[BRC-3414] Add hook for backup token access check on SCHEMAs (#59)

See parent PR https://github.com/databricks-eng/hadron/pull/1441

Author: Eric Pei

src/backend/catalog/namespace.c

@@ -60,6 +60,7 @@
 #include "utils/snapmgr.h"
 #include "utils/syscache.h"
 #include "utils/varlena.h"
+#include "catalog/objectaccess.h"
 
 
 /*
@@ -3406,8 +3407,23 @@ LookupExplicitNamespace(const char *nspname, bool missing_ok)
 
 	aclresult = object_aclcheck(NamespaceRelationId, namespaceId, GetUserId(), ACL_USAGE);
 	if (aclresult != ACLCHECK_OK)
-		aclcheck_error(aclresult, OBJECT_SCHEMA,
-					   nspname);
+	{
+		/* BEGIN HADRON
+		 * If we don't have the necessary native Postgres permission, check if
+		 * our Databricks OAuth token grants us permission.
+		 */
+		if (NamespaceUnityCatalogAccess_hook != NULL
+			&& (*NamespaceUnityCatalogAccess_hook) (namespaceId, nspname, ACL_USAGE))
+		{
+			aclresult = ACLCHECK_OK;
+		}
+		/* END HADRON */
+
+		if (aclresult != ACLCHECK_OK)
+			aclcheck_error(aclresult, OBJECT_SCHEMA,
+						   nspname);
+	}
+
 	/* Schema search hook for this lookup */
 	InvokeNamespaceSearchHook(namespaceId, true);
 

src/backend/catalog/objectaccess.c

@@ -22,6 +22,9 @@
 object_access_hook_type object_access_hook = NULL;
 object_access_hook_type_str object_access_hook_str = NULL;
 
+/* Backup hook to check for Unity Catalog namespace access after native permissions check fails */
+NamespaceUnityCatalogAccess_hook_type NamespaceUnityCatalogAccess_hook = NULL;
+
 
 /*
  * RunObjectPostCreateHook

src/include/catalog/objectaccess.h

@@ -10,6 +10,8 @@
 #ifndef OBJECTACCESS_H
 #define OBJECTACCESS_H
 
+#include "nodes/parsenodes.h"
+
 /*
  * Object access hooks are intended to be called just before or just after
  * performing certain actions on a SQL object.  This is intended as
@@ -163,6 +165,10 @@ extern void RunObjectPostAlterHookStr(Oid classId, const char *objectName, int s
 extern bool RunNamespaceSearchHookStr(const char *objectName, bool ereport_on_violation);
 extern void RunFunctionExecuteHookStr(const char *objectName);
 
+/* Backup hook to check for Unity Catalog namespace access after native permissions check fails */
+typedef bool (*NamespaceUnityCatalogAccess_hook_type) (Oid namespaceId, const char *nspname, AclMode requiredPerms);
+extern PGDLLIMPORT NamespaceUnityCatalogAccess_hook_type NamespaceUnityCatalogAccess_hook;
+
 
 /*
  * The following macros are wrappers around the functions above; these should