2002-08-27 20:57:26 +02:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
*
|
|
|
|
* Utility routines for SQL dumping
|
2016-03-24 20:55:44 +01:00
|
|
|
*
|
|
|
|
* Basically this is stuff that is useful in both pg_dump and pg_dumpall.
|
2003-05-31 00:55:16 +02:00
|
|
|
*
|
2002-08-27 20:57:26 +02:00
|
|
|
*
|
2016-01-02 19:33:40 +01:00
|
|
|
* Portions Copyright (c) 1996-2016, PostgreSQL Global Development Group
|
2002-08-27 20:57:26 +02:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
|
|
|
*
|
2010-09-20 22:08:53 +02:00
|
|
|
* src/bin/pg_dump/dumputils.c
|
2002-08-27 20:57:26 +02:00
|
|
|
*
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
*/
|
|
|
|
#include "postgres_fe.h"
|
|
|
|
|
|
|
|
#include "dumputils.h"
|
2016-03-24 20:55:44 +01:00
|
|
|
#include "fe_utils/string_utils.h"
|
2002-08-27 20:57:26 +02:00
|
|
|
|
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
static bool parseAclItem(const char *item, const char *type,
|
|
|
|
const char *name, const char *subname, int remoteVersion,
|
|
|
|
PQExpBuffer grantee, PQExpBuffer grantor,
|
2003-08-04 02:43:34 +02:00
|
|
|
PQExpBuffer privs, PQExpBuffer privswgo);
|
2003-07-31 19:21:57 +02:00
|
|
|
static char *copyAclUserName(PQExpBuffer output, char *input);
|
2009-01-22 21:16:10 +01:00
|
|
|
static void AddAcl(PQExpBuffer aclbuf, const char *keyword,
|
2009-06-11 16:49:15 +02:00
|
|
|
const char *subname);
|
2004-01-07 01:44:21 +01:00
|
|
|
|
|
|
|
|
2003-05-31 00:55:16 +02:00
|
|
|
/*
|
|
|
|
* Build GRANT/REVOKE command(s) for an object.
|
|
|
|
*
|
|
|
|
* name: the object name, in the form to use in the commands (already quoted)
|
2009-01-22 21:16:10 +01:00
|
|
|
* subname: the sub-object name, if any (already quoted); NULL if none
|
2003-05-31 00:55:16 +02:00
|
|
|
* type: the object type (as seen in GRANT command: must be one of
|
2010-02-18 02:29:10 +01:00
|
|
|
* TABLE, SEQUENCE, FUNCTION, LANGUAGE, SCHEMA, DATABASE, TABLESPACE,
|
|
|
|
* FOREIGN DATA WRAPPER, SERVER, or LARGE OBJECT)
|
2003-05-31 00:55:16 +02:00
|
|
|
* acls: the ACL string fetched from the database
|
2016-04-07 03:45:32 +02:00
|
|
|
* racls: the ACL string of any initial-but-now-revoked privileges
|
2005-12-03 22:06:18 +01:00
|
|
|
* owner: username of object owner (will be passed through fmtId); can be
|
|
|
|
* NULL or empty string to indicate "no owner known"
|
2009-10-05 21:24:49 +02:00
|
|
|
* prefix: string to prefix to each generated command; typically empty
|
2003-05-31 00:55:16 +02:00
|
|
|
* remoteVersion: version of database
|
|
|
|
*
|
|
|
|
* Returns TRUE if okay, FALSE if could not parse the acl string.
|
|
|
|
* The resulting commands (if any) are appended to the contents of 'sql'.
|
|
|
|
*
|
2009-10-05 21:24:49 +02:00
|
|
|
* Note: when processing a default ACL, prefix is "ALTER DEFAULT PRIVILEGES "
|
|
|
|
* or something similar, and name is an empty string.
|
|
|
|
*
|
2009-01-22 21:16:10 +01:00
|
|
|
* Note: beware of passing a fmtId() result directly as 'name' or 'subname',
|
|
|
|
* since this routine uses fmtId() internally.
|
2003-05-31 00:55:16 +02:00
|
|
|
*/
|
|
|
|
bool
|
2009-01-22 21:16:10 +01:00
|
|
|
buildACLCommands(const char *name, const char *subname,
|
2016-04-07 03:45:32 +02:00
|
|
|
const char *type, const char *acls, const char *racls,
|
|
|
|
const char *owner, const char *prefix, int remoteVersion,
|
2003-05-31 00:55:16 +02:00
|
|
|
PQExpBuffer sql)
|
|
|
|
{
|
2015-02-12 00:35:23 +01:00
|
|
|
bool ok = true;
|
2016-04-07 03:45:32 +02:00
|
|
|
char **aclitems = NULL;
|
|
|
|
char **raclitems = NULL;
|
|
|
|
int naclitems = 0;
|
|
|
|
int nraclitems = 0;
|
2003-07-31 19:21:57 +02:00
|
|
|
int i;
|
2003-08-04 02:43:34 +02:00
|
|
|
PQExpBuffer grantee,
|
|
|
|
grantor,
|
|
|
|
privs,
|
|
|
|
privswgo;
|
|
|
|
PQExpBuffer firstsql,
|
|
|
|
secondsql;
|
2003-05-31 00:55:16 +02:00
|
|
|
bool found_owner_privs = false;
|
|
|
|
|
2016-04-07 03:45:32 +02:00
|
|
|
if (strlen(acls) == 0 && strlen(racls) == 0)
|
2003-05-31 00:55:16 +02:00
|
|
|
return true; /* object has default permissions */
|
|
|
|
|
2005-12-03 22:06:18 +01:00
|
|
|
/* treat empty-string owner same as NULL */
|
|
|
|
if (owner && *owner == '\0')
|
|
|
|
owner = NULL;
|
|
|
|
|
2016-04-07 03:45:32 +02:00
|
|
|
if (strlen(acls) != 0)
|
2003-07-31 19:21:57 +02:00
|
|
|
{
|
2016-04-07 03:45:32 +02:00
|
|
|
if (!parsePGArray(acls, &aclitems, &naclitems))
|
|
|
|
{
|
|
|
|
if (aclitems)
|
|
|
|
free(aclitems);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (strlen(racls) != 0)
|
|
|
|
{
|
|
|
|
if (!parsePGArray(racls, &raclitems, &nraclitems))
|
|
|
|
{
|
|
|
|
if (raclitems)
|
|
|
|
free(raclitems);
|
|
|
|
return false;
|
|
|
|
}
|
2003-07-31 19:21:57 +02:00
|
|
|
}
|
|
|
|
|
2003-05-31 00:55:16 +02:00
|
|
|
grantee = createPQExpBuffer();
|
|
|
|
grantor = createPQExpBuffer();
|
|
|
|
privs = createPQExpBuffer();
|
|
|
|
privswgo = createPQExpBuffer();
|
2003-08-04 02:43:34 +02:00
|
|
|
|
2003-07-24 17:52:53 +02:00
|
|
|
/*
|
2016-04-07 03:45:32 +02:00
|
|
|
* At the end, these two will be pasted together to form the result.
|
|
|
|
*
|
|
|
|
* For older systems we use these to ensure that the owner privileges go
|
|
|
|
* before the other ones, as a GRANT could create the default entry for
|
|
|
|
* the object, which generally includes all rights for the owner. In more
|
|
|
|
* recent versions we normally handle this because the owner rights come
|
|
|
|
* first in the ACLs, but older versions might have them after the PUBLIC
|
|
|
|
* privileges.
|
|
|
|
*
|
|
|
|
* For 9.6 and later systems, much of this changes. With 9.6, we check
|
|
|
|
* the default privileges for the objects at dump time and create two sets
|
|
|
|
* of ACLs- "racls" which are the ACLs to REVOKE from the object (as the
|
|
|
|
* object may have initial privileges on it, along with any default ACLs
|
|
|
|
* which are not part of the current set of privileges), and regular
|
|
|
|
* "acls", which are the ACLs to GRANT to the object. We handle the
|
|
|
|
* REVOKEs first, followed by the GRANTs.
|
2003-07-24 17:52:53 +02:00
|
|
|
*/
|
|
|
|
firstsql = createPQExpBuffer();
|
|
|
|
secondsql = createPQExpBuffer();
|
2003-05-31 00:55:16 +02:00
|
|
|
|
|
|
|
/*
|
2016-04-07 03:45:32 +02:00
|
|
|
* For pre-9.6 systems, we always start with REVOKE ALL FROM PUBLIC, as we
|
|
|
|
* don't wish to make any assumptions about what the default ACLs are, and
|
|
|
|
* we do not collect them during the dump phase (and racls will always be
|
|
|
|
* the empty set, see above).
|
|
|
|
*
|
|
|
|
* For 9.6 and later, if any revoke ACLs have been provided, then include
|
|
|
|
* them in 'firstsql'.
|
|
|
|
*
|
|
|
|
* Revoke ACLs happen when an object starts out life with a set of
|
|
|
|
* privileges (eg: GRANT SELECT ON pg_class TO PUBLIC;) and the user has
|
|
|
|
* decided to revoke those rights. Since those objects come into being
|
|
|
|
* with those default privileges, we have to revoke them to match what the
|
|
|
|
* current state of affairs is. Note that we only started explicitly
|
|
|
|
* tracking such initial rights in 9.6, and prior to that all initial
|
|
|
|
* rights are actually handled by the simple 'REVOKE ALL .. FROM PUBLIC'
|
|
|
|
* case, for initdb-created objects. Prior to 9.6, we didn't handle
|
|
|
|
* extensions correctly, but we do now by tracking their initial
|
|
|
|
* privileges, in the same way we track initdb initial privileges, see
|
|
|
|
* pg_init_privs.
|
2003-05-31 00:55:16 +02:00
|
|
|
*/
|
2016-04-07 03:45:32 +02:00
|
|
|
if (remoteVersion < 90600)
|
|
|
|
{
|
|
|
|
Assert(nraclitems == 0);
|
|
|
|
|
|
|
|
appendPQExpBuffer(firstsql, "%sREVOKE ALL", prefix);
|
|
|
|
if (subname)
|
|
|
|
appendPQExpBuffer(firstsql, "(%s)", subname);
|
|
|
|
appendPQExpBuffer(firstsql, " ON %s %s FROM PUBLIC;\n", type, name);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* Scan individual REVOKE ACL items */
|
|
|
|
for (i = 0; i < nraclitems; i++)
|
|
|
|
{
|
|
|
|
if (!parseAclItem(raclitems[i], type, name, subname, remoteVersion,
|
|
|
|
grantee, grantor, privs, privswgo))
|
|
|
|
{
|
|
|
|
ok = false;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (privs->len > 0 || privswgo->len > 0)
|
|
|
|
{
|
|
|
|
if (privs->len > 0)
|
|
|
|
{
|
|
|
|
appendPQExpBuffer(firstsql, "%sREVOKE %s ON %s %s FROM ",
|
|
|
|
prefix, privs->data, type, name);
|
|
|
|
if (grantee->len == 0)
|
|
|
|
appendPQExpBufferStr(firstsql, "PUBLIC;\n");
|
|
|
|
else if (strncmp(grantee->data, "group ",
|
|
|
|
strlen("group ")) == 0)
|
|
|
|
appendPQExpBuffer(firstsql, "GROUP %s;\n",
|
|
|
|
fmtId(grantee->data + strlen("group ")));
|
|
|
|
else
|
|
|
|
appendPQExpBuffer(firstsql, "%s;\n",
|
|
|
|
fmtId(grantee->data));
|
|
|
|
}
|
|
|
|
if (privswgo->len > 0)
|
|
|
|
{
|
|
|
|
appendPQExpBuffer(firstsql,
|
|
|
|
"%sREVOKE GRANT OPTION FOR %s ON %s %s FROM ",
|
|
|
|
prefix, privswgo->data, type, name);
|
|
|
|
if (grantee->len == 0)
|
|
|
|
appendPQExpBufferStr(firstsql, "PUBLIC");
|
|
|
|
else if (strncmp(grantee->data, "group ",
|
|
|
|
strlen("group ")) == 0)
|
|
|
|
appendPQExpBuffer(firstsql, "GROUP %s",
|
|
|
|
fmtId(grantee->data + strlen("group ")));
|
|
|
|
else
|
|
|
|
appendPQExpBufferStr(firstsql, fmtId(grantee->data));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2003-05-31 00:55:16 +02:00
|
|
|
|
2007-01-04 18:49:37 +01:00
|
|
|
/*
|
|
|
|
* We still need some hacking though to cover the case where new default
|
|
|
|
* public privileges are added in new versions: the REVOKE ALL will revoke
|
|
|
|
* them, leading to behavior different from what the old version had,
|
2007-11-15 22:14:46 +01:00
|
|
|
* which is generally not what's wanted. So add back default privs if the
|
|
|
|
* source database is too old to have had that particular priv.
|
2007-01-04 18:49:37 +01:00
|
|
|
*/
|
|
|
|
if (remoteVersion < 80200 && strcmp(type, "DATABASE") == 0)
|
|
|
|
{
|
|
|
|
/* database CONNECT priv didn't exist before 8.2 */
|
2009-10-05 21:24:49 +02:00
|
|
|
appendPQExpBuffer(firstsql, "%sGRANT CONNECT ON %s %s TO PUBLIC;\n",
|
|
|
|
prefix, type, name);
|
2007-01-04 18:49:37 +01:00
|
|
|
}
|
|
|
|
|
2003-07-31 19:21:57 +02:00
|
|
|
/* Scan individual ACL items */
|
|
|
|
for (i = 0; i < naclitems; i++)
|
2003-05-31 00:55:16 +02:00
|
|
|
{
|
2009-01-22 21:16:10 +01:00
|
|
|
if (!parseAclItem(aclitems[i], type, name, subname, remoteVersion,
|
2003-05-31 00:55:16 +02:00
|
|
|
grantee, grantor, privs, privswgo))
|
2012-06-03 17:52:52 +02:00
|
|
|
{
|
2015-02-12 00:35:23 +01:00
|
|
|
ok = false;
|
|
|
|
break;
|
2012-06-03 17:52:52 +02:00
|
|
|
}
|
2003-05-31 00:55:16 +02:00
|
|
|
|
|
|
|
if (grantor->len == 0 && owner)
|
|
|
|
printfPQExpBuffer(grantor, "%s", owner);
|
|
|
|
|
|
|
|
if (privs->len > 0 || privswgo->len > 0)
|
|
|
|
{
|
2016-04-07 03:45:32 +02:00
|
|
|
/*
|
|
|
|
* Prior to 9.6, we had to handle owner privileges in a special
|
|
|
|
* manner by first REVOKE'ing the rights and then GRANT'ing them
|
|
|
|
* after. With 9.6 and above, what we need to REVOKE and what we
|
|
|
|
* need to GRANT is figured out when we dump and stashed into
|
2016-06-03 16:13:36 +02:00
|
|
|
* "racls" and "acls", respectively. See above.
|
2016-04-07 03:45:32 +02:00
|
|
|
*/
|
|
|
|
if (remoteVersion < 90600 && owner
|
2003-07-24 17:52:53 +02:00
|
|
|
&& strcmp(grantee->data, owner) == 0
|
|
|
|
&& strcmp(grantor->data, owner) == 0)
|
2003-05-31 00:55:16 +02:00
|
|
|
{
|
2003-07-24 17:52:53 +02:00
|
|
|
found_owner_privs = true;
|
2003-08-04 02:43:34 +02:00
|
|
|
|
2003-05-31 00:55:16 +02:00
|
|
|
/*
|
2003-08-04 02:43:34 +02:00
|
|
|
* For the owner, the default privilege level is ALL WITH
|
2016-10-12 18:19:56 +02:00
|
|
|
* GRANT OPTION.
|
2003-05-31 00:55:16 +02:00
|
|
|
*/
|
2016-10-12 18:19:56 +02:00
|
|
|
if (strcmp(privswgo->data, "ALL") != 0)
|
2003-05-31 00:55:16 +02:00
|
|
|
{
|
2009-10-05 21:24:49 +02:00
|
|
|
appendPQExpBuffer(firstsql, "%sREVOKE ALL", prefix);
|
2009-01-22 21:16:10 +01:00
|
|
|
if (subname)
|
|
|
|
appendPQExpBuffer(firstsql, "(%s)", subname);
|
|
|
|
appendPQExpBuffer(firstsql, " ON %s %s FROM %s;\n",
|
|
|
|
type, name, fmtId(grantee->data));
|
2003-05-31 00:55:16 +02:00
|
|
|
if (privs->len > 0)
|
2009-01-22 21:16:10 +01:00
|
|
|
appendPQExpBuffer(firstsql,
|
2009-10-05 21:24:49 +02:00
|
|
|
"%sGRANT %s ON %s %s TO %s;\n",
|
|
|
|
prefix, privs->data, type, name,
|
2003-05-31 00:55:16 +02:00
|
|
|
fmtId(grantee->data));
|
|
|
|
if (privswgo->len > 0)
|
2009-01-22 21:16:10 +01:00
|
|
|
appendPQExpBuffer(firstsql,
|
2010-02-26 03:01:40 +01:00
|
|
|
"%sGRANT %s ON %s %s TO %s WITH GRANT OPTION;\n",
|
2009-10-05 21:24:49 +02:00
|
|
|
prefix, privswgo->data, type, name,
|
2003-05-31 00:55:16 +02:00
|
|
|
fmtId(grantee->data));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/*
|
2016-04-07 03:45:32 +02:00
|
|
|
* For systems prior to 9.6, we can assume we are starting
|
|
|
|
* from no privs at this point.
|
|
|
|
*
|
|
|
|
* For 9.6 and above, at this point we have issued REVOKE
|
|
|
|
* statements for all initial and default privileges which are
|
|
|
|
* no longer present on the object (as they were passed in as
|
|
|
|
* 'racls') and we can simply GRANT the rights which are in
|
|
|
|
* 'acls'.
|
2003-05-31 00:55:16 +02:00
|
|
|
*/
|
2003-07-24 17:52:53 +02:00
|
|
|
if (grantor->len > 0
|
|
|
|
&& (!owner || strcmp(owner, grantor->data) != 0))
|
|
|
|
appendPQExpBuffer(secondsql, "SET SESSION AUTHORIZATION %s;\n",
|
|
|
|
fmtId(grantor->data));
|
|
|
|
|
2003-05-31 00:55:16 +02:00
|
|
|
if (privs->len > 0)
|
|
|
|
{
|
2009-10-05 21:24:49 +02:00
|
|
|
appendPQExpBuffer(secondsql, "%sGRANT %s ON %s %s TO ",
|
|
|
|
prefix, privs->data, type, name);
|
2003-05-31 00:55:16 +02:00
|
|
|
if (grantee->len == 0)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(secondsql, "PUBLIC;\n");
|
2003-05-31 00:55:16 +02:00
|
|
|
else if (strncmp(grantee->data, "group ",
|
|
|
|
strlen("group ")) == 0)
|
2003-07-24 17:52:53 +02:00
|
|
|
appendPQExpBuffer(secondsql, "GROUP %s;\n",
|
2005-10-15 04:49:52 +02:00
|
|
|
fmtId(grantee->data + strlen("group ")));
|
2003-05-31 00:55:16 +02:00
|
|
|
else
|
2003-07-24 17:52:53 +02:00
|
|
|
appendPQExpBuffer(secondsql, "%s;\n", fmtId(grantee->data));
|
2003-05-31 00:55:16 +02:00
|
|
|
}
|
|
|
|
if (privswgo->len > 0)
|
|
|
|
{
|
2009-10-05 21:24:49 +02:00
|
|
|
appendPQExpBuffer(secondsql, "%sGRANT %s ON %s %s TO ",
|
|
|
|
prefix, privswgo->data, type, name);
|
2003-05-31 00:55:16 +02:00
|
|
|
if (grantee->len == 0)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(secondsql, "PUBLIC");
|
2003-05-31 00:55:16 +02:00
|
|
|
else if (strncmp(grantee->data, "group ",
|
|
|
|
strlen("group ")) == 0)
|
2003-07-24 17:52:53 +02:00
|
|
|
appendPQExpBuffer(secondsql, "GROUP %s",
|
2005-10-15 04:49:52 +02:00
|
|
|
fmtId(grantee->data + strlen("group ")));
|
2003-05-31 00:55:16 +02:00
|
|
|
else
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(secondsql, fmtId(grantee->data));
|
|
|
|
appendPQExpBufferStr(secondsql, " WITH GRANT OPTION;\n");
|
2003-05-31 00:55:16 +02:00
|
|
|
}
|
2003-07-24 17:52:53 +02:00
|
|
|
|
|
|
|
if (grantor->len > 0
|
|
|
|
&& (!owner || strcmp(owner, grantor->data) != 0))
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(secondsql, "RESET SESSION AUTHORIZATION;\n");
|
2003-05-31 00:55:16 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2016-04-07 03:45:32 +02:00
|
|
|
* For systems prior to 9.6, if we didn't find any owner privs, the owner
|
|
|
|
* must have revoked 'em all.
|
|
|
|
*
|
|
|
|
* For 9.6 and above, we handle this through the 'racls'. See above.
|
2003-05-31 00:55:16 +02:00
|
|
|
*/
|
2016-04-07 03:45:32 +02:00
|
|
|
if (remoteVersion < 90600 && !found_owner_privs && owner)
|
2009-01-22 21:16:10 +01:00
|
|
|
{
|
2009-10-05 21:24:49 +02:00
|
|
|
appendPQExpBuffer(firstsql, "%sREVOKE ALL", prefix);
|
2009-01-22 21:16:10 +01:00
|
|
|
if (subname)
|
|
|
|
appendPQExpBuffer(firstsql, "(%s)", subname);
|
|
|
|
appendPQExpBuffer(firstsql, " ON %s %s FROM %s;\n",
|
2003-05-31 00:55:16 +02:00
|
|
|
type, name, fmtId(owner));
|
2009-01-22 21:16:10 +01:00
|
|
|
}
|
2003-05-31 00:55:16 +02:00
|
|
|
|
|
|
|
destroyPQExpBuffer(grantee);
|
|
|
|
destroyPQExpBuffer(grantor);
|
|
|
|
destroyPQExpBuffer(privs);
|
|
|
|
destroyPQExpBuffer(privswgo);
|
|
|
|
|
2003-07-24 17:52:53 +02:00
|
|
|
appendPQExpBuffer(sql, "%s%s", firstsql->data, secondsql->data);
|
|
|
|
destroyPQExpBuffer(firstsql);
|
|
|
|
destroyPQExpBuffer(secondsql);
|
|
|
|
|
2016-04-07 03:45:32 +02:00
|
|
|
if (aclitems)
|
|
|
|
free(aclitems);
|
|
|
|
|
|
|
|
if (raclitems)
|
|
|
|
free(raclitems);
|
2003-07-31 19:21:57 +02:00
|
|
|
|
2015-02-12 00:35:23 +01:00
|
|
|
return ok;
|
2003-05-31 00:55:16 +02:00
|
|
|
}
|
|
|
|
|
2009-10-05 21:24:49 +02:00
|
|
|
/*
|
|
|
|
* Build ALTER DEFAULT PRIVILEGES command(s) for single pg_default_acl entry.
|
|
|
|
*
|
2009-10-13 01:41:45 +02:00
|
|
|
* type: the object type (TABLES, FUNCTIONS, etc)
|
2009-10-05 21:24:49 +02:00
|
|
|
* nspname: schema name, or NULL for global default privileges
|
|
|
|
* acls: the ACL string fetched from the database
|
|
|
|
* owner: username of privileges owner (will be passed through fmtId)
|
|
|
|
* remoteVersion: version of database
|
|
|
|
*
|
|
|
|
* Returns TRUE if okay, FALSE if could not parse the acl string.
|
|
|
|
* The resulting commands (if any) are appended to the contents of 'sql'.
|
|
|
|
*/
|
|
|
|
bool
|
|
|
|
buildDefaultACLCommands(const char *type, const char *nspname,
|
|
|
|
const char *acls, const char *owner,
|
|
|
|
int remoteVersion,
|
|
|
|
PQExpBuffer sql)
|
|
|
|
{
|
|
|
|
bool result;
|
|
|
|
PQExpBuffer prefix;
|
|
|
|
|
|
|
|
prefix = createPQExpBuffer();
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We incorporate the target role directly into the command, rather than
|
2014-05-06 18:12:18 +02:00
|
|
|
* playing around with SET ROLE or anything like that. This is so that a
|
2010-02-26 03:01:40 +01:00
|
|
|
* permissions error leads to nothing happening, rather than changing
|
|
|
|
* default privileges for the wrong user.
|
2009-10-05 21:24:49 +02:00
|
|
|
*/
|
|
|
|
appendPQExpBuffer(prefix, "ALTER DEFAULT PRIVILEGES FOR ROLE %s ",
|
|
|
|
fmtId(owner));
|
|
|
|
if (nspname)
|
|
|
|
appendPQExpBuffer(prefix, "IN SCHEMA %s ", fmtId(nspname));
|
|
|
|
|
|
|
|
result = buildACLCommands("", NULL,
|
2016-04-07 03:45:32 +02:00
|
|
|
type, acls, "", owner,
|
2009-10-05 21:24:49 +02:00
|
|
|
prefix->data, remoteVersion,
|
|
|
|
sql);
|
|
|
|
|
|
|
|
destroyPQExpBuffer(prefix);
|
|
|
|
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2003-05-31 00:55:16 +02:00
|
|
|
/*
|
2003-07-31 19:21:57 +02:00
|
|
|
* This will parse an aclitem string, having the general form
|
|
|
|
* username=privilegecodes/grantor
|
|
|
|
* or
|
|
|
|
* group groupname=privilegecodes/grantor
|
2016-10-12 18:19:56 +02:00
|
|
|
* (the "group" case occurs only with servers before 8.1).
|
|
|
|
*
|
|
|
|
* Returns true on success, false on parse error. On success, the components
|
|
|
|
* of the string are returned in the PQExpBuffer parameters.
|
2003-07-31 19:21:57 +02:00
|
|
|
*
|
|
|
|
* The returned grantee string will be the dequoted username or groupname
|
2016-10-12 18:19:56 +02:00
|
|
|
* (preceded with "group " in the latter case). Note that a grant to PUBLIC
|
|
|
|
* is represented by an empty grantee string. The returned grantor is the
|
|
|
|
* dequoted grantor name. Privilege characters are decoded and split between
|
|
|
|
* privileges with grant option (privswgo) and without (privs).
|
2003-05-31 00:55:16 +02:00
|
|
|
*
|
2016-10-12 18:19:56 +02:00
|
|
|
* Note: for cross-version compatibility, it's important to use ALL to
|
|
|
|
* represent the privilege sets whenever appropriate.
|
2003-05-31 00:55:16 +02:00
|
|
|
*/
|
|
|
|
static bool
|
2009-01-22 21:16:10 +01:00
|
|
|
parseAclItem(const char *item, const char *type,
|
|
|
|
const char *name, const char *subname, int remoteVersion,
|
|
|
|
PQExpBuffer grantee, PQExpBuffer grantor,
|
2003-05-31 00:55:16 +02:00
|
|
|
PQExpBuffer privs, PQExpBuffer privswgo)
|
|
|
|
{
|
|
|
|
char *buf;
|
|
|
|
bool all_with_go = true;
|
|
|
|
bool all_without_go = true;
|
|
|
|
char *eqpos;
|
|
|
|
char *slpos;
|
|
|
|
char *pos;
|
|
|
|
|
|
|
|
buf = strdup(item);
|
2006-10-10 01:30:33 +02:00
|
|
|
if (!buf)
|
|
|
|
return false;
|
2003-05-31 00:55:16 +02:00
|
|
|
|
2003-07-31 19:21:57 +02:00
|
|
|
/* user or group name is string up to = */
|
|
|
|
eqpos = copyAclUserName(grantee, buf);
|
|
|
|
if (*eqpos != '=')
|
2012-06-03 17:52:52 +02:00
|
|
|
{
|
|
|
|
free(buf);
|
2003-05-31 00:55:16 +02:00
|
|
|
return false;
|
2012-06-03 17:52:52 +02:00
|
|
|
}
|
2003-05-31 00:55:16 +02:00
|
|
|
|
2016-10-12 18:19:56 +02:00
|
|
|
/* grantor should appear after / */
|
2003-05-31 00:55:16 +02:00
|
|
|
slpos = strchr(eqpos + 1, '/');
|
|
|
|
if (slpos)
|
|
|
|
{
|
2003-07-31 19:21:57 +02:00
|
|
|
*slpos++ = '\0';
|
|
|
|
slpos = copyAclUserName(grantor, slpos);
|
|
|
|
if (*slpos != '\0')
|
2012-06-03 17:52:52 +02:00
|
|
|
{
|
|
|
|
free(buf);
|
2003-07-31 19:21:57 +02:00
|
|
|
return false;
|
2012-06-03 17:52:52 +02:00
|
|
|
}
|
2003-05-31 00:55:16 +02:00
|
|
|
}
|
|
|
|
else
|
2016-10-12 18:19:56 +02:00
|
|
|
{
|
|
|
|
free(buf);
|
|
|
|
return false;
|
|
|
|
}
|
2003-05-31 00:55:16 +02:00
|
|
|
|
|
|
|
/* privilege codes */
|
|
|
|
#define CONVERT_PRIV(code, keywd) \
|
2006-01-21 03:16:21 +01:00
|
|
|
do { \
|
2003-05-31 00:55:16 +02:00
|
|
|
if ((pos = strchr(eqpos + 1, code))) \
|
|
|
|
{ \
|
|
|
|
if (*(pos + 1) == '*') \
|
|
|
|
{ \
|
2009-01-22 21:16:10 +01:00
|
|
|
AddAcl(privswgo, keywd, subname); \
|
2003-05-31 00:55:16 +02:00
|
|
|
all_without_go = false; \
|
|
|
|
} \
|
|
|
|
else \
|
|
|
|
{ \
|
2009-01-22 21:16:10 +01:00
|
|
|
AddAcl(privs, keywd, subname); \
|
2003-05-31 00:55:16 +02:00
|
|
|
all_with_go = false; \
|
|
|
|
} \
|
|
|
|
} \
|
|
|
|
else \
|
2006-01-21 03:16:21 +01:00
|
|
|
all_with_go = all_without_go = false; \
|
|
|
|
} while (0)
|
2003-05-31 00:55:16 +02:00
|
|
|
|
|
|
|
resetPQExpBuffer(privs);
|
|
|
|
resetPQExpBuffer(privswgo);
|
|
|
|
|
2009-10-13 01:41:45 +02:00
|
|
|
if (strcmp(type, "TABLE") == 0 || strcmp(type, "SEQUENCE") == 0 ||
|
|
|
|
strcmp(type, "TABLES") == 0 || strcmp(type, "SEQUENCES") == 0)
|
2003-05-31 00:55:16 +02:00
|
|
|
{
|
|
|
|
CONVERT_PRIV('r', "SELECT");
|
2006-10-04 02:30:14 +02:00
|
|
|
|
2009-10-13 01:41:45 +02:00
|
|
|
if (strcmp(type, "SEQUENCE") == 0 ||
|
|
|
|
strcmp(type, "SEQUENCES") == 0)
|
2006-01-21 03:16:21 +01:00
|
|
|
/* sequence only */
|
|
|
|
CONVERT_PRIV('U', "USAGE");
|
|
|
|
else
|
2003-05-31 00:55:16 +02:00
|
|
|
{
|
2006-01-21 03:16:21 +01:00
|
|
|
/* table only */
|
|
|
|
CONVERT_PRIV('a', "INSERT");
|
2016-10-12 18:19:56 +02:00
|
|
|
CONVERT_PRIV('x', "REFERENCES");
|
2009-01-22 21:16:10 +01:00
|
|
|
/* rest are not applicable to columns */
|
|
|
|
if (subname == NULL)
|
|
|
|
{
|
2016-10-12 18:19:56 +02:00
|
|
|
CONVERT_PRIV('d', "DELETE");
|
|
|
|
CONVERT_PRIV('t', "TRIGGER");
|
2009-01-22 21:16:10 +01:00
|
|
|
if (remoteVersion >= 80400)
|
|
|
|
CONVERT_PRIV('D', "TRUNCATE");
|
2006-01-21 03:16:21 +01:00
|
|
|
}
|
2003-05-31 00:55:16 +02:00
|
|
|
}
|
2006-01-21 03:16:21 +01:00
|
|
|
|
|
|
|
/* UPDATE */
|
2016-10-12 18:19:56 +02:00
|
|
|
CONVERT_PRIV('w', "UPDATE");
|
2003-05-31 00:55:16 +02:00
|
|
|
}
|
2009-10-13 01:41:45 +02:00
|
|
|
else if (strcmp(type, "FUNCTION") == 0 ||
|
|
|
|
strcmp(type, "FUNCTIONS") == 0)
|
2003-05-31 00:55:16 +02:00
|
|
|
CONVERT_PRIV('X', "EXECUTE");
|
|
|
|
else if (strcmp(type, "LANGUAGE") == 0)
|
|
|
|
CONVERT_PRIV('U', "USAGE");
|
|
|
|
else if (strcmp(type, "SCHEMA") == 0)
|
|
|
|
{
|
|
|
|
CONVERT_PRIV('C', "CREATE");
|
|
|
|
CONVERT_PRIV('U', "USAGE");
|
|
|
|
}
|
|
|
|
else if (strcmp(type, "DATABASE") == 0)
|
|
|
|
{
|
|
|
|
CONVERT_PRIV('C', "CREATE");
|
2006-04-30 23:15:33 +02:00
|
|
|
CONVERT_PRIV('c', "CONNECT");
|
2003-05-31 00:55:16 +02:00
|
|
|
CONVERT_PRIV('T', "TEMPORARY");
|
|
|
|
}
|
2004-06-18 08:14:31 +02:00
|
|
|
else if (strcmp(type, "TABLESPACE") == 0)
|
|
|
|
CONVERT_PRIV('C', "CREATE");
|
2012-12-09 06:08:23 +01:00
|
|
|
else if (strcmp(type, "TYPE") == 0 ||
|
|
|
|
strcmp(type, "TYPES") == 0)
|
|
|
|
CONVERT_PRIV('U', "USAGE");
|
2008-12-19 17:25:19 +01:00
|
|
|
else if (strcmp(type, "FOREIGN DATA WRAPPER") == 0)
|
|
|
|
CONVERT_PRIV('U', "USAGE");
|
2010-03-03 21:10:48 +01:00
|
|
|
else if (strcmp(type, "FOREIGN SERVER") == 0)
|
2008-12-19 17:25:19 +01:00
|
|
|
CONVERT_PRIV('U', "USAGE");
|
2011-01-02 05:48:11 +01:00
|
|
|
else if (strcmp(type, "FOREIGN TABLE") == 0)
|
|
|
|
CONVERT_PRIV('r', "SELECT");
|
2009-12-11 04:34:57 +01:00
|
|
|
else if (strcmp(type, "LARGE OBJECT") == 0)
|
|
|
|
{
|
|
|
|
CONVERT_PRIV('r', "SELECT");
|
|
|
|
CONVERT_PRIV('w', "UPDATE");
|
|
|
|
}
|
2003-05-31 00:55:16 +02:00
|
|
|
else
|
|
|
|
abort();
|
|
|
|
|
|
|
|
#undef CONVERT_PRIV
|
|
|
|
|
|
|
|
if (all_with_go)
|
|
|
|
{
|
|
|
|
resetPQExpBuffer(privs);
|
|
|
|
printfPQExpBuffer(privswgo, "ALL");
|
2009-01-22 21:16:10 +01:00
|
|
|
if (subname)
|
|
|
|
appendPQExpBuffer(privswgo, "(%s)", subname);
|
2003-05-31 00:55:16 +02:00
|
|
|
}
|
|
|
|
else if (all_without_go)
|
|
|
|
{
|
|
|
|
resetPQExpBuffer(privswgo);
|
|
|
|
printfPQExpBuffer(privs, "ALL");
|
2009-01-22 21:16:10 +01:00
|
|
|
if (subname)
|
|
|
|
appendPQExpBuffer(privs, "(%s)", subname);
|
2003-05-31 00:55:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
free(buf);
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2003-07-31 19:21:57 +02:00
|
|
|
/*
|
|
|
|
* Transfer a user or group name starting at *input into the output buffer,
|
|
|
|
* dequoting if needed. Returns a pointer to just past the input name.
|
|
|
|
* The name is taken to end at an unquoted '=' or end of string.
|
|
|
|
*/
|
|
|
|
static char *
|
|
|
|
copyAclUserName(PQExpBuffer output, char *input)
|
|
|
|
{
|
|
|
|
resetPQExpBuffer(output);
|
2003-08-14 16:19:11 +02:00
|
|
|
|
2003-07-31 19:21:57 +02:00
|
|
|
while (*input && *input != '=')
|
|
|
|
{
|
2004-08-29 07:07:03 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* If user name isn't quoted, then just add it to the output buffer
|
2004-08-29 07:07:03 +02:00
|
|
|
*/
|
2003-07-31 19:21:57 +02:00
|
|
|
if (*input != '"')
|
|
|
|
appendPQExpBufferChar(output, *input++);
|
|
|
|
else
|
|
|
|
{
|
2004-06-18 08:14:31 +02:00
|
|
|
/* Otherwise, it's a quoted username */
|
2003-07-31 19:21:57 +02:00
|
|
|
input++;
|
2003-08-14 16:19:11 +02:00
|
|
|
/* Loop until we come across an unescaped quote */
|
|
|
|
while (!(*input == '"' && *(input + 1) != '"'))
|
2003-07-31 19:21:57 +02:00
|
|
|
{
|
|
|
|
if (*input == '\0')
|
2003-08-04 02:43:34 +02:00
|
|
|
return input; /* really a syntax error... */
|
|
|
|
|
2003-07-31 19:21:57 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Quoting convention is to escape " as "". Keep this code in
|
|
|
|
* sync with putid() in backend's acl.c.
|
2003-07-31 19:21:57 +02:00
|
|
|
*/
|
2003-08-14 16:19:11 +02:00
|
|
|
if (*input == '"' && *(input + 1) == '"')
|
|
|
|
input++;
|
2003-07-31 19:21:57 +02:00
|
|
|
appendPQExpBufferChar(output, *input++);
|
|
|
|
}
|
|
|
|
input++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return input;
|
|
|
|
}
|
2003-05-31 00:55:16 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Append a privilege keyword to a keyword list, inserting comma if needed.
|
|
|
|
*/
|
|
|
|
static void
|
2009-01-22 21:16:10 +01:00
|
|
|
AddAcl(PQExpBuffer aclbuf, const char *keyword, const char *subname)
|
2003-05-31 00:55:16 +02:00
|
|
|
{
|
|
|
|
if (aclbuf->len > 0)
|
|
|
|
appendPQExpBufferChar(aclbuf, ',');
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(aclbuf, keyword);
|
2009-01-22 21:16:10 +01:00
|
|
|
if (subname)
|
|
|
|
appendPQExpBuffer(aclbuf, "(%s)", subname);
|
2003-05-31 00:55:16 +02:00
|
|
|
}
|
2006-10-10 01:30:33 +02:00
|
|
|
|
|
|
|
|
2011-07-20 19:18:24 +02:00
|
|
|
/*
|
|
|
|
* buildShSecLabelQuery
|
|
|
|
*
|
|
|
|
* Build a query to retrieve security labels for a shared object.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
buildShSecLabelQuery(PGconn *conn, const char *catalog_name, uint32 objectId,
|
|
|
|
PQExpBuffer sql)
|
|
|
|
{
|
|
|
|
appendPQExpBuffer(sql,
|
|
|
|
"SELECT provider, label FROM pg_catalog.pg_shseclabel "
|
|
|
|
"WHERE classoid = '%s'::pg_catalog.regclass AND "
|
|
|
|
"objoid = %u", catalog_name, objectId);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* emitShSecLabels
|
|
|
|
*
|
|
|
|
* Format security label data retrieved by the query generated in
|
|
|
|
* buildShSecLabelQuery.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
emitShSecLabels(PGconn *conn, PGresult *res, PQExpBuffer buffer,
|
|
|
|
const char *target, const char *objname)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < PQntuples(res); i++)
|
2012-06-10 21:20:04 +02:00
|
|
|
{
|
|
|
|
char *provider = PQgetvalue(res, i, 0);
|
|
|
|
char *label = PQgetvalue(res, i, 1);
|
2011-07-20 19:18:24 +02:00
|
|
|
|
|
|
|
/* must use fmtId result before calling it again */
|
|
|
|
appendPQExpBuffer(buffer,
|
|
|
|
"SECURITY LABEL FOR %s ON %s",
|
|
|
|
fmtId(provider), target);
|
|
|
|
appendPQExpBuffer(buffer,
|
|
|
|
" %s IS ",
|
|
|
|
fmtId(objname));
|
|
|
|
appendStringLiteralConn(buffer, label, conn);
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(buffer, ";\n");
|
2011-07-20 19:18:24 +02:00
|
|
|
}
|
|
|
|
}
|
2016-04-07 03:45:32 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* buildACLQueries
|
|
|
|
*
|
|
|
|
* Build the subqueries to extract out the correct set of ACLs to be
|
|
|
|
* GRANT'd and REVOKE'd for the specific kind of object, accounting for any
|
|
|
|
* initial privileges (from pg_init_privs) and based on if we are in binary
|
|
|
|
* upgrade mode or not.
|
|
|
|
*
|
|
|
|
* Also builds subqueries to extract out the set of ACLs to go from the object
|
|
|
|
* default privileges to the privileges in pg_init_privs, if we are in binary
|
|
|
|
* upgrade mode, so that those privileges can be set up and recorded in the new
|
|
|
|
* cluster before the regular privileges are added on top of those.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
buildACLQueries(PQExpBuffer acl_subquery, PQExpBuffer racl_subquery,
|
|
|
|
PQExpBuffer init_acl_subquery, PQExpBuffer init_racl_subquery,
|
|
|
|
const char *acl_column, const char *acl_owner,
|
|
|
|
const char *obj_kind, bool binary_upgrade)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* To get the delta from what the permissions were at creation time
|
|
|
|
* (either initdb or CREATE EXTENSION) vs. what they are now, we have to
|
|
|
|
* look at two things:
|
|
|
|
*
|
|
|
|
* What privileges have been added, which we calculate by extracting all
|
|
|
|
* the current privileges (using the set of default privileges for the
|
|
|
|
* object type if current privileges are NULL) and then removing those
|
|
|
|
* which existed at creation time (again, using the set of default
|
|
|
|
* privileges for the object type if there were no creation time
|
|
|
|
* privileges).
|
|
|
|
*
|
|
|
|
* What privileges have been removed, which we calculate by extracting the
|
|
|
|
* privileges as they were at creation time (or the default privileges, as
|
|
|
|
* above), and then removing the current privileges (or the default
|
|
|
|
* privileges, if current privileges are NULL).
|
|
|
|
*
|
|
|
|
* As a good cross-check, both directions of these checks should result in
|
|
|
|
* the empty set if both the current ACL and the initial privs are NULL
|
|
|
|
* (meaning, in practice, that the default ACLs were there at init time
|
|
|
|
* and is what the current privileges are).
|
|
|
|
*
|
|
|
|
* We always perform this delta on all ACLs and expect that by the time
|
2016-06-10 00:02:36 +02:00
|
|
|
* these are run the initial privileges will be in place, even in a binary
|
|
|
|
* upgrade situation (see below).
|
2016-04-07 03:45:32 +02:00
|
|
|
*/
|
2016-05-25 02:10:16 +02:00
|
|
|
printfPQExpBuffer(acl_subquery, "(SELECT pg_catalog.array_agg(acl) FROM "
|
|
|
|
"(SELECT pg_catalog.unnest(coalesce(%s,pg_catalog.acldefault(%s,%s))) AS acl "
|
2016-04-07 03:45:32 +02:00
|
|
|
"EXCEPT "
|
2016-06-10 00:02:36 +02:00
|
|
|
"SELECT pg_catalog.unnest(coalesce(pip.initprivs,pg_catalog.acldefault(%s,%s)))) as foo)",
|
2016-04-07 03:45:32 +02:00
|
|
|
acl_column,
|
|
|
|
obj_kind,
|
|
|
|
acl_owner,
|
|
|
|
obj_kind,
|
|
|
|
acl_owner);
|
|
|
|
|
2016-05-25 02:10:16 +02:00
|
|
|
printfPQExpBuffer(racl_subquery, "(SELECT pg_catalog.array_agg(acl) FROM "
|
2016-06-10 00:02:36 +02:00
|
|
|
"(SELECT pg_catalog.unnest(coalesce(pip.initprivs,pg_catalog.acldefault(%s,%s))) AS acl "
|
2016-04-07 03:45:32 +02:00
|
|
|
"EXCEPT "
|
2016-06-10 00:02:36 +02:00
|
|
|
"SELECT pg_catalog.unnest(coalesce(%s,pg_catalog.acldefault(%s,%s)))) as foo)",
|
2016-04-07 03:45:32 +02:00
|
|
|
obj_kind,
|
|
|
|
acl_owner,
|
|
|
|
acl_column,
|
|
|
|
obj_kind,
|
|
|
|
acl_owner);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* In binary upgrade mode we don't run the extension script but instead
|
|
|
|
* dump out the objects independently and then recreate them. To preserve
|
|
|
|
* the initial privileges which were set on extension objects, we need to
|
|
|
|
* grab the set of GRANT and REVOKE commands necessary to get from the
|
|
|
|
* default privileges of an object to the initial privileges as recorded
|
|
|
|
* in pg_init_privs.
|
|
|
|
*
|
|
|
|
* These will then be run ahead of the regular ACL commands, which were
|
|
|
|
* calculated using the queries above, inside of a block which sets a flag
|
|
|
|
* to indicate that the backend should record the results of these GRANT
|
|
|
|
* and REVOKE statements into pg_init_privs. This is how we preserve the
|
|
|
|
* contents of that catalog across binary upgrades.
|
|
|
|
*/
|
|
|
|
if (binary_upgrade)
|
|
|
|
{
|
|
|
|
printfPQExpBuffer(init_acl_subquery,
|
|
|
|
"CASE WHEN privtype = 'e' THEN "
|
2016-05-25 02:10:16 +02:00
|
|
|
"(SELECT pg_catalog.array_agg(acl) FROM "
|
|
|
|
"(SELECT pg_catalog.unnest(pip.initprivs) AS acl "
|
2016-04-07 03:45:32 +02:00
|
|
|
"EXCEPT "
|
2016-06-10 00:02:36 +02:00
|
|
|
"SELECT pg_catalog.unnest(pg_catalog.acldefault(%s,%s))) as foo) END",
|
2016-04-07 03:45:32 +02:00
|
|
|
obj_kind,
|
|
|
|
acl_owner);
|
|
|
|
|
|
|
|
printfPQExpBuffer(init_racl_subquery,
|
|
|
|
"CASE WHEN privtype = 'e' THEN "
|
2016-05-25 02:10:16 +02:00
|
|
|
"(SELECT pg_catalog.array_agg(acl) FROM "
|
2016-06-10 00:02:36 +02:00
|
|
|
"(SELECT pg_catalog.unnest(pg_catalog.acldefault(%s,%s)) AS acl "
|
2016-04-07 03:45:32 +02:00
|
|
|
"EXCEPT "
|
2016-06-10 00:02:36 +02:00
|
|
|
"SELECT pg_catalog.unnest(pip.initprivs)) as foo) END",
|
2016-04-07 03:45:32 +02:00
|
|
|
obj_kind,
|
|
|
|
acl_owner);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
printfPQExpBuffer(init_acl_subquery, "NULL");
|
|
|
|
printfPQExpBuffer(init_racl_subquery, "NULL");
|
|
|
|
}
|
|
|
|
}
|