schema/spacewalk/oracle/triggers/rhnPackageEvr.sql
| 32 ++++++++++
schema/spacewalk/postgres/procs/no_operation_trig_fun.sql
| 10 +++
schema/spacewalk/postgres/triggers/rhnPackageEvr.sql
| 7 ++
schema/spacewalk/schema-source-sanity-check.pl
| 1
schema/spacewalk/upgrade/spacewalk-schema-1.7-to-spacewalk-schema-1.8/031-no_operation_trig_fun.sql.postgresql
| 10 +++
schema/spacewalk/upgrade/spacewalk-schema-1.7-to-spacewalk-schema-1.8/032-rhnPackageEvr-trigger.sql.oracle
| 32 ++++++++++
schema/spacewalk/upgrade/spacewalk-schema-1.7-to-spacewalk-schema-1.8/032-rhnPackageEvr-trigger.sql.postgresql
| 7 ++
7 files changed, 99 insertions(+)
New commits:
commit 3acf583a6e74c24ebc0e3a7da63476508e5393b9
Author: Jan Pazdziora <jpazdziora(a)redhat.com>
Date: Fri Apr 20 13:17:33 2012 +0200
Schema hardening: catch code which would update or delete rhnPackageEvr.
diff --git a/schema/spacewalk/oracle/triggers/rhnPackageEvr.sql
b/schema/spacewalk/oracle/triggers/rhnPackageEvr.sql
new file mode 100644
index 0000000..bc59d37
--- /dev/null
+++ b/schema/spacewalk/oracle/triggers/rhnPackageEvr.sql
@@ -0,0 +1,32 @@
+--
+-- Copyright (c) 2012 Red Hat, Inc.
+--
+-- This software is licensed to you under the GNU General Public License,
+-- version 2 (GPLv2). There is NO WARRANTY for this software, express or
+-- implied, including the implied warranties of MERCHANTABILITY or FITNESS
+-- FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
+-- along with this software; if not, see
+--
http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
+--
+-- Red Hat trademarks are not licensed under GPLv2. No permission is
+-- granted to use or replicate Red Hat trademarks that are incorporated
+-- in this software or its documentation.
+--
+
+create or replace trigger
+rhn_pack_evr_no_updel_trig
+before update or delete on rhnPackageEvr
+declare
+ operation varchar(20);
+begin
+ if updating then
+ operation := 'UPDATE';
+ elsif deleting then
+ operation := 'DELETE';
+ else
+ raise_application_error(-20051, 'Unknown operation (no UPDATE and no
DELETE)');
+ end if;
+ raise_application_error(-20050, 'Permission denied: ' || operation || ' is
not allowed on RHNPACKAGEEVR');
+end;
+/
+show errors
diff --git a/schema/spacewalk/postgres/procs/no_operation_trig_fun.sql
b/schema/spacewalk/postgres/procs/no_operation_trig_fun.sql
new file mode 100644
index 0000000..fc6453c
--- /dev/null
+++ b/schema/spacewalk/postgres/procs/no_operation_trig_fun.sql
@@ -0,0 +1,10 @@
+-- oracle equivalent source none
+
+create function no_operation_trig_fun()
+returns trigger as
+$$
+begin
+ raise exception 'Permission denied: % is not allowed on %', TG_OP, TG_RELNAME;
+end;
+$$ language plpgsql;
+
diff --git a/schema/spacewalk/postgres/triggers/rhnPackageEvr.sql
b/schema/spacewalk/postgres/triggers/rhnPackageEvr.sql
new file mode 100644
index 0000000..fea41f1
--- /dev/null
+++ b/schema/spacewalk/postgres/triggers/rhnPackageEvr.sql
@@ -0,0 +1,7 @@
+-- oracle equivalent source sha1 f9833597e5035b2a9d3f8a1c399c736391f1a862
+
+create trigger
+rhn_pack_evr_no_updel_trig
+before insert or update on rhnPackageEvr
+execute procedure no_operation_trig_fun();
+
diff --git a/schema/spacewalk/schema-source-sanity-check.pl
b/schema/spacewalk/schema-source-sanity-check.pl
index a52b2f3..b27cf46 100644
--- a/schema/spacewalk/schema-source-sanity-check.pl
+++ b/schema/spacewalk/schema-source-sanity-check.pl
@@ -131,6 +131,7 @@ sub check_file_content {
|\s*\n
|create(?:\s+or\s+replace)?\s+function\s+(\w+)(?s:.+?)\s+language\s+plpgsql;
\s+create(\s+or\s+replace)?\s+trigger[^;]+\s+on\s+$name\b[^;]+execute\s+procedure\s+\1\(\);
+ |create(\s+or\s+replace)?\s+trigger[^;]+\s+on\s+$name\b[^;]+execute\s+procedure\s+no_operation_trig_fun\(\);
|create(\s+or\s+replace)?\s+trigger[^;]+\s+on\s+$name\b(?s:.+?);\n/\n
|show\s+errors;?\n
)+$!ix) {
diff --git
a/schema/spacewalk/upgrade/spacewalk-schema-1.7-to-spacewalk-schema-1.8/031-no_operation_trig_fun.sql.postgresql
b/schema/spacewalk/upgrade/spacewalk-schema-1.7-to-spacewalk-schema-1.8/031-no_operation_trig_fun.sql.postgresql
new file mode 100644
index 0000000..fc6453c
--- /dev/null
+++
b/schema/spacewalk/upgrade/spacewalk-schema-1.7-to-spacewalk-schema-1.8/031-no_operation_trig_fun.sql.postgresql
@@ -0,0 +1,10 @@
+-- oracle equivalent source none
+
+create function no_operation_trig_fun()
+returns trigger as
+$$
+begin
+ raise exception 'Permission denied: % is not allowed on %', TG_OP, TG_RELNAME;
+end;
+$$ language plpgsql;
+
diff --git
a/schema/spacewalk/upgrade/spacewalk-schema-1.7-to-spacewalk-schema-1.8/032-rhnPackageEvr-trigger.sql.oracle
b/schema/spacewalk/upgrade/spacewalk-schema-1.7-to-spacewalk-schema-1.8/032-rhnPackageEvr-trigger.sql.oracle
new file mode 100644
index 0000000..bc59d37
--- /dev/null
+++
b/schema/spacewalk/upgrade/spacewalk-schema-1.7-to-spacewalk-schema-1.8/032-rhnPackageEvr-trigger.sql.oracle
@@ -0,0 +1,32 @@
+--
+-- Copyright (c) 2012 Red Hat, Inc.
+--
+-- This software is licensed to you under the GNU General Public License,
+-- version 2 (GPLv2). There is NO WARRANTY for this software, express or
+-- implied, including the implied warranties of MERCHANTABILITY or FITNESS
+-- FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
+-- along with this software; if not, see
+--
http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
+--
+-- Red Hat trademarks are not licensed under GPLv2. No permission is
+-- granted to use or replicate Red Hat trademarks that are incorporated
+-- in this software or its documentation.
+--
+
+create or replace trigger
+rhn_pack_evr_no_updel_trig
+before update or delete on rhnPackageEvr
+declare
+ operation varchar(20);
+begin
+ if updating then
+ operation := 'UPDATE';
+ elsif deleting then
+ operation := 'DELETE';
+ else
+ raise_application_error(-20051, 'Unknown operation (no UPDATE and no
DELETE)');
+ end if;
+ raise_application_error(-20050, 'Permission denied: ' || operation || ' is
not allowed on RHNPACKAGEEVR');
+end;
+/
+show errors
diff --git
a/schema/spacewalk/upgrade/spacewalk-schema-1.7-to-spacewalk-schema-1.8/032-rhnPackageEvr-trigger.sql.postgresql
b/schema/spacewalk/upgrade/spacewalk-schema-1.7-to-spacewalk-schema-1.8/032-rhnPackageEvr-trigger.sql.postgresql
new file mode 100644
index 0000000..fea41f1
--- /dev/null
+++
b/schema/spacewalk/upgrade/spacewalk-schema-1.7-to-spacewalk-schema-1.8/032-rhnPackageEvr-trigger.sql.postgresql
@@ -0,0 +1,7 @@
+-- oracle equivalent source sha1 f9833597e5035b2a9d3f8a1c399c736391f1a862
+
+create trigger
+rhn_pack_evr_no_updel_trig
+before insert or update on rhnPackageEvr
+execute procedure no_operation_trig_fun();
+