PostgreSQL Source Code  git master
objectaccess.h
Go to the documentation of this file.
1 /*
2  * objectaccess.h
3  *
4  * Object access hooks.
5  *
6  * Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
7  * Portions Copyright (c) 1994, Regents of the University of California
8  */
9 
10 #ifndef OBJECTACCESS_H
11 #define OBJECTACCESS_H
12 
13 /*
14  * Object access hooks are intended to be called just before or just after
15  * performing certain actions on a SQL object. This is intended as
16  * infrastructure for security or logging plugins.
17  *
18  * OAT_POST_CREATE should be invoked just after the object is created.
19  * Typically, this is done after inserting the primary catalog records and
20  * associated dependencies.
21  *
22  * OAT_DROP should be invoked just before deletion of objects; typically
23  * deleteOneObject(). Its arguments are packed within ObjectAccessDrop.
24  *
25  * OAT_POST_ALTER should be invoked just after the object is altered,
26  * but before the command counter is incremented. An extension using the
27  * hook can use a current MVCC snapshot to get the old version of the tuple,
28  * and can use SnapshotSelf to get the new version of the tuple.
29  *
30  * OAT_NAMESPACE_SEARCH should be invoked prior to object name lookup under
31  * a particular namespace. This event is equivalent to usage permission
32  * on a schema under the default access control mechanism.
33  *
34  * OAT_FUNCTION_EXECUTE should be invoked prior to function execution.
35  * This event is almost equivalent to execute permission on functions,
36  * except for the case when execute permission is checked during object
37  * creation or altering, because OAT_POST_CREATE or OAT_POST_ALTER are
38  * sufficient for extensions to track these kind of checks.
39  *
40  * OAT_TRUNCATE should be invoked just before truncation of objects. This
41  * event is equivalent to truncate permission on a relation under the
42  * default access control mechanism.
43  *
44  * Other types may be added in the future.
45  */
46 typedef enum ObjectAccessType
47 {
55 
56 /*
57  * Arguments of OAT_POST_CREATE event
58  */
59 typedef struct
60 {
61  /*
62  * This flag informs extensions whether the context of this creation is
63  * invoked by user's operations, or not. E.g, it shall be dealt as
64  * internal stuff on toast tables or indexes due to type changes.
65  */
68 
69 /*
70  * Arguments of OAT_DROP event
71  */
72 typedef struct
73 {
74  /*
75  * Flags to inform extensions the context of this deletion. Also see
76  * PERFORM_DELETION_* in dependency.h
77  */
78  int dropflags;
80 
81 /*
82  * Arguments of OAT_POST_ALTER event
83  */
84 typedef struct
85 {
86  /*
87  * This identifier is used when system catalog takes two IDs to identify a
88  * particular tuple of the catalog. It is only used when the caller want
89  * to identify an entry of pg_inherits, pg_db_role_setting or
90  * pg_user_mapping. Elsewhere, InvalidOid should be set.
91  */
93 
94  /*
95  * If this flag is set, the user hasn't requested that the object be
96  * altered, but we're doing it anyway for some internal reason.
97  * Permissions-checking hooks may want to skip checks if, say, we're alter
98  * the constraints of a temporary heap during CLUSTER.
99  */
102 
103 /*
104  * Arguments of OAT_NAMESPACE_SEARCH
105  */
106 typedef struct
107 {
108  /*
109  * If true, hook should report an error when permission to search this
110  * schema is denied.
111  */
113 
114  /*
115  * This is, in essence, an out parameter. Core code should initialize
116  * this to true, and any extension that wants to deny access should reset
117  * it to false. But an extension should be careful never to store a true
118  * value here, so that in case there are multiple extensions access is
119  * only allowed if all extensions agree.
120  */
121  bool result;
123 
124 /* Plugin provides a hook function matching this signature. */
126  Oid classId,
127  Oid objectId,
128  int subId,
129  void *arg);
130 
131 /* Plugin sets this variable to a suitable hook function. */
133 
134 /* Core code uses these functions to call the hook (see macros below). */
135 extern void RunObjectPostCreateHook(Oid classId, Oid objectId, int subId,
136  bool is_internal);
137 extern void RunObjectDropHook(Oid classId, Oid objectId, int subId,
138  int dropflags);
139 extern void RunObjectTruncateHook(Oid objectId);
140 extern void RunObjectPostAlterHook(Oid classId, Oid objectId, int subId,
141  Oid auxiliaryId, bool is_internal);
142 extern bool RunNamespaceSearchHook(Oid objectId, bool ereport_on_violation);
143 extern void RunFunctionExecuteHook(Oid objectId);
144 
145 /*
146  * The following macros are wrappers around the functions above; these should
147  * normally be used to invoke the hook in lieu of calling the above functions
148  * directly.
149  */
150 
151 #define InvokeObjectPostCreateHook(classId,objectId,subId) \
152  InvokeObjectPostCreateHookArg((classId),(objectId),(subId),false)
153 #define InvokeObjectPostCreateHookArg(classId,objectId,subId,is_internal) \
154  do { \
155  if (object_access_hook) \
156  RunObjectPostCreateHook((classId),(objectId),(subId), \
157  (is_internal)); \
158  } while(0)
159 
160 #define InvokeObjectDropHook(classId,objectId,subId) \
161  InvokeObjectDropHookArg((classId),(objectId),(subId),0)
162 #define InvokeObjectDropHookArg(classId,objectId,subId,dropflags) \
163  do { \
164  if (object_access_hook) \
165  RunObjectDropHook((classId),(objectId),(subId), \
166  (dropflags)); \
167  } while(0)
168 
169 #define InvokeObjectTruncateHook(objectId) \
170  do { \
171  if (object_access_hook) \
172  RunObjectTruncateHook(objectId); \
173  } while(0)
174 
175 #define InvokeObjectPostAlterHook(classId,objectId,subId) \
176  InvokeObjectPostAlterHookArg((classId),(objectId),(subId), \
177  InvalidOid,false)
178 #define InvokeObjectPostAlterHookArg(classId,objectId,subId, \
179  auxiliaryId,is_internal) \
180  do { \
181  if (object_access_hook) \
182  RunObjectPostAlterHook((classId),(objectId),(subId), \
183  (auxiliaryId),(is_internal)); \
184  } while(0)
185 
186 #define InvokeNamespaceSearchHook(objectId, ereport_on_violation) \
187  (!object_access_hook \
188  ? true \
189  : RunNamespaceSearchHook((objectId), (ereport_on_violation)))
190 
191 #define InvokeFunctionExecuteHook(objectId) \
192  do { \
193  if (object_access_hook) \
194  RunFunctionExecuteHook(objectId); \
195  } while(0)
196 
197 #endif /* OBJECTACCESS_H */
void RunObjectTruncateHook(Oid objectId)
Definition: objectaccess.c:74
ObjectAccessType
Definition: objectaccess.h:46
unsigned int Oid
Definition: postgres_ext.h:31
#define PGDLLIMPORT
Definition: c.h:1257
bool RunNamespaceSearchHook(Oid objectId, bool ereport_on_violation)
Definition: objectaccess.c:113
void RunObjectPostCreateHook(Oid classId, Oid objectId, int subId, bool is_internal)
Definition: objectaccess.c:30
void RunObjectPostAlterHook(Oid classId, Oid objectId, int subId, Oid auxiliaryId, bool is_internal)
Definition: objectaccess.c:90
void RunFunctionExecuteHook(Oid objectId)
Definition: objectaccess.c:137
PGDLLIMPORT object_access_hook_type object_access_hook
Definition: objectaccess.c:22
void RunObjectDropHook(Oid classId, Oid objectId, int subId, int dropflags)
Definition: objectaccess.c:52
void(* object_access_hook_type)(ObjectAccessType access, Oid classId, Oid objectId, int subId, void *arg)
Definition: objectaccess.h:125
void * arg