diff options
| author | Robert Haas <rhaas@postgresql.org> | 2013-04-12 08:55:56 -0400 |
|---|---|---|
| committer | Robert Haas <rhaas@postgresql.org> | 2013-04-12 08:58:01 -0400 |
| commit | f8a54e936bdf4c31b395a2ab7d7bc98eefa6dbad (patch) | |
| tree | 957024396b9375191802c4b9eb5a2ed8e80809fb /src/backend/executor/execQual.c | |
| parent | d017bf41a32d08885f00a274603ed2e50816fe7f (diff) | |
| download | postgresql-f8a54e936bdf4c31b395a2ab7d7bc98eefa6dbad.tar.gz postgresql-f8a54e936bdf4c31b395a2ab7d7bc98eefa6dbad.zip | |
sepgsql: Enforce db_procedure:{execute} permission.
To do this, we add an additional object access hook type,
OAT_FUNCTION_EXECUTE.
KaiGai Kohei
Diffstat (limited to 'src/backend/executor/execQual.c')
| -rw-r--r-- | src/backend/executor/execQual.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/backend/executor/execQual.c b/src/backend/executor/execQual.c index 62d27a75747..330d889eba9 100644 --- a/src/backend/executor/execQual.c +++ b/src/backend/executor/execQual.c @@ -39,6 +39,7 @@ #include "access/htup_details.h" #include "access/nbtree.h" #include "access/tupconvert.h" +#include "catalog/objectaccess.h" #include "catalog/pg_type.h" #include "commands/typecmds.h" #include "executor/execdebug.h" @@ -1289,6 +1290,7 @@ init_fcache(Oid foid, Oid input_collation, FuncExprState *fcache, aclresult = pg_proc_aclcheck(foid, GetUserId(), ACL_EXECUTE); if (aclresult != ACLCHECK_OK) aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(foid)); + InvokeFunctionExecuteHook(foid); /* * Safety check on nargs. Under normal circumstances this should never @@ -4223,6 +4225,7 @@ ExecEvalArrayCoerceExpr(ArrayCoerceExprState *astate, if (aclresult != ACLCHECK_OK) aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(acoerce->elemfuncid)); + InvokeFunctionExecuteHook(acoerce->elemfuncid); /* Set up the primary fmgr lookup information */ fmgr_info_cxt(acoerce->elemfuncid, &(astate->elemfunc), |