2010-11-25 17:48:49 +01:00
|
|
|
/*
|
|
|
|
|
* objectaccess.h
|
|
|
|
|
*
|
|
|
|
|
* Object access hooks.
|
|
|
|
|
*
|
2013-01-01 23:15:01 +01:00
|
|
|
* Portions Copyright (c) 1996-2013, PostgreSQL Global Development Group
|
2010-11-25 17:48:49 +01:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef OBJECTACCESS_H
|
|
|
|
|
#define OBJECTACCESS_H
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Object access hooks are intended to be called just before or just after
|
2011-04-10 17:42:00 +02:00
|
|
|
* performing certain actions on a SQL object. This is intended as
|
2010-11-25 17:48:49 +01:00
|
|
|
* infrastructure for security or logging pluggins.
|
|
|
|
|
*
|
2012-05-02 15:27:34 +02:00
|
|
|
* OAT_POST_CREATE should be invoked just after the object is created.
|
2010-11-25 17:48:49 +01:00
|
|
|
* Typically, this is done after inserting the primary catalog records and
|
|
|
|
|
* associated dependencies.
|
|
|
|
|
*
|
2012-03-09 20:34:56 +01:00
|
|
|
* OAT_DROP should be invoked just before deletion of objects; typically
|
|
|
|
|
* deleteOneObject(). Its arguments are packed within ObjectAccessDrop.
|
|
|
|
|
*
|
2013-03-18 03:55:14 +01:00
|
|
|
* OAT_POST_ALTER should be invoked just after the object is altered,
|
|
|
|
|
* but before the command counter is incremented. An extension using the
|
|
|
|
|
* hook can use SnapshotNow and SnapshotSelf to get the old and new
|
|
|
|
|
* versions of the tuple.
|
|
|
|
|
*
|
2013-04-05 14:51:31 +02:00
|
|
|
* OAT_NAMESPACE_SEARCH should be invoked prior to object name lookup under
|
|
|
|
|
* a particular namespace. This event is equivalent to usage permission
|
2013-04-12 14:39:38 +02:00
|
|
|
* on a schema under the default access control mechanism.
|
2013-04-05 14:51:31 +02:00
|
|
|
*
|
2010-11-25 17:48:49 +01:00
|
|
|
* Other types may be added in the future.
|
|
|
|
|
*/
|
|
|
|
|
typedef enum ObjectAccessType
|
|
|
|
|
{
|
|
|
|
|
OAT_POST_CREATE,
|
2012-03-09 20:34:56 +01:00
|
|
|
OAT_DROP,
|
2013-03-07 02:52:06 +01:00
|
|
|
OAT_POST_ALTER,
|
2013-04-05 14:51:31 +02:00
|
|
|
OAT_NAMESPACE_SEARCH,
|
2010-11-25 17:48:49 +01:00
|
|
|
} ObjectAccessType;
|
|
|
|
|
|
2012-10-23 23:07:26 +02:00
|
|
|
/*
|
|
|
|
|
* Arguments of OAT_POST_CREATE event
|
|
|
|
|
*/
|
|
|
|
|
typedef struct
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* This flag informs extensions whether the context of this creation
|
|
|
|
|
* is invoked by user's operations, or not. E.g, it shall be dealt
|
|
|
|
|
* as internal stuff on toast tables or indexes due to type changes.
|
|
|
|
|
*/
|
|
|
|
|
bool is_internal;
|
|
|
|
|
} ObjectAccessPostCreate;
|
|
|
|
|
|
2010-11-25 17:48:49 +01:00
|
|
|
/*
|
2012-03-09 20:34:56 +01:00
|
|
|
* Arguments of OAT_DROP event
|
2010-11-25 17:48:49 +01:00
|
|
|
*/
|
2012-03-09 20:34:56 +01:00
|
|
|
typedef struct
|
|
|
|
|
{
|
|
|
|
|
/*
|
2012-06-10 21:20:04 +02:00
|
|
|
* Flags to inform extensions the context of this deletion. Also see
|
|
|
|
|
* PERFORM_DELETION_* in dependency.h
|
2012-03-09 20:34:56 +01:00
|
|
|
*/
|
2012-06-10 21:20:04 +02:00
|
|
|
int dropflags;
|
2012-03-09 20:34:56 +01:00
|
|
|
} ObjectAccessDrop;
|
2010-11-25 17:48:49 +01:00
|
|
|
|
2012-03-09 20:34:56 +01:00
|
|
|
/*
|
2013-03-18 03:55:14 +01:00
|
|
|
* Arguments of OAT_POST_ALTER event
|
2012-03-09 20:34:56 +01:00
|
|
|
*/
|
2013-03-18 03:55:14 +01:00
|
|
|
typedef struct
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* This identifier is used when system catalog takes two IDs
|
|
|
|
|
* to identify a particular tuple of the catalog.
|
|
|
|
|
* It is only used when the caller want to identify an entry
|
|
|
|
|
* of pg_inherits, pg_db_role_setting or pg_user_mapping.
|
|
|
|
|
* Elsewhere, InvalidOid should be set.
|
|
|
|
|
*/
|
|
|
|
|
Oid auxiliary_id;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If this flag is set, the user hasn't requested that the object be
|
|
|
|
|
* altered, but we're doing it anyway for some internal reason.
|
|
|
|
|
* Permissions-checking hooks may want to skip checks if, say, we're
|
|
|
|
|
* alter the constraints of a temporary heap during CLUSTER.
|
|
|
|
|
*/
|
|
|
|
|
bool is_internal;
|
|
|
|
|
} ObjectAccessPostAlter;
|
|
|
|
|
|
2013-04-05 14:51:31 +02:00
|
|
|
/*
|
|
|
|
|
* Arguments of OAT_NAMESPACE_SEARCH
|
|
|
|
|
*/
|
|
|
|
|
typedef struct
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* If true, hook should report an error when permission to search this
|
|
|
|
|
* schema is denied.
|
|
|
|
|
*/
|
|
|
|
|
bool ereport_on_violation;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* This is, in essence, an out parameter. Core code should
|
|
|
|
|
* initialize this to true, and any extension that wants to deny
|
|
|
|
|
* access should reset it to false. But an extension should be
|
|
|
|
|
* careful never to store a true value here, so that in case there are
|
|
|
|
|
* multiple extensions access is only allowed if all extensions
|
|
|
|
|
* agree.
|
|
|
|
|
*/
|
|
|
|
|
bool result;
|
|
|
|
|
} ObjectAccessNamespaceSearch;
|
|
|
|
|
|
2013-03-18 03:55:14 +01:00
|
|
|
/* Plugin provides a hook function matching this signature. */
|
2011-04-10 17:42:00 +02:00
|
|
|
typedef void (*object_access_hook_type) (ObjectAccessType access,
|
|
|
|
|
Oid classId,
|
|
|
|
|
Oid objectId,
|
2012-03-09 20:34:56 +01:00
|
|
|
int subId,
|
|
|
|
|
void *arg);
|
2010-11-25 17:48:49 +01:00
|
|
|
|
2013-03-18 03:55:14 +01:00
|
|
|
/* Plugin sets this variable to a suitable hook function. */
|
2010-11-25 17:48:49 +01:00
|
|
|
extern PGDLLIMPORT object_access_hook_type object_access_hook;
|
|
|
|
|
|
2013-03-18 03:55:14 +01:00
|
|
|
/* Core code uses these functions to call the hook (see macros below). */
|
2013-03-07 02:52:06 +01:00
|
|
|
extern void RunObjectPostCreateHook(Oid classId, Oid objectId, int subId,
|
|
|
|
|
bool is_internal);
|
|
|
|
|
extern void RunObjectDropHook(Oid classId, Oid objectId, int subId,
|
|
|
|
|
int dropflags);
|
2013-03-18 03:55:14 +01:00
|
|
|
extern void RunObjectPostAlterHook(Oid classId, Oid objectId, int subId,
|
|
|
|
|
Oid auxiliaryId, bool is_internal);
|
2013-04-05 14:51:31 +02:00
|
|
|
extern bool RunNamespaceSearchHook(Oid objectId, bool ereport_on_volation);
|
2013-03-18 03:55:14 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The following macros are wrappers around the functions above; these should
|
|
|
|
|
* normally be used to invoke the hook in lieu of calling the above functions
|
|
|
|
|
* directly.
|
|
|
|
|
*/
|
2013-03-07 02:52:06 +01:00
|
|
|
|
|
|
|
|
#define InvokeObjectPostCreateHook(classId,objectId,subId) \
|
|
|
|
|
InvokeObjectPostCreateHookArg((classId),(objectId),(subId),false)
|
|
|
|
|
#define InvokeObjectPostCreateHookArg(classId,objectId,subId,is_internal) \
|
|
|
|
|
do { \
|
|
|
|
|
if (object_access_hook) \
|
|
|
|
|
RunObjectPostCreateHook((classId),(objectId),(subId), \
|
|
|
|
|
(is_internal)); \
|
|
|
|
|
} while(0)
|
|
|
|
|
|
|
|
|
|
#define InvokeObjectDropHook(classId,objectId,subId) \
|
|
|
|
|
InvokeObjectDropHookArg((classId),(objectId),(subId),0)
|
|
|
|
|
#define InvokeObjectDropHookArg(classId,objectId,subId,dropflags) \
|
2012-03-09 20:34:56 +01:00
|
|
|
do { \
|
|
|
|
|
if (object_access_hook) \
|
2013-03-07 02:52:06 +01:00
|
|
|
RunObjectDropHook((classId),(objectId),(subId), \
|
|
|
|
|
(dropflags)); \
|
2010-11-25 17:48:49 +01:00
|
|
|
} while(0)
|
|
|
|
|
|
2013-03-18 03:55:14 +01:00
|
|
|
#define InvokeObjectPostAlterHook(classId,objectId,subId) \
|
|
|
|
|
InvokeObjectPostAlterHookArg((classId),(objectId),(subId), \
|
|
|
|
|
InvalidOid,false)
|
|
|
|
|
#define InvokeObjectPostAlterHookArg(classId,objectId,subId, \
|
|
|
|
|
auxiliaryId,is_internal) \
|
|
|
|
|
do { \
|
|
|
|
|
if (object_access_hook) \
|
|
|
|
|
RunObjectPostAlterHook((classId),(objectId),(subId), \
|
|
|
|
|
(auxiliaryId),(is_internal)); \
|
|
|
|
|
} while(0)
|
|
|
|
|
|
2013-04-05 14:51:31 +02:00
|
|
|
#define InvokeNamespaceSearchHook(objectId, ereport_on_violation) \
|
|
|
|
|
(!object_access_hook \
|
|
|
|
|
? true \
|
|
|
|
|
: RunNamespaceSearchHook((objectId), (ereport_on_violation)))
|
|
|
|
|
|
2011-04-10 17:42:00 +02:00
|
|
|
#endif /* OBJECTACCESS_H */
|
