[postgis-tickets] [SCM] PostGIS branch master updated. 3.3.0rc2-291-g06f49e8dc

git at osgeo.org git at osgeo.org
Thu Oct 27 15:42:25 PDT 2022


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "PostGIS".

The branch, master has been updated
       via  06f49e8dc83cfd7319709518ba479a3fd95e5000 (commit)
      from  910dfdc155df7ee578f2520ff55b684c200dba0b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 06f49e8dc83cfd7319709518ba479a3fd95e5000
Author: Sandro Santilli <strk at kbt.io>
Date:   Fri Oct 28 00:37:19 2022 +0200

    Check ownership of functions match that of extension upon packaging
    
    References #4648

diff --git a/utils/create_unpackaged.pl b/utils/create_unpackaged.pl
index 75c40a1fa..a3f4af01e 100755
--- a/utils/create_unpackaged.pl
+++ b/utils/create_unpackaged.pl
@@ -24,6 +24,7 @@ die "Usage: perl $0 <extname> [<sql>]\n"
 unless @ARGV;
 
 my $extname = shift(@ARGV);
+my $scriptname = @ARGV ? $ARGV[0] : '-';
 
 # drops are in the following order:
 #	1. Indexing system stuff
@@ -141,22 +142,62 @@ while( my $line = <>)
 sub add_if_not_exists
 {
   my $obj = shift;
-  print <<"EOF"
-DO \$\$
-BEGIN
 
-	-- TODO: check if ownership of the object
-	--       matches ownership of the extension
-	--       the object to the extension
+	# Prevent troubles by refusing to accept single quotes
+	# in objects
+	die "Invalid characters in object definition: $obj" if $obj =~ /'/;
+
+	$obj =~ m/([^ ]*) (.*)/;
+	my $type = $1;
+	my $sig = $2;
+
+
+  print "SELECT _postgis_package_object('$type', '$sig');\n";
+}
+
+my $time = POSIX::strftime("%F %T", gmtime(defined($ENV{SOURCE_DATE_EPOCH}) ? $ENV{SOURCE_DATE_EPOCH} : time));
+print <<"EOF";
+-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
+--
+-- PostGIS - Spatial Types for PostgreSQL
+-- http://postgis.net
+--
+-- This is free software; you can redistribute and/or modify it under
+-- the terms of the GNU General Public Licence. See the COPYING file.
+--
+-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
+--
+-- Generated on: $time
+--           by: $0
+--          for: $extname
+--         from: $scriptname
+--
+-- Do not edit manually, your changes will be lost.
+--
+-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
+
+
+-- complain if script is sourced in psql
+\\echo Use "CREATE EXTENSION ${extname} to load this file. \\quit
+
+CREATE FUNCTION _postgis_package_object(type text, sig text)
+RETURNS VOID
+AS \$\$
+DECLARE
+	sql text;
+	proc regproc;
+	obj text := format('%s %s', type, sig);
+BEGIN
 
-	ALTER EXTENSION $extname ADD $obj;
-	RAISE NOTICE 'newly registered $obj';
+	sql := format('ALTER EXTENSION ${extname} ADD %s', obj);
+	EXECUTE sql;
+	RAISE NOTICE 'newly registered %', obj;
 
 EXCEPTION
 WHEN object_not_in_prerequisite_state THEN
-  IF SQLERRM ~ '\\m$extname\\M'
+  IF SQLERRM ~ '\\m${extname}\\M'
   THEN
-    RAISE NOTICE 'already registered $obj';
+    RAISE NOTICE '% already registered', obj;
   ELSE
     RAISE EXCEPTION '%', SQLERRM;
   END IF;
@@ -166,39 +207,12 @@ WHEN
 	undefined_object
 	-- TODO: handle more exceptions ?
 THEN
-	RAISE NOTICE 'Object $obj does not exist yet';
+	RAISE NOTICE '% % does not exist yet', type, sig;
 WHEN OTHERS THEN
-	RAISE EXCEPTION 'Trying to add $obj to $extname, got % (%)', SQLERRM, SQLSTATE;
+	RAISE EXCEPTION 'Trying to add % to ${extname}, got % (%)', obj, SQLERRM, SQLSTATE;
 END;
 \$\$ LANGUAGE 'plpgsql';
 EOF
-}
-
-my $time = POSIX::strftime("%F %T", gmtime(defined($ENV{SOURCE_DATE_EPOCH}) ? $ENV{SOURCE_DATE_EPOCH} : time));
-print "-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --\n";
-print "--\n";
-print "-- PostGIS - Spatial Types for PostgreSQL\n";
-print "-- http://postgis.net\n";
-print "--\n";
-print "-- This is free software; you can redistribute and/or modify it under\n";
-print "-- the terms of the GNU General Public Licence. See the COPYING file.\n";
-print "--\n";
-print "-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --\n";
-print "--\n";
-print "-- Generated on: " . $time . "\n";
-print "--           by: " . $0 . "\n";
-print "--          for: " . $extname . "\n";
-print "--         from: " . ( @ARGV ? $ARGV[0] : '-' ) . "\n";
-print "--\n";
-print "-- Do not edit manually, your changes will be lost.\n";
-print "--\n";
-print "-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --\n";
-print "\n";
-
-print "-- complain if script is sourced in psql\n";
-print '\echo Use "CREATE EXTENSION ' . ${extname} .
-      '" to load this file. \quit';
-print "\n\n";
 
 print "-- Register all views.\n";
 foreach my $view (@views)
@@ -273,9 +287,8 @@ foreach my $cast (@casts)
 	}
 }
 
-print "-- Register all functions except " . (keys %type_funcs) . " needed for type definition.\n";
-my @type_funcs= (); # function to drop _after_ type drop
-foreach my $fn (@funcs)
+print "-- Register all functions.\n";
+foreach my $fn ( @funcs )
 {
 	if ($fn =~ /.* function ([^(]+)\((.*)\)/is ) # can be multiline
 	{
@@ -283,36 +296,11 @@ foreach my $fn (@funcs)
 		my $fn_arg = $2;
 
 		$fn_arg = strip_default($fn_arg);
-		if ( ! exists($type_funcs{$fn_nm}) )
-		{
-			add_if_not_exists("FUNCTION $fn_nm ($fn_arg)");
-		}
-		else
-		{
-			push(@type_funcs, $fn);
-		}
-	}
-	else
-	{
-		die "Couldn't parse FUNCTION line: $fn\n";
-	}
-}
-
-print "-- Add all functions needed for types definition (needed?).\n";
-foreach my $fn (@type_funcs)
-{
-	if ($fn =~ /.* function ([^(]+)\((.*)\)/i )
-	{
-		my $fn_nm = $1;
-		my $fn_arg = $2;
-
-		$fn_arg =~ s/DEFAULT [\w']+//ig;
-
 		add_if_not_exists("FUNCTION $fn_nm ($fn_arg)");
 	}
 	else
 	{
-		die "Couldn't parse line: $fn\n";
+		die "Couldn't parse FUNCTION line: $fn\n";
 	}
 }
 
@@ -336,6 +324,44 @@ foreach my $type (@types)
 #}
 
 
+print <<"EOF";
+DROP FUNCTION _postgis_package_object(text, text);
+
+-- Security checks
+DO LANGUAGE 'plpgsql' \$BODY\$
+DECLARE
+	rec RECORD;
+BEGIN
+
+	-- Check ownership of extension functions
+	-- matches ownership of extension itself
+	FOR rec IN
+		SELECT
+			p.oid,
+			p.proowner,
+			e.extowner,
+			pg_catalog.pg_describe_object(d.classid, d.objid, 0) desc
+		FROM pg_catalog.pg_depend AS d
+			INNER JOIN pg_catalog.pg_extension AS e ON (d.refobjid = e.oid)
+			INNER JOIN pg_catalog.pg_proc AS p ON (d.objid = p.oid)
+		WHERE d.refclassid = 'pg_catalog.pg_extension'::pg_catalog.regclass
+		AND deptype = 'e'
+		AND e.extname = '${extname}'
+		AND d.classid = 'pg_catalog.pg_proc'::pg_catalog.regclass
+		AND p.proowner != e.extowner
+	LOOP
+		RAISE EXCEPTION 'Function % is owned by % but extension is owned by %',
+				rec.oid::regprocedure, rec.proowner::regrole, rec.extowner::regrole;
+	END LOOP;
+
+	-- TODO: check ownership of more objects ?
+
+END;
+\$BODY\$;
+
+
+EOF
+
 print "\n";
 
 1;

-----------------------------------------------------------------------

Summary of changes:
 utils/create_unpackaged.pl | 162 ++++++++++++++++++++++++++-------------------
 1 file changed, 94 insertions(+), 68 deletions(-)


hooks/post-receive
-- 
PostGIS


More information about the postgis-tickets mailing list