Add context info to OAT_POST_CREATE security hook
... and have sepgsql use it to determine whether to check permissions
during certain operations. Indexes that are being created as a result
of REINDEX, for instance, do not need to have their permissions checked;
they were already checked when the index was created.
Author: KaiGai Kohei, slightly revised by me
Branch
------
master
Details
-------
http://git.postgresql.org/pg/commitdiff/f4c4335a4aaf5f2ee6e741cdf4f5c8e338d86a2f
Modified Files
--------------
contrib/sepgsql/expected/ddl.out | 53 ++++++++++
contrib/sepgsql/hooks.c | 125 ++++++++----------------
contrib/sepgsql/relation.c | 194 ++++++++++++++++++++++++++++++++----
contrib/sepgsql/sepgsql.h | 2 +-
contrib/sepgsql/sql/ddl.sql | 12 ++
doc/src/sgml/sepgsql.sgml | 6 +
src/backend/bootstrap/bootparse.y | 3 +-
src/backend/catalog/heap.c | 14 ++-
src/backend/catalog/index.c | 15 +++-
src/backend/catalog/toasting.c | 3 +-
src/backend/commands/cluster.c | 1 +
src/backend/commands/indexcmds.c | 2 +-
src/backend/commands/tablecmds.c | 3 +-
src/include/catalog/heap.h | 3 +-
src/include/catalog/index.h | 3 +-
src/include/catalog/objectaccess.h | 13 +++
16 files changed, 336 insertions(+), 116 deletions(-)
