1996-07-09 08:22:35 +02:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
|
*
|
1999-02-14 00:22:53 +01:00
|
|
|
* aclchk.c
|
1997-09-07 07:04:48 +02:00
|
|
|
* Routines to check access control permissions.
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
2003-08-04 04:40:20 +02:00
|
|
|
* Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group
|
2000-01-26 06:58:53 +01:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* IDENTIFICATION
|
2004-06-01 23:49:23 +02:00
|
|
|
* $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.103 2004/06/01 21:49:22 tgl Exp $
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
|
* NOTES
|
1997-09-07 07:04:48 +02:00
|
|
|
* See acl.h.
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
|
*/
|
1996-11-03 07:54:38 +01:00
|
|
|
#include "postgres.h"
|
|
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
#include "access/heapam.h"
|
|
|
|
|
#include "catalog/catalog.h"
|
|
|
|
|
#include "catalog/catname.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "catalog/indexing.h"
|
2002-03-26 20:17:02 +01:00
|
|
|
#include "catalog/namespace.h"
|
2003-11-21 23:32:49 +01:00
|
|
|
#include "catalog/pg_conversion.h"
|
2002-04-21 02:26:44 +02:00
|
|
|
#include "catalog/pg_database.h"
|
1996-07-09 08:22:35 +02:00
|
|
|
#include "catalog/pg_group.h"
|
2002-02-19 00:11:58 +01:00
|
|
|
#include "catalog/pg_language.h"
|
2002-04-21 02:26:44 +02:00
|
|
|
#include "catalog/pg_namespace.h"
|
2002-07-30 00:14:11 +02:00
|
|
|
#include "catalog/pg_opclass.h"
|
1996-10-31 06:55:24 +01:00
|
|
|
#include "catalog/pg_operator.h"
|
1996-11-08 07:02:30 +01:00
|
|
|
#include "catalog/pg_proc.h"
|
1998-02-25 14:09:49 +01:00
|
|
|
#include "catalog/pg_shadow.h"
|
1998-04-27 06:08:07 +02:00
|
|
|
#include "catalog/pg_type.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "miscadmin.h"
|
1997-11-25 23:07:18 +01:00
|
|
|
#include "parser/parse_func.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "utils/acl.h"
|
2002-04-21 02:26:44 +02:00
|
|
|
#include "utils/fmgroids.h"
|
|
|
|
|
#include "utils/lsyscache.h"
|
1996-07-09 08:22:35 +02:00
|
|
|
#include "utils/syscache.h"
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
static void ExecuteGrantStmt_Relation(GrantStmt *stmt);
|
|
|
|
|
static void ExecuteGrantStmt_Database(GrantStmt *stmt);
|
2002-02-19 00:11:58 +01:00
|
|
|
static void ExecuteGrantStmt_Function(GrantStmt *stmt);
|
2002-04-21 02:26:44 +02:00
|
|
|
static void ExecuteGrantStmt_Language(GrantStmt *stmt);
|
|
|
|
|
static void ExecuteGrantStmt_Namespace(GrantStmt *stmt);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
static const char *privilege_to_string(AclMode privilege);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2000-10-02 06:49:28 +02:00
|
|
|
|
2001-05-27 11:59:30 +02:00
|
|
|
#ifdef ACLDEBUG
|
1996-07-09 08:22:35 +02:00
|
|
|
static
|
1997-09-08 22:59:27 +02:00
|
|
|
dumpacl(Acl *acl)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2000-08-01 00:39:17 +02:00
|
|
|
int i;
|
1997-09-08 04:41:22 +02:00
|
|
|
AclItem *aip;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2003-05-27 19:49:47 +02:00
|
|
|
elog(DEBUG2, "acl size = %d, # acls = %d",
|
1997-09-07 07:04:48 +02:00
|
|
|
ACL_SIZE(acl), ACL_NUM(acl));
|
2000-08-01 00:39:17 +02:00
|
|
|
aip = ACL_DAT(acl);
|
1997-09-07 07:04:48 +02:00
|
|
|
for (i = 0; i < ACL_NUM(acl); ++i)
|
2003-05-27 19:49:47 +02:00
|
|
|
elog(DEBUG2, " acl[%d]: %s", i,
|
2000-08-01 00:39:17 +02:00
|
|
|
DatumGetCString(DirectFunctionCall1(aclitemout,
|
2001-03-22 05:01:46 +01:00
|
|
|
PointerGetDatum(aip + i))));
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
2001-11-05 18:46:40 +01:00
|
|
|
#endif /* ACLDEBUG */
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
|
2003-10-31 21:00:49 +01:00
|
|
|
/*
|
|
|
|
|
* Determine the effective grantor ID for a GRANT or REVOKE operation.
|
|
|
|
|
*
|
|
|
|
|
* Ordinarily this is just the current user, but when a superuser does
|
|
|
|
|
* GRANT or REVOKE, we pretend he is the object owner. This ensures that
|
|
|
|
|
* all granted privileges appear to flow from the object owner, and there
|
|
|
|
|
* are never multiple "original sources" of a privilege.
|
|
|
|
|
*/
|
|
|
|
|
static AclId
|
|
|
|
|
select_grantor(AclId ownerId)
|
|
|
|
|
{
|
|
|
|
|
AclId grantorId;
|
|
|
|
|
|
|
|
|
|
grantorId = GetUserId();
|
|
|
|
|
|
|
|
|
|
/* fast path if no difference */
|
|
|
|
|
if (grantorId == ownerId)
|
|
|
|
|
return grantorId;
|
|
|
|
|
|
|
|
|
|
if (superuser())
|
|
|
|
|
grantorId = ownerId;
|
|
|
|
|
|
|
|
|
|
return grantorId;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
/*
|
|
|
|
|
* If is_grant is true, adds the given privileges for the list of
|
|
|
|
|
* grantees to the existing old_acl. If is_grant is false, the
|
|
|
|
|
* privileges for the given grantees are removed from old_acl.
|
2003-09-04 17:53:04 +02:00
|
|
|
*
|
|
|
|
|
* NB: the original old_acl is pfree'd.
|
2002-02-19 00:11:58 +01:00
|
|
|
*/
|
2002-04-21 02:26:44 +02:00
|
|
|
static Acl *
|
|
|
|
|
merge_acl_with_grant(Acl *old_acl, bool is_grant,
|
2003-10-05 23:49:12 +02:00
|
|
|
bool grant_option, DropBehavior behavior,
|
2003-10-31 21:00:49 +01:00
|
|
|
List *grantees, AclMode privileges,
|
|
|
|
|
AclId grantor_uid, AclId owner_uid)
|
2002-02-19 00:11:58 +01:00
|
|
|
{
|
2002-04-21 02:26:44 +02:00
|
|
|
unsigned modechg;
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *j;
|
2002-02-19 00:11:58 +01:00
|
|
|
Acl *new_acl;
|
|
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
modechg = is_grant ? ACL_MODECHG_ADD : ACL_MODECHG_DEL;
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
#ifdef ACLDEBUG
|
|
|
|
|
dumpacl(old_acl);
|
|
|
|
|
#endif
|
|
|
|
|
new_acl = old_acl;
|
|
|
|
|
|
|
|
|
|
foreach(j, grantees)
|
|
|
|
|
{
|
|
|
|
|
PrivGrantee *grantee = (PrivGrantee *) lfirst(j);
|
2003-09-04 17:53:04 +02:00
|
|
|
AclItem aclitem;
|
2002-04-21 02:26:44 +02:00
|
|
|
uint32 idtype;
|
2003-09-04 17:53:04 +02:00
|
|
|
Acl *newer_acl;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
if (grantee->username)
|
2002-04-21 02:26:44 +02:00
|
|
|
{
|
2003-09-04 17:53:04 +02:00
|
|
|
aclitem.ai_grantee = get_usesysid(grantee->username);
|
2003-08-04 02:43:34 +02:00
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
idtype = ACL_IDTYPE_UID;
|
|
|
|
|
}
|
2002-02-19 00:11:58 +01:00
|
|
|
else if (grantee->groupname)
|
2002-04-21 02:26:44 +02:00
|
|
|
{
|
2003-09-04 17:53:04 +02:00
|
|
|
aclitem.ai_grantee = get_grosysid(grantee->groupname);
|
2003-08-04 02:43:34 +02:00
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
idtype = ACL_IDTYPE_GID;
|
|
|
|
|
}
|
2002-02-19 00:11:58 +01:00
|
|
|
else
|
2002-04-21 02:26:44 +02:00
|
|
|
{
|
2003-09-04 17:53:04 +02:00
|
|
|
aclitem.ai_grantee = ACL_ID_WORLD;
|
2003-08-04 02:43:34 +02:00
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
idtype = ACL_IDTYPE_WORLD;
|
|
|
|
|
}
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2003-01-24 00:39:07 +01:00
|
|
|
/*
|
|
|
|
|
* Grant options can only be granted to individual users, not
|
2003-08-04 02:43:34 +02:00
|
|
|
* groups or public. The reason is that if a user would re-grant
|
|
|
|
|
* a privilege that he held through a group having a grant option,
|
|
|
|
|
* and later the user is removed from the group, the situation is
|
|
|
|
|
* impossible to clean up.
|
2003-01-24 00:39:07 +01:00
|
|
|
*/
|
2003-10-31 21:00:49 +01:00
|
|
|
if (is_grant && grant_option && idtype != ACL_IDTYPE_UID)
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_GRANT_OPERATION),
|
|
|
|
|
errmsg("grant options can only be granted to individual users")));
|
2003-01-24 00:39:07 +01:00
|
|
|
|
2003-10-31 21:00:49 +01:00
|
|
|
aclitem.ai_grantor = grantor_uid;
|
2003-01-24 00:39:07 +01:00
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
/*
|
|
|
|
|
* The asymmetry in the conditions here comes from the spec. In
|
|
|
|
|
* GRANT, the grant_option flag signals WITH GRANT OPTION, which means
|
|
|
|
|
* to grant both the basic privilege and its grant option. But in
|
|
|
|
|
* REVOKE, plain revoke revokes both the basic privilege and its
|
|
|
|
|
* grant option, while REVOKE GRANT OPTION revokes only the option.
|
|
|
|
|
*/
|
2003-01-24 00:39:07 +01:00
|
|
|
ACLITEM_SET_PRIVS_IDTYPE(aclitem,
|
2003-10-05 23:49:12 +02:00
|
|
|
(is_grant || !grant_option) ? privileges : ACL_NO_RIGHTS,
|
2004-06-01 23:49:23 +02:00
|
|
|
(!is_grant || grant_option) ? privileges : ACL_NO_RIGHTS,
|
2003-01-24 00:39:07 +01:00
|
|
|
idtype);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
newer_acl = aclupdate(new_acl, &aclitem, modechg, owner_uid, behavior);
|
2003-09-04 17:53:04 +02:00
|
|
|
|
|
|
|
|
/* avoid memory leak when there are many grantees */
|
|
|
|
|
pfree(new_acl);
|
|
|
|
|
new_acl = newer_acl;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
#ifdef ACLDEBUG
|
|
|
|
|
dumpacl(new_acl);
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return new_acl;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
/*
|
2001-06-10 01:21:55 +02:00
|
|
|
* Called to execute the utility commands GRANT and REVOKE
|
1996-07-09 08:22:35 +02:00
|
|
|
*/
|
|
|
|
|
void
|
2001-06-10 01:21:55 +02:00
|
|
|
ExecuteGrantStmt(GrantStmt *stmt)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2002-04-21 02:26:44 +02:00
|
|
|
switch (stmt->objtype)
|
2002-02-19 00:11:58 +01:00
|
|
|
{
|
2002-04-21 02:26:44 +02:00
|
|
|
case ACL_OBJECT_RELATION:
|
|
|
|
|
ExecuteGrantStmt_Relation(stmt);
|
|
|
|
|
break;
|
|
|
|
|
case ACL_OBJECT_DATABASE:
|
|
|
|
|
ExecuteGrantStmt_Database(stmt);
|
2002-02-19 00:11:58 +01:00
|
|
|
break;
|
2002-04-21 02:26:44 +02:00
|
|
|
case ACL_OBJECT_FUNCTION:
|
2002-02-19 00:11:58 +01:00
|
|
|
ExecuteGrantStmt_Function(stmt);
|
|
|
|
|
break;
|
2002-04-21 02:26:44 +02:00
|
|
|
case ACL_OBJECT_LANGUAGE:
|
|
|
|
|
ExecuteGrantStmt_Language(stmt);
|
|
|
|
|
break;
|
|
|
|
|
case ACL_OBJECT_NAMESPACE:
|
|
|
|
|
ExecuteGrantStmt_Namespace(stmt);
|
2002-02-19 00:11:58 +01:00
|
|
|
break;
|
|
|
|
|
default:
|
2003-07-21 03:59:11 +02:00
|
|
|
elog(ERROR, "unrecognized GrantStmt.objtype: %d",
|
|
|
|
|
(int) stmt->objtype);
|
2002-02-19 00:11:58 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2002-04-21 02:26:44 +02:00
|
|
|
ExecuteGrantStmt_Relation(GrantStmt *stmt)
|
2002-02-19 00:11:58 +01:00
|
|
|
{
|
2002-04-21 02:26:44 +02:00
|
|
|
AclMode privileges;
|
2004-06-01 23:49:23 +02:00
|
|
|
bool all_privs;
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *i;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2004-05-26 06:41:50 +02:00
|
|
|
if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
|
2004-06-01 23:49:23 +02:00
|
|
|
{
|
|
|
|
|
all_privs = true;
|
2002-04-21 02:26:44 +02:00
|
|
|
privileges = ACL_ALL_RIGHTS_RELATION;
|
2004-06-01 23:49:23 +02:00
|
|
|
}
|
2002-02-19 00:11:58 +01:00
|
|
|
else
|
|
|
|
|
{
|
2004-06-01 23:49:23 +02:00
|
|
|
all_privs = false;
|
2002-04-21 02:26:44 +02:00
|
|
|
privileges = ACL_NO_RIGHTS;
|
2002-02-19 00:11:58 +01:00
|
|
|
foreach(i, stmt->privileges)
|
|
|
|
|
{
|
2004-05-26 06:41:50 +02:00
|
|
|
AclMode priv = lfirst_int(i);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
if (priv & ~((AclMode) ACL_ALL_RIGHTS_RELATION))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_GRANT_OPERATION),
|
|
|
|
|
errmsg("invalid privilege type %s for table",
|
|
|
|
|
privilege_to_string(priv))));
|
2002-04-21 02:26:44 +02:00
|
|
|
privileges |= priv;
|
2002-02-19 00:11:58 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
foreach(i, stmt->objects)
|
2000-08-01 00:39:17 +02:00
|
|
|
{
|
2002-03-26 20:17:02 +01:00
|
|
|
RangeVar *relvar = (RangeVar *) lfirst(i);
|
|
|
|
|
Oid relOid;
|
2001-06-10 01:21:55 +02:00
|
|
|
Relation relation;
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
Form_pg_class pg_class_tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
2004-06-01 23:49:23 +02:00
|
|
|
AclMode my_goptions;
|
|
|
|
|
AclMode this_privileges;
|
2001-06-10 01:21:55 +02:00
|
|
|
Acl *old_acl;
|
|
|
|
|
Acl *new_acl;
|
2003-10-31 21:00:49 +01:00
|
|
|
AclId grantorId;
|
|
|
|
|
AclId ownerId;
|
2001-06-10 01:21:55 +02:00
|
|
|
HeapTuple newtuple;
|
|
|
|
|
Datum values[Natts_pg_class];
|
|
|
|
|
char nulls[Natts_pg_class];
|
|
|
|
|
char replaces[Natts_pg_class];
|
|
|
|
|
|
|
|
|
|
/* open pg_class */
|
|
|
|
|
relation = heap_openr(RelationRelationName, RowExclusiveLock);
|
2002-03-26 20:17:02 +01:00
|
|
|
relOid = RangeVarGetRelid(relvar, false);
|
|
|
|
|
tuple = SearchSysCache(RELOID,
|
|
|
|
|
ObjectIdGetDatum(relOid),
|
2001-06-10 01:21:55 +02:00
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
elog(ERROR, "cache lookup failed for relation %u", relOid);
|
2001-06-10 01:21:55 +02:00
|
|
|
pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
|
|
|
|
|
|
2003-07-21 03:59:11 +02:00
|
|
|
/* Not sensible to grant on an index */
|
2001-06-10 01:21:55 +02:00
|
|
|
if (pg_class_tuple->relkind == RELKIND_INDEX)
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_WRONG_OBJECT_TYPE),
|
|
|
|
|
errmsg("\"%s\" is an index",
|
|
|
|
|
relvar->relname)));
|
2001-06-10 01:21:55 +02:00
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
/* Composite types aren't tables either */
|
|
|
|
|
if (pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_WRONG_OBJECT_TYPE),
|
|
|
|
|
errmsg("\"%s\" is a composite type",
|
|
|
|
|
relvar->relname)));
|
|
|
|
|
|
|
|
|
|
ownerId = pg_class_tuple->relowner;
|
|
|
|
|
grantorId = select_grantor(ownerId);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Must be owner or have some privilege on the object (per spec,
|
|
|
|
|
* any privilege will get you by here). The owner is always
|
|
|
|
|
* treated as having all grant options.
|
|
|
|
|
*/
|
|
|
|
|
if (pg_class_ownercheck(relOid, GetUserId()))
|
|
|
|
|
my_goptions = ACL_ALL_RIGHTS_RELATION;
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
AclMode my_rights;
|
|
|
|
|
|
|
|
|
|
my_rights = pg_class_aclmask(relOid,
|
|
|
|
|
GetUserId(),
|
|
|
|
|
ACL_ALL_RIGHTS_RELATION | ACL_GRANT_OPTION_FOR(ACL_ALL_RIGHTS_RELATION),
|
|
|
|
|
ACLMASK_ALL);
|
|
|
|
|
if (my_rights == ACL_NO_RIGHTS)
|
|
|
|
|
aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_CLASS,
|
|
|
|
|
relvar->relname);
|
|
|
|
|
my_goptions = ACL_OPTION_TO_PRIVS(my_rights);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Restrict the operation to what we can actually grant or revoke,
|
|
|
|
|
* and issue a warning if appropriate. (For REVOKE this isn't quite
|
|
|
|
|
* what the spec says to do: the spec seems to want a warning only
|
|
|
|
|
* if no privilege bits actually change in the ACL. In practice
|
|
|
|
|
* that behavior seems much too noisy, as well as inconsistent with
|
|
|
|
|
* the GRANT case.)
|
|
|
|
|
*/
|
|
|
|
|
this_privileges = privileges & my_goptions;
|
|
|
|
|
if (stmt->is_grant)
|
|
|
|
|
{
|
|
|
|
|
if (this_privileges == 0)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
|
|
|
|
|
errmsg("no privileges were granted")));
|
|
|
|
|
else if (!all_privs && this_privileges != privileges)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
|
|
|
|
|
errmsg("not all privileges were granted")));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (this_privileges == 0)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
|
|
|
|
|
errmsg("no privileges could be revoked")));
|
|
|
|
|
else if (!all_privs && this_privileges != privileges)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
|
|
|
|
|
errmsg("not all privileges could be revoked")));
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
/*
|
2003-10-31 21:00:49 +01:00
|
|
|
* If there's no ACL, substitute the proper default.
|
2001-06-10 01:21:55 +02:00
|
|
|
*/
|
2002-03-26 20:17:02 +01:00
|
|
|
aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
|
2001-06-10 01:21:55 +02:00
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
2003-10-31 21:00:49 +01:00
|
|
|
old_acl = acldefault(ACL_OBJECT_RELATION, ownerId);
|
2001-06-10 01:21:55 +02:00
|
|
|
else
|
2002-04-21 02:26:44 +02:00
|
|
|
/* get a detoasted copy of the ACL */
|
2001-06-10 01:21:55 +02:00
|
|
|
old_acl = DatumGetAclPCopy(aclDatum);
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
new_acl = merge_acl_with_grant(old_acl, stmt->is_grant,
|
2003-10-05 23:49:12 +02:00
|
|
|
stmt->grant_option, stmt->behavior,
|
2004-06-01 23:49:23 +02:00
|
|
|
stmt->grantees, this_privileges,
|
2003-10-31 21:00:49 +01:00
|
|
|
grantorId, ownerId);
|
2001-06-10 01:21:55 +02:00
|
|
|
|
|
|
|
|
/* finished building new ACL value, now insert it */
|
2002-04-21 02:26:44 +02:00
|
|
|
MemSet(values, 0, sizeof(values));
|
|
|
|
|
MemSet(nulls, ' ', sizeof(nulls));
|
|
|
|
|
MemSet(replaces, ' ', sizeof(replaces));
|
|
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
replaces[Anum_pg_class_relacl - 1] = 'r';
|
|
|
|
|
values[Anum_pg_class_relacl - 1] = PointerGetDatum(new_acl);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
newtuple = heap_modifytuple(tuple, relation, values, nulls, replaces);
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
ReleaseSysCache(tuple);
|
2000-11-16 23:30:52 +01:00
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
simple_heap_update(relation, &newtuple->t_self, newtuple);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2002-08-05 05:29:17 +02:00
|
|
|
/* keep the catalog indexes up to date */
|
|
|
|
|
CatalogUpdateIndexes(relation, newtuple);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
pfree(new_acl);
|
2000-10-02 06:49:28 +02:00
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
heap_close(relation, RowExclusiveLock);
|
|
|
|
|
}
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
static void
|
|
|
|
|
ExecuteGrantStmt_Database(GrantStmt *stmt)
|
|
|
|
|
{
|
|
|
|
|
AclMode privileges;
|
2004-06-01 23:49:23 +02:00
|
|
|
bool all_privs;
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *i;
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2004-05-26 06:41:50 +02:00
|
|
|
if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
|
2004-06-01 23:49:23 +02:00
|
|
|
{
|
|
|
|
|
all_privs = true;
|
2002-04-21 02:26:44 +02:00
|
|
|
privileges = ACL_ALL_RIGHTS_DATABASE;
|
2004-06-01 23:49:23 +02:00
|
|
|
}
|
2002-04-21 02:26:44 +02:00
|
|
|
else
|
|
|
|
|
{
|
2004-06-01 23:49:23 +02:00
|
|
|
all_privs = false;
|
2002-04-21 02:26:44 +02:00
|
|
|
privileges = ACL_NO_RIGHTS;
|
|
|
|
|
foreach(i, stmt->privileges)
|
|
|
|
|
{
|
2004-05-26 06:41:50 +02:00
|
|
|
AclMode priv = lfirst_int(i);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
if (priv & ~((AclMode) ACL_ALL_RIGHTS_DATABASE))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_GRANT_OPERATION),
|
|
|
|
|
errmsg("invalid privilege type %s for database",
|
|
|
|
|
privilege_to_string(priv))));
|
2002-04-21 02:26:44 +02:00
|
|
|
privileges |= priv;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
foreach(i, stmt->objects)
|
|
|
|
|
{
|
|
|
|
|
char *dbname = strVal(lfirst(i));
|
|
|
|
|
Relation relation;
|
|
|
|
|
ScanKeyData entry[1];
|
|
|
|
|
HeapScanDesc scan;
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
Form_pg_database pg_database_tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
2004-06-01 23:49:23 +02:00
|
|
|
AclMode my_goptions;
|
|
|
|
|
AclMode this_privileges;
|
2002-04-21 02:26:44 +02:00
|
|
|
Acl *old_acl;
|
|
|
|
|
Acl *new_acl;
|
2003-10-31 21:00:49 +01:00
|
|
|
AclId grantorId;
|
|
|
|
|
AclId ownerId;
|
2002-04-21 02:26:44 +02:00
|
|
|
HeapTuple newtuple;
|
|
|
|
|
Datum values[Natts_pg_database];
|
|
|
|
|
char nulls[Natts_pg_database];
|
|
|
|
|
char replaces[Natts_pg_database];
|
|
|
|
|
|
|
|
|
|
relation = heap_openr(DatabaseRelationName, RowExclusiveLock);
|
2003-11-12 22:15:59 +01:00
|
|
|
ScanKeyInit(&entry[0],
|
|
|
|
|
Anum_pg_database_datname,
|
|
|
|
|
BTEqualStrategyNumber, F_NAMEEQ,
|
|
|
|
|
CStringGetDatum(dbname));
|
2002-05-21 01:51:44 +02:00
|
|
|
scan = heap_beginscan(relation, SnapshotNow, 1, entry);
|
|
|
|
|
tuple = heap_getnext(scan, ForwardScanDirection);
|
2002-04-21 02:26:44 +02:00
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_DATABASE),
|
|
|
|
|
errmsg("database \"%s\" does not exist", dbname)));
|
2002-04-21 02:26:44 +02:00
|
|
|
pg_database_tuple = (Form_pg_database) GETSTRUCT(tuple);
|
|
|
|
|
|
2003-10-31 21:00:49 +01:00
|
|
|
ownerId = pg_database_tuple->datdba;
|
|
|
|
|
grantorId = select_grantor(ownerId);
|
|
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
/*
|
|
|
|
|
* Must be owner or have some privilege on the object (per spec,
|
|
|
|
|
* any privilege will get you by here). The owner is always
|
|
|
|
|
* treated as having all grant options.
|
|
|
|
|
*/
|
|
|
|
|
if (pg_database_ownercheck(HeapTupleGetOid(tuple), GetUserId()))
|
|
|
|
|
my_goptions = ACL_ALL_RIGHTS_DATABASE;
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
AclMode my_rights;
|
|
|
|
|
|
|
|
|
|
my_rights = pg_database_aclmask(HeapTupleGetOid(tuple),
|
|
|
|
|
GetUserId(),
|
|
|
|
|
ACL_ALL_RIGHTS_DATABASE | ACL_GRANT_OPTION_FOR(ACL_ALL_RIGHTS_DATABASE),
|
|
|
|
|
ACLMASK_ALL);
|
|
|
|
|
if (my_rights == ACL_NO_RIGHTS)
|
|
|
|
|
aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_DATABASE,
|
|
|
|
|
NameStr(pg_database_tuple->datname));
|
|
|
|
|
my_goptions = ACL_OPTION_TO_PRIVS(my_rights);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Restrict the operation to what we can actually grant or revoke,
|
|
|
|
|
* and issue a warning if appropriate. (For REVOKE this isn't quite
|
|
|
|
|
* what the spec says to do: the spec seems to want a warning only
|
|
|
|
|
* if no privilege bits actually change in the ACL. In practice
|
|
|
|
|
* that behavior seems much too noisy, as well as inconsistent with
|
|
|
|
|
* the GRANT case.)
|
|
|
|
|
*/
|
|
|
|
|
this_privileges = privileges & my_goptions;
|
|
|
|
|
if (stmt->is_grant)
|
|
|
|
|
{
|
|
|
|
|
if (this_privileges == 0)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
|
|
|
|
|
errmsg("no privileges were granted")));
|
|
|
|
|
else if (!all_privs && this_privileges != privileges)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
|
|
|
|
|
errmsg("not all privileges were granted")));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (this_privileges == 0)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
|
|
|
|
|
errmsg("no privileges could be revoked")));
|
|
|
|
|
else if (!all_privs && this_privileges != privileges)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
|
|
|
|
|
errmsg("not all privileges could be revoked")));
|
|
|
|
|
}
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
/*
|
2003-10-31 21:00:49 +01:00
|
|
|
* If there's no ACL, substitute the proper default.
|
2002-04-21 02:26:44 +02:00
|
|
|
*/
|
|
|
|
|
aclDatum = heap_getattr(tuple, Anum_pg_database_datacl,
|
|
|
|
|
RelationGetDescr(relation), &isNull);
|
|
|
|
|
if (isNull)
|
2003-10-31 21:00:49 +01:00
|
|
|
old_acl = acldefault(ACL_OBJECT_DATABASE, ownerId);
|
2002-04-21 02:26:44 +02:00
|
|
|
else
|
|
|
|
|
/* get a detoasted copy of the ACL */
|
|
|
|
|
old_acl = DatumGetAclPCopy(aclDatum);
|
|
|
|
|
|
|
|
|
|
new_acl = merge_acl_with_grant(old_acl, stmt->is_grant,
|
2003-10-05 23:49:12 +02:00
|
|
|
stmt->grant_option, stmt->behavior,
|
2004-06-01 23:49:23 +02:00
|
|
|
stmt->grantees, this_privileges,
|
2003-10-31 21:00:49 +01:00
|
|
|
grantorId, ownerId);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
/* finished building new ACL value, now insert it */
|
|
|
|
|
MemSet(values, 0, sizeof(values));
|
|
|
|
|
MemSet(nulls, ' ', sizeof(nulls));
|
|
|
|
|
MemSet(replaces, ' ', sizeof(replaces));
|
|
|
|
|
|
|
|
|
|
replaces[Anum_pg_database_datacl - 1] = 'r';
|
|
|
|
|
values[Anum_pg_database_datacl - 1] = PointerGetDatum(new_acl);
|
|
|
|
|
|
|
|
|
|
newtuple = heap_modifytuple(tuple, relation, values, nulls, replaces);
|
|
|
|
|
|
|
|
|
|
simple_heap_update(relation, &newtuple->t_self, newtuple);
|
|
|
|
|
|
2002-08-05 05:29:17 +02:00
|
|
|
/* keep the catalog indexes up to date */
|
|
|
|
|
CatalogUpdateIndexes(relation, newtuple);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
pfree(new_acl);
|
|
|
|
|
|
|
|
|
|
heap_endscan(scan);
|
|
|
|
|
|
|
|
|
|
heap_close(relation, RowExclusiveLock);
|
|
|
|
|
}
|
|
|
|
|
}
|
2001-06-10 01:21:55 +02:00
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
static void
|
|
|
|
|
ExecuteGrantStmt_Function(GrantStmt *stmt)
|
|
|
|
|
{
|
2002-04-21 02:26:44 +02:00
|
|
|
AclMode privileges;
|
2004-06-01 23:49:23 +02:00
|
|
|
bool all_privs;
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *i;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2004-05-26 06:41:50 +02:00
|
|
|
if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
|
2004-06-01 23:49:23 +02:00
|
|
|
{
|
|
|
|
|
all_privs = true;
|
2002-04-21 02:26:44 +02:00
|
|
|
privileges = ACL_ALL_RIGHTS_FUNCTION;
|
2004-06-01 23:49:23 +02:00
|
|
|
}
|
2002-02-19 00:11:58 +01:00
|
|
|
else
|
|
|
|
|
{
|
2004-06-01 23:49:23 +02:00
|
|
|
all_privs = false;
|
2002-04-21 02:26:44 +02:00
|
|
|
privileges = ACL_NO_RIGHTS;
|
2002-02-19 00:11:58 +01:00
|
|
|
foreach(i, stmt->privileges)
|
|
|
|
|
{
|
2004-05-26 06:41:50 +02:00
|
|
|
AclMode priv = lfirst_int(i);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
if (priv & ~((AclMode) ACL_ALL_RIGHTS_FUNCTION))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_GRANT_OPERATION),
|
|
|
|
|
errmsg("invalid privilege type %s for function",
|
|
|
|
|
privilege_to_string(priv))));
|
2002-04-21 02:26:44 +02:00
|
|
|
privileges |= priv;
|
2002-02-19 00:11:58 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
foreach(i, stmt->objects)
|
|
|
|
|
{
|
|
|
|
|
FuncWithArgs *func = (FuncWithArgs *) lfirst(i);
|
|
|
|
|
Oid oid;
|
|
|
|
|
Relation relation;
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
Form_pg_proc pg_proc_tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
2004-06-01 23:49:23 +02:00
|
|
|
AclMode my_goptions;
|
|
|
|
|
AclMode this_privileges;
|
2002-02-19 00:11:58 +01:00
|
|
|
Acl *old_acl;
|
|
|
|
|
Acl *new_acl;
|
2003-10-31 21:00:49 +01:00
|
|
|
AclId grantorId;
|
|
|
|
|
AclId ownerId;
|
2002-02-19 00:11:58 +01:00
|
|
|
HeapTuple newtuple;
|
|
|
|
|
Datum values[Natts_pg_proc];
|
|
|
|
|
char nulls[Natts_pg_proc];
|
|
|
|
|
char replaces[Natts_pg_proc];
|
|
|
|
|
|
2003-07-04 04:51:34 +02:00
|
|
|
oid = LookupFuncNameTypeNames(func->funcname, func->funcargs, false);
|
2002-07-18 06:50:10 +02:00
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
relation = heap_openr(ProcedureRelationName, RowExclusiveLock);
|
2002-04-21 02:26:44 +02:00
|
|
|
tuple = SearchSysCache(PROCOID,
|
|
|
|
|
ObjectIdGetDatum(oid),
|
|
|
|
|
0, 0, 0);
|
2002-02-19 00:11:58 +01:00
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
elog(ERROR, "cache lookup failed for function %u", oid);
|
2002-02-19 00:11:58 +01:00
|
|
|
pg_proc_tuple = (Form_pg_proc) GETSTRUCT(tuple);
|
|
|
|
|
|
2003-10-31 21:00:49 +01:00
|
|
|
ownerId = pg_proc_tuple->proowner;
|
|
|
|
|
grantorId = select_grantor(ownerId);
|
|
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
/*
|
|
|
|
|
* Must be owner or have some privilege on the object (per spec,
|
|
|
|
|
* any privilege will get you by here). The owner is always
|
|
|
|
|
* treated as having all grant options.
|
|
|
|
|
*/
|
|
|
|
|
if (pg_proc_ownercheck(oid, GetUserId()))
|
|
|
|
|
my_goptions = ACL_ALL_RIGHTS_FUNCTION;
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
AclMode my_rights;
|
|
|
|
|
|
|
|
|
|
my_rights = pg_proc_aclmask(oid,
|
|
|
|
|
GetUserId(),
|
|
|
|
|
ACL_ALL_RIGHTS_FUNCTION | ACL_GRANT_OPTION_FOR(ACL_ALL_RIGHTS_FUNCTION),
|
|
|
|
|
ACLMASK_ALL);
|
|
|
|
|
if (my_rights == ACL_NO_RIGHTS)
|
|
|
|
|
aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_PROC,
|
|
|
|
|
NameStr(pg_proc_tuple->proname));
|
|
|
|
|
my_goptions = ACL_OPTION_TO_PRIVS(my_rights);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Restrict the operation to what we can actually grant or revoke,
|
|
|
|
|
* and issue a warning if appropriate. (For REVOKE this isn't quite
|
|
|
|
|
* what the spec says to do: the spec seems to want a warning only
|
|
|
|
|
* if no privilege bits actually change in the ACL. In practice
|
|
|
|
|
* that behavior seems much too noisy, as well as inconsistent with
|
|
|
|
|
* the GRANT case.)
|
|
|
|
|
*/
|
|
|
|
|
this_privileges = privileges & my_goptions;
|
|
|
|
|
if (stmt->is_grant)
|
|
|
|
|
{
|
|
|
|
|
if (this_privileges == 0)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
|
|
|
|
|
errmsg("no privileges were granted")));
|
|
|
|
|
else if (!all_privs && this_privileges != privileges)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
|
|
|
|
|
errmsg("not all privileges were granted")));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (this_privileges == 0)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
|
|
|
|
|
errmsg("no privileges could be revoked")));
|
|
|
|
|
else if (!all_privs && this_privileges != privileges)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
|
|
|
|
|
errmsg("not all privileges could be revoked")));
|
|
|
|
|
}
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
/*
|
2003-10-31 21:00:49 +01:00
|
|
|
* If there's no ACL, substitute the proper default.
|
2002-02-19 00:11:58 +01:00
|
|
|
*/
|
|
|
|
|
aclDatum = SysCacheGetAttr(PROCOID, tuple, Anum_pg_proc_proacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
2003-10-31 21:00:49 +01:00
|
|
|
old_acl = acldefault(ACL_OBJECT_FUNCTION, ownerId);
|
2002-02-19 00:11:58 +01:00
|
|
|
else
|
2002-04-21 02:26:44 +02:00
|
|
|
/* get a detoasted copy of the ACL */
|
2002-02-19 00:11:58 +01:00
|
|
|
old_acl = DatumGetAclPCopy(aclDatum);
|
|
|
|
|
|
|
|
|
|
new_acl = merge_acl_with_grant(old_acl, stmt->is_grant,
|
2003-10-05 23:49:12 +02:00
|
|
|
stmt->grant_option, stmt->behavior,
|
2004-06-01 23:49:23 +02:00
|
|
|
stmt->grantees, this_privileges,
|
2003-10-31 21:00:49 +01:00
|
|
|
grantorId, ownerId);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
/* finished building new ACL value, now insert it */
|
2002-04-21 02:26:44 +02:00
|
|
|
MemSet(values, 0, sizeof(values));
|
|
|
|
|
MemSet(nulls, ' ', sizeof(nulls));
|
|
|
|
|
MemSet(replaces, ' ', sizeof(replaces));
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
replaces[Anum_pg_proc_proacl - 1] = 'r';
|
|
|
|
|
values[Anum_pg_proc_proacl - 1] = PointerGetDatum(new_acl);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
newtuple = heap_modifytuple(tuple, relation, values, nulls, replaces);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
simple_heap_update(relation, &newtuple->t_self, newtuple);
|
|
|
|
|
|
2002-08-05 05:29:17 +02:00
|
|
|
/* keep the catalog indexes up to date */
|
|
|
|
|
CatalogUpdateIndexes(relation, newtuple);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
pfree(new_acl);
|
|
|
|
|
|
|
|
|
|
heap_close(relation, RowExclusiveLock);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2002-04-21 02:26:44 +02:00
|
|
|
ExecuteGrantStmt_Language(GrantStmt *stmt)
|
2002-02-19 00:11:58 +01:00
|
|
|
{
|
2002-04-21 02:26:44 +02:00
|
|
|
AclMode privileges;
|
2004-06-01 23:49:23 +02:00
|
|
|
bool all_privs;
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *i;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2004-05-26 06:41:50 +02:00
|
|
|
if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
|
2004-06-01 23:49:23 +02:00
|
|
|
{
|
|
|
|
|
all_privs = true;
|
2002-04-21 02:26:44 +02:00
|
|
|
privileges = ACL_ALL_RIGHTS_LANGUAGE;
|
2004-06-01 23:49:23 +02:00
|
|
|
}
|
2002-02-19 00:11:58 +01:00
|
|
|
else
|
|
|
|
|
{
|
2004-06-01 23:49:23 +02:00
|
|
|
all_privs = false;
|
2002-04-21 02:26:44 +02:00
|
|
|
privileges = ACL_NO_RIGHTS;
|
2002-02-19 00:11:58 +01:00
|
|
|
foreach(i, stmt->privileges)
|
|
|
|
|
{
|
2004-05-26 06:41:50 +02:00
|
|
|
AclMode priv = lfirst_int(i);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
if (priv & ~((AclMode) ACL_ALL_RIGHTS_LANGUAGE))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_GRANT_OPERATION),
|
|
|
|
|
errmsg("invalid privilege type %s for language",
|
|
|
|
|
privilege_to_string(priv))));
|
2002-04-21 02:26:44 +02:00
|
|
|
privileges |= priv;
|
2002-02-19 00:11:58 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
foreach(i, stmt->objects)
|
|
|
|
|
{
|
|
|
|
|
char *langname = strVal(lfirst(i));
|
|
|
|
|
Relation relation;
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
Form_pg_language pg_language_tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
2004-06-01 23:49:23 +02:00
|
|
|
AclMode my_goptions;
|
|
|
|
|
AclMode this_privileges;
|
2002-02-19 00:11:58 +01:00
|
|
|
Acl *old_acl;
|
|
|
|
|
Acl *new_acl;
|
2003-10-31 21:00:49 +01:00
|
|
|
AclId grantorId;
|
|
|
|
|
AclId ownerId;
|
2002-02-19 00:11:58 +01:00
|
|
|
HeapTuple newtuple;
|
|
|
|
|
Datum values[Natts_pg_language];
|
|
|
|
|
char nulls[Natts_pg_language];
|
|
|
|
|
char replaces[Natts_pg_language];
|
|
|
|
|
|
|
|
|
|
relation = heap_openr(LanguageRelationName, RowExclusiveLock);
|
2002-04-21 02:26:44 +02:00
|
|
|
tuple = SearchSysCache(LANGNAME,
|
|
|
|
|
PointerGetDatum(langname),
|
|
|
|
|
0, 0, 0);
|
2002-02-19 00:11:58 +01:00
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
|
errmsg("language \"%s\" does not exist", langname)));
|
2002-02-19 00:11:58 +01:00
|
|
|
pg_language_tuple = (Form_pg_language) GETSTRUCT(tuple);
|
|
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
if (!pg_language_tuple->lanpltrusted)
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_WRONG_OBJECT_TYPE),
|
|
|
|
|
errmsg("language \"%s\" is not trusted", langname)));
|
|
|
|
|
|
2003-10-31 21:00:49 +01:00
|
|
|
/*
|
|
|
|
|
* Note: for now, languages are treated as owned by the bootstrap
|
|
|
|
|
* user. We should add an owner column to pg_language instead.
|
|
|
|
|
*/
|
|
|
|
|
ownerId = BOOTSTRAP_USESYSID;
|
|
|
|
|
grantorId = select_grantor(ownerId);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
/*
|
|
|
|
|
* Must be owner or have some privilege on the object (per spec,
|
|
|
|
|
* any privilege will get you by here). The owner is always
|
|
|
|
|
* treated as having all grant options.
|
|
|
|
|
*/
|
|
|
|
|
if (superuser()) /* XXX no ownercheck() available */
|
|
|
|
|
my_goptions = ACL_ALL_RIGHTS_LANGUAGE;
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
AclMode my_rights;
|
|
|
|
|
|
|
|
|
|
my_rights = pg_language_aclmask(HeapTupleGetOid(tuple),
|
|
|
|
|
GetUserId(),
|
|
|
|
|
ACL_ALL_RIGHTS_LANGUAGE | ACL_GRANT_OPTION_FOR(ACL_ALL_RIGHTS_LANGUAGE),
|
|
|
|
|
ACLMASK_ALL);
|
|
|
|
|
if (my_rights == ACL_NO_RIGHTS)
|
|
|
|
|
aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_LANGUAGE,
|
|
|
|
|
NameStr(pg_language_tuple->lanname));
|
|
|
|
|
my_goptions = ACL_OPTION_TO_PRIVS(my_rights);
|
|
|
|
|
}
|
2003-01-24 00:39:07 +01:00
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
/*
|
|
|
|
|
* Restrict the operation to what we can actually grant or revoke,
|
|
|
|
|
* and issue a warning if appropriate. (For REVOKE this isn't quite
|
|
|
|
|
* what the spec says to do: the spec seems to want a warning only
|
|
|
|
|
* if no privilege bits actually change in the ACL. In practice
|
|
|
|
|
* that behavior seems much too noisy, as well as inconsistent with
|
|
|
|
|
* the GRANT case.)
|
|
|
|
|
*/
|
|
|
|
|
this_privileges = privileges & my_goptions;
|
|
|
|
|
if (stmt->is_grant)
|
|
|
|
|
{
|
|
|
|
|
if (this_privileges == 0)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
|
|
|
|
|
errmsg("no privileges were granted")));
|
|
|
|
|
else if (!all_privs && this_privileges != privileges)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
|
|
|
|
|
errmsg("not all privileges were granted")));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (this_privileges == 0)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
|
|
|
|
|
errmsg("no privileges could be revoked")));
|
|
|
|
|
else if (!all_privs && this_privileges != privileges)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
|
|
|
|
|
errmsg("not all privileges could be revoked")));
|
|
|
|
|
}
|
2003-10-31 21:00:49 +01:00
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
/*
|
2003-10-31 21:00:49 +01:00
|
|
|
* If there's no ACL, substitute the proper default.
|
2002-02-19 00:11:58 +01:00
|
|
|
*/
|
|
|
|
|
aclDatum = SysCacheGetAttr(LANGNAME, tuple, Anum_pg_language_lanacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
2003-10-31 21:00:49 +01:00
|
|
|
old_acl = acldefault(ACL_OBJECT_LANGUAGE, ownerId);
|
2002-02-19 00:11:58 +01:00
|
|
|
else
|
2002-04-21 02:26:44 +02:00
|
|
|
/* get a detoasted copy of the ACL */
|
2002-02-19 00:11:58 +01:00
|
|
|
old_acl = DatumGetAclPCopy(aclDatum);
|
|
|
|
|
|
|
|
|
|
new_acl = merge_acl_with_grant(old_acl, stmt->is_grant,
|
2003-10-05 23:49:12 +02:00
|
|
|
stmt->grant_option, stmt->behavior,
|
2004-06-01 23:49:23 +02:00
|
|
|
stmt->grantees, this_privileges,
|
2003-10-31 21:00:49 +01:00
|
|
|
grantorId, ownerId);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
/* finished building new ACL value, now insert it */
|
2002-04-21 02:26:44 +02:00
|
|
|
MemSet(values, 0, sizeof(values));
|
|
|
|
|
MemSet(nulls, ' ', sizeof(nulls));
|
|
|
|
|
MemSet(replaces, ' ', sizeof(replaces));
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
replaces[Anum_pg_language_lanacl - 1] = 'r';
|
|
|
|
|
values[Anum_pg_language_lanacl - 1] = PointerGetDatum(new_acl);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
newtuple = heap_modifytuple(tuple, relation, values, nulls, replaces);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
simple_heap_update(relation, &newtuple->t_self, newtuple);
|
|
|
|
|
|
2002-08-05 05:29:17 +02:00
|
|
|
/* keep the catalog indexes up to date */
|
|
|
|
|
CatalogUpdateIndexes(relation, newtuple);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
pfree(new_acl);
|
|
|
|
|
|
|
|
|
|
heap_close(relation, RowExclusiveLock);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
static void
|
|
|
|
|
ExecuteGrantStmt_Namespace(GrantStmt *stmt)
|
2002-02-19 00:11:58 +01:00
|
|
|
{
|
2002-04-21 02:26:44 +02:00
|
|
|
AclMode privileges;
|
2004-06-01 23:49:23 +02:00
|
|
|
bool all_privs;
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *i;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2004-05-26 06:41:50 +02:00
|
|
|
if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
|
2004-06-01 23:49:23 +02:00
|
|
|
{
|
|
|
|
|
all_privs = true;
|
2002-04-21 02:26:44 +02:00
|
|
|
privileges = ACL_ALL_RIGHTS_NAMESPACE;
|
2004-06-01 23:49:23 +02:00
|
|
|
}
|
2002-02-19 00:11:58 +01:00
|
|
|
else
|
2002-04-21 02:26:44 +02:00
|
|
|
{
|
2004-06-01 23:49:23 +02:00
|
|
|
all_privs = false;
|
2002-04-21 02:26:44 +02:00
|
|
|
privileges = ACL_NO_RIGHTS;
|
|
|
|
|
foreach(i, stmt->privileges)
|
|
|
|
|
{
|
2004-05-26 06:41:50 +02:00
|
|
|
AclMode priv = lfirst_int(i);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
if (priv & ~((AclMode) ACL_ALL_RIGHTS_NAMESPACE))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_GRANT_OPERATION),
|
|
|
|
|
errmsg("invalid privilege type %s for schema",
|
|
|
|
|
privilege_to_string(priv))));
|
2002-04-21 02:26:44 +02:00
|
|
|
privileges |= priv;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
foreach(i, stmt->objects)
|
|
|
|
|
{
|
|
|
|
|
char *nspname = strVal(lfirst(i));
|
|
|
|
|
Relation relation;
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
Form_pg_namespace pg_namespace_tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
2004-06-01 23:49:23 +02:00
|
|
|
AclMode my_goptions;
|
|
|
|
|
AclMode this_privileges;
|
2002-04-21 02:26:44 +02:00
|
|
|
Acl *old_acl;
|
|
|
|
|
Acl *new_acl;
|
2003-10-31 21:00:49 +01:00
|
|
|
AclId grantorId;
|
|
|
|
|
AclId ownerId;
|
2002-04-21 02:26:44 +02:00
|
|
|
HeapTuple newtuple;
|
|
|
|
|
Datum values[Natts_pg_namespace];
|
|
|
|
|
char nulls[Natts_pg_namespace];
|
|
|
|
|
char replaces[Natts_pg_namespace];
|
|
|
|
|
|
|
|
|
|
relation = heap_openr(NamespaceRelationName, RowExclusiveLock);
|
|
|
|
|
tuple = SearchSysCache(NAMESPACENAME,
|
|
|
|
|
CStringGetDatum(nspname),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_SCHEMA),
|
|
|
|
|
errmsg("schema \"%s\" does not exist", nspname)));
|
2002-04-21 02:26:44 +02:00
|
|
|
pg_namespace_tuple = (Form_pg_namespace) GETSTRUCT(tuple);
|
|
|
|
|
|
2003-10-31 21:00:49 +01:00
|
|
|
ownerId = pg_namespace_tuple->nspowner;
|
|
|
|
|
grantorId = select_grantor(ownerId);
|
|
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
/*
|
|
|
|
|
* Must be owner or have some privilege on the object (per spec,
|
|
|
|
|
* any privilege will get you by here). The owner is always
|
|
|
|
|
* treated as having all grant options.
|
|
|
|
|
*/
|
|
|
|
|
if (pg_namespace_ownercheck(HeapTupleGetOid(tuple), GetUserId()))
|
|
|
|
|
my_goptions = ACL_ALL_RIGHTS_NAMESPACE;
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
AclMode my_rights;
|
|
|
|
|
|
|
|
|
|
my_rights = pg_namespace_aclmask(HeapTupleGetOid(tuple),
|
|
|
|
|
GetUserId(),
|
|
|
|
|
ACL_ALL_RIGHTS_NAMESPACE | ACL_GRANT_OPTION_FOR(ACL_ALL_RIGHTS_NAMESPACE),
|
|
|
|
|
ACLMASK_ALL);
|
|
|
|
|
if (my_rights == ACL_NO_RIGHTS)
|
|
|
|
|
aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_NAMESPACE,
|
|
|
|
|
nspname);
|
|
|
|
|
my_goptions = ACL_OPTION_TO_PRIVS(my_rights);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Restrict the operation to what we can actually grant or revoke,
|
|
|
|
|
* and issue a warning if appropriate. (For REVOKE this isn't quite
|
|
|
|
|
* what the spec says to do: the spec seems to want a warning only
|
|
|
|
|
* if no privilege bits actually change in the ACL. In practice
|
|
|
|
|
* that behavior seems much too noisy, as well as inconsistent with
|
|
|
|
|
* the GRANT case.)
|
|
|
|
|
*/
|
|
|
|
|
this_privileges = privileges & my_goptions;
|
|
|
|
|
if (stmt->is_grant)
|
|
|
|
|
{
|
|
|
|
|
if (this_privileges == 0)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
|
|
|
|
|
errmsg("no privileges were granted")));
|
|
|
|
|
else if (!all_privs && this_privileges != privileges)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
|
|
|
|
|
errmsg("not all privileges were granted")));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (this_privileges == 0)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
|
|
|
|
|
errmsg("no privileges could be revoked")));
|
|
|
|
|
else if (!all_privs && this_privileges != privileges)
|
|
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
|
|
|
|
|
errmsg("not all privileges could be revoked")));
|
|
|
|
|
}
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
/*
|
2003-10-31 21:00:49 +01:00
|
|
|
* If there's no ACL, substitute the proper default.
|
2002-04-21 02:26:44 +02:00
|
|
|
*/
|
|
|
|
|
aclDatum = SysCacheGetAttr(NAMESPACENAME, tuple,
|
|
|
|
|
Anum_pg_namespace_nspacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
2003-10-31 21:00:49 +01:00
|
|
|
old_acl = acldefault(ACL_OBJECT_NAMESPACE, ownerId);
|
2002-04-21 02:26:44 +02:00
|
|
|
else
|
|
|
|
|
/* get a detoasted copy of the ACL */
|
|
|
|
|
old_acl = DatumGetAclPCopy(aclDatum);
|
|
|
|
|
|
|
|
|
|
new_acl = merge_acl_with_grant(old_acl, stmt->is_grant,
|
2003-10-05 23:49:12 +02:00
|
|
|
stmt->grant_option, stmt->behavior,
|
2004-06-01 23:49:23 +02:00
|
|
|
stmt->grantees, this_privileges,
|
2003-10-31 21:00:49 +01:00
|
|
|
grantorId, ownerId);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
/* finished building new ACL value, now insert it */
|
|
|
|
|
MemSet(values, 0, sizeof(values));
|
|
|
|
|
MemSet(nulls, ' ', sizeof(nulls));
|
|
|
|
|
MemSet(replaces, ' ', sizeof(replaces));
|
|
|
|
|
|
|
|
|
|
replaces[Anum_pg_namespace_nspacl - 1] = 'r';
|
|
|
|
|
values[Anum_pg_namespace_nspacl - 1] = PointerGetDatum(new_acl);
|
|
|
|
|
|
|
|
|
|
newtuple = heap_modifytuple(tuple, relation, values, nulls, replaces);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
simple_heap_update(relation, &newtuple->t_self, newtuple);
|
|
|
|
|
|
2002-08-05 05:29:17 +02:00
|
|
|
/* keep the catalog indexes up to date */
|
|
|
|
|
CatalogUpdateIndexes(relation, newtuple);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
pfree(new_acl);
|
|
|
|
|
|
|
|
|
|
heap_close(relation, RowExclusiveLock);
|
|
|
|
|
}
|
2002-02-19 00:11:58 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
static const char *
|
|
|
|
|
privilege_to_string(AclMode privilege)
|
|
|
|
|
{
|
|
|
|
|
switch (privilege)
|
|
|
|
|
{
|
|
|
|
|
case ACL_INSERT:
|
|
|
|
|
return "INSERT";
|
|
|
|
|
case ACL_SELECT:
|
|
|
|
|
return "SELECT";
|
|
|
|
|
case ACL_UPDATE:
|
|
|
|
|
return "UPDATE";
|
|
|
|
|
case ACL_DELETE:
|
|
|
|
|
return "DELETE";
|
|
|
|
|
case ACL_RULE:
|
|
|
|
|
return "RULE";
|
|
|
|
|
case ACL_REFERENCES:
|
|
|
|
|
return "REFERENCES";
|
|
|
|
|
case ACL_TRIGGER:
|
|
|
|
|
return "TRIGGER";
|
|
|
|
|
case ACL_EXECUTE:
|
|
|
|
|
return "EXECUTE";
|
|
|
|
|
case ACL_USAGE:
|
|
|
|
|
return "USAGE";
|
|
|
|
|
case ACL_CREATE:
|
|
|
|
|
return "CREATE";
|
|
|
|
|
case ACL_CREATE_TEMP:
|
|
|
|
|
return "TEMP";
|
|
|
|
|
default:
|
2003-07-21 03:59:11 +02:00
|
|
|
elog(ERROR, "unrecognized privilege: %d", (int) privilege);
|
2002-04-21 02:26:44 +02:00
|
|
|
}
|
|
|
|
|
return NULL; /* appease compiler */
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
AclId
|
|
|
|
|
get_grosysid(char *groname)
|
|
|
|
|
{
|
1998-08-19 04:04:17 +02:00
|
|
|
HeapTuple tuple;
|
1997-09-08 04:41:22 +02:00
|
|
|
AclId id = 0;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2000-11-16 23:30:52 +01:00
|
|
|
tuple = SearchSysCache(GRONAME,
|
|
|
|
|
PointerGetDatum(groname),
|
|
|
|
|
0, 0, 0);
|
1998-08-19 04:04:17 +02:00
|
|
|
if (HeapTupleIsValid(tuple))
|
2000-11-16 23:30:52 +01:00
|
|
|
{
|
1998-08-19 04:04:17 +02:00
|
|
|
id = ((Form_pg_group) GETSTRUCT(tuple))->grosysid;
|
2000-11-16 23:30:52 +01:00
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
else
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
|
errmsg("group \"%s\" does not exist", groname)));
|
1998-09-01 05:29:17 +02:00
|
|
|
return id;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2000-11-29 00:42:31 +01:00
|
|
|
/*
|
|
|
|
|
* Convert group ID to name, or return NULL if group can't be found
|
|
|
|
|
*/
|
1998-02-26 05:46:47 +01:00
|
|
|
char *
|
1996-07-09 08:22:35 +02:00
|
|
|
get_groname(AclId grosysid)
|
|
|
|
|
{
|
1998-08-19 04:04:17 +02:00
|
|
|
HeapTuple tuple;
|
1997-09-08 04:41:22 +02:00
|
|
|
char *name = NULL;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2000-11-16 23:30:52 +01:00
|
|
|
tuple = SearchSysCache(GROSYSID,
|
|
|
|
|
ObjectIdGetDatum(grosysid),
|
|
|
|
|
0, 0, 0);
|
1998-08-19 04:04:17 +02:00
|
|
|
if (HeapTupleIsValid(tuple))
|
2000-11-16 23:30:52 +01:00
|
|
|
{
|
|
|
|
|
name = pstrdup(NameStr(((Form_pg_group) GETSTRUCT(tuple))->groname));
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
}
|
1998-09-01 05:29:17 +02:00
|
|
|
return name;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2002-03-22 00:27:25 +01:00
|
|
|
|
2002-04-27 05:45:03 +02:00
|
|
|
/*
|
|
|
|
|
* Standardized reporting of aclcheck permissions failures.
|
2003-08-01 02:15:26 +02:00
|
|
|
*
|
|
|
|
|
* Note: we do not double-quote the %s's below, because many callers
|
|
|
|
|
* supply strings that might be already quoted.
|
2002-04-27 05:45:03 +02:00
|
|
|
*/
|
2003-08-01 02:15:26 +02:00
|
|
|
|
2003-08-04 02:43:34 +02:00
|
|
|
static const char *const no_priv_msg[MAX_ACL_KIND] =
|
2003-08-01 02:15:26 +02:00
|
|
|
{
|
|
|
|
|
/* ACL_KIND_CLASS */
|
|
|
|
|
gettext_noop("permission denied for relation %s"),
|
|
|
|
|
/* ACL_KIND_DATABASE */
|
|
|
|
|
gettext_noop("permission denied for database %s"),
|
|
|
|
|
/* ACL_KIND_PROC */
|
|
|
|
|
gettext_noop("permission denied for function %s"),
|
|
|
|
|
/* ACL_KIND_OPER */
|
|
|
|
|
gettext_noop("permission denied for operator %s"),
|
|
|
|
|
/* ACL_KIND_TYPE */
|
|
|
|
|
gettext_noop("permission denied for type %s"),
|
|
|
|
|
/* ACL_KIND_LANGUAGE */
|
|
|
|
|
gettext_noop("permission denied for language %s"),
|
|
|
|
|
/* ACL_KIND_NAMESPACE */
|
|
|
|
|
gettext_noop("permission denied for schema %s"),
|
|
|
|
|
/* ACL_KIND_OPCLASS */
|
|
|
|
|
gettext_noop("permission denied for operator class %s"),
|
|
|
|
|
/* ACL_KIND_CONVERSION */
|
|
|
|
|
gettext_noop("permission denied for conversion %s")
|
|
|
|
|
};
|
|
|
|
|
|
2003-08-04 02:43:34 +02:00
|
|
|
static const char *const not_owner_msg[MAX_ACL_KIND] =
|
2003-08-01 02:15:26 +02:00
|
|
|
{
|
|
|
|
|
/* ACL_KIND_CLASS */
|
|
|
|
|
gettext_noop("must be owner of relation %s"),
|
|
|
|
|
/* ACL_KIND_DATABASE */
|
|
|
|
|
gettext_noop("must be owner of database %s"),
|
|
|
|
|
/* ACL_KIND_PROC */
|
|
|
|
|
gettext_noop("must be owner of function %s"),
|
|
|
|
|
/* ACL_KIND_OPER */
|
|
|
|
|
gettext_noop("must be owner of operator %s"),
|
|
|
|
|
/* ACL_KIND_TYPE */
|
|
|
|
|
gettext_noop("must be owner of type %s"),
|
|
|
|
|
/* ACL_KIND_LANGUAGE */
|
|
|
|
|
gettext_noop("must be owner of language %s"),
|
|
|
|
|
/* ACL_KIND_NAMESPACE */
|
|
|
|
|
gettext_noop("must be owner of schema %s"),
|
|
|
|
|
/* ACL_KIND_OPCLASS */
|
|
|
|
|
gettext_noop("must be owner of operator class %s"),
|
|
|
|
|
/* ACL_KIND_CONVERSION */
|
|
|
|
|
gettext_noop("must be owner of conversion %s")
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2002-04-27 05:45:03 +02:00
|
|
|
void
|
2003-08-01 02:15:26 +02:00
|
|
|
aclcheck_error(AclResult aclerr, AclObjectKind objectkind,
|
|
|
|
|
const char *objectname)
|
2002-04-27 05:45:03 +02:00
|
|
|
{
|
2003-07-21 03:59:11 +02:00
|
|
|
switch (aclerr)
|
2002-04-27 05:45:03 +02:00
|
|
|
{
|
|
|
|
|
case ACLCHECK_OK:
|
|
|
|
|
/* no error, so return to caller */
|
|
|
|
|
break;
|
|
|
|
|
case ACLCHECK_NO_PRIV:
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2003-08-01 02:15:26 +02:00
|
|
|
errmsg(no_priv_msg[objectkind], objectname)));
|
2002-04-27 05:45:03 +02:00
|
|
|
break;
|
|
|
|
|
case ACLCHECK_NOT_OWNER:
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2003-08-01 02:15:26 +02:00
|
|
|
errmsg(not_owner_msg[objectkind], objectname)));
|
2002-04-27 05:45:03 +02:00
|
|
|
break;
|
|
|
|
|
default:
|
2003-07-21 03:59:11 +02:00
|
|
|
elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
|
2002-04-27 05:45:03 +02:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2001-06-05 21:34:56 +02:00
|
|
|
/*
|
2004-05-11 19:36:13 +02:00
|
|
|
* Exported routine for examining a user's privileges for a table
|
|
|
|
|
*
|
|
|
|
|
* See aclmask() for a description of the API.
|
2003-07-21 03:59:11 +02:00
|
|
|
*
|
|
|
|
|
* Note: we give lookup failure the full ereport treatment because the
|
|
|
|
|
* has_table_privilege() family of functions allow users to pass
|
|
|
|
|
* any random OID to this function. Likewise for the sibling functions
|
|
|
|
|
* below.
|
2001-06-05 21:34:56 +02:00
|
|
|
*/
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode
|
|
|
|
|
pg_class_aclmask(Oid table_oid, AclId userid,
|
|
|
|
|
AclMode mask, AclMaskHow how)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode result;
|
2002-03-22 00:27:25 +01:00
|
|
|
bool usesuper,
|
|
|
|
|
usecatupd;
|
2000-10-02 06:49:28 +02:00
|
|
|
HeapTuple tuple;
|
2004-01-14 04:44:53 +01:00
|
|
|
Form_pg_class classForm;
|
2000-10-02 06:49:28 +02:00
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *acl;
|
2004-06-01 23:49:23 +02:00
|
|
|
AclId ownerId;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2001-06-05 21:34:56 +02:00
|
|
|
/*
|
2002-04-11 22:00:18 +02:00
|
|
|
* Validate userid, find out if he is superuser, also get usecatupd
|
2001-06-05 21:34:56 +02:00
|
|
|
*/
|
2000-11-16 23:30:52 +01:00
|
|
|
tuple = SearchSysCache(SHADOWSYSID,
|
|
|
|
|
ObjectIdGetDatum(userid),
|
|
|
|
|
0, 0, 0);
|
1998-08-19 04:04:17 +02:00
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
|
errmsg("user with ID %u does not exist", userid)));
|
2000-09-06 16:15:31 +02:00
|
|
|
|
2002-03-22 00:27:25 +01:00
|
|
|
usecatupd = ((Form_pg_shadow) GETSTRUCT(tuple))->usecatupd;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
2002-04-11 07:32:03 +02:00
|
|
|
usesuper = superuser_arg(userid);
|
|
|
|
|
|
2002-03-22 00:27:25 +01:00
|
|
|
/*
|
|
|
|
|
* Now get the relation's tuple from pg_class
|
|
|
|
|
*/
|
|
|
|
|
tuple = SearchSysCache(RELOID,
|
|
|
|
|
ObjectIdGetDatum(table_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_TABLE),
|
2004-05-11 19:36:13 +02:00
|
|
|
errmsg("relation with OID %u does not exist",
|
|
|
|
|
table_oid)));
|
2004-01-14 04:44:53 +01:00
|
|
|
classForm = (Form_pg_class) GETSTRUCT(tuple);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Deny anyone permission to update a system catalog unless
|
1998-02-26 05:46:47 +01:00
|
|
|
* pg_shadow.usecatupd is set. (This is to let superusers protect
|
2004-01-14 04:44:53 +01:00
|
|
|
* themselves from themselves.) Also allow it if allowSystemTableMods.
|
|
|
|
|
*
|
|
|
|
|
* As of 7.4 we have some updatable system views; those shouldn't
|
|
|
|
|
* be protected in this way. Assume the view rules can take care
|
|
|
|
|
* of themselves.
|
1997-09-07 07:04:48 +02:00
|
|
|
*/
|
2004-05-11 19:36:13 +02:00
|
|
|
if ((mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE)) &&
|
2004-01-14 04:44:53 +01:00
|
|
|
IsSystemClass(classForm) &&
|
|
|
|
|
classForm->relkind != RELKIND_VIEW &&
|
|
|
|
|
!usecatupd &&
|
|
|
|
|
!allowSystemTableMods)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2001-06-05 21:34:56 +02:00
|
|
|
#ifdef ACLDEBUG
|
2003-07-21 03:59:11 +02:00
|
|
|
elog(DEBUG2, "permission denied for system catalog update");
|
2001-06-05 21:34:56 +02:00
|
|
|
#endif
|
2004-05-11 19:36:13 +02:00
|
|
|
mask &= ~(ACL_INSERT | ACL_UPDATE | ACL_DELETE);
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Otherwise, superusers bypass all permission-checking.
|
|
|
|
|
*/
|
2002-03-22 00:27:25 +01:00
|
|
|
if (usesuper)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2001-05-27 11:59:30 +02:00
|
|
|
#ifdef ACLDEBUG
|
2003-07-21 03:59:11 +02:00
|
|
|
elog(DEBUG2, "%u is superuser, home free", userid);
|
1996-07-09 08:22:35 +02:00
|
|
|
#endif
|
2000-11-16 23:30:52 +01:00
|
|
|
ReleaseSysCache(tuple);
|
2004-05-11 19:36:13 +02:00
|
|
|
return mask;
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2000-10-02 06:49:28 +02:00
|
|
|
/*
|
|
|
|
|
* Normal case: get the relation's ACL from pg_class
|
|
|
|
|
*/
|
2004-06-01 23:49:23 +02:00
|
|
|
ownerId = classForm->relowner;
|
|
|
|
|
|
2002-03-22 00:27:25 +01:00
|
|
|
aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
|
2000-10-02 06:49:28 +02:00
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
{
|
2003-10-31 21:00:49 +01:00
|
|
|
/* No ACL, so build default ACL */
|
2002-04-21 02:26:44 +02:00
|
|
|
acl = acldefault(ACL_OBJECT_RELATION, ownerId);
|
2001-06-05 21:34:56 +02:00
|
|
|
aclDatum = (Datum) 0;
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
2000-10-02 06:49:28 +02:00
|
|
|
else
|
1999-09-18 21:08:25 +02:00
|
|
|
{
|
2001-06-05 21:34:56 +02:00
|
|
|
/* detoast rel's ACL if necessary */
|
|
|
|
|
acl = DatumGetAclP(aclDatum);
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
2000-10-02 06:49:28 +02:00
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
result = aclmask(acl, userid, ownerId, mask, how);
|
2000-11-16 23:30:52 +01:00
|
|
|
|
2001-06-05 21:34:56 +02:00
|
|
|
/* if we have a detoasted copy, free it */
|
|
|
|
|
if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
|
1997-09-07 07:04:48 +02:00
|
|
|
pfree(acl);
|
2001-06-05 21:34:56 +02:00
|
|
|
|
2000-11-16 23:30:52 +01:00
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
1998-09-01 05:29:17 +02:00
|
|
|
return result;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
/*
|
2004-05-11 19:36:13 +02:00
|
|
|
* Exported routine for examining a user's privileges for a database
|
2002-04-21 02:26:44 +02:00
|
|
|
*/
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode
|
|
|
|
|
pg_database_aclmask(Oid db_oid, AclId userid,
|
|
|
|
|
AclMode mask, AclMaskHow how)
|
2002-04-21 02:26:44 +02:00
|
|
|
{
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode result;
|
2002-04-21 02:26:44 +02:00
|
|
|
Relation pg_database;
|
|
|
|
|
ScanKeyData entry[1];
|
|
|
|
|
HeapScanDesc scan;
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *acl;
|
2004-06-01 23:49:23 +02:00
|
|
|
AclId ownerId;
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(userid))
|
2004-05-11 19:36:13 +02:00
|
|
|
return mask;
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get the database's ACL from pg_database
|
|
|
|
|
*
|
|
|
|
|
* There's no syscache for pg_database, so must look the hard way
|
|
|
|
|
*/
|
|
|
|
|
pg_database = heap_openr(DatabaseRelationName, AccessShareLock);
|
2003-11-12 22:15:59 +01:00
|
|
|
ScanKeyInit(&entry[0],
|
|
|
|
|
ObjectIdAttributeNumber,
|
|
|
|
|
BTEqualStrategyNumber, F_OIDEQ,
|
|
|
|
|
ObjectIdGetDatum(db_oid));
|
2002-05-21 01:51:44 +02:00
|
|
|
scan = heap_beginscan(pg_database, SnapshotNow, 1, entry);
|
|
|
|
|
tuple = heap_getnext(scan, ForwardScanDirection);
|
2002-04-21 02:26:44 +02:00
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_DATABASE),
|
|
|
|
|
errmsg("database with OID %u does not exist", db_oid)));
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
ownerId = ((Form_pg_database) GETSTRUCT(tuple))->datdba;
|
|
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
aclDatum = heap_getattr(tuple, Anum_pg_database_datacl,
|
|
|
|
|
RelationGetDescr(pg_database), &isNull);
|
|
|
|
|
|
|
|
|
|
if (isNull)
|
|
|
|
|
{
|
|
|
|
|
/* No ACL, so build default ACL */
|
|
|
|
|
acl = acldefault(ACL_OBJECT_DATABASE, ownerId);
|
|
|
|
|
aclDatum = (Datum) 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* detoast ACL if necessary */
|
|
|
|
|
acl = DatumGetAclP(aclDatum);
|
|
|
|
|
}
|
|
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
result = aclmask(acl, userid, ownerId, mask, how);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
/* if we have a detoasted copy, free it */
|
|
|
|
|
if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
|
|
|
|
|
pfree(acl);
|
|
|
|
|
|
|
|
|
|
heap_endscan(scan);
|
|
|
|
|
heap_close(pg_database, AccessShareLock);
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
/*
|
2004-05-11 19:36:13 +02:00
|
|
|
* Exported routine for examining a user's privileges for a function
|
2002-02-19 00:11:58 +01:00
|
|
|
*/
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode
|
|
|
|
|
pg_proc_aclmask(Oid proc_oid, AclId userid,
|
|
|
|
|
AclMode mask, AclMaskHow how)
|
2002-02-19 00:11:58 +01:00
|
|
|
{
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode result;
|
2002-02-19 00:11:58 +01:00
|
|
|
HeapTuple tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *acl;
|
2004-06-01 23:49:23 +02:00
|
|
|
AclId ownerId;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2002-03-22 00:27:25 +01:00
|
|
|
/* Superusers bypass all permission checking. */
|
2002-02-19 00:11:58 +01:00
|
|
|
if (superuser_arg(userid))
|
2004-05-11 19:36:13 +02:00
|
|
|
return mask;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
/*
|
2002-03-22 00:27:25 +01:00
|
|
|
* Get the function's ACL from pg_proc
|
2002-02-19 00:11:58 +01:00
|
|
|
*/
|
|
|
|
|
tuple = SearchSysCache(PROCOID,
|
|
|
|
|
ObjectIdGetDatum(proc_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_FUNCTION),
|
2003-08-04 02:43:34 +02:00
|
|
|
errmsg("function with OID %u does not exist", proc_oid)));
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
ownerId = ((Form_pg_proc) GETSTRUCT(tuple))->proowner;
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
aclDatum = SysCacheGetAttr(PROCOID, tuple, Anum_pg_proc_proacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
{
|
|
|
|
|
/* No ACL, so build default ACL */
|
2002-04-21 02:26:44 +02:00
|
|
|
acl = acldefault(ACL_OBJECT_FUNCTION, ownerId);
|
2002-02-19 00:11:58 +01:00
|
|
|
aclDatum = (Datum) 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* detoast ACL if necessary */
|
|
|
|
|
acl = DatumGetAclP(aclDatum);
|
|
|
|
|
}
|
|
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
result = aclmask(acl, userid, ownerId, mask, how);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
/* if we have a detoasted copy, free it */
|
|
|
|
|
if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
|
|
|
|
|
pfree(acl);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2004-05-11 19:36:13 +02:00
|
|
|
* Exported routine for examining a user's privileges for a language
|
2002-02-19 00:11:58 +01:00
|
|
|
*/
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode
|
|
|
|
|
pg_language_aclmask(Oid lang_oid, AclId userid,
|
|
|
|
|
AclMode mask, AclMaskHow how)
|
2002-02-19 00:11:58 +01:00
|
|
|
{
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode result;
|
2002-02-19 00:11:58 +01:00
|
|
|
HeapTuple tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *acl;
|
2004-06-01 23:49:23 +02:00
|
|
|
AclId ownerId;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2002-03-22 00:27:25 +01:00
|
|
|
/* Superusers bypass all permission checking. */
|
2002-02-19 00:11:58 +01:00
|
|
|
if (superuser_arg(userid))
|
2004-05-11 19:36:13 +02:00
|
|
|
return mask;
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
/*
|
2003-07-21 03:59:11 +02:00
|
|
|
* Get the language's ACL from pg_language
|
2002-02-19 00:11:58 +01:00
|
|
|
*/
|
|
|
|
|
tuple = SearchSysCache(LANGOID,
|
|
|
|
|
ObjectIdGetDatum(lang_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
2003-08-04 02:43:34 +02:00
|
|
|
errmsg("language with OID %u does not exist", lang_oid)));
|
2002-02-19 00:11:58 +01:00
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
/* XXX pg_language should have an owner column, but doesn't */
|
|
|
|
|
ownerId = BOOTSTRAP_USESYSID;
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
aclDatum = SysCacheGetAttr(LANGOID, tuple, Anum_pg_language_lanacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
{
|
|
|
|
|
/* No ACL, so build default ACL */
|
2004-06-01 23:49:23 +02:00
|
|
|
acl = acldefault(ACL_OBJECT_LANGUAGE, ownerId);
|
2002-02-19 00:11:58 +01:00
|
|
|
aclDatum = (Datum) 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* detoast ACL if necessary */
|
|
|
|
|
acl = DatumGetAclP(aclDatum);
|
|
|
|
|
}
|
|
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
result = aclmask(acl, userid, ownerId, mask, how);
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
/* if we have a detoasted copy, free it */
|
|
|
|
|
if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
|
|
|
|
|
pfree(acl);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2004-05-11 19:36:13 +02:00
|
|
|
* Exported routine for examining a user's privileges for a namespace
|
2002-04-21 02:26:44 +02:00
|
|
|
*/
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode
|
|
|
|
|
pg_namespace_aclmask(Oid nsp_oid, AclId userid,
|
|
|
|
|
AclMode mask, AclMaskHow how)
|
2002-04-21 02:26:44 +02:00
|
|
|
{
|
2004-05-11 19:36:13 +02:00
|
|
|
AclMode result;
|
2002-04-21 02:26:44 +02:00
|
|
|
HeapTuple tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *acl;
|
2004-06-01 23:49:23 +02:00
|
|
|
AclId ownerId;
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(userid))
|
2004-05-11 19:36:13 +02:00
|
|
|
return mask;
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2004-05-26 20:35:51 +02:00
|
|
|
/*
|
2004-05-28 18:17:14 +02:00
|
|
|
* If we have been assigned this namespace as a temp namespace,
|
|
|
|
|
* check to make sure we have CREATE TEMP permission on the database,
|
|
|
|
|
* and if so act as though we have all standard (but not GRANT OPTION)
|
|
|
|
|
* permissions on the namespace. If we don't have CREATE TEMP, act as
|
|
|
|
|
* though we have only USAGE (and not CREATE) rights.
|
2004-05-26 20:35:51 +02:00
|
|
|
*
|
2004-05-28 18:17:14 +02:00
|
|
|
* This may seem redundant given the check in InitTempTableNamespace,
|
|
|
|
|
* but it really isn't since current user ID may have changed since then.
|
2004-05-28 18:37:11 +02:00
|
|
|
* The upshot of this behavior is that a SECURITY DEFINER function can
|
2004-05-28 18:17:14 +02:00
|
|
|
* create temp tables that can then be accessed (if permission is granted)
|
2004-05-28 18:37:11 +02:00
|
|
|
* by code in the same session that doesn't have permissions to create
|
|
|
|
|
* temp tables.
|
2004-05-28 18:17:14 +02:00
|
|
|
*
|
|
|
|
|
* XXX Would it be safe to ereport a special error message as
|
|
|
|
|
* InitTempTableNamespace does? Returning zero here means we'll get a
|
|
|
|
|
* generic "permission denied for schema pg_temp_N" message, which is not
|
|
|
|
|
* remarkably user-friendly.
|
2004-05-26 20:35:51 +02:00
|
|
|
*/
|
2004-05-28 18:17:14 +02:00
|
|
|
if (isTempNamespace(nsp_oid))
|
|
|
|
|
{
|
|
|
|
|
if (pg_database_aclcheck(MyDatabaseId, GetUserId(),
|
|
|
|
|
ACL_CREATE_TEMP) == ACLCHECK_OK)
|
|
|
|
|
return mask & ACL_ALL_RIGHTS_NAMESPACE;
|
|
|
|
|
else
|
|
|
|
|
return mask & ACL_USAGE;
|
2004-05-26 20:35:51 +02:00
|
|
|
}
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
/*
|
2003-07-21 03:59:11 +02:00
|
|
|
* Get the schema's ACL from pg_namespace
|
2002-02-19 00:11:58 +01:00
|
|
|
*/
|
2002-04-21 02:26:44 +02:00
|
|
|
tuple = SearchSysCache(NAMESPACEOID,
|
|
|
|
|
ObjectIdGetDatum(nsp_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_SCHEMA),
|
|
|
|
|
errmsg("schema with OID %u does not exist", nsp_oid)));
|
2002-04-21 02:26:44 +02:00
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
ownerId = ((Form_pg_namespace) GETSTRUCT(tuple))->nspowner;
|
|
|
|
|
|
2002-04-21 02:26:44 +02:00
|
|
|
aclDatum = SysCacheGetAttr(NAMESPACEOID, tuple, Anum_pg_namespace_nspacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
{
|
|
|
|
|
/* No ACL, so build default ACL */
|
|
|
|
|
acl = acldefault(ACL_OBJECT_NAMESPACE, ownerId);
|
|
|
|
|
aclDatum = (Datum) 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* detoast ACL if necessary */
|
|
|
|
|
acl = DatumGetAclP(aclDatum);
|
|
|
|
|
}
|
|
|
|
|
|
2004-06-01 23:49:23 +02:00
|
|
|
result = aclmask(acl, userid, ownerId, mask, how);
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
/* if we have a detoasted copy, free it */
|
|
|
|
|
if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
|
|
|
|
|
pfree(acl);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
2002-03-22 00:27:25 +01:00
|
|
|
|
|
|
|
|
|
2004-05-11 19:36:13 +02:00
|
|
|
/*
|
|
|
|
|
* Exported routine for checking a user's access privileges to a table
|
|
|
|
|
*
|
|
|
|
|
* Returns ACLCHECK_OK if the user has any of the privileges identified by
|
|
|
|
|
* 'mode'; otherwise returns a suitable error code (in practice, always
|
|
|
|
|
* ACLCHECK_NO_PRIV).
|
|
|
|
|
*/
|
|
|
|
|
AclResult
|
|
|
|
|
pg_class_aclcheck(Oid table_oid, AclId userid, AclMode mode)
|
|
|
|
|
{
|
|
|
|
|
if (pg_class_aclmask(table_oid, userid, mode, ACLMASK_ANY) != 0)
|
|
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
else
|
|
|
|
|
return ACLCHECK_NO_PRIV;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Exported routine for checking a user's access privileges to a database
|
|
|
|
|
*/
|
|
|
|
|
AclResult
|
|
|
|
|
pg_database_aclcheck(Oid db_oid, AclId userid, AclMode mode)
|
|
|
|
|
{
|
|
|
|
|
if (pg_database_aclmask(db_oid, userid, mode, ACLMASK_ANY) != 0)
|
|
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
else
|
|
|
|
|
return ACLCHECK_NO_PRIV;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Exported routine for checking a user's access privileges to a function
|
|
|
|
|
*/
|
|
|
|
|
AclResult
|
|
|
|
|
pg_proc_aclcheck(Oid proc_oid, AclId userid, AclMode mode)
|
|
|
|
|
{
|
|
|
|
|
if (pg_proc_aclmask(proc_oid, userid, mode, ACLMASK_ANY) != 0)
|
|
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
else
|
|
|
|
|
return ACLCHECK_NO_PRIV;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Exported routine for checking a user's access privileges to a language
|
|
|
|
|
*/
|
|
|
|
|
AclResult
|
|
|
|
|
pg_language_aclcheck(Oid lang_oid, AclId userid, AclMode mode)
|
|
|
|
|
{
|
|
|
|
|
if (pg_language_aclmask(lang_oid, userid, mode, ACLMASK_ANY) != 0)
|
|
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
else
|
|
|
|
|
return ACLCHECK_NO_PRIV;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Exported routine for checking a user's access privileges to a namespace
|
|
|
|
|
*/
|
|
|
|
|
AclResult
|
|
|
|
|
pg_namespace_aclcheck(Oid nsp_oid, AclId userid, AclMode mode)
|
|
|
|
|
{
|
|
|
|
|
if (pg_namespace_aclmask(nsp_oid, userid, mode, ACLMASK_ANY) != 0)
|
|
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
else
|
|
|
|
|
return ACLCHECK_NO_PRIV;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2002-03-22 00:27:25 +01:00
|
|
|
/*
|
|
|
|
|
* Ownership check for a relation (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
2002-12-04 06:18:38 +01:00
|
|
|
pg_class_ownercheck(Oid class_oid, AclId userid)
|
2002-03-22 00:27:25 +01:00
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
AclId owner_id;
|
|
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(userid))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(RELOID,
|
|
|
|
|
ObjectIdGetDatum(class_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_TABLE),
|
2003-08-04 02:43:34 +02:00
|
|
|
errmsg("relation with OID %u does not exist", class_oid)));
|
2002-03-22 00:27:25 +01:00
|
|
|
|
|
|
|
|
owner_id = ((Form_pg_class) GETSTRUCT(tuple))->relowner;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return userid == owner_id;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ownership check for a type (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
2002-12-04 06:18:38 +01:00
|
|
|
pg_type_ownercheck(Oid type_oid, AclId userid)
|
2002-03-22 00:27:25 +01:00
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
AclId owner_id;
|
|
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(userid))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(TYPEOID,
|
|
|
|
|
ObjectIdGetDatum(type_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
|
errmsg("type with OID %u does not exist", type_oid)));
|
2002-03-22 00:27:25 +01:00
|
|
|
|
|
|
|
|
owner_id = ((Form_pg_type) GETSTRUCT(tuple))->typowner;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return userid == owner_id;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ownership check for an operator (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
2002-12-04 06:18:38 +01:00
|
|
|
pg_oper_ownercheck(Oid oper_oid, AclId userid)
|
2002-03-22 00:27:25 +01:00
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
AclId owner_id;
|
|
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(userid))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(OPEROID,
|
|
|
|
|
ObjectIdGetDatum(oper_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_FUNCTION),
|
2003-08-04 02:43:34 +02:00
|
|
|
errmsg("operator with OID %u does not exist", oper_oid)));
|
2002-03-22 00:27:25 +01:00
|
|
|
|
|
|
|
|
owner_id = ((Form_pg_operator) GETSTRUCT(tuple))->oprowner;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return userid == owner_id;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ownership check for a function (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
2002-12-04 06:18:38 +01:00
|
|
|
pg_proc_ownercheck(Oid proc_oid, AclId userid)
|
2002-03-22 00:27:25 +01:00
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
AclId owner_id;
|
|
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(userid))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(PROCOID,
|
|
|
|
|
ObjectIdGetDatum(proc_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_FUNCTION),
|
2003-08-04 02:43:34 +02:00
|
|
|
errmsg("function with OID %u does not exist", proc_oid)));
|
2002-03-22 00:27:25 +01:00
|
|
|
|
|
|
|
|
owner_id = ((Form_pg_proc) GETSTRUCT(tuple))->proowner;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return userid == owner_id;
|
|
|
|
|
}
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ownership check for a namespace (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
2002-12-04 06:18:38 +01:00
|
|
|
pg_namespace_ownercheck(Oid nsp_oid, AclId userid)
|
2002-04-21 02:26:44 +02:00
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
AclId owner_id;
|
|
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(userid))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(NAMESPACEOID,
|
|
|
|
|
ObjectIdGetDatum(nsp_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_SCHEMA),
|
|
|
|
|
errmsg("schema with OID %u does not exist", nsp_oid)));
|
2002-04-21 02:26:44 +02:00
|
|
|
|
|
|
|
|
owner_id = ((Form_pg_namespace) GETSTRUCT(tuple))->nspowner;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return userid == owner_id;
|
|
|
|
|
}
|
2002-07-30 00:14:11 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ownership check for an operator class (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
2002-12-04 06:18:38 +01:00
|
|
|
pg_opclass_ownercheck(Oid opc_oid, AclId userid)
|
2002-07-30 00:14:11 +02:00
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
AclId owner_id;
|
|
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(userid))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(CLAOID,
|
|
|
|
|
ObjectIdGetDatum(opc_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
|
errmsg("operator class with OID %u does not exist",
|
|
|
|
|
opc_oid)));
|
2002-07-30 00:14:11 +02:00
|
|
|
|
|
|
|
|
owner_id = ((Form_pg_opclass) GETSTRUCT(tuple))->opcowner;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return userid == owner_id;
|
|
|
|
|
}
|
2003-06-27 16:45:32 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ownership check for database (specified as OID)
|
|
|
|
|
*/
|
|
|
|
|
bool
|
|
|
|
|
pg_database_ownercheck(Oid db_oid, AclId userid)
|
|
|
|
|
{
|
|
|
|
|
Relation pg_database;
|
|
|
|
|
ScanKeyData entry[1];
|
|
|
|
|
HeapScanDesc scan;
|
|
|
|
|
HeapTuple dbtuple;
|
|
|
|
|
int32 dba;
|
|
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(userid))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
/* There's no syscache for pg_database, so must look the hard way */
|
|
|
|
|
pg_database = heap_openr(DatabaseRelationName, AccessShareLock);
|
2003-11-12 22:15:59 +01:00
|
|
|
ScanKeyInit(&entry[0],
|
|
|
|
|
ObjectIdAttributeNumber,
|
|
|
|
|
BTEqualStrategyNumber, F_OIDEQ,
|
|
|
|
|
ObjectIdGetDatum(db_oid));
|
2003-06-27 16:45:32 +02:00
|
|
|
scan = heap_beginscan(pg_database, SnapshotNow, 1, entry);
|
|
|
|
|
|
|
|
|
|
dbtuple = heap_getnext(scan, ForwardScanDirection);
|
|
|
|
|
|
|
|
|
|
if (!HeapTupleIsValid(dbtuple))
|
2003-07-21 03:59:11 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_DATABASE),
|
|
|
|
|
errmsg("database with OID %u does not exist", db_oid)));
|
2003-06-27 16:45:32 +02:00
|
|
|
|
|
|
|
|
dba = ((Form_pg_database) GETSTRUCT(dbtuple))->datdba;
|
|
|
|
|
|
|
|
|
|
heap_endscan(scan);
|
|
|
|
|
heap_close(pg_database, AccessShareLock);
|
|
|
|
|
|
|
|
|
|
return userid == dba;
|
|
|
|
|
}
|
2003-11-21 23:32:49 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ownership check for a conversion (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
|
|
|
|
pg_conversion_ownercheck(Oid conv_oid, AclId userid)
|
|
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
AclId owner_id;
|
|
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(userid))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(CONOID,
|
|
|
|
|
ObjectIdGetDatum(conv_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
|
errmsg("conversion with OID %u does not exist", conv_oid)));
|
|
|
|
|
|
|
|
|
|
owner_id = ((Form_pg_conversion) GETSTRUCT(tuple))->conowner;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return userid == owner_id;
|
|
|
|
|
}
|
