1996-07-09 08:22:35 +02:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
|
*
|
1999-02-14 00:22:53 +01:00
|
|
|
* aclchk.c
|
1997-09-07 07:04:48 +02:00
|
|
|
* Routines to check access control permissions.
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
2009-01-01 18:24:05 +01:00
|
|
|
* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
|
2000-01-26 06:58:53 +01:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* IDENTIFICATION
|
2009-01-22 21:16:10 +01:00
|
|
|
* $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.152 2009/01/22 20:16:00 tgl Exp $
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
|
* NOTES
|
1997-09-07 07:04:48 +02:00
|
|
|
* See acl.h.
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
|
*/
|
1996-11-03 07:54:38 +01:00
|
|
|
#include "postgres.h"
|
|
|
|
|
|
2005-11-21 13:49:33 +01:00
|
|
|
#include "access/genam.h"
|
1996-07-09 08:22:35 +02:00
|
|
|
#include "access/heapam.h"
|
2008-05-12 02:00:54 +02:00
|
|
|
#include "access/sysattr.h"
|
2006-07-13 18:49:20 +02:00
|
|
|
#include "access/xact.h"
|
1996-07-09 08:22:35 +02:00
|
|
|
#include "catalog/catalog.h"
|
2005-07-07 22:40:02 +02:00
|
|
|
#include "catalog/dependency.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "catalog/indexing.h"
|
2005-06-28 07:09:14 +02:00
|
|
|
#include "catalog/pg_authid.h"
|
2003-11-21 23:32:49 +01:00
|
|
|
#include "catalog/pg_conversion.h"
|
2002-04-21 02:26:44 +02:00
|
|
|
#include "catalog/pg_database.h"
|
2008-12-19 17:25:19 +01:00
|
|
|
#include "catalog/pg_foreign_data_wrapper.h"
|
|
|
|
|
#include "catalog/pg_foreign_server.h"
|
2002-02-19 00:11:58 +01:00
|
|
|
#include "catalog/pg_language.h"
|
2002-04-21 02:26:44 +02:00
|
|
|
#include "catalog/pg_namespace.h"
|
2002-07-30 00:14:11 +02:00
|
|
|
#include "catalog/pg_opclass.h"
|
1996-10-31 06:55:24 +01:00
|
|
|
#include "catalog/pg_operator.h"
|
2007-01-23 06:07:18 +01:00
|
|
|
#include "catalog/pg_opfamily.h"
|
1996-11-08 07:02:30 +01:00
|
|
|
#include "catalog/pg_proc.h"
|
2004-06-18 08:14:31 +02:00
|
|
|
#include "catalog/pg_tablespace.h"
|
1998-04-27 06:08:07 +02:00
|
|
|
#include "catalog/pg_type.h"
|
2007-08-21 03:11:32 +02:00
|
|
|
#include "catalog/pg_ts_config.h"
|
|
|
|
|
#include "catalog/pg_ts_dict.h"
|
2006-05-04 00:45:26 +02:00
|
|
|
#include "commands/dbcommands.h"
|
2008-12-19 17:25:19 +01:00
|
|
|
#include "foreign/foreign.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "miscadmin.h"
|
1997-11-25 23:07:18 +01:00
|
|
|
#include "parser/parse_func.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "utils/acl.h"
|
2002-04-21 02:26:44 +02:00
|
|
|
#include "utils/fmgroids.h"
|
|
|
|
|
#include "utils/lsyscache.h"
|
2008-06-19 02:46:06 +02:00
|
|
|
#include "utils/rel.h"
|
1996-07-09 08:22:35 +02:00
|
|
|
#include "utils/syscache.h"
|
2008-03-26 22:10:39 +01:00
|
|
|
#include "utils/tqual.h"
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
static void ExecGrant_Relation(InternalGrant *grantStmt);
|
|
|
|
|
static void ExecGrant_Database(InternalGrant *grantStmt);
|
2008-12-19 17:25:19 +01:00
|
|
|
static void ExecGrant_Fdw(InternalGrant *grantStmt);
|
|
|
|
|
static void ExecGrant_ForeignServer(InternalGrant *grantStmt);
|
2005-12-01 03:03:01 +01:00
|
|
|
static void ExecGrant_Function(InternalGrant *grantStmt);
|
|
|
|
|
static void ExecGrant_Language(InternalGrant *grantStmt);
|
|
|
|
|
static void ExecGrant_Namespace(InternalGrant *grantStmt);
|
|
|
|
|
static void ExecGrant_Tablespace(InternalGrant *grantStmt);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
static List *objectNamesToOids(GrantObjectType objtype, List *objnames);
|
2009-01-22 21:16:10 +01:00
|
|
|
static void expand_col_privileges(List *colnames, Oid table_oid,
|
|
|
|
|
AclMode this_privileges,
|
|
|
|
|
AclMode *col_privileges,
|
|
|
|
|
int num_col_privileges);
|
|
|
|
|
static void expand_all_col_privileges(Oid table_oid, Form_pg_class classForm,
|
|
|
|
|
AclMode this_privileges,
|
|
|
|
|
AclMode *col_privileges,
|
|
|
|
|
int num_col_privileges);
|
2005-06-28 21:51:26 +02:00
|
|
|
static AclMode string_to_privilege(const char *privname);
|
2002-04-21 02:26:44 +02:00
|
|
|
static const char *privilege_to_string(AclMode privilege);
|
2005-12-01 03:03:01 +01:00
|
|
|
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions,
|
2006-10-04 02:30:14 +02:00
|
|
|
bool all_privs, AclMode privileges,
|
|
|
|
|
Oid objectId, Oid grantorId,
|
2009-01-22 21:16:10 +01:00
|
|
|
AclObjectKind objkind, const char *objname,
|
|
|
|
|
AttrNumber att_number, const char *colname);
|
|
|
|
|
static AclMode pg_aclmask(AclObjectKind objkind, Oid table_oid, AttrNumber attnum,
|
|
|
|
|
Oid roleid, AclMode mask, AclMaskHow how);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2000-10-02 06:49:28 +02:00
|
|
|
|
2001-05-27 11:59:30 +02:00
|
|
|
#ifdef ACLDEBUG
|
2005-08-17 21:45:51 +02:00
|
|
|
static void
|
1997-09-08 22:59:27 +02:00
|
|
|
dumpacl(Acl *acl)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2000-08-01 00:39:17 +02:00
|
|
|
int i;
|
1997-09-08 04:41:22 +02:00
|
|
|
AclItem *aip;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2003-05-27 19:49:47 +02:00
|
|
|
elog(DEBUG2, "acl size = %d, # acls = %d",
|
1997-09-07 07:04:48 +02:00
|
|
|
ACL_SIZE(acl), ACL_NUM(acl));
|
2000-08-01 00:39:17 +02:00
|
|
|
aip = ACL_DAT(acl);
|
1997-09-07 07:04:48 +02:00
|
|
|
for (i = 0; i < ACL_NUM(acl); ++i)
|
2003-05-27 19:49:47 +02:00
|
|
|
elog(DEBUG2, " acl[%d]: %s", i,
|
2000-08-01 00:39:17 +02:00
|
|
|
DatumGetCString(DirectFunctionCall1(aclitemout,
|
2005-10-15 04:49:52 +02:00
|
|
|
PointerGetDatum(aip + i))));
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
2001-11-05 18:46:40 +01:00
|
|
|
#endif /* ACLDEBUG */
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
/*
|
|
|
|
|
* If is_grant is true, adds the given privileges for the list of
|
|
|
|
|
* grantees to the existing old_acl. If is_grant is false, the
|
|
|
|
|
* privileges for the given grantees are removed from old_acl.
|
2003-09-04 17:53:04 +02:00
|
|
|
*
|
|
|
|
|
* NB: the original old_acl is pfree'd.
|
2002-02-19 00:11:58 +01:00
|
|
|
*/
|
2002-04-21 02:26:44 +02:00
|
|
|
static Acl *
|
|
|
|
|
merge_acl_with_grant(Acl *old_acl, bool is_grant,
|
2003-10-05 23:49:12 +02:00
|
|
|
bool grant_option, DropBehavior behavior,
|
2003-10-31 21:00:49 +01:00
|
|
|
List *grantees, AclMode privileges,
|
2005-06-28 07:09:14 +02:00
|
|
|
Oid grantorId, Oid ownerId)
|
2002-02-19 00:11:58 +01:00
|
|
|
{
|
2002-04-21 02:26:44 +02:00
|
|
|
unsigned modechg;
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *j;
|
2002-02-19 00:11:58 +01:00
|
|
|
Acl *new_acl;
|
|
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
modechg = is_grant ? ACL_MODECHG_ADD : ACL_MODECHG_DEL;
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
#ifdef ACLDEBUG
|
|
|
|
|
dumpacl(old_acl);
|
|
|
|
|
#endif
|
|
|
|
|
new_acl = old_acl;
|
|
|
|
|
|
|
|
|
|
foreach(j, grantees)
|
|
|
|
|
{
|
2005-11-22 19:17:34 +01:00
|
|
|
AclItem aclitem;
|
2003-09-04 17:53:04 +02:00
|
|
|
Acl *newer_acl;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
aclitem.ai_grantee = lfirst_oid(j);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2003-01-24 00:39:07 +01:00
|
|
|
/*
|
2005-06-28 07:09:14 +02:00
|
|
|
* Grant options can only be granted to individual roles, not PUBLIC.
|
|
|
|
|
* The reason is that if a user would re-grant a privilege that he
|
|
|
|
|
* held through PUBLIC, and later the user is removed, the situation
|
|
|
|
|
* is impossible to clean up.
|
2003-01-24 00:39:07 +01:00
|
|
|
*/
|
2005-06-28 07:09:14 +02:00
|
|
|
if (is_grant && grant_option && aclitem.ai_grantee == ACL_ID_PUBLIC)
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_GRANT_OPERATION),
|
2005-06-28 07:09:14 +02:00
|
|
|
errmsg("grant options can only be granted to roles")));
|
2003-01-24 00:39:07 +01:00
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
aclitem.ai_grantor = grantorId;
|
2003-01-24 00:39:07 +01:00
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
/*
|
|
|
|
|
* The asymmetry in the conditions here comes from the spec. In
|
2005-10-15 04:49:52 +02:00
|
|
|
* GRANT, the grant_option flag signals WITH GRANT OPTION, which means
|
|
|
|
|
* to grant both the basic privilege and its grant option. But in
|
|
|
|
|
* REVOKE, plain revoke revokes both the basic privilege and its grant
|
|
|
|
|
* option, while REVOKE GRANT OPTION revokes only the option.
|
2004-06-01 23:49:23 +02:00
|
|
|
*/
|
2005-06-28 07:09:14 +02:00
|
|
|
ACLITEM_SET_PRIVS_GOPTIONS(aclitem,
|
2005-10-15 04:49:52 +02:00
|
|
|
(is_grant || !grant_option) ? privileges : ACL_NO_RIGHTS,
|
|
|
|
|
(!is_grant || grant_option) ? privileges : ACL_NO_RIGHTS);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
newer_acl = aclupdate(new_acl, &aclitem, modechg, ownerId, behavior);
|
2003-09-04 17:53:04 +02:00
|
|
|
|
|
|
|
|
/* avoid memory leak when there are many grantees */
|
|
|
|
|
pfree(new_acl);
|
|
|
|
|
new_acl = newer_acl;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
#ifdef ACLDEBUG
|
|
|
|
|
dumpacl(new_acl);
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return new_acl;
|
|
|
|
|
}
|
|
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
/*
|
|
|
|
|
* Restrict the privileges to what we can actually grant, and emit
|
|
|
|
|
* the standards-mandated warning and error messages.
|
|
|
|
|
*/
|
|
|
|
|
static AclMode
|
|
|
|
|
restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs,
|
|
|
|
|
AclMode privileges, Oid objectId, Oid grantorId,
|
2009-01-22 21:16:10 +01:00
|
|
|
AclObjectKind objkind, const char *objname,
|
|
|
|
|
AttrNumber att_number, const char *colname)
|
2005-12-01 03:03:01 +01:00
|
|
|
{
|
2006-10-04 02:30:14 +02:00
|
|
|
AclMode this_privileges;
|
|
|
|
|
AclMode whole_mask;
|
2005-12-01 03:03:01 +01:00
|
|
|
|
|
|
|
|
switch (objkind)
|
|
|
|
|
{
|
2009-01-22 21:16:10 +01:00
|
|
|
case ACL_KIND_COLUMN:
|
|
|
|
|
whole_mask = ACL_ALL_RIGHTS_COLUMN;
|
|
|
|
|
break;
|
2005-12-01 03:03:01 +01:00
|
|
|
case ACL_KIND_CLASS:
|
|
|
|
|
whole_mask = ACL_ALL_RIGHTS_RELATION;
|
|
|
|
|
break;
|
2006-01-21 03:16:21 +01:00
|
|
|
case ACL_KIND_SEQUENCE:
|
|
|
|
|
whole_mask = ACL_ALL_RIGHTS_SEQUENCE;
|
|
|
|
|
break;
|
2005-12-01 03:03:01 +01:00
|
|
|
case ACL_KIND_DATABASE:
|
|
|
|
|
whole_mask = ACL_ALL_RIGHTS_DATABASE;
|
|
|
|
|
break;
|
|
|
|
|
case ACL_KIND_PROC:
|
|
|
|
|
whole_mask = ACL_ALL_RIGHTS_FUNCTION;
|
|
|
|
|
break;
|
|
|
|
|
case ACL_KIND_LANGUAGE:
|
|
|
|
|
whole_mask = ACL_ALL_RIGHTS_LANGUAGE;
|
|
|
|
|
break;
|
|
|
|
|
case ACL_KIND_NAMESPACE:
|
|
|
|
|
whole_mask = ACL_ALL_RIGHTS_NAMESPACE;
|
|
|
|
|
break;
|
|
|
|
|
case ACL_KIND_TABLESPACE:
|
|
|
|
|
whole_mask = ACL_ALL_RIGHTS_TABLESPACE;
|
|
|
|
|
break;
|
2008-12-19 17:25:19 +01:00
|
|
|
case ACL_KIND_FDW:
|
|
|
|
|
whole_mask = ACL_ALL_RIGHTS_FDW;
|
|
|
|
|
break;
|
|
|
|
|
case ACL_KIND_FOREIGN_SERVER:
|
|
|
|
|
whole_mask = ACL_ALL_RIGHTS_FOREIGN_SERVER;
|
|
|
|
|
break;
|
2005-12-01 03:03:01 +01:00
|
|
|
default:
|
|
|
|
|
elog(ERROR, "unrecognized object kind: %d", objkind);
|
|
|
|
|
/* not reached, but keep compiler quiet */
|
|
|
|
|
return ACL_NO_RIGHTS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2006-10-04 02:30:14 +02:00
|
|
|
* If we found no grant options, consider whether to issue a hard error.
|
|
|
|
|
* Per spec, having any privilege at all on the object will get you by
|
|
|
|
|
* here.
|
2005-12-01 03:03:01 +01:00
|
|
|
*/
|
|
|
|
|
if (avail_goptions == ACL_NO_RIGHTS)
|
|
|
|
|
{
|
2009-01-22 21:16:10 +01:00
|
|
|
if (pg_aclmask(objkind, objectId, att_number, grantorId,
|
2005-12-01 03:03:01 +01:00
|
|
|
whole_mask | ACL_GRANT_OPTION_FOR(whole_mask),
|
|
|
|
|
ACLMASK_ANY) == ACL_NO_RIGHTS)
|
2009-01-22 21:16:10 +01:00
|
|
|
{
|
|
|
|
|
if (objkind == ACL_KIND_COLUMN && colname)
|
|
|
|
|
aclcheck_error_col(ACLCHECK_NO_PRIV, objkind, objname, colname);
|
|
|
|
|
else
|
|
|
|
|
aclcheck_error(ACLCHECK_NO_PRIV, objkind, objname);
|
|
|
|
|
}
|
2005-12-01 03:03:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Restrict the operation to what we can actually grant or revoke, and
|
2006-10-04 02:30:14 +02:00
|
|
|
* issue a warning if appropriate. (For REVOKE this isn't quite what the
|
|
|
|
|
* spec says to do: the spec seems to want a warning only if no privilege
|
|
|
|
|
* bits actually change in the ACL. In practice that behavior seems much
|
|
|
|
|
* too noisy, as well as inconsistent with the GRANT case.)
|
2005-12-01 03:03:01 +01:00
|
|
|
*/
|
|
|
|
|
this_privileges = privileges & ACL_OPTION_TO_PRIVS(avail_goptions);
|
|
|
|
|
if (is_grant)
|
|
|
|
|
{
|
|
|
|
|
if (this_privileges == 0)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
|
2006-10-04 02:30:14 +02:00
|
|
|
errmsg("no privileges were granted for \"%s\"", objname)));
|
2005-12-01 03:03:01 +01:00
|
|
|
else if (!all_privs && this_privileges != privileges)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
|
2006-10-04 02:30:14 +02:00
|
|
|
errmsg("not all privileges were granted for \"%s\"", objname)));
|
2005-12-01 03:03:01 +01:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (this_privileges == 0)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
|
2006-10-04 02:30:14 +02:00
|
|
|
errmsg("no privileges could be revoked for \"%s\"", objname)));
|
2005-12-01 03:03:01 +01:00
|
|
|
else if (!all_privs && this_privileges != privileges)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
|
2006-01-21 03:16:21 +01:00
|
|
|
errmsg("not all privileges could be revoked for \"%s\"", objname)));
|
2005-12-01 03:03:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return this_privileges;
|
|
|
|
|
}
|
2002-02-19 00:11:58 +01:00
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
/*
|
2001-06-10 01:21:55 +02:00
|
|
|
* Called to execute the utility commands GRANT and REVOKE
|
1996-07-09 08:22:35 +02:00
|
|
|
*/
|
|
|
|
|
void
|
2001-06-10 01:21:55 +02:00
|
|
|
ExecuteGrantStmt(GrantStmt *stmt)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2005-12-01 03:03:01 +01:00
|
|
|
InternalGrant istmt;
|
2005-11-21 13:49:33 +01:00
|
|
|
ListCell *cell;
|
2008-03-24 20:12:49 +01:00
|
|
|
const char *errormsg;
|
2005-12-01 03:03:01 +01:00
|
|
|
AclMode all_privileges;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Turn the regular GrantStmt into the InternalGrant form.
|
|
|
|
|
*/
|
|
|
|
|
istmt.is_grant = stmt->is_grant;
|
|
|
|
|
istmt.objtype = stmt->objtype;
|
|
|
|
|
istmt.objects = objectNamesToOids(stmt->objtype, stmt->objects);
|
|
|
|
|
/* all_privs to be filled below */
|
|
|
|
|
/* privileges to be filled below */
|
2009-01-22 21:16:10 +01:00
|
|
|
istmt.col_privs = NIL; /* may get filled below */
|
|
|
|
|
istmt.grantees = NIL; /* filled below */
|
2005-12-01 03:03:01 +01:00
|
|
|
istmt.grant_option = stmt->grant_option;
|
|
|
|
|
istmt.behavior = stmt->behavior;
|
|
|
|
|
|
2005-11-21 13:49:33 +01:00
|
|
|
/*
|
|
|
|
|
* Convert the PrivGrantee list into an Oid list. Note that at this point
|
|
|
|
|
* we insert an ACL_ID_PUBLIC into the list if an empty role name is
|
|
|
|
|
* detected (which is what the grammar uses if PUBLIC is found), so
|
2005-11-22 19:17:34 +01:00
|
|
|
* downstream there shouldn't be any additional work needed to support
|
|
|
|
|
* this case.
|
2005-11-21 13:49:33 +01:00
|
|
|
*/
|
|
|
|
|
foreach(cell, stmt->grantees)
|
|
|
|
|
{
|
|
|
|
|
PrivGrantee *grantee = (PrivGrantee *) lfirst(cell);
|
|
|
|
|
|
|
|
|
|
if (grantee->rolname == NULL)
|
2005-12-01 03:03:01 +01:00
|
|
|
istmt.grantees = lappend_oid(istmt.grantees, ACL_ID_PUBLIC);
|
2005-11-21 13:49:33 +01:00
|
|
|
else
|
2005-12-01 03:03:01 +01:00
|
|
|
istmt.grantees =
|
|
|
|
|
lappend_oid(istmt.grantees,
|
|
|
|
|
get_roleid_checked(grantee->rolname));
|
2005-11-21 13:49:33 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2009-01-22 21:16:10 +01:00
|
|
|
* Convert stmt->privileges, a list of AccessPriv nodes, into an
|
|
|
|
|
* AclMode bitmask. Note: objtype can't be ACL_OBJECT_COLUMN.
|
2005-11-21 13:49:33 +01:00
|
|
|
*/
|
2002-04-21 02:26:44 +02:00
|
|
|
switch (stmt->objtype)
|
2002-02-19 00:11:58 +01:00
|
|
|
{
|
2006-10-04 02:30:14 +02:00
|
|
|
/*
|
|
|
|
|
* Because this might be a sequence, we test both relation and
|
|
|
|
|
* sequence bits, and later do a more limited test when we know
|
|
|
|
|
* the object type.
|
|
|
|
|
*/
|
2002-04-21 02:26:44 +02:00
|
|
|
case ACL_OBJECT_RELATION:
|
2006-01-21 03:16:21 +01:00
|
|
|
all_privileges = ACL_ALL_RIGHTS_RELATION | ACL_ALL_RIGHTS_SEQUENCE;
|
2008-03-24 20:12:49 +01:00
|
|
|
errormsg = gettext_noop("invalid privilege type %s for relation");
|
2006-01-21 03:16:21 +01:00
|
|
|
break;
|
|
|
|
|
case ACL_OBJECT_SEQUENCE:
|
|
|
|
|
all_privileges = ACL_ALL_RIGHTS_SEQUENCE;
|
2008-03-24 20:12:49 +01:00
|
|
|
errormsg = gettext_noop("invalid privilege type %s for sequence");
|
2002-04-21 02:26:44 +02:00
|
|
|
break;
|
|
|
|
|
case ACL_OBJECT_DATABASE:
|
2005-11-21 13:49:33 +01:00
|
|
|
all_privileges = ACL_ALL_RIGHTS_DATABASE;
|
2008-03-24 20:12:49 +01:00
|
|
|
errormsg = gettext_noop("invalid privilege type %s for database");
|
2002-02-19 00:11:58 +01:00
|
|
|
break;
|
2002-04-21 02:26:44 +02:00
|
|
|
case ACL_OBJECT_FUNCTION:
|
2005-11-21 13:49:33 +01:00
|
|
|
all_privileges = ACL_ALL_RIGHTS_FUNCTION;
|
2008-03-24 20:12:49 +01:00
|
|
|
errormsg = gettext_noop("invalid privilege type %s for function");
|
2002-02-19 00:11:58 +01:00
|
|
|
break;
|
2002-04-21 02:26:44 +02:00
|
|
|
case ACL_OBJECT_LANGUAGE:
|
2005-11-21 13:49:33 +01:00
|
|
|
all_privileges = ACL_ALL_RIGHTS_LANGUAGE;
|
2008-03-24 20:12:49 +01:00
|
|
|
errormsg = gettext_noop("invalid privilege type %s for language");
|
2002-04-21 02:26:44 +02:00
|
|
|
break;
|
|
|
|
|
case ACL_OBJECT_NAMESPACE:
|
2005-11-21 13:49:33 +01:00
|
|
|
all_privileges = ACL_ALL_RIGHTS_NAMESPACE;
|
2008-03-24 20:12:49 +01:00
|
|
|
errormsg = gettext_noop("invalid privilege type %s for schema");
|
2002-02-19 00:11:58 +01:00
|
|
|
break;
|
2004-06-18 08:14:31 +02:00
|
|
|
case ACL_OBJECT_TABLESPACE:
|
2005-11-21 13:49:33 +01:00
|
|
|
all_privileges = ACL_ALL_RIGHTS_TABLESPACE;
|
2008-03-24 20:12:49 +01:00
|
|
|
errormsg = gettext_noop("invalid privilege type %s for tablespace");
|
2004-06-18 08:14:31 +02:00
|
|
|
break;
|
2008-12-19 17:25:19 +01:00
|
|
|
case ACL_OBJECT_FDW:
|
|
|
|
|
all_privileges = ACL_ALL_RIGHTS_FDW;
|
|
|
|
|
errormsg = gettext_noop("invalid privilege type %s for foreign-data wrapper");
|
|
|
|
|
break;
|
|
|
|
|
case ACL_OBJECT_FOREIGN_SERVER:
|
|
|
|
|
all_privileges = ACL_ALL_RIGHTS_FOREIGN_SERVER;
|
|
|
|
|
errormsg = gettext_noop("invalid privilege type %s for foreign server");
|
|
|
|
|
break;
|
2002-02-19 00:11:58 +01:00
|
|
|
default:
|
2005-12-01 03:03:01 +01:00
|
|
|
/* keep compiler quiet */
|
|
|
|
|
all_privileges = ACL_NO_RIGHTS;
|
|
|
|
|
errormsg = NULL;
|
2003-07-21 03:59:11 +02:00
|
|
|
elog(ERROR, "unrecognized GrantStmt.objtype: %d",
|
|
|
|
|
(int) stmt->objtype);
|
2002-02-19 00:11:58 +01:00
|
|
|
}
|
|
|
|
|
|
2005-06-28 21:51:26 +02:00
|
|
|
if (stmt->privileges == NIL)
|
2004-06-01 23:49:23 +02:00
|
|
|
{
|
2005-12-01 03:03:01 +01:00
|
|
|
istmt.all_privs = true;
|
2006-10-04 02:30:14 +02:00
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
/*
|
|
|
|
|
* will be turned into ACL_ALL_RIGHTS_* by the internal routines
|
|
|
|
|
* depending on the object type
|
|
|
|
|
*/
|
|
|
|
|
istmt.privileges = ACL_NO_RIGHTS;
|
2004-06-01 23:49:23 +02:00
|
|
|
}
|
2002-02-19 00:11:58 +01:00
|
|
|
else
|
|
|
|
|
{
|
2005-12-01 03:03:01 +01:00
|
|
|
istmt.all_privs = false;
|
|
|
|
|
istmt.privileges = ACL_NO_RIGHTS;
|
2006-01-21 03:16:21 +01:00
|
|
|
|
2005-11-21 13:49:33 +01:00
|
|
|
foreach(cell, stmt->privileges)
|
2002-02-19 00:11:58 +01:00
|
|
|
{
|
2009-01-22 21:16:10 +01:00
|
|
|
AccessPriv *privnode = (AccessPriv *) lfirst(cell);
|
|
|
|
|
AclMode priv;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If it's a column-level specification, we just set it aside
|
|
|
|
|
* in col_privs for the moment; but insist it's for a relation.
|
|
|
|
|
*/
|
|
|
|
|
if (privnode->cols)
|
|
|
|
|
{
|
|
|
|
|
if (stmt->objtype != ACL_OBJECT_RELATION)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_GRANT_OPERATION),
|
|
|
|
|
errmsg("column privileges are only valid for relations")));
|
|
|
|
|
istmt.col_privs = lappend(istmt.col_privs, privnode);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (privnode->priv_name == NULL) /* parser mistake? */
|
|
|
|
|
elog(ERROR, "AccessPriv node must specify privilege or columns");
|
|
|
|
|
priv = string_to_privilege(privnode->priv_name);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2005-11-21 13:49:33 +01:00
|
|
|
if (priv & ~((AclMode) all_privileges))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_GRANT_OPERATION),
|
2008-03-24 20:12:49 +01:00
|
|
|
errmsg(errormsg, privilege_to_string(priv))));
|
2005-11-21 13:49:33 +01:00
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
istmt.privileges |= priv;
|
2002-02-19 00:11:58 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
ExecGrantStmt_oids(&istmt);
|
2005-11-21 13:49:33 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* ExecGrantStmt_oids
|
|
|
|
|
*
|
2009-01-22 21:16:10 +01:00
|
|
|
* "Internal" entrypoint for granting and revoking privileges. This is
|
|
|
|
|
* exported for pg_shdepend.c to use in revoking privileges when dropping
|
|
|
|
|
* a role.
|
2005-11-21 13:49:33 +01:00
|
|
|
*/
|
|
|
|
|
void
|
2005-12-01 03:03:01 +01:00
|
|
|
ExecGrantStmt_oids(InternalGrant *istmt)
|
2005-11-21 13:49:33 +01:00
|
|
|
{
|
2005-12-01 03:03:01 +01:00
|
|
|
switch (istmt->objtype)
|
2000-08-01 00:39:17 +02:00
|
|
|
{
|
2005-11-21 13:49:33 +01:00
|
|
|
case ACL_OBJECT_RELATION:
|
2006-01-21 03:16:21 +01:00
|
|
|
case ACL_OBJECT_SEQUENCE:
|
2005-12-01 03:03:01 +01:00
|
|
|
ExecGrant_Relation(istmt);
|
2005-11-21 13:49:33 +01:00
|
|
|
break;
|
|
|
|
|
case ACL_OBJECT_DATABASE:
|
2005-12-01 03:03:01 +01:00
|
|
|
ExecGrant_Database(istmt);
|
2005-11-21 13:49:33 +01:00
|
|
|
break;
|
2008-12-19 17:25:19 +01:00
|
|
|
case ACL_OBJECT_FDW:
|
|
|
|
|
ExecGrant_Fdw(istmt);
|
|
|
|
|
break;
|
|
|
|
|
case ACL_OBJECT_FOREIGN_SERVER:
|
|
|
|
|
ExecGrant_ForeignServer(istmt);
|
|
|
|
|
break;
|
2005-11-21 13:49:33 +01:00
|
|
|
case ACL_OBJECT_FUNCTION:
|
2005-12-01 03:03:01 +01:00
|
|
|
ExecGrant_Function(istmt);
|
2005-11-21 13:49:33 +01:00
|
|
|
break;
|
|
|
|
|
case ACL_OBJECT_LANGUAGE:
|
2005-12-01 03:03:01 +01:00
|
|
|
ExecGrant_Language(istmt);
|
2005-11-21 13:49:33 +01:00
|
|
|
break;
|
|
|
|
|
case ACL_OBJECT_NAMESPACE:
|
2005-12-01 03:03:01 +01:00
|
|
|
ExecGrant_Namespace(istmt);
|
2005-11-21 13:49:33 +01:00
|
|
|
break;
|
|
|
|
|
case ACL_OBJECT_TABLESPACE:
|
2005-12-01 03:03:01 +01:00
|
|
|
ExecGrant_Tablespace(istmt);
|
2005-11-21 13:49:33 +01:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
elog(ERROR, "unrecognized GrantStmt.objtype: %d",
|
2005-12-01 03:03:01 +01:00
|
|
|
(int) istmt->objtype);
|
2005-11-21 13:49:33 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* objectNamesToOids
|
|
|
|
|
*
|
|
|
|
|
* Turn a list of object names of a given type into an Oid list.
|
|
|
|
|
*/
|
|
|
|
|
static List *
|
|
|
|
|
objectNamesToOids(GrantObjectType objtype, List *objnames)
|
|
|
|
|
{
|
2005-11-22 19:17:34 +01:00
|
|
|
List *objects = NIL;
|
|
|
|
|
ListCell *cell;
|
2005-11-21 13:49:33 +01:00
|
|
|
|
|
|
|
|
Assert(objnames != NIL);
|
|
|
|
|
|
|
|
|
|
switch (objtype)
|
|
|
|
|
{
|
|
|
|
|
case ACL_OBJECT_RELATION:
|
2006-01-21 03:16:21 +01:00
|
|
|
case ACL_OBJECT_SEQUENCE:
|
2005-11-21 13:49:33 +01:00
|
|
|
foreach(cell, objnames)
|
|
|
|
|
{
|
|
|
|
|
RangeVar *relvar = (RangeVar *) lfirst(cell);
|
2006-05-04 00:45:26 +02:00
|
|
|
Oid relOid;
|
2005-11-21 13:49:33 +01:00
|
|
|
|
|
|
|
|
relOid = RangeVarGetRelid(relvar, false);
|
|
|
|
|
objects = lappend_oid(objects, relOid);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ACL_OBJECT_DATABASE:
|
|
|
|
|
foreach(cell, objnames)
|
|
|
|
|
{
|
|
|
|
|
char *dbname = strVal(lfirst(cell));
|
2006-05-04 00:45:26 +02:00
|
|
|
Oid dbid;
|
2005-11-21 13:49:33 +01:00
|
|
|
|
2006-05-04 00:45:26 +02:00
|
|
|
dbid = get_database_oid(dbname);
|
|
|
|
|
if (!OidIsValid(dbid))
|
2005-11-21 13:49:33 +01:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_DATABASE),
|
2006-05-04 00:45:26 +02:00
|
|
|
errmsg("database \"%s\" does not exist",
|
|
|
|
|
dbname)));
|
|
|
|
|
objects = lappend_oid(objects, dbid);
|
2005-11-21 13:49:33 +01:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ACL_OBJECT_FUNCTION:
|
|
|
|
|
foreach(cell, objnames)
|
|
|
|
|
{
|
|
|
|
|
FuncWithArgs *func = (FuncWithArgs *) lfirst(cell);
|
|
|
|
|
Oid funcid;
|
|
|
|
|
|
|
|
|
|
funcid = LookupFuncNameTypeNames(func->funcname,
|
|
|
|
|
func->funcargs, false);
|
|
|
|
|
objects = lappend_oid(objects, funcid);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ACL_OBJECT_LANGUAGE:
|
|
|
|
|
foreach(cell, objnames)
|
|
|
|
|
{
|
2005-11-22 19:17:34 +01:00
|
|
|
char *langname = strVal(lfirst(cell));
|
|
|
|
|
HeapTuple tuple;
|
2005-11-21 13:49:33 +01:00
|
|
|
|
|
|
|
|
tuple = SearchSysCache(LANGNAME,
|
|
|
|
|
PointerGetDatum(langname),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
2006-05-04 00:45:26 +02:00
|
|
|
errmsg("language \"%s\" does not exist",
|
|
|
|
|
langname)));
|
2005-11-21 13:49:33 +01:00
|
|
|
|
|
|
|
|
objects = lappend_oid(objects, HeapTupleGetOid(tuple));
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ACL_OBJECT_NAMESPACE:
|
2005-11-22 19:17:34 +01:00
|
|
|
foreach(cell, objnames)
|
2005-11-21 13:49:33 +01:00
|
|
|
{
|
|
|
|
|
char *nspname = strVal(lfirst(cell));
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(NAMESPACENAME,
|
|
|
|
|
CStringGetDatum(nspname),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_SCHEMA),
|
2006-05-04 00:45:26 +02:00
|
|
|
errmsg("schema \"%s\" does not exist",
|
|
|
|
|
nspname)));
|
2005-11-21 13:49:33 +01:00
|
|
|
|
|
|
|
|
objects = lappend_oid(objects, HeapTupleGetOid(tuple));
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ACL_OBJECT_TABLESPACE:
|
2005-11-22 19:17:34 +01:00
|
|
|
foreach(cell, objnames)
|
2005-11-21 13:49:33 +01:00
|
|
|
{
|
2005-11-22 19:17:34 +01:00
|
|
|
char *spcname = strVal(lfirst(cell));
|
|
|
|
|
ScanKeyData entry[1];
|
|
|
|
|
HeapScanDesc scan;
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
Relation relation;
|
2005-11-21 13:49:33 +01:00
|
|
|
|
|
|
|
|
relation = heap_open(TableSpaceRelationId, AccessShareLock);
|
|
|
|
|
|
|
|
|
|
ScanKeyInit(&entry[0],
|
|
|
|
|
Anum_pg_tablespace_spcname,
|
|
|
|
|
BTEqualStrategyNumber, F_NAMEEQ,
|
|
|
|
|
CStringGetDatum(spcname));
|
|
|
|
|
|
|
|
|
|
scan = heap_beginscan(relation, SnapshotNow, 1, entry);
|
|
|
|
|
tuple = heap_getnext(scan, ForwardScanDirection);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
2005-11-22 19:17:34 +01:00
|
|
|
errmsg("tablespace \"%s\" does not exist", spcname)));
|
2005-11-21 13:49:33 +01:00
|
|
|
|
|
|
|
|
objects = lappend_oid(objects, HeapTupleGetOid(tuple));
|
|
|
|
|
|
|
|
|
|
heap_endscan(scan);
|
|
|
|
|
|
|
|
|
|
heap_close(relation, AccessShareLock);
|
|
|
|
|
}
|
|
|
|
|
break;
|
2008-12-19 17:25:19 +01:00
|
|
|
case ACL_OBJECT_FDW:
|
|
|
|
|
foreach(cell, objnames)
|
|
|
|
|
{
|
|
|
|
|
char *fdwname = strVal(lfirst(cell));
|
|
|
|
|
Oid fdwid = GetForeignDataWrapperOidByName(fdwname, false);
|
|
|
|
|
|
|
|
|
|
objects = lappend_oid(objects, fdwid);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ACL_OBJECT_FOREIGN_SERVER:
|
|
|
|
|
foreach(cell, objnames)
|
|
|
|
|
{
|
|
|
|
|
char *srvname = strVal(lfirst(cell));
|
|
|
|
|
Oid srvid = GetForeignServerOidByName(srvname, false);
|
|
|
|
|
|
|
|
|
|
objects = lappend_oid(objects, srvid);
|
|
|
|
|
}
|
|
|
|
|
break;
|
2005-11-21 13:49:33 +01:00
|
|
|
default:
|
|
|
|
|
elog(ERROR, "unrecognized GrantStmt.objtype: %d",
|
|
|
|
|
(int) objtype);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return objects;
|
|
|
|
|
}
|
|
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
/*
|
|
|
|
|
* expand_col_privileges
|
|
|
|
|
*
|
|
|
|
|
* OR the specified privilege(s) into per-column array entries for each
|
|
|
|
|
* specified attribute. The per-column array is indexed starting at
|
|
|
|
|
* FirstLowInvalidHeapAttributeNumber, up to relation's last attribute.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
expand_col_privileges(List *colnames, Oid table_oid,
|
|
|
|
|
AclMode this_privileges,
|
|
|
|
|
AclMode *col_privileges,
|
|
|
|
|
int num_col_privileges)
|
|
|
|
|
{
|
|
|
|
|
ListCell *cell;
|
|
|
|
|
|
|
|
|
|
foreach(cell, colnames)
|
|
|
|
|
{
|
|
|
|
|
char *colname = strVal(lfirst(cell));
|
|
|
|
|
AttrNumber attnum;
|
|
|
|
|
|
|
|
|
|
attnum = get_attnum(table_oid, colname);
|
|
|
|
|
if (attnum == InvalidAttrNumber)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_COLUMN),
|
|
|
|
|
errmsg("column \"%s\" of relation \"%s\" does not exist",
|
|
|
|
|
colname, get_rel_name(table_oid))));
|
|
|
|
|
attnum -= FirstLowInvalidHeapAttributeNumber;
|
|
|
|
|
if (attnum <= 0 || attnum >= num_col_privileges)
|
|
|
|
|
elog(ERROR, "column number out of range"); /* safety check */
|
|
|
|
|
col_privileges[attnum] |= this_privileges;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* expand_all_col_privileges
|
|
|
|
|
*
|
|
|
|
|
* OR the specified privilege(s) into per-column array entries for each valid
|
|
|
|
|
* attribute of a relation. The per-column array is indexed starting at
|
|
|
|
|
* FirstLowInvalidHeapAttributeNumber, up to relation's last attribute.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
expand_all_col_privileges(Oid table_oid, Form_pg_class classForm,
|
|
|
|
|
AclMode this_privileges,
|
|
|
|
|
AclMode *col_privileges,
|
|
|
|
|
int num_col_privileges)
|
|
|
|
|
{
|
|
|
|
|
AttrNumber curr_att;
|
|
|
|
|
|
|
|
|
|
Assert(classForm->relnatts - FirstLowInvalidHeapAttributeNumber < num_col_privileges);
|
|
|
|
|
for (curr_att = FirstLowInvalidHeapAttributeNumber + 1;
|
|
|
|
|
curr_att <= classForm->relnatts;
|
|
|
|
|
curr_att++)
|
|
|
|
|
{
|
|
|
|
|
HeapTuple attTuple;
|
|
|
|
|
bool isdropped;
|
|
|
|
|
|
|
|
|
|
if (curr_att == InvalidAttrNumber)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
/* Skip OID column if it doesn't exist */
|
|
|
|
|
if (curr_att == ObjectIdAttributeNumber && !classForm->relhasoids)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
/* Views don't have any system columns at all */
|
|
|
|
|
if (classForm->relkind == RELKIND_VIEW && curr_att < 0)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
attTuple = SearchSysCache(ATTNUM,
|
|
|
|
|
ObjectIdGetDatum(table_oid),
|
|
|
|
|
Int16GetDatum(curr_att),
|
|
|
|
|
0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(attTuple))
|
|
|
|
|
elog(ERROR, "cache lookup failed for attribute %d of relation %u",
|
|
|
|
|
curr_att, table_oid);
|
|
|
|
|
|
|
|
|
|
isdropped = ((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(attTuple);
|
|
|
|
|
|
|
|
|
|
/* ignore dropped columns */
|
|
|
|
|
if (isdropped)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
col_privileges[curr_att - FirstLowInvalidHeapAttributeNumber] |= this_privileges;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* This processes attributes, but expects to be called from
|
|
|
|
|
* ExecGrant_Relation, not directly from ExecGrantStmt.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
ExecGrant_Attribute(InternalGrant *istmt, Oid relOid, const char *relname,
|
|
|
|
|
AttrNumber attnum, Oid ownerId, AclMode col_privileges,
|
|
|
|
|
Relation attRelation, const Acl *old_rel_acl)
|
|
|
|
|
{
|
|
|
|
|
HeapTuple attr_tuple;
|
|
|
|
|
Form_pg_attribute pg_attribute_tuple;
|
|
|
|
|
Acl *old_acl;
|
|
|
|
|
Acl *new_acl;
|
|
|
|
|
Acl *merged_acl;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Oid grantorId;
|
|
|
|
|
AclMode avail_goptions;
|
|
|
|
|
bool need_update;
|
|
|
|
|
HeapTuple newtuple;
|
|
|
|
|
Datum values[Natts_pg_attribute];
|
|
|
|
|
bool nulls[Natts_pg_attribute];
|
|
|
|
|
bool replaces[Natts_pg_attribute];
|
|
|
|
|
int noldmembers;
|
|
|
|
|
int nnewmembers;
|
|
|
|
|
Oid *oldmembers;
|
|
|
|
|
Oid *newmembers;
|
|
|
|
|
|
|
|
|
|
attr_tuple = SearchSysCache(ATTNUM,
|
|
|
|
|
ObjectIdGetDatum(relOid),
|
|
|
|
|
Int16GetDatum(attnum),
|
|
|
|
|
0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(attr_tuple))
|
|
|
|
|
elog(ERROR, "cache lookup failed for attribute %d of relation %u",
|
|
|
|
|
attnum, relOid);
|
|
|
|
|
pg_attribute_tuple = (Form_pg_attribute) GETSTRUCT(attr_tuple);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get working copy of existing ACL. If there's no ACL,
|
|
|
|
|
* substitute the proper default.
|
|
|
|
|
*/
|
|
|
|
|
aclDatum = SysCacheGetAttr(ATTNUM, attr_tuple, Anum_pg_attribute_attacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
old_acl = acldefault(ACL_OBJECT_COLUMN, ownerId);
|
|
|
|
|
else
|
|
|
|
|
old_acl = DatumGetAclPCopy(aclDatum);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* In select_best_grantor we should consider existing table-level ACL bits
|
|
|
|
|
* as well as the per-column ACL. Build a new ACL that is their
|
|
|
|
|
* concatenation. (This is a bit cheap and dirty compared to merging
|
|
|
|
|
* them properly with no duplications, but it's all we need here.)
|
|
|
|
|
*/
|
|
|
|
|
merged_acl = aclconcat(old_rel_acl, old_acl);
|
|
|
|
|
|
|
|
|
|
/* Determine ID to do the grant as, and available grant options */
|
|
|
|
|
select_best_grantor(GetUserId(), col_privileges,
|
|
|
|
|
merged_acl, ownerId,
|
|
|
|
|
&grantorId, &avail_goptions);
|
|
|
|
|
|
|
|
|
|
pfree(merged_acl);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Restrict the privileges to what we can actually grant, and emit
|
|
|
|
|
* the standards-mandated warning and error messages. Note: we don't
|
|
|
|
|
* track whether the user actually used the ALL PRIVILEGES(columns)
|
|
|
|
|
* syntax for each column; we just approximate it by whether all the
|
|
|
|
|
* possible privileges are specified now. Since the all_privs flag only
|
|
|
|
|
* determines whether a warning is issued, this seems close enough.
|
|
|
|
|
*/
|
|
|
|
|
col_privileges =
|
|
|
|
|
restrict_and_check_grant(istmt->is_grant, avail_goptions,
|
|
|
|
|
(col_privileges == ACL_ALL_RIGHTS_COLUMN),
|
|
|
|
|
col_privileges,
|
|
|
|
|
relOid, grantorId, ACL_KIND_COLUMN,
|
|
|
|
|
relname, attnum,
|
|
|
|
|
NameStr(pg_attribute_tuple->attname));
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Generate new ACL.
|
|
|
|
|
*
|
|
|
|
|
* We need the members of both old and new ACLs so we can correct
|
|
|
|
|
* the shared dependency information.
|
|
|
|
|
*/
|
|
|
|
|
noldmembers = aclmembers(old_acl, &oldmembers);
|
|
|
|
|
|
|
|
|
|
new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
|
|
|
|
|
istmt->grant_option,
|
|
|
|
|
istmt->behavior, istmt->grantees,
|
|
|
|
|
col_privileges, grantorId,
|
|
|
|
|
ownerId);
|
|
|
|
|
|
|
|
|
|
nnewmembers = aclmembers(new_acl, &newmembers);
|
|
|
|
|
|
|
|
|
|
/* finished building new ACL value, now insert it */
|
|
|
|
|
MemSet(values, 0, sizeof(values));
|
|
|
|
|
MemSet(nulls, false, sizeof(nulls));
|
|
|
|
|
MemSet(replaces, false, sizeof(replaces));
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If the updated ACL is empty, we can set attacl to null, and maybe
|
|
|
|
|
* even avoid an update of the pg_attribute row. This is worth testing
|
|
|
|
|
* because we'll come through here multiple times for any relation-level
|
|
|
|
|
* REVOKE, even if there were never any column GRANTs. Note we are
|
|
|
|
|
* assuming that the "default" ACL state for columns is empty.
|
|
|
|
|
*/
|
|
|
|
|
if (ACL_NUM(new_acl) > 0)
|
|
|
|
|
{
|
|
|
|
|
values[Anum_pg_attribute_attacl - 1] = PointerGetDatum(new_acl);
|
|
|
|
|
need_update = true;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
nulls[Anum_pg_attribute_attacl - 1] = true;
|
|
|
|
|
need_update = !isNull;
|
|
|
|
|
}
|
|
|
|
|
replaces[Anum_pg_attribute_attacl - 1] = true;
|
|
|
|
|
|
|
|
|
|
if (need_update)
|
|
|
|
|
{
|
|
|
|
|
newtuple = heap_modify_tuple(attr_tuple, RelationGetDescr(attRelation),
|
|
|
|
|
values, nulls, replaces);
|
|
|
|
|
|
|
|
|
|
simple_heap_update(attRelation, &newtuple->t_self, newtuple);
|
|
|
|
|
|
|
|
|
|
/* keep the catalog indexes up to date */
|
|
|
|
|
CatalogUpdateIndexes(attRelation, newtuple);
|
|
|
|
|
|
|
|
|
|
/* Update the shared dependency ACL info */
|
|
|
|
|
updateAclDependencies(RelationRelationId, relOid, attnum,
|
|
|
|
|
ownerId, istmt->is_grant,
|
|
|
|
|
noldmembers, oldmembers,
|
|
|
|
|
nnewmembers, newmembers);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pfree(new_acl);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(attr_tuple);
|
|
|
|
|
}
|
|
|
|
|
|
2006-01-21 03:16:21 +01:00
|
|
|
/*
|
|
|
|
|
* This processes both sequences and non-sequences.
|
|
|
|
|
*/
|
2005-11-21 13:49:33 +01:00
|
|
|
static void
|
2005-12-01 03:03:01 +01:00
|
|
|
ExecGrant_Relation(InternalGrant *istmt)
|
2005-11-21 13:49:33 +01:00
|
|
|
{
|
|
|
|
|
Relation relation;
|
2009-01-22 21:16:10 +01:00
|
|
|
Relation attRelation;
|
2005-11-21 13:49:33 +01:00
|
|
|
ListCell *cell;
|
|
|
|
|
|
|
|
|
|
relation = heap_open(RelationRelationId, RowExclusiveLock);
|
2009-01-22 21:16:10 +01:00
|
|
|
attRelation = heap_open(AttributeRelationId, RowExclusiveLock);
|
2005-11-21 13:49:33 +01:00
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
foreach(cell, istmt->objects)
|
2005-11-21 13:49:33 +01:00
|
|
|
{
|
|
|
|
|
Oid relOid = lfirst_oid(cell);
|
2001-06-10 01:21:55 +02:00
|
|
|
Datum aclDatum;
|
2005-11-21 13:49:33 +01:00
|
|
|
Form_pg_class pg_class_tuple;
|
2001-06-10 01:21:55 +02:00
|
|
|
bool isNull;
|
2004-06-01 23:49:23 +02:00
|
|
|
AclMode this_privileges;
|
2009-01-22 21:16:10 +01:00
|
|
|
AclMode *col_privileges;
|
|
|
|
|
int num_col_privileges;
|
|
|
|
|
bool have_col_privileges;
|
2001-06-10 01:21:55 +02:00
|
|
|
Acl *old_acl;
|
2009-01-22 21:16:10 +01:00
|
|
|
Acl *old_rel_acl;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid ownerId;
|
2005-11-21 13:49:33 +01:00
|
|
|
HeapTuple tuple;
|
2009-01-22 21:16:10 +01:00
|
|
|
ListCell *cell_colprivs;
|
2001-06-10 01:21:55 +02:00
|
|
|
|
2002-03-26 20:17:02 +01:00
|
|
|
tuple = SearchSysCache(RELOID,
|
|
|
|
|
ObjectIdGetDatum(relOid),
|
2001-06-10 01:21:55 +02:00
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
elog(ERROR, "cache lookup failed for relation %u", relOid);
|
2001-06-10 01:21:55 +02:00
|
|
|
pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
|
|
|
|
|
|
2003-07-21 03:59:11 +02:00
|
|
|
/* Not sensible to grant on an index */
|
2001-06-10 01:21:55 +02:00
|
|
|
if (pg_class_tuple->relkind == RELKIND_INDEX)
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_WRONG_OBJECT_TYPE),
|
|
|
|
|
errmsg("\"%s\" is an index",
|
2005-11-21 13:49:33 +01:00
|
|
|
NameStr(pg_class_tuple->relname))));
|
2001-06-10 01:21:55 +02:00
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
/* Composite types aren't tables either */
|
|
|
|
|
if (pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_WRONG_OBJECT_TYPE),
|
|
|
|
|
errmsg("\"%s\" is a composite type",
|
2005-11-21 13:49:33 +01:00
|
|
|
NameStr(pg_class_tuple->relname))));
|
2005-11-22 19:17:34 +01:00
|
|
|
|
2006-01-21 03:16:21 +01:00
|
|
|
/* Used GRANT SEQUENCE on a non-sequence? */
|
|
|
|
|
if (istmt->objtype == ACL_OBJECT_SEQUENCE &&
|
|
|
|
|
pg_class_tuple->relkind != RELKIND_SEQUENCE)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_WRONG_OBJECT_TYPE),
|
|
|
|
|
errmsg("\"%s\" is not a sequence",
|
|
|
|
|
NameStr(pg_class_tuple->relname))));
|
|
|
|
|
|
|
|
|
|
/* Adjust the default permissions based on whether it is a sequence */
|
|
|
|
|
if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
|
|
|
|
|
{
|
|
|
|
|
if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
|
|
|
|
|
this_privileges = ACL_ALL_RIGHTS_SEQUENCE;
|
|
|
|
|
else
|
|
|
|
|
this_privileges = ACL_ALL_RIGHTS_RELATION;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
this_privileges = istmt->privileges;
|
2006-10-04 02:30:14 +02:00
|
|
|
|
2006-01-21 03:16:21 +01:00
|
|
|
/*
|
2006-10-04 02:30:14 +02:00
|
|
|
* The GRANT TABLE syntax can be used for sequences and non-sequences,
|
|
|
|
|
* so we have to look at the relkind to determine the supported
|
|
|
|
|
* permissions. The OR of table and sequence permissions were already
|
|
|
|
|
* checked.
|
2006-01-21 03:16:21 +01:00
|
|
|
*/
|
|
|
|
|
if (istmt->objtype == ACL_OBJECT_RELATION)
|
|
|
|
|
{
|
|
|
|
|
if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
|
|
|
|
|
{
|
|
|
|
|
/*
|
2009-01-22 21:16:10 +01:00
|
|
|
* For backward compatibility, just throw a warning for
|
2006-10-04 02:30:14 +02:00
|
|
|
* invalid sequence permissions when using the non-sequence
|
2009-01-22 21:16:10 +01:00
|
|
|
* GRANT syntax.
|
2006-01-21 03:16:21 +01:00
|
|
|
*/
|
|
|
|
|
if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_SEQUENCE))
|
|
|
|
|
{
|
|
|
|
|
/*
|
2006-10-04 02:30:14 +02:00
|
|
|
* Mention the object name because the user needs to know
|
|
|
|
|
* which operations succeeded. This is required because
|
|
|
|
|
* WARNING allows the command to continue.
|
2006-01-21 03:16:21 +01:00
|
|
|
*/
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_INVALID_GRANT_OPERATION),
|
2009-01-22 21:16:10 +01:00
|
|
|
errmsg("sequence \"%s\" only supports USAGE, SELECT, and UPDATE privileges",
|
2006-01-21 03:16:21 +01:00
|
|
|
NameStr(pg_class_tuple->relname))));
|
|
|
|
|
this_privileges &= (AclMode) ACL_ALL_RIGHTS_SEQUENCE;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_RELATION))
|
2009-01-22 21:16:10 +01:00
|
|
|
{
|
2006-01-21 03:16:21 +01:00
|
|
|
/*
|
2006-10-04 02:30:14 +02:00
|
|
|
* USAGE is the only permission supported by sequences but
|
|
|
|
|
* not by non-sequences. Don't mention the object name
|
|
|
|
|
* because we didn't in the combined TABLE | SEQUENCE
|
|
|
|
|
* check.
|
2006-01-21 03:16:21 +01:00
|
|
|
*/
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_GRANT_OPERATION),
|
2006-10-04 02:30:14 +02:00
|
|
|
errmsg("invalid privilege type USAGE for table")));
|
2009-01-22 21:16:10 +01:00
|
|
|
}
|
2006-01-21 03:16:21 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
/*
|
|
|
|
|
* Set up array in which we'll accumulate any column privilege bits
|
|
|
|
|
* that need modification. The array is indexed such that entry [0]
|
|
|
|
|
* corresponds to FirstLowInvalidHeapAttributeNumber.
|
|
|
|
|
*/
|
|
|
|
|
num_col_privileges = pg_class_tuple->relnatts - FirstLowInvalidHeapAttributeNumber + 1;
|
|
|
|
|
col_privileges = (AclMode *) palloc0(num_col_privileges * sizeof(AclMode));
|
|
|
|
|
have_col_privileges = false;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If we are revoking relation privileges that are also column
|
|
|
|
|
* privileges, we must implicitly revoke them from each column too,
|
|
|
|
|
* per SQL spec. (We don't need to implicitly add column privileges
|
|
|
|
|
* during GRANT because the permissions-checking code always checks
|
|
|
|
|
* both relation and per-column privileges.)
|
|
|
|
|
*/
|
|
|
|
|
if (!istmt->is_grant &&
|
|
|
|
|
(this_privileges & ACL_ALL_RIGHTS_COLUMN) != 0)
|
|
|
|
|
{
|
|
|
|
|
expand_all_col_privileges(relOid, pg_class_tuple,
|
|
|
|
|
this_privileges & ACL_ALL_RIGHTS_COLUMN,
|
|
|
|
|
col_privileges,
|
|
|
|
|
num_col_privileges);
|
|
|
|
|
have_col_privileges = true;
|
|
|
|
|
}
|
|
|
|
|
|
2005-10-10 20:49:04 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Get owner ID and working copy of existing ACL. If there's no ACL,
|
|
|
|
|
* substitute the proper default.
|
2005-10-10 20:49:04 +02:00
|
|
|
*/
|
2004-06-01 23:49:23 +02:00
|
|
|
ownerId = pg_class_tuple->relowner;
|
2005-10-10 20:49:04 +02:00
|
|
|
aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
2006-01-21 03:16:21 +01:00
|
|
|
old_acl = acldefault(pg_class_tuple->relkind == RELKIND_SEQUENCE ?
|
|
|
|
|
ACL_OBJECT_SEQUENCE : ACL_OBJECT_RELATION,
|
|
|
|
|
ownerId);
|
2005-10-10 20:49:04 +02:00
|
|
|
else
|
|
|
|
|
old_acl = DatumGetAclPCopy(aclDatum);
|
|
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
/* Need an extra copy of original rel ACL for column handling */
|
|
|
|
|
old_rel_acl = aclcopy(old_acl);
|
2004-06-01 23:49:23 +02:00
|
|
|
|
|
|
|
|
/*
|
2009-01-22 21:16:10 +01:00
|
|
|
* Handle relation-level privileges, if any were specified
|
2004-06-01 23:49:23 +02:00
|
|
|
*/
|
2009-01-22 21:16:10 +01:00
|
|
|
if (this_privileges != ACL_NO_RIGHTS)
|
|
|
|
|
{
|
|
|
|
|
AclMode avail_goptions;
|
|
|
|
|
Acl *new_acl;
|
|
|
|
|
Oid grantorId;
|
|
|
|
|
HeapTuple newtuple;
|
|
|
|
|
Datum values[Natts_pg_class];
|
|
|
|
|
bool nulls[Natts_pg_class];
|
|
|
|
|
bool replaces[Natts_pg_class];
|
|
|
|
|
int noldmembers;
|
|
|
|
|
int nnewmembers;
|
|
|
|
|
Oid *oldmembers;
|
|
|
|
|
Oid *newmembers;
|
|
|
|
|
|
|
|
|
|
/* Determine ID to do the grant as, and available grant options */
|
|
|
|
|
select_best_grantor(GetUserId(), this_privileges,
|
|
|
|
|
old_acl, ownerId,
|
|
|
|
|
&grantorId, &avail_goptions);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Restrict the privileges to what we can actually grant, and emit
|
|
|
|
|
* the standards-mandated warning and error messages.
|
|
|
|
|
*/
|
|
|
|
|
this_privileges =
|
|
|
|
|
restrict_and_check_grant(istmt->is_grant, avail_goptions,
|
|
|
|
|
istmt->all_privs, this_privileges,
|
|
|
|
|
relOid, grantorId,
|
|
|
|
|
pg_class_tuple->relkind == RELKIND_SEQUENCE
|
|
|
|
|
? ACL_KIND_SEQUENCE : ACL_KIND_CLASS,
|
|
|
|
|
NameStr(pg_class_tuple->relname),
|
|
|
|
|
0, NULL);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Generate new ACL.
|
|
|
|
|
*
|
|
|
|
|
* We need the members of both old and new ACLs so we can correct
|
|
|
|
|
* the shared dependency information.
|
|
|
|
|
*/
|
|
|
|
|
noldmembers = aclmembers(old_acl, &oldmembers);
|
|
|
|
|
|
|
|
|
|
new_acl = merge_acl_with_grant(old_acl,
|
|
|
|
|
istmt->is_grant,
|
|
|
|
|
istmt->grant_option,
|
|
|
|
|
istmt->behavior,
|
|
|
|
|
istmt->grantees,
|
|
|
|
|
this_privileges,
|
|
|
|
|
grantorId,
|
|
|
|
|
ownerId);
|
|
|
|
|
|
|
|
|
|
nnewmembers = aclmembers(new_acl, &newmembers);
|
|
|
|
|
|
|
|
|
|
/* finished building new ACL value, now insert it */
|
|
|
|
|
MemSet(values, 0, sizeof(values));
|
|
|
|
|
MemSet(nulls, false, sizeof(nulls));
|
|
|
|
|
MemSet(replaces, false, sizeof(replaces));
|
|
|
|
|
|
|
|
|
|
replaces[Anum_pg_class_relacl - 1] = true;
|
|
|
|
|
values[Anum_pg_class_relacl - 1] = PointerGetDatum(new_acl);
|
|
|
|
|
|
|
|
|
|
newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
|
|
|
|
|
values, nulls, replaces);
|
|
|
|
|
|
|
|
|
|
simple_heap_update(relation, &newtuple->t_self, newtuple);
|
|
|
|
|
|
|
|
|
|
/* keep the catalog indexes up to date */
|
|
|
|
|
CatalogUpdateIndexes(relation, newtuple);
|
|
|
|
|
|
|
|
|
|
/* Update the shared dependency ACL info */
|
|
|
|
|
updateAclDependencies(RelationRelationId, relOid, 0,
|
|
|
|
|
ownerId, istmt->is_grant,
|
|
|
|
|
noldmembers, oldmembers,
|
|
|
|
|
nnewmembers, newmembers);
|
|
|
|
|
|
|
|
|
|
pfree(new_acl);
|
|
|
|
|
}
|
2004-06-01 23:49:23 +02:00
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
/*
|
2009-01-22 21:16:10 +01:00
|
|
|
* Handle column-level privileges, if any were specified or implied.
|
|
|
|
|
* We first expand the user-specified column privileges into the
|
|
|
|
|
* array, and then iterate over all nonempty array entries.
|
2005-07-07 22:40:02 +02:00
|
|
|
*/
|
2009-01-22 21:16:10 +01:00
|
|
|
foreach(cell_colprivs, istmt->col_privs)
|
|
|
|
|
{
|
|
|
|
|
AccessPriv *col_privs = (AccessPriv *) lfirst(cell_colprivs);
|
2005-07-07 22:40:02 +02:00
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
if (col_privs->priv_name == NULL)
|
|
|
|
|
this_privileges = ACL_ALL_RIGHTS_COLUMN;
|
|
|
|
|
else
|
|
|
|
|
this_privileges = string_to_privilege(col_privs->priv_name);
|
2001-06-10 01:21:55 +02:00
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_COLUMN))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_GRANT_OPERATION),
|
|
|
|
|
errmsg("invalid privilege type %s for column",
|
|
|
|
|
privilege_to_string(this_privileges))));
|
2005-07-07 22:40:02 +02:00
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
if (pg_class_tuple->relkind == RELKIND_SEQUENCE &&
|
|
|
|
|
this_privileges & ~((AclMode) ACL_SELECT))
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* The only column privilege allowed on sequences is SELECT.
|
|
|
|
|
* This is a warning not error because we do it that way
|
|
|
|
|
* for relation-level privileges.
|
|
|
|
|
*/
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_INVALID_GRANT_OPERATION),
|
|
|
|
|
errmsg("sequence \"%s\" only supports SELECT column privileges",
|
|
|
|
|
NameStr(pg_class_tuple->relname))));
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
this_privileges &= (AclMode) ACL_SELECT;
|
|
|
|
|
}
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
expand_col_privileges(col_privs->cols, relOid,
|
|
|
|
|
this_privileges,
|
|
|
|
|
col_privileges,
|
|
|
|
|
num_col_privileges);
|
|
|
|
|
have_col_privileges = true;
|
|
|
|
|
}
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
if (have_col_privileges)
|
|
|
|
|
{
|
|
|
|
|
AttrNumber i;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
for (i = 0; i < num_col_privileges; i++)
|
|
|
|
|
{
|
|
|
|
|
if (col_privileges[i] == ACL_NO_RIGHTS)
|
|
|
|
|
continue;
|
|
|
|
|
ExecGrant_Attribute(istmt,
|
|
|
|
|
relOid,
|
|
|
|
|
NameStr(pg_class_tuple->relname),
|
|
|
|
|
i + FirstLowInvalidHeapAttributeNumber,
|
|
|
|
|
ownerId,
|
|
|
|
|
col_privileges[i],
|
|
|
|
|
attRelation,
|
|
|
|
|
old_rel_acl);
|
|
|
|
|
}
|
|
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
pfree(old_rel_acl);
|
|
|
|
|
pfree(col_privileges);
|
2005-07-07 22:40:02 +02:00
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
2005-08-12 23:20:24 +02:00
|
|
|
/* prevent error when processing duplicate objects */
|
|
|
|
|
CommandCounterIncrement();
|
2001-06-10 01:21:55 +02:00
|
|
|
}
|
2005-11-21 13:49:33 +01:00
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
heap_close(attRelation, RowExclusiveLock);
|
2005-11-21 13:49:33 +01:00
|
|
|
heap_close(relation, RowExclusiveLock);
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
static void
|
2005-12-01 03:03:01 +01:00
|
|
|
ExecGrant_Database(InternalGrant *istmt)
|
2002-04-21 02:26:44 +02:00
|
|
|
{
|
2005-11-21 13:49:33 +01:00
|
|
|
Relation relation;
|
|
|
|
|
ListCell *cell;
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
|
|
|
|
|
istmt->privileges = ACL_ALL_RIGHTS_DATABASE;
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2005-11-21 13:49:33 +01:00
|
|
|
relation = heap_open(DatabaseRelationId, RowExclusiveLock);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
foreach(cell, istmt->objects)
|
2002-04-21 02:26:44 +02:00
|
|
|
{
|
2005-11-21 13:49:33 +01:00
|
|
|
Oid datId = lfirst_oid(cell);
|
2002-04-21 02:26:44 +02:00
|
|
|
Form_pg_database pg_database_tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
2005-10-10 20:49:04 +02:00
|
|
|
AclMode avail_goptions;
|
2004-06-01 23:49:23 +02:00
|
|
|
AclMode this_privileges;
|
2002-04-21 02:26:44 +02:00
|
|
|
Acl *old_acl;
|
|
|
|
|
Acl *new_acl;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid grantorId;
|
|
|
|
|
Oid ownerId;
|
2002-04-21 02:26:44 +02:00
|
|
|
HeapTuple newtuple;
|
|
|
|
|
Datum values[Natts_pg_database];
|
2008-11-02 02:45:28 +01:00
|
|
|
bool nulls[Natts_pg_database];
|
|
|
|
|
bool replaces[Natts_pg_database];
|
2005-07-07 22:40:02 +02:00
|
|
|
int noldmembers;
|
|
|
|
|
int nnewmembers;
|
|
|
|
|
Oid *oldmembers;
|
|
|
|
|
Oid *newmembers;
|
2005-11-21 13:49:33 +01:00
|
|
|
HeapTuple tuple;
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2006-05-04 00:45:26 +02:00
|
|
|
tuple = SearchSysCache(DATABASEOID,
|
|
|
|
|
ObjectIdGetDatum(datId),
|
|
|
|
|
0, 0, 0);
|
2002-04-21 02:26:44 +02:00
|
|
|
if (!HeapTupleIsValid(tuple))
|
2006-05-04 00:45:26 +02:00
|
|
|
elog(ERROR, "cache lookup failed for database %u", datId);
|
2005-11-21 13:49:33 +01:00
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
pg_database_tuple = (Form_pg_database) GETSTRUCT(tuple);
|
|
|
|
|
|
2005-10-10 20:49:04 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Get owner ID and working copy of existing ACL. If there's no ACL,
|
|
|
|
|
* substitute the proper default.
|
2005-10-10 20:49:04 +02:00
|
|
|
*/
|
2003-10-31 21:00:49 +01:00
|
|
|
ownerId = pg_database_tuple->datdba;
|
2005-10-10 20:49:04 +02:00
|
|
|
aclDatum = heap_getattr(tuple, Anum_pg_database_datacl,
|
|
|
|
|
RelationGetDescr(relation), &isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
old_acl = acldefault(ACL_OBJECT_DATABASE, ownerId);
|
|
|
|
|
else
|
|
|
|
|
old_acl = DatumGetAclPCopy(aclDatum);
|
|
|
|
|
|
|
|
|
|
/* Determine ID to do the grant as, and available grant options */
|
2005-12-01 03:03:01 +01:00
|
|
|
select_best_grantor(GetUserId(), istmt->privileges,
|
2005-10-10 20:49:04 +02:00
|
|
|
old_acl, ownerId,
|
|
|
|
|
&grantorId, &avail_goptions);
|
2003-10-31 21:00:49 +01:00
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
/*
|
2006-10-04 02:30:14 +02:00
|
|
|
* Restrict the privileges to what we can actually grant, and emit the
|
|
|
|
|
* standards-mandated warning and error messages.
|
2004-06-01 23:49:23 +02:00
|
|
|
*/
|
2005-12-01 03:03:01 +01:00
|
|
|
this_privileges =
|
|
|
|
|
restrict_and_check_grant(istmt->is_grant, avail_goptions,
|
|
|
|
|
istmt->all_privs, istmt->privileges,
|
|
|
|
|
datId, grantorId, ACL_KIND_DATABASE,
|
2009-01-22 21:16:10 +01:00
|
|
|
NameStr(pg_database_tuple->datname),
|
|
|
|
|
0, NULL);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
/*
|
2005-10-10 20:49:04 +02:00
|
|
|
* Generate new ACL.
|
|
|
|
|
*
|
2005-10-15 04:49:52 +02:00
|
|
|
* We need the members of both old and new ACLs so we can correct the
|
|
|
|
|
* shared dependency information.
|
2005-07-07 22:40:02 +02:00
|
|
|
*/
|
|
|
|
|
noldmembers = aclmembers(old_acl, &oldmembers);
|
|
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
|
|
|
|
|
istmt->grant_option, istmt->behavior,
|
|
|
|
|
istmt->grantees, this_privileges,
|
2003-10-31 21:00:49 +01:00
|
|
|
grantorId, ownerId);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2005-07-07 22:40:02 +02:00
|
|
|
nnewmembers = aclmembers(new_acl, &newmembers);
|
|
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
/* finished building new ACL value, now insert it */
|
|
|
|
|
MemSet(values, 0, sizeof(values));
|
2008-11-02 02:45:28 +01:00
|
|
|
MemSet(nulls, false, sizeof(nulls));
|
|
|
|
|
MemSet(replaces, false, sizeof(replaces));
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2008-11-02 02:45:28 +01:00
|
|
|
replaces[Anum_pg_database_datacl - 1] = true;
|
2002-04-21 02:26:44 +02:00
|
|
|
values[Anum_pg_database_datacl - 1] = PointerGetDatum(new_acl);
|
|
|
|
|
|
2008-11-02 02:45:28 +01:00
|
|
|
newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
|
|
|
|
|
nulls, replaces);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
simple_heap_update(relation, &newtuple->t_self, newtuple);
|
|
|
|
|
|
2002-08-05 05:29:17 +02:00
|
|
|
/* keep the catalog indexes up to date */
|
|
|
|
|
CatalogUpdateIndexes(relation, newtuple);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2005-07-07 22:40:02 +02:00
|
|
|
/* Update the shared dependency ACL info */
|
2009-01-22 21:16:10 +01:00
|
|
|
updateAclDependencies(DatabaseRelationId, HeapTupleGetOid(tuple), 0,
|
2005-12-01 03:03:01 +01:00
|
|
|
ownerId, istmt->is_grant,
|
2005-07-07 22:40:02 +02:00
|
|
|
noldmembers, oldmembers,
|
|
|
|
|
nnewmembers, newmembers);
|
|
|
|
|
|
2006-05-04 00:45:26 +02:00
|
|
|
ReleaseSysCache(tuple);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2005-11-21 13:49:33 +01:00
|
|
|
pfree(new_acl);
|
2005-08-12 23:20:24 +02:00
|
|
|
|
|
|
|
|
/* prevent error when processing duplicate objects */
|
|
|
|
|
CommandCounterIncrement();
|
2002-04-21 02:26:44 +02:00
|
|
|
}
|
2005-11-21 13:49:33 +01:00
|
|
|
|
|
|
|
|
heap_close(relation, RowExclusiveLock);
|
2002-04-21 02:26:44 +02:00
|
|
|
}
|
2001-06-10 01:21:55 +02:00
|
|
|
|
2008-12-19 17:25:19 +01:00
|
|
|
static void
|
|
|
|
|
ExecGrant_Fdw(InternalGrant *istmt)
|
|
|
|
|
{
|
|
|
|
|
Relation relation;
|
|
|
|
|
ListCell *cell;
|
|
|
|
|
|
|
|
|
|
if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
|
|
|
|
|
istmt->privileges = ACL_ALL_RIGHTS_FDW;
|
|
|
|
|
|
|
|
|
|
relation = heap_open(ForeignDataWrapperRelationId, RowExclusiveLock);
|
|
|
|
|
|
|
|
|
|
foreach(cell, istmt->objects)
|
|
|
|
|
{
|
|
|
|
|
Oid fdwid = lfirst_oid(cell);
|
|
|
|
|
Form_pg_foreign_data_wrapper pg_fdw_tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
AclMode avail_goptions;
|
|
|
|
|
AclMode this_privileges;
|
|
|
|
|
Acl *old_acl;
|
|
|
|
|
Acl *new_acl;
|
|
|
|
|
Oid grantorId;
|
|
|
|
|
Oid ownerId;
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
HeapTuple newtuple;
|
|
|
|
|
Datum values[Natts_pg_foreign_data_wrapper];
|
|
|
|
|
bool nulls[Natts_pg_foreign_data_wrapper];
|
|
|
|
|
bool replaces[Natts_pg_foreign_data_wrapper];
|
|
|
|
|
int noldmembers;
|
|
|
|
|
int nnewmembers;
|
|
|
|
|
Oid *oldmembers;
|
|
|
|
|
Oid *newmembers;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(FOREIGNDATAWRAPPEROID,
|
|
|
|
|
ObjectIdGetDatum(fdwid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
elog(ERROR, "cache lookup failed for foreign-data wrapper %u", fdwid);
|
|
|
|
|
|
|
|
|
|
pg_fdw_tuple = (Form_pg_foreign_data_wrapper) GETSTRUCT(tuple);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get owner ID and working copy of existing ACL. If there's no ACL,
|
|
|
|
|
* substitute the proper default.
|
|
|
|
|
*/
|
|
|
|
|
ownerId = pg_fdw_tuple->fdwowner;
|
|
|
|
|
aclDatum = SysCacheGetAttr(FOREIGNDATAWRAPPEROID, tuple,
|
|
|
|
|
Anum_pg_foreign_data_wrapper_fdwacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
old_acl = acldefault(ACL_OBJECT_FDW, ownerId);
|
|
|
|
|
else
|
|
|
|
|
old_acl = DatumGetAclPCopy(aclDatum);
|
|
|
|
|
|
|
|
|
|
/* Determine ID to do the grant as, and available grant options */
|
|
|
|
|
select_best_grantor(GetUserId(), istmt->privileges,
|
|
|
|
|
old_acl, ownerId,
|
|
|
|
|
&grantorId, &avail_goptions);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Restrict the privileges to what we can actually grant, and emit the
|
|
|
|
|
* standards-mandated warning and error messages.
|
|
|
|
|
*/
|
|
|
|
|
this_privileges =
|
|
|
|
|
restrict_and_check_grant(istmt->is_grant, avail_goptions,
|
|
|
|
|
istmt->all_privs, istmt->privileges,
|
|
|
|
|
fdwid, grantorId, ACL_KIND_FDW,
|
2009-01-22 21:16:10 +01:00
|
|
|
NameStr(pg_fdw_tuple->fdwname),
|
|
|
|
|
0, NULL);
|
2008-12-19 17:25:19 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Generate new ACL.
|
|
|
|
|
*
|
|
|
|
|
* We need the members of both old and new ACLs so we can correct the
|
|
|
|
|
* shared dependency information.
|
|
|
|
|
*/
|
|
|
|
|
noldmembers = aclmembers(old_acl, &oldmembers);
|
|
|
|
|
|
|
|
|
|
new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
|
|
|
|
|
istmt->grant_option, istmt->behavior,
|
|
|
|
|
istmt->grantees, this_privileges,
|
|
|
|
|
grantorId, ownerId);
|
|
|
|
|
|
|
|
|
|
nnewmembers = aclmembers(new_acl, &newmembers);
|
|
|
|
|
|
|
|
|
|
/* finished building new ACL value, now insert it */
|
|
|
|
|
MemSet(values, 0, sizeof(values));
|
|
|
|
|
MemSet(nulls, false, sizeof(nulls));
|
|
|
|
|
MemSet(replaces, false, sizeof(replaces));
|
|
|
|
|
|
|
|
|
|
replaces[Anum_pg_foreign_data_wrapper_fdwacl - 1] = true;
|
|
|
|
|
values[Anum_pg_foreign_data_wrapper_fdwacl - 1] = PointerGetDatum(new_acl);
|
|
|
|
|
|
|
|
|
|
newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
|
|
|
|
|
nulls, replaces);
|
|
|
|
|
|
|
|
|
|
simple_heap_update(relation, &newtuple->t_self, newtuple);
|
|
|
|
|
|
|
|
|
|
/* keep the catalog indexes up to date */
|
|
|
|
|
CatalogUpdateIndexes(relation, newtuple);
|
|
|
|
|
|
|
|
|
|
/* Update the shared dependency ACL info */
|
2009-01-22 21:16:10 +01:00
|
|
|
updateAclDependencies(ForeignDataWrapperRelationId,
|
|
|
|
|
HeapTupleGetOid(tuple), 0,
|
2008-12-19 17:25:19 +01:00
|
|
|
ownerId, istmt->is_grant,
|
|
|
|
|
noldmembers, oldmembers,
|
|
|
|
|
nnewmembers, newmembers);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
pfree(new_acl);
|
|
|
|
|
|
|
|
|
|
/* prevent error when processing duplicate objects */
|
|
|
|
|
CommandCounterIncrement();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
heap_close(relation, RowExclusiveLock);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void ExecGrant_ForeignServer(InternalGrant *istmt)
|
|
|
|
|
{
|
|
|
|
|
Relation relation;
|
|
|
|
|
ListCell *cell;
|
|
|
|
|
|
|
|
|
|
if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
|
|
|
|
|
istmt->privileges = ACL_ALL_RIGHTS_FOREIGN_SERVER;
|
|
|
|
|
|
|
|
|
|
relation = heap_open(ForeignServerRelationId, RowExclusiveLock);
|
|
|
|
|
|
|
|
|
|
foreach(cell, istmt->objects)
|
|
|
|
|
{
|
|
|
|
|
Oid srvid = lfirst_oid(cell);
|
|
|
|
|
Form_pg_foreign_server pg_server_tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
AclMode avail_goptions;
|
|
|
|
|
AclMode this_privileges;
|
|
|
|
|
Acl *old_acl;
|
|
|
|
|
Acl *new_acl;
|
|
|
|
|
Oid grantorId;
|
|
|
|
|
Oid ownerId;
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
HeapTuple newtuple;
|
|
|
|
|
Datum values[Natts_pg_foreign_server];
|
|
|
|
|
bool nulls[Natts_pg_foreign_server];
|
|
|
|
|
bool replaces[Natts_pg_foreign_server];
|
|
|
|
|
int noldmembers;
|
|
|
|
|
int nnewmembers;
|
|
|
|
|
Oid *oldmembers;
|
|
|
|
|
Oid *newmembers;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(FOREIGNSERVEROID,
|
|
|
|
|
ObjectIdGetDatum(srvid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
elog(ERROR, "cache lookup failed for foreign server %u", srvid);
|
|
|
|
|
|
|
|
|
|
pg_server_tuple = (Form_pg_foreign_server) GETSTRUCT(tuple);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get owner ID and working copy of existing ACL. If there's no ACL,
|
|
|
|
|
* substitute the proper default.
|
|
|
|
|
*/
|
|
|
|
|
ownerId = pg_server_tuple->srvowner;
|
|
|
|
|
aclDatum = SysCacheGetAttr(FOREIGNSERVEROID, tuple,
|
|
|
|
|
Anum_pg_foreign_server_srvacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
old_acl = acldefault(ACL_OBJECT_FOREIGN_SERVER, ownerId);
|
|
|
|
|
else
|
|
|
|
|
old_acl = DatumGetAclPCopy(aclDatum);
|
|
|
|
|
|
|
|
|
|
/* Determine ID to do the grant as, and available grant options */
|
|
|
|
|
select_best_grantor(GetUserId(), istmt->privileges,
|
|
|
|
|
old_acl, ownerId,
|
|
|
|
|
&grantorId, &avail_goptions);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Restrict the privileges to what we can actually grant, and emit the
|
|
|
|
|
* standards-mandated warning and error messages.
|
|
|
|
|
*/
|
|
|
|
|
this_privileges =
|
|
|
|
|
restrict_and_check_grant(istmt->is_grant, avail_goptions,
|
|
|
|
|
istmt->all_privs, istmt->privileges,
|
|
|
|
|
srvid, grantorId, ACL_KIND_FOREIGN_SERVER,
|
2009-01-22 21:16:10 +01:00
|
|
|
NameStr(pg_server_tuple->srvname),
|
|
|
|
|
0, NULL);
|
2008-12-19 17:25:19 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Generate new ACL.
|
|
|
|
|
*
|
|
|
|
|
* We need the members of both old and new ACLs so we can correct the
|
|
|
|
|
* shared dependency information.
|
|
|
|
|
*/
|
|
|
|
|
noldmembers = aclmembers(old_acl, &oldmembers);
|
|
|
|
|
|
|
|
|
|
new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
|
|
|
|
|
istmt->grant_option, istmt->behavior,
|
|
|
|
|
istmt->grantees, this_privileges,
|
|
|
|
|
grantorId, ownerId);
|
|
|
|
|
|
|
|
|
|
nnewmembers = aclmembers(new_acl, &newmembers);
|
|
|
|
|
|
|
|
|
|
/* finished building new ACL value, now insert it */
|
|
|
|
|
MemSet(values, 0, sizeof(values));
|
|
|
|
|
MemSet(nulls, false, sizeof(nulls));
|
|
|
|
|
MemSet(replaces, false, sizeof(replaces));
|
|
|
|
|
|
|
|
|
|
replaces[Anum_pg_foreign_server_srvacl - 1] = true;
|
|
|
|
|
values[Anum_pg_foreign_server_srvacl - 1] = PointerGetDatum(new_acl);
|
|
|
|
|
|
|
|
|
|
newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
|
|
|
|
|
nulls, replaces);
|
|
|
|
|
|
|
|
|
|
simple_heap_update(relation, &newtuple->t_self, newtuple);
|
|
|
|
|
|
|
|
|
|
/* keep the catalog indexes up to date */
|
|
|
|
|
CatalogUpdateIndexes(relation, newtuple);
|
|
|
|
|
|
|
|
|
|
/* Update the shared dependency ACL info */
|
2009-01-22 21:16:10 +01:00
|
|
|
updateAclDependencies(ForeignServerRelationId,
|
|
|
|
|
HeapTupleGetOid(tuple), 0,
|
2008-12-19 17:25:19 +01:00
|
|
|
ownerId, istmt->is_grant,
|
|
|
|
|
noldmembers, oldmembers,
|
|
|
|
|
nnewmembers, newmembers);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
pfree(new_acl);
|
|
|
|
|
|
|
|
|
|
/* prevent error when processing duplicate objects */
|
|
|
|
|
CommandCounterIncrement();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
heap_close(relation, RowExclusiveLock);
|
|
|
|
|
}
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
static void
|
2005-12-01 03:03:01 +01:00
|
|
|
ExecGrant_Function(InternalGrant *istmt)
|
2002-02-19 00:11:58 +01:00
|
|
|
{
|
2005-11-21 13:49:33 +01:00
|
|
|
Relation relation;
|
|
|
|
|
ListCell *cell;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
|
|
|
|
|
istmt->privileges = ACL_ALL_RIGHTS_FUNCTION;
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2005-11-21 13:49:33 +01:00
|
|
|
relation = heap_open(ProcedureRelationId, RowExclusiveLock);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
foreach(cell, istmt->objects)
|
2002-02-19 00:11:58 +01:00
|
|
|
{
|
2005-11-21 13:49:33 +01:00
|
|
|
Oid funcId = lfirst_oid(cell);
|
2002-02-19 00:11:58 +01:00
|
|
|
Form_pg_proc pg_proc_tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
2005-10-10 20:49:04 +02:00
|
|
|
AclMode avail_goptions;
|
2004-06-01 23:49:23 +02:00
|
|
|
AclMode this_privileges;
|
2002-02-19 00:11:58 +01:00
|
|
|
Acl *old_acl;
|
|
|
|
|
Acl *new_acl;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid grantorId;
|
|
|
|
|
Oid ownerId;
|
2005-11-21 13:49:33 +01:00
|
|
|
HeapTuple tuple;
|
2002-02-19 00:11:58 +01:00
|
|
|
HeapTuple newtuple;
|
|
|
|
|
Datum values[Natts_pg_proc];
|
2008-11-02 02:45:28 +01:00
|
|
|
bool nulls[Natts_pg_proc];
|
|
|
|
|
bool replaces[Natts_pg_proc];
|
2005-07-07 22:40:02 +02:00
|
|
|
int noldmembers;
|
|
|
|
|
int nnewmembers;
|
|
|
|
|
Oid *oldmembers;
|
|
|
|
|
Oid *newmembers;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
tuple = SearchSysCache(PROCOID,
|
2005-11-21 13:49:33 +01:00
|
|
|
ObjectIdGetDatum(funcId),
|
2002-04-21 02:26:44 +02:00
|
|
|
0, 0, 0);
|
2002-02-19 00:11:58 +01:00
|
|
|
if (!HeapTupleIsValid(tuple))
|
2005-11-21 13:49:33 +01:00
|
|
|
elog(ERROR, "cache lookup failed for function %u", funcId);
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
pg_proc_tuple = (Form_pg_proc) GETSTRUCT(tuple);
|
|
|
|
|
|
2005-10-10 20:49:04 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Get owner ID and working copy of existing ACL. If there's no ACL,
|
|
|
|
|
* substitute the proper default.
|
2005-10-10 20:49:04 +02:00
|
|
|
*/
|
2003-10-31 21:00:49 +01:00
|
|
|
ownerId = pg_proc_tuple->proowner;
|
2005-10-10 20:49:04 +02:00
|
|
|
aclDatum = SysCacheGetAttr(PROCOID, tuple, Anum_pg_proc_proacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
old_acl = acldefault(ACL_OBJECT_FUNCTION, ownerId);
|
|
|
|
|
else
|
|
|
|
|
old_acl = DatumGetAclPCopy(aclDatum);
|
|
|
|
|
|
|
|
|
|
/* Determine ID to do the grant as, and available grant options */
|
2005-12-01 03:03:01 +01:00
|
|
|
select_best_grantor(GetUserId(), istmt->privileges,
|
2005-10-10 20:49:04 +02:00
|
|
|
old_acl, ownerId,
|
|
|
|
|
&grantorId, &avail_goptions);
|
2003-10-31 21:00:49 +01:00
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
/*
|
2006-10-04 02:30:14 +02:00
|
|
|
* Restrict the privileges to what we can actually grant, and emit the
|
|
|
|
|
* standards-mandated warning and error messages.
|
2004-06-01 23:49:23 +02:00
|
|
|
*/
|
2005-12-01 03:03:01 +01:00
|
|
|
this_privileges =
|
|
|
|
|
restrict_and_check_grant(istmt->is_grant, avail_goptions,
|
|
|
|
|
istmt->all_privs, istmt->privileges,
|
|
|
|
|
funcId, grantorId, ACL_KIND_PROC,
|
2009-01-22 21:16:10 +01:00
|
|
|
NameStr(pg_proc_tuple->proname),
|
|
|
|
|
0, NULL);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
/*
|
2005-10-10 20:49:04 +02:00
|
|
|
* Generate new ACL.
|
|
|
|
|
*
|
2005-10-15 04:49:52 +02:00
|
|
|
* We need the members of both old and new ACLs so we can correct the
|
|
|
|
|
* shared dependency information.
|
2005-07-07 22:40:02 +02:00
|
|
|
*/
|
|
|
|
|
noldmembers = aclmembers(old_acl, &oldmembers);
|
|
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
|
|
|
|
|
istmt->grant_option, istmt->behavior,
|
|
|
|
|
istmt->grantees, this_privileges,
|
2003-10-31 21:00:49 +01:00
|
|
|
grantorId, ownerId);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2005-07-07 22:40:02 +02:00
|
|
|
nnewmembers = aclmembers(new_acl, &newmembers);
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
/* finished building new ACL value, now insert it */
|
2002-04-21 02:26:44 +02:00
|
|
|
MemSet(values, 0, sizeof(values));
|
2008-11-02 02:45:28 +01:00
|
|
|
MemSet(nulls, false, sizeof(nulls));
|
|
|
|
|
MemSet(replaces, false, sizeof(replaces));
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2008-11-02 02:45:28 +01:00
|
|
|
replaces[Anum_pg_proc_proacl - 1] = true;
|
2002-02-19 00:11:58 +01:00
|
|
|
values[Anum_pg_proc_proacl - 1] = PointerGetDatum(new_acl);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2008-11-02 02:45:28 +01:00
|
|
|
newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
|
|
|
|
|
nulls, replaces);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
simple_heap_update(relation, &newtuple->t_self, newtuple);
|
|
|
|
|
|
2002-08-05 05:29:17 +02:00
|
|
|
/* keep the catalog indexes up to date */
|
|
|
|
|
CatalogUpdateIndexes(relation, newtuple);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2005-07-07 22:40:02 +02:00
|
|
|
/* Update the shared dependency ACL info */
|
2009-01-22 21:16:10 +01:00
|
|
|
updateAclDependencies(ProcedureRelationId, funcId, 0,
|
2005-12-01 03:03:01 +01:00
|
|
|
ownerId, istmt->is_grant,
|
2005-07-07 22:40:02 +02:00
|
|
|
noldmembers, oldmembers,
|
|
|
|
|
nnewmembers, newmembers);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
pfree(new_acl);
|
|
|
|
|
|
2005-08-12 23:20:24 +02:00
|
|
|
/* prevent error when processing duplicate objects */
|
|
|
|
|
CommandCounterIncrement();
|
2002-02-19 00:11:58 +01:00
|
|
|
}
|
2005-11-21 13:49:33 +01:00
|
|
|
|
|
|
|
|
heap_close(relation, RowExclusiveLock);
|
2002-02-19 00:11:58 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2005-12-01 03:03:01 +01:00
|
|
|
ExecGrant_Language(InternalGrant *istmt)
|
2002-02-19 00:11:58 +01:00
|
|
|
{
|
2005-11-21 13:49:33 +01:00
|
|
|
Relation relation;
|
|
|
|
|
ListCell *cell;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
|
|
|
|
|
istmt->privileges = ACL_ALL_RIGHTS_LANGUAGE;
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2005-11-21 13:49:33 +01:00
|
|
|
relation = heap_open(LanguageRelationId, RowExclusiveLock);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
foreach(cell, istmt->objects)
|
2002-02-19 00:11:58 +01:00
|
|
|
{
|
2005-12-01 03:03:01 +01:00
|
|
|
Oid langId = lfirst_oid(cell);
|
2002-02-19 00:11:58 +01:00
|
|
|
Form_pg_language pg_language_tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
2005-10-10 20:49:04 +02:00
|
|
|
AclMode avail_goptions;
|
2004-06-01 23:49:23 +02:00
|
|
|
AclMode this_privileges;
|
2002-02-19 00:11:58 +01:00
|
|
|
Acl *old_acl;
|
|
|
|
|
Acl *new_acl;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid grantorId;
|
|
|
|
|
Oid ownerId;
|
2005-11-21 13:49:33 +01:00
|
|
|
HeapTuple tuple;
|
2002-02-19 00:11:58 +01:00
|
|
|
HeapTuple newtuple;
|
|
|
|
|
Datum values[Natts_pg_language];
|
2008-11-02 02:45:28 +01:00
|
|
|
bool nulls[Natts_pg_language];
|
|
|
|
|
bool replaces[Natts_pg_language];
|
2005-07-07 22:40:02 +02:00
|
|
|
int noldmembers;
|
|
|
|
|
int nnewmembers;
|
|
|
|
|
Oid *oldmembers;
|
|
|
|
|
Oid *newmembers;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2005-11-21 13:49:33 +01:00
|
|
|
tuple = SearchSysCache(LANGOID,
|
2005-12-01 03:03:01 +01:00
|
|
|
ObjectIdGetDatum(langId),
|
2002-04-21 02:26:44 +02:00
|
|
|
0, 0, 0);
|
2002-02-19 00:11:58 +01:00
|
|
|
if (!HeapTupleIsValid(tuple))
|
2005-12-01 03:03:01 +01:00
|
|
|
elog(ERROR, "cache lookup failed for language %u", langId);
|
2005-11-21 13:49:33 +01:00
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
pg_language_tuple = (Form_pg_language) GETSTRUCT(tuple);
|
|
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
if (!pg_language_tuple->lanpltrusted)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_WRONG_OBJECT_TYPE),
|
2005-11-21 13:49:33 +01:00
|
|
|
errmsg("language \"%s\" is not trusted",
|
|
|
|
|
NameStr(pg_language_tuple->lanname)),
|
Wording cleanup for error messages. Also change can't -> cannot.
Standard English uses "may", "can", and "might" in different ways:
may - permission, "You may borrow my rake."
can - ability, "I can lift that log."
might - possibility, "It might rain today."
Unfortunately, in conversational English, their use is often mixed, as
in, "You may use this variable to do X", when in fact, "can" is a better
choice. Similarly, "It may crash" is better stated, "It might crash".
2007-02-01 20:10:30 +01:00
|
|
|
errhint("Only superusers can use untrusted languages.")));
|
2004-06-01 23:49:23 +02:00
|
|
|
|
2003-10-31 21:00:49 +01:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Get owner ID and working copy of existing ACL. If there's no ACL,
|
|
|
|
|
* substitute the proper default.
|
2003-10-31 21:00:49 +01:00
|
|
|
*/
|
2007-03-26 18:58:41 +02:00
|
|
|
ownerId = pg_language_tuple->lanowner;
|
2005-10-10 20:49:04 +02:00
|
|
|
aclDatum = SysCacheGetAttr(LANGNAME, tuple, Anum_pg_language_lanacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
old_acl = acldefault(ACL_OBJECT_LANGUAGE, ownerId);
|
|
|
|
|
else
|
|
|
|
|
old_acl = DatumGetAclPCopy(aclDatum);
|
|
|
|
|
|
|
|
|
|
/* Determine ID to do the grant as, and available grant options */
|
2005-12-01 03:03:01 +01:00
|
|
|
select_best_grantor(GetUserId(), istmt->privileges,
|
2005-10-10 20:49:04 +02:00
|
|
|
old_acl, ownerId,
|
|
|
|
|
&grantorId, &avail_goptions);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
/*
|
2006-10-04 02:30:14 +02:00
|
|
|
* Restrict the privileges to what we can actually grant, and emit the
|
|
|
|
|
* standards-mandated warning and error messages.
|
2004-06-01 23:49:23 +02:00
|
|
|
*/
|
2005-12-01 03:03:01 +01:00
|
|
|
this_privileges =
|
|
|
|
|
restrict_and_check_grant(istmt->is_grant, avail_goptions,
|
|
|
|
|
istmt->all_privs, istmt->privileges,
|
|
|
|
|
langId, grantorId, ACL_KIND_LANGUAGE,
|
2009-01-22 21:16:10 +01:00
|
|
|
NameStr(pg_language_tuple->lanname),
|
|
|
|
|
0, NULL);
|
2003-10-31 21:00:49 +01:00
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
/*
|
2005-10-10 20:49:04 +02:00
|
|
|
* Generate new ACL.
|
|
|
|
|
*
|
2005-10-15 04:49:52 +02:00
|
|
|
* We need the members of both old and new ACLs so we can correct the
|
|
|
|
|
* shared dependency information.
|
2005-07-07 22:40:02 +02:00
|
|
|
*/
|
|
|
|
|
noldmembers = aclmembers(old_acl, &oldmembers);
|
|
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
|
|
|
|
|
istmt->grant_option, istmt->behavior,
|
|
|
|
|
istmt->grantees, this_privileges,
|
2003-10-31 21:00:49 +01:00
|
|
|
grantorId, ownerId);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2005-07-07 22:40:02 +02:00
|
|
|
nnewmembers = aclmembers(new_acl, &newmembers);
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
/* finished building new ACL value, now insert it */
|
2002-04-21 02:26:44 +02:00
|
|
|
MemSet(values, 0, sizeof(values));
|
2008-11-02 02:45:28 +01:00
|
|
|
MemSet(nulls, false, sizeof(nulls));
|
|
|
|
|
MemSet(replaces, false, sizeof(replaces));
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2008-11-02 02:45:28 +01:00
|
|
|
replaces[Anum_pg_language_lanacl - 1] = true;
|
2002-02-19 00:11:58 +01:00
|
|
|
values[Anum_pg_language_lanacl - 1] = PointerGetDatum(new_acl);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2008-11-02 02:45:28 +01:00
|
|
|
newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
|
|
|
|
|
nulls, replaces);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
simple_heap_update(relation, &newtuple->t_self, newtuple);
|
|
|
|
|
|
2002-08-05 05:29:17 +02:00
|
|
|
/* keep the catalog indexes up to date */
|
|
|
|
|
CatalogUpdateIndexes(relation, newtuple);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2005-07-07 22:40:02 +02:00
|
|
|
/* Update the shared dependency ACL info */
|
2009-01-22 21:16:10 +01:00
|
|
|
updateAclDependencies(LanguageRelationId, HeapTupleGetOid(tuple), 0,
|
2005-12-01 03:03:01 +01:00
|
|
|
ownerId, istmt->is_grant,
|
2005-07-07 22:40:02 +02:00
|
|
|
noldmembers, oldmembers,
|
|
|
|
|
nnewmembers, newmembers);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
pfree(new_acl);
|
|
|
|
|
|
2005-08-12 23:20:24 +02:00
|
|
|
/* prevent error when processing duplicate objects */
|
|
|
|
|
CommandCounterIncrement();
|
2002-02-19 00:11:58 +01:00
|
|
|
}
|
2005-11-21 13:49:33 +01:00
|
|
|
|
|
|
|
|
heap_close(relation, RowExclusiveLock);
|
2002-02-19 00:11:58 +01:00
|
|
|
}
|
|
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
static void
|
2005-12-01 03:03:01 +01:00
|
|
|
ExecGrant_Namespace(InternalGrant *istmt)
|
2002-02-19 00:11:58 +01:00
|
|
|
{
|
2005-11-21 13:49:33 +01:00
|
|
|
Relation relation;
|
|
|
|
|
ListCell *cell;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
|
|
|
|
|
istmt->privileges = ACL_ALL_RIGHTS_NAMESPACE;
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2005-11-21 13:49:33 +01:00
|
|
|
relation = heap_open(NamespaceRelationId, RowExclusiveLock);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
foreach(cell, istmt->objects)
|
2002-04-21 02:26:44 +02:00
|
|
|
{
|
2005-11-21 13:49:33 +01:00
|
|
|
Oid nspid = lfirst_oid(cell);
|
2002-04-21 02:26:44 +02:00
|
|
|
Form_pg_namespace pg_namespace_tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
2005-10-10 20:49:04 +02:00
|
|
|
AclMode avail_goptions;
|
2004-06-01 23:49:23 +02:00
|
|
|
AclMode this_privileges;
|
2002-04-21 02:26:44 +02:00
|
|
|
Acl *old_acl;
|
|
|
|
|
Acl *new_acl;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid grantorId;
|
|
|
|
|
Oid ownerId;
|
2005-11-21 13:49:33 +01:00
|
|
|
HeapTuple tuple;
|
2002-04-21 02:26:44 +02:00
|
|
|
HeapTuple newtuple;
|
|
|
|
|
Datum values[Natts_pg_namespace];
|
2008-11-02 02:45:28 +01:00
|
|
|
bool nulls[Natts_pg_namespace];
|
|
|
|
|
bool replaces[Natts_pg_namespace];
|
2005-07-07 22:40:02 +02:00
|
|
|
int noldmembers;
|
|
|
|
|
int nnewmembers;
|
|
|
|
|
Oid *oldmembers;
|
|
|
|
|
Oid *newmembers;
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2005-11-21 13:49:33 +01:00
|
|
|
tuple = SearchSysCache(NAMESPACEOID,
|
|
|
|
|
ObjectIdGetDatum(nspid),
|
2002-04-21 02:26:44 +02:00
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2005-11-21 13:49:33 +01:00
|
|
|
elog(ERROR, "cache lookup failed for namespace %u", nspid);
|
|
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
pg_namespace_tuple = (Form_pg_namespace) GETSTRUCT(tuple);
|
|
|
|
|
|
2005-10-10 20:49:04 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Get owner ID and working copy of existing ACL. If there's no ACL,
|
|
|
|
|
* substitute the proper default.
|
2005-10-10 20:49:04 +02:00
|
|
|
*/
|
2003-10-31 21:00:49 +01:00
|
|
|
ownerId = pg_namespace_tuple->nspowner;
|
2005-10-10 20:49:04 +02:00
|
|
|
aclDatum = SysCacheGetAttr(NAMESPACENAME, tuple,
|
|
|
|
|
Anum_pg_namespace_nspacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
old_acl = acldefault(ACL_OBJECT_NAMESPACE, ownerId);
|
|
|
|
|
else
|
|
|
|
|
old_acl = DatumGetAclPCopy(aclDatum);
|
|
|
|
|
|
|
|
|
|
/* Determine ID to do the grant as, and available grant options */
|
2005-12-01 03:03:01 +01:00
|
|
|
select_best_grantor(GetUserId(), istmt->privileges,
|
2005-10-10 20:49:04 +02:00
|
|
|
old_acl, ownerId,
|
|
|
|
|
&grantorId, &avail_goptions);
|
2003-10-31 21:00:49 +01:00
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
/*
|
2006-10-04 02:30:14 +02:00
|
|
|
* Restrict the privileges to what we can actually grant, and emit the
|
|
|
|
|
* standards-mandated warning and error messages.
|
2004-06-01 23:49:23 +02:00
|
|
|
*/
|
2005-12-01 03:03:01 +01:00
|
|
|
this_privileges =
|
|
|
|
|
restrict_and_check_grant(istmt->is_grant, avail_goptions,
|
|
|
|
|
istmt->all_privs, istmt->privileges,
|
|
|
|
|
nspid, grantorId, ACL_KIND_NAMESPACE,
|
2009-01-22 21:16:10 +01:00
|
|
|
NameStr(pg_namespace_tuple->nspname),
|
|
|
|
|
0, NULL);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
/*
|
2005-10-10 20:49:04 +02:00
|
|
|
* Generate new ACL.
|
|
|
|
|
*
|
2005-10-15 04:49:52 +02:00
|
|
|
* We need the members of both old and new ACLs so we can correct the
|
|
|
|
|
* shared dependency information.
|
2005-07-07 22:40:02 +02:00
|
|
|
*/
|
|
|
|
|
noldmembers = aclmembers(old_acl, &oldmembers);
|
|
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
|
|
|
|
|
istmt->grant_option, istmt->behavior,
|
|
|
|
|
istmt->grantees, this_privileges,
|
2003-10-31 21:00:49 +01:00
|
|
|
grantorId, ownerId);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2005-07-07 22:40:02 +02:00
|
|
|
nnewmembers = aclmembers(new_acl, &newmembers);
|
|
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
/* finished building new ACL value, now insert it */
|
|
|
|
|
MemSet(values, 0, sizeof(values));
|
2008-11-02 02:45:28 +01:00
|
|
|
MemSet(nulls, false, sizeof(nulls));
|
|
|
|
|
MemSet(replaces, false, sizeof(replaces));
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2008-11-02 02:45:28 +01:00
|
|
|
replaces[Anum_pg_namespace_nspacl - 1] = true;
|
2002-04-21 02:26:44 +02:00
|
|
|
values[Anum_pg_namespace_nspacl - 1] = PointerGetDatum(new_acl);
|
|
|
|
|
|
2008-11-02 02:45:28 +01:00
|
|
|
newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
|
|
|
|
|
nulls, replaces);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
simple_heap_update(relation, &newtuple->t_self, newtuple);
|
|
|
|
|
|
2002-08-05 05:29:17 +02:00
|
|
|
/* keep the catalog indexes up to date */
|
|
|
|
|
CatalogUpdateIndexes(relation, newtuple);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2005-07-07 22:40:02 +02:00
|
|
|
/* Update the shared dependency ACL info */
|
2009-01-22 21:16:10 +01:00
|
|
|
updateAclDependencies(NamespaceRelationId, HeapTupleGetOid(tuple), 0,
|
2005-12-01 03:03:01 +01:00
|
|
|
ownerId, istmt->is_grant,
|
2005-07-07 22:40:02 +02:00
|
|
|
noldmembers, oldmembers,
|
|
|
|
|
nnewmembers, newmembers);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
pfree(new_acl);
|
|
|
|
|
|
2005-08-12 23:20:24 +02:00
|
|
|
/* prevent error when processing duplicate objects */
|
|
|
|
|
CommandCounterIncrement();
|
2002-04-21 02:26:44 +02:00
|
|
|
}
|
2005-11-21 13:49:33 +01:00
|
|
|
|
|
|
|
|
heap_close(relation, RowExclusiveLock);
|
2002-02-19 00:11:58 +01:00
|
|
|
}
|
|
|
|
|
|
2004-06-18 08:14:31 +02:00
|
|
|
static void
|
2005-12-01 03:03:01 +01:00
|
|
|
ExecGrant_Tablespace(InternalGrant *istmt)
|
2004-06-18 08:14:31 +02:00
|
|
|
{
|
2005-11-21 13:49:33 +01:00
|
|
|
Relation relation;
|
|
|
|
|
ListCell *cell;
|
2004-06-18 08:14:31 +02:00
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
|
|
|
|
|
istmt->privileges = ACL_ALL_RIGHTS_TABLESPACE;
|
2004-06-18 08:14:31 +02:00
|
|
|
|
2005-11-21 13:49:33 +01:00
|
|
|
relation = heap_open(TableSpaceRelationId, RowExclusiveLock);
|
2004-06-18 08:14:31 +02:00
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
foreach(cell, istmt->objects)
|
2004-06-18 08:14:31 +02:00
|
|
|
{
|
2005-11-21 13:49:33 +01:00
|
|
|
Oid tblId = lfirst_oid(cell);
|
2004-06-18 08:14:31 +02:00
|
|
|
Form_pg_tablespace pg_tablespace_tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
2005-10-10 20:49:04 +02:00
|
|
|
AclMode avail_goptions;
|
2004-06-18 08:14:31 +02:00
|
|
|
AclMode this_privileges;
|
|
|
|
|
Acl *old_acl;
|
|
|
|
|
Acl *new_acl;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid grantorId;
|
|
|
|
|
Oid ownerId;
|
2004-06-18 08:14:31 +02:00
|
|
|
HeapTuple newtuple;
|
|
|
|
|
Datum values[Natts_pg_tablespace];
|
2008-11-02 02:45:28 +01:00
|
|
|
bool nulls[Natts_pg_tablespace];
|
|
|
|
|
bool replaces[Natts_pg_tablespace];
|
2005-07-07 22:40:02 +02:00
|
|
|
int noldmembers;
|
|
|
|
|
int nnewmembers;
|
|
|
|
|
Oid *oldmembers;
|
|
|
|
|
Oid *newmembers;
|
2005-11-22 19:17:34 +01:00
|
|
|
ScanKeyData entry[1];
|
2005-11-21 13:49:33 +01:00
|
|
|
SysScanDesc scan;
|
|
|
|
|
HeapTuple tuple;
|
2004-06-18 08:14:31 +02:00
|
|
|
|
2005-11-21 13:49:33 +01:00
|
|
|
/* There's no syscache for pg_tablespace, so must look the hard way */
|
2004-06-18 08:14:31 +02:00
|
|
|
ScanKeyInit(&entry[0],
|
2005-11-21 13:49:33 +01:00
|
|
|
ObjectIdAttributeNumber,
|
|
|
|
|
BTEqualStrategyNumber, F_OIDEQ,
|
|
|
|
|
ObjectIdGetDatum(tblId));
|
|
|
|
|
scan = systable_beginscan(relation, TablespaceOidIndexId, true,
|
|
|
|
|
SnapshotNow, 1, entry);
|
|
|
|
|
tuple = systable_getnext(scan);
|
2004-06-18 08:14:31 +02:00
|
|
|
if (!HeapTupleIsValid(tuple))
|
2005-11-21 13:49:33 +01:00
|
|
|
elog(ERROR, "cache lookup failed for tablespace %u", tblId);
|
|
|
|
|
|
2004-06-18 08:14:31 +02:00
|
|
|
pg_tablespace_tuple = (Form_pg_tablespace) GETSTRUCT(tuple);
|
|
|
|
|
|
2005-10-10 20:49:04 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Get owner ID and working copy of existing ACL. If there's no ACL,
|
|
|
|
|
* substitute the proper default.
|
2005-10-10 20:49:04 +02:00
|
|
|
*/
|
2004-06-18 08:14:31 +02:00
|
|
|
ownerId = pg_tablespace_tuple->spcowner;
|
2005-10-10 20:49:04 +02:00
|
|
|
aclDatum = heap_getattr(tuple, Anum_pg_tablespace_spcacl,
|
|
|
|
|
RelationGetDescr(relation), &isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
old_acl = acldefault(ACL_OBJECT_TABLESPACE, ownerId);
|
|
|
|
|
else
|
|
|
|
|
old_acl = DatumGetAclPCopy(aclDatum);
|
|
|
|
|
|
|
|
|
|
/* Determine ID to do the grant as, and available grant options */
|
2005-12-01 03:03:01 +01:00
|
|
|
select_best_grantor(GetUserId(), istmt->privileges,
|
2005-10-10 20:49:04 +02:00
|
|
|
old_acl, ownerId,
|
|
|
|
|
&grantorId, &avail_goptions);
|
2004-06-18 08:14:31 +02:00
|
|
|
|
|
|
|
|
/*
|
2006-10-04 02:30:14 +02:00
|
|
|
* Restrict the privileges to what we can actually grant, and emit the
|
|
|
|
|
* standards-mandated warning and error messages.
|
2004-06-18 08:14:31 +02:00
|
|
|
*/
|
2005-12-01 03:03:01 +01:00
|
|
|
this_privileges =
|
|
|
|
|
restrict_and_check_grant(istmt->is_grant, avail_goptions,
|
|
|
|
|
istmt->all_privs, istmt->privileges,
|
|
|
|
|
tblId, grantorId, ACL_KIND_TABLESPACE,
|
2009-01-22 21:16:10 +01:00
|
|
|
NameStr(pg_tablespace_tuple->spcname),
|
|
|
|
|
0, NULL);
|
2004-06-18 08:14:31 +02:00
|
|
|
|
|
|
|
|
/*
|
2005-10-10 20:49:04 +02:00
|
|
|
* Generate new ACL.
|
|
|
|
|
*
|
2005-10-15 04:49:52 +02:00
|
|
|
* We need the members of both old and new ACLs so we can correct the
|
|
|
|
|
* shared dependency information.
|
2005-07-07 22:40:02 +02:00
|
|
|
*/
|
|
|
|
|
noldmembers = aclmembers(old_acl, &oldmembers);
|
|
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
|
|
|
|
|
istmt->grant_option, istmt->behavior,
|
|
|
|
|
istmt->grantees, this_privileges,
|
2004-06-18 08:14:31 +02:00
|
|
|
grantorId, ownerId);
|
|
|
|
|
|
2005-07-07 22:40:02 +02:00
|
|
|
nnewmembers = aclmembers(new_acl, &newmembers);
|
|
|
|
|
|
2004-06-18 08:14:31 +02:00
|
|
|
/* finished building new ACL value, now insert it */
|
|
|
|
|
MemSet(values, 0, sizeof(values));
|
2008-11-02 02:45:28 +01:00
|
|
|
MemSet(nulls, false, sizeof(nulls));
|
|
|
|
|
MemSet(replaces, false, sizeof(replaces));
|
2004-06-18 08:14:31 +02:00
|
|
|
|
2008-11-02 02:45:28 +01:00
|
|
|
replaces[Anum_pg_tablespace_spcacl - 1] = true;
|
2004-06-18 08:14:31 +02:00
|
|
|
values[Anum_pg_tablespace_spcacl - 1] = PointerGetDatum(new_acl);
|
|
|
|
|
|
2008-11-02 02:45:28 +01:00
|
|
|
newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
|
|
|
|
|
nulls, replaces);
|
2004-06-18 08:14:31 +02:00
|
|
|
|
|
|
|
|
simple_heap_update(relation, &newtuple->t_self, newtuple);
|
|
|
|
|
|
|
|
|
|
/* keep the catalog indexes up to date */
|
|
|
|
|
CatalogUpdateIndexes(relation, newtuple);
|
|
|
|
|
|
2005-07-07 22:40:02 +02:00
|
|
|
/* Update the shared dependency ACL info */
|
2009-01-22 21:16:10 +01:00
|
|
|
updateAclDependencies(TableSpaceRelationId, tblId, 0,
|
2005-12-01 03:03:01 +01:00
|
|
|
ownerId, istmt->is_grant,
|
2005-07-07 22:40:02 +02:00
|
|
|
noldmembers, oldmembers,
|
|
|
|
|
nnewmembers, newmembers);
|
|
|
|
|
|
2005-11-21 13:49:33 +01:00
|
|
|
systable_endscan(scan);
|
2004-06-18 08:14:31 +02:00
|
|
|
|
2005-11-21 13:49:33 +01:00
|
|
|
pfree(new_acl);
|
2005-08-12 23:20:24 +02:00
|
|
|
|
|
|
|
|
/* prevent error when processing duplicate objects */
|
|
|
|
|
CommandCounterIncrement();
|
2004-06-18 08:14:31 +02:00
|
|
|
}
|
2005-11-21 13:49:33 +01:00
|
|
|
|
|
|
|
|
heap_close(relation, RowExclusiveLock);
|
2004-06-18 08:14:31 +02:00
|
|
|
}
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2005-06-28 21:51:26 +02:00
|
|
|
static AclMode
|
|
|
|
|
string_to_privilege(const char *privname)
|
|
|
|
|
{
|
|
|
|
|
if (strcmp(privname, "insert") == 0)
|
|
|
|
|
return ACL_INSERT;
|
|
|
|
|
if (strcmp(privname, "select") == 0)
|
|
|
|
|
return ACL_SELECT;
|
|
|
|
|
if (strcmp(privname, "update") == 0)
|
|
|
|
|
return ACL_UPDATE;
|
|
|
|
|
if (strcmp(privname, "delete") == 0)
|
|
|
|
|
return ACL_DELETE;
|
2008-09-08 02:47:41 +02:00
|
|
|
if (strcmp(privname, "truncate") == 0)
|
|
|
|
|
return ACL_TRUNCATE;
|
2005-06-28 21:51:26 +02:00
|
|
|
if (strcmp(privname, "references") == 0)
|
|
|
|
|
return ACL_REFERENCES;
|
|
|
|
|
if (strcmp(privname, "trigger") == 0)
|
|
|
|
|
return ACL_TRIGGER;
|
|
|
|
|
if (strcmp(privname, "execute") == 0)
|
|
|
|
|
return ACL_EXECUTE;
|
|
|
|
|
if (strcmp(privname, "usage") == 0)
|
|
|
|
|
return ACL_USAGE;
|
|
|
|
|
if (strcmp(privname, "create") == 0)
|
|
|
|
|
return ACL_CREATE;
|
|
|
|
|
if (strcmp(privname, "temporary") == 0)
|
|
|
|
|
return ACL_CREATE_TEMP;
|
|
|
|
|
if (strcmp(privname, "temp") == 0)
|
|
|
|
|
return ACL_CREATE_TEMP;
|
2006-04-30 23:15:33 +02:00
|
|
|
if (strcmp(privname, "connect") == 0)
|
2006-04-30 04:09:07 +02:00
|
|
|
return ACL_CONNECT;
|
2006-09-05 23:08:36 +02:00
|
|
|
if (strcmp(privname, "rule") == 0)
|
|
|
|
|
return 0; /* ignore old RULE privileges */
|
2005-06-28 21:51:26 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("unrecognized privilege type \"%s\"", privname)));
|
|
|
|
|
return 0; /* appease compiler */
|
|
|
|
|
}
|
|
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
static const char *
|
|
|
|
|
privilege_to_string(AclMode privilege)
|
|
|
|
|
{
|
|
|
|
|
switch (privilege)
|
|
|
|
|
{
|
|
|
|
|
case ACL_INSERT:
|
|
|
|
|
return "INSERT";
|
|
|
|
|
case ACL_SELECT:
|
|
|
|
|
return "SELECT";
|
|
|
|
|
case ACL_UPDATE:
|
|
|
|
|
return "UPDATE";
|
|
|
|
|
case ACL_DELETE:
|
|
|
|
|
return "DELETE";
|
2008-09-08 02:47:41 +02:00
|
|
|
case ACL_TRUNCATE:
|
|
|
|
|
return "TRUNCATE";
|
2002-04-21 02:26:44 +02:00
|
|
|
case ACL_REFERENCES:
|
|
|
|
|
return "REFERENCES";
|
|
|
|
|
case ACL_TRIGGER:
|
|
|
|
|
return "TRIGGER";
|
|
|
|
|
case ACL_EXECUTE:
|
|
|
|
|
return "EXECUTE";
|
|
|
|
|
case ACL_USAGE:
|
|
|
|
|
return "USAGE";
|
|
|
|
|
case ACL_CREATE:
|
|
|
|
|
return "CREATE";
|
|
|
|
|
case ACL_CREATE_TEMP:
|
|
|
|
|
return "TEMP";
|
2006-04-30 04:09:07 +02:00
|
|
|
case ACL_CONNECT:
|
2006-04-30 23:15:33 +02:00
|
|
|
return "CONNECT";
|
2002-04-21 02:26:44 +02:00
|
|
|
default:
|
2003-07-21 03:59:11 +02:00
|
|
|
elog(ERROR, "unrecognized privilege: %d", (int) privilege);
|
2002-04-21 02:26:44 +02:00
|
|
|
}
|
|
|
|
|
return NULL; /* appease compiler */
|
|
|
|
|
}
|
|
|
|
|
|
2002-04-27 05:45:03 +02:00
|
|
|
/*
|
|
|
|
|
* Standardized reporting of aclcheck permissions failures.
|
2003-08-01 02:15:26 +02:00
|
|
|
*
|
|
|
|
|
* Note: we do not double-quote the %s's below, because many callers
|
|
|
|
|
* supply strings that might be already quoted.
|
2002-04-27 05:45:03 +02:00
|
|
|
*/
|
2003-08-01 02:15:26 +02:00
|
|
|
|
2003-08-04 02:43:34 +02:00
|
|
|
static const char *const no_priv_msg[MAX_ACL_KIND] =
|
2003-08-01 02:15:26 +02:00
|
|
|
{
|
2009-01-22 21:16:10 +01:00
|
|
|
/* ACL_KIND_COLUMN */
|
|
|
|
|
gettext_noop("permission denied for column %s"),
|
2003-08-01 02:15:26 +02:00
|
|
|
/* ACL_KIND_CLASS */
|
|
|
|
|
gettext_noop("permission denied for relation %s"),
|
2006-01-21 03:16:21 +01:00
|
|
|
/* ACL_KIND_SEQUENCE */
|
|
|
|
|
gettext_noop("permission denied for sequence %s"),
|
2003-08-01 02:15:26 +02:00
|
|
|
/* ACL_KIND_DATABASE */
|
|
|
|
|
gettext_noop("permission denied for database %s"),
|
|
|
|
|
/* ACL_KIND_PROC */
|
|
|
|
|
gettext_noop("permission denied for function %s"),
|
|
|
|
|
/* ACL_KIND_OPER */
|
|
|
|
|
gettext_noop("permission denied for operator %s"),
|
|
|
|
|
/* ACL_KIND_TYPE */
|
|
|
|
|
gettext_noop("permission denied for type %s"),
|
|
|
|
|
/* ACL_KIND_LANGUAGE */
|
|
|
|
|
gettext_noop("permission denied for language %s"),
|
|
|
|
|
/* ACL_KIND_NAMESPACE */
|
|
|
|
|
gettext_noop("permission denied for schema %s"),
|
|
|
|
|
/* ACL_KIND_OPCLASS */
|
|
|
|
|
gettext_noop("permission denied for operator class %s"),
|
2007-01-23 06:07:18 +01:00
|
|
|
/* ACL_KIND_OPFAMILY */
|
|
|
|
|
gettext_noop("permission denied for operator family %s"),
|
2003-08-01 02:15:26 +02:00
|
|
|
/* ACL_KIND_CONVERSION */
|
2004-06-18 08:14:31 +02:00
|
|
|
gettext_noop("permission denied for conversion %s"),
|
|
|
|
|
/* ACL_KIND_TABLESPACE */
|
2007-08-21 03:11:32 +02:00
|
|
|
gettext_noop("permission denied for tablespace %s"),
|
|
|
|
|
/* ACL_KIND_TSDICTIONARY */
|
|
|
|
|
gettext_noop("permission denied for text search dictionary %s"),
|
|
|
|
|
/* ACL_KIND_TSCONFIGURATION */
|
2008-12-19 17:25:19 +01:00
|
|
|
gettext_noop("permission denied for text search configuration %s"),
|
|
|
|
|
/* ACL_KIND_FDW */
|
|
|
|
|
gettext_noop("permission denied for foreign-data wrapper %s"),
|
|
|
|
|
/* ACL_KIND_FOREIGN_SERVER */
|
|
|
|
|
gettext_noop("permission denied for foreign server %s")
|
2003-08-01 02:15:26 +02:00
|
|
|
};
|
|
|
|
|
|
2003-08-04 02:43:34 +02:00
|
|
|
static const char *const not_owner_msg[MAX_ACL_KIND] =
|
2003-08-01 02:15:26 +02:00
|
|
|
{
|
2009-01-22 21:16:10 +01:00
|
|
|
/* ACL_KIND_COLUMN */
|
|
|
|
|
gettext_noop("must be owner of relation %s"),
|
2003-08-01 02:15:26 +02:00
|
|
|
/* ACL_KIND_CLASS */
|
|
|
|
|
gettext_noop("must be owner of relation %s"),
|
2006-01-21 03:16:21 +01:00
|
|
|
/* ACL_KIND_SEQUENCE */
|
|
|
|
|
gettext_noop("must be owner of sequence %s"),
|
2003-08-01 02:15:26 +02:00
|
|
|
/* ACL_KIND_DATABASE */
|
|
|
|
|
gettext_noop("must be owner of database %s"),
|
|
|
|
|
/* ACL_KIND_PROC */
|
|
|
|
|
gettext_noop("must be owner of function %s"),
|
|
|
|
|
/* ACL_KIND_OPER */
|
|
|
|
|
gettext_noop("must be owner of operator %s"),
|
|
|
|
|
/* ACL_KIND_TYPE */
|
|
|
|
|
gettext_noop("must be owner of type %s"),
|
|
|
|
|
/* ACL_KIND_LANGUAGE */
|
|
|
|
|
gettext_noop("must be owner of language %s"),
|
|
|
|
|
/* ACL_KIND_NAMESPACE */
|
|
|
|
|
gettext_noop("must be owner of schema %s"),
|
|
|
|
|
/* ACL_KIND_OPCLASS */
|
|
|
|
|
gettext_noop("must be owner of operator class %s"),
|
2007-01-23 06:07:18 +01:00
|
|
|
/* ACL_KIND_OPFAMILY */
|
|
|
|
|
gettext_noop("must be owner of operator family %s"),
|
2003-08-01 02:15:26 +02:00
|
|
|
/* ACL_KIND_CONVERSION */
|
2004-06-18 08:14:31 +02:00
|
|
|
gettext_noop("must be owner of conversion %s"),
|
|
|
|
|
/* ACL_KIND_TABLESPACE */
|
2007-08-21 03:11:32 +02:00
|
|
|
gettext_noop("must be owner of tablespace %s"),
|
|
|
|
|
/* ACL_KIND_TSDICTIONARY */
|
|
|
|
|
gettext_noop("must be owner of text search dictionary %s"),
|
|
|
|
|
/* ACL_KIND_TSCONFIGURATION */
|
2008-12-19 17:25:19 +01:00
|
|
|
gettext_noop("must be owner of text search configuration %s"),
|
|
|
|
|
/* ACL_KIND_FDW */
|
|
|
|
|
gettext_noop("must be owner of foreign-data wrapper %s"),
|
|
|
|
|
/* ACL_KIND_FOREIGN_SERVER */
|
|
|
|
|
gettext_noop("must be owner of foreign server %s")
|
2003-08-01 02:15:26 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2002-04-27 05:45:03 +02:00
|
|
|
void
|
2003-08-01 02:15:26 +02:00
|
|
|
aclcheck_error(AclResult aclerr, AclObjectKind objectkind,
|
|
|
|
|
const char *objectname)
|
2002-04-27 05:45:03 +02:00
|
|
|
{
|
2003-07-21 03:59:11 +02:00
|
|
|
switch (aclerr)
|
2002-04-27 05:45:03 +02:00
|
|
|
{
|
|
|
|
|
case ACLCHECK_OK:
|
|
|
|
|
/* no error, so return to caller */
|
|
|
|
|
break;
|
|
|
|
|
case ACLCHECK_NO_PRIV:
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2003-08-01 02:15:26 +02:00
|
|
|
errmsg(no_priv_msg[objectkind], objectname)));
|
2002-04-27 05:45:03 +02:00
|
|
|
break;
|
|
|
|
|
case ACLCHECK_NOT_OWNER:
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2003-08-01 02:15:26 +02:00
|
|
|
errmsg(not_owner_msg[objectkind], objectname)));
|
2002-04-27 05:45:03 +02:00
|
|
|
break;
|
|
|
|
|
default:
|
2003-07-21 03:59:11 +02:00
|
|
|
elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
|
2002-04-27 05:45:03 +02:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
void
|
|
|
|
|
aclcheck_error_col(AclResult aclerr, AclObjectKind objectkind,
|
|
|
|
|
const char *objectname, const char *colname)
|
|
|
|
|
{
|
|
|
|
|
switch (aclerr)
|
|
|
|
|
{
|
|
|
|
|
case ACLCHECK_OK:
|
|
|
|
|
/* no error, so return to caller */
|
|
|
|
|
break;
|
|
|
|
|
case ACLCHECK_NO_PRIV:
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
|
errmsg("permission denied for column %s of relation %s",
|
|
|
|
|
colname, objectname)));
|
|
|
|
|
break;
|
|
|
|
|
case ACLCHECK_NOT_OWNER:
|
|
|
|
|
/* relation msg is OK since columns don't have separate owners */
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
|
errmsg(not_owner_msg[objectkind], objectname)));
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
/* Check if given user has rolcatupdate privilege according to pg_authid */
|
2005-05-30 01:38:05 +02:00
|
|
|
static bool
|
2005-06-28 07:09:14 +02:00
|
|
|
has_rolcatupdate(Oid roleid)
|
2005-05-30 01:38:05 +02:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
bool rolcatupdate;
|
2005-05-30 01:38:05 +02:00
|
|
|
HeapTuple tuple;
|
|
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
tuple = SearchSysCache(AUTHOID,
|
|
|
|
|
ObjectIdGetDatum(roleid),
|
2005-05-30 01:38:05 +02:00
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
2005-06-28 07:09:14 +02:00
|
|
|
errmsg("role with OID %u does not exist", roleid)));
|
2005-05-30 01:38:05 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
rolcatupdate = ((Form_pg_authid) GETSTRUCT(tuple))->rolcatupdate;
|
2005-05-30 01:38:05 +02:00
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
return rolcatupdate;
|
2005-05-30 01:38:05 +02:00
|
|
|
}
|
|
|
|
|
|
2005-12-01 03:03:01 +01:00
|
|
|
/*
|
|
|
|
|
* Relay for the various pg_*_mask routines depending on object kind
|
|
|
|
|
*/
|
|
|
|
|
static AclMode
|
2009-01-22 21:16:10 +01:00
|
|
|
pg_aclmask(AclObjectKind objkind, Oid table_oid, AttrNumber attnum, Oid roleid,
|
2005-12-01 03:03:01 +01:00
|
|
|
AclMode mask, AclMaskHow how)
|
|
|
|
|
{
|
|
|
|
|
switch (objkind)
|
|
|
|
|
{
|
2009-01-22 21:16:10 +01:00
|
|
|
case ACL_KIND_COLUMN:
|
|
|
|
|
return
|
|
|
|
|
pg_class_aclmask(table_oid, roleid, mask, how) |
|
|
|
|
|
pg_attribute_aclmask(table_oid, attnum, roleid, mask, how);
|
2005-12-01 03:03:01 +01:00
|
|
|
case ACL_KIND_CLASS:
|
2006-01-21 03:16:21 +01:00
|
|
|
case ACL_KIND_SEQUENCE:
|
2005-12-01 03:03:01 +01:00
|
|
|
return pg_class_aclmask(table_oid, roleid, mask, how);
|
|
|
|
|
case ACL_KIND_DATABASE:
|
|
|
|
|
return pg_database_aclmask(table_oid, roleid, mask, how);
|
|
|
|
|
case ACL_KIND_PROC:
|
|
|
|
|
return pg_proc_aclmask(table_oid, roleid, mask, how);
|
|
|
|
|
case ACL_KIND_LANGUAGE:
|
|
|
|
|
return pg_language_aclmask(table_oid, roleid, mask, how);
|
|
|
|
|
case ACL_KIND_NAMESPACE:
|
|
|
|
|
return pg_namespace_aclmask(table_oid, roleid, mask, how);
|
|
|
|
|
case ACL_KIND_TABLESPACE:
|
|
|
|
|
return pg_tablespace_aclmask(table_oid, roleid, mask, how);
|
2008-12-19 17:25:19 +01:00
|
|
|
case ACL_KIND_FDW:
|
|
|
|
|
return pg_foreign_data_wrapper_aclmask(table_oid, roleid, mask, how);
|
|
|
|
|
case ACL_KIND_FOREIGN_SERVER:
|
|
|
|
|
return pg_foreign_server_aclmask(table_oid, roleid, mask, how);
|
2005-12-01 03:03:01 +01:00
|
|
|
default:
|
|
|
|
|
elog(ERROR, "unrecognized objkind: %d",
|
|
|
|
|
(int) objkind);
|
|
|
|
|
/* not reached, but keep compiler quiet */
|
|
|
|
|
return ACL_NO_RIGHTS;
|
|
|
|
|
}
|
|
|
|
|
}
|
2005-05-30 01:38:05 +02:00
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
|
|
|
|
|
/* ****************************************************************
|
|
|
|
|
* Exported routines for examining a user's privileges for various objects
|
2004-05-11 19:36:13 +02:00
|
|
|
*
|
2009-01-22 21:16:10 +01:00
|
|
|
* See aclmask() for a description of the common API for these functions.
|
2003-07-21 03:59:11 +02:00
|
|
|
*
|
|
|
|
|
* Note: we give lookup failure the full ereport treatment because the
|
2009-01-22 21:16:10 +01:00
|
|
|
* has_xxx_privilege() family of functions allow users to pass any random
|
|
|
|
|
* OID to these functions.
|
|
|
|
|
* ****************************************************************
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Exported routine for examining a user's privileges for a column
|
|
|
|
|
*
|
|
|
|
|
* Note: this considers only privileges granted specifically on the column.
|
|
|
|
|
* It is caller's responsibility to take relation-level privileges into account
|
|
|
|
|
* as appropriate. (For the same reason, we have no special case for
|
|
|
|
|
* superuser-ness here.)
|
|
|
|
|
*/
|
|
|
|
|
AclMode
|
|
|
|
|
pg_attribute_aclmask(Oid table_oid, AttrNumber attnum, Oid roleid,
|
|
|
|
|
AclMode mask, AclMaskHow how)
|
|
|
|
|
{
|
|
|
|
|
AclMode result;
|
|
|
|
|
HeapTuple classTuple;
|
|
|
|
|
HeapTuple attTuple;
|
|
|
|
|
Form_pg_class classForm;
|
|
|
|
|
Form_pg_attribute attributeForm;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *acl;
|
|
|
|
|
Oid ownerId;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Must get the relation's tuple from pg_class (only needed for ownerId)
|
|
|
|
|
*/
|
|
|
|
|
classTuple = SearchSysCache(RELOID,
|
|
|
|
|
ObjectIdGetDatum(table_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(classTuple))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_TABLE),
|
|
|
|
|
errmsg("relation with OID %u does not exist",
|
|
|
|
|
table_oid)));
|
|
|
|
|
classForm = (Form_pg_class) GETSTRUCT(classTuple);
|
|
|
|
|
|
|
|
|
|
ownerId = classForm->relowner;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Next, get the column's ACL from pg_attribute
|
|
|
|
|
*/
|
|
|
|
|
attTuple = SearchSysCache(ATTNUM,
|
|
|
|
|
ObjectIdGetDatum(table_oid),
|
|
|
|
|
Int16GetDatum(attnum),
|
|
|
|
|
0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(attTuple))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_COLUMN),
|
|
|
|
|
errmsg("attribute %d of relation with OID %u does not exist",
|
|
|
|
|
attnum, table_oid)));
|
|
|
|
|
attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
|
|
|
|
|
|
|
|
|
|
/* Throw error on dropped columns, too */
|
|
|
|
|
if (attributeForm->attisdropped)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_COLUMN),
|
|
|
|
|
errmsg("attribute %d of relation with OID %u does not exist",
|
|
|
|
|
attnum, table_oid)));
|
|
|
|
|
|
|
|
|
|
aclDatum = SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
|
|
|
|
|
if (isNull)
|
|
|
|
|
{
|
|
|
|
|
/* No ACL, so build default ACL */
|
|
|
|
|
acl = acldefault(ACL_OBJECT_COLUMN, ownerId);
|
|
|
|
|
aclDatum = (Datum) 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* detoast column's ACL if necessary */
|
|
|
|
|
acl = DatumGetAclP(aclDatum);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = aclmask(acl, roleid, ownerId, mask, how);
|
|
|
|
|
|
|
|
|
|
/* if we have a detoasted copy, free it */
|
|
|
|
|
if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
|
|
|
|
|
pfree(acl);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(attTuple);
|
|
|
|
|
ReleaseSysCache(classTuple);
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Exported routine for examining a user's privileges for a table
|
2001-06-05 21:34:56 +02:00
|
|
|
*/
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_class_aclmask(Oid table_oid, Oid roleid,
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode mask, AclMaskHow how)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode result;
|
2000-10-02 06:49:28 +02:00
|
|
|
HeapTuple tuple;
|
2004-01-14 04:44:53 +01:00
|
|
|
Form_pg_class classForm;
|
2000-10-02 06:49:28 +02:00
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *acl;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid ownerId;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2001-06-05 21:34:56 +02:00
|
|
|
/*
|
2005-05-30 01:38:05 +02:00
|
|
|
* Must get the relation's tuple from pg_class
|
2002-03-22 00:27:25 +01:00
|
|
|
*/
|
|
|
|
|
tuple = SearchSysCache(RELOID,
|
|
|
|
|
ObjectIdGetDatum(table_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_TABLE),
|
2004-05-11 19:36:13 +02:00
|
|
|
errmsg("relation with OID %u does not exist",
|
|
|
|
|
table_oid)));
|
2004-01-14 04:44:53 +01:00
|
|
|
classForm = (Form_pg_class) GETSTRUCT(tuple);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Deny anyone permission to update a system catalog unless
|
2005-06-28 07:09:14 +02:00
|
|
|
* pg_authid.rolcatupdate is set. (This is to let superusers protect
|
2005-10-15 04:49:52 +02:00
|
|
|
* themselves from themselves.) Also allow it if allowSystemTableMods.
|
2004-01-14 04:44:53 +01:00
|
|
|
*
|
2004-08-29 07:07:03 +02:00
|
|
|
* As of 7.4 we have some updatable system views; those shouldn't be
|
|
|
|
|
* protected in this way. Assume the view rules can take care of
|
2006-10-04 02:30:14 +02:00
|
|
|
* themselves. ACL_USAGE is if we ever have system sequences.
|
1997-09-07 07:04:48 +02:00
|
|
|
*/
|
2008-09-08 02:47:41 +02:00
|
|
|
if ((mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE | ACL_USAGE)) &&
|
2004-01-14 04:44:53 +01:00
|
|
|
IsSystemClass(classForm) &&
|
|
|
|
|
classForm->relkind != RELKIND_VIEW &&
|
2005-06-28 07:09:14 +02:00
|
|
|
!has_rolcatupdate(roleid) &&
|
2004-01-14 04:44:53 +01:00
|
|
|
!allowSystemTableMods)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2001-06-05 21:34:56 +02:00
|
|
|
#ifdef ACLDEBUG
|
2003-07-21 03:59:11 +02:00
|
|
|
elog(DEBUG2, "permission denied for system catalog update");
|
2001-06-05 21:34:56 +02:00
|
|
|
#endif
|
2008-09-08 02:47:41 +02:00
|
|
|
mask &= ~(ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE | ACL_USAGE);
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Otherwise, superusers bypass all permission-checking.
|
|
|
|
|
*/
|
2005-06-28 07:09:14 +02:00
|
|
|
if (superuser_arg(roleid))
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2001-05-27 11:59:30 +02:00
|
|
|
#ifdef ACLDEBUG
|
2005-06-28 07:09:14 +02:00
|
|
|
elog(DEBUG2, "OID %u is superuser, home free", roleid);
|
1996-07-09 08:22:35 +02:00
|
|
|
#endif
|
2000-11-16 23:30:52 +01:00
|
|
|
ReleaseSysCache(tuple);
|
2004-05-11 19:36:13 +02:00
|
|
|
return mask;
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2000-10-02 06:49:28 +02:00
|
|
|
/*
|
|
|
|
|
* Normal case: get the relation's ACL from pg_class
|
|
|
|
|
*/
|
2004-06-01 23:49:23 +02:00
|
|
|
ownerId = classForm->relowner;
|
|
|
|
|
|
2002-03-22 00:27:25 +01:00
|
|
|
aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
|
2000-10-02 06:49:28 +02:00
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
{
|
2003-10-31 21:00:49 +01:00
|
|
|
/* No ACL, so build default ACL */
|
2006-01-21 03:16:21 +01:00
|
|
|
acl = acldefault(classForm->relkind == RELKIND_SEQUENCE ?
|
2006-10-04 02:30:14 +02:00
|
|
|
ACL_OBJECT_SEQUENCE : ACL_OBJECT_RELATION,
|
2006-01-21 03:16:21 +01:00
|
|
|
ownerId);
|
2001-06-05 21:34:56 +02:00
|
|
|
aclDatum = (Datum) 0;
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
2000-10-02 06:49:28 +02:00
|
|
|
else
|
1999-09-18 21:08:25 +02:00
|
|
|
{
|
2001-06-05 21:34:56 +02:00
|
|
|
/* detoast rel's ACL if necessary */
|
|
|
|
|
acl = DatumGetAclP(aclDatum);
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
2000-10-02 06:49:28 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
result = aclmask(acl, roleid, ownerId, mask, how);
|
2000-11-16 23:30:52 +01:00
|
|
|
|
2001-06-05 21:34:56 +02:00
|
|
|
/* if we have a detoasted copy, free it */
|
|
|
|
|
if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
|
1997-09-07 07:04:48 +02:00
|
|
|
pfree(acl);
|
2001-06-05 21:34:56 +02:00
|
|
|
|
2000-11-16 23:30:52 +01:00
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
1998-09-01 05:29:17 +02:00
|
|
|
return result;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
/*
|
2004-05-11 19:36:13 +02:00
|
|
|
* Exported routine for examining a user's privileges for a database
|
2002-04-21 02:26:44 +02:00
|
|
|
*/
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_database_aclmask(Oid db_oid, Oid roleid,
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode mask, AclMaskHow how)
|
2002-04-21 02:26:44 +02:00
|
|
|
{
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode result;
|
2002-04-21 02:26:44 +02:00
|
|
|
HeapTuple tuple;
|
2006-05-04 00:45:26 +02:00
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *acl;
|
|
|
|
|
Oid ownerId;
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
2005-06-28 07:09:14 +02:00
|
|
|
if (superuser_arg(roleid))
|
2004-05-11 19:36:13 +02:00
|
|
|
return mask;
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get the database's ACL from pg_database
|
|
|
|
|
*/
|
2006-05-04 00:45:26 +02:00
|
|
|
tuple = SearchSysCache(DATABASEOID,
|
|
|
|
|
ObjectIdGetDatum(db_oid),
|
|
|
|
|
0, 0, 0);
|
2002-04-21 02:26:44 +02:00
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_DATABASE),
|
|
|
|
|
errmsg("database with OID %u does not exist", db_oid)));
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2006-05-04 00:45:26 +02:00
|
|
|
ownerId = ((Form_pg_database) GETSTRUCT(tuple))->datdba;
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2006-05-04 00:45:26 +02:00
|
|
|
aclDatum = SysCacheGetAttr(DATABASEOID, tuple, Anum_pg_database_datacl,
|
|
|
|
|
&isNull);
|
2002-04-21 02:26:44 +02:00
|
|
|
if (isNull)
|
|
|
|
|
{
|
|
|
|
|
/* No ACL, so build default ACL */
|
|
|
|
|
acl = acldefault(ACL_OBJECT_DATABASE, ownerId);
|
|
|
|
|
aclDatum = (Datum) 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* detoast ACL if necessary */
|
|
|
|
|
acl = DatumGetAclP(aclDatum);
|
|
|
|
|
}
|
|
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
result = aclmask(acl, roleid, ownerId, mask, how);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
/* if we have a detoasted copy, free it */
|
|
|
|
|
if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
|
|
|
|
|
pfree(acl);
|
|
|
|
|
|
2006-05-04 00:45:26 +02:00
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
/*
|
2004-05-11 19:36:13 +02:00
|
|
|
* Exported routine for examining a user's privileges for a function
|
2002-02-19 00:11:58 +01:00
|
|
|
*/
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_proc_aclmask(Oid proc_oid, Oid roleid,
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode mask, AclMaskHow how)
|
2002-02-19 00:11:58 +01:00
|
|
|
{
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode result;
|
2002-02-19 00:11:58 +01:00
|
|
|
HeapTuple tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *acl;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid ownerId;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2002-03-22 00:27:25 +01:00
|
|
|
/* Superusers bypass all permission checking. */
|
2005-06-28 07:09:14 +02:00
|
|
|
if (superuser_arg(roleid))
|
2004-05-11 19:36:13 +02:00
|
|
|
return mask;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
/*
|
2002-03-22 00:27:25 +01:00
|
|
|
* Get the function's ACL from pg_proc
|
2002-02-19 00:11:58 +01:00
|
|
|
*/
|
|
|
|
|
tuple = SearchSysCache(PROCOID,
|
|
|
|
|
ObjectIdGetDatum(proc_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_FUNCTION),
|
2005-10-15 04:49:52 +02:00
|
|
|
errmsg("function with OID %u does not exist", proc_oid)));
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
ownerId = ((Form_pg_proc) GETSTRUCT(tuple))->proowner;
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
aclDatum = SysCacheGetAttr(PROCOID, tuple, Anum_pg_proc_proacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
{
|
|
|
|
|
/* No ACL, so build default ACL */
|
2002-04-21 02:26:44 +02:00
|
|
|
acl = acldefault(ACL_OBJECT_FUNCTION, ownerId);
|
2002-02-19 00:11:58 +01:00
|
|
|
aclDatum = (Datum) 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* detoast ACL if necessary */
|
|
|
|
|
acl = DatumGetAclP(aclDatum);
|
|
|
|
|
}
|
|
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
result = aclmask(acl, roleid, ownerId, mask, how);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
/* if we have a detoasted copy, free it */
|
|
|
|
|
if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
|
|
|
|
|
pfree(acl);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2004-05-11 19:36:13 +02:00
|
|
|
* Exported routine for examining a user's privileges for a language
|
2002-02-19 00:11:58 +01:00
|
|
|
*/
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_language_aclmask(Oid lang_oid, Oid roleid,
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode mask, AclMaskHow how)
|
2002-02-19 00:11:58 +01:00
|
|
|
{
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode result;
|
2002-02-19 00:11:58 +01:00
|
|
|
HeapTuple tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *acl;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid ownerId;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2002-03-22 00:27:25 +01:00
|
|
|
/* Superusers bypass all permission checking. */
|
2005-06-28 07:09:14 +02:00
|
|
|
if (superuser_arg(roleid))
|
2004-05-11 19:36:13 +02:00
|
|
|
return mask;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
/*
|
2003-07-21 03:59:11 +02:00
|
|
|
* Get the language's ACL from pg_language
|
2002-02-19 00:11:58 +01:00
|
|
|
*/
|
|
|
|
|
tuple = SearchSysCache(LANGOID,
|
|
|
|
|
ObjectIdGetDatum(lang_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
2005-10-15 04:49:52 +02:00
|
|
|
errmsg("language with OID %u does not exist", lang_oid)));
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2007-03-26 18:58:41 +02:00
|
|
|
ownerId = ((Form_pg_language) GETSTRUCT(tuple))->lanowner;
|
2004-06-01 23:49:23 +02:00
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
aclDatum = SysCacheGetAttr(LANGOID, tuple, Anum_pg_language_lanacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
{
|
|
|
|
|
/* No ACL, so build default ACL */
|
2004-06-01 23:49:23 +02:00
|
|
|
acl = acldefault(ACL_OBJECT_LANGUAGE, ownerId);
|
2002-02-19 00:11:58 +01:00
|
|
|
aclDatum = (Datum) 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* detoast ACL if necessary */
|
|
|
|
|
acl = DatumGetAclP(aclDatum);
|
|
|
|
|
}
|
|
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
result = aclmask(acl, roleid, ownerId, mask, how);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
/* if we have a detoasted copy, free it */
|
|
|
|
|
if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
|
|
|
|
|
pfree(acl);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2004-05-11 19:36:13 +02:00
|
|
|
* Exported routine for examining a user's privileges for a namespace
|
2002-04-21 02:26:44 +02:00
|
|
|
*/
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_namespace_aclmask(Oid nsp_oid, Oid roleid,
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode mask, AclMaskHow how)
|
2002-04-21 02:26:44 +02:00
|
|
|
{
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode result;
|
2002-04-21 02:26:44 +02:00
|
|
|
HeapTuple tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *acl;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid ownerId;
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
2005-06-28 07:09:14 +02:00
|
|
|
if (superuser_arg(roleid))
|
2004-05-11 19:36:13 +02:00
|
|
|
return mask;
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2004-05-26 20:35:51 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* If we have been assigned this namespace as a temp namespace, check to
|
|
|
|
|
* make sure we have CREATE TEMP permission on the database, and if so act
|
|
|
|
|
* as though we have all standard (but not GRANT OPTION) permissions on
|
|
|
|
|
* the namespace. If we don't have CREATE TEMP, act as though we have
|
|
|
|
|
* only USAGE (and not CREATE) rights.
|
2004-05-26 20:35:51 +02:00
|
|
|
*
|
2005-11-22 19:17:34 +01:00
|
|
|
* This may seem redundant given the check in InitTempTableNamespace, but
|
|
|
|
|
* it really isn't since current user ID may have changed since then. The
|
2005-10-15 04:49:52 +02:00
|
|
|
* upshot of this behavior is that a SECURITY DEFINER function can create
|
|
|
|
|
* temp tables that can then be accessed (if permission is granted) by
|
|
|
|
|
* code in the same session that doesn't have permissions to create temp
|
|
|
|
|
* tables.
|
2004-05-28 18:17:14 +02:00
|
|
|
*
|
|
|
|
|
* XXX Would it be safe to ereport a special error message as
|
|
|
|
|
* InitTempTableNamespace does? Returning zero here means we'll get a
|
2005-10-15 04:49:52 +02:00
|
|
|
* generic "permission denied for schema pg_temp_N" message, which is not
|
|
|
|
|
* remarkably user-friendly.
|
2004-05-26 20:35:51 +02:00
|
|
|
*/
|
2004-05-28 18:17:14 +02:00
|
|
|
if (isTempNamespace(nsp_oid))
|
|
|
|
|
{
|
2007-04-20 04:37:38 +02:00
|
|
|
if (pg_database_aclcheck(MyDatabaseId, roleid,
|
2004-05-28 18:17:14 +02:00
|
|
|
ACL_CREATE_TEMP) == ACLCHECK_OK)
|
|
|
|
|
return mask & ACL_ALL_RIGHTS_NAMESPACE;
|
|
|
|
|
else
|
|
|
|
|
return mask & ACL_USAGE;
|
2004-05-26 20:35:51 +02:00
|
|
|
}
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
/*
|
2003-07-21 03:59:11 +02:00
|
|
|
* Get the schema's ACL from pg_namespace
|
2002-02-19 00:11:58 +01:00
|
|
|
*/
|
2002-04-21 02:26:44 +02:00
|
|
|
tuple = SearchSysCache(NAMESPACEOID,
|
|
|
|
|
ObjectIdGetDatum(nsp_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_SCHEMA),
|
|
|
|
|
errmsg("schema with OID %u does not exist", nsp_oid)));
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
ownerId = ((Form_pg_namespace) GETSTRUCT(tuple))->nspowner;
|
|
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
aclDatum = SysCacheGetAttr(NAMESPACEOID, tuple, Anum_pg_namespace_nspacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
{
|
|
|
|
|
/* No ACL, so build default ACL */
|
|
|
|
|
acl = acldefault(ACL_OBJECT_NAMESPACE, ownerId);
|
|
|
|
|
aclDatum = (Datum) 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* detoast ACL if necessary */
|
|
|
|
|
acl = DatumGetAclP(aclDatum);
|
|
|
|
|
}
|
|
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
result = aclmask(acl, roleid, ownerId, mask, how);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
/* if we have a detoasted copy, free it */
|
|
|
|
|
if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
|
|
|
|
|
pfree(acl);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
2002-03-22 00:27:25 +01:00
|
|
|
|
2004-06-18 08:14:31 +02:00
|
|
|
/*
|
|
|
|
|
* Exported routine for examining a user's privileges for a tablespace
|
|
|
|
|
*/
|
|
|
|
|
AclMode
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_tablespace_aclmask(Oid spc_oid, Oid roleid,
|
2004-06-18 08:14:31 +02:00
|
|
|
AclMode mask, AclMaskHow how)
|
|
|
|
|
{
|
|
|
|
|
AclMode result;
|
|
|
|
|
Relation pg_tablespace;
|
|
|
|
|
ScanKeyData entry[1];
|
2005-11-22 19:17:34 +01:00
|
|
|
SysScanDesc scan;
|
2004-06-18 08:14:31 +02:00
|
|
|
HeapTuple tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *acl;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid ownerId;
|
2004-06-18 08:14:31 +02:00
|
|
|
|
2007-10-12 20:55:12 +02:00
|
|
|
/* Superusers bypass all permission checking. */
|
2005-06-28 07:09:14 +02:00
|
|
|
if (superuser_arg(roleid))
|
2004-06-18 08:14:31 +02:00
|
|
|
return mask;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get the tablespace's ACL from pg_tablespace
|
|
|
|
|
*
|
|
|
|
|
* There's no syscache for pg_tablespace, so must look the hard way
|
|
|
|
|
*/
|
2005-04-14 22:03:27 +02:00
|
|
|
pg_tablespace = heap_open(TableSpaceRelationId, AccessShareLock);
|
2004-06-18 08:14:31 +02:00
|
|
|
ScanKeyInit(&entry[0],
|
|
|
|
|
ObjectIdAttributeNumber,
|
|
|
|
|
BTEqualStrategyNumber, F_OIDEQ,
|
|
|
|
|
ObjectIdGetDatum(spc_oid));
|
2005-11-21 13:49:33 +01:00
|
|
|
scan = systable_beginscan(pg_tablespace, TablespaceOidIndexId, true,
|
|
|
|
|
SnapshotNow, 1, entry);
|
|
|
|
|
tuple = systable_getnext(scan);
|
2004-06-18 08:14:31 +02:00
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
2005-10-15 04:49:52 +02:00
|
|
|
errmsg("tablespace with OID %u does not exist", spc_oid)));
|
2004-06-18 08:14:31 +02:00
|
|
|
|
|
|
|
|
ownerId = ((Form_pg_tablespace) GETSTRUCT(tuple))->spcowner;
|
|
|
|
|
|
|
|
|
|
aclDatum = heap_getattr(tuple, Anum_pg_tablespace_spcacl,
|
|
|
|
|
RelationGetDescr(pg_tablespace), &isNull);
|
|
|
|
|
|
|
|
|
|
if (isNull)
|
|
|
|
|
{
|
|
|
|
|
/* No ACL, so build default ACL */
|
|
|
|
|
acl = acldefault(ACL_OBJECT_TABLESPACE, ownerId);
|
|
|
|
|
aclDatum = (Datum) 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* detoast ACL if necessary */
|
|
|
|
|
acl = DatumGetAclP(aclDatum);
|
|
|
|
|
}
|
|
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
result = aclmask(acl, roleid, ownerId, mask, how);
|
2004-06-18 08:14:31 +02:00
|
|
|
|
|
|
|
|
/* if we have a detoasted copy, free it */
|
|
|
|
|
if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
|
|
|
|
|
pfree(acl);
|
|
|
|
|
|
2005-11-21 13:49:33 +01:00
|
|
|
systable_endscan(scan);
|
2004-06-18 08:14:31 +02:00
|
|
|
heap_close(pg_tablespace, AccessShareLock);
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
2008-12-19 17:25:19 +01:00
|
|
|
/*
|
|
|
|
|
* Exported routine for examining a user's privileges for a foreign
|
|
|
|
|
* data wrapper
|
|
|
|
|
*/
|
|
|
|
|
AclMode
|
|
|
|
|
pg_foreign_data_wrapper_aclmask(Oid fdw_oid, Oid roleid,
|
|
|
|
|
AclMode mask, AclMaskHow how)
|
|
|
|
|
{
|
|
|
|
|
AclMode result;
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *acl;
|
|
|
|
|
Oid ownerId;
|
|
|
|
|
|
|
|
|
|
Form_pg_foreign_data_wrapper fdwForm;
|
|
|
|
|
|
|
|
|
|
/* Bypass permission checks for superusers */
|
|
|
|
|
if (superuser_arg(roleid))
|
|
|
|
|
return mask;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Must get the FDW's tuple from pg_foreign_data_wrapper
|
|
|
|
|
*/
|
|
|
|
|
tuple = SearchSysCache(FOREIGNDATAWRAPPEROID,
|
|
|
|
|
ObjectIdGetDatum(fdw_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errmsg("foreign-data wrapper with OID %u does not exist",
|
|
|
|
|
fdw_oid)));
|
|
|
|
|
fdwForm = (Form_pg_foreign_data_wrapper) GETSTRUCT(tuple);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Normal case: get the FDW's ACL from pg_foreign_data_wrapper
|
|
|
|
|
*/
|
|
|
|
|
ownerId = fdwForm->fdwowner;
|
|
|
|
|
|
|
|
|
|
aclDatum = SysCacheGetAttr(FOREIGNDATAWRAPPEROID, tuple,
|
|
|
|
|
Anum_pg_foreign_data_wrapper_fdwacl, &isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
{
|
|
|
|
|
/* No ACL, so build default ACL */
|
|
|
|
|
acl = acldefault(ACL_OBJECT_FDW, ownerId);
|
|
|
|
|
aclDatum = (Datum) 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* detoast rel's ACL if necessary */
|
|
|
|
|
acl = DatumGetAclP(aclDatum);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = aclmask(acl, roleid, ownerId, mask, how);
|
|
|
|
|
|
|
|
|
|
/* if we have a detoasted copy, free it */
|
|
|
|
|
if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
|
|
|
|
|
pfree(acl);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Exported routine for examining a user's privileges for a foreign
|
|
|
|
|
* server.
|
|
|
|
|
*/
|
|
|
|
|
AclMode
|
|
|
|
|
pg_foreign_server_aclmask(Oid srv_oid, Oid roleid,
|
|
|
|
|
AclMode mask, AclMaskHow how)
|
|
|
|
|
{
|
|
|
|
|
AclMode result;
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *acl;
|
|
|
|
|
Oid ownerId;
|
|
|
|
|
|
|
|
|
|
Form_pg_foreign_server srvForm;
|
|
|
|
|
|
|
|
|
|
/* Bypass permission checks for superusers */
|
|
|
|
|
if (superuser_arg(roleid))
|
|
|
|
|
return mask;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Must get the FDW's tuple from pg_foreign_data_wrapper
|
|
|
|
|
*/
|
|
|
|
|
tuple = SearchSysCache(FOREIGNSERVEROID,
|
|
|
|
|
ObjectIdGetDatum(srv_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errmsg("foreign server with OID %u does not exist",
|
|
|
|
|
srv_oid)));
|
|
|
|
|
srvForm = (Form_pg_foreign_server) GETSTRUCT(tuple);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Normal case: get the foreign server's ACL from pg_foreign_server
|
|
|
|
|
*/
|
|
|
|
|
ownerId = srvForm->srvowner;
|
|
|
|
|
|
|
|
|
|
aclDatum = SysCacheGetAttr(FOREIGNSERVEROID, tuple,
|
|
|
|
|
Anum_pg_foreign_server_srvacl, &isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
{
|
|
|
|
|
/* No ACL, so build default ACL */
|
|
|
|
|
acl = acldefault(ACL_OBJECT_FOREIGN_SERVER, ownerId);
|
|
|
|
|
aclDatum = (Datum) 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* detoast rel's ACL if necessary */
|
|
|
|
|
acl = DatumGetAclP(aclDatum);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = aclmask(acl, roleid, ownerId, mask, how);
|
|
|
|
|
|
|
|
|
|
/* if we have a detoasted copy, free it */
|
|
|
|
|
if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
|
|
|
|
|
pfree(acl);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
2002-03-22 00:27:25 +01:00
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
/*
|
|
|
|
|
* Exported routine for checking a user's access privileges to a column
|
|
|
|
|
*
|
|
|
|
|
* Returns ACLCHECK_OK if the user has any of the privileges identified by
|
|
|
|
|
* 'mode'; otherwise returns a suitable error code (in practice, always
|
|
|
|
|
* ACLCHECK_NO_PRIV).
|
|
|
|
|
*
|
|
|
|
|
* As with pg_attribute_aclmask, only privileges granted directly on the
|
|
|
|
|
* column are considered here.
|
|
|
|
|
*/
|
|
|
|
|
AclResult
|
|
|
|
|
pg_attribute_aclcheck(Oid table_oid, AttrNumber attnum,
|
|
|
|
|
Oid roleid, AclMode mode)
|
|
|
|
|
{
|
|
|
|
|
if (pg_attribute_aclmask(table_oid, attnum, roleid, mode, ACLMASK_ANY) != 0)
|
|
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
else
|
|
|
|
|
return ACLCHECK_NO_PRIV;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Exported routine for checking a user's access privileges to any/all columns
|
|
|
|
|
*
|
|
|
|
|
* If 'how' is ACLMASK_ANY, then returns ACLCHECK_OK if user has any of the
|
|
|
|
|
* privileges identified by 'mode' on any non-dropped column in the relation;
|
|
|
|
|
* otherwise returns a suitable error code (in practice, always
|
|
|
|
|
* ACLCHECK_NO_PRIV).
|
|
|
|
|
*
|
|
|
|
|
* If 'how' is ACLMASK_ALL, then returns ACLCHECK_OK if user has any of the
|
|
|
|
|
* privileges identified by 'mode' on all non-dropped columns in the relation
|
|
|
|
|
* (and there must be at least one such column); otherwise returns a suitable
|
|
|
|
|
* error code (in practice, always ACLCHECK_NO_PRIV).
|
|
|
|
|
*
|
|
|
|
|
* As with pg_attribute_aclmask, only privileges granted directly on the
|
|
|
|
|
* column(s) are considered here.
|
|
|
|
|
*
|
|
|
|
|
* Note: system columns are not considered here; there are cases where that
|
|
|
|
|
* might be appropriate but there are also cases where it wouldn't.
|
|
|
|
|
*/
|
|
|
|
|
AclResult
|
|
|
|
|
pg_attribute_aclcheck_all(Oid table_oid, Oid roleid, AclMode mode,
|
|
|
|
|
AclMaskHow how)
|
|
|
|
|
{
|
|
|
|
|
AclResult result;
|
|
|
|
|
HeapTuple classTuple;
|
|
|
|
|
Form_pg_class classForm;
|
|
|
|
|
AttrNumber nattrs;
|
|
|
|
|
AttrNumber curr_att;
|
|
|
|
|
|
|
|
|
|
/* Must fetch pg_class row to check number of attributes */
|
|
|
|
|
classTuple = SearchSysCache(RELOID,
|
|
|
|
|
ObjectIdGetDatum(table_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(classTuple))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_TABLE),
|
|
|
|
|
errmsg("relation with OID %u does not exist",
|
|
|
|
|
table_oid)));
|
|
|
|
|
classForm = (Form_pg_class) GETSTRUCT(classTuple);
|
|
|
|
|
|
|
|
|
|
nattrs = classForm->relnatts;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(classTuple);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Initialize result in case there are no non-dropped columns. We want
|
|
|
|
|
* to report failure in such cases for either value of 'how'.
|
|
|
|
|
*/
|
|
|
|
|
result = ACLCHECK_NO_PRIV;
|
|
|
|
|
|
|
|
|
|
for (curr_att = 1; curr_att <= nattrs; curr_att++)
|
|
|
|
|
{
|
|
|
|
|
HeapTuple attTuple;
|
|
|
|
|
bool isdropped;
|
|
|
|
|
|
|
|
|
|
attTuple = SearchSysCache(ATTNUM,
|
|
|
|
|
ObjectIdGetDatum(table_oid),
|
|
|
|
|
Int16GetDatum(curr_att),
|
|
|
|
|
0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(attTuple))
|
|
|
|
|
elog(ERROR, "cache lookup failed for attribute %d of relation %u",
|
|
|
|
|
curr_att, table_oid);
|
|
|
|
|
|
|
|
|
|
isdropped = ((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(attTuple);
|
|
|
|
|
|
|
|
|
|
/* ignore dropped columns */
|
|
|
|
|
if (isdropped)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
if (pg_attribute_aclmask(table_oid, curr_att, roleid,
|
|
|
|
|
mode, ACLMASK_ANY) != 0)
|
|
|
|
|
{
|
|
|
|
|
result = ACLCHECK_OK;
|
|
|
|
|
if (how == ACLMASK_ANY)
|
|
|
|
|
break; /* succeed on any success */
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
result = ACLCHECK_NO_PRIV;
|
|
|
|
|
if (how == ACLMASK_ALL)
|
|
|
|
|
break; /* fail on any failure */
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
2004-05-11 19:36:13 +02:00
|
|
|
/*
|
|
|
|
|
* Exported routine for checking a user's access privileges to a table
|
|
|
|
|
*
|
|
|
|
|
* Returns ACLCHECK_OK if the user has any of the privileges identified by
|
|
|
|
|
* 'mode'; otherwise returns a suitable error code (in practice, always
|
|
|
|
|
* ACLCHECK_NO_PRIV).
|
|
|
|
|
*/
|
|
|
|
|
AclResult
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode)
|
2004-05-11 19:36:13 +02:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
if (pg_class_aclmask(table_oid, roleid, mode, ACLMASK_ANY) != 0)
|
2004-05-11 19:36:13 +02:00
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
else
|
|
|
|
|
return ACLCHECK_NO_PRIV;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Exported routine for checking a user's access privileges to a database
|
|
|
|
|
*/
|
|
|
|
|
AclResult
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_database_aclcheck(Oid db_oid, Oid roleid, AclMode mode)
|
2004-05-11 19:36:13 +02:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
if (pg_database_aclmask(db_oid, roleid, mode, ACLMASK_ANY) != 0)
|
2004-05-11 19:36:13 +02:00
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
else
|
|
|
|
|
return ACLCHECK_NO_PRIV;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Exported routine for checking a user's access privileges to a function
|
|
|
|
|
*/
|
|
|
|
|
AclResult
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_proc_aclcheck(Oid proc_oid, Oid roleid, AclMode mode)
|
2004-05-11 19:36:13 +02:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
if (pg_proc_aclmask(proc_oid, roleid, mode, ACLMASK_ANY) != 0)
|
2004-05-11 19:36:13 +02:00
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
else
|
|
|
|
|
return ACLCHECK_NO_PRIV;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Exported routine for checking a user's access privileges to a language
|
|
|
|
|
*/
|
|
|
|
|
AclResult
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_language_aclcheck(Oid lang_oid, Oid roleid, AclMode mode)
|
2004-05-11 19:36:13 +02:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
if (pg_language_aclmask(lang_oid, roleid, mode, ACLMASK_ANY) != 0)
|
2004-05-11 19:36:13 +02:00
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
else
|
|
|
|
|
return ACLCHECK_NO_PRIV;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Exported routine for checking a user's access privileges to a namespace
|
|
|
|
|
*/
|
|
|
|
|
AclResult
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_namespace_aclcheck(Oid nsp_oid, Oid roleid, AclMode mode)
|
2004-05-11 19:36:13 +02:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
if (pg_namespace_aclmask(nsp_oid, roleid, mode, ACLMASK_ANY) != 0)
|
2004-05-11 19:36:13 +02:00
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
else
|
|
|
|
|
return ACLCHECK_NO_PRIV;
|
|
|
|
|
}
|
|
|
|
|
|
2004-06-18 08:14:31 +02:00
|
|
|
/*
|
|
|
|
|
* Exported routine for checking a user's access privileges to a tablespace
|
|
|
|
|
*/
|
|
|
|
|
AclResult
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_tablespace_aclcheck(Oid spc_oid, Oid roleid, AclMode mode)
|
2004-06-18 08:14:31 +02:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
if (pg_tablespace_aclmask(spc_oid, roleid, mode, ACLMASK_ANY) != 0)
|
2004-06-18 08:14:31 +02:00
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
else
|
|
|
|
|
return ACLCHECK_NO_PRIV;
|
|
|
|
|
}
|
|
|
|
|
|
2008-12-19 17:25:19 +01:00
|
|
|
/*
|
|
|
|
|
* Exported routine for checking a user's access privileges to a foreign
|
|
|
|
|
* data wrapper
|
|
|
|
|
*/
|
|
|
|
|
AclResult
|
|
|
|
|
pg_foreign_data_wrapper_aclcheck(Oid fdw_oid, Oid roleid, AclMode mode)
|
|
|
|
|
{
|
|
|
|
|
if (pg_foreign_data_wrapper_aclmask(fdw_oid, roleid, mode, ACLMASK_ANY) != 0)
|
|
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
else
|
|
|
|
|
return ACLCHECK_NO_PRIV;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Exported routine for checking a user's access privileges to a foreign
|
|
|
|
|
* server
|
|
|
|
|
*/
|
|
|
|
|
AclResult
|
|
|
|
|
pg_foreign_server_aclcheck(Oid srv_oid, Oid roleid, AclMode mode)
|
|
|
|
|
{
|
|
|
|
|
if (pg_foreign_server_aclmask(srv_oid, roleid, mode, ACLMASK_ANY) != 0)
|
|
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
else
|
|
|
|
|
return ACLCHECK_NO_PRIV;
|
|
|
|
|
}
|
2004-05-11 19:36:13 +02:00
|
|
|
|
2002-03-22 00:27:25 +01:00
|
|
|
/*
|
|
|
|
|
* Ownership check for a relation (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_class_ownercheck(Oid class_oid, Oid roleid)
|
2002-03-22 00:27:25 +01:00
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid ownerId;
|
2002-03-22 00:27:25 +01:00
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
2005-06-28 07:09:14 +02:00
|
|
|
if (superuser_arg(roleid))
|
2002-03-22 00:27:25 +01:00
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(RELOID,
|
|
|
|
|
ObjectIdGetDatum(class_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_TABLE),
|
2005-10-15 04:49:52 +02:00
|
|
|
errmsg("relation with OID %u does not exist", class_oid)));
|
2002-03-22 00:27:25 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
ownerId = ((Form_pg_class) GETSTRUCT(tuple))->relowner;
|
2002-03-22 00:27:25 +01:00
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
2005-07-26 18:38:29 +02:00
|
|
|
return has_privs_of_role(roleid, ownerId);
|
2002-03-22 00:27:25 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ownership check for a type (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_type_ownercheck(Oid type_oid, Oid roleid)
|
2002-03-22 00:27:25 +01:00
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid ownerId;
|
2002-03-22 00:27:25 +01:00
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
2005-06-28 07:09:14 +02:00
|
|
|
if (superuser_arg(roleid))
|
2002-03-22 00:27:25 +01:00
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(TYPEOID,
|
|
|
|
|
ObjectIdGetDatum(type_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
|
errmsg("type with OID %u does not exist", type_oid)));
|
2002-03-22 00:27:25 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
ownerId = ((Form_pg_type) GETSTRUCT(tuple))->typowner;
|
2002-03-22 00:27:25 +01:00
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
2005-07-26 18:38:29 +02:00
|
|
|
return has_privs_of_role(roleid, ownerId);
|
2002-03-22 00:27:25 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ownership check for an operator (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_oper_ownercheck(Oid oper_oid, Oid roleid)
|
2002-03-22 00:27:25 +01:00
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid ownerId;
|
2002-03-22 00:27:25 +01:00
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
2005-06-28 07:09:14 +02:00
|
|
|
if (superuser_arg(roleid))
|
2002-03-22 00:27:25 +01:00
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(OPEROID,
|
|
|
|
|
ObjectIdGetDatum(oper_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_FUNCTION),
|
2005-10-15 04:49:52 +02:00
|
|
|
errmsg("operator with OID %u does not exist", oper_oid)));
|
2002-03-22 00:27:25 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
ownerId = ((Form_pg_operator) GETSTRUCT(tuple))->oprowner;
|
2002-03-22 00:27:25 +01:00
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
2005-07-26 18:38:29 +02:00
|
|
|
return has_privs_of_role(roleid, ownerId);
|
2002-03-22 00:27:25 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ownership check for a function (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_proc_ownercheck(Oid proc_oid, Oid roleid)
|
2002-03-22 00:27:25 +01:00
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid ownerId;
|
2002-03-22 00:27:25 +01:00
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
2005-06-28 07:09:14 +02:00
|
|
|
if (superuser_arg(roleid))
|
2002-03-22 00:27:25 +01:00
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(PROCOID,
|
|
|
|
|
ObjectIdGetDatum(proc_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_FUNCTION),
|
2005-10-15 04:49:52 +02:00
|
|
|
errmsg("function with OID %u does not exist", proc_oid)));
|
2002-03-22 00:27:25 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
ownerId = ((Form_pg_proc) GETSTRUCT(tuple))->proowner;
|
2002-03-22 00:27:25 +01:00
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
2005-07-26 18:38:29 +02:00
|
|
|
return has_privs_of_role(roleid, ownerId);
|
2002-03-22 00:27:25 +01:00
|
|
|
}
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2007-03-26 18:58:41 +02:00
|
|
|
/*
|
|
|
|
|
* Ownership check for a procedural language (specified by OID)
|
|
|
|
|
*/
|
|
|
|
|
bool
|
|
|
|
|
pg_language_ownercheck(Oid lan_oid, Oid roleid)
|
|
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
Oid ownerId;
|
|
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(roleid))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(LANGOID,
|
|
|
|
|
ObjectIdGetDatum(lan_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_FUNCTION),
|
|
|
|
|
errmsg("language with OID %u does not exist", lan_oid)));
|
|
|
|
|
|
|
|
|
|
ownerId = ((Form_pg_language) GETSTRUCT(tuple))->lanowner;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return has_privs_of_role(roleid, ownerId);
|
|
|
|
|
}
|
|
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
/*
|
|
|
|
|
* Ownership check for a namespace (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_namespace_ownercheck(Oid nsp_oid, Oid roleid)
|
2002-04-21 02:26:44 +02:00
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid ownerId;
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
2005-06-28 07:09:14 +02:00
|
|
|
if (superuser_arg(roleid))
|
2002-04-21 02:26:44 +02:00
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(NAMESPACEOID,
|
|
|
|
|
ObjectIdGetDatum(nsp_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_SCHEMA),
|
|
|
|
|
errmsg("schema with OID %u does not exist", nsp_oid)));
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
ownerId = ((Form_pg_namespace) GETSTRUCT(tuple))->nspowner;
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
2005-07-26 18:38:29 +02:00
|
|
|
return has_privs_of_role(roleid, ownerId);
|
2002-04-21 02:26:44 +02:00
|
|
|
}
|
2002-07-30 00:14:11 +02:00
|
|
|
|
2004-06-18 08:14:31 +02:00
|
|
|
/*
|
|
|
|
|
* Ownership check for a tablespace (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_tablespace_ownercheck(Oid spc_oid, Oid roleid)
|
2004-06-18 08:14:31 +02:00
|
|
|
{
|
|
|
|
|
Relation pg_tablespace;
|
|
|
|
|
ScanKeyData entry[1];
|
2005-11-22 19:17:34 +01:00
|
|
|
SysScanDesc scan;
|
2004-06-18 08:14:31 +02:00
|
|
|
HeapTuple spctuple;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid spcowner;
|
2004-06-18 08:14:31 +02:00
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
2005-06-28 07:09:14 +02:00
|
|
|
if (superuser_arg(roleid))
|
2004-06-18 08:14:31 +02:00
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
/* There's no syscache for pg_tablespace, so must look the hard way */
|
2005-04-14 22:03:27 +02:00
|
|
|
pg_tablespace = heap_open(TableSpaceRelationId, AccessShareLock);
|
2004-06-18 08:14:31 +02:00
|
|
|
ScanKeyInit(&entry[0],
|
|
|
|
|
ObjectIdAttributeNumber,
|
|
|
|
|
BTEqualStrategyNumber, F_OIDEQ,
|
|
|
|
|
ObjectIdGetDatum(spc_oid));
|
2005-11-21 13:49:33 +01:00
|
|
|
scan = systable_beginscan(pg_tablespace, TablespaceOidIndexId, true,
|
|
|
|
|
SnapshotNow, 1, entry);
|
2004-06-18 08:14:31 +02:00
|
|
|
|
2005-11-21 13:49:33 +01:00
|
|
|
spctuple = systable_getnext(scan);
|
2004-06-18 08:14:31 +02:00
|
|
|
|
|
|
|
|
if (!HeapTupleIsValid(spctuple))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
2005-10-15 04:49:52 +02:00
|
|
|
errmsg("tablespace with OID %u does not exist", spc_oid)));
|
2004-06-18 08:14:31 +02:00
|
|
|
|
|
|
|
|
spcowner = ((Form_pg_tablespace) GETSTRUCT(spctuple))->spcowner;
|
|
|
|
|
|
2005-11-21 13:49:33 +01:00
|
|
|
systable_endscan(scan);
|
2004-06-18 08:14:31 +02:00
|
|
|
heap_close(pg_tablespace, AccessShareLock);
|
|
|
|
|
|
2005-07-26 18:38:29 +02:00
|
|
|
return has_privs_of_role(roleid, spcowner);
|
2004-06-18 08:14:31 +02:00
|
|
|
}
|
|
|
|
|
|
2002-07-30 00:14:11 +02:00
|
|
|
/*
|
|
|
|
|
* Ownership check for an operator class (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_opclass_ownercheck(Oid opc_oid, Oid roleid)
|
2002-07-30 00:14:11 +02:00
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid ownerId;
|
2002-07-30 00:14:11 +02:00
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
2005-06-28 07:09:14 +02:00
|
|
|
if (superuser_arg(roleid))
|
2002-07-30 00:14:11 +02:00
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(CLAOID,
|
|
|
|
|
ObjectIdGetDatum(opc_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
|
errmsg("operator class with OID %u does not exist",
|
|
|
|
|
opc_oid)));
|
2002-07-30 00:14:11 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
ownerId = ((Form_pg_opclass) GETSTRUCT(tuple))->opcowner;
|
2002-07-30 00:14:11 +02:00
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
2005-07-26 18:38:29 +02:00
|
|
|
return has_privs_of_role(roleid, ownerId);
|
2002-07-30 00:14:11 +02:00
|
|
|
}
|
2003-06-27 16:45:32 +02:00
|
|
|
|
2007-01-23 06:07:18 +01:00
|
|
|
/*
|
|
|
|
|
* Ownership check for an operator family (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
|
|
|
|
pg_opfamily_ownercheck(Oid opf_oid, Oid roleid)
|
|
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
Oid ownerId;
|
|
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(roleid))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(OPFAMILYOID,
|
|
|
|
|
ObjectIdGetDatum(opf_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
|
errmsg("operator family with OID %u does not exist",
|
|
|
|
|
opf_oid)));
|
|
|
|
|
|
|
|
|
|
ownerId = ((Form_pg_opfamily) GETSTRUCT(tuple))->opfowner;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return has_privs_of_role(roleid, ownerId);
|
|
|
|
|
}
|
|
|
|
|
|
2007-08-21 03:11:32 +02:00
|
|
|
/*
|
|
|
|
|
* Ownership check for a text search dictionary (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
|
|
|
|
pg_ts_dict_ownercheck(Oid dict_oid, Oid roleid)
|
|
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
Oid ownerId;
|
|
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(roleid))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(TSDICTOID,
|
|
|
|
|
ObjectIdGetDatum(dict_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
|
errmsg("text search dictionary with OID %u does not exist",
|
|
|
|
|
dict_oid)));
|
|
|
|
|
|
|
|
|
|
ownerId = ((Form_pg_ts_dict) GETSTRUCT(tuple))->dictowner;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return has_privs_of_role(roleid, ownerId);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ownership check for a text search configuration (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
|
|
|
|
pg_ts_config_ownercheck(Oid cfg_oid, Oid roleid)
|
|
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
Oid ownerId;
|
|
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(roleid))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(TSCONFIGOID,
|
|
|
|
|
ObjectIdGetDatum(cfg_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
2007-11-15 22:14:46 +01:00
|
|
|
errmsg("text search configuration with OID %u does not exist",
|
|
|
|
|
cfg_oid)));
|
2007-08-21 03:11:32 +02:00
|
|
|
|
|
|
|
|
ownerId = ((Form_pg_ts_config) GETSTRUCT(tuple))->cfgowner;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return has_privs_of_role(roleid, ownerId);
|
|
|
|
|
}
|
|
|
|
|
|
2008-12-19 17:25:19 +01:00
|
|
|
/*
|
|
|
|
|
* Ownership check for a foreign server (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
|
|
|
|
pg_foreign_server_ownercheck(Oid srv_oid, Oid roleid)
|
|
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
Oid ownerId;
|
|
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(roleid))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(FOREIGNSERVEROID,
|
|
|
|
|
ObjectIdGetDatum(srv_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
|
errmsg("foreign server with OID %u does not exist",
|
|
|
|
|
srv_oid)));
|
|
|
|
|
|
|
|
|
|
ownerId = ((Form_pg_foreign_server) GETSTRUCT(tuple))->srvowner;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return has_privs_of_role(roleid, ownerId);
|
|
|
|
|
}
|
2007-08-21 03:11:32 +02:00
|
|
|
|
2003-06-27 16:45:32 +02:00
|
|
|
/*
|
2004-06-18 08:14:31 +02:00
|
|
|
* Ownership check for a database (specified by OID).
|
2003-06-27 16:45:32 +02:00
|
|
|
*/
|
|
|
|
|
bool
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_database_ownercheck(Oid db_oid, Oid roleid)
|
2003-06-27 16:45:32 +02:00
|
|
|
{
|
2006-05-04 00:45:26 +02:00
|
|
|
HeapTuple tuple;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid dba;
|
2003-06-27 16:45:32 +02:00
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
2005-06-28 07:09:14 +02:00
|
|
|
if (superuser_arg(roleid))
|
2003-06-27 16:45:32 +02:00
|
|
|
return true;
|
|
|
|
|
|
2006-05-04 00:45:26 +02:00
|
|
|
tuple = SearchSysCache(DATABASEOID,
|
|
|
|
|
ObjectIdGetDatum(db_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_DATABASE),
|
|
|
|
|
errmsg("database with OID %u does not exist", db_oid)));
|
2003-06-27 16:45:32 +02:00
|
|
|
|
2006-05-04 00:45:26 +02:00
|
|
|
dba = ((Form_pg_database) GETSTRUCT(tuple))->datdba;
|
2003-06-27 16:45:32 +02:00
|
|
|
|
2006-05-04 00:45:26 +02:00
|
|
|
ReleaseSysCache(tuple);
|
2003-06-27 16:45:32 +02:00
|
|
|
|
2005-07-26 18:38:29 +02:00
|
|
|
return has_privs_of_role(roleid, dba);
|
2003-06-27 16:45:32 +02:00
|
|
|
}
|
2003-11-21 23:32:49 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ownership check for a conversion (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_conversion_ownercheck(Oid conv_oid, Oid roleid)
|
2003-11-21 23:32:49 +01:00
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
2005-10-15 04:49:52 +02:00
|
|
|
Oid ownerId;
|
2003-11-21 23:32:49 +01:00
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
2005-06-28 07:09:14 +02:00
|
|
|
if (superuser_arg(roleid))
|
2003-11-21 23:32:49 +01:00
|
|
|
return true;
|
|
|
|
|
|
2007-02-14 02:58:58 +01:00
|
|
|
tuple = SearchSysCache(CONVOID,
|
2003-11-21 23:32:49 +01:00
|
|
|
ObjectIdGetDatum(conv_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
2005-10-15 04:49:52 +02:00
|
|
|
errmsg("conversion with OID %u does not exist", conv_oid)));
|
2003-11-21 23:32:49 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
ownerId = ((Form_pg_conversion) GETSTRUCT(tuple))->conowner;
|
2003-11-21 23:32:49 +01:00
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
2005-07-26 18:38:29 +02:00
|
|
|
return has_privs_of_role(roleid, ownerId);
|
2003-11-21 23:32:49 +01:00
|
|
|
}
|
