Re: TODO item pg_hba.conf - Mailing list pgsql-hackers

From Alvaro Herrera
Subject Re: TODO item pg_hba.conf
Date
Msg-id 20060420190549.GD4462@surnet.cl
Whole thread Raw
In response to Re: TODO item pg_hba.conf  (Gevik Babakhani <pgdev@xs4all.nl>)
Responses Re: TODO item pg_hba.conf
Re: TODO item pg_hba.conf
List pgsql-hackers
Gevik Babakhani wrote:

> > I'm not sure if you realize it, but this should be an extremely small
> > patch.  In particular, if you think you need to change the parser then
> > you are already off on the wrong track.  The parser doesn't know
> > anything about specific privilege types (as of 8.1 anyway).  It'd be
> > worth your while to study how the existing privileges on databases
> > are handled, eg, exactly what places know about the TEMP privilege.
> 
> To study the existing privileges is the first thing on my list. Because
> I am new to this, it is sometimes difficult to know what is already
> there, and what is possible or not. Your advice in GOLD. Thank you :)

This is how a GRANT/REVOKE works:

1. the command is parsed by the parser (parser/gram.y)
2. a node is created, type GrantStmt
3. the node is picked up by the traffic cop (tcop/utility.c)
4. It's passed to ExecuteGrantStmt (commands/aclchk.c)
5. It's converted to internal form and passed to ExecGrant_Database

Notice the handling of "WITH GRANT OPTION", and observe that the test is
"reversed" on REVOKE, which seems awfully unintuitive.

It should be easy to make this code understand a new privilege type.

-- 
Alvaro Herrera                                http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support


pgsql-hackers by date:

Previous
From: Gevik Babakhani
Date:
Subject: Re: TODO item pg_hba.conf
Next
From: "Larry Rosenman"
Date:
Subject: Re: Unresolved Win32 bug reports