_mask_view(objoid, objsubid, debug, view_owner)
FROM pg_catalog.pg_seclabel
WHERE objoid = target
AND label ILIKE 'ENCRYPT%'
AND provider = 'pgsodium';
PERFORM pgsodium.create_mask_view(objoid, objsubid, debug)
FROM pg_catalog.pg_seclabel sl
WHERE sl.objoid = target
AND sl.label ILIKE 'ENCRYPT%'
AND sl.provider = 'pgsodium';
PERFORM pgsodium.enable_security_label_trigger();
RETURN;
END
Expand All @@ -154,13 +155,15 @@ $$
;

DROP FUNCTION pgsodium.update_masks(boolean);
CREATE FUNCTION pgsodium.update_masks(debug boolean = false, view_owner name = current_user)
CREATE FUNCTION pgsodium.update_masks(debug boolean = false)
RETURNS void AS
$$
BEGIN
PERFORM pgsodium.update_mask(objoid, debug, view_owner)
FROM pg_catalog.pg_seclabel
PERFORM pgsodium.update_mask(objoid, debug)
FROM pg_catalog.pg_seclabel sl
JOIN pg_catalog.pg_class cl ON (cl.oid = sl.objoid)
WHERE label ilike 'ENCRYPT%'
AND cl.relowner = session_user::regrole::oid
AND provider = 'pgsodium';
RETURN;
END
Expand Down
8 changes: 7 additions & 1 deletion test/tce.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ COMMIT;
\c postgres bobo

BEGIN;
SELECT plan(8);
SELECT plan(9);

SELECT pgsodium.crypto_aead_det_noncegen() nonce \gset
SELECT pgsodium.crypto_aead_det_noncegen() nonce2 \gset
Expand Down Expand Up @@ -145,6 +145,12 @@ SELECT results_eq(
$$VALUES (true)$$,
'non-extension owner role can select from masking view');

SELECT lives_ok(
$test$
select pgsodium.update_masks()
$test$,
'can update only objects owned by session user');

SELECT * FROM finish();

\c postgres postgres
Expand Down

0 comments on commit a8aea8e

Please sign in to comment.