From 0d82b031ec5a44b27dc61c8ff087bc0baa6bbd73 Mon Sep 17 00:00:00 2001 From: Anastasia Lubennikova Date: Fri, 5 Jan 2024 10:54:10 +0000 Subject: [PATCH 1/2] Allow db_owner to run start and stop dynamic_masking --- anon.sql | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/anon.sql b/anon.sql index eef2db1..c5517a1 100644 --- a/anon.sql +++ b/anon.sql @@ -2036,7 +2036,17 @@ DECLARE r RECORD; BEGIN - SELECT current_setting('is_superuser') = 'on' AS su INTO r; + -- allow db_owner to start the masking engine + WITH db_owner AS ( + SELECT u.usename, d.datname + FROM pg_database d, pg_user u + WHERE d.datdba=u.usesysid + AND d.datname=current_database() + ) SELECT + current_user = db_owner.usename OR current_setting('is_superuser') = 'on' AS su INTO r + FROM db_owner; + + -- SELECT current_setting('is_superuser') = 'on' AS su INTO r; IF NOT r.su THEN RAISE EXCEPTION 'Only supersusers can start the dynamic masking engine.'; END IF; @@ -2082,7 +2092,17 @@ DECLARE r RECORD; BEGIN - SELECT current_setting('is_superuser') = 'on' AS su INTO r; + -- allow db_owner to stop the masking engine + WITH db_owner AS ( + SELECT u.usename, d.datname + FROM pg_database d, pg_user u + WHERE d.datdba=u.usesysid + AND d.datname=current_database() + ) SELECT + current_user = db_owner.usename OR current_setting('is_superuser') = 'on' AS su INTO r + FROM db_owner; + + -- SELECT current_setting('is_superuser') = 'on' AS su INTO r; IF NOT r.su THEN RAISE EXCEPTION 'Only supersusers can stop the dynamic masking engine.'; END IF; From bb7c964ad667cecb570c9f9c96ff8299d0254c50 Mon Sep 17 00:00:00 2001 From: Anastasia Lubennikova Date: Wed, 10 Jan 2024 21:49:04 +0000 Subject: [PATCH 2/2] Add anon.set_salt() and anon.set_algorithm() functions to set superuser-only GUC from any user. We will restrict access to them using GRANT on function --- anon.c | 24 ++++++++++++++++++++++++ anon.sql | 23 +++++++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/anon.c b/anon.c index de23adb..7b85ac3 100644 --- a/anon.c +++ b/anon.c @@ -34,6 +34,9 @@ Datum register_label(PG_FUNCTION_ARGS); PG_FUNCTION_INFO_V1(get_function_schema); PG_FUNCTION_INFO_V1(register_label); +PG_FUNCTION_INFO_V1(set_anon_salt); +PG_FUNCTION_INFO_V1(set_anon_algorithm); + static bool guc_anon_restrict_to_trusted_schemas; // Some GUC vars below are not used in the C code // but they are used in the plpgsql code @@ -327,3 +330,24 @@ register_label(PG_FUNCTION_ARGS) register_label_provider(policy,anon_object_relabel); return true; } + + +Datum +set_anon_salt(PG_FUNCTION_ARGS) +{ + char *salt = text_to_cstring(PG_GETARG_TEXT_PP(0)); + + SetConfigOption("anon.salt", salt, PGC_SUSET, PGC_S_OVERRIDE); + + PG_RETURN_VOID(); +} + +Datum +set_anon_algorithm(PG_FUNCTION_ARGS) +{ + char *algorithm = text_to_cstring(PG_GETARG_TEXT_PP(0)); + + SetConfigOption("anon.algorithm", algorithm, PGC_SUSET, PGC_S_OVERRIDE); + + PG_RETURN_VOID(); +} diff --git a/anon.sql b/anon.sql index c5517a1..029bfdb 100644 --- a/anon.sql +++ b/anon.sql @@ -1563,6 +1563,29 @@ AS 'MODULE_PATHNAME', 'register_label' PARALLEL UNSAFE ; +-- Set anon.salt to provided value +CREATE OR REPLACE FUNCTION anon.set_salt(TEXT) +RETURNS VOID +AS 'MODULE_PATHNAME', 'set_anon_salt' + LANGUAGE C + VOLATILE + STRICT + PARALLEL UNSAFE + SECURITY INVOKER +; + +-- Set anon.salt to provided value +CREATE OR REPLACE FUNCTION anon.set_algorithm(TEXT) +RETURNS VOID +AS 'MODULE_PATHNAME', 'set_anon_algorithm' + LANGUAGE C + VOLATILE + STRICT + PARALLEL UNSAFE + SECURITY INVOKER +; + + -- -- Create an additional masking policy --