[PATCH] Reworks for Access Control facilities (r2350)

The attached patch is a revised version based on the previous
discussions at:

http://archives.postgresql.org/message-id/20090929105431.GO17756@tamriel.snowman.net
http://archives.postgresql.org/message-id/4AC1EA9E.3080907@kaigai.gr.jp
http://archives.postgresql.org/message-id/20090929173049.GP17756@tamriel.snowman.net
http://archives.postgresql.org/message-id/4AC2BDD0.7050906@ak.jp.nec.com
http://archives.postgresql.org/message-id/20090930105911.GS17756@tamriel.snowman.net
http://archives.postgresql.org/message-id/4AC40133.4080509@ak.jp.nec.com

Please review the new revision, Thanks,

* List of updates

- code base was updated to the latest CVS HEAD.
- reverted changes on FindConversion() and EnableDisableRule().
these changes are discussed in the different topics.
- removed uncertain comment at the restrict_grant().
- added comment about SQL specifications for each ac_xxx_grant().
- eliminate MEMO: and FIXME: prefix
- moved ac_language_create() prior to the CreateProcedure() because
it may update the pg_proc system catalog.
- removed ac_schema_search() invocations when the target namespace is
obviously temporary namespace. And, added a comment to bypass checks
for both of DAC/MAC on temporary namespaces.
- uncommented "ac_object_drop() should be here", and added actual
ac_object_drop() at the performDeletion() and performMultipleDeletion().
The 'permission' argument was added to these functions.
- uncommented "ac_attribute_xxxx() should be here", and put actual
ac_attribute_create() and ac_attribute_drop() calls here.
- ac_aggregate_execute() function was added.
- add a memo for minor behavior changes at src/backend/security/README
(It is a initial description, so needs more brushing up)

$ diffstat sepgsql-01-base-8.5devel-r2350.patch.gz
backend/Makefile | 2
backend/catalog/aclchk.c | 254 !
backend/catalog/dependency.c | 31
backend/catalog/heap.c | 2
backend/catalog/namespace.c | 54
backend/catalog/pg_aggregate.c | 12
backend/catalog/pg_operator.c | 42
backend/catalog/pg_proc.c | 29
backend/catalog/pg_shdepend.c | 13
backend/catalog/pg_type.c | 25
backend/commands/aggregatecmds.c | 44
backend/commands/alter.c | 78
backend/commands/analyze.c | 5
backend/commands/cluster.c | 11
backend/commands/comment.c | 125
backend/commands/conversioncmds.c | 73
backend/commands/copy.c | 40
backend/commands/dbcommands.c | 160 !
backend/commands/foreigncmds.c | 150
backend/commands/functioncmds.c | 132
backend/commands/indexcmds.c | 120
backend/commands/lockcmds.c | 17
backend/commands/opclasscmds.c | 246 !
backend/commands/operatorcmds.c | 72
backend/commands/proclang.c | 63
backend/commands/schemacmds.c | 62
backend/commands/sequence.c | 38
backend/commands/tablecmds.c | 370 -
backend/commands/tablespace.c | 46
backend/commands/trigger.c | 43
backend/commands/tsearchcmds.c | 182 !
backend/commands/typecmds.c | 143 !
backend/commands/user.c | 183 !
backend/commands/vacuum.c | 5
backend/commands/view.c | 7
backend/executor/execMain.c | 208 !
backend/executor/execQual.c | 16
backend/executor/nodeAgg.c | 38
backend/executor/nodeMergejoin.c | 8
backend/executor/nodeWindowAgg.c | 42
backend/optimizer/util/clauses.c | 6
backend/parser/parse_utilcmd.c | 13
backend/postmaster/autovacuum.c | 2
backend/rewrite/rewriteDefine.c | 5
backend/rewrite/rewriteRemove.c | 8
backend/security/Makefile | 10
backend/security/README | 294 ++
backend/security/access_control.c | 4593 ++++++++++++++++++++++++++++++++++++++
backend/tcop/fastpath.c | 15
backend/tcop/utility.c | 74
backend/utils/adt/dbsize.c | 25
backend/utils/adt/ri_triggers.c | 24
backend/utils/adt/tid.c | 18
backend/utils/init/postinit.c | 15
include/catalog/dependency.h | 4
include/catalog/pg_proc_fn.h | 1
include/commands/defrem.h | 1
include/utils/security.h | 348 ++
58 files changed, 5747 insertions(+), 914 deletions(-), 1986 modifications(!)

--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>