Hi
2016-02-29 2:40 GMT+01:00 Joe Conway <[email protected]>:
> On 01/07/2016 09:08 AM, Joe Conway wrote:
> > On 01/06/2016 10:36 AM, Tom Lane wrote:
> >> I think a design that was actually somewhat robust would require two
> >> hooks, one at check_role and one at assign_role, wherein the first one
> >> would do any potentially-failing work and package all required info into
> >> a blob that could be passed through to the assign hook.
>
> Attached.
>
These patches are pretty trivial, and I can confirm so all regress tests
are passed.
I see following issues:
1. Missing the possibility to pass custom data from SetRoleCheck_hook to
SetRoleAssign_hook. Tom mentioned it in his comment.
2. Missing little bit more comments and an explanation why and when to use
these hooks.
Regards
Pavel
>
> Joe
>
> --
> Crunchy Data - http://crunchydata.com
> PostgreSQL Support for Secure Enterprises
> Consulting, Training, & Open Source Development
>
diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c
new file mode 100644
index 903b3a6..7bc0e93
*** a/src/backend/commands/variable.c
--- b/src/backend/commands/variable.c
***************
*** 32,37 ****
--- 32,41 ----
#include "utils/timestamp.h"
#include "mb/pg_wchar.h"
+ /* Hooks for plugins to get control in check_role() and assign_role() */
+ SetRoleCheck_hook_type SetRoleCheck_hook = NULL;
+ SetRoleAssign_hook_type SetRoleAssign_hook = NULL;
+
/*
* DATESTYLE
*/
*************** typedef struct
*** 768,773 ****
--- 772,778 ----
/* This is the "extra" state for both SESSION AUTHORIZATION and ROLE */
Oid roleid;
bool is_superuser;
+ void *data;
} role_auth_extra;
bool
*************** check_role(char **newval, void **extra,
*** 900,905 ****
--- 905,913 ----
myextra->is_superuser = is_superuser;
*extra = (void *) myextra;
+ if (SetRoleCheck_hook)
+ (*SetRoleCheck_hook) (GetSessionUserId(), roleid, is_superuser,
myextra->data);
+
return true;
}
*************** assign_role(const char *newval, void *ex
*** 908,913 ****
--- 916,928 ----
{
role_auth_extra *myextra = (role_auth_extra *) extra;
+ /*
+ * Any defined hooks must be able to execute in a failed
+ * transaction to restore a prior value of the ROLE GUC variable.
+ */
+ if (SetRoleAssign_hook)
+ (*SetRoleAssign_hook) (myextra->roleid, myextra->is_superuser,
&myextra->data);
+
SetCurrentRoleId(myextra->roleid, myextra->is_superuser);
}
diff --git a/src/include/commands/variable.h b/src/include/commands/variable.h
new file mode 100644
index 8105951..f229749
*** a/src/include/commands/variable.h
--- b/src/include/commands/variable.h
***************
*** 12,17 ****
--- 12,22 ----
#include "utils/guc.h"
+ /* Hooks for plugins to get control in check_role() and assign_role() */
+ typedef void (*SetRoleCheck_hook_type) (Oid, Oid, bool, void**);
+ extern PGDLLIMPORT SetRoleCheck_hook_type SetRoleCheck_hook;
+ typedef void (*SetRoleAssign_hook_type) (Oid, bool, void*);
+ extern PGDLLIMPORT SetRoleAssign_hook_type SetRoleAssign_hook;
extern bool check_datestyle(char **newval, void **extra, GucSource source);
extern void assign_datestyle(const char *newval, void *extra);
--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
