[PATCH] Reworks for Access Control facilities (r2350) - Mailing list pgsql-hackers

From KaiGai Kohei
Subject [PATCH] Reworks for Access Control facilities (r2350)
Date
Msg-id 4AC5A14F.6050306@ak.jp.nec.com
Whole thread Raw
Responses Re: [PATCH] Reworks for Access Control facilities (r2350)
List pgsql-hackers
The attached patch is a revised version based on the previous
discussions at:

  http://archives.postgresql.org/message-id/20090929105431.GO17756@tamriel.snowman.net
  http://archives.postgresql.org/message-id/4AC1EA9E.3080907@kaigai.gr.jp
  http://archives.postgresql.org/message-id/20090929173049.GP17756@tamriel.snowman.net
  http://archives.postgresql.org/message-id/4AC2BDD0.7050906@ak.jp.nec.com
  http://archives.postgresql.org/message-id/20090930105911.GS17756@tamriel.snowman.net
  http://archives.postgresql.org/message-id/4AC40133.4080509@ak.jp.nec.com

Please review the new revision, Thanks,

* List of updates

- code base was updated to the latest CVS HEAD.
- reverted changes on FindConversion() and EnableDisableRule().
  these changes are discussed in the different topics.
- removed uncertain comment at the restrict_grant().
- added comment about SQL specifications for each ac_xxx_grant().
- eliminate MEMO: and FIXME: prefix
- moved ac_language_create() prior to the CreateProcedure() because
  it may update the pg_proc system catalog.
- removed ac_schema_search() invocations when the target namespace is
  obviously temporary namespace. And, added a comment to bypass checks
  for both of DAC/MAC on temporary namespaces.
- uncommented "ac_object_drop() should be here", and added actual
  ac_object_drop() at the performDeletion() and performMultipleDeletion().
  The 'permission' argument was added to these functions.
- uncommented "ac_attribute_xxxx() should be here", and put actual
  ac_attribute_create() and ac_attribute_drop() calls here.
- ac_aggregate_execute() function was added.
- add a memo for minor behavior changes at src/backend/security/README
  (It is a initial description, so needs more brushing up)

$ diffstat sepgsql-01-base-8.5devel-r2350.patch.gz
 backend/Makefile                  |    2
 backend/catalog/aclchk.c          |  254 !
 backend/catalog/dependency.c      |   31
 backend/catalog/heap.c            |    2
 backend/catalog/namespace.c       |   54
 backend/catalog/pg_aggregate.c    |   12
 backend/catalog/pg_operator.c     |   42
 backend/catalog/pg_proc.c         |   29
 backend/catalog/pg_shdepend.c     |   13
 backend/catalog/pg_type.c         |   25
 backend/commands/aggregatecmds.c  |   44
 backend/commands/alter.c          |   78
 backend/commands/analyze.c        |    5
 backend/commands/cluster.c        |   11
 backend/commands/comment.c        |  125
 backend/commands/conversioncmds.c |   73
 backend/commands/copy.c           |   40
 backend/commands/dbcommands.c     |  160 !
 backend/commands/foreigncmds.c    |  150
 backend/commands/functioncmds.c   |  132
 backend/commands/indexcmds.c      |  120
 backend/commands/lockcmds.c       |   17
 backend/commands/opclasscmds.c    |  246 !
 backend/commands/operatorcmds.c   |   72
 backend/commands/proclang.c       |   63
 backend/commands/schemacmds.c     |   62
 backend/commands/sequence.c       |   38
 backend/commands/tablecmds.c      |  370 -
 backend/commands/tablespace.c     |   46
 backend/commands/trigger.c        |   43
 backend/commands/tsearchcmds.c    |  182 !
 backend/commands/typecmds.c       |  143 !
 backend/commands/user.c           |  183 !
 backend/commands/vacuum.c         |    5
 backend/commands/view.c           |    7
 backend/executor/execMain.c       |  208 !
 backend/executor/execQual.c       |   16
 backend/executor/nodeAgg.c        |   38
 backend/executor/nodeMergejoin.c  |    8
 backend/executor/nodeWindowAgg.c  |   42
 backend/optimizer/util/clauses.c  |    6
 backend/parser/parse_utilcmd.c    |   13
 backend/postmaster/autovacuum.c   |    2
 backend/rewrite/rewriteDefine.c   |    5
 backend/rewrite/rewriteRemove.c   |    8
 backend/security/Makefile         |   10
 backend/security/README           |  294 ++
 backend/security/access_control.c | 4593 ++++++++++++++++++++++++++++++++++++++
 backend/tcop/fastpath.c           |   15
 backend/tcop/utility.c            |   74
 backend/utils/adt/dbsize.c        |   25
 backend/utils/adt/ri_triggers.c   |   24
 backend/utils/adt/tid.c           |   18
 backend/utils/init/postinit.c     |   15
 include/catalog/dependency.h      |    4
 include/catalog/pg_proc_fn.h      |    1
 include/commands/defrem.h         |    1
 include/utils/security.h          |  348 ++
 58 files changed, 5747 insertions(+), 914 deletions(-), 1986 modifications(!)

--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>

Attachment

pgsql-hackers by date:

Previous
From: Zdenek Kotala
Date:
Subject: Re: hstore crasesh on 64bit Sparc
Next
From: Simon Riggs
Date:
Subject: Re: FSM search modes