Add String object access hooks

This caters for cases where the access is to an object identified by name rather than Oid. The first user of these is the GUC access controls Joshua Brindle and Mark Dilger Discussion: https://postgr.es/m/47F87A0E-C0E5-43A6-89F6-D403F2B45175@enterprisedb.com
author: Andrew Dunstan 2022-03-22 13:06:15 +0000
committer: Andrew Dunstan 2022-03-22 14:28:31 +0000
commit: d11e84ea466b4e3855d7bd5142fb68f51c273567 (patch)
tree: 5bb1bf60ef69eaefd8a622c42f58b2550cb630bc /src/backend
parent: 29992a6a509b256efc4ac560a1586b51a64b2637 (diff)
2 files changed, 151 insertions, 6 deletions
diff --git a/src/backend/catalog/objectaccess.c b/src/backend/catalog/objectaccess.c
index 549fac45392..38922294e28 100644
--- a/src/backend/catalog/objectaccess.c
+++ b/src/backend/catalog/objectaccess.c
@@ -20,11 +20,13 @@
  * and logging plugins.
  */
 object_access_hook_type object_access_hook = NULL;
+object_access_hook_type_str object_access_hook_str = NULL;
+
 
 /*
  * RunObjectPostCreateHook
  *
- * It is entrypoint of OAT_POST_CREATE event
+ * OAT_POST_CREATE object ID based event hook entrypoint
  */
 void
 RunObjectPostCreateHook(Oid classId, Oid objectId, int subId,
@@ -46,7 +48,7 @@ RunObjectPostCreateHook(Oid classId, Oid objectId, int subId,
 /*
  * RunObjectDropHook
  *
- * It is entrypoint of OAT_DROP event
+ * OAT_DROP object ID based event hook entrypoint
  */
 void
 RunObjectDropHook(Oid classId, Oid objectId, int subId,
@@ -68,7 +70,7 @@ RunObjectDropHook(Oid classId, Oid objectId, int subId,
 /*
  * RunObjectTruncateHook
  *
- * It is the entrypoint of OAT_TRUNCATE event
+ * OAT_TRUNCATE object ID based event hook entrypoint
  */
 void
 RunObjectTruncateHook(Oid objectId)
@@ -84,7 +86,7 @@ RunObjectTruncateHook(Oid objectId)
 /*
  * RunObjectPostAlterHook
  *
- * It is entrypoint of OAT_POST_ALTER event
+ * OAT_POST_ALTER object ID based event hook entrypoint
  */
 void
 RunObjectPostAlterHook(Oid classId, Oid objectId, int subId,
@@ -107,7 +109,7 @@ RunObjectPostAlterHook(Oid classId, Oid objectId, int subId,
 /*
  * RunNamespaceSearchHook
  *
- * It is entrypoint of OAT_NAMESPACE_SEARCH event
+ * OAT_NAMESPACE_SEARCH object ID based event hook entrypoint
  */
 bool
 RunNamespaceSearchHook(Oid objectId, bool ereport_on_violation)
@@ -131,7 +133,7 @@ RunNamespaceSearchHook(Oid objectId, bool ereport_on_violation)
 /*
  * RunFunctionExecuteHook
  *
- * It is entrypoint of OAT_FUNCTION_EXECUTE event
+ * OAT_FUNCTION_EXECUTE object ID based event hook entrypoint
  */
 void
 RunFunctionExecuteHook(Oid objectId)
@@ -143,3 +145,129 @@ RunFunctionExecuteHook(Oid objectId)
 						   ProcedureRelationId, objectId, 0,
 						   NULL);
 }
+
+/* String versions */
+
+
+/*
+ * RunObjectPostCreateHookStr
+ *
+ * OAT_POST_CREATE object name based event hook entrypoint
+ */
+void
+RunObjectPostCreateHookStr(Oid classId, const char *objectName, int subId,
+						bool is_internal)
+{
+	ObjectAccessPostCreate pc_arg;
+
+	/* caller should check, but just in case... */
+	Assert(object_access_hook_str != NULL);
+
+	memset(&pc_arg, 0, sizeof(ObjectAccessPostCreate));
+	pc_arg.is_internal = is_internal;
+
+	(*object_access_hook_str) (OAT_POST_CREATE,
+						   classId, objectName, subId,
+						   (void *) &pc_arg);
+}
+
+/*
+ * RunObjectDropHookStr
+ *
+ * OAT_DROP object name based event hook entrypoint
+ */
+void
+RunObjectDropHookStr(Oid classId, const char *objectName, int subId,
+				  int dropflags)
+{
+	ObjectAccessDrop drop_arg;
+
+	/* caller should check, but just in case... */
+	Assert(object_access_hook_str != NULL);
+
+	memset(&drop_arg, 0, sizeof(ObjectAccessDrop));
+	drop_arg.dropflags = dropflags;
+
+	(*object_access_hook_str) (OAT_DROP,
+						   classId, objectName, subId,
+						   (void *) &drop_arg);
+}
+
+/*
+ * RunObjectTruncateHookStr
+ *
+ * OAT_TRUNCATE object name based event hook entrypoint
+ */
+void
+RunObjectTruncateHookStr(const char *objectName)
+{
+	/* caller should check, but just in case... */
+	Assert(object_access_hook_str != NULL);
+
+	(*object_access_hook_str) (OAT_TRUNCATE,
+						   RelationRelationId, objectName, 0,
+						   NULL);
+}
+
+/*
+ * RunObjectPostAlterHookStr
+ *
+ * OAT_POST_ALTER object name based event hook entrypoint
+ */
+void
+RunObjectPostAlterHookStr(Oid classId, const char *objectName, int subId,
+					   Oid auxiliaryId, bool is_internal)
+{
+	ObjectAccessPostAlter pa_arg;
+
+	/* caller should check, but just in case... */
+	Assert(object_access_hook_str != NULL);
+
+	memset(&pa_arg, 0, sizeof(ObjectAccessPostAlter));
+	pa_arg.auxiliary_id = auxiliaryId;
+	pa_arg.is_internal = is_internal;
+
+	(*object_access_hook_str) (OAT_POST_ALTER,
+						   classId, objectName, subId,
+						   (void *) &pa_arg);
+}
+
+/*
+ * RunNamespaceSearchHookStr
+ *
+ * OAT_NAMESPACE_SEARCH object name based event hook entrypoint
+ */
+bool
+RunNamespaceSearchHookStr(const char *objectName, bool ereport_on_violation)
+{
+	ObjectAccessNamespaceSearch ns_arg;
+
+	/* caller should check, but just in case... */
+	Assert(object_access_hook_str != NULL);
+
+	memset(&ns_arg, 0, sizeof(ObjectAccessNamespaceSearch));
+	ns_arg.ereport_on_violation = ereport_on_violation;
+	ns_arg.result = true;
+
+	(*object_access_hook_str) (OAT_NAMESPACE_SEARCH,
+						   NamespaceRelationId, objectName, 0,
+						   (void *) &ns_arg);
+
+	return ns_arg.result;
+}
+
+/*
+ * RunFunctionExecuteHookStr
+ *
+ * OAT_FUNCTION_EXECUTE object name based event hook entrypoint
+ */
+void
+RunFunctionExecuteHookStr(const char *objectName)
+{
+	/* caller should check, but just in case... */
+	Assert(object_access_hook_str != NULL);
+
+	(*object_access_hook_str) (OAT_FUNCTION_EXECUTE,
+						   ProcedureRelationId, objectName, 0,
+						   NULL);
+}
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index e7f0a380e60..932aefc777d 100644
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -43,6 +43,7 @@
 #include "access/xlog_internal.h"
 #include "access/xlogrecovery.h"
 #include "catalog/namespace.h"
+#include "catalog/objectaccess.h"
 #include "catalog/pg_authid.h"
 #include "catalog/storage.h"
 #include "commands/async.h"
@@ -8737,6 +8738,18 @@ AlterSystemSetConfigFile(AlterSystemStmt *altersysstmt)
 	}
 
 	/*
+	 * Invoke the post-alter hook for altering this GUC variable.
+	 *
+	 * We do this here rather than at the end, because ALTER SYSTEM is not
+	 * transactional.  If the hook aborts our transaction, it will be cleaner
+	 * to do so before we touch any files.
+	 */
+	InvokeObjectPostAlterHookArgStr(InvalidOid, name,
+									ACL_ALTER_SYSTEM,
+									altersysstmt->setstmt->kind,
+									false);
+
+	/*
 	 * To ensure crash safety, first write the new file data to a temp file,
 	 * then atomically rename it into place.
 	 *
@@ -8907,6 +8920,10 @@ ExecSetVariableStmt(VariableSetStmt *stmt, bool isTopLevel)
 			ResetAllOptions();
 			break;
 	}
+
+	/* Invoke the post-alter hook for setting this GUC variable. */
+	InvokeObjectPostAlterHookArgStr(InvalidOid, stmt->name,
+									ACL_SET_VALUE, stmt->kind, false);
 }
 
 /*
author	Andrew Dunstan	2022-03-22 13:06:15 +0000
committer	Andrew Dunstan	2022-03-22 14:28:31 +0000
commit	d11e84ea466b4e3855d7bd5142fb68f51c273567 (patch)
tree	5bb1bf60ef69eaefd8a622c42f58b2550cb630bc /src/backend
parent	29992a6a509b256efc4ac560a1586b51a64b2637 (diff)