[PATCH] Largeobject access controls

From: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: [PATCH] Largeobject access controls
Date: 2009-08-28 04:07:18
Message-ID: 4A9757F6.3010401@ak.jp.nec.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

The attached patch provides access control features on largeobject.

This patch adds the ownership and two permissions (SELECT and UPDATE) on
largeobjects. The two permissions controls reader and writer accesses to
the largeobejcts. Only owner can unlink the largeobject which is owned by.
It also add a new attribute on the database role to control whether he
can create a new largeobject, or not. Because largeobject is not stored
within a certain namespace, we cannot control its creation using CREATE
permission.

The CREATE USER/ROLE statement got a new option: LARGEOBJECT/NOLARGEOBJECT.
It enables to controls whether the user can create a largeobject, or not.
The default is LARGEOBJECT which means user can create them.
This attribute is stored within pg_authid.rollargeobject defined as bool.

The pg_largeobject system catalog is reworked to manage its metadata.

CATALOG(pg_largeobject,2613)
{
Oid loowner; /* OID of the owner */
Oid lochunk; /* OID of the data chunks */
aclitem loacl[1]; /* access permissions */
} FormData_pg_largeobject;

Actual data chunks are stored in the toast relation of pg_largeobject,
and its chunk_id is stored in the pg_largeobject.lochunk.
As I noted before, there are several difficulties to implement partially
writable varlena type, so it uses the its toast relation just as a storage
to store its data chunks.

The GRANT/REVOKE statement also support largeobject, as follows:

GRANT SELECT ON LARGE OBJECT 1234 TO kaigai;

It follows the matter when COMMENT ON statement specifies a large object.

Thanks,

======== (Example) ================================
postgres=# CREATE USER dog; -- user can create largeobjects in default
CREATE ROLE
postgres=# CREATE USER cat NOLARGEOBJECT;
CREATE ROLE
postgres=# \c - dog
psql (8.5devel)
You are now connected to database "postgres" as user "dog".
postgres=> SELECT lo_create(123);
lo_create
-----------
123
(1 row)

postgres=> SELECT lo_create(100);
lo_create
-----------
100
(1 row)

postgres=> GRANT SELECT ON LARGE OBJECT 123 TO cat;
GRANT
postgres=> \c - cat
psql (8.5devel)
You are now connected to database "postgres" as user "cat".
postgres=> SELECT lo_create(456);
ERROR: permission denied to create largeobject
postgres=> SELECT loread(lo_open(123, x'40000'::int), 100);
loread
--------
\x
(1 row)

postgres=> SELECT lowrite(lo_open(123, x'20000'::int), 'abcdefg');
ERROR: permission denied for largeobject 123
postgres=> SELECT lo_unlink(123);
ERROR: must be owner of largeobject 123
===================================================

[kaigai(at)saba ~]$ diffstat sepgsql-02-blob-8.5devel-r2264.patch.gz
doc/src/sgml/ref/create_role.sgml | 13 +
doc/src/sgml/ref/create_user.sgml | 1
doc/src/sgml/ref/grant.sgml | 8
doc/src/sgml/ref/revoke.sgml | 6
src/backend/catalog/aclchk.c | 246 ++++++++++++++++++++
src/backend/catalog/dependency.c | 14 +
src/backend/catalog/pg_largeobject.c | 139 +!!!!!!!!!!
src/backend/catalog/pg_shdepend.c | 4
src/backend/commands/comment.c | 10
src/backend/commands/tablecmds.c | 1
src/backend/commands/user.c | 32 ++
src/backend/libpq/be-fsstubs.c | 141 ++++++++++-
src/backend/parser/gram.y | 26 +!
src/backend/storage/large_object/inv_api.c | 344 ++++-------!!!!!!!!!!!!!!!!
src/backend/utils/adt/acl.c | 4
src/backend/utils/cache/syscache.c | 13 +
src/include/catalog/dependency.h | 1
src/include/catalog/indexing.h | 4
src/include/catalog/pg_authid.h | 14 !
src/include/catalog/pg_largeobject.h | 17 !
src/include/catalog/toasting.h | 10
src/include/nodes/parsenodes.h | 1
src/include/parser/kwlist.h | 2
src/include/utils/acl.h | 6
src/include/utils/syscache.h | 1
src/test/regress/expected/privileges.out | 202 +++++++++++++++++
src/test/regress/input/largeobject.source | 7
src/test/regress/output/largeobject.source | 10
src/test/regress/sql/privileges.sql | 75 ++++++
29 files changed, 857 insertions(+), 107 deletions(-), 388 modifications(!)

--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>

Attachment Content-Type Size
sepgsql-02-blob-8.5devel-r2264.patch.gz application/gzip 18.9 KB

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2009-08-28 04:46:49 Re: Memory context usage
Previous Message Ron Mayer 2009-08-28 03:39:17 Re: 8.5 release timetable, again