Fix error message on bad label for a table (michelp#59)

When setting an invalid label on a table, the error message was reporting an invalid label for a column.
ioguix · Dec 17, 2022 · d8da715 · d8da715
1 parent a114f51
commit d8da715
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 7 deletions.
diff --git a/src/pgsodium.c b/src/pgsodium.c
@@ -20,9 +20,15 @@ pgsodium_object_relabel (const ObjectAddress * object, const char *seclabel)
 	  case RelationRelationId:
 
 		  /* SECURITY LABEL FOR pgsodium ON TABLE ...' */
-		  if (object->objectSubId == 0
-			  && pg_strncasecmp (seclabel, "DECRYPT WITH VIEW", 17) == 0)
-			  return;
+		  if (object->objectSubId == 0)
+		  {
+			  if (pg_strncasecmp (seclabel, "DECRYPT WITH VIEW", 17) == 0)
+				  return;
+			  ereport (ERROR,
+				  (errcode (ERRCODE_INVALID_NAME),
+					  errmsg ("'%s' is not a valid label for a table",
+						  seclabel)));
+		  }
 
 		  /* SECURITY LABEL FOR pgsodium ON COLUMN t.i IS '...' */
 		  if (pg_strncasecmp (seclabel, "ENCRYPT WITH", 12) == 0)

diff --git a/test/tce.sql b/test/tce.sql
@@ -1,6 +1,6 @@
 \if :serverkeys
 BEGIN;
-SELECT plan(15);
+SELECT plan(17);
 
 CREATE SCHEMA private;
 CREATE SCHEMA "private-test";
@@ -48,6 +48,14 @@ CREATE TABLE "private-test"."bar-test"(
   "nonce2-test" bytea DEFAULT pgsodium.crypto_aead_det_noncegen()
 );
 
+SELECT throws_ok(
+  $test$
+  SECURITY LABEL FOR pgsodium ON TABLE private.bar IS 'wrong'
+  $test$,
+  '42602',
+  '''wrong'' is not a valid label for a table',
+  'reject bad label on a table');
+
 SELECT lives_ok(
   $test$
   SECURITY LABEL FOR pgsodium ON TABLE private.bar IS 'DECRYPT WITH VIEW private.other_bar'
@@ -67,6 +75,14 @@ SELECT id AS secret_key_id FROM pgsodium.create_key('aead-det', 'OPTIONAL_NAME')
 SELECT id AS secret2_key_id
   FROM pgsodium.create_key('aead-det', 'Optional Name 2') \gset
 
+SELECT throws_ok(
+  $test$
+  SECURITY LABEL FOR pgsodium ON COLUMN private.foo.secret IS 'wrong again'
+  $test$,
+  '42602',
+  '''wrong again'' is not a valid label for a column',
+  'reject bad label on a column');
+
 SELECT lives_ok(
   format($test$
          SECURITY LABEL FOR pgsodium ON COLUMN private.foo.secret
@@ -119,9 +135,6 @@ GRANT ALL ON SCHEMA "private-test" to bobo;
 GRANT ALL ON ALL TABLES IN SCHEMA "private-test" to bobo;
 GRANT USAGE ON ALL SEQUENCES IN SCHEMA "private-test" TO bobo;
 
-SELECT * FROM finish();
-COMMIT;
-
 select pgsodium.update_masks();
 
 select ok(has_table_privilege('bobo', 'private.bar', 'SELECT'),
@@ -140,6 +153,8 @@ select ok(has_table_privilege('bobo', 'private.other_bar', 'DELETE'),
 	'user keeps view delete privs after regeneration');
 
 SELECT * FROM finish();
+COMMIT;
+
 \c - bobo
 
 BEGIN;