diff options
author | Marko Kreen | 2007-07-31 15:12:58 +0000 |
---|---|---|
committer | Marko Kreen | 2007-07-31 15:12:58 +0000 |
commit | 65fe812c973f1433302fd6588f3b901821c6e0e1 (patch) | |
tree | 1acee080c498d269a91ed38e63bc7124507d1702 | |
parent | eb1bd1d72f8f6d772d9d9e7b283fb5579fd21506 (diff) |
pgq: dont allow regular users directly insert to event tables
-rw-r--r-- | sql/pgq/functions/pgq.current_event_table.sql | 11 | ||||
-rw-r--r-- | sql/pgq/functions/pgq.force_tick.sql | 4 | ||||
-rw-r--r-- | sql/pgq/functions/pgq.grant_perms.sql | 41 | ||||
-rw-r--r-- | sql/pgq/functions/pgq.insert_event.sql | 4 | ||||
-rw-r--r-- | sql/pgq/functions/pgq.register_consumer.sql | 2 |
5 files changed, 44 insertions, 18 deletions
diff --git a/sql/pgq/functions/pgq.current_event_table.sql b/sql/pgq/functions/pgq.current_event_table.sql index b20dac03..5349bb7e 100644 --- a/sql/pgq/functions/pgq.current_event_table.sql +++ b/sql/pgq/functions/pgq.current_event_table.sql @@ -3,13 +3,18 @@ returns text as $$ -- ---------------------------------------------------------------------- -- Function: pgq.current_event_table(1) -- --- Return active event table for particular queue. +-- Return active event table for particular queue. +-- Event can be added to it without going via functions, +-- e.g. by COPY. -- -- Note: --- The result is valid only during current transaction. +-- The result is valid only during current transaction. +-- +-- Permissions: +-- Actual insertion requires superuser access. -- -- Parameters: --- x_queue_name - Queue name. +-- x_queue_name - Queue name. -- ---------------------------------------------------------------------- declare res text; diff --git a/sql/pgq/functions/pgq.force_tick.sql b/sql/pgq/functions/pgq.force_tick.sql index 5c376ad6..0ea098d9 100644 --- a/sql/pgq/functions/pgq.force_tick.sql +++ b/sql/pgq/functions/pgq.force_tick.sql @@ -10,9 +10,9 @@ returns bigint as $$ -- Should be called in loop, with some delay until last tick -- changes or too much time is passed. -- --- Such function is needed because paraller calls o ticker() are +-- Such function is needed because paraller calls of pgq.ticker() are -- dangerous, and cannot be protected with locks as snapshot --- is taken before. +-- is taken before locking. -- -- Parameters: -- i_queue_name - Name of the queue diff --git a/sql/pgq/functions/pgq.grant_perms.sql b/sql/pgq/functions/pgq.grant_perms.sql index d2c00837..dc2e53df 100644 --- a/sql/pgq/functions/pgq.grant_perms.sql +++ b/sql/pgq/functions/pgq.grant_perms.sql @@ -12,25 +12,46 @@ returns integer as $$ -- nothing -- ---------------------------------------------------------------------- declare - q record; - i integer; + q record; + i integer; + tbl_perms text; + seq_perms text; begin select * from pgq.queue into q where queue_name = x_queue_name; if not found then raise exception 'Queue not found'; end if; - execute 'grant select, update on ' - || q.queue_event_seq || ',' || q.queue_tick_seq - || ' to public'; - execute 'grant select on ' - || q.queue_data_pfx - || ' to public'; + + if true then + -- safe, all access must go via functions + seq_perms := 'select'; + tbl_perms := 'select'; + else + -- allow ordinery users to directly insert + -- to event tables. dangerous. + seq_perms := 'select, update'; + tbl_perms := 'select, insert'; + end if; + + -- tick seq, normal users don't need to modify it + execute 'grant ' || seq_perms + || ' on ' || q.queue_tick_seq || ' to public'; + + -- event seq + execute 'grant ' || seq_perms + || ' on ' || q.queue_event_seq || ' to public'; + + -- parent table for events + execute 'grant select on ' || q.queue_data_pfx || ' to public'; + + -- real event tables for i in 0 .. q.queue_ntables - 1 loop - execute 'grant select, insert on ' - || q.queue_data_pfx || '_' || i + execute 'grant ' || tbl_perms + || ' on ' || q.queue_data_pfx || '_' || i || ' to public'; end loop; + return 1; end; $$ language plpgsql security definer; diff --git a/sql/pgq/functions/pgq.insert_event.sql b/sql/pgq/functions/pgq.insert_event.sql index 2adfcbc0..4c486724 100644 --- a/sql/pgq/functions/pgq.insert_event.sql +++ b/sql/pgq/functions/pgq.insert_event.sql @@ -16,7 +16,7 @@ returns bigint as $$ begin return pgq.insert_event(queue_name, ev_type, ev_data, null, null, null, null); end; -$$ language plpgsql; -- event inserting needs no special perms +$$ language plpgsql security definer; @@ -45,5 +45,5 @@ begin return pgq.insert_event_raw(queue_name, null, now(), null, null, ev_type, ev_data, ev_extra1, ev_extra2, ev_extra3, ev_extra4); end; -$$ language plpgsql; -- event inserting needs no special perms +$$ language plpgsql security definer; diff --git a/sql/pgq/functions/pgq.register_consumer.sql b/sql/pgq/functions/pgq.register_consumer.sql index 30d38792..ae19d01e 100644 --- a/sql/pgq/functions/pgq.register_consumer.sql +++ b/sql/pgq/functions/pgq.register_consumer.sql @@ -20,7 +20,7 @@ returns integer as $$ begin return pgq.register_consumer(x_queue_name, x_consumer_id, NULL); end; -$$ language plpgsql; -- no perms needed +$$ language plpgsql security definer; create or replace function pgq.register_consumer( |