Thread: Making "SECURITY DEFINER" procedures..

Hello!!!

Just trying to make subj

I made user "data", schema "data", several tables and small procedures on them 
in that schema and then a greater function (as "SECURITY DEFINER") in 
"public" schema which uses previous functions.
I graned "EXECUTE" access to that function to "PUBLIC".

When I try execute that function I get "ERROR:  data: permission denied", but
when I add some notices between parts of function I see following:

tst=> select new_session('sergey','mypassword');  NOTICE:  current user is data  NOTICE:  after delete  NOTICE:  after
select NOTICE:  after insert  NOTICE:  before return  ERROR:  data: permission denied
 

so function executed with "data" privilegies, It deletes some data,
inserts another and so on, It even runs till "return", but then I get error...

It seems last error takes place during "auto commit" of transaction in which
function executes..

Just don't undestand what is happens..:(

-- 
With Best Regards,
Sergey Holod

On Tue, 29 Apr 2003, Sergey Holod wrote:

> Just trying to make subj
>
> I made user "data", schema "data", several tables and small procedures on them
> in that schema and then a greater function (as "SECURITY DEFINER") in
> "public" schema which uses previous functions.
> I graned "EXECUTE" access to that function to "PUBLIC".
>
> When I try execute that function I get "ERROR:  data: permission denied", but
> when I add some notices between parts of function I see following:
>
> tst=> select new_session('sergey','mypassword');
>    NOTICE:  current user is data
>    NOTICE:  after delete
>    NOTICE:  after select
>    NOTICE:  after insert
>    NOTICE:  before return
>    ERROR:  data: permission denied
>
> so function executed with "data" privilegies, It deletes some data,
> inserts another and so on, It even runs till "return", but then I get error...
>
> It seems last error takes place during "auto commit" of transaction in which
> function executes..
>
> Just don't undestand what is happens..:(

What is the function and the schema of the tables involved?  I'd wonder
about triggers or foreign key constraints or something of that sort.

On Wednesday 30 April 2003 00:03, you wrote:
SS> On Tue, 29 Apr 2003, Sergey Holod wrote:
SS>
SS> > Just trying to make subj
SS> >
SS> > I made user "data", schema "data", several tables and small procedures 
SS> > on them  in that schema and then a greater function (as "SECURITY
SS> >  DEFINER") in "public" schema which uses previous functions.
SS> > I graned "EXECUTE" access to that function to "PUBLIC".
SS> >
SS> > When I try execute that function I get "ERROR:  data: permissiondenied", but SS> > when I add some notices
betweenparts of function I seefollowing: SS> >
 
SS> > tst=> select new_session('sergey','mypassword');
SS> >    NOTICE:  current user is data
SS> >    NOTICE:  after delete
SS> >    NOTICE:  after select
SS> >    NOTICE:  after insert
SS> >    NOTICE:  before return
SS> >    ERROR:  data: permission denied
SS> >
SS> > so function executed with "data" privilegies, It deletes some data,
SS> > inserts another and so on, It even runs till "return", but then I geterror... SS> >
SS> > It seems last error takes place during "auto commit" of transaction inwhich SS> > function executes..
SS> >
SS> > Just don't undestand what is happens..:(
SS>
SS> What is the function and the schema of the tables involved?  I'd wonder
SS> about triggers or foreign key constraints or something of that sort.

When I run it under "data" user It works good..:(

Parts from schema + functions:

Create table  ManageSession
(       id Serial NOT NULL,       UserId integer NOT NULL,       Key bytea,       Birthday timestamp(0) NOT NULL
Defaultnow(),primary key (id)
 
);

CREATE OR REPLACE FUNCTION new_session (character varying, character varying) 
RETURNS character varying   AS 'DECLARE       u_login ALIAS FOR $1;       u_passwd ALIAS FOR $2;       u_id INTEGER;
  u_key VARCHAR;       dbg VARCHAR;
 
BEGIN
select current_user into dbg;
raise notice ''current user is %'', dbg;
       DELETE FROM ManageSession WHERE               (now()  - Birthday) > CAST(''10 min'' AS INTERVAL);

raise notice ''after delete'';
       SELECT id INTO u_id FROM ManageUser WHERE Name = u_login AND Passwd = 
password(u_passwd);

raise notice ''after select'';

       IF u_id IS NOT NULL THEN               u_key := gen_random_string(20);               INSERT INTO
ManageSession(UserId,Key)VALUES (u_id, 
 
password(u_key));

raise notice ''after insert'';
       ELSE               RAISE EXCEPTION ''Wrong login or password'';       END IF;

raise notice ''before return'';
       RETURN u_key;
END;
' LANGUAGE plpgsql SECURITY DEFINER;



-- 
With Best Regards,
Sergey Holod

On Wed, 30 Apr 2003, Sergey Holod wrote:

> On Wednesday 30 April 2003 00:03, you wrote:
> SS> On Tue, 29 Apr 2003, Sergey Holod wrote:
> SS>
> SS> > Just trying to make subj
> SS> >
> SS> > I made user "data", schema "data", several tables and small procedures
> SS> > on them  in that schema and then a greater function (as "SECURITY
> SS> >  DEFINER") in "public" schema which uses previous functions.
> SS> > I graned "EXECUTE" access to that function to "PUBLIC".
> SS> >
> SS> > When I try execute that function I get "ERROR:  data: permission
>  denied", but SS> > when I add some notices between parts of function I see
>  following: SS> >
> SS> > tst=> select new_session('sergey','mypassword');
> SS> >    NOTICE:  current user is data
> SS> >    NOTICE:  after delete
> SS> >    NOTICE:  after select
> SS> >    NOTICE:  after insert
> SS> >    NOTICE:  before return
> SS> >    ERROR:  data: permission denied
> SS> >
> SS> > so function executed with "data" privilegies, It deletes some data,
> SS> > inserts another and so on, It even runs till "return", but then I get
>  error... SS> >
> SS> > It seems last error takes place during "auto commit" of transaction in
>  which SS> > function executes..
> SS> >
> SS> > Just don't undestand what is happens..:(
> SS>
> SS> What is the function and the schema of the tables involved?  I'd wonder
> SS> about triggers or foreign key constraints or something of that sort.
>
> When I run it under "data" user It works good..:(
>
> Parts from schema + functions:

I made bogus gen_random_string and password functions and a bogus
ManageUser table and couldn't reproduce an error like the above with a
different user (one who can't read/write to the tables used), so I'd guess
it's from something that isn't being shown.  Are there any foreign keys
to ManageSession?

SS> I made bogus gen_random_string and password functions and a bogus
SS> ManageUser table and couldn't reproduce an error like the above with a
SS> different user (one who can't read/write to the tables used), so I'd guess
SS> it's from something that isn't being shown.  Are there any foreign keys
SS> to ManageSession?

GRANT ALL ON SCHEMA public TO "data";

CREATE SCHEMA data AUTHORIZATION "data";

\connect - "data"
SET search_path = data;
..
Create table  ManageUser
(       id Serial NOT NULL,       Name Varchar(20) NOT NULL UNIQUE ,       Passwd bytea,       Birthday timestamp(0)
NOTNULL Default now(),       ManageGroupId integer NOT NULL,                         -- FOREIGN KEY 
 
TO ManageGroup       OnlyCustomerId integer NULL ,                                   -- 
FOREIGN KEY TO Customer       memo Varchar(500) NULL ,primary key (id)
);
..
Create table  ManageSession
(       id Serial NOT NULL,       UserId integer NOT NULL,                                        -- FOREIGN KEY TO
ManageUsertable       Key bytea NOT NULL,       Birthday timestamp(0) NOT NULL Default now(),primary key (id)
 
);
Alter table ManageSession add  foreign key (UserId) references ManageUser (id) on update cascade  on delete cascade ;
..
set search_path=public;
CREATE OR REPLACE FUNCTION new_session (character varying, character varying) 
RETURNS character varying   AS 'DECLARE       u_login ALIAS FOR $1;       u_passwd ALIAS FOR $2;       u_id INTEGER;
  u_key VARCHAR;       dbg VARCHAR;
 
BEGIN
select current_user into dbg;
raise notice ''current user is %'', dbg;       DELETE FROM data.ManageSession WHERE               (now()  - Birthday) >
CAST(''10min'' AS INTERVAL);
 
raise notice ''after delete'';       SELECT id INTO u_id FROM data.ManageUser WHERE Name = u_login AND 
Passwd = password(u_passwd);
raise notice ''after select - %'',u_id;       IF u_id IS NOT NULL THEN               u_key := gen_random_string(20);
          INSERT INTO data.ManageSession(UserId,Key) VALUES (u_id, 
 
password(u_key));
raise notice ''after insert - %'',u_key;       ELSE               RAISE EXCEPTION ''Wrong login or password'';
ENDIF;
 
raise notice ''before return - %'',u_key;       RETURN u_key;
END;
' LANGUAGE plpgsql EXTERNAL SECURITY DEFINER;
...


So thera are several foreign constraints. But:

$psql -U rcbilling billing
billing=> select new_session('sergey','password');
NOTICE:  current user is data
NOTICE:  after delete
NOTICE:  after select - 8
NOTICE:  after insert - KMp7ciFzJAL10Xxqft9O
NOTICE:  before return - KMp7ciFzJAL10Xxqft9O
ERROR:  data: permission denied

$psql -U data billing
billing=> select new_session('sergey','password');
NOTICE:  current user is data
NOTICE:  after delete
NOTICE:  after select - 8
NOTICE:  after insert - n7c1gAqPB0WuFwCEapy4
NOTICE:  before return - n7c1gAqPB0WuFwCEapy4    new_session
----------------------n7c1gAqPB0WuFwCEapy4
(1 row)


-- 
With Best Regards,
Sergey Holod

On Wednesday 30 April 2003 02:18, you wrote:
SH> $psql -U rcbilling billing
SH> billing=> select new_session('sergey','password');
SH> NOTICE:  current user is data
SH> NOTICE:  after delete
SH> NOTICE:  after select - 8
SH> NOTICE:  after insert - KMp7ciFzJAL10Xxqft9O
SH> NOTICE:  before return - KMp7ciFzJAL10Xxqft9O
SH> ERROR:  data: permission denied

GRANT USAGE ON schema data TO rcbilling;

solved problem:

$ psql -U rcbilling billing
billing=> select new_session('sergey','gfhjkm');
NOTICE:  current user is data
NOTICE:  after delete
NOTICE:  after select - 8
NOTICE:  after insert - H51udQO0sxt68fA3BLMY
NOTICE:  before return - H51udQO0sxt68fA3BLMY    new_session
----------------------H51udQO0sxt68fA3BLMY
(1 row)

Don't fully undestand why I need that, but It works..

MANY THANKS for help..

-- 
With Best Regards,
Sergey Holod

Sergey Holod <sss@radiocom.net.ua> writes:
> GRANT USAGE ON schema data TO rcbilling;
> Don't fully undestand why I need that, but It works..

Okay, that's the same bug we found just a couple days ago.  Schema-usage
errors are checked at query parse time, not execution time, and the
foreign-key triggers weren't being careful to set the right context for
those checks.  There's a fix in place for 7.3.3.
        regards, tom lane

On Wed, 30 Apr 2003, Tom Lane wrote:

> Sergey Holod <sss@radiocom.net.ua> writes:
> > GRANT USAGE ON schema data TO rcbilling;
> > Don't fully undestand why I need that, but It works..
>
> Okay, that's the same bug we found just a couple days ago.  Schema-usage
> errors are checked at query parse time, not execution time, and the
> foreign-key triggers weren't being careful to set the right context for
> those checks.  There's a fix in place for 7.3.3.

As a more general question, as what user should triggers from an action
inside a security definer function be run as?  The fk triggers will work
after changing the place the permissions are changed, but afaics user
after triggers won't unless the trigger function is also security definer.