From 457641a2dda4967c359f68f4a459f65ed69d521f Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Thu, 28 Jul 2022 10:43:23 +0200 Subject: [PATCH] introduce referential integrity for role identification - part 2 assume --- .run/30-run-all.sql.run.xml | 8 -------- sql/10-rbac-base.sql | 17 +++++++++++++++++ sql/21-hs-customer.sql | 17 ++++++++++++++++- sql/22-hs-packages.sql | 2 +- sql/23-hs-unixuser.sql | 2 +- sql/24-hs-domain.sql | 2 +- sql/25-hs-emailaddress.sql | 2 +- sql/{28--hs-tests.sql => 28-hs-tests.sql} | 4 ++-- sql/examples.sql | 9 --------- sql/{19--rbac-tests.sql => rbac-tests.sql} | 0 ...ons.sql => rbac-view-option-experiments.sql} | 0 11 files changed, 39 insertions(+), 24 deletions(-) delete mode 100644 .run/30-run-all.sql.run.xml rename sql/{28--hs-tests.sql => 28-hs-tests.sql} (98%) rename sql/{19--rbac-tests.sql => rbac-tests.sql} (100%) rename sql/{11--rbac-view-options.sql => rbac-view-option-experiments.sql} (100%) diff --git a/.run/30-run-all.sql.run.xml b/.run/30-run-all.sql.run.xml deleted file mode 100644 index e17e8564..00000000 --- a/.run/30-run-all.sql.run.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - FILE - - - - \ No newline at end of file diff --git a/sql/10-rbac-base.sql b/sql/10-rbac-base.sql index 68124563..06ba3442 100644 --- a/sql/10-rbac-base.sql +++ b/sql/10-rbac-base.sql @@ -670,6 +670,21 @@ BEGIN RETURN string_to_array(currentSubject, ';'); END; $$; +CREATE OR REPLACE FUNCTION findUuidByIdName(objectTable varchar, objectIdName varchar) + RETURNS uuid + RETURNS NULL ON NULL INPUT + LANGUAGE plpgsql AS $$ +DECLARE + +BEGIN + /*sql = 'E ' || baseTable || '_historicize' || + ' AFTER INSERT OR DELETE OR UPDATE ON ' || baseTable || + ' FOR EACH ROW EXECUTE PROCEDURE historicize()'; + RAISE NOTICE 'sql: %', createTriggerSQL; + EXECUTE createTriggerSQ*/ + + RETURN customerUuidByIdName(objectIdName); +END; $$; ROLLBACK; SET SESSION AUTHORIZATION DEFAULT; @@ -702,6 +717,8 @@ BEGIN objectNameToAssume = split_part(roleName, '#', 2); roleTypeToAssume = split_part(roleName, '#', 3); + objectUuidToAssume = findUuidByIdName(objectTableToAssume, objectNameToAssume); + -- TODO: either the result needs to be cached at least per transaction or we need to get rid of SELCT in a loop SELECT uuid AS roleuuidToAssume FROM RbacRole r diff --git a/sql/21-hs-customer.sql b/sql/21-hs-customer.sql index 3fcb2b1e..a386bc32 100644 --- a/sql/21-hs-customer.sql +++ b/sql/21-hs-customer.sql @@ -105,10 +105,25 @@ CREATE TRIGGER deleteRbacRulesForCustomer_Trigger BEFORE DELETE ON customer FOR EACH ROW EXECUTE PROCEDURE deleteRbacRulesForCustomer(); +-- create a restricted view to access the textual customer ids a idName +SET SESSION SESSION AUTHORIZATION DEFAULT; +-- ALTER TABLE customer ENABLE ROW LEVEL SECURITY; +DROP VIEW IF EXISTS customer_iv; +CREATE OR REPLACE VIEW customer_iv AS +SELECT DISTINCT target.uuid, target.prefix as idName + FROM customer AS target; +-- TODO: Is it ok that everybody has access to this information? +GRANT ALL PRIVILEGES ON customer_iv TO restricted; + +CREATE OR REPLACE FUNCTION customerUuidByIdName(idName varchar) + RETURNS uuid + LANGUAGE sql STRICT AS $$ + SELECT uuid FROM customer_iv iv WHERE iv.idName=customerUuidByIdName.idName; + $$; -- create RBAC restricted view SET SESSION SESSION AUTHORIZATION DEFAULT; -ALTER TABLE customer ENABLE ROW LEVEL SECURITY; +-- ALTER TABLE customer ENABLE ROW LEVEL SECURITY; DROP VIEW IF EXISTS customer_rv; CREATE OR REPLACE VIEW customer_rv AS SELECT DISTINCT target.* diff --git a/sql/22-hs-packages.sql b/sql/22-hs-packages.sql index cd25bc53..65eed84a 100644 --- a/sql/22-hs-packages.sql +++ b/sql/22-hs-packages.sql @@ -105,7 +105,7 @@ CREATE TRIGGER deleteRbacRulesForPackage_Trigger -- create RBAC-restricted view SET SESSION SESSION AUTHORIZATION DEFAULT; -ALTER TABLE package ENABLE ROW LEVEL SECURITY; +-- ALTER TABLE package ENABLE ROW LEVEL SECURITY; DROP VIEW IF EXISTS package_rv; CREATE OR REPLACE VIEW package_rv AS SELECT DISTINCT target.* diff --git a/sql/23-hs-unixuser.sql b/sql/23-hs-unixuser.sql index 52ac180c..00773135 100644 --- a/sql/23-hs-unixuser.sql +++ b/sql/23-hs-unixuser.sql @@ -107,7 +107,7 @@ CREATE TRIGGER createRbacRulesForUnixUser_Trigger -- create RBAC-restricted view SET SESSION SESSION AUTHORIZATION DEFAULT; -ALTER TABLE unixuser ENABLE ROW LEVEL SECURITY; +-- ALTER TABLE unixuser ENABLE ROW LEVEL SECURITY; DROP VIEW IF EXISTS unixuser_rv; CREATE OR REPLACE VIEW unixuser_rv AS SELECT DISTINCT target.* diff --git a/sql/24-hs-domain.sql b/sql/24-hs-domain.sql index b8588913..5435b35b 100644 --- a/sql/24-hs-domain.sql +++ b/sql/24-hs-domain.sql @@ -92,7 +92,7 @@ CREATE TRIGGER createRbacRulesForDomain_Trigger -- create RBAC-restricted view SET SESSION SESSION AUTHORIZATION DEFAULT; -ALTER TABLE Domain ENABLE ROW LEVEL SECURITY; +-- ALTER TABLE Domain ENABLE ROW LEVEL SECURITY; DROP VIEW IF EXISTS domain_rv; CREATE OR REPLACE VIEW domain_rv AS SELECT DISTINCT target.* diff --git a/sql/25-hs-emailaddress.sql b/sql/25-hs-emailaddress.sql index 12aba6ee..80cdb759 100644 --- a/sql/25-hs-emailaddress.sql +++ b/sql/25-hs-emailaddress.sql @@ -76,7 +76,7 @@ CREATE TRIGGER createRbacRulesForEMailAddress_Trigger -- create RBAC-restricted view SET SESSION SESSION AUTHORIZATION DEFAULT; -ALTER TABLE EMailAddress ENABLE ROW LEVEL SECURITY; +-- ALTER TABLE EMailAddress ENABLE ROW LEVEL SECURITY; DROP VIEW IF EXISTS EMailAddress_rv; CREATE OR REPLACE VIEW EMailAddress_rv AS SELECT DISTINCT target.* diff --git a/sql/28--hs-tests.sql b/sql/28-hs-tests.sql similarity index 98% rename from sql/28--hs-tests.sql rename to sql/28-hs-tests.sql index e52a2ca3..216147ca 100644 --- a/sql/28--hs-tests.sql +++ b/sql/28-hs-tests.sql @@ -61,7 +61,7 @@ BEGIN FROM unixuser_rv uu JOIN package_rv p ON p.uuid = uu.packageuuid JOIN customer_rv c ON c.uuid = p.customeruuid; - call expectBetween(resultCount, 30, 50); + call expectBetween(resultCount, 40, 60); -- hostsharing admin assuming two customer admin roles and listing all accessible domains -- ABORT; START TRANSACTION; @@ -74,7 +74,7 @@ BEGIN JOIN unixuser_rv uu ON uu.uuid = dom.unixuseruuid JOIN package_rv p ON p.uuid = uu.packageuuid JOIN customer_rv c ON c.uuid = p.customeruuid; - call expectBetween(resultCount, 30, 50); + call expectBetween(resultCount, 20, 40); -- hostsharing admin assuming two customer admin roles and listing all accessible email addresses -- ABORT; START TRANSACTION; diff --git a/sql/examples.sql b/sql/examples.sql index bcbfe2fc..13219654 100644 --- a/sql/examples.sql +++ b/sql/examples.sql @@ -46,15 +46,6 @@ SET LOCAL hsadminng.currentUser TO 'mih42_customer_aaa'; SET LOCAL hsadminng.currentTask TO 'adding customer_aaa'; INSERT INTO package (customer_id, name) VALUES (10000, 'aaa00'); COMMIT; - -SET SESSION SESSION AUTHORIZATION DEFAULT; -CREATE ROLE hs_sel_package_1000000; -GRANT hs_sel_package_1000000 to hs_sel_customer_10000; - -SET SESSION SESSION AUTHORIZATION mih42_customer_aaa; -SELECT pg_has_role('hs_sel_package_1000000', 'MEMBER'); - - -- Usage: SET hsadminng.timestamp TO '2022-07-12 08:53:27.723315'; diff --git a/sql/19--rbac-tests.sql b/sql/rbac-tests.sql similarity index 100% rename from sql/19--rbac-tests.sql rename to sql/rbac-tests.sql diff --git a/sql/11--rbac-view-options.sql b/sql/rbac-view-option-experiments.sql similarity index 100% rename from sql/11--rbac-view-options.sql rename to sql/rbac-view-option-experiments.sql