1 files changed, 197 insertions, 0 deletions
diff --git a/src/include/catalog/objectaccess.h b/src/include/catalog/objectaccess.h
new file mode 100644
index 0000000..fef3836
--- /dev/null
+++ b/src/include/catalog/objectaccess.h
@@ -0,0 +1,197 @@
+/*
+ * objectaccess.h
+ *
+ *		Object access hooks.
+ *
+ * Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
+ * Portions Copyright (c) 1994, Regents of the University of California
+ */
+
+#ifndef OBJECTACCESS_H
+#define OBJECTACCESS_H
+
+/*
+ * Object access hooks are intended to be called just before or just after
+ * performing certain actions on a SQL object.  This is intended as
+ * infrastructure for security or logging plugins.
+ *
+ * OAT_POST_CREATE should be invoked just after the object is created.
+ * Typically, this is done after inserting the primary catalog records and
+ * associated dependencies.
+ *
+ * OAT_DROP should be invoked just before deletion of objects; typically
+ * deleteOneObject(). Its arguments are packed within ObjectAccessDrop.
+ *
+ * OAT_POST_ALTER should be invoked just after the object is altered,
+ * but before the command counter is incremented.  An extension using the
+ * hook can use a current MVCC snapshot to get the old version of the tuple,
+ * and can use SnapshotSelf to get the new version of the tuple.
+ *
+ * OAT_NAMESPACE_SEARCH should be invoked prior to object name lookup under
+ * a particular namespace. This event is equivalent to usage permission
+ * on a schema under the default access control mechanism.
+ *
+ * OAT_FUNCTION_EXECUTE should be invoked prior to function execution.
+ * This event is almost equivalent to execute permission on functions,
+ * except for the case when execute permission is checked during object
+ * creation or altering, because OAT_POST_CREATE or OAT_POST_ALTER are
+ * sufficient for extensions to track these kind of checks.
+ *
+ * OAT_TRUNCATE should be invoked just before truncation of objects. This
+ * event is equivalent to truncate permission on a relation under the
+ * default access control mechanism.
+ *
+ * Other types may be added in the future.
+ */
+typedef enum ObjectAccessType
+{
+	OAT_POST_CREATE,
+	OAT_DROP,
+	OAT_POST_ALTER,
+	OAT_NAMESPACE_SEARCH,
+	OAT_FUNCTION_EXECUTE,
+	OAT_TRUNCATE
+} ObjectAccessType;
+
+/*
+ * Arguments of OAT_POST_CREATE event
+ */
+typedef struct
+{
+	/*
+	 * This flag informs extensions whether the context of this creation is
+	 * invoked by user's operations, or not. E.g, it shall be dealt as
+	 * internal stuff on toast tables or indexes due to type changes.
+	 */
+	bool		is_internal;
+} ObjectAccessPostCreate;
+
+/*
+ * Arguments of OAT_DROP event
+ */
+typedef struct
+{
+	/*
+	 * Flags to inform extensions the context of this deletion. Also see
+	 * PERFORM_DELETION_* in dependency.h
+	 */
+	int			dropflags;
+} ObjectAccessDrop;
+
+/*
+ * Arguments of OAT_POST_ALTER event
+ */
+typedef struct
+{
+	/*
+	 * This identifier is used when system catalog takes two IDs to identify a
+	 * particular tuple of the catalog. It is only used when the caller want
+	 * to identify an entry of pg_inherits, pg_db_role_setting or
+	 * pg_user_mapping. Elsewhere, InvalidOid should be set.
+	 */
+	Oid			auxiliary_id;
+
+	/*
+	 * If this flag is set, the user hasn't requested that the object be
+	 * altered, but we're doing it anyway for some internal reason.
+	 * Permissions-checking hooks may want to skip checks if, say, we're alter
+	 * the constraints of a temporary heap during CLUSTER.
+	 */
+	bool		is_internal;
+} ObjectAccessPostAlter;
+
+/*
+ * Arguments of OAT_NAMESPACE_SEARCH
+ */
+typedef struct
+{
+	/*
+	 * If true, hook should report an error when permission to search this
+	 * schema is denied.
+	 */
+	bool		ereport_on_violation;
+
+	/*
+	 * This is, in essence, an out parameter.  Core code should initialize
+	 * this to true, and any extension that wants to deny access should reset
+	 * it to false.  But an extension should be careful never to store a true
+	 * value here, so that in case there are multiple extensions access is
+	 * only allowed if all extensions agree.
+	 */
+	bool		result;
+} ObjectAccessNamespaceSearch;
+
+/* Plugin provides a hook function matching this signature. */
+typedef void (*object_access_hook_type) (ObjectAccessType access,
+										 Oid classId,
+										 Oid objectId,
+										 int subId,
+										 void *arg);
+
+/* Plugin sets this variable to a suitable hook function. */
+extern PGDLLIMPORT object_access_hook_type object_access_hook;
+
+/* Core code uses these functions to call the hook (see macros below). */
+extern void RunObjectPostCreateHook(Oid classId, Oid objectId, int subId,
+									bool is_internal);
+extern void RunObjectDropHook(Oid classId, Oid objectId, int subId,
+							  int dropflags);
+extern void RunObjectTruncateHook(Oid objectId);
+extern void RunObjectPostAlterHook(Oid classId, Oid objectId, int subId,
+								   Oid auxiliaryId, bool is_internal);
+extern bool RunNamespaceSearchHook(Oid objectId, bool ereport_on_violation);
+extern void RunFunctionExecuteHook(Oid objectId);
+
+/*
+ * The following macros are wrappers around the functions above; these should
+ * normally be used to invoke the hook in lieu of calling the above functions
+ * directly.
+ */
+
+#define InvokeObjectPostCreateHook(classId,objectId,subId)			\
+	InvokeObjectPostCreateHookArg((classId),(objectId),(subId),false)
+#define InvokeObjectPostCreateHookArg(classId,objectId,subId,is_internal) \
+	do {															\
+		if (object_access_hook)										\
+			RunObjectPostCreateHook((classId),(objectId),(subId),	\
+									(is_internal));					\
+	} while(0)
+
+#define InvokeObjectDropHook(classId,objectId,subId)				\
+	InvokeObjectDropHookArg((classId),(objectId),(subId),0)
+#define InvokeObjectDropHookArg(classId,objectId,subId,dropflags)	\
+	do {															\
+		if (object_access_hook)										\
+			RunObjectDropHook((classId),(objectId),(subId),			\
+							  (dropflags));							\
+	} while(0)
+
+#define InvokeObjectTruncateHook(objectId)							\
+	do {															\
+		if (object_access_hook)										\
+			RunObjectTruncateHook(objectId);						\
+	} while(0)
+
+#define InvokeObjectPostAlterHook(classId,objectId,subId)			\
+	InvokeObjectPostAlterHookArg((classId),(objectId),(subId),		\
+								 InvalidOid,false)
+#define InvokeObjectPostAlterHookArg(classId,objectId,subId,		\
+									 auxiliaryId,is_internal)		\
+	do {															\
+		if (object_access_hook)										\
+			RunObjectPostAlterHook((classId),(objectId),(subId),	\
+								   (auxiliaryId),(is_internal));	\
+	} while(0)
+
+#define InvokeNamespaceSearchHook(objectId, ereport_on_violation)	\
+	(!object_access_hook											\
+	 ? true															\
+	 : RunNamespaceSearchHook((objectId), (ereport_on_violation)))
+
+#define InvokeFunctionExecuteHook(objectId)		\
+	do {										\
+		if (object_access_hook)					\
+			RunFunctionExecuteHook(objectId);	\
+	} while(0)
+
+#endif							/* OBJECTACCESS_H */