1996-07-09 08:22:35 +02:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
|
*
|
1999-02-14 00:22:53 +01:00
|
|
|
* aclchk.c
|
1997-09-07 07:04:48 +02:00
|
|
|
* Routines to check access control permissions.
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
2001-01-24 20:43:33 +01:00
|
|
|
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
|
2000-01-26 06:58:53 +01:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* IDENTIFICATION
|
2002-03-22 00:27:25 +01:00
|
|
|
* $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.58 2002/03/21 23:27:19 tgl Exp $
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
|
* NOTES
|
1997-09-07 07:04:48 +02:00
|
|
|
* See acl.h.
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
|
*/
|
1996-11-03 07:54:38 +01:00
|
|
|
#include "postgres.h"
|
|
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
#include "access/heapam.h"
|
2002-02-19 00:11:58 +01:00
|
|
|
#include "access/transam.h"
|
1996-07-09 08:22:35 +02:00
|
|
|
#include "catalog/catalog.h"
|
|
|
|
|
#include "catalog/catname.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "catalog/indexing.h"
|
1998-04-27 06:08:07 +02:00
|
|
|
#include "catalog/pg_aggregate.h"
|
1996-07-09 08:22:35 +02:00
|
|
|
#include "catalog/pg_group.h"
|
2002-02-19 00:11:58 +01:00
|
|
|
#include "catalog/pg_language.h"
|
1996-10-31 06:55:24 +01:00
|
|
|
#include "catalog/pg_operator.h"
|
1996-11-08 07:02:30 +01:00
|
|
|
#include "catalog/pg_proc.h"
|
1998-02-25 14:09:49 +01:00
|
|
|
#include "catalog/pg_shadow.h"
|
1998-04-27 06:08:07 +02:00
|
|
|
#include "catalog/pg_type.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "miscadmin.h"
|
2002-02-19 00:11:58 +01:00
|
|
|
#include "nodes/parsenodes.h"
|
|
|
|
|
#include "parser/keywords.h"
|
|
|
|
|
#include "parser/parse.h"
|
1997-11-25 23:07:18 +01:00
|
|
|
#include "parser/parse_agg.h"
|
|
|
|
|
#include "parser/parse_func.h"
|
2002-02-19 00:11:58 +01:00
|
|
|
#include "parser/parse_expr.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "utils/acl.h"
|
1996-07-09 08:22:35 +02:00
|
|
|
#include "utils/syscache.h"
|
2001-06-18 18:13:21 +02:00
|
|
|
#include "utils/temprel.h"
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
static void ExecuteGrantStmt_Table(GrantStmt *stmt);
|
|
|
|
|
static void ExecuteGrantStmt_Function(GrantStmt *stmt);
|
|
|
|
|
static void ExecuteGrantStmt_Lang(GrantStmt *stmt);
|
|
|
|
|
|
|
|
|
|
static const char *privilege_token_string(int token);
|
|
|
|
|
|
2001-06-05 21:34:56 +02:00
|
|
|
static int32 aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode);
|
1997-08-19 23:40:56 +02:00
|
|
|
|
1997-03-12 21:48:48 +01:00
|
|
|
/* warning messages, now more explicit. */
|
2002-03-22 00:27:25 +01:00
|
|
|
/* MUST correspond to the order of the ACLCHECK_* result codes in acl.h. */
|
|
|
|
|
const char * const aclcheck_error_strings[] = {
|
1997-09-07 07:04:48 +02:00
|
|
|
"No error.",
|
|
|
|
|
"Permission denied.",
|
|
|
|
|
"Table does not exist.",
|
|
|
|
|
"Must be table owner."
|
1997-03-12 21:48:48 +01:00
|
|
|
};
|
|
|
|
|
|
2000-10-02 06:49:28 +02:00
|
|
|
|
2001-05-27 11:59:30 +02:00
|
|
|
#ifdef ACLDEBUG
|
1996-07-09 08:22:35 +02:00
|
|
|
static
|
1997-09-08 22:59:27 +02:00
|
|
|
dumpacl(Acl *acl)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2000-08-01 00:39:17 +02:00
|
|
|
int i;
|
1997-09-08 04:41:22 +02:00
|
|
|
AclItem *aip;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2002-03-22 00:27:25 +01:00
|
|
|
elog(DEBUG1, "acl size = %d, # acls = %d",
|
1997-09-07 07:04:48 +02:00
|
|
|
ACL_SIZE(acl), ACL_NUM(acl));
|
2000-08-01 00:39:17 +02:00
|
|
|
aip = ACL_DAT(acl);
|
1997-09-07 07:04:48 +02:00
|
|
|
for (i = 0; i < ACL_NUM(acl); ++i)
|
2002-03-22 00:27:25 +01:00
|
|
|
elog(DEBUG1, " acl[%d]: %s", i,
|
2000-08-01 00:39:17 +02:00
|
|
|
DatumGetCString(DirectFunctionCall1(aclitemout,
|
2001-03-22 05:01:46 +01:00
|
|
|
PointerGetDatum(aip + i))));
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
2001-11-05 18:46:40 +01:00
|
|
|
#endif /* ACLDEBUG */
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
/*
|
|
|
|
|
* If is_grant is true, adds the given privileges for the list of
|
|
|
|
|
* grantees to the existing old_acl. If is_grant is false, the
|
|
|
|
|
* privileges for the given grantees are removed from old_acl.
|
|
|
|
|
*/
|
|
|
|
|
static Acl*
|
|
|
|
|
merge_acl_with_grant(Acl *old_acl, bool is_grant, List *grantees, char *privileges)
|
|
|
|
|
{
|
|
|
|
|
List *j;
|
|
|
|
|
Acl *new_acl;
|
|
|
|
|
|
|
|
|
|
#ifdef ACLDEBUG
|
|
|
|
|
dumpacl(old_acl);
|
|
|
|
|
#endif
|
|
|
|
|
new_acl = old_acl;
|
|
|
|
|
|
|
|
|
|
foreach(j, grantees)
|
|
|
|
|
{
|
|
|
|
|
PrivGrantee *grantee = (PrivGrantee *) lfirst(j);
|
|
|
|
|
char *granteeString;
|
|
|
|
|
char *aclString;
|
|
|
|
|
AclItem aclitem;
|
|
|
|
|
unsigned modechg;
|
|
|
|
|
|
|
|
|
|
if (grantee->username)
|
|
|
|
|
granteeString = aclmakeuser("U", grantee->username);
|
|
|
|
|
else if (grantee->groupname)
|
|
|
|
|
granteeString = aclmakeuser("G", grantee->groupname);
|
|
|
|
|
else
|
|
|
|
|
granteeString = aclmakeuser("A", "");
|
|
|
|
|
|
|
|
|
|
aclString = makeAclString(privileges, granteeString,
|
|
|
|
|
is_grant ? '+' : '-');
|
|
|
|
|
|
|
|
|
|
/* Convert string ACL spec into internal form */
|
|
|
|
|
aclparse(aclString, &aclitem, &modechg);
|
|
|
|
|
new_acl = aclinsert3(new_acl, &aclitem, modechg);
|
|
|
|
|
|
|
|
|
|
#ifdef ACLDEBUG
|
|
|
|
|
dumpacl(new_acl);
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return new_acl;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
/*
|
2001-06-10 01:21:55 +02:00
|
|
|
* Called to execute the utility commands GRANT and REVOKE
|
1996-07-09 08:22:35 +02:00
|
|
|
*/
|
|
|
|
|
void
|
2001-06-10 01:21:55 +02:00
|
|
|
ExecuteGrantStmt(GrantStmt *stmt)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
2001-06-10 01:21:55 +02:00
|
|
|
/* see comment in pg_type.h */
|
|
|
|
|
Assert(ACLITEMSIZE == sizeof(AclItem));
|
2000-08-01 00:39:17 +02:00
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
switch(stmt->objtype)
|
|
|
|
|
{
|
|
|
|
|
case TABLE:
|
|
|
|
|
ExecuteGrantStmt_Table(stmt);
|
|
|
|
|
break;
|
|
|
|
|
case FUNCTION:
|
|
|
|
|
ExecuteGrantStmt_Function(stmt);
|
|
|
|
|
break;
|
|
|
|
|
case LANGUAGE:
|
|
|
|
|
ExecuteGrantStmt_Lang(stmt);
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
elog(ERROR, "bogus GrantStmt.objtype %d", stmt->objtype);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
ExecuteGrantStmt_Table(GrantStmt *stmt)
|
|
|
|
|
{
|
|
|
|
|
List *i;
|
|
|
|
|
char *privstring;
|
|
|
|
|
|
|
|
|
|
if (lfirsti(stmt->privileges) == ALL)
|
|
|
|
|
privstring = aclmakepriv(ACL_MODE_STR, 0);
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
privstring = "";
|
|
|
|
|
foreach(i, stmt->privileges)
|
|
|
|
|
{
|
|
|
|
|
int c = 0;
|
|
|
|
|
|
|
|
|
|
switch(lfirsti(i))
|
|
|
|
|
{
|
|
|
|
|
case SELECT:
|
|
|
|
|
c = ACL_MODE_SELECT_CHR;
|
|
|
|
|
break;
|
|
|
|
|
case INSERT:
|
|
|
|
|
c = ACL_MODE_INSERT_CHR;
|
|
|
|
|
break;
|
|
|
|
|
case UPDATE:
|
|
|
|
|
c = ACL_MODE_UPDATE_CHR;
|
|
|
|
|
break;
|
|
|
|
|
case DELETE:
|
|
|
|
|
c = ACL_MODE_DELETE_CHR;
|
|
|
|
|
break;
|
|
|
|
|
case RULE:
|
|
|
|
|
c = ACL_MODE_RULE_CHR;
|
|
|
|
|
break;
|
|
|
|
|
case REFERENCES:
|
|
|
|
|
c = ACL_MODE_REFERENCES_CHR;
|
|
|
|
|
break;
|
|
|
|
|
case TRIGGER:
|
|
|
|
|
c = ACL_MODE_TRIGGER_CHR;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
elog(ERROR, "invalid privilege type %s for table object",
|
|
|
|
|
privilege_token_string(lfirsti(i)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
privstring = aclmakepriv(privstring, c);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
foreach(i, stmt->objects)
|
2000-08-01 00:39:17 +02:00
|
|
|
{
|
2002-03-21 17:02:16 +01:00
|
|
|
char *relname = ((RangeVar *) lfirst(i))->relname;
|
2001-06-10 01:21:55 +02:00
|
|
|
Relation relation;
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
Form_pg_class pg_class_tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *old_acl;
|
|
|
|
|
Acl *new_acl;
|
|
|
|
|
unsigned i;
|
|
|
|
|
HeapTuple newtuple;
|
|
|
|
|
Datum values[Natts_pg_class];
|
|
|
|
|
char nulls[Natts_pg_class];
|
|
|
|
|
char replaces[Natts_pg_class];
|
|
|
|
|
|
|
|
|
|
/* open pg_class */
|
|
|
|
|
relation = heap_openr(RelationRelationName, RowExclusiveLock);
|
|
|
|
|
tuple = SearchSysCache(RELNAME,
|
|
|
|
|
PointerGetDatum(relname),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
elog(ERROR, "relation \"%s\" not found",
|
|
|
|
|
relname);
|
|
|
|
|
pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
|
|
|
|
|
|
2002-03-22 00:27:25 +01:00
|
|
|
if (!pg_class_ownercheck(tuple->t_data->t_oid, GetUserId()))
|
|
|
|
|
elog(ERROR, "%s: permission denied",
|
|
|
|
|
relname);
|
|
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
if (pg_class_tuple->relkind == RELKIND_INDEX)
|
|
|
|
|
elog(ERROR, "\"%s\" is an index",
|
|
|
|
|
relname);
|
|
|
|
|
|
|
|
|
|
/*
|
2001-10-25 07:50:21 +02:00
|
|
|
* If there's no ACL, create a default using the pg_class.relowner
|
|
|
|
|
* field.
|
2001-06-10 01:21:55 +02:00
|
|
|
*/
|
|
|
|
|
aclDatum = SysCacheGetAttr(RELNAME, tuple, Anum_pg_class_relacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
2002-02-19 00:11:58 +01:00
|
|
|
old_acl = acldefault(pg_class_tuple->relowner);
|
2001-06-10 01:21:55 +02:00
|
|
|
else
|
|
|
|
|
/* get a detoasted copy of the rel's ACL */
|
|
|
|
|
old_acl = DatumGetAclPCopy(aclDatum);
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
new_acl = merge_acl_with_grant(old_acl, stmt->is_grant,
|
|
|
|
|
stmt->grantees, privstring);
|
2001-06-10 01:21:55 +02:00
|
|
|
|
|
|
|
|
/* finished building new ACL value, now insert it */
|
|
|
|
|
for (i = 0; i < Natts_pg_class; ++i)
|
|
|
|
|
{
|
|
|
|
|
replaces[i] = ' ';
|
|
|
|
|
nulls[i] = ' '; /* ignored if replaces[i]==' ' anyway */
|
2001-10-25 07:50:21 +02:00
|
|
|
values[i] = (Datum) NULL; /* ignored if replaces[i]==' '
|
|
|
|
|
* anyway */
|
2001-06-10 01:21:55 +02:00
|
|
|
}
|
|
|
|
|
replaces[Anum_pg_class_relacl - 1] = 'r';
|
|
|
|
|
values[Anum_pg_class_relacl - 1] = PointerGetDatum(new_acl);
|
|
|
|
|
newtuple = heap_modifytuple(tuple, relation, values, nulls, replaces);
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
ReleaseSysCache(tuple);
|
2000-11-16 23:30:52 +01:00
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
simple_heap_update(relation, &newtuple->t_self, newtuple);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
{
|
|
|
|
|
/* keep the catalog indexes up to date */
|
|
|
|
|
Relation idescs[Num_pg_class_indices];
|
2001-10-25 07:50:21 +02:00
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
CatalogOpenIndices(Num_pg_class_indices, Name_pg_class_indices,
|
|
|
|
|
idescs);
|
|
|
|
|
CatalogIndexInsert(idescs, Num_pg_class_indices, relation, newtuple);
|
|
|
|
|
CatalogCloseIndices(Num_pg_class_indices, idescs);
|
|
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
pfree(old_acl);
|
|
|
|
|
pfree(new_acl);
|
2000-10-02 06:49:28 +02:00
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
heap_close(relation, RowExclusiveLock);
|
|
|
|
|
}
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
static Oid
|
|
|
|
|
find_function_with_arglist(char *name, List *arguments)
|
|
|
|
|
{
|
|
|
|
|
Oid oid;
|
|
|
|
|
Oid argoids[FUNC_MAX_ARGS];
|
|
|
|
|
int i;
|
|
|
|
|
int16 argcount;
|
Commit to match discussed elog() changes. Only update is that LOG is
now just below FATAL in server_min_messages. Added more text to
highlight ordering difference between it and client_min_messages.
---------------------------------------------------------------------------
REALLYFATAL => PANIC
STOP => PANIC
New INFO level the prints to client by default
New LOG level the prints to server log by default
Cause VACUUM information to print only to the client
NOTICE => INFO where purely information messages are sent
DEBUG => LOG for purely server status messages
DEBUG removed, kept as backward compatible
DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added
DebugLvl removed in favor of new DEBUG[1-5] symbols
New server_min_messages GUC parameter with values:
DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC
New client_min_messages GUC parameter with values:
DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC
Server startup now logged with LOG instead of DEBUG
Remove debug_level GUC parameter
elog() numbers now start at 10
Add test to print error message if older elog() values are passed to elog()
Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
MemSet(argoids, 0, FUNC_MAX_ARGS * sizeof(Oid));
|
|
|
|
|
argcount = length(arguments);
|
|
|
|
|
if (argcount > FUNC_MAX_ARGS)
|
|
|
|
|
elog(ERROR, "functions cannot have more than %d arguments",
|
|
|
|
|
FUNC_MAX_ARGS);
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < argcount; i++)
|
|
|
|
|
{
|
|
|
|
|
TypeName *t = (TypeName *) lfirst(arguments);
|
|
|
|
|
char *typnam = TypeNameToInternalName(t);
|
Commit to match discussed elog() changes. Only update is that LOG is
now just below FATAL in server_min_messages. Added more text to
highlight ordering difference between it and client_min_messages.
---------------------------------------------------------------------------
REALLYFATAL => PANIC
STOP => PANIC
New INFO level the prints to client by default
New LOG level the prints to server log by default
Cause VACUUM information to print only to the client
NOTICE => INFO where purely information messages are sent
DEBUG => LOG for purely server status messages
DEBUG removed, kept as backward compatible
DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added
DebugLvl removed in favor of new DEBUG[1-5] symbols
New server_min_messages GUC parameter with values:
DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC
New client_min_messages GUC parameter with values:
DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC
Server startup now logged with LOG instead of DEBUG
Remove debug_level GUC parameter
elog() numbers now start at 10
Add test to print error message if older elog() values are passed to elog()
Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
arguments = lnext(arguments);
|
Commit to match discussed elog() changes. Only update is that LOG is
now just below FATAL in server_min_messages. Added more text to
highlight ordering difference between it and client_min_messages.
---------------------------------------------------------------------------
REALLYFATAL => PANIC
STOP => PANIC
New INFO level the prints to client by default
New LOG level the prints to server log by default
Cause VACUUM information to print only to the client
NOTICE => INFO where purely information messages are sent
DEBUG => LOG for purely server status messages
DEBUG removed, kept as backward compatible
DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added
DebugLvl removed in favor of new DEBUG[1-5] symbols
New server_min_messages GUC parameter with values:
DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC
New client_min_messages GUC parameter with values:
DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC
Server startup now logged with LOG instead of DEBUG
Remove debug_level GUC parameter
elog() numbers now start at 10
Add test to print error message if older elog() values are passed to elog()
Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
if (strcmp(typnam, "opaque") == 0)
|
|
|
|
|
argoids[i] = InvalidOid;
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
argoids[i] = GetSysCacheOid(TYPENAME,
|
|
|
|
|
PointerGetDatum(typnam),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!OidIsValid(argoids[i]))
|
|
|
|
|
elog(ERROR, "type '%s' not found", typnam);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
oid = GetSysCacheOid(PROCNAME,
|
|
|
|
|
PointerGetDatum(name),
|
|
|
|
|
Int16GetDatum(argcount),
|
|
|
|
|
PointerGetDatum(argoids),
|
|
|
|
|
0);
|
|
|
|
|
|
|
|
|
|
if (!OidIsValid(oid))
|
|
|
|
|
func_error(NULL, name, argcount, argoids, NULL);
|
|
|
|
|
|
|
|
|
|
return oid;
|
Commit to match discussed elog() changes. Only update is that LOG is
now just below FATAL in server_min_messages. Added more text to
highlight ordering difference between it and client_min_messages.
---------------------------------------------------------------------------
REALLYFATAL => PANIC
STOP => PANIC
New INFO level the prints to client by default
New LOG level the prints to server log by default
Cause VACUUM information to print only to the client
NOTICE => INFO where purely information messages are sent
DEBUG => LOG for purely server status messages
DEBUG removed, kept as backward compatible
DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1 added
DebugLvl removed in favor of new DEBUG[1-5] symbols
New server_min_messages GUC parameter with values:
DEBUG[5-1], INFO, NOTICE, ERROR, LOG, FATAL, PANIC
New client_min_messages GUC parameter with values:
DEBUG[5-1], LOG, INFO, NOTICE, ERROR, FATAL, PANIC
Server startup now logged with LOG instead of DEBUG
Remove debug_level GUC parameter
elog() numbers now start at 10
Add test to print error message if older elog() values are passed to elog()
Bootstrap mode now has a -d that requires an argument, like postmaster
2002-03-02 22:39:36 +01:00
|
|
|
}
|
2002-02-19 00:11:58 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
ExecuteGrantStmt_Function(GrantStmt *stmt)
|
|
|
|
|
{
|
|
|
|
|
List *i;
|
|
|
|
|
char *privstring = NULL;
|
|
|
|
|
|
|
|
|
|
if (lfirsti(stmt->privileges) == ALL)
|
|
|
|
|
privstring = aclmakepriv("", ACL_MODE_SELECT_CHR);
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
foreach(i, stmt->privileges)
|
|
|
|
|
{
|
|
|
|
|
if (lfirsti(i) != EXECUTE)
|
|
|
|
|
elog(ERROR, "invalid privilege type %s for function object",
|
|
|
|
|
privilege_token_string(lfirsti(i)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
privstring = aclmakepriv("", ACL_MODE_SELECT_CHR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
foreach(i, stmt->objects)
|
|
|
|
|
{
|
|
|
|
|
FuncWithArgs *func = (FuncWithArgs *) lfirst(i);
|
|
|
|
|
Oid oid;
|
|
|
|
|
Relation relation;
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
Form_pg_proc pg_proc_tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *old_acl;
|
|
|
|
|
Acl *new_acl;
|
|
|
|
|
unsigned i;
|
|
|
|
|
HeapTuple newtuple;
|
|
|
|
|
Datum values[Natts_pg_proc];
|
|
|
|
|
char nulls[Natts_pg_proc];
|
|
|
|
|
char replaces[Natts_pg_proc];
|
|
|
|
|
|
|
|
|
|
oid = find_function_with_arglist(func->funcname, func->funcargs);
|
|
|
|
|
relation = heap_openr(ProcedureRelationName, RowExclusiveLock);
|
|
|
|
|
tuple = SearchSysCache(PROCOID, ObjectIdGetDatum(oid), 0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
{
|
|
|
|
|
heap_close(relation, RowExclusiveLock);
|
|
|
|
|
elog(ERROR, "function %u not found", oid);
|
|
|
|
|
}
|
|
|
|
|
pg_proc_tuple = (Form_pg_proc) GETSTRUCT(tuple);
|
|
|
|
|
|
|
|
|
|
if (pg_proc_tuple->proowner != GetUserId())
|
|
|
|
|
elog(ERROR, "permission denied");
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If there's no ACL, create a default using the pg_proc.proowner
|
|
|
|
|
* field.
|
|
|
|
|
*/
|
|
|
|
|
aclDatum = SysCacheGetAttr(PROCOID, tuple, Anum_pg_proc_proacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
old_acl = acldefault(pg_proc_tuple->proowner);
|
|
|
|
|
else
|
|
|
|
|
/* get a detoasted copy of the rel's ACL */
|
|
|
|
|
old_acl = DatumGetAclPCopy(aclDatum);
|
|
|
|
|
|
|
|
|
|
new_acl = merge_acl_with_grant(old_acl, stmt->is_grant,
|
|
|
|
|
stmt->grantees, privstring);
|
|
|
|
|
|
|
|
|
|
/* finished building new ACL value, now insert it */
|
|
|
|
|
for (i = 0; i < Natts_pg_proc; ++i)
|
|
|
|
|
{
|
|
|
|
|
replaces[i] = ' ';
|
|
|
|
|
nulls[i] = ' '; /* ignored if replaces[i]==' ' anyway */
|
|
|
|
|
values[i] = (Datum) NULL; /* ignored if replaces[i]==' '
|
|
|
|
|
* anyway */
|
|
|
|
|
}
|
|
|
|
|
replaces[Anum_pg_proc_proacl - 1] = 'r';
|
|
|
|
|
values[Anum_pg_proc_proacl - 1] = PointerGetDatum(new_acl);
|
|
|
|
|
newtuple = heap_modifytuple(tuple, relation, values, nulls, replaces);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
simple_heap_update(relation, &newtuple->t_self, newtuple);
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
/* keep the catalog indexes up to date */
|
|
|
|
|
Relation idescs[Num_pg_proc_indices];
|
|
|
|
|
|
|
|
|
|
CatalogOpenIndices(Num_pg_proc_indices, Name_pg_proc_indices,
|
|
|
|
|
idescs);
|
|
|
|
|
CatalogIndexInsert(idescs, Num_pg_proc_indices, relation, newtuple);
|
|
|
|
|
CatalogCloseIndices(Num_pg_proc_indices, idescs);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pfree(old_acl);
|
|
|
|
|
pfree(new_acl);
|
|
|
|
|
|
|
|
|
|
heap_close(relation, RowExclusiveLock);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
ExecuteGrantStmt_Lang(GrantStmt *stmt)
|
|
|
|
|
{
|
|
|
|
|
List *i;
|
|
|
|
|
char *privstring = NULL;
|
|
|
|
|
|
|
|
|
|
if (lfirsti(stmt->privileges) == ALL)
|
|
|
|
|
privstring = aclmakepriv("", ACL_MODE_SELECT_CHR);
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
foreach(i, stmt->privileges)
|
|
|
|
|
{
|
|
|
|
|
if (lfirsti(i) != USAGE)
|
|
|
|
|
elog(ERROR, "invalid privilege type %s for language object",
|
|
|
|
|
privilege_token_string(lfirsti(i)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
privstring = aclmakepriv("", ACL_MODE_SELECT_CHR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
foreach(i, stmt->objects)
|
|
|
|
|
{
|
|
|
|
|
char *langname = strVal(lfirst(i));
|
|
|
|
|
Relation relation;
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
Form_pg_language pg_language_tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *old_acl;
|
|
|
|
|
Acl *new_acl;
|
|
|
|
|
unsigned i;
|
|
|
|
|
HeapTuple newtuple;
|
|
|
|
|
Datum values[Natts_pg_language];
|
|
|
|
|
char nulls[Natts_pg_language];
|
|
|
|
|
char replaces[Natts_pg_language];
|
|
|
|
|
|
|
|
|
|
if (!superuser())
|
|
|
|
|
elog(ERROR, "permission denied");
|
|
|
|
|
|
|
|
|
|
relation = heap_openr(LanguageRelationName, RowExclusiveLock);
|
|
|
|
|
tuple = SearchSysCache(LANGNAME, PointerGetDatum(langname), 0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
{
|
|
|
|
|
heap_close(relation, RowExclusiveLock);
|
|
|
|
|
elog(ERROR, "language \"%s\" not found", langname);
|
|
|
|
|
}
|
|
|
|
|
pg_language_tuple = (Form_pg_language) GETSTRUCT(tuple);
|
|
|
|
|
|
|
|
|
|
if (!pg_language_tuple->lanpltrusted)
|
|
|
|
|
{
|
|
|
|
|
heap_close(relation, RowExclusiveLock);
|
|
|
|
|
elog(ERROR, "language \"%s\" is not trusted", langname);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If there's no ACL, create a default.
|
|
|
|
|
*/
|
|
|
|
|
aclDatum = SysCacheGetAttr(LANGNAME, tuple, Anum_pg_language_lanacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
old_acl = acldefault(InvalidOid);
|
|
|
|
|
else
|
|
|
|
|
/* get a detoasted copy of the rel's ACL */
|
|
|
|
|
old_acl = DatumGetAclPCopy(aclDatum);
|
|
|
|
|
|
|
|
|
|
new_acl = merge_acl_with_grant(old_acl, stmt->is_grant,
|
|
|
|
|
stmt->grantees, privstring);
|
|
|
|
|
|
|
|
|
|
/* finished building new ACL value, now insert it */
|
|
|
|
|
for (i = 0; i < Natts_pg_language; ++i)
|
|
|
|
|
{
|
|
|
|
|
replaces[i] = ' ';
|
|
|
|
|
nulls[i] = ' '; /* ignored if replaces[i]==' ' anyway */
|
|
|
|
|
values[i] = (Datum) NULL; /* ignored if replaces[i]==' '
|
|
|
|
|
* anyway */
|
|
|
|
|
}
|
|
|
|
|
replaces[Anum_pg_language_lanacl - 1] = 'r';
|
|
|
|
|
values[Anum_pg_language_lanacl - 1] = PointerGetDatum(new_acl);
|
|
|
|
|
newtuple = heap_modifytuple(tuple, relation, values, nulls, replaces);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
simple_heap_update(relation, &newtuple->t_self, newtuple);
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
/* keep the catalog indexes up to date */
|
|
|
|
|
Relation idescs[Num_pg_language_indices];
|
|
|
|
|
|
|
|
|
|
CatalogOpenIndices(Num_pg_language_indices, Name_pg_language_indices,
|
|
|
|
|
idescs);
|
|
|
|
|
CatalogIndexInsert(idescs, Num_pg_language_indices, relation, newtuple);
|
|
|
|
|
CatalogCloseIndices(Num_pg_language_indices, idescs);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pfree(old_acl);
|
|
|
|
|
pfree(new_acl);
|
|
|
|
|
|
|
|
|
|
heap_close(relation, RowExclusiveLock);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static const char *
|
|
|
|
|
privilege_token_string(int token)
|
|
|
|
|
{
|
|
|
|
|
const char *s = TokenString(token);
|
|
|
|
|
|
|
|
|
|
if (s)
|
|
|
|
|
return s;
|
|
|
|
|
else
|
|
|
|
|
elog(ERROR, "privilege_token_string: invalid token number");
|
|
|
|
|
return NULL; /* appease compiler */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2001-06-10 01:21:55 +02:00
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
AclId
|
|
|
|
|
get_grosysid(char *groname)
|
|
|
|
|
{
|
1998-08-19 04:04:17 +02:00
|
|
|
HeapTuple tuple;
|
1997-09-08 04:41:22 +02:00
|
|
|
AclId id = 0;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2000-11-16 23:30:52 +01:00
|
|
|
tuple = SearchSysCache(GRONAME,
|
|
|
|
|
PointerGetDatum(groname),
|
|
|
|
|
0, 0, 0);
|
1998-08-19 04:04:17 +02:00
|
|
|
if (HeapTupleIsValid(tuple))
|
2000-11-16 23:30:52 +01:00
|
|
|
{
|
1998-08-19 04:04:17 +02:00
|
|
|
id = ((Form_pg_group) GETSTRUCT(tuple))->grosysid;
|
2000-11-16 23:30:52 +01:00
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
else
|
1998-01-05 17:40:20 +01:00
|
|
|
elog(ERROR, "non-existent group \"%s\"", groname);
|
1998-09-01 05:29:17 +02:00
|
|
|
return id;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2000-11-29 00:42:31 +01:00
|
|
|
/*
|
|
|
|
|
* Convert group ID to name, or return NULL if group can't be found
|
|
|
|
|
*/
|
1998-02-26 05:46:47 +01:00
|
|
|
char *
|
1996-07-09 08:22:35 +02:00
|
|
|
get_groname(AclId grosysid)
|
|
|
|
|
{
|
1998-08-19 04:04:17 +02:00
|
|
|
HeapTuple tuple;
|
1997-09-08 04:41:22 +02:00
|
|
|
char *name = NULL;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2000-11-16 23:30:52 +01:00
|
|
|
tuple = SearchSysCache(GROSYSID,
|
|
|
|
|
ObjectIdGetDatum(grosysid),
|
|
|
|
|
0, 0, 0);
|
1998-08-19 04:04:17 +02:00
|
|
|
if (HeapTupleIsValid(tuple))
|
2000-11-16 23:30:52 +01:00
|
|
|
{
|
|
|
|
|
name = pstrdup(NameStr(((Form_pg_group) GETSTRUCT(tuple))->groname));
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
}
|
1998-09-01 05:29:17 +02:00
|
|
|
return name;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2001-06-05 21:34:56 +02:00
|
|
|
/*
|
|
|
|
|
* Is user a member of group?
|
|
|
|
|
*/
|
2000-08-01 00:39:17 +02:00
|
|
|
static bool
|
1996-07-09 08:22:35 +02:00
|
|
|
in_group(AclId uid, AclId gid)
|
|
|
|
|
{
|
2000-11-16 23:30:52 +01:00
|
|
|
bool result = false;
|
1998-08-19 04:04:17 +02:00
|
|
|
HeapTuple tuple;
|
2000-11-03 20:02:18 +01:00
|
|
|
Datum att;
|
|
|
|
|
bool isNull;
|
2001-06-05 21:34:56 +02:00
|
|
|
IdList *glist;
|
2000-11-03 20:02:18 +01:00
|
|
|
AclId *aidp;
|
2000-08-01 00:39:17 +02:00
|
|
|
int i,
|
1997-09-08 04:41:22 +02:00
|
|
|
num;
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2000-11-16 23:30:52 +01:00
|
|
|
tuple = SearchSysCache(GROSYSID,
|
|
|
|
|
ObjectIdGetDatum(gid),
|
|
|
|
|
0, 0, 0);
|
2000-11-03 20:02:18 +01:00
|
|
|
if (HeapTupleIsValid(tuple))
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2000-11-03 20:02:18 +01:00
|
|
|
att = SysCacheGetAttr(GROSYSID,
|
|
|
|
|
tuple,
|
|
|
|
|
Anum_pg_group_grolist,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (!isNull)
|
|
|
|
|
{
|
|
|
|
|
/* be sure the IdList is not toasted */
|
2001-06-05 21:34:56 +02:00
|
|
|
glist = DatumGetIdListP(att);
|
2000-11-03 20:02:18 +01:00
|
|
|
/* scan it */
|
2001-06-05 21:34:56 +02:00
|
|
|
num = IDLIST_NUM(glist);
|
|
|
|
|
aidp = IDLIST_DAT(glist);
|
2000-11-03 20:02:18 +01:00
|
|
|
for (i = 0; i < num; ++i)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2000-11-03 20:02:18 +01:00
|
|
|
if (aidp[i] == uid)
|
2000-11-16 23:30:52 +01:00
|
|
|
{
|
|
|
|
|
result = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
2001-06-05 21:34:56 +02:00
|
|
|
/* if IdList was toasted, free detoasted copy */
|
|
|
|
|
if ((Pointer) glist != DatumGetPointer(att))
|
|
|
|
|
pfree(glist);
|
2000-11-03 20:02:18 +01:00
|
|
|
}
|
2000-11-16 23:30:52 +01:00
|
|
|
ReleaseSysCache(tuple);
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
|
|
|
|
else
|
2002-03-06 07:10:59 +01:00
|
|
|
elog(WARNING, "in_group: group %u not found", gid);
|
2000-11-16 23:30:52 +01:00
|
|
|
return result;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* aclcheck
|
2001-06-05 21:34:56 +02:00
|
|
|
*
|
|
|
|
|
* Returns ACLCHECK_OK if the 'id' of type 'idtype' has ACL entries in 'acl'
|
|
|
|
|
* to satisfy any one of the requirements of 'mode'. Returns an appropriate
|
|
|
|
|
* ACLCHECK_* error code otherwise.
|
|
|
|
|
*
|
|
|
|
|
* The ACL list is expected to be sorted in standard order.
|
1996-07-09 08:22:35 +02:00
|
|
|
*/
|
1997-09-08 04:41:22 +02:00
|
|
|
static int32
|
2001-06-05 21:34:56 +02:00
|
|
|
aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1998-02-26 05:46:47 +01:00
|
|
|
AclItem *aip,
|
1997-09-08 04:41:22 +02:00
|
|
|
*aidat;
|
2000-11-03 20:02:18 +01:00
|
|
|
int i,
|
|
|
|
|
num;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2000-10-02 06:49:28 +02:00
|
|
|
/*
|
2001-03-22 05:01:46 +01:00
|
|
|
* If ACL is null, default to "OK" --- this should not happen, since
|
|
|
|
|
* caller should have inserted appropriate default
|
2000-10-02 06:49:28 +02:00
|
|
|
*/
|
1997-09-07 07:04:48 +02:00
|
|
|
if (!acl)
|
2000-10-02 06:49:28 +02:00
|
|
|
{
|
2002-03-22 00:27:25 +01:00
|
|
|
elog(DEBUG1, "aclcheck: null ACL, returning OK");
|
2000-10-02 06:49:28 +02:00
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
|
|
|
|
|
num = ACL_NUM(acl);
|
|
|
|
|
aidat = ACL_DAT(acl);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We'll treat the empty ACL like that, too, although this is more
|
|
|
|
|
* like an error (i.e., you manually blew away your ACL array) -- the
|
2001-03-22 05:01:46 +01:00
|
|
|
* system never creates an empty ACL, since there must always be a
|
|
|
|
|
* "world" entry in the first slot.
|
1997-09-07 07:04:48 +02:00
|
|
|
*/
|
|
|
|
|
if (num < 1)
|
|
|
|
|
{
|
2002-03-22 00:27:25 +01:00
|
|
|
elog(DEBUG1, "aclcheck: zero-length ACL, returning OK");
|
2001-06-05 21:34:56 +02:00
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2001-10-25 07:50:21 +02:00
|
|
|
* "World" rights are applicable regardless of the passed-in ID, and
|
|
|
|
|
* since they're much the cheapest to check, check 'em first.
|
2001-06-05 21:34:56 +02:00
|
|
|
*/
|
|
|
|
|
if (aidat->ai_idtype != ACL_IDTYPE_WORLD)
|
|
|
|
|
elog(ERROR, "aclcheck: first entry in ACL is not 'world' entry");
|
|
|
|
|
if (aidat->ai_mode & mode)
|
|
|
|
|
{
|
|
|
|
|
#ifdef ACLDEBUG
|
2002-03-22 00:27:25 +01:00
|
|
|
elog(DEBUG1, "aclcheck: using world=%d", aidat->ai_mode);
|
2001-06-05 21:34:56 +02:00
|
|
|
#endif
|
1997-09-07 07:04:48 +02:00
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch (idtype)
|
|
|
|
|
{
|
1997-09-08 04:41:22 +02:00
|
|
|
case ACL_IDTYPE_UID:
|
2001-06-05 21:34:56 +02:00
|
|
|
/* See if permission is granted directly to user */
|
1997-09-08 04:41:22 +02:00
|
|
|
for (i = 1, aip = aidat + 1; /* skip world entry */
|
|
|
|
|
i < num && aip->ai_idtype == ACL_IDTYPE_UID;
|
|
|
|
|
++i, ++aip)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
1997-09-08 04:41:22 +02:00
|
|
|
if (aip->ai_id == id)
|
|
|
|
|
{
|
2001-05-27 11:59:30 +02:00
|
|
|
#ifdef ACLDEBUG
|
2002-03-22 00:27:25 +01:00
|
|
|
elog(DEBUG1, "aclcheck: found user %u/%d",
|
1997-09-08 04:41:22 +02:00
|
|
|
aip->ai_id, aip->ai_mode);
|
1996-07-09 08:22:35 +02:00
|
|
|
#endif
|
2001-06-05 21:34:56 +02:00
|
|
|
if (aip->ai_mode & mode)
|
|
|
|
|
return ACLCHECK_OK;
|
1997-09-08 04:41:22 +02:00
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
2000-11-03 20:02:18 +01:00
|
|
|
/* See if he has the permission via any group */
|
|
|
|
|
for (;
|
1997-09-08 04:41:22 +02:00
|
|
|
i < num && aip->ai_idtype == ACL_IDTYPE_GID;
|
|
|
|
|
++i, ++aip)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2000-11-03 20:02:18 +01:00
|
|
|
if (aip->ai_mode & mode)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2000-11-03 20:02:18 +01:00
|
|
|
if (in_group(id, aip->ai_id))
|
1997-09-08 04:41:22 +02:00
|
|
|
{
|
2001-05-27 11:59:30 +02:00
|
|
|
#ifdef ACLDEBUG
|
2002-03-22 00:27:25 +01:00
|
|
|
elog(DEBUG1, "aclcheck: found group %u/%d",
|
2000-11-03 20:02:18 +01:00
|
|
|
aip->ai_id, aip->ai_mode);
|
1996-07-09 08:22:35 +02:00
|
|
|
#endif
|
2000-11-03 20:02:18 +01:00
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
}
|
|
|
|
|
}
|
1997-09-08 04:41:22 +02:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ACL_IDTYPE_GID:
|
2000-11-03 20:02:18 +01:00
|
|
|
/* Look for this group ID */
|
2001-06-05 21:34:56 +02:00
|
|
|
for (i = 1, aip = aidat + 1; /* skip world entry */
|
1997-09-08 04:41:22 +02:00
|
|
|
i < num && aip->ai_idtype == ACL_IDTYPE_UID;
|
|
|
|
|
++i, ++aip)
|
2001-10-25 07:50:21 +02:00
|
|
|
/* skip UID entry */ ;
|
1997-09-08 04:41:22 +02:00
|
|
|
for (;
|
|
|
|
|
i < num && aip->ai_idtype == ACL_IDTYPE_GID;
|
|
|
|
|
++i, ++aip)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
1997-09-08 04:41:22 +02:00
|
|
|
if (aip->ai_id == id)
|
|
|
|
|
{
|
2001-05-27 11:59:30 +02:00
|
|
|
#ifdef ACLDEBUG
|
2002-03-22 00:27:25 +01:00
|
|
|
elog(DEBUG1, "aclcheck: found group %u/%d",
|
1997-09-08 04:41:22 +02:00
|
|
|
aip->ai_id, aip->ai_mode);
|
1996-07-09 08:22:35 +02:00
|
|
|
#endif
|
2001-06-05 21:34:56 +02:00
|
|
|
if (aip->ai_mode & mode)
|
|
|
|
|
return ACLCHECK_OK;
|
1997-09-08 04:41:22 +02:00
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
1997-09-08 04:41:22 +02:00
|
|
|
break;
|
|
|
|
|
case ACL_IDTYPE_WORLD:
|
2000-11-03 20:02:18 +01:00
|
|
|
/* Only check the world entry */
|
1997-09-08 04:41:22 +02:00
|
|
|
break;
|
|
|
|
|
default:
|
1998-01-05 17:40:20 +01:00
|
|
|
elog(ERROR, "aclcheck: bogus ACL id type: %d", idtype);
|
1997-09-08 04:41:22 +02:00
|
|
|
break;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2001-06-05 21:34:56 +02:00
|
|
|
/* If get here, he doesn't have the privilege nohow */
|
|
|
|
|
return ACLCHECK_NO_PRIV;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2002-03-22 00:27:25 +01:00
|
|
|
|
2001-06-05 21:34:56 +02:00
|
|
|
/*
|
|
|
|
|
* Exported routine for checking a user's access privileges to a table
|
|
|
|
|
*
|
|
|
|
|
* Returns an ACLCHECK_* result code.
|
|
|
|
|
*/
|
1996-07-09 08:22:35 +02:00
|
|
|
int32
|
2002-03-22 00:27:25 +01:00
|
|
|
pg_class_aclcheck(Oid table_oid, Oid userid, AclMode mode)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1997-09-08 04:41:22 +02:00
|
|
|
int32 result;
|
2002-03-22 00:27:25 +01:00
|
|
|
bool usesuper,
|
|
|
|
|
usecatupd;
|
|
|
|
|
char *relname;
|
2000-10-02 06:49:28 +02:00
|
|
|
HeapTuple tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *acl;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2001-06-05 21:34:56 +02:00
|
|
|
/*
|
|
|
|
|
* Validate userid, find out if he is superuser
|
2002-03-22 00:27:25 +01:00
|
|
|
*
|
|
|
|
|
* We do not use superuser_arg() here because we also need to check
|
|
|
|
|
* usecatupd.
|
2001-06-05 21:34:56 +02:00
|
|
|
*/
|
2000-11-16 23:30:52 +01:00
|
|
|
tuple = SearchSysCache(SHADOWSYSID,
|
|
|
|
|
ObjectIdGetDatum(userid),
|
|
|
|
|
0, 0, 0);
|
1998-08-19 04:04:17 +02:00
|
|
|
if (!HeapTupleIsValid(tuple))
|
2002-03-22 00:27:25 +01:00
|
|
|
elog(ERROR, "pg_class_aclcheck: invalid user id %u", userid);
|
2000-09-06 16:15:31 +02:00
|
|
|
|
2002-03-22 00:27:25 +01:00
|
|
|
usesuper = ((Form_pg_shadow) GETSTRUCT(tuple))->usesuper;
|
|
|
|
|
usecatupd = ((Form_pg_shadow) GETSTRUCT(tuple))->usecatupd;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Now get the relation's tuple from pg_class
|
|
|
|
|
*/
|
|
|
|
|
tuple = SearchSysCache(RELOID,
|
|
|
|
|
ObjectIdGetDatum(table_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
elog(ERROR, "pg_class_aclcheck: relation %u not found", table_oid);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Deny anyone permission to update a system catalog unless
|
1998-02-26 05:46:47 +01:00
|
|
|
* pg_shadow.usecatupd is set. (This is to let superusers protect
|
1997-09-07 07:04:48 +02:00
|
|
|
* themselves from themselves.)
|
|
|
|
|
*/
|
2002-03-22 00:27:25 +01:00
|
|
|
relname = NameStr(((Form_pg_class) GETSTRUCT(tuple))->relname);
|
2001-06-05 21:34:56 +02:00
|
|
|
if ((mode & (ACL_INSERT | ACL_UPDATE | ACL_DELETE)) &&
|
1999-03-17 23:53:31 +01:00
|
|
|
!allowSystemTableMods && IsSystemRelationName(relname) &&
|
2001-06-18 18:13:21 +02:00
|
|
|
!is_temp_relname(relname) &&
|
2002-03-22 00:27:25 +01:00
|
|
|
!usecatupd)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2001-06-05 21:34:56 +02:00
|
|
|
#ifdef ACLDEBUG
|
2002-03-22 00:27:25 +01:00
|
|
|
elog(DEBUG1, "pg_class_aclcheck: catalog update: permission denied");
|
2001-06-05 21:34:56 +02:00
|
|
|
#endif
|
2000-11-16 23:30:52 +01:00
|
|
|
ReleaseSysCache(tuple);
|
1997-09-07 07:04:48 +02:00
|
|
|
return ACLCHECK_NO_PRIV;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Otherwise, superusers bypass all permission-checking.
|
|
|
|
|
*/
|
2002-03-22 00:27:25 +01:00
|
|
|
if (usesuper)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
2001-05-27 11:59:30 +02:00
|
|
|
#ifdef ACLDEBUG
|
2002-03-22 00:27:25 +01:00
|
|
|
elog(DEBUG1, "pg_class_aclcheck: %u is superuser", userid);
|
1996-07-09 08:22:35 +02:00
|
|
|
#endif
|
2000-11-16 23:30:52 +01:00
|
|
|
ReleaseSysCache(tuple);
|
1997-09-07 07:04:48 +02:00
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
}
|
1996-07-09 08:22:35 +02:00
|
|
|
|
2000-10-02 06:49:28 +02:00
|
|
|
/*
|
|
|
|
|
* Normal case: get the relation's ACL from pg_class
|
|
|
|
|
*/
|
2002-03-22 00:27:25 +01:00
|
|
|
aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
|
2000-10-02 06:49:28 +02:00
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
{
|
|
|
|
|
/* No ACL, so build default ACL for rel */
|
2000-08-01 00:39:17 +02:00
|
|
|
AclId ownerId;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
2000-08-01 00:39:17 +02:00
|
|
|
ownerId = ((Form_pg_class) GETSTRUCT(tuple))->relowner;
|
2002-02-19 00:11:58 +01:00
|
|
|
acl = acldefault(ownerId);
|
2001-06-05 21:34:56 +02:00
|
|
|
aclDatum = (Datum) 0;
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
2000-10-02 06:49:28 +02:00
|
|
|
else
|
1999-09-18 21:08:25 +02:00
|
|
|
{
|
2001-06-05 21:34:56 +02:00
|
|
|
/* detoast rel's ACL if necessary */
|
|
|
|
|
acl = DatumGetAclP(aclDatum);
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
2000-10-02 06:49:28 +02:00
|
|
|
|
2001-06-05 21:34:56 +02:00
|
|
|
result = aclcheck(acl, userid, (AclIdType) ACL_IDTYPE_UID, mode);
|
2000-11-16 23:30:52 +01:00
|
|
|
|
2001-06-05 21:34:56 +02:00
|
|
|
/* if we have a detoasted copy, free it */
|
|
|
|
|
if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
|
1997-09-07 07:04:48 +02:00
|
|
|
pfree(acl);
|
2001-06-05 21:34:56 +02:00
|
|
|
|
2000-11-16 23:30:52 +01:00
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
1998-09-01 05:29:17 +02:00
|
|
|
return result;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
/*
|
|
|
|
|
* Exported routine for checking a user's access privileges to a function
|
|
|
|
|
*
|
|
|
|
|
* Returns an ACLCHECK_* result code.
|
|
|
|
|
*/
|
|
|
|
|
int32
|
|
|
|
|
pg_proc_aclcheck(Oid proc_oid, Oid userid)
|
|
|
|
|
{
|
|
|
|
|
int32 result;
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *acl;
|
|
|
|
|
|
2002-03-22 00:27:25 +01:00
|
|
|
/* Superusers bypass all permission checking. */
|
2002-02-19 00:11:58 +01:00
|
|
|
if (superuser_arg(userid))
|
|
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
|
|
|
|
|
/*
|
2002-03-22 00:27:25 +01:00
|
|
|
* Get the function's ACL from pg_proc
|
2002-02-19 00:11:58 +01:00
|
|
|
*/
|
|
|
|
|
tuple = SearchSysCache(PROCOID,
|
|
|
|
|
ObjectIdGetDatum(proc_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
elog(ERROR, "pg_proc_aclcheck: function %u not found", proc_oid);
|
|
|
|
|
|
|
|
|
|
aclDatum = SysCacheGetAttr(PROCOID, tuple, Anum_pg_proc_proacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
{
|
|
|
|
|
/* No ACL, so build default ACL */
|
|
|
|
|
AclId ownerId;
|
|
|
|
|
|
|
|
|
|
ownerId = ((Form_pg_proc) GETSTRUCT(tuple))->proowner;
|
|
|
|
|
acl = acldefault(ownerId);
|
|
|
|
|
aclDatum = (Datum) 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* detoast ACL if necessary */
|
|
|
|
|
acl = DatumGetAclP(aclDatum);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Functions only have one kind of privilege, which is encoded as
|
|
|
|
|
* "SELECT" here.
|
|
|
|
|
*/
|
|
|
|
|
result = aclcheck(acl, userid, (AclIdType) ACL_IDTYPE_UID, ACL_SELECT);
|
|
|
|
|
|
|
|
|
|
/* if we have a detoasted copy, free it */
|
|
|
|
|
if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
|
|
|
|
|
pfree(acl);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Exported routine for checking a user's access privileges to a language
|
|
|
|
|
*
|
|
|
|
|
* Returns an ACLCHECK_* result code.
|
|
|
|
|
*/
|
|
|
|
|
int32
|
|
|
|
|
pg_language_aclcheck(Oid lang_oid, Oid userid)
|
|
|
|
|
{
|
|
|
|
|
int32 result;
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
Datum aclDatum;
|
|
|
|
|
bool isNull;
|
|
|
|
|
Acl *acl;
|
|
|
|
|
|
2002-03-22 00:27:25 +01:00
|
|
|
/* Superusers bypass all permission checking. */
|
2002-02-19 00:11:58 +01:00
|
|
|
if (superuser_arg(userid))
|
|
|
|
|
return ACLCHECK_OK;
|
|
|
|
|
|
|
|
|
|
/*
|
2002-03-22 00:27:25 +01:00
|
|
|
* Get the function's ACL from pg_language
|
2002-02-19 00:11:58 +01:00
|
|
|
*/
|
|
|
|
|
tuple = SearchSysCache(LANGOID,
|
|
|
|
|
ObjectIdGetDatum(lang_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
elog(ERROR, "pg_language_aclcheck: language %u not found", lang_oid);
|
|
|
|
|
|
|
|
|
|
aclDatum = SysCacheGetAttr(LANGOID, tuple, Anum_pg_language_lanacl,
|
|
|
|
|
&isNull);
|
|
|
|
|
if (isNull)
|
|
|
|
|
{
|
|
|
|
|
/* No ACL, so build default ACL */
|
|
|
|
|
acl = acldefault(InvalidOid);
|
|
|
|
|
aclDatum = (Datum) 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* detoast ACL if necessary */
|
|
|
|
|
acl = DatumGetAclP(aclDatum);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Languages only have one kind of privilege, which is encoded as
|
|
|
|
|
* "SELECT" here.
|
|
|
|
|
*/
|
|
|
|
|
result = aclcheck(acl, userid, (AclIdType) ACL_IDTYPE_UID, ACL_SELECT);
|
|
|
|
|
|
|
|
|
|
/* if we have a detoasted copy, free it */
|
|
|
|
|
if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
|
|
|
|
|
pfree(acl);
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
2002-03-22 00:27:25 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ownership check for a relation (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
|
|
|
|
pg_class_ownercheck(Oid class_oid, Oid userid)
|
|
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
AclId owner_id;
|
|
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(userid))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(RELOID,
|
|
|
|
|
ObjectIdGetDatum(class_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
elog(ERROR, "pg_class_ownercheck: relation %u not found", class_oid);
|
|
|
|
|
|
|
|
|
|
owner_id = ((Form_pg_class) GETSTRUCT(tuple))->relowner;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return userid == owner_id;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ownership check for a type (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
|
|
|
|
pg_type_ownercheck(Oid type_oid, Oid userid)
|
|
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
AclId owner_id;
|
|
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(userid))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(TYPEOID,
|
|
|
|
|
ObjectIdGetDatum(type_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
elog(ERROR, "pg_type_ownercheck: type %u not found", type_oid);
|
|
|
|
|
|
|
|
|
|
owner_id = ((Form_pg_type) GETSTRUCT(tuple))->typowner;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return userid == owner_id;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ownership check for an operator (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
|
|
|
|
pg_oper_ownercheck(Oid oper_oid, Oid userid)
|
|
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
AclId owner_id;
|
|
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(userid))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(OPEROID,
|
|
|
|
|
ObjectIdGetDatum(oper_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
elog(ERROR, "pg_oper_ownercheck: operator %u not found", oper_oid);
|
|
|
|
|
|
|
|
|
|
owner_id = ((Form_pg_operator) GETSTRUCT(tuple))->oprowner;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return userid == owner_id;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ownership check for a function (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
|
|
|
|
pg_proc_ownercheck(Oid proc_oid, Oid userid)
|
|
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
AclId owner_id;
|
|
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(userid))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(PROCOID,
|
|
|
|
|
ObjectIdGetDatum(proc_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
elog(ERROR, "pg_proc_ownercheck: function %u not found", proc_oid);
|
|
|
|
|
|
|
|
|
|
owner_id = ((Form_pg_proc) GETSTRUCT(tuple))->proowner;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return userid == owner_id;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ownership check for an aggregate function (specified by OID).
|
|
|
|
|
*/
|
|
|
|
|
bool
|
|
|
|
|
pg_aggr_ownercheck(Oid aggr_oid, Oid userid)
|
|
|
|
|
{
|
|
|
|
|
HeapTuple tuple;
|
|
|
|
|
AclId owner_id;
|
|
|
|
|
|
|
|
|
|
/* Superusers bypass all permission checking. */
|
|
|
|
|
if (superuser_arg(userid))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
tuple = SearchSysCache(AGGOID,
|
|
|
|
|
ObjectIdGetDatum(aggr_oid),
|
|
|
|
|
0, 0, 0);
|
|
|
|
|
if (!HeapTupleIsValid(tuple))
|
|
|
|
|
elog(ERROR, "pg_aggr_ownercheck: aggregate %u not found", aggr_oid);
|
|
|
|
|
|
|
|
|
|
owner_id = ((Form_pg_aggregate) GETSTRUCT(tuple))->aggowner;
|
|
|
|
|
|
|
|
|
|
ReleaseSysCache(tuple);
|
|
|
|
|
|
|
|
|
|
return userid == owner_id;
|
|
|
|
|
}
|
