1997-12-04 01:34:01 +01:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
|
*
|
1999-02-14 00:22:53 +01:00
|
|
|
* user.c
|
2000-06-28 05:33:33 +02:00
|
|
|
* Commands for manipulating users and groups.
|
1997-12-04 01:34:01 +01:00
|
|
|
*
|
2004-12-31 23:04:05 +01:00
|
|
|
* Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
|
2000-01-26 06:58:53 +01:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
1997-12-04 01:34:01 +01:00
|
|
|
*
|
2005-04-14 22:03:27 +02:00
|
|
|
* $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.151 2005/04/14 20:03:24 tgl Exp $
|
1997-12-04 01:34:01 +01:00
|
|
|
*
|
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
|
*/
|
2001-06-12 07:55:50 +02:00
|
|
|
#include "postgres.h"
|
|
|
|
|
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "access/heapam.h"
|
2002-08-30 03:01:02 +02:00
|
|
|
#include "catalog/indexing.h"
|
1999-07-16 01:04:24 +02:00
|
|
|
#include "catalog/pg_database.h"
|
1999-12-16 18:24:19 +01:00
|
|
|
#include "catalog/pg_group.h"
|
2002-08-30 03:01:02 +02:00
|
|
|
#include "catalog/pg_shadow.h"
|
|
|
|
|
#include "catalog/pg_type.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "commands/user.h"
|
1999-07-16 01:04:24 +02:00
|
|
|
#include "libpq/crypt.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "miscadmin.h"
|
2002-04-04 06:25:54 +02:00
|
|
|
#include "utils/acl.h"
|
2000-01-14 23:11:38 +01:00
|
|
|
#include "utils/builtins.h"
|
2005-02-20 03:22:07 +01:00
|
|
|
#include "utils/flatfiles.h"
|
2000-05-28 19:56:29 +02:00
|
|
|
#include "utils/fmgroids.h"
|
2002-03-01 23:45:19 +01:00
|
|
|
#include "utils/guc.h"
|
2001-06-14 03:09:22 +02:00
|
|
|
#include "utils/lsyscache.h"
|
1999-07-16 01:04:24 +02:00
|
|
|
#include "utils/syscache.h"
|
1997-12-04 01:34:01 +01:00
|
|
|
|
2001-06-12 07:55:50 +02:00
|
|
|
|
2001-08-15 20:42:16 +02:00
|
|
|
extern bool Password_encryption;
|
1998-12-14 07:50:32 +01:00
|
|
|
|
2002-10-21 21:46:45 +02:00
|
|
|
|
2001-11-02 19:39:57 +01:00
|
|
|
static void CheckPgUserAclNotNull(void);
|
2002-04-27 23:24:34 +02:00
|
|
|
static void UpdateGroupMembership(Relation group_rel, HeapTuple group_tuple,
|
2002-09-04 22:31:48 +02:00
|
|
|
List *members);
|
2002-04-27 23:24:34 +02:00
|
|
|
static IdList *IdListToArray(List *members);
|
|
|
|
|
static List *IdArrayToList(IdList *oldarray);
|
2002-04-04 06:25:54 +02:00
|
|
|
|
|
|
|
|
|
2000-01-14 23:11:38 +01:00
|
|
|
/*
|
|
|
|
|
* CREATE USER
|
1997-12-04 01:34:01 +01:00
|
|
|
*/
|
1998-02-26 05:46:47 +01:00
|
|
|
void
|
2000-01-14 23:11:38 +01:00
|
|
|
CreateUser(CreateUserStmt *stmt)
|
1998-02-26 05:46:47 +01:00
|
|
|
{
|
1999-05-25 18:15:34 +02:00
|
|
|
Relation pg_shadow_rel;
|
|
|
|
|
TupleDesc pg_shadow_dsc;
|
|
|
|
|
HeapScanDesc scan;
|
|
|
|
|
HeapTuple tuple;
|
2000-04-12 19:17:23 +02:00
|
|
|
Datum new_record[Natts_pg_shadow];
|
|
|
|
|
char new_record_nulls[Natts_pg_shadow];
|
1999-11-30 04:57:29 +01:00
|
|
|
bool user_exists = false,
|
2000-04-12 19:17:23 +02:00
|
|
|
sysid_exists = false,
|
2001-07-11 00:09:29 +02:00
|
|
|
havesysid = false;
|
2001-09-08 17:24:00 +02:00
|
|
|
int max_id;
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *item;
|
|
|
|
|
ListCell *option;
|
2001-10-28 07:26:15 +01:00
|
|
|
char *password = NULL; /* PostgreSQL user password */
|
2001-10-25 07:50:21 +02:00
|
|
|
bool encrypt_password = Password_encryption; /* encrypt password? */
|
|
|
|
|
char encrypted_password[MD5_PASSWD_LEN + 1];
|
|
|
|
|
int sysid = 0; /* PgSQL system id (valid if havesysid) */
|
|
|
|
|
bool createdb = false; /* Can the user create databases? */
|
|
|
|
|
bool createuser = false; /* Can this user create users? */
|
2001-10-28 07:26:15 +01:00
|
|
|
List *groupElts = NIL; /* The groups the user is a member of */
|
2001-10-25 07:50:21 +02:00
|
|
|
char *validUntil = NULL; /* The time the login is valid
|
|
|
|
|
* until */
|
2001-08-15 20:42:16 +02:00
|
|
|
DefElem *dpassword = NULL;
|
|
|
|
|
DefElem *dsysid = NULL;
|
|
|
|
|
DefElem *dcreatedb = NULL;
|
|
|
|
|
DefElem *dcreateuser = NULL;
|
|
|
|
|
DefElem *dgroupElts = NULL;
|
|
|
|
|
DefElem *dvalidUntil = NULL;
|
2001-07-11 00:09:29 +02:00
|
|
|
|
|
|
|
|
/* Extract options from the statement node tree */
|
|
|
|
|
foreach(option, stmt->options)
|
|
|
|
|
{
|
2001-10-25 07:50:21 +02:00
|
|
|
DefElem *defel = (DefElem *) lfirst(option);
|
2001-07-11 00:09:29 +02:00
|
|
|
|
2001-09-19 11:48:42 +02:00
|
|
|
if (strcmp(defel->defname, "password") == 0 ||
|
|
|
|
|
strcmp(defel->defname, "encryptedPassword") == 0 ||
|
2001-10-25 07:50:21 +02:00
|
|
|
strcmp(defel->defname, "unencryptedPassword") == 0)
|
|
|
|
|
{
|
2001-08-15 20:42:16 +02:00
|
|
|
if (dpassword)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2001-08-15 20:42:16 +02:00
|
|
|
dpassword = defel;
|
2001-09-19 11:48:42 +02:00
|
|
|
if (strcmp(defel->defname, "encryptedPassword") == 0)
|
2001-08-15 20:42:16 +02:00
|
|
|
encrypt_password = true;
|
2001-09-19 11:48:42 +02:00
|
|
|
else if (strcmp(defel->defname, "unencryptedPassword") == 0)
|
2001-08-15 20:42:16 +02:00
|
|
|
encrypt_password = false;
|
|
|
|
|
}
|
2001-10-25 07:50:21 +02:00
|
|
|
else if (strcmp(defel->defname, "sysid") == 0)
|
|
|
|
|
{
|
2001-08-15 20:42:16 +02:00
|
|
|
if (dsysid)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2001-08-15 20:42:16 +02:00
|
|
|
dsysid = defel;
|
|
|
|
|
}
|
2001-10-25 07:50:21 +02:00
|
|
|
else if (strcmp(defel->defname, "createdb") == 0)
|
|
|
|
|
{
|
2001-08-15 20:42:16 +02:00
|
|
|
if (dcreatedb)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2001-08-15 20:42:16 +02:00
|
|
|
dcreatedb = defel;
|
|
|
|
|
}
|
2001-10-25 07:50:21 +02:00
|
|
|
else if (strcmp(defel->defname, "createuser") == 0)
|
|
|
|
|
{
|
2001-08-15 20:42:16 +02:00
|
|
|
if (dcreateuser)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2001-08-15 20:42:16 +02:00
|
|
|
dcreateuser = defel;
|
|
|
|
|
}
|
2001-10-25 07:50:21 +02:00
|
|
|
else if (strcmp(defel->defname, "groupElts") == 0)
|
|
|
|
|
{
|
2001-08-15 20:42:16 +02:00
|
|
|
if (dgroupElts)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2001-08-15 20:42:16 +02:00
|
|
|
dgroupElts = defel;
|
|
|
|
|
}
|
2001-10-25 07:50:21 +02:00
|
|
|
else if (strcmp(defel->defname, "validUntil") == 0)
|
|
|
|
|
{
|
2001-08-15 20:42:16 +02:00
|
|
|
if (dvalidUntil)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2001-08-15 20:42:16 +02:00
|
|
|
dvalidUntil = defel;
|
|
|
|
|
}
|
|
|
|
|
else
|
2003-07-19 01:20:33 +02:00
|
|
|
elog(ERROR, "option \"%s\" not recognized",
|
2001-08-15 20:42:16 +02:00
|
|
|
defel->defname);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (dcreatedb)
|
2001-07-11 00:09:29 +02:00
|
|
|
createdb = intVal(dcreatedb->arg) != 0;
|
2001-08-15 20:42:16 +02:00
|
|
|
if (dcreateuser)
|
2001-07-11 00:09:29 +02:00
|
|
|
createuser = intVal(dcreateuser->arg) != 0;
|
2001-08-15 20:42:16 +02:00
|
|
|
if (dsysid)
|
2001-07-11 00:09:29 +02:00
|
|
|
{
|
|
|
|
|
sysid = intVal(dsysid->arg);
|
2001-09-08 17:24:00 +02:00
|
|
|
if (sysid <= 0)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
|
2003-09-25 08:58:07 +02:00
|
|
|
errmsg("user ID must be positive")));
|
2001-07-11 00:09:29 +02:00
|
|
|
havesysid = true;
|
|
|
|
|
}
|
2001-08-15 20:42:16 +02:00
|
|
|
if (dvalidUntil)
|
2001-07-11 00:09:29 +02:00
|
|
|
validUntil = strVal(dvalidUntil->arg);
|
2001-08-15 20:42:16 +02:00
|
|
|
if (dpassword)
|
2001-07-11 00:09:29 +02:00
|
|
|
password = strVal(dpassword->arg);
|
2001-08-15 20:42:16 +02:00
|
|
|
if (dgroupElts)
|
2001-07-11 00:09:29 +02:00
|
|
|
groupElts = (List *) dgroupElts->arg;
|
1999-04-02 08:16:36 +02:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/* Check some permissions first */
|
2001-07-11 00:09:29 +02:00
|
|
|
if (password)
|
1998-02-26 05:46:47 +01:00
|
|
|
CheckPgUserAclNotNull();
|
|
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
if (!superuser())
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2003-08-01 02:15:26 +02:00
|
|
|
errmsg("must be superuser to create users")));
|
2000-01-14 23:11:38 +01:00
|
|
|
|
2002-04-18 23:16:16 +02:00
|
|
|
if (strcmp(stmt->user, "public") == 0)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_RESERVED_NAME),
|
|
|
|
|
errmsg("user name \"%s\" is reserved",
|
|
|
|
|
stmt->user)));
|
2002-04-18 23:16:16 +02:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
/*
|
2000-04-12 19:17:23 +02:00
|
|
|
* Scan the pg_shadow relation to be certain the user or id doesn't
|
|
|
|
|
* already exist. Note we secure exclusive lock, because we also need
|
|
|
|
|
* to be sure of what the next usesysid should be, and we need to
|
2002-10-21 21:46:45 +02:00
|
|
|
* protect our eventual update of the flat password file.
|
1998-02-26 05:46:47 +01:00
|
|
|
*/
|
2005-04-14 22:03:27 +02:00
|
|
|
pg_shadow_rel = heap_open(ShadowRelationId, ExclusiveLock);
|
1998-09-01 05:29:17 +02:00
|
|
|
pg_shadow_dsc = RelationGetDescr(pg_shadow_rel);
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2002-05-21 01:51:44 +02:00
|
|
|
scan = heap_beginscan(pg_shadow_rel, SnapshotNow, 0, NULL);
|
2001-09-08 17:24:00 +02:00
|
|
|
max_id = 99; /* start auto-assigned ids at 100 */
|
2001-06-12 07:55:50 +02:00
|
|
|
while (!user_exists && !sysid_exists &&
|
2002-05-21 01:51:44 +02:00
|
|
|
(tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
|
1998-02-26 05:46:47 +01:00
|
|
|
{
|
2002-04-27 23:24:34 +02:00
|
|
|
Form_pg_shadow shadow_form = (Form_pg_shadow) GETSTRUCT(tuple);
|
|
|
|
|
int32 this_sysid;
|
1999-11-30 04:57:29 +01:00
|
|
|
|
2002-04-27 23:24:34 +02:00
|
|
|
user_exists = (strcmp(NameStr(shadow_form->usename), stmt->user) == 0);
|
1999-11-30 04:57:29 +01:00
|
|
|
|
2002-04-27 23:24:34 +02:00
|
|
|
this_sysid = shadow_form->usesysid;
|
2000-04-12 19:17:23 +02:00
|
|
|
if (havesysid) /* customized id wanted */
|
2002-04-27 23:24:34 +02:00
|
|
|
sysid_exists = (this_sysid == sysid);
|
2000-04-12 19:17:23 +02:00
|
|
|
else
|
|
|
|
|
{
|
2001-06-12 07:55:50 +02:00
|
|
|
/* pick 1 + max */
|
2002-04-27 23:24:34 +02:00
|
|
|
if (this_sysid > max_id)
|
|
|
|
|
max_id = this_sysid;
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
1998-02-26 05:46:47 +01:00
|
|
|
}
|
|
|
|
|
heap_endscan(scan);
|
|
|
|
|
|
2001-06-12 07:55:50 +02:00
|
|
|
if (user_exists)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_DUPLICATE_OBJECT),
|
|
|
|
|
errmsg("user \"%s\" already exists",
|
|
|
|
|
stmt->user)));
|
2001-06-12 07:55:50 +02:00
|
|
|
if (sysid_exists)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_DUPLICATE_OBJECT),
|
2003-10-02 08:36:37 +02:00
|
|
|
errmsg("user ID %d is already assigned", sysid)));
|
2001-07-11 00:09:29 +02:00
|
|
|
|
|
|
|
|
/* If no sysid given, use max existing id + 1 */
|
2001-10-25 07:50:21 +02:00
|
|
|
if (!havesysid)
|
2001-07-11 00:09:29 +02:00
|
|
|
sysid = max_id + 1;
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
|
|
|
|
* Build a tuple to insert
|
|
|
|
|
*/
|
2002-04-27 23:24:34 +02:00
|
|
|
MemSet(new_record, 0, sizeof(new_record));
|
|
|
|
|
MemSet(new_record_nulls, ' ', sizeof(new_record_nulls));
|
|
|
|
|
|
2001-07-11 00:09:29 +02:00
|
|
|
new_record[Anum_pg_shadow_usename - 1] =
|
|
|
|
|
DirectFunctionCall1(namein, CStringGetDatum(stmt->user));
|
|
|
|
|
new_record[Anum_pg_shadow_usesysid - 1] = Int32GetDatum(sysid);
|
|
|
|
|
AssertState(BoolIsValid(createdb));
|
|
|
|
|
new_record[Anum_pg_shadow_usecreatedb - 1] = BoolGetDatum(createdb);
|
|
|
|
|
AssertState(BoolIsValid(createuser));
|
|
|
|
|
new_record[Anum_pg_shadow_usesuper - 1] = BoolGetDatum(createuser);
|
2000-04-12 19:17:23 +02:00
|
|
|
/* superuser gets catupd right by default */
|
2001-07-11 00:09:29 +02:00
|
|
|
new_record[Anum_pg_shadow_usecatupd - 1] = BoolGetDatum(createuser);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2001-07-11 00:09:29 +02:00
|
|
|
if (password)
|
2001-08-15 20:42:16 +02:00
|
|
|
{
|
|
|
|
|
if (!encrypt_password || isMD5(password))
|
|
|
|
|
new_record[Anum_pg_shadow_passwd - 1] =
|
|
|
|
|
DirectFunctionCall1(textin, CStringGetDatum(password));
|
|
|
|
|
else
|
|
|
|
|
{
|
2001-08-17 04:59:20 +02:00
|
|
|
if (!EncryptMD5(password, stmt->user, strlen(stmt->user),
|
2001-10-25 07:50:21 +02:00
|
|
|
encrypted_password))
|
2003-07-19 01:20:33 +02:00
|
|
|
elog(ERROR, "password encryption failed");
|
2001-08-15 20:42:16 +02:00
|
|
|
new_record[Anum_pg_shadow_passwd - 1] =
|
|
|
|
|
DirectFunctionCall1(textin, CStringGetDatum(encrypted_password));
|
|
|
|
|
}
|
|
|
|
|
}
|
2002-04-27 23:24:34 +02:00
|
|
|
else
|
|
|
|
|
new_record_nulls[Anum_pg_shadow_passwd - 1] = 'n';
|
|
|
|
|
|
2001-07-11 00:09:29 +02:00
|
|
|
if (validUntil)
|
2000-06-09 03:11:16 +02:00
|
|
|
new_record[Anum_pg_shadow_valuntil - 1] =
|
2003-05-13 01:08:52 +02:00
|
|
|
DirectFunctionCall1(abstimein, CStringGetDatum(validUntil));
|
2002-04-27 23:24:34 +02:00
|
|
|
else
|
|
|
|
|
new_record_nulls[Anum_pg_shadow_valuntil - 1] = 'n';
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2002-03-01 23:45:19 +01:00
|
|
|
new_record_nulls[Anum_pg_shadow_useconfig - 1] = 'n';
|
|
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
tuple = heap_formtuple(pg_shadow_dsc, new_record, new_record_nulls);
|
|
|
|
|
|
|
|
|
|
/*
|
2001-06-12 07:55:50 +02:00
|
|
|
* Insert new record in the pg_shadow table
|
2000-04-12 19:17:23 +02:00
|
|
|
*/
|
2002-05-22 00:05:55 +02:00
|
|
|
simple_heap_insert(pg_shadow_rel, tuple);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2002-08-05 05:29:17 +02:00
|
|
|
/* Update indexes */
|
|
|
|
|
CatalogUpdateIndexes(pg_shadow_rel, tuple);
|
1998-02-26 05:46:47 +01:00
|
|
|
|
|
|
|
|
/*
|
1999-12-16 18:24:19 +01:00
|
|
|
* Add the user to the groups specified. We'll just call the below
|
2000-04-12 19:17:23 +02:00
|
|
|
* AlterGroup for this.
|
1998-02-26 05:46:47 +01:00
|
|
|
*/
|
2001-07-11 00:09:29 +02:00
|
|
|
foreach(item, groupElts)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
|
|
|
|
AlterGroupStmt ags;
|
1999-12-16 18:24:19 +01:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
ags.name = strVal(lfirst(item)); /* the group name to add
|
|
|
|
|
* this in */
|
|
|
|
|
ags.action = +1;
|
2004-05-26 06:41:50 +02:00
|
|
|
ags.listUsers = list_make1(makeInteger(sysid));
|
2000-04-12 19:17:23 +02:00
|
|
|
AlterGroup(&ags, "CREATE USER");
|
|
|
|
|
}
|
1998-02-26 05:46:47 +01:00
|
|
|
|
1999-09-18 21:08:25 +02:00
|
|
|
/*
|
2002-10-21 21:46:45 +02:00
|
|
|
* Now we can clean up; but keep lock until commit (to avoid possible
|
|
|
|
|
* deadlock when commit code tries to acquire lock).
|
1999-09-18 21:08:25 +02:00
|
|
|
*/
|
2002-04-04 06:25:54 +02:00
|
|
|
heap_close(pg_shadow_rel, NoLock);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
/*
|
2002-10-21 21:46:45 +02:00
|
|
|
* Set flag to update flat password file at commit.
|
1998-02-26 05:46:47 +01:00
|
|
|
*/
|
2004-07-28 16:23:31 +02:00
|
|
|
user_file_update_needed();
|
1997-12-04 01:34:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2000-01-14 23:11:38 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* ALTER USER
|
|
|
|
|
*/
|
2002-04-26 21:29:47 +02:00
|
|
|
void
|
2000-01-14 23:11:38 +01:00
|
|
|
AlterUser(AlterUserStmt *stmt)
|
1998-02-26 05:46:47 +01:00
|
|
|
{
|
2000-04-12 19:17:23 +02:00
|
|
|
Datum new_record[Natts_pg_shadow];
|
|
|
|
|
char new_record_nulls[Natts_pg_shadow];
|
2002-04-27 23:24:34 +02:00
|
|
|
char new_record_repl[Natts_pg_shadow];
|
1998-02-26 05:46:47 +01:00
|
|
|
Relation pg_shadow_rel;
|
|
|
|
|
TupleDesc pg_shadow_dsc;
|
2000-04-12 19:17:23 +02:00
|
|
|
HeapTuple tuple,
|
|
|
|
|
new_tuple;
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *option;
|
2001-10-28 07:26:15 +01:00
|
|
|
char *password = NULL; /* PostgreSQL user password */
|
2001-10-25 07:50:21 +02:00
|
|
|
bool encrypt_password = Password_encryption; /* encrypt password? */
|
|
|
|
|
char encrypted_password[MD5_PASSWD_LEN + 1];
|
|
|
|
|
int createdb = -1; /* Can the user create databases? */
|
2001-10-28 07:26:15 +01:00
|
|
|
int createuser = -1; /* Can this user create users? */
|
2001-10-25 07:50:21 +02:00
|
|
|
char *validUntil = NULL; /* The time the login is valid
|
|
|
|
|
* until */
|
2001-07-11 00:09:29 +02:00
|
|
|
DefElem *dpassword = NULL;
|
|
|
|
|
DefElem *dcreatedb = NULL;
|
|
|
|
|
DefElem *dcreateuser = NULL;
|
|
|
|
|
DefElem *dvalidUntil = NULL;
|
|
|
|
|
|
|
|
|
|
/* Extract options from the statement node tree */
|
2001-10-25 07:50:21 +02:00
|
|
|
foreach(option, stmt->options)
|
2001-07-11 00:09:29 +02:00
|
|
|
{
|
2001-10-25 07:50:21 +02:00
|
|
|
DefElem *defel = (DefElem *) lfirst(option);
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2001-09-19 11:48:42 +02:00
|
|
|
if (strcmp(defel->defname, "password") == 0 ||
|
|
|
|
|
strcmp(defel->defname, "encryptedPassword") == 0 ||
|
2001-10-25 07:50:21 +02:00
|
|
|
strcmp(defel->defname, "unencryptedPassword") == 0)
|
|
|
|
|
{
|
2001-07-11 00:09:29 +02:00
|
|
|
if (dpassword)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2001-07-11 00:09:29 +02:00
|
|
|
dpassword = defel;
|
2001-09-19 11:48:42 +02:00
|
|
|
if (strcmp(defel->defname, "encryptedPassword") == 0)
|
2001-08-15 20:42:16 +02:00
|
|
|
encrypt_password = true;
|
2001-09-19 11:48:42 +02:00
|
|
|
else if (strcmp(defel->defname, "unencryptedPassword") == 0)
|
2001-08-15 20:42:16 +02:00
|
|
|
encrypt_password = false;
|
2001-07-11 00:09:29 +02:00
|
|
|
}
|
2001-10-25 07:50:21 +02:00
|
|
|
else if (strcmp(defel->defname, "createdb") == 0)
|
|
|
|
|
{
|
2001-07-11 00:09:29 +02:00
|
|
|
if (dcreatedb)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2001-07-11 00:09:29 +02:00
|
|
|
dcreatedb = defel;
|
|
|
|
|
}
|
2001-10-25 07:50:21 +02:00
|
|
|
else if (strcmp(defel->defname, "createuser") == 0)
|
|
|
|
|
{
|
2001-07-11 00:09:29 +02:00
|
|
|
if (dcreateuser)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2001-07-11 00:09:29 +02:00
|
|
|
dcreateuser = defel;
|
2001-08-15 20:42:16 +02:00
|
|
|
}
|
2001-10-25 07:50:21 +02:00
|
|
|
else if (strcmp(defel->defname, "validUntil") == 0)
|
|
|
|
|
{
|
2001-07-11 00:09:29 +02:00
|
|
|
if (dvalidUntil)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2001-07-11 00:09:29 +02:00
|
|
|
dvalidUntil = defel;
|
|
|
|
|
}
|
2001-08-15 20:42:16 +02:00
|
|
|
else
|
2003-07-19 01:20:33 +02:00
|
|
|
elog(ERROR, "option \"%s\" not recognized",
|
2001-07-11 00:09:29 +02:00
|
|
|
defel->defname);
|
|
|
|
|
}
|
2001-08-15 20:42:16 +02:00
|
|
|
|
2001-07-11 00:09:29 +02:00
|
|
|
if (dcreatedb)
|
|
|
|
|
createdb = intVal(dcreatedb->arg);
|
|
|
|
|
if (dcreateuser)
|
|
|
|
|
createuser = intVal(dcreateuser->arg);
|
|
|
|
|
if (dvalidUntil)
|
|
|
|
|
validUntil = strVal(dvalidUntil->arg);
|
|
|
|
|
if (dpassword)
|
|
|
|
|
password = strVal(dpassword->arg);
|
2001-08-15 20:42:16 +02:00
|
|
|
|
|
|
|
|
if (password)
|
1998-02-26 05:46:47 +01:00
|
|
|
CheckPgUserAclNotNull();
|
|
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/* must be superuser or just want to change your own password */
|
|
|
|
|
if (!superuser() &&
|
2001-07-11 00:09:29 +02:00
|
|
|
!(createdb < 0 &&
|
|
|
|
|
createuser < 0 &&
|
|
|
|
|
!validUntil &&
|
|
|
|
|
password &&
|
2002-06-11 15:40:53 +02:00
|
|
|
strcmp(GetUserNameFromId(GetUserId()), stmt->user) == 0))
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
|
errmsg("permission denied")));
|
2000-01-14 23:11:38 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
/*
|
2000-04-12 19:17:23 +02:00
|
|
|
* Scan the pg_shadow relation to be certain the user exists. Note we
|
|
|
|
|
* secure exclusive lock to protect our update of the flat password
|
|
|
|
|
* file.
|
1998-02-26 05:46:47 +01:00
|
|
|
*/
|
2005-04-14 22:03:27 +02:00
|
|
|
pg_shadow_rel = heap_open(ShadowRelationId, ExclusiveLock);
|
1998-09-01 05:29:17 +02:00
|
|
|
pg_shadow_dsc = RelationGetDescr(pg_shadow_rel);
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2000-11-16 23:30:52 +01:00
|
|
|
tuple = SearchSysCache(SHADOWNAME,
|
|
|
|
|
PointerGetDatum(stmt->user),
|
|
|
|
|
0, 0, 0);
|
1998-08-19 04:04:17 +02:00
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
|
errmsg("user \"%s\" does not exist", stmt->user)));
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
2002-04-27 23:24:34 +02:00
|
|
|
* Build an updated tuple, perusing the information just obtained
|
2000-04-12 19:17:23 +02:00
|
|
|
*/
|
2002-04-27 23:24:34 +02:00
|
|
|
MemSet(new_record, 0, sizeof(new_record));
|
|
|
|
|
MemSet(new_record_nulls, ' ', sizeof(new_record_nulls));
|
|
|
|
|
MemSet(new_record_repl, ' ', sizeof(new_record_repl));
|
|
|
|
|
|
2000-08-03 18:35:08 +02:00
|
|
|
new_record[Anum_pg_shadow_usename - 1] = DirectFunctionCall1(namein,
|
2001-03-22 05:01:46 +01:00
|
|
|
CStringGetDatum(stmt->user));
|
2002-04-27 23:24:34 +02:00
|
|
|
new_record_repl[Anum_pg_shadow_usename - 1] = 'r';
|
2000-04-12 19:17:23 +02:00
|
|
|
|
|
|
|
|
/* createdb */
|
2002-04-27 23:24:34 +02:00
|
|
|
if (createdb >= 0)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2001-07-11 00:09:29 +02:00
|
|
|
new_record[Anum_pg_shadow_usecreatedb - 1] = BoolGetDatum(createdb > 0);
|
2002-04-27 23:24:34 +02:00
|
|
|
new_record_repl[Anum_pg_shadow_usecreatedb - 1] = 'r';
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
|
|
|
|
|
2001-09-08 17:24:00 +02:00
|
|
|
/*
|
|
|
|
|
* createuser (superuser) and catupd
|
|
|
|
|
*
|
2001-10-25 07:50:21 +02:00
|
|
|
* XXX It's rather unclear how to handle catupd. It's probably best to
|
|
|
|
|
* keep it equal to the superuser status, otherwise you could end up
|
|
|
|
|
* with a situation where no existing superuser can alter the
|
|
|
|
|
* catalogs, including pg_shadow!
|
2001-09-08 17:24:00 +02:00
|
|
|
*/
|
2002-04-27 23:24:34 +02:00
|
|
|
if (createuser >= 0)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2001-07-11 00:09:29 +02:00
|
|
|
new_record[Anum_pg_shadow_usesuper - 1] = BoolGetDatum(createuser > 0);
|
2002-04-27 23:24:34 +02:00
|
|
|
new_record_repl[Anum_pg_shadow_usesuper - 1] = 'r';
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2001-09-08 17:24:00 +02:00
|
|
|
new_record[Anum_pg_shadow_usecatupd - 1] = BoolGetDatum(createuser > 0);
|
2002-04-27 23:24:34 +02:00
|
|
|
new_record_repl[Anum_pg_shadow_usecatupd - 1] = 'r';
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* password */
|
2001-07-11 00:09:29 +02:00
|
|
|
if (password)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2001-08-15 20:42:16 +02:00
|
|
|
if (!encrypt_password || isMD5(password))
|
|
|
|
|
new_record[Anum_pg_shadow_passwd - 1] =
|
|
|
|
|
DirectFunctionCall1(textin, CStringGetDatum(password));
|
|
|
|
|
else
|
|
|
|
|
{
|
2001-08-17 04:59:20 +02:00
|
|
|
if (!EncryptMD5(password, stmt->user, strlen(stmt->user),
|
2001-10-25 07:50:21 +02:00
|
|
|
encrypted_password))
|
2003-07-19 01:20:33 +02:00
|
|
|
elog(ERROR, "password encryption failed");
|
2001-08-15 20:42:16 +02:00
|
|
|
new_record[Anum_pg_shadow_passwd - 1] =
|
|
|
|
|
DirectFunctionCall1(textin, CStringGetDatum(encrypted_password));
|
|
|
|
|
}
|
2002-04-27 23:24:34 +02:00
|
|
|
new_record_repl[Anum_pg_shadow_passwd - 1] = 'r';
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* valid until */
|
2001-07-11 00:09:29 +02:00
|
|
|
if (validUntil)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2000-06-09 03:11:16 +02:00
|
|
|
new_record[Anum_pg_shadow_valuntil - 1] =
|
2003-05-13 01:08:52 +02:00
|
|
|
DirectFunctionCall1(abstimein, CStringGetDatum(validUntil));
|
2002-04-27 23:24:34 +02:00
|
|
|
new_record_repl[Anum_pg_shadow_valuntil - 1] = 'r';
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
2002-03-01 23:45:19 +01:00
|
|
|
|
2005-01-28 00:24:11 +01:00
|
|
|
new_tuple = heap_modifytuple(tuple, pg_shadow_dsc, new_record,
|
2002-04-27 23:24:34 +02:00
|
|
|
new_record_nulls, new_record_repl);
|
2001-01-23 05:32:23 +01:00
|
|
|
simple_heap_update(pg_shadow_rel, &tuple->t_self, new_tuple);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
|
|
|
|
/* Update indexes */
|
2002-08-05 05:29:17 +02:00
|
|
|
CatalogUpdateIndexes(pg_shadow_rel, new_tuple);
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2000-11-16 23:30:52 +01:00
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
heap_freetuple(new_tuple);
|
|
|
|
|
|
1999-09-18 21:08:25 +02:00
|
|
|
/*
|
2002-10-21 21:46:45 +02:00
|
|
|
* Now we can clean up; but keep lock until commit (to avoid possible
|
|
|
|
|
* deadlock when commit code tries to acquire lock).
|
1999-09-18 21:08:25 +02:00
|
|
|
*/
|
2002-04-04 06:25:54 +02:00
|
|
|
heap_close(pg_shadow_rel, NoLock);
|
1998-02-26 05:46:47 +01:00
|
|
|
|
1999-09-18 21:08:25 +02:00
|
|
|
/*
|
2002-10-21 21:46:45 +02:00
|
|
|
* Set flag to update flat password file at commit.
|
1999-09-18 21:08:25 +02:00
|
|
|
*/
|
2004-07-28 16:23:31 +02:00
|
|
|
user_file_update_needed();
|
1997-12-04 01:34:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2002-03-01 23:45:19 +01:00
|
|
|
/*
|
|
|
|
|
* ALTER USER ... SET
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
AlterUserSet(AlterUserSetStmt *stmt)
|
|
|
|
|
{
|
|
|
|
|
char *valuestr;
|
|
|
|
|
HeapTuple oldtuple,
|
|
|
|
|
newtuple;
|
|
|
|
|
Relation rel;
|
|
|
|
|
Datum repl_val[Natts_pg_shadow];
|
|
|
|
|
char repl_null[Natts_pg_shadow];
|
|
|
|
|
char repl_repl[Natts_pg_shadow];
|
|
|
|
|
int i;
|
|
|
|
|
|
2002-05-17 03:19:19 +02:00
|
|
|
valuestr = flatten_set_variable_args(stmt->variable, stmt->value);
|
2002-03-01 23:45:19 +01:00
|
|
|
|
2002-04-27 23:24:34 +02:00
|
|
|
/*
|
2002-09-04 22:31:48 +02:00
|
|
|
* RowExclusiveLock is sufficient, because we don't need to update the
|
|
|
|
|
* flat password file.
|
2002-04-27 23:24:34 +02:00
|
|
|
*/
|
2005-04-14 22:03:27 +02:00
|
|
|
rel = heap_open(ShadowRelationId, RowExclusiveLock);
|
2002-03-01 23:45:19 +01:00
|
|
|
oldtuple = SearchSysCache(SHADOWNAME,
|
|
|
|
|
PointerGetDatum(stmt->user),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(oldtuple))
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
|
errmsg("user \"%s\" does not exist", stmt->user)));
|
2002-03-01 23:45:19 +01:00
|
|
|
|
2004-05-06 18:59:16 +02:00
|
|
|
if (!(superuser() ||
|
2004-08-29 07:07:03 +02:00
|
|
|
((Form_pg_shadow) GETSTRUCT(oldtuple))->usesysid == GetUserId()))
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
|
errmsg("permission denied")));
|
2002-03-01 23:45:19 +01:00
|
|
|
|
|
|
|
|
for (i = 0; i < Natts_pg_shadow; i++)
|
|
|
|
|
repl_repl[i] = ' ';
|
|
|
|
|
|
2002-09-04 22:31:48 +02:00
|
|
|
repl_repl[Anum_pg_shadow_useconfig - 1] = 'r';
|
|
|
|
|
if (strcmp(stmt->variable, "all") == 0 && valuestr == NULL)
|
2002-12-02 06:20:47 +01:00
|
|
|
{
|
2002-03-01 23:45:19 +01:00
|
|
|
/* RESET ALL */
|
2002-09-04 22:31:48 +02:00
|
|
|
repl_null[Anum_pg_shadow_useconfig - 1] = 'n';
|
2002-12-02 06:20:47 +01:00
|
|
|
}
|
2002-03-01 23:45:19 +01:00
|
|
|
else
|
|
|
|
|
{
|
2002-09-04 22:31:48 +02:00
|
|
|
Datum datum;
|
|
|
|
|
bool isnull;
|
|
|
|
|
ArrayType *array;
|
2002-03-01 23:45:19 +01:00
|
|
|
|
2002-09-04 22:31:48 +02:00
|
|
|
repl_null[Anum_pg_shadow_useconfig - 1] = ' ';
|
2002-03-01 23:45:19 +01:00
|
|
|
|
|
|
|
|
datum = SysCacheGetAttr(SHADOWNAME, oldtuple,
|
|
|
|
|
Anum_pg_shadow_useconfig, &isnull);
|
|
|
|
|
|
2004-01-07 19:56:30 +01:00
|
|
|
array = isnull ? NULL : DatumGetArrayTypeP(datum);
|
2002-04-27 23:24:34 +02:00
|
|
|
|
2002-03-01 23:45:19 +01:00
|
|
|
if (valuestr)
|
2002-04-27 23:24:34 +02:00
|
|
|
array = GUCArrayAdd(array, stmt->variable, valuestr);
|
2002-03-01 23:45:19 +01:00
|
|
|
else
|
2002-04-27 23:24:34 +02:00
|
|
|
array = GUCArrayDelete(array, stmt->variable);
|
2002-03-01 23:45:19 +01:00
|
|
|
|
2002-12-02 06:20:47 +01:00
|
|
|
if (array)
|
|
|
|
|
repl_val[Anum_pg_shadow_useconfig - 1] = PointerGetDatum(array);
|
|
|
|
|
else
|
|
|
|
|
repl_null[Anum_pg_shadow_useconfig - 1] = 'n';
|
2002-03-01 23:45:19 +01:00
|
|
|
}
|
|
|
|
|
|
2005-01-28 00:24:11 +01:00
|
|
|
newtuple = heap_modifytuple(oldtuple, RelationGetDescr(rel), repl_val, repl_null, repl_repl);
|
2002-03-01 23:45:19 +01:00
|
|
|
simple_heap_update(rel, &oldtuple->t_self, newtuple);
|
|
|
|
|
|
2002-08-05 05:29:17 +02:00
|
|
|
CatalogUpdateIndexes(rel, newtuple);
|
2002-03-01 23:45:19 +01:00
|
|
|
|
|
|
|
|
ReleaseSysCache(oldtuple);
|
|
|
|
|
heap_close(rel, RowExclusiveLock);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2000-01-14 23:11:38 +01:00
|
|
|
/*
|
|
|
|
|
* DROP USER
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
DropUser(DropUserStmt *stmt)
|
1998-02-26 05:46:47 +01:00
|
|
|
{
|
2000-01-14 23:11:38 +01:00
|
|
|
Relation pg_shadow_rel;
|
|
|
|
|
TupleDesc pg_shadow_dsc;
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *item;
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
if (!superuser())
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2003-08-01 02:15:26 +02:00
|
|
|
errmsg("must be superuser to drop users")));
|
1998-02-26 05:46:47 +01:00
|
|
|
|
|
|
|
|
/*
|
1999-09-18 21:08:25 +02:00
|
|
|
* Scan the pg_shadow relation to find the usesysid of the user to be
|
|
|
|
|
* deleted. Note we secure exclusive lock, because we need to protect
|
|
|
|
|
* our update of the flat password file.
|
1998-02-26 05:46:47 +01:00
|
|
|
*/
|
2005-04-14 22:03:27 +02:00
|
|
|
pg_shadow_rel = heap_open(ShadowRelationId, ExclusiveLock);
|
2000-01-14 23:11:38 +01:00
|
|
|
pg_shadow_dsc = RelationGetDescr(pg_shadow_rel);
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
foreach(item, stmt->users)
|
|
|
|
|
{
|
2002-04-27 23:24:34 +02:00
|
|
|
const char *user = strVal(lfirst(item));
|
2000-04-12 19:17:23 +02:00
|
|
|
HeapTuple tuple,
|
|
|
|
|
tmp_tuple;
|
|
|
|
|
Relation pg_rel;
|
|
|
|
|
TupleDesc pg_dsc;
|
|
|
|
|
ScanKeyData scankey;
|
|
|
|
|
HeapScanDesc scan;
|
2002-12-05 05:04:51 +01:00
|
|
|
AclId usesysid;
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2000-11-16 23:30:52 +01:00
|
|
|
tuple = SearchSysCache(SHADOWNAME,
|
|
|
|
|
PointerGetDatum(user),
|
|
|
|
|
0, 0, 0);
|
2000-04-12 19:17:23 +02:00
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
|
errmsg("user \"%s\" does not exist", user)));
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2002-04-27 23:24:34 +02:00
|
|
|
usesysid = ((Form_pg_shadow) GETSTRUCT(tuple))->usesysid;
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2001-09-08 17:24:00 +02:00
|
|
|
if (usesysid == GetUserId())
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_OBJECT_IN_USE),
|
|
|
|
|
errmsg("current user cannot be dropped")));
|
2001-09-08 17:24:00 +02:00
|
|
|
if (usesysid == GetSessionUserId())
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_OBJECT_IN_USE),
|
|
|
|
|
errmsg("session user cannot be dropped")));
|
2001-09-08 17:24:00 +02:00
|
|
|
|
2001-03-22 07:16:21 +01:00
|
|
|
/*
|
2000-04-12 19:17:23 +02:00
|
|
|
* Check if user still owns a database. If so, error out.
|
|
|
|
|
*
|
2001-03-22 07:16:21 +01:00
|
|
|
* (It used to be that this function would drop the database
|
|
|
|
|
* automatically. This is not only very dangerous for people that
|
|
|
|
|
* don't read the manual, it doesn't seem to be the behaviour one
|
|
|
|
|
* would expect either.) -- petere 2000/01/14)
|
|
|
|
|
*/
|
2005-04-14 22:03:27 +02:00
|
|
|
pg_rel = heap_open(DatabaseRelationId, AccessShareLock);
|
2000-04-12 19:17:23 +02:00
|
|
|
pg_dsc = RelationGetDescr(pg_rel);
|
|
|
|
|
|
2003-11-12 22:15:59 +01:00
|
|
|
ScanKeyInit(&scankey,
|
|
|
|
|
Anum_pg_database_datdba,
|
|
|
|
|
BTEqualStrategyNumber, F_INT4EQ,
|
|
|
|
|
Int32GetDatum(usesysid));
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2002-05-21 01:51:44 +02:00
|
|
|
scan = heap_beginscan(pg_rel, SnapshotNow, 1, &scankey);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2002-05-21 01:51:44 +02:00
|
|
|
if ((tmp_tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
2001-10-25 07:50:21 +02:00
|
|
|
char *dbname;
|
2001-06-12 07:55:50 +02:00
|
|
|
|
2002-04-27 23:24:34 +02:00
|
|
|
dbname = NameStr(((Form_pg_database) GETSTRUCT(tmp_tuple))->datname);
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_OBJECT_IN_USE),
|
|
|
|
|
errmsg("user \"%s\" cannot be dropped", user),
|
2003-08-04 02:43:34 +02:00
|
|
|
errdetail("The user owns database \"%s\".", dbname)));
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
heap_endscan(scan);
|
2001-06-12 07:55:50 +02:00
|
|
|
heap_close(pg_rel, AccessShareLock);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Somehow we'd have to check for tables, views, etc. owned by the
|
|
|
|
|
* user as well, but those could be spread out over all sorts of
|
|
|
|
|
* databases which we don't have access to (easily).
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Remove the user from the pg_shadow table
|
|
|
|
|
*/
|
2001-01-23 05:32:23 +01:00
|
|
|
simple_heap_delete(pg_shadow_rel, &tuple->t_self);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2000-11-16 23:30:52 +01:00
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
|
|
|
|
* Remove user from groups
|
|
|
|
|
*
|
|
|
|
|
* try calling alter group drop user for every group
|
|
|
|
|
*/
|
2005-04-14 22:03:27 +02:00
|
|
|
pg_rel = heap_open(GroupRelationId, ExclusiveLock);
|
2000-04-12 19:17:23 +02:00
|
|
|
pg_dsc = RelationGetDescr(pg_rel);
|
2002-05-21 01:51:44 +02:00
|
|
|
scan = heap_beginscan(pg_rel, SnapshotNow, 0, NULL);
|
|
|
|
|
while ((tmp_tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
|
|
|
|
AlterGroupStmt ags;
|
|
|
|
|
|
2000-08-03 18:35:08 +02:00
|
|
|
/* the group name from which to try to drop the user: */
|
2002-04-27 23:24:34 +02:00
|
|
|
ags.name = pstrdup(NameStr(((Form_pg_group) GETSTRUCT(tmp_tuple))->groname));
|
2000-04-12 19:17:23 +02:00
|
|
|
ags.action = -1;
|
2004-05-26 06:41:50 +02:00
|
|
|
ags.listUsers = list_make1(makeInteger(usesysid));
|
2000-04-12 19:17:23 +02:00
|
|
|
AlterGroup(&ags, "DROP USER");
|
|
|
|
|
}
|
|
|
|
|
heap_endscan(scan);
|
2001-06-12 07:55:50 +02:00
|
|
|
heap_close(pg_rel, ExclusiveLock);
|
2001-03-22 05:01:46 +01:00
|
|
|
|
2000-10-19 05:55:51 +02:00
|
|
|
/*
|
|
|
|
|
* Advance command counter so that later iterations of this loop
|
|
|
|
|
* will see the changes already made. This is essential if, for
|
|
|
|
|
* example, we are trying to drop two users who are members of the
|
|
|
|
|
* same group --- the AlterGroup for the second user had better
|
|
|
|
|
* see the tuple updated from the first one.
|
|
|
|
|
*/
|
|
|
|
|
CommandCounterIncrement();
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
1998-02-26 05:46:47 +01:00
|
|
|
|
1999-09-18 21:08:25 +02:00
|
|
|
/*
|
2002-10-21 21:46:45 +02:00
|
|
|
* Now we can clean up; but keep lock until commit (to avoid possible
|
|
|
|
|
* deadlock when commit code tries to acquire lock).
|
1999-09-18 21:08:25 +02:00
|
|
|
*/
|
2002-04-04 06:25:54 +02:00
|
|
|
heap_close(pg_shadow_rel, NoLock);
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
2002-10-21 21:46:45 +02:00
|
|
|
* Set flag to update flat password file at commit.
|
2000-04-12 19:17:23 +02:00
|
|
|
*/
|
2004-07-28 16:23:31 +02:00
|
|
|
user_file_update_needed();
|
1997-12-04 01:34:01 +01:00
|
|
|
}
|
1998-02-19 18:20:01 +01:00
|
|
|
|
2000-01-14 23:11:38 +01:00
|
|
|
|
2003-06-27 16:45:32 +02:00
|
|
|
/*
|
|
|
|
|
* Rename user
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
RenameUser(const char *oldname, const char *newname)
|
|
|
|
|
{
|
2004-05-06 18:59:16 +02:00
|
|
|
HeapTuple oldtuple,
|
|
|
|
|
newtuple;
|
|
|
|
|
TupleDesc dsc;
|
2003-06-27 16:45:32 +02:00
|
|
|
Relation rel;
|
2004-05-06 18:59:16 +02:00
|
|
|
Datum datum;
|
|
|
|
|
bool isnull;
|
|
|
|
|
Datum repl_val[Natts_pg_shadow];
|
|
|
|
|
char repl_null[Natts_pg_shadow];
|
|
|
|
|
char repl_repl[Natts_pg_shadow];
|
|
|
|
|
int i;
|
2004-08-29 07:07:03 +02:00
|
|
|
|
2003-06-27 16:45:32 +02:00
|
|
|
/* ExclusiveLock because we need to update the password file */
|
2005-04-14 22:03:27 +02:00
|
|
|
rel = heap_open(ShadowRelationId, ExclusiveLock);
|
2004-05-06 18:59:16 +02:00
|
|
|
dsc = RelationGetDescr(rel);
|
2003-06-27 16:45:32 +02:00
|
|
|
|
2004-05-06 18:59:16 +02:00
|
|
|
oldtuple = SearchSysCache(SHADOWNAME,
|
2004-08-29 07:07:03 +02:00
|
|
|
CStringGetDatum(oldname),
|
|
|
|
|
0, 0, 0);
|
2004-05-06 18:59:16 +02:00
|
|
|
if (!HeapTupleIsValid(oldtuple))
|
2003-06-27 16:45:32 +02:00
|
|
|
ereport(ERROR,
|
2003-07-19 01:20:33 +02:00
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
2003-06-27 16:45:32 +02:00
|
|
|
errmsg("user \"%s\" does not exist", oldname)));
|
|
|
|
|
|
|
|
|
|
/*
|
2003-08-04 02:43:34 +02:00
|
|
|
* XXX Client applications probably store the session user somewhere,
|
|
|
|
|
* so renaming it could cause confusion. On the other hand, there may
|
|
|
|
|
* not be an actual problem besides a little confusion, so think about
|
|
|
|
|
* this and decide.
|
2003-06-27 16:45:32 +02:00
|
|
|
*/
|
2004-05-06 18:59:16 +02:00
|
|
|
if (((Form_pg_shadow) GETSTRUCT(oldtuple))->usesysid == GetSessionUserId())
|
2003-06-27 16:45:32 +02:00
|
|
|
ereport(ERROR,
|
2003-07-19 01:20:33 +02:00
|
|
|
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
|
2003-06-27 16:45:32 +02:00
|
|
|
errmsg("session user may not be renamed")));
|
|
|
|
|
|
|
|
|
|
/* make sure the new name doesn't exist */
|
|
|
|
|
if (SearchSysCacheExists(SHADOWNAME,
|
|
|
|
|
CStringGetDatum(newname),
|
|
|
|
|
0, 0, 0))
|
|
|
|
|
ereport(ERROR,
|
2003-07-19 01:20:33 +02:00
|
|
|
(errcode(ERRCODE_DUPLICATE_OBJECT),
|
2003-06-27 16:45:32 +02:00
|
|
|
errmsg("user \"%s\" already exists", newname)));
|
|
|
|
|
|
|
|
|
|
/* must be superuser */
|
|
|
|
|
if (!superuser())
|
|
|
|
|
ereport(ERROR,
|
2003-07-19 01:20:33 +02:00
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2003-08-01 02:15:26 +02:00
|
|
|
errmsg("must be superuser to rename users")));
|
2003-06-27 16:45:32 +02:00
|
|
|
|
2004-05-06 18:59:16 +02:00
|
|
|
for (i = 0; i < Natts_pg_shadow; i++)
|
|
|
|
|
repl_repl[i] = ' ';
|
|
|
|
|
|
|
|
|
|
repl_repl[Anum_pg_shadow_usename - 1] = 'r';
|
|
|
|
|
repl_val[Anum_pg_shadow_usename - 1] = DirectFunctionCall1(namein,
|
2004-08-29 07:07:03 +02:00
|
|
|
CStringGetDatum(newname));
|
2004-05-06 18:59:16 +02:00
|
|
|
repl_null[Anum_pg_shadow_usename - 1] = ' ';
|
|
|
|
|
|
|
|
|
|
datum = heap_getattr(oldtuple, Anum_pg_shadow_passwd, dsc, &isnull);
|
|
|
|
|
|
|
|
|
|
if (!isnull && isMD5(DatumGetCString(DirectFunctionCall1(textout, datum))))
|
|
|
|
|
{
|
|
|
|
|
/* MD5 uses the username as salt, so just clear it on a rename */
|
|
|
|
|
repl_repl[Anum_pg_shadow_passwd - 1] = 'r';
|
|
|
|
|
repl_null[Anum_pg_shadow_passwd - 1] = 'n';
|
2004-08-29 07:07:03 +02:00
|
|
|
|
2004-05-06 18:59:16 +02:00
|
|
|
ereport(NOTICE,
|
2004-08-29 07:07:03 +02:00
|
|
|
(errmsg("MD5 password cleared because of user rename")));
|
2004-05-06 18:59:16 +02:00
|
|
|
}
|
2004-08-29 07:07:03 +02:00
|
|
|
|
2005-01-28 00:24:11 +01:00
|
|
|
newtuple = heap_modifytuple(oldtuple, dsc, repl_val, repl_null, repl_repl);
|
2004-05-06 18:59:16 +02:00
|
|
|
simple_heap_update(rel, &oldtuple->t_self, newtuple);
|
2004-08-29 07:07:03 +02:00
|
|
|
|
2004-05-06 18:59:16 +02:00
|
|
|
CatalogUpdateIndexes(rel, newtuple);
|
2003-06-27 16:45:32 +02:00
|
|
|
|
2004-05-06 18:59:16 +02:00
|
|
|
ReleaseSysCache(oldtuple);
|
2003-06-27 16:45:32 +02:00
|
|
|
heap_close(rel, NoLock);
|
|
|
|
|
|
2004-07-28 16:23:31 +02:00
|
|
|
user_file_update_needed();
|
2003-06-27 16:45:32 +02:00
|
|
|
}
|
|
|
|
|
|
2000-01-14 23:11:38 +01:00
|
|
|
|
1998-02-19 18:20:01 +01:00
|
|
|
/*
|
|
|
|
|
* CheckPgUserAclNotNull
|
|
|
|
|
*
|
1998-02-25 14:09:49 +01:00
|
|
|
* check to see if there is an ACL on pg_shadow
|
1998-02-19 18:20:01 +01:00
|
|
|
*/
|
1998-02-26 05:46:47 +01:00
|
|
|
static void
|
2002-03-26 20:17:02 +01:00
|
|
|
CheckPgUserAclNotNull(void)
|
1998-02-19 18:20:01 +01:00
|
|
|
{
|
1998-08-19 04:04:17 +02:00
|
|
|
HeapTuple htup;
|
1998-02-19 18:20:01 +01:00
|
|
|
|
2002-03-26 20:17:02 +01:00
|
|
|
htup = SearchSysCache(RELOID,
|
2005-04-14 03:38:22 +02:00
|
|
|
ObjectIdGetDatum(ShadowRelationId),
|
2000-11-16 23:30:52 +01:00
|
|
|
0, 0, 0);
|
2003-08-04 02:43:34 +02:00
|
|
|
if (!HeapTupleIsValid(htup)) /* should not happen, we hope */
|
2005-04-14 03:38:22 +02:00
|
|
|
elog(ERROR, "cache lookup failed for relation %u", ShadowRelationId);
|
1998-02-19 18:20:01 +01:00
|
|
|
|
1998-08-19 04:04:17 +02:00
|
|
|
if (heap_attisnull(htup, Anum_pg_class_relacl))
|
2005-04-14 22:03:27 +02:00
|
|
|
{
|
|
|
|
|
Form_pg_class classForm = (Form_pg_class) GETSTRUCT(htup);
|
|
|
|
|
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2005-04-14 22:03:27 +02:00
|
|
|
errmsg("before using passwords you must revoke privileges on %s",
|
|
|
|
|
NameStr(classForm->relname)),
|
2003-07-19 01:20:33 +02:00
|
|
|
errdetail("This restriction is to prevent unprivileged users from reading the passwords."),
|
2003-09-25 08:58:07 +02:00
|
|
|
errhint("Try REVOKE ALL ON \"%s\" FROM PUBLIC.",
|
2005-04-14 22:03:27 +02:00
|
|
|
NameStr(classForm->relname))));
|
|
|
|
|
}
|
2000-11-16 23:30:52 +01:00
|
|
|
|
|
|
|
|
ReleaseSysCache(htup);
|
1998-02-19 18:20:01 +01:00
|
|
|
}
|
1999-12-16 18:24:19 +01:00
|
|
|
|
|
|
|
|
|
2000-01-14 23:11:38 +01:00
|
|
|
/*
|
|
|
|
|
* CREATE GROUP
|
|
|
|
|
*/
|
1999-12-16 18:24:19 +01:00
|
|
|
void
|
2000-01-14 23:11:38 +01:00
|
|
|
CreateGroup(CreateGroupStmt *stmt)
|
1999-12-16 18:24:19 +01:00
|
|
|
{
|
|
|
|
|
Relation pg_group_rel;
|
|
|
|
|
HeapScanDesc scan;
|
|
|
|
|
HeapTuple tuple;
|
2000-04-12 19:17:23 +02:00
|
|
|
TupleDesc pg_group_dsc;
|
|
|
|
|
bool group_exists = false,
|
2001-07-12 20:03:00 +02:00
|
|
|
sysid_exists = false,
|
|
|
|
|
havesysid = false;
|
2001-09-08 17:24:00 +02:00
|
|
|
int max_id;
|
2000-04-12 19:17:23 +02:00
|
|
|
Datum new_record[Natts_pg_group];
|
|
|
|
|
char new_record_nulls[Natts_pg_group];
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *item;
|
|
|
|
|
ListCell *option;
|
|
|
|
|
List *newlist = NIL;
|
2002-04-28 02:36:38 +02:00
|
|
|
IdList *grolist;
|
2001-08-15 20:42:16 +02:00
|
|
|
int sysid = 0;
|
|
|
|
|
List *userElts = NIL;
|
|
|
|
|
DefElem *dsysid = NULL;
|
|
|
|
|
DefElem *duserElts = NULL;
|
2001-07-12 20:03:00 +02:00
|
|
|
|
|
|
|
|
foreach(option, stmt->options)
|
|
|
|
|
{
|
2001-10-25 07:50:21 +02:00
|
|
|
DefElem *defel = (DefElem *) lfirst(option);
|
2001-07-12 20:03:00 +02:00
|
|
|
|
2001-10-25 07:50:21 +02:00
|
|
|
if (strcmp(defel->defname, "sysid") == 0)
|
|
|
|
|
{
|
2001-08-15 20:42:16 +02:00
|
|
|
if (dsysid)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2001-08-15 20:42:16 +02:00
|
|
|
dsysid = defel;
|
|
|
|
|
}
|
2001-10-25 07:50:21 +02:00
|
|
|
else if (strcmp(defel->defname, "userElts") == 0)
|
|
|
|
|
{
|
2001-08-15 20:42:16 +02:00
|
|
|
if (duserElts)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_SYNTAX_ERROR),
|
|
|
|
|
errmsg("conflicting or redundant options")));
|
2001-08-15 20:42:16 +02:00
|
|
|
duserElts = defel;
|
|
|
|
|
}
|
|
|
|
|
else
|
2003-07-19 01:20:33 +02:00
|
|
|
elog(ERROR, "option \"%s\" not recognized",
|
2001-08-15 20:42:16 +02:00
|
|
|
defel->defname);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (dsysid)
|
2001-07-12 20:03:00 +02:00
|
|
|
{
|
|
|
|
|
sysid = intVal(dsysid->arg);
|
2001-09-08 17:24:00 +02:00
|
|
|
if (sysid <= 0)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
|
2003-09-25 08:58:07 +02:00
|
|
|
errmsg("group ID must be positive")));
|
2001-07-12 20:03:00 +02:00
|
|
|
havesysid = true;
|
|
|
|
|
}
|
|
|
|
|
|
2001-08-15 20:42:16 +02:00
|
|
|
if (duserElts)
|
2001-07-12 20:03:00 +02:00
|
|
|
userElts = (List *) duserElts->arg;
|
1999-12-16 18:24:19 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Make sure the user can do this.
|
|
|
|
|
*/
|
2000-01-14 23:11:38 +01:00
|
|
|
if (!superuser())
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2003-08-01 02:15:26 +02:00
|
|
|
errmsg("must be superuser to create groups")));
|
2000-01-14 23:11:38 +01:00
|
|
|
|
2002-04-18 23:16:16 +02:00
|
|
|
if (strcmp(stmt->name, "public") == 0)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_RESERVED_NAME),
|
|
|
|
|
errmsg("group name \"%s\" is reserved",
|
|
|
|
|
stmt->name)));
|
2002-04-18 23:16:16 +02:00
|
|
|
|
2002-10-21 21:46:45 +02:00
|
|
|
/*
|
|
|
|
|
* Scan the pg_group relation to be certain the group or id doesn't
|
|
|
|
|
* already exist. Note we secure exclusive lock, because we also need
|
|
|
|
|
* to be sure of what the next grosysid should be, and we need to
|
|
|
|
|
* protect our eventual update of the flat group file.
|
|
|
|
|
*/
|
2005-04-14 22:03:27 +02:00
|
|
|
pg_group_rel = heap_open(GroupRelationId, ExclusiveLock);
|
1999-12-16 18:24:19 +01:00
|
|
|
pg_group_dsc = RelationGetDescr(pg_group_rel);
|
|
|
|
|
|
2002-05-21 01:51:44 +02:00
|
|
|
scan = heap_beginscan(pg_group_rel, SnapshotNow, 0, NULL);
|
2001-09-08 17:24:00 +02:00
|
|
|
max_id = 99; /* start auto-assigned ids at 100 */
|
2001-06-12 07:55:50 +02:00
|
|
|
while (!group_exists && !sysid_exists &&
|
2002-05-21 01:51:44 +02:00
|
|
|
(tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
|
1999-12-16 18:24:19 +01:00
|
|
|
{
|
2002-04-27 23:24:34 +02:00
|
|
|
Form_pg_group group_form = (Form_pg_group) GETSTRUCT(tuple);
|
|
|
|
|
int32 this_sysid;
|
1999-12-16 18:24:19 +01:00
|
|
|
|
2002-04-27 23:24:34 +02:00
|
|
|
group_exists = (strcmp(NameStr(group_form->groname), stmt->name) == 0);
|
1999-12-16 18:24:19 +01:00
|
|
|
|
2002-04-27 23:24:34 +02:00
|
|
|
this_sysid = group_form->grosysid;
|
2001-10-25 07:50:21 +02:00
|
|
|
if (havesysid) /* customized id wanted */
|
2002-04-27 23:24:34 +02:00
|
|
|
sysid_exists = (this_sysid == sysid);
|
2000-04-12 19:17:23 +02:00
|
|
|
else
|
|
|
|
|
{
|
2001-06-12 07:55:50 +02:00
|
|
|
/* pick 1 + max */
|
2002-04-27 23:24:34 +02:00
|
|
|
if (this_sysid > max_id)
|
|
|
|
|
max_id = this_sysid;
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
1999-12-16 18:24:19 +01:00
|
|
|
}
|
|
|
|
|
heap_endscan(scan);
|
|
|
|
|
|
2001-06-12 07:55:50 +02:00
|
|
|
if (group_exists)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_DUPLICATE_OBJECT),
|
|
|
|
|
errmsg("group \"%s\" already exists",
|
|
|
|
|
stmt->name)));
|
2001-06-12 07:55:50 +02:00
|
|
|
if (sysid_exists)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_DUPLICATE_OBJECT),
|
2003-10-02 08:36:37 +02:00
|
|
|
errmsg("group ID %d is already assigned", sysid)));
|
1999-12-16 18:24:19 +01:00
|
|
|
|
2003-07-19 01:20:33 +02:00
|
|
|
/* If no sysid given, use max existing id + 1 */
|
2002-04-27 23:24:34 +02:00
|
|
|
if (!havesysid)
|
|
|
|
|
sysid = max_id + 1;
|
|
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
|
|
|
|
* Translate the given user names to ids
|
|
|
|
|
*/
|
2001-07-12 20:03:00 +02:00
|
|
|
foreach(item, userElts)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
|
|
|
|
const char *groupuser = strVal(lfirst(item));
|
2002-04-27 23:24:34 +02:00
|
|
|
int32 userid = get_usesysid(groupuser);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2004-05-26 06:41:50 +02:00
|
|
|
if (!list_member_int(newlist, userid))
|
|
|
|
|
newlist = lappend_int(newlist, userid);
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* build an array to insert */
|
|
|
|
|
if (newlist)
|
2002-04-28 02:36:38 +02:00
|
|
|
grolist = IdListToArray(newlist);
|
2000-04-12 19:17:23 +02:00
|
|
|
else
|
2002-04-28 02:36:38 +02:00
|
|
|
grolist = NULL;
|
2000-04-12 19:17:23 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Form a tuple to insert
|
|
|
|
|
*/
|
2001-07-11 00:09:29 +02:00
|
|
|
new_record[Anum_pg_group_groname - 1] =
|
|
|
|
|
DirectFunctionCall1(namein, CStringGetDatum(stmt->name));
|
2001-07-12 20:03:00 +02:00
|
|
|
new_record[Anum_pg_group_grosysid - 1] = Int32GetDatum(sysid);
|
2002-04-28 02:36:38 +02:00
|
|
|
new_record[Anum_pg_group_grolist - 1] = PointerGetDatum(grolist);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
|
|
|
|
new_record_nulls[Anum_pg_group_groname - 1] = ' ';
|
|
|
|
|
new_record_nulls[Anum_pg_group_grosysid - 1] = ' ';
|
2002-04-28 02:36:38 +02:00
|
|
|
new_record_nulls[Anum_pg_group_grolist - 1] = grolist ? ' ' : 'n';
|
2000-04-12 19:17:23 +02:00
|
|
|
|
|
|
|
|
tuple = heap_formtuple(pg_group_dsc, new_record, new_record_nulls);
|
|
|
|
|
|
|
|
|
|
/*
|
2002-05-22 00:05:55 +02:00
|
|
|
* Insert a new record in the pg_group table
|
2000-04-12 19:17:23 +02:00
|
|
|
*/
|
2002-05-22 00:05:55 +02:00
|
|
|
simple_heap_insert(pg_group_rel, tuple);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2002-08-05 05:29:17 +02:00
|
|
|
/* Update indexes */
|
|
|
|
|
CatalogUpdateIndexes(pg_group_rel, tuple);
|
1999-12-16 18:24:19 +01:00
|
|
|
|
2002-10-21 21:46:45 +02:00
|
|
|
/*
|
|
|
|
|
* Now we can clean up; but keep lock until commit (to avoid possible
|
|
|
|
|
* deadlock when commit code tries to acquire lock).
|
|
|
|
|
*/
|
2001-06-12 07:55:50 +02:00
|
|
|
heap_close(pg_group_rel, NoLock);
|
2002-04-04 06:25:54 +02:00
|
|
|
|
|
|
|
|
/*
|
2002-10-21 21:46:45 +02:00
|
|
|
* Set flag to update flat group file at commit.
|
2002-04-04 06:25:54 +02:00
|
|
|
*/
|
2004-07-28 16:23:31 +02:00
|
|
|
group_file_update_needed();
|
1999-12-16 18:24:19 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2000-01-14 23:11:38 +01:00
|
|
|
/*
|
|
|
|
|
* ALTER GROUP
|
|
|
|
|
*/
|
1999-12-16 18:24:19 +01:00
|
|
|
void
|
2000-04-12 19:17:23 +02:00
|
|
|
AlterGroup(AlterGroupStmt *stmt, const char *tag)
|
1999-12-16 18:24:19 +01:00
|
|
|
{
|
|
|
|
|
Relation pg_group_rel;
|
2000-04-12 19:17:23 +02:00
|
|
|
TupleDesc pg_group_dsc;
|
|
|
|
|
HeapTuple group_tuple;
|
2002-04-27 23:24:34 +02:00
|
|
|
IdList *oldarray;
|
|
|
|
|
Datum datum;
|
|
|
|
|
bool null;
|
2004-05-26 06:41:50 +02:00
|
|
|
List *newlist;
|
|
|
|
|
ListCell *item;
|
1999-12-16 18:24:19 +01:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
1999-12-16 18:24:19 +01:00
|
|
|
* Make sure the user can do this.
|
|
|
|
|
*/
|
2000-01-14 23:11:38 +01:00
|
|
|
if (!superuser())
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2003-08-01 02:15:26 +02:00
|
|
|
errmsg("must be superuser to alter groups")));
|
2000-01-14 23:11:38 +01:00
|
|
|
|
2002-10-21 21:46:45 +02:00
|
|
|
/*
|
|
|
|
|
* Secure exclusive lock to protect our update of the flat group file.
|
|
|
|
|
*/
|
2005-04-14 22:03:27 +02:00
|
|
|
pg_group_rel = heap_open(GroupRelationId, ExclusiveLock);
|
2000-04-12 19:17:23 +02:00
|
|
|
pg_group_dsc = RelationGetDescr(pg_group_rel);
|
1999-12-16 18:24:19 +01:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
2000-11-16 23:30:52 +01:00
|
|
|
* Fetch existing tuple for group.
|
2000-04-12 19:17:23 +02:00
|
|
|
*/
|
2000-11-16 23:30:52 +01:00
|
|
|
group_tuple = SearchSysCache(GRONAME,
|
|
|
|
|
PointerGetDatum(stmt->name),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(group_tuple))
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
|
errmsg("group \"%s\" does not exist", stmt->name)));
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2002-04-27 23:24:34 +02:00
|
|
|
/* Fetch old group membership. */
|
|
|
|
|
datum = heap_getattr(group_tuple, Anum_pg_group_grolist,
|
|
|
|
|
pg_group_dsc, &null);
|
2004-01-07 19:56:30 +01:00
|
|
|
oldarray = null ? NULL : DatumGetIdListP(datum);
|
2002-04-27 23:24:34 +02:00
|
|
|
|
|
|
|
|
/* initialize list with old array contents */
|
|
|
|
|
newlist = IdArrayToList(oldarray);
|
|
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
|
|
|
|
* Now decide what to do.
|
|
|
|
|
*/
|
2000-11-16 23:30:52 +01:00
|
|
|
AssertState(stmt->action == +1 || stmt->action == -1);
|
|
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
if (stmt->action == +1) /* add users, might also be invoked by
|
|
|
|
|
* create user */
|
|
|
|
|
{
|
|
|
|
|
/*
|
2002-09-04 22:31:48 +02:00
|
|
|
* convert the to be added usernames to sysids and add them to the
|
|
|
|
|
* list
|
2000-04-12 19:17:23 +02:00
|
|
|
*/
|
|
|
|
|
foreach(item, stmt->listUsers)
|
|
|
|
|
{
|
2002-09-04 22:31:48 +02:00
|
|
|
int32 sysid;
|
2000-04-12 19:17:23 +02:00
|
|
|
|
|
|
|
|
if (strcmp(tag, "ALTER GROUP") == 0)
|
|
|
|
|
{
|
|
|
|
|
/* Get the uid of the proposed user to add. */
|
2002-04-27 23:24:34 +02:00
|
|
|
sysid = get_usesysid(strVal(lfirst(item)));
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
|
|
|
|
else if (strcmp(tag, "CREATE USER") == 0)
|
2000-02-15 19:17:33 +01:00
|
|
|
{
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
|
|
|
|
* in this case we already know the uid and it wouldn't be
|
|
|
|
|
* in the cache anyway yet
|
|
|
|
|
*/
|
2002-04-27 23:24:34 +02:00
|
|
|
sysid = intVal(lfirst(item));
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2003-07-19 01:20:33 +02:00
|
|
|
elog(ERROR, "unexpected tag: \"%s\"", tag);
|
2002-04-27 23:24:34 +02:00
|
|
|
sysid = 0; /* keep compiler quiet */
|
2000-02-15 19:17:33 +01:00
|
|
|
}
|
2000-01-14 23:11:38 +01:00
|
|
|
|
2004-05-26 06:41:50 +02:00
|
|
|
if (!list_member_int(newlist, sysid))
|
|
|
|
|
newlist = lappend_int(newlist, sysid);
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
|
|
|
|
|
2002-04-27 23:24:34 +02:00
|
|
|
/* Do the update */
|
|
|
|
|
UpdateGroupMembership(pg_group_rel, group_tuple, newlist);
|
2000-04-12 19:17:23 +02:00
|
|
|
} /* endif alter group add user */
|
|
|
|
|
|
2001-10-28 07:26:15 +01:00
|
|
|
else if (stmt->action == -1) /* drop users from group */
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
|
|
|
|
bool is_dropuser = strcmp(tag, "DROP USER") == 0;
|
|
|
|
|
|
2002-04-27 23:24:34 +02:00
|
|
|
if (newlist == NIL)
|
2000-04-12 19:17:23 +02:00
|
|
|
{
|
|
|
|
|
if (!is_dropuser)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING),
|
|
|
|
|
errmsg("group \"%s\" does not have any members",
|
|
|
|
|
stmt->name)));
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/*
|
2002-09-04 22:31:48 +02:00
|
|
|
* convert the to be dropped usernames to sysids and remove
|
|
|
|
|
* them from the list
|
2000-04-12 19:17:23 +02:00
|
|
|
*/
|
|
|
|
|
foreach(item, stmt->listUsers)
|
|
|
|
|
{
|
2002-04-27 23:24:34 +02:00
|
|
|
int32 sysid;
|
2000-04-12 19:17:23 +02:00
|
|
|
|
|
|
|
|
if (!is_dropuser)
|
|
|
|
|
{
|
|
|
|
|
/* Get the uid of the proposed user to drop. */
|
2002-04-27 23:24:34 +02:00
|
|
|
sysid = get_usesysid(strVal(lfirst(item)));
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* for dropuser we already know the uid */
|
2002-04-27 23:24:34 +02:00
|
|
|
sysid = intVal(lfirst(item));
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
2004-05-26 06:41:50 +02:00
|
|
|
if (list_member_int(newlist, sysid))
|
|
|
|
|
newlist = list_delete_int(newlist, sysid);
|
2000-04-12 19:17:23 +02:00
|
|
|
else if (!is_dropuser)
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(WARNING,
|
|
|
|
|
(errcode(ERRCODE_WARNING),
|
|
|
|
|
errmsg("user \"%s\" is not in group \"%s\"",
|
|
|
|
|
strVal(lfirst(item)), stmt->name)));
|
2000-04-12 19:17:23 +02:00
|
|
|
}
|
|
|
|
|
|
2002-04-27 23:24:34 +02:00
|
|
|
/* Do the update */
|
|
|
|
|
UpdateGroupMembership(pg_group_rel, group_tuple, newlist);
|
2000-04-12 19:17:23 +02:00
|
|
|
} /* endif group not null */
|
|
|
|
|
} /* endif alter group drop user */
|
|
|
|
|
|
2000-11-16 23:30:52 +01:00
|
|
|
ReleaseSysCache(group_tuple);
|
2000-04-12 19:17:23 +02:00
|
|
|
|
2002-04-04 06:25:54 +02:00
|
|
|
/*
|
2002-10-21 21:46:45 +02:00
|
|
|
* Now we can clean up; but keep lock until commit (to avoid possible
|
|
|
|
|
* deadlock when commit code tries to acquire lock).
|
2002-04-04 06:25:54 +02:00
|
|
|
*/
|
2001-06-12 07:55:50 +02:00
|
|
|
heap_close(pg_group_rel, NoLock);
|
2002-04-04 06:25:54 +02:00
|
|
|
|
|
|
|
|
/*
|
2002-10-21 21:46:45 +02:00
|
|
|
* Set flag to update flat group file at commit.
|
2002-04-04 06:25:54 +02:00
|
|
|
*/
|
2004-07-28 16:23:31 +02:00
|
|
|
group_file_update_needed();
|
1999-12-16 18:24:19 +01:00
|
|
|
}
|
|
|
|
|
|
2002-04-27 23:24:34 +02:00
|
|
|
/*
|
|
|
|
|
* Subroutine for AlterGroup: given a pg_group tuple and a desired new
|
|
|
|
|
* membership (expressed as an integer list), form and write an updated tuple.
|
|
|
|
|
* The pg_group relation must be open and locked already.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
UpdateGroupMembership(Relation group_rel, HeapTuple group_tuple,
|
|
|
|
|
List *members)
|
|
|
|
|
{
|
|
|
|
|
IdList *newarray;
|
|
|
|
|
Datum new_record[Natts_pg_group];
|
|
|
|
|
char new_record_nulls[Natts_pg_group];
|
|
|
|
|
char new_record_repl[Natts_pg_group];
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
|
|
|
|
|
newarray = IdListToArray(members);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Form an updated tuple with the new array and write it back.
|
|
|
|
|
*/
|
|
|
|
|
MemSet(new_record, 0, sizeof(new_record));
|
|
|
|
|
MemSet(new_record_nulls, ' ', sizeof(new_record_nulls));
|
|
|
|
|
MemSet(new_record_repl, ' ', sizeof(new_record_repl));
|
|
|
|
|
|
|
|
|
|
new_record[Anum_pg_group_grolist - 1] = PointerGetDatum(newarray);
|
|
|
|
|
new_record_repl[Anum_pg_group_grolist - 1] = 'r';
|
|
|
|
|
|
2005-01-28 00:24:11 +01:00
|
|
|
tuple = heap_modifytuple(group_tuple, RelationGetDescr(group_rel),
|
2002-09-04 22:31:48 +02:00
|
|
|
new_record, new_record_nulls, new_record_repl);
|
2002-04-27 23:24:34 +02:00
|
|
|
|
|
|
|
|
simple_heap_update(group_rel, &group_tuple->t_self, tuple);
|
|
|
|
|
|
|
|
|
|
/* Update indexes */
|
2002-08-05 05:29:17 +02:00
|
|
|
CatalogUpdateIndexes(group_rel, tuple);
|
2002-04-27 23:24:34 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Convert an integer list of sysids to an array.
|
|
|
|
|
*/
|
|
|
|
|
static IdList *
|
|
|
|
|
IdListToArray(List *members)
|
|
|
|
|
{
|
2004-05-26 06:41:50 +02:00
|
|
|
int nmembers = list_length(members);
|
2002-04-27 23:24:34 +02:00
|
|
|
IdList *newarray;
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *item;
|
2002-04-27 23:24:34 +02:00
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
newarray = palloc(ARR_OVERHEAD(1) + nmembers * sizeof(int32));
|
|
|
|
|
newarray->size = ARR_OVERHEAD(1) + nmembers * sizeof(int32);
|
|
|
|
|
newarray->flags = 0;
|
2002-08-30 03:01:02 +02:00
|
|
|
newarray->elemtype = INT4OID;
|
2002-04-27 23:24:34 +02:00
|
|
|
ARR_NDIM(newarray) = 1; /* one dimensional array */
|
|
|
|
|
ARR_LBOUND(newarray)[0] = 1; /* axis starts at one */
|
2002-09-04 22:31:48 +02:00
|
|
|
ARR_DIMS(newarray)[0] = nmembers; /* axis is this long */
|
2002-04-27 23:24:34 +02:00
|
|
|
i = 0;
|
|
|
|
|
foreach(item, members)
|
2004-05-26 06:41:50 +02:00
|
|
|
((int *) ARR_DATA_PTR(newarray))[i++] = lfirst_int(item);
|
2002-04-27 23:24:34 +02:00
|
|
|
|
|
|
|
|
return newarray;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Convert an array of sysids to an integer list.
|
|
|
|
|
*/
|
|
|
|
|
static List *
|
|
|
|
|
IdArrayToList(IdList *oldarray)
|
|
|
|
|
{
|
|
|
|
|
List *newlist = NIL;
|
|
|
|
|
int hibound,
|
|
|
|
|
i;
|
|
|
|
|
|
|
|
|
|
if (oldarray == NULL)
|
|
|
|
|
return NIL;
|
|
|
|
|
|
|
|
|
|
Assert(ARR_NDIM(oldarray) == 1);
|
2002-08-30 03:01:02 +02:00
|
|
|
Assert(ARR_ELEMTYPE(oldarray) == INT4OID);
|
2002-04-27 23:24:34 +02:00
|
|
|
|
|
|
|
|
hibound = ARR_DIMS(oldarray)[0];
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < hibound; i++)
|
|
|
|
|
{
|
|
|
|
|
int32 sysid;
|
|
|
|
|
|
2002-08-30 03:01:02 +02:00
|
|
|
sysid = ((int32 *) ARR_DATA_PTR(oldarray))[i];
|
2002-04-27 23:24:34 +02:00
|
|
|
/* filter out any duplicates --- probably a waste of time */
|
2004-05-26 06:41:50 +02:00
|
|
|
if (!list_member_int(newlist, sysid))
|
|
|
|
|
newlist = lappend_int(newlist, sysid);
|
2002-04-27 23:24:34 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return newlist;
|
|
|
|
|
}
|
1999-12-16 18:24:19 +01:00
|
|
|
|
|
|
|
|
|
2000-01-14 23:11:38 +01:00
|
|
|
/*
|
|
|
|
|
* DROP GROUP
|
|
|
|
|
*/
|
1999-12-16 18:24:19 +01:00
|
|
|
void
|
2000-01-14 23:11:38 +01:00
|
|
|
DropGroup(DropGroupStmt *stmt)
|
1999-12-16 18:24:19 +01:00
|
|
|
{
|
|
|
|
|
Relation pg_group_rel;
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
1999-12-16 18:24:19 +01:00
|
|
|
* Make sure the user can do this.
|
|
|
|
|
*/
|
2000-01-14 23:11:38 +01:00
|
|
|
if (!superuser())
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2003-08-01 02:15:26 +02:00
|
|
|
errmsg("must be superuser to drop groups")));
|
1999-12-16 18:24:19 +01:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
/*
|
2002-10-21 21:46:45 +02:00
|
|
|
* Secure exclusive lock to protect our update of the flat group file.
|
2000-04-12 19:17:23 +02:00
|
|
|
*/
|
2005-04-14 22:03:27 +02:00
|
|
|
pg_group_rel = heap_open(GroupRelationId, ExclusiveLock);
|
1999-12-16 18:24:19 +01:00
|
|
|
|
2002-10-21 21:46:45 +02:00
|
|
|
/* Find and delete the group. */
|
|
|
|
|
|
2002-04-27 23:24:34 +02:00
|
|
|
tuple = SearchSysCacheCopy(GRONAME,
|
|
|
|
|
PointerGetDatum(stmt->name),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
2003-07-19 01:20:33 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
|
|
|
|
errmsg("group \"%s\" does not exist", stmt->name)));
|
1999-12-16 18:24:19 +01:00
|
|
|
|
2002-04-27 23:24:34 +02:00
|
|
|
simple_heap_delete(pg_group_rel, &tuple->t_self);
|
|
|
|
|
|
2002-10-21 21:46:45 +02:00
|
|
|
/*
|
|
|
|
|
* Now we can clean up; but keep lock until commit (to avoid possible
|
|
|
|
|
* deadlock when commit code tries to acquire lock).
|
|
|
|
|
*/
|
2001-06-12 07:55:50 +02:00
|
|
|
heap_close(pg_group_rel, NoLock);
|
2002-04-04 06:25:54 +02:00
|
|
|
|
|
|
|
|
/*
|
2002-10-21 21:46:45 +02:00
|
|
|
* Set flag to update flat group file at commit.
|
2002-04-04 06:25:54 +02:00
|
|
|
*/
|
2004-07-28 16:23:31 +02:00
|
|
|
group_file_update_needed();
|
1999-12-16 18:24:19 +01:00
|
|
|
}
|
2003-06-27 16:45:32 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Rename group
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
RenameGroup(const char *oldname, const char *newname)
|
|
|
|
|
{
|
|
|
|
|
HeapTuple tup;
|
|
|
|
|
Relation rel;
|
|
|
|
|
|
|
|
|
|
/* ExclusiveLock because we need to update the flat group file */
|
2005-04-14 22:03:27 +02:00
|
|
|
rel = heap_open(GroupRelationId, ExclusiveLock);
|
2003-06-27 16:45:32 +02:00
|
|
|
|
|
|
|
|
tup = SearchSysCacheCopy(GRONAME,
|
|
|
|
|
CStringGetDatum(oldname),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tup))
|
|
|
|
|
ereport(ERROR,
|
2003-07-19 01:20:33 +02:00
|
|
|
(errcode(ERRCODE_UNDEFINED_OBJECT),
|
2003-06-27 16:45:32 +02:00
|
|
|
errmsg("group \"%s\" does not exist", oldname)));
|
|
|
|
|
|
|
|
|
|
/* make sure the new name doesn't exist */
|
|
|
|
|
if (SearchSysCacheExists(GRONAME,
|
|
|
|
|
CStringGetDatum(newname),
|
|
|
|
|
0, 0, 0))
|
|
|
|
|
ereport(ERROR,
|
2003-07-19 01:20:33 +02:00
|
|
|
(errcode(ERRCODE_DUPLICATE_OBJECT),
|
|
|
|
|
errmsg("group \"%s\" already exists", newname)));
|
2003-06-27 16:45:32 +02:00
|
|
|
|
|
|
|
|
/* must be superuser */
|
|
|
|
|
if (!superuser())
|
|
|
|
|
ereport(ERROR,
|
2003-07-19 01:20:33 +02:00
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
2003-08-01 02:15:26 +02:00
|
|
|
errmsg("must be superuser to rename groups")));
|
2003-06-27 16:45:32 +02:00
|
|
|
|
|
|
|
|
/* rename */
|
|
|
|
|
namestrcpy(&(((Form_pg_group) GETSTRUCT(tup))->groname), newname);
|
|
|
|
|
simple_heap_update(rel, &tup->t_self, tup);
|
|
|
|
|
CatalogUpdateIndexes(rel, tup);
|
|
|
|
|
|
|
|
|
|
heap_close(rel, NoLock);
|
|
|
|
|
heap_freetuple(tup);
|
|
|
|
|
|
2004-07-28 16:23:31 +02:00
|
|
|
group_file_update_needed();
|
2003-06-27 16:45:32 +02:00
|
|
|
}
|
