Re: [HACKERS] Proposal: SET ROLE hook

Sun, 28 Feb 2016 17:41:24 -0800 

On 01/07/2016 09:08 AM, Joe Conway wrote:
> On 01/06/2016 10:36 AM, Tom Lane wrote:
>> I think a design that was actually somewhat robust would require two
>> hooks, one at check_role and one at assign_role, wherein the first one
>> would do any potentially-failing work and package all required info into
>> a blob that could be passed through to the assign hook.

Attached.

Joe

-- 
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development

diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c
index 903b3a6..9f92de3 100644
*** a/src/backend/commands/variable.c
--- b/src/backend/commands/variable.c
***************
*** 32,37 ****
--- 32,41 ----
  #include "utils/timestamp.h"
  #include "mb/pg_wchar.h"
  
+ /* Hooks for plugins to get control in check_role() and assign_role() */
+ SetRoleCheck_hook_type SetRoleCheck_hook = NULL;
+ SetRoleAssign_hook_type SetRoleAssign_hook = NULL;
+ 
  /*
   * DATESTYLE
   */
*************** check_role(char **newval, void **extra,
*** 900,905 ****
--- 904,912 ----
  	myextra->is_superuser = is_superuser;
  	*extra = (void *) myextra;
  
+ 	if (SetRoleCheck_hook)
+ 		(*SetRoleCheck_hook) (GetSessionUserId(), roleid, is_superuser);
+ 
  	return true;
  }
  
*************** assign_role(const char *newval, void *ex
*** 908,913 ****
--- 915,927 ----
  {
  	role_auth_extra *myextra = (role_auth_extra *) extra;
  
+ 	/*
+ 	 * Any defined hooks must be able to execute in a failed
+ 	 * transaction to restore a prior value of the ROLE GUC variable.
+ 	 */
+ 	if (SetRoleAssign_hook)
+ 		(*SetRoleAssign_hook) (myextra->roleid, myextra->is_superuser);
+ 
  	SetCurrentRoleId(myextra->roleid, myextra->is_superuser);
  }
  
diff --git a/src/include/commands/variable.h b/src/include/commands/variable.h
index 8105951..f3870e9 100644
*** a/src/include/commands/variable.h
--- b/src/include/commands/variable.h
***************
*** 12,17 ****
--- 12,22 ----
  
  #include "utils/guc.h"
  
+ /* Hooks for plugins to get control in check_role() and assign_role() */
+ typedef void (*SetRoleCheck_hook_type) (Oid, Oid, bool);
+ extern PGDLLIMPORT SetRoleCheck_hook_type SetRoleCheck_hook;
+ typedef void (*SetRoleAssign_hook_type) (Oid, bool);
+ extern PGDLLIMPORT SetRoleAssign_hook_type SetRoleAssign_hook;
  
  extern bool check_datestyle(char **newval, void **extra, GucSource source);
  extern void assign_datestyle(const char *newval, void *extra);

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to