On 01/07/2016 09:08 AM, Joe Conway wrote: > On 01/06/2016 10:36 AM, Tom Lane wrote: >> I think a design that was actually somewhat robust would require two >> hooks, one at check_role and one at assign_role, wherein the first one >> would do any potentially-failing work and package all required info into >> a blob that could be passed through to the assign hook.
Attached. Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c index 903b3a6..9f92de3 100644 *** a/src/backend/commands/variable.c --- b/src/backend/commands/variable.c *************** *** 32,37 **** --- 32,41 ---- #include "utils/timestamp.h" #include "mb/pg_wchar.h" + /* Hooks for plugins to get control in check_role() and assign_role() */ + SetRoleCheck_hook_type SetRoleCheck_hook = NULL; + SetRoleAssign_hook_type SetRoleAssign_hook = NULL; + /* * DATESTYLE */ *************** check_role(char **newval, void **extra, *** 900,905 **** --- 904,912 ---- myextra->is_superuser = is_superuser; *extra = (void *) myextra; + if (SetRoleCheck_hook) + (*SetRoleCheck_hook) (GetSessionUserId(), roleid, is_superuser); + return true; } *************** assign_role(const char *newval, void *ex *** 908,913 **** --- 915,927 ---- { role_auth_extra *myextra = (role_auth_extra *) extra; + /* + * Any defined hooks must be able to execute in a failed + * transaction to restore a prior value of the ROLE GUC variable. + */ + if (SetRoleAssign_hook) + (*SetRoleAssign_hook) (myextra->roleid, myextra->is_superuser); + SetCurrentRoleId(myextra->roleid, myextra->is_superuser); } diff --git a/src/include/commands/variable.h b/src/include/commands/variable.h index 8105951..f3870e9 100644 *** a/src/include/commands/variable.h --- b/src/include/commands/variable.h *************** *** 12,17 **** --- 12,22 ---- #include "utils/guc.h" + /* Hooks for plugins to get control in check_role() and assign_role() */ + typedef void (*SetRoleCheck_hook_type) (Oid, Oid, bool); + extern PGDLLIMPORT SetRoleCheck_hook_type SetRoleCheck_hook; + typedef void (*SetRoleAssign_hook_type) (Oid, bool); + extern PGDLLIMPORT SetRoleAssign_hook_type SetRoleAssign_hook; extern bool check_datestyle(char **newval, void **extra, GucSource source); extern void assign_datestyle(const char *newval, void *extra);
signature.asc
Description: OpenPGP digital signature