From 1a404a593b78681a4181920ff3935320bc9df17f Mon Sep 17 00:00:00 2001 From: Satoshi Nagayasu Date: Sat, 29 Aug 2015 05:06:56 +0000 Subject: [PATCH 01/10] Fix to suppress `unused-const-variable' warning. --- sql_firewall.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sql_firewall.c b/sql_firewall.c index a15b340..b6720b2 100644 --- a/sql_firewall.c +++ b/sql_firewall.c @@ -229,6 +229,7 @@ typedef enum PGSS_TRACK_ALL /* all statements, including nested ones */ } PGSSTrackLevel; +#ifdef NOT_USED static const struct config_enum_entry track_options[] = { {"none", PGSS_TRACK_NONE, false}, @@ -236,6 +237,7 @@ static const struct config_enum_entry track_options[] = {"all", PGSS_TRACK_ALL, false}, {NULL, 0, false} }; +#endif typedef enum { From 68c74bea432086a9c5fb4d5b958d71f246c2d238 Mon Sep 17 00:00:00 2001 From: Satoshi Nagayasu Date: Sat, 29 Aug 2015 11:08:50 +0000 Subject: [PATCH 02/10] Fix sql_firewall_import_rule() to check file status before importing a rule file. --- sql_firewall.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/sql_firewall.c b/sql_firewall.c index a15b340..18f5ca4 100644 --- a/sql_firewall.c +++ b/sql_firewall.c @@ -67,6 +67,7 @@ */ #include "postgres.h" +#include #include #include @@ -2003,6 +2004,23 @@ sql_firewall_import_rule(PG_FUNCTION_ARGS) (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("sql_firewall_import_rule() is available only under the disable mode"))); + { + struct stat st; + + if (stat(rule_file, &st) != 0) + { + ereport(ERROR, + (errmsg("could not stat file \"%s\": %m", + rule_file))); + } + if (!S_ISREG(st.st_mode)) + { + ereport(ERROR, + (errmsg("\"%s\" is not a regular file", + rule_file))); + } + } + filep = AllocateFile(rule_file, PG_BINARY_R); if (filep == NULL) ereport(ERROR, From e3b093d20788bfbaccd169d95bc07171d5938459 Mon Sep 17 00:00:00 2001 From: Satoshi Nagayasu Date: Tue, 1 Sep 2015 04:36:06 +0000 Subject: [PATCH 03/10] Fix JumbleRangeTable() to jumble query with relation name. Previously, JumbleRangeTable() used relation oid on query jumbling, and it resulted different queryid when relid gets changed. Now, JumbleRangeTable() uses relation name instead of relid to calculate queryid, so queryid could be the same when table gets dropped and created with the same name. --- sql_firewall.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sql_firewall.c b/sql_firewall.c index a15b340..5c2d493 100644 --- a/sql_firewall.c +++ b/sql_firewall.c @@ -85,6 +85,8 @@ #include "tcop/utility.h" #include "utils/builtins.h" #include "utils/memutils.h" +#include "utils/rel.h" +#include "utils/relcache.h" PG_MODULE_MAGIC; @@ -1228,6 +1230,8 @@ pgss_store(const char *query, uint32 queryId, Assert(query != NULL); + elog(DEBUG1, "pgss_store: query=\"%s\" queryid=%u", query, queryId); + /* Safety check... */ if (!pgss || !pgss_hash) return; @@ -2753,6 +2757,7 @@ static void JumbleRangeTable(pgssJumbleState *jstate, List *rtable) { ListCell *lc; + Relation rel; foreach(lc, rtable) { @@ -2763,7 +2768,9 @@ JumbleRangeTable(pgssJumbleState *jstate, List *rtable) switch (rte->rtekind) { case RTE_RELATION: - APP_JUMB(rte->relid); + rel = RelationIdGetRelation(rte->relid); + APP_JUMB_STRING(RelationGetRelationName(rel)); + RelationClose(rel); break; case RTE_SUBQUERY: JumbleQuery(jstate, rte->subquery); From 69d6b0eca578a164a337cd2c6aa5fb3596343480 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodolphe=20Qui=C3=A9deville?= Date: Wed, 2 Sep 2015 09:03:40 +0200 Subject: [PATCH 04/10] FIX small typo, missing char --- README.sql_firewall | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.sql_firewall b/README.sql_firewall index 0c97b35..86730f6 100644 --- a/README.sql_firewall +++ b/README.sql_firewall @@ -154,7 +154,7 @@ Views * sql_firewall.sql_firewall_stat - sql_firewall_stat view has two couters: "sql_warning" and + sql_firewall_stat view has two counters: "sql_warning" and "sql_error". "sql_warning" shows number of executed queries with warnings in the From 9011fc8e8db6bfa3cfb3cec364cffdf5ff795918 Mon Sep 17 00:00:00 2001 From: Satoshi Nagayasu Date: Sat, 5 Sep 2015 11:52:42 +0000 Subject: [PATCH 05/10] Add copyright notice. --- COPYRIGHT | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 COPYRIGHT diff --git a/COPYRIGHT b/COPYRIGHT new file mode 100644 index 0000000..16ed33c --- /dev/null +++ b/COPYRIGHT @@ -0,0 +1,24 @@ +PostgreSQL Database Management System +(formerly known as Postgres, then as Postgres95) + +Portions Copyright (c) 1996-2015, PostgreSQL Global Development Group +Portions Copyright (c) 2015, Uptime Technologies, LLC + +Portions Copyright (c) 1994, The Regents of the University of California + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose, without fee, and without a written agreement +is hereby granted, provided that the above copyright notice and this +paragraph and the following two paragraphs appear in all copies. + +IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR +DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING +LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS +DOCUMENTATION, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + +THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES, +INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS +ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATIONS TO +PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. From bd396783b71fe36ae1afde79de124640ba43eb83 Mon Sep 17 00:00:00 2001 From: Satoshi Nagayasu Date: Sat, 19 Sep 2015 18:26:51 +0900 Subject: [PATCH 06/10] Fix copyright notice. --- COPYRIGHT | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/COPYRIGHT b/COPYRIGHT index 16ed33c..a756bb2 100644 --- a/COPYRIGHT +++ b/COPYRIGHT @@ -1,9 +1,7 @@ -PostgreSQL Database Management System -(formerly known as Postgres, then as Postgres95) +SQL Firewall Extension for PostgreSQL -Portions Copyright (c) 1996-2015, PostgreSQL Global Development Group Portions Copyright (c) 2015, Uptime Technologies, LLC - +Portions Copyright (c) 1996-2015, PostgreSQL Global Development Group Portions Copyright (c) 1994, The Regents of the University of California Permission to use, copy, modify, and distribute this software and its From ec60b33b6210950c06c93aafef6b5cac55d06fb9 Mon Sep 17 00:00:00 2001 From: Satoshi Nagayasu Date: Sun, 6 Sep 2015 10:17:48 +0000 Subject: [PATCH 07/10] Fix JumbleExpr() to use function name on query jumbling instead of the oid. To keep the same queryid after re-creating (user) functions, JumbleExpr() has to use function name instead of the oid. Although JumbleExpr() still depends on several oids of other type of database objects, such as window functions or aggregation functions, using user function name and table name seems to be good enough so far. See /* FIXME */ comments for those objects which still use oid. --- sql_firewall.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/sql_firewall.c b/sql_firewall.c index 0962b73..2a28c10 100644 --- a/sql_firewall.c +++ b/sql_firewall.c @@ -86,6 +86,7 @@ #include "tcop/utility.h" #include "utils/builtins.h" #include "utils/memutils.h" +#include "utils/lsyscache.h" #include "utils/rel.h" #include "utils/relcache.h" @@ -2877,7 +2878,7 @@ JumbleExpr(pgssJumbleState *jstate, Node *node) Param *p = (Param *) node; APP_JUMB(p->paramkind); - APP_JUMB(p->paramid); + APP_JUMB(p->paramid); /* FIXME */ APP_JUMB(p->paramtype); } break; @@ -2885,7 +2886,7 @@ JumbleExpr(pgssJumbleState *jstate, Node *node) { Aggref *expr = (Aggref *) node; - APP_JUMB(expr->aggfnoid); + APP_JUMB(expr->aggfnoid); /* FIXME */ JumbleExpr(jstate, (Node *) expr->aggdirectargs); JumbleExpr(jstate, (Node *) expr->args); JumbleExpr(jstate, (Node *) expr->aggorder); @@ -2897,7 +2898,7 @@ JumbleExpr(pgssJumbleState *jstate, Node *node) { WindowFunc *expr = (WindowFunc *) node; - APP_JUMB(expr->winfnoid); + APP_JUMB(expr->winfnoid); /* FIXME */ APP_JUMB(expr->winref); JumbleExpr(jstate, (Node *) expr->args); JumbleExpr(jstate, (Node *) expr->aggfilter); @@ -2916,8 +2917,9 @@ JumbleExpr(pgssJumbleState *jstate, Node *node) case T_FuncExpr: { FuncExpr *expr = (FuncExpr *) node; + char *funcname = get_func_name(expr->funcid); - APP_JUMB(expr->funcid); + APP_JUMB_STRING(funcname); JumbleExpr(jstate, (Node *) expr->args); } break; @@ -3017,7 +3019,7 @@ JumbleExpr(pgssJumbleState *jstate, Node *node) { CollateExpr *ce = (CollateExpr *) node; - APP_JUMB(ce->collOid); + APP_JUMB(ce->collOid); /* FIXME */ JumbleExpr(jstate, (Node *) ce->arg); } break; @@ -3107,14 +3109,14 @@ JumbleExpr(pgssJumbleState *jstate, Node *node) { CoerceToDomainValue *cdv = (CoerceToDomainValue *) node; - APP_JUMB(cdv->typeId); + APP_JUMB(cdv->typeId); /* FIXME */ } break; case T_SetToDefault: { SetToDefault *sd = (SetToDefault *) node; - APP_JUMB(sd->typeId); + APP_JUMB(sd->typeId); /* FIXME */ } break; case T_CurrentOfExpr: From cd326f504097e56d1c87ca24469194da11a03d4e Mon Sep 17 00:00:00 2001 From: Satoshi Nagayasu Date: Sun, 20 Sep 2015 16:48:23 +0900 Subject: [PATCH 08/10] Fix JumbleQuery() to be exposed to other extensions. JumbleQuery() is exposed to other modules to calculate QueryId, and to keep it the same value in the different extensions. --- sql_firewall.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sql_firewall.c b/sql_firewall.c index 2a28c10..e80c0bd 100644 --- a/sql_firewall.c +++ b/sql_firewall.c @@ -206,6 +206,8 @@ typedef struct pgssJumbleState int clocations_count; } pgssJumbleState; +extern void JumbleQuery(pgssJumbleState *jstate, Query *query); + /*---- Local variables ----*/ /* Current nesting depth of ExecutorRun+ProcessUtility calls */ @@ -333,7 +335,6 @@ static void gc_qtexts(void); static void entry_reset(void); static void AppendJumble(pgssJumbleState *jstate, const unsigned char *item, Size size); -static void JumbleQuery(pgssJumbleState *jstate, Query *query); static void JumbleRangeTable(pgssJumbleState *jstate, List *rtable); static void JumbleExpr(pgssJumbleState *jstate, Node *node); static void RecordConstLocation(pgssJumbleState *jstate, int location); @@ -2747,7 +2748,7 @@ AppendJumble(pgssJumbleState *jstate, const unsigned char *item, Size size) * be deduced from child nodes (else we'd just be double-hashing that piece * of information). */ -static void +void JumbleQuery(pgssJumbleState *jstate, Query *query) { Assert(IsA(query, Query)); From 949617e476db14b2f3310c3d17ff0a3e6c5db357 Mon Sep 17 00:00:00 2001 From: Satoshi Nagayasu Date: Mon, 21 Sep 2015 14:24:46 +0900 Subject: [PATCH 09/10] Fix README to add new compatibility section. Compatibility about major versions and rule files explained. --- README.sql_firewall | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.sql_firewall b/README.sql_firewall index 86730f6..886764f 100644 --- a/README.sql_firewall +++ b/README.sql_firewall @@ -33,6 +33,18 @@ allows to execute even not in the firewall rules. And produces warnings if the queries are not in the rules. +Compatibility +------------- + +sql_firewall supports PostgreSQL 9.4.x. Other major versions would be +supported in the future release. + +Exported rule files would not be compatible between different +PostgreSQL major versions, because queryid is calculated from the +internal data structure (the Query structure) which is different in +different major versions. + + Installation ------------ From 5b64fb5305e1903099997f7b08a92d28b2c8a587 Mon Sep 17 00:00:00 2001 From: Satoshi Nagayasu Date: Mon, 21 Sep 2015 14:50:23 +0900 Subject: [PATCH 10/10] Add ChangeLog. --- ChangeLog | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 ChangeLog diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..63e5ce2 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,18 @@ +2015-09-23 Satoshi Nagayasu + + * Version 0.8.1 + * Fix sql_firewall.c to suppress `unused-const-variable' warning + on OS X. + * Fix sql_firewall_import_rule() to check file status before + importing a rule file. + * Fix JumbleRangeTable() to jumble query with relation name + instead of oid. + * Fix JumbleExpr() to use function name on query jumbling instead + of the oid. + * Fix README to add the Compatibility section. + * Add COPYRIGHT and ChangeLog. + +2015-08-24 Satoshi Nagayasu + + * Version 0.8 + * The first public release.