Line data Source code
1 : /*
2 : * dummy_seclabel.c
3 : *
4 : * Dummy security label provider.
5 : *
6 : * This module does not provide anything worthwhile from a security
7 : * perspective, but allows regression testing independent of platform-specific
8 : * features like SELinux.
9 : *
10 : * Portions Copyright (c) 1996-2026, PostgreSQL Global Development Group
11 : * Portions Copyright (c) 1994, Regents of the University of California
12 : */
13 : #include "postgres.h"
14 :
15 : #include "commands/seclabel.h"
16 : #include "fmgr.h"
17 : #include "miscadmin.h"
18 : #include "utils/rel.h"
19 :
20 0 : PG_MODULE_MAGIC;
21 :
22 0 : PG_FUNCTION_INFO_V1(dummy_seclabel_dummy);
23 :
24 : static void
25 0 : dummy_object_relabel(const ObjectAddress *object, const char *seclabel)
26 : {
27 0 : if (seclabel == NULL ||
28 0 : strcmp(seclabel, "unclassified") == 0 ||
29 0 : strcmp(seclabel, "classified") == 0)
30 0 : return;
31 :
32 0 : if (strcmp(seclabel, "secret") == 0 ||
33 0 : strcmp(seclabel, "top secret") == 0)
34 : {
35 0 : if (!superuser())
36 0 : ereport(ERROR,
37 : (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
38 : errmsg("only superuser can set '%s' label", seclabel)));
39 0 : return;
40 : }
41 0 : ereport(ERROR,
42 : (errcode(ERRCODE_INVALID_NAME),
43 : errmsg("'%s' is not a valid security label", seclabel)));
44 0 : }
45 :
46 : void
47 0 : _PG_init(void)
48 : {
49 0 : register_label_provider("dummy", dummy_object_relabel);
50 0 : }
51 :
52 : /*
53 : * This function is here just so that the extension is not completely empty
54 : * and the dynamic library is loaded when CREATE EXTENSION runs.
55 : */
56 : Datum
57 0 : dummy_seclabel_dummy(PG_FUNCTION_ARGS)
58 : {
59 0 : PG_RETURN_VOID();
60 : }
|
