@@ -81,7 +81,7 @@ sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
81
81
if (security_get_initial_context_raw ("unlabeled" , & unlabeled ) < 0 )
82
82
ereport (ERROR ,
83
83
(errcode (ERRCODE_INTERNAL_ERROR ),
84
- errmsg ("SELinux: failed to get initial security label" )));
84
+ errmsg ("SELinux: failed to get initial security label: %m " )));
85
85
PG_TRY ();
86
86
{
87
87
label = pstrdup (unlabeled );
@@ -184,7 +184,7 @@ sepgsql_mcstrans_in(PG_FUNCTION_ARGS)
184
184
& raw_label ) < 0 )
185
185
ereport (ERROR ,
186
186
(errcode (ERRCODE_INTERNAL_ERROR ),
187
- errmsg ("SELinux: could not translate security label" )));
187
+ errmsg ("SELinux: could not translate security label: %m " )));
188
188
189
189
PG_TRY ();
190
190
{
@@ -224,7 +224,7 @@ sepgsql_mcstrans_out(PG_FUNCTION_ARGS)
224
224
& qual_label ) < 0 )
225
225
ereport (ERROR ,
226
226
(errcode (ERRCODE_INTERNAL_ERROR ),
227
- errmsg ("SELinux: could not translate security label" )));
227
+ errmsg ("SELinux: could not translate security label: %m " )));
228
228
229
229
PG_TRY ();
230
230
{
@@ -241,6 +241,51 @@ sepgsql_mcstrans_out(PG_FUNCTION_ARGS)
241
241
PG_RETURN_TEXT_P (cstring_to_text (result ));
242
242
}
243
243
244
+ /*
245
+ * quote_object_names
246
+ *
247
+ * It tries to quote the supplied identifiers
248
+ */
249
+ static char *
250
+ quote_object_name (const char * src1 , const char * src2 ,
251
+ const char * src3 , const char * src4 )
252
+ {
253
+ StringInfoData result ;
254
+ const char * temp ;
255
+
256
+ initStringInfo (& result );
257
+
258
+ if (src1 )
259
+ {
260
+ temp = quote_identifier (src1 );
261
+ appendStringInfo (& result , "%s" , temp );
262
+ if (src1 != temp )
263
+ pfree ((void * )temp );
264
+ }
265
+ if (src2 )
266
+ {
267
+ temp = quote_identifier (src2 );
268
+ appendStringInfo (& result , ".%s" , temp );
269
+ if (src2 != temp )
270
+ pfree ((void * )temp );
271
+ }
272
+ if (src3 )
273
+ {
274
+ temp = quote_identifier (src3 );
275
+ appendStringInfo (& result , ".%s" , temp );
276
+ if (src3 != temp )
277
+ pfree ((void * )temp );
278
+ }
279
+ if (src4 )
280
+ {
281
+ temp = quote_identifier (src4 );
282
+ appendStringInfo (& result , ".%s" , temp );
283
+ if (src4 != temp )
284
+ pfree ((void * )temp );
285
+ }
286
+ return result .data ;
287
+ }
288
+
244
289
/*
245
290
* exec_object_restorecon
246
291
*
@@ -273,7 +318,7 @@ exec_object_restorecon(struct selabel_handle *sehnd, Oid catalogId)
273
318
Form_pg_class relForm ;
274
319
Form_pg_attribute attForm ;
275
320
Form_pg_proc proForm ;
276
- char objname [ NAMEDATALEN * 4 + 10 ] ;
321
+ char * objname ;
277
322
int objtype = 1234 ;
278
323
ObjectAddress object ;
279
324
security_context_t context ;
@@ -288,8 +333,10 @@ exec_object_restorecon(struct selabel_handle *sehnd, Oid catalogId)
288
333
nspForm = (Form_pg_namespace ) GETSTRUCT (tuple );
289
334
290
335
objtype = SELABEL_DB_SCHEMA ;
291
- snprintf (objname , sizeof (objname ), "%s.%s" ,
292
- database_name , NameStr (nspForm -> nspname ));
336
+
337
+ objname = quote_object_name (database_name ,
338
+ NameStr (nspForm -> nspname ),
339
+ NULL , NULL );
293
340
294
341
object .classId = NamespaceRelationId ;
295
342
object .objectId = HeapTupleGetOid (tuple );
@@ -309,9 +356,10 @@ exec_object_restorecon(struct selabel_handle *sehnd, Oid catalogId)
309
356
continue ; /* no need to assign security label */
310
357
311
358
namespace_name = get_namespace_name (relForm -> relnamespace );
312
- snprintf (objname , sizeof (objname ), "%s.%s.%s" ,
313
- database_name , namespace_name ,
314
- NameStr (relForm -> relname ));
359
+ objname = quote_object_name (database_name ,
360
+ namespace_name ,
361
+ NameStr (relForm -> relname ),
362
+ NULL );
315
363
pfree (namespace_name );
316
364
317
365
object .classId = RelationRelationId ;
@@ -330,11 +378,12 @@ exec_object_restorecon(struct selabel_handle *sehnd, Oid catalogId)
330
378
namespace_id = get_rel_namespace (attForm -> attrelid );
331
379
namespace_name = get_namespace_name (namespace_id );
332
380
relation_name = get_rel_name (attForm -> attrelid );
333
- snprintf ( objname , sizeof ( objname ), "%s.%s.%s.%s" ,
334
- database_name , namespace_name ,
335
- relation_name , NameStr ( attForm -> attname ));
336
- pfree ( relation_name );
381
+ objname = quote_object_name ( database_name ,
382
+ namespace_name ,
383
+ relation_name ,
384
+ NameStr ( attForm -> attname ) );
337
385
pfree (namespace_name );
386
+ pfree (relation_name );
338
387
339
388
object .classId = RelationRelationId ;
340
389
object .objectId = attForm -> attrelid ;
@@ -347,9 +396,10 @@ exec_object_restorecon(struct selabel_handle *sehnd, Oid catalogId)
347
396
objtype = SELABEL_DB_PROCEDURE ;
348
397
349
398
namespace_name = get_namespace_name (proForm -> pronamespace );
350
- snprintf (objname , sizeof (objname ), "%s.%s.%s" ,
351
- database_name , namespace_name ,
352
- NameStr (proForm -> proname ));
399
+ objname = quote_object_name (database_name ,
400
+ namespace_name ,
401
+ NameStr (proForm -> proname ),
402
+ NULL );
353
403
pfree (namespace_name );
354
404
355
405
object .classId = ProcedureRelationId ;
@@ -359,6 +409,7 @@ exec_object_restorecon(struct selabel_handle *sehnd, Oid catalogId)
359
409
360
410
default :
361
411
elog (ERROR , "unexpected catalog id: %u" , catalogId );
412
+ objname = NULL ; /* for compiler quiet */
362
413
break ;
363
414
}
364
415
@@ -389,7 +440,9 @@ exec_object_restorecon(struct selabel_handle *sehnd, Oid catalogId)
389
440
else
390
441
ereport (ERROR ,
391
442
(errcode (ERRCODE_INTERNAL_ERROR ),
392
- errmsg ("SELinux: could not determine initial security label for %s (type=%d)" , objname , objtype )));
443
+ errmsg ("SELinux: could not determine initial security label for %s (type=%d): %m" , objname , objtype )));
444
+
445
+ pfree (objname );
393
446
}
394
447
systable_endscan (sscan );
395
448
@@ -449,7 +502,7 @@ sepgsql_restorecon(PG_FUNCTION_ARGS)
449
502
if (!sehnd )
450
503
ereport (ERROR ,
451
504
(errcode (ERRCODE_INTERNAL_ERROR ),
452
- errmsg ("SELinux: failed to initialize labeling handle" )));
505
+ errmsg ("SELinux: failed to initialize labeling handle: %m " )));
453
506
PG_TRY ();
454
507
{
455
508
/*
0 commit comments