Re: [PATCH] Largeobject access controls - Mailing list pgsql-hackers
From | KaiGai Kohei |
---|---|
Subject | Re: [PATCH] Largeobject access controls |
Date | |
Msg-id | 4A9B5AD1.3090002@ak.jp.nec.com Whole thread Raw |
In response to | Re: [PATCH] Largeobject access controls (KaiGai Kohei <kaigai@kaigai.gr.jp>) |
List | pgsql-hackers |
The attached patch is the revised version of largeobject access controls. It reverts pg_largeobject system catalog, and adds new pg_largeobject_meta system catalog to store the owner identifier and its ACLs. The definition of pg_largeobject_meta: #define LargeObjectMetaRelationId 2336 CATALOG(pg_largeobject_meta,2336) { Oid lomowner; /* OID of the largeobject owner */ aclitem lomacl[1]; /* access permissions */ } FormData_pg_largeobject_meta; The pg_largeobject system catalog is still used to store data chunks of largeobjects, and its pg_largeobject.loid is associated with OID of the pg_largeobject_meta system catalog. * It also supports case handling in DROP ROLE and REASSIGN/DROP OWNED using existing dependency mechanism. * A new "ALTER LARGE OBJECT <oid> OWNER TO <user>" statement was added. * Permission checks on creation of largeobjects are dropped. It implicitly allows everyone to create a new largeobject. (CREATE USER LARGEOBJECT/NOLARGEOBJECT is also dropped.) * The default ACL allows public to read/write new largeobjects as long as owner does not revoke permissions. (MEMO: It might be configurable using GUC whether the default allows public to read/write, or not.) [Performance measurement] We measured the time to execute \lo_import with two large files (the one is well compressible, the other is not so) and \lo_export them. In the result, it seems to me there are no significant regression here. * Environment CPU: Pentium4 3.20GHz Mem: 512MB Kernel: 2.6.30-6.fc12.i586 PostgreSQL configuration: all parameters are in default. * Base PostgreSQL - Import/Export an uncompressible file [kaigai@saba ~]$ time -p psql postgres -c '\lo_import 512MB_Rnd' lo_import 16386 real 132.33 user 1.01 sys 5.06 [kaigai@saba ~]$ time -p psql postgres -c '\lo_export 16386 /dev/null' lo_export real 77.57 user 0.79 sys 3.76 - Import/Export well compressible file [kaigai@saba ~]$ time -p psql postgres -c '\lo_import 512MB_Zero' lo_import 16387 real 45.84 user 0.91 sys 5.38 [kaigai@saba ~]$ time -p psql postgres -c '\lo_export 16387 /dev/null' lo_export real 13.51 user 0.62 sys 2.98 * with Largeobject access control patch - Import/Export an uncompressible file [kaigai@saba ~]$ time -p psql postgres -c '\lo_import 512MB_Rnd' lo_import 16384 real 132.49 user 1.13 sys 5.10 [kaigai@saba ~]$ time -p psql postgres -c '\lo_export 16384 /dev/null' lo_export real 76.14 user 0.81 sys 3.63 - Import/Export well compressible file [kaigai@saba ~]$ time -p psql postgres -c '\lo_import 512MB_Zero' lo_import 16385 real 44.21 user 0.91 sys 5.51 [kaigai@saba ~]$ time -p psql postgres -c '\lo_export 16385 /dev/null' lo_export real 14.27 user 0.66 sys 3.11 Thanks, [kaigai@saba blob]$ diffstat sepgsql-02-blob-8.5devel-r2272.patch.gz doc/src/sgml/ref/allfiles.sgml | 1 doc/src/sgml/ref/alter_large_object.sgml | 75 ++++++++ doc/src/sgml/ref/grant.sgml | 8 doc/src/sgml/ref/revoke.sgml | 6 doc/src/sgml/reference.sgml | 1 src/backend/catalog/Makefile | 6 src/backend/catalog/aclchk.c | 247 ++++++++++++++++++++++++++ src/backend/catalog/dependency.c | 14 + src/backend/catalog/pg_largeobject.c | 270 +++++++++!!!!!!!!!!!!!!!!!!! src/backend/catalog/pg_shdepend.c | 8 src/backend/commands/alter.c | 5 src/backend/commands/comment.c | 14 ! src/backend/commands/tablecmds.c | 1 src/backend/libpq/be-fsstubs.c | 49 ++-- src/backend/parser/gram.y | 20 ++ src/backend/storage/large_object/inv_api.c | 115 +++-----!!!! src/backend/tcop/utility.c | 3 src/backend/utils/adt/acl.c | 5 src/backend/utils/cache/syscache.c | 13 + src/include/catalog/dependency.h | 1 src/include/catalog/indexing.h | 3 src/include/catalog/pg_largeobject_meta.h | 66 +++++++ src/include/nodes/parsenodes.h | 1 src/include/utils/acl.h | 6 src/include/utils/syscache.h | 1 src/test/regress/expected/privileges.out | 162 +++++++++++++++++ src/test/regress/expected/sanity_check.out | 3 src/test/regress/sql/privileges.sql | 65 ++++++ 28 files changed, 859 insertions(+), 73 deletions(-), 237 modifications(!) -- OSS Platform Development Division, NEC KaiGai Kohei <kaigai@ak.jp.nec.com>
Attachment
pgsql-hackers by date: