pgq: dont allow regular users directly insert to event tables

author: Marko Kreen 2007-07-31 15:12:58 +0000
committer: Marko Kreen 2007-07-31 15:12:58 +0000
commit: 65fe812c973f1433302fd6588f3b901821c6e0e1 (patch)
tree: 1acee080c498d269a91ed38e63bc7124507d1702
parent: eb1bd1d72f8f6d772d9d9e7b283fb5579fd21506 (diff)
5 files changed, 44 insertions, 18 deletions
diff --git a/sql/pgq/functions/pgq.current_event_table.sql b/sql/pgq/functions/pgq.current_event_table.sql
index b20dac03..5349bb7e 100644
--- a/sql/pgq/functions/pgq.current_event_table.sql
+++ b/sql/pgq/functions/pgq.current_event_table.sql
@@ -3,13 +3,18 @@ returns text as $$
 -- ----------------------------------------------------------------------
 -- Function: pgq.current_event_table(1)
 --
---     Return active event table for particular queue.
+--      Return active event table for particular queue.
+--      Event can be added to it without going via functions,
+--      e.g. by COPY.
 --
 -- Note:
---     The result is valid only during current transaction.
+--      The result is valid only during current transaction.
+--
+-- Permissions:
+--      Actual insertion requires superuser access.
 --
 -- Parameters:
---     x_queue_name    - Queue name.
+--      x_queue_name    - Queue name.
 -- ----------------------------------------------------------------------
 declare
     res text;
diff --git a/sql/pgq/functions/pgq.force_tick.sql b/sql/pgq/functions/pgq.force_tick.sql
index 5c376ad6..0ea098d9 100644
--- a/sql/pgq/functions/pgq.force_tick.sql
+++ b/sql/pgq/functions/pgq.force_tick.sql
@@ -10,9 +10,9 @@ returns bigint as $$
 --      Should be called in loop, with some delay until last tick
 --      changes or too much time is passed.
 --
---      Such function is needed because paraller calls o ticker() are
+--      Such function is needed because paraller calls of pgq.ticker() are
 --      dangerous, and cannot be protected with locks as snapshot
---      is taken before.
+--      is taken before locking.
 --
 -- Parameters:
 --      i_queue_name     - Name of the queue
diff --git a/sql/pgq/functions/pgq.grant_perms.sql b/sql/pgq/functions/pgq.grant_perms.sql
index d2c00837..dc2e53df 100644
--- a/sql/pgq/functions/pgq.grant_perms.sql
+++ b/sql/pgq/functions/pgq.grant_perms.sql
@@ -12,25 +12,46 @@ returns integer as $$
 --      nothing
 -- ----------------------------------------------------------------------
 declare
-    q     record;
-    i     integer;
+    q           record;
+    i           integer;
+    tbl_perms   text;
+    seq_perms   text;
 begin
     select * from pgq.queue into q
         where queue_name = x_queue_name;
     if not found then
         raise exception 'Queue not found';
     end if;
-    execute 'grant select, update on '
-        || q.queue_event_seq || ',' || q.queue_tick_seq
-        || ' to public';
-    execute 'grant select on '
-        || q.queue_data_pfx
-        || ' to public';
+
+    if true then
+        -- safe, all access must go via functions
+        seq_perms := 'select';
+        tbl_perms := 'select';
+    else
+        -- allow ordinery users to directly insert
+        -- to event tables.  dangerous.
+        seq_perms := 'select, update';
+        tbl_perms := 'select, insert';
+    end if;
+
+    -- tick seq, normal users don't need to modify it
+    execute 'grant ' || seq_perms
+        || ' on ' || q.queue_tick_seq || ' to public';
+
+    -- event seq
+    execute 'grant ' || seq_perms
+        || ' on ' || q.queue_event_seq || ' to public';
+    
+    -- parent table for events
+    execute 'grant select on ' || q.queue_data_pfx || ' to public';
+
+    -- real event tables
     for i in 0 .. q.queue_ntables - 1 loop
-        execute 'grant select, insert on '
-            || q.queue_data_pfx || '_' || i
+        execute 'grant ' || tbl_perms
+            || ' on ' || q.queue_data_pfx || '_' || i
             || ' to public';
     end loop;
+
     return 1;
 end;
 $$ language plpgsql security definer;
diff --git a/sql/pgq/functions/pgq.insert_event.sql b/sql/pgq/functions/pgq.insert_event.sql
index 2adfcbc0..4c486724 100644
--- a/sql/pgq/functions/pgq.insert_event.sql
+++ b/sql/pgq/functions/pgq.insert_event.sql
@@ -16,7 +16,7 @@ returns bigint as $$
 begin
     return pgq.insert_event(queue_name, ev_type, ev_data, null, null, null, null);
 end;
-$$ language plpgsql;  -- event inserting needs no special perms
+$$ language plpgsql security definer;
 
 
 
@@ -45,5 +45,5 @@ begin
     return pgq.insert_event_raw(queue_name, null, now(), null, null,
             ev_type, ev_data, ev_extra1, ev_extra2, ev_extra3, ev_extra4);
 end;
-$$ language plpgsql;  -- event inserting needs no special perms
+$$ language plpgsql security definer;
 
diff --git a/sql/pgq/functions/pgq.register_consumer.sql b/sql/pgq/functions/pgq.register_consumer.sql
index 30d38792..ae19d01e 100644
--- a/sql/pgq/functions/pgq.register_consumer.sql
+++ b/sql/pgq/functions/pgq.register_consumer.sql
@@ -20,7 +20,7 @@ returns integer as $$
 begin
     return pgq.register_consumer(x_queue_name, x_consumer_id, NULL);
 end;
-$$ language plpgsql; -- no perms needed
+$$ language plpgsql security definer;
 
 
 create or replace function pgq.register_consumer(
author	Marko Kreen	2007-07-31 15:12:58 +0000
committer	Marko Kreen	2007-07-31 15:12:58 +0000
commit	65fe812c973f1433302fd6588f3b901821c6e0e1 (patch)
tree	1acee080c498d269a91ed38e63bc7124507d1702
parent	eb1bd1d72f8f6d772d9d9e7b283fb5579fd21506 (diff)