-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathbdr_label.c
75 lines (63 loc) · 1.89 KB
/
bdr_label.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
/* -------------------------------------------------------------------------
*
* bdr_label.c
* BDR security label implementation
*
* Provide object metadata for bdr using the security label
* infrastructure.
*
* Copyright (c) 2014-2015, PostgreSQL Global Development Group
*
* IDENTIFICATION
* bdr_label.c
* -------------------------------------------------------------------------
*/
#include "postgres.h"
#include "bdr.h"
#include "bdr_label.h"
#include "catalog/pg_class.h"
#include "catalog/pg_database.h"
#include "commands/dbcommands.h"
#include "commands/seclabel.h"
#include "miscadmin.h"
#include "utils/acl.h"
#include "utils/inval.h"
#include "utils/lsyscache.h"
#include "utils/syscache.h"
static void bdr_object_relabel(const ObjectAddress *object, const char *seclabel);
/*
* Needs to call at postmaster init (or backend init for EXEC_BACKEND).
*/
void
bdr_label_init(void)
{
/* Security label provider hook */
register_label_provider(BDR_SECLABEL_PROVIDER, bdr_object_relabel);
}
static void
bdr_object_relabel(const ObjectAddress *object, const char *seclabel)
{
switch (object->classId)
{
case RelationRelationId:
if (!pg_class_ownercheck(object->objectId, GetUserId()))
aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_TABLE,
get_rel_name(object->objectId));
/* ensure bdr_relcache.c is coherent */
CacheInvalidateRelcacheByRelid(object->objectId);
bdr_parse_relation_options(seclabel, NULL);
break;
case DatabaseRelationId:
if (!pg_database_ownercheck(object->objectId, GetUserId()))
aclcheck_error(ACLCHECK_NOT_OWNER, ACL_ALL_RIGHTS_DATABASE,
get_database_name(object->objectId));
/* ensure bdr_dbcache.c is coherent */
CacheInvalidateCatalog(DatabaseRelationId);
bdr_parse_database_options(seclabel, NULL);
break;
default:
elog(ERROR, "unsupported object type: %s",
getObjectDescription(object));
break;
}
}