diff options
| author | Robert Haas <rhaas@postgresql.org> | 2013-04-12 08:35:55 -0400 |
|---|---|---|
| committer | Robert Haas <rhaas@postgresql.org> | 2013-04-12 08:35:55 -0400 |
| commit | b620fdabba3fd3c00587fb586f74eb7dc6eca223 (patch) | |
| tree | a79476033110ad0d5d03fd1a456329c7fb56a5b0 /contrib/sepgsql/database.c | |
| parent | be55f3b85966034028a8f162b8a6ca1deca66103 (diff) | |
| download | postgresql-b620fdabba3fd3c00587fb586f74eb7dc6eca223.tar.gz postgresql-b620fdabba3fd3c00587fb586f74eb7dc6eca223.zip | |
sepgql: Use getObjectIdentity rather than getObjectDescription.
KaiGai Kohei, based on a suggestion from Álvaro Herrera
Diffstat (limited to 'contrib/sepgsql/database.c')
| -rw-r--r-- | contrib/sepgsql/database.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/contrib/sepgsql/database.c b/contrib/sepgsql/database.c index 91e6c4f441e..0e3bdb468e9 100644 --- a/contrib/sepgsql/database.c +++ b/contrib/sepgsql/database.c @@ -19,6 +19,7 @@ #include "catalog/indexing.h" #include "commands/dbcommands.h" #include "commands/seclabel.h" +#include "utils/builtins.h" #include "utils/fmgroids.h" #include "utils/tqual.h" #include "sepgsql.h" @@ -38,9 +39,9 @@ sepgsql_database_post_create(Oid databaseId, const char *dtemplate) HeapTuple tuple; char *tcontext; char *ncontext; - char audit_name[NAMEDATALEN + 20]; ObjectAddress object; Form_pg_database datForm; + StringInfoData audit_name; /* * Oid of the source database is not saved in pg_database catalog, so we @@ -61,11 +62,12 @@ sepgsql_database_post_create(Oid databaseId, const char *dtemplate) /* * check db_database:{getattr} permission */ - snprintf(audit_name, sizeof(audit_name), "database %s", dtemplate); + initStringInfo(&audit_name); + appendStringInfo(&audit_name, "%s", quote_identifier(dtemplate)); sepgsql_avc_check_perms_label(tcontext, SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__GETATTR, - audit_name, + audit_name.data, true); /* @@ -98,12 +100,13 @@ sepgsql_database_post_create(Oid databaseId, const char *dtemplate) /* * check db_database:{create} permission */ - snprintf(audit_name, sizeof(audit_name), - "database %s", NameStr(datForm->datname)); + resetStringInfo(&audit_name); + appendStringInfo(&audit_name, "%s", + quote_identifier(NameStr(datForm->datname))); sepgsql_avc_check_perms_label(ncontext, SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__CREATE, - audit_name, + audit_name.data, true); systable_endscan(sscan); @@ -139,7 +142,7 @@ sepgsql_database_drop(Oid databaseId) object.classId = DatabaseRelationId; object.objectId = databaseId; object.objectSubId = 0; - audit_name = getObjectDescription(&object); + audit_name = getObjectIdentity(&object); sepgsql_avc_check_perms(&object, SEPG_CLASS_DB_DATABASE, @@ -166,7 +169,7 @@ sepgsql_database_setattr(Oid databaseId) object.classId = DatabaseRelationId; object.objectId = databaseId; object.objectSubId = 0; - audit_name = getObjectDescription(&object); + audit_name = getObjectIdentity(&object); sepgsql_avc_check_perms(&object, SEPG_CLASS_DB_DATABASE, @@ -190,7 +193,7 @@ sepgsql_database_relabel(Oid databaseId, const char *seclabel) object.classId = DatabaseRelationId; object.objectId = databaseId; object.objectSubId = 0; - audit_name = getObjectDescription(&object); + audit_name = getObjectIdentity(&object); /* * check db_database:{setattr relabelfrom} permission |