Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sMRif-002OG5-Ac
	for pgsql-general@arkaria.postgresql.org; Wed, 26 Jun 2024 12:25:49 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sMRic-0045nA-Rb
	for pgsql-general@arkaria.postgresql.org; Wed, 26 Jun 2024 12:25:47 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ddevienne@gmail.com>)
	id 1sMRic-0045n1-Gv
	for pgsql-general@lists.postgresql.org; Wed, 26 Jun 2024 12:25:46 +0000
Received: from mail-ot1-x335.google.com ([2607:f8b0:4864:20::335])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <ddevienne@gmail.com>)
	id 1sMRiZ-003eL9-Pd
	for pgsql-general@lists.postgresql.org; Wed, 26 Jun 2024 12:25:45 +0000
Received: by mail-ot1-x335.google.com with SMTP id 46e09a7af769-700cb05c118so745317a34.2
        for <pgsql-general@lists.postgresql.org>; Wed, 26 Jun 2024 05:25:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1719404742; x=1720009542; darn=lists.postgresql.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=l/SzdW0113EBBDmfvd1wH54mdRiHe/soy33i1jbiP94=;
        b=VjUyp7vo0X8WSexTM1lrCAmlmpYW+uV7avO4P5bVj+Ztf8TcPU+NtkMEtH8Nb3v/8b
         vh+Q8xtzHydQa7RMe5r496NduA1P3NCL2yPhBdYz7qiy0JscnheeCgAgpxJT5vmfrqlx
         nO5eDfxrpU51g+3L1/KSM1/60VA1NnZuTxEVFramquPKudVl4IKT9/lVGI7tDK1gxcVc
         cyDwX7/Sr0I60bCZPU57sse77w1jRWmidPeFbr8DESGo1Z5vQpAmj9X9V2pr++e2iUe4
         PfVGXARRw1p5lDcPKVul0TLdpVXoCuJ5I4KKaK9KL5TbHGsepukajxZEyOHJ+R9ehVjN
         bMWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1719404742; x=1720009542;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=l/SzdW0113EBBDmfvd1wH54mdRiHe/soy33i1jbiP94=;
        b=R2t4N3/rCMIj5wtay6RDmjYCWf3910ECKscAbGTpdfwOcVprzchzbNapSan2I3f9lT
         KoV/fO3cAUqlGxYiUpbfzlzM4f5LTP6G1GyLsu4+afo3vjOjzkd6hs+ccpXSv/iENL/N
         W5bY0tJ+96x6d8m7CSx8LSjtHGhCboa+7tYZbKS0XJ7Ye93nlOhYzOz8Qf2H0ho1/uOg
         oH1Uy6EpzIuN5RNDDoyZ1CZwaBhMO+hsAUVRWJtNW74n2sc5+ot1ZucvRJfFLO9d7NCE
         w6bXZZyeHvklS4NGwRl5j05Zvc7XljFbtNBf8OwpWnFEztg4gtq171PE7gUZ/KlPC8RM
         iamw==
X-Gm-Message-State: AOJu0YzxMUOr0LeRS6S3RQyx/prXhPL3jYEJyRQ980IZYAbAj0iyvuKi
	63gq8iaur0e6Zl0daPHchlGHF4aPpTG1wMCZNuITVhnW/+iNtpgLxasfjzhtOcTNNaq7is42uUW
	ysRr2sPhhb4gPC155lWFRubXSJWR/R4n5
X-Google-Smtp-Source: AGHT+IH7O1soYTxgYfeYv1CkN3VYYyM0OeGcEteKs+9774NewlFzL1eORX4fgprQy0f3C+c5uF33K4AISNwaAtCveDs=
X-Received: by 2002:a05:6870:148e:b0:254:cbaf:1216 with SMTP id
 586e51a60fabf-25d06cdacb5mr11577141fac.27.1719404741835; Wed, 26 Jun 2024
 05:25:41 -0700 (PDT)
MIME-Version: 1.0
References: <CAFCRh--0j77ueun+Ak0vRe_vi__Jks_HZjD9QbD+THR8gAWvRQ@mail.gmail.com>
 <0b7d3b22-3e98-4eca-bc14-9430c48c0217@technowledgy.de>
In-Reply-To: <0b7d3b22-3e98-4eca-bc14-9430c48c0217@technowledgy.de>
From: Dominique Devienne <ddevienne@gmail.com>
Date: Wed, 26 Jun 2024 14:25:30 +0200
Message-ID: <CAFCRh-_FKBWVpBnD6ECOfM_bSgBfudDoPnBJM136O+pp5O27DQ@mail.gmail.com>
Subject: Re: current_role of caller of a DEFINER function
To: walther@technowledgy.de
Cc: pgsql-general@lists.postgresql.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CAFCRh-_FKBWVpBnD6ECOfM_bSgBfudDoPnBJM136O%2Bpp5O27DQ%40mail.gmail.com>
Precedence: bulk

On Wed, Jun 26, 2024 at 12:11=E2=80=AFPM <walther@technowledgy.de> wrote:
> Dominique Devienne:
> > 1) Is there any way to know the current_role of the caller of a
> > DEFINER function. I fear the answer is no, but better be sure from
> > experts here.
>
> You can do something like this:
>
> CREATE DOMAIN current_user_only AS text
>    CONSTRAINT current_user_only CHECK (VALUE =3D CURRENT_USER);
>
> CREATE FUNCTION func(
>    calling_user current_user_only DEFAULT CURRENT_USER
> ) ... SECURITY DEFINER;
>
> The default value will be evaluated in the context of the calling user,
> the constraint forces it to never be set explicitly to something else.

Fantastic Wolfgang. Thanks! (again...)

I just tested it in my unit test (unlike last time, see below...), and
it works perfectly.

I tried w/o param, to benefit from the default. OK.
I tried w/ an explicit param, that satisfies the constraint. OK.
I tired w/ an explicit param, that does NOT satisfy the constraint
(i.e. simulating a hack), and it is KO as expected:

ERROR:  value for domain captured_current_role violates check
constraint "equals_current_role"

On Wed, Jun 26, 2024 at 12:06=E2=80=AFPM Erik Wienhold <ewie@ewie.name> wro=
te:
> Have you tried capturing current_user with a function parameter and defau=
lt value?
> https://www.postgresql.org/message-id/f82f70fd-665f-6384-5e8a-987ab9e640d=
3%40technowledgy.de

I'm embarrassed to admit that you posted a link to a response to one
of my own threads/questions...
Which Wolfgang in fact had already answered then even. I had
completely forgotten about it, sorry.

On Wed, Jun 26, 2024 at 11:08=E2=80=AFAM Laurenz Albe <laurenz.albe@cyberte=
c.at> wrote:
> On Wed, 2024-06-26 at 10:35 +0200, Dominique Devienne wrote:
> > So I have two questions:
> > 1) Is there any way to know the current_role of the caller of a
> > DEFINER function. I fear the answer is no, but better be sure from
> > experts here.
>
> Just to be certain, let me ask a question back:
>
> If a SECURITY DEFINER function calls another SECURITY DEFINER function,
> which role would you like to get:
> 1. the invoker that called the 1st function
> 2. the owner of the 1st function (which is the user that called the 2nd f=
unction)

Honestly Laurenz, I didn't think about it, and it does not matter too
much in my case.
Because what matters to me is the initial entry-point, from caller to
DEFINER function,
to accurately capture the role, and then I can pass it on explicitly
myself if needed.
This is for more knowledgeable people to decide on.

I still think such a new variable would be useful,
and simpler than Wolfgang's DOMAIN solution,
but I do have a solution that works right now, and
not in a future version, assuming such a change ever occurs,
so this is already great for me.

Thank you all, --DD