[PATCH] ACE Framework - Database, Schema

Поиск
Список
Период
Сортировка
От KaiGai Kohei
Тема [PATCH] ACE Framework - Database, Schema
Дата
Msg-id 4B24C1CB.3000307@kaigai.gr.jp
обсуждение исходный текст
Ответы Re: [PATCH] ACE Framework - Database, Schema
Список pgsql-hackers
Дерево обсуждения 
Stephen,

The attached two patches are the first pieces of split out from
the previous large access control reworks patch.

The pgsql-ace-01-database-8.5devel-r2475.patch contains nigh
security hooks related to global initialization and databases.

The pgsql-ace-02-schema-8.5devel-r2475.patch contains the six
security hooks related to schema objects.

Note that these are not simple replacement for pg_xxx_aclcheck()
and pg_xxx_ownercheck(). For example, DefineRelation() calls
pg_namespace_aclcheck() with ACL_CREATE. This check shall be
abstracted in the pgsql-ace-0x-relation patch, so I don't touch
them yet.

Also note that these patches don't support any security label.
So, ace_xxx_create() is declared as void function, although it
has to return a security label to be assigned.
But these hooks are deployed on where we can easily support
security label management, so later patch will fix it.

The previous patch is too large to review.
Is this scale confortable to review?

$ diffstat pgsql-ace-01-database-8.5devel-r2475.patch
 backend/Makefile                    |    2
 backend/catalog/aclchk.c            |   68 +++++++!
 backend/commands/comment.c          |    5
 backend/commands/dbcommands.c       |  154 +--------!!!!!!!!!
 backend/commands/indexcmds.c        |    6
 backend/security/Makefile           |   10 +
 backend/security/ace/Makefile       |   11 +
 backend/security/ace/ace_database.c |  285 ++++++++++++++++++++++++++++++++++++
 backend/security/ace/ace_misc.c     |   23 ++
 backend/utils/adt/dbsize.c          |    9
 backend/utils/init/postinit.c       |   17 !!
 include/security/ace.h              |   39 ++++
 12 files changed, 445 insertions(+), 63 deletions(-), 121 modifications(!)

$ diffstat pgsql-ace-02-schema-8.5devel-r2475.patch
 backend/catalog/aclchk.c          |   15 +!
 backend/catalog/namespace.c       |   42 ++---!!
 backend/commands/comment.c        |    4
 backend/commands/schemacmds.c     |   57 -!!!!!!!!!
 backend/security/ace/Makefile     |    2
 backend/security/ace/ace_schema.c |  200 ++++++++++++++++++++++++++++++++++++++
 backend/tcop/fastpath.c           |    6 !
 include/security/ace.h            |   14 ++
 8 files changed, 234 insertions(+), 25 deletions(-), 81 modifications(!)

--
KaiGai Kohei <kaigai@kaigai.gr.jp>
Вложения

В списке pgsql-hackers по дате отправления: