hcq/openGauss-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

!840 内置安全策略适配JDBC

Browse Source 
Merge pull request !840 from Li Bingchen/master
This commit is contained in:
opengauss-bot
2021-03-26 17:34:49 +08:00
committed by Gitee
parent 3e7fd985f1 a349576e2c
commit 28934bcdfa
8 changed files with 301 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

149
src/common/backend/nodes/copyfuncs.cpp
View File

@ -5340,6 +5340,122 @@ static AlterDataSourceStmt* _copyAlterDataSourceStmt(const AlterDataSourceStmt*
return newnode;
}
static CreatePolicyLabelStmt* _copyCreatePolicyLabelStmt(const CreatePolicyLabelStmt* from)
{
CreatePolicyLabelStmt* newnode = makeNode(CreatePolicyLabelStmt);
COPY_SCALAR_FIELD(if_not_exists);
COPY_STRING_FIELD(label_type);
COPY_STRING_FIELD(label_name);
COPY_NODE_FIELD(label_items);
return newnode;
}
static AlterPolicyLabelStmt* _copyAlterPolicyLabelStmt(const AlterPolicyLabelStmt* from)
{
AlterPolicyLabelStmt* newnode = makeNode(AlterPolicyLabelStmt);
COPY_STRING_FIELD(stmt_type);
COPY_STRING_FIELD(label_name);
COPY_NODE_FIELD(label_items);
return newnode;
}
static DropPolicyLabelStmt* _copyDropPolicyLabelStmt(const DropPolicyLabelStmt* from)
{
DropPolicyLabelStmt* newnode = makeNode(DropPolicyLabelStmt);
COPY_SCALAR_FIELD(if_exists);
COPY_NODE_FIELD(label_names);
return newnode;
}
static CreateAuditPolicyStmt* _copyCreateAuditPolicyStmt(const CreateAuditPolicyStmt* from)
{
CreateAuditPolicyStmt* newnode = makeNode(CreateAuditPolicyStmt);
COPY_SCALAR_FIELD(if_not_exists);
COPY_STRING_FIELD(policy_type);
COPY_STRING_FIELD(policy_name);
COPY_NODE_FIELD(policy_targets);
COPY_NODE_FIELD(policy_filters);
COPY_SCALAR_FIELD(policy_enabled);
return newnode;
}
static AlterAuditPolicyStmt* _copyAlterAuditPolicyStmt(const AlterAuditPolicyStmt* from)
{
AlterAuditPolicyStmt* newnode = makeNode(AlterAuditPolicyStmt);
COPY_SCALAR_FIELD(missing_ok);
COPY_STRING_FIELD(policy_name);
COPY_STRING_FIELD(policy_action);
COPY_STRING_FIELD(policy_type);
COPY_NODE_FIELD(policy_items);
COPY_NODE_FIELD(policy_filters);
COPY_STRING_FIELD(policy_comments);
COPY_NODE_FIELD(policy_enabled);
return newnode;
}
static DropAuditPolicyStmt* _copyDropAuditPolicyStmt(const DropAuditPolicyStmt* from)
{
DropAuditPolicyStmt* newnode = makeNode(DropAuditPolicyStmt);
COPY_SCALAR_FIELD(missing_ok);
COPY_NODE_FIELD(policy_names);
return newnode;
}
static CreateMaskingPolicyStmt* _copyCreateMaskingPolicyStmt(const CreateMaskingPolicyStmt* from)
{
CreateMaskingPolicyStmt* newnode = makeNode(CreateMaskingPolicyStmt);
COPY_SCALAR_FIELD(if_not_exists);
COPY_STRING_FIELD(policy_name);
COPY_NODE_FIELD(policy_data);
COPY_NODE_FIELD(policy_condition);
COPY_NODE_FIELD(policy_filters);
COPY_SCALAR_FIELD(policy_enabled);
return newnode;
}
static AlterMaskingPolicyStmt* _copyAlterMaskingPolicyStmt(const AlterMaskingPolicyStmt* from)
{
AlterMaskingPolicyStmt* newnode = makeNode(AlterMaskingPolicyStmt);
COPY_STRING_FIELD(policy_name);
COPY_STRING_FIELD(policy_action);
COPY_NODE_FIELD(policy_items);
COPY_NODE_FIELD(policy_condition);
COPY_NODE_FIELD(policy_filters);
COPY_STRING_FIELD(policy_comments);
COPY_NODE_FIELD(policy_enabled);
return newnode;
}
static DropMaskingPolicyStmt* _copyDropMaskingPolicyStmt(const DropMaskingPolicyStmt* from)
{
DropMaskingPolicyStmt* newnode = makeNode(DropMaskingPolicyStmt);
COPY_SCALAR_FIELD(if_exists);
COPY_NODE_FIELD(policy_names);
return newnode;
}
static MaskingPolicyCondition* _copyMaskingPolicyCondition(const MaskingPolicyCondition* from)
{
MaskingPolicyCondition* newnode = makeNode(MaskingPolicyCondition);
COPY_NODE_FIELD(fqdn);
COPY_STRING_FIELD(_operator);
COPY_NODE_FIELD(arg);
return newnode;
}
static PolicyFilterNode* _copyPolicyFilterNode(const PolicyFilterNode* from)
{
PolicyFilterNode* newnode = makeNode(PolicyFilterNode);
COPY_STRING_FIELD(node_type);
COPY_STRING_FIELD(op_value);
COPY_STRING_FIELD(filter_type);
COPY_NODE_FIELD(values);
COPY_SCALAR_FIELD(has_not_operator);
COPY_NODE_FIELD(left);
COPY_NODE_FIELD(right);
return newnode;
}
static CreateRlsPolicyStmt* _copyCreateRlsPolicyStmt(const CreateRlsPolicyStmt* from)
{
CreateRlsPolicyStmt* newnode = makeNode(CreateRlsPolicyStmt);
@ -6825,6 +6941,39 @@ void* copyObject(const void* from)
case T_ReindexStmt:
retval = _copyReindexStmt((ReindexStmt*)from);
break;
case T_CreatePolicyLabelStmt:
retval = _copyCreatePolicyLabelStmt((CreatePolicyLabelStmt*)from);
break;
case T_AlterPolicyLabelStmt:
retval = _copyAlterPolicyLabelStmt((AlterPolicyLabelStmt*)from);
break;
case T_DropPolicyLabelStmt:
retval = _copyDropPolicyLabelStmt((DropPolicyLabelStmt*)from);
break;
case T_CreateAuditPolicyStmt:
retval = _copyCreateAuditPolicyStmt((CreateAuditPolicyStmt*)from);
break;
case T_AlterAuditPolicyStmt:
retval = _copyAlterAuditPolicyStmt((AlterAuditPolicyStmt*)from);
break;
case T_DropAuditPolicyStmt:
retval = _copyDropAuditPolicyStmt((DropAuditPolicyStmt*)from);
break;
case T_CreateMaskingPolicyStmt:
retval = _copyCreateMaskingPolicyStmt((CreateMaskingPolicyStmt*)from);
break;
case T_AlterMaskingPolicyStmt:
retval = _copyAlterMaskingPolicyStmt((AlterMaskingPolicyStmt*)from);
break;
case T_DropMaskingPolicyStmt:
retval = _copyDropMaskingPolicyStmt((DropMaskingPolicyStmt*)from);
break;
case T_MaskingPolicyCondition:
retval = _copyMaskingPolicyCondition((MaskingPolicyCondition*)from);
break;
case T_PolicyFilterNode:
retval = _copyPolicyFilterNode((PolicyFilterNode*)from);
break;
case T_CreateWeakPasswordDictionaryStmt:
retval = _copyCreateWeakPasswordDictionaryStmt((CreateWeakPasswordDictionaryStmt*)from);
break;

128
src/common/backend/nodes/equalfuncs.cpp
View File

@ -1882,6 +1882,101 @@ static bool _equalAlterRlsPolicyStmt(const AlterRlsPolicyStmt* a, const AlterRls
return true;
}
static bool _equalCreatePolicyLabelStmt(const CreatePolicyLabelStmt* a, const CreatePolicyLabelStmt* b)
{
COMPARE_SCALAR_FIELD(if_not_exists);
COMPARE_STRING_FIELD(label_type);
COMPARE_STRING_FIELD(label_name);
COMPARE_NODE_FIELD(label_items);
return true;
}
static bool _equalAlterPolicyLabelStmt(const AlterPolicyLabelStmt* a, const AlterPolicyLabelStmt* b)
{
COMPARE_STRING_FIELD(stmt_type);
COMPARE_STRING_FIELD(label_name);
COMPARE_NODE_FIELD(label_items);
return true;
}
static bool _equalDropPolicyLabelStmt(const DropPolicyLabelStmt* a, const DropPolicyLabelStmt* b)
{
COMPARE_SCALAR_FIELD(if_exists);
COMPARE_NODE_FIELD(label_names);
return true;
}
static bool _equalCreateAuditPolicyStmt(const CreateAuditPolicyStmt* a, const CreateAuditPolicyStmt* b)
{
COMPARE_SCALAR_FIELD(if_not_exists);
COMPARE_STRING_FIELD(policy_type);
COMPARE_STRING_FIELD(policy_name);
COMPARE_NODE_FIELD(policy_targets);
COMPARE_NODE_FIELD(policy_filters);
COMPARE_SCALAR_FIELD(policy_enabled);
return true;
}
static bool _equalAlterAuditPolicyStmt(const AlterAuditPolicyStmt* a, const AlterAuditPolicyStmt* b)
{
COMPARE_SCALAR_FIELD(missing_ok);
COMPARE_STRING_FIELD(policy_name);
COMPARE_STRING_FIELD(policy_action);
COMPARE_STRING_FIELD(policy_type);
COMPARE_NODE_FIELD(policy_items);
COMPARE_NODE_FIELD(policy_filters);
COMPARE_STRING_FIELD(policy_comments);
COMPARE_NODE_FIELD(policy_enabled);
return true;
}
static bool _equalDropAuditPolicyStmt(const DropAuditPolicyStmt* a, const DropAuditPolicyStmt* b)
{
COMPARE_SCALAR_FIELD(missing_ok);
COMPARE_NODE_FIELD(policy_names);
return true;
}
static bool _equalCreateMaskingPolicyStmt(const CreateMaskingPolicyStmt* a, const CreateMaskingPolicyStmt* b)
{
COMPARE_SCALAR_FIELD(if_not_exists);
COMPARE_STRING_FIELD(policy_name);
COMPARE_NODE_FIELD(policy_data);
COMPARE_NODE_FIELD(policy_condition);
COMPARE_NODE_FIELD(policy_filters);
COMPARE_SCALAR_FIELD(policy_enabled);
return true;
}
static bool _equalAlterMaskingPolicyStmt(const AlterMaskingPolicyStmt* a, const AlterMaskingPolicyStmt* b)
{
COMPARE_STRING_FIELD(policy_name);
COMPARE_STRING_FIELD(policy_action);
COMPARE_NODE_FIELD(policy_items);
COMPARE_NODE_FIELD(policy_condition);
COMPARE_NODE_FIELD(policy_filters);
COMPARE_STRING_FIELD(policy_comments);
COMPARE_NODE_FIELD(policy_enabled);
return true;
}
static bool _equalDropMaskingPolicyStmt(const DropMaskingPolicyStmt* a, const DropMaskingPolicyStmt* b)
{
COMPARE_SCALAR_FIELD(if_exists);
COMPARE_NODE_FIELD(policy_names);
return true;
}
static bool _equalMaskingPolicyCondition(const MaskingPolicyCondition* a, const MaskingPolicyCondition* b)
{
COMPARE_NODE_FIELD(fqdn);
COMPARE_STRING_FIELD(_operator);
COMPARE_NODE_FIELD(arg);
return true;
}
static bool _equalPolicyFilterNode(const PolicyFilterNode* a, const PolicyFilterNode* b)
{
COMPARE_STRING_FIELD(node_type);
COMPARE_STRING_FIELD(op_value);
COMPARE_STRING_FIELD(filter_type);
COMPARE_NODE_FIELD(values);
COMPARE_SCALAR_FIELD(has_not_operator);
COMPARE_NODE_FIELD(left);
COMPARE_NODE_FIELD(right);
return true;
}
static bool _equalCreateWeakPasswordDictionaryStmt(const CreateWeakPasswordDictionaryStmt* a, const CreateWeakPasswordDictionaryStmt* b)
{
COMPARE_NODE_FIELD(weak_password_string_list);
@ -3372,6 +3467,39 @@ bool equal(const void* a, const void* b)
case T_AlterRlsPolicyStmt:
retval = _equalAlterRlsPolicyStmt((AlterRlsPolicyStmt*)a, (AlterRlsPolicyStmt*)b);
break;
case T_CreatePolicyLabelStmt:
retval = _equalCreatePolicyLabelStmt((CreatePolicyLabelStmt*)a, (CreatePolicyLabelStmt*)b);
break;
case T_AlterPolicyLabelStmt:
retval = _equalAlterPolicyLabelStmt((AlterPolicyLabelStmt*)a, (AlterPolicyLabelStmt*)b);
break;
case T_DropPolicyLabelStmt:
retval = _equalDropPolicyLabelStmt((DropPolicyLabelStmt*)a, (DropPolicyLabelStmt*)b);
break;
case T_CreateAuditPolicyStmt:
retval = _equalCreateAuditPolicyStmt((CreateAuditPolicyStmt*)a, (CreateAuditPolicyStmt*)b);
break;
case T_AlterAuditPolicyStmt:
retval = _equalAlterAuditPolicyStmt((AlterAuditPolicyStmt*)a, (AlterAuditPolicyStmt*)b);
break;
case T_DropAuditPolicyStmt:
retval = _equalDropAuditPolicyStmt((DropAuditPolicyStmt*)a, (DropAuditPolicyStmt*)b);
break;
case T_CreateMaskingPolicyStmt:
retval = _equalCreateMaskingPolicyStmt((CreateMaskingPolicyStmt*)a, (CreateMaskingPolicyStmt*)b);
break;
case T_AlterMaskingPolicyStmt:
retval = _equalAlterMaskingPolicyStmt((AlterMaskingPolicyStmt*)a, (AlterMaskingPolicyStmt*)b);
break;
case T_DropMaskingPolicyStmt:
retval = _equalDropMaskingPolicyStmt((DropMaskingPolicyStmt*)a, (DropMaskingPolicyStmt*)b);
break;
case T_MaskingPolicyCondition:
retval = _equalMaskingPolicyCondition((MaskingPolicyCondition*)a, (MaskingPolicyCondition*)b);
break;
case T_PolicyFilterNode:
retval = _equalPolicyFilterNode((PolicyFilterNode*)a, (PolicyFilterNode*)b);
break;
case T_CreateWeakPasswordDictionaryStmt:
retval = _equalCreateWeakPasswordDictionaryStmt((CreateWeakPasswordDictionaryStmt*)a, (CreateWeakPasswordDictionaryStmt*)b);
break;

11
src/common/backend/nodes/nodes.cpp
View File

@ -387,6 +387,17 @@ static const TagStr g_tagStrArr[] = {{T_Invalid, "Invalid"},
{T_DropDirectoryStmt, "DropDirectoryStmt"},
{T_CreateRlsPolicyStmt, "CreateRlsPolicyStmt"},
{T_AlterRlsPolicyStmt, "AlterRlsPolicyStmt"},
{T_CreatePolicyLabelStmt, "CreatePolicyLabelStmt"},
{T_AlterPolicyLabelStmt, "AlterPolicyLabelStmt"},
{T_DropPolicyLabelStmt, "DropPolicyLabelStmt"},
{T_CreateAuditPolicyStmt, "CreateAuditPolicyStmt"},
{T_AlterAuditPolicyStmt, "AlterAuditPolicyStmt"},
{T_DropAuditPolicyStmt, "DropAuditPolicyStmt"},
{T_CreateMaskingPolicyStmt, "CreateMaskingPolicyStmt"},
{T_AlterMaskingPolicyStmt, "AlterMaskingPolicyStmt"},
{T_DropMaskingPolicyStmt, "DropMaskingPolicyStmt"},
{T_MaskingPolicyCondition, "MaskingPolicyCondition"},
{T_PolicyFilterNode, "PolicyFilterNode"},
{T_ShutdownStmt, "ShutdownStmt"},
{T_CreateWeakPasswordDictionaryStmt, "CreateWeakPasswordDictionaryStmt"},
{T_DropWeakPasswordDictionaryStmt, "DropWeakPasswordDictionaryStmt"},

12
src/common/backend/parser/gram.y
View File

@ -13802,11 +13802,11 @@ filter_paren:
policy_filters_list:
policy_filter_name
{
$$ = list_make1($1);
$$ = list_make1(makeString($1));
}
| policy_filters_list ',' policy_filter_name
{
$$ = lappend($1, $3);
$$ = lappend($1, makeString($3));
}
;
@ -14020,8 +14020,8 @@ DropAuditPolicyStmt:
}
;
policy_names_list:
policy_name { $$ = list_make1($1); }
| policy_names_list ',' policy_name { $$ = lappend($1, $3); }
policy_name { $$ = list_make1(makeString($1)); }
| policy_names_list ',' policy_name { $$ = lappend($1, makeString($3)); }
;
/*****************************************************************************
@ -14493,8 +14493,8 @@ DropPolicyLabelStmt:
;
policy_labels_list:
policy_label_name { $$ = list_make1($1); }
| policy_labels_list ',' policy_label_name { $$ = lappend($1, $3); }
policy_label_name { $$ = list_make1(makeString($1)); }
| policy_labels_list ',' policy_label_name { $$ = lappend($1, makeString($3)); }
;
/*****************************************************************************

4
src/gausskernel/security/gs_policy/gs_policy_audit.cpp
View File

@ -912,7 +912,7 @@ void drop_audit_policy(DropAuditPolicyStmt *stmt)
/* save Mng logs */
ListCell* policy_obj = NULL;
foreach (policy_obj, stmt->policy_names) {
const char* polname = (const char *)(lfirst(policy_obj));
const char* polname = (const char *)(((Value*)lfirst(policy_obj))->val.str);
char buff[512] = {0};
char user_name[USERNAME_LEN] = {0};
char session_ip[MAX_IP_LEN] = {0};
@ -928,7 +928,7 @@ void drop_audit_policy(DropAuditPolicyStmt *stmt)
}
foreach (policy_obj, stmt->policy_names) {
const char* polname = (const char *)(lfirst(policy_obj));
const char* polname = (const char *)(((Value*)lfirst(policy_obj))->val.str);
gs_stl::gs_set<long long> ids;
drop_policy_by_name<Form_gs_auditing_policy>(GsAuditingPolicyRelationId, polname, &ids);
if (ids.empty()) {

4
src/gausskernel/security/gs_policy/gs_policy_masking.cpp
View File

@ -1116,7 +1116,7 @@ void drop_masking_policy(DropMaskingPolicyStmt *stmt)
ListCell* policy_obj = NULL;
/* save Mng logs */
foreach(policy_obj, stmt->policy_names) {
const char* polname = (const char *)(lfirst(policy_obj));
const char* polname = (const char *)(((Value*)lfirst(policy_obj))->val.str);
char buff[BUFFSIZE] = {0};
char user_name[USERNAME_LEN] = {0};
char session_ip[MAX_IP_LEN] = {0};
@ -1137,7 +1137,7 @@ void drop_masking_policy(DropMaskingPolicyStmt *stmt)
heap_close(policy_relation, RowExclusiveLock);
foreach(policy_obj, stmt->policy_names) {
const char* polname = (const char *)(lfirst(policy_obj));
const char* polname = (const char *)(((Value*)lfirst(policy_obj))->val.str);
GsPolicyStruct cur_policy;
cur_policy.m_name = polname;
policies_set::iterator it = existing_policies.find(cur_policy);

2
src/gausskernel/security/gs_policy/gs_policy_utils.cpp
View File

@ -195,7 +195,7 @@ bool process_new_filters(const List *policy_filters, gs_stl::gs_string *flat_tre
List *filter_item_objects = (List *) n->values;
ListCell *filter_obj = NULL;
foreach(filter_obj, filter_item_objects) {
const char *filter_value = (const char *)(lfirst(filter_obj));
const char *filter_value = (const char *)(((Value*)lfirst(filter_obj))->val.str);
if (!verify_ip_role_app(n->filter_type, filter_value, flat_tree)) {
return false;
}

4
src/gausskernel/security/gs_policy/policy_common.cpp
View File

@ -1007,7 +1007,7 @@ void drop_policy_label(DropPolicyLabelStmt *stmt)
Relation labels_relation;
foreach(label_obj, stmt->label_names) {
const char* label_name = (const char *)(lfirst(label_obj));
const char *label_name = (const char *)(((Value*)lfirst(label_obj))->val.str);
char buff[MAX_MSG_BUFF_SIZE] = {0};
char user_name[USERNAME_LEN] = {0};
@ -1028,7 +1028,7 @@ void drop_policy_label(DropPolicyLabelStmt *stmt)
load_existing_labels(labels_relation, &existing_labels);
foreach (label_obj, stmt->label_names) {
const char *label_name = (const char *)(lfirst(label_obj));
const char *label_name = (const char *)(((Value*)lfirst(label_obj))->val.str);
/* first check whether such label exists */
policy_labels_map::iterator it = existing_labels.find(label_name);
if (it == existing_labels.end()) {