The following url is a patch to rework access control facilities in PostgreSQL.
http://sepgsql.googlecode.com/files/sepgsql-01-base-8.5devel-r2251.patch.gz
The current implementation does not have well separation in what
to be controled and how to be controled. For example, when we create
a new table, it requires users ACL_CREATE on the namespace and
ACL_CREATE on the tablespace if necessary. These checks are methods
to control whether he can create a new table, or not.
This patch provides an abstraction layer of access controls to
separate what to be controlsed and how to be controled.
The abstraction layer is a set of functions to implement what
to be controled.
For example, ac_relation_create() checks user's privilege to
create a new table. It internally calls pg_namespace_aclcheck()
and pg_tablespace_aclcheck() to make its access control decision
based on the security model in database ACLs.
This abstraction layer functions have the following naming convension.
ac_<object type>_<action>(args, ...)
e.g) void ac_proc_execute(Oid proOid, Oid roleOid) It checks privilege to execute a certain procedure with
thegiven database role. The caller gives all the necessary informations to make its decision.
It replaces all the pg_xxx_aclcheck() and pg_xxx_ownercheck() invocations
from the backend implementations, except for security/access_control.c.
In this patch, these are used as helper functions to implement access
control logic (in other word, how to be controled), invoked from the
access control functions.
These ac_xxx_xxx() routines will be entrypoints to invoke additional
security checks (SE-PostgreSQL), rather than sepgsqlXXXX() hooks around
the backend implementation.
Thanks,
$ diffstat sepgsql-01-base-8.5devel-r2251.patch.gzbackend/Makefile | 2backend/catalog/aclchk.c
| 218 !backend/catalog/namespace.c | 53backend/catalog/pg_aggregate.c |
12backend/catalog/pg_conversion.c | 33backend/catalog/pg_operator.c | 42backend/catalog/pg_proc.c |
15backend/catalog/pg_shdepend.c | 8backend/catalog/pg_type.c | 25backend/commands/aggregatecmds.c |
42backend/commands/alter.c | 66backend/commands/analyze.c | 5backend/commands/cluster.c |
9backend/commands/comment.c | 120backend/commands/conversioncmds.c | 71backend/commands/copy.c |
40backend/commands/dbcommands.c | 160 !backend/commands/foreigncmds.c | 144backend/commands/functioncmds.c |
123backend/commands/indexcmds.c | 120backend/commands/lockcmds.c | 17backend/commands/opclasscmds.c |
223!backend/commands/operatorcmds.c | 70backend/commands/proclang.c | 56backend/commands/schemacmds.c |
60backend/commands/sequence.c | 38backend/commands/tablecmds.c | 427 -!backend/commands/tablespace.c
| 46backend/commands/trigger.c | 41backend/commands/tsearchcmds.c | 176 !backend/commands/typecmds.c
| 136 !backend/commands/vacuum.c | 3backend/commands/view.c | 7backend/executor/execMain.c
| 203 !backend/executor/execQual.c | 16backend/executor/nodeAgg.c |
24backend/executor/nodeMergejoin.c | 8backend/executor/nodeWindowAgg.c | 24backend/optimizer/util/clauses.c |
6backend/parser/parse_utilcmd.c | 13backend/rewrite/rewriteDefine.c | 10backend/rewrite/rewriteRemove.c |
6backend/security/Makefile | 10backend/security/access_control.c | 4290
++++++++++++++++++++++++++++++++++++++backend/tcop/fastpath.c | 15backend/tcop/utility.c |
74backend/utils/adt/dbsize.c | 25backend/utils/adt/ri_triggers.c | 24backend/utils/adt/tid.c |
18backend/utils/init/postinit.c | 14include/catalog/pg_proc_fn.h | 1include/commands/defrem.h |
1include/utils/security.h | 337 ++53 files changed, 5027 insertions(+), 924 deletions(-), 1776
modifications(!)
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>
