Postgres Pro
Downloads
Home   >   mailing lists

[PATCH] ACE Framework - Database, Schema - Mailing list pgsql-hackers

From KaiGai Kohei
Subject [PATCH] ACE Framework - Database, Schema
Date
Msg-id 4B24C1CB.3000307@kaigai.gr.jp
Whole thread Raw
Responses Re: [PATCH] ACE Framework - Database, Schema  (Robert Haas <robertmhaas@gmail.com>)
List pgsql-hackers
Tree view 
Stephen,

The attached two patches are the first pieces of split out from
the previous large access control reworks patch.

The pgsql-ace-01-database-8.5devel-r2475.patch contains nigh
security hooks related to global initialization and databases.

The pgsql-ace-02-schema-8.5devel-r2475.patch contains the six
security hooks related to schema objects.

Note that these are not simple replacement for pg_xxx_aclcheck()
and pg_xxx_ownercheck(). For example, DefineRelation() calls
pg_namespace_aclcheck() with ACL_CREATE. This check shall be
abstracted in the pgsql-ace-0x-relation patch, so I don't touch
them yet.

Also note that these patches don't support any security label.
So, ace_xxx_create() is declared as void function, although it
has to return a security label to be assigned.
But these hooks are deployed on where we can easily support
security label management, so later patch will fix it.

The previous patch is too large to review.
Is this scale confortable to review?

$ diffstat pgsql-ace-01-database-8.5devel-r2475.patch
 backend/Makefile                    |    2
 backend/catalog/aclchk.c            |   68 +++++++!
 backend/commands/comment.c          |    5
 backend/commands/dbcommands.c       |  154 +--------!!!!!!!!!
 backend/commands/indexcmds.c        |    6
 backend/security/Makefile           |   10 +
 backend/security/ace/Makefile       |   11 +
 backend/security/ace/ace_database.c |  285 ++++++++++++++++++++++++++++++++++++
 backend/security/ace/ace_misc.c     |   23 ++
 backend/utils/adt/dbsize.c          |    9
 backend/utils/init/postinit.c       |   17 !!
 include/security/ace.h              |   39 ++++
 12 files changed, 445 insertions(+), 63 deletions(-), 121 modifications(!)

$ diffstat pgsql-ace-02-schema-8.5devel-r2475.patch
 backend/catalog/aclchk.c          |   15 +!
 backend/catalog/namespace.c       |   42 ++---!!
 backend/commands/comment.c        |    4
 backend/commands/schemacmds.c     |   57 -!!!!!!!!!
 backend/security/ace/Makefile     |    2
 backend/security/ace/ace_schema.c |  200 ++++++++++++++++++++++++++++++++++++++
 backend/tcop/fastpath.c           |    6 !
 include/security/ace.h            |   14 ++
 8 files changed, 234 insertions(+), 25 deletions(-), 81 modifications(!)

--
KaiGai Kohei <kaigai@kaigai.gr.jp>
Attachment

pgsql-hackers by date:

Previous
From: KaiGai Kohei
Date:
Subject: Re: Row-Level Security
Next
From: Dave Page
Date:
Subject: Re: Winflex