1997-12-04 01:34:01 +01:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
|
*
|
1999-02-14 00:22:53 +01:00
|
|
|
* user.c
|
2005-06-28 07:09:14 +02:00
|
|
|
* Commands for manipulating roles (formerly called users).
|
1997-12-04 01:34:01 +01:00
|
|
|
*
|
2009-01-01 18:24:05 +01:00
|
|
|
* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
|
2000-01-26 06:58:53 +01:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
1997-12-04 01:34:01 +01:00
|
|
|
*
|
2009-09-01 04:54:52 +02:00
|
|
|
* $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.188 2009/09/01 02:54:51 alvherre Exp $
|
1997-12-04 01:34:01 +01:00
|
|
|
*
|
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
|
*/
|
2001-06-12 07:55:50 +02:00
|
|
|
#include "postgres.h"
|
|
|
|
|
|
2005-06-29 22:34:15 +02:00
|
|
|
#include "access/genam.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "access/heapam.h"
|
2006-07-13 18:49:20 +02:00
|
|
|
#include "access/xact.h"
|
2005-07-07 22:40:02 +02:00
|
|
|
#include "catalog/dependency.h"
|
2002-08-30 03:01:02 +02:00
|
|
|
#include "catalog/indexing.h"
|
2005-06-28 07:09:14 +02:00
|
|
|
#include "catalog/pg_auth_members.h"
|
|
|
|
|
#include "catalog/pg_authid.h"
|
2006-02-12 04:22:21 +01:00
|
|
|
#include "commands/comment.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "commands/user.h"
|
2006-06-20 21:56:52 +02:00
|
|
|
#include "libpq/md5.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "miscadmin.h"
|
2008-05-12 02:00:54 +02:00
|
|
|
#include "storage/lmgr.h"
|
2005-06-29 22:34:15 +02:00
|
|
|
#include "utils/acl.h"
|
2000-01-14 23:11:38 +01:00
|
|
|
#include "utils/builtins.h"
|
2000-05-28 19:56:29 +02:00
|
|
|
#include "utils/fmgroids.h"
|
2002-03-01 23:45:19 +01:00
|
|
|
#include "utils/guc.h"
|
2001-06-14 03:09:22 +02:00
|
|
|
#include "utils/lsyscache.h"
|
1999-07-16 01:04:24 +02:00
|
|
|
#include "utils/syscache.h"
|
2008-03-26 22:10:39 +01:00
|
|
|
#include "utils/tqual.h"
|
1997-12-04 01:34:01 +01:00
|
|
|
|
2001-06-12 07:55:50 +02:00
|
|
|
|
2001-08-15 20:42:16 +02:00
|
|
|
extern bool Password_encryption;
|
1998-12-14 07:50:32 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
static List *roleNamesToIds(List *memberNames);
|
|
|
|
|
static void AddRoleMems(const char *rolename, Oid roleid,
|
2005-10-15 04:49:52 +02:00
|
|
|
List *memberNames, List *memberIds,
|
|
|
|
|
Oid grantorId, bool admin_opt);
|
2005-06-28 07:09:14 +02:00
|
|
|
static void DelRoleMems(const char *rolename, Oid roleid,
|
2005-10-15 04:49:52 +02:00
|
|
|
List *memberNames, List *memberIds,
|
|
|
|
|
bool admin_opt);
|
2002-04-04 06:25:54 +02:00
|
|
|
|
|
|
|
|
|
2005-06-29 22:34:15 +02:00
|
|
|
/* Check if current user has createrole privileges */
|
|
|
|
|
static bool
|
|
|
|
|
have_createrole_privilege(void)
|
|
|
|
|
{
|
|
|
|
|
bool result = false;
|
|
|
|
|
HeapTuple utup;
|
|
|
|
|
|
|
|
|
|
/* Superusers can always do everything */
|
|
|
|
|
if (superuser())
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
utup = SearchSysCache(AUTHOID,
|
|
|
|
|
ObjectIdGetDatum(GetUserId()),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (HeapTupleIsValid(utup))
|
|
|
|
|
{
|
|
|
|
|
result = ((Form_pg_authid) GETSTRUCT(utup))->rolcreaterole;
|
|
|
|
|
ReleaseSysCache(utup);
|
|
|
|
|
}
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2000-01-14 23:11:38 +01:00
|
|
|
/*
|
2005-06-28 07:09:14 +02:00
|
|
|
* CREATE ROLE
|
1997-12-04 01:34:01 +01:00
|
|
|
*/
|
1998-02-26 05:46:47 +01:00
|
|
|
void
|
2005-06-28 07:09:14 +02:00
|
|
|
CreateRole(CreateRoleStmt *stmt)
|
1998-02-26 05:46:47 +01:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
Relation pg_authid_rel;
|
|
|
|
|
TupleDesc pg_authid_dsc;
|
1999-05-25 18:15:34 +02:00
|
|
|
HeapTuple tuple;
|
2005-06-28 07:09:14 +02:00
|
|
|
Datum new_record[Natts_pg_authid];
|
2008-11-02 02:45:28 +01:00
|
|
|
bool new_record_nulls[Natts_pg_authid];
|
2005-06-28 07:09:14 +02:00
|
|
|
Oid roleid;
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *item;
|
|
|
|
|
ListCell *option;
|
2005-10-15 04:49:52 +02:00
|
|
|
char *password = NULL; /* user password */
|
2001-10-25 07:50:21 +02:00
|
|
|
bool encrypt_password = Password_encryption; /* encrypt password? */
|
|
|
|
|
char encrypted_password[MD5_PASSWD_LEN + 1];
|
2005-10-15 04:49:52 +02:00
|
|
|
bool issuper = false; /* Make the user a superuser? */
|
|
|
|
|
bool inherit = true; /* Auto inherit privileges? */
|
2005-06-28 07:09:14 +02:00
|
|
|
bool createrole = false; /* Can this user create roles? */
|
2001-10-25 07:50:21 +02:00
|
|
|
bool createdb = false; /* Can the user create databases? */
|
2005-06-28 07:09:14 +02:00
|
|
|
bool canlogin = false; /* Can this user login? */
|
2005-10-15 04:49:52 +02:00
|
|
|
int connlimit = -1; /* maximum connections allowed */
|
|
|
|
|
List *addroleto = NIL; /* roles to make this a member of */
|
2005-06-28 21:51:26 +02:00
|
|
|
List *rolemembers = NIL; /* roles to be members of this role */
|
|
|
|
|
List *adminmembers = NIL; /* roles to be admins of this role */
|
|
|
|
|
char *validUntil = NULL; /* time the login is valid until */
|
2001-08-15 20:42:16 +02:00
|
|
|
DefElem *dpassword = NULL;
|
2005-06-29 22:34:15 +02:00
|
|
|
DefElem *dissuper = NULL;
|
2005-07-26 18:38:29 +02:00
|
|
|
DefElem *dinherit = NULL;
|
2005-06-28 07:09:14 +02:00
|
|
|
DefElem *dcreaterole = NULL;
|
2005-06-29 22:34:15 +02:00
|
|
|
DefElem *dcreatedb = NULL;
|
2005-06-28 07:09:14 +02:00
|
|
|
DefElem *dcanlogin = NULL;
|
2005-07-31 19:19:22 +02:00
|
|
|
DefElem *dconnlimit = NULL;
|
2005-06-28 21:51:26 +02:00
|
|
|
DefElem *daddroleto = NULL;
|
|
|
|
|
DefElem *drolemembers = NULL;
|
|
|
|
|
DefElem *dadminmembers = NULL;
|
2001-08-15 20:42:16 +02:00
|
|
|
DefElem *dvalidUntil = NULL;
|
2001-07-11 00:09:29 +02:00
|
|
|
|
2005-07-26 18:38:29 +02:00
|
|
|
/* The defaults can vary depending on the original statement type */
|
|
|
|
|
switch (stmt->stmt_type)
|
|
|
|
|
{
|
|
|
|
|
case ROLESTMT_ROLE:
|
|
|
|
|
break;
|
|
|
|
|
case ROLESTMT_USER:
|
|
|
|
|
canlogin = true;
|
|
|
|
|
/* may eventually want inherit to default to false here */
|
|
|
|
|
break;
|
|
|
|
|
case ROLESTMT_GROUP:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2001-07-11 00:09:29 +02:00
|
|
|
/* Extract options from the statement node tree */
|
|
|
|
|
foreach(option, stmt->options)
|
|
|
|
|
{
|
2001-10-25 07:50:21 +02:00
|
|
|
DefElem *defel = (DefElem *) lfirst(option);
|
2001-07-11 00:09:29 +02:00
|
|
|
|
2001-09-19 11:48:42 +02:00
|
|
|
if (strcmp(defel->defname, "password") == 0 ||
|
|
|
|
|
strcmp(defel->defname, "encryptedPassword") == 0 ||
|
2001-10-25 07:50:21 +02:00
|
|
|
strcmp(defel->defname, "unencryptedPassword") == 0)
|
|
|
|
|
{
|
2001-08-15 20:42:16 +02:00
|
|
|
if (dpassword)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2001-08-15 20:42:16 +02:00
|
|
|
dpassword = defel;
|
2001-09-19 11:48:42 +02:00
|
|
|
if (strcmp(defel->defname, "encryptedPassword") == 0)
|
2001-08-15 20:42:16 +02:00
|
|
|
encrypt_password = true;
|
2001-09-19 11:48:42 +02:00
|
|
|
else if (strcmp(defel->defname, "unencryptedPassword") == 0)
|
2001-08-15 20:42:16 +02:00
|
|
|
encrypt_password = false;
|
|
|
|
|
}
|
2001-10-25 07:50:21 +02:00
|
|
|
else if (strcmp(defel->defname, "sysid") == 0)
|
|
|
|
|
{
|
2005-07-26 18:38:29 +02:00
|
|
|
ereport(NOTICE,
|
2005-06-28 07:09:14 +02:00
|
|
|
(errmsg("SYSID can no longer be specified")));
|
|
|
|
|
}
|
2005-06-29 22:34:15 +02:00
|
|
|
else if (strcmp(defel->defname, "superuser") == 0)
|
|
|
|
|
{
|
|
|
|
|
if (dissuper)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
|
|
|
|
dissuper = defel;
|
|
|
|
|
}
|
2005-07-26 18:38:29 +02:00
|
|
|
else if (strcmp(defel->defname, "inherit") == 0)
|
|
|
|
|
{
|
|
|
|
|
if (dinherit)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
|
|
|
|
dinherit = defel;
|
|
|
|
|
}
|
2005-06-28 07:09:14 +02:00
|
|
|
else if (strcmp(defel->defname, "createrole") == 0)
|
|
|
|
|
{
|
|
|
|
|
if (dcreaterole)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2005-06-28 07:09:14 +02:00
|
|
|
dcreaterole = defel;
|
2001-08-15 20:42:16 +02:00
|
|
|
}
|
2001-10-25 07:50:21 +02:00
|
|
|
else if (strcmp(defel->defname, "createdb") == 0)
|
|
|
|
|
{
|
2001-08-15 20:42:16 +02:00
|
|
|
if (dcreatedb)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2001-08-15 20:42:16 +02:00
|
|
|
dcreatedb = defel;
|
|
|
|
|
}
|
2005-06-28 07:09:14 +02:00
|
|
|
else if (strcmp(defel->defname, "canlogin") == 0)
|
2001-10-25 07:50:21 +02:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
if (dcanlogin)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2005-06-28 07:09:14 +02:00
|
|
|
dcanlogin = defel;
|
2001-08-15 20:42:16 +02:00
|
|
|
}
|
2005-07-31 19:19:22 +02:00
|
|
|
else if (strcmp(defel->defname, "connectionlimit") == 0)
|
|
|
|
|
{
|
|
|
|
|
if (dconnlimit)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
|
|
|
|
dconnlimit = defel;
|
|
|
|
|
}
|
2005-06-28 21:51:26 +02:00
|
|
|
else if (strcmp(defel->defname, "addroleto") == 0)
|
2001-10-25 07:50:21 +02:00
|
|
|
{
|
2005-06-28 21:51:26 +02:00
|
|
|
if (daddroleto)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2005-06-28 21:51:26 +02:00
|
|
|
daddroleto = defel;
|
2005-06-28 07:09:14 +02:00
|
|
|
}
|
2005-06-28 21:51:26 +02:00
|
|
|
else if (strcmp(defel->defname, "rolemembers") == 0)
|
2005-06-28 07:09:14 +02:00
|
|
|
{
|
2005-06-28 21:51:26 +02:00
|
|
|
if (drolemembers)
|
2005-06-28 07:09:14 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2005-06-28 21:51:26 +02:00
|
|
|
drolemembers = defel;
|
|
|
|
|
}
|
|
|
|
|
else if (strcmp(defel->defname, "adminmembers") == 0)
|
|
|
|
|
{
|
|
|
|
|
if (dadminmembers)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
|
|
|
|
dadminmembers = defel;
|
2001-08-15 20:42:16 +02:00
|
|
|
}
|
2001-10-25 07:50:21 +02:00
|
|
|
else if (strcmp(defel->defname, "validUntil") == 0)
|
|
|
|
|
{
|
2001-08-15 20:42:16 +02:00
|
|
|
if (dvalidUntil)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2001-08-15 20:42:16 +02:00
|
|
|
dvalidUntil = defel;
|
|
|
|
|
}
|
|
|
|
|
else
|
2003-07-19 01:20:33 +02:00
|
|
|
elog(ERROR, "option \"%s\" not recognized",
|
2001-08-15 20:42:16 +02:00
|
|
|
defel->defname);
|
|
|
|
|
}
|
|
|
|
|
|
2005-12-23 17:46:39 +01:00
|
|
|
if (dpassword && dpassword->arg)
|
2005-06-29 22:34:15 +02:00
|
|
|
password = strVal(dpassword->arg);
|
|
|
|
|
if (dissuper)
|
|
|
|
|
issuper = intVal(dissuper->arg) != 0;
|
2005-07-26 18:38:29 +02:00
|
|
|
if (dinherit)
|
|
|
|
|
inherit = intVal(dinherit->arg) != 0;
|
2005-06-28 07:09:14 +02:00
|
|
|
if (dcreaterole)
|
|
|
|
|
createrole = intVal(dcreaterole->arg) != 0;
|
2005-06-29 22:34:15 +02:00
|
|
|
if (dcreatedb)
|
|
|
|
|
createdb = intVal(dcreatedb->arg) != 0;
|
2005-06-28 07:09:14 +02:00
|
|
|
if (dcanlogin)
|
|
|
|
|
canlogin = intVal(dcanlogin->arg) != 0;
|
2005-07-31 19:19:22 +02:00
|
|
|
if (dconnlimit)
|
2009-01-30 18:24:47 +01:00
|
|
|
{
|
2005-07-31 19:19:22 +02:00
|
|
|
connlimit = intVal(dconnlimit->arg);
|
2009-01-30 18:24:47 +01:00
|
|
|
if (connlimit < -1)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
|
|
|
|
|
errmsg("invalid connection limit: %d", connlimit)));
|
|
|
|
|
}
|
2005-06-28 21:51:26 +02:00
|
|
|
if (daddroleto)
|
|
|
|
|
addroleto = (List *) daddroleto->arg;
|
|
|
|
|
if (drolemembers)
|
|
|
|
|
rolemembers = (List *) drolemembers->arg;
|
|
|
|
|
if (dadminmembers)
|
|
|
|
|
adminmembers = (List *) dadminmembers->arg;
|
2005-06-29 22:34:15 +02:00
|
|
|
if (dvalidUntil)
|
|
|
|
|
validUntil = strVal(dvalidUntil->arg);
|
1999-04-02 08:16:36 +02:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/* Check some permissions first */
|
2005-06-29 22:34:15 +02:00
|
|
|
if (issuper)
|
|
|
|
|
{
|
|
|
|
|
if (!superuser())
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
|
errmsg("must be superuser to create superusers")));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (!have_createrole_privilege())
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
|
errmsg("permission denied to create role")));
|
|
|
|
|
}
|
2000-01-14 23:11:38 +01:00
|
|
|
|
2005-07-26 00:12:34 +02:00
|
|
|
if (strcmp(stmt->role, "public") == 0 ||
|
|
|
|
|
strcmp(stmt->role, "none") == 0)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_RESERVED_NAME),
|
2005-06-28 07:09:14 +02:00
|
|
|
errmsg("role name \"%s\" is reserved",
|
|
|
|
|
stmt->role)));
|
2002-04-18 23:16:16 +02:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Check the pg_authid relation to be certain the role doesn't already
|
2006-05-04 18:07:29 +02:00
|
|
|
* exist.
|
1998-02-26 05:46:47 +01:00
|
|
|
*/
|
2006-05-04 18:07:29 +02:00
|
|
|
pg_authid_rel = heap_open(AuthIdRelationId, RowExclusiveLock);
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_authid_dsc = RelationGetDescr(pg_authid_rel);
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
tuple = SearchSysCache(AUTHNAME,
|
|
|
|
|
PointerGetDatum(stmt->role),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (HeapTupleIsValid(tuple))
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_DUPLICATE_OBJECT),
|
2005-06-28 07:09:14 +02:00
|
|
|
errmsg("role \"%s\" already exists",
|
|
|
|
|
stmt->role)));
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
|
|
|
|
* Build a tuple to insert
|
|
|
|
|
*/
|
2002-04-27 23:24:34 +02:00
|
|
|
MemSet(new_record, 0, sizeof(new_record));
|
2008-11-02 02:45:28 +01:00
|
|
|
MemSet(new_record_nulls, false, sizeof(new_record_nulls));
|
2002-04-27 23:24:34 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
new_record[Anum_pg_authid_rolname - 1] =
|
|
|
|
|
DirectFunctionCall1(namein, CStringGetDatum(stmt->role));
|
|
|
|
|
|
|
|
|
|
new_record[Anum_pg_authid_rolsuper - 1] = BoolGetDatum(issuper);
|
2005-07-26 18:38:29 +02:00
|
|
|
new_record[Anum_pg_authid_rolinherit - 1] = BoolGetDatum(inherit);
|
2005-06-28 07:09:14 +02:00
|
|
|
new_record[Anum_pg_authid_rolcreaterole - 1] = BoolGetDatum(createrole);
|
|
|
|
|
new_record[Anum_pg_authid_rolcreatedb - 1] = BoolGetDatum(createdb);
|
|
|
|
|
/* superuser gets catupdate right by default */
|
|
|
|
|
new_record[Anum_pg_authid_rolcatupdate - 1] = BoolGetDatum(issuper);
|
|
|
|
|
new_record[Anum_pg_authid_rolcanlogin - 1] = BoolGetDatum(canlogin);
|
2005-07-31 19:19:22 +02:00
|
|
|
new_record[Anum_pg_authid_rolconnlimit - 1] = Int32GetDatum(connlimit);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2001-07-11 00:09:29 +02:00
|
|
|
if (password)
|
2001-08-15 20:42:16 +02:00
|
|
|
{
|
|
|
|
|
if (!encrypt_password || isMD5(password))
|
2005-06-28 07:09:14 +02:00
|
|
|
new_record[Anum_pg_authid_rolpassword - 1] =
|
2008-03-25 23:42:46 +01:00
|
|
|
CStringGetTextDatum(password);
|
2001-08-15 20:42:16 +02:00
|
|
|
else
|
|
|
|
|
{
|
2005-10-17 18:24:20 +02:00
|
|
|
if (!pg_md5_encrypt(password, stmt->role, strlen(stmt->role),
|
|
|
|
|
encrypted_password))
|
2003-07-19 01:20:33 +02:00
|
|
|
elog(ERROR, "password encryption failed");
|
2005-06-28 07:09:14 +02:00
|
|
|
new_record[Anum_pg_authid_rolpassword - 1] =
|
2008-03-25 23:42:46 +01:00
|
|
|
CStringGetTextDatum(encrypted_password);
|
2001-08-15 20:42:16 +02:00
|
|
|
}
|
|
|
|
|
}
|
2002-04-27 23:24:34 +02:00
|
|
|
else
|
2008-11-02 02:45:28 +01:00
|
|
|
new_record_nulls[Anum_pg_authid_rolpassword - 1] = true;
|
2002-04-27 23:24:34 +02:00
|
|
|
|
2001-07-11 00:09:29 +02:00
|
|
|
if (validUntil)
|
2005-06-28 07:09:14 +02:00
|
|
|
new_record[Anum_pg_authid_rolvaliduntil - 1] =
|
|
|
|
|
DirectFunctionCall3(timestamptz_in,
|
|
|
|
|
CStringGetDatum(validUntil),
|
|
|
|
|
ObjectIdGetDatum(InvalidOid),
|
|
|
|
|
Int32GetDatum(-1));
|
|
|
|
|
|
2002-04-27 23:24:34 +02:00
|
|
|
else
|
2008-11-02 02:45:28 +01:00
|
|
|
new_record_nulls[Anum_pg_authid_rolvaliduntil - 1] = true;
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2008-11-02 02:45:28 +01:00
|
|
|
new_record_nulls[Anum_pg_authid_rolconfig - 1] = true;
|
2002-03-01 23:45:19 +01:00
|
|
|
|
2008-11-02 02:45:28 +01:00
|
|
|
tuple = heap_form_tuple(pg_authid_dsc, new_record, new_record_nulls);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
|
|
|
|
/*
|
2005-06-28 07:09:14 +02:00
|
|
|
* Insert new record in the pg_authid table
|
2000-04-12 19:17:23 +02:00
|
|
|
*/
|
2005-06-28 07:09:14 +02:00
|
|
|
roleid = simple_heap_insert(pg_authid_rel, tuple);
|
|
|
|
|
CatalogUpdateIndexes(pg_authid_rel, tuple);
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2005-06-29 22:34:15 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Advance command counter so we can see new record; else tests in
|
|
|
|
|
* AddRoleMems may fail.
|
2005-06-29 22:34:15 +02:00
|
|
|
*/
|
|
|
|
|
if (addroleto || adminmembers || rolemembers)
|
|
|
|
|
CommandCounterIncrement();
|
|
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
/*
|
2005-06-28 07:09:14 +02:00
|
|
|
* Add the new role to the specified existing roles.
|
1998-02-26 05:46:47 +01:00
|
|
|
*/
|
2005-06-28 21:51:26 +02:00
|
|
|
foreach(item, addroleto)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2005-10-15 04:49:52 +02:00
|
|
|
char *oldrolename = strVal(lfirst(item));
|
|
|
|
|
Oid oldroleid = get_roleid_checked(oldrolename);
|
1999-12-16 18:24:19 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
AddRoleMems(oldrolename, oldroleid,
|
|
|
|
|
list_make1(makeString(stmt->role)),
|
|
|
|
|
list_make1_oid(roleid),
|
|
|
|
|
GetUserId(), false);
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Add the specified members to this new role. adminmembers get the admin
|
|
|
|
|
* option, rolemembers don't.
|
2005-06-28 07:09:14 +02:00
|
|
|
*/
|
|
|
|
|
AddRoleMems(stmt->role, roleid,
|
2005-06-28 21:51:26 +02:00
|
|
|
adminmembers, roleNamesToIds(adminmembers),
|
|
|
|
|
GetUserId(), true);
|
|
|
|
|
AddRoleMems(stmt->role, roleid,
|
|
|
|
|
rolemembers, roleNamesToIds(rolemembers),
|
2005-06-28 07:09:14 +02:00
|
|
|
GetUserId(), false);
|
|
|
|
|
|
1999-09-18 21:08:25 +02:00
|
|
|
/*
|
2009-09-01 04:54:52 +02:00
|
|
|
* Close pg_authid, but keep lock till commit.
|
1999-09-18 21:08:25 +02:00
|
|
|
*/
|
2005-06-28 07:09:14 +02:00
|
|
|
heap_close(pg_authid_rel, NoLock);
|
1997-12-04 01:34:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2000-01-14 23:11:38 +01:00
|
|
|
/*
|
2005-06-28 07:09:14 +02:00
|
|
|
* ALTER ROLE
|
2005-07-27 00:37:50 +02:00
|
|
|
*
|
|
|
|
|
* Note: the rolemembers option accepted here is intended to support the
|
|
|
|
|
* backwards-compatible ALTER GROUP syntax. Although it will work to say
|
|
|
|
|
* "ALTER ROLE role ROLE rolenames", we don't document it.
|
2000-01-14 23:11:38 +01:00
|
|
|
*/
|
2002-04-26 21:29:47 +02:00
|
|
|
void
|
2005-06-28 07:09:14 +02:00
|
|
|
AlterRole(AlterRoleStmt *stmt)
|
1998-02-26 05:46:47 +01:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
Datum new_record[Natts_pg_authid];
|
2008-11-02 02:45:28 +01:00
|
|
|
bool new_record_nulls[Natts_pg_authid];
|
|
|
|
|
bool new_record_repl[Natts_pg_authid];
|
2005-06-28 07:09:14 +02:00
|
|
|
Relation pg_authid_rel;
|
|
|
|
|
TupleDesc pg_authid_dsc;
|
2000-04-12 19:17:23 +02:00
|
|
|
HeapTuple tuple,
|
|
|
|
|
new_tuple;
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *option;
|
2005-10-15 04:49:52 +02:00
|
|
|
char *password = NULL; /* user password */
|
2001-10-25 07:50:21 +02:00
|
|
|
bool encrypt_password = Password_encryption; /* encrypt password? */
|
|
|
|
|
char encrypted_password[MD5_PASSWD_LEN + 1];
|
2005-10-15 04:49:52 +02:00
|
|
|
int issuper = -1; /* Make the user a superuser? */
|
|
|
|
|
int inherit = -1; /* Auto inherit privileges? */
|
|
|
|
|
int createrole = -1; /* Can this user create roles? */
|
|
|
|
|
int createdb = -1; /* Can the user create databases? */
|
|
|
|
|
int canlogin = -1; /* Can this user login? */
|
|
|
|
|
int connlimit = -1; /* maximum connections allowed */
|
2005-06-28 21:51:26 +02:00
|
|
|
List *rolemembers = NIL; /* roles to be added/removed */
|
|
|
|
|
char *validUntil = NULL; /* time the login is valid until */
|
2001-07-11 00:09:29 +02:00
|
|
|
DefElem *dpassword = NULL;
|
2005-06-29 22:34:15 +02:00
|
|
|
DefElem *dissuper = NULL;
|
2005-07-26 18:38:29 +02:00
|
|
|
DefElem *dinherit = NULL;
|
2005-06-28 07:09:14 +02:00
|
|
|
DefElem *dcreaterole = NULL;
|
2005-06-29 22:34:15 +02:00
|
|
|
DefElem *dcreatedb = NULL;
|
2005-06-28 07:09:14 +02:00
|
|
|
DefElem *dcanlogin = NULL;
|
2005-07-31 19:19:22 +02:00
|
|
|
DefElem *dconnlimit = NULL;
|
2005-06-28 21:51:26 +02:00
|
|
|
DefElem *drolemembers = NULL;
|
2005-06-29 22:34:15 +02:00
|
|
|
DefElem *dvalidUntil = NULL;
|
2005-06-28 07:09:14 +02:00
|
|
|
Oid roleid;
|
2001-07-11 00:09:29 +02:00
|
|
|
|
|
|
|
|
/* Extract options from the statement node tree */
|
2001-10-25 07:50:21 +02:00
|
|
|
foreach(option, stmt->options)
|
2001-07-11 00:09:29 +02:00
|
|
|
{
|
2001-10-25 07:50:21 +02:00
|
|
|
DefElem *defel = (DefElem *) lfirst(option);
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2001-09-19 11:48:42 +02:00
|
|
|
if (strcmp(defel->defname, "password") == 0 ||
|
|
|
|
|
strcmp(defel->defname, "encryptedPassword") == 0 ||
|
2001-10-25 07:50:21 +02:00
|
|
|
strcmp(defel->defname, "unencryptedPassword") == 0)
|
|
|
|
|
{
|
2001-07-11 00:09:29 +02:00
|
|
|
if (dpassword)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2001-07-11 00:09:29 +02:00
|
|
|
dpassword = defel;
|
2001-09-19 11:48:42 +02:00
|
|
|
if (strcmp(defel->defname, "encryptedPassword") == 0)
|
2001-08-15 20:42:16 +02:00
|
|
|
encrypt_password = true;
|
2001-09-19 11:48:42 +02:00
|
|
|
else if (strcmp(defel->defname, "unencryptedPassword") == 0)
|
2001-08-15 20:42:16 +02:00
|
|
|
encrypt_password = false;
|
2001-07-11 00:09:29 +02:00
|
|
|
}
|
2005-06-29 22:34:15 +02:00
|
|
|
else if (strcmp(defel->defname, "superuser") == 0)
|
2001-10-25 07:50:21 +02:00
|
|
|
{
|
2005-06-29 22:34:15 +02:00
|
|
|
if (dissuper)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2005-06-29 22:34:15 +02:00
|
|
|
dissuper = defel;
|
2001-07-11 00:09:29 +02:00
|
|
|
}
|
2005-07-26 18:38:29 +02:00
|
|
|
else if (strcmp(defel->defname, "inherit") == 0)
|
|
|
|
|
{
|
|
|
|
|
if (dinherit)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
|
|
|
|
dinherit = defel;
|
|
|
|
|
}
|
2005-06-28 07:09:14 +02:00
|
|
|
else if (strcmp(defel->defname, "createrole") == 0)
|
2001-10-25 07:50:21 +02:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
if (dcreaterole)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2005-06-28 07:09:14 +02:00
|
|
|
dcreaterole = defel;
|
|
|
|
|
}
|
2005-06-29 22:34:15 +02:00
|
|
|
else if (strcmp(defel->defname, "createdb") == 0)
|
2005-06-28 07:09:14 +02:00
|
|
|
{
|
2005-06-29 22:34:15 +02:00
|
|
|
if (dcreatedb)
|
2005-06-28 07:09:14 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2005-06-29 22:34:15 +02:00
|
|
|
dcreatedb = defel;
|
2005-06-28 07:09:14 +02:00
|
|
|
}
|
2005-06-29 22:34:15 +02:00
|
|
|
else if (strcmp(defel->defname, "canlogin") == 0)
|
2001-10-25 07:50:21 +02:00
|
|
|
{
|
2005-06-29 22:34:15 +02:00
|
|
|
if (dcanlogin)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2005-06-29 22:34:15 +02:00
|
|
|
dcanlogin = defel;
|
2001-07-11 00:09:29 +02:00
|
|
|
}
|
2005-07-31 19:19:22 +02:00
|
|
|
else if (strcmp(defel->defname, "connectionlimit") == 0)
|
|
|
|
|
{
|
|
|
|
|
if (dconnlimit)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
|
|
|
|
dconnlimit = defel;
|
|
|
|
|
}
|
2005-06-28 21:51:26 +02:00
|
|
|
else if (strcmp(defel->defname, "rolemembers") == 0 &&
|
|
|
|
|
stmt->action != 0)
|
2005-06-28 07:09:14 +02:00
|
|
|
{
|
2005-06-28 21:51:26 +02:00
|
|
|
if (drolemembers)
|
2005-06-28 07:09:14 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2005-06-28 21:51:26 +02:00
|
|
|
drolemembers = defel;
|
2005-06-28 07:09:14 +02:00
|
|
|
}
|
2005-06-29 22:34:15 +02:00
|
|
|
else if (strcmp(defel->defname, "validUntil") == 0)
|
|
|
|
|
{
|
|
|
|
|
if (dvalidUntil)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
|
|
|
|
dvalidUntil = defel;
|
|
|
|
|
}
|
2001-08-15 20:42:16 +02:00
|
|
|
else
|
2003-07-19 01:20:33 +02:00
|
|
|
elog(ERROR, "option \"%s\" not recognized",
|
2001-07-11 00:09:29 +02:00
|
|
|
defel->defname);
|
|
|
|
|
}
|
2001-08-15 20:42:16 +02:00
|
|
|
|
2005-12-23 17:46:39 +01:00
|
|
|
if (dpassword && dpassword->arg)
|
2005-06-29 22:34:15 +02:00
|
|
|
password = strVal(dpassword->arg);
|
|
|
|
|
if (dissuper)
|
|
|
|
|
issuper = intVal(dissuper->arg);
|
2005-07-26 18:38:29 +02:00
|
|
|
if (dinherit)
|
|
|
|
|
inherit = intVal(dinherit->arg);
|
2005-06-28 07:09:14 +02:00
|
|
|
if (dcreaterole)
|
|
|
|
|
createrole = intVal(dcreaterole->arg);
|
2005-06-29 22:34:15 +02:00
|
|
|
if (dcreatedb)
|
|
|
|
|
createdb = intVal(dcreatedb->arg);
|
2005-06-28 07:09:14 +02:00
|
|
|
if (dcanlogin)
|
|
|
|
|
canlogin = intVal(dcanlogin->arg);
|
2005-07-31 19:19:22 +02:00
|
|
|
if (dconnlimit)
|
2009-01-30 18:24:47 +01:00
|
|
|
{
|
2005-07-31 19:19:22 +02:00
|
|
|
connlimit = intVal(dconnlimit->arg);
|
2009-01-30 18:24:47 +01:00
|
|
|
if (connlimit < -1)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
|
|
|
|
|
errmsg("invalid connection limit: %d", connlimit)));
|
|
|
|
|
}
|
2005-06-28 21:51:26 +02:00
|
|
|
if (drolemembers)
|
|
|
|
|
rolemembers = (List *) drolemembers->arg;
|
2005-06-29 22:34:15 +02:00
|
|
|
if (dvalidUntil)
|
|
|
|
|
validUntil = strVal(dvalidUntil->arg);
|
2000-01-14 23:11:38 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
/*
|
2006-05-04 18:07:29 +02:00
|
|
|
* Scan the pg_authid relation to be certain the user exists.
|
1998-02-26 05:46:47 +01:00
|
|
|
*/
|
2006-05-04 18:07:29 +02:00
|
|
|
pg_authid_rel = heap_open(AuthIdRelationId, RowExclusiveLock);
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_authid_dsc = RelationGetDescr(pg_authid_rel);
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
tuple = SearchSysCache(AUTHNAME,
|
|
|
|
|
PointerGetDatum(stmt->role),
|
2000-11-16 23:30:52 +01:00
|
|
|
0, 0, 0);
|
1998-08-19 04:04:17 +02:00
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
2005-06-28 07:09:14 +02:00
|
|
|
errmsg("role \"%s\" does not exist", stmt->role)));
|
|
|
|
|
|
|
|
|
|
roleid = HeapTupleGetOid(tuple);
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2005-06-29 22:34:15 +02:00
|
|
|
/*
|
|
|
|
|
* To mess with a superuser you gotta be superuser; else you need
|
|
|
|
|
* createrole, or just want to change your own password
|
|
|
|
|
*/
|
|
|
|
|
if (((Form_pg_authid) GETSTRUCT(tuple))->rolsuper || issuper >= 0)
|
|
|
|
|
{
|
|
|
|
|
if (!superuser())
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
|
errmsg("must be superuser to alter superusers")));
|
|
|
|
|
}
|
2005-07-26 18:38:29 +02:00
|
|
|
else if (!have_createrole_privilege())
|
2005-06-29 22:34:15 +02:00
|
|
|
{
|
2005-07-26 18:38:29 +02:00
|
|
|
if (!(inherit < 0 &&
|
|
|
|
|
createrole < 0 &&
|
2005-06-29 22:34:15 +02:00
|
|
|
createdb < 0 &&
|
|
|
|
|
canlogin < 0 &&
|
2005-07-31 19:19:22 +02:00
|
|
|
!dconnlimit &&
|
2005-06-29 22:34:15 +02:00
|
|
|
!rolemembers &&
|
|
|
|
|
!validUntil &&
|
2005-12-23 17:46:39 +01:00
|
|
|
dpassword &&
|
2005-06-29 22:34:15 +02:00
|
|
|
roleid == GetUserId()))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
|
errmsg("permission denied")));
|
|
|
|
|
}
|
|
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
2002-04-27 23:24:34 +02:00
|
|
|
* Build an updated tuple, perusing the information just obtained
|
2000-04-12 19:17:23 +02:00
|
|
|
*/
|
2002-04-27 23:24:34 +02:00
|
|
|
MemSet(new_record, 0, sizeof(new_record));
|
2008-11-02 02:45:28 +01:00
|
|
|
MemSet(new_record_nulls, false, sizeof(new_record_nulls));
|
|
|
|
|
MemSet(new_record_repl, false, sizeof(new_record_repl));
|
2002-04-27 23:24:34 +02:00
|
|
|
|
2001-09-08 17:24:00 +02:00
|
|
|
/*
|
2005-06-28 07:09:14 +02:00
|
|
|
* issuper/createrole/catupdate/etc
|
2001-09-08 17:24:00 +02:00
|
|
|
*
|
2005-06-28 07:09:14 +02:00
|
|
|
* XXX It's rather unclear how to handle catupdate. It's probably best to
|
2005-10-15 04:49:52 +02:00
|
|
|
* keep it equal to the superuser status, otherwise you could end up with
|
|
|
|
|
* a situation where no existing superuser can alter the catalogs,
|
|
|
|
|
* including pg_authid!
|
2001-09-08 17:24:00 +02:00
|
|
|
*/
|
2005-06-28 07:09:14 +02:00
|
|
|
if (issuper >= 0)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
new_record[Anum_pg_authid_rolsuper - 1] = BoolGetDatum(issuper > 0);
|
2008-11-02 02:45:28 +01:00
|
|
|
new_record_repl[Anum_pg_authid_rolsuper - 1] = true;
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
new_record[Anum_pg_authid_rolcatupdate - 1] = BoolGetDatum(issuper > 0);
|
2008-11-02 02:45:28 +01:00
|
|
|
new_record_repl[Anum_pg_authid_rolcatupdate - 1] = true;
|
2005-06-28 07:09:14 +02:00
|
|
|
}
|
|
|
|
|
|
2005-07-26 18:38:29 +02:00
|
|
|
if (inherit >= 0)
|
|
|
|
|
{
|
|
|
|
|
new_record[Anum_pg_authid_rolinherit - 1] = BoolGetDatum(inherit > 0);
|
2008-11-02 02:45:28 +01:00
|
|
|
new_record_repl[Anum_pg_authid_rolinherit - 1] = true;
|
2005-07-26 18:38:29 +02:00
|
|
|
}
|
|
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
if (createrole >= 0)
|
|
|
|
|
{
|
|
|
|
|
new_record[Anum_pg_authid_rolcreaterole - 1] = BoolGetDatum(createrole > 0);
|
2008-11-02 02:45:28 +01:00
|
|
|
new_record_repl[Anum_pg_authid_rolcreaterole - 1] = true;
|
2005-06-28 07:09:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (createdb >= 0)
|
|
|
|
|
{
|
|
|
|
|
new_record[Anum_pg_authid_rolcreatedb - 1] = BoolGetDatum(createdb > 0);
|
2008-11-02 02:45:28 +01:00
|
|
|
new_record_repl[Anum_pg_authid_rolcreatedb - 1] = true;
|
2005-06-28 07:09:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (canlogin >= 0)
|
|
|
|
|
{
|
|
|
|
|
new_record[Anum_pg_authid_rolcanlogin - 1] = BoolGetDatum(canlogin > 0);
|
2008-11-02 02:45:28 +01:00
|
|
|
new_record_repl[Anum_pg_authid_rolcanlogin - 1] = true;
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
|
|
|
|
|
2005-07-31 19:19:22 +02:00
|
|
|
if (dconnlimit)
|
|
|
|
|
{
|
|
|
|
|
new_record[Anum_pg_authid_rolconnlimit - 1] = Int32GetDatum(connlimit);
|
2008-11-02 02:45:28 +01:00
|
|
|
new_record_repl[Anum_pg_authid_rolconnlimit - 1] = true;
|
2005-07-31 19:19:22 +02:00
|
|
|
}
|
|
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/* password */
|
2001-07-11 00:09:29 +02:00
|
|
|
if (password)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2001-08-15 20:42:16 +02:00
|
|
|
if (!encrypt_password || isMD5(password))
|
2005-06-28 07:09:14 +02:00
|
|
|
new_record[Anum_pg_authid_rolpassword - 1] =
|
2008-03-25 23:42:46 +01:00
|
|
|
CStringGetTextDatum(password);
|
2001-08-15 20:42:16 +02:00
|
|
|
else
|
|
|
|
|
{
|
2005-10-17 18:24:20 +02:00
|
|
|
if (!pg_md5_encrypt(password, stmt->role, strlen(stmt->role),
|
|
|
|
|
encrypted_password))
|
2003-07-19 01:20:33 +02:00
|
|
|
elog(ERROR, "password encryption failed");
|
2005-06-28 07:09:14 +02:00
|
|
|
new_record[Anum_pg_authid_rolpassword - 1] =
|
2008-03-25 23:42:46 +01:00
|
|
|
CStringGetTextDatum(encrypted_password);
|
2001-08-15 20:42:16 +02:00
|
|
|
}
|
2008-11-02 02:45:28 +01:00
|
|
|
new_record_repl[Anum_pg_authid_rolpassword - 1] = true;
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
|
|
|
|
|
2005-12-23 17:46:39 +01:00
|
|
|
/* unset password */
|
|
|
|
|
if (dpassword && dpassword->arg == NULL)
|
|
|
|
|
{
|
2008-11-02 02:45:28 +01:00
|
|
|
new_record_repl[Anum_pg_authid_rolpassword - 1] = true;
|
|
|
|
|
new_record_nulls[Anum_pg_authid_rolpassword - 1] = true;
|
2005-12-23 17:46:39 +01:00
|
|
|
}
|
|
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/* valid until */
|
2001-07-11 00:09:29 +02:00
|
|
|
if (validUntil)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
new_record[Anum_pg_authid_rolvaliduntil - 1] =
|
|
|
|
|
DirectFunctionCall3(timestamptz_in,
|
|
|
|
|
CStringGetDatum(validUntil),
|
|
|
|
|
ObjectIdGetDatum(InvalidOid),
|
|
|
|
|
Int32GetDatum(-1));
|
2008-11-02 02:45:28 +01:00
|
|
|
new_record_repl[Anum_pg_authid_rolvaliduntil - 1] = true;
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
2002-03-01 23:45:19 +01:00
|
|
|
|
2008-11-02 02:45:28 +01:00
|
|
|
new_tuple = heap_modify_tuple(tuple, pg_authid_dsc, new_record,
|
2009-06-11 16:49:15 +02:00
|
|
|
new_record_nulls, new_record_repl);
|
2005-06-28 07:09:14 +02:00
|
|
|
simple_heap_update(pg_authid_rel, &tuple->t_self, new_tuple);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
|
|
|
|
/* Update indexes */
|
2005-06-28 07:09:14 +02:00
|
|
|
CatalogUpdateIndexes(pg_authid_rel, new_tuple);
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2000-11-16 23:30:52 +01:00
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
heap_freetuple(new_tuple);
|
|
|
|
|
|
1999-09-18 21:08:25 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Advance command counter so we can see new record; else tests in
|
|
|
|
|
* AddRoleMems may fail.
|
1999-09-18 21:08:25 +02:00
|
|
|
*/
|
2005-06-29 22:34:15 +02:00
|
|
|
if (rolemembers)
|
|
|
|
|
CommandCounterIncrement();
|
2005-06-28 07:09:14 +02:00
|
|
|
|
|
|
|
|
if (stmt->action == +1) /* add members to role */
|
|
|
|
|
AddRoleMems(stmt->role, roleid,
|
2005-06-28 21:51:26 +02:00
|
|
|
rolemembers, roleNamesToIds(rolemembers),
|
|
|
|
|
GetUserId(), false);
|
2005-06-28 07:09:14 +02:00
|
|
|
else if (stmt->action == -1) /* drop members from role */
|
|
|
|
|
DelRoleMems(stmt->role, roleid,
|
2005-06-28 21:51:26 +02:00
|
|
|
rolemembers, roleNamesToIds(rolemembers),
|
|
|
|
|
false);
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2005-06-29 22:34:15 +02:00
|
|
|
/*
|
2009-09-01 04:54:52 +02:00
|
|
|
* Close pg_authid, but keep lock till commit.
|
2005-06-29 22:34:15 +02:00
|
|
|
*/
|
|
|
|
|
heap_close(pg_authid_rel, NoLock);
|
1997-12-04 01:34:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2002-03-01 23:45:19 +01:00
|
|
|
/*
|
2005-06-28 07:09:14 +02:00
|
|
|
* ALTER ROLE ... SET
|
2002-03-01 23:45:19 +01:00
|
|
|
*/
|
|
|
|
|
void
|
2005-06-28 07:09:14 +02:00
|
|
|
AlterRoleSet(AlterRoleSetStmt *stmt)
|
2002-03-01 23:45:19 +01:00
|
|
|
{
|
|
|
|
|
char *valuestr;
|
|
|
|
|
HeapTuple oldtuple,
|
|
|
|
|
newtuple;
|
|
|
|
|
Relation rel;
|
2005-06-28 07:09:14 +02:00
|
|
|
Datum repl_val[Natts_pg_authid];
|
2008-11-02 02:45:28 +01:00
|
|
|
bool repl_null[Natts_pg_authid];
|
|
|
|
|
bool repl_repl[Natts_pg_authid];
|
2002-03-01 23:45:19 +01:00
|
|
|
|
2007-09-03 20:46:30 +02:00
|
|
|
valuestr = ExtractSetVariableArgs(stmt->setstmt);
|
2002-03-01 23:45:19 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
rel = heap_open(AuthIdRelationId, RowExclusiveLock);
|
|
|
|
|
oldtuple = SearchSysCache(AUTHNAME,
|
|
|
|
|
PointerGetDatum(stmt->role),
|
2002-03-01 23:45:19 +01:00
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(oldtuple))
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
2005-06-28 07:09:14 +02:00
|
|
|
errmsg("role \"%s\" does not exist", stmt->role)));
|
2002-03-01 23:45:19 +01:00
|
|
|
|
2005-06-29 22:34:15 +02:00
|
|
|
/*
|
|
|
|
|
* To mess with a superuser you gotta be superuser; else you need
|
|
|
|
|
* createrole, or just want to change your own settings
|
|
|
|
|
*/
|
|
|
|
|
if (((Form_pg_authid) GETSTRUCT(oldtuple))->rolsuper)
|
|
|
|
|
{
|
|
|
|
|
if (!superuser())
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
|
errmsg("must be superuser to alter superusers")));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (!have_createrole_privilege() &&
|
|
|
|
|
HeapTupleGetOid(oldtuple) != GetUserId())
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
|
errmsg("permission denied")));
|
|
|
|
|
}
|
2002-03-01 23:45:19 +01:00
|
|
|
|
2008-11-02 02:45:28 +01:00
|
|
|
memset(repl_repl, false, sizeof(repl_repl));
|
|
|
|
|
repl_repl[Anum_pg_authid_rolconfig - 1] = true;
|
2007-09-03 20:46:30 +02:00
|
|
|
|
|
|
|
|
if (stmt->setstmt->kind == VAR_RESET_ALL)
|
2002-12-02 06:20:47 +01:00
|
|
|
{
|
2007-09-03 20:46:30 +02:00
|
|
|
/* RESET ALL, so just set rolconfig to null */
|
2008-11-02 02:45:28 +01:00
|
|
|
repl_null[Anum_pg_authid_rolconfig - 1] = true;
|
2007-09-03 20:46:30 +02:00
|
|
|
repl_val[Anum_pg_authid_rolconfig - 1] = (Datum) 0;
|
2002-12-02 06:20:47 +01:00
|
|
|
}
|
2002-03-01 23:45:19 +01:00
|
|
|
else
|
|
|
|
|
{
|
2002-09-04 22:31:48 +02:00
|
|
|
Datum datum;
|
|
|
|
|
bool isnull;
|
|
|
|
|
ArrayType *array;
|
2002-03-01 23:45:19 +01:00
|
|
|
|
2008-11-02 02:45:28 +01:00
|
|
|
repl_null[Anum_pg_authid_rolconfig - 1] = false;
|
2002-03-01 23:45:19 +01:00
|
|
|
|
2007-09-03 20:46:30 +02:00
|
|
|
/* Extract old value of rolconfig */
|
2005-06-28 07:09:14 +02:00
|
|
|
datum = SysCacheGetAttr(AUTHNAME, oldtuple,
|
|
|
|
|
Anum_pg_authid_rolconfig, &isnull);
|
2004-01-07 19:56:30 +01:00
|
|
|
array = isnull ? NULL : DatumGetArrayTypeP(datum);
|
2002-04-27 23:24:34 +02:00
|
|
|
|
2007-09-03 20:46:30 +02:00
|
|
|
/* Update (valuestr is NULL in RESET cases) */
|
2002-03-01 23:45:19 +01:00
|
|
|
if (valuestr)
|
2007-09-03 20:46:30 +02:00
|
|
|
array = GUCArrayAdd(array, stmt->setstmt->name, valuestr);
|
2002-03-01 23:45:19 +01:00
|
|
|
else
|
2007-09-03 20:46:30 +02:00
|
|
|
array = GUCArrayDelete(array, stmt->setstmt->name);
|
2002-03-01 23:45:19 +01:00
|
|
|
|
2002-12-02 06:20:47 +01:00
|
|
|
if (array)
|
2005-06-28 07:09:14 +02:00
|
|
|
repl_val[Anum_pg_authid_rolconfig - 1] = PointerGetDatum(array);
|
2002-12-02 06:20:47 +01:00
|
|
|
else
|
2008-11-02 02:45:28 +01:00
|
|
|
repl_null[Anum_pg_authid_rolconfig - 1] = true;
|
2002-03-01 23:45:19 +01:00
|
|
|
}
|
|
|
|
|
|
2008-11-02 02:45:28 +01:00
|
|
|
newtuple = heap_modify_tuple(oldtuple, RelationGetDescr(rel),
|
2009-06-11 16:49:15 +02:00
|
|
|
repl_val, repl_null, repl_repl);
|
2002-03-01 23:45:19 +01:00
|
|
|
|
2005-06-29 22:34:15 +02:00
|
|
|
simple_heap_update(rel, &oldtuple->t_self, newtuple);
|
2002-08-05 05:29:17 +02:00
|
|
|
CatalogUpdateIndexes(rel, newtuple);
|
2002-03-01 23:45:19 +01:00
|
|
|
|
|
|
|
|
ReleaseSysCache(oldtuple);
|
|
|
|
|
heap_close(rel, RowExclusiveLock);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2000-01-14 23:11:38 +01:00
|
|
|
/*
|
2005-06-28 07:09:14 +02:00
|
|
|
* DROP ROLE
|
2000-01-14 23:11:38 +01:00
|
|
|
*/
|
|
|
|
|
void
|
2005-06-28 07:09:14 +02:00
|
|
|
DropRole(DropRoleStmt *stmt)
|
1998-02-26 05:46:47 +01:00
|
|
|
{
|
2005-10-15 04:49:52 +02:00
|
|
|
Relation pg_authid_rel,
|
|
|
|
|
pg_auth_members_rel;
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *item;
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2005-06-29 22:34:15 +02:00
|
|
|
if (!have_createrole_privilege())
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2005-06-29 22:34:15 +02:00
|
|
|
errmsg("permission denied to drop role")));
|
1998-02-26 05:46:47 +01:00
|
|
|
|
|
|
|
|
/*
|
2005-06-29 22:34:15 +02:00
|
|
|
* Scan the pg_authid relation to find the Oid of the role(s) to be
|
2006-05-04 18:07:29 +02:00
|
|
|
* deleted.
|
1998-02-26 05:46:47 +01:00
|
|
|
*/
|
2006-05-04 18:07:29 +02:00
|
|
|
pg_authid_rel = heap_open(AuthIdRelationId, RowExclusiveLock);
|
2005-06-29 22:34:15 +02:00
|
|
|
pg_auth_members_rel = heap_open(AuthMemRelationId, RowExclusiveLock);
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
foreach(item, stmt->roles)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
const char *role = strVal(lfirst(item));
|
2000-04-12 19:17:23 +02:00
|
|
|
HeapTuple tuple,
|
|
|
|
|
tmp_tuple;
|
2005-10-15 04:49:52 +02:00
|
|
|
ScanKeyData scankey;
|
2005-07-07 22:40:02 +02:00
|
|
|
char *detail;
|
2008-03-24 20:47:35 +01:00
|
|
|
char *detail_log;
|
2005-06-29 22:34:15 +02:00
|
|
|
SysScanDesc sscan;
|
2005-06-28 07:09:14 +02:00
|
|
|
Oid roleid;
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
tuple = SearchSysCache(AUTHNAME,
|
|
|
|
|
PointerGetDatum(role),
|
2000-11-16 23:30:52 +01:00
|
|
|
0, 0, 0);
|
2000-04-12 19:17:23 +02:00
|
|
|
if (!HeapTupleIsValid(tuple))
|
2006-02-04 20:06:47 +01:00
|
|
|
{
|
|
|
|
|
if (!stmt->missing_ok)
|
|
|
|
|
{
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
|
errmsg("role \"%s\" does not exist", role)));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
ereport(NOTICE,
|
2006-10-04 02:30:14 +02:00
|
|
|
(errmsg("role \"%s\" does not exist, skipping",
|
2006-02-04 20:06:47 +01:00
|
|
|
role)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
roleid = HeapTupleGetOid(tuple);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
if (roleid == GetUserId())
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_OBJECT_IN_USE),
|
2005-07-26 00:12:34 +02:00
|
|
|
errmsg("current user cannot be dropped")));
|
|
|
|
|
if (roleid == GetOuterUserId())
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_OBJECT_IN_USE),
|
|
|
|
|
errmsg("current user cannot be dropped")));
|
2005-06-28 07:09:14 +02:00
|
|
|
if (roleid == GetSessionUserId())
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_OBJECT_IN_USE),
|
2005-07-26 00:12:34 +02:00
|
|
|
errmsg("session user cannot be dropped")));
|
2001-09-08 17:24:00 +02:00
|
|
|
|
2005-06-29 22:34:15 +02:00
|
|
|
/*
|
|
|
|
|
* For safety's sake, we allow createrole holders to drop ordinary
|
|
|
|
|
* roles but not superuser roles. This is mainly to avoid the
|
|
|
|
|
* scenario where you accidentally drop the last superuser.
|
|
|
|
|
*/
|
|
|
|
|
if (((Form_pg_authid) GETSTRUCT(tuple))->rolsuper &&
|
|
|
|
|
!superuser())
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
|
errmsg("must be superuser to drop superusers")));
|
|
|
|
|
|
2001-03-22 07:16:21 +01:00
|
|
|
/*
|
2005-07-07 22:40:02 +02:00
|
|
|
* Lock the role, so nobody can add dependencies to her while we drop
|
|
|
|
|
* her. We keep the lock until the end of transaction.
|
2005-10-15 04:49:52 +02:00
|
|
|
*/
|
2005-07-07 22:40:02 +02:00
|
|
|
LockSharedObject(AuthIdRelationId, roleid, 0, AccessExclusiveLock);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2005-07-07 22:40:02 +02:00
|
|
|
/* Check for pg_shdepend entries depending on this role */
|
2008-03-24 20:47:35 +01:00
|
|
|
if (checkSharedDependencies(AuthIdRelationId, roleid,
|
|
|
|
|
&detail, &detail_log))
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
2005-07-07 22:40:02 +02:00
|
|
|
(errcode(ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST),
|
|
|
|
|
errmsg("role \"%s\" cannot be dropped because some objects depend on it",
|
2005-10-15 04:49:52 +02:00
|
|
|
role),
|
2008-03-24 20:47:35 +01:00
|
|
|
errdetail("%s", detail),
|
|
|
|
|
errdetail_log("%s", detail_log)));
|
2000-04-12 19:17:23 +02:00
|
|
|
|
|
|
|
|
/*
|
2005-06-28 07:09:14 +02:00
|
|
|
* Remove the role from the pg_authid table
|
2000-04-12 19:17:23 +02:00
|
|
|
*/
|
2005-06-28 07:09:14 +02:00
|
|
|
simple_heap_delete(pg_authid_rel, &tuple->t_self);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2000-11-16 23:30:52 +01:00
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Remove role from the pg_auth_members table. We have to remove all
|
|
|
|
|
* tuples that show it as either a role or a member.
|
2000-04-12 19:17:23 +02:00
|
|
|
*
|
2005-10-15 04:49:52 +02:00
|
|
|
* XXX what about grantor entries? Maybe we should do one heap scan.
|
2000-04-12 19:17:23 +02:00
|
|
|
*/
|
2005-06-29 22:34:15 +02:00
|
|
|
ScanKeyInit(&scankey,
|
|
|
|
|
Anum_pg_auth_members_roleid,
|
|
|
|
|
BTEqualStrategyNumber, F_OIDEQ,
|
|
|
|
|
ObjectIdGetDatum(roleid));
|
|
|
|
|
|
|
|
|
|
sscan = systable_beginscan(pg_auth_members_rel, AuthMemRoleMemIndexId,
|
|
|
|
|
true, SnapshotNow, 1, &scankey);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2005-06-29 22:34:15 +02:00
|
|
|
while (HeapTupleIsValid(tmp_tuple = systable_getnext(sscan)))
|
2005-06-28 07:09:14 +02:00
|
|
|
{
|
2005-06-29 22:34:15 +02:00
|
|
|
simple_heap_delete(pg_auth_members_rel, &tmp_tuple->t_self);
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
2001-03-22 05:01:46 +01:00
|
|
|
|
2005-06-29 22:34:15 +02:00
|
|
|
systable_endscan(sscan);
|
2005-06-28 07:09:14 +02:00
|
|
|
|
2005-06-29 22:34:15 +02:00
|
|
|
ScanKeyInit(&scankey,
|
|
|
|
|
Anum_pg_auth_members_member,
|
|
|
|
|
BTEqualStrategyNumber, F_OIDEQ,
|
|
|
|
|
ObjectIdGetDatum(roleid));
|
|
|
|
|
|
|
|
|
|
sscan = systable_beginscan(pg_auth_members_rel, AuthMemMemRoleIndexId,
|
|
|
|
|
true, SnapshotNow, 1, &scankey);
|
|
|
|
|
|
|
|
|
|
while (HeapTupleIsValid(tmp_tuple = systable_getnext(sscan)))
|
2005-06-28 07:09:14 +02:00
|
|
|
{
|
2005-06-29 22:34:15 +02:00
|
|
|
simple_heap_delete(pg_auth_members_rel, &tmp_tuple->t_self);
|
2005-06-28 07:09:14 +02:00
|
|
|
}
|
2005-06-29 22:34:15 +02:00
|
|
|
|
|
|
|
|
systable_endscan(sscan);
|
|
|
|
|
|
2006-02-12 04:22:21 +01:00
|
|
|
/*
|
|
|
|
|
* Remove any comments on this role.
|
|
|
|
|
*/
|
|
|
|
|
DeleteSharedComments(roleid, AuthIdRelationId);
|
|
|
|
|
|
2005-06-29 22:34:15 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Advance command counter so that later iterations of this loop will
|
|
|
|
|
* see the changes already made. This is essential if, for example,
|
|
|
|
|
* we are trying to drop both a role and one of its direct members ---
|
|
|
|
|
* we'll get an error if we try to delete the linking pg_auth_members
|
|
|
|
|
* tuple twice. (We do not need a CCI between the two delete loops
|
|
|
|
|
* above, because it's not allowed for a role to directly contain
|
|
|
|
|
* itself.)
|
2005-06-29 22:34:15 +02:00
|
|
|
*/
|
|
|
|
|
CommandCounterIncrement();
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
1998-02-26 05:46:47 +01:00
|
|
|
|
1999-09-18 21:08:25 +02:00
|
|
|
/*
|
2009-09-01 04:54:52 +02:00
|
|
|
* Now we can clean up; but keep locks until commit.
|
1999-09-18 21:08:25 +02:00
|
|
|
*/
|
2005-06-28 07:09:14 +02:00
|
|
|
heap_close(pg_auth_members_rel, NoLock);
|
|
|
|
|
heap_close(pg_authid_rel, NoLock);
|
1997-12-04 01:34:01 +01:00
|
|
|
}
|
1998-02-19 18:20:01 +01:00
|
|
|
|
2003-06-27 16:45:32 +02:00
|
|
|
/*
|
2005-06-28 07:09:14 +02:00
|
|
|
* Rename role
|
2003-06-27 16:45:32 +02:00
|
|
|
*/
|
|
|
|
|
void
|
2005-06-28 07:09:14 +02:00
|
|
|
RenameRole(const char *oldname, const char *newname)
|
2003-06-27 16:45:32 +02:00
|
|
|
{
|
2004-05-06 18:59:16 +02:00
|
|
|
HeapTuple oldtuple,
|
|
|
|
|
newtuple;
|
|
|
|
|
TupleDesc dsc;
|
2003-06-27 16:45:32 +02:00
|
|
|
Relation rel;
|
2004-05-06 18:59:16 +02:00
|
|
|
Datum datum;
|
|
|
|
|
bool isnull;
|
2005-06-28 07:09:14 +02:00
|
|
|
Datum repl_val[Natts_pg_authid];
|
2008-11-02 02:45:28 +01:00
|
|
|
bool repl_null[Natts_pg_authid];
|
|
|
|
|
bool repl_repl[Natts_pg_authid];
|
2004-05-06 18:59:16 +02:00
|
|
|
int i;
|
2005-06-28 07:09:14 +02:00
|
|
|
Oid roleid;
|
2004-08-29 07:07:03 +02:00
|
|
|
|
2006-05-04 18:07:29 +02:00
|
|
|
rel = heap_open(AuthIdRelationId, RowExclusiveLock);
|
2004-05-06 18:59:16 +02:00
|
|
|
dsc = RelationGetDescr(rel);
|
2003-06-27 16:45:32 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
oldtuple = SearchSysCache(AUTHNAME,
|
2004-08-29 07:07:03 +02:00
|
|
|
CStringGetDatum(oldname),
|
|
|
|
|
0, 0, 0);
|
2004-05-06 18:59:16 +02:00
|
|
|
if (!HeapTupleIsValid(oldtuple))
|
2003-06-27 16:45:32 +02:00
|
|
|
ereport(ERROR,
|
2003-07-19 01:20:33 +02:00
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
2005-06-28 07:09:14 +02:00
|
|
|
errmsg("role \"%s\" does not exist", oldname)));
|
2003-06-27 16:45:32 +02:00
|
|
|
|
|
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* XXX Client applications probably store the session user somewhere, so
|
|
|
|
|
* renaming it could cause confusion. On the other hand, there may not be
|
|
|
|
|
* an actual problem besides a little confusion, so think about this and
|
|
|
|
|
* decide. Same for SET ROLE ... we don't restrict renaming the current
|
|
|
|
|
* effective userid, though.
|
2003-06-27 16:45:32 +02:00
|
|
|
*/
|
2005-06-28 07:09:14 +02:00
|
|
|
|
|
|
|
|
roleid = HeapTupleGetOid(oldtuple);
|
|
|
|
|
|
|
|
|
|
if (roleid == GetSessionUserId())
|
2003-06-27 16:45:32 +02:00
|
|
|
ereport(ERROR,
|
2003-07-19 01:20:33 +02:00
|
|
|
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
|
Wording cleanup for error messages. Also change can't -> cannot.
Standard English uses "may", "can", and "might" in different ways:
may - permission, "You may borrow my rake."
can - ability, "I can lift that log."
might - possibility, "It might rain today."
Unfortunately, in conversational English, their use is often mixed, as
in, "You may use this variable to do X", when in fact, "can" is a better
choice. Similarly, "It may crash" is better stated, "It might crash".
2007-02-01 20:10:30 +01:00
|
|
|
errmsg("session user cannot be renamed")));
|
2005-07-26 00:12:34 +02:00
|
|
|
if (roleid == GetOuterUserId())
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
|
Wording cleanup for error messages. Also change can't -> cannot.
Standard English uses "may", "can", and "might" in different ways:
may - permission, "You may borrow my rake."
can - ability, "I can lift that log."
might - possibility, "It might rain today."
Unfortunately, in conversational English, their use is often mixed, as
in, "You may use this variable to do X", when in fact, "can" is a better
choice. Similarly, "It may crash" is better stated, "It might crash".
2007-02-01 20:10:30 +01:00
|
|
|
errmsg("current user cannot be renamed")));
|
2003-06-27 16:45:32 +02:00
|
|
|
|
|
|
|
|
/* make sure the new name doesn't exist */
|
2005-06-28 07:09:14 +02:00
|
|
|
if (SearchSysCacheExists(AUTHNAME,
|
2003-06-27 16:45:32 +02:00
|
|
|
CStringGetDatum(newname),
|
|
|
|
|
0, 0, 0))
|
|
|
|
|
ereport(ERROR,
|
2003-07-19 01:20:33 +02:00
|
|
|
(errcode(ERRCODE_DUPLICATE_OBJECT),
|
2005-06-28 07:09:14 +02:00
|
|
|
errmsg("role \"%s\" already exists", newname)));
|
2003-06-27 16:45:32 +02:00
|
|
|
|
2005-07-26 00:12:34 +02:00
|
|
|
if (strcmp(newname, "public") == 0 ||
|
|
|
|
|
strcmp(newname, "none") == 0)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_RESERVED_NAME),
|
|
|
|
|
errmsg("role name \"%s\" is reserved",
|
|
|
|
|
newname)));
|
|
|
|
|
|
2005-06-29 22:34:15 +02:00
|
|
|
/*
|
|
|
|
|
* createrole is enough privilege unless you want to mess with a superuser
|
|
|
|
|
*/
|
|
|
|
|
if (((Form_pg_authid) GETSTRUCT(oldtuple))->rolsuper)
|
|
|
|
|
{
|
|
|
|
|
if (!superuser())
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
|
errmsg("must be superuser to rename superusers")));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (!have_createrole_privilege())
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
|
errmsg("permission denied to rename role")));
|
|
|
|
|
}
|
2003-06-27 16:45:32 +02:00
|
|
|
|
2005-06-29 22:34:15 +02:00
|
|
|
/* OK, construct the modified tuple */
|
2005-06-28 07:09:14 +02:00
|
|
|
for (i = 0; i < Natts_pg_authid; i++)
|
2008-11-02 02:45:28 +01:00
|
|
|
repl_repl[i] = false;
|
2004-05-06 18:59:16 +02:00
|
|
|
|
2008-11-02 02:45:28 +01:00
|
|
|
repl_repl[Anum_pg_authid_rolname - 1] = true;
|
2005-06-28 07:09:14 +02:00
|
|
|
repl_val[Anum_pg_authid_rolname - 1] = DirectFunctionCall1(namein,
|
2005-10-15 04:49:52 +02:00
|
|
|
CStringGetDatum(newname));
|
2008-11-02 02:45:28 +01:00
|
|
|
repl_null[Anum_pg_authid_rolname - 1] = false;
|
2004-05-06 18:59:16 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
datum = heap_getattr(oldtuple, Anum_pg_authid_rolpassword, dsc, &isnull);
|
2004-05-06 18:59:16 +02:00
|
|
|
|
2008-03-25 23:42:46 +01:00
|
|
|
if (!isnull && isMD5(TextDatumGetCString(datum)))
|
2004-05-06 18:59:16 +02:00
|
|
|
{
|
|
|
|
|
/* MD5 uses the username as salt, so just clear it on a rename */
|
2008-11-02 02:45:28 +01:00
|
|
|
repl_repl[Anum_pg_authid_rolpassword - 1] = true;
|
|
|
|
|
repl_null[Anum_pg_authid_rolpassword - 1] = true;
|
2004-08-29 07:07:03 +02:00
|
|
|
|
2004-05-06 18:59:16 +02:00
|
|
|
ereport(NOTICE,
|
2005-06-28 07:09:14 +02:00
|
|
|
(errmsg("MD5 password cleared because of role rename")));
|
2004-05-06 18:59:16 +02:00
|
|
|
}
|
2004-08-29 07:07:03 +02:00
|
|
|
|
2008-11-02 02:45:28 +01:00
|
|
|
newtuple = heap_modify_tuple(oldtuple, dsc, repl_val, repl_null, repl_repl);
|
2004-05-06 18:59:16 +02:00
|
|
|
simple_heap_update(rel, &oldtuple->t_self, newtuple);
|
2004-08-29 07:07:03 +02:00
|
|
|
|
2004-05-06 18:59:16 +02:00
|
|
|
CatalogUpdateIndexes(rel, newtuple);
|
2003-06-27 16:45:32 +02:00
|
|
|
|
2004-05-06 18:59:16 +02:00
|
|
|
ReleaseSysCache(oldtuple);
|
2006-05-04 18:07:29 +02:00
|
|
|
|
|
|
|
|
/*
|
2009-09-01 04:54:52 +02:00
|
|
|
* Close pg_authid, but keep lock till commit.
|
2006-05-04 18:07:29 +02:00
|
|
|
*/
|
2003-06-27 16:45:32 +02:00
|
|
|
heap_close(rel, NoLock);
|
|
|
|
|
}
|
|
|
|
|
|
1998-02-19 18:20:01 +01:00
|
|
|
/*
|
2005-06-28 07:09:14 +02:00
|
|
|
* GrantRoleStmt
|
1998-02-19 18:20:01 +01:00
|
|
|
*
|
2005-06-28 07:09:14 +02:00
|
|
|
* Grant/Revoke roles to/from roles
|
2000-01-14 23:11:38 +01:00
|
|
|
*/
|
1999-12-16 18:24:19 +01:00
|
|
|
void
|
2005-06-28 07:09:14 +02:00
|
|
|
GrantRole(GrantRoleStmt *stmt)
|
1999-12-16 18:24:19 +01:00
|
|
|
{
|
2005-06-29 22:34:15 +02:00
|
|
|
Relation pg_authid_rel;
|
2005-06-28 07:09:14 +02:00
|
|
|
Oid grantor;
|
|
|
|
|
List *grantee_ids;
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *item;
|
2001-07-12 20:03:00 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
if (stmt->grantor)
|
|
|
|
|
grantor = get_roleid_checked(stmt->grantor);
|
|
|
|
|
else
|
|
|
|
|
grantor = GetUserId();
|
2001-07-12 20:03:00 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
grantee_ids = roleNamesToIds(stmt->grantee_roles);
|
1999-12-16 18:24:19 +01:00
|
|
|
|
2006-05-04 18:07:29 +02:00
|
|
|
/* AccessShareLock is enough since we aren't modifying pg_authid */
|
|
|
|
|
pg_authid_rel = heap_open(AuthIdRelationId, AccessShareLock);
|
2005-06-29 22:34:15 +02:00
|
|
|
|
1999-12-16 18:24:19 +01:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Step through all of the granted roles and add/remove entries for the
|
|
|
|
|
* grantees, or, if admin_opt is set, then just add/remove the admin
|
|
|
|
|
* option.
|
2005-06-28 07:09:14 +02:00
|
|
|
*
|
|
|
|
|
* Note: Permissions checking is done by AddRoleMems/DelRoleMems
|
2002-10-21 21:46:45 +02:00
|
|
|
*/
|
2005-06-28 07:09:14 +02:00
|
|
|
foreach(item, stmt->granted_roles)
|
1999-12-16 18:24:19 +01:00
|
|
|
{
|
2009-01-22 21:16:10 +01:00
|
|
|
AccessPriv *priv = (AccessPriv *) lfirst(item);
|
|
|
|
|
char *rolename = priv->priv_name;
|
|
|
|
|
Oid roleid;
|
|
|
|
|
|
|
|
|
|
/* Must reject priv(columns) and ALL PRIVILEGES(columns) */
|
|
|
|
|
if (rolename == NULL || priv->cols != NIL)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_GRANT_OPERATION),
|
2009-06-11 16:49:15 +02:00
|
|
|
errmsg("column names cannot be included in GRANT/REVOKE ROLE")));
|
1999-12-16 18:24:19 +01:00
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
roleid = get_roleid_checked(rolename);
|
2005-06-28 07:09:14 +02:00
|
|
|
if (stmt->is_grant)
|
|
|
|
|
AddRoleMems(rolename, roleid,
|
|
|
|
|
stmt->grantee_roles, grantee_ids,
|
|
|
|
|
grantor, stmt->admin_opt);
|
2000-04-12 19:17:23 +02:00
|
|
|
else
|
2005-06-28 07:09:14 +02:00
|
|
|
DelRoleMems(rolename, roleid,
|
|
|
|
|
stmt->grantee_roles, grantee_ids,
|
|
|
|
|
stmt->admin_opt);
|
1999-12-16 18:24:19 +01:00
|
|
|
}
|
2005-06-29 00:16:45 +02:00
|
|
|
|
2006-05-04 18:07:29 +02:00
|
|
|
/*
|
2009-09-01 04:54:52 +02:00
|
|
|
* Close pg_authid, but keep lock till commit.
|
2006-05-04 18:07:29 +02:00
|
|
|
*/
|
2005-06-29 22:34:15 +02:00
|
|
|
heap_close(pg_authid_rel, NoLock);
|
2005-06-28 07:09:14 +02:00
|
|
|
}
|
1999-12-16 18:24:19 +01:00
|
|
|
|
2005-11-21 13:49:33 +01:00
|
|
|
/*
|
|
|
|
|
* DropOwnedObjects
|
|
|
|
|
*
|
|
|
|
|
* Drop the objects owned by a given list of roles.
|
|
|
|
|
*/
|
|
|
|
|
void
|
2006-10-04 02:30:14 +02:00
|
|
|
DropOwnedObjects(DropOwnedStmt *stmt)
|
2005-11-21 13:49:33 +01:00
|
|
|
{
|
2005-11-22 19:17:34 +01:00
|
|
|
List *role_ids = roleNamesToIds(stmt->roles);
|
|
|
|
|
ListCell *cell;
|
2005-11-21 13:49:33 +01:00
|
|
|
|
|
|
|
|
/* Check privileges */
|
2005-11-22 19:17:34 +01:00
|
|
|
foreach(cell, role_ids)
|
2005-11-21 13:49:33 +01:00
|
|
|
{
|
2005-11-22 19:17:34 +01:00
|
|
|
Oid roleid = lfirst_oid(cell);
|
2005-11-21 13:49:33 +01:00
|
|
|
|
|
|
|
|
if (!has_privs_of_role(GetUserId(), roleid))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
|
errmsg("permission denied to drop objects")));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Ok, do it */
|
|
|
|
|
shdepDropOwned(role_ids, stmt->behavior);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* ReassignOwnedObjects
|
|
|
|
|
*
|
|
|
|
|
* Give the objects owned by a given list of roles away to another user.
|
|
|
|
|
*/
|
|
|
|
|
void
|
2006-10-04 02:30:14 +02:00
|
|
|
ReassignOwnedObjects(ReassignOwnedStmt *stmt)
|
2005-11-21 13:49:33 +01:00
|
|
|
{
|
|
|
|
|
List *role_ids = roleNamesToIds(stmt->roles);
|
|
|
|
|
ListCell *cell;
|
|
|
|
|
Oid newrole;
|
|
|
|
|
|
|
|
|
|
/* Check privileges */
|
2005-11-22 19:17:34 +01:00
|
|
|
foreach(cell, role_ids)
|
2005-11-21 13:49:33 +01:00
|
|
|
{
|
2005-11-22 19:17:34 +01:00
|
|
|
Oid roleid = lfirst_oid(cell);
|
2005-11-21 13:49:33 +01:00
|
|
|
|
|
|
|
|
if (!has_privs_of_role(GetUserId(), roleid))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
|
errmsg("permission denied to reassign objects")));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Must have privileges on the receiving side too */
|
|
|
|
|
newrole = get_roleid_checked(stmt->newrole);
|
|
|
|
|
|
|
|
|
|
if (!has_privs_of_role(GetUserId(), newrole))
|
2005-11-22 19:17:34 +01:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
|
errmsg("permission denied to reassign objects")));
|
2005-11-21 13:49:33 +01:00
|
|
|
|
|
|
|
|
/* Ok, do it */
|
|
|
|
|
shdepReassignOwned(role_ids, newrole);
|
|
|
|
|
}
|
|
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
/*
|
|
|
|
|
* roleNamesToIds
|
|
|
|
|
*
|
|
|
|
|
* Given a list of role names (as String nodes), generate a list of role OIDs
|
|
|
|
|
* in the same order.
|
|
|
|
|
*/
|
|
|
|
|
static List *
|
|
|
|
|
roleNamesToIds(List *memberNames)
|
|
|
|
|
{
|
|
|
|
|
List *result = NIL;
|
|
|
|
|
ListCell *l;
|
2002-04-27 23:24:34 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
foreach(l, memberNames)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2005-10-15 04:49:52 +02:00
|
|
|
char *rolename = strVal(lfirst(l));
|
|
|
|
|
Oid roleid = get_roleid_checked(rolename);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
result = lappend_oid(result, roleid);
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
2005-06-28 07:09:14 +02:00
|
|
|
return result;
|
1999-12-16 18:24:19 +01:00
|
|
|
}
|
|
|
|
|
|
2000-01-14 23:11:38 +01:00
|
|
|
/*
|
2005-06-28 07:09:14 +02:00
|
|
|
* AddRoleMems -- Add given members to the specified role
|
|
|
|
|
*
|
|
|
|
|
* rolename: name of role to add to (used only for error messages)
|
|
|
|
|
* roleid: OID of role to add to
|
|
|
|
|
* memberNames: list of names of roles to add (used only for error messages)
|
|
|
|
|
* memberIds: OIDs of roles to add
|
|
|
|
|
* grantorId: who is granting the membership
|
|
|
|
|
* admin_opt: granting admin option?
|
2005-06-29 22:34:15 +02:00
|
|
|
*
|
2006-05-04 18:07:29 +02:00
|
|
|
* Note: caller is responsible for calling auth_file_update_needed().
|
2000-01-14 23:11:38 +01:00
|
|
|
*/
|
2005-06-28 07:09:14 +02:00
|
|
|
static void
|
|
|
|
|
AddRoleMems(const char *rolename, Oid roleid,
|
|
|
|
|
List *memberNames, List *memberIds,
|
|
|
|
|
Oid grantorId, bool admin_opt)
|
1999-12-16 18:24:19 +01:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
Relation pg_authmem_rel;
|
|
|
|
|
TupleDesc pg_authmem_dsc;
|
2005-10-15 04:49:52 +02:00
|
|
|
ListCell *nameitem;
|
|
|
|
|
ListCell *iditem;
|
1999-12-16 18:24:19 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
Assert(list_length(memberNames) == list_length(memberIds));
|
2000-01-14 23:11:38 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
/* Skip permission check if nothing to do */
|
|
|
|
|
if (!memberIds)
|
|
|
|
|
return;
|
1999-12-16 18:24:19 +01:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Check permissions: must have createrole or admin option on the role to
|
|
|
|
|
* be changed. To mess with a superuser role, you gotta be superuser.
|
2000-04-12 19:17:23 +02:00
|
|
|
*/
|
2005-06-29 22:34:15 +02:00
|
|
|
if (superuser_arg(roleid))
|
2005-06-28 07:09:14 +02:00
|
|
|
{
|
2005-06-29 22:34:15 +02:00
|
|
|
if (!superuser())
|
2005-06-28 07:09:14 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2005-06-29 22:34:15 +02:00
|
|
|
errmsg("must be superuser to alter superusers")));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (!have_createrole_privilege() &&
|
|
|
|
|
!is_admin_of_role(grantorId, roleid))
|
2005-06-28 07:09:14 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2005-06-29 22:34:15 +02:00
|
|
|
errmsg("must have admin option on role \"%s\"",
|
2005-06-28 07:09:14 +02:00
|
|
|
rolename)));
|
|
|
|
|
}
|
2002-04-27 23:24:34 +02:00
|
|
|
|
2005-06-29 22:34:15 +02:00
|
|
|
/* XXX not sure about this check */
|
|
|
|
|
if (grantorId != GetUserId() && !superuser())
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2005-10-29 02:31:52 +02:00
|
|
|
errmsg("must be superuser to set grantor")));
|
2005-06-29 22:34:15 +02:00
|
|
|
|
|
|
|
|
pg_authmem_rel = heap_open(AuthMemRelationId, RowExclusiveLock);
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_authmem_dsc = RelationGetDescr(pg_authmem_rel);
|
2000-11-16 23:30:52 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
forboth(nameitem, memberNames, iditem, memberIds)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
const char *membername = strVal(lfirst(nameitem));
|
|
|
|
|
Oid memberid = lfirst_oid(iditem);
|
|
|
|
|
HeapTuple authmem_tuple;
|
|
|
|
|
HeapTuple tuple;
|
2005-10-15 04:49:52 +02:00
|
|
|
Datum new_record[Natts_pg_auth_members];
|
2008-11-02 02:45:28 +01:00
|
|
|
bool new_record_nulls[Natts_pg_auth_members];
|
|
|
|
|
bool new_record_repl[Natts_pg_auth_members];
|
2005-06-28 07:09:14 +02:00
|
|
|
|
2005-06-29 22:34:15 +02:00
|
|
|
/*
|
|
|
|
|
* Refuse creation of membership loops, including the trivial case
|
2005-10-15 04:49:52 +02:00
|
|
|
* where a role is made a member of itself. We do this by checking to
|
|
|
|
|
* see if the target role is already a member of the proposed member
|
2005-11-04 18:25:15 +01:00
|
|
|
* role. We have to ignore possible superuserness, however, else we
|
|
|
|
|
* could never grant membership in a superuser-privileged role.
|
2005-06-29 22:34:15 +02:00
|
|
|
*/
|
2005-11-04 18:25:15 +01:00
|
|
|
if (is_member_of_role_nosuper(roleid, memberid))
|
2005-06-29 22:34:15 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_GRANT_OPERATION),
|
2005-10-15 04:49:52 +02:00
|
|
|
(errmsg("role \"%s\" is a member of role \"%s\"",
|
|
|
|
|
rolename, membername))));
|
2005-06-29 22:34:15 +02:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Check if entry for this role/member already exists; if so, give
|
|
|
|
|
* warning unless we are adding admin option.
|
2000-04-12 19:17:23 +02:00
|
|
|
*/
|
2005-06-28 07:09:14 +02:00
|
|
|
authmem_tuple = SearchSysCache(AUTHMEMROLEMEM,
|
|
|
|
|
ObjectIdGetDatum(roleid),
|
|
|
|
|
ObjectIdGetDatum(memberid),
|
|
|
|
|
0, 0);
|
2005-06-29 22:34:15 +02:00
|
|
|
if (HeapTupleIsValid(authmem_tuple) &&
|
2005-10-15 04:49:52 +02:00
|
|
|
(!admin_opt ||
|
2005-06-29 22:34:15 +02:00
|
|
|
((Form_pg_auth_members) GETSTRUCT(authmem_tuple))->admin_option))
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
ereport(NOTICE,
|
|
|
|
|
(errmsg("role \"%s\" is already a member of role \"%s\"",
|
|
|
|
|
membername, rolename)));
|
|
|
|
|
ReleaseSysCache(authmem_tuple);
|
|
|
|
|
continue;
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
|
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
/* Build a tuple to insert or update */
|
|
|
|
|
MemSet(new_record, 0, sizeof(new_record));
|
2008-11-02 02:45:28 +01:00
|
|
|
MemSet(new_record_nulls, false, sizeof(new_record_nulls));
|
|
|
|
|
MemSet(new_record_repl, false, sizeof(new_record_repl));
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
new_record[Anum_pg_auth_members_roleid - 1] = ObjectIdGetDatum(roleid);
|
|
|
|
|
new_record[Anum_pg_auth_members_member - 1] = ObjectIdGetDatum(memberid);
|
|
|
|
|
new_record[Anum_pg_auth_members_grantor - 1] = ObjectIdGetDatum(grantorId);
|
|
|
|
|
new_record[Anum_pg_auth_members_admin_option - 1] = BoolGetDatum(admin_opt);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
if (HeapTupleIsValid(authmem_tuple))
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2008-11-02 02:45:28 +01:00
|
|
|
new_record_repl[Anum_pg_auth_members_grantor - 1] = true;
|
|
|
|
|
new_record_repl[Anum_pg_auth_members_admin_option - 1] = true;
|
|
|
|
|
tuple = heap_modify_tuple(authmem_tuple, pg_authmem_dsc,
|
2009-06-11 16:49:15 +02:00
|
|
|
new_record,
|
|
|
|
|
new_record_nulls, new_record_repl);
|
2005-06-28 07:09:14 +02:00
|
|
|
simple_heap_update(pg_authmem_rel, &tuple->t_self, tuple);
|
|
|
|
|
CatalogUpdateIndexes(pg_authmem_rel, tuple);
|
|
|
|
|
ReleaseSysCache(authmem_tuple);
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2008-11-02 02:45:28 +01:00
|
|
|
tuple = heap_form_tuple(pg_authmem_dsc,
|
2009-06-11 16:49:15 +02:00
|
|
|
new_record, new_record_nulls);
|
2005-06-28 07:09:14 +02:00
|
|
|
simple_heap_insert(pg_authmem_rel, tuple);
|
|
|
|
|
CatalogUpdateIndexes(pg_authmem_rel, tuple);
|
|
|
|
|
}
|
2005-06-29 22:34:15 +02:00
|
|
|
|
|
|
|
|
/* CCI after each change, in case there are duplicates in list */
|
|
|
|
|
CommandCounterIncrement();
|
2005-06-28 07:09:14 +02:00
|
|
|
}
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2002-04-04 06:25:54 +02:00
|
|
|
/*
|
2009-09-01 04:54:52 +02:00
|
|
|
* Close pg_authmem, but keep lock till commit.
|
2002-04-04 06:25:54 +02:00
|
|
|
*/
|
2005-06-28 07:09:14 +02:00
|
|
|
heap_close(pg_authmem_rel, NoLock);
|
1999-12-16 18:24:19 +01:00
|
|
|
}
|
|
|
|
|
|
2002-04-27 23:24:34 +02:00
|
|
|
/*
|
2005-06-28 07:09:14 +02:00
|
|
|
* DelRoleMems -- Remove given members from the specified role
|
|
|
|
|
*
|
|
|
|
|
* rolename: name of role to del from (used only for error messages)
|
|
|
|
|
* roleid: OID of role to del from
|
|
|
|
|
* memberNames: list of names of roles to del (used only for error messages)
|
|
|
|
|
* memberIds: OIDs of roles to del
|
|
|
|
|
* admin_opt: remove admin option only?
|
2005-06-29 22:34:15 +02:00
|
|
|
*
|
2006-05-04 18:07:29 +02:00
|
|
|
* Note: caller is responsible for calling auth_file_update_needed().
|
2002-04-27 23:24:34 +02:00
|
|
|
*/
|
|
|
|
|
static void
|
2005-06-28 07:09:14 +02:00
|
|
|
DelRoleMems(const char *rolename, Oid roleid,
|
|
|
|
|
List *memberNames, List *memberIds,
|
|
|
|
|
bool admin_opt)
|
2002-04-27 23:24:34 +02:00
|
|
|
{
|
2005-06-28 07:09:14 +02:00
|
|
|
Relation pg_authmem_rel;
|
|
|
|
|
TupleDesc pg_authmem_dsc;
|
2005-10-15 04:49:52 +02:00
|
|
|
ListCell *nameitem;
|
|
|
|
|
ListCell *iditem;
|
2002-04-27 23:24:34 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
Assert(list_length(memberNames) == list_length(memberIds));
|
|
|
|
|
|
|
|
|
|
/* Skip permission check if nothing to do */
|
|
|
|
|
if (!memberIds)
|
|
|
|
|
return;
|
2002-04-27 23:24:34 +02:00
|
|
|
|
|
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Check permissions: must have createrole or admin option on the role to
|
|
|
|
|
* be changed. To mess with a superuser role, you gotta be superuser.
|
2002-04-27 23:24:34 +02:00
|
|
|
*/
|
2005-06-29 22:34:15 +02:00
|
|
|
if (superuser_arg(roleid))
|
2002-04-27 23:24:34 +02:00
|
|
|
{
|
2005-06-29 22:34:15 +02:00
|
|
|
if (!superuser())
|
2005-06-28 07:09:14 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2005-06-29 22:34:15 +02:00
|
|
|
errmsg("must be superuser to alter superusers")));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (!have_createrole_privilege() &&
|
|
|
|
|
!is_admin_of_role(GetUserId(), roleid))
|
2005-06-28 07:09:14 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2005-06-29 22:34:15 +02:00
|
|
|
errmsg("must have admin option on role \"%s\"",
|
2005-06-28 07:09:14 +02:00
|
|
|
rolename)));
|
2002-04-27 23:24:34 +02:00
|
|
|
}
|
|
|
|
|
|
2005-06-29 22:34:15 +02:00
|
|
|
pg_authmem_rel = heap_open(AuthMemRelationId, RowExclusiveLock);
|
2005-06-28 07:09:14 +02:00
|
|
|
pg_authmem_dsc = RelationGetDescr(pg_authmem_rel);
|
1999-12-16 18:24:19 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
forboth(nameitem, memberNames, iditem, memberIds)
|
|
|
|
|
{
|
|
|
|
|
const char *membername = strVal(lfirst(nameitem));
|
|
|
|
|
Oid memberid = lfirst_oid(iditem);
|
|
|
|
|
HeapTuple authmem_tuple;
|
1999-12-16 18:24:19 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
/*
|
|
|
|
|
* Find entry for this role/member
|
|
|
|
|
*/
|
|
|
|
|
authmem_tuple = SearchSysCache(AUTHMEMROLEMEM,
|
|
|
|
|
ObjectIdGetDatum(roleid),
|
|
|
|
|
ObjectIdGetDatum(memberid),
|
|
|
|
|
0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(authmem_tuple))
|
|
|
|
|
{
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errmsg("role \"%s\" is not a member of role \"%s\"",
|
|
|
|
|
membername, rolename)));
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2002-10-21 21:46:45 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
if (!admin_opt)
|
|
|
|
|
{
|
|
|
|
|
/* Remove the entry altogether */
|
|
|
|
|
simple_heap_delete(pg_authmem_rel, &authmem_tuple->t_self);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Just turn off the admin option */
|
|
|
|
|
HeapTuple tuple;
|
2005-10-15 04:49:52 +02:00
|
|
|
Datum new_record[Natts_pg_auth_members];
|
2008-11-02 02:45:28 +01:00
|
|
|
bool new_record_nulls[Natts_pg_auth_members];
|
|
|
|
|
bool new_record_repl[Natts_pg_auth_members];
|
2005-06-28 07:09:14 +02:00
|
|
|
|
|
|
|
|
/* Build a tuple to update with */
|
|
|
|
|
MemSet(new_record, 0, sizeof(new_record));
|
2008-11-02 02:45:28 +01:00
|
|
|
MemSet(new_record_nulls, false, sizeof(new_record_nulls));
|
|
|
|
|
MemSet(new_record_repl, false, sizeof(new_record_repl));
|
2005-06-28 07:09:14 +02:00
|
|
|
|
|
|
|
|
new_record[Anum_pg_auth_members_admin_option - 1] = BoolGetDatum(false);
|
2008-11-02 02:45:28 +01:00
|
|
|
new_record_repl[Anum_pg_auth_members_admin_option - 1] = true;
|
2005-06-28 07:09:14 +02:00
|
|
|
|
2008-11-02 02:45:28 +01:00
|
|
|
tuple = heap_modify_tuple(authmem_tuple, pg_authmem_dsc,
|
2009-06-11 16:49:15 +02:00
|
|
|
new_record,
|
|
|
|
|
new_record_nulls, new_record_repl);
|
2005-06-28 07:09:14 +02:00
|
|
|
simple_heap_update(pg_authmem_rel, &tuple->t_self, tuple);
|
|
|
|
|
CatalogUpdateIndexes(pg_authmem_rel, tuple);
|
|
|
|
|
}
|
1999-12-16 18:24:19 +01:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
ReleaseSysCache(authmem_tuple);
|
2005-06-29 22:34:15 +02:00
|
|
|
|
|
|
|
|
/* CCI after each change, in case there are duplicates in list */
|
|
|
|
|
CommandCounterIncrement();
|
2005-06-28 07:09:14 +02:00
|
|
|
}
|
2002-04-27 23:24:34 +02:00
|
|
|
|
2002-10-21 21:46:45 +02:00
|
|
|
/*
|
2009-09-01 04:54:52 +02:00
|
|
|
* Close pg_authmem, but keep lock till commit.
|
2002-10-21 21:46:45 +02:00
|
|
|
*/
|
2005-06-28 07:09:14 +02:00
|
|
|
heap_close(pg_authmem_rel, NoLock);
|
2003-06-27 16:45:32 +02:00
|
|
|
}
|
