Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commitf1325ce

Browse files
committed
Add large object access control.
A new system catalog pg_largeobject_metadata managesownership and access privileges of large objects.KaiGai Kohei, reviewed by Jaime Casanova.
1 parent6457996 commitf1325ce

39 files changed

+1439
-162
lines changed

‎doc/src/sgml/catalogs.sgml

Lines changed: 71 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/catalogs.sgml,v 2.212 2009/12/07 05:22:21 tgl Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/catalogs.sgml,v 2.213 2009/12/11 03:34:54 itagaki Exp $ -->
22
<!--
33
Documentation of the system catalogs, directed toward PostgreSQL developers
44
-->
@@ -160,7 +160,12 @@
160160

161161
<row>
162162
<entry><link linkend="catalog-pg-largeobject"><structname>pg_largeobject</structname></link></entry>
163-
<entry>large objects</entry>
163+
<entry>data pages for large objects</entry>
164+
</row>
165+
166+
<row>
167+
<entry><link linkend="catalog-pg-largeobject-metadata"><structname>pg_largeobject_metadata</structname></link></entry>
168+
<entry>metadata for large objects</entry>
164169
</row>
165170

166171
<row>
@@ -3120,22 +3125,31 @@
31203125

31213126
<para>
31223127
The catalog <structname>pg_largeobject</structname> holds the data making up
3123-
<quote>large objects</quote>. A large object is identified by an
3124-
OID assigned when it is created. Each large object is broken into
3128+
<quote>large objects</quote>. A large object is identified by an OID of
3129+
<link linkend="catalog-pg-largeobject-metadata"><structname>pg_largeobject_metadata</></link>
3130+
catalog, assigned when it is created. Each large object is broken into
31253131
segments or <quote>pages</> small enough to be conveniently stored as rows
31263132
in <structname>pg_largeobject</structname>.
31273133
The amount of data per page is defined to be <symbol>LOBLKSIZE</> (which is currently
31283134
<literal>BLCKSZ/4</>, or typically 2 kB).
31293135
</para>
31303136

3137+
<para>
3138+
<structname>pg_largeobject</structname> should not be readable by the
3139+
public, since the catalog contains data in large objects of all users.
3140+
<structname>pg_largeobject_metadata</> is a publicly readable catalog
3141+
that only contains identifiers of large objects.
3142+
</para>
3143+
31313144
<table>
31323145
<title><structname>pg_largeobject</> Columns</title>
31333146

3134-
<tgroup cols="3">
3147+
<tgroup cols="4">
31353148
<thead>
31363149
<row>
31373150
<entry>Name</entry>
31383151
<entry>Type</entry>
3152+
<entry>References</entry>
31393153
<entry>Description</entry>
31403154
</row>
31413155
</thead>
@@ -3144,19 +3158,22 @@
31443158
<row>
31453159
<entry><structfield>loid</structfield></entry>
31463160
<entry><type>oid</type></entry>
3161+
<entry><literal><link linkend="catalog-pg-largeobject-metadata"><structname>pg_largeobject_metadata</structname></link>.oid</literal></entry>
31473162
<entry>Identifier of the large object that includes this page</entry>
31483163
</row>
31493164

31503165
<row>
31513166
<entry><structfield>pageno</structfield></entry>
31523167
<entry><type>int4</type></entry>
3168+
<entry></entry>
31533169
<entry>Page number of this page within its large object
31543170
(counting from zero)</entry>
31553171
</row>
31563172

31573173
<row>
31583174
<entry><structfield>data</structfield></entry>
31593175
<entry><type>bytea</type></entry>
3176+
<entry></entry>
31603177
<entry>
31613178
Actual data stored in the large object.
31623179
This will never be more than <symbol>LOBLKSIZE</> bytes and might be less
@@ -3177,6 +3194,55 @@
31773194

31783195
</sect1>
31793196

3197+
<sect1 id="catalog-pg-largeobject-metadata">
3198+
<title><structname>pg_largeobject_metadata</structname></title>
3199+
3200+
<indexterm zone="catalog-pg-largeobject-metadata">
3201+
<primary>pg_largeobject_metadata</primary>
3202+
</indexterm>
3203+
3204+
<para>
3205+
The purpose of <structname>pg_largeobject_metadata</structname> is to
3206+
hold metadata of <quote>large objects</quote>, such as OID of its owner,
3207+
access permissions and OID of the large object itself.
3208+
</para>
3209+
3210+
<table>
3211+
<title><structname>pg_largeobject_metadata</> Columns</title>
3212+
3213+
<tgroup cols="4">
3214+
<thead>
3215+
<row>
3216+
<entry>Name</entry>
3217+
<entry>Type</entry>
3218+
<entry>References</entry>
3219+
<entry>Description</entry>
3220+
</row>
3221+
</thead>
3222+
3223+
<tbody>
3224+
<row>
3225+
<entry><structfield>lomowner</structfield></entry>
3226+
<entry><type>oid</type></entry>
3227+
<entry><literal><link linkend="catalog-pg-authid"><structname>pg_authid</structname></link>.oid</literal></entry>
3228+
<entry>Owner of the largeobejct</entry>
3229+
</row>
3230+
3231+
<row>
3232+
<entry><structfield>lomacl</structfield></entry>
3233+
<entry><type>aclitem[]</type></entry>
3234+
<entry>
3235+
Access privileges; see
3236+
<xref linkend="sql-grant" endterm="sql-grant-title"> and
3237+
<xref linkend="sql-revoke" endterm="sql-revoke-title">
3238+
for details
3239+
</entry>
3240+
</row>
3241+
3242+
</tbody>
3243+
</tgroup>
3244+
</table>
3245+
</sect1>
31803246

31813247
<sect1 id="catalog-pg-listener">
31823248
<title><structname>pg_listener</structname></title>

‎doc/src/sgml/config.sgml

Lines changed: 30 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.236 2009/12/10 06:32:27 petere Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.237 2009/12/11 03:34:55 itagaki Exp $ -->
22

33
<chapter Id="runtime-config">
44
<title>Server Configuration</title>
@@ -4816,6 +4816,35 @@ dynamic_library_path = 'C:\tools\postgresql;H:\my_project\lib;$libdir'
48164816
</listitem>
48174817
</varlistentry>
48184818

4819+
<varlistentry id="guc-lo-compat-privileges" xreflabel="lo_compat_privileges">
4820+
<term><varname>lo_compat_privileges</varname> (<type>boolean</type>)</term>
4821+
<indexterm>
4822+
<primary>
4823+
<varname>lo_compat_privileges</varname> configuration parameter
4824+
</primary>
4825+
</indexterm>
4826+
<listitem>
4827+
<para>
4828+
This allows us to tuen on/off database privilege checks on large
4829+
objects. In the 8.4.x series and earlier release do not have
4830+
privilege checks on large object in most cases.
4831+
4832+
So, turning the <varname>lo_compat_privileges</varname> off means
4833+
the large object feature performs in compatible mode.
4834+
</para>
4835+
<para>
4836+
Please note that it is not equivalent to disable all the security
4837+
checks corresponding to large objects.
4838+
For example, the <literal>lo_import()</literal> and
4839+
<literal>lo_export()</literal> need superuser privileges independent
4840+
from this setting as prior versions were doing.
4841+
</para>
4842+
<para>
4843+
It is <literal>off</literal> by default.
4844+
</para>
4845+
</listitem>
4846+
</varlistentry>
4847+
48194848
<varlistentry id="guc-sql-inheritance" xreflabel="sql_inheritance">
48204849
<term><varname>sql_inheritance</varname> (<type>boolean</type>)</term>
48214850
<indexterm>

‎doc/src/sgml/lobj.sgml

Lines changed: 52 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/lobj.sgml,v 1.49 2008/12/07 23:46:39 alvherre Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/lobj.sgml,v 1.50 2009/12/11 03:34:55 itagaki Exp $ -->
22

33
<chapter id="largeObjects">
44
<title id="largeObjects-title">Large Objects</title>
@@ -441,6 +441,57 @@ SELECT lo_export(image.raster, '/tmp/motd') FROM image
441441
The client-side functions can be used by any
442442
<productname>PostgreSQL</productname> user.
443443
</para>
444+
445+
<sect2 id="lo-func-privilege">
446+
<title>Large object and privileges</title>
447+
<para>
448+
Note that access control feature was not supported in the 8.4.x series
449+
and earlier release.
450+
Also see the <xref linkend="guc-lo-compat-privileges"> compatibility
451+
option.
452+
</para>
453+
<para>
454+
Now it supports access controls on large objects, and allows the owner
455+
of large objects to set up access rights using
456+
<xref linkend="sql-grant" endterm="sql-grant-title"> and
457+
<xref linkend="sql-revoke" endterm="sql-revoke-title"> statement.
458+
</para>
459+
<para>
460+
Two permissions are defined on the large object class.
461+
These are checked only when <xref linkend="guc-lo-compat-privileges">
462+
option is disabled.
463+
</para>
464+
<para>
465+
The first is <literal>SELECT</literal>.
466+
It is required on <function>loread()</function> function.
467+
Note that when we open large object with read-only mode, we can see
468+
a static image even if other concurrent transaction modified the
469+
same large object.
470+
This principle is also applied on the access rights of large objects.
471+
Even if a transaction modified access rights and commit it, it is
472+
not invisible from other transaction which already opened the large
473+
object.
474+
</para>
475+
<para>
476+
The second is <literal>UPDATE</literal>.
477+
It is required on <function>lowrite()</function> function and
478+
<function>lo_truncate()</function> function.
479+
</para>
480+
<para>
481+
In addition, <function>lo_unlink()</function> function,
482+
<command>COMMENT ON</command> and <command>ALTER LARGE OBJECT</command>
483+
statements needs ownership of the large object to be accessed.
484+
</para>
485+
<para>
486+
You may wonder why <literal>SELECT</literal> is not checked on the
487+
<function>lo_export()</function> function or <literal>UPDATE</literal>
488+
is not checked on the <function>lo_import</function> function.
489+
490+
These functions originally require database superuser privilege,
491+
and it allows to bypass the default database privilege checks,
492+
so we don't need to check an obvious test twice.
493+
</para>
494+
</sect2>
444495
</sect1>
445496

446497
<sect1 id="lo-examplesect">

‎doc/src/sgml/ref/allfiles.sgml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!--
2-
$PostgreSQL: pgsql/doc/src/sgml/ref/allfiles.sgml,v 1.76 2009/10/05 19:24:33 tgl Exp $
2+
$PostgreSQL: pgsql/doc/src/sgml/ref/allfiles.sgml,v 1.77 2009/12/11 03:34:55 itagaki Exp $
33
PostgreSQL documentation
44
Complete list of usable sgml source files in this directory.
55
-->
@@ -16,6 +16,7 @@ Complete list of usable sgml source files in this directory.
1616
<!entity alterGroup system "alter_group.sgml">
1717
<!entity alterIndex system "alter_index.sgml">
1818
<!entity alterLanguage system "alter_language.sgml">
19+
<!entity alterLargeObject system "alter_large_object.sgml">
1920
<!entity alterOperator system "alter_operator.sgml">
2021
<!entity alterOperatorClass system "alter_opclass.sgml">
2122
<!entity alterOperatorFamily system "alter_opfamily.sgml">
Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
<refentry id="SQL-ALTERLARGEOBJECT">
2+
<refmeta>
3+
<refentrytitle id="SQL-ALTERLARGEOBJECT-title">ALTER LARGE OBJECT</refentrytitle>
4+
<manvolnum>7</manvolnum>
5+
<refmiscinfo>SQL - Language Statements</refmiscinfo>
6+
</refmeta>
7+
8+
<refnamediv>
9+
<refname>ALTER LARGE OBJECT</refname>
10+
<refpurpose>change the definition of a large object</refpurpose>
11+
</refnamediv>
12+
13+
<indexterm zone="sql-alterlargeobject">
14+
<primary>ALTER LARGE OBJECT</primary>
15+
</indexterm>
16+
17+
<refsynopsisdiv>
18+
<synopsis>
19+
ALTER LARGE OBJECT <replaceable class="PARAMETER">large_object_oid</replaceable> OWNER TO <replaceable>new_owner</replaceable>
20+
</synopsis>
21+
</refsynopsisdiv>
22+
23+
<refsect1>
24+
<title>Description</title>
25+
26+
<para>
27+
<command>ALTER LARGE OBJECT</command> changes the definition of a
28+
large object. The only functionality is to assign a new owner.
29+
You must be superuser or owner of the large object to use
30+
<command>ALTER LARGE OBJECT</command>.
31+
</para>
32+
</refsect1>
33+
34+
<refsect1>
35+
<title>Parameters</title>
36+
37+
<variablelist>
38+
<varlistentry>
39+
<term><replaceable>large_object_oid</replaceable></term>
40+
<listitem>
41+
<para>
42+
OID of the large object to be altered
43+
</para>
44+
</listitem>
45+
</varlistentry>
46+
47+
<varlistentry>
48+
<term><replaceable>new_owner</replaceable></term>
49+
<listitem>
50+
<para>
51+
The new owner of the large object
52+
</para>
53+
</listitem>
54+
</varlistentry>
55+
</variablelist>
56+
</refsect1>
57+
58+
<refsect1>
59+
<title>Compatibility</title>
60+
61+
<para>
62+
There is no <command>ALTER LARGE OBJECT</command> statement in the SQL
63+
standard.
64+
</para>
65+
</refsect1>
66+
67+
<refsect1>
68+
<title>See Also</title>
69+
70+
<simplelist type="inline">
71+
<member><xref linkend="largeObjects" endterm="largeObjects-title"></member>
72+
</simplelist>
73+
</refsect1>
74+
75+
</refentry>

‎doc/src/sgml/ref/grant.sgml

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!--
2-
$PostgreSQL: pgsql/doc/src/sgml/ref/grant.sgml,v 1.79 2009/10/12 20:39:39 tgl Exp $
2+
$PostgreSQL: pgsql/doc/src/sgml/ref/grant.sgml,v 1.80 2009/12/11 03:34:55 itagaki Exp $
33
PostgreSQL documentation
44
-->
55

@@ -59,6 +59,10 @@ GRANT { USAGE | ALL [ PRIVILEGES ] }
5959
ON LANGUAGE <replaceable>lang_name</replaceable> [, ...]
6060
TO { [ GROUP ] <replaceable class="PARAMETER">role_name</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ]
6161

62+
GRANT { { SELECT | UPDATE } [,...] | ALL [ PRIVILEGES ] }
63+
ON LARGE OBJECT <replaceable class="PARAMETER">loid</replaceable> [, ...]
64+
TO { [ GROUP ] <replaceable class="PARAMETER">rolename</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ]
65+
6266
GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
6367
ON SCHEMA <replaceable>schema_name</replaceable> [, ...]
6468
TO { [ GROUP ] <replaceable class="PARAMETER">role_name</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ]
@@ -170,6 +174,8 @@ GRANT <replaceable class="PARAMETER">role_name</replaceable> [, ...] TO <replace
170174
<xref linkend="sql-delete" endterm="sql-delete-title">.
171175
For sequences, this privilege also allows the use of the
172176
<function>currval</function> function.
177+
For large objects, this privilege also allows to read from
178+
the target large object.
173179
</para>
174180
</listitem>
175181
</varlistentry>
@@ -203,6 +209,8 @@ GRANT <replaceable class="PARAMETER">role_name</replaceable> [, ...] TO <replace
203209
<literal>SELECT</literal> privilege. For sequences, this
204210
privilege allows the use of the <function>nextval</function> and
205211
<function>setval</function> functions.
212+
For large objects, this privilege also allows to write or truncate
213+
on the target large object.
206214
</para>
207215
</listitem>
208216
</varlistentry>

‎doc/src/sgml/ref/revoke.sgml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!--
2-
$PostgreSQL: pgsql/doc/src/sgml/ref/revoke.sgml,v 1.53 2009/10/12 20:39:39 tgl Exp $
2+
$PostgreSQL: pgsql/doc/src/sgml/ref/revoke.sgml,v 1.54 2009/12/11 03:34:55 itagaki Exp $
33
PostgreSQL documentation
44
-->
55

@@ -75,6 +75,12 @@ REVOKE [ GRANT OPTION FOR ]
7575
FROM { [ GROUP ] <replaceable class="PARAMETER">role_name</replaceable> | PUBLIC } [, ...]
7676
[ CASCADE | RESTRICT ]
7777

78+
REVOKE [ GRANT OPTION FOR ]
79+
{ { SELECT | UPDATE } [,...] | ALL [ PRIVILEGES ] }
80+
ON LARGE OBJECT <replaceable class="PARAMETER">loid</replaceable> [, ...]
81+
FROM { [ GROUP ] <replaceable class="PARAMETER">rolename</replaceable> | PUBLIC } [, ...]
82+
[ CASCADE | RESTRICT ]
83+
7884
REVOKE [ GRANT OPTION FOR ]
7985
{ { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
8086
ON SCHEMA <replaceable>schema_name</replaceable> [, ...]

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp