PostgreSQL Source Code git master
Loading...
Searching...
No Matches
Data Structures | Macros | Enumerations | Functions | Variables
acl.c File Reference
#include "postgres.h"
#include <ctype.h>
#include "access/htup_details.h"
#include "catalog/catalog.h"
#include "catalog/namespace.h"
#include "catalog/pg_auth_members.h"
#include "catalog/pg_authid.h"
#include "catalog/pg_class.h"
#include "catalog/pg_database.h"
#include "catalog/pg_foreign_data_wrapper.h"
#include "catalog/pg_foreign_server.h"
#include "catalog/pg_language.h"
#include "catalog/pg_largeobject.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_proc.h"
#include "catalog/pg_tablespace.h"
#include "catalog/pg_type.h"
#include "commands/proclang.h"
#include "commands/tablespace.h"
#include "common/hashfn.h"
#include "foreign/foreign.h"
#include "funcapi.h"
#include "lib/bloomfilter.h"
#include "lib/qunique.h"
#include "miscadmin.h"
#include "storage/large_object.h"
#include "utils/acl.h"
#include "utils/array.h"
#include "utils/builtins.h"
#include "utils/catcache.h"
#include "utils/inval.h"
#include "utils/lsyscache.h"
#include "utils/memutils.h"
#include "utils/snapmgr.h"
#include "utils/syscache.h"
#include "utils/varlena.h"
Include dependency graph for acl.c:

Go to the source code of this file.

Data Structures

struct  priv_map
 

Macros

#define ROLES_LIST_BLOOM_THRESHOLD   1024
 

Enumerations

enum  RoleRecurseType { ROLERECURSE_MEMBERS = 0 , ROLERECURSE_PRIVS = 1 , ROLERECURSE_SETROLE = 2 }
 

Functions

static const chargetid (const char *s, char *n, Node *escontext)
 
static void putid (char *p, const char *s)
 
static Aclallocacl (int n)
 
static void check_acl (const Acl *acl)
 
static const characlparse (const char *s, AclItem *aip, Node *escontext)
 
static bool aclitem_match (const AclItem *a1, const AclItem *a2)
 
static int aclitemComparator (const void *arg1, const void *arg2)
 
static void check_circularity (const Acl *old_acl, const AclItem *mod_aip, Oid ownerId)
 
static Aclrecursive_revoke (Acl *acl, Oid grantee, AclMode revoke_privs, Oid ownerId, DropBehavior behavior)
 
static AclMode convert_any_priv_string (text *priv_type_text, const priv_map *privileges)
 
static Oid convert_table_name (text *tablename)
 
static AclMode convert_table_priv_string (text *priv_type_text)
 
static AclMode convert_sequence_priv_string (text *priv_type_text)
 
static AttrNumber convert_column_name (Oid tableoid, text *column)
 
static AclMode convert_column_priv_string (text *priv_type_text)
 
static Oid convert_database_name (text *databasename)
 
static AclMode convert_database_priv_string (text *priv_type_text)
 
static Oid convert_foreign_data_wrapper_name (text *fdwname)
 
static AclMode convert_foreign_data_wrapper_priv_string (text *priv_type_text)
 
static Oid convert_function_name (text *functionname)
 
static AclMode convert_function_priv_string (text *priv_type_text)
 
static Oid convert_language_name (text *languagename)
 
static AclMode convert_language_priv_string (text *priv_type_text)
 
static Oid convert_schema_name (text *schemaname)
 
static AclMode convert_schema_priv_string (text *priv_type_text)
 
static Oid convert_server_name (text *servername)
 
static AclMode convert_server_priv_string (text *priv_type_text)
 
static Oid convert_tablespace_name (text *tablespacename)
 
static AclMode convert_tablespace_priv_string (text *priv_type_text)
 
static Oid convert_type_name (text *typename)
 
static AclMode convert_type_priv_string (text *priv_type_text)
 
static AclMode convert_parameter_priv_string (text *priv_text)
 
static AclMode convert_largeobject_priv_string (text *priv_type_text)
 
static AclMode convert_role_priv_string (text *priv_type_text)
 
static AclResult pg_role_aclcheck (Oid role_oid, Oid roleid, AclMode mode)
 
static void RoleMembershipCacheCallback (Datum arg, SysCacheIdentifier cacheid, uint32 hashvalue)
 
static bool is_safe_acl_char (unsigned char c, bool is_getid)
 
Aclmake_empty_acl (void)
 
Aclaclcopy (const Acl *orig_acl)
 
Aclaclconcat (const Acl *left_acl, const Acl *right_acl)
 
Aclaclmerge (const Acl *left_acl, const Acl *right_acl, Oid ownerId)
 
void aclitemsort (Acl *acl)
 
bool aclequal (const Acl *left_acl, const Acl *right_acl)
 
Datum aclitemin (PG_FUNCTION_ARGS)
 
Datum aclitemout (PG_FUNCTION_ARGS)
 
Datum aclitem_eq (PG_FUNCTION_ARGS)
 
Datum hash_aclitem (PG_FUNCTION_ARGS)
 
Datum hash_aclitem_extended (PG_FUNCTION_ARGS)
 
Aclacldefault (ObjectType objtype, Oid ownerId)
 
Datum acldefault_sql (PG_FUNCTION_ARGS)
 
Aclaclupdate (const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
 
Aclaclnewowner (const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)
 
AclMode aclmask (const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
 
static AclMode aclmask_direct (const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
 
int aclmembers (const Acl *acl, Oid **roleids)
 
Datum aclinsert (PG_FUNCTION_ARGS)
 
Datum aclremove (PG_FUNCTION_ARGS)
 
Datum aclcontains (PG_FUNCTION_ARGS)
 
Datum makeaclitem (PG_FUNCTION_ARGS)
 
static const charconvert_aclright_to_string (int aclright)
 
Datum aclexplode (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_id_id (PG_FUNCTION_ARGS)
 
static int column_privilege_check (Oid tableoid, AttrNumber attnum, Oid roleid, AclMode mode)
 
Datum has_column_privilege_name_name_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_name_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_id_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_id_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_name_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_name_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_id_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_id_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_attnum (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_id_id (PG_FUNCTION_ARGS)
 
static bool has_param_priv_byname (Oid roleid, const text *parameter, AclMode priv)
 
Datum has_parameter_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_parameter_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_parameter_privilege_id_name (PG_FUNCTION_ARGS)
 
static bool has_lo_priv_byid (Oid roleid, Oid lobjId, AclMode priv, bool *is_missing)
 
Datum has_largeobject_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_largeobject_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_largeobject_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum pg_has_role_name_name (PG_FUNCTION_ARGS)
 
Datum pg_has_role_name (PG_FUNCTION_ARGS)
 
Datum pg_has_role_name_id (PG_FUNCTION_ARGS)
 
Datum pg_has_role_id (PG_FUNCTION_ARGS)
 
Datum pg_has_role_id_name (PG_FUNCTION_ARGS)
 
Datum pg_has_role_id_id (PG_FUNCTION_ARGS)
 
void initialize_acl (void)
 
static Listroles_list_append (List *roles_list, bloom_filter **bf, Oid role)
 
static Listroles_is_member_of (Oid roleid, enum RoleRecurseType type, Oid admin_of, Oid *admin_role)
 
bool has_privs_of_role (Oid member, Oid role)
 
bool member_can_set_role (Oid member, Oid role)
 
void check_can_set_role (Oid member, Oid role)
 
bool is_member_of_role (Oid member, Oid role)
 
bool is_member_of_role_nosuper (Oid member, Oid role)
 
bool is_admin_of_role (Oid member, Oid role)
 
Oid select_best_admin (Oid member, Oid role)
 
void select_best_grantor (Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
 
Oid get_role_oid (const char *rolname, bool missing_ok)
 
Oid get_role_oid_or_public (const char *rolname)
 
Oid get_rolespec_oid (const RoleSpec *role, bool missing_ok)
 
HeapTuple get_rolespec_tuple (const RoleSpec *role)
 
charget_rolespec_name (const RoleSpec *role)
 
void check_rolespec_name (const RoleSpec *role, const char *detail_msg)
 

Variables

static Oid cached_role [] = {InvalidOid, InvalidOid, InvalidOid}
 
static Listcached_roles [] = {NIL, NIL, NIL}
 
static uint32 cached_db_hash
 

Macro Definition Documentation

◆ ROLES_LIST_BLOOM_THRESHOLD

#define ROLES_LIST_BLOOM_THRESHOLD   1024

Definition at line 90 of file acl.c.

Enumeration Type Documentation

◆ RoleRecurseType

enum RoleRecurseType
Enumerator
ROLERECURSE_MEMBERS 
ROLERECURSE_PRIVS 
ROLERECURSE_SETROLE 

Definition at line 74 of file acl.c.

75{
76 ROLERECURSE_MEMBERS = 0, /* recurse unconditionally */
77 ROLERECURSE_PRIVS = 1, /* recurse through inheritable grants */
78 ROLERECURSE_SETROLE = 2 /* recurse through grants with set_option */
79};
ROLERECURSE_PRIVS
@ ROLERECURSE_PRIVS
Definition acl.c:77
ROLERECURSE_MEMBERS
@ ROLERECURSE_MEMBERS
Definition acl.c:76
ROLERECURSE_SETROLE
@ ROLERECURSE_SETROLE
Definition acl.c:78

Function Documentation

◆ aclconcat()

Acl * aclconcat ( const Acl left_acl,
const Acl right_acl 
)

Definition at line 478 of file acl.c.

479{
480 Acl *result_acl;
481
482 result_acl = allocacl(ACL_NUM(left_acl) + ACL_NUM(right_acl));
483
484 memcpy(ACL_DAT(result_acl),
485 ACL_DAT(left_acl),
486 ACL_NUM(left_acl) * sizeof(AclItem));
487
488 memcpy(ACL_DAT(result_acl) + ACL_NUM(left_acl),
489 ACL_DAT(right_acl),
490 ACL_NUM(right_acl) * sizeof(AclItem));
491
492 return result_acl;
493}
allocacl
static Acl * allocacl(int n)
Definition acl.c:427
ACL_DAT
#define ACL_DAT(ACL)
Definition acl.h:109
ACL_NUM
#define ACL_NUM(ACL)
Definition acl.h:108
fb
static int fb(int x)
Definition preproc-init.c:92
AclItem
Definition acl.h:55

References ACL_DAT, ACL_NUM, allocacl(), and fb().

Referenced by ExecGrant_Attribute().

◆ aclcontains()

Datum aclcontains ( PG_FUNCTION_ARGS  )

Definition at line 1613 of file acl.c.

1614{
1615 Acl *acl = PG_GETARG_ACL_P(0);
1616 AclItem *aip = PG_GETARG_ACLITEM_P(1);
1617 AclItem *aidat;
1618 int i,
1619 num;
1620
1621 check_acl(acl);
1622 num = ACL_NUM(acl);
1623 aidat = ACL_DAT(acl);
1624 for (i = 0; i < num; ++i)
1625 {
1626 if (aip->ai_grantee == aidat[i].ai_grantee &&
1627 aip->ai_grantor == aidat[i].ai_grantor &&
1628 (ACLITEM_GET_RIGHTS(*aip) & ACLITEM_GET_RIGHTS(aidat[i])) == ACLITEM_GET_RIGHTS(*aip))
1629 PG_RETURN_BOOL(true);
1630 }
1631 PG_RETURN_BOOL(false);
1632}
check_acl
static void check_acl(const Acl *acl)
Definition acl.c:591
PG_GETARG_ACLITEM_P
#define PG_GETARG_ACLITEM_P(n)
Definition acl.h:117
PG_GETARG_ACL_P
#define PG_GETARG_ACL_P(n)
Definition acl.h:122
ACLITEM_GET_RIGHTS
#define ACLITEM_GET_RIGHTS(item)
Definition acl.h:68
PG_RETURN_BOOL
#define PG_RETURN_BOOL(x)
Definition fmgr.h:360
i
int i
Definition isn.c:77

References ACL_DAT, ACL_NUM, ACLITEM_GET_RIGHTS, check_acl(), fb(), i, PG_GETARG_ACL_P, PG_GETARG_ACLITEM_P, and PG_RETURN_BOOL.

◆ aclcopy()

Acl * aclcopy ( const Acl orig_acl)

Definition at line 458 of file acl.c.

459{
460 Acl *result_acl;
461
462 result_acl = allocacl(ACL_NUM(orig_acl));
463
464 memcpy(ACL_DAT(result_acl),
465 ACL_DAT(orig_acl),
466 ACL_NUM(orig_acl) * sizeof(AclItem));
467
468 return result_acl;
469}

References ACL_DAT, ACL_NUM, allocacl(), and fb().

Referenced by aclmerge(), ExecGrant_Relation(), and SetDefaultACL().

◆ acldefault()

Acl * acldefault ( ObjectType  objtype,
Oid  ownerId 
)

Definition at line 804 of file acl.c.

805{
806 AclMode world_default;
807 AclMode owner_default;
808 int nacl;
809 Acl *acl;
810 AclItem *aip;
811
812 switch (objtype)
813 {
814 case OBJECT_COLUMN:
815 /* by default, columns have no extra privileges */
816 world_default = ACL_NO_RIGHTS;
817 owner_default = ACL_NO_RIGHTS;
818 break;
819 case OBJECT_TABLE:
820 world_default = ACL_NO_RIGHTS;
821 owner_default = ACL_ALL_RIGHTS_RELATION;
822 break;
823 case OBJECT_SEQUENCE:
824 world_default = ACL_NO_RIGHTS;
825 owner_default = ACL_ALL_RIGHTS_SEQUENCE;
826 break;
827 case OBJECT_DATABASE:
828 /* for backwards compatibility, grant some rights by default */
829 world_default = ACL_CREATE_TEMP | ACL_CONNECT;
830 owner_default = ACL_ALL_RIGHTS_DATABASE;
831 break;
832 case OBJECT_FUNCTION:
833 /* Grant EXECUTE by default, for now */
834 world_default = ACL_EXECUTE;
835 owner_default = ACL_ALL_RIGHTS_FUNCTION;
836 break;
837 case OBJECT_LANGUAGE:
838 /* Grant USAGE by default, for now */
839 world_default = ACL_USAGE;
840 owner_default = ACL_ALL_RIGHTS_LANGUAGE;
841 break;
842 case OBJECT_LARGEOBJECT:
843 world_default = ACL_NO_RIGHTS;
844 owner_default = ACL_ALL_RIGHTS_LARGEOBJECT;
845 break;
846 case OBJECT_SCHEMA:
847 world_default = ACL_NO_RIGHTS;
848 owner_default = ACL_ALL_RIGHTS_SCHEMA;
849 break;
850 case OBJECT_TABLESPACE:
851 world_default = ACL_NO_RIGHTS;
852 owner_default = ACL_ALL_RIGHTS_TABLESPACE;
853 break;
854 case OBJECT_FDW:
855 world_default = ACL_NO_RIGHTS;
856 owner_default = ACL_ALL_RIGHTS_FDW;
857 break;
858 case OBJECT_FOREIGN_SERVER:
859 world_default = ACL_NO_RIGHTS;
860 owner_default = ACL_ALL_RIGHTS_FOREIGN_SERVER;
861 break;
862 case OBJECT_DOMAIN:
863 case OBJECT_TYPE:
864 world_default = ACL_USAGE;
865 owner_default = ACL_ALL_RIGHTS_TYPE;
866 break;
867 case OBJECT_PARAMETER_ACL:
868 world_default = ACL_NO_RIGHTS;
869 owner_default = ACL_ALL_RIGHTS_PARAMETER_ACL;
870 break;
871 default:
872 elog(ERROR, "unrecognized object type: %d", (int) objtype);
873 world_default = ACL_NO_RIGHTS; /* keep compiler quiet */
874 owner_default = ACL_NO_RIGHTS;
875 break;
876 }
877
878 nacl = 0;
879 if (world_default != ACL_NO_RIGHTS)
880 nacl++;
881 if (owner_default != ACL_NO_RIGHTS)
882 nacl++;
883
884 acl = allocacl(nacl);
885 aip = ACL_DAT(acl);
886
887 if (world_default != ACL_NO_RIGHTS)
888 {
889 aip->ai_grantee = ACL_ID_PUBLIC;
890 aip->ai_grantor = ownerId;
891 ACLITEM_SET_PRIVS_GOPTIONS(*aip, world_default, ACL_NO_RIGHTS);
892 aip++;
893 }
894
895 /*
896 * Note that the owner's entry shows all ordinary privileges but no grant
897 * options. This is because his grant options come "from the system" and
898 * not from his own efforts. (The SQL spec says that the owner's rights
899 * come from a "_SYSTEM" authid.) However, we do consider that the
900 * owner's ordinary privileges are self-granted; this lets him revoke
901 * them. We implement the owner's grant options without any explicit
902 * "_SYSTEM"-like ACL entry, by internally special-casing the owner
903 * wherever we are testing grant options.
904 */
905 if (owner_default != ACL_NO_RIGHTS)
906 {
907 aip->ai_grantee = ownerId;
908 aip->ai_grantor = ownerId;
909 ACLITEM_SET_PRIVS_GOPTIONS(*aip, owner_default, ACL_NO_RIGHTS);
910 }
911
912 return acl;
913}
ACL_ALL_RIGHTS_FOREIGN_SERVER
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
Definition acl.h:164
ACL_ALL_RIGHTS_TABLESPACE
#define ACL_ALL_RIGHTS_TABLESPACE
Definition acl.h:170
ACL_ALL_RIGHTS_PARAMETER_ACL
#define ACL_ALL_RIGHTS_PARAMETER_ACL
Definition acl.h:168
ACL_ALL_RIGHTS_SCHEMA
#define ACL_ALL_RIGHTS_SCHEMA
Definition acl.h:169
ACL_ALL_RIGHTS_SEQUENCE
#define ACL_ALL_RIGHTS_SEQUENCE
Definition acl.h:161
ACL_ALL_RIGHTS_DATABASE
#define ACL_ALL_RIGHTS_DATABASE
Definition acl.h:162
ACL_ALL_RIGHTS_FUNCTION
#define ACL_ALL_RIGHTS_FUNCTION
Definition acl.h:165
ACL_ALL_RIGHTS_LANGUAGE
#define ACL_ALL_RIGHTS_LANGUAGE
Definition acl.h:166
ACL_ALL_RIGHTS_TYPE
#define ACL_ALL_RIGHTS_TYPE
Definition acl.h:171
ACL_ALL_RIGHTS_FDW
#define ACL_ALL_RIGHTS_FDW
Definition acl.h:163
ACLITEM_SET_PRIVS_GOPTIONS
#define ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)
Definition acl.h:82
ACL_ALL_RIGHTS_RELATION
#define ACL_ALL_RIGHTS_RELATION
Definition acl.h:160
ACL_ID_PUBLIC
#define ACL_ID_PUBLIC
Definition acl.h:46
ACL_ALL_RIGHTS_LARGEOBJECT
#define ACL_ALL_RIGHTS_LARGEOBJECT
Definition acl.h:167
ERROR
#define ERROR
Definition elog.h:39
elog
#define elog(elevel,...)
Definition elog.h:226
ACL_CREATE_TEMP
#define ACL_CREATE_TEMP
Definition parsenodes.h:86
AclMode
uint64 AclMode
Definition parsenodes.h:74
ACL_USAGE
#define ACL_USAGE
Definition parsenodes.h:84
ACL_NO_RIGHTS
#define ACL_NO_RIGHTS
Definition parsenodes.h:92
OBJECT_FDW
@ OBJECT_FDW
Definition parsenodes.h:2370
OBJECT_SCHEMA
@ OBJECT_SCHEMA
Definition parsenodes.h:2390
OBJECT_DOMAIN
@ OBJECT_DOMAIN
Definition parsenodes.h:2366
OBJECT_COLUMN
@ OBJECT_COLUMN
Definition parsenodes.h:2360
OBJECT_TABLESPACE
@ OBJECT_TABLESPACE
Definition parsenodes.h:2396
OBJECT_LARGEOBJECT
@ OBJECT_LARGEOBJECT
Definition parsenodes.h:2376
OBJECT_DATABASE
@ OBJECT_DATABASE
Definition parsenodes.h:2363
OBJECT_SEQUENCE
@ OBJECT_SEQUENCE
Definition parsenodes.h:2391
OBJECT_LANGUAGE
@ OBJECT_LANGUAGE
Definition parsenodes.h:2375
OBJECT_FOREIGN_SERVER
@ OBJECT_FOREIGN_SERVER
Definition parsenodes.h:2371
OBJECT_TABLE
@ OBJECT_TABLE
Definition parsenodes.h:2395
OBJECT_PARAMETER_ACL
@ OBJECT_PARAMETER_ACL
Definition parsenodes.h:2381
OBJECT_TYPE
@ OBJECT_TYPE
Definition parsenodes.h:2403
OBJECT_FUNCTION
@ OBJECT_FUNCTION
Definition parsenodes.h:2373
ACL_CONNECT
#define ACL_CONNECT
Definition parsenodes.h:87
ACL_EXECUTE
#define ACL_EXECUTE
Definition parsenodes.h:83

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_LARGEOBJECT, ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, ACL_CONNECT, ACL_CREATE_TEMP, ACL_DAT, ACL_EXECUTE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, ACL_USAGE, ACLITEM_SET_PRIVS_GOPTIONS, allocacl(), elog, ERROR, fb(), OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, and OBJECT_TYPE.

Referenced by acldefault_sql(), buildDefaultACLCommands(), dumpACL(), dumpRoleGUCPrivs(), dumpTable(), dumpTablespaces(), ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), get_user_default_acl(), object_aclmask_ext(), pg_class_aclmask_ext(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask_ext(), pg_parameter_acl_aclmask(), pg_parameter_aclmask(), pg_type_aclmask_ext(), and SetDefaultACL().

◆ acldefault_sql()

Datum acldefault_sql ( PG_FUNCTION_ARGS  )

Definition at line 921 of file acl.c.

922{
923 char objtypec = PG_GETARG_CHAR(0);
924 Oid owner = PG_GETARG_OID(1);
925 ObjectType objtype = 0;
926
927 switch (objtypec)
928 {
929 case 'c':
930 objtype = OBJECT_COLUMN;
931 break;
932 case 'r':
933 objtype = OBJECT_TABLE;
934 break;
935 case 's':
936 objtype = OBJECT_SEQUENCE;
937 break;
938 case 'd':
939 objtype = OBJECT_DATABASE;
940 break;
941 case 'f':
942 objtype = OBJECT_FUNCTION;
943 break;
944 case 'l':
945 objtype = OBJECT_LANGUAGE;
946 break;
947 case 'L':
948 objtype = OBJECT_LARGEOBJECT;
949 break;
950 case 'n':
951 objtype = OBJECT_SCHEMA;
952 break;
953 case 'p':
954 objtype = OBJECT_PARAMETER_ACL;
955 break;
956 case 't':
957 objtype = OBJECT_TABLESPACE;
958 break;
959 case 'F':
960 objtype = OBJECT_FDW;
961 break;
962 case 'S':
963 objtype = OBJECT_FOREIGN_SERVER;
964 break;
965 case 'T':
966 objtype = OBJECT_TYPE;
967 break;
968 default:
969 elog(ERROR, "unrecognized object type abbreviation: %c", objtypec);
970 }
971
972 PG_RETURN_ACL_P(acldefault(objtype, owner));
973}
acldefault
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition acl.c:804
PG_RETURN_ACL_P
#define PG_RETURN_ACL_P(x)
Definition acl.h:124
PG_GETARG_OID
#define PG_GETARG_OID(n)
Definition fmgr.h:275
PG_GETARG_CHAR
#define PG_GETARG_CHAR(n)
Definition fmgr.h:273
ObjectType
ObjectType
Definition parsenodes.h:2353
Oid
unsigned int Oid
Definition postgres_ext.h:32

References acldefault(), elog, ERROR, fb(), OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, PG_GETARG_CHAR, PG_GETARG_OID, and PG_RETURN_ACL_P.

◆ aclequal()

bool aclequal ( const Acl left_acl,
const Acl right_acl 
)

Definition at line 560 of file acl.c.

561{
562 /* Check for cases where one or both are empty/null */
563 if (left_acl == NULL || ACL_NUM(left_acl) == 0)
564 {
565 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
566 return true;
567 else
568 return false;
569 }
570 else
571 {
572 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
573 return false;
574 }
575
576 if (ACL_NUM(left_acl) != ACL_NUM(right_acl))
577 return false;
578
579 if (memcmp(ACL_DAT(left_acl),
580 ACL_DAT(right_acl),
581 ACL_NUM(left_acl) * sizeof(AclItem)) == 0)
582 return true;
583
584 return false;
585}

References ACL_DAT, ACL_NUM, and fb().

Referenced by ExecGrant_Parameter(), get_user_default_acl(), and SetDefaultACL().

◆ aclexplode()

Datum aclexplode ( PG_FUNCTION_ARGS  )

Definition at line 1791 of file acl.c.

1792{
1793 Acl *acl = PG_GETARG_ACL_P(0);
1794 FuncCallContext *funcctx;
1795 int *idx;
1796 AclItem *aidat;
1797
1798 if (SRF_IS_FIRSTCALL())
1799 {
1800 TupleDesc tupdesc;
1801 MemoryContext oldcontext;
1802
1803 check_acl(acl);
1804
1805 funcctx = SRF_FIRSTCALL_INIT();
1806 oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
1807
1808 /*
1809 * build tupdesc for result tuples (matches out parameters in pg_proc
1810 * entry)
1811 */
1812 tupdesc = CreateTemplateTupleDesc(4);
1813 TupleDescInitEntry(tupdesc, (AttrNumber) 1, "grantor",
1814 OIDOID, -1, 0);
1815 TupleDescInitEntry(tupdesc, (AttrNumber) 2, "grantee",
1816 OIDOID, -1, 0);
1817 TupleDescInitEntry(tupdesc, (AttrNumber) 3, "privilege_type",
1818 TEXTOID, -1, 0);
1819 TupleDescInitEntry(tupdesc, (AttrNumber) 4, "is_grantable",
1820 BOOLOID, -1, 0);
1821
1822 funcctx->tuple_desc = BlessTupleDesc(tupdesc);
1823
1824 /* allocate memory for user context */
1825 idx = palloc_array(int, 2);
1826 idx[0] = 0; /* ACL array item index */
1827 idx[1] = -1; /* privilege type counter */
1828 funcctx->user_fctx = idx;
1829
1830 MemoryContextSwitchTo(oldcontext);
1831 }
1832
1833 funcctx = SRF_PERCALL_SETUP();
1834 idx = (int *) funcctx->user_fctx;
1835 aidat = ACL_DAT(acl);
1836
1837 /* need test here in case acl has no items */
1838 while (idx[0] < ACL_NUM(acl))
1839 {
1840 AclItem *aidata;
1841 AclMode priv_bit;
1842
1843 idx[1]++;
1844 if (idx[1] == N_ACL_RIGHTS)
1845 {
1846 idx[1] = 0;
1847 idx[0]++;
1848 if (idx[0] >= ACL_NUM(acl)) /* done */
1849 break;
1850 }
1851 aidata = &aidat[idx[0]];
1852 priv_bit = UINT64CONST(1) << idx[1];
1853
1854 if (ACLITEM_GET_PRIVS(*aidata) & priv_bit)
1855 {
1856 Datum result;
1857 Datum values[4];
1858 bool nulls[4] = {0};
1859 HeapTuple tuple;
1860
1861 values[0] = ObjectIdGetDatum(aidata->ai_grantor);
1862 values[1] = ObjectIdGetDatum(aidata->ai_grantee);
1863 values[2] = CStringGetTextDatum(convert_aclright_to_string(priv_bit));
1864 values[3] = BoolGetDatum((ACLITEM_GET_GOPTIONS(*aidata) & priv_bit) != 0);
1865
1866 tuple = heap_form_tuple(funcctx->tuple_desc, values, nulls);
1867 result = HeapTupleGetDatum(tuple);
1868
1869 SRF_RETURN_NEXT(funcctx, result);
1870 }
1871 }
1872
1873 SRF_RETURN_DONE(funcctx);
1874}
idx
Datum idx(PG_FUNCTION_ARGS)
Definition _int_op.c:262
convert_aclright_to_string
static const char * convert_aclright_to_string(int aclright)
Definition acl.c:1735
ACLITEM_GET_PRIVS
#define ACLITEM_GET_PRIVS(item)
Definition acl.h:66
ACLITEM_GET_GOPTIONS
#define ACLITEM_GET_GOPTIONS(item)
Definition acl.h:67
AttrNumber
int16 AttrNumber
Definition attnum.h:21
values
static Datum values[MAXATTR]
Definition bootstrap.c:155
CStringGetTextDatum
#define CStringGetTextDatum(s)
Definition builtins.h:98
UINT64CONST
#define UINT64CONST(x)
Definition c.h:561
BlessTupleDesc
TupleDesc BlessTupleDesc(TupleDesc tupdesc)
Definition execTuples.c:2260
palloc_array
#define palloc_array(type, count)
Definition fe_memutils.h:76
SRF_IS_FIRSTCALL
#define SRF_IS_FIRSTCALL()
Definition funcapi.h:304
SRF_PERCALL_SETUP
#define SRF_PERCALL_SETUP()
Definition funcapi.h:308
SRF_RETURN_NEXT
#define SRF_RETURN_NEXT(_funcctx, _result)
Definition funcapi.h:310
SRF_FIRSTCALL_INIT
#define SRF_FIRSTCALL_INIT()
Definition funcapi.h:306
HeapTupleGetDatum
static Datum HeapTupleGetDatum(const HeapTupleData *tuple)
Definition funcapi.h:230
SRF_RETURN_DONE
#define SRF_RETURN_DONE(_funcctx)
Definition funcapi.h:328
heap_form_tuple
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
Definition heaptuple.c:1117
MemoryContextSwitchTo
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition palloc.h:124
N_ACL_RIGHTS
#define N_ACL_RIGHTS
Definition parsenodes.h:91
BoolGetDatum
static Datum BoolGetDatum(bool X)
Definition postgres.h:112
ObjectIdGetDatum
static Datum ObjectIdGetDatum(Oid X)
Definition postgres.h:262
Datum
uint64_t Datum
Definition postgres.h:70
CreateTemplateTupleDesc
TupleDesc CreateTemplateTupleDesc(int natts)
Definition tupdesc.c:165
TupleDescInitEntry
void TupleDescInitEntry(TupleDesc desc, AttrNumber attributeNumber, const char *attributeName, Oid oidtypeid, int32 typmod, int attdim)
Definition tupdesc.c:825

References ACL_DAT, ACL_NUM, ACLITEM_GET_GOPTIONS, ACLITEM_GET_PRIVS, BlessTupleDesc(), BoolGetDatum(), check_acl(), convert_aclright_to_string(), CreateTemplateTupleDesc(), CStringGetTextDatum, fb(), heap_form_tuple(), HeapTupleGetDatum(), idx(), MemoryContextSwitchTo(), N_ACL_RIGHTS, ObjectIdGetDatum(), palloc_array, PG_GETARG_ACL_P, SRF_FIRSTCALL_INIT, SRF_IS_FIRSTCALL, SRF_PERCALL_SETUP, SRF_RETURN_DONE, SRF_RETURN_NEXT, TupleDescInitEntry(), UINT64CONST, and values.

◆ aclinsert()

Datum aclinsert ( PG_FUNCTION_ARGS  )

Definition at line 1593 of file acl.c.

1594{
1595 ereport(ERROR,
1596 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1597 errmsg("aclinsert is no longer supported")));
1598
1599 PG_RETURN_NULL(); /* keep compiler quiet */
1600}
errcode
int errcode(int sqlerrcode)
Definition elog.c:864
errmsg
int errmsg(const char *fmt,...)
Definition elog.c:1081
ereport
#define ereport(elevel,...)
Definition elog.h:150
PG_RETURN_NULL
#define PG_RETURN_NULL()
Definition fmgr.h:346

References ereport, errcode(), errmsg(), ERROR, fb(), and PG_RETURN_NULL.

◆ aclitem_eq()

Datum aclitem_eq ( PG_FUNCTION_ARGS  )

Definition at line 749 of file acl.c.

750{
751 AclItem *a1 = PG_GETARG_ACLITEM_P(0);
752 AclItem *a2 = PG_GETARG_ACLITEM_P(1);
753 bool result;
754
755 result = a1->ai_privs == a2->ai_privs &&
756 a1->ai_grantee == a2->ai_grantee &&
757 a1->ai_grantor == a2->ai_grantor;
758 PG_RETURN_BOOL(result);
759}
a1
static const FormData_pg_attribute a1
Definition heap.c:144
a2
static const FormData_pg_attribute a2
Definition heap.c:157

References a1, a2, PG_GETARG_ACLITEM_P, and PG_RETURN_BOOL.

◆ aclitem_match()

static bool aclitem_match ( const AclItem a1,
const AclItem a2 
)
static

Definition at line 714 of file acl.c.

715{
716 return a1->ai_grantee == a2->ai_grantee &&
717 a1->ai_grantor == a2->ai_grantor;
718}

References a1, and a2.

Referenced by aclnewowner(), and aclupdate().

◆ aclitemComparator()

static int aclitemComparator ( const void arg1,
const void arg2 
)
static

Definition at line 725 of file acl.c.

726{
727 const AclItem *a1 = (const AclItem *) arg1;
728 const AclItem *a2 = (const AclItem *) arg2;
729
730 if (a1->ai_grantee > a2->ai_grantee)
731 return 1;
732 if (a1->ai_grantee < a2->ai_grantee)
733 return -1;
734 if (a1->ai_grantor > a2->ai_grantor)
735 return 1;
736 if (a1->ai_grantor < a2->ai_grantor)
737 return -1;
738 if (a1->ai_privs > a2->ai_privs)
739 return 1;
740 if (a1->ai_privs < a2->ai_privs)
741 return -1;
742 return 0;
743}

References a1, a2, and fb().

Referenced by aclitemsort().

◆ aclitemin()

Datum aclitemin ( PG_FUNCTION_ARGS  )

Definition at line 616 of file acl.c.

617{
618 const char *s = PG_GETARG_CSTRING(0);
619 Node *escontext = fcinfo->context;
620 AclItem *aip;
621
622 aip = palloc_object(AclItem);
623
624 s = aclparse(s, aip, escontext);
625 if (s == NULL)
626 PG_RETURN_NULL();
627
628 while (isspace((unsigned char) *s))
629 ++s;
630 if (*s)
631 ereturn(escontext, (Datum) 0,
632 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
633 errmsg("extra garbage at the end of the ACL specification")));
634
635 PG_RETURN_ACLITEM_P(aip);
636}
aclparse
static const char * aclparse(const char *s, AclItem *aip, Node *escontext)
Definition acl.c:274
PG_RETURN_ACLITEM_P
#define PG_RETURN_ACLITEM_P(x)
Definition acl.h:118
ereturn
#define ereturn(context, dummy_value,...)
Definition elog.h:278
palloc_object
#define palloc_object(type)
Definition fe_memutils.h:74
PG_GETARG_CSTRING
#define PG_GETARG_CSTRING(n)
Definition fmgr.h:278
Node
Definition nodes.h:135

References aclparse(), ereturn, errcode(), errmsg(), fb(), palloc_object, PG_GETARG_CSTRING, PG_RETURN_ACLITEM_P, and PG_RETURN_NULL.

◆ aclitemout()

Datum aclitemout ( PG_FUNCTION_ARGS  )

Definition at line 647 of file acl.c.

648{
649 AclItem *aip = PG_GETARG_ACLITEM_P(0);
650 char *p;
651 char *out;
652 HeapTuple htup;
653 unsigned i;
654
655 out = palloc(strlen("=/") +
656 2 * N_ACL_RIGHTS +
657 2 * (2 * NAMEDATALEN + 2) +
658 1);
659
660 p = out;
661 *p = '\0';
662
663 if (aip->ai_grantee != ACL_ID_PUBLIC)
664 {
665 htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantee));
666 if (HeapTupleIsValid(htup))
667 {
668 putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
669 ReleaseSysCache(htup);
670 }
671 else
672 {
673 /* Generate numeric OID if we don't find an entry */
674 sprintf(p, "%u", aip->ai_grantee);
675 }
676 }
677 while (*p)
678 ++p;
679
680 *p++ = '=';
681
682 for (i = 0; i < N_ACL_RIGHTS; ++i)
683 {
684 if (ACLITEM_GET_PRIVS(*aip) & (UINT64CONST(1) << i))
685 *p++ = ACL_ALL_RIGHTS_STR[i];
686 if (ACLITEM_GET_GOPTIONS(*aip) & (UINT64CONST(1) << i))
687 *p++ = '*';
688 }
689
690 *p++ = '/';
691 *p = '\0';
692
693 htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantor));
694 if (HeapTupleIsValid(htup))
695 {
696 putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
697 ReleaseSysCache(htup);
698 }
699 else
700 {
701 /* Generate numeric OID if we don't find an entry */
702 sprintf(p, "%u", aip->ai_grantor);
703 }
704
705 PG_RETURN_CSTRING(out);
706}
putid
static void putid(char *p, const char *s)
Definition acl.c:222
ACL_ALL_RIGHTS_STR
#define ACL_ALL_RIGHTS_STR
Definition acl.h:154
NameStr
#define NameStr(name)
Definition c.h:765
PG_RETURN_CSTRING
#define PG_RETURN_CSTRING(x)
Definition fmgr.h:364
HeapTupleIsValid
#define HeapTupleIsValid(tuple)
Definition htup.h:78
GETSTRUCT
static void * GETSTRUCT(const HeapTupleData *tuple)
Definition htup_details.h:714
palloc
void * palloc(Size size)
Definition mcxt.c:1387
rolname
NameData rolname
Definition pg_authid.h:34
Form_pg_authid
FormData_pg_authid * Form_pg_authid
Definition pg_authid.h:56
NAMEDATALEN
#define NAMEDATALEN
Definition pg_config_manual.h:39
sprintf
#define sprintf
Definition port.h:262
ReleaseSysCache
void ReleaseSysCache(HeapTuple tuple)
Definition syscache.c:264
SearchSysCache1
HeapTuple SearchSysCache1(SysCacheIdentifier cacheId, Datum key1)
Definition syscache.c:220

References ACL_ALL_RIGHTS_STR, ACL_ID_PUBLIC, ACLITEM_GET_GOPTIONS, ACLITEM_GET_PRIVS, fb(), GETSTRUCT(), HeapTupleIsValid, i, N_ACL_RIGHTS, NAMEDATALEN, NameStr, ObjectIdGetDatum(), palloc(), PG_GETARG_ACLITEM_P, PG_RETURN_CSTRING, putid(), ReleaseSysCache(), rolname, SearchSysCache1(), sprintf, and UINT64CONST.

◆ aclitemsort()

void aclitemsort ( Acl acl)

Definition at line 546 of file acl.c.

547{
548 if (acl != NULL && ACL_NUM(acl) > 1)
549 qsort(ACL_DAT(acl), ACL_NUM(acl), sizeof(AclItem), aclitemComparator);
550}
aclitemComparator
static int aclitemComparator(const void *arg1, const void *arg2)
Definition acl.c:725
qsort
#define qsort(a, b, c, d)
Definition port.h:495

References ACL_DAT, ACL_NUM, aclitemComparator(), fb(), and qsort.

Referenced by get_user_default_acl(), and SetDefaultACL().

◆ aclmask()

AclMode aclmask ( const Acl acl,
Oid  roleid,
Oid  ownerId,
AclMode  mask,
AclMaskHow  how 
)

Definition at line 1389 of file acl.c.

1391{
1392 AclMode result;
1393 AclMode remaining;
1394 AclItem *aidat;
1395 int i,
1396 num;
1397
1398 /*
1399 * Null ACL should not happen, since caller should have inserted
1400 * appropriate default
1401 */
1402 if (acl == NULL)
1403 elog(ERROR, "null ACL");
1404
1405 check_acl(acl);
1406
1407 /* Quick exit for mask == 0 */
1408 if (mask == 0)
1409 return 0;
1410
1411 result = 0;
1412
1413 /* Owner always implicitly has all grant options */
1414 if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1415 has_privs_of_role(roleid, ownerId))
1416 {
1417 result = mask & ACLITEM_ALL_GOPTION_BITS;
1418 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1419 return result;
1420 }
1421
1422 num = ACL_NUM(acl);
1423 aidat = ACL_DAT(acl);
1424
1425 /*
1426 * Check privileges granted directly to roleid or to public
1427 */
1428 for (i = 0; i < num; i++)
1429 {
1430 AclItem *aidata = &aidat[i];
1431
1432 if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1433 aidata->ai_grantee == roleid)
1434 {
1435 result |= aidata->ai_privs & mask;
1436 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1437 return result;
1438 }
1439 }
1440
1441 /*
1442 * Check privileges granted indirectly via role memberships. We do this in
1443 * a separate pass to minimize expensive indirect membership tests. In
1444 * particular, it's worth testing whether a given ACL entry grants any
1445 * privileges still of interest before we perform the has_privs_of_role
1446 * test.
1447 */
1448 remaining = mask & ~result;
1449 for (i = 0; i < num; i++)
1450 {
1451 AclItem *aidata = &aidat[i];
1452
1453 if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1454 aidata->ai_grantee == roleid)
1455 continue; /* already checked it */
1456
1457 if ((aidata->ai_privs & remaining) &&
1458 has_privs_of_role(roleid, aidata->ai_grantee))
1459 {
1460 result |= aidata->ai_privs & mask;
1461 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1462 return result;
1463 remaining = mask & ~result;
1464 }
1465 }
1466
1467 return result;
1468}
has_privs_of_role
bool has_privs_of_role(Oid member, Oid role)
Definition acl.c:5286
ACLITEM_ALL_GOPTION_BITS
#define ACLITEM_ALL_GOPTION_BITS
Definition acl.h:88
ACLMASK_ALL
@ ACLMASK_ALL
Definition acl.h:176
remaining
int remaining
Definition informix.c:692
AclItem::ai_privs
AclMode ai_privs
Definition acl.h:58

References ACL_DAT, ACL_ID_PUBLIC, ACL_NUM, ACLITEM_ALL_GOPTION_BITS, ACLMASK_ALL, AclItem::ai_privs, check_acl(), elog, ERROR, fb(), has_privs_of_role(), i, and remaining.

Referenced by check_circularity(), LockTableAclCheck(), object_aclmask_ext(), pg_attribute_aclcheck_all_ext(), pg_attribute_aclmask_ext(), pg_class_aclmask_ext(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask_ext(), pg_parameter_acl_aclmask(), pg_parameter_aclmask(), pg_type_aclmask_ext(), and recursive_revoke().

◆ aclmask_direct()

static AclMode aclmask_direct ( const Acl acl,
Oid  roleid,
Oid  ownerId,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 1478 of file acl.c.

1480{
1481 AclMode result;
1482 AclItem *aidat;
1483 int i,
1484 num;
1485
1486 /*
1487 * Null ACL should not happen, since caller should have inserted
1488 * appropriate default
1489 */
1490 if (acl == NULL)
1491 elog(ERROR, "null ACL");
1492
1493 check_acl(acl);
1494
1495 /* Quick exit for mask == 0 */
1496 if (mask == 0)
1497 return 0;
1498
1499 result = 0;
1500
1501 /* Owner always implicitly has all grant options */
1502 if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1503 roleid == ownerId)
1504 {
1505 result = mask & ACLITEM_ALL_GOPTION_BITS;
1506 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1507 return result;
1508 }
1509
1510 num = ACL_NUM(acl);
1511 aidat = ACL_DAT(acl);
1512
1513 /*
1514 * Check privileges granted directly to roleid (and not to public)
1515 */
1516 for (i = 0; i < num; i++)
1517 {
1518 AclItem *aidata = &aidat[i];
1519
1520 if (aidata->ai_grantee == roleid)
1521 {
1522 result |= aidata->ai_privs & mask;
1523 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1524 return result;
1525 }
1526 }
1527
1528 return result;
1529}

References ACL_DAT, ACL_NUM, ACLITEM_ALL_GOPTION_BITS, ACLMASK_ALL, AclItem::ai_privs, check_acl(), elog, ERROR, fb(), and i.

Referenced by select_best_grantor().

◆ aclmembers()

int aclmembers ( const Acl acl,
Oid **  roleids 
)

Definition at line 1541 of file acl.c.

1542{
1543 Oid *list;
1544 const AclItem *acldat;
1545 int i,
1546 j;
1547
1548 if (acl == NULL || ACL_NUM(acl) == 0)
1549 {
1550 *roleids = NULL;
1551 return 0;
1552 }
1553
1554 check_acl(acl);
1555
1556 /* Allocate the worst-case space requirement */
1557 list = palloc(ACL_NUM(acl) * 2 * sizeof(Oid));
1558 acldat = ACL_DAT(acl);
1559
1560 /*
1561 * Walk the ACL collecting mentioned RoleIds.
1562 */
1563 j = 0;
1564 for (i = 0; i < ACL_NUM(acl); i++)
1565 {
1566 const AclItem *ai = &acldat[i];
1567
1568 if (ai->ai_grantee != ACL_ID_PUBLIC)
1569 list[j++] = ai->ai_grantee;
1570 /* grantor is currently never PUBLIC, but let's check anyway */
1571 if (ai->ai_grantor != ACL_ID_PUBLIC)
1572 list[j++] = ai->ai_grantor;
1573 }
1574
1575 /* Sort the array */
1576 qsort(list, j, sizeof(Oid), oid_cmp);
1577
1578 /*
1579 * We could repalloc the array down to minimum size, but it's hardly worth
1580 * it since it's only transient memory.
1581 */
1582 *roleids = list;
1583
1584 /* Remove duplicates from the array */
1585 return qunique(list, j, sizeof(Oid), oid_cmp);
1586}
j
int j
Definition isn.c:78
oid_cmp
int oid_cmp(const void *p1, const void *p2)
Definition oid.c:287
qunique
static size_t qunique(void *array, size_t elements, size_t width, int(*compare)(const void *, const void *))
Definition qunique.h:21

References ACL_DAT, ACL_ID_PUBLIC, ACL_NUM, check_acl(), fb(), i, j, oid_cmp(), palloc(), qsort, and qunique().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), recordDependencyOnNewAcl(), recordExtensionInitPrivWorker(), RemoveRoleFromInitPriv(), ReplaceRoleInInitPriv(), and SetDefaultACL().

◆ aclmerge()

Acl * aclmerge ( const Acl left_acl,
const Acl right_acl,
Oid  ownerId 
)

Definition at line 502 of file acl.c.

503{
504 Acl *result_acl;
505 AclItem *aip;
506 int i,
507 num;
508
509 /* Check for cases where one or both are empty/null */
510 if (left_acl == NULL || ACL_NUM(left_acl) == 0)
511 {
512 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
513 return NULL;
514 else
515 return aclcopy(right_acl);
516 }
517 else
518 {
519 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
520 return aclcopy(left_acl);
521 }
522
523 /* Merge them the hard way, one item at a time */
524 result_acl = aclcopy(left_acl);
525
526 aip = ACL_DAT(right_acl);
527 num = ACL_NUM(right_acl);
528
529 for (i = 0; i < num; i++, aip++)
530 {
531 Acl *tmp_acl;
532
533 tmp_acl = aclupdate(result_acl, aip, ACL_MODECHG_ADD,
534 ownerId, DROP_RESTRICT);
535 pfree(result_acl);
536 result_acl = tmp_acl;
537 }
538
539 return result_acl;
540}
aclupdate
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
Definition acl.c:993
aclcopy
Acl * aclcopy(const Acl *orig_acl)
Definition acl.c:458
ACL_MODECHG_ADD
#define ACL_MODECHG_ADD
Definition acl.h:129
pfree
void pfree(void *pointer)
Definition mcxt.c:1616
DROP_RESTRICT
@ DROP_RESTRICT
Definition parsenodes.h:2427

References ACL_DAT, ACL_MODECHG_ADD, ACL_NUM, aclcopy(), aclupdate(), DROP_RESTRICT, fb(), i, and pfree().

Referenced by get_user_default_acl().

◆ aclnewowner()

Acl * aclnewowner ( const Acl old_acl,
Oid  oldOwnerId,
Oid  newOwnerId 
)

Definition at line 1120 of file acl.c.

1121{
1122 Acl *new_acl;
1123 AclItem *new_aip;
1124 AclItem *old_aip;
1125 AclItem *dst_aip;
1126 AclItem *src_aip;
1127 AclItem *targ_aip;
1128 bool newpresent = false;
1129 int dst,
1130 src,
1131 targ,
1132 num;
1133
1134 check_acl(old_acl);
1135
1136 /*
1137 * Make a copy of the given ACL, substituting new owner ID for old
1138 * wherever it appears as either grantor or grantee. Also note if the new
1139 * owner ID is already present.
1140 */
1141 num = ACL_NUM(old_acl);
1142 old_aip = ACL_DAT(old_acl);
1143 new_acl = allocacl(num);
1144 new_aip = ACL_DAT(new_acl);
1145 memcpy(new_aip, old_aip, num * sizeof(AclItem));
1146 for (dst = 0, dst_aip = new_aip; dst < num; dst++, dst_aip++)
1147 {
1148 if (dst_aip->ai_grantor == oldOwnerId)
1149 dst_aip->ai_grantor = newOwnerId;
1150 else if (dst_aip->ai_grantor == newOwnerId)
1151 newpresent = true;
1152 if (dst_aip->ai_grantee == oldOwnerId)
1153 dst_aip->ai_grantee = newOwnerId;
1154 else if (dst_aip->ai_grantee == newOwnerId)
1155 newpresent = true;
1156 }
1157
1158 /*
1159 * If the old ACL contained any references to the new owner, then we may
1160 * now have generated an ACL containing duplicate entries. Find them and
1161 * merge them so that there are not duplicates. (This is relatively
1162 * expensive since we use a stupid O(N^2) algorithm, but it's unlikely to
1163 * be the normal case.)
1164 *
1165 * To simplify deletion of duplicate entries, we temporarily leave them in
1166 * the array but set their privilege masks to zero; when we reach such an
1167 * entry it's just skipped. (Thus, a side effect of this code will be to
1168 * remove privilege-free entries, should there be any in the input.) dst
1169 * is the next output slot, targ is the currently considered input slot
1170 * (always >= dst), and src scans entries to the right of targ looking for
1171 * duplicates. Once an entry has been emitted to dst it is known
1172 * duplicate-free and need not be considered anymore.
1173 */
1174 if (newpresent)
1175 {
1176 dst = 0;
1177 for (targ = 0, targ_aip = new_aip; targ < num; targ++, targ_aip++)
1178 {
1179 /* ignore if deleted in an earlier pass */
1180 if (ACLITEM_GET_RIGHTS(*targ_aip) == ACL_NO_RIGHTS)
1181 continue;
1182 /* find and merge any duplicates */
1183 for (src = targ + 1, src_aip = targ_aip + 1; src < num;
1184 src++, src_aip++)
1185 {
1186 if (ACLITEM_GET_RIGHTS(*src_aip) == ACL_NO_RIGHTS)
1187 continue;
1188 if (aclitem_match(targ_aip, src_aip))
1189 {
1190 ACLITEM_SET_RIGHTS(*targ_aip,
1191 ACLITEM_GET_RIGHTS(*targ_aip) |
1192 ACLITEM_GET_RIGHTS(*src_aip));
1193 /* mark the duplicate deleted */
1194 ACLITEM_SET_RIGHTS(*src_aip, ACL_NO_RIGHTS);
1195 }
1196 }
1197 /* and emit to output */
1198 new_aip[dst] = *targ_aip;
1199 dst++;
1200 }
1201 /* Adjust array size to be 'dst' items */
1202 ARR_DIMS(new_acl)[0] = dst;
1203 SET_VARSIZE(new_acl, ACL_N_SIZE(dst));
1204 }
1205
1206 return new_acl;
1207}
aclitem_match
static bool aclitem_match(const AclItem *a1, const AclItem *a2)
Definition acl.c:714
ACL_N_SIZE
#define ACL_N_SIZE(N)
Definition acl.h:110
ACLITEM_SET_RIGHTS
#define ACLITEM_SET_RIGHTS(item, rights)
Definition acl.h:79
ARR_DIMS
#define ARR_DIMS(a)
Definition array.h:294
SET_VARSIZE
static void SET_VARSIZE(void *PTR, Size len)
Definition varatt.h:432

References ACL_DAT, ACL_N_SIZE, ACL_NO_RIGHTS, ACL_NUM, ACLITEM_GET_RIGHTS, aclitem_match(), ACLITEM_SET_RIGHTS, allocacl(), ARR_DIMS, check_acl(), fb(), and SET_VARSIZE().

Referenced by AlterDatabaseOwner(), AlterForeignDataWrapperOwner_internal(), AlterForeignServerOwner_internal(), AlterObjectOwner_internal(), AlterSchemaOwner_internal(), AlterTypeOwnerInternal(), ATExecChangeOwner(), change_owner_fix_column_acls(), and ReplaceRoleInInitPriv().

◆ aclparse()

static const char * aclparse ( const char s,
AclItem aip,
Node escontext 
)
static

Definition at line 274 of file acl.c.

275{
276 AclMode privs,
277 goption,
278 read;
279 char name[NAMEDATALEN];
280 char name2[NAMEDATALEN];
281
282 Assert(s && aip);
283
284 s = getid(s, name, escontext);
285 if (s == NULL)
286 return NULL;
287 if (*s != '=')
288 {
289 /* we just read a keyword, not a name */
290 if (strcmp(name, "group") != 0 && strcmp(name, "user") != 0)
291 ereturn(escontext, NULL,
292 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
293 errmsg("unrecognized key word: \"%s\"", name),
294 errhint("ACL key word must be \"group\" or \"user\".")));
295 /* move s to the name beyond the keyword */
296 s = getid(s, name, escontext);
297 if (s == NULL)
298 return NULL;
299 if (name[0] == '\0')
300 ereturn(escontext, NULL,
301 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
302 errmsg("missing name"),
303 errhint("A name must follow the \"group\" or \"user\" key word.")));
304 }
305
306 if (*s != '=')
307 ereturn(escontext, NULL,
308 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
309 errmsg("missing \"=\" sign")));
310
311 privs = goption = ACL_NO_RIGHTS;
312
313 for (++s, read = 0; isalpha((unsigned char) *s) || *s == '*'; s++)
314 {
315 switch (*s)
316 {
317 case '*':
318 goption |= read;
319 break;
320 case ACL_INSERT_CHR:
321 read = ACL_INSERT;
322 break;
323 case ACL_SELECT_CHR:
324 read = ACL_SELECT;
325 break;
326 case ACL_UPDATE_CHR:
327 read = ACL_UPDATE;
328 break;
329 case ACL_DELETE_CHR:
330 read = ACL_DELETE;
331 break;
332 case ACL_TRUNCATE_CHR:
333 read = ACL_TRUNCATE;
334 break;
335 case ACL_REFERENCES_CHR:
336 read = ACL_REFERENCES;
337 break;
338 case ACL_TRIGGER_CHR:
339 read = ACL_TRIGGER;
340 break;
341 case ACL_EXECUTE_CHR:
342 read = ACL_EXECUTE;
343 break;
344 case ACL_USAGE_CHR:
345 read = ACL_USAGE;
346 break;
347 case ACL_CREATE_CHR:
348 read = ACL_CREATE;
349 break;
350 case ACL_CREATE_TEMP_CHR:
351 read = ACL_CREATE_TEMP;
352 break;
353 case ACL_CONNECT_CHR:
354 read = ACL_CONNECT;
355 break;
356 case ACL_SET_CHR:
357 read = ACL_SET;
358 break;
359 case ACL_ALTER_SYSTEM_CHR:
360 read = ACL_ALTER_SYSTEM;
361 break;
362 case ACL_MAINTAIN_CHR:
363 read = ACL_MAINTAIN;
364 break;
365 default:
366 ereturn(escontext, NULL,
367 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
368 errmsg("invalid mode character: must be one of \"%s\"",
369 ACL_ALL_RIGHTS_STR)));
370 }
371
372 privs |= read;
373 }
374
375 if (name[0] == '\0')
376 aip->ai_grantee = ACL_ID_PUBLIC;
377 else
378 {
379 aip->ai_grantee = get_role_oid(name, true);
380 if (!OidIsValid(aip->ai_grantee))
381 ereturn(escontext, NULL,
382 (errcode(ERRCODE_UNDEFINED_OBJECT),
383 errmsg("role \"%s\" does not exist", name)));
384 }
385
386 /*
387 * XXX Allow a degree of backward compatibility by defaulting the grantor
388 * to the superuser.
389 */
390 if (*s == '/')
391 {
392 s = getid(s + 1, name2, escontext);
393 if (s == NULL)
394 return NULL;
395 if (name2[0] == '\0')
396 ereturn(escontext, NULL,
397 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
398 errmsg("a name must follow the \"/\" sign")));
399 aip->ai_grantor = get_role_oid(name2, true);
400 if (!OidIsValid(aip->ai_grantor))
401 ereturn(escontext, NULL,
402 (errcode(ERRCODE_UNDEFINED_OBJECT),
403 errmsg("role \"%s\" does not exist", name2)));
404 }
405 else
406 {
407 aip->ai_grantor = BOOTSTRAP_SUPERUSERID;
408 ereport(WARNING,
409 (errcode(ERRCODE_INVALID_GRANTOR),
410 errmsg("defaulting grantor to user ID %u",
411 BOOTSTRAP_SUPERUSERID)));
412 }
413
414 ACLITEM_SET_PRIVS_GOPTIONS(*aip, privs, goption);
415
416 return s;
417}
getid
static const char * getid(const char *s, char *n, Node *escontext)
Definition acl.c:169
get_role_oid
Oid get_role_oid(const char *rolname, bool missing_ok)
Definition acl.c:5554
ACL_CREATE_CHR
#define ACL_CREATE_CHR
Definition acl.h:146
ACL_SET_CHR
#define ACL_SET_CHR
Definition acl.h:149
ACL_REFERENCES_CHR
#define ACL_REFERENCES_CHR
Definition acl.h:142
ACL_TRUNCATE_CHR
#define ACL_TRUNCATE_CHR
Definition acl.h:141
ACL_SELECT_CHR
#define ACL_SELECT_CHR
Definition acl.h:138
ACL_EXECUTE_CHR
#define ACL_EXECUTE_CHR
Definition acl.h:144
ACL_DELETE_CHR
#define ACL_DELETE_CHR
Definition acl.h:140
ACL_INSERT_CHR
#define ACL_INSERT_CHR
Definition acl.h:137
ACL_UPDATE_CHR
#define ACL_UPDATE_CHR
Definition acl.h:139
ACL_ALTER_SYSTEM_CHR
#define ACL_ALTER_SYSTEM_CHR
Definition acl.h:150
ACL_USAGE_CHR
#define ACL_USAGE_CHR
Definition acl.h:145
ACL_CONNECT_CHR
#define ACL_CONNECT_CHR
Definition acl.h:148
ACL_TRIGGER_CHR
#define ACL_TRIGGER_CHR
Definition acl.h:143
ACL_CREATE_TEMP_CHR
#define ACL_CREATE_TEMP_CHR
Definition acl.h:147
ACL_MAINTAIN_CHR
#define ACL_MAINTAIN_CHR
Definition acl.h:151
Assert
#define Assert(condition)
Definition c.h:873
OidIsValid
#define OidIsValid(objectId)
Definition c.h:788
errhint
int errhint(const char *fmt,...)
Definition elog.c:1331
WARNING
#define WARNING
Definition elog.h:36
read
#define read(a, b, c)
Definition win32.h:13
ACL_SET
#define ACL_SET
Definition parsenodes.h:88
ACL_DELETE
#define ACL_DELETE
Definition parsenodes.h:79
ACL_MAINTAIN
#define ACL_MAINTAIN
Definition parsenodes.h:90
ACL_INSERT
#define ACL_INSERT
Definition parsenodes.h:76
ACL_UPDATE
#define ACL_UPDATE
Definition parsenodes.h:78
ACL_ALTER_SYSTEM
#define ACL_ALTER_SYSTEM
Definition parsenodes.h:89
ACL_REFERENCES
#define ACL_REFERENCES
Definition parsenodes.h:81
ACL_SELECT
#define ACL_SELECT
Definition parsenodes.h:77
ACL_TRUNCATE
#define ACL_TRUNCATE
Definition parsenodes.h:80
ACL_CREATE
#define ACL_CREATE
Definition parsenodes.h:85
ACL_TRIGGER
#define ACL_TRIGGER
Definition parsenodes.h:82
name
const char * name
Definition wait_event_funcs.c:28

References ACL_ALL_RIGHTS_STR, ACL_ALTER_SYSTEM, ACL_ALTER_SYSTEM_CHR, ACL_CONNECT, ACL_CONNECT_CHR, ACL_CREATE, ACL_CREATE_CHR, ACL_CREATE_TEMP, ACL_CREATE_TEMP_CHR, ACL_DELETE, ACL_DELETE_CHR, ACL_EXECUTE, ACL_EXECUTE_CHR, ACL_ID_PUBLIC, ACL_INSERT, ACL_INSERT_CHR, ACL_MAINTAIN, ACL_MAINTAIN_CHR, ACL_NO_RIGHTS, ACL_REFERENCES, ACL_REFERENCES_CHR, ACL_SELECT, ACL_SELECT_CHR, ACL_SET, ACL_SET_CHR, ACL_TRIGGER, ACL_TRIGGER_CHR, ACL_TRUNCATE, ACL_TRUNCATE_CHR, ACL_UPDATE, ACL_UPDATE_CHR, ACL_USAGE, ACL_USAGE_CHR, ACLITEM_SET_PRIVS_GOPTIONS, Assert, ereport, ereturn, errcode(), errhint(), errmsg(), fb(), get_role_oid(), getid(), name, NAMEDATALEN, OidIsValid, read, and WARNING.

Referenced by aclitemin().

◆ aclremove()

Datum aclremove ( PG_FUNCTION_ARGS  )

Definition at line 1603 of file acl.c.

1604{
1605 ereport(ERROR,
1606 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1607 errmsg("aclremove is no longer supported")));
1608
1609 PG_RETURN_NULL(); /* keep compiler quiet */
1610}

References ereport, errcode(), errmsg(), ERROR, fb(), and PG_RETURN_NULL.

◆ aclupdate()

Acl * aclupdate ( const Acl old_acl,
const AclItem mod_aip,
int  modechg,
Oid  ownerId,
DropBehavior  behavior 
)

Definition at line 993 of file acl.c.

995{
996 Acl *new_acl = NULL;
997 AclItem *old_aip,
998 *new_aip = NULL;
999 AclMode old_rights,
1000 old_goptions,
1001 new_rights,
1002 new_goptions;
1003 int dst,
1004 num;
1005
1006 /* Caller probably already checked old_acl, but be safe */
1007 check_acl(old_acl);
1008
1009 /* If granting grant options, check for circularity */
1010 if (modechg != ACL_MODECHG_DEL &&
1011 ACLITEM_GET_GOPTIONS(*mod_aip) != ACL_NO_RIGHTS)
1012 check_circularity(old_acl, mod_aip, ownerId);
1013
1014 num = ACL_NUM(old_acl);
1015 old_aip = ACL_DAT(old_acl);
1016
1017 /*
1018 * Search the ACL for an existing entry for this grantee and grantor. If
1019 * one exists, just modify the entry in-place (well, in the same position,
1020 * since we actually return a copy); otherwise, insert the new entry at
1021 * the end.
1022 */
1023
1024 for (dst = 0; dst < num; ++dst)
1025 {
1026 if (aclitem_match(mod_aip, old_aip + dst))
1027 {
1028 /* found a match, so modify existing item */
1029 new_acl = allocacl(num);
1030 new_aip = ACL_DAT(new_acl);
1031 memcpy(new_acl, old_acl, ACL_SIZE(old_acl));
1032 break;
1033 }
1034 }
1035
1036 if (dst == num)
1037 {
1038 /* need to append a new item */
1039 new_acl = allocacl(num + 1);
1040 new_aip = ACL_DAT(new_acl);
1041 memcpy(new_aip, old_aip, num * sizeof(AclItem));
1042
1043 /* initialize the new entry with no permissions */
1044 new_aip[dst].ai_grantee = mod_aip->ai_grantee;
1045 new_aip[dst].ai_grantor = mod_aip->ai_grantor;
1046 ACLITEM_SET_PRIVS_GOPTIONS(new_aip[dst],
1047 ACL_NO_RIGHTS, ACL_NO_RIGHTS);
1048 num++; /* set num to the size of new_acl */
1049 }
1050
1051 old_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
1052 old_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
1053
1054 /* apply the specified permissions change */
1055 switch (modechg)
1056 {
1057 case ACL_MODECHG_ADD:
1058 ACLITEM_SET_RIGHTS(new_aip[dst],
1059 old_rights | ACLITEM_GET_RIGHTS(*mod_aip));
1060 break;
1061 case ACL_MODECHG_DEL:
1062 ACLITEM_SET_RIGHTS(new_aip[dst],
1063 old_rights & ~ACLITEM_GET_RIGHTS(*mod_aip));
1064 break;
1065 case ACL_MODECHG_EQL:
1066 ACLITEM_SET_RIGHTS(new_aip[dst],
1067 ACLITEM_GET_RIGHTS(*mod_aip));
1068 break;
1069 }
1070
1071 new_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
1072 new_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
1073
1074 /*
1075 * If the adjusted entry has no permissions, delete it from the list.
1076 */
1077 if (new_rights == ACL_NO_RIGHTS)
1078 {
1079 memmove(new_aip + dst,
1080 new_aip + dst + 1,
1081 (num - dst - 1) * sizeof(AclItem));
1082 /* Adjust array size to be 'num - 1' items */
1083 ARR_DIMS(new_acl)[0] = num - 1;
1084 SET_VARSIZE(new_acl, ACL_N_SIZE(num - 1));
1085 }
1086
1087 /*
1088 * Remove abandoned privileges (cascading revoke). Currently we can only
1089 * handle this when the grantee is not PUBLIC.
1090 */
1091 if ((old_goptions & ~new_goptions) != 0)
1092 {
1093 Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1094 new_acl = recursive_revoke(new_acl, mod_aip->ai_grantee,
1095 (old_goptions & ~new_goptions),
1096 ownerId, behavior);
1097 }
1098
1099 return new_acl;
1100}
recursive_revoke
static Acl * recursive_revoke(Acl *acl, Oid grantee, AclMode revoke_privs, Oid ownerId, DropBehavior behavior)
Definition acl.c:1303
check_circularity
static void check_circularity(const Acl *old_acl, const AclItem *mod_aip, Oid ownerId)
Definition acl.c:1223
ACL_SIZE
#define ACL_SIZE(ACL)
Definition acl.h:111
ACL_MODECHG_DEL
#define ACL_MODECHG_DEL
Definition acl.h:130
ACL_MODECHG_EQL
#define ACL_MODECHG_EQL
Definition acl.h:131

References ACL_DAT, ACL_ID_PUBLIC, ACL_MODECHG_ADD, ACL_MODECHG_DEL, ACL_MODECHG_EQL, ACL_N_SIZE, ACL_NO_RIGHTS, ACL_NUM, ACL_SIZE, ACLITEM_GET_GOPTIONS, ACLITEM_GET_RIGHTS, aclitem_match(), ACLITEM_SET_PRIVS_GOPTIONS, ACLITEM_SET_RIGHTS, allocacl(), ARR_DIMS, Assert, check_acl(), check_circularity(), fb(), recursive_revoke(), and SET_VARSIZE().

Referenced by aclmerge(), check_circularity(), merge_acl_with_grant(), and recursive_revoke().

◆ allocacl()

static Acl * allocacl ( int  n)
static

Definition at line 427 of file acl.c.

428{
429 Acl *new_acl;
430 Size size;
431
432 if (n < 0)
433 elog(ERROR, "invalid size: %d", n);
434 size = ACL_N_SIZE(n);
435 new_acl = (Acl *) palloc0(size);
436 SET_VARSIZE(new_acl, size);
437 new_acl->ndim = 1;
438 new_acl->dataoffset = 0; /* we never put in any nulls */
439 new_acl->elemtype = ACLITEMOID;
440 ARR_LBOUND(new_acl)[0] = 1;
441 ARR_DIMS(new_acl)[0] = n;
442 return new_acl;
443}
ARR_LBOUND
#define ARR_LBOUND(a)
Definition array.h:296
Size
size_t Size
Definition c.h:619
palloc0
void * palloc0(Size size)
Definition mcxt.c:1417

References ACL_N_SIZE, ARR_DIMS, ARR_LBOUND, elog, ERROR, fb(), palloc0(), and SET_VARSIZE().

Referenced by aclconcat(), aclcopy(), acldefault(), aclnewowner(), aclupdate(), check_circularity(), and make_empty_acl().

◆ check_acl()

static void check_acl ( const Acl acl)
static

Definition at line 591 of file acl.c.

592{
593 if (ARR_ELEMTYPE(acl) != ACLITEMOID)
594 ereport(ERROR,
595 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
596 errmsg("ACL array contains wrong data type")));
597 if (ARR_NDIM(acl) != 1)
598 ereport(ERROR,
599 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
600 errmsg("ACL arrays must be one-dimensional")));
601 if (ARR_HASNULL(acl))
602 ereport(ERROR,
603 (errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED),
604 errmsg("ACL arrays must not contain null values")));
605}
ARR_NDIM
#define ARR_NDIM(a)
Definition array.h:290
ARR_ELEMTYPE
#define ARR_ELEMTYPE(a)
Definition array.h:292
ARR_HASNULL
#define ARR_HASNULL(a)
Definition array.h:291

References ARR_ELEMTYPE, ARR_HASNULL, ARR_NDIM, ereport, errcode(), errmsg(), ERROR, and fb().

Referenced by aclcontains(), aclexplode(), aclmask(), aclmask_direct(), aclmembers(), aclnewowner(), aclupdate(), check_circularity(), and recursive_revoke().

◆ check_can_set_role()

void check_can_set_role ( Oid  member,
Oid  role 
)

Definition at line 5343 of file acl.c.

5344{
5345 if (!member_can_set_role(member, role))
5346 ereport(ERROR,
5347 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
5348 errmsg("must be able to SET ROLE \"%s\"",
5349 GetUserNameFromId(role, false))));
5350}
member_can_set_role
bool member_can_set_role(Oid member, Oid role)
Definition acl.c:5320
GetUserNameFromId
char * GetUserNameFromId(Oid roleid, bool noerr)
Definition miscinit.c:988

References ereport, errcode(), errmsg(), ERROR, fb(), GetUserNameFromId(), and member_can_set_role().

Referenced by AlterDatabaseOwner(), AlterForeignServerOwner_internal(), AlterObjectOwner_internal(), AlterPublicationOwner_internal(), AlterSchemaOwner_internal(), AlterSubscriptionOwner_internal(), AlterTypeOwner(), ATExecChangeOwner(), createdb(), and CreateSchemaCommand().

◆ check_circularity()

static void check_circularity ( const Acl old_acl,
const AclItem mod_aip,
Oid  ownerId 
)
static

Definition at line 1223 of file acl.c.

1225{
1226 Acl *acl;
1227 AclItem *aip;
1228 int i,
1229 num;
1230 AclMode own_privs;
1231
1232 check_acl(old_acl);
1233
1234 /*
1235 * For now, grant options can only be granted to roles, not PUBLIC.
1236 * Otherwise we'd have to work a bit harder here.
1237 */
1238 Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1239
1240 /* The owner always has grant options, no need to check */
1241 if (mod_aip->ai_grantor == ownerId)
1242 return;
1243
1244 /* Make a working copy */
1245 acl = allocacl(ACL_NUM(old_acl));
1246 memcpy(acl, old_acl, ACL_SIZE(old_acl));
1247
1248 /* Zap all grant options of target grantee, plus what depends on 'em */
1249cc_restart:
1250 num = ACL_NUM(acl);
1251 aip = ACL_DAT(acl);
1252 for (i = 0; i < num; i++)
1253 {
1254 if (aip[i].ai_grantee == mod_aip->ai_grantee &&
1255 ACLITEM_GET_GOPTIONS(aip[i]) != ACL_NO_RIGHTS)
1256 {
1257 Acl *new_acl;
1258
1259 /* We'll actually zap ordinary privs too, but no matter */
1260 new_acl = aclupdate(acl, &aip[i], ACL_MODECHG_DEL,
1261 ownerId, DROP_CASCADE);
1262
1263 pfree(acl);
1264 acl = new_acl;
1265
1266 goto cc_restart;
1267 }
1268 }
1269
1270 /* Now we can compute grantor's independently-derived privileges */
1271 own_privs = aclmask(acl,
1272 mod_aip->ai_grantor,
1273 ownerId,
1274 ACL_GRANT_OPTION_FOR(ACLITEM_GET_GOPTIONS(*mod_aip)),
1275 ACLMASK_ALL);
1276 own_privs = ACL_OPTION_TO_PRIVS(own_privs);
1277
1278 if ((ACLITEM_GET_GOPTIONS(*mod_aip) & ~own_privs) != 0)
1279 ereport(ERROR,
1280 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1281 errmsg("grant options cannot be granted back to your own grantor")));
1282
1283 pfree(acl);
1284}
aclmask
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Definition acl.c:1389
ACL_OPTION_TO_PRIVS
#define ACL_OPTION_TO_PRIVS(privs)
Definition acl.h:71
ACL_GRANT_OPTION_FOR
#define ACL_GRANT_OPTION_FOR(privs)
Definition acl.h:70
DROP_CASCADE
@ DROP_CASCADE
Definition parsenodes.h:2428

References ACL_DAT, ACL_GRANT_OPTION_FOR, ACL_ID_PUBLIC, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACL_NUM, ACL_OPTION_TO_PRIVS, ACL_SIZE, ACLITEM_GET_GOPTIONS, aclmask(), ACLMASK_ALL, aclupdate(), allocacl(), Assert, check_acl(), DROP_CASCADE, ereport, errcode(), errmsg(), ERROR, fb(), i, and pfree().

Referenced by aclupdate().

◆ check_rolespec_name()

void check_rolespec_name ( const RoleSpec role,
const char detail_msg 
)

Definition at line 5695 of file acl.c.

5696{
5697 if (!role)
5698 return;
5699
5700 if (role->roletype != ROLESPEC_CSTRING)
5701 return;
5702
5703 if (IsReservedName(role->rolename))
5704 {
5705 if (detail_msg)
5706 ereport(ERROR,
5707 (errcode(ERRCODE_RESERVED_NAME),
5708 errmsg("role name \"%s\" is reserved",
5709 role->rolename),
5710 errdetail_internal("%s", detail_msg)));
5711 else
5712 ereport(ERROR,
5713 (errcode(ERRCODE_RESERVED_NAME),
5714 errmsg("role name \"%s\" is reserved",
5715 role->rolename)));
5716 }
5717}
IsReservedName
bool IsReservedName(const char *name)
Definition catalog.c:278
errdetail_internal
int errdetail_internal(const char *fmt,...)
Definition elog.c:1244
ROLESPEC_CSTRING
@ ROLESPEC_CSTRING
Definition parsenodes.h:419
RoleSpec::roletype
RoleSpecType roletype
Definition parsenodes.h:429
RoleSpec::rolename
char * rolename
Definition parsenodes.h:430

References ereport, errcode(), errdetail_internal(), errmsg(), ERROR, fb(), IsReservedName(), RoleSpec::rolename, ROLESPEC_CSTRING, and RoleSpec::roletype.

Referenced by AlterRole(), and AlterRoleSet().

◆ column_privilege_check()

static int column_privilege_check ( Oid  tableoid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mode 
)
static

Definition at line 2536 of file acl.c.

2538{
2539 AclResult aclresult;
2540 bool is_missing = false;
2541
2542 /*
2543 * If convert_column_name failed, we can just return -1 immediately.
2544 */
2545 if (attnum == InvalidAttrNumber)
2546 return -1;
2547
2548 /*
2549 * Check for column-level privileges first. This serves in part as a check
2550 * on whether the column even exists, so we need to do it before checking
2551 * table-level privilege.
2552 */
2553 aclresult = pg_attribute_aclcheck_ext(tableoid, attnum, roleid,
2554 mode, &is_missing);
2555 if (aclresult == ACLCHECK_OK)
2556 return 1;
2557 else if (is_missing)
2558 return -1;
2559
2560 /* Next check if we have the privilege at the table level */
2561 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2562 if (aclresult == ACLCHECK_OK)
2563 return 1;
2564 else if (is_missing)
2565 return -1;
2566 else
2567 return 0;
2568}
AclResult
AclResult
Definition acl.h:182
ACLCHECK_OK
@ ACLCHECK_OK
Definition acl.h:183
pg_class_aclcheck_ext
AclResult pg_class_aclcheck_ext(Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)
Definition aclchk.c:4049
pg_attribute_aclcheck_ext
AclResult pg_attribute_aclcheck_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
Definition aclchk.c:3880
InvalidAttrNumber
#define InvalidAttrNumber
Definition attnum.h:23
attnum
int16 attnum
Definition pg_attribute.h:74
mode
static PgChecksumMode mode
Definition pg_checksums.c:56

References ACLCHECK_OK, attnum, fb(), InvalidAttrNumber, mode, pg_attribute_aclcheck_ext(), and pg_class_aclcheck_ext().

Referenced by has_column_privilege_id_attnum(), has_column_privilege_id_id_attnum(), has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), and has_column_privilege_name_name_name().

◆ convert_aclright_to_string()

static const char * convert_aclright_to_string ( int  aclright)
static

Definition at line 1735 of file acl.c.

1736{
1737 switch (aclright)
1738 {
1739 case ACL_INSERT:
1740 return "INSERT";
1741 case ACL_SELECT:
1742 return "SELECT";
1743 case ACL_UPDATE:
1744 return "UPDATE";
1745 case ACL_DELETE:
1746 return "DELETE";
1747 case ACL_TRUNCATE:
1748 return "TRUNCATE";
1749 case ACL_REFERENCES:
1750 return "REFERENCES";
1751 case ACL_TRIGGER:
1752 return "TRIGGER";
1753 case ACL_EXECUTE:
1754 return "EXECUTE";
1755 case ACL_USAGE:
1756 return "USAGE";
1757 case ACL_CREATE:
1758 return "CREATE";
1759 case ACL_CREATE_TEMP:
1760 return "TEMPORARY";
1761 case ACL_CONNECT:
1762 return "CONNECT";
1763 case ACL_SET:
1764 return "SET";
1765 case ACL_ALTER_SYSTEM:
1766 return "ALTER SYSTEM";
1767 case ACL_MAINTAIN:
1768 return "MAINTAIN";
1769 default:
1770 elog(ERROR, "unrecognized aclright: %d", aclright);
1771 return NULL;
1772 }
1773}

References ACL_ALTER_SYSTEM, ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_MAINTAIN, ACL_REFERENCES, ACL_SELECT, ACL_SET, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, elog, ERROR, and fb().

Referenced by aclexplode().

◆ convert_any_priv_string()

static AclMode convert_any_priv_string ( text priv_type_text,
const priv_map privileges 
)
static

Definition at line 1687 of file acl.c.

1689{
1690 AclMode result = 0;
1691 char *priv_type = text_to_cstring(priv_type_text);
1692 char *chunk;
1693 char *next_chunk;
1694
1695 /* We rely on priv_type being a private, modifiable string */
1696 for (chunk = priv_type; chunk; chunk = next_chunk)
1697 {
1698 int chunk_len;
1699 const priv_map *this_priv;
1700
1701 /* Split string at commas */
1702 next_chunk = strchr(chunk, ',');
1703 if (next_chunk)
1704 *next_chunk++ = '\0';
1705
1706 /* Drop leading/trailing whitespace in this chunk */
1707 while (*chunk && isspace((unsigned char) *chunk))
1708 chunk++;
1709 chunk_len = strlen(chunk);
1710 while (chunk_len > 0 && isspace((unsigned char) chunk[chunk_len - 1]))
1711 chunk_len--;
1712 chunk[chunk_len] = '\0';
1713
1714 /* Match to the privileges list */
1715 for (this_priv = privileges; this_priv->name; this_priv++)
1716 {
1717 if (pg_strcasecmp(this_priv->name, chunk) == 0)
1718 {
1719 result |= this_priv->value;
1720 break;
1721 }
1722 }
1723 if (!this_priv->name)
1724 ereport(ERROR,
1725 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1726 errmsg("unrecognized privilege type: \"%s\"", chunk)));
1727 }
1728
1729 pfree(priv_type);
1730 return result;
1731}
pg_strcasecmp
int pg_strcasecmp(const char *s1, const char *s2)
Definition pgstrcasecmp.c:32
priv_map
Definition acl.c:55
text_to_cstring
char * text_to_cstring(const text *t)
Definition varlena.c:215

References ereport, errcode(), errmsg(), ERROR, fb(), priv_map::name, pfree(), pg_strcasecmp(), and text_to_cstring().

Referenced by convert_column_priv_string(), convert_database_priv_string(), convert_foreign_data_wrapper_priv_string(), convert_function_priv_string(), convert_language_priv_string(), convert_largeobject_priv_string(), convert_parameter_priv_string(), convert_role_priv_string(), convert_schema_priv_string(), convert_sequence_priv_string(), convert_server_priv_string(), convert_table_priv_string(), convert_tablespace_priv_string(), convert_type_priv_string(), and makeaclitem().

◆ convert_column_name()

static AttrNumber convert_column_name ( Oid  tableoid,
text column 
)
static

Definition at line 2896 of file acl.c.

2897{
2898 char *colname;
2899 HeapTuple attTuple;
2900 AttrNumber attnum;
2901
2902 colname = text_to_cstring(column);
2903
2904 /*
2905 * We don't use get_attnum() here because it will report that dropped
2906 * columns don't exist. We need to treat dropped columns differently from
2907 * nonexistent columns.
2908 */
2909 attTuple = SearchSysCache2(ATTNAME,
2910 ObjectIdGetDatum(tableoid),
2911 CStringGetDatum(colname));
2912 if (HeapTupleIsValid(attTuple))
2913 {
2914 Form_pg_attribute attributeForm;
2915
2916 attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
2917 /* We want to return NULL for dropped columns */
2918 if (attributeForm->attisdropped)
2919 attnum = InvalidAttrNumber;
2920 else
2921 attnum = attributeForm->attnum;
2922 ReleaseSysCache(attTuple);
2923 }
2924 else
2925 {
2926 char *tablename = get_rel_name(tableoid);
2927
2928 /*
2929 * If the table OID is bogus, or it's just been dropped, we'll get
2930 * NULL back. In such cases we want has_column_privilege to return
2931 * NULL too, so just return InvalidAttrNumber.
2932 */
2933 if (tablename != NULL)
2934 {
2935 /* tableoid exists, colname does not, so throw error */
2936 ereport(ERROR,
2937 (errcode(ERRCODE_UNDEFINED_COLUMN),
2938 errmsg("column \"%s\" of relation \"%s\" does not exist",
2939 colname, tablename)));
2940 }
2941 /* tableoid doesn't exist, so act like attisdropped case */
2942 attnum = InvalidAttrNumber;
2943 }
2944
2945 pfree(colname);
2946 return attnum;
2947}
get_rel_name
char * get_rel_name(Oid relid)
Definition lsyscache.c:2078
Form_pg_attribute
FormData_pg_attribute * Form_pg_attribute
Definition pg_attribute.h:202
CStringGetDatum
static Datum CStringGetDatum(const char *X)
Definition postgres.h:380
SearchSysCache2
HeapTuple SearchSysCache2(SysCacheIdentifier cacheId, Datum key1, Datum key2)
Definition syscache.c:230

References attnum, CStringGetDatum(), ereport, errcode(), errmsg(), ERROR, fb(), get_rel_name(), GETSTRUCT(), HeapTupleIsValid, InvalidAttrNumber, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache2(), and text_to_cstring().

Referenced by has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_name(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), and has_column_privilege_name_name_name().

◆ convert_column_priv_string()

static AclMode convert_column_priv_string ( text priv_type_text)
static

Definition at line 2954 of file acl.c.

2955{
2956 static const priv_map column_priv_map[] = {
2957 {"SELECT", ACL_SELECT},
2958 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2959 {"INSERT", ACL_INSERT},
2960 {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2961 {"UPDATE", ACL_UPDATE},
2962 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2963 {"REFERENCES", ACL_REFERENCES},
2964 {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2965 {NULL, 0}
2966 };
2967
2968 return convert_any_priv_string(priv_type_text, column_priv_map);
2969}
convert_any_priv_string
static AclMode convert_any_priv_string(text *priv_type_text, const priv_map *privileges)
Definition acl.c:1687

References ACL_GRANT_OPTION_FOR, ACL_INSERT, ACL_REFERENCES, ACL_SELECT, ACL_UPDATE, convert_any_priv_string(), and fb().

Referenced by has_any_column_privilege_id(), has_any_column_privilege_id_id(), has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_id(), has_any_column_privilege_name_name(), has_column_privilege_id_attnum(), has_column_privilege_id_id_attnum(), has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), and has_column_privilege_name_name_name().

◆ convert_database_name()

static Oid convert_database_name ( text databasename)
static

Definition at line 3148 of file acl.c.

3149{
3150 char *dbname = text_to_cstring(databasename);
3151
3152 return get_database_oid(dbname, false);
3153}
get_database_oid
Oid get_database_oid(const char *dbname, bool missing_ok)
Definition dbcommands.c:3169
dbname
char * dbname
Definition streamutil.c:49

References dbname, fb(), get_database_oid(), and text_to_cstring().

Referenced by has_database_privilege_id_name(), has_database_privilege_name(), and has_database_privilege_name_name().

◆ convert_database_priv_string()

static AclMode convert_database_priv_string ( text priv_type_text)
static

Definition at line 3160 of file acl.c.

3161{
3162 static const priv_map database_priv_map[] = {
3163 {"CREATE", ACL_CREATE},
3164 {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
3165 {"TEMPORARY", ACL_CREATE_TEMP},
3166 {"TEMPORARY WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3167 {"TEMP", ACL_CREATE_TEMP},
3168 {"TEMP WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3169 {"CONNECT", ACL_CONNECT},
3170 {"CONNECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CONNECT)},
3171 {NULL, 0}
3172 };
3173
3174 return convert_any_priv_string(priv_type_text, database_priv_map);
3175}

References ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_GRANT_OPTION_FOR, convert_any_priv_string(), and fb().

Referenced by has_database_privilege_id(), has_database_privilege_id_id(), has_database_privilege_id_name(), has_database_privilege_name(), has_database_privilege_name_id(), and has_database_privilege_name_name().

◆ convert_foreign_data_wrapper_name()

static Oid convert_foreign_data_wrapper_name ( text fdwname)
static

Definition at line 3354 of file acl.c.

3355{
3356 char *fdwstr = text_to_cstring(fdwname);
3357
3358 return get_foreign_data_wrapper_oid(fdwstr, false);
3359}
get_foreign_data_wrapper_oid
Oid get_foreign_data_wrapper_oid(const char *fdwname, bool missing_ok)
Definition foreign.c:682

References fb(), get_foreign_data_wrapper_oid(), and text_to_cstring().

Referenced by has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), and has_foreign_data_wrapper_privilege_name_name().

◆ convert_foreign_data_wrapper_priv_string()

static AclMode convert_foreign_data_wrapper_priv_string ( text priv_type_text)
static

Definition at line 3366 of file acl.c.

3367{
3368 static const priv_map foreign_data_wrapper_priv_map[] = {
3369 {"USAGE", ACL_USAGE},
3370 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3371 {NULL, 0}
3372 };
3373
3374 return convert_any_priv_string(priv_type_text, foreign_data_wrapper_priv_map);
3375}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_foreign_data_wrapper_privilege_id(), has_foreign_data_wrapper_privilege_id_id(), has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), has_foreign_data_wrapper_privilege_name_id(), and has_foreign_data_wrapper_privilege_name_name().

◆ convert_function_name()

static Oid convert_function_name ( text functionname)
static

Definition at line 3554 of file acl.c.

3555{
3556 char *funcname = text_to_cstring(functionname);
3557 Oid oid;
3558
3559 oid = DatumGetObjectId(DirectFunctionCall1(regprocedurein,
3560 CStringGetDatum(funcname)));
3561
3562 if (!OidIsValid(oid))
3563 ereport(ERROR,
3564 (errcode(ERRCODE_UNDEFINED_FUNCTION),
3565 errmsg("function \"%s\" does not exist", funcname)));
3566
3567 return oid;
3568}
DirectFunctionCall1
#define DirectFunctionCall1(func, arg1)
Definition fmgr.h:684
funcname
#define funcname
Definition indent_codes.h:69
DatumGetObjectId
static Oid DatumGetObjectId(Datum X)
Definition postgres.h:252
regprocedurein
Datum regprocedurein(PG_FUNCTION_ARGS)
Definition regproc.c:229

References CStringGetDatum(), DatumGetObjectId(), DirectFunctionCall1, ereport, errcode(), errmsg(), ERROR, fb(), funcname, OidIsValid, regprocedurein(), and text_to_cstring().

Referenced by has_function_privilege_id_name(), has_function_privilege_name(), and has_function_privilege_name_name().

◆ convert_function_priv_string()

static AclMode convert_function_priv_string ( text priv_type_text)
static

Definition at line 3575 of file acl.c.

3576{
3577 static const priv_map function_priv_map[] = {
3578 {"EXECUTE", ACL_EXECUTE},
3579 {"EXECUTE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_EXECUTE)},
3580 {NULL, 0}
3581 };
3582
3583 return convert_any_priv_string(priv_type_text, function_priv_map);
3584}

References ACL_EXECUTE, ACL_GRANT_OPTION_FOR, convert_any_priv_string(), and fb().

Referenced by has_function_privilege_id(), has_function_privilege_id_id(), has_function_privilege_id_name(), has_function_privilege_name(), has_function_privilege_name_id(), and has_function_privilege_name_name().

◆ convert_language_name()

static Oid convert_language_name ( text languagename)
static

Definition at line 3763 of file acl.c.

3764{
3765 char *langname = text_to_cstring(languagename);
3766
3767 return get_language_oid(langname, false);
3768}
get_language_oid
Oid get_language_oid(const char *langname, bool missing_ok)
Definition proclang.c:227

References fb(), get_language_oid(), and text_to_cstring().

Referenced by has_language_privilege_id_name(), has_language_privilege_name(), and has_language_privilege_name_name().

◆ convert_language_priv_string()

static AclMode convert_language_priv_string ( text priv_type_text)
static

Definition at line 3775 of file acl.c.

3776{
3777 static const priv_map language_priv_map[] = {
3778 {"USAGE", ACL_USAGE},
3779 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3780 {NULL, 0}
3781 };
3782
3783 return convert_any_priv_string(priv_type_text, language_priv_map);
3784}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_language_privilege_id(), has_language_privilege_id_id(), has_language_privilege_id_name(), has_language_privilege_name(), has_language_privilege_name_id(), and has_language_privilege_name_name().

◆ convert_largeobject_priv_string()

static AclMode convert_largeobject_priv_string ( text priv_type_text)
static

Definition at line 4810 of file acl.c.

4811{
4812 static const priv_map largeobject_priv_map[] = {
4813 {"SELECT", ACL_SELECT},
4814 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
4815 {"UPDATE", ACL_UPDATE},
4816 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
4817 {NULL, 0}
4818 };
4819
4820 return convert_any_priv_string(priv_type_text, largeobject_priv_map);
4821}

References ACL_GRANT_OPTION_FOR, ACL_SELECT, ACL_UPDATE, convert_any_priv_string(), and fb().

Referenced by has_largeobject_privilege_id(), has_largeobject_privilege_id_id(), and has_largeobject_privilege_name_id().

◆ convert_parameter_priv_string()

static AclMode convert_parameter_priv_string ( text priv_text)
static

Definition at line 4674 of file acl.c.

4675{
4676 static const priv_map parameter_priv_map[] = {
4677 {"SET", ACL_SET},
4678 {"SET WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SET)},
4679 {"ALTER SYSTEM", ACL_ALTER_SYSTEM},
4680 {"ALTER SYSTEM WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_ALTER_SYSTEM)},
4681 {NULL, 0}
4682 };
4683
4684 return convert_any_priv_string(priv_text, parameter_priv_map);
4685}

References ACL_ALTER_SYSTEM, ACL_GRANT_OPTION_FOR, ACL_SET, convert_any_priv_string(), and fb().

Referenced by has_parameter_privilege_id_name(), has_parameter_privilege_name(), and has_parameter_privilege_name_name().

◆ convert_role_priv_string()

static AclMode convert_role_priv_string ( text priv_type_text)
static

Definition at line 4988 of file acl.c.

4989{
4990 static const priv_map role_priv_map[] = {
4991 {"USAGE", ACL_USAGE},
4992 {"MEMBER", ACL_CREATE},
4993 {"SET", ACL_SET},
4994 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4995 {"USAGE WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4996 {"MEMBER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4997 {"MEMBER WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4998 {"SET WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4999 {"SET WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
5000 {NULL, 0}
5001 };
5002
5003 return convert_any_priv_string(priv_type_text, role_priv_map);
5004}

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_SET, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by pg_has_role_id(), pg_has_role_id_id(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), and pg_has_role_name_name().

◆ convert_schema_name()

static Oid convert_schema_name ( text schemaname)
static

Definition at line 3963 of file acl.c.

3964{
3965 char *nspname = text_to_cstring(schemaname);
3966
3967 return get_namespace_oid(nspname, false);
3968}
get_namespace_oid
Oid get_namespace_oid(const char *nspname, bool missing_ok)
Definition namespace.c:3606

References get_namespace_oid(), and text_to_cstring().

Referenced by has_schema_privilege_id_name(), has_schema_privilege_name(), and has_schema_privilege_name_name().

◆ convert_schema_priv_string()

static AclMode convert_schema_priv_string ( text priv_type_text)
static

Definition at line 3975 of file acl.c.

3976{
3977 static const priv_map schema_priv_map[] = {
3978 {"CREATE", ACL_CREATE},
3979 {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
3980 {"USAGE", ACL_USAGE},
3981 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3982 {NULL, 0}
3983 };
3984
3985 return convert_any_priv_string(priv_type_text, schema_priv_map);
3986}

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_schema_privilege_id(), has_schema_privilege_id_id(), has_schema_privilege_id_name(), has_schema_privilege_name(), has_schema_privilege_name_id(), and has_schema_privilege_name_name().

◆ convert_sequence_priv_string()

static AclMode convert_sequence_priv_string ( text priv_type_text)
static

Definition at line 2299 of file acl.c.

2300{
2301 static const priv_map sequence_priv_map[] = {
2302 {"USAGE", ACL_USAGE},
2303 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
2304 {"SELECT", ACL_SELECT},
2305 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2306 {"UPDATE", ACL_UPDATE},
2307 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2308 {NULL, 0}
2309 };
2310
2311 return convert_any_priv_string(priv_type_text, sequence_priv_map);
2312}

References ACL_GRANT_OPTION_FOR, ACL_SELECT, ACL_UPDATE, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_sequence_privilege_id(), has_sequence_privilege_id_id(), has_sequence_privilege_id_name(), has_sequence_privilege_name(), has_sequence_privilege_name_id(), and has_sequence_privilege_name_name().

◆ convert_server_name()

static Oid convert_server_name ( text servername)
static

Definition at line 4165 of file acl.c.

4166{
4167 char *serverstr = text_to_cstring(servername);
4168
4169 return get_foreign_server_oid(serverstr, false);
4170}
get_foreign_server_oid
Oid get_foreign_server_oid(const char *servername, bool missing_ok)
Definition foreign.c:705

References fb(), get_foreign_server_oid(), and text_to_cstring().

Referenced by has_server_privilege_id_name(), has_server_privilege_name(), and has_server_privilege_name_name().

◆ convert_server_priv_string()

static AclMode convert_server_priv_string ( text priv_type_text)
static

Definition at line 4177 of file acl.c.

4178{
4179 static const priv_map server_priv_map[] = {
4180 {"USAGE", ACL_USAGE},
4181 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
4182 {NULL, 0}
4183 };
4184
4185 return convert_any_priv_string(priv_type_text, server_priv_map);
4186}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_server_privilege_id(), has_server_privilege_id_id(), has_server_privilege_id_name(), has_server_privilege_name(), has_server_privilege_name_id(), and has_server_privilege_name_name().

◆ convert_table_name()

static Oid convert_table_name ( text tablename)
static

Definition at line 2049 of file acl.c.

2050{
2051 RangeVar *relrv;
2052
2053 relrv = makeRangeVarFromNameList(textToQualifiedNameList(tablename));
2054
2055 /* We might not even have permissions on this relation; don't lock it. */
2056 return RangeVarGetRelid(relrv, NoLock, false);
2057}
NoLock
#define NoLock
Definition lockdefs.h:34
makeRangeVarFromNameList
RangeVar * makeRangeVarFromNameList(const List *names)
Definition namespace.c:3625
RangeVarGetRelid
#define RangeVarGetRelid(relation, lockmode, missing_ok)
Definition namespace.h:98
textToQualifiedNameList
List * textToQualifiedNameList(text *textval)
Definition varlena.c:2717

References fb(), makeRangeVarFromNameList(), NoLock, RangeVarGetRelid, and textToQualifiedNameList().

Referenced by has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), has_column_privilege_name_name_name(), has_sequence_privilege_id_name(), has_sequence_privilege_name(), has_sequence_privilege_name_name(), has_table_privilege_id_name(), has_table_privilege_name(), and has_table_privilege_name_name().

◆ convert_table_priv_string()

static AclMode convert_table_priv_string ( text priv_type_text)
static

Definition at line 2064 of file acl.c.

2065{
2066 static const priv_map table_priv_map[] = {
2067 {"SELECT", ACL_SELECT},
2068 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2069 {"INSERT", ACL_INSERT},
2070 {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2071 {"UPDATE", ACL_UPDATE},
2072 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2073 {"DELETE", ACL_DELETE},
2074 {"DELETE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_DELETE)},
2075 {"TRUNCATE", ACL_TRUNCATE},
2076 {"TRUNCATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRUNCATE)},
2077 {"REFERENCES", ACL_REFERENCES},
2078 {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2079 {"TRIGGER", ACL_TRIGGER},
2080 {"TRIGGER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRIGGER)},
2081 {"MAINTAIN", ACL_MAINTAIN},
2082 {"MAINTAIN WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_MAINTAIN)},
2083 {NULL, 0}
2084 };
2085
2086 return convert_any_priv_string(priv_type_text, table_priv_map);
2087}

References ACL_DELETE, ACL_GRANT_OPTION_FOR, ACL_INSERT, ACL_MAINTAIN, ACL_REFERENCES, ACL_SELECT, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, convert_any_priv_string(), and fb().

Referenced by has_table_privilege_id(), has_table_privilege_id_id(), has_table_privilege_id_name(), has_table_privilege_name(), has_table_privilege_name_id(), and has_table_privilege_name_name().

◆ convert_tablespace_name()

static Oid convert_tablespace_name ( text tablespacename)
static

Definition at line 4365 of file acl.c.

4366{
4367 char *spcname = text_to_cstring(tablespacename);
4368
4369 return get_tablespace_oid(spcname, false);
4370}
get_tablespace_oid
Oid get_tablespace_oid(const char *tablespacename, bool missing_ok)
Definition tablespace.c:1427

References fb(), get_tablespace_oid(), and text_to_cstring().

Referenced by has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), and has_tablespace_privilege_name_name().

◆ convert_tablespace_priv_string()

static AclMode convert_tablespace_priv_string ( text priv_type_text)
static

Definition at line 4377 of file acl.c.

4378{
4379 static const priv_map tablespace_priv_map[] = {
4380 {"CREATE", ACL_CREATE},
4381 {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4382 {NULL, 0}
4383 };
4384
4385 return convert_any_priv_string(priv_type_text, tablespace_priv_map);
4386}

References ACL_CREATE, ACL_GRANT_OPTION_FOR, convert_any_priv_string(), and fb().

Referenced by has_tablespace_privilege_id(), has_tablespace_privilege_id_id(), has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), has_tablespace_privilege_name_id(), and has_tablespace_privilege_name_name().

◆ convert_type_name()

static Oid convert_type_name ( text typename)
static

Definition at line 4564 of file acl.c.

4565{
4566 char *typname = text_to_cstring(typename);
4567 Oid oid;
4568
4569 oid = DatumGetObjectId(DirectFunctionCall1(regtypein,
4570 CStringGetDatum(typname)));
4571
4572 if (!OidIsValid(oid))
4573 ereport(ERROR,
4574 (errcode(ERRCODE_UNDEFINED_OBJECT),
4575 errmsg("type \"%s\" does not exist", typname)));
4576
4577 return oid;
4578}
typname
NameData typname
Definition pg_type.h:41
regtypein
Datum regtypein(PG_FUNCTION_ARGS)
Definition regproc.c:1184

References CStringGetDatum(), DatumGetObjectId(), DirectFunctionCall1, ereport, errcode(), errmsg(), ERROR, fb(), OidIsValid, regtypein(), text_to_cstring(), and typname.

Referenced by has_type_privilege_id_name(), has_type_privilege_name(), and has_type_privilege_name_name().

◆ convert_type_priv_string()

static AclMode convert_type_priv_string ( text priv_type_text)
static

Definition at line 4585 of file acl.c.

4586{
4587 static const priv_map type_priv_map[] = {
4588 {"USAGE", ACL_USAGE},
4589 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
4590 {NULL, 0}
4591 };
4592
4593 return convert_any_priv_string(priv_type_text, type_priv_map);
4594}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_type_privilege_id(), has_type_privilege_id_id(), has_type_privilege_id_name(), has_type_privilege_name(), has_type_privilege_name_id(), and has_type_privilege_name_name().

◆ get_role_oid()

Oid get_role_oid ( const char rolname,
bool  missing_ok 
)

Definition at line 5554 of file acl.c.

5555{
5556 Oid oid;
5557
5558 oid = GetSysCacheOid1(AUTHNAME, Anum_pg_authid_oid,
5559 CStringGetDatum(rolname));
5560 if (!OidIsValid(oid) && !missing_ok)
5561 ereport(ERROR,
5562 (errcode(ERRCODE_UNDEFINED_OBJECT),
5563 errmsg("role \"%s\" does not exist", rolname)));
5564 return oid;
5565}
GetSysCacheOid1
#define GetSysCacheOid1(cacheId, oidcol, key1)
Definition syscache.h:109

References CStringGetDatum(), ereport, errcode(), errmsg(), ERROR, fb(), GetSysCacheOid1, OidIsValid, and rolname.

Referenced by aclparse(), check_hba(), check_ident_usermap(), createdb(), CreateRole(), get_object_address_unqualified(), get_role_oid_or_public(), get_rolespec_oid(), GrantRole(), is_member(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), pg_has_role_name_name(), regrolein(), shell_check_detail(), and worker_spi_launch().

◆ get_role_oid_or_public()

Oid get_role_oid_or_public ( const char rolname)

Definition at line 5572 of file acl.c.

5573{
5574 if (strcmp(rolname, "public") == 0)
5575 return ACL_ID_PUBLIC;
5576
5577 return get_role_oid(rolname, false);
5578}

References ACL_ID_PUBLIC, fb(), get_role_oid(), and rolname.

Referenced by has_any_column_privilege_name_id(), has_any_column_privilege_name_name(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name_attnum(), has_column_privilege_name_name_name(), has_database_privilege_name_id(), has_database_privilege_name_name(), has_foreign_data_wrapper_privilege_name_id(), has_foreign_data_wrapper_privilege_name_name(), has_function_privilege_name_id(), has_function_privilege_name_name(), has_language_privilege_name_id(), has_language_privilege_name_name(), has_largeobject_privilege_name_id(), has_parameter_privilege_name_name(), has_schema_privilege_name_id(), has_schema_privilege_name_name(), has_sequence_privilege_name_id(), has_sequence_privilege_name_name(), has_server_privilege_name_id(), has_server_privilege_name_name(), has_table_privilege_name_id(), has_table_privilege_name_name(), has_tablespace_privilege_name_id(), has_tablespace_privilege_name_name(), has_type_privilege_name_id(), and has_type_privilege_name_name().

◆ get_rolespec_name()

char * get_rolespec_name ( const RoleSpec role)

Definition at line 5673 of file acl.c.

5674{
5675 HeapTuple tp;
5676 Form_pg_authid authForm;
5677 char *rolename;
5678
5679 tp = get_rolespec_tuple(role);
5680 authForm = (Form_pg_authid) GETSTRUCT(tp);
5681 rolename = pstrdup(NameStr(authForm->rolname));
5682 ReleaseSysCache(tp);
5683
5684 return rolename;
5685}
get_rolespec_tuple
HeapTuple get_rolespec_tuple(const RoleSpec *role)
Definition acl.c:5627
pstrdup
char * pstrdup(const char *in)
Definition mcxt.c:1781

References fb(), get_rolespec_tuple(), GETSTRUCT(), NameStr, pstrdup(), and ReleaseSysCache().

Referenced by AddRoleMems(), and DelRoleMems().

◆ get_rolespec_oid()

Oid get_rolespec_oid ( const RoleSpec role,
bool  missing_ok 
)

Definition at line 5588 of file acl.c.

5589{
5590 Oid oid;
5591
5592 switch (role->roletype)
5593 {
5594 case ROLESPEC_CSTRING:
5595 Assert(role->rolename);
5596 oid = get_role_oid(role->rolename, missing_ok);
5597 break;
5598
5599 case ROLESPEC_CURRENT_ROLE:
5600 case ROLESPEC_CURRENT_USER:
5601 oid = GetUserId();
5602 break;
5603
5604 case ROLESPEC_SESSION_USER:
5605 oid = GetSessionUserId();
5606 break;
5607
5608 case ROLESPEC_PUBLIC:
5609 ereport(ERROR,
5610 (errcode(ERRCODE_UNDEFINED_OBJECT),
5611 errmsg("role \"%s\" does not exist", "public")));
5612 oid = InvalidOid; /* make compiler happy */
5613 break;
5614
5615 default:
5616 elog(ERROR, "unexpected role type %d", role->roletype);
5617 }
5618
5619 return oid;
5620}
GetUserId
Oid GetUserId(void)
Definition miscinit.c:469
GetSessionUserId
Oid GetSessionUserId(void)
Definition miscinit.c:508
ROLESPEC_CURRENT_USER
@ ROLESPEC_CURRENT_USER
Definition parsenodes.h:421
ROLESPEC_SESSION_USER
@ ROLESPEC_SESSION_USER
Definition parsenodes.h:422
ROLESPEC_CURRENT_ROLE
@ ROLESPEC_CURRENT_ROLE
Definition parsenodes.h:420
ROLESPEC_PUBLIC
@ ROLESPEC_PUBLIC
Definition parsenodes.h:423
InvalidOid
#define InvalidOid
Definition postgres_ext.h:37

References Assert, elog, ereport, errcode(), errmsg(), ERROR, fb(), get_role_oid(), GetSessionUserId(), GetUserId(), InvalidOid, RoleSpec::rolename, ROLESPEC_CSTRING, ROLESPEC_CURRENT_ROLE, ROLESPEC_CURRENT_USER, ROLESPEC_PUBLIC, ROLESPEC_SESSION_USER, and RoleSpec::roletype.

Referenced by AlterUserMapping(), ATExecCmd(), CreateSchemaCommand(), CreateTableSpace(), CreateUserMapping(), ExecAlterDefaultPrivilegesStmt(), ExecAlterOwnerStmt(), ExecuteGrantStmt(), GrantRole(), policy_role_list_to_array(), ReassignOwnedObjects(), RemoveUserMapping(), and roleSpecsToIds().

◆ get_rolespec_tuple()

HeapTuple get_rolespec_tuple ( const RoleSpec role)

Definition at line 5627 of file acl.c.

5628{
5629 HeapTuple tuple;
5630
5631 switch (role->roletype)
5632 {
5633 case ROLESPEC_CSTRING:
5634 Assert(role->rolename);
5635 tuple = SearchSysCache1(AUTHNAME, CStringGetDatum(role->rolename));
5636 if (!HeapTupleIsValid(tuple))
5637 ereport(ERROR,
5638 (errcode(ERRCODE_UNDEFINED_OBJECT),
5639 errmsg("role \"%s\" does not exist", role->rolename)));
5640 break;
5641
5642 case ROLESPEC_CURRENT_ROLE:
5643 case ROLESPEC_CURRENT_USER:
5644 tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(GetUserId()));
5645 if (!HeapTupleIsValid(tuple))
5646 elog(ERROR, "cache lookup failed for role %u", GetUserId());
5647 break;
5648
5649 case ROLESPEC_SESSION_USER:
5650 tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(GetSessionUserId()));
5651 if (!HeapTupleIsValid(tuple))
5652 elog(ERROR, "cache lookup failed for role %u", GetSessionUserId());
5653 break;
5654
5655 case ROLESPEC_PUBLIC:
5656 ereport(ERROR,
5657 (errcode(ERRCODE_UNDEFINED_OBJECT),
5658 errmsg("role \"%s\" does not exist", "public")));
5659 tuple = NULL; /* make compiler happy */
5660 break;
5661
5662 default:
5663 elog(ERROR, "unexpected role type %d", role->roletype);
5664 }
5665
5666 return tuple;
5667}

References Assert, CStringGetDatum(), elog, ereport, errcode(), errmsg(), ERROR, fb(), GetSessionUserId(), GetUserId(), HeapTupleIsValid, ObjectIdGetDatum(), RoleSpec::rolename, ROLESPEC_CSTRING, ROLESPEC_CURRENT_ROLE, ROLESPEC_CURRENT_USER, ROLESPEC_PUBLIC, ROLESPEC_SESSION_USER, RoleSpec::roletype, and SearchSysCache1().

Referenced by AlterRole(), AlterRoleSet(), CreateRole(), and get_rolespec_name().

◆ getid()

static const char * getid ( const char s,
char n,
Node escontext 
)
static

Definition at line 169 of file acl.c.

170{
171 int len = 0;
172 bool in_quotes = false;
173
174 Assert(s && n);
175
176 while (isspace((unsigned char) *s))
177 s++;
178 for (;
179 *s != '\0' &&
180 (in_quotes || *s == '"' || is_safe_acl_char(*s, true));
181 s++)
182 {
183 if (*s == '"')
184 {
185 if (!in_quotes)
186 {
187 in_quotes = true;
188 continue;
189 }
190 /* safe to look at next char (could be '\0' though) */
191 if (*(s + 1) != '"')
192 {
193 in_quotes = false;
194 continue;
195 }
196 /* it's an escaped double quote; skip the escaping char */
197 s++;
198 }
199
200 /* Add the character to the string */
201 if (len >= NAMEDATALEN - 1)
202 ereturn(escontext, NULL,
203 (errcode(ERRCODE_NAME_TOO_LONG),
204 errmsg("identifier too long"),
205 errdetail("Identifier must be less than %d characters.",
206 NAMEDATALEN)));
207
208 n[len++] = *s;
209 }
210 n[len] = '\0';
211 while (isspace((unsigned char) *s))
212 s++;
213 return s;
214}
is_safe_acl_char
static bool is_safe_acl_char(unsigned char c, bool is_getid)
Definition acl.c:146
errdetail
int errdetail(const char *fmt,...)
Definition elog.c:1217
len
const void size_t len
Definition pg_crc32c_sse42.c:28

References Assert, ereturn, errcode(), errdetail(), errmsg(), fb(), is_safe_acl_char(), len, and NAMEDATALEN.

Referenced by aclparse().

◆ has_any_column_privilege_id()

Datum has_any_column_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 2425 of file acl.c.

2426{
2427 Oid tableoid = PG_GETARG_OID(0);
2428 text *priv_type_text = PG_GETARG_TEXT_PP(1);
2429 Oid roleid;
2430 AclMode mode;
2431 AclResult aclresult;
2432 bool is_missing = false;
2433
2434 roleid = GetUserId();
2435 mode = convert_column_priv_string(priv_type_text);
2436
2437 /* First check at table level, then examine each column if needed */
2438 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2439 if (aclresult != ACLCHECK_OK)
2440 {
2441 if (is_missing)
2442 PG_RETURN_NULL();
2443 aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
2444 ACLMASK_ANY, &is_missing);
2445 if (is_missing)
2446 PG_RETURN_NULL();
2447 }
2448
2449 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2450}
convert_column_priv_string
static AclMode convert_column_priv_string(text *priv_type_text)
Definition acl.c:2954
ACLMASK_ANY
@ ACLMASK_ANY
Definition acl.h:177
pg_attribute_aclcheck_all_ext
AclResult pg_attribute_aclcheck_all_ext(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)
Definition aclchk.c:3921
PG_GETARG_TEXT_PP
#define PG_GETARG_TEXT_PP(n)
Definition fmgr.h:310
varlena
Definition c.h:706

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), fb(), GetUserId(), mode, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_any_column_privilege_id_id()

Datum has_any_column_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 2485 of file acl.c.

2486{
2487 Oid roleid = PG_GETARG_OID(0);
2488 Oid tableoid = PG_GETARG_OID(1);
2489 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2490 AclMode mode;
2491 AclResult aclresult;
2492 bool is_missing = false;
2493
2494 mode = convert_column_priv_string(priv_type_text);
2495
2496 /* First check at table level, then examine each column if needed */
2497 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2498 if (aclresult != ACLCHECK_OK)
2499 {
2500 if (is_missing)
2501 PG_RETURN_NULL();
2502 aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
2503 ACLMASK_ANY, &is_missing);
2504 if (is_missing)
2505 PG_RETURN_NULL();
2506 }
2507
2508 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2509}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), fb(), mode, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_any_column_privilege_id_name()

Datum has_any_column_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2458 of file acl.c.

2459{
2460 Oid roleid = PG_GETARG_OID(0);
2461 text *tablename = PG_GETARG_TEXT_PP(1);
2462 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2463 Oid tableoid;
2464 AclMode mode;
2465 AclResult aclresult;
2466
2467 tableoid = convert_table_name(tablename);
2468 mode = convert_column_priv_string(priv_type_text);
2469
2470 /* First check at table level, then examine each column if needed */
2471 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2472 if (aclresult != ACLCHECK_OK)
2473 aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2474 ACLMASK_ANY);
2475
2476 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2477}
convert_table_name
static Oid convert_table_name(text *tablename)
Definition acl.c:2049
pg_attribute_aclcheck_all
AclResult pg_attribute_aclcheck_all(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
Definition aclchk.c:3910
pg_class_aclcheck
AclResult pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode)
Definition aclchk.c:4039

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), fb(), mode, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_any_column_privilege_name()

Datum has_any_column_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 2362 of file acl.c.

2363{
2364 text *tablename = PG_GETARG_TEXT_PP(0);
2365 text *priv_type_text = PG_GETARG_TEXT_PP(1);
2366 Oid roleid;
2367 Oid tableoid;
2368 AclMode mode;
2369 AclResult aclresult;
2370
2371 roleid = GetUserId();
2372 tableoid = convert_table_name(tablename);
2373 mode = convert_column_priv_string(priv_type_text);
2374
2375 /* First check at table level, then examine each column if needed */
2376 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2377 if (aclresult != ACLCHECK_OK)
2378 aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2379 ACLMASK_ANY);
2380
2381 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2382}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), fb(), GetUserId(), mode, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_any_column_privilege_name_id()

Datum has_any_column_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 2390 of file acl.c.

2391{
2392 Name username = PG_GETARG_NAME(0);
2393 Oid tableoid = PG_GETARG_OID(1);
2394 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2395 Oid roleid;
2396 AclMode mode;
2397 AclResult aclresult;
2398 bool is_missing = false;
2399
2400 roleid = get_role_oid_or_public(NameStr(*username));
2401 mode = convert_column_priv_string(priv_type_text);
2402
2403 /* First check at table level, then examine each column if needed */
2404 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2405 if (aclresult != ACLCHECK_OK)
2406 {
2407 if (is_missing)
2408 PG_RETURN_NULL();
2409 aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
2410 ACLMASK_ANY, &is_missing);
2411 if (is_missing)
2412 PG_RETURN_NULL();
2413 }
2414
2415 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2416}
get_role_oid_or_public
Oid get_role_oid_or_public(const char *rolname)
Definition acl.c:5572
PG_GETARG_NAME
#define PG_GETARG_NAME(n)
Definition fmgr.h:279
username
static char * username
Definition initdb.c:153
nameData
Definition c.h:760

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_any_column_privilege_name_name()

Datum has_any_column_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2332 of file acl.c.

2333{
2334 Name rolename = PG_GETARG_NAME(0);
2335 text *tablename = PG_GETARG_TEXT_PP(1);
2336 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2337 Oid roleid;
2338 Oid tableoid;
2339 AclMode mode;
2340 AclResult aclresult;
2341
2342 roleid = get_role_oid_or_public(NameStr(*rolename));
2343 tableoid = convert_table_name(tablename);
2344 mode = convert_column_priv_string(priv_type_text);
2345
2346 /* First check at table level, then examine each column if needed */
2347 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2348 if (aclresult != ACLCHECK_OK)
2349 aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2350 ACLMASK_ANY);
2351
2352 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2353}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), fb(), get_role_oid_or_public(), mode, NameStr, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_column_privilege_id_attnum()

Datum has_column_privilege_id_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2868 of file acl.c.

2869{
2870 Oid tableoid = PG_GETARG_OID(0);
2871 AttrNumber colattnum = PG_GETARG_INT16(1);
2872 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2873 Oid roleid;
2874 AclMode mode;
2875 int privresult;
2876
2877 roleid = GetUserId();
2878 mode = convert_column_priv_string(priv_type_text);
2879
2880 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2881 if (privresult < 0)
2882 PG_RETURN_NULL();
2883 PG_RETURN_BOOL(privresult);
2884}
column_privilege_check
static int column_privilege_check(Oid tableoid, AttrNumber attnum, Oid roleid, AclMode mode)
Definition acl.c:2536
PG_GETARG_INT16
#define PG_GETARG_INT16(n)
Definition fmgr.h:271

References column_privilege_check(), convert_column_priv_string(), fb(), GetUserId(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_id_attnum()

Datum has_column_privilege_id_id_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2761 of file acl.c.

2762{
2763 Oid roleid = PG_GETARG_OID(0);
2764 Oid tableoid = PG_GETARG_OID(1);
2765 AttrNumber colattnum = PG_GETARG_INT16(2);
2766 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2767 AclMode mode;
2768 int privresult;
2769
2770 mode = convert_column_priv_string(priv_type_text);
2771
2772 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2773 if (privresult < 0)
2774 PG_RETURN_NULL();
2775 PG_RETURN_BOOL(privresult);
2776}

References column_privilege_check(), convert_column_priv_string(), fb(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_id_name()

Datum has_column_privilege_id_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2736 of file acl.c.

2737{
2738 Oid roleid = PG_GETARG_OID(0);
2739 Oid tableoid = PG_GETARG_OID(1);
2740 text *column = PG_GETARG_TEXT_PP(2);
2741 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2742 AttrNumber colattnum;
2743 AclMode mode;
2744 int privresult;
2745
2746 colattnum = convert_column_name(tableoid, column);
2747 mode = convert_column_priv_string(priv_type_text);
2748
2749 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2750 if (privresult < 0)
2751 PG_RETURN_NULL();
2752 PG_RETURN_BOOL(privresult);
2753}
convert_column_name
static AttrNumber convert_column_name(Oid tableoid, text *column)
Definition acl.c:2896

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), fb(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name()

Datum has_column_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2841 of file acl.c.

2842{
2843 Oid tableoid = PG_GETARG_OID(0);
2844 text *column = PG_GETARG_TEXT_PP(1);
2845 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2846 Oid roleid;
2847 AttrNumber colattnum;
2848 AclMode mode;
2849 int privresult;
2850
2851 roleid = GetUserId();
2852 colattnum = convert_column_name(tableoid, column);
2853 mode = convert_column_priv_string(priv_type_text);
2854
2855 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2856 if (privresult < 0)
2857 PG_RETURN_NULL();
2858 PG_RETURN_BOOL(privresult);
2859}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), fb(), GetUserId(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name_attnum()

Datum has_column_privilege_id_name_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2711 of file acl.c.

2712{
2713 Oid roleid = PG_GETARG_OID(0);
2714 text *tablename = PG_GETARG_TEXT_PP(1);
2715 AttrNumber colattnum = PG_GETARG_INT16(2);
2716 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2717 Oid tableoid;
2718 AclMode mode;
2719 int privresult;
2720
2721 tableoid = convert_table_name(tablename);
2722 mode = convert_column_priv_string(priv_type_text);
2723
2724 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2725 if (privresult < 0)
2726 PG_RETURN_NULL();
2727 PG_RETURN_BOOL(privresult);
2728}

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), fb(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name_name()

Datum has_column_privilege_id_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2684 of file acl.c.

2685{
2686 Oid roleid = PG_GETARG_OID(0);
2687 text *tablename = PG_GETARG_TEXT_PP(1);
2688 text *column = PG_GETARG_TEXT_PP(2);
2689 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2690 Oid tableoid;
2691 AttrNumber colattnum;
2692 AclMode mode;
2693 int privresult;
2694
2695 tableoid = convert_table_name(tablename);
2696 colattnum = convert_column_name(tableoid, column);
2697 mode = convert_column_priv_string(priv_type_text);
2698
2699 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2700 if (privresult < 0)
2701 PG_RETURN_NULL();
2702 PG_RETURN_BOOL(privresult);
2703}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), fb(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_attnum()

Datum has_column_privilege_name_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2814 of file acl.c.

2815{
2816 text *tablename = PG_GETARG_TEXT_PP(0);
2817 AttrNumber colattnum = PG_GETARG_INT16(1);
2818 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2819 Oid roleid;
2820 Oid tableoid;
2821 AclMode mode;
2822 int privresult;
2823
2824 roleid = GetUserId();
2825 tableoid = convert_table_name(tablename);
2826 mode = convert_column_priv_string(priv_type_text);
2827
2828 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2829 if (privresult < 0)
2830 PG_RETURN_NULL();
2831 PG_RETURN_BOOL(privresult);
2832}

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), fb(), GetUserId(), mode, PG_GETARG_INT16, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_id_attnum()

Datum has_column_privilege_name_id_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2659 of file acl.c.

2660{
2661 Name username = PG_GETARG_NAME(0);
2662 Oid tableoid = PG_GETARG_OID(1);
2663 AttrNumber colattnum = PG_GETARG_INT16(2);
2664 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2665 Oid roleid;
2666 AclMode mode;
2667 int privresult;
2668
2669 roleid = get_role_oid_or_public(NameStr(*username));
2670 mode = convert_column_priv_string(priv_type_text);
2671
2672 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2673 if (privresult < 0)
2674 PG_RETURN_NULL();
2675 PG_RETURN_BOOL(privresult);
2676}

References column_privilege_check(), convert_column_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_INT16, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_column_privilege_name_id_name()

Datum has_column_privilege_name_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2632 of file acl.c.

2633{
2634 Name username = PG_GETARG_NAME(0);
2635 Oid tableoid = PG_GETARG_OID(1);
2636 text *column = PG_GETARG_TEXT_PP(2);
2637 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2638 Oid roleid;
2639 AttrNumber colattnum;
2640 AclMode mode;
2641 int privresult;
2642
2643 roleid = get_role_oid_or_public(NameStr(*username));
2644 colattnum = convert_column_name(tableoid, column);
2645 mode = convert_column_priv_string(priv_type_text);
2646
2647 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2648 if (privresult < 0)
2649 PG_RETURN_NULL();
2650 PG_RETURN_BOOL(privresult);
2651}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_column_privilege_name_name()

Datum has_column_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2785 of file acl.c.

2786{
2787 text *tablename = PG_GETARG_TEXT_PP(0);
2788 text *column = PG_GETARG_TEXT_PP(1);
2789 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2790 Oid roleid;
2791 Oid tableoid;
2792 AttrNumber colattnum;
2793 AclMode mode;
2794 int privresult;
2795
2796 roleid = GetUserId();
2797 tableoid = convert_table_name(tablename);
2798 colattnum = convert_column_name(tableoid, column);
2799 mode = convert_column_priv_string(priv_type_text);
2800
2801 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2802 if (privresult < 0)
2803 PG_RETURN_NULL();
2804 PG_RETURN_BOOL(privresult);
2805}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), fb(), GetUserId(), mode, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_name_attnum()

Datum has_column_privilege_name_name_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2605 of file acl.c.

2606{
2607 Name rolename = PG_GETARG_NAME(0);
2608 text *tablename = PG_GETARG_TEXT_PP(1);
2609 AttrNumber colattnum = PG_GETARG_INT16(2);
2610 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2611 Oid roleid;
2612 Oid tableoid;
2613 AclMode mode;
2614 int privresult;
2615
2616 roleid = get_role_oid_or_public(NameStr(*rolename));
2617 tableoid = convert_table_name(tablename);
2618 mode = convert_column_priv_string(priv_type_text);
2619
2620 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2621 if (privresult < 0)
2622 PG_RETURN_NULL();
2623 PG_RETURN_BOOL(privresult);
2624}

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), fb(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_INT16, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_name_name()

Datum has_column_privilege_name_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2576 of file acl.c.

2577{
2578 Name rolename = PG_GETARG_NAME(0);
2579 text *tablename = PG_GETARG_TEXT_PP(1);
2580 text *column = PG_GETARG_TEXT_PP(2);
2581 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2582 Oid roleid;
2583 Oid tableoid;
2584 AttrNumber colattnum;
2585 AclMode mode;
2586 int privresult;
2587
2588 roleid = get_role_oid_or_public(NameStr(*rolename));
2589 tableoid = convert_table_name(tablename);
2590 colattnum = convert_column_name(tableoid, column);
2591 mode = convert_column_priv_string(priv_type_text);
2592
2593 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2594 if (privresult < 0)
2595 PG_RETURN_NULL();
2596 PG_RETURN_BOOL(privresult);
2597}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), fb(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id()

Datum has_database_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3068 of file acl.c.

3069{
3070 Oid databaseoid = PG_GETARG_OID(0);
3071 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3072 Oid roleid;
3073 AclMode mode;
3074 AclResult aclresult;
3075 bool is_missing = false;
3076
3077 roleid = GetUserId();
3078 mode = convert_database_priv_string(priv_type_text);
3079
3080 aclresult = object_aclcheck_ext(DatabaseRelationId, databaseoid,
3081 roleid, mode,
3082 &is_missing);
3083
3084 if (is_missing)
3085 PG_RETURN_NULL();
3086
3087 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3088}
convert_database_priv_string
static AclMode convert_database_priv_string(text *priv_type_text)
Definition acl.c:3160
object_aclcheck_ext
AclResult object_aclcheck_ext(Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)
Definition aclchk.c:3846

References ACLCHECK_OK, convert_database_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id_id()

Datum has_database_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3119 of file acl.c.

3120{
3121 Oid roleid = PG_GETARG_OID(0);
3122 Oid databaseoid = PG_GETARG_OID(1);
3123 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3124 AclMode mode;
3125 AclResult aclresult;
3126 bool is_missing = false;
3127
3128 mode = convert_database_priv_string(priv_type_text);
3129
3130 aclresult = object_aclcheck_ext(DatabaseRelationId, databaseoid,
3131 roleid, mode,
3132 &is_missing);
3133
3134 if (is_missing)
3135 PG_RETURN_NULL();
3136
3137 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3138}

References ACLCHECK_OK, convert_database_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id_name()

Datum has_database_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3096 of file acl.c.

3097{
3098 Oid roleid = PG_GETARG_OID(0);
3099 text *databasename = PG_GETARG_TEXT_PP(1);
3100 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3101 Oid databaseoid;
3102 AclMode mode;
3103 AclResult aclresult;
3104
3105 databaseoid = convert_database_name(databasename);
3106 mode = convert_database_priv_string(priv_type_text);
3107
3108 aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
3109
3110 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3111}
convert_database_name
static Oid convert_database_name(text *databasename)
Definition acl.c:3148
object_aclcheck
AclResult object_aclcheck(Oid classid, Oid objectid, Oid roleid, AclMode mode)
Definition aclchk.c:3836

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_database_privilege_name()

Datum has_database_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3014 of file acl.c.

3015{
3016 text *databasename = PG_GETARG_TEXT_PP(0);
3017 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3018 Oid roleid;
3019 Oid databaseoid;
3020 AclMode mode;
3021 AclResult aclresult;
3022
3023 roleid = GetUserId();
3024 databaseoid = convert_database_name(databasename);
3025 mode = convert_database_priv_string(priv_type_text);
3026
3027 aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
3028
3029 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3030}

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_database_privilege_name_id()

Datum has_database_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3038 of file acl.c.

3039{
3040 Name username = PG_GETARG_NAME(0);
3041 Oid databaseoid = PG_GETARG_OID(1);
3042 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3043 Oid roleid;
3044 AclMode mode;
3045 AclResult aclresult;
3046 bool is_missing = false;
3047
3048 roleid = get_role_oid_or_public(NameStr(*username));
3049 mode = convert_database_priv_string(priv_type_text);
3050
3051 aclresult = object_aclcheck_ext(DatabaseRelationId, databaseoid,
3052 roleid, mode,
3053 &is_missing);
3054
3055 if (is_missing)
3056 PG_RETURN_NULL();
3057
3058 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3059}

References ACLCHECK_OK, convert_database_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_database_privilege_name_name()

Datum has_database_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2988 of file acl.c.

2989{
2990 Name username = PG_GETARG_NAME(0);
2991 text *databasename = PG_GETARG_TEXT_PP(1);
2992 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2993 Oid roleid;
2994 Oid databaseoid;
2995 AclMode mode;
2996 AclResult aclresult;
2997
2998 roleid = get_role_oid_or_public(NameStr(*username));
2999 databaseoid = convert_database_name(databasename);
3000 mode = convert_database_priv_string(priv_type_text);
3001
3002 aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
3003
3004 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3005}

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_foreign_data_wrapper_privilege_id()

Datum has_foreign_data_wrapper_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3274 of file acl.c.

3275{
3276 Oid fdwid = PG_GETARG_OID(0);
3277 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3278 Oid roleid;
3279 AclMode mode;
3280 AclResult aclresult;
3281 bool is_missing = false;
3282
3283 roleid = GetUserId();
3284 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3285
3286 aclresult = object_aclcheck_ext(ForeignDataWrapperRelationId, fdwid,
3287 roleid, mode,
3288 &is_missing);
3289
3290 if (is_missing)
3291 PG_RETURN_NULL();
3292
3293 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3294}
convert_foreign_data_wrapper_priv_string
static AclMode convert_foreign_data_wrapper_priv_string(text *priv_type_text)
Definition acl.c:3366

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_foreign_data_wrapper_privilege_id_id()

Datum has_foreign_data_wrapper_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3325 of file acl.c.

3326{
3327 Oid roleid = PG_GETARG_OID(0);
3328 Oid fdwid = PG_GETARG_OID(1);
3329 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3330 AclMode mode;
3331 AclResult aclresult;
3332 bool is_missing = false;
3333
3334 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3335
3336 aclresult = object_aclcheck_ext(ForeignDataWrapperRelationId, fdwid,
3337 roleid, mode,
3338 &is_missing);
3339
3340 if (is_missing)
3341 PG_RETURN_NULL();
3342
3343 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3344}

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_foreign_data_wrapper_privilege_id_name()

Datum has_foreign_data_wrapper_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3302 of file acl.c.

3303{
3304 Oid roleid = PG_GETARG_OID(0);
3305 text *fdwname = PG_GETARG_TEXT_PP(1);
3306 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3307 Oid fdwid;
3308 AclMode mode;
3309 AclResult aclresult;
3310
3311 fdwid = convert_foreign_data_wrapper_name(fdwname);
3312 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3313
3314 aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
3315
3316 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3317}
convert_foreign_data_wrapper_name
static Oid convert_foreign_data_wrapper_name(text *fdwname)
Definition acl.c:3354

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_foreign_data_wrapper_privilege_name()

Datum has_foreign_data_wrapper_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3220 of file acl.c.

3221{
3222 text *fdwname = PG_GETARG_TEXT_PP(0);
3223 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3224 Oid roleid;
3225 Oid fdwid;
3226 AclMode mode;
3227 AclResult aclresult;
3228
3229 roleid = GetUserId();
3230 fdwid = convert_foreign_data_wrapper_name(fdwname);
3231 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3232
3233 aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
3234
3235 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3236}

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_foreign_data_wrapper_privilege_name_id()

Datum has_foreign_data_wrapper_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3244 of file acl.c.

3245{
3246 Name username = PG_GETARG_NAME(0);
3247 Oid fdwid = PG_GETARG_OID(1);
3248 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3249 Oid roleid;
3250 AclMode mode;
3251 AclResult aclresult;
3252 bool is_missing = false;
3253
3254 roleid = get_role_oid_or_public(NameStr(*username));
3255 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3256
3257 aclresult = object_aclcheck_ext(ForeignDataWrapperRelationId, fdwid,
3258 roleid, mode,
3259 &is_missing);
3260
3261 if (is_missing)
3262 PG_RETURN_NULL();
3263
3264 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3265}

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_foreign_data_wrapper_privilege_name_name()

Datum has_foreign_data_wrapper_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3194 of file acl.c.

3195{
3196 Name username = PG_GETARG_NAME(0);
3197 text *fdwname = PG_GETARG_TEXT_PP(1);
3198 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3199 Oid roleid;
3200 Oid fdwid;
3201 AclMode mode;
3202 AclResult aclresult;
3203
3204 roleid = get_role_oid_or_public(NameStr(*username));
3205 fdwid = convert_foreign_data_wrapper_name(fdwname);
3206 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3207
3208 aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
3209
3210 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3211}

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_function_privilege_id()

Datum has_function_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3474 of file acl.c.

3475{
3476 Oid functionoid = PG_GETARG_OID(0);
3477 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3478 Oid roleid;
3479 AclMode mode;
3480 AclResult aclresult;
3481 bool is_missing = false;
3482
3483 roleid = GetUserId();
3484 mode = convert_function_priv_string(priv_type_text);
3485
3486 aclresult = object_aclcheck_ext(ProcedureRelationId, functionoid,
3487 roleid, mode,
3488 &is_missing);
3489
3490 if (is_missing)
3491 PG_RETURN_NULL();
3492
3493 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3494}
convert_function_priv_string
static AclMode convert_function_priv_string(text *priv_type_text)
Definition acl.c:3575

References ACLCHECK_OK, convert_function_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_function_privilege_id_id()

Datum has_function_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3525 of file acl.c.

3526{
3527 Oid roleid = PG_GETARG_OID(0);
3528 Oid functionoid = PG_GETARG_OID(1);
3529 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3530 AclMode mode;
3531 AclResult aclresult;
3532 bool is_missing = false;
3533
3534 mode = convert_function_priv_string(priv_type_text);
3535
3536 aclresult = object_aclcheck_ext(ProcedureRelationId, functionoid,
3537 roleid, mode,
3538 &is_missing);
3539
3540 if (is_missing)
3541 PG_RETURN_NULL();
3542
3543 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3544}

References ACLCHECK_OK, convert_function_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_function_privilege_id_name()

Datum has_function_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3502 of file acl.c.

3503{
3504 Oid roleid = PG_GETARG_OID(0);
3505 text *functionname = PG_GETARG_TEXT_PP(1);
3506 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3507 Oid functionoid;
3508 AclMode mode;
3509 AclResult aclresult;
3510
3511 functionoid = convert_function_name(functionname);
3512 mode = convert_function_priv_string(priv_type_text);
3513
3514 aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
3515
3516 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3517}
convert_function_name
static Oid convert_function_name(text *functionname)
Definition acl.c:3554

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_function_privilege_name()

Datum has_function_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3420 of file acl.c.

3421{
3422 text *functionname = PG_GETARG_TEXT_PP(0);
3423 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3424 Oid roleid;
3425 Oid functionoid;
3426 AclMode mode;
3427 AclResult aclresult;
3428
3429 roleid = GetUserId();
3430 functionoid = convert_function_name(functionname);
3431 mode = convert_function_priv_string(priv_type_text);
3432
3433 aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
3434
3435 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3436}

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_function_privilege_name_id()

Datum has_function_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3444 of file acl.c.

3445{
3446 Name username = PG_GETARG_NAME(0);
3447 Oid functionoid = PG_GETARG_OID(1);
3448 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3449 Oid roleid;
3450 AclMode mode;
3451 AclResult aclresult;
3452 bool is_missing = false;
3453
3454 roleid = get_role_oid_or_public(NameStr(*username));
3455 mode = convert_function_priv_string(priv_type_text);
3456
3457 aclresult = object_aclcheck_ext(ProcedureRelationId, functionoid,
3458 roleid, mode,
3459 &is_missing);
3460
3461 if (is_missing)
3462 PG_RETURN_NULL();
3463
3464 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3465}

References ACLCHECK_OK, convert_function_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_function_privilege_name_name()

Datum has_function_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3394 of file acl.c.

3395{
3396 Name username = PG_GETARG_NAME(0);
3397 text *functionname = PG_GETARG_TEXT_PP(1);
3398 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3399 Oid roleid;
3400 Oid functionoid;
3401 AclMode mode;
3402 AclResult aclresult;
3403
3404 roleid = get_role_oid_or_public(NameStr(*username));
3405 functionoid = convert_function_name(functionname);
3406 mode = convert_function_priv_string(priv_type_text);
3407
3408 aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
3409
3410 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3411}

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_language_privilege_id()

Datum has_language_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3683 of file acl.c.

3684{
3685 Oid languageoid = PG_GETARG_OID(0);
3686 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3687 Oid roleid;
3688 AclMode mode;
3689 AclResult aclresult;
3690 bool is_missing = false;
3691
3692 roleid = GetUserId();
3693 mode = convert_language_priv_string(priv_type_text);
3694
3695 aclresult = object_aclcheck_ext(LanguageRelationId, languageoid,
3696 roleid, mode,
3697 &is_missing);
3698
3699 if (is_missing)
3700 PG_RETURN_NULL();
3701
3702 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3703}
convert_language_priv_string
static AclMode convert_language_priv_string(text *priv_type_text)
Definition acl.c:3775

References ACLCHECK_OK, convert_language_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_language_privilege_id_id()

Datum has_language_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3734 of file acl.c.

3735{
3736 Oid roleid = PG_GETARG_OID(0);
3737 Oid languageoid = PG_GETARG_OID(1);
3738 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3739 AclMode mode;
3740 AclResult aclresult;
3741 bool is_missing = false;
3742
3743 mode = convert_language_priv_string(priv_type_text);
3744
3745 aclresult = object_aclcheck_ext(LanguageRelationId, languageoid,
3746 roleid, mode,
3747 &is_missing);
3748
3749 if (is_missing)
3750 PG_RETURN_NULL();
3751
3752 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3753}

References ACLCHECK_OK, convert_language_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_language_privilege_id_name()

Datum has_language_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3711 of file acl.c.

3712{
3713 Oid roleid = PG_GETARG_OID(0);
3714 text *languagename = PG_GETARG_TEXT_PP(1);
3715 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3716 Oid languageoid;
3717 AclMode mode;
3718 AclResult aclresult;
3719
3720 languageoid = convert_language_name(languagename);
3721 mode = convert_language_priv_string(priv_type_text);
3722
3723 aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
3724
3725 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3726}
convert_language_name
static Oid convert_language_name(text *languagename)
Definition acl.c:3763

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_language_privilege_name()

Datum has_language_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3629 of file acl.c.

3630{
3631 text *languagename = PG_GETARG_TEXT_PP(0);
3632 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3633 Oid roleid;
3634 Oid languageoid;
3635 AclMode mode;
3636 AclResult aclresult;
3637
3638 roleid = GetUserId();
3639 languageoid = convert_language_name(languagename);
3640 mode = convert_language_priv_string(priv_type_text);
3641
3642 aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
3643
3644 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3645}

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_language_privilege_name_id()

Datum has_language_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3653 of file acl.c.

3654{
3655 Name username = PG_GETARG_NAME(0);
3656 Oid languageoid = PG_GETARG_OID(1);
3657 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3658 Oid roleid;
3659 AclMode mode;
3660 AclResult aclresult;
3661 bool is_missing = false;
3662
3663 roleid = get_role_oid_or_public(NameStr(*username));
3664 mode = convert_language_priv_string(priv_type_text);
3665
3666 aclresult = object_aclcheck_ext(LanguageRelationId, languageoid,
3667 roleid, mode,
3668 &is_missing);
3669
3670 if (is_missing)
3671 PG_RETURN_NULL();
3672
3673 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3674}

References ACLCHECK_OK, convert_language_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_language_privilege_name_name()

Datum has_language_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3603 of file acl.c.

3604{
3605 Name username = PG_GETARG_NAME(0);
3606 text *languagename = PG_GETARG_TEXT_PP(1);
3607 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3608 Oid roleid;
3609 Oid languageoid;
3610 AclMode mode;
3611 AclResult aclresult;
3612
3613 roleid = get_role_oid_or_public(NameStr(*username));
3614 languageoid = convert_language_name(languagename);
3615 mode = convert_language_priv_string(priv_type_text);
3616
3617 aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
3618
3619 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3620}

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_largeobject_privilege_id()

Datum has_largeobject_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4763 of file acl.c.

4764{
4765 Oid lobjId = PG_GETARG_OID(0);
4766 Oid roleid = GetUserId();
4767 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4768 AclMode mode;
4769 bool is_missing = false;
4770 bool result;
4771
4772 mode = convert_largeobject_priv_string(priv_type_text);
4773 result = has_lo_priv_byid(roleid, lobjId, mode, &is_missing);
4774
4775 if (is_missing)
4776 PG_RETURN_NULL();
4777
4778 PG_RETURN_BOOL(result);
4779}
convert_largeobject_priv_string
static AclMode convert_largeobject_priv_string(text *priv_type_text)
Definition acl.c:4810
has_lo_priv_byid
static bool has_lo_priv_byid(Oid roleid, Oid lobjId, AclMode priv, bool *is_missing)
Definition acl.c:4704

References convert_largeobject_priv_string(), fb(), GetUserId(), has_lo_priv_byid(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_largeobject_privilege_id_id()

Datum has_largeobject_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4787 of file acl.c.

4788{
4789 Oid roleid = PG_GETARG_OID(0);
4790 Oid lobjId = PG_GETARG_OID(1);
4791 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4792 AclMode mode;
4793 bool is_missing = false;
4794 bool result;
4795
4796 mode = convert_largeobject_priv_string(priv_type_text);
4797 result = has_lo_priv_byid(roleid, lobjId, mode, &is_missing);
4798
4799 if (is_missing)
4800 PG_RETURN_NULL();
4801
4802 PG_RETURN_BOOL(result);
4803}

References convert_largeobject_priv_string(), fb(), has_lo_priv_byid(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_largeobject_privilege_name_id()

Datum has_largeobject_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4737 of file acl.c.

4738{
4739 Name username = PG_GETARG_NAME(0);
4740 Oid roleid = get_role_oid_or_public(NameStr(*username));
4741 Oid lobjId = PG_GETARG_OID(1);
4742 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4743 AclMode mode;
4744 bool is_missing = false;
4745 bool result;
4746
4747 mode = convert_largeobject_priv_string(priv_type_text);
4748 result = has_lo_priv_byid(roleid, lobjId, mode, &is_missing);
4749
4750 if (is_missing)
4751 PG_RETURN_NULL();
4752
4753 PG_RETURN_BOOL(result);
4754}

References convert_largeobject_priv_string(), fb(), get_role_oid_or_public(), has_lo_priv_byid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_lo_priv_byid()

static bool has_lo_priv_byid ( Oid  roleid,
Oid  lobjId,
AclMode  priv,
bool is_missing 
)
static

Definition at line 4704 of file acl.c.

4705{
4706 Snapshot snapshot = NULL;
4707 AclResult aclresult;
4708
4709 if (priv & ACL_UPDATE)
4710 snapshot = NULL;
4711 else
4712 snapshot = GetActiveSnapshot();
4713
4714 if (!LargeObjectExistsWithSnapshot(lobjId, snapshot))
4715 {
4716 Assert(is_missing != NULL);
4717 *is_missing = true;
4718 return false;
4719 }
4720
4721 if (lo_compat_privileges)
4722 return true;
4723
4724 aclresult = pg_largeobject_aclcheck_snapshot(lobjId,
4725 roleid,
4726 priv,
4727 snapshot);
4728 return aclresult == ACLCHECK_OK;
4729}
pg_largeobject_aclcheck_snapshot
AclResult pg_largeobject_aclcheck_snapshot(Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)
Definition aclchk.c:4076
lo_compat_privileges
bool lo_compat_privileges
Definition inv_api.c:56
LargeObjectExistsWithSnapshot
bool LargeObjectExistsWithSnapshot(Oid loid, Snapshot snapshot)
Definition pg_largeobject.c:178
GetActiveSnapshot
Snapshot GetActiveSnapshot(void)
Definition snapmgr.c:800

References ACL_UPDATE, ACLCHECK_OK, Assert, fb(), GetActiveSnapshot(), LargeObjectExistsWithSnapshot(), lo_compat_privileges, and pg_largeobject_aclcheck_snapshot().

Referenced by has_largeobject_privilege_id(), has_largeobject_privilege_id_id(), and has_largeobject_privilege_name_id().

◆ has_param_priv_byname()

static bool has_param_priv_byname ( Oid  roleid,
const text parameter,
AclMode  priv 
)
static

Definition at line 4613 of file acl.c.

4614{
4615 char *paramstr = text_to_cstring(parameter);
4616
4617 return pg_parameter_aclcheck(paramstr, roleid, priv) == ACLCHECK_OK;
4618}
pg_parameter_aclcheck
AclResult pg_parameter_aclcheck(const char *name, Oid roleid, AclMode mode)
Definition aclchk.c:4064

References ACLCHECK_OK, fb(), pg_parameter_aclcheck(), and text_to_cstring().

Referenced by has_parameter_privilege_id_name(), has_parameter_privilege_name(), and has_parameter_privilege_name_name().

◆ has_parameter_privilege_id_name()

Datum has_parameter_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4656 of file acl.c.

4657{
4658 Oid roleid = PG_GETARG_OID(0);
4659 text *parameter = PG_GETARG_TEXT_PP(1);
4660 AclMode priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(2));
4661
4662 PG_RETURN_BOOL(has_param_priv_byname(roleid, parameter, priv));
4663}
has_param_priv_byname
static bool has_param_priv_byname(Oid roleid, const text *parameter, AclMode priv)
Definition acl.c:4613
convert_parameter_priv_string
static AclMode convert_parameter_priv_string(text *priv_text)
Definition acl.c:4674

References convert_parameter_priv_string(), fb(), has_param_priv_byname(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_parameter_privilege_name()

Datum has_parameter_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4642 of file acl.c.

4643{
4644 text *parameter = PG_GETARG_TEXT_PP(0);
4645 AclMode priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(1));
4646
4647 PG_RETURN_BOOL(has_param_priv_byname(GetUserId(), parameter, priv));
4648}

References convert_parameter_priv_string(), fb(), GetUserId(), has_param_priv_byname(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_parameter_privilege_name_name()

Datum has_parameter_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4626 of file acl.c.

4627{
4628 Name username = PG_GETARG_NAME(0);
4629 text *parameter = PG_GETARG_TEXT_PP(1);
4630 AclMode priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(2));
4631 Oid roleid = get_role_oid_or_public(NameStr(*username));
4632
4633 PG_RETURN_BOOL(has_param_priv_byname(roleid, parameter, priv));
4634}

References convert_parameter_priv_string(), fb(), get_role_oid_or_public(), has_param_priv_byname(), NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_privs_of_role()

bool has_privs_of_role ( Oid  member,
Oid  role 
)

Definition at line 5286 of file acl.c.

5287{
5288 /* Fast path for simple case */
5289 if (member == role)
5290 return true;
5291
5292 /* Superusers have every privilege, so are part of every role */
5293 if (superuser_arg(member))
5294 return true;
5295
5296 /*
5297 * Find all the roles that member has the privileges of, including
5298 * multi-level recursion, then see if target role is any one of them.
5299 */
5300 return list_member_oid(roles_is_member_of(member, ROLERECURSE_PRIVS,
5301 InvalidOid, NULL),
5302 role);
5303}
roles_is_member_of
static List * roles_is_member_of(Oid roleid, enum RoleRecurseType type, Oid admin_of, Oid *admin_role)
Definition acl.c:5154
list_member_oid
bool list_member_oid(const List *list, Oid datum)
Definition list.c:722
superuser_arg
bool superuser_arg(Oid roleid)
Definition superuser.c:57

References fb(), InvalidOid, list_member_oid(), ROLERECURSE_PRIVS, roles_is_member_of(), and superuser_arg().

Referenced by aclmask(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), bbsink_server_new(), calculate_database_size(), calculate_tablespace_size(), check_role_for_policy(), check_role_grantor(), ConfigOptionIsVisible(), convert_and_check_filename(), CreateSubscription(), DoCopy(), DropOwnedObjects(), ExecAlterDefaultPrivilegesStmt(), ExecCheckpoint(), file_fdw_validator(), GetConfigOptionValues(), InitPostgres(), object_ownercheck(), pg_class_aclmask_ext(), pg_get_multixact_stats(), pg_namespace_aclmask_ext(), pg_role_aclcheck(), pg_signal_backend(), pg_stat_get_wal_receiver(), pg_stat_get_wal_senders(), pg_stat_statements_internal(), pgrowlocks(), ReassignOwnedObjects(), ReindexMultipleTables(), shell_check_detail(), and TerminateOtherDBBackends().

◆ has_schema_privilege_id()

Datum has_schema_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3883 of file acl.c.

3884{
3885 Oid schemaoid = PG_GETARG_OID(0);
3886 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3887 Oid roleid;
3888 AclMode mode;
3889 AclResult aclresult;
3890 bool is_missing = false;
3891
3892 roleid = GetUserId();
3893 mode = convert_schema_priv_string(priv_type_text);
3894
3895 aclresult = object_aclcheck_ext(NamespaceRelationId, schemaoid,
3896 roleid, mode,
3897 &is_missing);
3898
3899 if (is_missing)
3900 PG_RETURN_NULL();
3901
3902 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3903}
convert_schema_priv_string
static AclMode convert_schema_priv_string(text *priv_type_text)
Definition acl.c:3975

References ACLCHECK_OK, convert_schema_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_schema_privilege_id_id()

Datum has_schema_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3934 of file acl.c.

3935{
3936 Oid roleid = PG_GETARG_OID(0);
3937 Oid schemaoid = PG_GETARG_OID(1);
3938 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3939 AclMode mode;
3940 AclResult aclresult;
3941 bool is_missing = false;
3942
3943 mode = convert_schema_priv_string(priv_type_text);
3944
3945 aclresult = object_aclcheck_ext(NamespaceRelationId, schemaoid,
3946 roleid, mode,
3947 &is_missing);
3948
3949 if (is_missing)
3950 PG_RETURN_NULL();
3951
3952 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3953}

References ACLCHECK_OK, convert_schema_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_schema_privilege_id_name()

Datum has_schema_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3911 of file acl.c.

3912{
3913 Oid roleid = PG_GETARG_OID(0);
3914 text *schemaname = PG_GETARG_TEXT_PP(1);
3915 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3916 Oid schemaoid;
3917 AclMode mode;
3918 AclResult aclresult;
3919
3920 schemaoid = convert_schema_name(schemaname);
3921 mode = convert_schema_priv_string(priv_type_text);
3922
3923 aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
3924
3925 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3926}
convert_schema_name
static Oid convert_schema_name(text *schemaname)
Definition acl.c:3963

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_schema_privilege_name()

Datum has_schema_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3829 of file acl.c.

3830{
3831 text *schemaname = PG_GETARG_TEXT_PP(0);
3832 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3833 Oid roleid;
3834 Oid schemaoid;
3835 AclMode mode;
3836 AclResult aclresult;
3837
3838 roleid = GetUserId();
3839 schemaoid = convert_schema_name(schemaname);
3840 mode = convert_schema_priv_string(priv_type_text);
3841
3842 aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
3843
3844 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3845}

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_schema_privilege_name_id()

Datum has_schema_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3853 of file acl.c.

3854{
3855 Name username = PG_GETARG_NAME(0);
3856 Oid schemaoid = PG_GETARG_OID(1);
3857 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3858 Oid roleid;
3859 AclMode mode;
3860 AclResult aclresult;
3861 bool is_missing = false;
3862
3863 roleid = get_role_oid_or_public(NameStr(*username));
3864 mode = convert_schema_priv_string(priv_type_text);
3865
3866 aclresult = object_aclcheck_ext(NamespaceRelationId, schemaoid,
3867 roleid, mode,
3868 &is_missing);
3869
3870 if (is_missing)
3871 PG_RETURN_NULL();
3872
3873 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3874}

References ACLCHECK_OK, convert_schema_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_schema_privilege_name_name()

Datum has_schema_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3803 of file acl.c.

3804{
3805 Name username = PG_GETARG_NAME(0);
3806 text *schemaname = PG_GETARG_TEXT_PP(1);
3807 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3808 Oid roleid;
3809 Oid schemaoid;
3810 AclMode mode;
3811 AclResult aclresult;
3812
3813 roleid = get_role_oid_or_public(NameStr(*username));
3814 schemaoid = convert_schema_name(schemaname);
3815 mode = convert_schema_priv_string(priv_type_text);
3816
3817 aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
3818
3819 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3820}

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_sequence_privilege_id()

Datum has_sequence_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 2203 of file acl.c.

2204{
2205 Oid sequenceoid = PG_GETARG_OID(0);
2206 text *priv_type_text = PG_GETARG_TEXT_PP(1);
2207 Oid roleid;
2208 AclMode mode;
2209 AclResult aclresult;
2210 char relkind;
2211 bool is_missing = false;
2212
2213 roleid = GetUserId();
2214 mode = convert_sequence_priv_string(priv_type_text);
2215 relkind = get_rel_relkind(sequenceoid);
2216 if (relkind == '\0')
2217 PG_RETURN_NULL();
2218 else if (relkind != RELKIND_SEQUENCE)
2219 ereport(ERROR,
2220 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2221 errmsg("\"%s\" is not a sequence",
2222 get_rel_name(sequenceoid))));
2223
2224 aclresult = pg_class_aclcheck_ext(sequenceoid, roleid, mode, &is_missing);
2225
2226 if (is_missing)
2227 PG_RETURN_NULL();
2228
2229 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2230}
convert_sequence_priv_string
static AclMode convert_sequence_priv_string(text *priv_type_text)
Definition acl.c:2299
get_rel_relkind
char get_rel_relkind(Oid relid)
Definition lsyscache.c:2153

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg(), ERROR, fb(), get_rel_name(), get_rel_relkind(), GetUserId(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_sequence_privilege_id_id()

Datum has_sequence_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 2266 of file acl.c.

2267{
2268 Oid roleid = PG_GETARG_OID(0);
2269 Oid sequenceoid = PG_GETARG_OID(1);
2270 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2271 AclMode mode;
2272 AclResult aclresult;
2273 char relkind;
2274 bool is_missing = false;
2275
2276 mode = convert_sequence_priv_string(priv_type_text);
2277 relkind = get_rel_relkind(sequenceoid);
2278 if (relkind == '\0')
2279 PG_RETURN_NULL();
2280 else if (relkind != RELKIND_SEQUENCE)
2281 ereport(ERROR,
2282 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2283 errmsg("\"%s\" is not a sequence",
2284 get_rel_name(sequenceoid))));
2285
2286 aclresult = pg_class_aclcheck_ext(sequenceoid, roleid, mode, &is_missing);
2287
2288 if (is_missing)
2289 PG_RETURN_NULL();
2290
2291 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2292}

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg(), ERROR, fb(), get_rel_name(), get_rel_relkind(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_sequence_privilege_id_name()

Datum has_sequence_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2238 of file acl.c.

2239{
2240 Oid roleid = PG_GETARG_OID(0);
2241 text *sequencename = PG_GETARG_TEXT_PP(1);
2242 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2243 Oid sequenceoid;
2244 AclMode mode;
2245 AclResult aclresult;
2246
2247 mode = convert_sequence_priv_string(priv_type_text);
2248 sequenceoid = convert_table_name(sequencename);
2249 if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2250 ereport(ERROR,
2251 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2252 errmsg("\"%s\" is not a sequence",
2253 text_to_cstring(sequencename))));
2254
2255 aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2256
2257 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2258}

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg(), ERROR, fb(), get_rel_relkind(), mode, pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and text_to_cstring().

◆ has_sequence_privilege_name()

Datum has_sequence_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 2137 of file acl.c.

2138{
2139 text *sequencename = PG_GETARG_TEXT_PP(0);
2140 text *priv_type_text = PG_GETARG_TEXT_PP(1);
2141 Oid roleid;
2142 Oid sequenceoid;
2143 AclMode mode;
2144 AclResult aclresult;
2145
2146 roleid = GetUserId();
2147 mode = convert_sequence_priv_string(priv_type_text);
2148 sequenceoid = convert_table_name(sequencename);
2149 if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2150 ereport(ERROR,
2151 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2152 errmsg("\"%s\" is not a sequence",
2153 text_to_cstring(sequencename))));
2154
2155 aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2156
2157 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2158}

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg(), ERROR, fb(), get_rel_relkind(), GetUserId(), mode, pg_class_aclcheck(), PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and text_to_cstring().

◆ has_sequence_privilege_name_id()

Datum has_sequence_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 2166 of file acl.c.

2167{
2168 Name username = PG_GETARG_NAME(0);
2169 Oid sequenceoid = PG_GETARG_OID(1);
2170 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2171 Oid roleid;
2172 AclMode mode;
2173 AclResult aclresult;
2174 char relkind;
2175 bool is_missing = false;
2176
2177 roleid = get_role_oid_or_public(NameStr(*username));
2178 mode = convert_sequence_priv_string(priv_type_text);
2179 relkind = get_rel_relkind(sequenceoid);
2180 if (relkind == '\0')
2181 PG_RETURN_NULL();
2182 else if (relkind != RELKIND_SEQUENCE)
2183 ereport(ERROR,
2184 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2185 errmsg("\"%s\" is not a sequence",
2186 get_rel_name(sequenceoid))));
2187
2188 aclresult = pg_class_aclcheck_ext(sequenceoid, roleid, mode, &is_missing);
2189
2190 if (is_missing)
2191 PG_RETURN_NULL();
2192
2193 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2194}

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg(), ERROR, fb(), get_rel_name(), get_rel_relkind(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_sequence_privilege_name_name()

Datum has_sequence_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2106 of file acl.c.

2107{
2108 Name rolename = PG_GETARG_NAME(0);
2109 text *sequencename = PG_GETARG_TEXT_PP(1);
2110 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2111 Oid roleid;
2112 Oid sequenceoid;
2113 AclMode mode;
2114 AclResult aclresult;
2115
2116 roleid = get_role_oid_or_public(NameStr(*rolename));
2117 mode = convert_sequence_priv_string(priv_type_text);
2118 sequenceoid = convert_table_name(sequencename);
2119 if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2120 ereport(ERROR,
2121 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2122 errmsg("\"%s\" is not a sequence",
2123 text_to_cstring(sequencename))));
2124
2125 aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2126
2127 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2128}

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg(), ERROR, fb(), get_rel_relkind(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and text_to_cstring().

◆ has_server_privilege_id()

Datum has_server_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4085 of file acl.c.

4086{
4087 Oid serverid = PG_GETARG_OID(0);
4088 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4089 Oid roleid;
4090 AclMode mode;
4091 AclResult aclresult;
4092 bool is_missing = false;
4093
4094 roleid = GetUserId();
4095 mode = convert_server_priv_string(priv_type_text);
4096
4097 aclresult = object_aclcheck_ext(ForeignServerRelationId, serverid,
4098 roleid, mode,
4099 &is_missing);
4100
4101 if (is_missing)
4102 PG_RETURN_NULL();
4103
4104 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4105}
convert_server_priv_string
static AclMode convert_server_priv_string(text *priv_type_text)
Definition acl.c:4177

References ACLCHECK_OK, convert_server_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_server_privilege_id_id()

Datum has_server_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4136 of file acl.c.

4137{
4138 Oid roleid = PG_GETARG_OID(0);
4139 Oid serverid = PG_GETARG_OID(1);
4140 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4141 AclMode mode;
4142 AclResult aclresult;
4143 bool is_missing = false;
4144
4145 mode = convert_server_priv_string(priv_type_text);
4146
4147 aclresult = object_aclcheck_ext(ForeignServerRelationId, serverid,
4148 roleid, mode,
4149 &is_missing);
4150
4151 if (is_missing)
4152 PG_RETURN_NULL();
4153
4154 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4155}

References ACLCHECK_OK, convert_server_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_server_privilege_id_name()

Datum has_server_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4113 of file acl.c.

4114{
4115 Oid roleid = PG_GETARG_OID(0);
4116 text *servername = PG_GETARG_TEXT_PP(1);
4117 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4118 Oid serverid;
4119 AclMode mode;
4120 AclResult aclresult;
4121
4122 serverid = convert_server_name(servername);
4123 mode = convert_server_priv_string(priv_type_text);
4124
4125 aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
4126
4127 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4128}
convert_server_name
static Oid convert_server_name(text *servername)
Definition acl.c:4165

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_server_privilege_name()

Datum has_server_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4031 of file acl.c.

4032{
4033 text *servername = PG_GETARG_TEXT_PP(0);
4034 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4035 Oid roleid;
4036 Oid serverid;
4037 AclMode mode;
4038 AclResult aclresult;
4039
4040 roleid = GetUserId();
4041 serverid = convert_server_name(servername);
4042 mode = convert_server_priv_string(priv_type_text);
4043
4044 aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
4045
4046 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4047}

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_server_privilege_name_id()

Datum has_server_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4055 of file acl.c.

4056{
4057 Name username = PG_GETARG_NAME(0);
4058 Oid serverid = PG_GETARG_OID(1);
4059 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4060 Oid roleid;
4061 AclMode mode;
4062 AclResult aclresult;
4063 bool is_missing = false;
4064
4065 roleid = get_role_oid_or_public(NameStr(*username));
4066 mode = convert_server_priv_string(priv_type_text);
4067
4068 aclresult = object_aclcheck_ext(ForeignServerRelationId, serverid,
4069 roleid, mode,
4070 &is_missing);
4071
4072 if (is_missing)
4073 PG_RETURN_NULL();
4074
4075 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4076}

References ACLCHECK_OK, convert_server_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_server_privilege_name_name()

Datum has_server_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4005 of file acl.c.

4006{
4007 Name username = PG_GETARG_NAME(0);
4008 text *servername = PG_GETARG_TEXT_PP(1);
4009 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4010 Oid roleid;
4011 Oid serverid;
4012 AclMode mode;
4013 AclResult aclresult;
4014
4015 roleid = get_role_oid_or_public(NameStr(*username));
4016 serverid = convert_server_name(servername);
4017 mode = convert_server_priv_string(priv_type_text);
4018
4019 aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
4020
4021 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4022}

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_table_privilege_id()

Datum has_table_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 1973 of file acl.c.

1974{
1975 Oid tableoid = PG_GETARG_OID(0);
1976 text *priv_type_text = PG_GETARG_TEXT_PP(1);
1977 Oid roleid;
1978 AclMode mode;
1979 AclResult aclresult;
1980 bool is_missing = false;
1981
1982 roleid = GetUserId();
1983 mode = convert_table_priv_string(priv_type_text);
1984
1985 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
1986
1987 if (is_missing)
1988 PG_RETURN_NULL();
1989
1990 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1991}
convert_table_priv_string
static AclMode convert_table_priv_string(text *priv_type_text)
Definition acl.c:2064

References ACLCHECK_OK, convert_table_priv_string(), fb(), GetUserId(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_table_privilege_id_id()

Datum has_table_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 2022 of file acl.c.

2023{
2024 Oid roleid = PG_GETARG_OID(0);
2025 Oid tableoid = PG_GETARG_OID(1);
2026 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2027 AclMode mode;
2028 AclResult aclresult;
2029 bool is_missing = false;
2030
2031 mode = convert_table_priv_string(priv_type_text);
2032
2033 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2034
2035 if (is_missing)
2036 PG_RETURN_NULL();
2037
2038 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2039}

References ACLCHECK_OK, convert_table_priv_string(), fb(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_table_privilege_id_name()

Datum has_table_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 1999 of file acl.c.

2000{
2001 Oid roleid = PG_GETARG_OID(0);
2002 text *tablename = PG_GETARG_TEXT_PP(1);
2003 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2004 Oid tableoid;
2005 AclMode mode;
2006 AclResult aclresult;
2007
2008 tableoid = convert_table_name(tablename);
2009 mode = convert_table_priv_string(priv_type_text);
2010
2011 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2012
2013 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2014}

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), fb(), mode, pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_table_privilege_name()

Datum has_table_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 1921 of file acl.c.

1922{
1923 text *tablename = PG_GETARG_TEXT_PP(0);
1924 text *priv_type_text = PG_GETARG_TEXT_PP(1);
1925 Oid roleid;
1926 Oid tableoid;
1927 AclMode mode;
1928 AclResult aclresult;
1929
1930 roleid = GetUserId();
1931 tableoid = convert_table_name(tablename);
1932 mode = convert_table_priv_string(priv_type_text);
1933
1934 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1935
1936 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1937}

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), fb(), GetUserId(), mode, pg_class_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_table_privilege_name_id()

Datum has_table_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 1945 of file acl.c.

1946{
1947 Name username = PG_GETARG_NAME(0);
1948 Oid tableoid = PG_GETARG_OID(1);
1949 text *priv_type_text = PG_GETARG_TEXT_PP(2);
1950 Oid roleid;
1951 AclMode mode;
1952 AclResult aclresult;
1953 bool is_missing = false;
1954
1955 roleid = get_role_oid_or_public(NameStr(*username));
1956 mode = convert_table_priv_string(priv_type_text);
1957
1958 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
1959
1960 if (is_missing)
1961 PG_RETURN_NULL();
1962
1963 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1964}

References ACLCHECK_OK, convert_table_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_table_privilege_name_name()

Datum has_table_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 1895 of file acl.c.

1896{
1897 Name rolename = PG_GETARG_NAME(0);
1898 text *tablename = PG_GETARG_TEXT_PP(1);
1899 text *priv_type_text = PG_GETARG_TEXT_PP(2);
1900 Oid roleid;
1901 Oid tableoid;
1902 AclMode mode;
1903 AclResult aclresult;
1904
1905 roleid = get_role_oid_or_public(NameStr(*rolename));
1906 tableoid = convert_table_name(tablename);
1907 mode = convert_table_priv_string(priv_type_text);
1908
1909 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1910
1911 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1912}

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_id()

Datum has_tablespace_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4285 of file acl.c.

4286{
4287 Oid tablespaceoid = PG_GETARG_OID(0);
4288 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4289 Oid roleid;
4290 AclMode mode;
4291 AclResult aclresult;
4292 bool is_missing = false;
4293
4294 roleid = GetUserId();
4295 mode = convert_tablespace_priv_string(priv_type_text);
4296
4297 aclresult = object_aclcheck_ext(TableSpaceRelationId, tablespaceoid,
4298 roleid, mode,
4299 &is_missing);
4300
4301 if (is_missing)
4302 PG_RETURN_NULL();
4303
4304 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4305}
convert_tablespace_priv_string
static AclMode convert_tablespace_priv_string(text *priv_type_text)
Definition acl.c:4377

References ACLCHECK_OK, convert_tablespace_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_tablespace_privilege_id_id()

Datum has_tablespace_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4336 of file acl.c.

4337{
4338 Oid roleid = PG_GETARG_OID(0);
4339 Oid tablespaceoid = PG_GETARG_OID(1);
4340 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4341 AclMode mode;
4342 AclResult aclresult;
4343 bool is_missing = false;
4344
4345 mode = convert_tablespace_priv_string(priv_type_text);
4346
4347 aclresult = object_aclcheck_ext(TableSpaceRelationId, tablespaceoid,
4348 roleid, mode,
4349 &is_missing);
4350
4351 if (is_missing)
4352 PG_RETURN_NULL();
4353
4354 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4355}

References ACLCHECK_OK, convert_tablespace_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_tablespace_privilege_id_name()

Datum has_tablespace_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4313 of file acl.c.

4314{
4315 Oid roleid = PG_GETARG_OID(0);
4316 text *tablespacename = PG_GETARG_TEXT_PP(1);
4317 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4318 Oid tablespaceoid;
4319 AclMode mode;
4320 AclResult aclresult;
4321
4322 tablespaceoid = convert_tablespace_name(tablespacename);
4323 mode = convert_tablespace_priv_string(priv_type_text);
4324
4325 aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
4326
4327 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4328}
convert_tablespace_name
static Oid convert_tablespace_name(text *tablespacename)
Definition acl.c:4365

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_name()

Datum has_tablespace_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4231 of file acl.c.

4232{
4233 text *tablespacename = PG_GETARG_TEXT_PP(0);
4234 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4235 Oid roleid;
4236 Oid tablespaceoid;
4237 AclMode mode;
4238 AclResult aclresult;
4239
4240 roleid = GetUserId();
4241 tablespaceoid = convert_tablespace_name(tablespacename);
4242 mode = convert_tablespace_priv_string(priv_type_text);
4243
4244 aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
4245
4246 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4247}

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_name_id()

Datum has_tablespace_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4255 of file acl.c.

4256{
4257 Name username = PG_GETARG_NAME(0);
4258 Oid tablespaceoid = PG_GETARG_OID(1);
4259 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4260 Oid roleid;
4261 AclMode mode;
4262 AclResult aclresult;
4263 bool is_missing = false;
4264
4265 roleid = get_role_oid_or_public(NameStr(*username));
4266 mode = convert_tablespace_priv_string(priv_type_text);
4267
4268 aclresult = object_aclcheck_ext(TableSpaceRelationId, tablespaceoid,
4269 roleid, mode,
4270 &is_missing);
4271
4272 if (is_missing)
4273 PG_RETURN_NULL();
4274
4275 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4276}

References ACLCHECK_OK, convert_tablespace_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_tablespace_privilege_name_name()

Datum has_tablespace_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4205 of file acl.c.

4206{
4207 Name username = PG_GETARG_NAME(0);
4208 text *tablespacename = PG_GETARG_TEXT_PP(1);
4209 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4210 Oid roleid;
4211 Oid tablespaceoid;
4212 AclMode mode;
4213 AclResult aclresult;
4214
4215 roleid = get_role_oid_or_public(NameStr(*username));
4216 tablespaceoid = convert_tablespace_name(tablespacename);
4217 mode = convert_tablespace_priv_string(priv_type_text);
4218
4219 aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
4220
4221 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4222}

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_type_privilege_id()

Datum has_type_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4484 of file acl.c.

4485{
4486 Oid typeoid = PG_GETARG_OID(0);
4487 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4488 Oid roleid;
4489 AclMode mode;
4490 AclResult aclresult;
4491 bool is_missing = false;
4492
4493 roleid = GetUserId();
4494 mode = convert_type_priv_string(priv_type_text);
4495
4496 aclresult = object_aclcheck_ext(TypeRelationId, typeoid,
4497 roleid, mode,
4498 &is_missing);
4499
4500 if (is_missing)
4501 PG_RETURN_NULL();
4502
4503 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4504}
convert_type_priv_string
static AclMode convert_type_priv_string(text *priv_type_text)
Definition acl.c:4585

References ACLCHECK_OK, convert_type_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_type_privilege_id_id()

Datum has_type_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4535 of file acl.c.

4536{
4537 Oid roleid = PG_GETARG_OID(0);
4538 Oid typeoid = PG_GETARG_OID(1);
4539 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4540 AclMode mode;
4541 AclResult aclresult;
4542 bool is_missing = false;
4543
4544 mode = convert_type_priv_string(priv_type_text);
4545
4546 aclresult = object_aclcheck_ext(TypeRelationId, typeoid,
4547 roleid, mode,
4548 &is_missing);
4549
4550 if (is_missing)
4551 PG_RETURN_NULL();
4552
4553 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4554}

References ACLCHECK_OK, convert_type_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_type_privilege_id_name()

Datum has_type_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4512 of file acl.c.

4513{
4514 Oid roleid = PG_GETARG_OID(0);
4515 text *typename = PG_GETARG_TEXT_PP(1);
4516 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4517 Oid typeoid;
4518 AclMode mode;
4519 AclResult aclresult;
4520
4521 typeoid = convert_type_name(typename);
4522 mode = convert_type_priv_string(priv_type_text);
4523
4524 aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
4525
4526 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4527}
convert_type_name
static Oid convert_type_name(text *typename)
Definition acl.c:4564

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_type_privilege_name()

Datum has_type_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4430 of file acl.c.

4431{
4432 text *typename = PG_GETARG_TEXT_PP(0);
4433 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4434 Oid roleid;
4435 Oid typeoid;
4436 AclMode mode;
4437 AclResult aclresult;
4438
4439 roleid = GetUserId();
4440 typeoid = convert_type_name(typename);
4441 mode = convert_type_priv_string(priv_type_text);
4442
4443 aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
4444
4445 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4446}

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_type_privilege_name_id()

Datum has_type_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4454 of file acl.c.

4455{
4456 Name username = PG_GETARG_NAME(0);
4457 Oid typeoid = PG_GETARG_OID(1);
4458 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4459 Oid roleid;
4460 AclMode mode;
4461 AclResult aclresult;
4462 bool is_missing = false;
4463
4464 roleid = get_role_oid_or_public(NameStr(*username));
4465 mode = convert_type_priv_string(priv_type_text);
4466
4467 aclresult = object_aclcheck_ext(TypeRelationId, typeoid,
4468 roleid, mode,
4469 &is_missing);
4470
4471 if (is_missing)
4472 PG_RETURN_NULL();
4473
4474 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4475}

References ACLCHECK_OK, convert_type_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_type_privilege_name_name()

Datum has_type_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4404 of file acl.c.

4405{
4406 Name username = PG_GETARG_NAME(0);
4407 text *typename = PG_GETARG_TEXT_PP(1);
4408 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4409 Oid roleid;
4410 Oid typeoid;
4411 AclMode mode;
4412 AclResult aclresult;
4413
4414 roleid = get_role_oid_or_public(NameStr(*username));
4415 typeoid = convert_type_name(typename);
4416 mode = convert_type_priv_string(priv_type_text);
4417
4418 aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
4419
4420 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4421}

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ hash_aclitem()

Datum hash_aclitem ( PG_FUNCTION_ARGS  )

Definition at line 769 of file acl.c.

770{
771 AclItem *a = PG_GETARG_ACLITEM_P(0);
772
773 /* not very bright, but avoids any issue of padding in struct */
774 PG_RETURN_UINT32((uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor));
775}
uint32
uint32_t uint32
Definition c.h:546
PG_RETURN_UINT32
#define PG_RETURN_UINT32(x)
Definition fmgr.h:356
a
int a
Definition isn.c:73

References a, PG_GETARG_ACLITEM_P, and PG_RETURN_UINT32.

◆ hash_aclitem_extended()

Datum hash_aclitem_extended ( PG_FUNCTION_ARGS  )

Definition at line 783 of file acl.c.

784{
785 AclItem *a = PG_GETARG_ACLITEM_P(0);
786 uint64 seed = PG_GETARG_INT64(1);
787 uint32 sum = (uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor);
788
789 return (seed == 0) ? UInt64GetDatum(sum) : hash_uint32_extended(sum, seed);
790}
uint64
uint64_t uint64
Definition c.h:547
PG_GETARG_INT64
#define PG_GETARG_INT64(n)
Definition fmgr.h:284
hash_uint32_extended
static Datum hash_uint32_extended(uint32 k, uint64 seed)
Definition hashfn.h:49
UInt64GetDatum
static Datum UInt64GetDatum(uint64 X)
Definition postgres.h:443

References a, hash_uint32_extended(), PG_GETARG_ACLITEM_P, PG_GETARG_INT64, and UInt64GetDatum().

◆ initialize_acl()

void initialize_acl ( void  )

Definition at line 5041 of file acl.c.

5042{
5043 if (!IsBootstrapProcessingMode())
5044 {
5045 cached_db_hash =
5046 GetSysCacheHashValue1(DATABASEOID,
5047 ObjectIdGetDatum(MyDatabaseId));
5048
5049 /*
5050 * In normal mode, set a callback on any syscache invalidation of rows
5051 * of pg_auth_members (for roles_is_member_of()) pg_database (for
5052 * roles_is_member_of())
5053 */
5054 CacheRegisterSyscacheCallback(AUTHMEMROLEMEM,
5055 RoleMembershipCacheCallback,
5056 (Datum) 0);
5057 CacheRegisterSyscacheCallback(AUTHOID,
5058 RoleMembershipCacheCallback,
5059 (Datum) 0);
5060 CacheRegisterSyscacheCallback(DATABASEOID,
5061 RoleMembershipCacheCallback,
5062 (Datum) 0);
5063 }
5064}
cached_db_hash
static uint32 cached_db_hash
Definition acl.c:82
RoleMembershipCacheCallback
static void RoleMembershipCacheCallback(Datum arg, SysCacheIdentifier cacheid, uint32 hashvalue)
Definition acl.c:5071
MyDatabaseId
Oid MyDatabaseId
Definition globals.c:94
CacheRegisterSyscacheCallback
void CacheRegisterSyscacheCallback(SysCacheIdentifier cacheid, SyscacheCallbackFunction func, Datum arg)
Definition inval.c:1816
IsBootstrapProcessingMode
#define IsBootstrapProcessingMode()
Definition miscadmin.h:477
GetSysCacheHashValue1
#define GetSysCacheHashValue1(cacheId, key1)
Definition syscache.h:118

References cached_db_hash, CacheRegisterSyscacheCallback(), fb(), GetSysCacheHashValue1, IsBootstrapProcessingMode, MyDatabaseId, ObjectIdGetDatum(), and RoleMembershipCacheCallback().

Referenced by InitPostgres().

◆ is_admin_of_role()

bool is_admin_of_role ( Oid  member,
Oid  role 
)

Definition at line 5416 of file acl.c.

5417{
5418 Oid admin_role;
5419
5420 if (superuser_arg(member))
5421 return true;
5422
5423 /* By policy, a role cannot have WITH ADMIN OPTION on itself. */
5424 if (member == role)
5425 return false;
5426
5427 (void) roles_is_member_of(member, ROLERECURSE_MEMBERS, role, &admin_role);
5428 return OidIsValid(admin_role);
5429}

References fb(), OidIsValid, ROLERECURSE_MEMBERS, roles_is_member_of(), and superuser_arg().

Referenced by AlterRole(), AlterRoleSet(), check_object_ownership(), check_role_membership_authorization(), DropRole(), pg_role_aclcheck(), and RenameRole().

◆ is_member_of_role()

bool is_member_of_role ( Oid  member,
Oid  role 
)

Definition at line 5366 of file acl.c.

5367{
5368 /* Fast path for simple case */
5369 if (member == role)
5370 return true;
5371
5372 /* Superusers have every privilege, so are part of every role */
5373 if (superuser_arg(member))
5374 return true;
5375
5376 /*
5377 * Find all the roles that member is a member of, including multi-level
5378 * recursion, then see if target role is any one of them.
5379 */
5380 return list_member_oid(roles_is_member_of(member, ROLERECURSE_MEMBERS,
5381 InvalidOid, NULL),
5382 role);
5383}

References fb(), InvalidOid, list_member_oid(), ROLERECURSE_MEMBERS, roles_is_member_of(), and superuser_arg().

Referenced by pg_role_aclcheck().

◆ is_member_of_role_nosuper()

bool is_member_of_role_nosuper ( Oid  member,
Oid  role 
)

Definition at line 5394 of file acl.c.

5395{
5396 /* Fast path for simple case */
5397 if (member == role)
5398 return true;
5399
5400 /*
5401 * Find all the roles that member is a member of, including multi-level
5402 * recursion, then see if target role is any one of them.
5403 */
5404 return list_member_oid(roles_is_member_of(member, ROLERECURSE_MEMBERS,
5405 InvalidOid, NULL),
5406 role);
5407}

References fb(), InvalidOid, list_member_oid(), ROLERECURSE_MEMBERS, and roles_is_member_of().

Referenced by AddRoleMems(), and is_member().

◆ is_safe_acl_char()

static bool is_safe_acl_char ( unsigned char  c,
bool  is_getid 
)
inlinestatic

Definition at line 146 of file acl.c.

147{
148 if (IS_HIGHBIT_SET(c))
149 return is_getid;
150 return isalnum(c) || c == '_';
151}
IS_HIGHBIT_SET
#define IS_HIGHBIT_SET(ch)
Definition c.h:1160
c
char * c
Definition preproc-cursor.c:31

References fb(), and IS_HIGHBIT_SET.

Referenced by getid(), and putid().

◆ make_empty_acl()

Acl * make_empty_acl ( void  )

Definition at line 449 of file acl.c.

450{
451 return allocacl(0);
452}

References allocacl().

Referenced by SetDefaultACL().

◆ makeaclitem()

Datum makeaclitem ( PG_FUNCTION_ARGS  )

Definition at line 1635 of file acl.c.

1636{
1637 Oid grantee = PG_GETARG_OID(0);
1638 Oid grantor = PG_GETARG_OID(1);
1639 text *privtext = PG_GETARG_TEXT_PP(2);
1640 bool goption = PG_GETARG_BOOL(3);
1641 AclItem *result;
1642 AclMode priv;
1643 static const priv_map any_priv_map[] = {
1644 {"SELECT", ACL_SELECT},
1645 {"INSERT", ACL_INSERT},
1646 {"UPDATE", ACL_UPDATE},
1647 {"DELETE", ACL_DELETE},
1648 {"TRUNCATE", ACL_TRUNCATE},
1649 {"REFERENCES", ACL_REFERENCES},
1650 {"TRIGGER", ACL_TRIGGER},
1651 {"EXECUTE", ACL_EXECUTE},
1652 {"USAGE", ACL_USAGE},
1653 {"CREATE", ACL_CREATE},
1654 {"TEMP", ACL_CREATE_TEMP},
1655 {"TEMPORARY", ACL_CREATE_TEMP},
1656 {"CONNECT", ACL_CONNECT},
1657 {"SET", ACL_SET},
1658 {"ALTER SYSTEM", ACL_ALTER_SYSTEM},
1659 {"MAINTAIN", ACL_MAINTAIN},
1660 {NULL, 0}
1661 };
1662
1663 priv = convert_any_priv_string(privtext, any_priv_map);
1664
1665 result = palloc_object(AclItem);
1666
1667 result->ai_grantee = grantee;
1668 result->ai_grantor = grantor;
1669
1670 ACLITEM_SET_PRIVS_GOPTIONS(*result, priv,
1671 (goption ? priv : ACL_NO_RIGHTS));
1672
1673 PG_RETURN_ACLITEM_P(result);
1674}
PG_GETARG_BOOL
#define PG_GETARG_BOOL(n)
Definition fmgr.h:274
AclItem::ai_grantee
Oid ai_grantee
Definition acl.h:56
AclItem::ai_grantor
Oid ai_grantor
Definition acl.h:57

References ACL_ALTER_SYSTEM, ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_MAINTAIN, ACL_NO_RIGHTS, ACL_REFERENCES, ACL_SELECT, ACL_SET, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, ACLITEM_SET_PRIVS_GOPTIONS, AclItem::ai_grantee, AclItem::ai_grantor, convert_any_priv_string(), fb(), palloc_object, PG_GETARG_BOOL, PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_ACLITEM_P.

◆ member_can_set_role()

bool member_can_set_role ( Oid  member,
Oid  role 
)

Definition at line 5320 of file acl.c.

5321{
5322 /* Fast path for simple case */
5323 if (member == role)
5324 return true;
5325
5326 /* Superusers have every privilege, so can always SET ROLE */
5327 if (superuser_arg(member))
5328 return true;
5329
5330 /*
5331 * Find all the roles that member can access via SET ROLE, including
5332 * multi-level recursion, then see if target role is any one of them.
5333 */
5334 return list_member_oid(roles_is_member_of(member, ROLERECURSE_SETROLE,
5335 InvalidOid, NULL),
5336 role);
5337}

References fb(), InvalidOid, list_member_oid(), ROLERECURSE_SETROLE, roles_is_member_of(), and superuser_arg().

Referenced by check_can_set_role(), check_role(), pg_role_aclcheck(), and SwitchToUntrustedUser().

◆ pg_has_role_id()

Datum pg_has_role_id ( PG_FUNCTION_ARGS  )

Definition at line 4913 of file acl.c.

4914{
4915 Oid roleoid = PG_GETARG_OID(0);
4916 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4917 Oid roleid;
4918 AclMode mode;
4919 AclResult aclresult;
4920
4921 roleid = GetUserId();
4922 mode = convert_role_priv_string(priv_type_text);
4923
4924 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4925
4926 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4927}
convert_role_priv_string
static AclMode convert_role_priv_string(text *priv_type_text)
Definition acl.c:4988
pg_role_aclcheck
static AclResult pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode)
Definition acl.c:5011

References ACLCHECK_OK, convert_role_priv_string(), fb(), GetUserId(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_id_id()

Datum pg_has_role_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4958 of file acl.c.

4959{
4960 Oid roleid = PG_GETARG_OID(0);
4961 Oid roleoid = PG_GETARG_OID(1);
4962 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4963 AclMode mode;
4964 AclResult aclresult;
4965
4966 mode = convert_role_priv_string(priv_type_text);
4967
4968 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4969
4970 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4971}

References ACLCHECK_OK, convert_role_priv_string(), fb(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_id_name()

Datum pg_has_role_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4935 of file acl.c.

4936{
4937 Oid roleid = PG_GETARG_OID(0);
4938 Name rolename = PG_GETARG_NAME(1);
4939 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4940 Oid roleoid;
4941 AclMode mode;
4942 AclResult aclresult;
4943
4944 roleoid = get_role_oid(NameStr(*rolename), false);
4945 mode = convert_role_priv_string(priv_type_text);
4946
4947 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4948
4949 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4950}

References ACLCHECK_OK, convert_role_priv_string(), fb(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_name()

Datum pg_has_role_name ( PG_FUNCTION_ARGS  )

Definition at line 4865 of file acl.c.

4866{
4867 Name rolename = PG_GETARG_NAME(0);
4868 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4869 Oid roleid;
4870 Oid roleoid;
4871 AclMode mode;
4872 AclResult aclresult;
4873
4874 roleid = GetUserId();
4875 roleoid = get_role_oid(NameStr(*rolename), false);
4876 mode = convert_role_priv_string(priv_type_text);
4877
4878 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4879
4880 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4881}

References ACLCHECK_OK, convert_role_priv_string(), fb(), get_role_oid(), GetUserId(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_name_id()

Datum pg_has_role_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4889 of file acl.c.

4890{
4891 Name username = PG_GETARG_NAME(0);
4892 Oid roleoid = PG_GETARG_OID(1);
4893 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4894 Oid roleid;
4895 AclMode mode;
4896 AclResult aclresult;
4897
4898 roleid = get_role_oid(NameStr(*username), false);
4899 mode = convert_role_priv_string(priv_type_text);
4900
4901 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4902
4903 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4904}

References ACLCHECK_OK, convert_role_priv_string(), fb(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, pg_role_aclcheck(), and username.

◆ pg_has_role_name_name()

Datum pg_has_role_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4839 of file acl.c.

4840{
4841 Name username = PG_GETARG_NAME(0);
4842 Name rolename = PG_GETARG_NAME(1);
4843 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4844 Oid roleid;
4845 Oid roleoid;
4846 AclMode mode;
4847 AclResult aclresult;
4848
4849 roleid = get_role_oid(NameStr(*username), false);
4850 roleoid = get_role_oid(NameStr(*rolename), false);
4851 mode = convert_role_priv_string(priv_type_text);
4852
4853 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4854
4855 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4856}

References ACLCHECK_OK, convert_role_priv_string(), fb(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, pg_role_aclcheck(), and username.

◆ pg_role_aclcheck()

static AclResult pg_role_aclcheck ( Oid  role_oid,
Oid  roleid,
AclMode  mode 
)
static

Definition at line 5011 of file acl.c.

5012{
5013 if (mode & ACL_GRANT_OPTION_FOR(ACL_CREATE))
5014 {
5015 if (is_admin_of_role(roleid, role_oid))
5016 return ACLCHECK_OK;
5017 }
5018 if (mode & ACL_CREATE)
5019 {
5020 if (is_member_of_role(roleid, role_oid))
5021 return ACLCHECK_OK;
5022 }
5023 if (mode & ACL_USAGE)
5024 {
5025 if (has_privs_of_role(roleid, role_oid))
5026 return ACLCHECK_OK;
5027 }
5028 if (mode & ACL_SET)
5029 {
5030 if (member_can_set_role(roleid, role_oid))
5031 return ACLCHECK_OK;
5032 }
5033 return ACLCHECK_NO_PRIV;
5034}
is_admin_of_role
bool is_admin_of_role(Oid member, Oid role)
Definition acl.c:5416
is_member_of_role
bool is_member_of_role(Oid member, Oid role)
Definition acl.c:5366
ACLCHECK_NO_PRIV
@ ACLCHECK_NO_PRIV
Definition acl.h:184

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_SET, ACL_USAGE, ACLCHECK_NO_PRIV, ACLCHECK_OK, fb(), has_privs_of_role(), is_admin_of_role(), is_member_of_role(), member_can_set_role(), and mode.

Referenced by pg_has_role_id(), pg_has_role_id_id(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), and pg_has_role_name_name().

◆ putid()

static void putid ( char p,
const char s 
)
static

Definition at line 222 of file acl.c.

223{
224 const char *src;
225 bool safe = true;
226
227 /* Detect whether we need to use double quotes */
228 for (src = s; *src; src++)
229 {
230 if (!is_safe_acl_char(*src, false))
231 {
232 safe = false;
233 break;
234 }
235 }
236 if (!safe)
237 *p++ = '"';
238 for (src = s; *src; src++)
239 {
240 /* A double quote character in a username is encoded as "" */
241 if (*src == '"')
242 *p++ = '"';
243 *p++ = *src;
244 }
245 if (!safe)
246 *p++ = '"';
247 *p = '\0';
248}

References fb(), and is_safe_acl_char().

Referenced by aclitemout().

◆ recursive_revoke()

static Acl * recursive_revoke ( Acl acl,
Oid  grantee,
AclMode  revoke_privs,
Oid  ownerId,
DropBehavior  behavior 
)
static

Definition at line 1303 of file acl.c.

1308{
1309 AclMode still_has;
1310 AclItem *aip;
1311 int i,
1312 num;
1313
1314 check_acl(acl);
1315
1316 /* The owner can never truly lose grant options, so short-circuit */
1317 if (grantee == ownerId)
1318 return acl;
1319
1320 /* The grantee might still have some grant options via another grantor */
1321 still_has = aclmask(acl, grantee, ownerId,
1322 ACL_GRANT_OPTION_FOR(revoke_privs),
1323 ACLMASK_ALL);
1324 revoke_privs &= ~ACL_OPTION_TO_PRIVS(still_has);
1325 if (revoke_privs == ACL_NO_RIGHTS)
1326 return acl;
1327
1328restart:
1329 num = ACL_NUM(acl);
1330 aip = ACL_DAT(acl);
1331 for (i = 0; i < num; i++)
1332 {
1333 if (aip[i].ai_grantor == grantee
1334 && (ACLITEM_GET_PRIVS(aip[i]) & revoke_privs) != 0)
1335 {
1336 AclItem mod_acl;
1337 Acl *new_acl;
1338
1339 if (behavior == DROP_RESTRICT)
1340 ereport(ERROR,
1341 (errcode(ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST),
1342 errmsg("dependent privileges exist"),
1343 errhint("Use CASCADE to revoke them too.")));
1344
1345 mod_acl.ai_grantor = grantee;
1346 mod_acl.ai_grantee = aip[i].ai_grantee;
1347 ACLITEM_SET_PRIVS_GOPTIONS(mod_acl,
1348 revoke_privs,
1349 revoke_privs);
1350
1351 new_acl = aclupdate(acl, &mod_acl, ACL_MODECHG_DEL,
1352 ownerId, behavior);
1353
1354 pfree(acl);
1355 acl = new_acl;
1356
1357 goto restart;
1358 }
1359 }
1360
1361 return acl;
1362}

References ACL_DAT, ACL_GRANT_OPTION_FOR, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACL_NUM, ACLITEM_GET_PRIVS, ACLITEM_SET_PRIVS_GOPTIONS, aclmask(), ACLMASK_ALL, aclupdate(), check_acl(), DROP_RESTRICT, ereport, errcode(), errhint(), errmsg(), ERROR, fb(), i, and pfree().

Referenced by aclupdate().

◆ RoleMembershipCacheCallback()

static void RoleMembershipCacheCallback ( Datum  arg,
SysCacheIdentifier  cacheid,
uint32  hashvalue 
)
static

Definition at line 5071 of file acl.c.

5073{
5074 if (cacheid == DATABASEOID &&
5075 hashvalue != cached_db_hash &&
5076 hashvalue != 0)
5077 {
5078 return; /* ignore pg_database changes for other DBs */
5079 }
5080
5081 /* Force membership caches to be recomputed on next use */
5082 cached_role[ROLERECURSE_MEMBERS] = InvalidOid;
5083 cached_role[ROLERECURSE_PRIVS] = InvalidOid;
5084 cached_role[ROLERECURSE_SETROLE] = InvalidOid;
5085}
cached_role
static Oid cached_role[]
Definition acl.c:80

References cached_db_hash, cached_role, fb(), InvalidOid, ROLERECURSE_MEMBERS, ROLERECURSE_PRIVS, and ROLERECURSE_SETROLE.

Referenced by initialize_acl().

◆ roles_is_member_of()

static List * roles_is_member_of ( Oid  roleid,
enum RoleRecurseType  type,
Oid  admin_of,
Oid admin_role 
)
static

Definition at line 5154 of file acl.c.

5156{
5157 Oid dba;
5158 List *roles_list;
5159 ListCell *l;
5160 List *new_cached_roles;
5161 MemoryContext oldctx;
5162 bloom_filter *bf = NULL;
5163
5164 Assert(OidIsValid(admin_of) == (admin_role != NULL));
5165 if (admin_role != NULL)
5166 *admin_role = InvalidOid;
5167
5168 /* If cache is valid and ADMIN OPTION not sought, just return the list */
5169 if (cached_role[type] == roleid && !OidIsValid(admin_of) &&
5170 OidIsValid(cached_role[type]))
5171 return cached_roles[type];
5172
5173 /*
5174 * Role expansion happens in a non-database backend when guc.c checks
5175 * ROLE_PG_READ_ALL_SETTINGS for a physical walsender SHOW command. In
5176 * that case, no role gets pg_database_owner.
5177 */
5178 if (!OidIsValid(MyDatabaseId))
5179 dba = InvalidOid;
5180 else
5181 {
5182 HeapTuple dbtup;
5183
5184 dbtup = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(MyDatabaseId));
5185 if (!HeapTupleIsValid(dbtup))
5186 elog(ERROR, "cache lookup failed for database %u", MyDatabaseId);
5187 dba = ((Form_pg_database) GETSTRUCT(dbtup))->datdba;
5188 ReleaseSysCache(dbtup);
5189 }
5190
5191 /*
5192 * Find all the roles that roleid is a member of, including multi-level
5193 * recursion. The role itself will always be the first element of the
5194 * resulting list.
5195 *
5196 * Each element of the list is scanned to see if it adds any indirect
5197 * memberships. We can use a single list as both the record of
5198 * already-found memberships and the agenda of roles yet to be scanned.
5199 * This is a bit tricky but works because the foreach() macro doesn't
5200 * fetch the next list element until the bottom of the loop.
5201 */
5202 roles_list = list_make1_oid(roleid);
5203
5204 foreach(l, roles_list)
5205 {
5206 Oid memberid = lfirst_oid(l);
5207 CatCList *memlist;
5208 int i;
5209
5210 /* Find roles that memberid is directly a member of */
5211 memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
5212 ObjectIdGetDatum(memberid));
5213 for (i = 0; i < memlist->n_members; i++)
5214 {
5215 HeapTuple tup = &memlist->members[i]->tuple;
5216 Form_pg_auth_members form = (Form_pg_auth_members) GETSTRUCT(tup);
5217 Oid otherid = form->roleid;
5218
5219 /*
5220 * While otherid==InvalidOid shouldn't appear in the catalog, the
5221 * OidIsValid() avoids crashing if that arises.
5222 */
5223 if (otherid == admin_of && form->admin_option &&
5224 OidIsValid(admin_of) && !OidIsValid(*admin_role))
5225 *admin_role = memberid;
5226
5227 /* If we're supposed to ignore non-heritable grants, do so. */
5228 if (type == ROLERECURSE_PRIVS && !form->inherit_option)
5229 continue;
5230
5231 /* If we're supposed to ignore non-SET grants, do so. */
5232 if (type == ROLERECURSE_SETROLE && !form->set_option)
5233 continue;
5234
5235 /*
5236 * Even though there shouldn't be any loops in the membership
5237 * graph, we must test for having already seen this role. It is
5238 * legal for instance to have both A->B and A->C->B.
5239 */
5240 roles_list = roles_list_append(roles_list, &bf, otherid);
5241 }
5242 ReleaseSysCacheList(memlist);
5243
5244 /* implement pg_database_owner implicit membership */
5245 if (memberid == dba && OidIsValid(dba))
5246 roles_list = roles_list_append(roles_list, &bf,
5247 ROLE_PG_DATABASE_OWNER);
5248 }
5249
5250 /*
5251 * Free the Bloom filter created by roles_list_append(), if there is one.
5252 */
5253 if (bf)
5254 bloom_free(bf);
5255
5256 /*
5257 * Copy the completed list into TopMemoryContext so it will persist.
5258 */
5259 oldctx = MemoryContextSwitchTo(TopMemoryContext);
5260 new_cached_roles = list_copy(roles_list);
5261 MemoryContextSwitchTo(oldctx);
5262 list_free(roles_list);
5263
5264 /*
5265 * Now safe to assign to state variable
5266 */
5267 cached_role[type] = InvalidOid; /* just paranoia */
5268 list_free(cached_roles[type]);
5269 cached_roles[type] = new_cached_roles;
5270 cached_role[type] = roleid;
5271
5272 /* And now we can return the answer */
5273 return cached_roles[type];
5274}
roles_list_append
static List * roles_list_append(List *roles_list, bloom_filter **bf, Oid role)
Definition acl.c:5094
cached_roles
static List * cached_roles[]
Definition acl.c:81
bloom_free
void bloom_free(bloom_filter *filter)
Definition bloomfilter.c:126
list_copy
List * list_copy(const List *oldlist)
Definition list.c:1573
list_free
void list_free(List *list)
Definition list.c:1546
TopMemoryContext
MemoryContext TopMemoryContext
Definition mcxt.c:166
Form_pg_auth_members
FormData_pg_auth_members * Form_pg_auth_members
Definition pg_auth_members.h:46
Form_pg_database
FormData_pg_database * Form_pg_database
Definition pg_database.h:96
list_make1_oid
#define list_make1_oid(x1)
Definition pg_list.h:242
lfirst_oid
#define lfirst_oid(lc)
Definition pg_list.h:174
List
Definition pg_list.h:54
bloom_filter
Definition bloomfilter.c:45
ReleaseSysCacheList
#define ReleaseSysCacheList(x)
Definition syscache.h:134
SearchSysCacheList1
#define SearchSysCacheList1(cacheId, key1)
Definition syscache.h:127
type
const char * type
Definition wait_event_funcs.c:27

References Assert, bloom_free(), cached_role, cached_roles, elog, ERROR, fb(), GETSTRUCT(), HeapTupleIsValid, i, InvalidOid, lfirst_oid, list_copy(), list_free(), list_make1_oid, MemoryContextSwitchTo(), MyDatabaseId, ObjectIdGetDatum(), OidIsValid, ReleaseSysCache(), ReleaseSysCacheList, ROLERECURSE_PRIVS, ROLERECURSE_SETROLE, roles_list_append(), SearchSysCache1(), SearchSysCacheList1, TopMemoryContext, and type.

Referenced by has_privs_of_role(), is_admin_of_role(), is_member_of_role(), is_member_of_role_nosuper(), member_can_set_role(), select_best_admin(), and select_best_grantor().

◆ roles_list_append()

static List * roles_list_append ( List roles_list,
bloom_filter **  bf,
Oid  role 
)
inlinestatic

Definition at line 5094 of file acl.c.

5095{
5096 unsigned char *roleptr = (unsigned char *) &role;
5097
5098 /*
5099 * If there is a previously-created Bloom filter, use it to try to
5100 * determine whether the role is missing from the list. If it says yes,
5101 * that's a hard fact and we can go ahead and add the role. If it says
5102 * no, that's only probabilistic and we'd better search the list. Without
5103 * a filter, we must always do an ordinary linear search through the
5104 * existing list.
5105 */
5106 if ((*bf && bloom_lacks_element(*bf, roleptr, sizeof(Oid))) ||
5107 !list_member_oid(roles_list, role))
5108 {
5109 /*
5110 * If the list is large, we take on the overhead of creating and
5111 * populating a Bloom filter to speed up future calls to this
5112 * function.
5113 */
5114 if (*bf == NULL &&
5115 list_length(roles_list) > ROLES_LIST_BLOOM_THRESHOLD)
5116 {
5117 *bf = bloom_create(ROLES_LIST_BLOOM_THRESHOLD * 10, work_mem, 0);
5118 foreach_oid(roleid, roles_list)
5119 bloom_add_element(*bf, (unsigned char *) &roleid, sizeof(Oid));
5120 }
5121
5122 /*
5123 * Finally, add the role to the list and the Bloom filter, if it
5124 * exists.
5125 */
5126 roles_list = lappend_oid(roles_list, role);
5127 if (*bf)
5128 bloom_add_element(*bf, roleptr, sizeof(Oid));
5129 }
5130
5131 return roles_list;
5132}
ROLES_LIST_BLOOM_THRESHOLD
#define ROLES_LIST_BLOOM_THRESHOLD
Definition acl.c:90
bloom_create
bloom_filter * bloom_create(int64 total_elems, int bloom_work_mem, uint64 seed)
Definition bloomfilter.c:87
bloom_lacks_element
bool bloom_lacks_element(bloom_filter *filter, unsigned char *elem, size_t len)
Definition bloomfilter.c:157
bloom_add_element
void bloom_add_element(bloom_filter *filter, unsigned char *elem, size_t len)
Definition bloomfilter.c:135
work_mem
int work_mem
Definition globals.c:131
lappend_oid
List * lappend_oid(List *list, Oid datum)
Definition list.c:375
list_length
static int list_length(const List *l)
Definition pg_list.h:152
foreach_oid
#define foreach_oid(var, lst)
Definition pg_list.h:471

References bloom_add_element(), bloom_create(), bloom_lacks_element(), fb(), foreach_oid, lappend_oid(), list_length(), list_member_oid(), ROLES_LIST_BLOOM_THRESHOLD, and work_mem.

Referenced by roles_is_member_of().

◆ select_best_admin()

Oid select_best_admin ( Oid  member,
Oid  role 
)

Definition at line 5441 of file acl.c.

5442{
5443 Oid admin_role;
5444
5445 /* By policy, a role cannot have WITH ADMIN OPTION on itself. */
5446 if (member == role)
5447 return InvalidOid;
5448
5449 (void) roles_is_member_of(member, ROLERECURSE_PRIVS, role, &admin_role);
5450 return admin_role;
5451}

References fb(), InvalidOid, ROLERECURSE_PRIVS, and roles_is_member_of().

Referenced by check_role_grantor().

◆ select_best_grantor()

void select_best_grantor ( Oid  roleId,
AclMode  privileges,
const Acl acl,
Oid  ownerId,
Oid grantorId,
AclMode grantOptions 
)

Definition at line 5478 of file acl.c.

5481{
5482 AclMode needed_goptions = ACL_GRANT_OPTION_FOR(privileges);
5483 List *roles_list;
5484 int nrights;
5485 ListCell *l;
5486
5487 /*
5488 * The object owner is always treated as having all grant options, so if
5489 * roleId is the owner it's easy. Also, if roleId is a superuser it's
5490 * easy: superusers are implicitly members of every role, so they act as
5491 * the object owner.
5492 */
5493 if (roleId == ownerId || superuser_arg(roleId))
5494 {
5495 *grantorId = ownerId;
5496 *grantOptions = needed_goptions;
5497 return;
5498 }
5499
5500 /*
5501 * Otherwise we have to do a careful search to see if roleId has the
5502 * privileges of any suitable role. Note: we can hang onto the result of
5503 * roles_is_member_of() throughout this loop, because aclmask_direct()
5504 * doesn't query any role memberships.
5505 */
5506 roles_list = roles_is_member_of(roleId, ROLERECURSE_PRIVS,
5507 InvalidOid, NULL);
5508
5509 /* initialize candidate result as default */
5510 *grantorId = roleId;
5511 *grantOptions = ACL_NO_RIGHTS;
5512 nrights = 0;
5513
5514 foreach(l, roles_list)
5515 {
5516 Oid otherrole = lfirst_oid(l);
5517 AclMode otherprivs;
5518
5519 otherprivs = aclmask_direct(acl, otherrole, ownerId,
5520 needed_goptions, ACLMASK_ALL);
5521 if (otherprivs == needed_goptions)
5522 {
5523 /* Found a suitable grantor */
5524 *grantorId = otherrole;
5525 *grantOptions = otherprivs;
5526 return;
5527 }
5528
5529 /*
5530 * If it has just some of the needed privileges, remember best
5531 * candidate.
5532 */
5533 if (otherprivs != ACL_NO_RIGHTS)
5534 {
5535 int nnewrights = pg_popcount64(otherprivs);
5536
5537 if (nnewrights > nrights)
5538 {
5539 *grantorId = otherrole;
5540 *grantOptions = otherprivs;
5541 nrights = nnewrights;
5542 }
5543 }
5544 }
5545}
aclmask_direct
static AclMode aclmask_direct(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Definition acl.c:1478
pg_popcount64
static int pg_popcount64(uint64 word)
Definition pg_bitutils.h:324

References ACL_GRANT_OPTION_FOR, ACL_NO_RIGHTS, ACLMASK_ALL, aclmask_direct(), fb(), InvalidOid, lfirst_oid, pg_popcount64(), ROLERECURSE_PRIVS, roles_is_member_of(), and superuser_arg().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), and ExecGrant_Relation().

Variable Documentation

◆ cached_db_hash

uint32 cached_db_hash
static

Definition at line 82 of file acl.c.

Referenced by initialize_acl(), and RoleMembershipCacheCallback().

◆ cached_role

Oid cached_role[] = {InvalidOid, InvalidOid, InvalidOid}
static

Definition at line 80 of file acl.c.

80{InvalidOid, InvalidOid, InvalidOid};

Referenced by RoleMembershipCacheCallback(), and roles_is_member_of().

◆ cached_roles

List* cached_roles[] = {NIL, NIL, NIL}
static

Definition at line 81 of file acl.c.

81{NIL, NIL, NIL};
NIL
#define NIL
Definition pg_list.h:68

Referenced by roles_is_member_of().