Re: security hooks on object creation

(2010/11/12 19:34), KaiGai Kohei wrote:
> I revised my patch according to the prior suggestions.
>
I'm sorry. I revised my patch, but not attached.

Please see this attached one.

Thanks,

> Invocation of the hooks is encapsulated within macro, not function:
>
> + #define InvokeObjectAccessHook0(access,classId,objectId,subId) \
> + do { \
> + if (object_access_hook) \
> + (*object_access_hook)((access),(classId),(objectId),(subId)); \
> + } while(0)
>
> The "0" of tail means that it does not takes any arguments except for
> object-ids, like syscache code.
> It will reduce impact when we want to add arguments of the hooks.
>
>
> In the previous version, it just support seven object classes that is
> allowed to assign security labels. But, Robert pointed out the purpose
> of post-creation hook is limited to security labeling. So, I expand its
> coverage into all the commentable object classes.
>
> - relations: heap_create_with_catalog()
> - constraint: CreateConstraintEntry()
> - conversion: ConversionCreate()
> - schema: NamespaceCreate()
> - operator: OperatorCreate() and OperatorShellMake()
> - procedure: ProcedureCreate()
> - type: TypeCreate() and TypeShellMake()
> - database: createdb()
> - cast: CreateCast()
> - opfamily: CreateOpFamily()
> - opclass: DefineOpClass()
> - language: create_proc_lang()
> - attribute: ATExecAddColumn()
> - tablespace: CreateTableSpace()
> - trigger: CreateTrigger()
> - ts_parser: DefineTSParser()
> - ts_dict: DefineTSDictionary()
> - ts_template: DefineTSTemplate()
> - ts_config: DefineTSConfiguration()
> - role: CreateRole()
> - rule: InsertRule()
> - largeobject: inv_create()
>
> The post-creation hooks are put on the place just after adding dependency
> of the new object, if the object class uses dependency mechanism.
> I believe it will be a clear guidance for the future maintenance works.
>
> Thanks,
>
> (2010/11/11 7:41), KaiGai Kohei wrote:
>> (2010/11/11 3:00), Robert Haas wrote:
>>> On Wed, Nov 10, 2010 at 8:33 AM, KaiGai Kohei<kaigai(at)kaigai(dot)gr(dot)jp> wrote:
>>>> (2010/11/10 13:06), Robert Haas wrote:
>>>>>>
>>>>>> In this patch, we put InvokeObjectAccessHook0 on the following functions.
>>>>>>
>>>>>> - heap_create_with_catalog() for relations/attributes
>>>>>> - ATExecAddColumn() for attributes
>>>>>> - NamespaceCreate() for schemas
>>>>>> - ProcedureCreate() for aggregates/functions
>>>>>> - TypeCreate() and TypeShellMake() for types
>>>>>> - create_proc_lang() for procedural languages
>>>>>> - inv_create() for large objects
>>>>>
>>>>> I think you ought to try to arrange to avoid the overhead of a
>>>>> function call in the common case where nobody's using the hook.
>>>>> That's why I originally suggested making InvokeObjectAccessHook() a
>>>>> macro around the actual function call.
>>>>>
>>>> Hmm. Although I have little preference here, the penalty to call
>>>> an empty function (when no plugins are installed) is not visible,
>>>> because frequency of DDL commands are not high.
>>>> Even so, is it necessary to replace them by macros?
>>>
>>> It's a fair point. I'm open to other opinions but my vote is to shove
>>> a macro in there. A pointer test is cheaper than a function call, and
>>> doesn't really complicate things much.
>>>
>> Since I have no strong preference function call here, so, I'll revise my
>> patch according to your vote.
>>
>> Thanks,
>
>

--
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>