[PATCH] Reworks for Access Control facilities (r2251) - Mailing list pgsql-hackers
| From | KaiGai Kohei |
|---|---|
| Subject | [PATCH] Reworks for Access Control facilities (r2251) |
| Date | |
| Msg-id | 4A934B7B.6000202@ak.jp.nec.com Whole thread Raw |
| Responses |
Re: [PATCH] Reworks for Access Control facilities (r2251)
|
| List | pgsql-hackers |
The following url is a patch to rework access control facilities in PostgreSQL. http://sepgsql.googlecode.com/files/sepgsql-01-base-8.5devel-r2251.patch.gz The current implementation does not have well separation in what to be controled and how to be controled. For example, when we create a new table, it requires users ACL_CREATE on the namespace and ACL_CREATE on the tablespace if necessary. These checks are methods to control whether he can create a new table, or not. This patch provides an abstraction layer of access controls to separate what to be controlsed and how to be controled. The abstraction layer is a set of functions to implement what to be controled. For example, ac_relation_create() checks user's privilege to create a new table. It internally calls pg_namespace_aclcheck() and pg_tablespace_aclcheck() to make its access control decision based on the security model in database ACLs. This abstraction layer functions have the following naming convension. ac_<object type>_<action>(args, ...) e.g) void ac_proc_execute(Oid proOid, Oid roleOid) It checks privilege to execute a certain procedure with thegiven database role. The caller gives all the necessary informations to make its decision. It replaces all the pg_xxx_aclcheck() and pg_xxx_ownercheck() invocations from the backend implementations, except for security/access_control.c. In this patch, these are used as helper functions to implement access control logic (in other word, how to be controled), invoked from the access control functions. These ac_xxx_xxx() routines will be entrypoints to invoke additional security checks (SE-PostgreSQL), rather than sepgsqlXXXX() hooks around the backend implementation. Thanks, $ diffstat sepgsql-01-base-8.5devel-r2251.patch.gzbackend/Makefile | 2backend/catalog/aclchk.c | 218 !backend/catalog/namespace.c | 53backend/catalog/pg_aggregate.c | 12backend/catalog/pg_conversion.c | 33backend/catalog/pg_operator.c | 42backend/catalog/pg_proc.c | 15backend/catalog/pg_shdepend.c | 8backend/catalog/pg_type.c | 25backend/commands/aggregatecmds.c | 42backend/commands/alter.c | 66backend/commands/analyze.c | 5backend/commands/cluster.c | 9backend/commands/comment.c | 120backend/commands/conversioncmds.c | 71backend/commands/copy.c | 40backend/commands/dbcommands.c | 160 !backend/commands/foreigncmds.c | 144backend/commands/functioncmds.c | 123backend/commands/indexcmds.c | 120backend/commands/lockcmds.c | 17backend/commands/opclasscmds.c | 223!backend/commands/operatorcmds.c | 70backend/commands/proclang.c | 56backend/commands/schemacmds.c | 60backend/commands/sequence.c | 38backend/commands/tablecmds.c | 427 -!backend/commands/tablespace.c | 46backend/commands/trigger.c | 41backend/commands/tsearchcmds.c | 176 !backend/commands/typecmds.c | 136 !backend/commands/vacuum.c | 3backend/commands/view.c | 7backend/executor/execMain.c | 203 !backend/executor/execQual.c | 16backend/executor/nodeAgg.c | 24backend/executor/nodeMergejoin.c | 8backend/executor/nodeWindowAgg.c | 24backend/optimizer/util/clauses.c | 6backend/parser/parse_utilcmd.c | 13backend/rewrite/rewriteDefine.c | 10backend/rewrite/rewriteRemove.c | 6backend/security/Makefile | 10backend/security/access_control.c | 4290 ++++++++++++++++++++++++++++++++++++++backend/tcop/fastpath.c | 15backend/tcop/utility.c | 74backend/utils/adt/dbsize.c | 25backend/utils/adt/ri_triggers.c | 24backend/utils/adt/tid.c | 18backend/utils/init/postinit.c | 14include/catalog/pg_proc_fn.h | 1include/commands/defrem.h | 1include/utils/security.h | 337 ++53 files changed, 5027 insertions(+), 924 deletions(-), 1776 modifications(!) -- OSS Platform Development Division, NEC KaiGai Kohei <kaigai@ak.jp.nec.com>
pgsql-hackers by date: