From a7748f71c3720308f50f516d7a9678cb1cb2c720 Mon Sep 17 00:00:00 2001 From: Rafa de la Torre Date: Wed, 11 Nov 2015 19:22:59 +0000 Subject: [PATCH] Add code to setup permissions properly Based on roles and by default closing everything. No need to tweak things outside of the extension. --- client/expected/00_installation_test.out | 4 ++++ client/expected/90_permissions_test.out | 19 +++++++++++++++++++ client/sql/0.0.1/90_permissions.sql | 15 +++++++++++++++ client/sql/00_installation_test.sql | 5 +++++ client/sql/90_permissions_test.sql | 12 ++++++++++++ 5 files changed, 55 insertions(+) create mode 100644 client/expected/90_permissions_test.out create mode 100644 client/sql/0.0.1/90_permissions.sql create mode 100644 client/sql/90_permissions_test.sql diff --git a/client/expected/00_installation_test.out b/client/expected/00_installation_test.out index 8e9e012..621ce99 100644 --- a/client/expected/00_installation_test.out +++ b/client/expected/00_installation_test.out @@ -12,3 +12,7 @@ SELECT cdb_geocoder_client._config_set('db_server_config', '{"connection_str": " -- Mock the server schema CREATE SCHEMA cdb_geocoder_server; +-- Create a test user to check permissions +DROP ROLE IF EXISTS test_regular_user; +CREATE ROLE test_regular_user; +GRANT publicuser TO test_regular_user; diff --git a/client/expected/90_permissions_test.out b/client/expected/90_permissions_test.out new file mode 100644 index 0000000..b861802 --- /dev/null +++ b/client/expected/90_permissions_test.out @@ -0,0 +1,19 @@ +-- Use regular user role +SET ROLE test_regular_user; +-- Exercise the public function +-- it is public, it shall work +SELECT cdb_geocoder_client.geocode_admin0_polygons('Spain'); +NOTICE: cdb_geocoder_client._geocode_admin0_polygons(3): [contrib_regression] REMOTE NOTICE: cbd_geocoder_server.geocode_admin0_polygons invoked with params (postgres, some_transaction_id, Spain) +CONTEXT: SQL statement "SELECT cdb_geocoder_client._geocode_admin0_polygons(session_user, txid_current(), country_name)" +PL/pgSQL function cdb_geocoder_client.geocode_admin0_polygons(text) line 5 at SQL statement + geocode_admin0_polygons +------------------------- + +(1 row) + +-- Check the regular user has no permissions on private functions +SELECT cdb_geocoder_client._geocode_admin0_polygons('evil_user', 666, 'Hell'); +ERROR: permission denied for function _geocode_admin0_polygons +-- Check the regular user cannot look into config table +SELECT * from cdb_geocoder_client._config; +ERROR: permission denied for relation _config diff --git a/client/sql/0.0.1/90_permissions.sql b/client/sql/0.0.1/90_permissions.sql new file mode 100644 index 0000000..80d6cea --- /dev/null +++ b/client/sql/0.0.1/90_permissions.sql @@ -0,0 +1,15 @@ +-- Make sure by default there are no permissions for publicuser +-- NOTE: this happens at extension creation time, as part of an implicit transaction. +REVOKE ALL PRIVILEGES ON SCHEMA cdb_geocoder_client FROM PUBLIC, publicuser CASCADE; + +-- Grant permissions on the schema to publicuser (but just the schema) +GRANT USAGE ON SCHEMA cdb_geocoder_client TO publicuser; + +-- Revoke execute permissions on all functions in the schema by default +REVOKE EXECUTE ON ALL FUNCTIONS IN SCHEMA cdb_geocoder_client FROM PUBLIC, publicuser; + +-------------------------------------------------------------------------------- + +-- Explicitly grant permissions to public functions +-- NOTE: All public functions must be listed below, grating permissions to publicuser +GRANT EXECUTE ON FUNCTION cdb_geocoder_client.geocode_admin0_polygons(country_name text) TO publicuser; diff --git a/client/sql/00_installation_test.sql b/client/sql/00_installation_test.sql index 8834800..4446f18 100644 --- a/client/sql/00_installation_test.sql +++ b/client/sql/00_installation_test.sql @@ -10,3 +10,8 @@ SELECT cdb_geocoder_client._config_set('db_server_config', '{"connection_str": " -- Mock the server schema CREATE SCHEMA cdb_geocoder_server; + +-- Create a test user to check permissions +DROP ROLE IF EXISTS test_regular_user; +CREATE ROLE test_regular_user; +GRANT publicuser TO test_regular_user; diff --git a/client/sql/90_permissions_test.sql b/client/sql/90_permissions_test.sql new file mode 100644 index 0000000..1d6a39a --- /dev/null +++ b/client/sql/90_permissions_test.sql @@ -0,0 +1,12 @@ +-- Use regular user role +SET ROLE test_regular_user; + +-- Exercise the public function +-- it is public, it shall work +SELECT cdb_geocoder_client.geocode_admin0_polygons('Spain'); + +-- Check the regular user has no permissions on private functions +SELECT cdb_geocoder_client._geocode_admin0_polygons('evil_user', 666, 'Hell'); + +-- Check the regular user cannot look into config table +SELECT * from cdb_geocoder_client._config;