Add context info to OAT_POST_CREATE security hook
Alvaro Herrera <alvherre@alvh.no-ip.org>
Add context info to OAT_POST_CREATE security hook ... and have sepgsql use it to determine whether to check permissions during certain operations. Indexes that are being created as a result of REINDEX, for instance, do not need to have their permissions checked; they were already checked when the index was created. Author: KaiGai Kohei, slightly revised by me
Files
| Path | Change | +/− |
|---|---|---|
| contrib/sepgsql/expected/ddl.out | modified | +53 −0 |
| contrib/sepgsql/hooks.c | modified | +41 −84 |
| contrib/sepgsql/relation.c | modified | +173 −21 |
| contrib/sepgsql/sepgsql.h | modified | +1 −1 |
| contrib/sepgsql/sql/ddl.sql | modified | +12 −0 |
| doc/src/sgml/sepgsql.sgml | modified | +6 −0 |
| src/backend/bootstrap/bootparse.y | modified | +2 −1 |
| src/backend/catalog/heap.c | modified | +11 −3 |
| src/backend/catalog/index.c | modified | +14 −1 |
| src/backend/catalog/toasting.c | modified | +2 −1 |
| src/backend/commands/cluster.c | modified | +1 −0 |
| src/backend/commands/indexcmds.c | modified | +1 −1 |
| src/backend/commands/tablecmds.c | modified | +2 −1 |
| src/include/catalog/heap.h | modified | +2 −1 |
| src/include/catalog/index.h | modified | +2 −1 |
| src/include/catalog/objectaccess.h | modified | +13 −0 |