Extend object access hook framework to support arguments, and DROP.

This allows loadable modules to get control at drop time, perhaps for the purpose of performing additional security checks or to log the event. The initial purpose of this code is to support sepgsql, but other applications should be possible as well. KaiGai Kohei, reviewed by me.
2025-07-07 00:36:50 +03:00 · 2012-03-09 14:34:56 -05:00
parent b14953932d
commit 07d1edb954
23 changed files with 104 additions and 36 deletions
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@ -425,7 +425,8 @@ CreateRole(CreateRoleStmt *stmt)
 				GetUserId(), false);

 	/* Post creation hook for new role */
-	InvokeObjectAccessHook(OAT_POST_CREATE, AuthIdRelationId, roleid, 0);
+	InvokeObjectAccessHook(OAT_POST_CREATE,
+						   AuthIdRelationId, roleid, 0, NULL);

 	/*
 	 * Close pg_authid, but keep lock till commit.
@ -932,6 +933,15 @@ DropRole(DropRoleStmt *stmt)
 					(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
 					 errmsg("must be superuser to drop superusers")));

+		/* DROP hook for the role being removed */
+		if (object_access_hook)
+		{
+			ObjectAccessDrop	drop_arg;
+			memset(&drop_arg, 0, sizeof(ObjectAccessDrop));
+			InvokeObjectAccessHook(OAT_DROP,
+								   AuthIdRelationId, roleid, 0, &drop_arg);
+		}
+
 		/*
 		 * Lock the role, so nobody can add dependencies to her while we drop
 		 * her.  We keep the lock until the end of transaction.