PostgreSQL Source Code: src/backend/catalog/aclchk.c Source File (original) (raw)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
40
81#include "utils/fmgroids.h"
86
87
88
89
90typedef struct
91{
94
103
104
105
106
107
108
110
119
122
124 bool is_grant);
130 int num_col_privileges);
134 int num_col_privileges);
138 bool all_privs, AclMode privileges,
139 Oid objectId, Oid grantorId,
140 ObjectType objtype, const char *objname,
141 AttrNumber att_number, const char *colname);
148 bool *is_missing);
156 bool *is_missing);
163 bool *is_missing);
166 bool *is_missing);
168 Acl *new_acl);
170 Acl *new_acl);
171
172
173
174
175
176
177
178
179
180static Acl *
184 Oid grantorId, Oid ownerId)
185{
186 unsigned modechg;
188 Acl *new_acl;
189
191
192 new_acl = old_acl;
193
194 foreach(j, grantees)
195 {
197 Acl *newer_acl;
198
200
201
202
203
204
205
206
209 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
210 errmsg("grant options can only be granted to roles")));
211
213
214
215
216
217
218
219
220
222 (is_grant || !grant_option) ? privileges : ACL_NO_RIGHTS,
223 (!is_grant || grant_option) ? privileges : ACL_NO_RIGHTS);
224
225 newer_acl = aclupdate(new_acl, &aclitem, modechg, ownerId, behavior);
226
227
229 new_acl = newer_acl;
230 }
231
232 return new_acl;
233}
234
235
236
237
238
242 ObjectType objtype, const char *objname,
243 AttrNumber att_number, const char *colname)
244{
247
248 switch (objtype)
249 {
252 break;
255 break;
258 break;
261 break;
264 break;
267 break;
270 break;
273 break;
276 break;
279 break;
282 break;
284 elog(ERROR, "grantable rights not supported for event triggers");
285
289 break;
292 break;
293 default:
294 elog(ERROR, "unrecognized object type: %d", objtype);
295
297 }
298
299
300
301
302
303
305 {
306 if (pg_aclmask(objtype, objectId, att_number, grantorId,
309 {
312 else
314 }
315 }
316
317
318
319
320
321
322
323
325 if (is_grant)
326 {
327 if (this_privileges == 0)
328 {
331 (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
332 errmsg("no privileges were granted for column \"%s\" of relation \"%s\"",
333 colname, objname)));
334 else
336 (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
337 errmsg("no privileges were granted for \"%s\"",
338 objname)));
339 }
340 else if (!all_privs && this_privileges != privileges)
341 {
344 (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
345 errmsg("not all privileges were granted for column \"%s\" of relation \"%s\"",
346 colname, objname)));
347 else
349 (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
350 errmsg("not all privileges were granted for \"%s\"",
351 objname)));
352 }
353 }
354 else
355 {
356 if (this_privileges == 0)
357 {
360 (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
361 errmsg("no privileges could be revoked for column \"%s\" of relation \"%s\"",
362 colname, objname)));
363 else
365 (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
366 errmsg("no privileges could be revoked for \"%s\"",
367 objname)));
368 }
369 else if (!all_privs && this_privileges != privileges)
370 {
373 (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
374 errmsg("not all privileges could be revoked for column \"%s\" of relation \"%s\"",
375 colname, objname)));
376 else
378 (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
379 errmsg("not all privileges could be revoked for \"%s\"",
380 objname)));
381 }
382 }
383
384 return this_privileges;
385}
386
387
388
389
390void
392{
395 const char *errormsg;
397
398 if (stmt->grantor)
399 {
400 Oid grantor;
401
403
404
405
406
407
410 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
411 errmsg("grantor must be current user")));
412 }
413
414
415
416
419
420
421 switch (stmt->targtype)
422 {
425 stmt->is_grant);
426 break;
429 break;
430
431 default:
432 elog(ERROR, "unrecognized GrantStmt.targtype: %d",
433 (int) stmt->targtype);
434 }
435
436
437
442
443
444
445
446
447
448 foreach(cell, stmt->grantees)
449 {
451 Oid grantee_uid;
452
454 {
457 break;
458 default:
460 break;
461 }
463 }
464
465
466
467
468
469 switch (stmt->objtype)
470 {
472
473
474
475
476
477
479 errormsg = gettext_noop("invalid privilege type %s for relation");
480 break;
483 errormsg = gettext_noop("invalid privilege type %s for sequence");
484 break;
487 errormsg = gettext_noop("invalid privilege type %s for database");
488 break;
491 errormsg = gettext_noop("invalid privilege type %s for domain");
492 break;
495 errormsg = gettext_noop("invalid privilege type %s for function");
496 break;
499 errormsg = gettext_noop("invalid privilege type %s for language");
500 break;
503 errormsg = gettext_noop("invalid privilege type %s for large object");
504 break;
507 errormsg = gettext_noop("invalid privilege type %s for schema");
508 break;
511 errormsg = gettext_noop("invalid privilege type %s for procedure");
512 break;
515 errormsg = gettext_noop("invalid privilege type %s for routine");
516 break;
519 errormsg = gettext_noop("invalid privilege type %s for tablespace");
520 break;
523 errormsg = gettext_noop("invalid privilege type %s for type");
524 break;
527 errormsg = gettext_noop("invalid privilege type %s for foreign-data wrapper");
528 break;
531 errormsg = gettext_noop("invalid privilege type %s for foreign server");
532 break;
535 errormsg = gettext_noop("invalid privilege type %s for parameter");
536 break;
537 default:
538 elog(ERROR, "unrecognized GrantStmt.objtype: %d",
539 (int) stmt->objtype);
540
542 errormsg = NULL;
543 }
544
545 if (stmt->privileges == NIL)
546 {
548
549
550
551
552
554 }
555 else
556 {
559
560 foreach(cell, stmt->privileges)
561 {
564
565
566
567
568
569 if (privnode->cols)
570 {
573 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
574 errmsg("column privileges are only valid for relations")));
576 continue;
577 }
578
579 if (privnode->priv_name == NULL)
580 elog(ERROR, "AccessPriv node must specify privilege or columns");
582
583 if (priv & ~all_privileges)
585 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
587
589 }
590 }
591
593}
594
595
596
597
598
599
600static void
602{
604 {
608 break;
611 break;
615 break;
618 break;
621 break;
626 break;
629 break;
632 break;
635 break;
638 break;
641 break;
642 default:
643 elog(ERROR, "unrecognized GrantStmt.objtype: %d",
645 }
646
647
648
649
650
651
652
655}
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
678{
682
684
685 switch (objtype)
686 {
687 default:
688
689
690
691
692 foreach(cell, objnames)
693 {
695
698 }
699 break;
700
703
704
705
706
707
708
709 foreach(cell, objnames)
710 {
712 Oid relOid;
713
716 }
717 break;
718
721
722
723
724
725
726
727
728 foreach(cell, objnames)
729 {
734
736 Assert(relation == NULL);
738 }
739 break;
740
742
743
744
745
746 foreach(cell, objnames)
747 {
748
749
750
751
752
753
754
755
756
757
760
761 if ((parameterId) && is_grant)
762 {
764
765
766
767
768
769
771 }
773 objects = lappend_oid(objects, parameterId);
774 }
775 break;
776 }
777
778 return objects;
779}
780
781
782
783
784
785
786
787
790{
793
794 foreach(cell, nspnames)
795 {
797 Oid namespaceId;
799
801
802 switch (objtype)
803 {
815 break;
819 break;
823 {
825 int keycount;
829
830 keycount = 0;
832 Anum_pg_proc_pronamespace,
835
837
839 Anum_pg_proc_prokind,
844 Anum_pg_proc_prokind,
847
850
852 {
854
856 }
857
860 }
861 break;
862 default:
863
864 elog(ERROR, "unrecognized GrantStmt.objtype: %d",
865 (int) objtype);
866 }
867 }
868
869 return objects;
870}
871
872
873
874
875
876
879{
885
887 Anum_pg_class_relnamespace,
891 Anum_pg_class_relkind,
894
897
899 {
901
903 }
904
907
908 return relations;
909}
910
911
912
913
914
915void
917{
923 DefElem *drolespecs = NULL;
924 DefElem *dnspnames = NULL;
926 const char *errormsg;
927
928
929 foreach(cell, stmt->options)
930 {
932
933 if (strcmp(defel->defname, "schemas") == 0)
934 {
935 if (dnspnames)
937 dnspnames = defel;
938 }
939 else if (strcmp(defel->defname, "roles") == 0)
940 {
941 if (drolespecs)
943 drolespecs = defel;
944 }
945 else
947 }
948
949 if (dnspnames)
950 nspnames = (List *) dnspnames->arg;
951 if (drolespecs)
952 rolespecs = (List *) drolespecs->arg;
953
954
955
956
959
960
964
965
966
967
968
969
970 foreach(cell, action->grantees)
971 {
973 Oid grantee_uid;
974
976 {
979 break;
980 default:
982 break;
983 }
985 }
986
987
988
989
990
991 switch (action->objtype)
992 {
995 errormsg = gettext_noop("invalid privilege type %s for relation");
996 break;
999 errormsg = gettext_noop("invalid privilege type %s for sequence");
1000 break;
1003 errormsg = gettext_noop("invalid privilege type %s for function");
1004 break;
1007 errormsg = gettext_noop("invalid privilege type %s for procedure");
1008 break;
1011 errormsg = gettext_noop("invalid privilege type %s for routine");
1012 break;
1015 errormsg = gettext_noop("invalid privilege type %s for type");
1016 break;
1019 errormsg = gettext_noop("invalid privilege type %s for schema");
1020 break;
1023 errormsg = gettext_noop("invalid privilege type %s for large object");
1024 break;
1025 default:
1026 elog(ERROR, "unrecognized GrantStmt.objtype: %d",
1027 (int) action->objtype);
1028
1030 errormsg = NULL;
1031 }
1032
1034 {
1036
1037
1038
1039
1040
1042 }
1043 else
1044 {
1047
1048 foreach(cell, action->privileges)
1049 {
1052
1053 if (privnode->cols)
1055 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1056 errmsg("default privileges cannot be set for columns")));
1057
1058 if (privnode->priv_name == NULL)
1059 elog(ERROR, "AccessPriv node must specify privilege");
1061
1062 if (priv & ~all_privileges)
1064 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1066
1068 }
1069 }
1070
1071 if (rolespecs == NIL)
1072 {
1073
1075
1077 }
1078 else
1079 {
1080
1082
1083 foreach(rolecell, rolespecs)
1084 {
1086
1088
1091 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1092 errmsg("permission denied to change default privileges")));
1093
1095 }
1096 }
1097}
1098
1099
1100
1101
1102
1103
1104static void
1106{
1107 if (nspnames == NIL)
1108 {
1109
1111
1113 }
1114 else
1115 {
1116
1118
1119 foreach(nspcell, nspnames)
1120 {
1122
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1138 }
1139 }
1140}
1141
1142
1143
1144
1145
1146static void
1148{
1150 char objtype;
1153 bool isNew;
1154 Acl *def_acl;
1155 Acl *old_acl;
1156 Acl *new_acl;
1158 int noldmembers;
1159 int nnewmembers;
1160 Oid *oldmembers;
1161 Oid *newmembers;
1162
1164
1165
1166
1167
1168
1169
1170
1173 else
1175
1176
1177
1178
1179
1181 {
1183 objtype = DEFACLOBJ_RELATION;
1186 break;
1187
1189 objtype = DEFACLOBJ_SEQUENCE;
1192 break;
1193
1195 objtype = DEFACLOBJ_FUNCTION;
1198 break;
1199
1201 objtype = DEFACLOBJ_TYPE;
1204 break;
1205
1209 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1210 errmsg("cannot use IN SCHEMA clause when using %s",
1211 "GRANT/REVOKE ON SCHEMAS")));
1212 objtype = DEFACLOBJ_NAMESPACE;
1215 break;
1216
1220 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1221 errmsg("cannot use IN SCHEMA clause when using %s",
1222 "GRANT/REVOKE ON LARGE OBJECTS")));
1223 objtype = DEFACLOBJ_LARGEOBJECT;
1226 break;
1227
1228 default:
1229 elog(ERROR, "unrecognized object type: %d",
1231 objtype = 0;
1232 break;
1233 }
1234
1235
1240
1242 {
1244 bool isNull;
1245
1247 Anum_pg_default_acl_defaclacl,
1248 &isNull);
1249 if (!isNull)
1251 else
1252 old_acl = NULL;
1253 isNew = false;
1254 }
1255 else
1256 {
1257 old_acl = NULL;
1258 isNew = true;
1259 }
1260
1261 if (old_acl != NULL)
1262 {
1263
1264
1265
1266
1267
1268 noldmembers = aclmembers(old_acl, &oldmembers);
1269 }
1270 else
1271 {
1272
1273 old_acl = aclcopy(def_acl);
1274
1275 noldmembers = 0;
1276 oldmembers = NULL;
1277 }
1278
1279
1280
1281
1282
1288 this_privileges,
1291
1292
1293
1294
1295
1296
1299 if (aclequal(new_acl, def_acl))
1300 {
1301
1302 if (!isNew)
1303 {
1305
1306
1307
1308
1309
1310
1311 myself.classId = DefaultAclRelationId;
1314
1316 }
1317 }
1318 else
1319 {
1320 Datum values[Natts_pg_default_acl] = {0};
1321 bool nulls[Natts_pg_default_acl] = {0};
1322 bool replaces[Natts_pg_default_acl] = {0};
1323 Oid defAclOid;
1324
1325 if (isNew)
1326 {
1327
1329 Anum_pg_default_acl_oid);
1333 values[Anum_pg_default_acl_defaclobjtype - 1] = CharGetDatum(objtype);
1335
1338 }
1339 else
1340 {
1342
1343
1345 replaces[Anum_pg_default_acl_defaclacl - 1] = true;
1346
1348 values, nulls, replaces);
1350 }
1351
1352
1353 if (isNew)
1354 {
1355
1358
1359
1361 {
1363 referenced;
1364
1365 myself.classId = DefaultAclRelationId;
1366 myself.objectId = defAclOid;
1368
1369 referenced.classId = NamespaceRelationId;
1372
1374 }
1375 }
1376
1377
1378
1379
1380 nnewmembers = aclmembers(new_acl, &newmembers);
1381
1383 defAclOid, 0,
1385 noldmembers, oldmembers,
1386 nnewmembers, newmembers);
1387
1388 if (isNew)
1390 else
1392 }
1393
1396
1398
1399
1401}
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421void
1423{
1424 if (classid == DefaultAclRelationId)
1425 {
1432
1433
1435
1437 Anum_pg_default_acl_oid,
1440
1442 NULL, 1, skey);
1443
1445
1447 elog(ERROR, "could not find tuple for default ACL %u", objid);
1448
1450
1451 iacls.roleid = pg_default_acl_tuple->defaclrole;
1452 iacls.nspid = pg_default_acl_tuple->defaclnamespace;
1453
1454 switch (pg_default_acl_tuple->defaclobjtype)
1455 {
1456 case DEFACLOBJ_RELATION:
1458 break;
1459 case DEFACLOBJ_SEQUENCE:
1461 break;
1462 case DEFACLOBJ_FUNCTION:
1464 break;
1465 case DEFACLOBJ_TYPE:
1467 break;
1468 case DEFACLOBJ_NAMESPACE:
1470 break;
1471 case DEFACLOBJ_LARGEOBJECT:
1473 break;
1474 default:
1475
1476 elog(ERROR, "unexpected default ACL type: %d",
1477 (int) pg_default_acl_tuple->defaclobjtype);
1478 break;
1479 }
1480
1483
1490
1491
1493 }
1494 else
1495 {
1497
1498 switch (classid)
1499 {
1500 case RelationRelationId:
1501
1503 break;
1504 case DatabaseRelationId:
1506 break;
1507 case TypeRelationId:
1509 break;
1510 case ProcedureRelationId:
1512 break;
1513 case LanguageRelationId:
1515 break;
1516 case LargeObjectRelationId:
1518 break;
1519 case NamespaceRelationId:
1521 break;
1522 case TableSpaceRelationId:
1524 break;
1525 case ForeignServerRelationId:
1527 break;
1528 case ForeignDataWrapperRelationId:
1530 break;
1531 case ParameterAclRelationId:
1533 break;
1534 default:
1535 elog(ERROR, "unexpected object class %u", classid);
1536 break;
1537 }
1546
1548 }
1549}
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559static void
1561 AclMode this_privileges,
1562 AclMode *col_privileges,
1563 int num_col_privileges)
1564{
1566
1567 foreach(cell, colnames)
1568 {
1571
1575 (errcode(ERRCODE_UNDEFINED_COLUMN),
1576 errmsg("column \"%s\" of relation \"%s\" does not exist",
1579 if (attnum <= 0 || attnum >= num_col_privileges)
1580 elog(ERROR, "column number out of range");
1581 col_privileges[attnum] |= this_privileges;
1582 }
1583}
1584
1585
1586
1587
1588
1589
1590
1591
1592static void
1594 AclMode this_privileges,
1595 AclMode *col_privileges,
1596 int num_col_privileges)
1597{
1599
1602 curr_att <= classForm->relnatts;
1603 curr_att++)
1604 {
1606 bool isdropped;
1607
1609 continue;
1610
1611
1612 if (classForm->relkind == RELKIND_VIEW && curr_att < 0)
1613 continue;
1614
1619 elog(ERROR, "cache lookup failed for attribute %d of relation %u",
1620 curr_att, table_oid);
1621
1623
1625
1626
1627 if (isdropped)
1628 continue;
1629
1631 }
1632}
1633
1634
1635
1636
1637
1638static void
1641 Relation attRelation, const Acl *old_rel_acl)
1642{
1645 Acl *old_acl;
1646 Acl *new_acl;
1647 Acl *merged_acl;
1649 bool isNull;
1650 Oid grantorId;
1652 bool need_update;
1655 bool nulls[Natts_pg_attribute] = {0};
1656 bool replaces[Natts_pg_attribute] = {0};
1657 int noldmembers;
1658 int nnewmembers;
1659 Oid *oldmembers;
1660 Oid *newmembers;
1661
1666 elog(ERROR, "cache lookup failed for attribute %d of relation %u",
1669
1670
1671
1672
1673
1674 aclDatum = SysCacheGetAttr(ATTNUM, attr_tuple, Anum_pg_attribute_attacl,
1675 &isNull);
1676 if (isNull)
1677 {
1679
1680 noldmembers = 0;
1681 oldmembers = NULL;
1682 }
1683 else
1684 {
1686
1687 noldmembers = aclmembers(old_acl, &oldmembers);
1688 }
1689
1690
1691
1692
1693
1694
1695
1696 merged_acl = aclconcat(old_rel_acl, old_acl);
1697
1698
1700 merged_acl, ownerId,
1701 &grantorId, &avail_goptions);
1702
1703 pfree(merged_acl);
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713 col_privileges =
1716 col_privileges,
1719 NameStr(pg_attribute_tuple->attname));
1720
1721
1722
1723
1727 col_privileges, grantorId,
1728 ownerId);
1729
1730
1731
1732
1733
1734 nnewmembers = aclmembers(new_acl, &newmembers);
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745 if (ACL_NUM(new_acl) > 0)
1746 {
1748 need_update = true;
1749 }
1750 else
1751 {
1752 nulls[Anum_pg_attribute_attacl - 1] = true;
1753 need_update = !isNull;
1754 }
1755 replaces[Anum_pg_attribute_attacl - 1] = true;
1756
1757 if (need_update)
1758 {
1760 values, nulls, replaces);
1761
1763
1764
1766 ACL_NUM(new_acl) > 0 ? new_acl : NULL);
1767
1768
1770 ownerId,
1771 noldmembers, oldmembers,
1772 nnewmembers, newmembers);
1773 }
1774
1776
1778}
1779
1780
1781
1782
1783static void
1785{
1789
1792
1793 foreach(cell, istmt->objects)
1794 {
1798 bool isNull;
1799 AclMode this_privileges;
1800 AclMode *col_privileges;
1801 int num_col_privileges;
1802 bool have_col_privileges;
1803 Acl *old_acl;
1804 Acl *old_rel_acl;
1805 int noldmembers;
1806 Oid *oldmembers;
1807 Oid ownerId;
1810
1813 elog(ERROR, "cache lookup failed for relation %u", relOid);
1815
1816
1817 if (pg_class_tuple->relkind == RELKIND_INDEX ||
1818 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX)
1820 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1821 errmsg("\"%s\" is an index",
1822 NameStr(pg_class_tuple->relname))));
1823
1824
1825 if (pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
1827 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1828 errmsg("\"%s\" is a composite type",
1829 NameStr(pg_class_tuple->relname))));
1830
1831
1833 pg_class_tuple->relkind != RELKIND_SEQUENCE)
1835 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1836 errmsg("\"%s\" is not a sequence",
1837 NameStr(pg_class_tuple->relname))));
1838
1839
1841 {
1842 if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1844 else
1846 }
1847 else
1848 this_privileges = istmt->privileges;
1849
1850
1851
1852
1853
1854
1855
1857 {
1858 if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1859 {
1860
1861
1862
1863
1864
1866 {
1867
1868
1869
1870
1871
1873 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1874 errmsg("sequence \"%s\" only supports USAGE, SELECT, and UPDATE privileges",
1875 NameStr(pg_class_tuple->relname))));
1877 }
1878 }
1879 else
1880 {
1882 {
1883
1884
1885
1886
1887
1888
1890 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1891 errmsg("invalid privilege type %s for table",
1892 "USAGE")));
1893 }
1894 }
1895 }
1896
1897
1898
1899
1900
1901
1904 have_col_privileges = false;
1905
1906
1907
1908
1909
1910
1911
1912
1915 {
1918 col_privileges,
1919 num_col_privileges);
1920 have_col_privileges = true;
1921 }
1922
1923
1924
1925
1926
1927 ownerId = pg_class_tuple->relowner;
1928 aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
1929 &isNull);
1930 if (isNull)
1931 {
1932 switch (pg_class_tuple->relkind)
1933 {
1934 case RELKIND_SEQUENCE:
1936 break;
1937 default:
1939 break;
1940 }
1941
1942 noldmembers = 0;
1943 oldmembers = NULL;
1944 }
1945 else
1946 {
1948
1949 noldmembers = aclmembers(old_acl, &oldmembers);
1950 }
1951
1952
1953 old_rel_acl = aclcopy(old_acl);
1954
1955
1956
1957
1959 {
1961 Acl *new_acl;
1962 Oid grantorId;
1965 bool nulls[Natts_pg_class] = {0};
1966 bool replaces[Natts_pg_class] = {0};
1967 int nnewmembers;
1968 Oid *newmembers;
1970
1971
1973 old_acl, ownerId,
1974 &grantorId, &avail_goptions);
1975
1976 switch (pg_class_tuple->relkind)
1977 {
1978 case RELKIND_SEQUENCE:
1980 break;
1981 default:
1983 break;
1984 }
1985
1986
1987
1988
1989
1990 this_privileges =
1992 istmt->all_privs, this_privileges,
1993 relOid, grantorId, objtype,
1994 NameStr(pg_class_tuple->relname),
1995 0, NULL);
1996
1997
1998
1999
2005 this_privileges,
2006 grantorId,
2007 ownerId);
2008
2009
2010
2011
2012
2013 nnewmembers = aclmembers(new_acl, &newmembers);
2014
2015
2016 replaces[Anum_pg_class_relacl - 1] = true;
2018
2020 values, nulls, replaces);
2021
2024
2025
2027
2028
2030 ownerId,
2031 noldmembers, oldmembers,
2032 nnewmembers, newmembers);
2033
2035 }
2036 else
2038
2039
2040
2041
2042
2043
2044 foreach(cell_colprivs, istmt->col_privs)
2045 {
2047
2048 if (col_privs->priv_name == NULL)
2050 else
2052
2055 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2056 errmsg("invalid privilege type %s for column",
2058
2059 if (pg_class_tuple->relkind == RELKIND_SEQUENCE &&
2061 {
2062
2063
2064
2065
2066
2068 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2069 errmsg("sequence \"%s\" only supports SELECT column privileges",
2070 NameStr(pg_class_tuple->relname))));
2071
2073 }
2074
2076 this_privileges,
2077 col_privileges,
2078 num_col_privileges);
2079 have_col_privileges = true;
2080 }
2081
2082 if (have_col_privileges)
2083 {
2085
2086 for (i = 0; i < num_col_privileges; i++)
2087 {
2089 continue;
2091 relOid,
2092 NameStr(pg_class_tuple->relname),
2094 ownerId,
2095 col_privileges[i],
2096 attRelation,
2097 old_rel_acl);
2098 }
2099 }
2100
2101 pfree(old_rel_acl);
2102 pfree(col_privileges);
2103
2105
2106
2108 }
2109
2112}
2113
2114static void
2117{
2118 int cacheid;
2121
2124
2126
2128
2129 foreach(cell, istmt->objects)
2130 {
2133 Datum nameDatum;
2134 bool isNull;
2136 AclMode this_privileges;
2137 Acl *old_acl;
2138 Acl *new_acl;
2139 Oid grantorId;
2140 Oid ownerId;
2146 int noldmembers;
2147 int nnewmembers;
2148 Oid *oldmembers;
2149 Oid *newmembers;
2150
2154
2155
2156
2157
2158 if (object_check)
2159 object_check(istmt, tuple);
2160
2161
2162
2163
2164
2166 tuple,
2169 tuple,
2171 &isNull);
2172 if (isNull)
2173 {
2175
2176 noldmembers = 0;
2177 oldmembers = NULL;
2178 }
2179 else
2180 {
2182
2183 noldmembers = aclmembers(old_acl, &oldmembers);
2184 }
2185
2186
2188 old_acl, ownerId,
2189 &grantorId, &avail_goptions);
2190
2193
2194
2195
2196
2197
2198 this_privileges =
2201 objectid, grantorId, get_object_type(classid, objectid),
2203 0, NULL);
2204
2205
2206
2207
2210 istmt->grantees, this_privileges,
2211 grantorId, ownerId);
2212
2213
2214
2215
2216
2217 nnewmembers = aclmembers(new_acl, &newmembers);
2218
2219
2222
2224 nulls, replaces);
2225
2228
2229
2231
2232
2234 objectid, 0,
2235 ownerId,
2236 noldmembers, oldmembers,
2237 nnewmembers, newmembers);
2238
2240
2242
2243
2245 }
2246
2248}
2249
2250static void
2252{
2254
2256
2257 if (!pg_language_tuple->lanpltrusted)
2259 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2260 errmsg("language \"%s\" is not trusted",
2261 NameStr(pg_language_tuple->lanname)),
2262 errdetail("GRANT and REVOKE are not allowed on untrusted languages, "
2263 "because only superusers can use untrusted languages.")));
2264}
2265
2266static void
2268{
2271
2274
2275 relation = table_open(LargeObjectMetadataRelationId,
2277
2278 foreach(cell, istmt->objects)
2279 {
2284 bool isNull;
2286 AclMode this_privileges;
2287 Acl *old_acl;
2288 Acl *new_acl;
2289 Oid grantorId;
2290 Oid ownerId;
2292 Datum values[Natts_pg_largeobject_metadata] = {0};
2293 bool nulls[Natts_pg_largeobject_metadata] = {0};
2294 bool replaces[Natts_pg_largeobject_metadata] = {0};
2295 int noldmembers;
2296 int nnewmembers;
2297 Oid *oldmembers;
2298 Oid *newmembers;
2302
2303
2305 Anum_pg_largeobject_metadata_oid,
2308
2310 LargeObjectMetadataOidIndexId, true,
2311 NULL, 1, entry);
2312
2315 elog(ERROR, "could not find tuple for large object %u", loid);
2316
2318
2319
2320
2321
2322
2323 ownerId = form_lo_meta->lomowner;
2325 Anum_pg_largeobject_metadata_lomacl,
2327 if (isNull)
2328 {
2330
2331 noldmembers = 0;
2332 oldmembers = NULL;
2333 }
2334 else
2335 {
2337
2338 noldmembers = aclmembers(old_acl, &oldmembers);
2339 }
2340
2341
2343 old_acl, ownerId,
2344 &grantorId, &avail_goptions);
2345
2346
2347
2348
2349
2350 snprintf(loname, sizeof(loname), "large object %u", loid);
2351 this_privileges =
2355 loname, 0, NULL);
2356
2357
2358
2359
2362 istmt->grantees, this_privileges,
2363 grantorId, ownerId);
2364
2365
2366
2367
2368
2369 nnewmembers = aclmembers(new_acl, &newmembers);
2370
2371
2372 replaces[Anum_pg_largeobject_metadata_lomacl - 1] = true;
2373 values[Anum_pg_largeobject_metadata_lomacl - 1]
2375
2377 values, nulls, replaces);
2378
2380
2381
2383
2384
2386 form_lo_meta->oid, 0,
2387 ownerId,
2388 noldmembers, oldmembers,
2389 nnewmembers, newmembers);
2390
2392
2394
2395
2397 }
2398
2400}
2401
2402static void
2404{
2406
2408
2409
2410 if (IsTrueArrayType(pg_type_tuple))
2412 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2413 errmsg("cannot set privileges of array types"),
2414 errhint("Set the privileges of the element type instead.")));
2415 if (pg_type_tuple->typtype == TYPTYPE_MULTIRANGE)
2417 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2418 errmsg("cannot set privileges of multirange types"),
2419 errhint("Set the privileges of the range type instead.")));
2420}
2421
2422static void
2424{
2427
2430
2432
2433 foreach(cell, istmt->objects)
2434 {
2436 Datum nameDatum;
2437 const char *parname;
2439 bool isNull;
2441 AclMode this_privileges;
2442 Acl *old_acl;
2443 Acl *new_acl;
2444 Oid grantorId;
2445 Oid ownerId;
2447 int noldmembers;
2448 int nnewmembers;
2449 Oid *oldmembers;
2450 Oid *newmembers;
2451
2454 elog(ERROR, "cache lookup failed for parameter ACL %u",
2455 parameterId);
2456
2457
2459 Anum_pg_parameter_acl_parname);
2461
2462
2463 ownerId = BOOTSTRAP_SUPERUSERID;
2464
2465
2466
2467
2468
2470 Anum_pg_parameter_acl_paracl,
2471 &isNull);
2472
2473 if (isNull)
2474 {
2476
2477 noldmembers = 0;
2478 oldmembers = NULL;
2479 }
2480 else
2481 {
2483
2484 noldmembers = aclmembers(old_acl, &oldmembers);
2485 }
2486
2487
2489 old_acl, ownerId,
2490 &grantorId, &avail_goptions);
2491
2492
2493
2494
2495
2496 this_privileges =
2499 parameterId, grantorId,
2501 parname,
2502 0, NULL);
2503
2504
2505
2506
2509 istmt->grantees, this_privileges,
2510 grantorId, ownerId);
2511
2512
2513
2514
2515
2516 nnewmembers = aclmembers(new_acl, &newmembers);
2517
2518
2519
2520
2521
2522
2524 {
2526 }
2527 else
2528 {
2529
2531 Datum values[Natts_pg_parameter_acl] = {0};
2532 bool nulls[Natts_pg_parameter_acl] = {0};
2533 bool replaces[Natts_pg_parameter_acl] = {0};
2534
2535 replaces[Anum_pg_parameter_acl_paracl - 1] = true;
2537
2539 values, nulls, replaces);
2540
2542 }
2543
2544
2546 new_acl);
2547
2548
2550 ownerId,
2551 noldmembers, oldmembers,
2552 nnewmembers, newmembers);
2553
2556
2557
2559 }
2560
2562}
2563
2564
2567{
2568 if (strcmp(privname, "insert") == 0)
2570 if (strcmp(privname, "select") == 0)
2572 if (strcmp(privname, "update") == 0)
2574 if (strcmp(privname, "delete") == 0)
2576 if (strcmp(privname, "truncate") == 0)
2578 if (strcmp(privname, "references") == 0)
2580 if (strcmp(privname, "trigger") == 0)
2582 if (strcmp(privname, "execute") == 0)
2584 if (strcmp(privname, "usage") == 0)
2586 if (strcmp(privname, "create") == 0)
2588 if (strcmp(privname, "temporary") == 0)
2590 if (strcmp(privname, "temp") == 0)
2592 if (strcmp(privname, "connect") == 0)
2594 if (strcmp(privname, "set") == 0)
2596 if (strcmp(privname, "alter system") == 0)
2598 if (strcmp(privname, "maintain") == 0)
2601 (errcode(ERRCODE_SYNTAX_ERROR),
2602 errmsg("unrecognized privilege type \"%s\"", privname)));
2603 return 0;
2604}
2605
2606static const char *
2608{
2609 switch (privilege)
2610 {
2612 return "INSERT";
2614 return "SELECT";
2616 return "UPDATE";
2618 return "DELETE";
2620 return "TRUNCATE";
2622 return "REFERENCES";
2624 return "TRIGGER";
2626 return "EXECUTE";
2628 return "USAGE";
2630 return "CREATE";
2632 return "TEMP";
2634 return "CONNECT";
2636 return "SET";
2638 return "ALTER SYSTEM";
2640 return "MAINTAIN";
2641 default:
2642 elog(ERROR, "unrecognized privilege: %d", (int) privilege);
2643 }
2644 return NULL;
2645}
2646
2647
2648
2649
2650
2651
2652
2653void
2655 const char *objectname)
2656{
2657 switch (aclerr)
2658 {
2660
2661 break;
2663 {
2664 const char *msg = "???";
2665
2666 switch (objtype)
2667 {
2669 msg = gettext_noop("permission denied for aggregate %s");
2670 break;
2672 msg = gettext_noop("permission denied for collation %s");
2673 break;
2675 msg = gettext_noop("permission denied for column %s");
2676 break;
2678 msg = gettext_noop("permission denied for conversion %s");
2679 break;
2681 msg = gettext_noop("permission denied for database %s");
2682 break;
2684 msg = gettext_noop("permission denied for domain %s");
2685 break;
2687 msg = gettext_noop("permission denied for event trigger %s");
2688 break;
2690 msg = gettext_noop("permission denied for extension %s");
2691 break;
2693 msg = gettext_noop("permission denied for foreign-data wrapper %s");
2694 break;
2696 msg = gettext_noop("permission denied for foreign server %s");
2697 break;
2699 msg = gettext_noop("permission denied for foreign table %s");
2700 break;
2702 msg = gettext_noop("permission denied for function %s");
2703 break;
2705 msg = gettext_noop("permission denied for index %s");
2706 break;
2708 msg = gettext_noop("permission denied for language %s");
2709 break;
2711 msg = gettext_noop("permission denied for large object %s");
2712 break;
2714 msg = gettext_noop("permission denied for materialized view %s");
2715 break;
2717 msg = gettext_noop("permission denied for operator class %s");
2718 break;
2720 msg = gettext_noop("permission denied for operator %s");
2721 break;
2723 msg = gettext_noop("permission denied for operator family %s");
2724 break;
2726 msg = gettext_noop("permission denied for parameter %s");
2727 break;
2729 msg = gettext_noop("permission denied for policy %s");
2730 break;
2732 msg = gettext_noop("permission denied for procedure %s");
2733 break;
2735 msg = gettext_noop("permission denied for publication %s");
2736 break;
2738 msg = gettext_noop("permission denied for routine %s");
2739 break;
2741 msg = gettext_noop("permission denied for schema %s");
2742 break;
2744 msg = gettext_noop("permission denied for sequence %s");
2745 break;
2747 msg = gettext_noop("permission denied for statistics object %s");
2748 break;
2750 msg = gettext_noop("permission denied for subscription %s");
2751 break;
2753 msg = gettext_noop("permission denied for table %s");
2754 break;
2756 msg = gettext_noop("permission denied for tablespace %s");
2757 break;
2759 msg = gettext_noop("permission denied for text search configuration %s");
2760 break;
2762 msg = gettext_noop("permission denied for text search dictionary %s");
2763 break;
2765 msg = gettext_noop("permission denied for type %s");
2766 break;
2768 msg = gettext_noop("permission denied for view %s");
2769 break;
2770
2789 elog(ERROR, "unsupported object type: %d", objtype);
2790 }
2791
2793 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2794 errmsg(msg, objectname)));
2795 break;
2796 }
2798 {
2799 const char *msg = "???";
2800
2801 switch (objtype)
2802 {
2804 msg = gettext_noop("must be owner of aggregate %s");
2805 break;
2807 msg = gettext_noop("must be owner of collation %s");
2808 break;
2810 msg = gettext_noop("must be owner of conversion %s");
2811 break;
2813 msg = gettext_noop("must be owner of database %s");
2814 break;
2816 msg = gettext_noop("must be owner of domain %s");
2817 break;
2819 msg = gettext_noop("must be owner of event trigger %s");
2820 break;
2822 msg = gettext_noop("must be owner of extension %s");
2823 break;
2825 msg = gettext_noop("must be owner of foreign-data wrapper %s");
2826 break;
2828 msg = gettext_noop("must be owner of foreign server %s");
2829 break;
2831 msg = gettext_noop("must be owner of foreign table %s");
2832 break;
2834 msg = gettext_noop("must be owner of function %s");
2835 break;
2837 msg = gettext_noop("must be owner of index %s");
2838 break;
2840 msg = gettext_noop("must be owner of language %s");
2841 break;
2843 msg = gettext_noop("must be owner of large object %s");
2844 break;
2846 msg = gettext_noop("must be owner of materialized view %s");
2847 break;
2849 msg = gettext_noop("must be owner of operator class %s");
2850 break;
2852 msg = gettext_noop("must be owner of operator %s");
2853 break;
2855 msg = gettext_noop("must be owner of operator family %s");
2856 break;
2858 msg = gettext_noop("must be owner of procedure %s");
2859 break;
2861 msg = gettext_noop("must be owner of publication %s");
2862 break;
2864 msg = gettext_noop("must be owner of routine %s");
2865 break;
2867 msg = gettext_noop("must be owner of sequence %s");
2868 break;
2870 msg = gettext_noop("must be owner of subscription %s");
2871 break;
2873 msg = gettext_noop("must be owner of table %s");
2874 break;
2876 msg = gettext_noop("must be owner of type %s");
2877 break;
2879 msg = gettext_noop("must be owner of view %s");
2880 break;
2882 msg = gettext_noop("must be owner of schema %s");
2883 break;
2885 msg = gettext_noop("must be owner of statistics object %s");
2886 break;
2888 msg = gettext_noop("must be owner of tablespace %s");
2889 break;
2891 msg = gettext_noop("must be owner of text search configuration %s");
2892 break;
2894 msg = gettext_noop("must be owner of text search dictionary %s");
2895 break;
2896
2897
2898
2899
2900
2901
2902
2908 msg = gettext_noop("must be owner of relation %s");
2909 break;
2910
2927 elog(ERROR, "unsupported object type: %d", objtype);
2928 }
2929
2931 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2932 errmsg(msg, objectname)));
2933 break;
2934 }
2935 default:
2936 elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
2937 break;
2938 }
2939}
2940
2941
2942void
2944 const char *objectname, const char *colname)
2945{
2946 switch (aclerr)
2947 {
2949
2950 break;
2953 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2954 errmsg("permission denied for column \"%s\" of relation \"%s\"",
2955 colname, objectname)));
2956 break;
2958
2960 break;
2961 default:
2962 elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
2963 break;
2964 }
2965}
2966
2967
2968
2969
2970
2971
2972void
2974{
2976
2978}
2979
2980
2981
2982
2983
2987{
2988 switch (objtype)
2989 {
2991 return
2998 return object_aclmask(DatabaseRelationId, object_oid, roleid, mask, how);
3000 return object_aclmask(ProcedureRelationId, object_oid, roleid, mask, how);
3002 return object_aclmask(LanguageRelationId, object_oid, roleid, mask, how);
3005 mask, how, NULL);
3009 return object_aclmask(NamespaceRelationId, object_oid, roleid, mask, how);
3011 elog(ERROR, "grantable rights not supported for statistics objects");
3012
3015 return object_aclmask(TableSpaceRelationId, object_oid, roleid, mask, how);
3017 return object_aclmask(ForeignDataWrapperRelationId, object_oid, roleid, mask, how);
3019 return object_aclmask(ForeignServerRelationId, object_oid, roleid, mask, how);
3021 elog(ERROR, "grantable rights not supported for event triggers");
3022
3025 return object_aclmask(TypeRelationId, object_oid, roleid, mask, how);
3026 default:
3027 elog(ERROR, "unrecognized object type: %d",
3028 (int) objtype);
3029
3031 }
3032}
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3048{
3049 return object_aclmask_ext(classid, objectid, roleid, mask, how, NULL);
3050}
3051
3052
3053
3054
3055
3059 bool *is_missing)
3060{
3061 int cacheid;
3065 bool isNull;
3066 Acl *acl;
3067 Oid ownerId;
3068
3069
3070 switch (classid)
3071 {
3072 case NamespaceRelationId:
3074 is_missing);
3075 case TypeRelationId:
3077 is_missing);
3078 }
3079
3080
3081 Assert(classid != RelationRelationId);
3082 Assert(classid != LargeObjectMetadataRelationId);
3083
3084
3085
3087 return mask;
3088
3089
3090
3091
3092
3094
3097 {
3098 if (is_missing != NULL)
3099 {
3100
3101 *is_missing = true;
3102 return 0;
3103 }
3104 else
3105 elog(ERROR, "cache lookup failed for %s %u",
3107 }
3108
3110 tuple,
3112
3114 &isNull);
3115 if (isNull)
3116 {
3117
3119 aclDatum = (Datum) 0;
3120 }
3121 else
3122 {
3123
3125 }
3126
3127 result = aclmask(acl, roleid, ownerId, mask, how);
3128
3129
3132
3134
3135 return result;
3136}
3137
3138
3139
3140
3141
3142
3143
3144
3145
3149{
3151 mask, how, NULL);
3152}
3153
3154
3155
3156
3160{
3167 bool isNull;
3168 Acl *acl;
3169 Oid ownerId;
3170
3171
3172
3173
3178 {
3179 if (is_missing != NULL)
3180 {
3181
3182 *is_missing = true;
3183 return 0;
3184 }
3185 else
3187 (errcode(ERRCODE_UNDEFINED_COLUMN),
3188 errmsg("attribute %d of relation with OID %u does not exist",
3189 attnum, table_oid)));
3190 }
3191
3193
3194
3195 if (attributeForm->attisdropped)
3196 {
3197 if (is_missing != NULL)
3198 {
3199
3200 *is_missing = true;
3202 return 0;
3203 }
3204 else
3206 (errcode(ERRCODE_UNDEFINED_COLUMN),
3207 errmsg("attribute %d of relation with OID %u does not exist",
3208 attnum, table_oid)));
3209 }
3210
3211 aclDatum = SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
3212 &isNull);
3213
3214
3215
3216
3217
3218
3219 if (isNull)
3220 {
3222 return 0;
3223 }
3224
3225
3226
3227
3228
3229
3230
3231
3234 {
3236 if (is_missing != NULL)
3237 {
3238
3239 *is_missing = true;
3240 return 0;
3241 }
3242 else
3245 errmsg("relation with OID %u does not exist",
3246 table_oid)));
3247 }
3249
3250 ownerId = classForm->relowner;
3251
3253
3254
3256
3257 result = aclmask(acl, roleid, ownerId, mask, how);
3258
3259
3262
3264
3265 return result;
3266}
3267
3268
3269
3270
3274{
3276}
3277
3278
3279
3280
3284{
3289 bool isNull;
3290 Acl *acl;
3291 Oid ownerId;
3292
3293
3294
3295
3298 {
3299 if (is_missing != NULL)
3300 {
3301
3302 *is_missing = true;
3303 return 0;
3304 }
3305 else
3308 errmsg("relation with OID %u does not exist",
3309 table_oid)));
3310 }
3311
3313
3314
3315
3316
3317
3318
3319
3320
3321
3324 classForm->relkind != RELKIND_VIEW &&
3327
3328
3329
3330
3332 {
3334 return mask;
3335 }
3336
3337
3338
3339
3340 ownerId = classForm->relowner;
3341
3342 aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
3343 &isNull);
3344 if (isNull)
3345 {
3346
3347 switch (classForm->relkind)
3348 {
3349 case RELKIND_SEQUENCE:
3351 break;
3352 default:
3354 break;
3355 }
3356 aclDatum = (Datum) 0;
3357 }
3358 else
3359 {
3360
3362 }
3363
3364 result = aclmask(acl, roleid, ownerId, mask, how);
3365
3366
3369
3371
3372
3373
3374
3375
3376
3380
3381
3382
3383
3384
3385
3386
3387
3392
3393
3394
3395
3396
3397
3398
3403
3404 return result;
3405}
3406
3407
3408
3409
3410
3413{
3415 char *parname;
3416 text *partext;
3418
3419
3421 return mask;
3422
3423
3426
3427
3429
3431 {
3432
3434 }
3435 else
3436 {
3438 bool isNull;
3439 Acl *acl;
3440
3442 Anum_pg_parameter_acl_paracl,
3443 &isNull);
3444 if (isNull)
3445 {
3446
3448 aclDatum = (Datum) 0;
3449 }
3450 else
3451 {
3452
3454 }
3455
3456 result = aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3457
3458
3461
3463 }
3464
3467
3468 return result;
3469}
3470
3471
3472
3473
3474
3477{
3481 bool isNull;
3482 Acl *acl;
3483
3484
3486 return mask;
3487
3488
3492 (errcode(ERRCODE_UNDEFINED_OBJECT),
3493 errmsg("parameter ACL with OID %u does not exist",
3494 acl_oid)));
3495
3497 Anum_pg_parameter_acl_paracl,
3498 &isNull);
3499 if (isNull)
3500 {
3501
3503 aclDatum = (Datum) 0;
3504 }
3505 else
3506 {
3507
3509 }
3510
3511 result = aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3512
3513
3516
3518
3519 return result;
3520}
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
3532
3533
3538{
3545 bool isNull;
3546 Acl *acl;
3547 Oid ownerId;
3548
3549
3551 return mask;
3552
3553
3554
3555
3556 pg_lo_meta = table_open(LargeObjectMetadataRelationId,
3558
3560 Anum_pg_largeobject_metadata_oid,
3563
3565 LargeObjectMetadataOidIndexId, true,
3566 snapshot, 1, entry);
3567
3571 (errcode(ERRCODE_UNDEFINED_OBJECT),
3572 errmsg("large object %u does not exist", lobj_oid)));
3573
3575
3576 aclDatum = heap_getattr(tuple, Anum_pg_largeobject_metadata_lomacl,
3578
3579 if (isNull)
3580 {
3581
3583 aclDatum = (Datum) 0;
3584 }
3585 else
3586 {
3587
3589 }
3590
3591 result = aclmask(acl, roleid, ownerId, mask, how);
3592
3593
3596
3598
3600
3601 return result;
3602}
3603
3604
3605
3606
3610 bool *is_missing)
3611{
3615 bool isNull;
3616 Acl *acl;
3617 Oid ownerId;
3618
3619
3621 return mask;
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640
3641
3643 {
3647 else
3649 }
3650
3651
3652
3653
3656 {
3657 if (is_missing != NULL)
3658 {
3659
3660 *is_missing = true;
3661 return 0;
3662 }
3663 else
3665 (errcode(ERRCODE_UNDEFINED_SCHEMA),
3666 errmsg("schema with OID %u does not exist", nsp_oid)));
3667 }
3668
3670
3671 aclDatum = SysCacheGetAttr(NAMESPACEOID, tuple, Anum_pg_namespace_nspacl,
3672 &isNull);
3673 if (isNull)
3674 {
3675
3677 aclDatum = (Datum) 0;
3678 }
3679 else
3680 {
3681
3683 }
3684
3685 result = aclmask(acl, roleid, ownerId, mask, how);
3686
3687
3690
3692
3693
3694
3695
3696
3697
3698
3703 return result;
3704}
3705
3706
3707
3708
3711 bool *is_missing)
3712{
3717 bool isNull;
3718 Acl *acl;
3719 Oid ownerId;
3720
3721
3723 return mask;
3724
3725
3726
3727
3730 {
3731 if (is_missing != NULL)
3732 {
3733
3734 *is_missing = true;
3735 return 0;
3736 }
3737 else
3739 (errcode(ERRCODE_UNDEFINED_OBJECT),
3740 errmsg("type with OID %u does not exist",
3741 type_oid)));
3742 }
3744
3745
3746
3747
3748
3749 if (IsTrueArrayType(typeForm))
3750 {
3751 Oid elttype_oid = typeForm->typelem;
3752
3754
3757 {
3758 if (is_missing != NULL)
3759 {
3760
3761 *is_missing = true;
3762 return 0;
3763 }
3764 else
3766 (errcode(ERRCODE_UNDEFINED_OBJECT),
3767 errmsg("type with OID %u does not exist",
3768 elttype_oid)));
3769 }
3771 }
3772
3773
3774
3775
3776
3777
3778 if (typeForm->typtype == TYPTYPE_MULTIRANGE)
3779 {
3781
3783
3786 {
3787 if (is_missing != NULL)
3788 {
3789
3790 *is_missing = true;
3791 return 0;
3792 }
3793 else
3795 (errcode(ERRCODE_UNDEFINED_OBJECT),
3796 errmsg("type with OID %u does not exist",
3797 rangetype)));
3798 }
3800 }
3801
3802
3803
3804
3805 ownerId = typeForm->typowner;
3806
3808 Anum_pg_type_typacl, &isNull);
3809 if (isNull)
3810 {
3811
3813 aclDatum = (Datum) 0;
3814 }
3815 else
3816 {
3817
3819 }
3820
3821 result = aclmask(acl, roleid, ownerId, mask, how);
3822
3823
3826
3828
3829 return result;
3830}
3831
3832
3833
3834
3837{
3839}
3840
3841
3842
3843
3844
3848 bool *is_missing)
3849{
3851 is_missing) != 0)
3853 else
3855}
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3870{
3872}
3873
3874
3875
3876
3877
3878
3882{
3886 else
3888}
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899
3900
3901
3902
3903
3904
3905
3906
3907
3908
3912{
3914}
3915
3916
3917
3918
3919
3923 bool *is_missing)
3924{
3928 Oid ownerId;
3931
3932
3933
3934
3937 {
3938 if (is_missing != NULL)
3939 {
3940
3941 *is_missing = true;
3943 }
3944 else
3947 errmsg("relation with OID %u does not exist",
3948 table_oid)));
3949 }
3951
3952 ownerId = classForm->relowner;
3953 nattrs = classForm->relnatts;
3954
3956
3957
3958
3959
3960
3962
3963 for (curr_att = 1; curr_att <= nattrs; curr_att++)
3964 {
3967 bool isNull;
3968 Acl *acl;
3970
3974
3975
3976
3977
3978
3979
3981 continue;
3982
3983
3985 {
3987 continue;
3988 }
3989
3990 aclDatum = SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
3991 &isNull);
3992
3993
3994
3995
3996
3997
3998 if (isNull)
3999 attmask = 0;
4000 else
4001 {
4002
4004
4006
4007
4010 }
4011
4013
4014 if (attmask != 0)
4015 {
4018 break;
4019 }
4020 else
4021 {
4024 break;
4025 }
4026 }
4027
4028 return result;
4029}
4030
4031
4032
4033
4034
4035
4036
4037
4040{
4042}
4043
4044
4045
4046
4047
4051{
4055 else
4057}
4058
4059
4060
4061
4062
4065{
4068 else
4070}
4071
4072
4073
4074
4078{
4082 else
4084}
4085
4086
4087
4088
4089bool
4091{
4092 int cacheid;
4093 Oid ownerId;
4094
4095
4097 return true;
4098
4099
4100 if (classid == LargeObjectRelationId)
4101 classid = LargeObjectMetadataRelationId;
4102
4104 if (cacheid != -1)
4105 {
4106
4108
4111 elog(ERROR, "cache lookup failed for %s %u",
4113
4115 tuple,
4118 }
4119 else
4120 {
4121
4126 bool isnull;
4127
4129
4134
4137 NULL, 1, entry);
4138
4141 elog(ERROR, "could not find tuple for %s %u",
4143
4147 &isnull));
4149
4152 }
4153
4155}
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168bool
4170{
4171 bool result = false;
4173
4174
4176 return true;
4177
4180 {
4183 }
4184 return result;
4185}
4186
4187bool
4189{
4190 bool result = false;
4192
4193
4195 return true;
4196
4199 {
4202 }
4203 return result;
4204}
4205
4206
4207
4208
4209
4210
4211static Acl *
4213{
4214 Acl *result = NULL;
4216
4221
4223 {
4225 bool isNull;
4226
4228 Anum_pg_default_acl_defaclacl,
4229 &isNull);
4230 if (!isNull)
4233 }
4234
4235 return result;
4236}
4237
4238
4239
4240
4241
4242
4243
4244
4245
4248{
4249 Acl *result;
4250 Acl *glob_acl;
4251 Acl *schema_acl;
4252 Acl *def_acl;
4253 char defaclobjtype;
4254
4255
4256
4257
4258
4260 return NULL;
4261
4262
4263 switch (objtype)
4264 {
4266 defaclobjtype = DEFACLOBJ_RELATION;
4267 break;
4268
4270 defaclobjtype = DEFACLOBJ_SEQUENCE;
4271 break;
4272
4274 defaclobjtype = DEFACLOBJ_FUNCTION;
4275 break;
4276
4278 defaclobjtype = DEFACLOBJ_TYPE;
4279 break;
4280
4282 defaclobjtype = DEFACLOBJ_NAMESPACE;
4283 break;
4284
4286 defaclobjtype = DEFACLOBJ_LARGEOBJECT;
4287 break;
4288
4289 default:
4290 return NULL;
4291 }
4292
4293
4296
4297
4298 if (glob_acl == NULL && schema_acl == NULL)
4299 return NULL;
4300
4301
4302 def_acl = acldefault(objtype, ownerId);
4303
4304
4305 if (glob_acl == NULL)
4306 glob_acl = def_acl;
4307
4308
4309 result = aclmerge(glob_acl, schema_acl, ownerId);
4310
4311
4312
4313
4314
4317 if (aclequal(result, def_acl))
4318 result = NULL;
4319
4320 return result;
4321}
4322
4323
4324
4325
4326void
4329{
4330 int nmembers;
4331 Oid *members;
4332
4333
4334 if (acl == NULL)
4335 return;
4336
4337
4338 nmembers = aclmembers(acl, &members);
4339
4340
4342 ownerId,
4343 0, NULL,
4344 nmembers, members);
4345}
4346
4347
4348
4349
4350
4351
4352
4353void
4355{
4356
4357
4358
4359
4360
4361
4362
4363 if (classoid == RelationRelationId)
4364 {
4367 bool isNull;
4369
4372 elog(ERROR, "cache lookup failed for relation %u", objoid);
4374
4375
4376
4377
4378
4379
4380 if (pg_class_tuple->relkind == RELKIND_INDEX ||
4381 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4382 pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4383 {
4385 return;
4386 }
4387
4388
4389
4390
4391
4392 if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4393 {
4395 AttrNumber nattrs = pg_class_tuple->relnatts;
4396
4397 for (curr_att = 1; curr_att <= nattrs; curr_att++)
4398 {
4400 Datum attaclDatum;
4401
4405
4407 continue;
4408
4409
4411 {
4413 continue;
4414 }
4415
4417 Anum_pg_attribute_attacl,
4418 &isNull);
4419
4420
4421 if (isNull)
4422 {
4424 continue;
4425 }
4426
4429
4431 }
4432 }
4433
4434 aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
4435 &isNull);
4436
4437
4438 if (!isNull)
4441
4443 }
4444 else if (classoid == LargeObjectRelationId)
4445 {
4446
4448 bool isNull;
4453
4454
4455
4456
4457
4458
4460
4461
4463 Anum_pg_largeobject_metadata_oid,
4466
4468 LargeObjectMetadataOidIndexId, true,
4469 NULL, 1, entry);
4470
4473 elog(ERROR, "could not find tuple for large object %u", objoid);
4474
4476 Anum_pg_largeobject_metadata_lomacl,
4478
4479
4480 if (!isNull)
4483
4485 }
4486
4488 {
4489 int cacheid;
4491 bool isNull;
4493
4497 elog(ERROR, "cache lookup failed for %s %u",
4499
4502 &isNull);
4503
4504
4505 if (!isNull)
4508
4510 }
4511}
4512
4513
4514
4515
4516
4517void
4519{
4520
4521
4522
4523
4524
4525 if (classoid == RelationRelationId)
4526 {
4529
4532 elog(ERROR, "cache lookup failed for relation %u", objoid);
4534
4535
4536
4537
4538
4539
4540 if (pg_class_tuple->relkind == RELKIND_INDEX ||
4541 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4542 pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4543 {
4545 return;
4546 }
4547
4548
4549
4550
4551
4552 if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4553 {
4555 AttrNumber nattrs = pg_class_tuple->relnatts;
4556
4557 for (curr_att = 1; curr_att <= nattrs; curr_att++)
4558 {
4560
4564
4566 continue;
4567
4568
4569
4571
4573 }
4574 }
4575
4577 }
4578
4579
4581}
4582
4583
4584
4585
4586
4587
4588
4589
4590
4591
4592
4593
4594
4595
4596
4597
4598
4599
4600static void
4602{
4603
4604
4605
4606
4607
4608
4609
4610
4612 return;
4613
4615}
4616
4617
4618
4619
4620
4621
4622
4623
4624
4625
4626
4627
4628
4629static void
4631 Acl *new_acl)
4632{
4638 int noldmembers;
4639 int nnewmembers;
4640 Oid *oldmembers;
4641 Oid *newmembers;
4642
4643
4644 nnewmembers = aclmembers(new_acl, &newmembers);
4645
4646
4648
4650 Anum_pg_init_privs_objoid,
4654 Anum_pg_init_privs_classoid,
4658 Anum_pg_init_privs_objsubid,
4661
4663 NULL, 3, key);
4664
4665
4667
4668
4670 {
4671 Datum values[Natts_pg_init_privs] = {0};
4672 bool nulls[Natts_pg_init_privs] = {0};
4673 bool replace[Natts_pg_init_privs] = {0};
4674 Datum oldAclDatum;
4675 bool isNull;
4676 Acl *old_acl;
4677
4678
4679 oldAclDatum = heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4683 noldmembers = aclmembers(old_acl, &oldmembers);
4684
4686 noldmembers, oldmembers,
4687 nnewmembers, newmembers);
4688
4689
4690 if (new_acl && ACL_NUM(new_acl) != 0)
4691 {
4693 replace[Anum_pg_init_privs_initprivs - 1] = true;
4694
4696 values, nulls, replace);
4697
4699 }
4700 else
4701 {
4702
4704 }
4705 }
4706 else
4707 {
4708 Datum values[Natts_pg_init_privs] = {0};
4709 bool nulls[Natts_pg_init_privs] = {0};
4710
4711
4712
4713
4714
4715
4716
4717 if (new_acl && ACL_NUM(new_acl) != 0)
4718 {
4719
4723
4724
4725 values[Anum_pg_init_privs_privtype - 1] =
4727
4729
4731
4733
4734
4735 noldmembers = 0;
4736 oldmembers = NULL;
4737
4739 noldmembers, oldmembers,
4740 nnewmembers, newmembers);
4741 }
4742 }
4743
4745
4746
4748
4750}
4751
4752
4753
4754
4755
4756
4757void
4760{
4765 Datum oldAclDatum;
4766 bool isNull;
4767 Acl *old_acl;
4768 Acl *new_acl;
4770 int noldmembers;
4771 int nnewmembers;
4772 Oid *oldmembers;
4773 Oid *newmembers;
4774
4775
4777
4779 Anum_pg_init_privs_objoid,
4783 Anum_pg_init_privs_classoid,
4787 Anum_pg_init_privs_objsubid,
4790
4792 NULL, 3, key);
4793
4794
4796
4798 {
4799
4800
4801
4802
4805 return;
4806 }
4807
4808
4809 oldAclDatum = heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4813
4814
4815
4816
4817
4818 new_acl = aclnewowner(old_acl, oldroleid, newroleid);
4819
4820
4821
4822
4823
4824 if (new_acl == NULL || ACL_NUM(new_acl) == 0)
4825 {
4827 }
4828 else
4829 {
4830 Datum values[Natts_pg_init_privs] = {0};
4831 bool nulls[Natts_pg_init_privs] = {0};
4832 bool replaces[Natts_pg_init_privs] = {0};
4833
4834
4836 replaces[Anum_pg_init_privs_initprivs - 1] = true;
4837
4839 values, nulls, replaces);
4841 }
4842
4843
4844
4845
4846 noldmembers = aclmembers(old_acl, &oldmembers);
4847 nnewmembers = aclmembers(new_acl, &newmembers);
4848
4850 noldmembers, oldmembers,
4851 nnewmembers, newmembers);
4852
4854
4855
4857
4859}
4860
4861
4862
4863
4864
4865
4866void
4868{
4873 int cacheid;
4875 Oid ownerId;
4876 Datum oldAclDatum;
4877 bool isNull;
4878 Acl *old_acl;
4879 Acl *new_acl;
4881 int noldmembers;
4882 int nnewmembers;
4883 Oid *oldmembers;
4884 Oid *newmembers;
4885
4886
4888
4890 Anum_pg_init_privs_objoid,
4894 Anum_pg_init_privs_classoid,
4898 Anum_pg_init_privs_objsubid,
4901
4903 NULL, 3, key);
4904
4905
4907
4909 {
4910
4911
4912
4913
4916 return;
4917 }
4918
4919
4920 oldAclDatum = heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4924
4925
4926
4927
4928
4929
4930 noldmembers = aclmembers(old_acl, &oldmembers);
4931
4932
4936 elog(ERROR, "cache lookup failed for %s %u",
4938
4940 objtuple,
4943
4944
4945
4946
4947 if (old_acl != NULL)
4949 false,
4950 false,
4954 ownerId,
4955 ownerId);
4956 else
4957 new_acl = NULL;
4958
4959
4960 if (new_acl == NULL || ACL_NUM(new_acl) == 0)
4961 {
4963 }
4964 else
4965 {
4966 Datum values[Natts_pg_init_privs] = {0};
4967 bool nulls[Natts_pg_init_privs] = {0};
4968 bool replaces[Natts_pg_init_privs] = {0};
4969
4970
4972 replaces[Anum_pg_init_privs_initprivs - 1] = true;
4973
4975 values, nulls, replaces);
4977 }
4978
4979
4980
4981
4982 nnewmembers = aclmembers(new_acl, &newmembers);
4983
4985 noldmembers, oldmembers,
4986 nnewmembers, newmembers);
4987
4989
4990
4992
4994}
Acl * aclconcat(const Acl *left_acl, const Acl *right_acl)
Acl * aclmerge(const Acl *left_acl, const Acl *right_acl, Oid ownerId)
Acl * acldefault(ObjectType objtype, Oid ownerId)
bool aclequal(const Acl *left_acl, const Acl *right_acl)
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
bool has_privs_of_role(Oid member, Oid role)
Acl * make_empty_acl(void)
int aclmembers(const Acl *acl, Oid **roleids)
Acl * aclnewowner(const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)
Acl * aclcopy(const Acl *orig_acl)
void aclitemsort(Acl *acl)
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
#define ACLITEM_ALL_PRIV_BITS
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
#define ACL_ALL_RIGHTS_TABLESPACE
#define ACL_ALL_RIGHTS_PARAMETER_ACL
#define ACL_ALL_RIGHTS_SCHEMA
#define ACL_ALL_RIGHTS_SEQUENCE
#define ACL_ALL_RIGHTS_DATABASE
#define ACL_ALL_RIGHTS_COLUMN
#define ACL_OPTION_TO_PRIVS(privs)
#define ACL_ALL_RIGHTS_FUNCTION
#define ACL_ALL_RIGHTS_LANGUAGE
#define ACL_ALL_RIGHTS_TYPE
#define ACL_ALL_RIGHTS_FDW
#define ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)
#define DatumGetAclPCopy(X)
#define ACL_ALL_RIGHTS_RELATION
#define ACL_ALL_RIGHTS_LARGEOBJECT
#define ACL_GRANT_OPTION_FOR(privs)
static AclMode pg_attribute_aclmask_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
AclResult object_aclcheck_ext(Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)
void ExecuteGrantStmt(GrantStmt *stmt)
AclResult pg_largeobject_aclcheck_snapshot(Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)
static void expand_all_col_privileges(Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
void RemoveRoleFromInitPriv(Oid roleid, Oid classid, Oid objid, int32 objsubid)
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
static void expand_col_privileges(List *colnames, Oid table_oid, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
bool has_bypassrls_privilege(Oid roleid)
AclResult pg_class_aclcheck_ext(Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)
void aclcheck_error_col(AclResult aclerr, ObjectType objtype, const char *objectname, const char *colname)
AclResult pg_attribute_aclcheck_all_ext(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)
void recordDependencyOnNewAcl(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, Acl *acl)
static void ExecGrant_Attribute(InternalGrant *istmt, Oid relOid, const char *relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)
static void ExecGrant_Type_check(InternalGrant *istmt, HeapTuple tuple)
void ExecAlterDefaultPrivilegesStmt(ParseState *pstate, AlterDefaultPrivilegesStmt *stmt)
static void ExecGrantStmt_oids(InternalGrant *istmt)
static AclMode pg_largeobject_aclmask_snapshot(Oid lobj_oid, Oid roleid, AclMode mask, AclMaskHow how, Snapshot snapshot)
static AclMode pg_attribute_aclmask(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
static List * objectNamesToOids(ObjectType objtype, List *objnames, bool is_grant)
static AclMode pg_parameter_aclmask(const char *name, Oid roleid, AclMode mask, AclMaskHow how)
AclResult pg_attribute_aclcheck_all(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
static AclMode pg_parameter_acl_aclmask(Oid acl_oid, Oid roleid, AclMode mask, AclMaskHow how)
static void SetDefaultACL(InternalDefaultACL *iacls)
static List * objectsInSchemaToOids(ObjectType objtype, List *nspnames)
AclResult pg_parameter_aclcheck(const char *name, Oid roleid, AclMode mode)
void ReplaceRoleInInitPriv(Oid oldroleid, Oid newroleid, Oid classid, Oid objid, int32 objsubid)
static void ExecGrant_common(InternalGrant *istmt, Oid classid, AclMode default_privs, void(*object_check)(InternalGrant *istmt, HeapTuple tuple))
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
void recordExtObjInitPriv(Oid objoid, Oid classoid)
static List * getRelationsInNamespace(Oid namespaceId, char relkind)
static AclMode pg_class_aclmask_ext(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
static AclMode string_to_privilege(const char *privname)
void aclcheck_error(AclResult aclerr, ObjectType objtype, const char *objectname)
static AclMode object_aclmask(Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how)
static void ExecGrant_Largeobject(InternalGrant *istmt)
AclResult pg_attribute_aclcheck(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode)
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
AclResult object_aclcheck(Oid classid, Oid objectid, Oid roleid, AclMode mode)
static void recordExtensionInitPrivWorker(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
bool object_ownercheck(Oid classid, Oid objectid, Oid roleid)
AclResult pg_attribute_aclcheck_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
static AclMode pg_namespace_aclmask_ext(Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
static void SetDefaultACLsInSchemas(InternalDefaultACL *iacls, List *nspnames)
AclMode pg_class_aclmask(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)
static void ExecGrant_Parameter(InternalGrant *istmt)
static const char * privilege_to_string(AclMode privilege)
static Acl * get_default_acl_internal(Oid roleId, Oid nsp_oid, char objtype)
void aclcheck_error_type(AclResult aclerr, Oid typeOid)
bool has_createrole_privilege(Oid roleid)
static void ExecGrant_Relation(InternalGrant *istmt)
static AclMode pg_type_aclmask_ext(Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
bool binary_upgrade_record_init_privs
Acl * get_user_default_acl(ObjectType objtype, Oid ownerId, Oid nsp_oid)
void RemoveRoleFromObjectACL(Oid roleid, Oid classid, Oid objid)
static void ExecGrant_Language_check(InternalGrant *istmt, HeapTuple tuple)
AclResult pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode)
static AclMode pg_aclmask(ObjectType objtype, Oid object_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
static AclMode object_aclmask_ext(Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
void removeExtObjInitPriv(Oid objoid, Oid classoid)
#define InvalidAttrNumber
static Datum values[MAXATTR]
#define TextDatumGetCString(d)
#define OidIsValid(objectId)
Oid GetNewOidWithIndex(Relation relation, Oid indexId, AttrNumber oidcolumn)
bool IsSystemClass(Oid relid, Form_pg_class reltuple)
void errorConflictingDefElem(DefElem *defel, ParseState *pstate)
void performDeletion(const ObjectAddress *object, DropBehavior behavior, int flags)
int errdetail(const char *fmt,...)
int errhint(const char *fmt,...)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
bool EventTriggerSupportsObjectType(ObjectType obtype)
void EventTriggerCollectGrant(InternalGrant *istmt)
#define palloc0_array(type, count)
char * format_type_be(Oid type_oid)
void systable_endscan(SysScanDesc sysscan)
HeapTuple systable_getnext(SysScanDesc sysscan)
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
char * convert_GUC_name_for_parameter_acl(const char *name)
Assert(PointerIsAligned(start, uint64))
HeapTuple heap_getnext(TableScanDesc sscan, ScanDirection direction)
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, const Datum *replValues, const bool *replIsnull, const bool *doReplace)
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
#define HeapTupleIsValid(tuple)
static Datum heap_getattr(HeapTuple tup, int attnum, TupleDesc tupleDesc, bool *isnull)
static void * GETSTRUCT(const HeapTupleData *tuple)
void CatalogTupleUpdate(Relation heapRel, const ItemPointerData *otid, HeapTuple tup)
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
void CatalogTupleDelete(Relation heapRel, const ItemPointerData *tid)
if(TABLE==NULL||TABLE_index==NULL)
List * lappend(List *list, void *datum)
List * list_concat(List *list1, const List *list2)
List * lappend_oid(List *list, Oid datum)
void UnlockTuple(Relation relation, const ItemPointerData *tid, LOCKMODE lockmode)
#define InplaceUpdateTupleLock
char * get_rel_name(Oid relid)
AttrNumber get_attnum(Oid relid, const char *attname)
Oid get_element_type(Oid typid)
Oid get_multirange_range(Oid multirangeOid)
TypeName * makeTypeNameFromNameList(List *names)
void pfree(void *pointer)
void * palloc0(Size size)
#define IsBootstrapProcessingMode()
Oid LookupExplicitNamespace(const char *nspname, bool missing_ok)
bool isTempNamespace(Oid namespaceId)
Oid get_namespace_oid(const char *nspname, bool missing_ok)
#define RangeVarGetRelid(relation, lockmode, missing_ok)
#define InvokeObjectPostCreateHook(classId, objectId, subId)
#define InvokeObjectPostAlterHook(classId, objectId, subId)
AttrNumber get_object_attnum_owner(Oid class_id)
AttrNumber get_object_attnum_oid(Oid class_id)
AttrNumber get_object_attnum_name(Oid class_id)
const char * get_object_class_descr(Oid class_id)
AttrNumber get_object_attnum_acl(Oid class_id)
int get_object_catcache_oid(Oid class_id)
Oid get_object_oid_index(Oid class_id)
ObjectType get_object_type(Oid class_id, Oid object_id)
ObjectAddress get_object_address(ObjectType objtype, Node *object, Relation *relp, LOCKMODE lockmode, bool missing_ok)
@ OBJECT_PUBLICATION_NAMESPACE
@ ACL_TARGET_ALL_IN_SCHEMA
FormData_pg_attribute * Form_pg_attribute
FormData_pg_authid * Form_pg_authid
static PgChecksumMode mode
FormData_pg_class * Form_pg_class
FormData_pg_default_acl * Form_pg_default_acl
void recordDependencyOn(const ObjectAddress *depender, const ObjectAddress *referenced, DependencyType behavior)
FormData_pg_language * Form_pg_language
#define list_make1_oid(x1)
FormData_pg_namespace * Form_pg_namespace
Oid ParameterAclLookup(const char *parameter, bool missing_ok)
Oid ParameterAclCreate(const char *parameter)
FormData_pg_proc * Form_pg_proc
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
void updateInitAclDependencies(Oid classId, Oid objectId, int32 objsubId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
void recordDependencyOnOwner(Oid classId, Oid objectId, Oid owner)
FormData_pg_type * Form_pg_type
#define ERRCODE_UNDEFINED_TABLE
static Datum PointerGetDatum(const void *X)
static Name DatumGetName(Datum X)
static Oid DatumGetObjectId(Datum X)
static Datum Int16GetDatum(int16 X)
static Datum ObjectIdGetDatum(Oid X)
static Pointer DatumGetPointer(Datum X)
static Datum Int32GetDatum(int32 X)
static Datum CharGetDatum(char X)
#define RelationGetDescr(relation)
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
#define BTEqualStrategyNumber
bool superuser_arg(Oid roleid)
#define FirstLowInvalidHeapAttributeNumber
void ReleaseSysCache(HeapTuple tuple)
HeapTuple SearchSysCacheLocked1(int cacheId, Datum key1)
HeapTuple SearchSysCache1(int cacheId, Datum key1)
HeapTuple SearchSysCache3(int cacheId, Datum key1, Datum key2, Datum key3)
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
HeapTuple SearchSysCache2(int cacheId, Datum key1, Datum key2)
Datum SysCacheGetAttrNotNull(int cacheId, HeapTuple tup, AttrNumber attributeNumber)
void table_close(Relation relation, LOCKMODE lockmode)
Relation table_open(Oid relationId, LOCKMODE lockmode)
TableScanDesc table_beginscan_catalog(Relation relation, int nkeys, ScanKeyData *key)
static void table_endscan(TableScanDesc scan)
text * cstring_to_text(const char *s)
void CommandCounterIncrement(void)