pgq: dont allow regular users directly insert to event tables

diff --git a/sql/pgq/functions/pgq.current_event_table.sql b/sql/pgq/functions/pgq.current_event_table.sql
index b20dac0379e9aea6cb06bc9690a1d8af451701b3..5349bb7effa68c04ad7f0600376c2374c3ca5c97 100644 (file)
--- a/sql/pgq/functions/pgq.current_event_table.sql
+++ b/sql/pgq/functions/pgq.current_event_table.sql
@@ -3,13 +3,18 @@ returns text as $$
 -- ----------------------------------------------------------------------
 -- Function: pgq.current_event_table(1)
 --
---     Return active event table for particular queue.
+--      Return active event table for particular queue.
+--      Event can be added to it without going via functions,
+--      e.g. by COPY.
 --
 -- Note:
---     The result is valid only during current transaction.
+--      The result is valid only during current transaction.
+--
+-- Permissions:
+--      Actual insertion requires superuser access.
 --
 -- Parameters:
---     x_queue_name    - Queue name.
+--      x_queue_name    - Queue name.
 -- ----------------------------------------------------------------------
 declare
     res text;

diff --git a/sql/pgq/functions/pgq.force_tick.sql b/sql/pgq/functions/pgq.force_tick.sql
index 5c376ad689d793573df83fc797a1d537b37c8210..0ea098d9d53790a7e9a89d95bc1326656eae9334 100644 (file)
--- a/sql/pgq/functions/pgq.force_tick.sql
+++ b/sql/pgq/functions/pgq.force_tick.sql
@@ -10,9 +10,9 @@ returns bigint as $$
 --      Should be called in loop, with some delay until last tick
 --      changes or too much time is passed.
 --
---      Such function is needed because paraller calls o ticker() are
+--      Such function is needed because paraller calls of pgq.ticker() are
 --      dangerous, and cannot be protected with locks as snapshot
---      is taken before.
+--      is taken before locking.
 --
 -- Parameters:
 --      i_queue_name     - Name of the queue

diff --git a/sql/pgq/functions/pgq.grant_perms.sql b/sql/pgq/functions/pgq.grant_perms.sql
index d2c0083776c37ddadd6016a5ca0516db408de44f..dc2e53df62dc7d1df187382ef19b790ddae0a4e5 100644 (file)
--- a/sql/pgq/functions/pgq.grant_perms.sql
+++ b/sql/pgq/functions/pgq.grant_perms.sql
@@ -12,25 +12,46 @@ returns integer as $$
 --      nothing
 -- ----------------------------------------------------------------------
 declare
-    q     record;
-    i     integer;
+    q           record;
+    i           integer;
+    tbl_perms   text;
+    seq_perms   text;
 begin
     select * from pgq.queue into q
         where queue_name = x_queue_name;
     if not found then
         raise exception 'Queue not found';
     end if;
-    execute 'grant select, update on '
-        || q.queue_event_seq || ',' || q.queue_tick_seq
-        || ' to public';
-    execute 'grant select on '
-        || q.queue_data_pfx
-        || ' to public';
+
+    if true then
+        -- safe, all access must go via functions
+        seq_perms := 'select';
+        tbl_perms := 'select';
+    else
+        -- allow ordinery users to directly insert
+        -- to event tables.  dangerous.
+        seq_perms := 'select, update';
+        tbl_perms := 'select, insert';
+    end if;
+
+    -- tick seq, normal users don't need to modify it
+    execute 'grant ' || seq_perms
+        || ' on ' || q.queue_tick_seq || ' to public';
+
+    -- event seq
+    execute 'grant ' || seq_perms
+        || ' on ' || q.queue_event_seq || ' to public';
+    
+    -- parent table for events
+    execute 'grant select on ' || q.queue_data_pfx || ' to public';
+
+    -- real event tables
     for i in 0 .. q.queue_ntables - 1 loop
-        execute 'grant select, insert on '
-            || q.queue_data_pfx || '_' || i
+        execute 'grant ' || tbl_perms
+            || ' on ' || q.queue_data_pfx || '_' || i
             || ' to public';
     end loop;
+
     return 1;
 end;
 $$ language plpgsql security definer;

diff --git a/sql/pgq/functions/pgq.insert_event.sql b/sql/pgq/functions/pgq.insert_event.sql
index 2adfcbc08a40a9341eeb3ed2c77636d357cfd409..4c486724c1b0f0beca88aaf4c5040c292de60c3c 100644 (file)
--- a/sql/pgq/functions/pgq.insert_event.sql
+++ b/sql/pgq/functions/pgq.insert_event.sql
@@ -16,7 +16,7 @@ returns bigint as $$
 begin
     return pgq.insert_event(queue_name, ev_type, ev_data, null, null, null, null);
 end;
-$$ language plpgsql;  -- event inserting needs no special perms
+$$ language plpgsql security definer;
 
 
 
@@ -45,5 +45,5 @@ begin
     return pgq.insert_event_raw(queue_name, null, now(), null, null,
             ev_type, ev_data, ev_extra1, ev_extra2, ev_extra3, ev_extra4);
 end;
-$$ language plpgsql;  -- event inserting needs no special perms
+$$ language plpgsql security definer;
 

diff --git a/sql/pgq/functions/pgq.register_consumer.sql b/sql/pgq/functions/pgq.register_consumer.sql
index 30d38792ab4891f31c1ef38babb897563101e9f0..ae19d01e2d49bb7c7078c259888f9359b2140277 100644 (file)
--- a/sql/pgq/functions/pgq.register_consumer.sql
+++ b/sql/pgq/functions/pgq.register_consumer.sql
@@ -20,7 +20,7 @@ returns integer as $$
 begin
     return pgq.register_consumer(x_queue_name, x_consumer_id, NULL);
 end;
-$$ language plpgsql; -- no perms needed
+$$ language plpgsql security definer;
 
 
 create or replace function pgq.register_consumer(