PostgreSQL Source Code  git master
test_oat_hooks.c
Go to the documentation of this file.
1 /*--------------------------------------------------------------------------
2  *
3  * test_oat_hooks.c
4  * Code for testing mandatory access control (MAC) using object access hooks.
5  *
6  * Copyright (c) 2015-2023, PostgreSQL Global Development Group
7  *
8  * IDENTIFICATION
9  * src/test/modules/test_oat_hooks/test_oat_hooks.c
10  *
11  * -------------------------------------------------------------------------
12  */
13 
14 #include "postgres.h"
15 
16 #include "access/parallel.h"
17 #include "catalog/dependency.h"
18 #include "catalog/objectaccess.h"
19 #include "catalog/pg_proc.h"
20 #include "executor/executor.h"
21 #include "fmgr.h"
22 #include "miscadmin.h"
23 #include "tcop/utility.h"
24 
25 PG_MODULE_MAGIC;
26 
27 /*
28  * GUCs controlling which operations to deny
29  */
30 static bool REGRESS_deny_set_variable = false;
31 static bool REGRESS_deny_alter_system = false;
32 static bool REGRESS_deny_object_access = false;
33 static bool REGRESS_deny_exec_perms = false;
34 static bool REGRESS_deny_utility_commands = false;
35 static bool REGRESS_audit = false;
36 
37 /*
38  * GUCs for testing privileges on USERSET and SUSET variables,
39  * with and without privileges granted prior to module load.
40  */
41 static bool REGRESS_userset_variable1 = false;
42 static bool REGRESS_userset_variable2 = false;
43 static bool REGRESS_suset_variable1 = false;
44 static bool REGRESS_suset_variable2 = false;
45 
46 /* Saved hook values */
47 static object_access_hook_type next_object_access_hook = NULL;
48 static object_access_hook_type_str next_object_access_hook_str = NULL;
49 static ExecutorCheckPerms_hook_type next_exec_check_perms_hook = NULL;
50 static ProcessUtility_hook_type next_ProcessUtility_hook = NULL;
51 
52 /* Test Object Access Type Hook hooks */
53 static void REGRESS_object_access_hook_str(ObjectAccessType access,
54  Oid classId, const char *objName,
55  int subId, void *arg);
56 static void REGRESS_object_access_hook(ObjectAccessType access, Oid classId,
57  Oid objectId, int subId, void *arg);
58 static bool REGRESS_exec_check_perms(List *rangeTabls, List *rteperminfos, bool do_abort);
59 static void REGRESS_utility_command(PlannedStmt *pstmt,
60  const char *queryString, bool readOnlyTree,
61  ProcessUtilityContext context,
62  ParamListInfo params,
63  QueryEnvironment *queryEnv,
64  DestReceiver *dest, QueryCompletion *qc);
65 
66 /* Helper functions */
67 static char *accesstype_to_string(ObjectAccessType access, int subId);
68 static char *accesstype_arg_to_string(ObjectAccessType access, void *arg);
69 
70 
71 /*
72  * Module load callback
73  */
74 void
75 _PG_init(void)
76 {
77  /*
78  * test_oat_hooks.deny_set_variable = (on|off)
79  */
80  DefineCustomBoolVariable("test_oat_hooks.deny_set_variable",
81  "Deny non-superuser set permissions",
82  NULL,
83  &REGRESS_deny_set_variable,
84  false,
85  PGC_SUSET,
86  GUC_NOT_IN_SAMPLE,
87  NULL,
88  NULL,
89  NULL);
90 
91  /*
92  * test_oat_hooks.deny_alter_system = (on|off)
93  */
94  DefineCustomBoolVariable("test_oat_hooks.deny_alter_system",
95  "Deny non-superuser alter system set permissions",
96  NULL,
97  &REGRESS_deny_alter_system,
98  false,
99  PGC_SUSET,
100  GUC_NOT_IN_SAMPLE,
101  NULL,
102  NULL,
103  NULL);
104 
105  /*
106  * test_oat_hooks.deny_object_access = (on|off)
107  */
108  DefineCustomBoolVariable("test_oat_hooks.deny_object_access",
109  "Deny non-superuser object access permissions",
110  NULL,
111  &REGRESS_deny_object_access,
112  false,
113  PGC_SUSET,
114  GUC_NOT_IN_SAMPLE,
115  NULL,
116  NULL,
117  NULL);
118 
119  /*
120  * test_oat_hooks.deny_exec_perms = (on|off)
121  */
122  DefineCustomBoolVariable("test_oat_hooks.deny_exec_perms",
123  "Deny non-superuser exec permissions",
124  NULL,
125  &REGRESS_deny_exec_perms,
126  false,
127  PGC_SUSET,
128  GUC_NOT_IN_SAMPLE,
129  NULL,
130  NULL,
131  NULL);
132 
133  /*
134  * test_oat_hooks.deny_utility_commands = (on|off)
135  */
136  DefineCustomBoolVariable("test_oat_hooks.deny_utility_commands",
137  "Deny non-superuser utility commands",
138  NULL,
139  &REGRESS_deny_utility_commands,
140  false,
141  PGC_SUSET,
142  GUC_NOT_IN_SAMPLE,
143  NULL,
144  NULL,
145  NULL);
146 
147  /*
148  * test_oat_hooks.audit = (on|off)
149  */
150  DefineCustomBoolVariable("test_oat_hooks.audit",
151  "Turn on/off debug audit messages",
152  NULL,
153  &REGRESS_audit,
154  false,
155  PGC_SUSET,
156  GUC_NOT_IN_SAMPLE,
157  NULL,
158  NULL,
159  NULL);
160 
161  /*
162  * test_oat_hooks.user_var{1,2} = (on|off)
163  */
164  DefineCustomBoolVariable("test_oat_hooks.user_var1",
165  "Dummy parameter settable by public",
166  NULL,
167  &REGRESS_userset_variable1,
168  false,
169  PGC_USERSET,
170  GUC_NOT_IN_SAMPLE,
171  NULL,
172  NULL,
173  NULL);
174 
175  DefineCustomBoolVariable("test_oat_hooks.user_var2",
176  "Dummy parameter settable by public",
177  NULL,
178  &REGRESS_userset_variable2,
179  false,
180  PGC_USERSET,
181  GUC_NOT_IN_SAMPLE,
182  NULL,
183  NULL,
184  NULL);
185 
186  /*
187  * test_oat_hooks.super_var{1,2} = (on|off)
188  */
189  DefineCustomBoolVariable("test_oat_hooks.super_var1",
190  "Dummy parameter settable by superuser",
191  NULL,
192  &REGRESS_suset_variable1,
193  false,
194  PGC_SUSET,
195  GUC_NOT_IN_SAMPLE,
196  NULL,
197  NULL,
198  NULL);
199 
200  DefineCustomBoolVariable("test_oat_hooks.super_var2",
201  "Dummy parameter settable by superuser",
202  NULL,
203  &REGRESS_suset_variable2,
204  false,
205  PGC_SUSET,
206  GUC_NOT_IN_SAMPLE,
207  NULL,
208  NULL,
209  NULL);
210 
211  MarkGUCPrefixReserved("test_oat_hooks");
212 
213  /* Object access hook */
214  next_object_access_hook = object_access_hook;
215  object_access_hook = REGRESS_object_access_hook;
216 
217  /* Object access hook str */
218  next_object_access_hook_str = object_access_hook_str;
219  object_access_hook_str = REGRESS_object_access_hook_str;
220 
221  /* DML permission check */
222  next_exec_check_perms_hook = ExecutorCheckPerms_hook;
223  ExecutorCheckPerms_hook = REGRESS_exec_check_perms;
224 
225  /* ProcessUtility hook */
226  next_ProcessUtility_hook = ProcessUtility_hook;
227  ProcessUtility_hook = REGRESS_utility_command;
228 }
229 
230 static void
231 emit_audit_message(const char *type, const char *hook, char *action, char *objName)
232 {
233  /*
234  * Ensure that audit messages are not duplicated by only emitting them
235  * from a leader process, not a worker process. This makes the test
236  * results deterministic even if run with force_parallel_mode = regress.
237  */
238  if (REGRESS_audit && !IsParallelWorker())
239  {
240  const char *who = superuser_arg(GetUserId()) ? "superuser" : "non-superuser";
241 
242  if (objName)
243  ereport(NOTICE,
244  (errcode(ERRCODE_INTERNAL_ERROR),
245  errmsg("in %s: %s %s %s [%s]", hook, who, type, action, objName)));
246  else
247  ereport(NOTICE,
248  (errcode(ERRCODE_INTERNAL_ERROR),
249  errmsg("in %s: %s %s %s", hook, who, type, action)));
250  }
251 
252  if (action)
253  pfree(action);
254  if (objName)
255  pfree(objName);
256 }
257 
258 static void
259 audit_attempt(const char *hook, char *action, char *objName)
260 {
261  emit_audit_message("attempting", hook, action, objName);
262 }
263 
264 static void
265 audit_success(const char *hook, char *action, char *objName)
266 {
267  emit_audit_message("finished", hook, action, objName);
268 }
269 
270 static void
271 audit_failure(const char *hook, char *action, char *objName)
272 {
273  emit_audit_message("denied", hook, action, objName);
274 }
275 
276 static void
277 REGRESS_object_access_hook_str(ObjectAccessType access, Oid classId, const char *objName, int subId, void *arg)
278 {
279  audit_attempt("object_access_hook_str",
280  accesstype_to_string(access, subId),
281  pstrdup(objName));
282 
283  if (next_object_access_hook_str)
284  {
285  (*next_object_access_hook_str) (access, classId, objName, subId, arg);
286  }
287 
288  switch (access)
289  {
290  case OAT_POST_ALTER:
291  if ((subId & ACL_SET) && (subId & ACL_ALTER_SYSTEM))
292  {
293  if (REGRESS_deny_set_variable && !superuser_arg(GetUserId()))
294  ereport(ERROR,
295  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
296  errmsg("permission denied: all privileges %s", objName)));
297  }
298  else if (subId & ACL_SET)
299  {
300  if (REGRESS_deny_set_variable && !superuser_arg(GetUserId()))
301  ereport(ERROR,
302  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
303  errmsg("permission denied: set %s", objName)));
304  }
305  else if (subId & ACL_ALTER_SYSTEM)
306  {
307  if (REGRESS_deny_alter_system && !superuser_arg(GetUserId()))
308  ereport(ERROR,
309  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
310  errmsg("permission denied: alter system set %s", objName)));
311  }
312  else
313  elog(ERROR, "Unknown ParameterAclRelationId subId: %d", subId);
314  break;
315  default:
316  break;
317  }
318 
319  audit_success("object_access_hook_str",
320  accesstype_to_string(access, subId),
321  pstrdup(objName));
322 }
323 
324 static void
325 REGRESS_object_access_hook(ObjectAccessType access, Oid classId, Oid objectId, int subId, void *arg)
326 {
327  audit_attempt("object access",
328  accesstype_to_string(access, 0),
329  accesstype_arg_to_string(access, arg));
330 
331  if (REGRESS_deny_object_access && !superuser_arg(GetUserId()))
332  ereport(ERROR,
333  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
334  errmsg("permission denied: %s [%s]",
335  accesstype_to_string(access, 0),
336  accesstype_arg_to_string(access, arg))));
337 
338  /* Forward to next hook in the chain */
339  if (next_object_access_hook)
340  (*next_object_access_hook) (access, classId, objectId, subId, arg);
341 
342  audit_success("object access",
343  accesstype_to_string(access, 0),
344  accesstype_arg_to_string(access, arg));
345 }
346 
347 static bool
348 REGRESS_exec_check_perms(List *rangeTabls, List *rteperminfos, bool do_abort)
349 {
350  bool am_super = superuser_arg(GetUserId());
351  bool allow = true;
352 
353  audit_attempt("executor check perms", pstrdup("execute"), NULL);
354 
355  /* Perform our check */
356  allow = !REGRESS_deny_exec_perms || am_super;
357  if (do_abort && !allow)
358  ereport(ERROR,
359  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
360  errmsg("permission denied: %s", "execute")));
361 
362  /* Forward to next hook in the chain */
363  if (next_exec_check_perms_hook &&
364  !(*next_exec_check_perms_hook) (rangeTabls, rteperminfos, do_abort))
365  allow = false;
366 
367  if (allow)
368  audit_success("executor check perms",
369  pstrdup("execute"),
370  NULL);
371  else
372  audit_failure("executor check perms",
373  pstrdup("execute"),
374  NULL);
375 
376  return allow;
377 }
378 
379 static void
380 REGRESS_utility_command(PlannedStmt *pstmt,
381  const char *queryString,
382  bool readOnlyTree,
383  ProcessUtilityContext context,
384  ParamListInfo params,
385  QueryEnvironment *queryEnv,
386  DestReceiver *dest,
387  QueryCompletion *qc)
388 {
389  Node *parsetree = pstmt->utilityStmt;
390  const char *action = GetCommandTagName(CreateCommandTag(parsetree));
391 
392  audit_attempt("process utility",
393  pstrdup(action),
394  NULL);
395 
396  /* Check permissions */
397  if (REGRESS_deny_utility_commands && !superuser_arg(GetUserId()))
398  ereport(ERROR,
399  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
400  errmsg("permission denied: %s", action)));
401 
402  /* Forward to next hook in the chain */
403  if (next_ProcessUtility_hook)
404  (*next_ProcessUtility_hook) (pstmt, queryString, readOnlyTree,
405  context, params, queryEnv,
406  dest, qc);
407  else
408  standard_ProcessUtility(pstmt, queryString, readOnlyTree,
409  context, params, queryEnv,
410  dest, qc);
411 
412  /* We're done */
413  audit_success("process utility",
414  pstrdup(action),
415  NULL);
416 }
417 
418 static char *
419 accesstype_to_string(ObjectAccessType access, int subId)
420 {
421  const char *type;
422 
423  switch (access)
424  {
425  case OAT_POST_CREATE:
426  type = "create";
427  break;
428  case OAT_DROP:
429  type = "drop";
430  break;
431  case OAT_POST_ALTER:
432  type = "alter";
433  break;
434  case OAT_NAMESPACE_SEARCH:
435  type = "namespace search";
436  break;
437  case OAT_FUNCTION_EXECUTE:
438  type = "execute";
439  break;
440  case OAT_TRUNCATE:
441  type = "truncate";
442  break;
443  default:
444  type = "UNRECOGNIZED ObjectAccessType";
445  }
446 
447  if ((subId & ACL_SET) && (subId & ACL_ALTER_SYSTEM))
448  return psprintf("%s (subId=0x%x, all privileges)", type, subId);
449  if (subId & ACL_SET)
450  return psprintf("%s (subId=0x%x, set)", type, subId);
451  if (subId & ACL_ALTER_SYSTEM)
452  return psprintf("%s (subId=0x%x, alter system)", type, subId);
453 
454  return psprintf("%s (subId=0x%x)", type, subId);
455 }
456 
457 static char *
458 accesstype_arg_to_string(ObjectAccessType access, void *arg)
459 {
460  if (arg == NULL)
461  return pstrdup("extra info null");
462 
463  switch (access)
464  {
465  case OAT_POST_CREATE:
466  {
467  ObjectAccessPostCreate *pc_arg = (ObjectAccessPostCreate *) arg;
468 
469  return pstrdup(pc_arg->is_internal ? "internal" : "explicit");
470  }
471  break;
472  case OAT_DROP:
473  {
474  ObjectAccessDrop *drop_arg = (ObjectAccessDrop *) arg;
475 
476  return psprintf("%s%s%s%s%s%s",
477  ((drop_arg->dropflags & PERFORM_DELETION_INTERNAL)
478  ? "internal action," : ""),
479  ((drop_arg->dropflags & PERFORM_DELETION_CONCURRENTLY)
480  ? "concurrent drop," : ""),
481  ((drop_arg->dropflags & PERFORM_DELETION_QUIETLY)
482  ? "suppress notices," : ""),
483  ((drop_arg->dropflags & PERFORM_DELETION_SKIP_ORIGINAL)
484  ? "keep original object," : ""),
485  ((drop_arg->dropflags & PERFORM_DELETION_SKIP_EXTENSIONS)
486  ? "keep extensions," : ""),
487  ((drop_arg->dropflags & PERFORM_DELETION_CONCURRENT_LOCK)
488  ? "normal concurrent drop," : ""));
489  }
490  break;
491  case OAT_POST_ALTER:
492  {
493  ObjectAccessPostAlter *pa_arg = (ObjectAccessPostAlter *) arg;
494 
495  return psprintf("%s %s auxiliary object",
496  (pa_arg->is_internal ? "internal" : "explicit"),
497  (OidIsValid(pa_arg->auxiliary_id) ? "with" : "without"));
498  }
499  break;
500  case OAT_NAMESPACE_SEARCH:
501  {
502  ObjectAccessNamespaceSearch *ns_arg = (ObjectAccessNamespaceSearch *) arg;
503 
504  return psprintf("%s, %s",
505  (ns_arg->ereport_on_violation ? "report on violation" : "no report on violation"),
506  (ns_arg->result ? "allowed" : "denied"));
507  }
508  break;
509  case OAT_TRUNCATE:
510  case OAT_FUNCTION_EXECUTE:
511  /* hook takes no arg. */
512  return pstrdup("unexpected extra info pointer received");
513  default:
514  return pstrdup("cannot parse extra info for unrecognized access type");
515  }
516 
517  return pstrdup("unknown");
518 }
OidIsValid
#define OidIsValid(objectId)
Definition: c.h:759
GetCommandTagName
const char * GetCommandTagName(CommandTag commandTag)
Definition: cmdtag.c:48
PERFORM_DELETION_CONCURRENTLY
#define PERFORM_DELETION_CONCURRENTLY
Definition: dependency.h:137
PERFORM_DELETION_SKIP_EXTENSIONS
#define PERFORM_DELETION_SKIP_EXTENSIONS
Definition: dependency.h:140
PERFORM_DELETION_CONCURRENT_LOCK
#define PERFORM_DELETION_CONCURRENT_LOCK
Definition: dependency.h:141
PERFORM_DELETION_QUIETLY
#define PERFORM_DELETION_QUIETLY
Definition: dependency.h:138
PERFORM_DELETION_SKIP_ORIGINAL
#define PERFORM_DELETION_SKIP_ORIGINAL
Definition: dependency.h:139
PERFORM_DELETION_INTERNAL
#define PERFORM_DELETION_INTERNAL
Definition: dependency.h:136
errcode
int errcode(int sqlerrcode)
Definition: elog.c:858
errmsg
int errmsg(const char *fmt,...)
Definition: elog.c:1069
ERROR
#define ERROR
Definition: elog.h:39
NOTICE
#define NOTICE
Definition: elog.h:35
ereport
#define ereport(elevel,...)
Definition: elog.h:149
ExecutorCheckPerms_hook
ExecutorCheckPerms_hook_type ExecutorCheckPerms_hook
Definition: execMain.c:79
ExecutorCheckPerms_hook_type
bool(* ExecutorCheckPerms_hook_type)(List *rangeTable, List *rtePermInfos, bool ereport_on_violation)
Definition: executor.h:84
DefineCustomBoolVariable
void DefineCustomBoolVariable(const char *name, const char *short_desc, const char *long_desc, bool *valueAddr, bool bootValue, GucContext context, int flags, GucBoolCheckHook check_hook, GucBoolAssignHook assign_hook, GucShowHook show_hook)
Definition: guc.c:4937
MarkGUCPrefixReserved
void MarkGUCPrefixReserved(const char *className)
Definition: guc.c:5084
PGC_SUSET
@ PGC_SUSET
Definition: guc.h:74
PGC_USERSET
@ PGC_USERSET
Definition: guc.h:75
GUC_NOT_IN_SAMPLE
#define GUC_NOT_IN_SAMPLE
Definition: guc.h:215
IsParallelWorker
#define IsParallelWorker()
Definition: parallel.h:61
pstrdup
char * pstrdup(const char *in)
Definition: mcxt.c:1624
pfree
void pfree(void *pointer)
Definition: mcxt.c:1436
GetUserId
Oid GetUserId(void)
Definition: miscinit.c:502
generate_unaccent_rules.dest
dest
Definition: generate_unaccent_rules.py:276
generate_unaccent_rules.type
type
Definition: generate_unaccent_rules.py:276
generate_unaccent_rules.action
action
Definition: generate_unaccent_rules.py:278
object_access_hook
object_access_hook_type object_access_hook
Definition: objectaccess.c:22
object_access_hook_str
object_access_hook_type_str object_access_hook_str
Definition: objectaccess.c:23
object_access_hook_type
void(* object_access_hook_type)(ObjectAccessType access, Oid classId, Oid objectId, int subId, void *arg)
Definition: objectaccess.h:127
object_access_hook_type_str
void(* object_access_hook_type_str)(ObjectAccessType access, Oid classId, const char *objectStr, int subId, void *arg)
Definition: objectaccess.h:133
ObjectAccessType
ObjectAccessType
Definition: objectaccess.h:49
OAT_NAMESPACE_SEARCH
@ OAT_NAMESPACE_SEARCH
Definition: objectaccess.h:53
OAT_FUNCTION_EXECUTE
@ OAT_FUNCTION_EXECUTE
Definition: objectaccess.h:54
OAT_DROP
@ OAT_DROP
Definition: objectaccess.h:51
OAT_TRUNCATE
@ OAT_TRUNCATE
Definition: objectaccess.h:55
OAT_POST_ALTER
@ OAT_POST_ALTER
Definition: objectaccess.h:52
OAT_POST_CREATE
@ OAT_POST_CREATE
Definition: objectaccess.h:50
ACL_SET
#define ACL_SET
Definition: parsenodes.h:95
ACL_ALTER_SYSTEM
#define ACL_ALTER_SYSTEM
Definition: parsenodes.h:96
arg
void * arg
Definition: pg_backup_utils.c:27
pg_proc.h
Oid
unsigned int Oid
Definition: postgres_ext.h:31
access
short access
Definition: preproc-type.c:36
psprintf
char * psprintf(const char *fmt,...)
Definition: psprintf.c:46
List
Definition: pg_list.h:54
Node
Definition: nodes.h:129
PlannedStmt::utilityStmt
Node * utilityStmt
Definition: plannodes.h:99
_DestReceiver
Definition: dest.h:115
superuser_arg
bool superuser_arg(Oid roleid)
Definition: superuser.c:56
REGRESS_suset_variable1
static bool REGRESS_suset_variable1
Definition: test_oat_hooks.c:43
REGRESS_deny_exec_perms
static bool REGRESS_deny_exec_perms
Definition: test_oat_hooks.c:33
REGRESS_deny_object_access
static bool REGRESS_deny_object_access
Definition: test_oat_hooks.c:32
REGRESS_utility_command
static void REGRESS_utility_command(PlannedStmt *pstmt, const char *queryString, bool readOnlyTree, ProcessUtilityContext context, ParamListInfo params, QueryEnvironment *queryEnv, DestReceiver *dest, QueryCompletion *qc)
Definition: test_oat_hooks.c:380
_PG_init
void _PG_init(void)
Definition: test_oat_hooks.c:75
next_exec_check_perms_hook
static ExecutorCheckPerms_hook_type next_exec_check_perms_hook
Definition: test_oat_hooks.c:49
next_ProcessUtility_hook
static ProcessUtility_hook_type next_ProcessUtility_hook
Definition: test_oat_hooks.c:50
emit_audit_message
static void emit_audit_message(const char *type, const char *hook, char *action, char *objName)
Definition: test_oat_hooks.c:231
REGRESS_deny_set_variable
static bool REGRESS_deny_set_variable
Definition: test_oat_hooks.c:30
REGRESS_userset_variable2
static bool REGRESS_userset_variable2
Definition: test_oat_hooks.c:42
PG_MODULE_MAGIC
PG_MODULE_MAGIC
Definition: test_oat_hooks.c:25
accesstype_arg_to_string
static char * accesstype_arg_to_string(ObjectAccessType access, void *arg)
Definition: test_oat_hooks.c:458
REGRESS_deny_alter_system
static bool REGRESS_deny_alter_system
Definition: test_oat_hooks.c:31
REGRESS_object_access_hook
static void REGRESS_object_access_hook(ObjectAccessType access, Oid classId, Oid objectId, int subId, void *arg)
Definition: test_oat_hooks.c:325
audit_attempt
static void audit_attempt(const char *hook, char *action, char *objName)
Definition: test_oat_hooks.c:259
accesstype_to_string
static char * accesstype_to_string(ObjectAccessType access, int subId)
Definition: test_oat_hooks.c:419
REGRESS_exec_check_perms
static bool REGRESS_exec_check_perms(List *rangeTabls, List *rteperminfos, bool do_abort)
Definition: test_oat_hooks.c:348
REGRESS_userset_variable1
static bool REGRESS_userset_variable1
Definition: test_oat_hooks.c:41
audit_failure
static void audit_failure(const char *hook, char *action, char *objName)
Definition: test_oat_hooks.c:271
REGRESS_deny_utility_commands
static bool REGRESS_deny_utility_commands
Definition: test_oat_hooks.c:34
next_object_access_hook
static object_access_hook_type next_object_access_hook
Definition: test_oat_hooks.c:47
next_object_access_hook_str
static object_access_hook_type_str next_object_access_hook_str
Definition: test_oat_hooks.c:48
REGRESS_suset_variable2
static bool REGRESS_suset_variable2
Definition: test_oat_hooks.c:44
REGRESS_object_access_hook_str
static void REGRESS_object_access_hook_str(ObjectAccessType access, Oid classId, const char *objName, int subId, void *arg)
Definition: test_oat_hooks.c:277
audit_success
static void audit_success(const char *hook, char *action, char *objName)
Definition: test_oat_hooks.c:265
REGRESS_audit
static bool REGRESS_audit
Definition: test_oat_hooks.c:35
standard_ProcessUtility
void standard_ProcessUtility(PlannedStmt *pstmt, const char *queryString, bool readOnlyTree, ProcessUtilityContext context, ParamListInfo params, QueryEnvironment *queryEnv, DestReceiver *dest, QueryCompletion *qc)
Definition: utility.c:547
CreateCommandTag
CommandTag CreateCommandTag(Node *parsetree)
Definition: utility.c:2353
ProcessUtility_hook
ProcessUtility_hook_type ProcessUtility_hook
Definition: utility.c:77
ProcessUtility_hook_type
void(* ProcessUtility_hook_type)(PlannedStmt *pstmt, const char *queryString, bool readOnlyTree, ProcessUtilityContext context, ParamListInfo params, QueryEnvironment *queryEnv, DestReceiver *dest, QueryCompletion *qc)
Definition: utility.h:71
ProcessUtilityContext
ProcessUtilityContext
Definition: utility.h:21