Re: pgsql: Restrict accesses to non-system views and foreign tables during

Thu, 29 Aug 2024 09:05:35 -0700 

On Thu, Aug 29, 2024 at 7:29 AM Peter Eisentraut <pe...@eisentraut.org> wrote:
>
> On 27.08.24 22:02, Masahiko Sawada wrote:
> > On Tue, Aug 27, 2024 at 6:29 AM Tom Lane <t...@sss.pgh.pa.us> wrote:
> >>
> >> Peter Eisentraut <pe...@eisentraut.org> writes:
> >>> Maybe in the documentation it would also be appropriate to mention that
> >>> this is meant to be used by pg_dump, not for general use -- unless it is?
> >>
> >> I'd vote against that.  I think other catalog-scanning tools might
> >> like to use this too.
> >>
> >
> > I've attached the patch to improve the descriptions while leaving this part.
>
> Thanks, I find this clearer.

Thank you for checking. I'm going to push it for all branches unless
there are other comments.

BTW I'd like to revisit to improve the error message for the new GUC
parameter. I've drafted the patch.We have the check in three places
and the check in GetFdwRoutine() covers the TRUNCATE command case. The
patch adds the check to ExecuteTruncateGuts() and adds the relation
name to the all log messages for that check. I'm slightly concerned
about having the check in more places, so get feedback.

Regards,

--
Masahiko Sawada
Amazon Web Services: https://aws.amazon.com

diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out
index f3eb055e2c..f5cdc87d0c 100644
--- a/contrib/postgres_fdw/expected/postgres_fdw.out
+++ b/contrib/postgres_fdw/expected/postgres_fdw.out
@@ -640,13 +640,13 @@ EXPLAIN (VERBOSE, COSTS OFF) SELECT * FROM ft_empty ORDER BY c1;
 -- test restriction on non-system foreign tables.
 SET restrict_nonsystem_relation_kind TO 'foreign-table';
 SELECT * from ft1 where c1 < 1; -- ERROR
-ERROR:  access to non-system foreign table is restricted
+ERROR:  access to non-system foreign table "ft1" is restricted
 INSERT INTO ft1 (c1) VALUES (1); -- ERROR
-ERROR:  access to non-system foreign table is restricted
+ERROR:  access to non-system foreign table "ft1" is restricted
 DELETE FROM ft1 WHERE c1 = 1; -- ERROR
-ERROR:  access to non-system foreign table is restricted
+ERROR:  access to non-system foreign table "ft1" is restricted
 TRUNCATE ft1; -- ERROR
-ERROR:  access to non-system foreign table is restricted
+ERROR:  access to non-system foreign table "ft1" is restricted
 RESET restrict_nonsystem_relation_kind;
 -- ===================================================================
 -- WHERE with remotely-executable conditions
diff --git a/src/backend/commands/tablecmds.c b/src/backend/commands/tablecmds.c
index b3cc6f8f69..9221acec39 100644
--- a/src/backend/commands/tablecmds.c
+++ b/src/backend/commands/tablecmds.c
@@ -2057,6 +2057,17 @@ ExecuteTruncateGuts(List *explicit_rels,
 			bool		found;
 			ForeignTruncateInfo *ft_info;
 
+			if (unlikely((restrict_nonsystem_relation_kind & RESTRICT_RELKIND_FOREIGN_TABLE) != 0))
+			{
+				/* there must not be built-in foreign tables */
+				Assert(RelationGetRelid(rel) >= FirstNormalObjectId);
+
+				ereport(ERROR,
+						(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
+						 errmsg("access to non-system foreign table \"%s\" is restricted",
+								RelationGetRelationName(rel))));
+			}
+
 			/* First time through, initialize hashtable for foreign tables */
 			if (!ft_htab)
 			{
diff --git a/src/backend/optimizer/plan/createplan.c b/src/backend/optimizer/plan/createplan.c
index 8e0e5977a9..5cf64c4a39 100644
--- a/src/backend/optimizer/plan/createplan.c
+++ b/src/backend/optimizer/plan/createplan.c
@@ -7151,7 +7151,8 @@ make_modifytable(PlannerInfo *root, Plan *subplan,
 					Assert(rte->relid >= FirstNormalObjectId);
 					ereport(ERROR,
 							(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
-							 errmsg("access to non-system foreign table is restricted")));
+							 errmsg("access to non-system foreign table \"%s\" is restricted",
+									get_rel_name(rte->relid))));
 				}
 
 				fdwroutine = GetFdwRoutineByRelId(rte->relid);
diff --git a/src/backend/optimizer/util/plancat.c b/src/backend/optimizer/util/plancat.c
index 78a3cfafde..b37c2b184c 100644
--- a/src/backend/optimizer/util/plancat.c
+++ b/src/backend/optimizer/util/plancat.c
@@ -537,7 +537,8 @@ get_relation_info(PlannerInfo *root, Oid relationObjectId, bool inhparent,
 
 			ereport(ERROR,
 					(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
-					 errmsg("access to non-system foreign table is restricted")));
+					 errmsg("access to non-system foreign table \"%s\" is restricted",
+							RelationGetRelationName(relation))));
 		}
 
 		rel->serverid = GetForeignServerIdByRelId(RelationGetRelid(relation));

Reply via email to