Thread: [PATCH] Reworks for Access Control facilities (r2251)

[PATCH] Reworks for Access Control facilities (r2251)

From
KaiGai Kohei
Date:
The following url is a patch to rework access control facilities in PostgreSQL.
 http://sepgsql.googlecode.com/files/sepgsql-01-base-8.5devel-r2251.patch.gz

The current implementation does not have well separation in what
to be controled and how to be controled. For example, when we create
a new table, it requires users ACL_CREATE on the namespace and
ACL_CREATE on the tablespace if necessary. These checks are methods
to control whether he can create a new table, or not.

This patch provides an abstraction layer of access controls to
separate what to be controlsed and how to be controled.
The abstraction layer is a set of functions to implement what
to be controled.
For example, ac_relation_create() checks user's privilege to
create a new table. It internally calls pg_namespace_aclcheck()
and pg_tablespace_aclcheck() to make its access control decision
based on the security model in database ACLs.

This abstraction layer functions have the following naming convension.
 ac_<object type>_<action>(args, ...)

e.g)  void ac_proc_execute(Oid proOid, Oid roleOid)       It checks privilege to execute a certain procedure with
thegiven database role. The caller gives all the necessary       informations to make its decision.
 

It replaces all the pg_xxx_aclcheck() and pg_xxx_ownercheck() invocations
from the backend implementations, except for security/access_control.c.
In this patch, these are used as helper functions to implement access
control logic (in other word, how to be controled), invoked from the
access control functions.

These ac_xxx_xxx() routines will be entrypoints to invoke additional
security checks (SE-PostgreSQL), rather than sepgsqlXXXX() hooks around
the backend implementation.

Thanks,

$ diffstat sepgsql-01-base-8.5devel-r2251.patch.gzbackend/Makefile                  |    2backend/catalog/aclchk.c
   |  218 !backend/catalog/namespace.c       |   53backend/catalog/pg_aggregate.c    |
12backend/catalog/pg_conversion.c  |   33backend/catalog/pg_operator.c     |   42backend/catalog/pg_proc.c         |
15backend/catalog/pg_shdepend.c    |    8backend/catalog/pg_type.c         |   25backend/commands/aggregatecmds.c  |
42backend/commands/alter.c         |   66backend/commands/analyze.c        |    5backend/commands/cluster.c        |
9backend/commands/comment.c       |  120backend/commands/conversioncmds.c |   71backend/commands/copy.c           |
40backend/commands/dbcommands.c    |  160 !backend/commands/foreigncmds.c    |  144backend/commands/functioncmds.c   |
123backend/commands/indexcmds.c     |  120backend/commands/lockcmds.c       |   17backend/commands/opclasscmds.c    |
223!backend/commands/operatorcmds.c   |   70backend/commands/proclang.c       |   56backend/commands/schemacmds.c     |
 60backend/commands/sequence.c       |   38backend/commands/tablecmds.c      |  427 -!backend/commands/tablespace.c
|  46backend/commands/trigger.c        |   41backend/commands/tsearchcmds.c    |  176 !backend/commands/typecmds.c
|  136 !backend/commands/vacuum.c         |    3backend/commands/view.c           |    7backend/executor/execMain.c
 |  203 !backend/executor/execQual.c       |   16backend/executor/nodeAgg.c        |
24backend/executor/nodeMergejoin.c |    8backend/executor/nodeWindowAgg.c  |   24backend/optimizer/util/clauses.c  |
6backend/parser/parse_utilcmd.c   |   13backend/rewrite/rewriteDefine.c   |   10backend/rewrite/rewriteRemove.c   |
6backend/security/Makefile        |   10backend/security/access_control.c | 4290
++++++++++++++++++++++++++++++++++++++backend/tcop/fastpath.c          |   15backend/tcop/utility.c            |
74backend/utils/adt/dbsize.c       |   25backend/utils/adt/ri_triggers.c   |   24backend/utils/adt/tid.c           |
18backend/utils/init/postinit.c    |   14include/catalog/pg_proc_fn.h      |    1include/commands/defrem.h         |
1include/utils/security.h         |  337 ++53 files changed, 5027 insertions(+), 924 deletions(-), 1776
modifications(!)

-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>


Re: [PATCH] Reworks for Access Control facilities (r2251)

From
KaiGai Kohei
Date:
KaiGai Kohei wrote:
> The following url is a patch to rework access control facilities in PostgreSQL.
> 
>   http://sepgsql.googlecode.com/files/sepgsql-01-base-8.5devel-r2251.patch.gz

IIRC, the limitation of attachment was 40kb, so I resent it using a pointing URL
instead of attachment, sorry for same messages.

BTW, was it expanded?
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>


Re: [PATCH] Reworks for Access Control facilities (r2251)

From
Alvaro Herrera
Date:
KaiGai Kohei wrote:
> KaiGai Kohei wrote:
> > The following url is a patch to rework access control facilities in PostgreSQL.
> > 
> >   http://sepgsql.googlecode.com/files/sepgsql-01-base-8.5devel-r2251.patch.gz
> 
> IIRC, the limitation of attachment was 40kb, so I resent it using a pointing URL
> instead of attachment, sorry for same messages.

Actually the message with the big attachment was delivered and is on the
archives:
http://archives.postgresql.org/message-id/4A93480C.707@ak.jp.nec.com

-- 
Alvaro Herrera                                http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.