PostgreSQL Source Code  git master
Data Structures | Macros | Enumerations | Functions | Variables
acl.c File Reference
#include "postgres.h"
#include <ctype.h>
#include "access/htup_details.h"
#include "catalog/catalog.h"
#include "catalog/namespace.h"
#include "catalog/pg_auth_members.h"
#include "catalog/pg_authid.h"
#include "catalog/pg_class.h"
#include "catalog/pg_database.h"
#include "catalog/pg_foreign_data_wrapper.h"
#include "catalog/pg_foreign_server.h"
#include "catalog/pg_language.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_proc.h"
#include "catalog/pg_tablespace.h"
#include "catalog/pg_type.h"
#include "commands/dbcommands.h"
#include "commands/proclang.h"
#include "commands/tablespace.h"
#include "common/hashfn.h"
#include "foreign/foreign.h"
#include "funcapi.h"
#include "lib/bloomfilter.h"
#include "lib/qunique.h"
#include "miscadmin.h"
#include "utils/acl.h"
#include "utils/array.h"
#include "utils/builtins.h"
#include "utils/catcache.h"
#include "utils/inval.h"
#include "utils/lsyscache.h"
#include "utils/memutils.h"
#include "utils/syscache.h"
#include "utils/varlena.h"
Include dependency graph for acl.c:

Go to the source code of this file.

Data Structures

struct  priv_map
 

Macros

#define ROLES_LIST_BLOOM_THRESHOLD   1024
 

Enumerations

enum  RoleRecurseType { ROLERECURSE_MEMBERS = 0 , ROLERECURSE_PRIVS = 1 , ROLERECURSE_SETROLE = 2 }
 

Functions

static const char * getid (const char *s, char *n, Node *escontext)
 
static void putid (char *p, const char *s)
 
static Aclallocacl (int n)
 
static void check_acl (const Acl *acl)
 
static const char * aclparse (const char *s, AclItem *aip, Node *escontext)
 
static bool aclitem_match (const AclItem *a1, const AclItem *a2)
 
static int aclitemComparator (const void *arg1, const void *arg2)
 
static void check_circularity (const Acl *old_acl, const AclItem *mod_aip, Oid ownerId)
 
static Aclrecursive_revoke (Acl *acl, Oid grantee, AclMode revoke_privs, Oid ownerId, DropBehavior behavior)
 
static AclMode convert_any_priv_string (text *priv_type_text, const priv_map *privileges)
 
static Oid convert_table_name (text *tablename)
 
static AclMode convert_table_priv_string (text *priv_type_text)
 
static AclMode convert_sequence_priv_string (text *priv_type_text)
 
static AttrNumber convert_column_name (Oid tableoid, text *column)
 
static AclMode convert_column_priv_string (text *priv_type_text)
 
static Oid convert_database_name (text *databasename)
 
static AclMode convert_database_priv_string (text *priv_type_text)
 
static Oid convert_foreign_data_wrapper_name (text *fdwname)
 
static AclMode convert_foreign_data_wrapper_priv_string (text *priv_type_text)
 
static Oid convert_function_name (text *functionname)
 
static AclMode convert_function_priv_string (text *priv_type_text)
 
static Oid convert_language_name (text *languagename)
 
static AclMode convert_language_priv_string (text *priv_type_text)
 
static Oid convert_schema_name (text *schemaname)
 
static AclMode convert_schema_priv_string (text *priv_type_text)
 
static Oid convert_server_name (text *servername)
 
static AclMode convert_server_priv_string (text *priv_type_text)
 
static Oid convert_tablespace_name (text *tablespacename)
 
static AclMode convert_tablespace_priv_string (text *priv_type_text)
 
static Oid convert_type_name (text *typename)
 
static AclMode convert_type_priv_string (text *priv_type_text)
 
static AclMode convert_parameter_priv_string (text *priv_text)
 
static AclMode convert_role_priv_string (text *priv_type_text)
 
static AclResult pg_role_aclcheck (Oid role_oid, Oid roleid, AclMode mode)
 
static void RoleMembershipCacheCallback (Datum arg, int cacheid, uint32 hashvalue)
 
Aclmake_empty_acl (void)
 
Aclaclcopy (const Acl *orig_acl)
 
Aclaclconcat (const Acl *left_acl, const Acl *right_acl)
 
Aclaclmerge (const Acl *left_acl, const Acl *right_acl, Oid ownerId)
 
void aclitemsort (Acl *acl)
 
bool aclequal (const Acl *left_acl, const Acl *right_acl)
 
Datum aclitemin (PG_FUNCTION_ARGS)
 
Datum aclitemout (PG_FUNCTION_ARGS)
 
Datum aclitem_eq (PG_FUNCTION_ARGS)
 
Datum hash_aclitem (PG_FUNCTION_ARGS)
 
Datum hash_aclitem_extended (PG_FUNCTION_ARGS)
 
Aclacldefault (ObjectType objtype, Oid ownerId)
 
Datum acldefault_sql (PG_FUNCTION_ARGS)
 
Aclaclupdate (const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
 
Aclaclnewowner (const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)
 
AclMode aclmask (const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
 
static AclMode aclmask_direct (const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
 
int aclmembers (const Acl *acl, Oid **roleids)
 
Datum aclinsert (PG_FUNCTION_ARGS)
 
Datum aclremove (PG_FUNCTION_ARGS)
 
Datum aclcontains (PG_FUNCTION_ARGS)
 
Datum makeaclitem (PG_FUNCTION_ARGS)
 
static const char * convert_aclright_to_string (int aclright)
 
Datum aclexplode (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_id_id (PG_FUNCTION_ARGS)
 
static int column_privilege_check (Oid tableoid, AttrNumber attnum, Oid roleid, AclMode mode)
 
Datum has_column_privilege_name_name_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_name_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_id_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_id_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_name_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_name_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_id_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_id_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_attnum (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_id_id (PG_FUNCTION_ARGS)
 
static bool has_param_priv_byname (Oid roleid, const text *parameter, AclMode priv)
 
Datum has_parameter_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_parameter_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_parameter_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum pg_has_role_name_name (PG_FUNCTION_ARGS)
 
Datum pg_has_role_name (PG_FUNCTION_ARGS)
 
Datum pg_has_role_name_id (PG_FUNCTION_ARGS)
 
Datum pg_has_role_id (PG_FUNCTION_ARGS)
 
Datum pg_has_role_id_name (PG_FUNCTION_ARGS)
 
Datum pg_has_role_id_id (PG_FUNCTION_ARGS)
 
void initialize_acl (void)
 
static Listroles_list_append (List *roles_list, bloom_filter **bf, Oid role)
 
static Listroles_is_member_of (Oid roleid, enum RoleRecurseType type, Oid admin_of, Oid *admin_role)
 
bool has_privs_of_role (Oid member, Oid role)
 
bool member_can_set_role (Oid member, Oid role)
 
void check_can_set_role (Oid member, Oid role)
 
bool is_member_of_role (Oid member, Oid role)
 
bool is_member_of_role_nosuper (Oid member, Oid role)
 
bool is_admin_of_role (Oid member, Oid role)
 
Oid select_best_admin (Oid member, Oid role)
 
static int count_one_bits (AclMode mask)
 
void select_best_grantor (Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
 
Oid get_role_oid (const char *rolname, bool missing_ok)
 
Oid get_role_oid_or_public (const char *rolname)
 
Oid get_rolespec_oid (const RoleSpec *role, bool missing_ok)
 
HeapTuple get_rolespec_tuple (const RoleSpec *role)
 
char * get_rolespec_name (const RoleSpec *role)
 
void check_rolespec_name (const RoleSpec *role, const char *detail_msg)
 

Variables

static Oid cached_role [] = {InvalidOid, InvalidOid, InvalidOid}
 
static Listcached_roles [] = {NIL, NIL, NIL}
 
static uint32 cached_db_hash
 

Macro Definition Documentation

◆ ROLES_LIST_BLOOM_THRESHOLD

#define ROLES_LIST_BLOOM_THRESHOLD   1024

Definition at line 88 of file acl.c.

Enumeration Type Documentation

◆ RoleRecurseType

enum RoleRecurseType
Enumerator
ROLERECURSE_MEMBERS 
ROLERECURSE_PRIVS 
ROLERECURSE_SETROLE 

Definition at line 72 of file acl.c.

73 {
74  ROLERECURSE_MEMBERS = 0, /* recurse unconditionally */
75  ROLERECURSE_PRIVS = 1, /* recurse through inheritable grants */
76  ROLERECURSE_SETROLE = 2 /* recurse through grants with set_option */
77 };
ROLERECURSE_PRIVS
@ ROLERECURSE_PRIVS
Definition: acl.c:75
ROLERECURSE_MEMBERS
@ ROLERECURSE_MEMBERS
Definition: acl.c:74
ROLERECURSE_SETROLE
@ ROLERECURSE_SETROLE
Definition: acl.c:76

Function Documentation

◆ aclconcat()

Acl* aclconcat ( const Acl left_acl,
const Acl right_acl 
)

Definition at line 460 of file acl.c.

461 {
462  Acl *result_acl;
463 
464  result_acl = allocacl(ACL_NUM(left_acl) + ACL_NUM(right_acl));
465 
466  memcpy(ACL_DAT(result_acl),
467  ACL_DAT(left_acl),
468  ACL_NUM(left_acl) * sizeof(AclItem));
469 
470  memcpy(ACL_DAT(result_acl) + ACL_NUM(left_acl),
471  ACL_DAT(right_acl),
472  ACL_NUM(right_acl) * sizeof(AclItem));
473 
474  return result_acl;
475 }
allocacl
static Acl * allocacl(int n)
Definition: acl.c:409
ACL_DAT
#define ACL_DAT(ACL)
Definition: acl.h:109
ACL_NUM
#define ACL_NUM(ACL)
Definition: acl.h:108
AclItem
Definition: acl.h:55

References ACL_DAT, ACL_NUM, and allocacl().

Referenced by ExecGrant_Attribute().

◆ aclcontains()

Datum aclcontains ( PG_FUNCTION_ARGS  )

Definition at line 1595 of file acl.c.

1596 {
1597  Acl *acl = PG_GETARG_ACL_P(0);
1598  AclItem *aip = PG_GETARG_ACLITEM_P(1);
1599  AclItem *aidat;
1600  int i,
1601  num;
1602 
1603  check_acl(acl);
1604  num = ACL_NUM(acl);
1605  aidat = ACL_DAT(acl);
1606  for (i = 0; i < num; ++i)
1607  {
1608  if (aip->ai_grantee == aidat[i].ai_grantee &&
1609  aip->ai_grantor == aidat[i].ai_grantor &&
1610  (ACLITEM_GET_RIGHTS(*aip) & ACLITEM_GET_RIGHTS(aidat[i])) == ACLITEM_GET_RIGHTS(*aip))
1611  PG_RETURN_BOOL(true);
1612  }
1613  PG_RETURN_BOOL(false);
1614 }
check_acl
static void check_acl(const Acl *acl)
Definition: acl.c:573
PG_GETARG_ACLITEM_P
#define PG_GETARG_ACLITEM_P(n)
Definition: acl.h:117
PG_GETARG_ACL_P
#define PG_GETARG_ACL_P(n)
Definition: acl.h:122
ACLITEM_GET_RIGHTS
#define ACLITEM_GET_RIGHTS(item)
Definition: acl.h:68
PG_RETURN_BOOL
#define PG_RETURN_BOOL(x)
Definition: fmgr.h:359
i
int i
Definition: isn.c:73
AclItem::ai_grantee
Oid ai_grantee
Definition: acl.h:56
AclItem::ai_grantor
Oid ai_grantor
Definition: acl.h:57

References ACL_DAT, ACL_NUM, ACLITEM_GET_RIGHTS, AclItem::ai_grantee, AclItem::ai_grantor, check_acl(), i, PG_GETARG_ACL_P, PG_GETARG_ACLITEM_P, and PG_RETURN_BOOL.

◆ aclcopy()

Acl* aclcopy ( const Acl orig_acl)

Definition at line 440 of file acl.c.

441 {
442  Acl *result_acl;
443 
444  result_acl = allocacl(ACL_NUM(orig_acl));
445 
446  memcpy(ACL_DAT(result_acl),
447  ACL_DAT(orig_acl),
448  ACL_NUM(orig_acl) * sizeof(AclItem));
449 
450  return result_acl;
451 }

References ACL_DAT, ACL_NUM, and allocacl().

Referenced by aclmerge(), ExecGrant_Relation(), and SetDefaultACL().

◆ acldefault()

Acl* acldefault ( ObjectType  objtype,
Oid  ownerId 
)

Definition at line 786 of file acl.c.

787 {
788  AclMode world_default;
789  AclMode owner_default;
790  int nacl;
791  Acl *acl;
792  AclItem *aip;
793 
794  switch (objtype)
795  {
796  case OBJECT_COLUMN:
797  /* by default, columns have no extra privileges */
798  world_default = ACL_NO_RIGHTS;
799  owner_default = ACL_NO_RIGHTS;
800  break;
801  case OBJECT_TABLE:
802  world_default = ACL_NO_RIGHTS;
803  owner_default = ACL_ALL_RIGHTS_RELATION;
804  break;
805  case OBJECT_SEQUENCE:
806  world_default = ACL_NO_RIGHTS;
807  owner_default = ACL_ALL_RIGHTS_SEQUENCE;
808  break;
809  case OBJECT_DATABASE:
810  /* for backwards compatibility, grant some rights by default */
811  world_default = ACL_CREATE_TEMP | ACL_CONNECT;
812  owner_default = ACL_ALL_RIGHTS_DATABASE;
813  break;
814  case OBJECT_FUNCTION:
815  /* Grant EXECUTE by default, for now */
816  world_default = ACL_EXECUTE;
817  owner_default = ACL_ALL_RIGHTS_FUNCTION;
818  break;
819  case OBJECT_LANGUAGE:
820  /* Grant USAGE by default, for now */
821  world_default = ACL_USAGE;
822  owner_default = ACL_ALL_RIGHTS_LANGUAGE;
823  break;
824  case OBJECT_LARGEOBJECT:
825  world_default = ACL_NO_RIGHTS;
826  owner_default = ACL_ALL_RIGHTS_LARGEOBJECT;
827  break;
828  case OBJECT_SCHEMA:
829  world_default = ACL_NO_RIGHTS;
830  owner_default = ACL_ALL_RIGHTS_SCHEMA;
831  break;
832  case OBJECT_TABLESPACE:
833  world_default = ACL_NO_RIGHTS;
834  owner_default = ACL_ALL_RIGHTS_TABLESPACE;
835  break;
836  case OBJECT_FDW:
837  world_default = ACL_NO_RIGHTS;
838  owner_default = ACL_ALL_RIGHTS_FDW;
839  break;
840  case OBJECT_FOREIGN_SERVER:
841  world_default = ACL_NO_RIGHTS;
842  owner_default = ACL_ALL_RIGHTS_FOREIGN_SERVER;
843  break;
844  case OBJECT_DOMAIN:
845  case OBJECT_TYPE:
846  world_default = ACL_USAGE;
847  owner_default = ACL_ALL_RIGHTS_TYPE;
848  break;
849  case OBJECT_PARAMETER_ACL:
850  world_default = ACL_NO_RIGHTS;
851  owner_default = ACL_ALL_RIGHTS_PARAMETER_ACL;
852  break;
853  default:
854  elog(ERROR, "unrecognized object type: %d", (int) objtype);
855  world_default = ACL_NO_RIGHTS; /* keep compiler quiet */
856  owner_default = ACL_NO_RIGHTS;
857  break;
858  }
859 
860  nacl = 0;
861  if (world_default != ACL_NO_RIGHTS)
862  nacl++;
863  if (owner_default != ACL_NO_RIGHTS)
864  nacl++;
865 
866  acl = allocacl(nacl);
867  aip = ACL_DAT(acl);
868 
869  if (world_default != ACL_NO_RIGHTS)
870  {
871  aip->ai_grantee = ACL_ID_PUBLIC;
872  aip->ai_grantor = ownerId;
873  ACLITEM_SET_PRIVS_GOPTIONS(*aip, world_default, ACL_NO_RIGHTS);
874  aip++;
875  }
876 
877  /*
878  * Note that the owner's entry shows all ordinary privileges but no grant
879  * options. This is because his grant options come "from the system" and
880  * not from his own efforts. (The SQL spec says that the owner's rights
881  * come from a "_SYSTEM" authid.) However, we do consider that the
882  * owner's ordinary privileges are self-granted; this lets him revoke
883  * them. We implement the owner's grant options without any explicit
884  * "_SYSTEM"-like ACL entry, by internally special-casing the owner
885  * wherever we are testing grant options.
886  */
887  if (owner_default != ACL_NO_RIGHTS)
888  {
889  aip->ai_grantee = ownerId;
890  aip->ai_grantor = ownerId;
891  ACLITEM_SET_PRIVS_GOPTIONS(*aip, owner_default, ACL_NO_RIGHTS);
892  }
893 
894  return acl;
895 }
ACL_ALL_RIGHTS_FOREIGN_SERVER
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
Definition: acl.h:164
ACL_ALL_RIGHTS_TABLESPACE
#define ACL_ALL_RIGHTS_TABLESPACE
Definition: acl.h:170
ACL_ALL_RIGHTS_PARAMETER_ACL
#define ACL_ALL_RIGHTS_PARAMETER_ACL
Definition: acl.h:168
ACL_ALL_RIGHTS_SCHEMA
#define ACL_ALL_RIGHTS_SCHEMA
Definition: acl.h:169
ACL_ALL_RIGHTS_SEQUENCE
#define ACL_ALL_RIGHTS_SEQUENCE
Definition: acl.h:161
ACL_ALL_RIGHTS_DATABASE
#define ACL_ALL_RIGHTS_DATABASE
Definition: acl.h:162
ACL_ALL_RIGHTS_FUNCTION
#define ACL_ALL_RIGHTS_FUNCTION
Definition: acl.h:165
ACL_ALL_RIGHTS_LANGUAGE
#define ACL_ALL_RIGHTS_LANGUAGE
Definition: acl.h:166
ACL_ALL_RIGHTS_TYPE
#define ACL_ALL_RIGHTS_TYPE
Definition: acl.h:171
ACL_ALL_RIGHTS_FDW
#define ACL_ALL_RIGHTS_FDW
Definition: acl.h:163
ACLITEM_SET_PRIVS_GOPTIONS
#define ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)
Definition: acl.h:82
ACL_ALL_RIGHTS_RELATION
#define ACL_ALL_RIGHTS_RELATION
Definition: acl.h:160
ACL_ID_PUBLIC
#define ACL_ID_PUBLIC
Definition: acl.h:46
ACL_ALL_RIGHTS_LARGEOBJECT
#define ACL_ALL_RIGHTS_LARGEOBJECT
Definition: acl.h:167
ERROR
#define ERROR
Definition: elog.h:39
elog
#define elog(elevel,...)
Definition: elog.h:224
ACL_CREATE_TEMP
#define ACL_CREATE_TEMP
Definition: parsenodes.h:86
AclMode
uint64 AclMode
Definition: parsenodes.h:74
ACL_USAGE
#define ACL_USAGE
Definition: parsenodes.h:84
ACL_NO_RIGHTS
#define ACL_NO_RIGHTS
Definition: parsenodes.h:92
OBJECT_FDW
@ OBJECT_FDW
Definition: parsenodes.h:2277
OBJECT_SCHEMA
@ OBJECT_SCHEMA
Definition: parsenodes.h:2297
OBJECT_DOMAIN
@ OBJECT_DOMAIN
Definition: parsenodes.h:2273
OBJECT_COLUMN
@ OBJECT_COLUMN
Definition: parsenodes.h:2267
OBJECT_TABLESPACE
@ OBJECT_TABLESPACE
Definition: parsenodes.h:2303
OBJECT_LARGEOBJECT
@ OBJECT_LARGEOBJECT
Definition: parsenodes.h:2283
OBJECT_DATABASE
@ OBJECT_DATABASE
Definition: parsenodes.h:2270
OBJECT_SEQUENCE
@ OBJECT_SEQUENCE
Definition: parsenodes.h:2298
OBJECT_LANGUAGE
@ OBJECT_LANGUAGE
Definition: parsenodes.h:2282
OBJECT_FOREIGN_SERVER
@ OBJECT_FOREIGN_SERVER
Definition: parsenodes.h:2278
OBJECT_TABLE
@ OBJECT_TABLE
Definition: parsenodes.h:2302
OBJECT_PARAMETER_ACL
@ OBJECT_PARAMETER_ACL
Definition: parsenodes.h:2288
OBJECT_TYPE
@ OBJECT_TYPE
Definition: parsenodes.h:2310
OBJECT_FUNCTION
@ OBJECT_FUNCTION
Definition: parsenodes.h:2280
ACL_CONNECT
#define ACL_CONNECT
Definition: parsenodes.h:87
ACL_EXECUTE
#define ACL_EXECUTE
Definition: parsenodes.h:83

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_LARGEOBJECT, ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, ACL_CONNECT, ACL_CREATE_TEMP, ACL_DAT, ACL_EXECUTE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, ACL_USAGE, ACLITEM_SET_PRIVS_GOPTIONS, AclItem::ai_grantee, AclItem::ai_grantor, allocacl(), elog, ERROR, OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, and OBJECT_TYPE.

Referenced by acldefault_sql(), buildDefaultACLCommands(), dumpACL(), dumpRoleGUCPrivs(), dumpTable(), dumpTablespaces(), ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), get_user_default_acl(), object_aclmask_ext(), pg_class_aclmask_ext(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask_ext(), pg_parameter_acl_aclmask(), pg_parameter_aclmask(), pg_type_aclmask_ext(), and SetDefaultACL().

◆ acldefault_sql()

Datum acldefault_sql ( PG_FUNCTION_ARGS  )

Definition at line 903 of file acl.c.

904 {
905  char objtypec = PG_GETARG_CHAR(0);
906  Oid owner = PG_GETARG_OID(1);
907  ObjectType objtype = 0;
908 
909  switch (objtypec)
910  {
911  case 'c':
912  objtype = OBJECT_COLUMN;
913  break;
914  case 'r':
915  objtype = OBJECT_TABLE;
916  break;
917  case 's':
918  objtype = OBJECT_SEQUENCE;
919  break;
920  case 'd':
921  objtype = OBJECT_DATABASE;
922  break;
923  case 'f':
924  objtype = OBJECT_FUNCTION;
925  break;
926  case 'l':
927  objtype = OBJECT_LANGUAGE;
928  break;
929  case 'L':
930  objtype = OBJECT_LARGEOBJECT;
931  break;
932  case 'n':
933  objtype = OBJECT_SCHEMA;
934  break;
935  case 'p':
936  objtype = OBJECT_PARAMETER_ACL;
937  break;
938  case 't':
939  objtype = OBJECT_TABLESPACE;
940  break;
941  case 'F':
942  objtype = OBJECT_FDW;
943  break;
944  case 'S':
945  objtype = OBJECT_FOREIGN_SERVER;
946  break;
947  case 'T':
948  objtype = OBJECT_TYPE;
949  break;
950  default:
951  elog(ERROR, "unrecognized object type abbreviation: %c", objtypec);
952  }
953 
954  PG_RETURN_ACL_P(acldefault(objtype, owner));
955 }
acldefault
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:786
PG_RETURN_ACL_P
#define PG_RETURN_ACL_P(x)
Definition: acl.h:124
PG_GETARG_OID
#define PG_GETARG_OID(n)
Definition: fmgr.h:275
PG_GETARG_CHAR
#define PG_GETARG_CHAR(n)
Definition: fmgr.h:273
ObjectType
ObjectType
Definition: parsenodes.h:2260
Oid
unsigned int Oid
Definition: postgres_ext.h:31

References acldefault(), elog, ERROR, OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, PG_GETARG_CHAR, PG_GETARG_OID, and PG_RETURN_ACL_P.

◆ aclequal()

bool aclequal ( const Acl left_acl,
const Acl right_acl 
)

Definition at line 542 of file acl.c.

543 {
544  /* Check for cases where one or both are empty/null */
545  if (left_acl == NULL || ACL_NUM(left_acl) == 0)
546  {
547  if (right_acl == NULL || ACL_NUM(right_acl) == 0)
548  return true;
549  else
550  return false;
551  }
552  else
553  {
554  if (right_acl == NULL || ACL_NUM(right_acl) == 0)
555  return false;
556  }
557 
558  if (ACL_NUM(left_acl) != ACL_NUM(right_acl))
559  return false;
560 
561  if (memcmp(ACL_DAT(left_acl),
562  ACL_DAT(right_acl),
563  ACL_NUM(left_acl) * sizeof(AclItem)) == 0)
564  return true;
565 
566  return false;
567 }

References ACL_DAT, and ACL_NUM.

Referenced by ExecGrant_Parameter(), get_user_default_acl(), and SetDefaultACL().

◆ aclexplode()

Datum aclexplode ( PG_FUNCTION_ARGS  )

Definition at line 1774 of file acl.c.

1775 {
1776  Acl *acl = PG_GETARG_ACL_P(0);
1777  FuncCallContext *funcctx;
1778  int *idx;
1779  AclItem *aidat;
1780 
1781  if (SRF_IS_FIRSTCALL())
1782  {
1783  TupleDesc tupdesc;
1784  MemoryContext oldcontext;
1785 
1786  check_acl(acl);
1787 
1788  funcctx = SRF_FIRSTCALL_INIT();
1789  oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
1790 
1791  /*
1792  * build tupdesc for result tuples (matches out parameters in pg_proc
1793  * entry)
1794  */
1795  tupdesc = CreateTemplateTupleDesc(4);
1796  TupleDescInitEntry(tupdesc, (AttrNumber) 1, "grantor",
1797  OIDOID, -1, 0);
1798  TupleDescInitEntry(tupdesc, (AttrNumber) 2, "grantee",
1799  OIDOID, -1, 0);
1800  TupleDescInitEntry(tupdesc, (AttrNumber) 3, "privilege_type",
1801  TEXTOID, -1, 0);
1802  TupleDescInitEntry(tupdesc, (AttrNumber) 4, "is_grantable",
1803  BOOLOID, -1, 0);
1804 
1805  funcctx->tuple_desc = BlessTupleDesc(tupdesc);
1806 
1807  /* allocate memory for user context */
1808  idx = (int *) palloc(sizeof(int[2]));
1809  idx[0] = 0; /* ACL array item index */
1810  idx[1] = -1; /* privilege type counter */
1811  funcctx->user_fctx = (void *) idx;
1812 
1813  MemoryContextSwitchTo(oldcontext);
1814  }
1815 
1816  funcctx = SRF_PERCALL_SETUP();
1817  idx = (int *) funcctx->user_fctx;
1818  aidat = ACL_DAT(acl);
1819 
1820  /* need test here in case acl has no items */
1821  while (idx[0] < ACL_NUM(acl))
1822  {
1823  AclItem *aidata;
1824  AclMode priv_bit;
1825 
1826  idx[1]++;
1827  if (idx[1] == N_ACL_RIGHTS)
1828  {
1829  idx[1] = 0;
1830  idx[0]++;
1831  if (idx[0] >= ACL_NUM(acl)) /* done */
1832  break;
1833  }
1834  aidata = &aidat[idx[0]];
1835  priv_bit = UINT64CONST(1) << idx[1];
1836 
1837  if (ACLITEM_GET_PRIVS(*aidata) & priv_bit)
1838  {
1839  Datum result;
1840  Datum values[4];
1841  bool nulls[4] = {0};
1842  HeapTuple tuple;
1843 
1844  values[0] = ObjectIdGetDatum(aidata->ai_grantor);
1845  values[1] = ObjectIdGetDatum(aidata->ai_grantee);
1846  values[2] = CStringGetTextDatum(convert_aclright_to_string(priv_bit));
1847  values[3] = BoolGetDatum((ACLITEM_GET_GOPTIONS(*aidata) & priv_bit) != 0);
1848 
1849  tuple = heap_form_tuple(funcctx->tuple_desc, values, nulls);
1850  result = HeapTupleGetDatum(tuple);
1851 
1852  SRF_RETURN_NEXT(funcctx, result);
1853  }
1854  }
1855 
1856  SRF_RETURN_DONE(funcctx);
1857 }
idx
Datum idx(PG_FUNCTION_ARGS)
Definition: _int_op.c:259
convert_aclright_to_string
static const char * convert_aclright_to_string(int aclright)
Definition: acl.c:1718
ACLITEM_GET_PRIVS
#define ACLITEM_GET_PRIVS(item)
Definition: acl.h:66
ACLITEM_GET_GOPTIONS
#define ACLITEM_GET_GOPTIONS(item)
Definition: acl.h:67
AttrNumber
int16 AttrNumber
Definition: attnum.h:21
values
static Datum values[MAXATTR]
Definition: bootstrap.c:150
CStringGetTextDatum
#define CStringGetTextDatum(s)
Definition: builtins.h:97
BlessTupleDesc
TupleDesc BlessTupleDesc(TupleDesc tupdesc)
Definition: execTuples.c:2158
SRF_IS_FIRSTCALL
#define SRF_IS_FIRSTCALL()
Definition: funcapi.h:304
SRF_PERCALL_SETUP
#define SRF_PERCALL_SETUP()
Definition: funcapi.h:308
SRF_RETURN_NEXT
#define SRF_RETURN_NEXT(_funcctx, _result)
Definition: funcapi.h:310
SRF_FIRSTCALL_INIT
#define SRF_FIRSTCALL_INIT()
Definition: funcapi.h:306
HeapTupleGetDatum
static Datum HeapTupleGetDatum(const HeapTupleData *tuple)
Definition: funcapi.h:230
SRF_RETURN_DONE
#define SRF_RETURN_DONE(_funcctx)
Definition: funcapi.h:328
heap_form_tuple
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
Definition: heaptuple.c:1116
palloc
void * palloc(Size size)
Definition: mcxt.c:1317
N_ACL_RIGHTS
#define N_ACL_RIGHTS
Definition: parsenodes.h:91
Datum
uintptr_t Datum
Definition: postgres.h:64
BoolGetDatum
static Datum BoolGetDatum(bool X)
Definition: postgres.h:102
ObjectIdGetDatum
static Datum ObjectIdGetDatum(Oid X)
Definition: postgres.h:252
MemoryContextSwitchTo
MemoryContextSwitchTo(old_ctx)
FuncCallContext::user_fctx
void * user_fctx
Definition: funcapi.h:82
FuncCallContext::multi_call_memory_ctx
MemoryContext multi_call_memory_ctx
Definition: funcapi.h:101
FuncCallContext::tuple_desc
TupleDesc tuple_desc
Definition: funcapi.h:112
CreateTemplateTupleDesc
TupleDesc CreateTemplateTupleDesc(int natts)
Definition: tupdesc.c:67
TupleDescInitEntry
void TupleDescInitEntry(TupleDesc desc, AttrNumber attributeNumber, const char *attributeName, Oid oidtypeid, int32 typmod, int attdim)
Definition: tupdesc.c:651

References ACL_DAT, ACL_NUM, ACLITEM_GET_GOPTIONS, ACLITEM_GET_PRIVS, AclItem::ai_grantee, AclItem::ai_grantor, BlessTupleDesc(), BoolGetDatum(), check_acl(), convert_aclright_to_string(), CreateTemplateTupleDesc(), CStringGetTextDatum, heap_form_tuple(), HeapTupleGetDatum(), idx(), MemoryContextSwitchTo(), FuncCallContext::multi_call_memory_ctx, N_ACL_RIGHTS, ObjectIdGetDatum(), palloc(), PG_GETARG_ACL_P, SRF_FIRSTCALL_INIT, SRF_IS_FIRSTCALL, SRF_PERCALL_SETUP, SRF_RETURN_DONE, SRF_RETURN_NEXT, FuncCallContext::tuple_desc, TupleDescInitEntry(), FuncCallContext::user_fctx, and values.

◆ aclinsert()

Datum aclinsert ( PG_FUNCTION_ARGS  )

Definition at line 1575 of file acl.c.

1576 {
1577  ereport(ERROR,
1578  (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1579  errmsg("aclinsert is no longer supported")));
1580 
1581  PG_RETURN_NULL(); /* keep compiler quiet */
1582 }
errcode
int errcode(int sqlerrcode)
Definition: elog.c:853
errmsg
int errmsg(const char *fmt,...)
Definition: elog.c:1070
ereport
#define ereport(elevel,...)
Definition: elog.h:149
PG_RETURN_NULL
#define PG_RETURN_NULL()
Definition: fmgr.h:345

References ereport, errcode(), errmsg(), ERROR, and PG_RETURN_NULL.

◆ aclitem_eq()

Datum aclitem_eq ( PG_FUNCTION_ARGS  )

Definition at line 731 of file acl.c.

732 {
733  AclItem *a1 = PG_GETARG_ACLITEM_P(0);
734  AclItem *a2 = PG_GETARG_ACLITEM_P(1);
735  bool result;
736 
737  result = a1->ai_privs == a2->ai_privs &&
738  a1->ai_grantee == a2->ai_grantee &&
739  a1->ai_grantor == a2->ai_grantor;
740  PG_RETURN_BOOL(result);
741 }
a1
static const FormData_pg_attribute a1
Definition: heap.c:142
a2
static const FormData_pg_attribute a2
Definition: heap.c:156

References a1, a2, PG_GETARG_ACLITEM_P, and PG_RETURN_BOOL.

◆ aclitem_match()

static bool aclitem_match ( const AclItem a1,
const AclItem a2 
)
static

Definition at line 696 of file acl.c.

697 {
698  return a1->ai_grantee == a2->ai_grantee &&
699  a1->ai_grantor == a2->ai_grantor;
700 }

References a1, and a2.

Referenced by aclnewowner(), and aclupdate().

◆ aclitemComparator()

static int aclitemComparator ( const void *  arg1,
const void *  arg2 
)
static

Definition at line 707 of file acl.c.

708 {
709  const AclItem *a1 = (const AclItem *) arg1;
710  const AclItem *a2 = (const AclItem *) arg2;
711 
712  if (a1->ai_grantee > a2->ai_grantee)
713  return 1;
714  if (a1->ai_grantee < a2->ai_grantee)
715  return -1;
716  if (a1->ai_grantor > a2->ai_grantor)
717  return 1;
718  if (a1->ai_grantor < a2->ai_grantor)
719  return -1;
720  if (a1->ai_privs > a2->ai_privs)
721  return 1;
722  if (a1->ai_privs < a2->ai_privs)
723  return -1;
724  return 0;
725 }

References a1, and a2.

Referenced by aclitemsort().

◆ aclitemin()

Datum aclitemin ( PG_FUNCTION_ARGS  )

Definition at line 598 of file acl.c.

599 {
600  const char *s = PG_GETARG_CSTRING(0);
601  Node *escontext = fcinfo->context;
602  AclItem *aip;
603 
604  aip = (AclItem *) palloc(sizeof(AclItem));
605 
606  s = aclparse(s, aip, escontext);
607  if (s == NULL)
608  PG_RETURN_NULL();
609 
610  while (isspace((unsigned char) *s))
611  ++s;
612  if (*s)
613  ereturn(escontext, (Datum) 0,
614  (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
615  errmsg("extra garbage at the end of the ACL specification")));
616 
617  PG_RETURN_ACLITEM_P(aip);
618 }
aclparse
static const char * aclparse(const char *s, AclItem *aip, Node *escontext)
Definition: acl.c:253
PG_RETURN_ACLITEM_P
#define PG_RETURN_ACLITEM_P(x)
Definition: acl.h:118
ereturn
#define ereturn(context, dummy_value,...)
Definition: elog.h:276
PG_GETARG_CSTRING
#define PG_GETARG_CSTRING(n)
Definition: fmgr.h:277
Node
Definition: nodes.h:129

References aclparse(), ereturn, errcode(), errmsg(), palloc(), PG_GETARG_CSTRING, PG_RETURN_ACLITEM_P, and PG_RETURN_NULL.

◆ aclitemout()

Datum aclitemout ( PG_FUNCTION_ARGS  )

Definition at line 629 of file acl.c.

630 {
631  AclItem *aip = PG_GETARG_ACLITEM_P(0);
632  char *p;
633  char *out;
634  HeapTuple htup;
635  unsigned i;
636 
637  out = palloc(strlen("=/") +
638  2 * N_ACL_RIGHTS +
639  2 * (2 * NAMEDATALEN + 2) +
640  1);
641 
642  p = out;
643  *p = '\0';
644 
645  if (aip->ai_grantee != ACL_ID_PUBLIC)
646  {
647  htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantee));
648  if (HeapTupleIsValid(htup))
649  {
650  putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
651  ReleaseSysCache(htup);
652  }
653  else
654  {
655  /* Generate numeric OID if we don't find an entry */
656  sprintf(p, "%u", aip->ai_grantee);
657  }
658  }
659  while (*p)
660  ++p;
661 
662  *p++ = '=';
663 
664  for (i = 0; i < N_ACL_RIGHTS; ++i)
665  {
666  if (ACLITEM_GET_PRIVS(*aip) & (UINT64CONST(1) << i))
667  *p++ = ACL_ALL_RIGHTS_STR[i];
668  if (ACLITEM_GET_GOPTIONS(*aip) & (UINT64CONST(1) << i))
669  *p++ = '*';
670  }
671 
672  *p++ = '/';
673  *p = '\0';
674 
675  htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantor));
676  if (HeapTupleIsValid(htup))
677  {
678  putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
679  ReleaseSysCache(htup);
680  }
681  else
682  {
683  /* Generate numeric OID if we don't find an entry */
684  sprintf(p, "%u", aip->ai_grantor);
685  }
686 
687  PG_RETURN_CSTRING(out);
688 }
putid
static void putid(char *p, const char *s)
Definition: acl.c:201
ACL_ALL_RIGHTS_STR
#define ACL_ALL_RIGHTS_STR
Definition: acl.h:154
NameStr
#define NameStr(name)
Definition: c.h:746
PG_RETURN_CSTRING
#define PG_RETURN_CSTRING(x)
Definition: fmgr.h:362
HeapTupleIsValid
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
GETSTRUCT
#define GETSTRUCT(TUP)
Definition: htup_details.h:653
rolname
NameData rolname
Definition: pg_authid.h:34
Form_pg_authid
FormData_pg_authid * Form_pg_authid
Definition: pg_authid.h:56
NAMEDATALEN
#define NAMEDATALEN
Definition: pg_config_manual.h:29
sprintf
#define sprintf
Definition: port.h:240
ReleaseSysCache
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:266
SearchSysCache1
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:218

References ACL_ALL_RIGHTS_STR, ACL_ID_PUBLIC, ACLITEM_GET_GOPTIONS, ACLITEM_GET_PRIVS, AclItem::ai_grantee, AclItem::ai_grantor, GETSTRUCT, HeapTupleIsValid, i, N_ACL_RIGHTS, NAMEDATALEN, NameStr, ObjectIdGetDatum(), palloc(), PG_GETARG_ACLITEM_P, PG_RETURN_CSTRING, putid(), ReleaseSysCache(), rolname, SearchSysCache1(), and sprintf.

◆ aclitemsort()

void aclitemsort ( Acl acl)

Definition at line 528 of file acl.c.

529 {
530  if (acl != NULL && ACL_NUM(acl) > 1)
531  qsort(ACL_DAT(acl), ACL_NUM(acl), sizeof(AclItem), aclitemComparator);
532 }
aclitemComparator
static int aclitemComparator(const void *arg1, const void *arg2)
Definition: acl.c:707
qsort
#define qsort(a, b, c, d)
Definition: port.h:453

References ACL_DAT, ACL_NUM, aclitemComparator(), and qsort.

Referenced by get_user_default_acl(), and SetDefaultACL().

◆ aclmask()

AclMode aclmask ( const Acl acl,
Oid  roleid,
Oid  ownerId,
AclMode  mask,
AclMaskHow  how 
)

Definition at line 1371 of file acl.c.

1373 {
1374  AclMode result;
1375  AclMode remaining;
1376  AclItem *aidat;
1377  int i,
1378  num;
1379 
1380  /*
1381  * Null ACL should not happen, since caller should have inserted
1382  * appropriate default
1383  */
1384  if (acl == NULL)
1385  elog(ERROR, "null ACL");
1386 
1387  check_acl(acl);
1388 
1389  /* Quick exit for mask == 0 */
1390  if (mask == 0)
1391  return 0;
1392 
1393  result = 0;
1394 
1395  /* Owner always implicitly has all grant options */
1396  if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1397  has_privs_of_role(roleid, ownerId))
1398  {
1399  result = mask & ACLITEM_ALL_GOPTION_BITS;
1400  if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1401  return result;
1402  }
1403 
1404  num = ACL_NUM(acl);
1405  aidat = ACL_DAT(acl);
1406 
1407  /*
1408  * Check privileges granted directly to roleid or to public
1409  */
1410  for (i = 0; i < num; i++)
1411  {
1412  AclItem *aidata = &aidat[i];
1413 
1414  if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1415  aidata->ai_grantee == roleid)
1416  {
1417  result |= aidata->ai_privs & mask;
1418  if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1419  return result;
1420  }
1421  }
1422 
1423  /*
1424  * Check privileges granted indirectly via role memberships. We do this in
1425  * a separate pass to minimize expensive indirect membership tests. In
1426  * particular, it's worth testing whether a given ACL entry grants any
1427  * privileges still of interest before we perform the has_privs_of_role
1428  * test.
1429  */
1430  remaining = mask & ~result;
1431  for (i = 0; i < num; i++)
1432  {
1433  AclItem *aidata = &aidat[i];
1434 
1435  if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1436  aidata->ai_grantee == roleid)
1437  continue; /* already checked it */
1438 
1439  if ((aidata->ai_privs & remaining) &&
1440  has_privs_of_role(roleid, aidata->ai_grantee))
1441  {
1442  result |= aidata->ai_privs & mask;
1443  if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1444  return result;
1445  remaining = mask & ~result;
1446  }
1447  }
1448 
1449  return result;
1450 }
has_privs_of_role
bool has_privs_of_role(Oid member, Oid role)
Definition: acl.c:5134
ACLITEM_ALL_GOPTION_BITS
#define ACLITEM_ALL_GOPTION_BITS
Definition: acl.h:88
ACLMASK_ALL
@ ACLMASK_ALL
Definition: acl.h:176
remaining
int remaining
Definition: informix.c:673
AclItem::ai_privs
AclMode ai_privs
Definition: acl.h:58

References ACL_DAT, ACL_ID_PUBLIC, ACL_NUM, ACLITEM_ALL_GOPTION_BITS, ACLMASK_ALL, AclItem::ai_grantee, AclItem::ai_privs, check_acl(), elog, ERROR, has_privs_of_role(), i, and remaining.

Referenced by check_circularity(), LockTableAclCheck(), object_aclmask_ext(), pg_attribute_aclcheck_all_ext(), pg_attribute_aclmask_ext(), pg_class_aclmask_ext(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask_ext(), pg_parameter_acl_aclmask(), pg_parameter_aclmask(), pg_type_aclmask_ext(), and recursive_revoke().

◆ aclmask_direct()

static AclMode aclmask_direct ( const Acl acl,
Oid  roleid,
Oid  ownerId,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 1460 of file acl.c.

1462 {
1463  AclMode result;
1464  AclItem *aidat;
1465  int i,
1466  num;
1467 
1468  /*
1469  * Null ACL should not happen, since caller should have inserted
1470  * appropriate default
1471  */
1472  if (acl == NULL)
1473  elog(ERROR, "null ACL");
1474 
1475  check_acl(acl);
1476 
1477  /* Quick exit for mask == 0 */
1478  if (mask == 0)
1479  return 0;
1480 
1481  result = 0;
1482 
1483  /* Owner always implicitly has all grant options */
1484  if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1485  roleid == ownerId)
1486  {
1487  result = mask & ACLITEM_ALL_GOPTION_BITS;
1488  if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1489  return result;
1490  }
1491 
1492  num = ACL_NUM(acl);
1493  aidat = ACL_DAT(acl);
1494 
1495  /*
1496  * Check privileges granted directly to roleid (and not to public)
1497  */
1498  for (i = 0; i < num; i++)
1499  {
1500  AclItem *aidata = &aidat[i];
1501 
1502  if (aidata->ai_grantee == roleid)
1503  {
1504  result |= aidata->ai_privs & mask;
1505  if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1506  return result;
1507  }
1508  }
1509 
1510  return result;
1511 }

References ACL_DAT, ACL_NUM, ACLITEM_ALL_GOPTION_BITS, ACLMASK_ALL, AclItem::ai_grantee, AclItem::ai_privs, check_acl(), elog, ERROR, and i.

Referenced by select_best_grantor().

◆ aclmembers()

int aclmembers ( const Acl acl,
Oid **  roleids 
)

Definition at line 1523 of file acl.c.

1524 {
1525  Oid *list;
1526  const AclItem *acldat;
1527  int i,
1528  j;
1529 
1530  if (acl == NULL || ACL_NUM(acl) == 0)
1531  {
1532  *roleids = NULL;
1533  return 0;
1534  }
1535 
1536  check_acl(acl);
1537 
1538  /* Allocate the worst-case space requirement */
1539  list = palloc(ACL_NUM(acl) * 2 * sizeof(Oid));
1540  acldat = ACL_DAT(acl);
1541 
1542  /*
1543  * Walk the ACL collecting mentioned RoleIds.
1544  */
1545  j = 0;
1546  for (i = 0; i < ACL_NUM(acl); i++)
1547  {
1548  const AclItem *ai = &acldat[i];
1549 
1550  if (ai->ai_grantee != ACL_ID_PUBLIC)
1551  list[j++] = ai->ai_grantee;
1552  /* grantor is currently never PUBLIC, but let's check anyway */
1553  if (ai->ai_grantor != ACL_ID_PUBLIC)
1554  list[j++] = ai->ai_grantor;
1555  }
1556 
1557  /* Sort the array */
1558  qsort(list, j, sizeof(Oid), oid_cmp);
1559 
1560  /*
1561  * We could repalloc the array down to minimum size, but it's hardly worth
1562  * it since it's only transient memory.
1563  */
1564  *roleids = list;
1565 
1566  /* Remove duplicates from the array */
1567  return qunique(list, j, sizeof(Oid), oid_cmp);
1568 }
j
int j
Definition: isn.c:74
oid_cmp
int oid_cmp(const void *p1, const void *p2)
Definition: oid.c:258
qunique
static size_t qunique(void *array, size_t elements, size_t width, int(*compare)(const void *, const void *))
Definition: qunique.h:21

References ACL_DAT, ACL_ID_PUBLIC, ACL_NUM, AclItem::ai_grantee, AclItem::ai_grantor, check_acl(), i, j, sort-test::list, oid_cmp(), palloc(), qsort, and qunique().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), recordDependencyOnNewAcl(), recordExtensionInitPrivWorker(), RemoveRoleFromInitPriv(), ReplaceRoleInInitPriv(), and SetDefaultACL().

◆ aclmerge()

Acl* aclmerge ( const Acl left_acl,
const Acl right_acl,
Oid  ownerId 
)

Definition at line 484 of file acl.c.

485 {
486  Acl *result_acl;
487  AclItem *aip;
488  int i,
489  num;
490 
491  /* Check for cases where one or both are empty/null */
492  if (left_acl == NULL || ACL_NUM(left_acl) == 0)
493  {
494  if (right_acl == NULL || ACL_NUM(right_acl) == 0)
495  return NULL;
496  else
497  return aclcopy(right_acl);
498  }
499  else
500  {
501  if (right_acl == NULL || ACL_NUM(right_acl) == 0)
502  return aclcopy(left_acl);
503  }
504 
505  /* Merge them the hard way, one item at a time */
506  result_acl = aclcopy(left_acl);
507 
508  aip = ACL_DAT(right_acl);
509  num = ACL_NUM(right_acl);
510 
511  for (i = 0; i < num; i++, aip++)
512  {
513  Acl *tmp_acl;
514 
515  tmp_acl = aclupdate(result_acl, aip, ACL_MODECHG_ADD,
516  ownerId, DROP_RESTRICT);
517  pfree(result_acl);
518  result_acl = tmp_acl;
519  }
520 
521  return result_acl;
522 }
aclupdate
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
Definition: acl.c:975
aclcopy
Acl * aclcopy(const Acl *orig_acl)
Definition: acl.c:440
ACL_MODECHG_ADD
#define ACL_MODECHG_ADD
Definition: acl.h:129
pfree
void pfree(void *pointer)
Definition: mcxt.c:1521
DROP_RESTRICT
@ DROP_RESTRICT
Definition: parsenodes.h:2334

References ACL_DAT, ACL_MODECHG_ADD, ACL_NUM, aclcopy(), aclupdate(), DROP_RESTRICT, i, and pfree().

Referenced by get_user_default_acl().

◆ aclnewowner()

Acl* aclnewowner ( const Acl old_acl,
Oid  oldOwnerId,
Oid  newOwnerId 
)

Definition at line 1102 of file acl.c.

1103 {
1104  Acl *new_acl;
1105  AclItem *new_aip;
1106  AclItem *old_aip;
1107  AclItem *dst_aip;
1108  AclItem *src_aip;
1109  AclItem *targ_aip;
1110  bool newpresent = false;
1111  int dst,
1112  src,
1113  targ,
1114  num;
1115 
1116  check_acl(old_acl);
1117 
1118  /*
1119  * Make a copy of the given ACL, substituting new owner ID for old
1120  * wherever it appears as either grantor or grantee. Also note if the new
1121  * owner ID is already present.
1122  */
1123  num = ACL_NUM(old_acl);
1124  old_aip = ACL_DAT(old_acl);
1125  new_acl = allocacl(num);
1126  new_aip = ACL_DAT(new_acl);
1127  memcpy(new_aip, old_aip, num * sizeof(AclItem));
1128  for (dst = 0, dst_aip = new_aip; dst < num; dst++, dst_aip++)
1129  {
1130  if (dst_aip->ai_grantor == oldOwnerId)
1131  dst_aip->ai_grantor = newOwnerId;
1132  else if (dst_aip->ai_grantor == newOwnerId)
1133  newpresent = true;
1134  if (dst_aip->ai_grantee == oldOwnerId)
1135  dst_aip->ai_grantee = newOwnerId;
1136  else if (dst_aip->ai_grantee == newOwnerId)
1137  newpresent = true;
1138  }
1139 
1140  /*
1141  * If the old ACL contained any references to the new owner, then we may
1142  * now have generated an ACL containing duplicate entries. Find them and
1143  * merge them so that there are not duplicates. (This is relatively
1144  * expensive since we use a stupid O(N^2) algorithm, but it's unlikely to
1145  * be the normal case.)
1146  *
1147  * To simplify deletion of duplicate entries, we temporarily leave them in
1148  * the array but set their privilege masks to zero; when we reach such an
1149  * entry it's just skipped. (Thus, a side effect of this code will be to
1150  * remove privilege-free entries, should there be any in the input.) dst
1151  * is the next output slot, targ is the currently considered input slot
1152  * (always >= dst), and src scans entries to the right of targ looking for
1153  * duplicates. Once an entry has been emitted to dst it is known
1154  * duplicate-free and need not be considered anymore.
1155  */
1156  if (newpresent)
1157  {
1158  dst = 0;
1159  for (targ = 0, targ_aip = new_aip; targ < num; targ++, targ_aip++)
1160  {
1161  /* ignore if deleted in an earlier pass */
1162  if (ACLITEM_GET_RIGHTS(*targ_aip) == ACL_NO_RIGHTS)
1163  continue;
1164  /* find and merge any duplicates */
1165  for (src = targ + 1, src_aip = targ_aip + 1; src < num;
1166  src++, src_aip++)
1167  {
1168  if (ACLITEM_GET_RIGHTS(*src_aip) == ACL_NO_RIGHTS)
1169  continue;
1170  if (aclitem_match(targ_aip, src_aip))
1171  {
1172  ACLITEM_SET_RIGHTS(*targ_aip,
1173  ACLITEM_GET_RIGHTS(*targ_aip) |
1174  ACLITEM_GET_RIGHTS(*src_aip));
1175  /* mark the duplicate deleted */
1176  ACLITEM_SET_RIGHTS(*src_aip, ACL_NO_RIGHTS);
1177  }
1178  }
1179  /* and emit to output */
1180  new_aip[dst] = *targ_aip;
1181  dst++;
1182  }
1183  /* Adjust array size to be 'dst' items */
1184  ARR_DIMS(new_acl)[0] = dst;
1185  SET_VARSIZE(new_acl, ACL_N_SIZE(dst));
1186  }
1187 
1188  return new_acl;
1189 }
aclitem_match
static bool aclitem_match(const AclItem *a1, const AclItem *a2)
Definition: acl.c:696
ACL_N_SIZE
#define ACL_N_SIZE(N)
Definition: acl.h:110
ACLITEM_SET_RIGHTS
#define ACLITEM_SET_RIGHTS(item, rights)
Definition: acl.h:79
ARR_DIMS
#define ARR_DIMS(a)
Definition: array.h:294
SET_VARSIZE
#define SET_VARSIZE(PTR, len)
Definition: varatt.h:305

References ACL_DAT, ACL_N_SIZE, ACL_NO_RIGHTS, ACL_NUM, ACLITEM_GET_RIGHTS, aclitem_match(), ACLITEM_SET_RIGHTS, AclItem::ai_grantee, AclItem::ai_grantor, allocacl(), ARR_DIMS, check_acl(), and SET_VARSIZE.

Referenced by AlterDatabaseOwner(), AlterForeignDataWrapperOwner_internal(), AlterForeignServerOwner_internal(), AlterObjectOwner_internal(), AlterSchemaOwner_internal(), AlterTypeOwnerInternal(), ATExecChangeOwner(), change_owner_fix_column_acls(), and ReplaceRoleInInitPriv().

◆ aclparse()

static const char * aclparse ( const char *  s,
AclItem aip,
Node escontext 
)
static

Definition at line 253 of file acl.c.

254 {
255  AclMode privs,
256  goption,
257  read;
258  char name[NAMEDATALEN];
259  char name2[NAMEDATALEN];
260 
261  Assert(s && aip);
262 
263  s = getid(s, name, escontext);
264  if (s == NULL)
265  return NULL;
266  if (*s != '=')
267  {
268  /* we just read a keyword, not a name */
269  if (strcmp(name, "group") != 0 && strcmp(name, "user") != 0)
270  ereturn(escontext, NULL,
271  (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
272  errmsg("unrecognized key word: \"%s\"", name),
273  errhint("ACL key word must be \"group\" or \"user\".")));
274  /* move s to the name beyond the keyword */
275  s = getid(s, name, escontext);
276  if (s == NULL)
277  return NULL;
278  if (name[0] == '\0')
279  ereturn(escontext, NULL,
280  (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
281  errmsg("missing name"),
282  errhint("A name must follow the \"group\" or \"user\" key word.")));
283  }
284 
285  if (*s != '=')
286  ereturn(escontext, NULL,
287  (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
288  errmsg("missing \"=\" sign")));
289 
290  privs = goption = ACL_NO_RIGHTS;
291 
292  for (++s, read = 0; isalpha((unsigned char) *s) || *s == '*'; s++)
293  {
294  switch (*s)
295  {
296  case '*':
297  goption |= read;
298  break;
299  case ACL_INSERT_CHR:
300  read = ACL_INSERT;
301  break;
302  case ACL_SELECT_CHR:
303  read = ACL_SELECT;
304  break;
305  case ACL_UPDATE_CHR:
306  read = ACL_UPDATE;
307  break;
308  case ACL_DELETE_CHR:
309  read = ACL_DELETE;
310  break;
311  case ACL_TRUNCATE_CHR:
312  read = ACL_TRUNCATE;
313  break;
314  case ACL_REFERENCES_CHR:
315  read = ACL_REFERENCES;
316  break;
317  case ACL_TRIGGER_CHR:
318  read = ACL_TRIGGER;
319  break;
320  case ACL_EXECUTE_CHR:
321  read = ACL_EXECUTE;
322  break;
323  case ACL_USAGE_CHR:
324  read = ACL_USAGE;
325  break;
326  case ACL_CREATE_CHR:
327  read = ACL_CREATE;
328  break;
329  case ACL_CREATE_TEMP_CHR:
330  read = ACL_CREATE_TEMP;
331  break;
332  case ACL_CONNECT_CHR:
333  read = ACL_CONNECT;
334  break;
335  case ACL_SET_CHR:
336  read = ACL_SET;
337  break;
338  case ACL_ALTER_SYSTEM_CHR:
339  read = ACL_ALTER_SYSTEM;
340  break;
341  case ACL_MAINTAIN_CHR:
342  read = ACL_MAINTAIN;
343  break;
344  case 'R': /* ignore old RULE privileges */
345  read = 0;
346  break;
347  default:
348  ereturn(escontext, NULL,
349  (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
350  errmsg("invalid mode character: must be one of \"%s\"",
351  ACL_ALL_RIGHTS_STR)));
352  }
353 
354  privs |= read;
355  }
356 
357  if (name[0] == '\0')
358  aip->ai_grantee = ACL_ID_PUBLIC;
359  else
360  {
361  aip->ai_grantee = get_role_oid(name, true);
362  if (!OidIsValid(aip->ai_grantee))
363  ereturn(escontext, NULL,
364  (errcode(ERRCODE_UNDEFINED_OBJECT),
365  errmsg("role \"%s\" does not exist", name)));
366  }
367 
368  /*
369  * XXX Allow a degree of backward compatibility by defaulting the grantor
370  * to the superuser.
371  */
372  if (*s == '/')
373  {
374  s = getid(s + 1, name2, escontext);
375  if (s == NULL)
376  return NULL;
377  if (name2[0] == '\0')
378  ereturn(escontext, NULL,
379  (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
380  errmsg("a name must follow the \"/\" sign")));
381  aip->ai_grantor = get_role_oid(name2, true);
382  if (!OidIsValid(aip->ai_grantor))
383  ereturn(escontext, NULL,
384  (errcode(ERRCODE_UNDEFINED_OBJECT),
385  errmsg("role \"%s\" does not exist", name2)));
386  }
387  else
388  {
389  aip->ai_grantor = BOOTSTRAP_SUPERUSERID;
390  ereport(WARNING,
391  (errcode(ERRCODE_INVALID_GRANTOR),
392  errmsg("defaulting grantor to user ID %u",
393  BOOTSTRAP_SUPERUSERID)));
394  }
395 
396  ACLITEM_SET_PRIVS_GOPTIONS(*aip, privs, goption);
397 
398  return s;
399 }
getid
static const char * getid(const char *s, char *n, Node *escontext)
Definition: acl.c:149
get_role_oid
Oid get_role_oid(const char *rolname, bool missing_ok)
Definition: acl.c:5420
ACL_CREATE_CHR
#define ACL_CREATE_CHR
Definition: acl.h:146
ACL_SET_CHR
#define ACL_SET_CHR
Definition: acl.h:149
ACL_REFERENCES_CHR
#define ACL_REFERENCES_CHR
Definition: acl.h:142
ACL_TRUNCATE_CHR
#define ACL_TRUNCATE_CHR
Definition: acl.h:141
ACL_SELECT_CHR
#define ACL_SELECT_CHR
Definition: acl.h:138
ACL_EXECUTE_CHR
#define ACL_EXECUTE_CHR
Definition: acl.h:144
ACL_DELETE_CHR
#define ACL_DELETE_CHR
Definition: acl.h:140
ACL_INSERT_CHR
#define ACL_INSERT_CHR
Definition: acl.h:137
ACL_UPDATE_CHR
#define ACL_UPDATE_CHR
Definition: acl.h:139
ACL_ALTER_SYSTEM_CHR
#define ACL_ALTER_SYSTEM_CHR
Definition: acl.h:150
ACL_USAGE_CHR
#define ACL_USAGE_CHR
Definition: acl.h:145
ACL_CONNECT_CHR
#define ACL_CONNECT_CHR
Definition: acl.h:148
ACL_TRIGGER_CHR
#define ACL_TRIGGER_CHR
Definition: acl.h:143
ACL_CREATE_TEMP_CHR
#define ACL_CREATE_TEMP_CHR
Definition: acl.h:147
ACL_MAINTAIN_CHR
#define ACL_MAINTAIN_CHR
Definition: acl.h:151
Assert
#define Assert(condition)
Definition: c.h:858
OidIsValid
#define OidIsValid(objectId)
Definition: c.h:775
errhint
int errhint(const char *fmt,...)
Definition: elog.c:1317
WARNING
#define WARNING
Definition: elog.h:36
read
#define read(a, b, c)
Definition: win32.h:13
ACL_SET
#define ACL_SET
Definition: parsenodes.h:88
ACL_DELETE
#define ACL_DELETE
Definition: parsenodes.h:79
ACL_MAINTAIN
#define ACL_MAINTAIN
Definition: parsenodes.h:90
ACL_INSERT
#define ACL_INSERT
Definition: parsenodes.h:76
ACL_UPDATE
#define ACL_UPDATE
Definition: parsenodes.h:78
ACL_ALTER_SYSTEM
#define ACL_ALTER_SYSTEM
Definition: parsenodes.h:89
ACL_REFERENCES
#define ACL_REFERENCES
Definition: parsenodes.h:81
ACL_SELECT
#define ACL_SELECT
Definition: parsenodes.h:77
ACL_TRUNCATE
#define ACL_TRUNCATE
Definition: parsenodes.h:80
ACL_CREATE
#define ACL_CREATE
Definition: parsenodes.h:85
ACL_TRIGGER
#define ACL_TRIGGER
Definition: parsenodes.h:82
name
const char * name
Definition: wait_event_funcs.c:28

References ACL_ALL_RIGHTS_STR, ACL_ALTER_SYSTEM, ACL_ALTER_SYSTEM_CHR, ACL_CONNECT, ACL_CONNECT_CHR, ACL_CREATE, ACL_CREATE_CHR, ACL_CREATE_TEMP, ACL_CREATE_TEMP_CHR, ACL_DELETE, ACL_DELETE_CHR, ACL_EXECUTE, ACL_EXECUTE_CHR, ACL_ID_PUBLIC, ACL_INSERT, ACL_INSERT_CHR, ACL_MAINTAIN, ACL_MAINTAIN_CHR, ACL_NO_RIGHTS, ACL_REFERENCES, ACL_REFERENCES_CHR, ACL_SELECT, ACL_SELECT_CHR, ACL_SET, ACL_SET_CHR, ACL_TRIGGER, ACL_TRIGGER_CHR, ACL_TRUNCATE, ACL_TRUNCATE_CHR, ACL_UPDATE, ACL_UPDATE_CHR, ACL_USAGE, ACL_USAGE_CHR, ACLITEM_SET_PRIVS_GOPTIONS, AclItem::ai_grantee, AclItem::ai_grantor, Assert, ereport, ereturn, errcode(), errhint(), errmsg(), get_role_oid(), getid(), name, NAMEDATALEN, OidIsValid, read, and WARNING.

Referenced by aclitemin().

◆ aclremove()

Datum aclremove ( PG_FUNCTION_ARGS  )

Definition at line 1585 of file acl.c.

1586 {
1587  ereport(ERROR,
1588  (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1589  errmsg("aclremove is no longer supported")));
1590 
1591  PG_RETURN_NULL(); /* keep compiler quiet */
1592 }

References ereport, errcode(), errmsg(), ERROR, and PG_RETURN_NULL.

◆ aclupdate()

Acl* aclupdate ( const Acl old_acl,
const AclItem mod_aip,
int  modechg,
Oid  ownerId,
DropBehavior  behavior 
)

Definition at line 975 of file acl.c.

977 {
978  Acl *new_acl = NULL;
979  AclItem *old_aip,
980  *new_aip = NULL;
981  AclMode old_rights,
982  old_goptions,
983  new_rights,
984  new_goptions;
985  int dst,
986  num;
987 
988  /* Caller probably already checked old_acl, but be safe */
989  check_acl(old_acl);
990 
991  /* If granting grant options, check for circularity */
992  if (modechg != ACL_MODECHG_DEL &&
993  ACLITEM_GET_GOPTIONS(*mod_aip) != ACL_NO_RIGHTS)
994  check_circularity(old_acl, mod_aip, ownerId);
995 
996  num = ACL_NUM(old_acl);
997  old_aip = ACL_DAT(old_acl);
998 
999  /*
1000  * Search the ACL for an existing entry for this grantee and grantor. If
1001  * one exists, just modify the entry in-place (well, in the same position,
1002  * since we actually return a copy); otherwise, insert the new entry at
1003  * the end.
1004  */
1005 
1006  for (dst = 0; dst < num; ++dst)
1007  {
1008  if (aclitem_match(mod_aip, old_aip + dst))
1009  {
1010  /* found a match, so modify existing item */
1011  new_acl = allocacl(num);
1012  new_aip = ACL_DAT(new_acl);
1013  memcpy(new_acl, old_acl, ACL_SIZE(old_acl));
1014  break;
1015  }
1016  }
1017 
1018  if (dst == num)
1019  {
1020  /* need to append a new item */
1021  new_acl = allocacl(num + 1);
1022  new_aip = ACL_DAT(new_acl);
1023  memcpy(new_aip, old_aip, num * sizeof(AclItem));
1024 
1025  /* initialize the new entry with no permissions */
1026  new_aip[dst].ai_grantee = mod_aip->ai_grantee;
1027  new_aip[dst].ai_grantor = mod_aip->ai_grantor;
1028  ACLITEM_SET_PRIVS_GOPTIONS(new_aip[dst],
1029  ACL_NO_RIGHTS, ACL_NO_RIGHTS);
1030  num++; /* set num to the size of new_acl */
1031  }
1032 
1033  old_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
1034  old_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
1035 
1036  /* apply the specified permissions change */
1037  switch (modechg)
1038  {
1039  case ACL_MODECHG_ADD:
1040  ACLITEM_SET_RIGHTS(new_aip[dst],
1041  old_rights | ACLITEM_GET_RIGHTS(*mod_aip));
1042  break;
1043  case ACL_MODECHG_DEL:
1044  ACLITEM_SET_RIGHTS(new_aip[dst],
1045  old_rights & ~ACLITEM_GET_RIGHTS(*mod_aip));
1046  break;
1047  case ACL_MODECHG_EQL:
1048  ACLITEM_SET_RIGHTS(new_aip[dst],
1049  ACLITEM_GET_RIGHTS(*mod_aip));
1050  break;
1051  }
1052 
1053  new_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
1054  new_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
1055 
1056  /*
1057  * If the adjusted entry has no permissions, delete it from the list.
1058  */
1059  if (new_rights == ACL_NO_RIGHTS)
1060  {
1061  memmove(new_aip + dst,
1062  new_aip + dst + 1,
1063  (num - dst - 1) * sizeof(AclItem));
1064  /* Adjust array size to be 'num - 1' items */
1065  ARR_DIMS(new_acl)[0] = num - 1;
1066  SET_VARSIZE(new_acl, ACL_N_SIZE(num - 1));
1067  }
1068 
1069  /*
1070  * Remove abandoned privileges (cascading revoke). Currently we can only
1071  * handle this when the grantee is not PUBLIC.
1072  */
1073  if ((old_goptions & ~new_goptions) != 0)
1074  {
1075  Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1076  new_acl = recursive_revoke(new_acl, mod_aip->ai_grantee,
1077  (old_goptions & ~new_goptions),
1078  ownerId, behavior);
1079  }
1080 
1081  return new_acl;
1082 }
recursive_revoke
static Acl * recursive_revoke(Acl *acl, Oid grantee, AclMode revoke_privs, Oid ownerId, DropBehavior behavior)
Definition: acl.c:1285
check_circularity
static void check_circularity(const Acl *old_acl, const AclItem *mod_aip, Oid ownerId)
Definition: acl.c:1205
ACL_SIZE
#define ACL_SIZE(ACL)
Definition: acl.h:111
ACL_MODECHG_DEL
#define ACL_MODECHG_DEL
Definition: acl.h:130
ACL_MODECHG_EQL
#define ACL_MODECHG_EQL
Definition: acl.h:131

References ACL_DAT, ACL_ID_PUBLIC, ACL_MODECHG_ADD, ACL_MODECHG_DEL, ACL_MODECHG_EQL, ACL_N_SIZE, ACL_NO_RIGHTS, ACL_NUM, ACL_SIZE, ACLITEM_GET_GOPTIONS, ACLITEM_GET_RIGHTS, aclitem_match(), ACLITEM_SET_PRIVS_GOPTIONS, ACLITEM_SET_RIGHTS, AclItem::ai_grantee, AclItem::ai_grantor, allocacl(), ARR_DIMS, Assert, check_acl(), check_circularity(), recursive_revoke(), and SET_VARSIZE.

Referenced by aclmerge(), check_circularity(), merge_acl_with_grant(), and recursive_revoke().

◆ allocacl()

static Acl * allocacl ( int  n)
static

Definition at line 409 of file acl.c.

410 {
411  Acl *new_acl;
412  Size size;
413 
414  if (n < 0)
415  elog(ERROR, "invalid size: %d", n);
416  size = ACL_N_SIZE(n);
417  new_acl = (Acl *) palloc0(size);
418  SET_VARSIZE(new_acl, size);
419  new_acl->ndim = 1;
420  new_acl->dataoffset = 0; /* we never put in any nulls */
421  new_acl->elemtype = ACLITEMOID;
422  ARR_LBOUND(new_acl)[0] = 1;
423  ARR_DIMS(new_acl)[0] = n;
424  return new_acl;
425 }
ARR_LBOUND
#define ARR_LBOUND(a)
Definition: array.h:296
Size
size_t Size
Definition: c.h:605
palloc0
void * palloc0(Size size)
Definition: mcxt.c:1347
size
static pg_noinline void Size size
Definition: slab.c:607
ArrayType::elemtype
Oid elemtype
Definition: array.h:97
ArrayType::ndim
int ndim
Definition: array.h:95
ArrayType::dataoffset
int32 dataoffset
Definition: array.h:96

References ACL_N_SIZE, ARR_DIMS, ARR_LBOUND, ArrayType::dataoffset, ArrayType::elemtype, elog, ERROR, ArrayType::ndim, palloc0(), SET_VARSIZE, and size.

Referenced by aclconcat(), aclcopy(), acldefault(), aclnewowner(), aclupdate(), check_circularity(), and make_empty_acl().

◆ check_acl()

static void check_acl ( const Acl acl)
static

Definition at line 573 of file acl.c.

574 {
575  if (ARR_ELEMTYPE(acl) != ACLITEMOID)
576  ereport(ERROR,
577  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
578  errmsg("ACL array contains wrong data type")));
579  if (ARR_NDIM(acl) != 1)
580  ereport(ERROR,
581  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
582  errmsg("ACL arrays must be one-dimensional")));
583  if (ARR_HASNULL(acl))
584  ereport(ERROR,
585  (errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED),
586  errmsg("ACL arrays must not contain null values")));
587 }
ARR_NDIM
#define ARR_NDIM(a)
Definition: array.h:290
ARR_ELEMTYPE
#define ARR_ELEMTYPE(a)
Definition: array.h:292
ARR_HASNULL
#define ARR_HASNULL(a)
Definition: array.h:291

References ARR_ELEMTYPE, ARR_HASNULL, ARR_NDIM, ereport, errcode(), errmsg(), and ERROR.

Referenced by aclcontains(), aclexplode(), aclmask(), aclmask_direct(), aclmembers(), aclnewowner(), aclupdate(), check_circularity(), and recursive_revoke().

◆ check_can_set_role()

void check_can_set_role ( Oid  member,
Oid  role 
)

Definition at line 5191 of file acl.c.

5192 {
5193  if (!member_can_set_role(member, role))
5194  ereport(ERROR,
5195  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
5196  errmsg("must be able to SET ROLE \"%s\"",
5197  GetUserNameFromId(role, false))));
5198 }
member_can_set_role
bool member_can_set_role(Oid member, Oid role)
Definition: acl.c:5168
GetUserNameFromId
char * GetUserNameFromId(Oid roleid, bool noerr)
Definition: miscinit.c:980

References ereport, errcode(), errmsg(), ERROR, GetUserNameFromId(), and member_can_set_role().

Referenced by AlterDatabaseOwner(), AlterForeignServerOwner_internal(), AlterObjectOwner_internal(), AlterPublicationOwner_internal(), AlterSchemaOwner_internal(), AlterSubscriptionOwner_internal(), AlterTypeOwner(), ATExecChangeOwner(), createdb(), and CreateSchemaCommand().

◆ check_circularity()

static void check_circularity ( const Acl old_acl,
const AclItem mod_aip,
Oid  ownerId 
)
static

Definition at line 1205 of file acl.c.

1207 {
1208  Acl *acl;
1209  AclItem *aip;
1210  int i,
1211  num;
1212  AclMode own_privs;
1213 
1214  check_acl(old_acl);
1215 
1216  /*
1217  * For now, grant options can only be granted to roles, not PUBLIC.
1218  * Otherwise we'd have to work a bit harder here.
1219  */
1220  Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1221 
1222  /* The owner always has grant options, no need to check */
1223  if (mod_aip->ai_grantor == ownerId)
1224  return;
1225 
1226  /* Make a working copy */
1227  acl = allocacl(ACL_NUM(old_acl));
1228  memcpy(acl, old_acl, ACL_SIZE(old_acl));
1229 
1230  /* Zap all grant options of target grantee, plus what depends on 'em */
1231 cc_restart:
1232  num = ACL_NUM(acl);
1233  aip = ACL_DAT(acl);
1234  for (i = 0; i < num; i++)
1235  {
1236  if (aip[i].ai_grantee == mod_aip->ai_grantee &&
1237  ACLITEM_GET_GOPTIONS(aip[i]) != ACL_NO_RIGHTS)
1238  {
1239  Acl *new_acl;
1240 
1241  /* We'll actually zap ordinary privs too, but no matter */
1242  new_acl = aclupdate(acl, &aip[i], ACL_MODECHG_DEL,
1243  ownerId, DROP_CASCADE);
1244 
1245  pfree(acl);
1246  acl = new_acl;
1247 
1248  goto cc_restart;
1249  }
1250  }
1251 
1252  /* Now we can compute grantor's independently-derived privileges */
1253  own_privs = aclmask(acl,
1254  mod_aip->ai_grantor,
1255  ownerId,
1256  ACL_GRANT_OPTION_FOR(ACLITEM_GET_GOPTIONS(*mod_aip)),
1257  ACLMASK_ALL);
1258  own_privs = ACL_OPTION_TO_PRIVS(own_privs);
1259 
1260  if ((ACLITEM_GET_GOPTIONS(*mod_aip) & ~own_privs) != 0)
1261  ereport(ERROR,
1262  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1263  errmsg("grant options cannot be granted back to your own grantor")));
1264 
1265  pfree(acl);
1266 }
aclmask
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Definition: acl.c:1371
ACL_OPTION_TO_PRIVS
#define ACL_OPTION_TO_PRIVS(privs)
Definition: acl.h:71
ACL_GRANT_OPTION_FOR
#define ACL_GRANT_OPTION_FOR(privs)
Definition: acl.h:70
DROP_CASCADE
@ DROP_CASCADE
Definition: parsenodes.h:2335

References ACL_DAT, ACL_GRANT_OPTION_FOR, ACL_ID_PUBLIC, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACL_NUM, ACL_OPTION_TO_PRIVS, ACL_SIZE, ACLITEM_GET_GOPTIONS, aclmask(), ACLMASK_ALL, aclupdate(), AclItem::ai_grantee, AclItem::ai_grantor, allocacl(), Assert, check_acl(), DROP_CASCADE, ereport, errcode(), errmsg(), ERROR, i, and pfree().

Referenced by aclupdate().

◆ check_rolespec_name()

void check_rolespec_name ( const RoleSpec role,
const char *  detail_msg 
)

Definition at line 5561 of file acl.c.

5562 {
5563  if (!role)
5564  return;
5565 
5566  if (role->roletype != ROLESPEC_CSTRING)
5567  return;
5568 
5569  if (IsReservedName(role->rolename))
5570  {
5571  if (detail_msg)
5572  ereport(ERROR,
5573  (errcode(ERRCODE_RESERVED_NAME),
5574  errmsg("role name \"%s\" is reserved",
5575  role->rolename),
5576  errdetail_internal("%s", detail_msg)));
5577  else
5578  ereport(ERROR,
5579  (errcode(ERRCODE_RESERVED_NAME),
5580  errmsg("role name \"%s\" is reserved",
5581  role->rolename)));
5582  }
5583 }
IsReservedName
bool IsReservedName(const char *name)
Definition: catalog.c:238
errdetail_internal
int errdetail_internal(const char *fmt,...)
Definition: elog.c:1230
ROLESPEC_CSTRING
@ ROLESPEC_CSTRING
Definition: parsenodes.h:394
RoleSpec::roletype
RoleSpecType roletype
Definition: parsenodes.h:404
RoleSpec::rolename
char * rolename
Definition: parsenodes.h:405

References ereport, errcode(), errdetail_internal(), errmsg(), ERROR, IsReservedName(), RoleSpec::rolename, ROLESPEC_CSTRING, and RoleSpec::roletype.

Referenced by AlterRole(), and AlterRoleSet().

◆ column_privilege_check()

static int column_privilege_check ( Oid  tableoid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mode 
)
static

Definition at line 2521 of file acl.c.

2523 {
2524  AclResult aclresult;
2525  bool is_missing = false;
2526 
2527  /*
2528  * If convert_column_name failed, we can just return -1 immediately.
2529  */
2530  if (attnum == InvalidAttrNumber)
2531  return -1;
2532 
2533  /*
2534  * Check for column-level privileges first. This serves in part as a check
2535  * on whether the column even exists, so we need to do it before checking
2536  * table-level privilege.
2537  */
2538  aclresult = pg_attribute_aclcheck_ext(tableoid, attnum, roleid,
2539  mode, &is_missing);
2540  if (aclresult == ACLCHECK_OK)
2541  return 1;
2542  else if (is_missing)
2543  return -1;
2544 
2545  /* Next check if we have the privilege at the table level */
2546  aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2547  if (aclresult == ACLCHECK_OK)
2548  return 1;
2549  else if (is_missing)
2550  return -1;
2551  else
2552  return 0;
2553 }
AclResult
AclResult
Definition: acl.h:182
ACLCHECK_OK
@ ACLCHECK_OK
Definition: acl.h:183
pg_class_aclcheck_ext
AclResult pg_class_aclcheck_ext(Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)
Definition: aclchk.c:4101
pg_attribute_aclcheck_ext
AclResult pg_attribute_aclcheck_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
Definition: aclchk.c:3932
InvalidAttrNumber
#define InvalidAttrNumber
Definition: attnum.h:23
attnum
int16 attnum
Definition: pg_attribute.h:74
mode
static PgChecksumMode mode
Definition: pg_checksums.c:56

References ACLCHECK_OK, attnum, InvalidAttrNumber, mode, pg_attribute_aclcheck_ext(), and pg_class_aclcheck_ext().

Referenced by has_column_privilege_id_attnum(), has_column_privilege_id_id_attnum(), has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), and has_column_privilege_name_name_name().

◆ convert_aclright_to_string()

static const char* convert_aclright_to_string ( int  aclright)
static

Definition at line 1718 of file acl.c.

1719 {
1720  switch (aclright)
1721  {
1722  case ACL_INSERT:
1723  return "INSERT";
1724  case ACL_SELECT:
1725  return "SELECT";
1726  case ACL_UPDATE:
1727  return "UPDATE";
1728  case ACL_DELETE:
1729  return "DELETE";
1730  case ACL_TRUNCATE:
1731  return "TRUNCATE";
1732  case ACL_REFERENCES:
1733  return "REFERENCES";
1734  case ACL_TRIGGER:
1735  return "TRIGGER";
1736  case ACL_EXECUTE:
1737  return "EXECUTE";
1738  case ACL_USAGE:
1739  return "USAGE";
1740  case ACL_CREATE:
1741  return "CREATE";
1742  case ACL_CREATE_TEMP:
1743  return "TEMPORARY";
1744  case ACL_CONNECT:
1745  return "CONNECT";
1746  case ACL_SET:
1747  return "SET";
1748  case ACL_ALTER_SYSTEM:
1749  return "ALTER SYSTEM";
1750  case ACL_MAINTAIN:
1751  return "MAINTAIN";
1752  default:
1753  elog(ERROR, "unrecognized aclright: %d", aclright);
1754  return NULL;
1755  }
1756 }

References ACL_ALTER_SYSTEM, ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_MAINTAIN, ACL_REFERENCES, ACL_SELECT, ACL_SET, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, elog, and ERROR.

Referenced by aclexplode().

◆ convert_any_priv_string()

static AclMode convert_any_priv_string ( text priv_type_text,
const priv_map privileges 
)
static

Definition at line 1670 of file acl.c.

1672 {
1673  AclMode result = 0;
1674  char *priv_type = text_to_cstring(priv_type_text);
1675  char *chunk;
1676  char *next_chunk;
1677 
1678  /* We rely on priv_type being a private, modifiable string */
1679  for (chunk = priv_type; chunk; chunk = next_chunk)
1680  {
1681  int chunk_len;
1682  const priv_map *this_priv;
1683 
1684  /* Split string at commas */
1685  next_chunk = strchr(chunk, ',');
1686  if (next_chunk)
1687  *next_chunk++ = '\0';
1688 
1689  /* Drop leading/trailing whitespace in this chunk */
1690  while (*chunk && isspace((unsigned char) *chunk))
1691  chunk++;
1692  chunk_len = strlen(chunk);
1693  while (chunk_len > 0 && isspace((unsigned char) chunk[chunk_len - 1]))
1694  chunk_len--;
1695  chunk[chunk_len] = '\0';
1696 
1697  /* Match to the privileges list */
1698  for (this_priv = privileges; this_priv->name; this_priv++)
1699  {
1700  if (pg_strcasecmp(this_priv->name, chunk) == 0)
1701  {
1702  result |= this_priv->value;
1703  break;
1704  }
1705  }
1706  if (!this_priv->name)
1707  ereport(ERROR,
1708  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1709  errmsg("unrecognized privilege type: \"%s\"", chunk)));
1710  }
1711 
1712  pfree(priv_type);
1713  return result;
1714 }
chunk
uint64 chunk
Definition: hashfn_unstable.h:265
pg_strcasecmp
int pg_strcasecmp(const char *s1, const char *s2)
Definition: pgstrcasecmp.c:36
priv_map
Definition: acl.c:53
priv_map::name
const char * name
Definition: acl.c:54
priv_map::value
AclMode value
Definition: acl.c:55
text_to_cstring
char * text_to_cstring(const text *t)
Definition: varlena.c:217

References chunk, ereport, errcode(), errmsg(), ERROR, priv_map::name, pfree(), pg_strcasecmp(), text_to_cstring(), and priv_map::value.

Referenced by convert_column_priv_string(), convert_database_priv_string(), convert_foreign_data_wrapper_priv_string(), convert_function_priv_string(), convert_language_priv_string(), convert_parameter_priv_string(), convert_role_priv_string(), convert_schema_priv_string(), convert_sequence_priv_string(), convert_server_priv_string(), convert_table_priv_string(), convert_tablespace_priv_string(), convert_type_priv_string(), and makeaclitem().

◆ convert_column_name()

static AttrNumber convert_column_name ( Oid  tableoid,
text column 
)
static

Definition at line 2881 of file acl.c.

2882 {
2883  char *colname;
2884  HeapTuple attTuple;
2885  AttrNumber attnum;
2886 
2887  colname = text_to_cstring(column);
2888 
2889  /*
2890  * We don't use get_attnum() here because it will report that dropped
2891  * columns don't exist. We need to treat dropped columns differently from
2892  * nonexistent columns.
2893  */
2894  attTuple = SearchSysCache2(ATTNAME,
2895  ObjectIdGetDatum(tableoid),
2896  CStringGetDatum(colname));
2897  if (HeapTupleIsValid(attTuple))
2898  {
2899  Form_pg_attribute attributeForm;
2900 
2901  attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
2902  /* We want to return NULL for dropped columns */
2903  if (attributeForm->attisdropped)
2904  attnum = InvalidAttrNumber;
2905  else
2906  attnum = attributeForm->attnum;
2907  ReleaseSysCache(attTuple);
2908  }
2909  else
2910  {
2911  char *tablename = get_rel_name(tableoid);
2912 
2913  /*
2914  * If the table OID is bogus, or it's just been dropped, we'll get
2915  * NULL back. In such cases we want has_column_privilege to return
2916  * NULL too, so just return InvalidAttrNumber.
2917  */
2918  if (tablename != NULL)
2919  {
2920  /* tableoid exists, colname does not, so throw error */
2921  ereport(ERROR,
2922  (errcode(ERRCODE_UNDEFINED_COLUMN),
2923  errmsg("column \"%s\" of relation \"%s\" does not exist",
2924  colname, tablename)));
2925  }
2926  /* tableoid doesn't exist, so act like attisdropped case */
2927  attnum = InvalidAttrNumber;
2928  }
2929 
2930  pfree(colname);
2931  return attnum;
2932 }
get_rel_name
char * get_rel_name(Oid relid)
Definition: lsyscache.c:1928
Form_pg_attribute
FormData_pg_attribute * Form_pg_attribute
Definition: pg_attribute.h:209
CStringGetDatum
static Datum CStringGetDatum(const char *X)
Definition: postgres.h:350
SearchSysCache2
HeapTuple SearchSysCache2(int cacheId, Datum key1, Datum key2)
Definition: syscache.c:229

References attnum, CStringGetDatum(), ereport, errcode(), errmsg(), ERROR, get_rel_name(), GETSTRUCT, HeapTupleIsValid, InvalidAttrNumber, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache2(), and text_to_cstring().

Referenced by has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_name(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), and has_column_privilege_name_name_name().

◆ convert_column_priv_string()

static AclMode convert_column_priv_string ( text priv_type_text)
static

Definition at line 2939 of file acl.c.

2940 {
2941  static const priv_map column_priv_map[] = {
2942  {"SELECT", ACL_SELECT},
2943  {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2944  {"INSERT", ACL_INSERT},
2945  {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2946  {"UPDATE", ACL_UPDATE},
2947  {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2948  {"REFERENCES", ACL_REFERENCES},
2949  {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2950  {NULL, 0}
2951  };
2952 
2953  return convert_any_priv_string(priv_type_text, column_priv_map);
2954 }
convert_any_priv_string
static AclMode convert_any_priv_string(text *priv_type_text, const priv_map *privileges)
Definition: acl.c:1670

References ACL_GRANT_OPTION_FOR, ACL_INSERT, ACL_REFERENCES, ACL_SELECT, ACL_UPDATE, and convert_any_priv_string().

Referenced by has_any_column_privilege_id(), has_any_column_privilege_id_id(), has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_id(), has_any_column_privilege_name_name(), has_column_privilege_id_attnum(), has_column_privilege_id_id_attnum(), has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), and has_column_privilege_name_name_name().

◆ convert_database_name()

static Oid convert_database_name ( text databasename)
static

Definition at line 3133 of file acl.c.

3134 {
3135  char *dbname = text_to_cstring(databasename);
3136 
3137  return get_database_oid(dbname, false);
3138 }
get_database_oid
Oid get_database_oid(const char *dbname, bool missing_ok)
Definition: dbcommands.c:3119
dbname
char * dbname
Definition: streamutil.c:52

References dbname, get_database_oid(), and text_to_cstring().

Referenced by has_database_privilege_id_name(), has_database_privilege_name(), and has_database_privilege_name_name().

◆ convert_database_priv_string()

static AclMode convert_database_priv_string ( text priv_type_text)
static

Definition at line 3145 of file acl.c.

3146 {
3147  static const priv_map database_priv_map[] = {
3148  {"CREATE", ACL_CREATE},
3149  {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
3150  {"TEMPORARY", ACL_CREATE_TEMP},
3151  {"TEMPORARY WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3152  {"TEMP", ACL_CREATE_TEMP},
3153  {"TEMP WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3154  {"CONNECT", ACL_CONNECT},
3155  {"CONNECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CONNECT)},
3156  {NULL, 0}
3157  };
3158 
3159  return convert_any_priv_string(priv_type_text, database_priv_map);
3160 }

References ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_GRANT_OPTION_FOR, and convert_any_priv_string().

Referenced by has_database_privilege_id(), has_database_privilege_id_id(), has_database_privilege_id_name(), has_database_privilege_name(), has_database_privilege_name_id(), and has_database_privilege_name_name().

◆ convert_foreign_data_wrapper_name()

static Oid convert_foreign_data_wrapper_name ( text fdwname)
static

Definition at line 3339 of file acl.c.

3340 {
3341  char *fdwstr = text_to_cstring(fdwname);
3342 
3343  return get_foreign_data_wrapper_oid(fdwstr, false);
3344 }
get_foreign_data_wrapper_oid
Oid get_foreign_data_wrapper_oid(const char *fdwname, bool missing_ok)
Definition: foreign.c:671

References get_foreign_data_wrapper_oid(), and text_to_cstring().

Referenced by has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), and has_foreign_data_wrapper_privilege_name_name().

◆ convert_foreign_data_wrapper_priv_string()

static AclMode convert_foreign_data_wrapper_priv_string ( text priv_type_text)
static

Definition at line 3351 of file acl.c.

3352 {
3353  static const priv_map foreign_data_wrapper_priv_map[] = {
3354  {"USAGE", ACL_USAGE},
3355  {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3356  {NULL, 0}
3357  };
3358 
3359  return convert_any_priv_string(priv_type_text, foreign_data_wrapper_priv_map);
3360 }

References ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_foreign_data_wrapper_privilege_id(), has_foreign_data_wrapper_privilege_id_id(), has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), has_foreign_data_wrapper_privilege_name_id(), and has_foreign_data_wrapper_privilege_name_name().

◆ convert_function_name()

static Oid convert_function_name ( text functionname)
static

Definition at line 3539 of file acl.c.

3540 {
3541  char *funcname = text_to_cstring(functionname);
3542  Oid oid;
3543 
3544  oid = DatumGetObjectId(DirectFunctionCall1(regprocedurein,
3545  CStringGetDatum(funcname)));
3546 
3547  if (!OidIsValid(oid))
3548  ereport(ERROR,
3549  (errcode(ERRCODE_UNDEFINED_FUNCTION),
3550  errmsg("function \"%s\" does not exist", funcname)));
3551 
3552  return oid;
3553 }
DirectFunctionCall1
#define DirectFunctionCall1(func, arg1)
Definition: fmgr.h:642
funcname
#define funcname
Definition: indent_codes.h:69
DatumGetObjectId
static Oid DatumGetObjectId(Datum X)
Definition: postgres.h:242
regprocedurein
Datum regprocedurein(PG_FUNCTION_ARGS)
Definition: regproc.c:224

References CStringGetDatum(), DatumGetObjectId(), DirectFunctionCall1, ereport, errcode(), errmsg(), ERROR, funcname, OidIsValid, regprocedurein(), and text_to_cstring().

Referenced by has_function_privilege_id_name(), has_function_privilege_name(), and has_function_privilege_name_name().

◆ convert_function_priv_string()

static AclMode convert_function_priv_string ( text priv_type_text)
static

Definition at line 3560 of file acl.c.

3561 {
3562  static const priv_map function_priv_map[] = {
3563  {"EXECUTE", ACL_EXECUTE},
3564  {"EXECUTE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_EXECUTE)},
3565  {NULL, 0}
3566  };
3567 
3568  return convert_any_priv_string(priv_type_text, function_priv_map);
3569 }

References ACL_EXECUTE, ACL_GRANT_OPTION_FOR, and convert_any_priv_string().

Referenced by has_function_privilege_id(), has_function_privilege_id_id(), has_function_privilege_id_name(), has_function_privilege_name(), has_function_privilege_name_id(), and has_function_privilege_name_name().

◆ convert_language_name()

static Oid convert_language_name ( text languagename)
static

Definition at line 3748 of file acl.c.

3749 {
3750  char *langname = text_to_cstring(languagename);
3751 
3752  return get_language_oid(langname, false);
3753 }
get_language_oid
Oid get_language_oid(const char *langname, bool missing_ok)
Definition: proclang.c:226

References get_language_oid(), and text_to_cstring().

Referenced by has_language_privilege_id_name(), has_language_privilege_name(), and has_language_privilege_name_name().

◆ convert_language_priv_string()

static AclMode convert_language_priv_string ( text priv_type_text)
static

Definition at line 3760 of file acl.c.

3761 {
3762  static const priv_map language_priv_map[] = {
3763  {"USAGE", ACL_USAGE},
3764  {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3765  {NULL, 0}
3766  };
3767 
3768  return convert_any_priv_string(priv_type_text, language_priv_map);
3769 }

References ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_language_privilege_id(), has_language_privilege_id_id(), has_language_privilege_id_name(), has_language_privilege_name(), has_language_privilege_name_id(), and has_language_privilege_name_name().

◆ convert_parameter_priv_string()

static AclMode convert_parameter_priv_string ( text priv_text)
static

Definition at line 4659 of file acl.c.

4660 {
4661  static const priv_map parameter_priv_map[] = {
4662  {"SET", ACL_SET},
4663  {"SET WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SET)},
4664  {"ALTER SYSTEM", ACL_ALTER_SYSTEM},
4665  {"ALTER SYSTEM WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_ALTER_SYSTEM)},
4666  {NULL, 0}
4667  };
4668 
4669  return convert_any_priv_string(priv_text, parameter_priv_map);
4670 }

References ACL_ALTER_SYSTEM, ACL_GRANT_OPTION_FOR, ACL_SET, and convert_any_priv_string().

Referenced by has_parameter_privilege_id_name(), has_parameter_privilege_name(), and has_parameter_privilege_name_name().

◆ convert_role_priv_string()

static AclMode convert_role_priv_string ( text priv_type_text)
static

Definition at line 4837 of file acl.c.

4838 {
4839  static const priv_map role_priv_map[] = {
4840  {"USAGE", ACL_USAGE},
4841  {"MEMBER", ACL_CREATE},
4842  {"SET", ACL_SET},
4843  {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4844  {"USAGE WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4845  {"MEMBER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4846  {"MEMBER WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4847  {"SET WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4848  {"SET WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4849  {NULL, 0}
4850  };
4851 
4852  return convert_any_priv_string(priv_type_text, role_priv_map);
4853 }

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_SET, ACL_USAGE, and convert_any_priv_string().

Referenced by pg_has_role_id(), pg_has_role_id_id(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), and pg_has_role_name_name().

◆ convert_schema_name()

static Oid convert_schema_name ( text schemaname)
static

Definition at line 3948 of file acl.c.

3949 {
3950  char *nspname = text_to_cstring(schemaname);
3951 
3952  return get_namespace_oid(nspname, false);
3953 }
get_namespace_oid
Oid get_namespace_oid(const char *nspname, bool missing_ok)
Definition: namespace.c:3520

References get_namespace_oid(), and text_to_cstring().

Referenced by has_schema_privilege_id_name(), has_schema_privilege_name(), and has_schema_privilege_name_name().

◆ convert_schema_priv_string()

static AclMode convert_schema_priv_string ( text priv_type_text)
static

Definition at line 3960 of file acl.c.

3961 {
3962  static const priv_map schema_priv_map[] = {
3963  {"CREATE", ACL_CREATE},
3964  {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
3965  {"USAGE", ACL_USAGE},
3966  {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3967  {NULL, 0}
3968  };
3969 
3970  return convert_any_priv_string(priv_type_text, schema_priv_map);
3971 }

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_schema_privilege_id(), has_schema_privilege_id_id(), has_schema_privilege_id_name(), has_schema_privilege_name(), has_schema_privilege_name_id(), and has_schema_privilege_name_name().

◆ convert_sequence_priv_string()

static AclMode convert_sequence_priv_string ( text priv_type_text)
static

Definition at line 2284 of file acl.c.

2285 {
2286  static const priv_map sequence_priv_map[] = {
2287  {"USAGE", ACL_USAGE},
2288  {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
2289  {"SELECT", ACL_SELECT},
2290  {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2291  {"UPDATE", ACL_UPDATE},
2292  {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2293  {NULL, 0}
2294  };
2295 
2296  return convert_any_priv_string(priv_type_text, sequence_priv_map);
2297 }

References ACL_GRANT_OPTION_FOR, ACL_SELECT, ACL_UPDATE, ACL_USAGE, and convert_any_priv_string().

Referenced by has_sequence_privilege_id(), has_sequence_privilege_id_id(), has_sequence_privilege_id_name(), has_sequence_privilege_name(), has_sequence_privilege_name_id(), and has_sequence_privilege_name_name().

◆ convert_server_name()

static Oid convert_server_name ( text servername)
static

Definition at line 4150 of file acl.c.

4151 {
4152  char *serverstr = text_to_cstring(servername);
4153 
4154  return get_foreign_server_oid(serverstr, false);
4155 }
get_foreign_server_oid
Oid get_foreign_server_oid(const char *servername, bool missing_ok)
Definition: foreign.c:694

References get_foreign_server_oid(), and text_to_cstring().

Referenced by has_server_privilege_id_name(), has_server_privilege_name(), and has_server_privilege_name_name().

◆ convert_server_priv_string()

static AclMode convert_server_priv_string ( text priv_type_text)
static

Definition at line 4162 of file acl.c.

4163 {
4164  static const priv_map server_priv_map[] = {
4165  {"USAGE", ACL_USAGE},
4166  {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
4167  {NULL, 0}
4168  };
4169 
4170  return convert_any_priv_string(priv_type_text, server_priv_map);
4171 }

References ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_server_privilege_id(), has_server_privilege_id_id(), has_server_privilege_id_name(), has_server_privilege_name(), has_server_privilege_name_id(), and has_server_privilege_name_name().

◆ convert_table_name()

static Oid convert_table_name ( text tablename)
static

Definition at line 2032 of file acl.c.

2033 {
2034  RangeVar *relrv;
2035 
2036  relrv = makeRangeVarFromNameList(textToQualifiedNameList(tablename));
2037 
2038  /* We might not even have permissions on this relation; don't lock it. */
2039  return RangeVarGetRelid(relrv, NoLock, false);
2040 }
NoLock
#define NoLock
Definition: lockdefs.h:34
makeRangeVarFromNameList
RangeVar * makeRangeVarFromNameList(const List *names)
Definition: namespace.c:3539
RangeVarGetRelid
#define RangeVarGetRelid(relation, lockmode, missing_ok)
Definition: namespace.h:80
textToQualifiedNameList
List * textToQualifiedNameList(text *textval)
Definition: varlena.c:3399

References makeRangeVarFromNameList(), NoLock, RangeVarGetRelid, and textToQualifiedNameList().

Referenced by has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), has_column_privilege_name_name_name(), has_sequence_privilege_id_name(), has_sequence_privilege_name(), has_sequence_privilege_name_name(), has_table_privilege_id_name(), has_table_privilege_name(), and has_table_privilege_name_name().

◆ convert_table_priv_string()

static AclMode convert_table_priv_string ( text priv_type_text)
static

Definition at line 2047 of file acl.c.

2048 {
2049  static const priv_map table_priv_map[] = {
2050  {"SELECT", ACL_SELECT},
2051  {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2052  {"INSERT", ACL_INSERT},
2053  {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2054  {"UPDATE", ACL_UPDATE},
2055  {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2056  {"DELETE", ACL_DELETE},
2057  {"DELETE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_DELETE)},
2058  {"TRUNCATE", ACL_TRUNCATE},
2059  {"TRUNCATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRUNCATE)},
2060  {"REFERENCES", ACL_REFERENCES},
2061  {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2062  {"TRIGGER", ACL_TRIGGER},
2063  {"TRIGGER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRIGGER)},
2064  {"MAINTAIN", ACL_MAINTAIN},
2065  {"MAINTAIN WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_MAINTAIN)},
2066  {"RULE", 0}, /* ignore old RULE privileges */
2067  {"RULE WITH GRANT OPTION", 0},
2068  {NULL, 0}
2069  };
2070 
2071  return convert_any_priv_string(priv_type_text, table_priv_map);
2072 }

References ACL_DELETE, ACL_GRANT_OPTION_FOR, ACL_INSERT, ACL_MAINTAIN, ACL_REFERENCES, ACL_SELECT, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, and convert_any_priv_string().

Referenced by has_table_privilege_id(), has_table_privilege_id_id(), has_table_privilege_id_name(), has_table_privilege_name(), has_table_privilege_name_id(), and has_table_privilege_name_name().

◆ convert_tablespace_name()

static Oid convert_tablespace_name ( text tablespacename)
static

Definition at line 4350 of file acl.c.

4351 {
4352  char *spcname = text_to_cstring(tablespacename);
4353 
4354  return get_tablespace_oid(spcname, false);
4355 }
get_tablespace_oid
Oid get_tablespace_oid(const char *tablespacename, bool missing_ok)
Definition: tablespace.c:1426

References get_tablespace_oid(), and text_to_cstring().

Referenced by has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), and has_tablespace_privilege_name_name().

◆ convert_tablespace_priv_string()

static AclMode convert_tablespace_priv_string ( text priv_type_text)
static

Definition at line 4362 of file acl.c.

4363 {
4364  static const priv_map tablespace_priv_map[] = {
4365  {"CREATE", ACL_CREATE},
4366  {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4367  {NULL, 0}
4368  };
4369 
4370  return convert_any_priv_string(priv_type_text, tablespace_priv_map);
4371 }

References ACL_CREATE, ACL_GRANT_OPTION_FOR, and convert_any_priv_string().

Referenced by has_tablespace_privilege_id(), has_tablespace_privilege_id_id(), has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), has_tablespace_privilege_name_id(), and has_tablespace_privilege_name_name().

◆ convert_type_name()

static Oid convert_type_name ( text typename)
static

Definition at line 4549 of file acl.c.

4550 {
4551  char *typname = text_to_cstring(typename);
4552  Oid oid;
4553 
4554  oid = DatumGetObjectId(DirectFunctionCall1(regtypein,
4555  CStringGetDatum(typname)));
4556 
4557  if (!OidIsValid(oid))
4558  ereport(ERROR,
4559  (errcode(ERRCODE_UNDEFINED_OBJECT),
4560  errmsg("type \"%s\" does not exist", typname)));
4561 
4562  return oid;
4563 }
typname
NameData typname
Definition: pg_type.h:41
regtypein
Datum regtypein(PG_FUNCTION_ARGS)
Definition: regproc.c:1176

References CStringGetDatum(), DatumGetObjectId(), DirectFunctionCall1, ereport, errcode(), errmsg(), ERROR, OidIsValid, regtypein(), text_to_cstring(), and typname.

Referenced by has_type_privilege_id_name(), has_type_privilege_name(), and has_type_privilege_name_name().

◆ convert_type_priv_string()

static AclMode convert_type_priv_string ( text priv_type_text)
static

Definition at line 4570 of file acl.c.

4571 {
4572  static const priv_map type_priv_map[] = {
4573  {"USAGE", ACL_USAGE},
4574  {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
4575  {NULL, 0}
4576  };
4577 
4578  return convert_any_priv_string(priv_type_text, type_priv_map);
4579 }

References ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_type_privilege_id(), has_type_privilege_id_id(), has_type_privilege_id_name(), has_type_privilege_name(), has_type_privilege_name_id(), and has_type_privilege_name_name().

◆ count_one_bits()

static int count_one_bits ( AclMode  mask)
static

Definition at line 5304 of file acl.c.

5305 {
5306  int nbits = 0;
5307 
5308  /* this code relies on AclMode being an unsigned type */
5309  while (mask)
5310  {
5311  if (mask & 1)
5312  nbits++;
5313  mask >>= 1;
5314  }
5315  return nbits;
5316 }

Referenced by select_best_grantor().

◆ get_role_oid()

Oid get_role_oid ( const char *  rolname,
bool  missing_ok 
)

Definition at line 5420 of file acl.c.

5421 {
5422  Oid oid;
5423 
5424  oid = GetSysCacheOid1(AUTHNAME, Anum_pg_authid_oid,
5425  CStringGetDatum(rolname));
5426  if (!OidIsValid(oid) && !missing_ok)
5427  ereport(ERROR,
5428  (errcode(ERRCODE_UNDEFINED_OBJECT),
5429  errmsg("role \"%s\" does not exist", rolname)));
5430  return oid;
5431 }
GetSysCacheOid1
#define GetSysCacheOid1(cacheId, oidcol, key1)
Definition: syscache.h:104

References CStringGetDatum(), ereport, errcode(), errmsg(), ERROR, GetSysCacheOid1, OidIsValid, and rolname.

Referenced by aclparse(), check_hba(), check_ident_usermap(), createdb(), CreateRole(), get_object_address_unqualified(), get_role_oid_or_public(), get_rolespec_oid(), GrantRole(), is_member(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), pg_has_role_name_name(), regrolein(), shell_check_detail(), and worker_spi_launch().

◆ get_role_oid_or_public()

Oid get_role_oid_or_public ( const char *  rolname)

Definition at line 5438 of file acl.c.

5439 {
5440  if (strcmp(rolname, "public") == 0)
5441  return ACL_ID_PUBLIC;
5442 
5443  return get_role_oid(rolname, false);
5444 }

References ACL_ID_PUBLIC, get_role_oid(), and rolname.

Referenced by has_any_column_privilege_name_id(), has_any_column_privilege_name_name(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name_attnum(), has_column_privilege_name_name_name(), has_database_privilege_name_id(), has_database_privilege_name_name(), has_foreign_data_wrapper_privilege_name_id(), has_foreign_data_wrapper_privilege_name_name(), has_function_privilege_name_id(), has_function_privilege_name_name(), has_language_privilege_name_id(), has_language_privilege_name_name(), has_parameter_privilege_name_name(), has_schema_privilege_name_id(), has_schema_privilege_name_name(), has_sequence_privilege_name_id(), has_sequence_privilege_name_name(), has_server_privilege_name_id(), has_server_privilege_name_name(), has_table_privilege_name_id(), has_table_privilege_name_name(), has_tablespace_privilege_name_id(), has_tablespace_privilege_name_name(), has_type_privilege_name_id(), and has_type_privilege_name_name().

◆ get_rolespec_name()

char* get_rolespec_name ( const RoleSpec role)

Definition at line 5539 of file acl.c.

5540 {
5541  HeapTuple tp;
5542  Form_pg_authid authForm;
5543  char *rolename;
5544 
5545  tp = get_rolespec_tuple(role);
5546  authForm = (Form_pg_authid) GETSTRUCT(tp);
5547  rolename = pstrdup(NameStr(authForm->rolname));
5548  ReleaseSysCache(tp);
5549 
5550  return rolename;
5551 }
get_rolespec_tuple
HeapTuple get_rolespec_tuple(const RoleSpec *role)
Definition: acl.c:5493
pstrdup
char * pstrdup(const char *in)
Definition: mcxt.c:1696

References get_rolespec_tuple(), GETSTRUCT, NameStr, pstrdup(), and ReleaseSysCache().

Referenced by AddRoleMems(), and DelRoleMems().

◆ get_rolespec_oid()

Oid get_rolespec_oid ( const RoleSpec role,
bool  missing_ok 
)

Definition at line 5454 of file acl.c.

5455 {
5456  Oid oid;
5457 
5458  switch (role->roletype)
5459  {
5460  case ROLESPEC_CSTRING:
5461  Assert(role->rolename);
5462  oid = get_role_oid(role->rolename, missing_ok);
5463  break;
5464 
5465  case ROLESPEC_CURRENT_ROLE:
5466  case ROLESPEC_CURRENT_USER:
5467  oid = GetUserId();
5468  break;
5469 
5470  case ROLESPEC_SESSION_USER:
5471  oid = GetSessionUserId();
5472  break;
5473 
5474  case ROLESPEC_PUBLIC:
5475  ereport(ERROR,
5476  (errcode(ERRCODE_UNDEFINED_OBJECT),
5477  errmsg("role \"%s\" does not exist", "public")));
5478  oid = InvalidOid; /* make compiler happy */
5479  break;
5480 
5481  default:
5482  elog(ERROR, "unexpected role type %d", role->roletype);
5483  }
5484 
5485  return oid;
5486 }
GetUserId
Oid GetUserId(void)
Definition: miscinit.c:514
GetSessionUserId
Oid GetSessionUserId(void)
Definition: miscinit.c:548
ROLESPEC_CURRENT_USER
@ ROLESPEC_CURRENT_USER
Definition: parsenodes.h:396
ROLESPEC_SESSION_USER
@ ROLESPEC_SESSION_USER
Definition: parsenodes.h:397
ROLESPEC_CURRENT_ROLE
@ ROLESPEC_CURRENT_ROLE
Definition: parsenodes.h:395
ROLESPEC_PUBLIC
@ ROLESPEC_PUBLIC
Definition: parsenodes.h:398
InvalidOid
#define InvalidOid
Definition: postgres_ext.h:36

References Assert, elog, ereport, errcode(), errmsg(), ERROR, get_role_oid(), GetSessionUserId(), GetUserId(), InvalidOid, RoleSpec::rolename, ROLESPEC_CSTRING, ROLESPEC_CURRENT_ROLE, ROLESPEC_CURRENT_USER, ROLESPEC_PUBLIC, ROLESPEC_SESSION_USER, and RoleSpec::roletype.

Referenced by AlterUserMapping(), ATExecCmd(), CreateSchemaCommand(), CreateTableSpace(), CreateUserMapping(), ExecAlterDefaultPrivilegesStmt(), ExecAlterOwnerStmt(), ExecuteGrantStmt(), GrantRole(), policy_role_list_to_array(), ReassignOwnedObjects(), RemoveUserMapping(), and roleSpecsToIds().

◆ get_rolespec_tuple()

HeapTuple get_rolespec_tuple ( const RoleSpec role)

Definition at line 5493 of file acl.c.

5494 {
5495  HeapTuple tuple;
5496 
5497  switch (role->roletype)
5498  {
5499  case ROLESPEC_CSTRING:
5500  Assert(role->rolename);
5501  tuple = SearchSysCache1(AUTHNAME, CStringGetDatum(role->rolename));
5502  if (!HeapTupleIsValid(tuple))
5503  ereport(ERROR,
5504  (errcode(ERRCODE_UNDEFINED_OBJECT),
5505  errmsg("role \"%s\" does not exist", role->rolename)));
5506  break;
5507 
5508  case ROLESPEC_CURRENT_ROLE:
5509  case ROLESPEC_CURRENT_USER:
5510  tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(GetUserId()));
5511  if (!HeapTupleIsValid(tuple))
5512  elog(ERROR, "cache lookup failed for role %u", GetUserId());
5513  break;
5514 
5515  case ROLESPEC_SESSION_USER:
5516  tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(GetSessionUserId()));
5517  if (!HeapTupleIsValid(tuple))
5518  elog(ERROR, "cache lookup failed for role %u", GetSessionUserId());
5519  break;
5520 
5521  case ROLESPEC_PUBLIC:
5522  ereport(ERROR,
5523  (errcode(ERRCODE_UNDEFINED_OBJECT),
5524  errmsg("role \"%s\" does not exist", "public")));
5525  tuple = NULL; /* make compiler happy */
5526  break;
5527 
5528  default:
5529  elog(ERROR, "unexpected role type %d", role->roletype);
5530  }
5531 
5532  return tuple;
5533 }

References Assert, CStringGetDatum(), elog, ereport, errcode(), errmsg(), ERROR, GetSessionUserId(), GetUserId(), HeapTupleIsValid, ObjectIdGetDatum(), RoleSpec::rolename, ROLESPEC_CSTRING, ROLESPEC_CURRENT_ROLE, ROLESPEC_CURRENT_USER, ROLESPEC_PUBLIC, ROLESPEC_SESSION_USER, RoleSpec::roletype, and SearchSysCache1().

Referenced by AlterRole(), AlterRoleSet(), CreateRole(), and get_rolespec_name().

◆ getid()

static const char * getid ( const char *  s,
char *  n,
Node escontext 
)
static

Definition at line 149 of file acl.c.

150 {
151  int len = 0;
152  bool in_quotes = false;
153 
154  Assert(s && n);
155 
156  while (isspace((unsigned char) *s))
157  s++;
158  /* This code had better match what putid() does, below */
159  for (;
160  *s != '\0' &&
161  (isalnum((unsigned char) *s) ||
162  *s == '_' ||
163  *s == '"' ||
164  in_quotes);
165  s++)
166  {
167  if (*s == '"')
168  {
169  /* safe to look at next char (could be '\0' though) */
170  if (*(s + 1) != '"')
171  {
172  in_quotes = !in_quotes;
173  continue;
174  }
175  /* it's an escaped double quote; skip the escaping char */
176  s++;
177  }
178 
179  /* Add the character to the string */
180  if (len >= NAMEDATALEN - 1)
181  ereturn(escontext, NULL,
182  (errcode(ERRCODE_NAME_TOO_LONG),
183  errmsg("identifier too long"),
184  errdetail("Identifier must be less than %d characters.",
185  NAMEDATALEN)));
186 
187  n[len++] = *s;
188  }
189  n[len] = '\0';
190  while (isspace((unsigned char) *s))
191  s++;
192  return s;
193 }
errdetail
int errdetail(const char *fmt,...)
Definition: elog.c:1203
len
const void size_t len
Definition: pg_crc32c_sse42.c:24

References Assert, ereturn, errcode(), errdetail(), errmsg(), len, and NAMEDATALEN.

Referenced by aclparse().

◆ has_any_column_privilege_id()

Datum has_any_column_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 2410 of file acl.c.

2411 {
2412  Oid tableoid = PG_GETARG_OID(0);
2413  text *priv_type_text = PG_GETARG_TEXT_PP(1);
2414  Oid roleid;
2415  AclMode mode;
2416  AclResult aclresult;
2417  bool is_missing = false;
2418 
2419  roleid = GetUserId();
2420  mode = convert_column_priv_string(priv_type_text);
2421 
2422  /* First check at table level, then examine each column if needed */
2423  aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2424  if (aclresult != ACLCHECK_OK)
2425  {
2426  if (is_missing)
2427  PG_RETURN_NULL();
2428  aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
2429  ACLMASK_ANY, &is_missing);
2430  if (is_missing)
2431  PG_RETURN_NULL();
2432  }
2433 
2434  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2435 }
convert_column_priv_string
static AclMode convert_column_priv_string(text *priv_type_text)
Definition: acl.c:2939
ACLMASK_ANY
@ ACLMASK_ANY
Definition: acl.h:177
pg_attribute_aclcheck_all_ext
AclResult pg_attribute_aclcheck_all_ext(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:3973
PG_GETARG_TEXT_PP
#define PG_GETARG_TEXT_PP(n)
Definition: fmgr.h:309
varlena
Definition: c.h:687

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), GetUserId(), mode, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_any_column_privilege_id_id()

Datum has_any_column_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 2470 of file acl.c.

2471 {
2472  Oid roleid = PG_GETARG_OID(0);
2473  Oid tableoid = PG_GETARG_OID(1);
2474  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2475  AclMode mode;
2476  AclResult aclresult;
2477  bool is_missing = false;
2478 
2479  mode = convert_column_priv_string(priv_type_text);
2480 
2481  /* First check at table level, then examine each column if needed */
2482  aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2483  if (aclresult != ACLCHECK_OK)
2484  {
2485  if (is_missing)
2486  PG_RETURN_NULL();
2487  aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
2488  ACLMASK_ANY, &is_missing);
2489  if (is_missing)
2490  PG_RETURN_NULL();
2491  }
2492 
2493  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2494 }

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), mode, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_any_column_privilege_id_name()

Datum has_any_column_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2443 of file acl.c.

2444 {
2445  Oid roleid = PG_GETARG_OID(0);
2446  text *tablename = PG_GETARG_TEXT_PP(1);
2447  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2448  Oid tableoid;
2449  AclMode mode;
2450  AclResult aclresult;
2451 
2452  tableoid = convert_table_name(tablename);
2453  mode = convert_column_priv_string(priv_type_text);
2454 
2455  /* First check at table level, then examine each column if needed */
2456  aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2457  if (aclresult != ACLCHECK_OK)
2458  aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2459  ACLMASK_ANY);
2460 
2461  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2462 }
convert_table_name
static Oid convert_table_name(text *tablename)
Definition: acl.c:2032
pg_attribute_aclcheck_all
AclResult pg_attribute_aclcheck_all(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
Definition: aclchk.c:3962
pg_class_aclcheck
AclResult pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode)
Definition: aclchk.c:4091

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), mode, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_any_column_privilege_name()

Datum has_any_column_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 2347 of file acl.c.

2348 {
2349  text *tablename = PG_GETARG_TEXT_PP(0);
2350  text *priv_type_text = PG_GETARG_TEXT_PP(1);
2351  Oid roleid;
2352  Oid tableoid;
2353  AclMode mode;
2354  AclResult aclresult;
2355 
2356  roleid = GetUserId();
2357  tableoid = convert_table_name(tablename);
2358  mode = convert_column_priv_string(priv_type_text);
2359 
2360  /* First check at table level, then examine each column if needed */
2361  aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2362  if (aclresult != ACLCHECK_OK)
2363  aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2364  ACLMASK_ANY);
2365 
2366  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2367 }

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), GetUserId(), mode, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_any_column_privilege_name_id()

Datum has_any_column_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 2375 of file acl.c.

2376 {
2377  Name username = PG_GETARG_NAME(0);
2378  Oid tableoid = PG_GETARG_OID(1);
2379  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2380  Oid roleid;
2381  AclMode mode;
2382  AclResult aclresult;
2383  bool is_missing = false;
2384 
2385  roleid = get_role_oid_or_public(NameStr(*username));
2386  mode = convert_column_priv_string(priv_type_text);
2387 
2388  /* First check at table level, then examine each column if needed */
2389  aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2390  if (aclresult != ACLCHECK_OK)
2391  {
2392  if (is_missing)
2393  PG_RETURN_NULL();
2394  aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
2395  ACLMASK_ANY, &is_missing);
2396  if (is_missing)
2397  PG_RETURN_NULL();
2398  }
2399 
2400  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2401 }
get_role_oid_or_public
Oid get_role_oid_or_public(const char *rolname)
Definition: acl.c:5438
PG_GETARG_NAME
#define PG_GETARG_NAME(n)
Definition: fmgr.h:278
username
static char * username
Definition: initdb.c:153
nameData
Definition: c.h:741

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), get_role_oid_or_public(), mode, NameStr, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_any_column_privilege_name_name()

Datum has_any_column_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2317 of file acl.c.

2318 {
2319  Name rolename = PG_GETARG_NAME(0);
2320  text *tablename = PG_GETARG_TEXT_PP(1);
2321  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2322  Oid roleid;
2323  Oid tableoid;
2324  AclMode mode;
2325  AclResult aclresult;
2326 
2327  roleid = get_role_oid_or_public(NameStr(*rolename));
2328  tableoid = convert_table_name(tablename);
2329  mode = convert_column_priv_string(priv_type_text);
2330 
2331  /* First check at table level, then examine each column if needed */
2332  aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2333  if (aclresult != ACLCHECK_OK)
2334  aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2335  ACLMASK_ANY);
2336 
2337  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2338 }

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), get_role_oid_or_public(), mode, NameStr, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_column_privilege_id_attnum()

Datum has_column_privilege_id_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2853 of file acl.c.

2854 {
2855  Oid tableoid = PG_GETARG_OID(0);
2856  AttrNumber colattnum = PG_GETARG_INT16(1);
2857  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2858  Oid roleid;
2859  AclMode mode;
2860  int privresult;
2861 
2862  roleid = GetUserId();
2863  mode = convert_column_priv_string(priv_type_text);
2864 
2865  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2866  if (privresult < 0)
2867  PG_RETURN_NULL();
2868  PG_RETURN_BOOL(privresult);
2869 }
column_privilege_check
static int column_privilege_check(Oid tableoid, AttrNumber attnum, Oid roleid, AclMode mode)
Definition: acl.c:2521
PG_GETARG_INT16
#define PG_GETARG_INT16(n)
Definition: fmgr.h:271

References column_privilege_check(), convert_column_priv_string(), GetUserId(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_id_attnum()

Datum has_column_privilege_id_id_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2746 of file acl.c.

2747 {
2748  Oid roleid = PG_GETARG_OID(0);
2749  Oid tableoid = PG_GETARG_OID(1);
2750  AttrNumber colattnum = PG_GETARG_INT16(2);
2751  text *priv_type_text = PG_GETARG_TEXT_PP(3);
2752  AclMode mode;
2753  int privresult;
2754 
2755  mode = convert_column_priv_string(priv_type_text);
2756 
2757  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2758  if (privresult < 0)
2759  PG_RETURN_NULL();
2760  PG_RETURN_BOOL(privresult);
2761 }

References column_privilege_check(), convert_column_priv_string(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_id_name()

Datum has_column_privilege_id_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2721 of file acl.c.

2722 {
2723  Oid roleid = PG_GETARG_OID(0);
2724  Oid tableoid = PG_GETARG_OID(1);
2725  text *column = PG_GETARG_TEXT_PP(2);
2726  text *priv_type_text = PG_GETARG_TEXT_PP(3);
2727  AttrNumber colattnum;
2728  AclMode mode;
2729  int privresult;
2730 
2731  colattnum = convert_column_name(tableoid, column);
2732  mode = convert_column_priv_string(priv_type_text);
2733 
2734  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2735  if (privresult < 0)
2736  PG_RETURN_NULL();
2737  PG_RETURN_BOOL(privresult);
2738 }
convert_column_name
static AttrNumber convert_column_name(Oid tableoid, text *column)
Definition: acl.c:2881

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name()

Datum has_column_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2826 of file acl.c.

2827 {
2828  Oid tableoid = PG_GETARG_OID(0);
2829  text *column = PG_GETARG_TEXT_PP(1);
2830  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2831  Oid roleid;
2832  AttrNumber colattnum;
2833  AclMode mode;
2834  int privresult;
2835 
2836  roleid = GetUserId();
2837  colattnum = convert_column_name(tableoid, column);
2838  mode = convert_column_priv_string(priv_type_text);
2839 
2840  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2841  if (privresult < 0)
2842  PG_RETURN_NULL();
2843  PG_RETURN_BOOL(privresult);
2844 }

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), GetUserId(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name_attnum()

Datum has_column_privilege_id_name_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2696 of file acl.c.

2697 {
2698  Oid roleid = PG_GETARG_OID(0);
2699  text *tablename = PG_GETARG_TEXT_PP(1);
2700  AttrNumber colattnum = PG_GETARG_INT16(2);
2701  text *priv_type_text = PG_GETARG_TEXT_PP(3);
2702  Oid tableoid;
2703  AclMode mode;
2704  int privresult;
2705 
2706  tableoid = convert_table_name(tablename);
2707  mode = convert_column_priv_string(priv_type_text);
2708 
2709  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2710  if (privresult < 0)
2711  PG_RETURN_NULL();
2712  PG_RETURN_BOOL(privresult);
2713 }

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name_name()

Datum has_column_privilege_id_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2669 of file acl.c.

2670 {
2671  Oid roleid = PG_GETARG_OID(0);
2672  text *tablename = PG_GETARG_TEXT_PP(1);
2673  text *column = PG_GETARG_TEXT_PP(2);
2674  text *priv_type_text = PG_GETARG_TEXT_PP(3);
2675  Oid tableoid;
2676  AttrNumber colattnum;
2677  AclMode mode;
2678  int privresult;
2679 
2680  tableoid = convert_table_name(tablename);
2681  colattnum = convert_column_name(tableoid, column);
2682  mode = convert_column_priv_string(priv_type_text);
2683 
2684  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2685  if (privresult < 0)
2686  PG_RETURN_NULL();
2687  PG_RETURN_BOOL(privresult);
2688 }

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_attnum()

Datum has_column_privilege_name_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2799 of file acl.c.

2800 {
2801  text *tablename = PG_GETARG_TEXT_PP(0);
2802  AttrNumber colattnum = PG_GETARG_INT16(1);
2803  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2804  Oid roleid;
2805  Oid tableoid;
2806  AclMode mode;
2807  int privresult;
2808 
2809  roleid = GetUserId();
2810  tableoid = convert_table_name(tablename);
2811  mode = convert_column_priv_string(priv_type_text);
2812 
2813  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2814  if (privresult < 0)
2815  PG_RETURN_NULL();
2816  PG_RETURN_BOOL(privresult);
2817 }

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), GetUserId(), mode, PG_GETARG_INT16, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_id_attnum()

Datum has_column_privilege_name_id_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2644 of file acl.c.

2645 {
2646  Name username = PG_GETARG_NAME(0);
2647  Oid tableoid = PG_GETARG_OID(1);
2648  AttrNumber colattnum = PG_GETARG_INT16(2);
2649  text *priv_type_text = PG_GETARG_TEXT_PP(3);
2650  Oid roleid;
2651  AclMode mode;
2652  int privresult;
2653 
2654  roleid = get_role_oid_or_public(NameStr(*username));
2655  mode = convert_column_priv_string(priv_type_text);
2656 
2657  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2658  if (privresult < 0)
2659  PG_RETURN_NULL();
2660  PG_RETURN_BOOL(privresult);
2661 }

References column_privilege_check(), convert_column_priv_string(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_INT16, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_column_privilege_name_id_name()

Datum has_column_privilege_name_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2617 of file acl.c.

2618 {
2619  Name username = PG_GETARG_NAME(0);
2620  Oid tableoid = PG_GETARG_OID(1);
2621  text *column = PG_GETARG_TEXT_PP(2);
2622  text *priv_type_text = PG_GETARG_TEXT_PP(3);
2623  Oid roleid;
2624  AttrNumber colattnum;
2625  AclMode mode;
2626  int privresult;
2627 
2628  roleid = get_role_oid_or_public(NameStr(*username));
2629  colattnum = convert_column_name(tableoid, column);
2630  mode = convert_column_priv_string(priv_type_text);
2631 
2632  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2633  if (privresult < 0)
2634  PG_RETURN_NULL();
2635  PG_RETURN_BOOL(privresult);
2636 }

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_column_privilege_name_name()

Datum has_column_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2770 of file acl.c.

2771 {
2772  text *tablename = PG_GETARG_TEXT_PP(0);
2773  text *column = PG_GETARG_TEXT_PP(1);
2774  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2775  Oid roleid;
2776  Oid tableoid;
2777  AttrNumber colattnum;
2778  AclMode mode;
2779  int privresult;
2780 
2781  roleid = GetUserId();
2782  tableoid = convert_table_name(tablename);
2783  colattnum = convert_column_name(tableoid, column);
2784  mode = convert_column_priv_string(priv_type_text);
2785 
2786  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2787  if (privresult < 0)
2788  PG_RETURN_NULL();
2789  PG_RETURN_BOOL(privresult);
2790 }

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), GetUserId(), mode, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_name_attnum()

Datum has_column_privilege_name_name_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2590 of file acl.c.

2591 {
2592  Name rolename = PG_GETARG_NAME(0);
2593  text *tablename = PG_GETARG_TEXT_PP(1);
2594  AttrNumber colattnum = PG_GETARG_INT16(2);
2595  text *priv_type_text = PG_GETARG_TEXT_PP(3);
2596  Oid roleid;
2597  Oid tableoid;
2598  AclMode mode;
2599  int privresult;
2600 
2601  roleid = get_role_oid_or_public(NameStr(*rolename));
2602  tableoid = convert_table_name(tablename);
2603  mode = convert_column_priv_string(priv_type_text);
2604 
2605  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2606  if (privresult < 0)
2607  PG_RETURN_NULL();
2608  PG_RETURN_BOOL(privresult);
2609 }

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_INT16, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_name_name()

Datum has_column_privilege_name_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2561 of file acl.c.

2562 {
2563  Name rolename = PG_GETARG_NAME(0);
2564  text *tablename = PG_GETARG_TEXT_PP(1);
2565  text *column = PG_GETARG_TEXT_PP(2);
2566  text *priv_type_text = PG_GETARG_TEXT_PP(3);
2567  Oid roleid;
2568  Oid tableoid;
2569  AttrNumber colattnum;
2570  AclMode mode;
2571  int privresult;
2572 
2573  roleid = get_role_oid_or_public(NameStr(*rolename));
2574  tableoid = convert_table_name(tablename);
2575  colattnum = convert_column_name(tableoid, column);
2576  mode = convert_column_priv_string(priv_type_text);
2577 
2578  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2579  if (privresult < 0)
2580  PG_RETURN_NULL();
2581  PG_RETURN_BOOL(privresult);
2582 }

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id()

Datum has_database_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3053 of file acl.c.

3054 {
3055  Oid databaseoid = PG_GETARG_OID(0);
3056  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3057  Oid roleid;
3058  AclMode mode;
3059  AclResult aclresult;
3060  bool is_missing = false;
3061 
3062  roleid = GetUserId();
3063  mode = convert_database_priv_string(priv_type_text);
3064 
3065  aclresult = object_aclcheck_ext(DatabaseRelationId, databaseoid,
3066  roleid, mode,
3067  &is_missing);
3068 
3069  if (is_missing)
3070  PG_RETURN_NULL();
3071 
3072  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3073 }
convert_database_priv_string
static AclMode convert_database_priv_string(text *priv_type_text)
Definition: acl.c:3145
object_aclcheck_ext
AclResult object_aclcheck_ext(Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)
Definition: aclchk.c:3898

References ACLCHECK_OK, convert_database_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id_id()

Datum has_database_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3104 of file acl.c.

3105 {
3106  Oid roleid = PG_GETARG_OID(0);
3107  Oid databaseoid = PG_GETARG_OID(1);
3108  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3109  AclMode mode;
3110  AclResult aclresult;
3111  bool is_missing = false;
3112 
3113  mode = convert_database_priv_string(priv_type_text);
3114 
3115  aclresult = object_aclcheck_ext(DatabaseRelationId, databaseoid,
3116  roleid, mode,
3117  &is_missing);
3118 
3119  if (is_missing)
3120  PG_RETURN_NULL();
3121 
3122  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3123 }

References ACLCHECK_OK, convert_database_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id_name()

Datum has_database_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3081 of file acl.c.

3082 {
3083  Oid roleid = PG_GETARG_OID(0);
3084  text *databasename = PG_GETARG_TEXT_PP(1);
3085  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3086  Oid databaseoid;
3087  AclMode mode;
3088  AclResult aclresult;
3089 
3090  databaseoid = convert_database_name(databasename);
3091  mode = convert_database_priv_string(priv_type_text);
3092 
3093  aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
3094 
3095  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3096 }
convert_database_name
static Oid convert_database_name(text *databasename)
Definition: acl.c:3133
object_aclcheck
AclResult object_aclcheck(Oid classid, Oid objectid, Oid roleid, AclMode mode)
Definition: aclchk.c:3888

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_database_privilege_name()

Datum has_database_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 2999 of file acl.c.

3000 {
3001  text *databasename = PG_GETARG_TEXT_PP(0);
3002  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3003  Oid roleid;
3004  Oid databaseoid;
3005  AclMode mode;
3006  AclResult aclresult;
3007 
3008  roleid = GetUserId();
3009  databaseoid = convert_database_name(databasename);
3010  mode = convert_database_priv_string(priv_type_text);
3011 
3012  aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
3013 
3014  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3015 }

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_database_privilege_name_id()

Datum has_database_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3023 of file acl.c.

3024 {
3025  Name username = PG_GETARG_NAME(0);
3026  Oid databaseoid = PG_GETARG_OID(1);
3027  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3028  Oid roleid;
3029  AclMode mode;
3030  AclResult aclresult;
3031  bool is_missing = false;
3032 
3033  roleid = get_role_oid_or_public(NameStr(*username));
3034  mode = convert_database_priv_string(priv_type_text);
3035 
3036  aclresult = object_aclcheck_ext(DatabaseRelationId, databaseoid,
3037  roleid, mode,
3038  &is_missing);
3039 
3040  if (is_missing)
3041  PG_RETURN_NULL();
3042 
3043  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3044 }

References ACLCHECK_OK, convert_database_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_database_privilege_name_name()

Datum has_database_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2973 of file acl.c.

2974 {
2975  Name username = PG_GETARG_NAME(0);
2976  text *databasename = PG_GETARG_TEXT_PP(1);
2977  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2978  Oid roleid;
2979  Oid databaseoid;
2980  AclMode mode;
2981  AclResult aclresult;
2982 
2983  roleid = get_role_oid_or_public(NameStr(*username));
2984  databaseoid = convert_database_name(databasename);
2985  mode = convert_database_priv_string(priv_type_text);
2986 
2987  aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
2988 
2989  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2990 }

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_foreign_data_wrapper_privilege_id()

Datum has_foreign_data_wrapper_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3259 of file acl.c.

3260 {
3261  Oid fdwid = PG_GETARG_OID(0);
3262  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3263  Oid roleid;
3264  AclMode mode;
3265  AclResult aclresult;
3266  bool is_missing = false;
3267 
3268  roleid = GetUserId();
3269  mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3270 
3271  aclresult = object_aclcheck_ext(ForeignDataWrapperRelationId, fdwid,
3272  roleid, mode,
3273  &is_missing);
3274 
3275  if (is_missing)
3276  PG_RETURN_NULL();
3277 
3278  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3279 }
convert_foreign_data_wrapper_priv_string
static AclMode convert_foreign_data_wrapper_priv_string(text *priv_type_text)
Definition: acl.c:3351

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_foreign_data_wrapper_privilege_id_id()

Datum has_foreign_data_wrapper_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3310 of file acl.c.

3311 {
3312  Oid roleid = PG_GETARG_OID(0);
3313  Oid fdwid = PG_GETARG_OID(1);
3314  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3315  AclMode mode;
3316  AclResult aclresult;
3317  bool is_missing = false;
3318 
3319  mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3320 
3321  aclresult = object_aclcheck_ext(ForeignDataWrapperRelationId, fdwid,
3322  roleid, mode,
3323  &is_missing);
3324 
3325  if (is_missing)
3326  PG_RETURN_NULL();
3327 
3328  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3329 }

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_foreign_data_wrapper_privilege_id_name()

Datum has_foreign_data_wrapper_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3287 of file acl.c.

3288 {
3289  Oid roleid = PG_GETARG_OID(0);
3290  text *fdwname = PG_GETARG_TEXT_PP(1);
3291  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3292  Oid fdwid;
3293  AclMode mode;
3294  AclResult aclresult;
3295 
3296  fdwid = convert_foreign_data_wrapper_name(fdwname);
3297  mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3298 
3299  aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
3300 
3301  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3302 }
convert_foreign_data_wrapper_name
static Oid convert_foreign_data_wrapper_name(text *fdwname)
Definition: acl.c:3339

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_foreign_data_wrapper_privilege_name()

Datum has_foreign_data_wrapper_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3205 of file acl.c.

3206 {
3207  text *fdwname = PG_GETARG_TEXT_PP(0);
3208  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3209  Oid roleid;
3210  Oid fdwid;
3211  AclMode mode;
3212  AclResult aclresult;
3213 
3214  roleid = GetUserId();
3215  fdwid = convert_foreign_data_wrapper_name(fdwname);
3216  mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3217 
3218  aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
3219 
3220  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3221 }

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_foreign_data_wrapper_privilege_name_id()

Datum has_foreign_data_wrapper_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3229 of file acl.c.

3230 {
3231  Name username = PG_GETARG_NAME(0);
3232  Oid fdwid = PG_GETARG_OID(1);
3233  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3234  Oid roleid;
3235  AclMode mode;
3236  AclResult aclresult;
3237  bool is_missing = false;
3238 
3239  roleid = get_role_oid_or_public(NameStr(*username));
3240  mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3241 
3242  aclresult = object_aclcheck_ext(ForeignDataWrapperRelationId, fdwid,
3243  roleid, mode,
3244  &is_missing);
3245 
3246  if (is_missing)
3247  PG_RETURN_NULL();
3248 
3249  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3250 }

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_foreign_data_wrapper_privilege_name_name()

Datum has_foreign_data_wrapper_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3179 of file acl.c.

3180 {
3181  Name username = PG_GETARG_NAME(0);
3182  text *fdwname = PG_GETARG_TEXT_PP(1);
3183  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3184  Oid roleid;
3185  Oid fdwid;
3186  AclMode mode;
3187  AclResult aclresult;
3188 
3189  roleid = get_role_oid_or_public(NameStr(*username));
3190  fdwid = convert_foreign_data_wrapper_name(fdwname);
3191  mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3192 
3193  aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
3194 
3195  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3196 }

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_function_privilege_id()

Datum has_function_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3459 of file acl.c.

3460 {
3461  Oid functionoid = PG_GETARG_OID(0);
3462  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3463  Oid roleid;
3464  AclMode mode;
3465  AclResult aclresult;
3466  bool is_missing = false;
3467 
3468  roleid = GetUserId();
3469  mode = convert_function_priv_string(priv_type_text);
3470 
3471  aclresult = object_aclcheck_ext(ProcedureRelationId, functionoid,
3472  roleid, mode,
3473  &is_missing);
3474 
3475  if (is_missing)
3476  PG_RETURN_NULL();
3477 
3478  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3479 }
convert_function_priv_string
static AclMode convert_function_priv_string(text *priv_type_text)
Definition: acl.c:3560

References ACLCHECK_OK, convert_function_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_function_privilege_id_id()

Datum has_function_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3510 of file acl.c.

3511 {
3512  Oid roleid = PG_GETARG_OID(0);
3513  Oid functionoid = PG_GETARG_OID(1);
3514  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3515  AclMode mode;
3516  AclResult aclresult;
3517  bool is_missing = false;
3518 
3519  mode = convert_function_priv_string(priv_type_text);
3520 
3521  aclresult = object_aclcheck_ext(ProcedureRelationId, functionoid,
3522  roleid, mode,
3523  &is_missing);
3524 
3525  if (is_missing)
3526  PG_RETURN_NULL();
3527 
3528  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3529 }

References ACLCHECK_OK, convert_function_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_function_privilege_id_name()

Datum has_function_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3487 of file acl.c.

3488 {
3489  Oid roleid = PG_GETARG_OID(0);
3490  text *functionname = PG_GETARG_TEXT_PP(1);
3491  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3492  Oid functionoid;
3493  AclMode mode;
3494  AclResult aclresult;
3495 
3496  functionoid = convert_function_name(functionname);
3497  mode = convert_function_priv_string(priv_type_text);
3498 
3499  aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
3500 
3501  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3502 }
convert_function_name
static Oid convert_function_name(text *functionname)
Definition: acl.c:3539

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_function_privilege_name()

Datum has_function_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3405 of file acl.c.

3406 {
3407  text *functionname = PG_GETARG_TEXT_PP(0);
3408  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3409  Oid roleid;
3410  Oid functionoid;
3411  AclMode mode;
3412  AclResult aclresult;
3413 
3414  roleid = GetUserId();
3415  functionoid = convert_function_name(functionname);
3416  mode = convert_function_priv_string(priv_type_text);
3417 
3418  aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
3419 
3420  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3421 }

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_function_privilege_name_id()

Datum has_function_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3429 of file acl.c.

3430 {
3431  Name username = PG_GETARG_NAME(0);
3432  Oid functionoid = PG_GETARG_OID(1);
3433  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3434  Oid roleid;
3435  AclMode mode;
3436  AclResult aclresult;
3437  bool is_missing = false;
3438 
3439  roleid = get_role_oid_or_public(NameStr(*username));
3440  mode = convert_function_priv_string(priv_type_text);
3441 
3442  aclresult = object_aclcheck_ext(ProcedureRelationId, functionoid,
3443  roleid, mode,
3444  &is_missing);
3445 
3446  if (is_missing)
3447  PG_RETURN_NULL();
3448 
3449  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3450 }

References ACLCHECK_OK, convert_function_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_function_privilege_name_name()

Datum has_function_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3379 of file acl.c.

3380 {
3381  Name username = PG_GETARG_NAME(0);
3382  text *functionname = PG_GETARG_TEXT_PP(1);
3383  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3384  Oid roleid;
3385  Oid functionoid;
3386  AclMode mode;
3387  AclResult aclresult;
3388 
3389  roleid = get_role_oid_or_public(NameStr(*username));
3390  functionoid = convert_function_name(functionname);
3391  mode = convert_function_priv_string(priv_type_text);
3392 
3393  aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
3394 
3395  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3396 }

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_language_privilege_id()

Datum has_language_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3668 of file acl.c.

3669 {
3670  Oid languageoid = PG_GETARG_OID(0);
3671  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3672  Oid roleid;
3673  AclMode mode;
3674  AclResult aclresult;
3675  bool is_missing = false;
3676 
3677  roleid = GetUserId();
3678  mode = convert_language_priv_string(priv_type_text);
3679 
3680  aclresult = object_aclcheck_ext(LanguageRelationId, languageoid,
3681  roleid, mode,
3682  &is_missing);
3683 
3684  if (is_missing)
3685  PG_RETURN_NULL();
3686 
3687  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3688 }
convert_language_priv_string
static AclMode convert_language_priv_string(text *priv_type_text)
Definition: acl.c:3760

References ACLCHECK_OK, convert_language_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_language_privilege_id_id()

Datum has_language_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3719 of file acl.c.

3720 {
3721  Oid roleid = PG_GETARG_OID(0);
3722  Oid languageoid = PG_GETARG_OID(1);
3723  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3724  AclMode mode;
3725  AclResult aclresult;
3726  bool is_missing = false;
3727 
3728  mode = convert_language_priv_string(priv_type_text);
3729 
3730  aclresult = object_aclcheck_ext(LanguageRelationId, languageoid,
3731  roleid, mode,
3732  &is_missing);
3733 
3734  if (is_missing)
3735  PG_RETURN_NULL();
3736 
3737  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3738 }

References ACLCHECK_OK, convert_language_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_language_privilege_id_name()

Datum has_language_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3696 of file acl.c.

3697 {
3698  Oid roleid = PG_GETARG_OID(0);
3699  text *languagename = PG_GETARG_TEXT_PP(1);
3700  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3701  Oid languageoid;
3702  AclMode mode;
3703  AclResult aclresult;
3704 
3705  languageoid = convert_language_name(languagename);
3706  mode = convert_language_priv_string(priv_type_text);
3707 
3708  aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
3709 
3710  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3711 }
convert_language_name
static Oid convert_language_name(text *languagename)
Definition: acl.c:3748

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_language_privilege_name()

Datum has_language_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3614 of file acl.c.

3615 {
3616  text *languagename = PG_GETARG_TEXT_PP(0);
3617  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3618  Oid roleid;
3619  Oid languageoid;
3620  AclMode mode;
3621  AclResult aclresult;
3622 
3623  roleid = GetUserId();
3624  languageoid = convert_language_name(languagename);
3625  mode = convert_language_priv_string(priv_type_text);
3626 
3627  aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
3628 
3629  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3630 }

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_language_privilege_name_id()

Datum has_language_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3638 of file acl.c.

3639 {
3640  Name username = PG_GETARG_NAME(0);
3641  Oid languageoid = PG_GETARG_OID(1);
3642  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3643  Oid roleid;
3644  AclMode mode;
3645  AclResult aclresult;
3646  bool is_missing = false;
3647 
3648  roleid = get_role_oid_or_public(NameStr(*username));
3649  mode = convert_language_priv_string(priv_type_text);
3650 
3651  aclresult = object_aclcheck_ext(LanguageRelationId, languageoid,
3652  roleid, mode,
3653  &is_missing);
3654 
3655  if (is_missing)
3656  PG_RETURN_NULL();
3657 
3658  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3659 }

References ACLCHECK_OK, convert_language_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_language_privilege_name_name()

Datum has_language_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3588 of file acl.c.

3589 {
3590  Name username = PG_GETARG_NAME(0);
3591  text *languagename = PG_GETARG_TEXT_PP(1);
3592  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3593  Oid roleid;
3594  Oid languageoid;
3595  AclMode mode;
3596  AclResult aclresult;
3597 
3598  roleid = get_role_oid_or_public(NameStr(*username));
3599  languageoid = convert_language_name(languagename);
3600  mode = convert_language_priv_string(priv_type_text);
3601 
3602  aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
3603 
3604  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3605 }

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_param_priv_byname()

static bool has_param_priv_byname ( Oid  roleid,
const text parameter,
AclMode  priv 
)
static

Definition at line 4598 of file acl.c.

4599 {
4600  char *paramstr = text_to_cstring(parameter);
4601 
4602  return pg_parameter_aclcheck(paramstr, roleid, priv) == ACLCHECK_OK;
4603 }
pg_parameter_aclcheck
AclResult pg_parameter_aclcheck(const char *name, Oid roleid, AclMode mode)
Definition: aclchk.c:4116

References ACLCHECK_OK, pg_parameter_aclcheck(), and text_to_cstring().

Referenced by has_parameter_privilege_id_name(), has_parameter_privilege_name(), and has_parameter_privilege_name_name().

◆ has_parameter_privilege_id_name()

Datum has_parameter_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4641 of file acl.c.

4642 {
4643  Oid roleid = PG_GETARG_OID(0);
4644  text *parameter = PG_GETARG_TEXT_PP(1);
4645  AclMode priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(2));
4646 
4647  PG_RETURN_BOOL(has_param_priv_byname(roleid, parameter, priv));
4648 }
has_param_priv_byname
static bool has_param_priv_byname(Oid roleid, const text *parameter, AclMode priv)
Definition: acl.c:4598
convert_parameter_priv_string
static AclMode convert_parameter_priv_string(text *priv_text)
Definition: acl.c:4659

References convert_parameter_priv_string(), has_param_priv_byname(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_parameter_privilege_name()

Datum has_parameter_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4627 of file acl.c.

4628 {
4629  text *parameter = PG_GETARG_TEXT_PP(0);
4630  AclMode priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(1));
4631 
4632  PG_RETURN_BOOL(has_param_priv_byname(GetUserId(), parameter, priv));
4633 }

References convert_parameter_priv_string(), GetUserId(), has_param_priv_byname(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_parameter_privilege_name_name()

Datum has_parameter_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4611 of file acl.c.

4612 {
4613  Name username = PG_GETARG_NAME(0);
4614  text *parameter = PG_GETARG_TEXT_PP(1);
4615  AclMode priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(2));
4616  Oid roleid = get_role_oid_or_public(NameStr(*username));
4617 
4618  PG_RETURN_BOOL(has_param_priv_byname(roleid, parameter, priv));
4619 }

References convert_parameter_priv_string(), get_role_oid_or_public(), has_param_priv_byname(), NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_privs_of_role()

bool has_privs_of_role ( Oid  member,
Oid  role 
)

Definition at line 5134 of file acl.c.

5135 {
5136  /* Fast path for simple case */
5137  if (member == role)
5138  return true;
5139 
5140  /* Superusers have every privilege, so are part of every role */
5141  if (superuser_arg(member))
5142  return true;
5143 
5144  /*
5145  * Find all the roles that member has the privileges of, including
5146  * multi-level recursion, then see if target role is any one of them.
5147  */
5148  return list_member_oid(roles_is_member_of(member, ROLERECURSE_PRIVS,
5149  InvalidOid, NULL),
5150  role);
5151 }
roles_is_member_of
static List * roles_is_member_of(Oid roleid, enum RoleRecurseType type, Oid admin_of, Oid *admin_role)
Definition: acl.c:5002
list_member_oid
bool list_member_oid(const List *list, Oid datum)
Definition: list.c:722
superuser_arg
bool superuser_arg(Oid roleid)
Definition: superuser.c:56

References InvalidOid, list_member_oid(), ROLERECURSE_PRIVS, roles_is_member_of(), and superuser_arg().

Referenced by aclmask(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), bbsink_server_new(), calculate_database_size(), calculate_tablespace_size(), check_role_for_policy(), check_role_grantor(), ConfigOptionIsVisible(), convert_and_check_filename(), CreateSubscription(), DoCopy(), DropOwnedObjects(), ExecAlterDefaultPrivilegesStmt(), file_fdw_validator(), GetConfigOptionValues(), InitPostgres(), object_ownercheck(), pg_class_aclmask_ext(), pg_namespace_aclmask_ext(), pg_role_aclcheck(), pg_signal_backend(), pg_stat_get_wal_receiver(), pg_stat_get_wal_senders(), pg_stat_statements_internal(), pgrowlocks(), ReassignOwnedObjects(), ReindexMultipleTables(), shell_check_detail(), standard_ProcessUtility(), and TerminateOtherDBBackends().

◆ has_schema_privilege_id()

Datum has_schema_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3868 of file acl.c.

3869 {
3870  Oid schemaoid = PG_GETARG_OID(0);
3871  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3872  Oid roleid;
3873  AclMode mode;
3874  AclResult aclresult;
3875  bool is_missing = false;
3876 
3877  roleid = GetUserId();
3878  mode = convert_schema_priv_string(priv_type_text);
3879 
3880  aclresult = object_aclcheck_ext(NamespaceRelationId, schemaoid,
3881  roleid, mode,
3882  &is_missing);
3883 
3884  if (is_missing)
3885  PG_RETURN_NULL();
3886 
3887  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3888 }
convert_schema_priv_string
static AclMode convert_schema_priv_string(text *priv_type_text)
Definition: acl.c:3960

References ACLCHECK_OK, convert_schema_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_schema_privilege_id_id()

Datum has_schema_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3919 of file acl.c.

3920 {
3921  Oid roleid = PG_GETARG_OID(0);
3922  Oid schemaoid = PG_GETARG_OID(1);
3923  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3924  AclMode mode;
3925  AclResult aclresult;
3926  bool is_missing = false;
3927 
3928  mode = convert_schema_priv_string(priv_type_text);
3929 
3930  aclresult = object_aclcheck_ext(NamespaceRelationId, schemaoid,
3931  roleid, mode,
3932  &is_missing);
3933 
3934  if (is_missing)
3935  PG_RETURN_NULL();
3936 
3937  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3938 }

References ACLCHECK_OK, convert_schema_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_schema_privilege_id_name()

Datum has_schema_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3896 of file acl.c.

3897 {
3898  Oid roleid = PG_GETARG_OID(0);
3899  text *schemaname = PG_GETARG_TEXT_PP(1);
3900  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3901  Oid schemaoid;
3902  AclMode mode;
3903  AclResult aclresult;
3904 
3905  schemaoid = convert_schema_name(schemaname);
3906  mode = convert_schema_priv_string(priv_type_text);
3907 
3908  aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
3909 
3910  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3911 }
convert_schema_name
static Oid convert_schema_name(text *schemaname)
Definition: acl.c:3948

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_schema_privilege_name()

Datum has_schema_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3814 of file acl.c.

3815 {
3816  text *schemaname = PG_GETARG_TEXT_PP(0);
3817  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3818  Oid roleid;
3819  Oid schemaoid;
3820  AclMode mode;
3821  AclResult aclresult;
3822 
3823  roleid = GetUserId();
3824  schemaoid = convert_schema_name(schemaname);
3825  mode = convert_schema_priv_string(priv_type_text);
3826 
3827  aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
3828 
3829  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3830 }

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_schema_privilege_name_id()

Datum has_schema_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3838 of file acl.c.

3839 {
3840  Name username = PG_GETARG_NAME(0);
3841  Oid schemaoid = PG_GETARG_OID(1);
3842  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3843  Oid roleid;
3844  AclMode mode;
3845  AclResult aclresult;
3846  bool is_missing = false;
3847 
3848  roleid = get_role_oid_or_public(NameStr(*username));
3849  mode = convert_schema_priv_string(priv_type_text);
3850 
3851  aclresult = object_aclcheck_ext(NamespaceRelationId, schemaoid,
3852  roleid, mode,
3853  &is_missing);
3854 
3855  if (is_missing)
3856  PG_RETURN_NULL();
3857 
3858  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3859 }

References ACLCHECK_OK, convert_schema_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_schema_privilege_name_name()

Datum has_schema_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3788 of file acl.c.

3789 {
3790  Name username = PG_GETARG_NAME(0);
3791  text *schemaname = PG_GETARG_TEXT_PP(1);
3792  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3793  Oid roleid;
3794  Oid schemaoid;
3795  AclMode mode;
3796  AclResult aclresult;
3797 
3798  roleid = get_role_oid_or_public(NameStr(*username));
3799  schemaoid = convert_schema_name(schemaname);
3800  mode = convert_schema_priv_string(priv_type_text);
3801 
3802  aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
3803 
3804  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3805 }

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_sequence_privilege_id()

Datum has_sequence_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 2188 of file acl.c.

2189 {
2190  Oid sequenceoid = PG_GETARG_OID(0);
2191  text *priv_type_text = PG_GETARG_TEXT_PP(1);
2192  Oid roleid;
2193  AclMode mode;
2194  AclResult aclresult;
2195  char relkind;
2196  bool is_missing = false;
2197 
2198  roleid = GetUserId();
2199  mode = convert_sequence_priv_string(priv_type_text);
2200  relkind = get_rel_relkind(sequenceoid);
2201  if (relkind == '\0')
2202  PG_RETURN_NULL();
2203  else if (relkind != RELKIND_SEQUENCE)
2204  ereport(ERROR,
2205  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2206  errmsg("\"%s\" is not a sequence",
2207  get_rel_name(sequenceoid))));
2208 
2209  aclresult = pg_class_aclcheck_ext(sequenceoid, roleid, mode, &is_missing);
2210 
2211  if (is_missing)
2212  PG_RETURN_NULL();
2213 
2214  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2215 }
convert_sequence_priv_string
static AclMode convert_sequence_priv_string(text *priv_type_text)
Definition: acl.c:2284
get_rel_relkind
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:2003

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg(), ERROR, get_rel_name(), get_rel_relkind(), GetUserId(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_sequence_privilege_id_id()

Datum has_sequence_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 2251 of file acl.c.

2252 {
2253  Oid roleid = PG_GETARG_OID(0);
2254  Oid sequenceoid = PG_GETARG_OID(1);
2255  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2256  AclMode mode;
2257  AclResult aclresult;
2258  char relkind;
2259  bool is_missing = false;
2260 
2261  mode = convert_sequence_priv_string(priv_type_text);
2262  relkind = get_rel_relkind(sequenceoid);
2263  if (relkind == '\0')
2264  PG_RETURN_NULL();
2265  else if (relkind != RELKIND_SEQUENCE)
2266  ereport(ERROR,
2267  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2268  errmsg("\"%s\" is not a sequence",
2269  get_rel_name(sequenceoid))));
2270 
2271  aclresult = pg_class_aclcheck_ext(sequenceoid, roleid, mode, &is_missing);
2272 
2273  if (is_missing)
2274  PG_RETURN_NULL();
2275 
2276  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2277 }

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg(), ERROR, get_rel_name(), get_rel_relkind(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_sequence_privilege_id_name()

Datum has_sequence_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2223 of file acl.c.

2224 {
2225  Oid roleid = PG_GETARG_OID(0);
2226  text *sequencename = PG_GETARG_TEXT_PP(1);
2227  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2228  Oid sequenceoid;
2229  AclMode mode;
2230  AclResult aclresult;
2231 
2232  mode = convert_sequence_priv_string(priv_type_text);
2233  sequenceoid = convert_table_name(sequencename);
2234  if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2235  ereport(ERROR,
2236  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2237  errmsg("\"%s\" is not a sequence",
2238  text_to_cstring(sequencename))));
2239 
2240  aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2241 
2242  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2243 }

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), mode, pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and text_to_cstring().

◆ has_sequence_privilege_name()

Datum has_sequence_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 2122 of file acl.c.

2123 {
2124  text *sequencename = PG_GETARG_TEXT_PP(0);
2125  text *priv_type_text = PG_GETARG_TEXT_PP(1);
2126  Oid roleid;
2127  Oid sequenceoid;
2128  AclMode mode;
2129  AclResult aclresult;
2130 
2131  roleid = GetUserId();
2132  mode = convert_sequence_priv_string(priv_type_text);
2133  sequenceoid = convert_table_name(sequencename);
2134  if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2135  ereport(ERROR,
2136  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2137  errmsg("\"%s\" is not a sequence",
2138  text_to_cstring(sequencename))));
2139 
2140  aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2141 
2142  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2143 }

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), GetUserId(), mode, pg_class_aclcheck(), PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and text_to_cstring().

◆ has_sequence_privilege_name_id()

Datum has_sequence_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 2151 of file acl.c.

2152 {
2153  Name username = PG_GETARG_NAME(0);
2154  Oid sequenceoid = PG_GETARG_OID(1);
2155  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2156  Oid roleid;
2157  AclMode mode;
2158  AclResult aclresult;
2159  char relkind;
2160  bool is_missing = false;
2161 
2162  roleid = get_role_oid_or_public(NameStr(*username));
2163  mode = convert_sequence_priv_string(priv_type_text);
2164  relkind = get_rel_relkind(sequenceoid);
2165  if (relkind == '\0')
2166  PG_RETURN_NULL();
2167  else if (relkind != RELKIND_SEQUENCE)
2168  ereport(ERROR,
2169  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2170  errmsg("\"%s\" is not a sequence",
2171  get_rel_name(sequenceoid))));
2172 
2173  aclresult = pg_class_aclcheck_ext(sequenceoid, roleid, mode, &is_missing);
2174 
2175  if (is_missing)
2176  PG_RETURN_NULL();
2177 
2178  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2179 }

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg(), ERROR, get_rel_name(), get_rel_relkind(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_sequence_privilege_name_name()

Datum has_sequence_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2091 of file acl.c.

2092 {
2093  Name rolename = PG_GETARG_NAME(0);
2094  text *sequencename = PG_GETARG_TEXT_PP(1);
2095  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2096  Oid roleid;
2097  Oid sequenceoid;
2098  AclMode mode;
2099  AclResult aclresult;
2100 
2101  roleid = get_role_oid_or_public(NameStr(*rolename));
2102  mode = convert_sequence_priv_string(priv_type_text);
2103  sequenceoid = convert_table_name(sequencename);
2104  if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2105  ereport(ERROR,
2106  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2107  errmsg("\"%s\" is not a sequence",
2108  text_to_cstring(sequencename))));
2109 
2110  aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2111 
2112  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2113 }

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and text_to_cstring().

◆ has_server_privilege_id()

Datum has_server_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4070 of file acl.c.

4071 {
4072  Oid serverid = PG_GETARG_OID(0);
4073  text *priv_type_text = PG_GETARG_TEXT_PP(1);
4074  Oid roleid;
4075  AclMode mode;
4076  AclResult aclresult;
4077  bool is_missing = false;
4078 
4079  roleid = GetUserId();
4080  mode = convert_server_priv_string(priv_type_text);
4081 
4082  aclresult = object_aclcheck_ext(ForeignServerRelationId, serverid,
4083  roleid, mode,
4084  &is_missing);
4085 
4086  if (is_missing)
4087  PG_RETURN_NULL();
4088 
4089  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4090 }
convert_server_priv_string
static AclMode convert_server_priv_string(text *priv_type_text)
Definition: acl.c:4162

References ACLCHECK_OK, convert_server_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_server_privilege_id_id()

Datum has_server_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4121 of file acl.c.

4122 {
4123  Oid roleid = PG_GETARG_OID(0);
4124  Oid serverid = PG_GETARG_OID(1);
4125  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4126  AclMode mode;
4127  AclResult aclresult;
4128  bool is_missing = false;
4129 
4130  mode = convert_server_priv_string(priv_type_text);
4131 
4132  aclresult = object_aclcheck_ext(ForeignServerRelationId, serverid,
4133  roleid, mode,
4134  &is_missing);
4135 
4136  if (is_missing)
4137  PG_RETURN_NULL();
4138 
4139  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4140 }

References ACLCHECK_OK, convert_server_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_server_privilege_id_name()

Datum has_server_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4098 of file acl.c.

4099 {
4100  Oid roleid = PG_GETARG_OID(0);
4101  text *servername = PG_GETARG_TEXT_PP(1);
4102  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4103  Oid serverid;
4104  AclMode mode;
4105  AclResult aclresult;
4106 
4107  serverid = convert_server_name(servername);
4108  mode = convert_server_priv_string(priv_type_text);
4109 
4110  aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
4111 
4112  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4113 }
convert_server_name
static Oid convert_server_name(text *servername)
Definition: acl.c:4150

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_server_privilege_name()

Datum has_server_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4016 of file acl.c.

4017 {
4018  text *servername = PG_GETARG_TEXT_PP(0);
4019  text *priv_type_text = PG_GETARG_TEXT_PP(1);
4020  Oid roleid;
4021  Oid serverid;
4022  AclMode mode;
4023  AclResult aclresult;
4024 
4025  roleid = GetUserId();
4026  serverid = convert_server_name(servername);
4027  mode = convert_server_priv_string(priv_type_text);
4028 
4029  aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
4030 
4031  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4032 }

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_server_privilege_name_id()

Datum has_server_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4040 of file acl.c.

4041 {
4042  Name username = PG_GETARG_NAME(0);
4043  Oid serverid = PG_GETARG_OID(1);
4044  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4045  Oid roleid;
4046  AclMode mode;
4047  AclResult aclresult;
4048  bool is_missing = false;
4049 
4050  roleid = get_role_oid_or_public(NameStr(*username));
4051  mode = convert_server_priv_string(priv_type_text);
4052 
4053  aclresult = object_aclcheck_ext(ForeignServerRelationId, serverid,
4054  roleid, mode,
4055  &is_missing);
4056 
4057  if (is_missing)
4058  PG_RETURN_NULL();
4059 
4060  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4061 }

References ACLCHECK_OK, convert_server_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_server_privilege_name_name()

Datum has_server_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3990 of file acl.c.

3991 {
3992  Name username = PG_GETARG_NAME(0);
3993  text *servername = PG_GETARG_TEXT_PP(1);
3994  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3995  Oid roleid;
3996  Oid serverid;
3997  AclMode mode;
3998  AclResult aclresult;
3999 
4000  roleid = get_role_oid_or_public(NameStr(*username));
4001  serverid = convert_server_name(servername);
4002  mode = convert_server_priv_string(priv_type_text);
4003 
4004  aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
4005 
4006  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4007 }

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_table_privilege_id()

Datum has_table_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 1956 of file acl.c.

1957 {
1958  Oid tableoid = PG_GETARG_OID(0);
1959  text *priv_type_text = PG_GETARG_TEXT_PP(1);
1960  Oid roleid;
1961  AclMode mode;
1962  AclResult aclresult;
1963  bool is_missing = false;
1964 
1965  roleid = GetUserId();
1966  mode = convert_table_priv_string(priv_type_text);
1967 
1968  aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
1969 
1970  if (is_missing)
1971  PG_RETURN_NULL();
1972 
1973  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1974 }
convert_table_priv_string
static AclMode convert_table_priv_string(text *priv_type_text)
Definition: acl.c:2047

References ACLCHECK_OK, convert_table_priv_string(), GetUserId(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_table_privilege_id_id()

Datum has_table_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 2005 of file acl.c.

2006 {
2007  Oid roleid = PG_GETARG_OID(0);
2008  Oid tableoid = PG_GETARG_OID(1);
2009  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2010  AclMode mode;
2011  AclResult aclresult;
2012  bool is_missing = false;
2013 
2014  mode = convert_table_priv_string(priv_type_text);
2015 
2016  aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2017 
2018  if (is_missing)
2019  PG_RETURN_NULL();
2020 
2021  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2022 }

References ACLCHECK_OK, convert_table_priv_string(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_table_privilege_id_name()

Datum has_table_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 1982 of file acl.c.

1983 {
1984  Oid roleid = PG_GETARG_OID(0);
1985  text *tablename = PG_GETARG_TEXT_PP(1);
1986  text *priv_type_text = PG_GETARG_TEXT_PP(2);
1987  Oid tableoid;
1988  AclMode mode;
1989  AclResult aclresult;
1990 
1991  tableoid = convert_table_name(tablename);
1992  mode = convert_table_priv_string(priv_type_text);
1993 
1994  aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1995 
1996  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1997 }

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), mode, pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_table_privilege_name()

Datum has_table_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 1904 of file acl.c.

1905 {
1906  text *tablename = PG_GETARG_TEXT_PP(0);
1907  text *priv_type_text = PG_GETARG_TEXT_PP(1);
1908  Oid roleid;
1909  Oid tableoid;
1910  AclMode mode;
1911  AclResult aclresult;
1912 
1913  roleid = GetUserId();
1914  tableoid = convert_table_name(tablename);
1915  mode = convert_table_priv_string(priv_type_text);
1916 
1917  aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1918 
1919  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1920 }

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), GetUserId(), mode, pg_class_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_table_privilege_name_id()

Datum has_table_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 1928 of file acl.c.

1929 {
1930  Name username = PG_GETARG_NAME(0);
1931  Oid tableoid = PG_GETARG_OID(1);
1932  text *priv_type_text = PG_GETARG_TEXT_PP(2);
1933  Oid roleid;
1934  AclMode mode;
1935  AclResult aclresult;
1936  bool is_missing = false;
1937 
1938  roleid = get_role_oid_or_public(NameStr(*username));
1939  mode = convert_table_priv_string(priv_type_text);
1940 
1941  aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
1942 
1943  if (is_missing)
1944  PG_RETURN_NULL();
1945 
1946  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1947 }

References ACLCHECK_OK, convert_table_priv_string(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_table_privilege_name_name()

Datum has_table_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 1878 of file acl.c.

1879 {
1880  Name rolename = PG_GETARG_NAME(0);
1881  text *tablename = PG_GETARG_TEXT_PP(1);
1882  text *priv_type_text = PG_GETARG_TEXT_PP(2);
1883  Oid roleid;
1884  Oid tableoid;
1885  AclMode mode;
1886  AclResult aclresult;
1887 
1888  roleid = get_role_oid_or_public(NameStr(*rolename));
1889  tableoid = convert_table_name(tablename);
1890  mode = convert_table_priv_string(priv_type_text);
1891 
1892  aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1893 
1894  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1895 }

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_id()

Datum has_tablespace_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4270 of file acl.c.

4271 {
4272  Oid tablespaceoid = PG_GETARG_OID(0);
4273  text *priv_type_text = PG_GETARG_TEXT_PP(1);
4274  Oid roleid;
4275  AclMode mode;
4276  AclResult aclresult;
4277  bool is_missing = false;
4278 
4279  roleid = GetUserId();
4280  mode = convert_tablespace_priv_string(priv_type_text);
4281 
4282  aclresult = object_aclcheck_ext(TableSpaceRelationId, tablespaceoid,
4283  roleid, mode,
4284  &is_missing);
4285 
4286  if (is_missing)
4287  PG_RETURN_NULL();
4288 
4289  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4290 }
convert_tablespace_priv_string
static AclMode convert_tablespace_priv_string(text *priv_type_text)
Definition: acl.c:4362

References ACLCHECK_OK, convert_tablespace_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_tablespace_privilege_id_id()

Datum has_tablespace_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4321 of file acl.c.

4322 {
4323  Oid roleid = PG_GETARG_OID(0);
4324  Oid tablespaceoid = PG_GETARG_OID(1);
4325  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4326  AclMode mode;
4327  AclResult aclresult;
4328  bool is_missing = false;
4329 
4330  mode = convert_tablespace_priv_string(priv_type_text);
4331 
4332  aclresult = object_aclcheck_ext(TableSpaceRelationId, tablespaceoid,
4333  roleid, mode,
4334  &is_missing);
4335 
4336  if (is_missing)
4337  PG_RETURN_NULL();
4338 
4339  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4340 }

References ACLCHECK_OK, convert_tablespace_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_tablespace_privilege_id_name()

Datum has_tablespace_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4298 of file acl.c.

4299 {
4300  Oid roleid = PG_GETARG_OID(0);
4301  text *tablespacename = PG_GETARG_TEXT_PP(1);
4302  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4303  Oid tablespaceoid;
4304  AclMode mode;
4305  AclResult aclresult;
4306 
4307  tablespaceoid = convert_tablespace_name(tablespacename);
4308  mode = convert_tablespace_priv_string(priv_type_text);
4309 
4310  aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
4311 
4312  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4313 }
convert_tablespace_name
static Oid convert_tablespace_name(text *tablespacename)
Definition: acl.c:4350

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_name()

Datum has_tablespace_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4216 of file acl.c.

4217 {
4218  text *tablespacename = PG_GETARG_TEXT_PP(0);
4219  text *priv_type_text = PG_GETARG_TEXT_PP(1);
4220  Oid roleid;
4221  Oid tablespaceoid;
4222  AclMode mode;
4223  AclResult aclresult;
4224 
4225  roleid = GetUserId();
4226  tablespaceoid = convert_tablespace_name(tablespacename);
4227  mode = convert_tablespace_priv_string(priv_type_text);
4228 
4229  aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
4230 
4231  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4232 }

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_name_id()

Datum has_tablespace_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4240 of file acl.c.

4241 {
4242  Name username = PG_GETARG_NAME(0);
4243  Oid tablespaceoid = PG_GETARG_OID(1);
4244  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4245  Oid roleid;
4246  AclMode mode;
4247  AclResult aclresult;
4248  bool is_missing = false;
4249 
4250  roleid = get_role_oid_or_public(NameStr(*username));
4251  mode = convert_tablespace_priv_string(priv_type_text);
4252 
4253  aclresult = object_aclcheck_ext(TableSpaceRelationId, tablespaceoid,
4254  roleid, mode,
4255  &is_missing);
4256 
4257  if (is_missing)
4258  PG_RETURN_NULL();
4259 
4260  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4261 }

References ACLCHECK_OK, convert_tablespace_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_tablespace_privilege_name_name()

Datum has_tablespace_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4190 of file acl.c.

4191 {
4192  Name username = PG_GETARG_NAME(0);
4193  text *tablespacename = PG_GETARG_TEXT_PP(1);
4194  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4195  Oid roleid;
4196  Oid tablespaceoid;
4197  AclMode mode;
4198  AclResult aclresult;
4199 
4200  roleid = get_role_oid_or_public(NameStr(*username));
4201  tablespaceoid = convert_tablespace_name(tablespacename);
4202  mode = convert_tablespace_priv_string(priv_type_text);
4203 
4204  aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
4205 
4206  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4207 }

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_type_privilege_id()

Datum has_type_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4469 of file acl.c.

4470 {
4471  Oid typeoid = PG_GETARG_OID(0);
4472  text *priv_type_text = PG_GETARG_TEXT_PP(1);
4473  Oid roleid;
4474  AclMode mode;
4475  AclResult aclresult;
4476  bool is_missing = false;
4477 
4478  roleid = GetUserId();
4479  mode = convert_type_priv_string(priv_type_text);
4480 
4481  aclresult = object_aclcheck_ext(TypeRelationId, typeoid,
4482  roleid, mode,
4483  &is_missing);
4484 
4485  if (is_missing)
4486  PG_RETURN_NULL();
4487 
4488  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4489 }
convert_type_priv_string
static AclMode convert_type_priv_string(text *priv_type_text)
Definition: acl.c:4570

References ACLCHECK_OK, convert_type_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_type_privilege_id_id()

Datum has_type_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4520 of file acl.c.

4521 {
4522  Oid roleid = PG_GETARG_OID(0);
4523  Oid typeoid = PG_GETARG_OID(1);
4524  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4525  AclMode mode;
4526  AclResult aclresult;
4527  bool is_missing = false;
4528 
4529  mode = convert_type_priv_string(priv_type_text);
4530 
4531  aclresult = object_aclcheck_ext(TypeRelationId, typeoid,
4532  roleid, mode,
4533  &is_missing);
4534 
4535  if (is_missing)
4536  PG_RETURN_NULL();
4537 
4538  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4539 }

References ACLCHECK_OK, convert_type_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_type_privilege_id_name()

Datum has_type_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4497 of file acl.c.

4498 {
4499  Oid roleid = PG_GETARG_OID(0);
4500  text *typename = PG_GETARG_TEXT_PP(1);
4501  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4502  Oid typeoid;
4503  AclMode mode;
4504  AclResult aclresult;
4505 
4506  typeoid = convert_type_name(typename);
4507  mode = convert_type_priv_string(priv_type_text);
4508 
4509  aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
4510 
4511  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4512 }
convert_type_name
static Oid convert_type_name(text *typename)
Definition: acl.c:4549

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_type_privilege_name()

Datum has_type_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4415 of file acl.c.

4416 {
4417  text *typename = PG_GETARG_TEXT_PP(0);
4418  text *priv_type_text = PG_GETARG_TEXT_PP(1);
4419  Oid roleid;
4420  Oid typeoid;
4421  AclMode mode;
4422  AclResult aclresult;
4423 
4424  roleid = GetUserId();
4425  typeoid = convert_type_name(typename);
4426  mode = convert_type_priv_string(priv_type_text);
4427 
4428  aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
4429 
4430  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4431 }

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_type_privilege_name_id()

Datum has_type_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4439 of file acl.c.

4440 {
4441  Name username = PG_GETARG_NAME(0);
4442  Oid typeoid = PG_GETARG_OID(1);
4443  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4444  Oid roleid;
4445  AclMode mode;
4446  AclResult aclresult;
4447  bool is_missing = false;
4448 
4449  roleid = get_role_oid_or_public(NameStr(*username));
4450  mode = convert_type_priv_string(priv_type_text);
4451 
4452  aclresult = object_aclcheck_ext(TypeRelationId, typeoid,
4453  roleid, mode,
4454  &is_missing);
4455 
4456  if (is_missing)
4457  PG_RETURN_NULL();
4458 
4459  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4460 }

References ACLCHECK_OK, convert_type_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_type_privilege_name_name()

Datum has_type_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4389 of file acl.c.

4390 {
4391  Name username = PG_GETARG_NAME(0);
4392  text *typename = PG_GETARG_TEXT_PP(1);
4393  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4394  Oid roleid;
4395  Oid typeoid;
4396  AclMode mode;
4397  AclResult aclresult;
4398 
4399  roleid = get_role_oid_or_public(NameStr(*username));
4400  typeoid = convert_type_name(typename);
4401  mode = convert_type_priv_string(priv_type_text);
4402 
4403  aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
4404 
4405  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4406 }

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ hash_aclitem()

Datum hash_aclitem ( PG_FUNCTION_ARGS  )

Definition at line 751 of file acl.c.

752 {
753  AclItem *a = PG_GETARG_ACLITEM_P(0);
754 
755  /* not very bright, but avoids any issue of padding in struct */
756  PG_RETURN_UINT32((uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor));
757 }
uint32
unsigned int uint32
Definition: c.h:506
PG_RETURN_UINT32
#define PG_RETURN_UINT32(x)
Definition: fmgr.h:355
a
int a
Definition: isn.c:69

References a, PG_GETARG_ACLITEM_P, and PG_RETURN_UINT32.

◆ hash_aclitem_extended()

Datum hash_aclitem_extended ( PG_FUNCTION_ARGS  )

Definition at line 765 of file acl.c.

766 {
767  AclItem *a = PG_GETARG_ACLITEM_P(0);
768  uint64 seed = PG_GETARG_INT64(1);
769  uint32 sum = (uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor);
770 
771  return (seed == 0) ? UInt64GetDatum(sum) : hash_uint32_extended(sum, seed);
772 }
PG_GETARG_INT64
#define PG_GETARG_INT64(n)
Definition: fmgr.h:283
hash_uint32_extended
static Datum hash_uint32_extended(uint32 k, uint64 seed)
Definition: hashfn.h:49
UInt64GetDatum
static Datum UInt64GetDatum(uint64 X)
Definition: postgres.h:436

References a, hash_uint32_extended(), PG_GETARG_ACLITEM_P, PG_GETARG_INT64, and UInt64GetDatum().

◆ initialize_acl()

void initialize_acl ( void  )

Definition at line 4890 of file acl.c.

4891 {
4892  if (!IsBootstrapProcessingMode())
4893  {
4894  cached_db_hash =
4895  GetSysCacheHashValue1(DATABASEOID,
4896  ObjectIdGetDatum(MyDatabaseId));
4897 
4898  /*
4899  * In normal mode, set a callback on any syscache invalidation of rows
4900  * of pg_auth_members (for roles_is_member_of()) pg_database (for
4901  * roles_is_member_of())
4902  */
4903  CacheRegisterSyscacheCallback(AUTHMEMROLEMEM,
4904  RoleMembershipCacheCallback,
4905  (Datum) 0);
4906  CacheRegisterSyscacheCallback(AUTHOID,
4907  RoleMembershipCacheCallback,
4908  (Datum) 0);
4909  CacheRegisterSyscacheCallback(DATABASEOID,
4910  RoleMembershipCacheCallback,
4911  (Datum) 0);
4912  }
4913 }
cached_db_hash
static uint32 cached_db_hash
Definition: acl.c:80
RoleMembershipCacheCallback
static void RoleMembershipCacheCallback(Datum arg, int cacheid, uint32 hashvalue)
Definition: acl.c:4920
MyDatabaseId
Oid MyDatabaseId
Definition: globals.c:92
CacheRegisterSyscacheCallback
void CacheRegisterSyscacheCallback(int cacheid, SyscacheCallbackFunction func, Datum arg)
Definition: inval.c:1516
IsBootstrapProcessingMode
#define IsBootstrapProcessingMode()
Definition: miscadmin.h:454
GetSysCacheHashValue1
#define GetSysCacheHashValue1(cacheId, key1)
Definition: syscache.h:113

References cached_db_hash, CacheRegisterSyscacheCallback(), GetSysCacheHashValue1, IsBootstrapProcessingMode, MyDatabaseId, ObjectIdGetDatum(), and RoleMembershipCacheCallback().

Referenced by InitPostgres().

◆ is_admin_of_role()

bool is_admin_of_role ( Oid  member,
Oid  role 
)

Definition at line 5264 of file acl.c.

5265 {
5266  Oid admin_role;
5267 
5268  if (superuser_arg(member))
5269  return true;
5270 
5271  /* By policy, a role cannot have WITH ADMIN OPTION on itself. */
5272  if (member == role)
5273  return false;
5274 
5275  (void) roles_is_member_of(member, ROLERECURSE_MEMBERS, role, &admin_role);
5276  return OidIsValid(admin_role);
5277 }

References OidIsValid, ROLERECURSE_MEMBERS, roles_is_member_of(), and superuser_arg().

Referenced by AlterRole(), AlterRoleSet(), check_object_ownership(), check_role_membership_authorization(), DropRole(), pg_role_aclcheck(), and RenameRole().

◆ is_member_of_role()

bool is_member_of_role ( Oid  member,
Oid  role 
)

Definition at line 5214 of file acl.c.

5215 {
5216  /* Fast path for simple case */
5217  if (member == role)
5218  return true;
5219 
5220  /* Superusers have every privilege, so are part of every role */
5221  if (superuser_arg(member))
5222  return true;
5223 
5224  /*
5225  * Find all the roles that member is a member of, including multi-level
5226  * recursion, then see if target role is any one of them.
5227  */
5228  return list_member_oid(roles_is_member_of(member, ROLERECURSE_MEMBERS,
5229  InvalidOid, NULL),
5230  role);
5231 }

References InvalidOid, list_member_oid(), ROLERECURSE_MEMBERS, roles_is_member_of(), and superuser_arg().

Referenced by pg_role_aclcheck().

◆ is_member_of_role_nosuper()

bool is_member_of_role_nosuper ( Oid  member,
Oid  role 
)

Definition at line 5242 of file acl.c.

5243 {
5244  /* Fast path for simple case */
5245  if (member == role)
5246  return true;
5247 
5248  /*
5249  * Find all the roles that member is a member of, including multi-level
5250  * recursion, then see if target role is any one of them.
5251  */
5252  return list_member_oid(roles_is_member_of(member, ROLERECURSE_MEMBERS,
5253  InvalidOid, NULL),
5254  role);
5255 }

References InvalidOid, list_member_oid(), ROLERECURSE_MEMBERS, and roles_is_member_of().

Referenced by AddRoleMems(), and is_member().

◆ make_empty_acl()

Acl* make_empty_acl ( void  )

Definition at line 431 of file acl.c.

432 {
433  return allocacl(0);
434 }

References allocacl().

Referenced by SetDefaultACL().

◆ makeaclitem()

Datum makeaclitem ( PG_FUNCTION_ARGS  )

Definition at line 1617 of file acl.c.

1618 {
1619  Oid grantee = PG_GETARG_OID(0);
1620  Oid grantor = PG_GETARG_OID(1);
1621  text *privtext = PG_GETARG_TEXT_PP(2);
1622  bool goption = PG_GETARG_BOOL(3);
1623  AclItem *result;
1624  AclMode priv;
1625  static const priv_map any_priv_map[] = {
1626  {"SELECT", ACL_SELECT},
1627  {"INSERT", ACL_INSERT},
1628  {"UPDATE", ACL_UPDATE},
1629  {"DELETE", ACL_DELETE},
1630  {"TRUNCATE", ACL_TRUNCATE},
1631  {"REFERENCES", ACL_REFERENCES},
1632  {"TRIGGER", ACL_TRIGGER},
1633  {"EXECUTE", ACL_EXECUTE},
1634  {"USAGE", ACL_USAGE},
1635  {"CREATE", ACL_CREATE},
1636  {"TEMP", ACL_CREATE_TEMP},
1637  {"TEMPORARY", ACL_CREATE_TEMP},
1638  {"CONNECT", ACL_CONNECT},
1639  {"SET", ACL_SET},
1640  {"ALTER SYSTEM", ACL_ALTER_SYSTEM},
1641  {"MAINTAIN", ACL_MAINTAIN},
1642  {"RULE", 0}, /* ignore old RULE privileges */
1643  {NULL, 0}
1644  };
1645 
1646  priv = convert_any_priv_string(privtext, any_priv_map);
1647 
1648  result = (AclItem *) palloc(sizeof(AclItem));
1649 
1650  result->ai_grantee = grantee;
1651  result->ai_grantor = grantor;
1652 
1653  ACLITEM_SET_PRIVS_GOPTIONS(*result, priv,
1654  (goption ? priv : ACL_NO_RIGHTS));
1655 
1656  PG_RETURN_ACLITEM_P(result);
1657 }
PG_GETARG_BOOL
#define PG_GETARG_BOOL(n)
Definition: fmgr.h:274

References ACL_ALTER_SYSTEM, ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_MAINTAIN, ACL_NO_RIGHTS, ACL_REFERENCES, ACL_SELECT, ACL_SET, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, ACLITEM_SET_PRIVS_GOPTIONS, AclItem::ai_grantee, AclItem::ai_grantor, convert_any_priv_string(), palloc(), PG_GETARG_BOOL, PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_ACLITEM_P.

◆ member_can_set_role()

bool member_can_set_role ( Oid  member,
Oid  role 
)

Definition at line 5168 of file acl.c.

5169 {
5170  /* Fast path for simple case */
5171  if (member == role)
5172  return true;
5173 
5174  /* Superusers have every privilege, so can always SET ROLE */
5175  if (superuser_arg(member))
5176  return true;
5177 
5178  /*
5179  * Find all the roles that member can access via SET ROLE, including
5180  * multi-level recursion, then see if target role is any one of them.
5181  */
5182  return list_member_oid(roles_is_member_of(member, ROLERECURSE_SETROLE,
5183  InvalidOid, NULL),
5184  role);
5185 }

References InvalidOid, list_member_oid(), ROLERECURSE_SETROLE, roles_is_member_of(), and superuser_arg().

Referenced by check_can_set_role(), check_role(), pg_role_aclcheck(), and SwitchToUntrustedUser().

◆ pg_has_role_id()

Datum pg_has_role_id ( PG_FUNCTION_ARGS  )

Definition at line 4762 of file acl.c.

4763 {
4764  Oid roleoid = PG_GETARG_OID(0);
4765  text *priv_type_text = PG_GETARG_TEXT_PP(1);
4766  Oid roleid;
4767  AclMode mode;
4768  AclResult aclresult;
4769 
4770  roleid = GetUserId();
4771  mode = convert_role_priv_string(priv_type_text);
4772 
4773  aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4774 
4775  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4776 }
convert_role_priv_string
static AclMode convert_role_priv_string(text *priv_type_text)
Definition: acl.c:4837
pg_role_aclcheck
static AclResult pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode)
Definition: acl.c:4860

References ACLCHECK_OK, convert_role_priv_string(), GetUserId(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_id_id()

Datum pg_has_role_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4807 of file acl.c.

4808 {
4809  Oid roleid = PG_GETARG_OID(0);
4810  Oid roleoid = PG_GETARG_OID(1);
4811  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4812  AclMode mode;
4813  AclResult aclresult;
4814 
4815  mode = convert_role_priv_string(priv_type_text);
4816 
4817  aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4818 
4819  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4820 }

References ACLCHECK_OK, convert_role_priv_string(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_id_name()

Datum pg_has_role_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4784 of file acl.c.

4785 {
4786  Oid roleid = PG_GETARG_OID(0);
4787  Name rolename = PG_GETARG_NAME(1);
4788  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4789  Oid roleoid;
4790  AclMode mode;
4791  AclResult aclresult;
4792 
4793  roleoid = get_role_oid(NameStr(*rolename), false);
4794  mode = convert_role_priv_string(priv_type_text);
4795 
4796  aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4797 
4798  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4799 }

References ACLCHECK_OK, convert_role_priv_string(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_name()

Datum pg_has_role_name ( PG_FUNCTION_ARGS  )

Definition at line 4714 of file acl.c.

4715 {
4716  Name rolename = PG_GETARG_NAME(0);
4717  text *priv_type_text = PG_GETARG_TEXT_PP(1);
4718  Oid roleid;
4719  Oid roleoid;
4720  AclMode mode;
4721  AclResult aclresult;
4722 
4723  roleid = GetUserId();
4724  roleoid = get_role_oid(NameStr(*rolename), false);
4725  mode = convert_role_priv_string(priv_type_text);
4726 
4727  aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4728 
4729  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4730 }

References ACLCHECK_OK, convert_role_priv_string(), get_role_oid(), GetUserId(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_name_id()

Datum pg_has_role_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4738 of file acl.c.

4739 {
4740  Name username = PG_GETARG_NAME(0);
4741  Oid roleoid = PG_GETARG_OID(1);
4742  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4743  Oid roleid;
4744  AclMode mode;
4745  AclResult aclresult;
4746 
4747  roleid = get_role_oid(NameStr(*username), false);
4748  mode = convert_role_priv_string(priv_type_text);
4749 
4750  aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4751 
4752  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4753 }

References ACLCHECK_OK, convert_role_priv_string(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, pg_role_aclcheck(), and username.

◆ pg_has_role_name_name()

Datum pg_has_role_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4688 of file acl.c.

4689 {
4690  Name username = PG_GETARG_NAME(0);
4691  Name rolename = PG_GETARG_NAME(1);
4692  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4693  Oid roleid;
4694  Oid roleoid;
4695  AclMode mode;
4696  AclResult aclresult;
4697 
4698  roleid = get_role_oid(NameStr(*username), false);
4699  roleoid = get_role_oid(NameStr(*rolename), false);
4700  mode = convert_role_priv_string(priv_type_text);
4701 
4702  aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4703 
4704  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4705 }

References ACLCHECK_OK, convert_role_priv_string(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, pg_role_aclcheck(), and username.

◆ pg_role_aclcheck()

static AclResult pg_role_aclcheck ( Oid  role_oid,
Oid  roleid,
AclMode  mode 
)
static

Definition at line 4860 of file acl.c.

4861 {
4862  if (mode & ACL_GRANT_OPTION_FOR(ACL_CREATE))
4863  {
4864  if (is_admin_of_role(roleid, role_oid))
4865  return ACLCHECK_OK;
4866  }
4867  if (mode & ACL_CREATE)
4868  {
4869  if (is_member_of_role(roleid, role_oid))
4870  return ACLCHECK_OK;
4871  }
4872  if (mode & ACL_USAGE)
4873  {
4874  if (has_privs_of_role(roleid, role_oid))
4875  return ACLCHECK_OK;
4876  }
4877  if (mode & ACL_SET)
4878  {
4879  if (member_can_set_role(roleid, role_oid))
4880  return ACLCHECK_OK;
4881  }
4882  return ACLCHECK_NO_PRIV;
4883 }
is_admin_of_role
bool is_admin_of_role(Oid member, Oid role)
Definition: acl.c:5264
is_member_of_role
bool is_member_of_role(Oid member, Oid role)
Definition: acl.c:5214
ACLCHECK_NO_PRIV
@ ACLCHECK_NO_PRIV
Definition: acl.h:184

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_SET, ACL_USAGE, ACLCHECK_NO_PRIV, ACLCHECK_OK, has_privs_of_role(), is_admin_of_role(), is_member_of_role(), member_can_set_role(), and mode.

Referenced by pg_has_role_id(), pg_has_role_id_id(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), and pg_has_role_name_name().

◆ putid()

static void putid ( char *  p,
const char *  s 
)
static

Definition at line 201 of file acl.c.

202 {
203  const char *src;
204  bool safe = true;
205 
206  for (src = s; *src; src++)
207  {
208  /* This test had better match what getid() does, above */
209  if (!isalnum((unsigned char) *src) && *src != '_')
210  {
211  safe = false;
212  break;
213  }
214  }
215  if (!safe)
216  *p++ = '"';
217  for (src = s; *src; src++)
218  {
219  /* A double quote character in a username is encoded as "" */
220  if (*src == '"')
221  *p++ = '"';
222  *p++ = *src;
223  }
224  if (!safe)
225  *p++ = '"';
226  *p = '\0';
227 }

Referenced by aclitemout().

◆ recursive_revoke()

static Acl * recursive_revoke ( Acl acl,
Oid  grantee,
AclMode  revoke_privs,
Oid  ownerId,
DropBehavior  behavior 
)
static

Definition at line 1285 of file acl.c.

1290 {
1291  AclMode still_has;
1292  AclItem *aip;
1293  int i,
1294  num;
1295 
1296  check_acl(acl);
1297 
1298  /* The owner can never truly lose grant options, so short-circuit */
1299  if (grantee == ownerId)
1300  return acl;
1301 
1302  /* The grantee might still have some grant options via another grantor */
1303  still_has = aclmask(acl, grantee, ownerId,
1304  ACL_GRANT_OPTION_FOR(revoke_privs),
1305  ACLMASK_ALL);
1306  revoke_privs &= ~ACL_OPTION_TO_PRIVS(still_has);
1307  if (revoke_privs == ACL_NO_RIGHTS)
1308  return acl;
1309 
1310 restart:
1311  num = ACL_NUM(acl);
1312  aip = ACL_DAT(acl);
1313  for (i = 0; i < num; i++)
1314  {
1315  if (aip[i].ai_grantor == grantee
1316  && (ACLITEM_GET_PRIVS(aip[i]) & revoke_privs) != 0)
1317  {
1318  AclItem mod_acl;
1319  Acl *new_acl;
1320 
1321  if (behavior == DROP_RESTRICT)
1322  ereport(ERROR,
1323  (errcode(ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST),
1324  errmsg("dependent privileges exist"),
1325  errhint("Use CASCADE to revoke them too.")));
1326 
1327  mod_acl.ai_grantor = grantee;
1328  mod_acl.ai_grantee = aip[i].ai_grantee;
1329  ACLITEM_SET_PRIVS_GOPTIONS(mod_acl,
1330  revoke_privs,
1331  revoke_privs);
1332 
1333  new_acl = aclupdate(acl, &mod_acl, ACL_MODECHG_DEL,
1334  ownerId, behavior);
1335 
1336  pfree(acl);
1337  acl = new_acl;
1338 
1339  goto restart;
1340  }
1341  }
1342 
1343  return acl;
1344 }

References ACL_DAT, ACL_GRANT_OPTION_FOR, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACL_NUM, ACL_OPTION_TO_PRIVS, ACLITEM_GET_PRIVS, ACLITEM_SET_PRIVS_GOPTIONS, aclmask(), ACLMASK_ALL, aclupdate(), AclItem::ai_grantee, AclItem::ai_grantor, check_acl(), DROP_RESTRICT, ereport, errcode(), errhint(), errmsg(), ERROR, i, and pfree().

Referenced by aclupdate().

◆ RoleMembershipCacheCallback()

static void RoleMembershipCacheCallback ( Datum  arg,
int  cacheid,
uint32  hashvalue 
)
static

Definition at line 4920 of file acl.c.

4921 {
4922  if (cacheid == DATABASEOID &&
4923  hashvalue != cached_db_hash &&
4924  hashvalue != 0)
4925  {
4926  return; /* ignore pg_database changes for other DBs */
4927  }
4928 
4929  /* Force membership caches to be recomputed on next use */
4930  cached_role[ROLERECURSE_MEMBERS] = InvalidOid;
4931  cached_role[ROLERECURSE_PRIVS] = InvalidOid;
4932  cached_role[ROLERECURSE_SETROLE] = InvalidOid;
4933 }
cached_role
static Oid cached_role[]
Definition: acl.c:78

References cached_db_hash, cached_role, InvalidOid, ROLERECURSE_MEMBERS, ROLERECURSE_PRIVS, and ROLERECURSE_SETROLE.

Referenced by initialize_acl().

◆ roles_is_member_of()

static List* roles_is_member_of ( Oid  roleid,
enum RoleRecurseType  type,
Oid  admin_of,
Oid admin_role 
)
static

Definition at line 5002 of file acl.c.

5004 {
5005  Oid dba;
5006  List *roles_list;
5007  ListCell *l;
5008  List *new_cached_roles;
5009  MemoryContext oldctx;
5010  bloom_filter *bf = NULL;
5011 
5012  Assert(OidIsValid(admin_of) == PointerIsValid(admin_role));
5013  if (admin_role != NULL)
5014  *admin_role = InvalidOid;
5015 
5016  /* If cache is valid and ADMIN OPTION not sought, just return the list */
5017  if (cached_role[type] == roleid && !OidIsValid(admin_of) &&
5018  OidIsValid(cached_role[type]))
5019  return cached_roles[type];
5020 
5021  /*
5022  * Role expansion happens in a non-database backend when guc.c checks
5023  * ROLE_PG_READ_ALL_SETTINGS for a physical walsender SHOW command. In
5024  * that case, no role gets pg_database_owner.
5025  */
5026  if (!OidIsValid(MyDatabaseId))
5027  dba = InvalidOid;
5028  else
5029  {
5030  HeapTuple dbtup;
5031 
5032  dbtup = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(MyDatabaseId));
5033  if (!HeapTupleIsValid(dbtup))
5034  elog(ERROR, "cache lookup failed for database %u", MyDatabaseId);
5035  dba = ((Form_pg_database) GETSTRUCT(dbtup))->datdba;
5036  ReleaseSysCache(dbtup);
5037  }
5038 
5039  /*
5040  * Find all the roles that roleid is a member of, including multi-level
5041  * recursion. The role itself will always be the first element of the
5042  * resulting list.
5043  *
5044  * Each element of the list is scanned to see if it adds any indirect
5045  * memberships. We can use a single list as both the record of
5046  * already-found memberships and the agenda of roles yet to be scanned.
5047  * This is a bit tricky but works because the foreach() macro doesn't
5048  * fetch the next list element until the bottom of the loop.
5049  */
5050  roles_list = list_make1_oid(roleid);
5051 
5052  foreach(l, roles_list)
5053  {
5054  Oid memberid = lfirst_oid(l);
5055  CatCList *memlist;
5056  int i;
5057 
5058  /* Find roles that memberid is directly a member of */
5059  memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
5060  ObjectIdGetDatum(memberid));
5061  for (i = 0; i < memlist->n_members; i++)
5062  {
5063  HeapTuple tup = &memlist->members[i]->tuple;
5064  Form_pg_auth_members form = (Form_pg_auth_members) GETSTRUCT(tup);
5065  Oid otherid = form->roleid;
5066 
5067  /*
5068  * While otherid==InvalidOid shouldn't appear in the catalog, the
5069  * OidIsValid() avoids crashing if that arises.
5070  */
5071  if (otherid == admin_of && form->admin_option &&
5072  OidIsValid(admin_of) && !OidIsValid(*admin_role))
5073  *admin_role = memberid;
5074 
5075  /* If we're supposed to ignore non-heritable grants, do so. */
5076  if (type == ROLERECURSE_PRIVS && !form->inherit_option)
5077  continue;
5078 
5079  /* If we're supposed to ignore non-SET grants, do so. */
5080  if (type == ROLERECURSE_SETROLE && !form->set_option)
5081  continue;
5082 
5083  /*
5084  * Even though there shouldn't be any loops in the membership
5085  * graph, we must test for having already seen this role. It is
5086  * legal for instance to have both A->B and A->C->B.
5087  */
5088  roles_list = roles_list_append(roles_list, &bf, otherid);
5089  }
5090  ReleaseSysCacheList(memlist);
5091 
5092  /* implement pg_database_owner implicit membership */
5093  if (memberid == dba && OidIsValid(dba))
5094  roles_list = roles_list_append(roles_list, &bf,
5095  ROLE_PG_DATABASE_OWNER);
5096  }
5097 
5098  /*
5099  * Free the Bloom filter created by roles_list_append(), if there is one.
5100  */
5101  if (bf)
5102  bloom_free(bf);
5103 
5104  /*
5105  * Copy the completed list into TopMemoryContext so it will persist.
5106  */
5107  oldctx = MemoryContextSwitchTo(TopMemoryContext);
5108  new_cached_roles = list_copy(roles_list);
5109  MemoryContextSwitchTo(oldctx);
5110  list_free(roles_list);
5111 
5112  /*
5113  * Now safe to assign to state variable
5114  */
5115  cached_role[type] = InvalidOid; /* just paranoia */
5116  list_free(cached_roles[type]);
5117  cached_roles[type] = new_cached_roles;
5118  cached_role[type] = roleid;
5119 
5120  /* And now we can return the answer */
5121  return cached_roles[type];
5122 }
cached_roles
static List * cached_roles[]
Definition: acl.c:79
roles_list_append
static List * roles_list_append(List *roles_list, bloom_filter **bf, Oid role)
Definition: acl.c:4942
bloom_free
void bloom_free(bloom_filter *filter)
Definition: bloomfilter.c:126
PointerIsValid
#define PointerIsValid(pointer)
Definition: c.h:763
list_copy
List * list_copy(const List *oldlist)
Definition: list.c:1573
list_free
void list_free(List *list)
Definition: list.c:1546
TopMemoryContext
MemoryContext TopMemoryContext
Definition: mcxt.c:149
Form_pg_auth_members
FormData_pg_auth_members * Form_pg_auth_members
Definition: pg_auth_members.h:46
Form_pg_database
FormData_pg_database * Form_pg_database
Definition: pg_database.h:96
list_make1_oid
#define list_make1_oid(x1)
Definition: pg_list.h:242
lfirst_oid
#define lfirst_oid(lc)
Definition: pg_list.h:174
List
Definition: pg_list.h:54
bloom_filter
Definition: bloomfilter.c:45
catclist::members
CatCTup * members[FLEXIBLE_ARRAY_MEMBER]
Definition: catcache.h:180
catclist::n_members
int n_members
Definition: catcache.h:178
catctup::tuple
HeapTupleData tuple
Definition: catcache.h:123
ReleaseSysCacheList
#define ReleaseSysCacheList(x)
Definition: syscache.h:129
SearchSysCacheList1
#define SearchSysCacheList1(cacheId, key1)
Definition: syscache.h:122
type
const char * type
Definition: wait_event_funcs.c:27

References Assert, bloom_free(), cached_role, cached_roles, elog, ERROR, GETSTRUCT, HeapTupleIsValid, i, InvalidOid, lfirst_oid, list_copy(), list_free(), list_make1_oid, catclist::members, MemoryContextSwitchTo(), MyDatabaseId, catclist::n_members, ObjectIdGetDatum(), OidIsValid, PointerIsValid, ReleaseSysCache(), ReleaseSysCacheList, ROLERECURSE_PRIVS, ROLERECURSE_SETROLE, roles_list_append(), SearchSysCache1(), SearchSysCacheList1, TopMemoryContext, catctup::tuple, and type.

Referenced by has_privs_of_role(), is_admin_of_role(), is_member_of_role(), is_member_of_role_nosuper(), member_can_set_role(), select_best_admin(), and select_best_grantor().

◆ roles_list_append()

static List* roles_list_append ( List roles_list,
bloom_filter **  bf,
Oid  role 
)
inlinestatic

Definition at line 4942 of file acl.c.

4943 {
4944  unsigned char *roleptr = (unsigned char *) &role;
4945 
4946  /*
4947  * If there is a previously-created Bloom filter, use it to try to
4948  * determine whether the role is missing from the list. If it says yes,
4949  * that's a hard fact and we can go ahead and add the role. If it says
4950  * no, that's only probabilistic and we'd better search the list. Without
4951  * a filter, we must always do an ordinary linear search through the
4952  * existing list.
4953  */
4954  if ((*bf && bloom_lacks_element(*bf, roleptr, sizeof(Oid))) ||
4955  !list_member_oid(roles_list, role))
4956  {
4957  /*
4958  * If the list is large, we take on the overhead of creating and
4959  * populating a Bloom filter to speed up future calls to this
4960  * function.
4961  */
4962  if (*bf == NULL &&
4963  list_length(roles_list) > ROLES_LIST_BLOOM_THRESHOLD)
4964  {
4965  *bf = bloom_create(ROLES_LIST_BLOOM_THRESHOLD * 10, work_mem, 0);
4966  foreach_oid(roleid, roles_list)
4967  bloom_add_element(*bf, (unsigned char *) &roleid, sizeof(Oid));
4968  }
4969 
4970  /*
4971  * Finally, add the role to the list and the Bloom filter, if it
4972  * exists.
4973  */
4974  roles_list = lappend_oid(roles_list, role);
4975  if (*bf)
4976  bloom_add_element(*bf, roleptr, sizeof(Oid));
4977  }
4978 
4979  return roles_list;
4980 }
ROLES_LIST_BLOOM_THRESHOLD
#define ROLES_LIST_BLOOM_THRESHOLD
Definition: acl.c:88
bloom_create
bloom_filter * bloom_create(int64 total_elems, int bloom_work_mem, uint64 seed)
Definition: bloomfilter.c:87
bloom_lacks_element
bool bloom_lacks_element(bloom_filter *filter, unsigned char *elem, size_t len)
Definition: bloomfilter.c:157
bloom_add_element
void bloom_add_element(bloom_filter *filter, unsigned char *elem, size_t len)
Definition: bloomfilter.c:135
work_mem
int work_mem
Definition: globals.c:129
lappend_oid
List * lappend_oid(List *list, Oid datum)
Definition: list.c:375
list_length
static int list_length(const List *l)
Definition: pg_list.h:152
foreach_oid
#define foreach_oid(var, lst)
Definition: pg_list.h:471

References bloom_add_element(), bloom_create(), bloom_lacks_element(), foreach_oid, lappend_oid(), list_length(), list_member_oid(), ROLES_LIST_BLOOM_THRESHOLD, and work_mem.

Referenced by roles_is_member_of().

◆ select_best_admin()

Oid select_best_admin ( Oid  member,
Oid  role 
)

Definition at line 5289 of file acl.c.

5290 {
5291  Oid admin_role;
5292 
5293  /* By policy, a role cannot have WITH ADMIN OPTION on itself. */
5294  if (member == role)
5295  return InvalidOid;
5296 
5297  (void) roles_is_member_of(member, ROLERECURSE_PRIVS, role, &admin_role);
5298  return admin_role;
5299 }

References InvalidOid, ROLERECURSE_PRIVS, and roles_is_member_of().

Referenced by check_role_grantor().

◆ select_best_grantor()

void select_best_grantor ( Oid  roleId,
AclMode  privileges,
const Acl acl,
Oid  ownerId,
Oid grantorId,
AclMode grantOptions 
)

Definition at line 5344 of file acl.c.

5347 {
5348  AclMode needed_goptions = ACL_GRANT_OPTION_FOR(privileges);
5349  List *roles_list;
5350  int nrights;
5351  ListCell *l;
5352 
5353  /*
5354  * The object owner is always treated as having all grant options, so if
5355  * roleId is the owner it's easy. Also, if roleId is a superuser it's
5356  * easy: superusers are implicitly members of every role, so they act as
5357  * the object owner.
5358  */
5359  if (roleId == ownerId || superuser_arg(roleId))
5360  {
5361  *grantorId = ownerId;
5362  *grantOptions = needed_goptions;
5363  return;
5364  }
5365 
5366  /*
5367  * Otherwise we have to do a careful search to see if roleId has the
5368  * privileges of any suitable role. Note: we can hang onto the result of
5369  * roles_is_member_of() throughout this loop, because aclmask_direct()
5370  * doesn't query any role memberships.
5371  */
5372  roles_list = roles_is_member_of(roleId, ROLERECURSE_PRIVS,
5373  InvalidOid, NULL);
5374 
5375  /* initialize candidate result as default */
5376  *grantorId = roleId;
5377  *grantOptions = ACL_NO_RIGHTS;
5378  nrights = 0;
5379 
5380  foreach(l, roles_list)
5381  {
5382  Oid otherrole = lfirst_oid(l);
5383  AclMode otherprivs;
5384 
5385  otherprivs = aclmask_direct(acl, otherrole, ownerId,
5386  needed_goptions, ACLMASK_ALL);
5387  if (otherprivs == needed_goptions)
5388  {
5389  /* Found a suitable grantor */
5390  *grantorId = otherrole;
5391  *grantOptions = otherprivs;
5392  return;
5393  }
5394 
5395  /*
5396  * If it has just some of the needed privileges, remember best
5397  * candidate.
5398  */
5399  if (otherprivs != ACL_NO_RIGHTS)
5400  {
5401  int nnewrights = count_one_bits(otherprivs);
5402 
5403  if (nnewrights > nrights)
5404  {
5405  *grantorId = otherrole;
5406  *grantOptions = otherprivs;
5407  nrights = nnewrights;
5408  }
5409  }
5410  }
5411 }
count_one_bits
static int count_one_bits(AclMode mask)
Definition: acl.c:5304
aclmask_direct
static AclMode aclmask_direct(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Definition: acl.c:1460

References ACL_GRANT_OPTION_FOR, ACL_NO_RIGHTS, ACLMASK_ALL, aclmask_direct(), count_one_bits(), InvalidOid, lfirst_oid, ROLERECURSE_PRIVS, roles_is_member_of(), and superuser_arg().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), and ExecGrant_Relation().

Variable Documentation

◆ cached_db_hash

uint32 cached_db_hash
static

Definition at line 80 of file acl.c.

Referenced by initialize_acl(), and RoleMembershipCacheCallback().

◆ cached_role

Oid cached_role[] = {InvalidOid, InvalidOid, InvalidOid}
static

Definition at line 78 of file acl.c.

Referenced by RoleMembershipCacheCallback(), and roles_is_member_of().

◆ cached_roles

List* cached_roles[] = {NIL, NIL, NIL}
static

Definition at line 79 of file acl.c.

Referenced by roles_is_member_of().