summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarko Kreen2007-07-31 15:12:58 +0000
committerMarko Kreen2007-07-31 15:12:58 +0000
commit65fe812c973f1433302fd6588f3b901821c6e0e1 (patch)
tree1acee080c498d269a91ed38e63bc7124507d1702
parenteb1bd1d72f8f6d772d9d9e7b283fb5579fd21506 (diff)
pgq: dont allow regular users directly insert to event tables
-rw-r--r--sql/pgq/functions/pgq.current_event_table.sql11
-rw-r--r--sql/pgq/functions/pgq.force_tick.sql4
-rw-r--r--sql/pgq/functions/pgq.grant_perms.sql41
-rw-r--r--sql/pgq/functions/pgq.insert_event.sql4
-rw-r--r--sql/pgq/functions/pgq.register_consumer.sql2
5 files changed, 44 insertions, 18 deletions
diff --git a/sql/pgq/functions/pgq.current_event_table.sql b/sql/pgq/functions/pgq.current_event_table.sql
index b20dac03..5349bb7e 100644
--- a/sql/pgq/functions/pgq.current_event_table.sql
+++ b/sql/pgq/functions/pgq.current_event_table.sql
@@ -3,13 +3,18 @@ returns text as $$
-- ----------------------------------------------------------------------
-- Function: pgq.current_event_table(1)
--
--- Return active event table for particular queue.
+-- Return active event table for particular queue.
+-- Event can be added to it without going via functions,
+-- e.g. by COPY.
--
-- Note:
--- The result is valid only during current transaction.
+-- The result is valid only during current transaction.
+--
+-- Permissions:
+-- Actual insertion requires superuser access.
--
-- Parameters:
--- x_queue_name - Queue name.
+-- x_queue_name - Queue name.
-- ----------------------------------------------------------------------
declare
res text;
diff --git a/sql/pgq/functions/pgq.force_tick.sql b/sql/pgq/functions/pgq.force_tick.sql
index 5c376ad6..0ea098d9 100644
--- a/sql/pgq/functions/pgq.force_tick.sql
+++ b/sql/pgq/functions/pgq.force_tick.sql
@@ -10,9 +10,9 @@ returns bigint as $$
-- Should be called in loop, with some delay until last tick
-- changes or too much time is passed.
--
--- Such function is needed because paraller calls o ticker() are
+-- Such function is needed because paraller calls of pgq.ticker() are
-- dangerous, and cannot be protected with locks as snapshot
--- is taken before.
+-- is taken before locking.
--
-- Parameters:
-- i_queue_name - Name of the queue
diff --git a/sql/pgq/functions/pgq.grant_perms.sql b/sql/pgq/functions/pgq.grant_perms.sql
index d2c00837..dc2e53df 100644
--- a/sql/pgq/functions/pgq.grant_perms.sql
+++ b/sql/pgq/functions/pgq.grant_perms.sql
@@ -12,25 +12,46 @@ returns integer as $$
-- nothing
-- ----------------------------------------------------------------------
declare
- q record;
- i integer;
+ q record;
+ i integer;
+ tbl_perms text;
+ seq_perms text;
begin
select * from pgq.queue into q
where queue_name = x_queue_name;
if not found then
raise exception 'Queue not found';
end if;
- execute 'grant select, update on '
- || q.queue_event_seq || ',' || q.queue_tick_seq
- || ' to public';
- execute 'grant select on '
- || q.queue_data_pfx
- || ' to public';
+
+ if true then
+ -- safe, all access must go via functions
+ seq_perms := 'select';
+ tbl_perms := 'select';
+ else
+ -- allow ordinery users to directly insert
+ -- to event tables. dangerous.
+ seq_perms := 'select, update';
+ tbl_perms := 'select, insert';
+ end if;
+
+ -- tick seq, normal users don't need to modify it
+ execute 'grant ' || seq_perms
+ || ' on ' || q.queue_tick_seq || ' to public';
+
+ -- event seq
+ execute 'grant ' || seq_perms
+ || ' on ' || q.queue_event_seq || ' to public';
+
+ -- parent table for events
+ execute 'grant select on ' || q.queue_data_pfx || ' to public';
+
+ -- real event tables
for i in 0 .. q.queue_ntables - 1 loop
- execute 'grant select, insert on '
- || q.queue_data_pfx || '_' || i
+ execute 'grant ' || tbl_perms
+ || ' on ' || q.queue_data_pfx || '_' || i
|| ' to public';
end loop;
+
return 1;
end;
$$ language plpgsql security definer;
diff --git a/sql/pgq/functions/pgq.insert_event.sql b/sql/pgq/functions/pgq.insert_event.sql
index 2adfcbc0..4c486724 100644
--- a/sql/pgq/functions/pgq.insert_event.sql
+++ b/sql/pgq/functions/pgq.insert_event.sql
@@ -16,7 +16,7 @@ returns bigint as $$
begin
return pgq.insert_event(queue_name, ev_type, ev_data, null, null, null, null);
end;
-$$ language plpgsql; -- event inserting needs no special perms
+$$ language plpgsql security definer;
@@ -45,5 +45,5 @@ begin
return pgq.insert_event_raw(queue_name, null, now(), null, null,
ev_type, ev_data, ev_extra1, ev_extra2, ev_extra3, ev_extra4);
end;
-$$ language plpgsql; -- event inserting needs no special perms
+$$ language plpgsql security definer;
diff --git a/sql/pgq/functions/pgq.register_consumer.sql b/sql/pgq/functions/pgq.register_consumer.sql
index 30d38792..ae19d01e 100644
--- a/sql/pgq/functions/pgq.register_consumer.sql
+++ b/sql/pgq/functions/pgq.register_consumer.sql
@@ -20,7 +20,7 @@ returns integer as $$
begin
return pgq.register_consumer(x_queue_name, x_consumer_id, NULL);
end;
-$$ language plpgsql; -- no perms needed
+$$ language plpgsql security definer;
create or replace function pgq.register_consumer(