On Tue, Nov 17, 2015 at 1:09 AM, Mohammed Ajil <ajilm@xxxxxxxxxxxxxxx> wrote: > I am currently working on a research project for Secure Access Control > in PostgreSQL. So basically you wish to decide which query is authorized to run or not depending on its type as well as on the relation a given query touches. I would imagine as well that you'd want to have some fancy control granularity with what is running or not. > For verifying my hypothesis I would like to include my own algorithm > that makes the access control decisions for specific queries. For that I > would like to include my own access-control.c file with its header. > Now I have some problems understanding the makefiles, I do not quite get > where I have to link the C file into the whole build of postgres. Well, you could put it anywhere as long as it is compiled with binary postgres, one example being src/backend/tcop/ which is where utility.c is present, then modify src/backend/tcop/Makefile and add your file to it. Roughly. Now, of course it depends on what you want to achieve, but I think that you could actually achieve your goal without modifying the source code of Postgres by using the internal hooks of Postgres code (this is undocumented, see here https://wiki.postgresql.org/images/e/e3/Hooks_in_postgresql.pdf). Here are a couple of example on how to do that: - Here is one disabling ALTER SYSTEM: https://github.com/MasaoFujii/pg_disallow_utility - Here is another one putting restrictions on database and user I did some time ago: https://github.com/michaelpq/pg_plugins/tree/master/hook_utility Those two ones are using the utility hook, to put some kind of control on the DDL queries as well as other queries that are not SELECT/INSERT/UPDATE/DELETE being run on a Postgres server. For those last four ones, you could use the query planner hook, here is an example (don't use it btw, but feel free to get inspiration from it for your stuff): https://github.com/michaelpq/pg_plugins/tree/master/pg_panic Regards, -- Michael -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
