PostGIS  2.4.9dev-r@@SVN_REVISION@@
long_xact.c
Go to the documentation of this file.
1 /**********************************************************************
2  *
3  * PostGIS - Spatial Types for PostgreSQL
4  * http://postgis.net
5  *
6  * PostGIS is free software: you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation, either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * PostGIS is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with PostGIS. If not, see <http://www.gnu.org/licenses/>.
18  *
19  **********************************************************************
20  *
21  * Copyright (C) 2006 Refractions Research Inc.
22  *
23  **********************************************************************/
24 
25 
26 #include "postgres.h"
27 #include "access/xact.h"
28 #include "executor/spi.h" /* this is what you need to work with SPI */
29 #include "commands/trigger.h" /* ... and triggers */
30 #include "utils/lsyscache.h" /* for get_namespace_name() */
31 #include "utils/rel.h"
32 #include "../postgis_config.h"
33 #include "lwgeom_pg.h"
34 
35 #define ABORT_ON_AUTH_FAILURE 1
36 
37 Datum check_authorization(PG_FUNCTION_ARGS);
38 Datum getTransactionID(PG_FUNCTION_ARGS);
39 
40 /*
41  * This trigger will check for authorization before
42  * allowing UPDATE or DELETE of specific rows.
43  * Rows are identified by the provided column.
44  * Authorization info is extracted by the
45  * "authorization_table"
46  *
47  */
49 Datum check_authorization(PG_FUNCTION_ARGS)
50 {
51  TriggerData *trigdata = (TriggerData *) fcinfo->context;
52  char *colname;
53  HeapTuple rettuple_ok;
54  HeapTuple rettuple_fail;
55  TupleDesc tupdesc;
56  int SPIcode;
57  char query[1024];
58  const char *pk_id = NULL;
59  SPITupleTable *tuptable;
60  HeapTuple tuple;
61  char *lockcode;
62  char *authtable = "authorization_table";
63  const char *op;
64 #define ERRMSGLEN 256
65  char err_msg[ERRMSGLEN];
66 
67 
68  /* Make sure trigdata is pointing at what I expect */
69  if ( ! CALLED_AS_TRIGGER(fcinfo) )
70  {
71  elog(ERROR,"check_authorization: not fired by trigger manager");
72  }
73 
74  if ( ! TRIGGER_FIRED_BEFORE(trigdata->tg_event) )
75  {
76  elog(ERROR,"check_authorization: not fired *before* event");
77  }
78 
79  if ( TRIGGER_FIRED_BY_UPDATE(trigdata->tg_event) )
80  {
81  rettuple_ok = trigdata->tg_newtuple;
82  rettuple_fail = NULL;
83  op = "UPDATE";
84  }
85  else if ( TRIGGER_FIRED_BY_DELETE(trigdata->tg_event) )
86  {
87  rettuple_ok = trigdata->tg_trigtuple;
88  rettuple_fail = NULL;
89  op = "DELETE";
90  }
91  else
92  {
93  elog(ERROR,"check_authorization: not fired by update or delete");
94  PG_RETURN_NULL();
95  }
96 
97 
98  tupdesc = trigdata->tg_relation->rd_att;
99 
100  /* Connect to SPI manager */
101  SPIcode = SPI_connect();
102 
103  if (SPIcode != SPI_OK_CONNECT)
104  {
105  elog(ERROR,"check_authorization: could not connect to SPI");
106  PG_RETURN_NULL() ;
107  }
108 
109  colname = trigdata->tg_trigger->tgargs[0];
110  pk_id = SPI_getvalue(trigdata->tg_trigtuple, tupdesc,
111  SPI_fnumber(tupdesc, colname));
112 
113  POSTGIS_DEBUG(3, "check_authorization called");
114 
115  sprintf(query,"SELECT authid FROM \"%s\" WHERE expires >= now() AND toid = '%d' AND rid = '%s'", authtable, trigdata->tg_relation->rd_id, pk_id);
116 
117  POSTGIS_DEBUGF(3 ,"about to execute :%s", query);
118 
119  SPIcode = SPI_exec(query,0);
120  if (SPIcode !=SPI_OK_SELECT )
121  elog(ERROR,"couldnt execute to test for lock :%s",query);
122 
123  if (!SPI_processed )
124  {
125  POSTGIS_DEBUGF(3, "there is NO lock on row '%s'", pk_id);
126 
127  SPI_finish();
128  return PointerGetDatum(rettuple_ok);
129  }
130 
131  /* there is a lock - check to see if I have rights to it! */
132 
133  tuptable = SPI_tuptable;
134  tupdesc = tuptable->tupdesc;
135  tuple = tuptable->vals[0];
136  lockcode = SPI_getvalue(tuple, tupdesc, 1);
137 
138  POSTGIS_DEBUGF(3, "there is a lock on row '%s' (auth: '%s').", pk_id, lockcode);
139 
140  /*
141  * check to see if temp_lock_have_table table exists
142  * (it might not exist if they own no locks)
143  */
144  sprintf(query,"SELECT * FROM pg_class WHERE relname = 'temp_lock_have_table'");
145  SPIcode = SPI_exec(query,0);
146  if (SPIcode != SPI_OK_SELECT )
147  elog(ERROR,"couldnt execute to test for lockkey temp table :%s",query);
148  if (SPI_processed==0)
149  {
150  goto fail;
151  }
152 
153  sprintf(query, "SELECT * FROM temp_lock_have_table WHERE xideq( transid, getTransactionID() ) AND lockcode ='%s'", lockcode);
154 
155  POSTGIS_DEBUGF(3, "about to execute :%s", query);
156 
157  SPIcode = SPI_exec(query,0);
158  if (SPIcode != SPI_OK_SELECT )
159  elog(ERROR, "couldnt execute to test for lock acquire: %s", query);
160 
161  if (SPI_processed >0)
162  {
163  POSTGIS_DEBUG(3, "I own the lock - I can modify the row");
164 
165  SPI_finish();
166  return PointerGetDatum(rettuple_ok);
167  }
168 
169 fail:
170 
171  snprintf(err_msg, ERRMSGLEN, "%s where \"%s\" = '%s' requires authorization '%s'",
172  op, colname, pk_id, lockcode);
173  err_msg[ERRMSGLEN-1] = '\0';
174 
175 #ifdef ABORT_ON_AUTH_FAILURE
176  elog(ERROR, "%s", err_msg);
177 #else
178  elog(NOTICE, "%s", err_msg);
179 #endif
180 
181  SPI_finish();
182  return PointerGetDatum(rettuple_fail);
183 
184 
185 }
186 
188 Datum getTransactionID(PG_FUNCTION_ARGS)
189 {
190  TransactionId xid = GetCurrentTransactionId();
191  PG_RETURN_DATUM( TransactionIdGetDatum(xid) );
192 }
Datum getTransactionID(PG_FUNCTION_ARGS)
Definition: long_xact.c:188
#define ERRMSGLEN
Datum check_authorization(PG_FUNCTION_ARGS)
Definition: long_xact.c:49
PG_FUNCTION_INFO_V1(check_authorization)
if(!(yy_init))