PostgreSQL Source Code  git master
objectaccess.h
Go to the documentation of this file.
1 /*
2  * objectaccess.h
3  *
4  * Object access hooks.
5  *
6  * Portions Copyright (c) 1996-2022, PostgreSQL Global Development Group
7  * Portions Copyright (c) 1994, Regents of the University of California
8  */
9 
10 #ifndef OBJECTACCESS_H
11 #define OBJECTACCESS_H
12 
13 /*
14  * Object access hooks are intended to be called just before or just after
15  * performing certain actions on a SQL object. This is intended as
16  * infrastructure for security or logging plugins.
17  *
18  * OAT_POST_CREATE should be invoked just after the object is created.
19  * Typically, this is done after inserting the primary catalog records and
20  * associated dependencies.
21  *
22  * OAT_DROP should be invoked just before deletion of objects; typically
23  * deleteOneObject(). Its arguments are packed within ObjectAccessDrop.
24  *
25  * OAT_POST_ALTER should be invoked just after the object is altered,
26  * but before the command counter is incremented. An extension using the
27  * hook can use a current MVCC snapshot to get the old version of the tuple,
28  * and can use SnapshotSelf to get the new version of the tuple.
29  *
30  * OAT_NAMESPACE_SEARCH should be invoked prior to object name lookup under
31  * a particular namespace. This event is equivalent to usage permission
32  * on a schema under the default access control mechanism.
33  *
34  * OAT_FUNCTION_EXECUTE should be invoked prior to function execution.
35  * This event is almost equivalent to execute permission on functions,
36  * except for the case when execute permission is checked during object
37  * creation or altering, because OAT_POST_CREATE or OAT_POST_ALTER are
38  * sufficient for extensions to track these kind of checks.
39  *
40  * OAT_TRUNCATE should be invoked just before truncation of objects. This
41  * event is equivalent to truncate permission on a relation under the
42  * default access control mechanism.
43  *
44  * Other types may be added in the future.
45  */
46 typedef enum ObjectAccessType
47 {
48  OAT_POST_CREATE,
49  OAT_DROP,
50  OAT_POST_ALTER,
51  OAT_NAMESPACE_SEARCH,
52  OAT_FUNCTION_EXECUTE,
53  OAT_TRUNCATE
54 } ObjectAccessType;
55 
56 /*
57  * Arguments of OAT_POST_CREATE event
58  */
59 typedef struct
60 {
61  /*
62  * This flag informs extensions whether the context of this creation is
63  * invoked by user's operations, or not. E.g, it shall be dealt as
64  * internal stuff on toast tables or indexes due to type changes.
65  */
66  bool is_internal;
67 } ObjectAccessPostCreate;
68 
69 /*
70  * Arguments of OAT_DROP event
71  */
72 typedef struct
73 {
74  /*
75  * Flags to inform extensions the context of this deletion. Also see
76  * PERFORM_DELETION_* in dependency.h
77  */
78  int dropflags;
79 } ObjectAccessDrop;
80 
81 /*
82  * Arguments of OAT_POST_ALTER event
83  */
84 typedef struct
85 {
86  /*
87  * This identifier is used when system catalog takes two IDs to identify a
88  * particular tuple of the catalog. It is only used when the caller want
89  * to identify an entry of pg_inherits, pg_db_role_setting or
90  * pg_user_mapping. Elsewhere, InvalidOid should be set.
91  */
92  Oid auxiliary_id;
93 
94  /*
95  * If this flag is set, the user hasn't requested that the object be
96  * altered, but we're doing it anyway for some internal reason.
97  * Permissions-checking hooks may want to skip checks if, say, we're alter
98  * the constraints of a temporary heap during CLUSTER.
99  */
100  bool is_internal;
101 } ObjectAccessPostAlter;
102 
103 /*
104  * Arguments of OAT_NAMESPACE_SEARCH
105  */
106 typedef struct
107 {
108  /*
109  * If true, hook should report an error when permission to search this
110  * schema is denied.
111  */
112  bool ereport_on_violation;
113 
114  /*
115  * This is, in essence, an out parameter. Core code should initialize
116  * this to true, and any extension that wants to deny access should reset
117  * it to false. But an extension should be careful never to store a true
118  * value here, so that in case there are multiple extensions access is
119  * only allowed if all extensions agree.
120  */
121  bool result;
122 } ObjectAccessNamespaceSearch;
123 
124 /* Plugin provides a hook function matching one or both of these signatures. */
125 typedef void (*object_access_hook_type) (ObjectAccessType access,
126  Oid classId,
127  Oid objectId,
128  int subId,
129  void *arg);
130 
131 typedef void (*object_access_hook_type_str) (ObjectAccessType access,
132  Oid classId,
133  const char *objectStr,
134  int subId,
135  void *arg);
136 
137 /* Plugin sets this variable to a suitable hook function. */
138 extern PGDLLIMPORT object_access_hook_type object_access_hook;
139 extern PGDLLIMPORT object_access_hook_type_str object_access_hook_str;
140 
141 
142 /* Core code uses these functions to call the hook (see macros below). */
143 extern void RunObjectPostCreateHook(Oid classId, Oid objectId, int subId,
144  bool is_internal);
145 extern void RunObjectDropHook(Oid classId, Oid objectId, int subId,
146  int dropflags);
147 extern void RunObjectTruncateHook(Oid objectId);
148 extern void RunObjectPostAlterHook(Oid classId, Oid objectId, int subId,
149  Oid auxiliaryId, bool is_internal);
150 extern bool RunNamespaceSearchHook(Oid objectId, bool ereport_on_violation);
151 extern void RunFunctionExecuteHook(Oid objectId);
152 
153 /* String versions */
154 extern void RunObjectPostCreateHookStr(Oid classId, const char *objectStr, int subId,
155  bool is_internal);
156 extern void RunObjectDropHookStr(Oid classId, const char *objectStr, int subId,
157  int dropflags);
158 extern void RunObjectTruncateHookStr(const char *objectStr);
159 extern void RunObjectPostAlterHookStr(Oid classId, const char *objectStr, int subId,
160  Oid auxiliaryId, bool is_internal);
161 extern bool RunNamespaceSearchHookStr(const char *objectStr, bool ereport_on_violation);
162 extern void RunFunctionExecuteHookStr(const char *objectStr);
163 
164 
165 /*
166  * The following macros are wrappers around the functions above; these should
167  * normally be used to invoke the hook in lieu of calling the above functions
168  * directly.
169  */
170 
171 #define InvokeObjectPostCreateHook(classId,objectId,subId) \
172  InvokeObjectPostCreateHookArg((classId),(objectId),(subId),false)
173 #define InvokeObjectPostCreateHookArg(classId,objectId,subId,is_internal) \
174  do { \
175  if (object_access_hook) \
176  RunObjectPostCreateHook((classId),(objectId),(subId), \
177  (is_internal)); \
178  } while(0)
179 
180 #define InvokeObjectDropHook(classId,objectId,subId) \
181  InvokeObjectDropHookArg((classId),(objectId),(subId),0)
182 #define InvokeObjectDropHookArg(classId,objectId,subId,dropflags) \
183  do { \
184  if (object_access_hook) \
185  RunObjectDropHook((classId),(objectId),(subId), \
186  (dropflags)); \
187  } while(0)
188 
189 #define InvokeObjectTruncateHook(objectId) \
190  do { \
191  if (object_access_hook) \
192  RunObjectTruncateHook(objectId); \
193  } while(0)
194 
195 #define InvokeObjectPostAlterHook(classId,objectId,subId) \
196  InvokeObjectPostAlterHookArg((classId),(objectId),(subId), \
197  InvalidOid,false)
198 #define InvokeObjectPostAlterHookArg(classId,objectId,subId, \
199  auxiliaryId,is_internal) \
200  do { \
201  if (object_access_hook) \
202  RunObjectPostAlterHook((classId),(objectId),(subId), \
203  (auxiliaryId),(is_internal)); \
204  } while(0)
205 
206 #define InvokeNamespaceSearchHook(objectId, ereport_on_violation) \
207  (!object_access_hook \
208  ? true \
209  : RunNamespaceSearchHook((objectId), (ereport_on_violation)))
210 
211 #define InvokeFunctionExecuteHook(objectId) \
212  do { \
213  if (object_access_hook) \
214  RunFunctionExecuteHook(objectId); \
215  } while(0)
216 
217 
218 #define InvokeObjectPostCreateHookStr(classId,objectName,subId) \
219  InvokeObjectPostCreateHookArgStr((classId),(objectName),(subId),false)
220 #define InvokeObjectPostCreateHookArgStr(classId,objectName,subId,is_internal) \
221  do { \
222  if (object_access_hook_str) \
223  RunObjectPostCreateHookStr((classId),(objectName),(subId), \
224  (is_internal)); \
225  } while(0)
226 
227 #define InvokeObjectDropHookStr(classId,objectName,subId) \
228  InvokeObjectDropHookArgStr((classId),(objectName),(subId),0)
229 #define InvokeObjectDropHookArgStr(classId,objectName,subId,dropflags) \
230  do { \
231  if (object_access_hook_str) \
232  RunObjectDropHookStr((classId),(objectName),(subId), \
233  (dropflags)); \
234  } while(0)
235 
236 #define InvokeObjectTruncateHookStr(objectName) \
237  do { \
238  if (object_access_hook_str) \
239  RunObjectTruncateHookStr(objectName); \
240  } while(0)
241 
242 #define InvokeObjectPostAlterHookStr(classId,objectName,subId) \
243  InvokeObjectPostAlterHookArgStr((classId),(objectName),(subId), \
244  InvalidOid,false)
245 #define InvokeObjectPostAlterHookArgStr(classId,objectName,subId, \
246  auxiliaryId,is_internal) \
247  do { \
248  if (object_access_hook_str) \
249  RunObjectPostAlterHookStr((classId),(objectName),(subId), \
250  (auxiliaryId),(is_internal)); \
251  } while(0)
252 
253 #define InvokeNamespaceSearchHookStr(objectName, ereport_on_violation) \
254  (!object_access_hook_str \
255  ? true \
256  : RunNamespaceSearchHookStr((objectName), (ereport_on_violation)))
257 
258 #define InvokeFunctionExecuteHookStr(objectName) \
259  do { \
260  if (object_access_hook_str) \
261  RunFunctionExecuteHookStr(objectName); \
262  } while(0)
263 
264 
265 #endif /* OBJECTACCESS_H */
PGDLLIMPORT
#define PGDLLIMPORT
Definition: c.h:1331
RunObjectDropHookStr
void RunObjectDropHookStr(Oid classId, const char *objectStr, int subId, int dropflags)
Definition: objectaccess.c:180
RunNamespaceSearchHookStr
bool RunNamespaceSearchHookStr(const char *objectStr, bool ereport_on_violation)
Definition: objectaccess.c:241
RunObjectTruncateHookStr
void RunObjectTruncateHookStr(const char *objectStr)
Definition: objectaccess.c:202
RunFunctionExecuteHookStr
void RunFunctionExecuteHookStr(const char *objectStr)
Definition: objectaccess.c:265
RunObjectDropHook
void RunObjectDropHook(Oid classId, Oid objectId, int subId, int dropflags)
Definition: objectaccess.c:54
RunObjectPostAlterHookStr
void RunObjectPostAlterHookStr(Oid classId, const char *objectStr, int subId, Oid auxiliaryId, bool is_internal)
Definition: objectaccess.c:218
RunObjectPostAlterHook
void RunObjectPostAlterHook(Oid classId, Oid objectId, int subId, Oid auxiliaryId, bool is_internal)
Definition: objectaccess.c:92
RunFunctionExecuteHook
void RunFunctionExecuteHook(Oid objectId)
Definition: objectaccess.c:139
RunObjectPostCreateHookStr
void RunObjectPostCreateHookStr(Oid classId, const char *objectStr, int subId, bool is_internal)
Definition: objectaccess.c:158
RunNamespaceSearchHook
bool RunNamespaceSearchHook(Oid objectId, bool ereport_on_violation)
Definition: objectaccess.c:115
object_access_hook_type
void(* object_access_hook_type)(ObjectAccessType access, Oid classId, Oid objectId, int subId, void *arg)
Definition: objectaccess.h:125
object_access_hook
PGDLLIMPORT object_access_hook_type object_access_hook
Definition: objectaccess.c:22
object_access_hook_type_str
void(* object_access_hook_type_str)(ObjectAccessType access, Oid classId, const char *objectStr, int subId, void *arg)
Definition: objectaccess.h:131
ObjectAccessType
ObjectAccessType
Definition: objectaccess.h:47
OAT_NAMESPACE_SEARCH
@ OAT_NAMESPACE_SEARCH
Definition: objectaccess.h:51
OAT_FUNCTION_EXECUTE
@ OAT_FUNCTION_EXECUTE
Definition: objectaccess.h:52
OAT_DROP
@ OAT_DROP
Definition: objectaccess.h:49
OAT_TRUNCATE
@ OAT_TRUNCATE
Definition: objectaccess.h:53
OAT_POST_ALTER
@ OAT_POST_ALTER
Definition: objectaccess.h:50
OAT_POST_CREATE
@ OAT_POST_CREATE
Definition: objectaccess.h:48
RunObjectTruncateHook
void RunObjectTruncateHook(Oid objectId)
Definition: objectaccess.c:76
RunObjectPostCreateHook
void RunObjectPostCreateHook(Oid classId, Oid objectId, int subId, bool is_internal)
Definition: objectaccess.c:32
object_access_hook_str
PGDLLIMPORT object_access_hook_type_str object_access_hook_str
Definition: objectaccess.c:23
arg
void * arg
Definition: pg_backup_utils.c:27
Oid
unsigned int Oid
Definition: postgres_ext.h:31