Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix the 'role does not exist' error caused by uppercase characters in… #90

Merged
merged 1 commit into from
Sep 20, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions META.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "pgsodium",
"abstract": "Postgres extension for libsodium functions",
"description": "pgsodium is a PostgreSQL extension that exposes modern libsodium based cryptographic functions to SQL.",
"version": "3.1.8",
"version": "3.1.9",
"maintainer": [
"Michel Pelletier <[email protected]>"
],
Expand All @@ -13,7 +13,7 @@
"abstract": "Postgres extension for libsodium functions",
"file": "src/pgsodium.h",
"docfile": "README.md",
"version": "3.1.8"
"version": "3.1.9"
}
},
"prereqs": {
Expand Down
2 changes: 1 addition & 1 deletion pgsodium.control
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# pgsodium extension
comment = 'Postgres extension for libsodium functions'
default_version = '3.1.8'
default_version = '3.1.9'
relocatable = false
schema = pgsodium
127 changes: 127 additions & 0 deletions sql/pgsodium--3.1.8--3.1.9.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
CREATE OR REPLACE FUNCTION pgsodium.create_mask_view(relid oid, subid integer, debug boolean = false)
RETURNS void AS
$$
DECLARE
m record;
body text;
source_name text;
view_owner regrole = quote_ident(session_user);
rule pgsodium.masking_rule;
privs aclitem[];
priv record;
BEGIN
SELECT DISTINCT * INTO STRICT rule FROM pgsodium.masking_rule WHERE attrelid = relid AND attnum = subid;

source_name := relid::regclass::text;

BEGIN
SELECT relacl INTO STRICT privs FROM pg_catalog.pg_class WHERE oid = rule.view_name::regclass::oid;
EXCEPTION
WHEN undefined_table THEN
SELECT relacl INTO STRICT privs FROM pg_catalog.pg_class WHERE oid = relid;
END;

body = format(
$c$
DROP VIEW IF EXISTS %1$s;
CREATE VIEW %1$s %5$s AS SELECT %2$s
FROM %3$s;
ALTER VIEW %1$s OWNER TO %4$s;
$c$,
rule.view_name,
pgsodium.decrypted_columns(relid),
source_name,
view_owner,
CASE WHEN rule.security_invoker THEN 'WITH (security_invoker=true)' ELSE '' END
);
IF debug THEN
RAISE NOTICE '%', body;
END IF;
EXECUTE body;

FOR priv IN SELECT * FROM pg_catalog.aclexplode(privs) LOOP
body = format(
$c$
GRANT %s ON %s TO %s;
$c$,
priv.privilege_type,
rule.view_name,
priv.grantee::regrole::text
);
IF debug THEN
RAISE NOTICE '%', body;
END IF;
EXECUTE body;
END LOOP;

FOR m IN SELECT * FROM pgsodium.mask_columns where attrelid = relid LOOP
IF m.key_id IS NULL AND m.key_id_column is NULL THEN
CONTINUE;
ELSE
body = format(
$c$
DROP FUNCTION IF EXISTS %1$s."%2$s_encrypt_secret_%3$s"() CASCADE;

CREATE OR REPLACE FUNCTION %1$s."%2$s_encrypt_secret_%3$s"()
RETURNS TRIGGER
LANGUAGE plpgsql
AS $t$
BEGIN
%4$s;
RETURN new;
END;
$t$;

ALTER FUNCTION %1$s."%2$s_encrypt_secret_%3$s"() OWNER TO %5$s;

DROP TRIGGER IF EXISTS "%2$s_encrypt_secret_trigger_%3$s" ON %6$s;

CREATE TRIGGER "%2$s_encrypt_secret_trigger_%3$s"
BEFORE INSERT OR UPDATE OF "%3$s" ON %6$s
FOR EACH ROW
EXECUTE FUNCTION %1$s."%2$s_encrypt_secret_%3$s" ();
$c$,
rule.relnamespace,
rule.relname,
m.attname,
pgsodium.encrypted_column(relid, m),
view_owner,
source_name
);
if debug THEN
RAISE NOTICE '%', body;
END IF;
EXECUTE body;
END IF;
END LOOP;

raise notice 'about to masking role % %', source_name, rule.view_name;
PERFORM pgsodium.mask_role(oid::regrole, source_name, rule.view_name)
FROM pg_roles WHERE pgsodium.has_mask(oid::regrole, source_name);

RETURN;
END
$$
LANGUAGE plpgsql
VOLATILE
SET search_path='pg_catalog'
;

CREATE OR REPLACE FUNCTION pgsodium.update_masks(debug boolean = false)
RETURNS void AS
$$
BEGIN
PERFORM pgsodium.update_mask(objoid, debug)
FROM pg_catalog.pg_seclabel sl
JOIN pg_catalog.pg_class cl ON (cl.oid = sl.objoid)
WHERE label ilike 'ENCRYPT%'
AND cl.relowner = quote_ident(session_user)::regrole::oid
AND provider = 'pgsodium'
AND objoid::regclass != 'pgsodium.key'::regclass
;
RETURN;
END
$$
LANGUAGE plpgsql
SET search_path=''
;
6 changes: 3 additions & 3 deletions test/pgsodium_schema.sql
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ SELECT cmp_ok(current_setting('server_version_num')::int, '>=', 130000, format('


---- EXTENSION VERSION
SELECT results_eq('SELECT pgsodium.version()', $$VALUES ('3.1.8'::text)$$, 'Version of pgsodium is 3.1.8');
SELECT results_eq('SELECT pgsodium.version()', $$VALUES ('3.1.9'::text)$$, 'Version of pgsodium is 3.1.9');


---- EXTENSION OBJECTS
Expand Down Expand Up @@ -1007,7 +1007,7 @@ SELECT function_privs_are('pgsodium'::name, proname, proargtypes::regtype[]::tex
AND oidvectortypes(proargtypes) = 'oid, boolean';

SELECT unnest(ARRAY[
is(md5(prosrc), 'fb42e03b118baa4eec1ff6fd3773ef3e',
is(md5(prosrc), '2b415aec3b2a3421dd4b9c876abe620e',
format('Function pgsodium.%s(%s) body should match checksum',
proname, pg_get_function_identity_arguments(oid))
),
Expand Down Expand Up @@ -5674,7 +5674,7 @@ SELECT function_privs_are('pgsodium'::name, proname, proargtypes::regtype[]::tex
AND oidvectortypes(proargtypes) = 'oid, boolean';

SELECT unnest(ARRAY[
is(md5(prosrc), 'd87941beba33c2ac540f35d69dfa2a41',
is(md5(prosrc), '4a6d5b9fa57e3dbe4f8b2067a6f67c78',
format('Function pgsodium.%s(%s) body should match checksum',
proname, pg_get_function_identity_arguments(oid))
),
Expand Down
Loading