PostgreSQL Source Code git master
Loading...
Searching...
No Matches
acl.c File Reference
#include "postgres.h"
#include <ctype.h>
#include "access/htup_details.h"
#include "bootstrap/bootstrap.h"
#include "catalog/catalog.h"
#include "catalog/namespace.h"
#include "catalog/pg_auth_members.h"
#include "catalog/pg_authid.h"
#include "catalog/pg_class.h"
#include "catalog/pg_database.h"
#include "catalog/pg_foreign_data_wrapper.h"
#include "catalog/pg_foreign_server.h"
#include "catalog/pg_language.h"
#include "catalog/pg_largeobject.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_proc.h"
#include "catalog/pg_tablespace.h"
#include "catalog/pg_type.h"
#include "commands/proclang.h"
#include "commands/tablespace.h"
#include "common/hashfn.h"
#include "foreign/foreign.h"
#include "funcapi.h"
#include "lib/bloomfilter.h"
#include "lib/qunique.h"
#include "miscadmin.h"
#include "port/pg_bitutils.h"
#include "storage/large_object.h"
#include "utils/acl.h"
#include "utils/array.h"
#include "utils/builtins.h"
#include "utils/catcache.h"
#include "utils/inval.h"
#include "utils/lsyscache.h"
#include "utils/memutils.h"
#include "utils/snapmgr.h"
#include "utils/syscache.h"
#include "utils/varlena.h"
Include dependency graph for acl.c:

Go to the source code of this file.

Data Structures

struct  priv_map
 

Macros

#define ROLES_LIST_BLOOM_THRESHOLD   1024
 

Enumerations

enum  RoleRecurseType { ROLERECURSE_MEMBERS = 0 , ROLERECURSE_PRIVS = 1 , ROLERECURSE_SETROLE = 2 }
 

Functions

static const chargetid (const char *s, char *n, Node *escontext)
 
static void putid (char *p, const char *s)
 
static Aclallocacl (int n)
 
static void check_acl (const Acl *acl)
 
static const characlparse (const char *s, AclItem *aip, Node *escontext)
 
static bool aclitem_match (const AclItem *a1, const AclItem *a2)
 
static int aclitemComparator (const void *arg1, const void *arg2)
 
static void check_circularity (const Acl *old_acl, const AclItem *mod_aip, Oid ownerId)
 
static Aclrecursive_revoke (Acl *acl, Oid grantee, AclMode revoke_privs, Oid ownerId, DropBehavior behavior)
 
static AclMode convert_any_priv_string (text *priv_type_text, const priv_map *privileges)
 
static Oid convert_table_name (text *tablename)
 
static AclMode convert_table_priv_string (text *priv_type_text)
 
static AclMode convert_sequence_priv_string (text *priv_type_text)
 
static AttrNumber convert_column_name (Oid tableoid, text *column)
 
static AclMode convert_column_priv_string (text *priv_type_text)
 
static Oid convert_database_name (text *databasename)
 
static AclMode convert_database_priv_string (text *priv_type_text)
 
static Oid convert_foreign_data_wrapper_name (text *fdwname)
 
static AclMode convert_foreign_data_wrapper_priv_string (text *priv_type_text)
 
static Oid convert_function_name (text *functionname)
 
static AclMode convert_function_priv_string (text *priv_type_text)
 
static Oid convert_language_name (text *languagename)
 
static AclMode convert_language_priv_string (text *priv_type_text)
 
static Oid convert_schema_name (text *schemaname)
 
static AclMode convert_schema_priv_string (text *priv_type_text)
 
static Oid convert_server_name (text *servername)
 
static AclMode convert_server_priv_string (text *priv_type_text)
 
static Oid convert_tablespace_name (text *tablespacename)
 
static AclMode convert_tablespace_priv_string (text *priv_type_text)
 
static Oid convert_type_name (text *typename)
 
static AclMode convert_type_priv_string (text *priv_type_text)
 
static AclMode convert_parameter_priv_string (text *priv_text)
 
static AclMode convert_largeobject_priv_string (text *priv_type_text)
 
static AclMode convert_role_priv_string (text *priv_type_text)
 
static AclResult pg_role_aclcheck (Oid role_oid, Oid roleid, AclMode mode)
 
static void RoleMembershipCacheCallback (Datum arg, SysCacheIdentifier cacheid, uint32 hashvalue)
 
static bool is_safe_acl_char (unsigned char c, bool is_getid)
 
Aclmake_empty_acl (void)
 
Aclaclcopy (const Acl *orig_acl)
 
Aclaclconcat (const Acl *left_acl, const Acl *right_acl)
 
Aclaclmerge (const Acl *left_acl, const Acl *right_acl, Oid ownerId)
 
void aclitemsort (Acl *acl)
 
bool aclequal (const Acl *left_acl, const Acl *right_acl)
 
Datum aclitemin (PG_FUNCTION_ARGS)
 
Datum aclitemout (PG_FUNCTION_ARGS)
 
Datum aclitem_eq (PG_FUNCTION_ARGS)
 
Datum hash_aclitem (PG_FUNCTION_ARGS)
 
Datum hash_aclitem_extended (PG_FUNCTION_ARGS)
 
Aclacldefault (ObjectType objtype, Oid ownerId)
 
Datum acldefault_sql (PG_FUNCTION_ARGS)
 
Aclaclupdate (const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
 
Aclaclnewowner (const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)
 
AclMode aclmask (const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
 
static AclMode aclmask_direct (const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
 
int aclmembers (const Acl *acl, Oid **roleids)
 
Datum aclinsert (PG_FUNCTION_ARGS)
 
Datum aclremove (PG_FUNCTION_ARGS)
 
Datum aclcontains (PG_FUNCTION_ARGS)
 
Datum makeaclitem (PG_FUNCTION_ARGS)
 
static const charconvert_aclright_to_string (int aclright)
 
Datum aclexplode (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_id_id (PG_FUNCTION_ARGS)
 
static int column_privilege_check (Oid tableoid, AttrNumber attnum, Oid roleid, AclMode mode)
 
Datum has_column_privilege_name_name_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_name_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_id_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_id_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_name_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_name_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_id_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_id_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_attnum (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_id_id (PG_FUNCTION_ARGS)
 
static bool has_param_priv_byname (Oid roleid, const text *parameter, AclMode priv)
 
Datum has_parameter_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_parameter_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_parameter_privilege_id_name (PG_FUNCTION_ARGS)
 
static bool has_lo_priv_byid (Oid roleid, Oid lobjId, AclMode priv, bool *is_missing)
 
Datum has_largeobject_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_largeobject_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_largeobject_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum pg_has_role_name_name (PG_FUNCTION_ARGS)
 
Datum pg_has_role_name (PG_FUNCTION_ARGS)
 
Datum pg_has_role_name_id (PG_FUNCTION_ARGS)
 
Datum pg_has_role_id (PG_FUNCTION_ARGS)
 
Datum pg_has_role_id_name (PG_FUNCTION_ARGS)
 
Datum pg_has_role_id_id (PG_FUNCTION_ARGS)
 
void initialize_acl (void)
 
static Listroles_list_append (List *roles_list, bloom_filter **bf, Oid role)
 
static Listroles_is_member_of (Oid roleid, enum RoleRecurseType type, Oid admin_of, Oid *admin_role)
 
bool has_privs_of_role (Oid member, Oid role)
 
bool member_can_set_role (Oid member, Oid role)
 
void check_can_set_role (Oid member, Oid role)
 
bool is_member_of_role (Oid member, Oid role)
 
bool is_member_of_role_nosuper (Oid member, Oid role)
 
bool is_admin_of_role (Oid member, Oid role)
 
Oid select_best_admin (Oid member, Oid role)
 
void select_best_grantor (const RoleSpec *grantedBy, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
 
Oid get_role_oid (const char *rolname, bool missing_ok)
 
Oid get_role_oid_or_public (const char *rolname)
 
Oid get_rolespec_oid (const RoleSpec *role, bool missing_ok)
 
HeapTuple get_rolespec_tuple (const RoleSpec *role)
 
charget_rolespec_name (const RoleSpec *role)
 
void check_rolespec_name (const RoleSpec *role, const char *detail_msg)
 

Variables

static Oid cached_role [] = {InvalidOid, InvalidOid, InvalidOid}
 
static Listcached_roles [] = {NIL, NIL, NIL}
 
static uint32 cached_db_hash
 

Macro Definition Documentation

◆ ROLES_LIST_BLOOM_THRESHOLD

#define ROLES_LIST_BLOOM_THRESHOLD   1024

Definition at line 92 of file acl.c.

Enumeration Type Documentation

◆ RoleRecurseType

Enumerator
ROLERECURSE_MEMBERS 
ROLERECURSE_PRIVS 
ROLERECURSE_SETROLE 

Definition at line 76 of file acl.c.

77{
78 ROLERECURSE_MEMBERS = 0, /* recurse unconditionally */
79 ROLERECURSE_PRIVS = 1, /* recurse through inheritable grants */
80 ROLERECURSE_SETROLE = 2 /* recurse through grants with set_option */
81};
@ ROLERECURSE_PRIVS
Definition acl.c:79
@ ROLERECURSE_MEMBERS
Definition acl.c:78
@ ROLERECURSE_SETROLE
Definition acl.c:80

Function Documentation

◆ aclconcat()

Acl * aclconcat ( const Acl left_acl,
const Acl right_acl 
)

Definition at line 491 of file acl.c.

492{
494
496
499 ACL_NUM(left_acl) * sizeof(AclItem));
500
503 ACL_NUM(right_acl) * sizeof(AclItem));
504
505 return result_acl;
506}
static Acl * allocacl(int n)
Definition acl.c:440
#define ACL_DAT(ACL)
Definition acl.h:109
#define ACL_NUM(ACL)
Definition acl.h:108
memcpy(sums, checksumBaseOffsets, sizeof(checksumBaseOffsets))
static int fb(int x)
Definition acl.h:55

References ACL_DAT, ACL_NUM, allocacl(), fb(), and memcpy().

Referenced by ExecGrant_Attribute().

◆ aclcontains()

Datum aclcontains ( PG_FUNCTION_ARGS  )

Definition at line 1643 of file acl.c.

1644{
1645 Acl *acl = PG_GETARG_ACL_P(0);
1647 AclItem *aidat;
1648 int i,
1649 num;
1650
1651 check_acl(acl);
1652 num = ACL_NUM(acl);
1653 aidat = ACL_DAT(acl);
1654 for (i = 0; i < num; ++i)
1655 {
1656 if (aip->ai_grantee == aidat[i].ai_grantee &&
1657 aip->ai_grantor == aidat[i].ai_grantor &&
1659 PG_RETURN_BOOL(true);
1660 }
1661 PG_RETURN_BOOL(false);
1662}
static void check_acl(const Acl *acl)
Definition acl.c:604
#define PG_GETARG_ACLITEM_P(n)
Definition acl.h:117
#define PG_GETARG_ACL_P(n)
Definition acl.h:122
#define ACLITEM_GET_RIGHTS(item)
Definition acl.h:68
#define PG_RETURN_BOOL(x)
Definition fmgr.h:360
int i
Definition isn.c:77

References ACL_DAT, ACL_NUM, ACLITEM_GET_RIGHTS, check_acl(), fb(), i, PG_GETARG_ACL_P, PG_GETARG_ACLITEM_P, and PG_RETURN_BOOL.

◆ aclcopy()

Acl * aclcopy ( const Acl orig_acl)

Definition at line 471 of file acl.c.

472{
474
476
479 ACL_NUM(orig_acl) * sizeof(AclItem));
480
481 return result_acl;
482}

References ACL_DAT, ACL_NUM, allocacl(), fb(), and memcpy().

Referenced by aclmerge(), ExecGrant_Relation(), and SetDefaultACL().

◆ acldefault()

Acl * acldefault ( ObjectType  objtype,
Oid  ownerId 
)

Definition at line 827 of file acl.c.

828{
831 int nacl;
832 Acl *acl;
833 AclItem *aip;
834
835 switch (objtype)
836 {
837 case OBJECT_COLUMN:
838 /* by default, columns have no extra privileges */
841 break;
842 case OBJECT_TABLE:
845 break;
846 case OBJECT_SEQUENCE:
849 break;
850 case OBJECT_DATABASE:
851 /* for backwards compatibility, grant some rights by default */
854 break;
855 case OBJECT_FUNCTION:
856 /* Grant EXECUTE by default, for now */
859 break;
860 case OBJECT_LANGUAGE:
861 /* Grant USAGE by default, for now */
864 break;
868 break;
869 case OBJECT_SCHEMA:
872 break;
876 break;
877 case OBJECT_FDW:
880 break;
884 break;
885 case OBJECT_DOMAIN:
886 case OBJECT_TYPE:
889 break;
893 break;
894 case OBJECT_PROPGRAPH:
897 break;
898 default:
899 elog(ERROR, "unrecognized object type: %d", (int) objtype);
900 world_default = ACL_NO_RIGHTS; /* keep compiler quiet */
902 break;
903 }
904
905 nacl = 0;
907 nacl++;
909 nacl++;
910
911 acl = allocacl(nacl);
912 aip = ACL_DAT(acl);
913
915 {
916 aip->ai_grantee = ACL_ID_PUBLIC;
917 aip->ai_grantor = ownerId;
919 aip++;
920 }
921
922 /*
923 * Note that the owner's entry shows all ordinary privileges but no grant
924 * options. This is because his grant options come "from the system" and
925 * not from his own efforts. (The SQL spec says that the owner's rights
926 * come from a "_SYSTEM" authid.) However, we do consider that the
927 * owner's ordinary privileges are self-granted; this lets him revoke
928 * them. We implement the owner's grant options without any explicit
929 * "_SYSTEM"-like ACL entry, by internally special-casing the owner
930 * wherever we are testing grant options.
931 */
933 {
934 aip->ai_grantee = ownerId;
935 aip->ai_grantor = ownerId;
937 }
938
939 return acl;
940}
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
Definition acl.h:164
#define ACL_ALL_RIGHTS_TABLESPACE
Definition acl.h:171
#define ACL_ALL_RIGHTS_PARAMETER_ACL
Definition acl.h:168
#define ACL_ALL_RIGHTS_SCHEMA
Definition acl.h:170
#define ACL_ALL_RIGHTS_SEQUENCE
Definition acl.h:161
#define ACL_ALL_RIGHTS_DATABASE
Definition acl.h:162
#define ACL_ALL_RIGHTS_PROPGRAPH
Definition acl.h:169
#define ACL_ALL_RIGHTS_FUNCTION
Definition acl.h:165
#define ACL_ALL_RIGHTS_LANGUAGE
Definition acl.h:166
#define ACL_ALL_RIGHTS_TYPE
Definition acl.h:172
#define ACL_ALL_RIGHTS_FDW
Definition acl.h:163
#define ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)
Definition acl.h:82
#define ACL_ALL_RIGHTS_RELATION
Definition acl.h:160
#define ACL_ID_PUBLIC
Definition acl.h:46
#define ACL_ALL_RIGHTS_LARGEOBJECT
Definition acl.h:167
#define ERROR
Definition elog.h:40
#define elog(elevel,...)
Definition elog.h:228
#define ACL_CREATE_TEMP
Definition parsenodes.h:86
uint64 AclMode
Definition parsenodes.h:74
#define ACL_USAGE
Definition parsenodes.h:84
#define ACL_NO_RIGHTS
Definition parsenodes.h:92
@ OBJECT_FDW
@ OBJECT_PROPGRAPH
@ OBJECT_SCHEMA
@ OBJECT_DOMAIN
@ OBJECT_COLUMN
@ OBJECT_TABLESPACE
@ OBJECT_LARGEOBJECT
@ OBJECT_DATABASE
@ OBJECT_SEQUENCE
@ OBJECT_LANGUAGE
@ OBJECT_FOREIGN_SERVER
@ OBJECT_TABLE
@ OBJECT_PARAMETER_ACL
@ OBJECT_TYPE
@ OBJECT_FUNCTION
#define ACL_CONNECT
Definition parsenodes.h:87
#define ACL_EXECUTE
Definition parsenodes.h:83

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_LARGEOBJECT, ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_ALL_RIGHTS_PROPGRAPH, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, ACL_CONNECT, ACL_CREATE_TEMP, ACL_DAT, ACL_EXECUTE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, ACL_USAGE, ACLITEM_SET_PRIVS_GOPTIONS, allocacl(), elog, ERROR, fb(), OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_PROPGRAPH, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, and OBJECT_TYPE.

Referenced by acldefault_sql(), buildDefaultACLCommands(), dumpACL(), dumpRoleGUCPrivs(), dumpTable(), dumpTablespaces(), ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), get_user_default_acl(), object_aclmask_ext(), pg_class_aclmask_ext(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask_ext(), pg_parameter_acl_aclmask(), pg_parameter_aclmask(), pg_type_aclmask_ext(), and SetDefaultACL().

◆ acldefault_sql()

Datum acldefault_sql ( PG_FUNCTION_ARGS  )

Definition at line 948 of file acl.c.

949{
950 char objtypec = PG_GETARG_CHAR(0);
951 Oid owner = PG_GETARG_OID(1);
952 ObjectType objtype = 0;
953
954 switch (objtypec)
955 {
956 case 'c':
957 objtype = OBJECT_COLUMN;
958 break;
959 case 'g':
960 objtype = OBJECT_PROPGRAPH;
961 break;
962 case 'r':
963 objtype = OBJECT_TABLE;
964 break;
965 case 's':
966 objtype = OBJECT_SEQUENCE;
967 break;
968 case 'd':
969 objtype = OBJECT_DATABASE;
970 break;
971 case 'f':
972 objtype = OBJECT_FUNCTION;
973 break;
974 case 'l':
975 objtype = OBJECT_LANGUAGE;
976 break;
977 case 'L':
978 objtype = OBJECT_LARGEOBJECT;
979 break;
980 case 'n':
981 objtype = OBJECT_SCHEMA;
982 break;
983 case 'p':
984 objtype = OBJECT_PARAMETER_ACL;
985 break;
986 case 't':
987 objtype = OBJECT_TABLESPACE;
988 break;
989 case 'F':
990 objtype = OBJECT_FDW;
991 break;
992 case 'S':
993 objtype = OBJECT_FOREIGN_SERVER;
994 break;
995 case 'T':
996 objtype = OBJECT_TYPE;
997 break;
998 default:
999 elog(ERROR, "unrecognized object type abbreviation: %c", objtypec);
1000 }
1001
1002 PG_RETURN_ACL_P(acldefault(objtype, owner));
1003}
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition acl.c:827
#define PG_RETURN_ACL_P(x)
Definition acl.h:124
#define PG_GETARG_OID(n)
Definition fmgr.h:275
#define PG_GETARG_CHAR(n)
Definition fmgr.h:273
ObjectType
unsigned int Oid

References acldefault(), elog, ERROR, fb(), OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_PROPGRAPH, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, PG_GETARG_CHAR, PG_GETARG_OID, and PG_RETURN_ACL_P.

◆ aclequal()

bool aclequal ( const Acl left_acl,
const Acl right_acl 
)

Definition at line 573 of file acl.c.

574{
575 /* Check for cases where one or both are empty/null */
576 if (left_acl == NULL || ACL_NUM(left_acl) == 0)
577 {
578 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
579 return true;
580 else
581 return false;
582 }
583 else
584 {
585 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
586 return false;
587 }
588
590 return false;
591
594 ACL_NUM(left_acl) * sizeof(AclItem)) == 0)
595 return true;
596
597 return false;
598}

References ACL_DAT, ACL_NUM, and fb().

Referenced by ExecGrant_Parameter(), get_user_default_acl(), and SetDefaultACL().

◆ aclexplode()

Datum aclexplode ( PG_FUNCTION_ARGS  )

Definition at line 1821 of file acl.c.

1822{
1823 Acl *acl = PG_GETARG_ACL_P(0);
1825 int *idx;
1826 AclItem *aidat;
1827
1828 if (SRF_IS_FIRSTCALL())
1829 {
1830 TupleDesc tupdesc;
1831 MemoryContext oldcontext;
1832
1833 check_acl(acl);
1834
1836 oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
1837
1838 /*
1839 * build tupdesc for result tuples (matches out parameters in pg_proc
1840 * entry)
1841 */
1842 tupdesc = CreateTemplateTupleDesc(4);
1843 TupleDescInitEntry(tupdesc, (AttrNumber) 1, "grantor",
1844 OIDOID, -1, 0);
1845 TupleDescInitEntry(tupdesc, (AttrNumber) 2, "grantee",
1846 OIDOID, -1, 0);
1847 TupleDescInitEntry(tupdesc, (AttrNumber) 3, "privilege_type",
1848 TEXTOID, -1, 0);
1849 TupleDescInitEntry(tupdesc, (AttrNumber) 4, "is_grantable",
1850 BOOLOID, -1, 0);
1851
1852 TupleDescFinalize(tupdesc);
1853 funcctx->tuple_desc = BlessTupleDesc(tupdesc);
1854
1855 /* allocate memory for user context */
1856 idx = palloc_array(int, 2);
1857 idx[0] = 0; /* ACL array item index */
1858 idx[1] = -1; /* privilege type counter */
1859 funcctx->user_fctx = idx;
1860
1861 MemoryContextSwitchTo(oldcontext);
1862 }
1863
1865 idx = (int *) funcctx->user_fctx;
1866 aidat = ACL_DAT(acl);
1867
1868 /* need test here in case acl has no items */
1869 while (idx[0] < ACL_NUM(acl))
1870 {
1871 AclItem *aidata;
1873
1874 idx[1]++;
1875 if (idx[1] == N_ACL_RIGHTS)
1876 {
1877 idx[1] = 0;
1878 idx[0]++;
1879 if (idx[0] >= ACL_NUM(acl)) /* done */
1880 break;
1881 }
1882 aidata = &aidat[idx[0]];
1883 priv_bit = UINT64CONST(1) << idx[1];
1884
1886 {
1887 Datum result;
1888 Datum values[4];
1889 bool nulls[4] = {0};
1890 HeapTuple tuple;
1891
1892 values[0] = ObjectIdGetDatum(aidata->ai_grantor);
1893 values[1] = ObjectIdGetDatum(aidata->ai_grantee);
1896
1897 tuple = heap_form_tuple(funcctx->tuple_desc, values, nulls);
1898 result = HeapTupleGetDatum(tuple);
1899
1901 }
1902 }
1903
1905}
Datum idx(PG_FUNCTION_ARGS)
Definition _int_op.c:263
static const char * convert_aclright_to_string(int aclright)
Definition acl.c:1765
#define ACLITEM_GET_PRIVS(item)
Definition acl.h:66
#define ACLITEM_GET_GOPTIONS(item)
Definition acl.h:67
int16 AttrNumber
Definition attnum.h:21
static Datum values[MAXATTR]
Definition bootstrap.c:190
#define CStringGetTextDatum(s)
Definition builtins.h:98
#define UINT64CONST(x)
Definition c.h:690
uint32 result
TupleDesc BlessTupleDesc(TupleDesc tupdesc)
#define palloc_array(type, count)
Definition fe_memutils.h:91
#define SRF_IS_FIRSTCALL()
Definition funcapi.h:304
#define SRF_PERCALL_SETUP()
Definition funcapi.h:308
#define SRF_RETURN_NEXT(_funcctx, _result)
Definition funcapi.h:310
#define SRF_FIRSTCALL_INIT()
Definition funcapi.h:306
static Datum HeapTupleGetDatum(const HeapTupleData *tuple)
Definition funcapi.h:230
#define SRF_RETURN_DONE(_funcctx)
Definition funcapi.h:328
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
Definition heaptuple.c:1025
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition palloc.h:138
#define N_ACL_RIGHTS
Definition parsenodes.h:91
static Datum BoolGetDatum(bool X)
Definition postgres.h:112
static Datum ObjectIdGetDatum(Oid X)
Definition postgres.h:252
uint64_t Datum
Definition postgres.h:70
TupleDesc CreateTemplateTupleDesc(int natts)
Definition tupdesc.c:165
void TupleDescFinalize(TupleDesc tupdesc)
Definition tupdesc.c:511
void TupleDescInitEntry(TupleDesc desc, AttrNumber attributeNumber, const char *attributeName, Oid oidtypeid, int32 typmod, int attdim)
Definition tupdesc.c:909

References ACL_DAT, ACL_NUM, ACLITEM_GET_GOPTIONS, ACLITEM_GET_PRIVS, BlessTupleDesc(), BoolGetDatum(), check_acl(), convert_aclright_to_string(), CreateTemplateTupleDesc(), CStringGetTextDatum, fb(), heap_form_tuple(), HeapTupleGetDatum(), idx(), MemoryContextSwitchTo(), N_ACL_RIGHTS, ObjectIdGetDatum(), palloc_array, PG_GETARG_ACL_P, result, SRF_FIRSTCALL_INIT, SRF_IS_FIRSTCALL, SRF_PERCALL_SETUP, SRF_RETURN_DONE, SRF_RETURN_NEXT, TupleDescFinalize(), TupleDescInitEntry(), UINT64CONST, and values.

◆ aclinsert()

Datum aclinsert ( PG_FUNCTION_ARGS  )

Definition at line 1623 of file acl.c.

1624{
1625 ereport(ERROR,
1627 errmsg("aclinsert is no longer supported")));
1628
1629 PG_RETURN_NULL(); /* keep compiler quiet */
1630}
int errcode(int sqlerrcode)
Definition elog.c:875
#define ereport(elevel,...)
Definition elog.h:152
#define PG_RETURN_NULL()
Definition fmgr.h:346
static char * errmsg

References ereport, errcode(), errmsg, ERROR, fb(), and PG_RETURN_NULL.

◆ aclitem_eq()

Datum aclitem_eq ( PG_FUNCTION_ARGS  )

Definition at line 772 of file acl.c.

773{
776 bool result;
777
778 result = a1->ai_privs == a2->ai_privs &&
779 a1->ai_grantee == a2->ai_grantee &&
780 a1->ai_grantor == a2->ai_grantor;
782}
static const FormData_pg_attribute a1
Definition heap.c:144
static const FormData_pg_attribute a2
Definition heap.c:157

References a1, a2, PG_GETARG_ACLITEM_P, PG_RETURN_BOOL, and result.

◆ aclitem_match()

static bool aclitem_match ( const AclItem a1,
const AclItem a2 
)
static

Definition at line 737 of file acl.c.

738{
739 return a1->ai_grantee == a2->ai_grantee &&
740 a1->ai_grantor == a2->ai_grantor;
741}

References a1, and a2.

Referenced by aclnewowner(), and aclupdate().

◆ aclitemComparator()

static int aclitemComparator ( const void arg1,
const void arg2 
)
static

Definition at line 748 of file acl.c.

749{
750 const AclItem *a1 = (const AclItem *) arg1;
751 const AclItem *a2 = (const AclItem *) arg2;
752
753 if (a1->ai_grantee > a2->ai_grantee)
754 return 1;
755 if (a1->ai_grantee < a2->ai_grantee)
756 return -1;
757 if (a1->ai_grantor > a2->ai_grantor)
758 return 1;
759 if (a1->ai_grantor < a2->ai_grantor)
760 return -1;
761 if (a1->ai_privs > a2->ai_privs)
762 return 1;
763 if (a1->ai_privs < a2->ai_privs)
764 return -1;
765 return 0;
766}

References a1, a2, and fb().

Referenced by aclitemsort().

◆ aclitemin()

Datum aclitemin ( PG_FUNCTION_ARGS  )

Definition at line 629 of file acl.c.

630{
631 const char *s = PG_GETARG_CSTRING(0);
632 Node *escontext = fcinfo->context;
633 AclItem *aip;
634
636
637 s = aclparse(s, aip, escontext);
638 if (s == NULL)
640
641 while (isspace((unsigned char) *s))
642 ++s;
643 if (*s)
644 ereturn(escontext, (Datum) 0,
646 errmsg("extra garbage at the end of the ACL specification")));
647
649}
static const char * aclparse(const char *s, AclItem *aip, Node *escontext)
Definition acl.c:279
#define PG_RETURN_ACLITEM_P(x)
Definition acl.h:118
#define ereturn(context, dummy_value,...)
Definition elog.h:280
#define palloc_object(type)
Definition fe_memutils.h:89
#define PG_GETARG_CSTRING(n)
Definition fmgr.h:278
Definition nodes.h:133

References aclparse(), ereturn, errcode(), errmsg, fb(), palloc_object, PG_GETARG_CSTRING, PG_RETURN_ACLITEM_P, and PG_RETURN_NULL.

◆ aclitemout()

Datum aclitemout ( PG_FUNCTION_ARGS  )

Definition at line 664 of file acl.c.

665{
667 char *p;
668 char *out;
669 HeapTuple htup;
670 unsigned i;
671
672 out = palloc(strlen("=/") +
673 2 * N_ACL_RIGHTS +
674 2 * (2 * NAMEDATALEN + 2) +
675 1);
676
677 p = out;
678 *p = '\0';
679
680 if (aip->ai_grantee != ACL_ID_PUBLIC)
681 {
683 htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantee));
684 else
685 htup = NULL;
686 if (HeapTupleIsValid(htup))
687 {
689 ReleaseSysCache(htup);
690 }
691 else
692 {
693 /* No such entry, or bootstrap mode: print numeric OID */
694 sprintf(p, "%u", aip->ai_grantee);
695 }
696 }
697 while (*p)
698 ++p;
699
700 *p++ = '=';
701
702 for (i = 0; i < N_ACL_RIGHTS; ++i)
703 {
704 if (ACLITEM_GET_PRIVS(*aip) & (UINT64CONST(1) << i))
705 *p++ = ACL_ALL_RIGHTS_STR[i];
706 if (ACLITEM_GET_GOPTIONS(*aip) & (UINT64CONST(1) << i))
707 *p++ = '*';
708 }
709
710 *p++ = '/';
711 *p = '\0';
712
714 htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantor));
715 else
716 htup = NULL;
717 if (HeapTupleIsValid(htup))
718 {
720 ReleaseSysCache(htup);
721 }
722 else
723 {
724 /* No such entry, or bootstrap mode: print numeric OID */
725 sprintf(p, "%u", aip->ai_grantor);
726 }
727
729}
static void putid(char *p, const char *s)
Definition acl.c:224
#define ACL_ALL_RIGHTS_STR
Definition acl.h:154
#define NameStr(name)
Definition c.h:894
#define PG_RETURN_CSTRING(x)
Definition fmgr.h:364
#define HeapTupleIsValid(tuple)
Definition htup.h:78
static void * GETSTRUCT(const HeapTupleData *tuple)
void * palloc(Size size)
Definition mcxt.c:1390
#define IsBootstrapProcessingMode()
Definition miscadmin.h:486
NameData rolname
Definition pg_authid.h:36
END_CATALOG_STRUCT typedef FormData_pg_authid * Form_pg_authid
Definition pg_authid.h:60
#define NAMEDATALEN
#define sprintf
Definition port.h:263
void ReleaseSysCache(HeapTuple tuple)
Definition syscache.c:265
HeapTuple SearchSysCache1(SysCacheIdentifier cacheId, Datum key1)
Definition syscache.c:221

References ACL_ALL_RIGHTS_STR, ACL_ID_PUBLIC, ACLITEM_GET_GOPTIONS, ACLITEM_GET_PRIVS, fb(), Form_pg_authid, GETSTRUCT(), HeapTupleIsValid, i, IsBootstrapProcessingMode, N_ACL_RIGHTS, NAMEDATALEN, NameStr, ObjectIdGetDatum(), palloc(), PG_GETARG_ACLITEM_P, PG_RETURN_CSTRING, putid(), ReleaseSysCache(), rolname, SearchSysCache1(), sprintf, and UINT64CONST.

◆ aclitemsort()

void aclitemsort ( Acl acl)

Definition at line 559 of file acl.c.

560{
561 if (acl != NULL && ACL_NUM(acl) > 1)
562 qsort(ACL_DAT(acl), ACL_NUM(acl), sizeof(AclItem), aclitemComparator);
563}
static int aclitemComparator(const void *arg1, const void *arg2)
Definition acl.c:748
#define qsort(a, b, c, d)
Definition port.h:496

References ACL_DAT, ACL_NUM, aclitemComparator(), fb(), and qsort.

Referenced by get_user_default_acl(), and SetDefaultACL().

◆ aclmask()

AclMode aclmask ( const Acl acl,
Oid  roleid,
Oid  ownerId,
AclMode  mask,
AclMaskHow  how 
)

Definition at line 1419 of file acl.c.

1421{
1424 AclItem *aidat;
1425 int i,
1426 num;
1427
1428 /*
1429 * Null ACL should not happen, since caller should have inserted
1430 * appropriate default
1431 */
1432 if (acl == NULL)
1433 elog(ERROR, "null ACL");
1434
1435 check_acl(acl);
1436
1437 /* Quick exit for mask == 0 */
1438 if (mask == 0)
1439 return 0;
1440
1441 result = 0;
1442
1443 /* Owner always implicitly has all grant options */
1444 if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1445 has_privs_of_role(roleid, ownerId))
1446 {
1448 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1449 return result;
1450 }
1451
1452 num = ACL_NUM(acl);
1453 aidat = ACL_DAT(acl);
1454
1455 /*
1456 * Check privileges granted directly to roleid or to public
1457 */
1458 for (i = 0; i < num; i++)
1459 {
1460 AclItem *aidata = &aidat[i];
1461
1462 if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1463 aidata->ai_grantee == roleid)
1464 {
1465 result |= aidata->ai_privs & mask;
1466 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1467 return result;
1468 }
1469 }
1470
1471 /*
1472 * Check privileges granted indirectly via role memberships. We do this in
1473 * a separate pass to minimize expensive indirect membership tests. In
1474 * particular, it's worth testing whether a given ACL entry grants any
1475 * privileges still of interest before we perform the has_privs_of_role
1476 * test.
1477 */
1478 remaining = mask & ~result;
1479 for (i = 0; i < num; i++)
1480 {
1481 AclItem *aidata = &aidat[i];
1482
1483 if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1484 aidata->ai_grantee == roleid)
1485 continue; /* already checked it */
1486
1487 if ((aidata->ai_privs & remaining) &&
1488 has_privs_of_role(roleid, aidata->ai_grantee))
1489 {
1490 result |= aidata->ai_privs & mask;
1491 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1492 return result;
1493 remaining = mask & ~result;
1494 }
1495 }
1496
1497 return result;
1498}
bool has_privs_of_role(Oid member, Oid role)
Definition acl.c:5317
#define ACLITEM_ALL_GOPTION_BITS
Definition acl.h:88
@ ACLMASK_ALL
Definition acl.h:177
int remaining
Definition informix.c:692
AclMode ai_privs
Definition acl.h:58

References ACL_DAT, ACL_ID_PUBLIC, ACL_NUM, ACLITEM_ALL_GOPTION_BITS, ACLMASK_ALL, AclItem::ai_privs, check_acl(), elog, ERROR, fb(), has_privs_of_role(), i, remaining, and result.

Referenced by check_circularity(), LockTableAclCheck(), object_aclmask_ext(), pg_attribute_aclcheck_all_ext(), pg_attribute_aclmask_ext(), pg_class_aclmask_ext(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask_ext(), pg_parameter_acl_aclmask(), pg_parameter_aclmask(), pg_type_aclmask_ext(), and recursive_revoke().

◆ aclmask_direct()

static AclMode aclmask_direct ( const Acl acl,
Oid  roleid,
Oid  ownerId,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 1508 of file acl.c.

1510{
1512 AclItem *aidat;
1513 int i,
1514 num;
1515
1516 /*
1517 * Null ACL should not happen, since caller should have inserted
1518 * appropriate default
1519 */
1520 if (acl == NULL)
1521 elog(ERROR, "null ACL");
1522
1523 check_acl(acl);
1524
1525 /* Quick exit for mask == 0 */
1526 if (mask == 0)
1527 return 0;
1528
1529 result = 0;
1530
1531 /* Owner always implicitly has all grant options */
1532 if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1533 roleid == ownerId)
1534 {
1536 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1537 return result;
1538 }
1539
1540 num = ACL_NUM(acl);
1541 aidat = ACL_DAT(acl);
1542
1543 /*
1544 * Check privileges granted directly to roleid (and not to public)
1545 */
1546 for (i = 0; i < num; i++)
1547 {
1548 AclItem *aidata = &aidat[i];
1549
1550 if (aidata->ai_grantee == roleid)
1551 {
1552 result |= aidata->ai_privs & mask;
1553 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1554 return result;
1555 }
1556 }
1557
1558 return result;
1559}

References ACL_DAT, ACL_NUM, ACLITEM_ALL_GOPTION_BITS, ACLMASK_ALL, AclItem::ai_privs, check_acl(), elog, ERROR, fb(), i, and result.

Referenced by select_best_grantor().

◆ aclmembers()

int aclmembers ( const Acl acl,
Oid **  roleids 
)

Definition at line 1571 of file acl.c.

1572{
1573 Oid *list;
1574 const AclItem *acldat;
1575 int i,
1576 j;
1577
1578 if (acl == NULL || ACL_NUM(acl) == 0)
1579 {
1580 *roleids = NULL;
1581 return 0;
1582 }
1583
1584 check_acl(acl);
1585
1586 /* Allocate the worst-case space requirement */
1587 list = palloc(ACL_NUM(acl) * 2 * sizeof(Oid));
1588 acldat = ACL_DAT(acl);
1589
1590 /*
1591 * Walk the ACL collecting mentioned RoleIds.
1592 */
1593 j = 0;
1594 for (i = 0; i < ACL_NUM(acl); i++)
1595 {
1596 const AclItem *ai = &acldat[i];
1597
1598 if (ai->ai_grantee != ACL_ID_PUBLIC)
1599 list[j++] = ai->ai_grantee;
1600 /* grantor is currently never PUBLIC, but let's check anyway */
1601 if (ai->ai_grantor != ACL_ID_PUBLIC)
1602 list[j++] = ai->ai_grantor;
1603 }
1604
1605 /* Sort the array */
1606 qsort(list, j, sizeof(Oid), oid_cmp);
1607
1608 /*
1609 * We could repalloc the array down to minimum size, but it's hardly worth
1610 * it since it's only transient memory.
1611 */
1612 *roleids = list;
1613
1614 /* Remove duplicates from the array */
1615 return qunique(list, j, sizeof(Oid), oid_cmp);
1616}
int j
Definition isn.c:78
int oid_cmp(const void *p1, const void *p2)
Definition oid.c:287
static size_t qunique(void *array, size_t elements, size_t width, int(*compare)(const void *, const void *))
Definition qunique.h:21

References ACL_DAT, ACL_ID_PUBLIC, ACL_NUM, check_acl(), fb(), i, j, oid_cmp(), palloc(), qsort, and qunique().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), recordDependencyOnNewAcl(), recordExtensionInitPrivWorker(), RemoveRoleFromInitPriv(), ReplaceRoleInInitPriv(), and SetDefaultACL().

◆ aclmerge()

Acl * aclmerge ( const Acl left_acl,
const Acl right_acl,
Oid  ownerId 
)

Definition at line 515 of file acl.c.

516{
518 AclItem *aip;
519 int i,
520 num;
521
522 /* Check for cases where one or both are empty/null */
523 if (left_acl == NULL || ACL_NUM(left_acl) == 0)
524 {
525 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
526 return NULL;
527 else
528 return aclcopy(right_acl);
529 }
530 else
531 {
532 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
533 return aclcopy(left_acl);
534 }
535
536 /* Merge them the hard way, one item at a time */
538
540 num = ACL_NUM(right_acl);
541
542 for (i = 0; i < num; i++, aip++)
543 {
544 Acl *tmp_acl;
545
547 ownerId, DROP_RESTRICT);
550 }
551
552 return result_acl;
553}
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
Definition acl.c:1023
Acl * aclcopy(const Acl *orig_acl)
Definition acl.c:471
#define ACL_MODECHG_ADD
Definition acl.h:129
void pfree(void *pointer)
Definition mcxt.c:1619
@ DROP_RESTRICT

References ACL_DAT, ACL_MODECHG_ADD, ACL_NUM, aclcopy(), aclupdate(), DROP_RESTRICT, fb(), i, and pfree().

Referenced by get_user_default_acl().

◆ aclnewowner()

Acl * aclnewowner ( const Acl old_acl,
Oid  oldOwnerId,
Oid  newOwnerId 
)

Definition at line 1150 of file acl.c.

1151{
1152 Acl *new_acl;
1158 bool newpresent = false;
1159 int dst,
1160 src,
1161 targ,
1162 num;
1163
1165
1166 /*
1167 * Make a copy of the given ACL, substituting new owner ID for old
1168 * wherever it appears as either grantor or grantee. Also note if the new
1169 * owner ID is already present.
1170 */
1171 num = ACL_NUM(old_acl);
1173 new_acl = allocacl(num);
1175 memcpy(new_aip, old_aip, num * sizeof(AclItem));
1176 for (dst = 0, dst_aip = new_aip; dst < num; dst++, dst_aip++)
1177 {
1178 if (dst_aip->ai_grantor == oldOwnerId)
1179 dst_aip->ai_grantor = newOwnerId;
1180 else if (dst_aip->ai_grantor == newOwnerId)
1181 newpresent = true;
1182 if (dst_aip->ai_grantee == oldOwnerId)
1183 dst_aip->ai_grantee = newOwnerId;
1184 else if (dst_aip->ai_grantee == newOwnerId)
1185 newpresent = true;
1186 }
1187
1188 /*
1189 * If the old ACL contained any references to the new owner, then we may
1190 * now have generated an ACL containing duplicate entries. Find them and
1191 * merge them so that there are not duplicates. (This is relatively
1192 * expensive since we use a stupid O(N^2) algorithm, but it's unlikely to
1193 * be the normal case.)
1194 *
1195 * To simplify deletion of duplicate entries, we temporarily leave them in
1196 * the array but set their privilege masks to zero; when we reach such an
1197 * entry it's just skipped. (Thus, a side effect of this code will be to
1198 * remove privilege-free entries, should there be any in the input.) dst
1199 * is the next output slot, targ is the currently considered input slot
1200 * (always >= dst), and src scans entries to the right of targ looking for
1201 * duplicates. Once an entry has been emitted to dst it is known
1202 * duplicate-free and need not be considered anymore.
1203 */
1204 if (newpresent)
1205 {
1206 dst = 0;
1207 for (targ = 0, targ_aip = new_aip; targ < num; targ++, targ_aip++)
1208 {
1209 /* ignore if deleted in an earlier pass */
1211 continue;
1212 /* find and merge any duplicates */
1213 for (src = targ + 1, src_aip = targ_aip + 1; src < num;
1214 src++, src_aip++)
1215 {
1217 continue;
1219 {
1223 /* mark the duplicate deleted */
1225 }
1226 }
1227 /* and emit to output */
1228 new_aip[dst] = *targ_aip;
1229 dst++;
1230 }
1231 /* Adjust array size to be 'dst' items */
1232 ARR_DIMS(new_acl)[0] = dst;
1234 }
1235
1236 return new_acl;
1237}
static bool aclitem_match(const AclItem *a1, const AclItem *a2)
Definition acl.c:737
#define ACL_N_SIZE(N)
Definition acl.h:110
#define ACLITEM_SET_RIGHTS(item, rights)
Definition acl.h:79
#define ARR_DIMS(a)
Definition array.h:294
static void SET_VARSIZE(void *PTR, Size len)
Definition varatt.h:432

References ACL_DAT, ACL_N_SIZE, ACL_NO_RIGHTS, ACL_NUM, ACLITEM_GET_RIGHTS, aclitem_match(), ACLITEM_SET_RIGHTS, allocacl(), ARR_DIMS, check_acl(), fb(), memcpy(), and SET_VARSIZE().

Referenced by AlterDatabaseOwner(), AlterForeignDataWrapperOwner_internal(), AlterForeignServerOwner_internal(), AlterObjectOwner_internal(), AlterSchemaOwner_internal(), AlterTypeOwnerInternal(), ATExecChangeOwner(), change_owner_fix_column_acls(), and ReplaceRoleInInitPriv().

◆ aclparse()

static const char * aclparse ( const char s,
AclItem aip,
Node escontext 
)
static

Definition at line 279 of file acl.c.

280{
282 goption,
283 read;
284 char name[NAMEDATALEN];
285 char name2[NAMEDATALEN];
286
287 Assert(s && aip);
288
289 s = getid(s, name, escontext);
290 if (s == NULL)
291 return NULL;
292 if (*s != '=')
293 {
294 /* we just read a keyword, not a name */
295 if (strcmp(name, "group") != 0 && strcmp(name, "user") != 0)
296 ereturn(escontext, NULL,
298 errmsg("unrecognized key word: \"%s\"", name),
299 errhint("ACL key word must be \"group\" or \"user\".")));
300 /* move s to the name beyond the keyword */
301 s = getid(s, name, escontext);
302 if (s == NULL)
303 return NULL;
304 if (name[0] == '\0')
305 ereturn(escontext, NULL,
307 errmsg("missing name"),
308 errhint("A name must follow the \"group\" or \"user\" key word.")));
309 }
310
311 if (*s != '=')
312 ereturn(escontext, NULL,
314 errmsg("missing \"=\" sign")));
315
317
318 for (++s, read = 0; isalpha((unsigned char) *s) || *s == '*'; s++)
319 {
320 switch (*s)
321 {
322 case '*':
323 goption |= read;
324 break;
325 case ACL_INSERT_CHR:
327 break;
328 case ACL_SELECT_CHR:
330 break;
331 case ACL_UPDATE_CHR:
333 break;
334 case ACL_DELETE_CHR:
336 break;
337 case ACL_TRUNCATE_CHR:
339 break;
342 break;
343 case ACL_TRIGGER_CHR:
345 break;
346 case ACL_EXECUTE_CHR:
348 break;
349 case ACL_USAGE_CHR:
350 read = ACL_USAGE;
351 break;
352 case ACL_CREATE_CHR:
354 break;
357 break;
358 case ACL_CONNECT_CHR:
360 break;
361 case ACL_SET_CHR:
362 read = ACL_SET;
363 break;
366 break;
367 case ACL_MAINTAIN_CHR:
369 break;
370 default:
371 ereturn(escontext, NULL,
373 errmsg("invalid mode character: must be one of \"%s\"",
375 }
376
377 privs |= read;
378 }
379
380 if (name[0] == '\0')
381 aip->ai_grantee = ACL_ID_PUBLIC;
382 else
383 {
385 aip->ai_grantee = boot_get_role_oid(name);
386 else
387 aip->ai_grantee = get_role_oid(name, true);
388 if (!OidIsValid(aip->ai_grantee))
389 ereturn(escontext, NULL,
391 errmsg("role \"%s\" does not exist", name)));
392 }
393
394 /*
395 * XXX Allow a degree of backward compatibility by defaulting the grantor
396 * to the superuser. We condone that practice in the catalog .dat files
397 * (i.e., in bootstrap mode) for brevity; otherwise, issue a warning.
398 */
399 if (*s == '/')
400 {
401 s = getid(s + 1, name2, escontext);
402 if (s == NULL)
403 return NULL;
404 if (name2[0] == '\0')
405 ereturn(escontext, NULL,
407 errmsg("a name must follow the \"/\" sign")));
409 aip->ai_grantor = boot_get_role_oid(name2);
410 else
411 aip->ai_grantor = get_role_oid(name2, true);
412 if (!OidIsValid(aip->ai_grantor))
413 ereturn(escontext, NULL,
415 errmsg("role \"%s\" does not exist", name2)));
416 }
417 else
418 {
419 aip->ai_grantor = BOOTSTRAP_SUPERUSERID;
423 errmsg("defaulting grantor to user ID %u",
425 }
426
428
429 return s;
430}
static const char * getid(const char *s, char *n, Node *escontext)
Definition acl.c:171
Oid get_role_oid(const char *rolname, bool missing_ok)
Definition acl.c:5608
#define ACL_CREATE_CHR
Definition acl.h:146
#define ACL_SET_CHR
Definition acl.h:149
#define ACL_REFERENCES_CHR
Definition acl.h:142
#define ACL_TRUNCATE_CHR
Definition acl.h:141
#define ACL_SELECT_CHR
Definition acl.h:138
#define ACL_EXECUTE_CHR
Definition acl.h:144
#define ACL_DELETE_CHR
Definition acl.h:140
#define ACL_INSERT_CHR
Definition acl.h:137
#define ACL_UPDATE_CHR
Definition acl.h:139
#define ACL_ALTER_SYSTEM_CHR
Definition acl.h:150
#define ACL_USAGE_CHR
Definition acl.h:145
#define ACL_CONNECT_CHR
Definition acl.h:148
#define ACL_TRIGGER_CHR
Definition acl.h:143
#define ACL_CREATE_TEMP_CHR
Definition acl.h:147
#define ACL_MAINTAIN_CHR
Definition acl.h:151
Oid boot_get_role_oid(const char *rolname)
Definition bootstrap.c:1094
#define Assert(condition)
Definition c.h:1002
#define OidIsValid(objectId)
Definition c.h:917
int errhint(const char *fmt,...) pg_attribute_printf(1
#define WARNING
Definition elog.h:37
#define read(a, b, c)
Definition win32.h:13
#define ACL_SET
Definition parsenodes.h:88
#define ACL_DELETE
Definition parsenodes.h:79
#define ACL_MAINTAIN
Definition parsenodes.h:90
#define ACL_INSERT
Definition parsenodes.h:76
#define ACL_UPDATE
Definition parsenodes.h:78
#define ACL_ALTER_SYSTEM
Definition parsenodes.h:89
#define ACL_REFERENCES
Definition parsenodes.h:81
#define ACL_SELECT
Definition parsenodes.h:77
#define ACL_TRUNCATE
Definition parsenodes.h:80
#define ACL_CREATE
Definition parsenodes.h:85
#define ACL_TRIGGER
Definition parsenodes.h:82
const char * name

References ACL_ALL_RIGHTS_STR, ACL_ALTER_SYSTEM, ACL_ALTER_SYSTEM_CHR, ACL_CONNECT, ACL_CONNECT_CHR, ACL_CREATE, ACL_CREATE_CHR, ACL_CREATE_TEMP, ACL_CREATE_TEMP_CHR, ACL_DELETE, ACL_DELETE_CHR, ACL_EXECUTE, ACL_EXECUTE_CHR, ACL_ID_PUBLIC, ACL_INSERT, ACL_INSERT_CHR, ACL_MAINTAIN, ACL_MAINTAIN_CHR, ACL_NO_RIGHTS, ACL_REFERENCES, ACL_REFERENCES_CHR, ACL_SELECT, ACL_SELECT_CHR, ACL_SET, ACL_SET_CHR, ACL_TRIGGER, ACL_TRIGGER_CHR, ACL_TRUNCATE, ACL_TRUNCATE_CHR, ACL_UPDATE, ACL_UPDATE_CHR, ACL_USAGE, ACL_USAGE_CHR, ACLITEM_SET_PRIVS_GOPTIONS, Assert, boot_get_role_oid(), ereport, ereturn, errcode(), errhint(), errmsg, fb(), get_role_oid(), getid(), IsBootstrapProcessingMode, name, NAMEDATALEN, OidIsValid, read, and WARNING.

Referenced by aclitemin().

◆ aclremove()

Datum aclremove ( PG_FUNCTION_ARGS  )

Definition at line 1633 of file acl.c.

1634{
1635 ereport(ERROR,
1637 errmsg("aclremove is no longer supported")));
1638
1639 PG_RETURN_NULL(); /* keep compiler quiet */
1640}

References ereport, errcode(), errmsg, ERROR, fb(), and PG_RETURN_NULL.

◆ aclupdate()

Acl * aclupdate ( const Acl old_acl,
const AclItem mod_aip,
int  modechg,
Oid  ownerId,
DropBehavior  behavior 
)

Definition at line 1023 of file acl.c.

1025{
1026 Acl *new_acl = NULL;
1028 *new_aip = NULL;
1031 new_rights,
1033 int dst,
1034 num;
1035
1036 /* Caller probably already checked old_acl, but be safe */
1038
1039 /* If granting grant options, check for circularity */
1040 if (modechg != ACL_MODECHG_DEL &&
1043
1044 num = ACL_NUM(old_acl);
1046
1047 /*
1048 * Search the ACL for an existing entry for this grantee and grantor. If
1049 * one exists, just modify the entry in-place (well, in the same position,
1050 * since we actually return a copy); otherwise, insert the new entry at
1051 * the end.
1052 */
1053
1054 for (dst = 0; dst < num; ++dst)
1055 {
1057 {
1058 /* found a match, so modify existing item */
1059 new_acl = allocacl(num);
1062 break;
1063 }
1064 }
1065
1066 if (dst == num)
1067 {
1068 /* need to append a new item */
1069 new_acl = allocacl(num + 1);
1071 memcpy(new_aip, old_aip, num * sizeof(AclItem));
1072
1073 /* initialize the new entry with no permissions */
1074 new_aip[dst].ai_grantee = mod_aip->ai_grantee;
1075 new_aip[dst].ai_grantor = mod_aip->ai_grantor;
1078 num++; /* set num to the size of new_acl */
1079 }
1080
1083
1084 /* apply the specified permissions change */
1085 switch (modechg)
1086 {
1087 case ACL_MODECHG_ADD:
1090 break;
1091 case ACL_MODECHG_DEL:
1094 break;
1095 case ACL_MODECHG_EQL:
1098 break;
1099 }
1100
1103
1104 /*
1105 * If the adjusted entry has no permissions, delete it from the list.
1106 */
1108 {
1110 new_aip + dst + 1,
1111 (num - dst - 1) * sizeof(AclItem));
1112 /* Adjust array size to be 'num - 1' items */
1113 ARR_DIMS(new_acl)[0] = num - 1;
1114 SET_VARSIZE(new_acl, ACL_N_SIZE(num - 1));
1115 }
1116
1117 /*
1118 * Remove abandoned privileges (cascading revoke). Currently we can only
1119 * handle this when the grantee is not PUBLIC.
1120 */
1121 if ((old_goptions & ~new_goptions) != 0)
1122 {
1123 Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1124 new_acl = recursive_revoke(new_acl, mod_aip->ai_grantee,
1126 ownerId, behavior);
1127 }
1128
1129 return new_acl;
1130}
static Acl * recursive_revoke(Acl *acl, Oid grantee, AclMode revoke_privs, Oid ownerId, DropBehavior behavior)
Definition acl.c:1333
static void check_circularity(const Acl *old_acl, const AclItem *mod_aip, Oid ownerId)
Definition acl.c:1253
#define ACL_SIZE(ACL)
Definition acl.h:111
#define ACL_MODECHG_DEL
Definition acl.h:130
#define ACL_MODECHG_EQL
Definition acl.h:131

References ACL_DAT, ACL_ID_PUBLIC, ACL_MODECHG_ADD, ACL_MODECHG_DEL, ACL_MODECHG_EQL, ACL_N_SIZE, ACL_NO_RIGHTS, ACL_NUM, ACL_SIZE, ACLITEM_GET_GOPTIONS, ACLITEM_GET_RIGHTS, aclitem_match(), ACLITEM_SET_PRIVS_GOPTIONS, ACLITEM_SET_RIGHTS, allocacl(), ARR_DIMS, Assert, check_acl(), check_circularity(), fb(), memcpy(), recursive_revoke(), and SET_VARSIZE().

Referenced by aclmerge(), check_circularity(), merge_acl_with_grant(), and recursive_revoke().

◆ allocacl()

static Acl * allocacl ( int  n)
static

Definition at line 440 of file acl.c.

441{
442 Acl *new_acl;
443 Size size;
444
445 if (n < 0)
446 elog(ERROR, "invalid size: %d", n);
447 size = ACL_N_SIZE(n);
448 new_acl = (Acl *) palloc0(size);
449 SET_VARSIZE(new_acl, size);
450 new_acl->ndim = 1;
451 new_acl->dataoffset = 0; /* we never put in any nulls */
452 new_acl->elemtype = ACLITEMOID;
453 ARR_LBOUND(new_acl)[0] = 1;
454 ARR_DIMS(new_acl)[0] = n;
455 return new_acl;
456}
#define ARR_LBOUND(a)
Definition array.h:296
size_t Size
Definition c.h:748
void * palloc0(Size size)
Definition mcxt.c:1420

References ACL_N_SIZE, ARR_DIMS, ARR_LBOUND, elog, ERROR, fb(), palloc0(), and SET_VARSIZE().

Referenced by aclconcat(), aclcopy(), acldefault(), aclnewowner(), aclupdate(), check_circularity(), and make_empty_acl().

◆ check_acl()

static void check_acl ( const Acl acl)
static

Definition at line 604 of file acl.c.

605{
606 if (ARR_ELEMTYPE(acl) != ACLITEMOID)
609 errmsg("ACL array contains wrong data type")));
610 if (ARR_NDIM(acl) != 1)
613 errmsg("ACL arrays must be one-dimensional")));
614 if (ARR_HASNULL(acl))
617 errmsg("ACL arrays must not contain null values")));
618}
#define ARR_NDIM(a)
Definition array.h:290
#define ARR_ELEMTYPE(a)
Definition array.h:292
#define ARR_HASNULL(a)
Definition array.h:291

References ARR_ELEMTYPE, ARR_HASNULL, ARR_NDIM, ereport, errcode(), errmsg, ERROR, and fb().

Referenced by aclcontains(), aclexplode(), aclmask(), aclmask_direct(), aclmembers(), aclnewowner(), aclupdate(), check_circularity(), and recursive_revoke().

◆ check_can_set_role()

void check_can_set_role ( Oid  member,
Oid  role 
)

Definition at line 5374 of file acl.c.

5375{
5376 if (!member_can_set_role(member, role))
5377 ereport(ERROR,
5379 errmsg("must be able to SET ROLE \"%s\"",
5380 GetUserNameFromId(role, false))));
5381}
bool member_can_set_role(Oid member, Oid role)
Definition acl.c:5351
char * GetUserNameFromId(Oid roleid, bool noerr)
Definition miscinit.c:990

References ereport, errcode(), errmsg, ERROR, fb(), GetUserNameFromId(), and member_can_set_role().

Referenced by AlterDatabaseOwner(), AlterForeignServerOwner_internal(), AlterObjectOwner_internal(), AlterPublicationOwner_internal(), AlterSchemaOwner_internal(), AlterSubscriptionOwner_internal(), AlterTypeOwner(), ATExecChangeOwner(), createdb(), and CreateSchemaCommand().

◆ check_circularity()

static void check_circularity ( const Acl old_acl,
const AclItem mod_aip,
Oid  ownerId 
)
static

Definition at line 1253 of file acl.c.

1255{
1256 Acl *acl;
1257 AclItem *aip;
1258 int i,
1259 num;
1261
1263
1264 /*
1265 * For now, grant options can only be granted to roles, not PUBLIC.
1266 * Otherwise we'd have to work a bit harder here.
1267 */
1268 Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1269
1270 /* The owner always has grant options, no need to check */
1271 if (mod_aip->ai_grantor == ownerId)
1272 return;
1273
1274 /* Make a working copy */
1275 acl = allocacl(ACL_NUM(old_acl));
1277
1278 /* Zap all grant options of target grantee, plus what depends on 'em */
1280 num = ACL_NUM(acl);
1281 aip = ACL_DAT(acl);
1282 for (i = 0; i < num; i++)
1283 {
1284 if (aip[i].ai_grantee == mod_aip->ai_grantee &&
1286 {
1287 Acl *new_acl;
1288
1289 /* We'll actually zap ordinary privs too, but no matter */
1291 ownerId, DROP_CASCADE);
1292
1293 pfree(acl);
1294 acl = new_acl;
1295
1296 goto cc_restart;
1297 }
1298 }
1299
1300 /* Now we can compute grantor's independently-derived privileges */
1301 own_privs = aclmask(acl,
1302 mod_aip->ai_grantor,
1303 ownerId,
1305 ACLMASK_ALL);
1307
1308 if ((ACLITEM_GET_GOPTIONS(*mod_aip) & ~own_privs) != 0)
1309 ereport(ERROR,
1311 errmsg("grant options cannot be granted back to your own grantor")));
1312
1313 pfree(acl);
1314}
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Definition acl.c:1419
#define ACL_OPTION_TO_PRIVS(privs)
Definition acl.h:71
#define ACL_GRANT_OPTION_FOR(privs)
Definition acl.h:70
@ DROP_CASCADE

References ACL_DAT, ACL_GRANT_OPTION_FOR, ACL_ID_PUBLIC, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACL_NUM, ACL_OPTION_TO_PRIVS, ACL_SIZE, ACLITEM_GET_GOPTIONS, aclmask(), ACLMASK_ALL, aclupdate(), allocacl(), Assert, check_acl(), DROP_CASCADE, ereport, errcode(), errmsg, ERROR, fb(), i, memcpy(), and pfree().

Referenced by aclupdate().

◆ check_rolespec_name()

void check_rolespec_name ( const RoleSpec role,
const char detail_msg 
)

Definition at line 5749 of file acl.c.

5750{
5751 if (!role)
5752 return;
5753
5754 if (role->roletype != ROLESPEC_CSTRING)
5755 return;
5756
5757 if (IsReservedName(role->rolename))
5758 {
5759 if (detail_msg)
5760 ereport(ERROR,
5762 errmsg("role name \"%s\" is reserved",
5763 role->rolename),
5765 else
5766 ereport(ERROR,
5768 errmsg("role name \"%s\" is reserved",
5769 role->rolename)));
5770 }
5771}
bool IsReservedName(const char *name)
Definition catalog.c:305
int int errdetail_internal(const char *fmt,...) pg_attribute_printf(1
@ ROLESPEC_CSTRING
Definition parsenodes.h:424
RoleSpecType roletype
Definition parsenodes.h:434
char * rolename
Definition parsenodes.h:435

References ereport, errcode(), errdetail_internal(), errmsg, ERROR, fb(), IsReservedName(), RoleSpec::rolename, ROLESPEC_CSTRING, and RoleSpec::roletype.

Referenced by AlterRole(), and AlterRoleSet().

◆ column_privilege_check()

static int column_privilege_check ( Oid  tableoid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mode 
)
static

Definition at line 2567 of file acl.c.

2569{
2571 bool is_missing = false;
2572
2573 /*
2574 * If convert_column_name failed, we can just return -1 immediately.
2575 */
2577 return -1;
2578
2579 /*
2580 * Check for column-level privileges first. This serves in part as a check
2581 * on whether the column even exists, so we need to do it before checking
2582 * table-level privilege.
2583 */
2584 aclresult = pg_attribute_aclcheck_ext(tableoid, attnum, roleid,
2585 mode, &is_missing);
2586 if (aclresult == ACLCHECK_OK)
2587 return 1;
2588 else if (is_missing)
2589 return -1;
2590
2591 /* Next check if we have the privilege at the table level */
2592 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2593 if (aclresult == ACLCHECK_OK)
2594 return 1;
2595 else if (is_missing)
2596 return -1;
2597 else
2598 return 0;
2599}
AclResult
Definition acl.h:183
@ ACLCHECK_OK
Definition acl.h:184
AclResult pg_class_aclcheck_ext(Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)
Definition aclchk.c:4115
AclResult pg_attribute_aclcheck_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
Definition aclchk.c:3946
#define InvalidAttrNumber
Definition attnum.h:23
int16 attnum
static PgChecksumMode mode

References ACLCHECK_OK, attnum, fb(), InvalidAttrNumber, mode, pg_attribute_aclcheck_ext(), and pg_class_aclcheck_ext().

Referenced by has_column_privilege_id_attnum(), has_column_privilege_id_id_attnum(), has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), and has_column_privilege_name_name_name().

◆ convert_aclright_to_string()

static const char * convert_aclright_to_string ( int  aclright)
static

Definition at line 1765 of file acl.c.

1766{
1767 switch (aclright)
1768 {
1769 case ACL_INSERT:
1770 return "INSERT";
1771 case ACL_SELECT:
1772 return "SELECT";
1773 case ACL_UPDATE:
1774 return "UPDATE";
1775 case ACL_DELETE:
1776 return "DELETE";
1777 case ACL_TRUNCATE:
1778 return "TRUNCATE";
1779 case ACL_REFERENCES:
1780 return "REFERENCES";
1781 case ACL_TRIGGER:
1782 return "TRIGGER";
1783 case ACL_EXECUTE:
1784 return "EXECUTE";
1785 case ACL_USAGE:
1786 return "USAGE";
1787 case ACL_CREATE:
1788 return "CREATE";
1789 case ACL_CREATE_TEMP:
1790 return "TEMPORARY";
1791 case ACL_CONNECT:
1792 return "CONNECT";
1793 case ACL_SET:
1794 return "SET";
1795 case ACL_ALTER_SYSTEM:
1796 return "ALTER SYSTEM";
1797 case ACL_MAINTAIN:
1798 return "MAINTAIN";
1799 default:
1800 elog(ERROR, "unrecognized aclright: %d", aclright);
1801 return NULL;
1802 }
1803}

References ACL_ALTER_SYSTEM, ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_MAINTAIN, ACL_REFERENCES, ACL_SELECT, ACL_SET, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, elog, ERROR, and fb().

Referenced by aclexplode().

◆ convert_any_priv_string()

static AclMode convert_any_priv_string ( text priv_type_text,
const priv_map privileges 
)
static

Definition at line 1717 of file acl.c.

1719{
1720 AclMode result = 0;
1722 char *chunk;
1723 char *next_chunk;
1724
1725 /* We rely on priv_type being a private, modifiable string */
1726 for (chunk = priv_type; chunk; chunk = next_chunk)
1727 {
1728 int chunk_len;
1729 const priv_map *this_priv;
1730
1731 /* Split string at commas */
1732 next_chunk = strchr(chunk, ',');
1733 if (next_chunk)
1734 *next_chunk++ = '\0';
1735
1736 /* Drop leading/trailing whitespace in this chunk */
1737 while (*chunk && isspace((unsigned char) *chunk))
1738 chunk++;
1739 chunk_len = strlen(chunk);
1740 while (chunk_len > 0 && isspace((unsigned char) chunk[chunk_len - 1]))
1741 chunk_len--;
1742 chunk[chunk_len] = '\0';
1743
1744 /* Match to the privileges list */
1745 for (this_priv = privileges; this_priv->name; this_priv++)
1746 {
1747 if (pg_strcasecmp(this_priv->name, chunk) == 0)
1748 {
1749 result |= this_priv->value;
1750 break;
1751 }
1752 }
1753 if (!this_priv->name)
1754 ereport(ERROR,
1756 errmsg("unrecognized privilege type: \"%s\"", chunk)));
1757 }
1758
1760 return result;
1761}
int pg_strcasecmp(const char *s1, const char *s2)
Definition acl.c:57
char * text_to_cstring(const text *t)
Definition varlena.c:217

References ereport, errcode(), errmsg, ERROR, fb(), priv_map::name, pfree(), pg_strcasecmp(), result, and text_to_cstring().

Referenced by convert_column_priv_string(), convert_database_priv_string(), convert_foreign_data_wrapper_priv_string(), convert_function_priv_string(), convert_language_priv_string(), convert_largeobject_priv_string(), convert_parameter_priv_string(), convert_role_priv_string(), convert_schema_priv_string(), convert_sequence_priv_string(), convert_server_priv_string(), convert_table_priv_string(), convert_tablespace_priv_string(), convert_type_priv_string(), and makeaclitem().

◆ convert_column_name()

static AttrNumber convert_column_name ( Oid  tableoid,
text column 
)
static

Definition at line 2927 of file acl.c.

2928{
2929 char *colname;
2932
2933 colname = text_to_cstring(column);
2934
2935 /*
2936 * We don't use get_attnum() here because it will report that dropped
2937 * columns don't exist. We need to treat dropped columns differently from
2938 * nonexistent columns.
2939 */
2941 ObjectIdGetDatum(tableoid),
2942 CStringGetDatum(colname));
2944 {
2946
2948 /* We want to return NULL for dropped columns */
2949 if (attributeForm->attisdropped)
2951 else
2952 attnum = attributeForm->attnum;
2954 }
2955 else
2956 {
2957 char *tablename = get_rel_name(tableoid);
2958
2959 /*
2960 * If the table OID is bogus, or it's just been dropped, we'll get
2961 * NULL back. In such cases we want has_column_privilege to return
2962 * NULL too, so just return InvalidAttrNumber.
2963 */
2964 if (tablename != NULL)
2965 {
2966 /* tableoid exists, colname does not, so throw error */
2967 ereport(ERROR,
2969 errmsg("column \"%s\" of relation \"%s\" does not exist",
2970 colname, tablename)));
2971 }
2972 /* tableoid doesn't exist, so act like attisdropped case */
2974 }
2975
2976 pfree(colname);
2977 return attnum;
2978}
char * get_rel_name(Oid relid)
Definition lsyscache.c:2242
FormData_pg_attribute * Form_pg_attribute
static Datum CStringGetDatum(const char *X)
Definition postgres.h:383
HeapTuple SearchSysCache2(SysCacheIdentifier cacheId, Datum key1, Datum key2)
Definition syscache.c:231

References attnum, CStringGetDatum(), ereport, errcode(), errmsg, ERROR, fb(), get_rel_name(), GETSTRUCT(), HeapTupleIsValid, InvalidAttrNumber, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache2(), and text_to_cstring().

Referenced by has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_name(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), and has_column_privilege_name_name_name().

◆ convert_column_priv_string()

static AclMode convert_column_priv_string ( text priv_type_text)
static

Definition at line 2985 of file acl.c.

2986{
2987 static const priv_map column_priv_map[] = {
2988 {"SELECT", ACL_SELECT},
2989 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2990 {"INSERT", ACL_INSERT},
2991 {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2992 {"UPDATE", ACL_UPDATE},
2993 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2994 {"REFERENCES", ACL_REFERENCES},
2995 {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2996 {NULL, 0}
2997 };
2998
3000}
static AclMode convert_any_priv_string(text *priv_type_text, const priv_map *privileges)
Definition acl.c:1717

References ACL_GRANT_OPTION_FOR, ACL_INSERT, ACL_REFERENCES, ACL_SELECT, ACL_UPDATE, convert_any_priv_string(), and fb().

Referenced by has_any_column_privilege_id(), has_any_column_privilege_id_id(), has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_id(), has_any_column_privilege_name_name(), has_column_privilege_id_attnum(), has_column_privilege_id_id_attnum(), has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), and has_column_privilege_name_name_name().

◆ convert_database_name()

static Oid convert_database_name ( text databasename)
static

Definition at line 3179 of file acl.c.

3180{
3182
3183 return get_database_oid(dbname, false);
3184}
Oid get_database_oid(const char *dbname, bool missing_ok)
char * dbname
Definition streamutil.c:49

References dbname, fb(), get_database_oid(), and text_to_cstring().

Referenced by has_database_privilege_id_name(), has_database_privilege_name(), and has_database_privilege_name_name().

◆ convert_database_priv_string()

static AclMode convert_database_priv_string ( text priv_type_text)
static

Definition at line 3191 of file acl.c.

3192{
3193 static const priv_map database_priv_map[] = {
3194 {"CREATE", ACL_CREATE},
3195 {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
3196 {"TEMPORARY", ACL_CREATE_TEMP},
3197 {"TEMPORARY WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3198 {"TEMP", ACL_CREATE_TEMP},
3199 {"TEMP WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3200 {"CONNECT", ACL_CONNECT},
3201 {"CONNECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CONNECT)},
3202 {NULL, 0}
3203 };
3204
3206}

References ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_GRANT_OPTION_FOR, convert_any_priv_string(), and fb().

Referenced by has_database_privilege_id(), has_database_privilege_id_id(), has_database_privilege_id_name(), has_database_privilege_name(), has_database_privilege_name_id(), and has_database_privilege_name_name().

◆ convert_foreign_data_wrapper_name()

static Oid convert_foreign_data_wrapper_name ( text fdwname)
static

Definition at line 3385 of file acl.c.

3386{
3387 char *fdwstr = text_to_cstring(fdwname);
3388
3389 return get_foreign_data_wrapper_oid(fdwstr, false);
3390}
Oid get_foreign_data_wrapper_oid(const char *fdwname, bool missing_ok)
Definition foreign.c:713

References fb(), get_foreign_data_wrapper_oid(), and text_to_cstring().

Referenced by has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), and has_foreign_data_wrapper_privilege_name_name().

◆ convert_foreign_data_wrapper_priv_string()

◆ convert_function_name()

static Oid convert_function_name ( text functionname)
static

Definition at line 3585 of file acl.c.

3586{
3588 Oid oid;
3589
3592
3593 if (!OidIsValid(oid))
3594 ereport(ERROR,
3596 errmsg("function \"%s\" does not exist", funcname)));
3597
3598 return oid;
3599}
#define DirectFunctionCall1(func, arg1)
Definition fmgr.h:688
#define funcname
static Oid DatumGetObjectId(Datum X)
Definition postgres.h:242
Datum regprocedurein(PG_FUNCTION_ARGS)
Definition regproc.c:229

References CStringGetDatum(), DatumGetObjectId(), DirectFunctionCall1, ereport, errcode(), errmsg, ERROR, fb(), funcname, OidIsValid, regprocedurein(), and text_to_cstring().

Referenced by has_function_privilege_id_name(), has_function_privilege_name(), and has_function_privilege_name_name().

◆ convert_function_priv_string()

static AclMode convert_function_priv_string ( text priv_type_text)
static

◆ convert_language_name()

static Oid convert_language_name ( text languagename)
static

Definition at line 3794 of file acl.c.

3795{
3796 char *langname = text_to_cstring(languagename);
3797
3798 return get_language_oid(langname, false);
3799}
Oid get_language_oid(const char *langname, bool missing_ok)
Definition proclang.c:227

References fb(), get_language_oid(), and text_to_cstring().

Referenced by has_language_privilege_id_name(), has_language_privilege_name(), and has_language_privilege_name_name().

◆ convert_language_priv_string()

static AclMode convert_language_priv_string ( text priv_type_text)
static

◆ convert_largeobject_priv_string()

static AclMode convert_largeobject_priv_string ( text priv_type_text)
static

Definition at line 4841 of file acl.c.

4842{
4843 static const priv_map largeobject_priv_map[] = {
4844 {"SELECT", ACL_SELECT},
4845 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
4846 {"UPDATE", ACL_UPDATE},
4847 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
4848 {NULL, 0}
4849 };
4850
4852}

References ACL_GRANT_OPTION_FOR, ACL_SELECT, ACL_UPDATE, convert_any_priv_string(), and fb().

Referenced by has_largeobject_privilege_id(), has_largeobject_privilege_id_id(), and has_largeobject_privilege_name_id().

◆ convert_parameter_priv_string()

static AclMode convert_parameter_priv_string ( text priv_text)
static

Definition at line 4705 of file acl.c.

4706{
4707 static const priv_map parameter_priv_map[] = {
4708 {"SET", ACL_SET},
4709 {"SET WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SET)},
4710 {"ALTER SYSTEM", ACL_ALTER_SYSTEM},
4711 {"ALTER SYSTEM WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_ALTER_SYSTEM)},
4712 {NULL, 0}
4713 };
4714
4716}

References ACL_ALTER_SYSTEM, ACL_GRANT_OPTION_FOR, ACL_SET, convert_any_priv_string(), and fb().

Referenced by has_parameter_privilege_id_name(), has_parameter_privilege_name(), and has_parameter_privilege_name_name().

◆ convert_role_priv_string()

static AclMode convert_role_priv_string ( text priv_type_text)
static

Definition at line 5019 of file acl.c.

5020{
5021 static const priv_map role_priv_map[] = {
5022 {"USAGE", ACL_USAGE},
5023 {"MEMBER", ACL_CREATE},
5024 {"SET", ACL_SET},
5025 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
5026 {"USAGE WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
5027 {"MEMBER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
5028 {"MEMBER WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
5029 {"SET WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
5030 {"SET WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
5031 {NULL, 0}
5032 };
5033
5035}

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_SET, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by pg_has_role_id(), pg_has_role_id_id(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), and pg_has_role_name_name().

◆ convert_schema_name()

static Oid convert_schema_name ( text schemaname)
static

Definition at line 3994 of file acl.c.

3995{
3996 char *nspname = text_to_cstring(schemaname);
3997
3998 return get_namespace_oid(nspname, false);
3999}
Oid get_namespace_oid(const char *nspname, bool missing_ok)
Definition namespace.c:3607

References get_namespace_oid(), and text_to_cstring().

Referenced by has_schema_privilege_id_name(), has_schema_privilege_name(), and has_schema_privilege_name_name().

◆ convert_schema_priv_string()

static AclMode convert_schema_priv_string ( text priv_type_text)
static

Definition at line 4006 of file acl.c.

4007{
4008 static const priv_map schema_priv_map[] = {
4009 {"CREATE", ACL_CREATE},
4010 {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4011 {"USAGE", ACL_USAGE},
4012 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
4013 {NULL, 0}
4014 };
4015
4017}

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_schema_privilege_id(), has_schema_privilege_id_id(), has_schema_privilege_id_name(), has_schema_privilege_name(), has_schema_privilege_name_id(), and has_schema_privilege_name_name().

◆ convert_sequence_priv_string()

static AclMode convert_sequence_priv_string ( text priv_type_text)
static

Definition at line 2330 of file acl.c.

2331{
2332 static const priv_map sequence_priv_map[] = {
2333 {"USAGE", ACL_USAGE},
2334 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
2335 {"SELECT", ACL_SELECT},
2336 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2337 {"UPDATE", ACL_UPDATE},
2338 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2339 {NULL, 0}
2340 };
2341
2343}

References ACL_GRANT_OPTION_FOR, ACL_SELECT, ACL_UPDATE, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_sequence_privilege_id(), has_sequence_privilege_id_id(), has_sequence_privilege_id_name(), has_sequence_privilege_name(), has_sequence_privilege_name_id(), and has_sequence_privilege_name_name().

◆ convert_server_name()

static Oid convert_server_name ( text servername)
static

Definition at line 4196 of file acl.c.

4197{
4198 char *serverstr = text_to_cstring(servername);
4199
4200 return get_foreign_server_oid(serverstr, false);
4201}
Oid get_foreign_server_oid(const char *servername, bool missing_ok)
Definition foreign.c:736

References fb(), get_foreign_server_oid(), and text_to_cstring().

Referenced by has_server_privilege_id_name(), has_server_privilege_name(), and has_server_privilege_name_name().

◆ convert_server_priv_string()

static AclMode convert_server_priv_string ( text priv_type_text)
static

◆ convert_table_name()

◆ convert_table_priv_string()

static AclMode convert_table_priv_string ( text priv_type_text)
static

Definition at line 2095 of file acl.c.

2096{
2097 static const priv_map table_priv_map[] = {
2098 {"SELECT", ACL_SELECT},
2099 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2100 {"INSERT", ACL_INSERT},
2101 {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2102 {"UPDATE", ACL_UPDATE},
2103 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2104 {"DELETE", ACL_DELETE},
2105 {"DELETE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_DELETE)},
2106 {"TRUNCATE", ACL_TRUNCATE},
2107 {"TRUNCATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRUNCATE)},
2108 {"REFERENCES", ACL_REFERENCES},
2109 {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2110 {"TRIGGER", ACL_TRIGGER},
2111 {"TRIGGER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRIGGER)},
2112 {"MAINTAIN", ACL_MAINTAIN},
2113 {"MAINTAIN WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_MAINTAIN)},
2114 {NULL, 0}
2115 };
2116
2118}

References ACL_DELETE, ACL_GRANT_OPTION_FOR, ACL_INSERT, ACL_MAINTAIN, ACL_REFERENCES, ACL_SELECT, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, convert_any_priv_string(), and fb().

Referenced by has_table_privilege_id(), has_table_privilege_id_id(), has_table_privilege_id_name(), has_table_privilege_name(), has_table_privilege_name_id(), and has_table_privilege_name_name().

◆ convert_tablespace_name()

static Oid convert_tablespace_name ( text tablespacename)
static

Definition at line 4396 of file acl.c.

4397{
4398 char *spcname = text_to_cstring(tablespacename);
4399
4400 return get_tablespace_oid(spcname, false);
4401}
Oid get_tablespace_oid(const char *tablespacename, bool missing_ok)

References fb(), get_tablespace_oid(), and text_to_cstring().

Referenced by has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), and has_tablespace_privilege_name_name().

◆ convert_tablespace_priv_string()

static AclMode convert_tablespace_priv_string ( text priv_type_text)
static

◆ convert_type_name()

static Oid convert_type_name ( text typename)
static

Definition at line 4595 of file acl.c.

4596{
4597 char *typname = text_to_cstring(typename);
4598 Oid oid;
4599
4602
4603 if (!OidIsValid(oid))
4604 ereport(ERROR,
4606 errmsg("type \"%s\" does not exist", typname)));
4607
4608 return oid;
4609}
NameData typname
Definition pg_type.h:43
Datum regtypein(PG_FUNCTION_ARGS)
Definition regproc.c:1184

References CStringGetDatum(), DatumGetObjectId(), DirectFunctionCall1, ereport, errcode(), errmsg, ERROR, fb(), OidIsValid, regtypein(), text_to_cstring(), and typname.

Referenced by has_type_privilege_id_name(), has_type_privilege_name(), and has_type_privilege_name_name().

◆ convert_type_priv_string()

static AclMode convert_type_priv_string ( text priv_type_text)
static

◆ get_role_oid()

Oid get_role_oid ( const char rolname,
bool  missing_ok 
)

◆ get_role_oid_or_public()

◆ get_rolespec_name()

char * get_rolespec_name ( const RoleSpec role)

Definition at line 5727 of file acl.c.

5728{
5729 HeapTuple tp;
5731 char *rolename;
5732
5733 tp = get_rolespec_tuple(role);
5735 rolename = pstrdup(NameStr(authForm->rolname));
5736 ReleaseSysCache(tp);
5737
5738 return rolename;
5739}
HeapTuple get_rolespec_tuple(const RoleSpec *role)
Definition acl.c:5681
char * pstrdup(const char *in)
Definition mcxt.c:1910

References fb(), Form_pg_authid, get_rolespec_tuple(), GETSTRUCT(), NameStr, pstrdup(), and ReleaseSysCache().

Referenced by AddRoleMems(), and DelRoleMems().

◆ get_rolespec_oid()

Oid get_rolespec_oid ( const RoleSpec role,
bool  missing_ok 
)

Definition at line 5642 of file acl.c.

5643{
5644 Oid oid;
5645
5646 switch (role->roletype)
5647 {
5648 case ROLESPEC_CSTRING:
5649 Assert(role->rolename);
5650 oid = get_role_oid(role->rolename, missing_ok);
5651 break;
5652
5655 oid = GetUserId();
5656 break;
5657
5659 oid = GetSessionUserId();
5660 break;
5661
5662 case ROLESPEC_PUBLIC:
5663 ereport(ERROR,
5665 errmsg("role \"%s\" does not exist", "public")));
5666 oid = InvalidOid; /* make compiler happy */
5667 break;
5668
5669 default:
5670 elog(ERROR, "unexpected role type %d", role->roletype);
5671 }
5672
5673 return oid;
5674}
Oid GetUserId(void)
Definition miscinit.c:470
Oid GetSessionUserId(void)
Definition miscinit.c:509
@ ROLESPEC_CURRENT_USER
Definition parsenodes.h:426
@ ROLESPEC_SESSION_USER
Definition parsenodes.h:427
@ ROLESPEC_CURRENT_ROLE
Definition parsenodes.h:425
@ ROLESPEC_PUBLIC
Definition parsenodes.h:428
#define InvalidOid

References Assert, elog, ereport, errcode(), errmsg, ERROR, fb(), get_role_oid(), GetSessionUserId(), GetUserId(), InvalidOid, RoleSpec::rolename, ROLESPEC_CSTRING, ROLESPEC_CURRENT_ROLE, ROLESPEC_CURRENT_USER, ROLESPEC_PUBLIC, ROLESPEC_SESSION_USER, and RoleSpec::roletype.

Referenced by AlterUserMapping(), ATExecCmd(), CreateSchemaCommand(), CreateTableSpace(), CreateUserMapping(), ExecAlterDefaultPrivilegesStmt(), ExecAlterOwnerStmt(), ExecuteGrantStmt(), GrantRole(), policy_role_list_to_array(), ReassignOwnedObjects(), RemoveUserMapping(), roleSpecsToIds(), and select_best_grantor().

◆ get_rolespec_tuple()

HeapTuple get_rolespec_tuple ( const RoleSpec role)

Definition at line 5681 of file acl.c.

5682{
5683 HeapTuple tuple;
5684
5685 switch (role->roletype)
5686 {
5687 case ROLESPEC_CSTRING:
5688 Assert(role->rolename);
5690 if (!HeapTupleIsValid(tuple))
5691 ereport(ERROR,
5693 errmsg("role \"%s\" does not exist", role->rolename)));
5694 break;
5695
5699 if (!HeapTupleIsValid(tuple))
5700 elog(ERROR, "cache lookup failed for role %u", GetUserId());
5701 break;
5702
5705 if (!HeapTupleIsValid(tuple))
5706 elog(ERROR, "cache lookup failed for role %u", GetSessionUserId());
5707 break;
5708
5709 case ROLESPEC_PUBLIC:
5710 ereport(ERROR,
5712 errmsg("role \"%s\" does not exist", "public")));
5713 tuple = NULL; /* make compiler happy */
5714 break;
5715
5716 default:
5717 elog(ERROR, "unexpected role type %d", role->roletype);
5718 }
5719
5720 return tuple;
5721}

References Assert, CStringGetDatum(), elog, ereport, errcode(), errmsg, ERROR, fb(), GetSessionUserId(), GetUserId(), HeapTupleIsValid, ObjectIdGetDatum(), RoleSpec::rolename, ROLESPEC_CSTRING, ROLESPEC_CURRENT_ROLE, ROLESPEC_CURRENT_USER, ROLESPEC_PUBLIC, ROLESPEC_SESSION_USER, RoleSpec::roletype, and SearchSysCache1().

Referenced by AlterRole(), AlterRoleSet(), CreateRole(), and get_rolespec_name().

◆ getid()

static const char * getid ( const char s,
char n,
Node escontext 
)
static

Definition at line 171 of file acl.c.

172{
173 int len = 0;
174 bool in_quotes = false;
175
176 Assert(s && n);
177
178 while (isspace((unsigned char) *s))
179 s++;
180 for (;
181 *s != '\0' &&
182 (in_quotes || *s == '"' || is_safe_acl_char(*s, true));
183 s++)
184 {
185 if (*s == '"')
186 {
187 if (!in_quotes)
188 {
189 in_quotes = true;
190 continue;
191 }
192 /* safe to look at next char (could be '\0' though) */
193 if (*(s + 1) != '"')
194 {
195 in_quotes = false;
196 continue;
197 }
198 /* it's an escaped double quote; skip the escaping char */
199 s++;
200 }
201
202 /* Add the character to the string */
203 if (len >= NAMEDATALEN - 1)
204 ereturn(escontext, NULL,
206 errmsg("identifier too long"),
207 errdetail("Identifier must be less than %d characters.",
208 NAMEDATALEN)));
209
210 n[len++] = *s;
211 }
212 n[len] = '\0';
213 while (isspace((unsigned char) *s))
214 s++;
215 return s;
216}
static bool is_safe_acl_char(unsigned char c, bool is_getid)
Definition acl.c:148
int errdetail(const char *fmt,...) pg_attribute_printf(1
const void size_t len

References Assert, ereturn, errcode(), errdetail(), errmsg, fb(), is_safe_acl_char(), len, and NAMEDATALEN.

Referenced by aclparse().

◆ has_any_column_privilege_id()

Datum has_any_column_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 2456 of file acl.c.

2457{
2458 Oid tableoid = PG_GETARG_OID(0);
2460 Oid roleid;
2461 AclMode mode;
2463 bool is_missing = false;
2464
2465 roleid = GetUserId();
2467
2468 /* First check at table level, then examine each column if needed */
2469 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2470 if (aclresult != ACLCHECK_OK)
2471 {
2472 if (is_missing)
2474 aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
2476 if (is_missing)
2478 }
2479
2481}
static AclMode convert_column_priv_string(text *priv_type_text)
Definition acl.c:2985
@ ACLMASK_ANY
Definition acl.h:178
AclResult pg_attribute_aclcheck_all_ext(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)
Definition aclchk.c:3987
#define PG_GETARG_TEXT_PP(n)
Definition fmgr.h:310
Definition c.h:835

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), fb(), GetUserId(), mode, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_any_column_privilege_id_id()

Datum has_any_column_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 2516 of file acl.c.

2517{
2518 Oid roleid = PG_GETARG_OID(0);
2519 Oid tableoid = PG_GETARG_OID(1);
2521 AclMode mode;
2523 bool is_missing = false;
2524
2526
2527 /* First check at table level, then examine each column if needed */
2528 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2529 if (aclresult != ACLCHECK_OK)
2530 {
2531 if (is_missing)
2533 aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
2535 if (is_missing)
2537 }
2538
2540}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), fb(), mode, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_any_column_privilege_id_name()

Datum has_any_column_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2489 of file acl.c.

2490{
2491 Oid roleid = PG_GETARG_OID(0);
2492 text *tablename = PG_GETARG_TEXT_PP(1);
2494 Oid tableoid;
2495 AclMode mode;
2497
2498 tableoid = convert_table_name(tablename);
2500
2501 /* First check at table level, then examine each column if needed */
2502 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2503 if (aclresult != ACLCHECK_OK)
2504 aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2505 ACLMASK_ANY);
2506
2508}
static Oid convert_table_name(text *tablename)
Definition acl.c:2080
AclResult pg_attribute_aclcheck_all(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
Definition aclchk.c:3976
AclResult pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode)
Definition aclchk.c:4105

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), fb(), mode, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_any_column_privilege_name()

Datum has_any_column_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 2393 of file acl.c.

2394{
2395 text *tablename = PG_GETARG_TEXT_PP(0);
2397 Oid roleid;
2398 Oid tableoid;
2399 AclMode mode;
2401
2402 roleid = GetUserId();
2403 tableoid = convert_table_name(tablename);
2405
2406 /* First check at table level, then examine each column if needed */
2407 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2408 if (aclresult != ACLCHECK_OK)
2409 aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2410 ACLMASK_ANY);
2411
2413}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), fb(), GetUserId(), mode, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_any_column_privilege_name_id()

Datum has_any_column_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 2421 of file acl.c.

2422{
2424 Oid tableoid = PG_GETARG_OID(1);
2426 Oid roleid;
2427 AclMode mode;
2429 bool is_missing = false;
2430
2433
2434 /* First check at table level, then examine each column if needed */
2435 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2436 if (aclresult != ACLCHECK_OK)
2437 {
2438 if (is_missing)
2440 aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
2442 if (is_missing)
2444 }
2445
2447}
Oid get_role_oid_or_public(const char *rolname)
Definition acl.c:5626
#define PG_GETARG_NAME(n)
Definition fmgr.h:279
static char * username
Definition initdb.c:153
Definition c.h:889

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_any_column_privilege_name_name()

Datum has_any_column_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2363 of file acl.c.

2364{
2365 Name rolename = PG_GETARG_NAME(0);
2366 text *tablename = PG_GETARG_TEXT_PP(1);
2368 Oid roleid;
2369 Oid tableoid;
2370 AclMode mode;
2372
2373 roleid = get_role_oid_or_public(NameStr(*rolename));
2374 tableoid = convert_table_name(tablename);
2376
2377 /* First check at table level, then examine each column if needed */
2378 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2379 if (aclresult != ACLCHECK_OK)
2380 aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2381 ACLMASK_ANY);
2382
2384}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), fb(), get_role_oid_or_public(), mode, NameStr, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_column_privilege_id_attnum()

Datum has_column_privilege_id_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2899 of file acl.c.

2900{
2901 Oid tableoid = PG_GETARG_OID(0);
2904 Oid roleid;
2905 AclMode mode;
2906 int privresult;
2907
2908 roleid = GetUserId();
2910
2911 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2912 if (privresult < 0)
2915}
static int column_privilege_check(Oid tableoid, AttrNumber attnum, Oid roleid, AclMode mode)
Definition acl.c:2567
#define PG_GETARG_INT16(n)
Definition fmgr.h:271

References column_privilege_check(), convert_column_priv_string(), fb(), GetUserId(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_id_attnum()

Datum has_column_privilege_id_id_attnum ( PG_FUNCTION_ARGS  )

◆ has_column_privilege_id_id_name()

Datum has_column_privilege_id_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2767 of file acl.c.

2768{
2769 Oid roleid = PG_GETARG_OID(0);
2770 Oid tableoid = PG_GETARG_OID(1);
2774 AclMode mode;
2775 int privresult;
2776
2779
2780 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2781 if (privresult < 0)
2784}
static AttrNumber convert_column_name(Oid tableoid, text *column)
Definition acl.c:2927

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), fb(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name()

Datum has_column_privilege_id_name ( PG_FUNCTION_ARGS  )

◆ has_column_privilege_id_name_attnum()

Datum has_column_privilege_id_name_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2742 of file acl.c.

2743{
2744 Oid roleid = PG_GETARG_OID(0);
2745 text *tablename = PG_GETARG_TEXT_PP(1);
2748 Oid tableoid;
2749 AclMode mode;
2750 int privresult;
2751
2752 tableoid = convert_table_name(tablename);
2754
2755 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2756 if (privresult < 0)
2759}

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), fb(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name_name()

Datum has_column_privilege_id_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2715 of file acl.c.

2716{
2717 Oid roleid = PG_GETARG_OID(0);
2718 text *tablename = PG_GETARG_TEXT_PP(1);
2721 Oid tableoid;
2723 AclMode mode;
2724 int privresult;
2725
2726 tableoid = convert_table_name(tablename);
2729
2730 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2731 if (privresult < 0)
2734}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), fb(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_attnum()

Datum has_column_privilege_name_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2845 of file acl.c.

2846{
2847 text *tablename = PG_GETARG_TEXT_PP(0);
2850 Oid roleid;
2851 Oid tableoid;
2852 AclMode mode;
2853 int privresult;
2854
2855 roleid = GetUserId();
2856 tableoid = convert_table_name(tablename);
2858
2859 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2860 if (privresult < 0)
2863}

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), fb(), GetUserId(), mode, PG_GETARG_INT16, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_id_attnum()

◆ has_column_privilege_name_id_name()

◆ has_column_privilege_name_name()

Datum has_column_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2816 of file acl.c.

2817{
2818 text *tablename = PG_GETARG_TEXT_PP(0);
2821 Oid roleid;
2822 Oid tableoid;
2824 AclMode mode;
2825 int privresult;
2826
2827 roleid = GetUserId();
2828 tableoid = convert_table_name(tablename);
2831
2832 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2833 if (privresult < 0)
2836}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), fb(), GetUserId(), mode, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_name_attnum()

Datum has_column_privilege_name_name_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2636 of file acl.c.

2637{
2638 Name rolename = PG_GETARG_NAME(0);
2639 text *tablename = PG_GETARG_TEXT_PP(1);
2642 Oid roleid;
2643 Oid tableoid;
2644 AclMode mode;
2645 int privresult;
2646
2647 roleid = get_role_oid_or_public(NameStr(*rolename));
2648 tableoid = convert_table_name(tablename);
2650
2651 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2652 if (privresult < 0)
2655}

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), fb(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_INT16, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_name_name()

Datum has_column_privilege_name_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2607 of file acl.c.

2608{
2609 Name rolename = PG_GETARG_NAME(0);
2610 text *tablename = PG_GETARG_TEXT_PP(1);
2613 Oid roleid;
2614 Oid tableoid;
2616 AclMode mode;
2617 int privresult;
2618
2619 roleid = get_role_oid_or_public(NameStr(*rolename));
2620 tableoid = convert_table_name(tablename);
2623
2624 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2625 if (privresult < 0)
2628}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), fb(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id()

Datum has_database_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3099 of file acl.c.

3100{
3103 Oid roleid;
3104 AclMode mode;
3106 bool is_missing = false;
3107
3108 roleid = GetUserId();
3110
3112 roleid, mode,
3113 &is_missing);
3114
3115 if (is_missing)
3117
3119}
static AclMode convert_database_priv_string(text *priv_type_text)
Definition acl.c:3191
AclResult object_aclcheck_ext(Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)
Definition aclchk.c:3912

References ACLCHECK_OK, convert_database_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id_id()

Datum has_database_privilege_id_id ( PG_FUNCTION_ARGS  )

◆ has_database_privilege_id_name()

Datum has_database_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3127 of file acl.c.

3128{
3129 Oid roleid = PG_GETARG_OID(0);
3133 AclMode mode;
3135
3138
3140
3142}
static Oid convert_database_name(text *databasename)
Definition acl.c:3179
AclResult object_aclcheck(Oid classid, Oid objectid, Oid roleid, AclMode mode)
Definition aclchk.c:3902

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_database_privilege_name()

◆ has_database_privilege_name_id()

◆ has_database_privilege_name_name()

◆ has_foreign_data_wrapper_privilege_id()

Datum has_foreign_data_wrapper_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3305 of file acl.c.

3306{
3307 Oid fdwid = PG_GETARG_OID(0);
3309 Oid roleid;
3310 AclMode mode;
3312 bool is_missing = false;
3313
3314 roleid = GetUserId();
3316
3318 roleid, mode,
3319 &is_missing);
3320
3321 if (is_missing)
3323
3325}
static AclMode convert_foreign_data_wrapper_priv_string(text *priv_type_text)
Definition acl.c:3397

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_foreign_data_wrapper_privilege_id_id()

Datum has_foreign_data_wrapper_privilege_id_id ( PG_FUNCTION_ARGS  )

◆ has_foreign_data_wrapper_privilege_id_name()

Datum has_foreign_data_wrapper_privilege_id_name ( PG_FUNCTION_ARGS  )

◆ has_foreign_data_wrapper_privilege_name()

Datum has_foreign_data_wrapper_privilege_name ( PG_FUNCTION_ARGS  )

◆ has_foreign_data_wrapper_privilege_name_id()

◆ has_foreign_data_wrapper_privilege_name_name()

◆ has_function_privilege_id()

Datum has_function_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3505 of file acl.c.

3506{
3509 Oid roleid;
3510 AclMode mode;
3512 bool is_missing = false;
3513
3514 roleid = GetUserId();
3516
3518 roleid, mode,
3519 &is_missing);
3520
3521 if (is_missing)
3523
3525}
static AclMode convert_function_priv_string(text *priv_type_text)
Definition acl.c:3606

References ACLCHECK_OK, convert_function_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_function_privilege_id_id()

◆ has_function_privilege_id_name()

◆ has_function_privilege_name()

◆ has_function_privilege_name_id()

◆ has_function_privilege_name_name()

◆ has_language_privilege_id()

Datum has_language_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3714 of file acl.c.

3715{
3718 Oid roleid;
3719 AclMode mode;
3721 bool is_missing = false;
3722
3723 roleid = GetUserId();
3725
3727 roleid, mode,
3728 &is_missing);
3729
3730 if (is_missing)
3732
3734}
static AclMode convert_language_priv_string(text *priv_type_text)
Definition acl.c:3806

References ACLCHECK_OK, convert_language_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_language_privilege_id_id()

Datum has_language_privilege_id_id ( PG_FUNCTION_ARGS  )

◆ has_language_privilege_id_name()

◆ has_language_privilege_name()

◆ has_language_privilege_name_id()

◆ has_language_privilege_name_name()

◆ has_largeobject_privilege_id()

Datum has_largeobject_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4794 of file acl.c.

4795{
4797 Oid roleid = GetUserId();
4799 AclMode mode;
4800 bool is_missing = false;
4801 bool result;
4802
4805
4806 if (is_missing)
4808
4810}
static AclMode convert_largeobject_priv_string(text *priv_type_text)
Definition acl.c:4841
static bool has_lo_priv_byid(Oid roleid, Oid lobjId, AclMode priv, bool *is_missing)
Definition acl.c:4735

References convert_largeobject_priv_string(), fb(), GetUserId(), has_lo_priv_byid(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and result.

◆ has_largeobject_privilege_id_id()

Datum has_largeobject_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4818 of file acl.c.

4819{
4820 Oid roleid = PG_GETARG_OID(0);
4823 AclMode mode;
4824 bool is_missing = false;
4825 bool result;
4826
4829
4830 if (is_missing)
4832
4834}

References convert_largeobject_priv_string(), fb(), has_lo_priv_byid(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and result.

◆ has_largeobject_privilege_name_id()

◆ has_lo_priv_byid()

static bool has_lo_priv_byid ( Oid  roleid,
Oid  lobjId,
AclMode  priv,
bool is_missing 
)
static

Definition at line 4735 of file acl.c.

4736{
4737 Snapshot snapshot = NULL;
4739
4740 if (priv & ACL_UPDATE)
4741 snapshot = NULL;
4742 else
4743 snapshot = GetActiveSnapshot();
4744
4745 if (!LargeObjectExistsWithSnapshot(lobjId, snapshot))
4746 {
4748 *is_missing = true;
4749 return false;
4750 }
4751
4753 return true;
4754
4756 roleid,
4757 priv,
4758 snapshot);
4759 return aclresult == ACLCHECK_OK;
4760}
AclResult pg_largeobject_aclcheck_snapshot(Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)
Definition aclchk.c:4142
bool lo_compat_privileges
Definition inv_api.c:56
bool LargeObjectExistsWithSnapshot(Oid loid, Snapshot snapshot)
Snapshot GetActiveSnapshot(void)
Definition snapmgr.c:800

References ACL_UPDATE, ACLCHECK_OK, Assert, fb(), GetActiveSnapshot(), LargeObjectExistsWithSnapshot(), lo_compat_privileges, and pg_largeobject_aclcheck_snapshot().

Referenced by has_largeobject_privilege_id(), has_largeobject_privilege_id_id(), and has_largeobject_privilege_name_id().

◆ has_param_priv_byname()

static bool has_param_priv_byname ( Oid  roleid,
const text parameter,
AclMode  priv 
)
static

Definition at line 4644 of file acl.c.

4645{
4647
4648 return pg_parameter_aclcheck(paramstr, roleid, priv) == ACLCHECK_OK;
4649}
AclResult pg_parameter_aclcheck(const char *name, Oid roleid, AclMode mode)
Definition aclchk.c:4130

References ACLCHECK_OK, fb(), pg_parameter_aclcheck(), and text_to_cstring().

Referenced by has_parameter_privilege_id_name(), has_parameter_privilege_name(), and has_parameter_privilege_name_name().

◆ has_parameter_privilege_id_name()

Datum has_parameter_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4687 of file acl.c.

4688{
4689 Oid roleid = PG_GETARG_OID(0);
4692
4694}
static bool has_param_priv_byname(Oid roleid, const text *parameter, AclMode priv)
Definition acl.c:4644
static AclMode convert_parameter_priv_string(text *priv_text)
Definition acl.c:4705

References convert_parameter_priv_string(), fb(), has_param_priv_byname(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_parameter_privilege_name()

◆ has_parameter_privilege_name_name()

◆ has_privs_of_role()

bool has_privs_of_role ( Oid  member,
Oid  role 
)

Definition at line 5317 of file acl.c.

5318{
5319 /* Fast path for simple case */
5320 if (member == role)
5321 return true;
5322
5323 /* Superusers have every privilege, so are part of every role */
5324 if (superuser_arg(member))
5325 return true;
5326
5327 /*
5328 * Find all the roles that member has the privileges of, including
5329 * multi-level recursion, then see if target role is any one of them.
5330 */
5332 InvalidOid, NULL),
5333 role);
5334}
static List * roles_is_member_of(Oid roleid, enum RoleRecurseType type, Oid admin_of, Oid *admin_role)
Definition acl.c:5185
bool list_member_oid(const List *list, Oid datum)
Definition list.c:722
bool superuser_arg(Oid roleid)
Definition superuser.c:57

References fb(), InvalidOid, list_member_oid(), ROLERECURSE_PRIVS, roles_is_member_of(), and superuser_arg().

Referenced by aclmask(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), bbsink_server_new(), calculate_database_size(), calculate_tablespace_size(), check_role_for_policy(), check_role_grantor(), ConfigOptionIsVisible(), convert_and_check_filename(), DoCopy(), DropOwnedObjects(), ExecAlterDefaultPrivilegesStmt(), ExecCheckpoint(), file_fdw_validator(), GetConfigOptionValues(), InitPostgres(), object_ownercheck(), pg_class_aclmask_ext(), pg_get_multixact_stats(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask_ext(), pg_role_aclcheck(), pg_signal_backend(), pg_stat_get_recovery(), pg_stat_get_wal_receiver(), pg_stat_get_wal_senders(), pg_stat_statements_internal(), pgrowlocks(), ReassignOwnedObjects(), ReindexMultipleTables(), select_best_grantor(), shell_check_detail(), and TerminateOtherDBBackends().

◆ has_schema_privilege_id()

Datum has_schema_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3914 of file acl.c.

3915{
3918 Oid roleid;
3919 AclMode mode;
3921 bool is_missing = false;
3922
3923 roleid = GetUserId();
3925
3927 roleid, mode,
3928 &is_missing);
3929
3930 if (is_missing)
3932
3934}
static AclMode convert_schema_priv_string(text *priv_type_text)
Definition acl.c:4006

References ACLCHECK_OK, convert_schema_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_schema_privilege_id_id()

Datum has_schema_privilege_id_id ( PG_FUNCTION_ARGS  )

◆ has_schema_privilege_id_name()

Datum has_schema_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3942 of file acl.c.

3943{
3944 Oid roleid = PG_GETARG_OID(0);
3945 text *schemaname = PG_GETARG_TEXT_PP(1);
3947 Oid schemaoid;
3948 AclMode mode;
3950
3951 schemaoid = convert_schema_name(schemaname);
3953
3955
3957}
static Oid convert_schema_name(text *schemaname)
Definition acl.c:3994

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_schema_privilege_name()

Datum has_schema_privilege_name ( PG_FUNCTION_ARGS  )

◆ has_schema_privilege_name_id()

◆ has_schema_privilege_name_name()

◆ has_sequence_privilege_id()

Datum has_sequence_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 2234 of file acl.c.

2235{
2238 Oid roleid;
2239 AclMode mode;
2241 char relkind;
2242 bool is_missing = false;
2243
2244 roleid = GetUserId();
2246 relkind = get_rel_relkind(sequenceoid);
2247 if (relkind == '\0')
2249 else if (relkind != RELKIND_SEQUENCE)
2250 ereport(ERROR,
2252 errmsg("\"%s\" is not a sequence",
2254
2256
2257 if (is_missing)
2259
2261}
static AclMode convert_sequence_priv_string(text *priv_type_text)
Definition acl.c:2330
char get_rel_relkind(Oid relid)
Definition lsyscache.c:2317

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg, ERROR, fb(), get_rel_name(), get_rel_relkind(), GetUserId(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_sequence_privilege_id_id()

Datum has_sequence_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 2297 of file acl.c.

2298{
2299 Oid roleid = PG_GETARG_OID(0);
2302 AclMode mode;
2304 char relkind;
2305 bool is_missing = false;
2306
2308 relkind = get_rel_relkind(sequenceoid);
2309 if (relkind == '\0')
2311 else if (relkind != RELKIND_SEQUENCE)
2312 ereport(ERROR,
2314 errmsg("\"%s\" is not a sequence",
2316
2318
2319 if (is_missing)
2321
2323}

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg, ERROR, fb(), get_rel_name(), get_rel_relkind(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_sequence_privilege_id_name()

◆ has_sequence_privilege_name()

◆ has_sequence_privilege_name_id()

Datum has_sequence_privilege_name_id ( PG_FUNCTION_ARGS  )

◆ has_sequence_privilege_name_name()

◆ has_server_privilege_id()

Datum has_server_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4116 of file acl.c.

4117{
4118 Oid serverid = PG_GETARG_OID(0);
4120 Oid roleid;
4121 AclMode mode;
4123 bool is_missing = false;
4124
4125 roleid = GetUserId();
4127
4129 roleid, mode,
4130 &is_missing);
4131
4132 if (is_missing)
4134
4136}
static AclMode convert_server_priv_string(text *priv_type_text)
Definition acl.c:4208

References ACLCHECK_OK, convert_server_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_server_privilege_id_id()

Datum has_server_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4167 of file acl.c.

4168{
4169 Oid roleid = PG_GETARG_OID(0);
4170 Oid serverid = PG_GETARG_OID(1);
4172 AclMode mode;
4174 bool is_missing = false;
4175
4177
4179 roleid, mode,
4180 &is_missing);
4181
4182 if (is_missing)
4184
4186}

References ACLCHECK_OK, convert_server_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_server_privilege_id_name()

Datum has_server_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4144 of file acl.c.

4145{
4146 Oid roleid = PG_GETARG_OID(0);
4147 text *servername = PG_GETARG_TEXT_PP(1);
4149 Oid serverid;
4150 AclMode mode;
4152
4153 serverid = convert_server_name(servername);
4155
4157
4159}
static Oid convert_server_name(text *servername)
Definition acl.c:4196

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_server_privilege_name()

Datum has_server_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4062 of file acl.c.

4063{
4064 text *servername = PG_GETARG_TEXT_PP(0);
4066 Oid roleid;
4067 Oid serverid;
4068 AclMode mode;
4070
4071 roleid = GetUserId();
4072 serverid = convert_server_name(servername);
4074
4076
4078}

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_server_privilege_name_id()

◆ has_server_privilege_name_name()

Datum has_server_privilege_name_name ( PG_FUNCTION_ARGS  )

◆ has_table_privilege_id()

Datum has_table_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 2004 of file acl.c.

2005{
2006 Oid tableoid = PG_GETARG_OID(0);
2008 Oid roleid;
2009 AclMode mode;
2011 bool is_missing = false;
2012
2013 roleid = GetUserId();
2015
2016 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2017
2018 if (is_missing)
2020
2022}
static AclMode convert_table_priv_string(text *priv_type_text)
Definition acl.c:2095

References ACLCHECK_OK, convert_table_priv_string(), fb(), GetUserId(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_table_privilege_id_id()

Datum has_table_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 2053 of file acl.c.

2054{
2055 Oid roleid = PG_GETARG_OID(0);
2056 Oid tableoid = PG_GETARG_OID(1);
2058 AclMode mode;
2060 bool is_missing = false;
2061
2063
2064 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2065
2066 if (is_missing)
2068
2070}

References ACLCHECK_OK, convert_table_priv_string(), fb(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_table_privilege_id_name()

Datum has_table_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2030 of file acl.c.

2031{
2032 Oid roleid = PG_GETARG_OID(0);
2033 text *tablename = PG_GETARG_TEXT_PP(1);
2035 Oid tableoid;
2036 AclMode mode;
2038
2039 tableoid = convert_table_name(tablename);
2041
2042 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2043
2045}

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), fb(), mode, pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_table_privilege_name()

Datum has_table_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 1952 of file acl.c.

1953{
1954 text *tablename = PG_GETARG_TEXT_PP(0);
1956 Oid roleid;
1957 Oid tableoid;
1958 AclMode mode;
1960
1961 roleid = GetUserId();
1962 tableoid = convert_table_name(tablename);
1964
1965 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1966
1968}

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), fb(), GetUserId(), mode, pg_class_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_table_privilege_name_id()

◆ has_table_privilege_name_name()

Datum has_table_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 1926 of file acl.c.

1927{
1928 Name rolename = PG_GETARG_NAME(0);
1929 text *tablename = PG_GETARG_TEXT_PP(1);
1931 Oid roleid;
1932 Oid tableoid;
1933 AclMode mode;
1935
1936 roleid = get_role_oid_or_public(NameStr(*rolename));
1937 tableoid = convert_table_name(tablename);
1939
1940 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1941
1943}

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_id()

Datum has_tablespace_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4316 of file acl.c.

4317{
4320 Oid roleid;
4321 AclMode mode;
4323 bool is_missing = false;
4324
4325 roleid = GetUserId();
4327
4329 roleid, mode,
4330 &is_missing);
4331
4332 if (is_missing)
4334
4336}
static AclMode convert_tablespace_priv_string(text *priv_type_text)
Definition acl.c:4408

References ACLCHECK_OK, convert_tablespace_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_tablespace_privilege_id_id()

◆ has_tablespace_privilege_id_name()

Datum has_tablespace_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4344 of file acl.c.

4345{
4346 Oid roleid = PG_GETARG_OID(0);
4347 text *tablespacename = PG_GETARG_TEXT_PP(1);
4350 AclMode mode;
4352
4353 tablespaceoid = convert_tablespace_name(tablespacename);
4355
4357
4359}
static Oid convert_tablespace_name(text *tablespacename)
Definition acl.c:4396

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_name()

◆ has_tablespace_privilege_name_id()

◆ has_tablespace_privilege_name_name()

◆ has_type_privilege_id()

Datum has_type_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4515 of file acl.c.

4516{
4517 Oid typeoid = PG_GETARG_OID(0);
4519 Oid roleid;
4520 AclMode mode;
4522 bool is_missing = false;
4523
4524 roleid = GetUserId();
4526
4528 roleid, mode,
4529 &is_missing);
4530
4531 if (is_missing)
4533
4535}
static AclMode convert_type_priv_string(text *priv_type_text)
Definition acl.c:4616

References ACLCHECK_OK, convert_type_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_type_privilege_id_id()

Datum has_type_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4566 of file acl.c.

4567{
4568 Oid roleid = PG_GETARG_OID(0);
4569 Oid typeoid = PG_GETARG_OID(1);
4571 AclMode mode;
4573 bool is_missing = false;
4574
4576
4578 roleid, mode,
4579 &is_missing);
4580
4581 if (is_missing)
4583
4585}

References ACLCHECK_OK, convert_type_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_type_privilege_id_name()

Datum has_type_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4543 of file acl.c.

4544{
4545 Oid roleid = PG_GETARG_OID(0);
4546 text *typename = PG_GETARG_TEXT_PP(1);
4548 Oid typeoid;
4549 AclMode mode;
4551
4552 typeoid = convert_type_name(typename);
4554
4555 aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
4556
4558}
static Oid convert_type_name(text *typename)
Definition acl.c:4595

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_type_privilege_name()

Datum has_type_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4461 of file acl.c.

4462{
4463 text *typename = PG_GETARG_TEXT_PP(0);
4465 Oid roleid;
4466 Oid typeoid;
4467 AclMode mode;
4469
4470 roleid = GetUserId();
4471 typeoid = convert_type_name(typename);
4473
4474 aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
4475
4477}

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_type_privilege_name_id()

Datum has_type_privilege_name_id ( PG_FUNCTION_ARGS  )

◆ has_type_privilege_name_name()

Datum has_type_privilege_name_name ( PG_FUNCTION_ARGS  )

◆ hash_aclitem()

Datum hash_aclitem ( PG_FUNCTION_ARGS  )

Definition at line 792 of file acl.c.

793{
795
796 /* not very bright, but avoids any issue of padding in struct */
797 PG_RETURN_UINT32((uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor));
798}
uint32_t uint32
Definition c.h:683
#define PG_RETURN_UINT32(x)
Definition fmgr.h:356
int a
Definition isn.c:73

References a, PG_GETARG_ACLITEM_P, and PG_RETURN_UINT32.

◆ hash_aclitem_extended()

Datum hash_aclitem_extended ( PG_FUNCTION_ARGS  )

Definition at line 806 of file acl.c.

807{
809 uint64 seed = PG_GETARG_INT64(1);
810 uint32 sum = (uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor);
811
812 return (seed == 0) ? UInt64GetDatum(sum) : hash_uint32_extended(sum, seed);
813}
uint64_t uint64
Definition c.h:684
#define PG_GETARG_INT64(n)
Definition fmgr.h:284
static Datum hash_uint32_extended(uint32 k, uint64 seed)
Definition hashfn.h:49
static Datum UInt64GetDatum(uint64 X)
Definition postgres.h:446

References a, hash_uint32_extended(), PG_GETARG_ACLITEM_P, PG_GETARG_INT64, and UInt64GetDatum().

◆ initialize_acl()

void initialize_acl ( void  )

Definition at line 5072 of file acl.c.

5073{
5075 {
5079
5080 /*
5081 * In normal mode, set a callback on any syscache invalidation of rows
5082 * of pg_auth_members (for roles_is_member_of()) pg_database (for
5083 * roles_is_member_of())
5084 */
5087 (Datum) 0);
5090 (Datum) 0);
5093 (Datum) 0);
5094 }
5095}
static uint32 cached_db_hash
Definition acl.c:84
static void RoleMembershipCacheCallback(Datum arg, SysCacheIdentifier cacheid, uint32 hashvalue)
Definition acl.c:5102
Oid MyDatabaseId
Definition globals.c:96
void CacheRegisterSyscacheCallback(SysCacheIdentifier cacheid, SyscacheCallbackFunction func, Datum arg)
Definition inval.c:1813
#define GetSysCacheHashValue1(cacheId, key1)
Definition syscache.h:118

References cached_db_hash, CacheRegisterSyscacheCallback(), fb(), GetSysCacheHashValue1, IsBootstrapProcessingMode, MyDatabaseId, ObjectIdGetDatum(), and RoleMembershipCacheCallback().

Referenced by InitPostgres().

◆ is_admin_of_role()

bool is_admin_of_role ( Oid  member,
Oid  role 
)

Definition at line 5447 of file acl.c.

5448{
5450
5451 if (superuser_arg(member))
5452 return true;
5453
5454 /* By policy, a role cannot have WITH ADMIN OPTION on itself. */
5455 if (member == role)
5456 return false;
5457
5459 return OidIsValid(admin_role);
5460}

References fb(), OidIsValid, ROLERECURSE_MEMBERS, roles_is_member_of(), and superuser_arg().

Referenced by AlterRole(), AlterRoleSet(), check_object_ownership(), check_role_membership_authorization(), DropRole(), pg_role_aclcheck(), and RenameRole().

◆ is_member_of_role()

bool is_member_of_role ( Oid  member,
Oid  role 
)

Definition at line 5397 of file acl.c.

5398{
5399 /* Fast path for simple case */
5400 if (member == role)
5401 return true;
5402
5403 /* Superusers have every privilege, so are part of every role */
5404 if (superuser_arg(member))
5405 return true;
5406
5407 /*
5408 * Find all the roles that member is a member of, including multi-level
5409 * recursion, then see if target role is any one of them.
5410 */
5412 InvalidOid, NULL),
5413 role);
5414}

References fb(), InvalidOid, list_member_oid(), ROLERECURSE_MEMBERS, roles_is_member_of(), and superuser_arg().

Referenced by pg_role_aclcheck().

◆ is_member_of_role_nosuper()

bool is_member_of_role_nosuper ( Oid  member,
Oid  role 
)

Definition at line 5425 of file acl.c.

5426{
5427 /* Fast path for simple case */
5428 if (member == role)
5429 return true;
5430
5431 /*
5432 * Find all the roles that member is a member of, including multi-level
5433 * recursion, then see if target role is any one of them.
5434 */
5436 InvalidOid, NULL),
5437 role);
5438}

References fb(), InvalidOid, list_member_oid(), ROLERECURSE_MEMBERS, and roles_is_member_of().

Referenced by AddRoleMems(), and is_member().

◆ is_safe_acl_char()

static bool is_safe_acl_char ( unsigned char  c,
bool  is_getid 
)
inlinestatic

Definition at line 148 of file acl.c.

149{
150 if (IS_HIGHBIT_SET(c))
151 return is_getid;
152 return isalnum(c) || c == '_';
153}
#define IS_HIGHBIT_SET(ch)
Definition c.h:1303
char * c

References fb(), and IS_HIGHBIT_SET.

Referenced by getid(), and putid().

◆ make_empty_acl()

Acl * make_empty_acl ( void  )

Definition at line 462 of file acl.c.

463{
464 return allocacl(0);
465}

References allocacl().

Referenced by SetDefaultACL().

◆ makeaclitem()

Datum makeaclitem ( PG_FUNCTION_ARGS  )

Definition at line 1665 of file acl.c.

1666{
1668 Oid grantor = PG_GETARG_OID(1);
1670 bool goption = PG_GETARG_BOOL(3);
1671 AclItem *result;
1672 AclMode priv;
1673 static const priv_map any_priv_map[] = {
1674 {"SELECT", ACL_SELECT},
1675 {"INSERT", ACL_INSERT},
1676 {"UPDATE", ACL_UPDATE},
1677 {"DELETE", ACL_DELETE},
1678 {"TRUNCATE", ACL_TRUNCATE},
1679 {"REFERENCES", ACL_REFERENCES},
1680 {"TRIGGER", ACL_TRIGGER},
1681 {"EXECUTE", ACL_EXECUTE},
1682 {"USAGE", ACL_USAGE},
1683 {"CREATE", ACL_CREATE},
1684 {"TEMP", ACL_CREATE_TEMP},
1685 {"TEMPORARY", ACL_CREATE_TEMP},
1686 {"CONNECT", ACL_CONNECT},
1687 {"SET", ACL_SET},
1688 {"ALTER SYSTEM", ACL_ALTER_SYSTEM},
1689 {"MAINTAIN", ACL_MAINTAIN},
1690 {NULL, 0}
1691 };
1692
1694
1696
1697 result->ai_grantee = grantee;
1698 result->ai_grantor = grantor;
1699
1701 (goption ? priv : ACL_NO_RIGHTS));
1702
1704}
#define PG_GETARG_BOOL(n)
Definition fmgr.h:274

References ACL_ALTER_SYSTEM, ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_MAINTAIN, ACL_NO_RIGHTS, ACL_REFERENCES, ACL_SELECT, ACL_SET, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, ACLITEM_SET_PRIVS_GOPTIONS, convert_any_priv_string(), fb(), palloc_object, PG_GETARG_BOOL, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_ACLITEM_P, and result.

◆ member_can_set_role()

bool member_can_set_role ( Oid  member,
Oid  role 
)

Definition at line 5351 of file acl.c.

5352{
5353 /* Fast path for simple case */
5354 if (member == role)
5355 return true;
5356
5357 /* Superusers have every privilege, so can always SET ROLE */
5358 if (superuser_arg(member))
5359 return true;
5360
5361 /*
5362 * Find all the roles that member can access via SET ROLE, including
5363 * multi-level recursion, then see if target role is any one of them.
5364 */
5366 InvalidOid, NULL),
5367 role);
5368}

References fb(), InvalidOid, list_member_oid(), ROLERECURSE_SETROLE, roles_is_member_of(), and superuser_arg().

Referenced by check_can_set_role(), check_role(), pg_role_aclcheck(), and SwitchToUntrustedUser().

◆ pg_has_role_id()

Datum pg_has_role_id ( PG_FUNCTION_ARGS  )

Definition at line 4944 of file acl.c.

4945{
4946 Oid roleoid = PG_GETARG_OID(0);
4948 Oid roleid;
4949 AclMode mode;
4951
4952 roleid = GetUserId();
4954
4955 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4956
4958}
static AclMode convert_role_priv_string(text *priv_type_text)
Definition acl.c:5019
static AclResult pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode)
Definition acl.c:5042

References ACLCHECK_OK, convert_role_priv_string(), fb(), GetUserId(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_id_id()

Datum pg_has_role_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4989 of file acl.c.

4990{
4991 Oid roleid = PG_GETARG_OID(0);
4992 Oid roleoid = PG_GETARG_OID(1);
4994 AclMode mode;
4996
4998
4999 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
5000
5002}

References ACLCHECK_OK, convert_role_priv_string(), fb(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_id_name()

Datum pg_has_role_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4966 of file acl.c.

4967{
4968 Oid roleid = PG_GETARG_OID(0);
4969 Name rolename = PG_GETARG_NAME(1);
4971 Oid roleoid;
4972 AclMode mode;
4974
4975 roleoid = get_role_oid(NameStr(*rolename), false);
4977
4978 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4979
4981}

References ACLCHECK_OK, convert_role_priv_string(), fb(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_name()

Datum pg_has_role_name ( PG_FUNCTION_ARGS  )

Definition at line 4896 of file acl.c.

4897{
4898 Name rolename = PG_GETARG_NAME(0);
4900 Oid roleid;
4901 Oid roleoid;
4902 AclMode mode;
4904
4905 roleid = GetUserId();
4906 roleoid = get_role_oid(NameStr(*rolename), false);
4908
4909 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4910
4912}

References ACLCHECK_OK, convert_role_priv_string(), fb(), get_role_oid(), GetUserId(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_name_id()

Datum pg_has_role_name_id ( PG_FUNCTION_ARGS  )

◆ pg_has_role_name_name()

Datum pg_has_role_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4870 of file acl.c.

4871{
4873 Name rolename = PG_GETARG_NAME(1);
4875 Oid roleid;
4876 Oid roleoid;
4877 AclMode mode;
4879
4880 roleid = get_role_oid(NameStr(*username), false);
4881 roleoid = get_role_oid(NameStr(*rolename), false);
4883
4884 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4885
4887}

References ACLCHECK_OK, convert_role_priv_string(), fb(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, pg_role_aclcheck(), and username.

◆ pg_role_aclcheck()

static AclResult pg_role_aclcheck ( Oid  role_oid,
Oid  roleid,
AclMode  mode 
)
static

Definition at line 5042 of file acl.c.

5043{
5045 {
5046 if (is_admin_of_role(roleid, role_oid))
5047 return ACLCHECK_OK;
5048 }
5049 if (mode & ACL_CREATE)
5050 {
5051 if (is_member_of_role(roleid, role_oid))
5052 return ACLCHECK_OK;
5053 }
5054 if (mode & ACL_USAGE)
5055 {
5056 if (has_privs_of_role(roleid, role_oid))
5057 return ACLCHECK_OK;
5058 }
5059 if (mode & ACL_SET)
5060 {
5061 if (member_can_set_role(roleid, role_oid))
5062 return ACLCHECK_OK;
5063 }
5064 return ACLCHECK_NO_PRIV;
5065}
bool is_admin_of_role(Oid member, Oid role)
Definition acl.c:5447
bool is_member_of_role(Oid member, Oid role)
Definition acl.c:5397
@ ACLCHECK_NO_PRIV
Definition acl.h:185

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_SET, ACL_USAGE, ACLCHECK_NO_PRIV, ACLCHECK_OK, fb(), has_privs_of_role(), is_admin_of_role(), is_member_of_role(), member_can_set_role(), and mode.

Referenced by pg_has_role_id(), pg_has_role_id_id(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), and pg_has_role_name_name().

◆ putid()

static void putid ( char p,
const char s 
)
static

Definition at line 224 of file acl.c.

225{
226 const char *src;
227 bool safe = true;
228
229 /* Detect whether we need to use double quotes */
230 for (src = s; *src; src++)
231 {
232 if (!is_safe_acl_char(*src, false))
233 {
234 safe = false;
235 break;
236 }
237 }
238 if (!safe)
239 *p++ = '"';
240 for (src = s; *src; src++)
241 {
242 /* A double quote character in a username is encoded as "" */
243 if (*src == '"')
244 *p++ = '"';
245 *p++ = *src;
246 }
247 if (!safe)
248 *p++ = '"';
249 *p = '\0';
250}

References fb(), and is_safe_acl_char().

Referenced by aclitemout().

◆ recursive_revoke()

static Acl * recursive_revoke ( Acl acl,
Oid  grantee,
AclMode  revoke_privs,
Oid  ownerId,
DropBehavior  behavior 
)
static

Definition at line 1333 of file acl.c.

1338{
1340 AclItem *aip;
1341 int i,
1342 num;
1343
1344 check_acl(acl);
1345
1346 /* The owner can never truly lose grant options, so short-circuit */
1347 if (grantee == ownerId)
1348 return acl;
1349
1350 /* The grantee might still have some grant options via another grantor */
1351 still_has = aclmask(acl, grantee, ownerId,
1353 ACLMASK_ALL);
1356 return acl;
1357
1358restart:
1359 num = ACL_NUM(acl);
1360 aip = ACL_DAT(acl);
1361 for (i = 0; i < num; i++)
1362 {
1363 if (aip[i].ai_grantor == grantee
1364 && (ACLITEM_GET_PRIVS(aip[i]) & revoke_privs) != 0)
1365 {
1367 Acl *new_acl;
1368
1369 if (behavior == DROP_RESTRICT)
1370 ereport(ERROR,
1372 errmsg("dependent privileges exist"),
1373 errhint("Use CASCADE to revoke them too.")));
1374
1375 mod_acl.ai_grantor = grantee;
1376 mod_acl.ai_grantee = aip[i].ai_grantee;
1379 revoke_privs);
1380
1382 ownerId, behavior);
1383
1384 pfree(acl);
1385 acl = new_acl;
1386
1387 goto restart;
1388 }
1389 }
1390
1391 return acl;
1392}

References ACL_DAT, ACL_GRANT_OPTION_FOR, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACL_NUM, ACLITEM_GET_PRIVS, ACLITEM_SET_PRIVS_GOPTIONS, aclmask(), ACLMASK_ALL, aclupdate(), check_acl(), DROP_RESTRICT, ereport, errcode(), errhint(), errmsg, ERROR, fb(), i, and pfree().

Referenced by aclupdate().

◆ RoleMembershipCacheCallback()

static void RoleMembershipCacheCallback ( Datum  arg,
SysCacheIdentifier  cacheid,
uint32  hashvalue 
)
static

Definition at line 5102 of file acl.c.

5104{
5105 if (cacheid == DATABASEOID &&
5106 hashvalue != cached_db_hash &&
5107 hashvalue != 0)
5108 {
5109 return; /* ignore pg_database changes for other DBs */
5110 }
5111
5112 /* Force membership caches to be recomputed on next use */
5116}
static Oid cached_role[]
Definition acl.c:82

References cached_db_hash, cached_role, fb(), InvalidOid, ROLERECURSE_MEMBERS, ROLERECURSE_PRIVS, and ROLERECURSE_SETROLE.

Referenced by initialize_acl().

◆ roles_is_member_of()

static List * roles_is_member_of ( Oid  roleid,
enum RoleRecurseType  type,
Oid  admin_of,
Oid admin_role 
)
static

Definition at line 5185 of file acl.c.

5187{
5188 Oid dba;
5190 ListCell *l;
5193 bloom_filter *bf = NULL;
5194
5196 if (admin_role != NULL)
5198
5199 /* If cache is valid and ADMIN OPTION not sought, just return the list */
5200 if (cached_role[type] == roleid && !OidIsValid(admin_of) &&
5202 return cached_roles[type];
5203
5204 /*
5205 * Role expansion happens in a non-database backend when guc.c checks
5206 * ROLE_PG_READ_ALL_SETTINGS for a physical walsender SHOW command. In
5207 * that case, no role gets pg_database_owner.
5208 */
5210 dba = InvalidOid;
5211 else
5212 {
5214
5216 if (!HeapTupleIsValid(dbtup))
5217 elog(ERROR, "cache lookup failed for database %u", MyDatabaseId);
5220 }
5221
5222 /*
5223 * Find all the roles that roleid is a member of, including multi-level
5224 * recursion. The role itself will always be the first element of the
5225 * resulting list.
5226 *
5227 * Each element of the list is scanned to see if it adds any indirect
5228 * memberships. We can use a single list as both the record of
5229 * already-found memberships and the agenda of roles yet to be scanned.
5230 * This is a bit tricky but works because the foreach() macro doesn't
5231 * fetch the next list element until the bottom of the loop.
5232 */
5233 roles_list = list_make1_oid(roleid);
5234
5235 foreach(l, roles_list)
5236 {
5237 Oid memberid = lfirst_oid(l);
5239 int i;
5240
5241 /* Find roles that memberid is directly a member of */
5244 for (i = 0; i < memlist->n_members; i++)
5245 {
5246 HeapTuple tup = &memlist->members[i]->tuple;
5248 Oid otherid = form->roleid;
5249
5250 /*
5251 * While otherid==InvalidOid shouldn't appear in the catalog, the
5252 * OidIsValid() avoids crashing if that arises.
5253 */
5254 if (otherid == admin_of && form->admin_option &&
5257
5258 /* If we're supposed to ignore non-heritable grants, do so. */
5259 if (type == ROLERECURSE_PRIVS && !form->inherit_option)
5260 continue;
5261
5262 /* If we're supposed to ignore non-SET grants, do so. */
5263 if (type == ROLERECURSE_SETROLE && !form->set_option)
5264 continue;
5265
5266 /*
5267 * Even though there shouldn't be any loops in the membership
5268 * graph, we must test for having already seen this role. It is
5269 * legal for instance to have both A->B and A->C->B.
5270 */
5272 }
5274
5275 /* implement pg_database_owner implicit membership */
5276 if (memberid == dba && OidIsValid(dba))
5279 }
5280
5281 /*
5282 * Free the Bloom filter created by roles_list_append(), if there is one.
5283 */
5284 if (bf)
5285 bloom_free(bf);
5286
5287 /*
5288 * Copy the completed list into TopMemoryContext so it will persist.
5289 */
5294
5295 /*
5296 * Now safe to assign to state variable
5297 */
5298 cached_role[type] = InvalidOid; /* just paranoia */
5301 cached_role[type] = roleid;
5302
5303 /* And now we can return the answer */
5304 return cached_roles[type];
5305}
static List * roles_list_append(List *roles_list, bloom_filter **bf, Oid role)
Definition acl.c:5125
static List * cached_roles[]
Definition acl.c:83
void bloom_free(bloom_filter *filter)
List * list_copy(const List *oldlist)
Definition list.c:1573
void list_free(List *list)
Definition list.c:1546
MemoryContext TopMemoryContext
Definition mcxt.c:167
END_CATALOG_STRUCT typedef FormData_pg_auth_members * Form_pg_auth_members
END_CATALOG_STRUCT typedef FormData_pg_database * Form_pg_database
#define list_make1_oid(x1)
Definition pg_list.h:274
#define lfirst_oid(lc)
Definition pg_list.h:174
Definition pg_list.h:54
#define ReleaseSysCacheList(x)
Definition syscache.h:134
#define SearchSysCacheList1(cacheId, key1)
Definition syscache.h:127
const char * type

References Assert, bloom_free(), cached_role, cached_roles, elog, ERROR, fb(), Form_pg_auth_members, Form_pg_database, GETSTRUCT(), HeapTupleIsValid, i, InvalidOid, lfirst_oid, list_copy(), list_free(), list_make1_oid, MemoryContextSwitchTo(), MyDatabaseId, ObjectIdGetDatum(), OidIsValid, ReleaseSysCache(), ReleaseSysCacheList, ROLERECURSE_PRIVS, ROLERECURSE_SETROLE, roles_list_append(), SearchSysCache1(), SearchSysCacheList1, TopMemoryContext, and type.

Referenced by has_privs_of_role(), is_admin_of_role(), is_member_of_role(), is_member_of_role_nosuper(), member_can_set_role(), select_best_admin(), and select_best_grantor().

◆ roles_list_append()

static List * roles_list_append ( List roles_list,
bloom_filter **  bf,
Oid  role 
)
inlinestatic

Definition at line 5125 of file acl.c.

5126{
5127 unsigned char *roleptr = (unsigned char *) &role;
5128
5129 /*
5130 * If there is a previously-created Bloom filter, use it to try to
5131 * determine whether the role is missing from the list. If it says yes,
5132 * that's a hard fact and we can go ahead and add the role. If it says
5133 * no, that's only probabilistic and we'd better search the list. Without
5134 * a filter, we must always do an ordinary linear search through the
5135 * existing list.
5136 */
5137 if ((*bf && bloom_lacks_element(*bf, roleptr, sizeof(Oid))) ||
5139 {
5140 /*
5141 * If the list is large, we take on the overhead of creating and
5142 * populating a Bloom filter to speed up future calls to this
5143 * function.
5144 */
5145 if (*bf == NULL &&
5147 {
5149 foreach_oid(roleid, roles_list)
5150 bloom_add_element(*bf, (unsigned char *) &roleid, sizeof(Oid));
5151 }
5152
5153 /*
5154 * Finally, add the role to the list and the Bloom filter, if it
5155 * exists.
5156 */
5158 if (*bf)
5159 bloom_add_element(*bf, roleptr, sizeof(Oid));
5160 }
5161
5162 return roles_list;
5163}
#define ROLES_LIST_BLOOM_THRESHOLD
Definition acl.c:92
bloom_filter * bloom_create(int64 total_elems, int bloom_work_mem, uint64 seed)
Definition bloomfilter.c:87
bool bloom_lacks_element(bloom_filter *filter, unsigned char *elem, size_t len)
void bloom_add_element(bloom_filter *filter, unsigned char *elem, size_t len)
int work_mem
Definition globals.c:133
List * lappend_oid(List *list, Oid datum)
Definition list.c:375
static int list_length(const List *l)
Definition pg_list.h:152
#define foreach_oid(var, lst)
Definition pg_list.h:503

References bloom_add_element(), bloom_create(), bloom_lacks_element(), fb(), foreach_oid, lappend_oid(), list_length(), list_member_oid(), ROLES_LIST_BLOOM_THRESHOLD, and work_mem.

Referenced by roles_is_member_of().

◆ select_best_admin()

Oid select_best_admin ( Oid  member,
Oid  role 
)

Definition at line 5472 of file acl.c.

5473{
5475
5476 /* By policy, a role cannot have WITH ADMIN OPTION on itself. */
5477 if (member == role)
5478 return InvalidOid;
5479
5481 return admin_role;
5482}

References fb(), InvalidOid, ROLERECURSE_PRIVS, and roles_is_member_of().

Referenced by check_role_grantor().

◆ select_best_grantor()

void select_best_grantor ( const RoleSpec grantedBy,
AclMode  privileges,
const Acl acl,
Oid  ownerId,
Oid grantorId,
AclMode grantOptions 
)

Definition at line 5511 of file acl.c.

5514{
5515 Oid roleId = GetUserId();
5518 int nrights;
5519 ListCell *l;
5520
5521 /*
5522 * If we have GRANTED BY, resolve it and verify current user is allowed to
5523 * specify that role.
5524 */
5525 if (grantedBy)
5526 {
5527 Oid grantor = get_rolespec_oid(grantedBy, false);
5528
5529 if (!has_privs_of_role(roleId, grantor))
5530 ereport(ERROR,
5532 errmsg("must inherit privileges of role \"%s\"",
5533 GetUserNameFromId(grantor, false))));
5534 /* Use exactly that grantor, whether it has privileges or not */
5535 *grantorId = grantor;
5536 *grantOptions = aclmask_direct(acl, grantor, ownerId,
5538 return;
5539 }
5540
5541 /*
5542 * The object owner is always treated as having all grant options, so if
5543 * roleId is the owner it's easy. Also, if roleId is a superuser it's
5544 * easy: superusers are implicitly members of every role, so they act as
5545 * the object owner.
5546 */
5547 if (roleId == ownerId || superuser_arg(roleId))
5548 {
5549 *grantorId = ownerId;
5551 return;
5552 }
5553
5554 /*
5555 * Otherwise we have to do a careful search to see if roleId has the
5556 * privileges of any suitable role. Note: we can hang onto the result of
5557 * roles_is_member_of() throughout this loop, because aclmask_direct()
5558 * doesn't query any role memberships.
5559 */
5561 InvalidOid, NULL);
5562
5563 /* initialize candidate result as default */
5564 *grantorId = roleId;
5566 nrights = 0;
5567
5568 foreach(l, roles_list)
5569 {
5572
5573 otherprivs = aclmask_direct(acl, otherrole, ownerId,
5576 {
5577 /* Found a suitable grantor */
5580 return;
5581 }
5582
5583 /*
5584 * If it has just some of the needed privileges, remember best
5585 * candidate.
5586 */
5588 {
5590
5591 if (nnewrights > nrights)
5592 {
5596 }
5597 }
5598 }
5599}
static AclMode aclmask_direct(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Definition acl.c:1508
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
Definition acl.c:5642
static int pg_popcount64(uint64 word)

References ACL_GRANT_OPTION_FOR, ACL_NO_RIGHTS, ACLMASK_ALL, aclmask_direct(), ereport, errcode(), errmsg, ERROR, fb(), get_rolespec_oid(), GetUserId(), GetUserNameFromId(), has_privs_of_role(), InvalidOid, lfirst_oid, pg_popcount64(), ROLERECURSE_PRIVS, roles_is_member_of(), and superuser_arg().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), and ExecGrant_Relation().

Variable Documentation

◆ cached_db_hash

uint32 cached_db_hash
static

Definition at line 84 of file acl.c.

Referenced by initialize_acl(), and RoleMembershipCacheCallback().

◆ cached_role

Oid cached_role[] = {InvalidOid, InvalidOid, InvalidOid}
static

Definition at line 82 of file acl.c.

Referenced by RoleMembershipCacheCallback(), and roles_is_member_of().

◆ cached_roles

List* cached_roles[] = {NIL, NIL, NIL}
static

Definition at line 83 of file acl.c.

83{NIL, NIL, NIL};
#define NIL
Definition pg_list.h:68

Referenced by roles_is_member_of().