PostgreSQL Source Code: src/backend/catalog/aclchk.c Source File (original) (raw)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
40
82#include "utils/fmgroids.h"
87
88
89
90
91typedef struct
92{
95
104
105
106
107
108
109
111
120
123
125 bool is_grant);
131 int num_col_privileges);
135 int num_col_privileges);
139 bool all_privs, AclMode privileges,
140 Oid objectId, Oid grantorId,
141 ObjectType objtype, const char *objname,
142 AttrNumber att_number, const char *colname);
149 bool *is_missing);
157 bool *is_missing);
164 bool *is_missing);
167 bool *is_missing);
169 Acl *new_acl);
171 Acl *new_acl);
172
173
174
175
176
177
178
179
180
181static Acl *
185 Oid grantorId, Oid ownerId)
186{
187 unsigned modechg;
189 Acl *new_acl;
190
192
193 new_acl = old_acl;
194
195 foreach(j, grantees)
196 {
198 Acl *newer_acl;
199
201
202
203
204
205
206
207
210 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
211 errmsg("grant options can only be granted to roles")));
212
214
215
216
217
218
219
220
221
223 (is_grant || !grant_option) ? privileges : ACL_NO_RIGHTS,
224 (!is_grant || grant_option) ? privileges : ACL_NO_RIGHTS);
225
226 newer_acl = aclupdate(new_acl, &aclitem, modechg, ownerId, behavior);
227
228
230 new_acl = newer_acl;
231 }
232
233 return new_acl;
234}
235
236
237
238
239
243 ObjectType objtype, const char *objname,
244 AttrNumber att_number, const char *colname)
245{
248
249 switch (objtype)
250 {
253 break;
256 break;
259 break;
262 break;
265 break;
268 break;
271 break;
274 break;
277 break;
280 break;
283 break;
285 elog(ERROR, "grantable rights not supported for event triggers");
286
290 break;
293 break;
294 default:
295 elog(ERROR, "unrecognized object type: %d", objtype);
296
298 }
299
300
301
302
303
304
306 {
307 if (pg_aclmask(objtype, objectId, att_number, grantorId,
310 {
313 else
315 }
316 }
317
318
319
320
321
322
323
324
326 if (is_grant)
327 {
328 if (this_privileges == 0)
329 {
332 (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
333 errmsg("no privileges were granted for column \"%s\" of relation \"%s\"",
334 colname, objname)));
335 else
337 (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
338 errmsg("no privileges were granted for \"%s\"",
339 objname)));
340 }
341 else if (!all_privs && this_privileges != privileges)
342 {
345 (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
346 errmsg("not all privileges were granted for column \"%s\" of relation \"%s\"",
347 colname, objname)));
348 else
350 (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
351 errmsg("not all privileges were granted for \"%s\"",
352 objname)));
353 }
354 }
355 else
356 {
357 if (this_privileges == 0)
358 {
361 (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
362 errmsg("no privileges could be revoked for column \"%s\" of relation \"%s\"",
363 colname, objname)));
364 else
366 (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
367 errmsg("no privileges could be revoked for \"%s\"",
368 objname)));
369 }
370 else if (!all_privs && this_privileges != privileges)
371 {
374 (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
375 errmsg("not all privileges could be revoked for column \"%s\" of relation \"%s\"",
376 colname, objname)));
377 else
379 (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
380 errmsg("not all privileges could be revoked for \"%s\"",
381 objname)));
382 }
383 }
384
385 return this_privileges;
386}
387
388
389
390
391void
393{
396 const char *errormsg;
398
399 if (stmt->grantor)
400 {
401 Oid grantor;
402
404
405
406
407
408
411 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
412 errmsg("grantor must be current user")));
413 }
414
415
416
417
420
421
422 switch (stmt->targtype)
423 {
426 stmt->is_grant);
427 break;
430 break;
431
432 default:
433 elog(ERROR, "unrecognized GrantStmt.targtype: %d",
434 (int) stmt->targtype);
435 }
436
437
438
443
444
445
446
447
448
449 foreach(cell, stmt->grantees)
450 {
452 Oid grantee_uid;
453
455 {
458 break;
459 default:
461 break;
462 }
464 }
465
466
467
468
469
470 switch (stmt->objtype)
471 {
473
474
475
476
477
478
480 errormsg = gettext_noop("invalid privilege type %s for relation");
481 break;
484 errormsg = gettext_noop("invalid privilege type %s for sequence");
485 break;
488 errormsg = gettext_noop("invalid privilege type %s for database");
489 break;
492 errormsg = gettext_noop("invalid privilege type %s for domain");
493 break;
496 errormsg = gettext_noop("invalid privilege type %s for function");
497 break;
500 errormsg = gettext_noop("invalid privilege type %s for language");
501 break;
504 errormsg = gettext_noop("invalid privilege type %s for large object");
505 break;
508 errormsg = gettext_noop("invalid privilege type %s for schema");
509 break;
512 errormsg = gettext_noop("invalid privilege type %s for procedure");
513 break;
516 errormsg = gettext_noop("invalid privilege type %s for routine");
517 break;
520 errormsg = gettext_noop("invalid privilege type %s for tablespace");
521 break;
524 errormsg = gettext_noop("invalid privilege type %s for type");
525 break;
528 errormsg = gettext_noop("invalid privilege type %s for foreign-data wrapper");
529 break;
532 errormsg = gettext_noop("invalid privilege type %s for foreign server");
533 break;
536 errormsg = gettext_noop("invalid privilege type %s for parameter");
537 break;
538 default:
539 elog(ERROR, "unrecognized GrantStmt.objtype: %d",
540 (int) stmt->objtype);
541
543 errormsg = NULL;
544 }
545
546 if (stmt->privileges == NIL)
547 {
549
550
551
552
553
555 }
556 else
557 {
560
561 foreach(cell, stmt->privileges)
562 {
565
566
567
568
569
570 if (privnode->cols)
571 {
574 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
575 errmsg("column privileges are only valid for relations")));
577 continue;
578 }
579
580 if (privnode->priv_name == NULL)
581 elog(ERROR, "AccessPriv node must specify privilege or columns");
583
584 if (priv & ~((AclMode) all_privileges))
586 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
588
590 }
591 }
592
594}
595
596
597
598
599
600
601static void
603{
605 {
609 break;
612 break;
616 break;
619 break;
622 break;
627 break;
630 break;
633 break;
636 break;
639 break;
642 break;
643 default:
644 elog(ERROR, "unrecognized GrantStmt.objtype: %d",
646 }
647
648
649
650
651
652
653
656}
657
658
659
660
661
662
665{
669
671
672 switch (objtype)
673 {
674 default:
675
676
677
678
679 foreach(cell, objnames)
680 {
682
685 }
686 break;
687
690
691
692
693
694
695
696 foreach(cell, objnames)
697 {
699 Oid relOid;
700
703 }
704 break;
705
708
709
710
711
712
713
714
715 foreach(cell, objnames)
716 {
721
723 Assert(relation == NULL);
725 }
726 break;
727
729
730
731
732
733 foreach(cell, objnames)
734 {
735
736
737
738
739
740
741
742
743
744
747
748 if ((parameterId) && is_grant)
749 {
751
752
753
754
755
756
758 }
760 objects = lappend_oid(objects, parameterId);
761 }
762 break;
763 }
764
765 return objects;
766}
767
768
769
770
771
772
773
774
777{
780
781 foreach(cell, nspnames)
782 {
784 Oid namespaceId;
786
788
789 switch (objtype)
790 {
802 break;
806 break;
810 {
812 int keycount;
816
817 keycount = 0;
819 Anum_pg_proc_pronamespace,
822
824
826 Anum_pg_proc_prokind,
831 Anum_pg_proc_prokind,
834
837
839 {
841
843 }
844
847 }
848 break;
849 default:
850
851 elog(ERROR, "unrecognized GrantStmt.objtype: %d",
852 (int) objtype);
853 }
854 }
855
856 return objects;
857}
858
859
860
861
862
863
866{
872
874 Anum_pg_class_relnamespace,
878 Anum_pg_class_relkind,
881
884
886 {
888
890 }
891
894
895 return relations;
896}
897
898
899
900
901
902void
904{
910 DefElem *drolespecs = NULL;
911 DefElem *dnspnames = NULL;
913 const char *errormsg;
914
915
916 foreach(cell, stmt->options)
917 {
919
920 if (strcmp(defel->defname, "schemas") == 0)
921 {
922 if (dnspnames)
924 dnspnames = defel;
925 }
926 else if (strcmp(defel->defname, "roles") == 0)
927 {
928 if (drolespecs)
930 drolespecs = defel;
931 }
932 else
934 }
935
936 if (dnspnames)
937 nspnames = (List *) dnspnames->arg;
938 if (drolespecs)
939 rolespecs = (List *) drolespecs->arg;
940
941
942
943
946
947
951
952
953
954
955
956
957 foreach(cell, action->grantees)
958 {
960 Oid grantee_uid;
961
963 {
966 break;
967 default:
969 break;
970 }
972 }
973
974
975
976
977
978 switch (action->objtype)
979 {
982 errormsg = gettext_noop("invalid privilege type %s for relation");
983 break;
986 errormsg = gettext_noop("invalid privilege type %s for sequence");
987 break;
990 errormsg = gettext_noop("invalid privilege type %s for function");
991 break;
994 errormsg = gettext_noop("invalid privilege type %s for procedure");
995 break;
998 errormsg = gettext_noop("invalid privilege type %s for routine");
999 break;
1002 errormsg = gettext_noop("invalid privilege type %s for type");
1003 break;
1006 errormsg = gettext_noop("invalid privilege type %s for schema");
1007 break;
1010 errormsg = gettext_noop("invalid privilege type %s for large object");
1011 break;
1012 default:
1013 elog(ERROR, "unrecognized GrantStmt.objtype: %d",
1014 (int) action->objtype);
1015
1017 errormsg = NULL;
1018 }
1019
1021 {
1023
1024
1025
1026
1027
1029 }
1030 else
1031 {
1034
1035 foreach(cell, action->privileges)
1036 {
1039
1040 if (privnode->cols)
1042 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1043 errmsg("default privileges cannot be set for columns")));
1044
1045 if (privnode->priv_name == NULL)
1046 elog(ERROR, "AccessPriv node must specify privilege");
1048
1049 if (priv & ~((AclMode) all_privileges))
1051 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1053
1055 }
1056 }
1057
1058 if (rolespecs == NIL)
1059 {
1060
1062
1064 }
1065 else
1066 {
1067
1069
1070 foreach(rolecell, rolespecs)
1071 {
1073
1075
1078 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1079 errmsg("permission denied to change default privileges")));
1080
1082 }
1083 }
1084}
1085
1086
1087
1088
1089
1090
1091static void
1093{
1094 if (nspnames == NIL)
1095 {
1096
1098
1100 }
1101 else
1102 {
1103
1105
1106 foreach(nspcell, nspnames)
1107 {
1109
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1125 }
1126 }
1127}
1128
1129
1130
1131
1132
1133static void
1135{
1137 char objtype;
1140 bool isNew;
1141 Acl *def_acl;
1142 Acl *old_acl;
1143 Acl *new_acl;
1145 int noldmembers;
1146 int nnewmembers;
1147 Oid *oldmembers;
1148 Oid *newmembers;
1149
1151
1152
1153
1154
1155
1156
1157
1160 else
1162
1163
1164
1165
1166
1168 {
1170 objtype = DEFACLOBJ_RELATION;
1173 break;
1174
1176 objtype = DEFACLOBJ_SEQUENCE;
1179 break;
1180
1182 objtype = DEFACLOBJ_FUNCTION;
1185 break;
1186
1188 objtype = DEFACLOBJ_TYPE;
1191 break;
1192
1196 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1197 errmsg("cannot use IN SCHEMA clause when using GRANT/REVOKE ON SCHEMAS")));
1198 objtype = DEFACLOBJ_NAMESPACE;
1201 break;
1202
1206 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1207 errmsg("cannot use IN SCHEMA clause when using GRANT/REVOKE ON LARGE OBJECTS")));
1208 objtype = DEFACLOBJ_LARGEOBJECT;
1211 break;
1212
1213 default:
1214 elog(ERROR, "unrecognized object type: %d",
1216 objtype = 0;
1217 break;
1218 }
1219
1220
1225
1227 {
1229 bool isNull;
1230
1232 Anum_pg_default_acl_defaclacl,
1233 &isNull);
1234 if (!isNull)
1236 else
1237 old_acl = NULL;
1238 isNew = false;
1239 }
1240 else
1241 {
1242 old_acl = NULL;
1243 isNew = true;
1244 }
1245
1246 if (old_acl != NULL)
1247 {
1248
1249
1250
1251
1252
1253 noldmembers = aclmembers(old_acl, &oldmembers);
1254 }
1255 else
1256 {
1257
1258 old_acl = aclcopy(def_acl);
1259
1260 noldmembers = 0;
1261 oldmembers = NULL;
1262 }
1263
1264
1265
1266
1267
1273 this_privileges,
1276
1277
1278
1279
1280
1281
1284 if (aclequal(new_acl, def_acl))
1285 {
1286
1287 if (!isNew)
1288 {
1290
1291
1292
1293
1294
1295
1296 myself.classId = DefaultAclRelationId;
1299
1301 }
1302 }
1303 else
1304 {
1305 Datum values[Natts_pg_default_acl] = {0};
1306 bool nulls[Natts_pg_default_acl] = {0};
1307 bool replaces[Natts_pg_default_acl] = {0};
1308 Oid defAclOid;
1309
1310 if (isNew)
1311 {
1312
1314 Anum_pg_default_acl_oid);
1318 values[Anum_pg_default_acl_defaclobjtype - 1] = CharGetDatum(objtype);
1320
1323 }
1324 else
1325 {
1327
1328
1330 replaces[Anum_pg_default_acl_defaclacl - 1] = true;
1331
1333 values, nulls, replaces);
1335 }
1336
1337
1338 if (isNew)
1339 {
1340
1343
1344
1346 {
1348 referenced;
1349
1350 myself.classId = DefaultAclRelationId;
1351 myself.objectId = defAclOid;
1353
1354 referenced.classId = NamespaceRelationId;
1357
1359 }
1360 }
1361
1362
1363
1364
1365 nnewmembers = aclmembers(new_acl, &newmembers);
1366
1368 defAclOid, 0,
1370 noldmembers, oldmembers,
1371 nnewmembers, newmembers);
1372
1373 if (isNew)
1375 else
1377 }
1378
1381
1383
1384
1386}
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406void
1408{
1409 if (classid == DefaultAclRelationId)
1410 {
1417
1418
1420
1422 Anum_pg_default_acl_oid,
1425
1427 NULL, 1, skey);
1428
1430
1432 elog(ERROR, "could not find tuple for default ACL %u", objid);
1433
1435
1436 iacls.roleid = pg_default_acl_tuple->defaclrole;
1437 iacls.nspid = pg_default_acl_tuple->defaclnamespace;
1438
1439 switch (pg_default_acl_tuple->defaclobjtype)
1440 {
1441 case DEFACLOBJ_RELATION:
1443 break;
1444 case DEFACLOBJ_SEQUENCE:
1446 break;
1447 case DEFACLOBJ_FUNCTION:
1449 break;
1450 case DEFACLOBJ_TYPE:
1452 break;
1453 case DEFACLOBJ_NAMESPACE:
1455 break;
1456 case DEFACLOBJ_LARGEOBJECT:
1458 break;
1459 default:
1460
1461 elog(ERROR, "unexpected default ACL type: %d",
1462 (int) pg_default_acl_tuple->defaclobjtype);
1463 break;
1464 }
1465
1468
1475
1476
1478 }
1479 else
1480 {
1482
1483 switch (classid)
1484 {
1485 case RelationRelationId:
1486
1488 break;
1489 case DatabaseRelationId:
1491 break;
1492 case TypeRelationId:
1494 break;
1495 case ProcedureRelationId:
1497 break;
1498 case LanguageRelationId:
1500 break;
1501 case LargeObjectRelationId:
1503 break;
1504 case NamespaceRelationId:
1506 break;
1507 case TableSpaceRelationId:
1509 break;
1510 case ForeignServerRelationId:
1512 break;
1513 case ForeignDataWrapperRelationId:
1515 break;
1516 case ParameterAclRelationId:
1518 break;
1519 default:
1520 elog(ERROR, "unexpected object class %u", classid);
1521 break;
1522 }
1531
1533 }
1534}
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544static void
1546 AclMode this_privileges,
1547 AclMode *col_privileges,
1548 int num_col_privileges)
1549{
1551
1552 foreach(cell, colnames)
1553 {
1556
1560 (errcode(ERRCODE_UNDEFINED_COLUMN),
1561 errmsg("column \"%s\" of relation \"%s\" does not exist",
1564 if (attnum <= 0 || attnum >= num_col_privileges)
1565 elog(ERROR, "column number out of range");
1566 col_privileges[attnum] |= this_privileges;
1567 }
1568}
1569
1570
1571
1572
1573
1574
1575
1576
1577static void
1579 AclMode this_privileges,
1580 AclMode *col_privileges,
1581 int num_col_privileges)
1582{
1584
1587 curr_att <= classForm->relnatts;
1588 curr_att++)
1589 {
1591 bool isdropped;
1592
1594 continue;
1595
1596
1597 if (classForm->relkind == RELKIND_VIEW && curr_att < 0)
1598 continue;
1599
1604 elog(ERROR, "cache lookup failed for attribute %d of relation %u",
1605 curr_att, table_oid);
1606
1608
1610
1611
1612 if (isdropped)
1613 continue;
1614
1616 }
1617}
1618
1619
1620
1621
1622
1623static void
1626 Relation attRelation, const Acl *old_rel_acl)
1627{
1630 Acl *old_acl;
1631 Acl *new_acl;
1632 Acl *merged_acl;
1634 bool isNull;
1635 Oid grantorId;
1637 bool need_update;
1640 bool nulls[Natts_pg_attribute] = {0};
1641 bool replaces[Natts_pg_attribute] = {0};
1642 int noldmembers;
1643 int nnewmembers;
1644 Oid *oldmembers;
1645 Oid *newmembers;
1646
1651 elog(ERROR, "cache lookup failed for attribute %d of relation %u",
1654
1655
1656
1657
1658
1659 aclDatum = SysCacheGetAttr(ATTNUM, attr_tuple, Anum_pg_attribute_attacl,
1660 &isNull);
1661 if (isNull)
1662 {
1664
1665 noldmembers = 0;
1666 oldmembers = NULL;
1667 }
1668 else
1669 {
1671
1672 noldmembers = aclmembers(old_acl, &oldmembers);
1673 }
1674
1675
1676
1677
1678
1679
1680
1681 merged_acl = aclconcat(old_rel_acl, old_acl);
1682
1683
1685 merged_acl, ownerId,
1686 &grantorId, &avail_goptions);
1687
1688 pfree(merged_acl);
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698 col_privileges =
1701 col_privileges,
1704 NameStr(pg_attribute_tuple->attname));
1705
1706
1707
1708
1712 col_privileges, grantorId,
1713 ownerId);
1714
1715
1716
1717
1718
1719 nnewmembers = aclmembers(new_acl, &newmembers);
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730 if (ACL_NUM(new_acl) > 0)
1731 {
1733 need_update = true;
1734 }
1735 else
1736 {
1737 nulls[Anum_pg_attribute_attacl - 1] = true;
1738 need_update = !isNull;
1739 }
1740 replaces[Anum_pg_attribute_attacl - 1] = true;
1741
1742 if (need_update)
1743 {
1745 values, nulls, replaces);
1746
1748
1749
1751 ACL_NUM(new_acl) > 0 ? new_acl : NULL);
1752
1753
1755 ownerId,
1756 noldmembers, oldmembers,
1757 nnewmembers, newmembers);
1758 }
1759
1761
1763}
1764
1765
1766
1767
1768static void
1770{
1774
1777
1778 foreach(cell, istmt->objects)
1779 {
1783 bool isNull;
1784 AclMode this_privileges;
1785 AclMode *col_privileges;
1786 int num_col_privileges;
1787 bool have_col_privileges;
1788 Acl *old_acl;
1789 Acl *old_rel_acl;
1790 int noldmembers;
1791 Oid *oldmembers;
1792 Oid ownerId;
1795
1798 elog(ERROR, "cache lookup failed for relation %u", relOid);
1800
1801
1802 if (pg_class_tuple->relkind == RELKIND_INDEX ||
1803 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX)
1805 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1806 errmsg("\"%s\" is an index",
1807 NameStr(pg_class_tuple->relname))));
1808
1809
1810 if (pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
1812 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1813 errmsg("\"%s\" is a composite type",
1814 NameStr(pg_class_tuple->relname))));
1815
1816
1818 pg_class_tuple->relkind != RELKIND_SEQUENCE)
1820 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1821 errmsg("\"%s\" is not a sequence",
1822 NameStr(pg_class_tuple->relname))));
1823
1824
1826 {
1827 if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1829 else
1831 }
1832 else
1833 this_privileges = istmt->privileges;
1834
1835
1836
1837
1838
1839
1840
1842 {
1843 if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1844 {
1845
1846
1847
1848
1849
1851 {
1852
1853
1854
1855
1856
1858 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1859 errmsg("sequence \"%s\" only supports USAGE, SELECT, and UPDATE privileges",
1860 NameStr(pg_class_tuple->relname))));
1862 }
1863 }
1864 else
1865 {
1867 {
1868
1869
1870
1871
1872
1873
1875 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1876 errmsg("invalid privilege type %s for table",
1877 "USAGE")));
1878 }
1879 }
1880 }
1881
1882
1883
1884
1885
1886
1889 have_col_privileges = false;
1890
1891
1892
1893
1894
1895
1896
1897
1900 {
1903 col_privileges,
1904 num_col_privileges);
1905 have_col_privileges = true;
1906 }
1907
1908
1909
1910
1911
1912 ownerId = pg_class_tuple->relowner;
1913 aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
1914 &isNull);
1915 if (isNull)
1916 {
1917 switch (pg_class_tuple->relkind)
1918 {
1919 case RELKIND_SEQUENCE:
1921 break;
1922 default:
1924 break;
1925 }
1926
1927 noldmembers = 0;
1928 oldmembers = NULL;
1929 }
1930 else
1931 {
1933
1934 noldmembers = aclmembers(old_acl, &oldmembers);
1935 }
1936
1937
1938 old_rel_acl = aclcopy(old_acl);
1939
1940
1941
1942
1944 {
1946 Acl *new_acl;
1947 Oid grantorId;
1950 bool nulls[Natts_pg_class] = {0};
1951 bool replaces[Natts_pg_class] = {0};
1952 int nnewmembers;
1953 Oid *newmembers;
1955
1956
1958 old_acl, ownerId,
1959 &grantorId, &avail_goptions);
1960
1961 switch (pg_class_tuple->relkind)
1962 {
1963 case RELKIND_SEQUENCE:
1965 break;
1966 default:
1968 break;
1969 }
1970
1971
1972
1973
1974
1975 this_privileges =
1977 istmt->all_privs, this_privileges,
1978 relOid, grantorId, objtype,
1979 NameStr(pg_class_tuple->relname),
1980 0, NULL);
1981
1982
1983
1984
1990 this_privileges,
1991 grantorId,
1992 ownerId);
1993
1994
1995
1996
1997
1998 nnewmembers = aclmembers(new_acl, &newmembers);
1999
2000
2001 replaces[Anum_pg_class_relacl - 1] = true;
2003
2005 values, nulls, replaces);
2006
2009
2010
2012
2013
2015 ownerId,
2016 noldmembers, oldmembers,
2017 nnewmembers, newmembers);
2018
2020 }
2021 else
2023
2024
2025
2026
2027
2028
2029 foreach(cell_colprivs, istmt->col_privs)
2030 {
2032
2033 if (col_privs->priv_name == NULL)
2035 else
2037
2040 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2041 errmsg("invalid privilege type %s for column",
2043
2044 if (pg_class_tuple->relkind == RELKIND_SEQUENCE &&
2046 {
2047
2048
2049
2050
2051
2053 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2054 errmsg("sequence \"%s\" only supports SELECT column privileges",
2055 NameStr(pg_class_tuple->relname))));
2056
2058 }
2059
2061 this_privileges,
2062 col_privileges,
2063 num_col_privileges);
2064 have_col_privileges = true;
2065 }
2066
2067 if (have_col_privileges)
2068 {
2070
2071 for (i = 0; i < num_col_privileges; i++)
2072 {
2074 continue;
2076 relOid,
2077 NameStr(pg_class_tuple->relname),
2079 ownerId,
2080 col_privileges[i],
2081 attRelation,
2082 old_rel_acl);
2083 }
2084 }
2085
2086 pfree(old_rel_acl);
2087 pfree(col_privileges);
2088
2090
2091
2093 }
2094
2097}
2098
2099static void
2102{
2103 int cacheid;
2106
2109
2111
2113
2114 foreach(cell, istmt->objects)
2115 {
2118 Datum nameDatum;
2119 bool isNull;
2121 AclMode this_privileges;
2122 Acl *old_acl;
2123 Acl *new_acl;
2124 Oid grantorId;
2125 Oid ownerId;
2131 int noldmembers;
2132 int nnewmembers;
2133 Oid *oldmembers;
2134 Oid *newmembers;
2135
2139
2140
2141
2142
2143 if (object_check)
2144 object_check(istmt, tuple);
2145
2146
2147
2148
2149
2151 tuple,
2154 tuple,
2156 &isNull);
2157 if (isNull)
2158 {
2160
2161 noldmembers = 0;
2162 oldmembers = NULL;
2163 }
2164 else
2165 {
2167
2168 noldmembers = aclmembers(old_acl, &oldmembers);
2169 }
2170
2171
2173 old_acl, ownerId,
2174 &grantorId, &avail_goptions);
2175
2178
2179
2180
2181
2182
2183 this_privileges =
2186 objectid, grantorId, get_object_type(classid, objectid),
2188 0, NULL);
2189
2190
2191
2192
2195 istmt->grantees, this_privileges,
2196 grantorId, ownerId);
2197
2198
2199
2200
2201
2202 nnewmembers = aclmembers(new_acl, &newmembers);
2203
2204
2207
2209 nulls, replaces);
2210
2213
2214
2216
2217
2219 objectid, 0,
2220 ownerId,
2221 noldmembers, oldmembers,
2222 nnewmembers, newmembers);
2223
2225
2227
2228
2230 }
2231
2233}
2234
2235static void
2237{
2239
2241
2242 if (!pg_language_tuple->lanpltrusted)
2244 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2245 errmsg("language \"%s\" is not trusted",
2246 NameStr(pg_language_tuple->lanname)),
2247 errdetail("GRANT and REVOKE are not allowed on untrusted languages, "
2248 "because only superusers can use untrusted languages.")));
2249}
2250
2251static void
2253{
2256
2259
2260 relation = table_open(LargeObjectMetadataRelationId,
2262
2263 foreach(cell, istmt->objects)
2264 {
2269 bool isNull;
2271 AclMode this_privileges;
2272 Acl *old_acl;
2273 Acl *new_acl;
2274 Oid grantorId;
2275 Oid ownerId;
2277 Datum values[Natts_pg_largeobject_metadata] = {0};
2278 bool nulls[Natts_pg_largeobject_metadata] = {0};
2279 bool replaces[Natts_pg_largeobject_metadata] = {0};
2280 int noldmembers;
2281 int nnewmembers;
2282 Oid *oldmembers;
2283 Oid *newmembers;
2287
2288
2290 Anum_pg_largeobject_metadata_oid,
2293
2295 LargeObjectMetadataOidIndexId, true,
2296 NULL, 1, entry);
2297
2300 elog(ERROR, "could not find tuple for large object %u", loid);
2301
2303
2304
2305
2306
2307
2308 ownerId = form_lo_meta->lomowner;
2310 Anum_pg_largeobject_metadata_lomacl,
2312 if (isNull)
2313 {
2315
2316 noldmembers = 0;
2317 oldmembers = NULL;
2318 }
2319 else
2320 {
2322
2323 noldmembers = aclmembers(old_acl, &oldmembers);
2324 }
2325
2326
2328 old_acl, ownerId,
2329 &grantorId, &avail_goptions);
2330
2331
2332
2333
2334
2335 snprintf(loname, sizeof(loname), "large object %u", loid);
2336 this_privileges =
2340 loname, 0, NULL);
2341
2342
2343
2344
2347 istmt->grantees, this_privileges,
2348 grantorId, ownerId);
2349
2350
2351
2352
2353
2354 nnewmembers = aclmembers(new_acl, &newmembers);
2355
2356
2357 replaces[Anum_pg_largeobject_metadata_lomacl - 1] = true;
2358 values[Anum_pg_largeobject_metadata_lomacl - 1]
2360
2362 values, nulls, replaces);
2363
2365
2366
2368
2369
2371 form_lo_meta->oid, 0,
2372 ownerId,
2373 noldmembers, oldmembers,
2374 nnewmembers, newmembers);
2375
2377
2379
2380
2382 }
2383
2385}
2386
2387static void
2389{
2391
2393
2394
2395 if (IsTrueArrayType(pg_type_tuple))
2397 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2398 errmsg("cannot set privileges of array types"),
2399 errhint("Set the privileges of the element type instead.")));
2400 if (pg_type_tuple->typtype == TYPTYPE_MULTIRANGE)
2402 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2403 errmsg("cannot set privileges of multirange types"),
2404 errhint("Set the privileges of the range type instead.")));
2405}
2406
2407static void
2409{
2412
2415
2417
2418 foreach(cell, istmt->objects)
2419 {
2421 Datum nameDatum;
2422 const char *parname;
2424 bool isNull;
2426 AclMode this_privileges;
2427 Acl *old_acl;
2428 Acl *new_acl;
2429 Oid grantorId;
2430 Oid ownerId;
2432 int noldmembers;
2433 int nnewmembers;
2434 Oid *oldmembers;
2435 Oid *newmembers;
2436
2439 elog(ERROR, "cache lookup failed for parameter ACL %u",
2440 parameterId);
2441
2442
2444 Anum_pg_parameter_acl_parname);
2446
2447
2448 ownerId = BOOTSTRAP_SUPERUSERID;
2449
2450
2451
2452
2453
2455 Anum_pg_parameter_acl_paracl,
2456 &isNull);
2457
2458 if (isNull)
2459 {
2461
2462 noldmembers = 0;
2463 oldmembers = NULL;
2464 }
2465 else
2466 {
2468
2469 noldmembers = aclmembers(old_acl, &oldmembers);
2470 }
2471
2472
2474 old_acl, ownerId,
2475 &grantorId, &avail_goptions);
2476
2477
2478
2479
2480
2481 this_privileges =
2484 parameterId, grantorId,
2486 parname,
2487 0, NULL);
2488
2489
2490
2491
2494 istmt->grantees, this_privileges,
2495 grantorId, ownerId);
2496
2497
2498
2499
2500
2501 nnewmembers = aclmembers(new_acl, &newmembers);
2502
2503
2504
2505
2506
2507
2509 {
2511 }
2512 else
2513 {
2514
2516 Datum values[Natts_pg_parameter_acl] = {0};
2517 bool nulls[Natts_pg_parameter_acl] = {0};
2518 bool replaces[Natts_pg_parameter_acl] = {0};
2519
2520 replaces[Anum_pg_parameter_acl_paracl - 1] = true;
2522
2524 values, nulls, replaces);
2525
2527 }
2528
2529
2531 new_acl);
2532
2533
2535 ownerId,
2536 noldmembers, oldmembers,
2537 nnewmembers, newmembers);
2538
2541
2542
2544 }
2545
2547}
2548
2549
2552{
2553 if (strcmp(privname, "insert") == 0)
2555 if (strcmp(privname, "select") == 0)
2557 if (strcmp(privname, "update") == 0)
2559 if (strcmp(privname, "delete") == 0)
2561 if (strcmp(privname, "truncate") == 0)
2563 if (strcmp(privname, "references") == 0)
2565 if (strcmp(privname, "trigger") == 0)
2567 if (strcmp(privname, "execute") == 0)
2569 if (strcmp(privname, "usage") == 0)
2571 if (strcmp(privname, "create") == 0)
2573 if (strcmp(privname, "temporary") == 0)
2575 if (strcmp(privname, "temp") == 0)
2577 if (strcmp(privname, "connect") == 0)
2579 if (strcmp(privname, "set") == 0)
2581 if (strcmp(privname, "alter system") == 0)
2583 if (strcmp(privname, "maintain") == 0)
2586 (errcode(ERRCODE_SYNTAX_ERROR),
2587 errmsg("unrecognized privilege type \"%s\"", privname)));
2588 return 0;
2589}
2590
2591static const char *
2593{
2594 switch (privilege)
2595 {
2597 return "INSERT";
2599 return "SELECT";
2601 return "UPDATE";
2603 return "DELETE";
2605 return "TRUNCATE";
2607 return "REFERENCES";
2609 return "TRIGGER";
2611 return "EXECUTE";
2613 return "USAGE";
2615 return "CREATE";
2617 return "TEMP";
2619 return "CONNECT";
2621 return "SET";
2623 return "ALTER SYSTEM";
2625 return "MAINTAIN";
2626 default:
2627 elog(ERROR, "unrecognized privilege: %d", (int) privilege);
2628 }
2629 return NULL;
2630}
2631
2632
2633
2634
2635
2636
2637
2638void
2640 const char *objectname)
2641{
2642 switch (aclerr)
2643 {
2645
2646 break;
2648 {
2649 const char *msg = "???";
2650
2651 switch (objtype)
2652 {
2654 msg = gettext_noop("permission denied for aggregate %s");
2655 break;
2657 msg = gettext_noop("permission denied for collation %s");
2658 break;
2660 msg = gettext_noop("permission denied for column %s");
2661 break;
2663 msg = gettext_noop("permission denied for conversion %s");
2664 break;
2666 msg = gettext_noop("permission denied for database %s");
2667 break;
2669 msg = gettext_noop("permission denied for domain %s");
2670 break;
2672 msg = gettext_noop("permission denied for event trigger %s");
2673 break;
2675 msg = gettext_noop("permission denied for extension %s");
2676 break;
2678 msg = gettext_noop("permission denied for foreign-data wrapper %s");
2679 break;
2681 msg = gettext_noop("permission denied for foreign server %s");
2682 break;
2684 msg = gettext_noop("permission denied for foreign table %s");
2685 break;
2687 msg = gettext_noop("permission denied for function %s");
2688 break;
2690 msg = gettext_noop("permission denied for index %s");
2691 break;
2693 msg = gettext_noop("permission denied for language %s");
2694 break;
2696 msg = gettext_noop("permission denied for large object %s");
2697 break;
2699 msg = gettext_noop("permission denied for materialized view %s");
2700 break;
2702 msg = gettext_noop("permission denied for operator class %s");
2703 break;
2705 msg = gettext_noop("permission denied for operator %s");
2706 break;
2708 msg = gettext_noop("permission denied for operator family %s");
2709 break;
2711 msg = gettext_noop("permission denied for parameter %s");
2712 break;
2714 msg = gettext_noop("permission denied for policy %s");
2715 break;
2717 msg = gettext_noop("permission denied for procedure %s");
2718 break;
2720 msg = gettext_noop("permission denied for publication %s");
2721 break;
2723 msg = gettext_noop("permission denied for routine %s");
2724 break;
2726 msg = gettext_noop("permission denied for schema %s");
2727 break;
2729 msg = gettext_noop("permission denied for sequence %s");
2730 break;
2732 msg = gettext_noop("permission denied for statistics object %s");
2733 break;
2735 msg = gettext_noop("permission denied for subscription %s");
2736 break;
2738 msg = gettext_noop("permission denied for table %s");
2739 break;
2741 msg = gettext_noop("permission denied for tablespace %s");
2742 break;
2744 msg = gettext_noop("permission denied for text search configuration %s");
2745 break;
2747 msg = gettext_noop("permission denied for text search dictionary %s");
2748 break;
2750 msg = gettext_noop("permission denied for type %s");
2751 break;
2753 msg = gettext_noop("permission denied for view %s");
2754 break;
2755
2774 elog(ERROR, "unsupported object type: %d", objtype);
2775 }
2776
2778 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2779 errmsg(msg, objectname)));
2780 break;
2781 }
2783 {
2784 const char *msg = "???";
2785
2786 switch (objtype)
2787 {
2789 msg = gettext_noop("must be owner of aggregate %s");
2790 break;
2792 msg = gettext_noop("must be owner of collation %s");
2793 break;
2795 msg = gettext_noop("must be owner of conversion %s");
2796 break;
2798 msg = gettext_noop("must be owner of database %s");
2799 break;
2801 msg = gettext_noop("must be owner of domain %s");
2802 break;
2804 msg = gettext_noop("must be owner of event trigger %s");
2805 break;
2807 msg = gettext_noop("must be owner of extension %s");
2808 break;
2810 msg = gettext_noop("must be owner of foreign-data wrapper %s");
2811 break;
2813 msg = gettext_noop("must be owner of foreign server %s");
2814 break;
2816 msg = gettext_noop("must be owner of foreign table %s");
2817 break;
2819 msg = gettext_noop("must be owner of function %s");
2820 break;
2822 msg = gettext_noop("must be owner of index %s");
2823 break;
2825 msg = gettext_noop("must be owner of language %s");
2826 break;
2828 msg = gettext_noop("must be owner of large object %s");
2829 break;
2831 msg = gettext_noop("must be owner of materialized view %s");
2832 break;
2834 msg = gettext_noop("must be owner of operator class %s");
2835 break;
2837 msg = gettext_noop("must be owner of operator %s");
2838 break;
2840 msg = gettext_noop("must be owner of operator family %s");
2841 break;
2843 msg = gettext_noop("must be owner of procedure %s");
2844 break;
2846 msg = gettext_noop("must be owner of publication %s");
2847 break;
2849 msg = gettext_noop("must be owner of routine %s");
2850 break;
2852 msg = gettext_noop("must be owner of sequence %s");
2853 break;
2855 msg = gettext_noop("must be owner of subscription %s");
2856 break;
2858 msg = gettext_noop("must be owner of table %s");
2859 break;
2861 msg = gettext_noop("must be owner of type %s");
2862 break;
2864 msg = gettext_noop("must be owner of view %s");
2865 break;
2867 msg = gettext_noop("must be owner of schema %s");
2868 break;
2870 msg = gettext_noop("must be owner of statistics object %s");
2871 break;
2873 msg = gettext_noop("must be owner of tablespace %s");
2874 break;
2876 msg = gettext_noop("must be owner of text search configuration %s");
2877 break;
2879 msg = gettext_noop("must be owner of text search dictionary %s");
2880 break;
2881
2882
2883
2884
2885
2886
2887
2893 msg = gettext_noop("must be owner of relation %s");
2894 break;
2895
2912 elog(ERROR, "unsupported object type: %d", objtype);
2913 }
2914
2916 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2917 errmsg(msg, objectname)));
2918 break;
2919 }
2920 default:
2921 elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
2922 break;
2923 }
2924}
2925
2926
2927void
2929 const char *objectname, const char *colname)
2930{
2931 switch (aclerr)
2932 {
2934
2935 break;
2938 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2939 errmsg("permission denied for column \"%s\" of relation \"%s\"",
2940 colname, objectname)));
2941 break;
2943
2945 break;
2946 default:
2947 elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
2948 break;
2949 }
2950}
2951
2952
2953
2954
2955
2956
2957void
2959{
2961
2963}
2964
2965
2966
2967
2968
2972{
2973 switch (objtype)
2974 {
2976 return
2983 return object_aclmask(DatabaseRelationId, object_oid, roleid, mask, how);
2985 return object_aclmask(ProcedureRelationId, object_oid, roleid, mask, how);
2987 return object_aclmask(LanguageRelationId, object_oid, roleid, mask, how);
2990 mask, how, NULL);
2994 return object_aclmask(NamespaceRelationId, object_oid, roleid, mask, how);
2996 elog(ERROR, "grantable rights not supported for statistics objects");
2997
3000 return object_aclmask(TableSpaceRelationId, object_oid, roleid, mask, how);
3002 return object_aclmask(ForeignDataWrapperRelationId, object_oid, roleid, mask, how);
3004 return object_aclmask(ForeignServerRelationId, object_oid, roleid, mask, how);
3006 elog(ERROR, "grantable rights not supported for event triggers");
3007
3010 return object_aclmask(TypeRelationId, object_oid, roleid, mask, how);
3011 default:
3012 elog(ERROR, "unrecognized object type: %d",
3013 (int) objtype);
3014
3016 }
3017}
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3033{
3034 return object_aclmask_ext(classid, objectid, roleid, mask, how, NULL);
3035}
3036
3037
3038
3039
3040
3044 bool *is_missing)
3045{
3046 int cacheid;
3050 bool isNull;
3051 Acl *acl;
3052 Oid ownerId;
3053
3054
3055 switch (classid)
3056 {
3057 case NamespaceRelationId:
3059 is_missing);
3060 case TypeRelationId:
3062 is_missing);
3063 }
3064
3065
3066 Assert(classid != RelationRelationId);
3067 Assert(classid != LargeObjectMetadataRelationId);
3068
3069
3070
3072 return mask;
3073
3074
3075
3076
3077
3079
3082 {
3083 if (is_missing != NULL)
3084 {
3085
3086 *is_missing = true;
3087 return 0;
3088 }
3089 else
3090 elog(ERROR, "cache lookup failed for %s %u",
3092 }
3093
3095 tuple,
3097
3099 &isNull);
3100 if (isNull)
3101 {
3102
3104 aclDatum = (Datum) 0;
3105 }
3106 else
3107 {
3108
3110 }
3111
3112 result = aclmask(acl, roleid, ownerId, mask, how);
3113
3114
3117
3119
3120 return result;
3121}
3122
3123
3124
3125
3126
3127
3128
3129
3130
3134{
3136 mask, how, NULL);
3137}
3138
3139
3140
3141
3145{
3152 bool isNull;
3153 Acl *acl;
3154 Oid ownerId;
3155
3156
3157
3158
3163 {
3164 if (is_missing != NULL)
3165 {
3166
3167 *is_missing = true;
3168 return 0;
3169 }
3170 else
3172 (errcode(ERRCODE_UNDEFINED_COLUMN),
3173 errmsg("attribute %d of relation with OID %u does not exist",
3174 attnum, table_oid)));
3175 }
3176
3178
3179
3180 if (attributeForm->attisdropped)
3181 {
3182 if (is_missing != NULL)
3183 {
3184
3185 *is_missing = true;
3187 return 0;
3188 }
3189 else
3191 (errcode(ERRCODE_UNDEFINED_COLUMN),
3192 errmsg("attribute %d of relation with OID %u does not exist",
3193 attnum, table_oid)));
3194 }
3195
3196 aclDatum = SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
3197 &isNull);
3198
3199
3200
3201
3202
3203
3204 if (isNull)
3205 {
3207 return 0;
3208 }
3209
3210
3211
3212
3213
3214
3215
3216
3219 {
3221 if (is_missing != NULL)
3222 {
3223
3224 *is_missing = true;
3225 return 0;
3226 }
3227 else
3230 errmsg("relation with OID %u does not exist",
3231 table_oid)));
3232 }
3234
3235 ownerId = classForm->relowner;
3236
3238
3239
3241
3242 result = aclmask(acl, roleid, ownerId, mask, how);
3243
3244
3247
3249
3250 return result;
3251}
3252
3253
3254
3255
3259{
3261}
3262
3263
3264
3265
3269{
3274 bool isNull;
3275 Acl *acl;
3276 Oid ownerId;
3277
3278
3279
3280
3283 {
3284 if (is_missing != NULL)
3285 {
3286
3287 *is_missing = true;
3288 return 0;
3289 }
3290 else
3293 errmsg("relation with OID %u does not exist",
3294 table_oid)));
3295 }
3296
3298
3299
3300
3301
3302
3303
3304
3305
3306
3309 classForm->relkind != RELKIND_VIEW &&
3312
3313
3314
3315
3317 {
3319 return mask;
3320 }
3321
3322
3323
3324
3325 ownerId = classForm->relowner;
3326
3327 aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
3328 &isNull);
3329 if (isNull)
3330 {
3331
3332 switch (classForm->relkind)
3333 {
3334 case RELKIND_SEQUENCE:
3336 break;
3337 default:
3339 break;
3340 }
3341 aclDatum = (Datum) 0;
3342 }
3343 else
3344 {
3345
3347 }
3348
3349 result = aclmask(acl, roleid, ownerId, mask, how);
3350
3351
3354
3356
3357
3358
3359
3360
3361
3365
3366
3367
3368
3369
3370
3371
3372
3377
3378
3379
3380
3381
3382
3383
3388
3389 return result;
3390}
3391
3392
3393
3394
3395
3398{
3400 char *parname;
3401 text *partext;
3403
3404
3406 return mask;
3407
3408
3411
3412
3414
3416 {
3417
3419 }
3420 else
3421 {
3423 bool isNull;
3424 Acl *acl;
3425
3427 Anum_pg_parameter_acl_paracl,
3428 &isNull);
3429 if (isNull)
3430 {
3431
3433 aclDatum = (Datum) 0;
3434 }
3435 else
3436 {
3437
3439 }
3440
3441 result = aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3442
3443
3446
3448 }
3449
3452
3453 return result;
3454}
3455
3456
3457
3458
3459
3462{
3466 bool isNull;
3467 Acl *acl;
3468
3469
3471 return mask;
3472
3473
3477 (errcode(ERRCODE_UNDEFINED_OBJECT),
3478 errmsg("parameter ACL with OID %u does not exist",
3479 acl_oid)));
3480
3482 Anum_pg_parameter_acl_paracl,
3483 &isNull);
3484 if (isNull)
3485 {
3486
3488 aclDatum = (Datum) 0;
3489 }
3490 else
3491 {
3492
3494 }
3495
3496 result = aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3497
3498
3501
3503
3504 return result;
3505}
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3523{
3530 bool isNull;
3531 Acl *acl;
3532 Oid ownerId;
3533
3534
3536 return mask;
3537
3538
3539
3540
3541 pg_lo_meta = table_open(LargeObjectMetadataRelationId,
3543
3545 Anum_pg_largeobject_metadata_oid,
3548
3550 LargeObjectMetadataOidIndexId, true,
3551 snapshot, 1, entry);
3552
3556 (errcode(ERRCODE_UNDEFINED_OBJECT),
3557 errmsg("large object %u does not exist", lobj_oid)));
3558
3560
3561 aclDatum = heap_getattr(tuple, Anum_pg_largeobject_metadata_lomacl,
3563
3564 if (isNull)
3565 {
3566
3568 aclDatum = (Datum) 0;
3569 }
3570 else
3571 {
3572
3574 }
3575
3576 result = aclmask(acl, roleid, ownerId, mask, how);
3577
3578
3581
3583
3585
3586 return result;
3587}
3588
3589
3590
3591
3595 bool *is_missing)
3596{
3600 bool isNull;
3601 Acl *acl;
3602 Oid ownerId;
3603
3604
3606 return mask;
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3628 {
3632 else
3634 }
3635
3636
3637
3638
3641 {
3642 if (is_missing != NULL)
3643 {
3644
3645 *is_missing = true;
3646 return 0;
3647 }
3648 else
3650 (errcode(ERRCODE_UNDEFINED_SCHEMA),
3651 errmsg("schema with OID %u does not exist", nsp_oid)));
3652 }
3653
3655
3656 aclDatum = SysCacheGetAttr(NAMESPACEOID, tuple, Anum_pg_namespace_nspacl,
3657 &isNull);
3658 if (isNull)
3659 {
3660
3662 aclDatum = (Datum) 0;
3663 }
3664 else
3665 {
3666
3668 }
3669
3670 result = aclmask(acl, roleid, ownerId, mask, how);
3671
3672
3675
3677
3678
3679
3680
3681
3682
3683
3688 return result;
3689}
3690
3691
3692
3693
3696 bool *is_missing)
3697{
3702 bool isNull;
3703 Acl *acl;
3704 Oid ownerId;
3705
3706
3708 return mask;
3709
3710
3711
3712
3715 {
3716 if (is_missing != NULL)
3717 {
3718
3719 *is_missing = true;
3720 return 0;
3721 }
3722 else
3724 (errcode(ERRCODE_UNDEFINED_OBJECT),
3725 errmsg("type with OID %u does not exist",
3726 type_oid)));
3727 }
3729
3730
3731
3732
3733
3734 if (IsTrueArrayType(typeForm))
3735 {
3736 Oid elttype_oid = typeForm->typelem;
3737
3739
3742 {
3743 if (is_missing != NULL)
3744 {
3745
3746 *is_missing = true;
3747 return 0;
3748 }
3749 else
3751 (errcode(ERRCODE_UNDEFINED_OBJECT),
3752 errmsg("type with OID %u does not exist",
3753 elttype_oid)));
3754 }
3756 }
3757
3758
3759
3760
3761
3762
3763 if (typeForm->typtype == TYPTYPE_MULTIRANGE)
3764 {
3766
3768
3771 {
3772 if (is_missing != NULL)
3773 {
3774
3775 *is_missing = true;
3776 return 0;
3777 }
3778 else
3780 (errcode(ERRCODE_UNDEFINED_OBJECT),
3781 errmsg("type with OID %u does not exist",
3782 rangetype)));
3783 }
3785 }
3786
3787
3788
3789
3790 ownerId = typeForm->typowner;
3791
3793 Anum_pg_type_typacl, &isNull);
3794 if (isNull)
3795 {
3796
3798 aclDatum = (Datum) 0;
3799 }
3800 else
3801 {
3802
3804 }
3805
3806 result = aclmask(acl, roleid, ownerId, mask, how);
3807
3808
3811
3813
3814 return result;
3815}
3816
3817
3818
3819
3822{
3824}
3825
3826
3827
3828
3829
3833 bool *is_missing)
3834{
3836 is_missing) != 0)
3838 else
3840}
3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
3855{
3857}
3858
3859
3860
3861
3862
3863
3867{
3871 else
3873}
3874
3875
3876
3877
3878
3879
3880
3881
3882
3883
3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3897{
3899}
3900
3901
3902
3903
3904
3908 bool *is_missing)
3909{
3913 Oid ownerId;
3916
3917
3918
3919
3922 {
3923 if (is_missing != NULL)
3924 {
3925
3926 *is_missing = true;
3928 }
3929 else
3932 errmsg("relation with OID %u does not exist",
3933 table_oid)));
3934 }
3936
3937 ownerId = classForm->relowner;
3938 nattrs = classForm->relnatts;
3939
3941
3942
3943
3944
3945
3947
3948 for (curr_att = 1; curr_att <= nattrs; curr_att++)
3949 {
3952 bool isNull;
3953 Acl *acl;
3955
3959
3960
3961
3962
3963
3964
3966 continue;
3967
3968
3970 {
3972 continue;
3973 }
3974
3975 aclDatum = SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
3976 &isNull);
3977
3978
3979
3980
3981
3982
3983 if (isNull)
3984 attmask = 0;
3985 else
3986 {
3987
3989
3991
3992
3995 }
3996
3998
3999 if (attmask != 0)
4000 {
4003 break;
4004 }
4005 else
4006 {
4009 break;
4010 }
4011 }
4012
4013 return result;
4014}
4015
4016
4017
4018
4019
4020
4021
4022
4025{
4027}
4028
4029
4030
4031
4032
4036{
4040 else
4042}
4043
4044
4045
4046
4047
4050{
4053 else
4055}
4056
4057
4058
4059
4063{
4067 else
4069}
4070
4071
4072
4073
4074bool
4076{
4077 int cacheid;
4078 Oid ownerId;
4079
4080
4082 return true;
4083
4084
4085 if (classid == LargeObjectRelationId)
4086 classid = LargeObjectMetadataRelationId;
4087
4089 if (cacheid != -1)
4090 {
4091
4093
4096 elog(ERROR, "cache lookup failed for %s %u",
4098
4100 tuple,
4103 }
4104 else
4105 {
4106
4111 bool isnull;
4112
4114
4119
4122 NULL, 1, entry);
4123
4126 elog(ERROR, "could not find tuple for %s %u",
4128
4132 &isnull));
4134
4137 }
4138
4140}
4141
4142
4143
4144
4145
4146
4147
4148
4149
4150
4151
4152
4153bool
4155{
4156 bool result = false;
4158
4159
4161 return true;
4162
4165 {
4168 }
4169 return result;
4170}
4171
4172bool
4174{
4175 bool result = false;
4177
4178
4180 return true;
4181
4184 {
4187 }
4188 return result;
4189}
4190
4191
4192
4193
4194
4195
4196static Acl *
4198{
4199 Acl *result = NULL;
4201
4206
4208 {
4210 bool isNull;
4211
4213 Anum_pg_default_acl_defaclacl,
4214 &isNull);
4215 if (!isNull)
4218 }
4219
4220 return result;
4221}
4222
4223
4224
4225
4226
4227
4228
4229
4230
4233{
4234 Acl *result;
4235 Acl *glob_acl;
4236 Acl *schema_acl;
4237 Acl *def_acl;
4238 char defaclobjtype;
4239
4240
4241
4242
4243
4245 return NULL;
4246
4247
4248 switch (objtype)
4249 {
4251 defaclobjtype = DEFACLOBJ_RELATION;
4252 break;
4253
4255 defaclobjtype = DEFACLOBJ_SEQUENCE;
4256 break;
4257
4259 defaclobjtype = DEFACLOBJ_FUNCTION;
4260 break;
4261
4263 defaclobjtype = DEFACLOBJ_TYPE;
4264 break;
4265
4267 defaclobjtype = DEFACLOBJ_NAMESPACE;
4268 break;
4269
4271 defaclobjtype = DEFACLOBJ_LARGEOBJECT;
4272 break;
4273
4274 default:
4275 return NULL;
4276 }
4277
4278
4281
4282
4283 if (glob_acl == NULL && schema_acl == NULL)
4284 return NULL;
4285
4286
4287 def_acl = acldefault(objtype, ownerId);
4288
4289
4290 if (glob_acl == NULL)
4291 glob_acl = def_acl;
4292
4293
4294 result = aclmerge(glob_acl, schema_acl, ownerId);
4295
4296
4297
4298
4299
4302 if (aclequal(result, def_acl))
4303 result = NULL;
4304
4305 return result;
4306}
4307
4308
4309
4310
4311void
4314{
4315 int nmembers;
4316 Oid *members;
4317
4318
4319 if (acl == NULL)
4320 return;
4321
4322
4323 nmembers = aclmembers(acl, &members);
4324
4325
4327 ownerId,
4328 0, NULL,
4329 nmembers, members);
4330}
4331
4332
4333
4334
4335
4336
4337
4338void
4340{
4341
4342
4343
4344
4345
4346
4347
4348 if (classoid == RelationRelationId)
4349 {
4352 bool isNull;
4354
4357 elog(ERROR, "cache lookup failed for relation %u", objoid);
4359
4360
4361
4362
4363
4364
4365 if (pg_class_tuple->relkind == RELKIND_INDEX ||
4366 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4367 pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4368 {
4370 return;
4371 }
4372
4373
4374
4375
4376
4377 if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4378 {
4380 AttrNumber nattrs = pg_class_tuple->relnatts;
4381
4382 for (curr_att = 1; curr_att <= nattrs; curr_att++)
4383 {
4385 Datum attaclDatum;
4386
4390
4392 continue;
4393
4394
4396 {
4398 continue;
4399 }
4400
4402 Anum_pg_attribute_attacl,
4403 &isNull);
4404
4405
4406 if (isNull)
4407 {
4409 continue;
4410 }
4411
4414
4416 }
4417 }
4418
4419 aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
4420 &isNull);
4421
4422
4423 if (!isNull)
4426
4428 }
4429 else if (classoid == LargeObjectRelationId)
4430 {
4431
4433 bool isNull;
4438
4439
4440
4441
4442
4443
4445
4446
4448 Anum_pg_largeobject_metadata_oid,
4451
4453 LargeObjectMetadataOidIndexId, true,
4454 NULL, 1, entry);
4455
4458 elog(ERROR, "could not find tuple for large object %u", objoid);
4459
4461 Anum_pg_largeobject_metadata_lomacl,
4463
4464
4465 if (!isNull)
4468
4470 }
4471
4473 {
4474 int cacheid;
4476 bool isNull;
4478
4482 elog(ERROR, "cache lookup failed for %s %u",
4484
4487 &isNull);
4488
4489
4490 if (!isNull)
4493
4495 }
4496}
4497
4498
4499
4500
4501
4502void
4504{
4505
4506
4507
4508
4509
4510 if (classoid == RelationRelationId)
4511 {
4514
4517 elog(ERROR, "cache lookup failed for relation %u", objoid);
4519
4520
4521
4522
4523
4524
4525 if (pg_class_tuple->relkind == RELKIND_INDEX ||
4526 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4527 pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4528 {
4530 return;
4531 }
4532
4533
4534
4535
4536
4537 if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4538 {
4540 AttrNumber nattrs = pg_class_tuple->relnatts;
4541
4542 for (curr_att = 1; curr_att <= nattrs; curr_att++)
4543 {
4545
4549
4551 continue;
4552
4553
4554
4556
4558 }
4559 }
4560
4562 }
4563
4564
4566}
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576
4577
4578
4579
4580
4581
4582
4583
4584
4585static void
4587{
4588
4589
4590
4591
4592
4593
4594
4595
4597 return;
4598
4600}
4601
4602
4603
4604
4605
4606
4607
4608
4609
4610
4611
4612
4613
4614static void
4616 Acl *new_acl)
4617{
4623 int noldmembers;
4624 int nnewmembers;
4625 Oid *oldmembers;
4626 Oid *newmembers;
4627
4628
4629 nnewmembers = aclmembers(new_acl, &newmembers);
4630
4631
4633
4635 Anum_pg_init_privs_objoid,
4639 Anum_pg_init_privs_classoid,
4643 Anum_pg_init_privs_objsubid,
4646
4648 NULL, 3, key);
4649
4650
4652
4653
4655 {
4656 Datum values[Natts_pg_init_privs] = {0};
4657 bool nulls[Natts_pg_init_privs] = {0};
4658 bool replace[Natts_pg_init_privs] = {0};
4659 Datum oldAclDatum;
4660 bool isNull;
4661 Acl *old_acl;
4662
4663
4664 oldAclDatum = heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4668 noldmembers = aclmembers(old_acl, &oldmembers);
4669
4671 noldmembers, oldmembers,
4672 nnewmembers, newmembers);
4673
4674
4675 if (new_acl && ACL_NUM(new_acl) != 0)
4676 {
4678 replace[Anum_pg_init_privs_initprivs - 1] = true;
4679
4681 values, nulls, replace);
4682
4684 }
4685 else
4686 {
4687
4689 }
4690 }
4691 else
4692 {
4693 Datum values[Natts_pg_init_privs] = {0};
4694 bool nulls[Natts_pg_init_privs] = {0};
4695
4696
4697
4698
4699
4700
4701
4702 if (new_acl && ACL_NUM(new_acl) != 0)
4703 {
4704
4708
4709
4710 values[Anum_pg_init_privs_privtype - 1] =
4712
4714
4716
4718
4719
4720 noldmembers = 0;
4721 oldmembers = NULL;
4722
4724 noldmembers, oldmembers,
4725 nnewmembers, newmembers);
4726 }
4727 }
4728
4730
4731
4733
4735}
4736
4737
4738
4739
4740
4741
4742void
4745{
4750 Datum oldAclDatum;
4751 bool isNull;
4752 Acl *old_acl;
4753 Acl *new_acl;
4755 int noldmembers;
4756 int nnewmembers;
4757 Oid *oldmembers;
4758 Oid *newmembers;
4759
4760
4762
4764 Anum_pg_init_privs_objoid,
4768 Anum_pg_init_privs_classoid,
4772 Anum_pg_init_privs_objsubid,
4775
4777 NULL, 3, key);
4778
4779
4781
4783 {
4784
4785
4786
4787
4790 return;
4791 }
4792
4793
4794 oldAclDatum = heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4798
4799
4800
4801
4802
4803 new_acl = aclnewowner(old_acl, oldroleid, newroleid);
4804
4805
4806
4807
4808
4809 if (new_acl == NULL || ACL_NUM(new_acl) == 0)
4810 {
4812 }
4813 else
4814 {
4815 Datum values[Natts_pg_init_privs] = {0};
4816 bool nulls[Natts_pg_init_privs] = {0};
4817 bool replaces[Natts_pg_init_privs] = {0};
4818
4819
4821 replaces[Anum_pg_init_privs_initprivs - 1] = true;
4822
4824 values, nulls, replaces);
4826 }
4827
4828
4829
4830
4831 noldmembers = aclmembers(old_acl, &oldmembers);
4832 nnewmembers = aclmembers(new_acl, &newmembers);
4833
4835 noldmembers, oldmembers,
4836 nnewmembers, newmembers);
4837
4839
4840
4842
4844}
4845
4846
4847
4848
4849
4850
4851void
4853{
4858 int cacheid;
4860 Oid ownerId;
4861 Datum oldAclDatum;
4862 bool isNull;
4863 Acl *old_acl;
4864 Acl *new_acl;
4866 int noldmembers;
4867 int nnewmembers;
4868 Oid *oldmembers;
4869 Oid *newmembers;
4870
4871
4873
4875 Anum_pg_init_privs_objoid,
4879 Anum_pg_init_privs_classoid,
4883 Anum_pg_init_privs_objsubid,
4886
4888 NULL, 3, key);
4889
4890
4892
4894 {
4895
4896
4897
4898
4901 return;
4902 }
4903
4904
4905 oldAclDatum = heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4909
4910
4911
4912
4913
4914
4915 noldmembers = aclmembers(old_acl, &oldmembers);
4916
4917
4921 elog(ERROR, "cache lookup failed for %s %u",
4923
4925 objtuple,
4928
4929
4930
4931
4932 if (old_acl != NULL)
4934 false,
4935 false,
4939 ownerId,
4940 ownerId);
4941 else
4942 new_acl = NULL;
4943
4944
4945 if (new_acl == NULL || ACL_NUM(new_acl) == 0)
4946 {
4948 }
4949 else
4950 {
4951 Datum values[Natts_pg_init_privs] = {0};
4952 bool nulls[Natts_pg_init_privs] = {0};
4953 bool replaces[Natts_pg_init_privs] = {0};
4954
4955
4957 replaces[Anum_pg_init_privs_initprivs - 1] = true;
4958
4960 values, nulls, replaces);
4962 }
4963
4964
4965
4966
4967 nnewmembers = aclmembers(new_acl, &newmembers);
4968
4970 noldmembers, oldmembers,
4971 nnewmembers, newmembers);
4972
4974
4975
4977
4979}
Acl * aclconcat(const Acl *left_acl, const Acl *right_acl)
Acl * aclmerge(const Acl *left_acl, const Acl *right_acl, Oid ownerId)
Acl * acldefault(ObjectType objtype, Oid ownerId)
bool aclequal(const Acl *left_acl, const Acl *right_acl)
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
bool has_privs_of_role(Oid member, Oid role)
Acl * make_empty_acl(void)
int aclmembers(const Acl *acl, Oid **roleids)
Acl * aclnewowner(const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)
Acl * aclcopy(const Acl *orig_acl)
void aclitemsort(Acl *acl)
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
#define ACLITEM_ALL_PRIV_BITS
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
#define ACL_ALL_RIGHTS_TABLESPACE
#define ACL_ALL_RIGHTS_PARAMETER_ACL
#define ACL_ALL_RIGHTS_SCHEMA
#define ACL_ALL_RIGHTS_SEQUENCE
#define ACL_ALL_RIGHTS_DATABASE
#define ACL_ALL_RIGHTS_COLUMN
#define ACL_OPTION_TO_PRIVS(privs)
#define ACL_ALL_RIGHTS_FUNCTION
#define ACL_ALL_RIGHTS_LANGUAGE
#define ACL_ALL_RIGHTS_TYPE
#define ACL_ALL_RIGHTS_FDW
#define ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)
#define DatumGetAclPCopy(X)
#define ACL_ALL_RIGHTS_RELATION
#define ACL_ALL_RIGHTS_LARGEOBJECT
#define ACL_GRANT_OPTION_FOR(privs)
static AclMode pg_attribute_aclmask_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
AclResult object_aclcheck_ext(Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)
void ExecuteGrantStmt(GrantStmt *stmt)
AclResult pg_largeobject_aclcheck_snapshot(Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)
static void expand_all_col_privileges(Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
void RemoveRoleFromInitPriv(Oid roleid, Oid classid, Oid objid, int32 objsubid)
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
static void expand_col_privileges(List *colnames, Oid table_oid, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
bool has_bypassrls_privilege(Oid roleid)
AclResult pg_class_aclcheck_ext(Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)
void aclcheck_error_col(AclResult aclerr, ObjectType objtype, const char *objectname, const char *colname)
AclResult pg_attribute_aclcheck_all_ext(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)
void recordDependencyOnNewAcl(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, Acl *acl)
static void ExecGrant_Attribute(InternalGrant *istmt, Oid relOid, const char *relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)
static void ExecGrant_Type_check(InternalGrant *istmt, HeapTuple tuple)
void ExecAlterDefaultPrivilegesStmt(ParseState *pstate, AlterDefaultPrivilegesStmt *stmt)
static void ExecGrantStmt_oids(InternalGrant *istmt)
static AclMode pg_largeobject_aclmask_snapshot(Oid lobj_oid, Oid roleid, AclMode mask, AclMaskHow how, Snapshot snapshot)
static AclMode pg_attribute_aclmask(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
static List * objectNamesToOids(ObjectType objtype, List *objnames, bool is_grant)
static AclMode pg_parameter_aclmask(const char *name, Oid roleid, AclMode mask, AclMaskHow how)
AclResult pg_attribute_aclcheck_all(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
static AclMode pg_parameter_acl_aclmask(Oid acl_oid, Oid roleid, AclMode mask, AclMaskHow how)
static void SetDefaultACL(InternalDefaultACL *iacls)
static List * objectsInSchemaToOids(ObjectType objtype, List *nspnames)
AclResult pg_parameter_aclcheck(const char *name, Oid roleid, AclMode mode)
void ReplaceRoleInInitPriv(Oid oldroleid, Oid newroleid, Oid classid, Oid objid, int32 objsubid)
static void ExecGrant_common(InternalGrant *istmt, Oid classid, AclMode default_privs, void(*object_check)(InternalGrant *istmt, HeapTuple tuple))
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
void recordExtObjInitPriv(Oid objoid, Oid classoid)
static List * getRelationsInNamespace(Oid namespaceId, char relkind)
static AclMode pg_class_aclmask_ext(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
static AclMode string_to_privilege(const char *privname)
void aclcheck_error(AclResult aclerr, ObjectType objtype, const char *objectname)
static AclMode object_aclmask(Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how)
static void ExecGrant_Largeobject(InternalGrant *istmt)
AclResult pg_attribute_aclcheck(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode)
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
AclResult object_aclcheck(Oid classid, Oid objectid, Oid roleid, AclMode mode)
static void recordExtensionInitPrivWorker(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
bool object_ownercheck(Oid classid, Oid objectid, Oid roleid)
AclResult pg_attribute_aclcheck_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
static AclMode pg_namespace_aclmask_ext(Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
static void SetDefaultACLsInSchemas(InternalDefaultACL *iacls, List *nspnames)
AclMode pg_class_aclmask(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)
static void ExecGrant_Parameter(InternalGrant *istmt)
static const char * privilege_to_string(AclMode privilege)
static Acl * get_default_acl_internal(Oid roleId, Oid nsp_oid, char objtype)
void aclcheck_error_type(AclResult aclerr, Oid typeOid)
bool has_createrole_privilege(Oid roleid)
static void ExecGrant_Relation(InternalGrant *istmt)
static AclMode pg_type_aclmask_ext(Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
bool binary_upgrade_record_init_privs
Acl * get_user_default_acl(ObjectType objtype, Oid ownerId, Oid nsp_oid)
void RemoveRoleFromObjectACL(Oid roleid, Oid classid, Oid objid)
static void ExecGrant_Language_check(InternalGrant *istmt, HeapTuple tuple)
AclResult pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode)
static AclMode pg_aclmask(ObjectType objtype, Oid object_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
static AclMode object_aclmask_ext(Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
void removeExtObjInitPriv(Oid objoid, Oid classoid)
#define InvalidAttrNumber
static Datum values[MAXATTR]
#define TextDatumGetCString(d)
#define OidIsValid(objectId)
Oid GetNewOidWithIndex(Relation relation, Oid indexId, AttrNumber oidcolumn)
bool IsSystemClass(Oid relid, Form_pg_class reltuple)
void errorConflictingDefElem(DefElem *defel, ParseState *pstate)
void performDeletion(const ObjectAddress *object, DropBehavior behavior, int flags)
int errdetail(const char *fmt,...)
int errhint(const char *fmt,...)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
bool EventTriggerSupportsObjectType(ObjectType obtype)
void EventTriggerCollectGrant(InternalGrant *istmt)
#define palloc0_array(type, count)
char * format_type_be(Oid type_oid)
void systable_endscan(SysScanDesc sysscan)
HeapTuple systable_getnext(SysScanDesc sysscan)
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
char * convert_GUC_name_for_parameter_acl(const char *name)
Assert(PointerIsAligned(start, uint64))
HeapTuple heap_getnext(TableScanDesc sscan, ScanDirection direction)
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, const Datum *replValues, const bool *replIsnull, const bool *doReplace)
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
#define HeapTupleIsValid(tuple)
static Datum heap_getattr(HeapTuple tup, int attnum, TupleDesc tupleDesc, bool *isnull)
static void * GETSTRUCT(const HeapTupleData *tuple)
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
if(TABLE==NULL||TABLE_index==NULL)
List * lappend(List *list, void *datum)
List * list_concat(List *list1, const List *list2)
List * lappend_oid(List *list, Oid datum)
void UnlockTuple(Relation relation, ItemPointer tid, LOCKMODE lockmode)
#define InplaceUpdateTupleLock
char * get_rel_name(Oid relid)
AttrNumber get_attnum(Oid relid, const char *attname)
Oid get_element_type(Oid typid)
Oid get_multirange_range(Oid multirangeOid)
TypeName * makeTypeNameFromNameList(List *names)
void pfree(void *pointer)
void * palloc0(Size size)
#define IsBootstrapProcessingMode()
Oid LookupExplicitNamespace(const char *nspname, bool missing_ok)
bool isTempNamespace(Oid namespaceId)
Oid get_namespace_oid(const char *nspname, bool missing_ok)
#define RangeVarGetRelid(relation, lockmode, missing_ok)
#define InvokeObjectPostCreateHook(classId, objectId, subId)
#define InvokeObjectPostAlterHook(classId, objectId, subId)
AttrNumber get_object_attnum_owner(Oid class_id)
AttrNumber get_object_attnum_oid(Oid class_id)
AttrNumber get_object_attnum_name(Oid class_id)
const char * get_object_class_descr(Oid class_id)
AttrNumber get_object_attnum_acl(Oid class_id)
int get_object_catcache_oid(Oid class_id)
Oid get_object_oid_index(Oid class_id)
ObjectType get_object_type(Oid class_id, Oid object_id)
ObjectAddress get_object_address(ObjectType objtype, Node *object, Relation *relp, LOCKMODE lockmode, bool missing_ok)
@ OBJECT_PUBLICATION_NAMESPACE
@ ACL_TARGET_ALL_IN_SCHEMA
FormData_pg_attribute * Form_pg_attribute
FormData_pg_authid * Form_pg_authid
static PgChecksumMode mode
FormData_pg_class * Form_pg_class
FormData_pg_default_acl * Form_pg_default_acl
void recordDependencyOn(const ObjectAddress *depender, const ObjectAddress *referenced, DependencyType behavior)
FormData_pg_language * Form_pg_language
#define list_make1_oid(x1)
FormData_pg_namespace * Form_pg_namespace
Oid ParameterAclLookup(const char *parameter, bool missing_ok)
Oid ParameterAclCreate(const char *parameter)
FormData_pg_proc * Form_pg_proc
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
void updateInitAclDependencies(Oid classId, Oid objectId, int32 objsubId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
void recordDependencyOnOwner(Oid classId, Oid objectId, Oid owner)
FormData_pg_type * Form_pg_type
#define ERRCODE_UNDEFINED_TABLE
static Datum PointerGetDatum(const void *X)
static Name DatumGetName(Datum X)
static Oid DatumGetObjectId(Datum X)
static Datum Int16GetDatum(int16 X)
static Datum ObjectIdGetDatum(Oid X)
static Pointer DatumGetPointer(Datum X)
static Datum Int32GetDatum(int32 X)
static Datum CharGetDatum(char X)
#define RelationGetDescr(relation)
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
#define BTEqualStrategyNumber
bool superuser_arg(Oid roleid)
#define FirstLowInvalidHeapAttributeNumber
void ReleaseSysCache(HeapTuple tuple)
HeapTuple SearchSysCacheLocked1(int cacheId, Datum key1)
HeapTuple SearchSysCache1(int cacheId, Datum key1)
HeapTuple SearchSysCache3(int cacheId, Datum key1, Datum key2, Datum key3)
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
HeapTuple SearchSysCache2(int cacheId, Datum key1, Datum key2)
Datum SysCacheGetAttrNotNull(int cacheId, HeapTuple tup, AttrNumber attributeNumber)
void table_close(Relation relation, LOCKMODE lockmode)
Relation table_open(Oid relationId, LOCKMODE lockmode)
TableScanDesc table_beginscan_catalog(Relation relation, int nkeys, struct ScanKeyData *key)
static void table_endscan(TableScanDesc scan)
text * cstring_to_text(const char *s)
void CommandCounterIncrement(void)