Provides callable veil2 functions. These are written in C for performance and to ensure that they cannot be easily subverted.
More...
|
static void | findContext (int *p_idx, int scope_type, int scope) |
|
static bool | checkContext (int *p_idx, int scope_type, int scope, int priv) |
|
static void | freeContextRolePrivs (ContextRolePrivs *cp) |
|
static void | clear_session_roleprivs () |
|
static SessionRolePrivs * | extendSessionRolePrivs (SessionRolePrivs *session_roleprivs) |
|
static void | add_scope_roleprivs (int scope_type, int scope, Bitmap *roles, Bitmap *privs) |
|
static void | update_scope_roleprivs (int scope_type, int scope, Bitmap *roles, Bitmap *privs) |
|
static bool | error_if_no_session () |
|
static bool | fetch_2ints (HeapTuple tuple, TupleDesc tupdesc, void *p_result) |
|
static void | create_temp_tables () |
|
static void | do_reset_session (bool clear_context) |
|
Datum | veil2_session_ready (FunctionCallInfo fcinfo) |
|
Datum | veil2_reset_session (FunctionCallInfo fcinfo) |
|
Datum | veil2_reset_session_privs (FunctionCallInfo fcinfo) |
|
Datum | veil2_session_context (FunctionCallInfo fcinfo) |
|
Datum | veil2_session_privileges (FunctionCallInfo fcinfo) |
|
Datum | veil2_add_session_privileges (FunctionCallInfo fcinfo) |
|
Datum | veil2_update_session_privileges (FunctionCallInfo fcinfo) |
|
Datum | veil2_true (FunctionCallInfo fcinfo) |
|
static bool | checkSessionReady () |
|
Datum | veil2_i_have_global_priv (FunctionCallInfo fcinfo) |
|
Datum | veil2_i_have_personal_priv (FunctionCallInfo fcinfo) |
|
Datum | veil2_i_have_priv_in_scope (FunctionCallInfo fcinfo) |
|
Datum | veil2_i_have_priv_in_scope_or_global (FunctionCallInfo fcinfo) |
|
Datum | veil2_i_have_priv_in_superior_scope (FunctionCallInfo fcinfo) |
|
Datum | veil2_i_have_priv_in_scope_or_superior (FunctionCallInfo fcinfo) |
|
Datum | veil2_i_have_priv_in_scope_or_superior_or_global (FunctionCallInfo fcinfo) |
|
Datum | veil2_result_counts (FunctionCallInfo fcinfo) |
|
static text * | textfromstr (char *in) |
|
Datum | veil2_docpath (FunctionCallInfo fcinfo) |
|
Datum | veil2_datapath (FunctionCallInfo fcinfo) |
|
Datum | veil2_version (FunctionCallInfo fcinfo) |
|
Provides callable veil2 functions. These are written in C for performance and to ensure that they cannot be easily subverted.
Author: Marc Munro
Copyright (c) 2020,2021 Marc Munro
License: GPL V3
Definition in file veil2.c.
Datum veil2_add_session_privileges |
( |
FunctionCallInfo |
fcinfo | ) |
|
veil2.add_session_privileges(scope_type_id, scope_id, roles, privileges)
Create a new in-memory session_privileges record. Note that this must be called with records ordered by scope_type_id, and scope_id. This is because we use a binary search to match the relevant scope when "querying" this structure internally.
- Parameters
-
integer | scope_type_id The type of scope |
integer | scope_id The id of the actual scope |
Bitmap | roles The roles assigned in the context for this scope |
Bitmap | privs The privileges that apply in this scope |
- Returns
- void
Definition at line 751 of file veil2.c.
Datum veil2_i_have_personal_priv |
( |
FunctionCallInfo |
fcinfo | ) |
|
veil2.i_have_personal_priv(priv, accessor_id) returns bool
Predicate to determine whether the current session user has a given privilege, priv
, in their personal scope (ie for data pertaining to themselves).
- Parameters
-
privilege_id | Integer giving privilege to test for |
accessor_id | Integer id for a party from the record being checked. |
- Returns
- boolean true if the session has the given privilege in the personal scope of the given accessor_id
Definition at line 864 of file veil2.c.
Datum veil2_i_have_priv_in_scope |
( |
FunctionCallInfo |
fcinfo | ) |
|
veil2.i_have_priv_in_scope(priv, scope_type_id, scope_id) returns bool
Predicate to determine whether the current session user has a given privilege, priv
, in a specific scope (scope_type_id
, scope_id
).
- Parameters
-
privilege_id | Integer giving privilege to test for |
scope_type_id | Integer id of the scope type to be checked |
scope_id | Integer id of the scop to be checked |
- Returns
- boolean true if the session has the given privilege for the given scope_type_id and scope_id
Definition at line 895 of file veil2.c.
Datum veil2_i_have_priv_in_scope_or_global |
( |
FunctionCallInfo |
fcinfo | ) |
|
veil2.i_have_priv_in_scope_or_global(priv, scope_type_id, scope_id) returns bool
Predicate to determine whether the current session user has a given privilege, priv
, in a specific scope (scope_type_id
, scope_id
), or in global scope.
- Parameters
-
privilege_id | Integer giving privilege to test for |
scope_type_id | Integer id of the scope type to be checked |
scope_id | Integer id of the scop to be checked |
- Returns
- boolean true if the session has the given privilege for the given scope_type_id and scope_id
Definition at line 927 of file veil2.c.
Datum veil2_i_have_priv_in_scope_or_superior |
( |
FunctionCallInfo |
fcinfo | ) |
|
veil2.i_have_priv_in_scope_or_superior(priv, scope_type_id, scope_id) returns bool
Predicate to determine whether the current session user has a given privilege, priv
, in the supplied scope or a superior one: scope_type_id
, scope_id
.
- Parameters
-
privilege_id | Integer giving privilege to test for |
scope_type_id | Integer id of the scope type to be checked |
scope_id | Integer id of the scop to be checked |
- Returns
- boolean true if the session has the given privilege in the scope given by scope_type_id and scope_id or a supeior one.
Definition at line 1019 of file veil2.c.
Datum veil2_i_have_priv_in_scope_or_superior_or_global |
( |
FunctionCallInfo |
fcinfo | ) |
|
veil2.i_have_priv_in_scope_or_superior_or_global(priv, scope_type_id, scope_id) returns bool
Predicate to determine whether the current session user has a given privilege, priv
, in global_scope, or the supplied scope, or a superior one: scope_type_id
, scope_id
.
- Parameters
-
privilege_id | Integer giving privilege to test for |
scope_type_id | Integer id of the scope type to be checked |
scope_id | Integer id of the scop to be checked |
- Returns
- boolean true if the session has the given privilege in the scope given by scope_type_id and scope_id or a supeior one or global scope.
Definition at line 1085 of file veil2.c.
Datum veil2_i_have_priv_in_superior_scope |
( |
FunctionCallInfo |
fcinfo | ) |
|
veil2.i_have_priv_in_superior_scope(priv, scope_type_id, scope_id) returns bool
Predicate to determine whether the current session user has a given privilege, priv
, in a superior scope to that supplied: scope_type_id
, scope_id
.
- Parameters
-
privilege_id | Integer giving privilege to test for |
scope_type_id | Integer id of the scope type to be checked |
scope_id | Integer id of the scop to be checked |
- Returns
- boolean true if the session has the given privilege in a scope superior to that given by scope_type_id and scope_id
Definition at line 963 of file veil2.c.
Datum veil2_update_session_privileges |
( |
FunctionCallInfo |
fcinfo | ) |
|
veil2.update_session_privileges(scope_type_id, scope_id, roles, privileges)
Update an in-memory session_privileges record, with new roles and prvs bitmaps.
- Parameters
-
integer | scope_type_id The type of scope |
integer | scope_id The id of the actual scope |
Bitmap | roles The roles assigned in the context for this scope |
Bitmap | privs The privileges that apply in this scope |
- Returns
- void
Definition at line 775 of file veil2.c.