PostgreSQL Source Code git master
Loading...
Searching...
No Matches
Data Structures | Macros | Enumerations | Functions | Variables
acl.c File Reference
#include "postgres.h"
#include <ctype.h>
#include "access/htup_details.h"
#include "bootstrap/bootstrap.h"
#include "catalog/catalog.h"
#include "catalog/namespace.h"
#include "catalog/pg_auth_members.h"
#include "catalog/pg_authid.h"
#include "catalog/pg_class.h"
#include "catalog/pg_database.h"
#include "catalog/pg_foreign_data_wrapper.h"
#include "catalog/pg_foreign_server.h"
#include "catalog/pg_language.h"
#include "catalog/pg_largeobject.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_proc.h"
#include "catalog/pg_tablespace.h"
#include "catalog/pg_type.h"
#include "commands/proclang.h"
#include "commands/tablespace.h"
#include "common/hashfn.h"
#include "foreign/foreign.h"
#include "funcapi.h"
#include "lib/bloomfilter.h"
#include "lib/qunique.h"
#include "miscadmin.h"
#include "storage/large_object.h"
#include "utils/acl.h"
#include "utils/array.h"
#include "utils/builtins.h"
#include "utils/catcache.h"
#include "utils/inval.h"
#include "utils/lsyscache.h"
#include "utils/memutils.h"
#include "utils/snapmgr.h"
#include "utils/syscache.h"
#include "utils/varlena.h"
Include dependency graph for acl.c:

Go to the source code of this file.

Data Structures

struct  priv_map
 

Macros

#define ROLES_LIST_BLOOM_THRESHOLD   1024
 

Enumerations

enum  RoleRecurseType { ROLERECURSE_MEMBERS = 0 , ROLERECURSE_PRIVS = 1 , ROLERECURSE_SETROLE = 2 }
 

Functions

static const chargetid (const char *s, char *n, Node *escontext)
 
static void putid (char *p, const char *s)
 
static Aclallocacl (int n)
 
static void check_acl (const Acl *acl)
 
static const characlparse (const char *s, AclItem *aip, Node *escontext)
 
static bool aclitem_match (const AclItem *a1, const AclItem *a2)
 
static int aclitemComparator (const void *arg1, const void *arg2)
 
static void check_circularity (const Acl *old_acl, const AclItem *mod_aip, Oid ownerId)
 
static Aclrecursive_revoke (Acl *acl, Oid grantee, AclMode revoke_privs, Oid ownerId, DropBehavior behavior)
 
static AclMode convert_any_priv_string (text *priv_type_text, const priv_map *privileges)
 
static Oid convert_table_name (text *tablename)
 
static AclMode convert_table_priv_string (text *priv_type_text)
 
static AclMode convert_sequence_priv_string (text *priv_type_text)
 
static AttrNumber convert_column_name (Oid tableoid, text *column)
 
static AclMode convert_column_priv_string (text *priv_type_text)
 
static Oid convert_database_name (text *databasename)
 
static AclMode convert_database_priv_string (text *priv_type_text)
 
static Oid convert_foreign_data_wrapper_name (text *fdwname)
 
static AclMode convert_foreign_data_wrapper_priv_string (text *priv_type_text)
 
static Oid convert_function_name (text *functionname)
 
static AclMode convert_function_priv_string (text *priv_type_text)
 
static Oid convert_language_name (text *languagename)
 
static AclMode convert_language_priv_string (text *priv_type_text)
 
static Oid convert_schema_name (text *schemaname)
 
static AclMode convert_schema_priv_string (text *priv_type_text)
 
static Oid convert_server_name (text *servername)
 
static AclMode convert_server_priv_string (text *priv_type_text)
 
static Oid convert_tablespace_name (text *tablespacename)
 
static AclMode convert_tablespace_priv_string (text *priv_type_text)
 
static Oid convert_type_name (text *typename)
 
static AclMode convert_type_priv_string (text *priv_type_text)
 
static AclMode convert_parameter_priv_string (text *priv_text)
 
static AclMode convert_largeobject_priv_string (text *priv_type_text)
 
static AclMode convert_role_priv_string (text *priv_type_text)
 
static AclResult pg_role_aclcheck (Oid role_oid, Oid roleid, AclMode mode)
 
static void RoleMembershipCacheCallback (Datum arg, SysCacheIdentifier cacheid, uint32 hashvalue)
 
static bool is_safe_acl_char (unsigned char c, bool is_getid)
 
Aclmake_empty_acl (void)
 
Aclaclcopy (const Acl *orig_acl)
 
Aclaclconcat (const Acl *left_acl, const Acl *right_acl)
 
Aclaclmerge (const Acl *left_acl, const Acl *right_acl, Oid ownerId)
 
void aclitemsort (Acl *acl)
 
bool aclequal (const Acl *left_acl, const Acl *right_acl)
 
Datum aclitemin (PG_FUNCTION_ARGS)
 
Datum aclitemout (PG_FUNCTION_ARGS)
 
Datum aclitem_eq (PG_FUNCTION_ARGS)
 
Datum hash_aclitem (PG_FUNCTION_ARGS)
 
Datum hash_aclitem_extended (PG_FUNCTION_ARGS)
 
Aclacldefault (ObjectType objtype, Oid ownerId)
 
Datum acldefault_sql (PG_FUNCTION_ARGS)
 
Aclaclupdate (const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
 
Aclaclnewowner (const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)
 
AclMode aclmask (const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
 
static AclMode aclmask_direct (const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
 
int aclmembers (const Acl *acl, Oid **roleids)
 
Datum aclinsert (PG_FUNCTION_ARGS)
 
Datum aclremove (PG_FUNCTION_ARGS)
 
Datum aclcontains (PG_FUNCTION_ARGS)
 
Datum makeaclitem (PG_FUNCTION_ARGS)
 
static const charconvert_aclright_to_string (int aclright)
 
Datum aclexplode (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_id_id (PG_FUNCTION_ARGS)
 
static int column_privilege_check (Oid tableoid, AttrNumber attnum, Oid roleid, AclMode mode)
 
Datum has_column_privilege_name_name_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_name_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_id_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_id_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_name_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_name_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_id_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_id_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_attnum (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_id_id (PG_FUNCTION_ARGS)
 
static bool has_param_priv_byname (Oid roleid, const text *parameter, AclMode priv)
 
Datum has_parameter_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_parameter_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_parameter_privilege_id_name (PG_FUNCTION_ARGS)
 
static bool has_lo_priv_byid (Oid roleid, Oid lobjId, AclMode priv, bool *is_missing)
 
Datum has_largeobject_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_largeobject_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_largeobject_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum pg_has_role_name_name (PG_FUNCTION_ARGS)
 
Datum pg_has_role_name (PG_FUNCTION_ARGS)
 
Datum pg_has_role_name_id (PG_FUNCTION_ARGS)
 
Datum pg_has_role_id (PG_FUNCTION_ARGS)
 
Datum pg_has_role_id_name (PG_FUNCTION_ARGS)
 
Datum pg_has_role_id_id (PG_FUNCTION_ARGS)
 
void initialize_acl (void)
 
static Listroles_list_append (List *roles_list, bloom_filter **bf, Oid role)
 
static Listroles_is_member_of (Oid roleid, enum RoleRecurseType type, Oid admin_of, Oid *admin_role)
 
bool has_privs_of_role (Oid member, Oid role)
 
bool member_can_set_role (Oid member, Oid role)
 
void check_can_set_role (Oid member, Oid role)
 
bool is_member_of_role (Oid member, Oid role)
 
bool is_member_of_role_nosuper (Oid member, Oid role)
 
bool is_admin_of_role (Oid member, Oid role)
 
Oid select_best_admin (Oid member, Oid role)
 
void select_best_grantor (Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
 
Oid get_role_oid (const char *rolname, bool missing_ok)
 
Oid get_role_oid_or_public (const char *rolname)
 
Oid get_rolespec_oid (const RoleSpec *role, bool missing_ok)
 
HeapTuple get_rolespec_tuple (const RoleSpec *role)
 
charget_rolespec_name (const RoleSpec *role)
 
void check_rolespec_name (const RoleSpec *role, const char *detail_msg)
 

Variables

static Oid cached_role [] = {InvalidOid, InvalidOid, InvalidOid}
 
static Listcached_roles [] = {NIL, NIL, NIL}
 
static uint32 cached_db_hash
 

Macro Definition Documentation

◆ ROLES_LIST_BLOOM_THRESHOLD

#define ROLES_LIST_BLOOM_THRESHOLD   1024

Definition at line 91 of file acl.c.

Enumeration Type Documentation

◆ RoleRecurseType

enum RoleRecurseType
Enumerator
ROLERECURSE_MEMBERS 
ROLERECURSE_PRIVS 
ROLERECURSE_SETROLE 

Definition at line 75 of file acl.c.

76{
77 ROLERECURSE_MEMBERS = 0, /* recurse unconditionally */
78 ROLERECURSE_PRIVS = 1, /* recurse through inheritable grants */
79 ROLERECURSE_SETROLE = 2 /* recurse through grants with set_option */
80};
ROLERECURSE_PRIVS
@ ROLERECURSE_PRIVS
Definition acl.c:78
ROLERECURSE_MEMBERS
@ ROLERECURSE_MEMBERS
Definition acl.c:77
ROLERECURSE_SETROLE
@ ROLERECURSE_SETROLE
Definition acl.c:79

Function Documentation

◆ aclconcat()

Acl * aclconcat ( const Acl left_acl,
const Acl right_acl 
)

Definition at line 490 of file acl.c.

491{
492 Acl *result_acl;
493
494 result_acl = allocacl(ACL_NUM(left_acl) + ACL_NUM(right_acl));
495
496 memcpy(ACL_DAT(result_acl),
497 ACL_DAT(left_acl),
498 ACL_NUM(left_acl) * sizeof(AclItem));
499
500 memcpy(ACL_DAT(result_acl) + ACL_NUM(left_acl),
501 ACL_DAT(right_acl),
502 ACL_NUM(right_acl) * sizeof(AclItem));
503
504 return result_acl;
505}
allocacl
static Acl * allocacl(int n)
Definition acl.c:439
ACL_DAT
#define ACL_DAT(ACL)
Definition acl.h:109
ACL_NUM
#define ACL_NUM(ACL)
Definition acl.h:108
fb
static int fb(int x)
Definition preproc-init.c:92
AclItem
Definition acl.h:55

References ACL_DAT, ACL_NUM, allocacl(), and fb().

Referenced by ExecGrant_Attribute().

◆ aclcontains()

Datum aclcontains ( PG_FUNCTION_ARGS  )

Definition at line 1625 of file acl.c.

1626{
1627 Acl *acl = PG_GETARG_ACL_P(0);
1628 AclItem *aip = PG_GETARG_ACLITEM_P(1);
1629 AclItem *aidat;
1630 int i,
1631 num;
1632
1633 check_acl(acl);
1634 num = ACL_NUM(acl);
1635 aidat = ACL_DAT(acl);
1636 for (i = 0; i < num; ++i)
1637 {
1638 if (aip->ai_grantee == aidat[i].ai_grantee &&
1639 aip->ai_grantor == aidat[i].ai_grantor &&
1640 (ACLITEM_GET_RIGHTS(*aip) & ACLITEM_GET_RIGHTS(aidat[i])) == ACLITEM_GET_RIGHTS(*aip))
1641 PG_RETURN_BOOL(true);
1642 }
1643 PG_RETURN_BOOL(false);
1644}
check_acl
static void check_acl(const Acl *acl)
Definition acl.c:603
PG_GETARG_ACLITEM_P
#define PG_GETARG_ACLITEM_P(n)
Definition acl.h:117
PG_GETARG_ACL_P
#define PG_GETARG_ACL_P(n)
Definition acl.h:122
ACLITEM_GET_RIGHTS
#define ACLITEM_GET_RIGHTS(item)
Definition acl.h:68
PG_RETURN_BOOL
#define PG_RETURN_BOOL(x)
Definition fmgr.h:360
i
int i
Definition isn.c:77

References ACL_DAT, ACL_NUM, ACLITEM_GET_RIGHTS, check_acl(), fb(), i, PG_GETARG_ACL_P, PG_GETARG_ACLITEM_P, and PG_RETURN_BOOL.

◆ aclcopy()

Acl * aclcopy ( const Acl orig_acl)

Definition at line 470 of file acl.c.

471{
472 Acl *result_acl;
473
474 result_acl = allocacl(ACL_NUM(orig_acl));
475
476 memcpy(ACL_DAT(result_acl),
477 ACL_DAT(orig_acl),
478 ACL_NUM(orig_acl) * sizeof(AclItem));
479
480 return result_acl;
481}

References ACL_DAT, ACL_NUM, allocacl(), and fb().

Referenced by aclmerge(), ExecGrant_Relation(), and SetDefaultACL().

◆ acldefault()

Acl * acldefault ( ObjectType  objtype,
Oid  ownerId 
)

Definition at line 816 of file acl.c.

817{
818 AclMode world_default;
819 AclMode owner_default;
820 int nacl;
821 Acl *acl;
822 AclItem *aip;
823
824 switch (objtype)
825 {
826 case OBJECT_COLUMN:
827 /* by default, columns have no extra privileges */
828 world_default = ACL_NO_RIGHTS;
829 owner_default = ACL_NO_RIGHTS;
830 break;
831 case OBJECT_TABLE:
832 world_default = ACL_NO_RIGHTS;
833 owner_default = ACL_ALL_RIGHTS_RELATION;
834 break;
835 case OBJECT_SEQUENCE:
836 world_default = ACL_NO_RIGHTS;
837 owner_default = ACL_ALL_RIGHTS_SEQUENCE;
838 break;
839 case OBJECT_DATABASE:
840 /* for backwards compatibility, grant some rights by default */
841 world_default = ACL_CREATE_TEMP | ACL_CONNECT;
842 owner_default = ACL_ALL_RIGHTS_DATABASE;
843 break;
844 case OBJECT_FUNCTION:
845 /* Grant EXECUTE by default, for now */
846 world_default = ACL_EXECUTE;
847 owner_default = ACL_ALL_RIGHTS_FUNCTION;
848 break;
849 case OBJECT_LANGUAGE:
850 /* Grant USAGE by default, for now */
851 world_default = ACL_USAGE;
852 owner_default = ACL_ALL_RIGHTS_LANGUAGE;
853 break;
854 case OBJECT_LARGEOBJECT:
855 world_default = ACL_NO_RIGHTS;
856 owner_default = ACL_ALL_RIGHTS_LARGEOBJECT;
857 break;
858 case OBJECT_SCHEMA:
859 world_default = ACL_NO_RIGHTS;
860 owner_default = ACL_ALL_RIGHTS_SCHEMA;
861 break;
862 case OBJECT_TABLESPACE:
863 world_default = ACL_NO_RIGHTS;
864 owner_default = ACL_ALL_RIGHTS_TABLESPACE;
865 break;
866 case OBJECT_FDW:
867 world_default = ACL_NO_RIGHTS;
868 owner_default = ACL_ALL_RIGHTS_FDW;
869 break;
870 case OBJECT_FOREIGN_SERVER:
871 world_default = ACL_NO_RIGHTS;
872 owner_default = ACL_ALL_RIGHTS_FOREIGN_SERVER;
873 break;
874 case OBJECT_DOMAIN:
875 case OBJECT_TYPE:
876 world_default = ACL_USAGE;
877 owner_default = ACL_ALL_RIGHTS_TYPE;
878 break;
879 case OBJECT_PARAMETER_ACL:
880 world_default = ACL_NO_RIGHTS;
881 owner_default = ACL_ALL_RIGHTS_PARAMETER_ACL;
882 break;
883 default:
884 elog(ERROR, "unrecognized object type: %d", (int) objtype);
885 world_default = ACL_NO_RIGHTS; /* keep compiler quiet */
886 owner_default = ACL_NO_RIGHTS;
887 break;
888 }
889
890 nacl = 0;
891 if (world_default != ACL_NO_RIGHTS)
892 nacl++;
893 if (owner_default != ACL_NO_RIGHTS)
894 nacl++;
895
896 acl = allocacl(nacl);
897 aip = ACL_DAT(acl);
898
899 if (world_default != ACL_NO_RIGHTS)
900 {
901 aip->ai_grantee = ACL_ID_PUBLIC;
902 aip->ai_grantor = ownerId;
903 ACLITEM_SET_PRIVS_GOPTIONS(*aip, world_default, ACL_NO_RIGHTS);
904 aip++;
905 }
906
907 /*
908 * Note that the owner's entry shows all ordinary privileges but no grant
909 * options. This is because his grant options come "from the system" and
910 * not from his own efforts. (The SQL spec says that the owner's rights
911 * come from a "_SYSTEM" authid.) However, we do consider that the
912 * owner's ordinary privileges are self-granted; this lets him revoke
913 * them. We implement the owner's grant options without any explicit
914 * "_SYSTEM"-like ACL entry, by internally special-casing the owner
915 * wherever we are testing grant options.
916 */
917 if (owner_default != ACL_NO_RIGHTS)
918 {
919 aip->ai_grantee = ownerId;
920 aip->ai_grantor = ownerId;
921 ACLITEM_SET_PRIVS_GOPTIONS(*aip, owner_default, ACL_NO_RIGHTS);
922 }
923
924 return acl;
925}
ACL_ALL_RIGHTS_FOREIGN_SERVER
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
Definition acl.h:164
ACL_ALL_RIGHTS_TABLESPACE
#define ACL_ALL_RIGHTS_TABLESPACE
Definition acl.h:170
ACL_ALL_RIGHTS_PARAMETER_ACL
#define ACL_ALL_RIGHTS_PARAMETER_ACL
Definition acl.h:168
ACL_ALL_RIGHTS_SCHEMA
#define ACL_ALL_RIGHTS_SCHEMA
Definition acl.h:169
ACL_ALL_RIGHTS_SEQUENCE
#define ACL_ALL_RIGHTS_SEQUENCE
Definition acl.h:161
ACL_ALL_RIGHTS_DATABASE
#define ACL_ALL_RIGHTS_DATABASE
Definition acl.h:162
ACL_ALL_RIGHTS_FUNCTION
#define ACL_ALL_RIGHTS_FUNCTION
Definition acl.h:165
ACL_ALL_RIGHTS_LANGUAGE
#define ACL_ALL_RIGHTS_LANGUAGE
Definition acl.h:166
ACL_ALL_RIGHTS_TYPE
#define ACL_ALL_RIGHTS_TYPE
Definition acl.h:171
ACL_ALL_RIGHTS_FDW
#define ACL_ALL_RIGHTS_FDW
Definition acl.h:163
ACLITEM_SET_PRIVS_GOPTIONS
#define ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)
Definition acl.h:82
ACL_ALL_RIGHTS_RELATION
#define ACL_ALL_RIGHTS_RELATION
Definition acl.h:160
ACL_ID_PUBLIC
#define ACL_ID_PUBLIC
Definition acl.h:46
ACL_ALL_RIGHTS_LARGEOBJECT
#define ACL_ALL_RIGHTS_LARGEOBJECT
Definition acl.h:167
ERROR
#define ERROR
Definition elog.h:39
elog
#define elog(elevel,...)
Definition elog.h:226
ACL_CREATE_TEMP
#define ACL_CREATE_TEMP
Definition parsenodes.h:86
AclMode
uint64 AclMode
Definition parsenodes.h:74
ACL_USAGE
#define ACL_USAGE
Definition parsenodes.h:84
ACL_NO_RIGHTS
#define ACL_NO_RIGHTS
Definition parsenodes.h:92
OBJECT_FDW
@ OBJECT_FDW
Definition parsenodes.h:2370
OBJECT_SCHEMA
@ OBJECT_SCHEMA
Definition parsenodes.h:2390
OBJECT_DOMAIN
@ OBJECT_DOMAIN
Definition parsenodes.h:2366
OBJECT_COLUMN
@ OBJECT_COLUMN
Definition parsenodes.h:2360
OBJECT_TABLESPACE
@ OBJECT_TABLESPACE
Definition parsenodes.h:2396
OBJECT_LARGEOBJECT
@ OBJECT_LARGEOBJECT
Definition parsenodes.h:2376
OBJECT_DATABASE
@ OBJECT_DATABASE
Definition parsenodes.h:2363
OBJECT_SEQUENCE
@ OBJECT_SEQUENCE
Definition parsenodes.h:2391
OBJECT_LANGUAGE
@ OBJECT_LANGUAGE
Definition parsenodes.h:2375
OBJECT_FOREIGN_SERVER
@ OBJECT_FOREIGN_SERVER
Definition parsenodes.h:2371
OBJECT_TABLE
@ OBJECT_TABLE
Definition parsenodes.h:2395
OBJECT_PARAMETER_ACL
@ OBJECT_PARAMETER_ACL
Definition parsenodes.h:2381
OBJECT_TYPE
@ OBJECT_TYPE
Definition parsenodes.h:2403
OBJECT_FUNCTION
@ OBJECT_FUNCTION
Definition parsenodes.h:2373
ACL_CONNECT
#define ACL_CONNECT
Definition parsenodes.h:87
ACL_EXECUTE
#define ACL_EXECUTE
Definition parsenodes.h:83

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_LARGEOBJECT, ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, ACL_CONNECT, ACL_CREATE_TEMP, ACL_DAT, ACL_EXECUTE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, ACL_USAGE, ACLITEM_SET_PRIVS_GOPTIONS, allocacl(), elog, ERROR, fb(), OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, and OBJECT_TYPE.

Referenced by acldefault_sql(), buildDefaultACLCommands(), dumpACL(), dumpRoleGUCPrivs(), dumpTable(), dumpTablespaces(), ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), get_user_default_acl(), object_aclmask_ext(), pg_class_aclmask_ext(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask_ext(), pg_parameter_acl_aclmask(), pg_parameter_aclmask(), pg_type_aclmask_ext(), and SetDefaultACL().

◆ acldefault_sql()

Datum acldefault_sql ( PG_FUNCTION_ARGS  )

Definition at line 933 of file acl.c.

934{
935 char objtypec = PG_GETARG_CHAR(0);
936 Oid owner = PG_GETARG_OID(1);
937 ObjectType objtype = 0;
938
939 switch (objtypec)
940 {
941 case 'c':
942 objtype = OBJECT_COLUMN;
943 break;
944 case 'r':
945 objtype = OBJECT_TABLE;
946 break;
947 case 's':
948 objtype = OBJECT_SEQUENCE;
949 break;
950 case 'd':
951 objtype = OBJECT_DATABASE;
952 break;
953 case 'f':
954 objtype = OBJECT_FUNCTION;
955 break;
956 case 'l':
957 objtype = OBJECT_LANGUAGE;
958 break;
959 case 'L':
960 objtype = OBJECT_LARGEOBJECT;
961 break;
962 case 'n':
963 objtype = OBJECT_SCHEMA;
964 break;
965 case 'p':
966 objtype = OBJECT_PARAMETER_ACL;
967 break;
968 case 't':
969 objtype = OBJECT_TABLESPACE;
970 break;
971 case 'F':
972 objtype = OBJECT_FDW;
973 break;
974 case 'S':
975 objtype = OBJECT_FOREIGN_SERVER;
976 break;
977 case 'T':
978 objtype = OBJECT_TYPE;
979 break;
980 default:
981 elog(ERROR, "unrecognized object type abbreviation: %c", objtypec);
982 }
983
984 PG_RETURN_ACL_P(acldefault(objtype, owner));
985}
acldefault
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition acl.c:816
PG_RETURN_ACL_P
#define PG_RETURN_ACL_P(x)
Definition acl.h:124
PG_GETARG_OID
#define PG_GETARG_OID(n)
Definition fmgr.h:275
PG_GETARG_CHAR
#define PG_GETARG_CHAR(n)
Definition fmgr.h:273
ObjectType
ObjectType
Definition parsenodes.h:2353
Oid
unsigned int Oid
Definition postgres_ext.h:32

References acldefault(), elog, ERROR, fb(), OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, PG_GETARG_CHAR, PG_GETARG_OID, and PG_RETURN_ACL_P.

◆ aclequal()

bool aclequal ( const Acl left_acl,
const Acl right_acl 
)

Definition at line 572 of file acl.c.

573{
574 /* Check for cases where one or both are empty/null */
575 if (left_acl == NULL || ACL_NUM(left_acl) == 0)
576 {
577 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
578 return true;
579 else
580 return false;
581 }
582 else
583 {
584 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
585 return false;
586 }
587
588 if (ACL_NUM(left_acl) != ACL_NUM(right_acl))
589 return false;
590
591 if (memcmp(ACL_DAT(left_acl),
592 ACL_DAT(right_acl),
593 ACL_NUM(left_acl) * sizeof(AclItem)) == 0)
594 return true;
595
596 return false;
597}

References ACL_DAT, ACL_NUM, and fb().

Referenced by ExecGrant_Parameter(), get_user_default_acl(), and SetDefaultACL().

◆ aclexplode()

Datum aclexplode ( PG_FUNCTION_ARGS  )

Definition at line 1803 of file acl.c.

1804{
1805 Acl *acl = PG_GETARG_ACL_P(0);
1806 FuncCallContext *funcctx;
1807 int *idx;
1808 AclItem *aidat;
1809
1810 if (SRF_IS_FIRSTCALL())
1811 {
1812 TupleDesc tupdesc;
1813 MemoryContext oldcontext;
1814
1815 check_acl(acl);
1816
1817 funcctx = SRF_FIRSTCALL_INIT();
1818 oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
1819
1820 /*
1821 * build tupdesc for result tuples (matches out parameters in pg_proc
1822 * entry)
1823 */
1824 tupdesc = CreateTemplateTupleDesc(4);
1825 TupleDescInitEntry(tupdesc, (AttrNumber) 1, "grantor",
1826 OIDOID, -1, 0);
1827 TupleDescInitEntry(tupdesc, (AttrNumber) 2, "grantee",
1828 OIDOID, -1, 0);
1829 TupleDescInitEntry(tupdesc, (AttrNumber) 3, "privilege_type",
1830 TEXTOID, -1, 0);
1831 TupleDescInitEntry(tupdesc, (AttrNumber) 4, "is_grantable",
1832 BOOLOID, -1, 0);
1833
1834 funcctx->tuple_desc = BlessTupleDesc(tupdesc);
1835
1836 /* allocate memory for user context */
1837 idx = palloc_array(int, 2);
1838 idx[0] = 0; /* ACL array item index */
1839 idx[1] = -1; /* privilege type counter */
1840 funcctx->user_fctx = idx;
1841
1842 MemoryContextSwitchTo(oldcontext);
1843 }
1844
1845 funcctx = SRF_PERCALL_SETUP();
1846 idx = (int *) funcctx->user_fctx;
1847 aidat = ACL_DAT(acl);
1848
1849 /* need test here in case acl has no items */
1850 while (idx[0] < ACL_NUM(acl))
1851 {
1852 AclItem *aidata;
1853 AclMode priv_bit;
1854
1855 idx[1]++;
1856 if (idx[1] == N_ACL_RIGHTS)
1857 {
1858 idx[1] = 0;
1859 idx[0]++;
1860 if (idx[0] >= ACL_NUM(acl)) /* done */
1861 break;
1862 }
1863 aidata = &aidat[idx[0]];
1864 priv_bit = UINT64CONST(1) << idx[1];
1865
1866 if (ACLITEM_GET_PRIVS(*aidata) & priv_bit)
1867 {
1868 Datum result;
1869 Datum values[4];
1870 bool nulls[4] = {0};
1871 HeapTuple tuple;
1872
1873 values[0] = ObjectIdGetDatum(aidata->ai_grantor);
1874 values[1] = ObjectIdGetDatum(aidata->ai_grantee);
1875 values[2] = CStringGetTextDatum(convert_aclright_to_string(priv_bit));
1876 values[3] = BoolGetDatum((ACLITEM_GET_GOPTIONS(*aidata) & priv_bit) != 0);
1877
1878 tuple = heap_form_tuple(funcctx->tuple_desc, values, nulls);
1879 result = HeapTupleGetDatum(tuple);
1880
1881 SRF_RETURN_NEXT(funcctx, result);
1882 }
1883 }
1884
1885 SRF_RETURN_DONE(funcctx);
1886}
idx
Datum idx(PG_FUNCTION_ARGS)
Definition _int_op.c:262
convert_aclright_to_string
static const char * convert_aclright_to_string(int aclright)
Definition acl.c:1747
ACLITEM_GET_PRIVS
#define ACLITEM_GET_PRIVS(item)
Definition acl.h:66
ACLITEM_GET_GOPTIONS
#define ACLITEM_GET_GOPTIONS(item)
Definition acl.h:67
AttrNumber
int16 AttrNumber
Definition attnum.h:21
values
static Datum values[MAXATTR]
Definition bootstrap.c:187
CStringGetTextDatum
#define CStringGetTextDatum(s)
Definition builtins.h:98
UINT64CONST
#define UINT64CONST(x)
Definition c.h:594
BlessTupleDesc
TupleDesc BlessTupleDesc(TupleDesc tupdesc)
Definition execTuples.c:2260
palloc_array
#define palloc_array(type, count)
Definition fe_memutils.h:76
SRF_IS_FIRSTCALL
#define SRF_IS_FIRSTCALL()
Definition funcapi.h:304
SRF_PERCALL_SETUP
#define SRF_PERCALL_SETUP()
Definition funcapi.h:308
SRF_RETURN_NEXT
#define SRF_RETURN_NEXT(_funcctx, _result)
Definition funcapi.h:310
SRF_FIRSTCALL_INIT
#define SRF_FIRSTCALL_INIT()
Definition funcapi.h:306
HeapTupleGetDatum
static Datum HeapTupleGetDatum(const HeapTupleData *tuple)
Definition funcapi.h:230
SRF_RETURN_DONE
#define SRF_RETURN_DONE(_funcctx)
Definition funcapi.h:328
heap_form_tuple
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
Definition heaptuple.c:1117
MemoryContextSwitchTo
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition palloc.h:124
N_ACL_RIGHTS
#define N_ACL_RIGHTS
Definition parsenodes.h:91
BoolGetDatum
static Datum BoolGetDatum(bool X)
Definition postgres.h:112
ObjectIdGetDatum
static Datum ObjectIdGetDatum(Oid X)
Definition postgres.h:262
Datum
uint64_t Datum
Definition postgres.h:70
CreateTemplateTupleDesc
TupleDesc CreateTemplateTupleDesc(int natts)
Definition tupdesc.c:165
TupleDescInitEntry
void TupleDescInitEntry(TupleDesc desc, AttrNumber attributeNumber, const char *attributeName, Oid oidtypeid, int32 typmod, int attdim)
Definition tupdesc.c:825

References ACL_DAT, ACL_NUM, ACLITEM_GET_GOPTIONS, ACLITEM_GET_PRIVS, BlessTupleDesc(), BoolGetDatum(), check_acl(), convert_aclright_to_string(), CreateTemplateTupleDesc(), CStringGetTextDatum, fb(), heap_form_tuple(), HeapTupleGetDatum(), idx(), MemoryContextSwitchTo(), N_ACL_RIGHTS, ObjectIdGetDatum(), palloc_array, PG_GETARG_ACL_P, SRF_FIRSTCALL_INIT, SRF_IS_FIRSTCALL, SRF_PERCALL_SETUP, SRF_RETURN_DONE, SRF_RETURN_NEXT, TupleDescInitEntry(), UINT64CONST, and values.

◆ aclinsert()

Datum aclinsert ( PG_FUNCTION_ARGS  )

Definition at line 1605 of file acl.c.

1606{
1607 ereport(ERROR,
1608 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1609 errmsg("aclinsert is no longer supported")));
1610
1611 PG_RETURN_NULL(); /* keep compiler quiet */
1612}
errcode
int errcode(int sqlerrcode)
Definition elog.c:874
ereport
#define ereport(elevel,...)
Definition elog.h:150
PG_RETURN_NULL
#define PG_RETURN_NULL()
Definition fmgr.h:346
errmsg
static char * errmsg
Definition oauth_hook_client.c:61

References ereport, errcode(), errmsg, ERROR, fb(), and PG_RETURN_NULL.

◆ aclitem_eq()

Datum aclitem_eq ( PG_FUNCTION_ARGS  )

Definition at line 761 of file acl.c.

762{
763 AclItem *a1 = PG_GETARG_ACLITEM_P(0);
764 AclItem *a2 = PG_GETARG_ACLITEM_P(1);
765 bool result;
766
767 result = a1->ai_privs == a2->ai_privs &&
768 a1->ai_grantee == a2->ai_grantee &&
769 a1->ai_grantor == a2->ai_grantor;
770 PG_RETURN_BOOL(result);
771}
a1
static const FormData_pg_attribute a1
Definition heap.c:144
a2
static const FormData_pg_attribute a2
Definition heap.c:157

References a1, a2, PG_GETARG_ACLITEM_P, and PG_RETURN_BOOL.

◆ aclitem_match()

static bool aclitem_match ( const AclItem a1,
const AclItem a2 
)
static

Definition at line 726 of file acl.c.

727{
728 return a1->ai_grantee == a2->ai_grantee &&
729 a1->ai_grantor == a2->ai_grantor;
730}

References a1, and a2.

Referenced by aclnewowner(), and aclupdate().

◆ aclitemComparator()

static int aclitemComparator ( const void arg1,
const void arg2 
)
static

Definition at line 737 of file acl.c.

738{
739 const AclItem *a1 = (const AclItem *) arg1;
740 const AclItem *a2 = (const AclItem *) arg2;
741
742 if (a1->ai_grantee > a2->ai_grantee)
743 return 1;
744 if (a1->ai_grantee < a2->ai_grantee)
745 return -1;
746 if (a1->ai_grantor > a2->ai_grantor)
747 return 1;
748 if (a1->ai_grantor < a2->ai_grantor)
749 return -1;
750 if (a1->ai_privs > a2->ai_privs)
751 return 1;
752 if (a1->ai_privs < a2->ai_privs)
753 return -1;
754 return 0;
755}

References a1, a2, and fb().

Referenced by aclitemsort().

◆ aclitemin()

Datum aclitemin ( PG_FUNCTION_ARGS  )

Definition at line 628 of file acl.c.

629{
630 const char *s = PG_GETARG_CSTRING(0);
631 Node *escontext = fcinfo->context;
632 AclItem *aip;
633
634 aip = palloc_object(AclItem);
635
636 s = aclparse(s, aip, escontext);
637 if (s == NULL)
638 PG_RETURN_NULL();
639
640 while (isspace((unsigned char) *s))
641 ++s;
642 if (*s)
643 ereturn(escontext, (Datum) 0,
644 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
645 errmsg("extra garbage at the end of the ACL specification")));
646
647 PG_RETURN_ACLITEM_P(aip);
648}
aclparse
static const char * aclparse(const char *s, AclItem *aip, Node *escontext)
Definition acl.c:278
PG_RETURN_ACLITEM_P
#define PG_RETURN_ACLITEM_P(x)
Definition acl.h:118
ereturn
#define ereturn(context, dummy_value,...)
Definition elog.h:278
palloc_object
#define palloc_object(type)
Definition fe_memutils.h:74
PG_GETARG_CSTRING
#define PG_GETARG_CSTRING(n)
Definition fmgr.h:278
Node
Definition nodes.h:135

References aclparse(), ereturn, errcode(), errmsg, fb(), palloc_object, PG_GETARG_CSTRING, PG_RETURN_ACLITEM_P, and PG_RETURN_NULL.

◆ aclitemout()

Datum aclitemout ( PG_FUNCTION_ARGS  )

Definition at line 659 of file acl.c.

660{
661 AclItem *aip = PG_GETARG_ACLITEM_P(0);
662 char *p;
663 char *out;
664 HeapTuple htup;
665 unsigned i;
666
667 out = palloc(strlen("=/") +
668 2 * N_ACL_RIGHTS +
669 2 * (2 * NAMEDATALEN + 2) +
670 1);
671
672 p = out;
673 *p = '\0';
674
675 if (aip->ai_grantee != ACL_ID_PUBLIC)
676 {
677 htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantee));
678 if (HeapTupleIsValid(htup))
679 {
680 putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
681 ReleaseSysCache(htup);
682 }
683 else
684 {
685 /* Generate numeric OID if we don't find an entry */
686 sprintf(p, "%u", aip->ai_grantee);
687 }
688 }
689 while (*p)
690 ++p;
691
692 *p++ = '=';
693
694 for (i = 0; i < N_ACL_RIGHTS; ++i)
695 {
696 if (ACLITEM_GET_PRIVS(*aip) & (UINT64CONST(1) << i))
697 *p++ = ACL_ALL_RIGHTS_STR[i];
698 if (ACLITEM_GET_GOPTIONS(*aip) & (UINT64CONST(1) << i))
699 *p++ = '*';
700 }
701
702 *p++ = '/';
703 *p = '\0';
704
705 htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantor));
706 if (HeapTupleIsValid(htup))
707 {
708 putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
709 ReleaseSysCache(htup);
710 }
711 else
712 {
713 /* Generate numeric OID if we don't find an entry */
714 sprintf(p, "%u", aip->ai_grantor);
715 }
716
717 PG_RETURN_CSTRING(out);
718}
putid
static void putid(char *p, const char *s)
Definition acl.c:223
ACL_ALL_RIGHTS_STR
#define ACL_ALL_RIGHTS_STR
Definition acl.h:154
NameStr
#define NameStr(name)
Definition c.h:798
PG_RETURN_CSTRING
#define PG_RETURN_CSTRING(x)
Definition fmgr.h:364
HeapTupleIsValid
#define HeapTupleIsValid(tuple)
Definition htup.h:78
GETSTRUCT
static void * GETSTRUCT(const HeapTupleData *tuple)
Definition htup_details.h:714
palloc
void * palloc(Size size)
Definition mcxt.c:1387
rolname
NameData rolname
Definition pg_authid.h:36
Form_pg_authid
END_CATALOG_STRUCT typedef FormData_pg_authid * Form_pg_authid
Definition pg_authid.h:60
NAMEDATALEN
#define NAMEDATALEN
Definition pg_config_manual.h:39
sprintf
#define sprintf
Definition port.h:262
ReleaseSysCache
void ReleaseSysCache(HeapTuple tuple)
Definition syscache.c:264
SearchSysCache1
HeapTuple SearchSysCache1(SysCacheIdentifier cacheId, Datum key1)
Definition syscache.c:220

References ACL_ALL_RIGHTS_STR, ACL_ID_PUBLIC, ACLITEM_GET_GOPTIONS, ACLITEM_GET_PRIVS, fb(), Form_pg_authid, GETSTRUCT(), HeapTupleIsValid, i, N_ACL_RIGHTS, NAMEDATALEN, NameStr, ObjectIdGetDatum(), palloc(), PG_GETARG_ACLITEM_P, PG_RETURN_CSTRING, putid(), ReleaseSysCache(), rolname, SearchSysCache1(), sprintf, and UINT64CONST.

◆ aclitemsort()

void aclitemsort ( Acl acl)

Definition at line 558 of file acl.c.

559{
560 if (acl != NULL && ACL_NUM(acl) > 1)
561 qsort(ACL_DAT(acl), ACL_NUM(acl), sizeof(AclItem), aclitemComparator);
562}
aclitemComparator
static int aclitemComparator(const void *arg1, const void *arg2)
Definition acl.c:737
qsort
#define qsort(a, b, c, d)
Definition port.h:495

References ACL_DAT, ACL_NUM, aclitemComparator(), fb(), and qsort.

Referenced by get_user_default_acl(), and SetDefaultACL().

◆ aclmask()

AclMode aclmask ( const Acl acl,
Oid  roleid,
Oid  ownerId,
AclMode  mask,
AclMaskHow  how 
)

Definition at line 1401 of file acl.c.

1403{
1404 AclMode result;
1405 AclMode remaining;
1406 AclItem *aidat;
1407 int i,
1408 num;
1409
1410 /*
1411 * Null ACL should not happen, since caller should have inserted
1412 * appropriate default
1413 */
1414 if (acl == NULL)
1415 elog(ERROR, "null ACL");
1416
1417 check_acl(acl);
1418
1419 /* Quick exit for mask == 0 */
1420 if (mask == 0)
1421 return 0;
1422
1423 result = 0;
1424
1425 /* Owner always implicitly has all grant options */
1426 if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1427 has_privs_of_role(roleid, ownerId))
1428 {
1429 result = mask & ACLITEM_ALL_GOPTION_BITS;
1430 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1431 return result;
1432 }
1433
1434 num = ACL_NUM(acl);
1435 aidat = ACL_DAT(acl);
1436
1437 /*
1438 * Check privileges granted directly to roleid or to public
1439 */
1440 for (i = 0; i < num; i++)
1441 {
1442 AclItem *aidata = &aidat[i];
1443
1444 if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1445 aidata->ai_grantee == roleid)
1446 {
1447 result |= aidata->ai_privs & mask;
1448 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1449 return result;
1450 }
1451 }
1452
1453 /*
1454 * Check privileges granted indirectly via role memberships. We do this in
1455 * a separate pass to minimize expensive indirect membership tests. In
1456 * particular, it's worth testing whether a given ACL entry grants any
1457 * privileges still of interest before we perform the has_privs_of_role
1458 * test.
1459 */
1460 remaining = mask & ~result;
1461 for (i = 0; i < num; i++)
1462 {
1463 AclItem *aidata = &aidat[i];
1464
1465 if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1466 aidata->ai_grantee == roleid)
1467 continue; /* already checked it */
1468
1469 if ((aidata->ai_privs & remaining) &&
1470 has_privs_of_role(roleid, aidata->ai_grantee))
1471 {
1472 result |= aidata->ai_privs & mask;
1473 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1474 return result;
1475 remaining = mask & ~result;
1476 }
1477 }
1478
1479 return result;
1480}
has_privs_of_role
bool has_privs_of_role(Oid member, Oid role)
Definition acl.c:5298
ACLITEM_ALL_GOPTION_BITS
#define ACLITEM_ALL_GOPTION_BITS
Definition acl.h:88
ACLMASK_ALL
@ ACLMASK_ALL
Definition acl.h:176
remaining
int remaining
Definition informix.c:692
AclItem::ai_privs
AclMode ai_privs
Definition acl.h:58

References ACL_DAT, ACL_ID_PUBLIC, ACL_NUM, ACLITEM_ALL_GOPTION_BITS, ACLMASK_ALL, AclItem::ai_privs, check_acl(), elog, ERROR, fb(), has_privs_of_role(), i, and remaining.

Referenced by check_circularity(), LockTableAclCheck(), object_aclmask_ext(), pg_attribute_aclcheck_all_ext(), pg_attribute_aclmask_ext(), pg_class_aclmask_ext(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask_ext(), pg_parameter_acl_aclmask(), pg_parameter_aclmask(), pg_type_aclmask_ext(), and recursive_revoke().

◆ aclmask_direct()

static AclMode aclmask_direct ( const Acl acl,
Oid  roleid,
Oid  ownerId,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 1490 of file acl.c.

1492{
1493 AclMode result;
1494 AclItem *aidat;
1495 int i,
1496 num;
1497
1498 /*
1499 * Null ACL should not happen, since caller should have inserted
1500 * appropriate default
1501 */
1502 if (acl == NULL)
1503 elog(ERROR, "null ACL");
1504
1505 check_acl(acl);
1506
1507 /* Quick exit for mask == 0 */
1508 if (mask == 0)
1509 return 0;
1510
1511 result = 0;
1512
1513 /* Owner always implicitly has all grant options */
1514 if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1515 roleid == ownerId)
1516 {
1517 result = mask & ACLITEM_ALL_GOPTION_BITS;
1518 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1519 return result;
1520 }
1521
1522 num = ACL_NUM(acl);
1523 aidat = ACL_DAT(acl);
1524
1525 /*
1526 * Check privileges granted directly to roleid (and not to public)
1527 */
1528 for (i = 0; i < num; i++)
1529 {
1530 AclItem *aidata = &aidat[i];
1531
1532 if (aidata->ai_grantee == roleid)
1533 {
1534 result |= aidata->ai_privs & mask;
1535 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1536 return result;
1537 }
1538 }
1539
1540 return result;
1541}

References ACL_DAT, ACL_NUM, ACLITEM_ALL_GOPTION_BITS, ACLMASK_ALL, AclItem::ai_privs, check_acl(), elog, ERROR, fb(), and i.

Referenced by select_best_grantor().

◆ aclmembers()

int aclmembers ( const Acl acl,
Oid **  roleids 
)

Definition at line 1553 of file acl.c.

1554{
1555 Oid *list;
1556 const AclItem *acldat;
1557 int i,
1558 j;
1559
1560 if (acl == NULL || ACL_NUM(acl) == 0)
1561 {
1562 *roleids = NULL;
1563 return 0;
1564 }
1565
1566 check_acl(acl);
1567
1568 /* Allocate the worst-case space requirement */
1569 list = palloc(ACL_NUM(acl) * 2 * sizeof(Oid));
1570 acldat = ACL_DAT(acl);
1571
1572 /*
1573 * Walk the ACL collecting mentioned RoleIds.
1574 */
1575 j = 0;
1576 for (i = 0; i < ACL_NUM(acl); i++)
1577 {
1578 const AclItem *ai = &acldat[i];
1579
1580 if (ai->ai_grantee != ACL_ID_PUBLIC)
1581 list[j++] = ai->ai_grantee;
1582 /* grantor is currently never PUBLIC, but let's check anyway */
1583 if (ai->ai_grantor != ACL_ID_PUBLIC)
1584 list[j++] = ai->ai_grantor;
1585 }
1586
1587 /* Sort the array */
1588 qsort(list, j, sizeof(Oid), oid_cmp);
1589
1590 /*
1591 * We could repalloc the array down to minimum size, but it's hardly worth
1592 * it since it's only transient memory.
1593 */
1594 *roleids = list;
1595
1596 /* Remove duplicates from the array */
1597 return qunique(list, j, sizeof(Oid), oid_cmp);
1598}
j
int j
Definition isn.c:78
oid_cmp
int oid_cmp(const void *p1, const void *p2)
Definition oid.c:287
qunique
static size_t qunique(void *array, size_t elements, size_t width, int(*compare)(const void *, const void *))
Definition qunique.h:21

References ACL_DAT, ACL_ID_PUBLIC, ACL_NUM, check_acl(), fb(), i, j, oid_cmp(), palloc(), qsort, and qunique().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), recordDependencyOnNewAcl(), recordExtensionInitPrivWorker(), RemoveRoleFromInitPriv(), ReplaceRoleInInitPriv(), and SetDefaultACL().

◆ aclmerge()

Acl * aclmerge ( const Acl left_acl,
const Acl right_acl,
Oid  ownerId 
)

Definition at line 514 of file acl.c.

515{
516 Acl *result_acl;
517 AclItem *aip;
518 int i,
519 num;
520
521 /* Check for cases where one or both are empty/null */
522 if (left_acl == NULL || ACL_NUM(left_acl) == 0)
523 {
524 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
525 return NULL;
526 else
527 return aclcopy(right_acl);
528 }
529 else
530 {
531 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
532 return aclcopy(left_acl);
533 }
534
535 /* Merge them the hard way, one item at a time */
536 result_acl = aclcopy(left_acl);
537
538 aip = ACL_DAT(right_acl);
539 num = ACL_NUM(right_acl);
540
541 for (i = 0; i < num; i++, aip++)
542 {
543 Acl *tmp_acl;
544
545 tmp_acl = aclupdate(result_acl, aip, ACL_MODECHG_ADD,
546 ownerId, DROP_RESTRICT);
547 pfree(result_acl);
548 result_acl = tmp_acl;
549 }
550
551 return result_acl;
552}
aclupdate
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
Definition acl.c:1005
aclcopy
Acl * aclcopy(const Acl *orig_acl)
Definition acl.c:470
ACL_MODECHG_ADD
#define ACL_MODECHG_ADD
Definition acl.h:129
pfree
void pfree(void *pointer)
Definition mcxt.c:1616
DROP_RESTRICT
@ DROP_RESTRICT
Definition parsenodes.h:2427

References ACL_DAT, ACL_MODECHG_ADD, ACL_NUM, aclcopy(), aclupdate(), DROP_RESTRICT, fb(), i, and pfree().

Referenced by get_user_default_acl().

◆ aclnewowner()

Acl * aclnewowner ( const Acl old_acl,
Oid  oldOwnerId,
Oid  newOwnerId 
)

Definition at line 1132 of file acl.c.

1133{
1134 Acl *new_acl;
1135 AclItem *new_aip;
1136 AclItem *old_aip;
1137 AclItem *dst_aip;
1138 AclItem *src_aip;
1139 AclItem *targ_aip;
1140 bool newpresent = false;
1141 int dst,
1142 src,
1143 targ,
1144 num;
1145
1146 check_acl(old_acl);
1147
1148 /*
1149 * Make a copy of the given ACL, substituting new owner ID for old
1150 * wherever it appears as either grantor or grantee. Also note if the new
1151 * owner ID is already present.
1152 */
1153 num = ACL_NUM(old_acl);
1154 old_aip = ACL_DAT(old_acl);
1155 new_acl = allocacl(num);
1156 new_aip = ACL_DAT(new_acl);
1157 memcpy(new_aip, old_aip, num * sizeof(AclItem));
1158 for (dst = 0, dst_aip = new_aip; dst < num; dst++, dst_aip++)
1159 {
1160 if (dst_aip->ai_grantor == oldOwnerId)
1161 dst_aip->ai_grantor = newOwnerId;
1162 else if (dst_aip->ai_grantor == newOwnerId)
1163 newpresent = true;
1164 if (dst_aip->ai_grantee == oldOwnerId)
1165 dst_aip->ai_grantee = newOwnerId;
1166 else if (dst_aip->ai_grantee == newOwnerId)
1167 newpresent = true;
1168 }
1169
1170 /*
1171 * If the old ACL contained any references to the new owner, then we may
1172 * now have generated an ACL containing duplicate entries. Find them and
1173 * merge them so that there are not duplicates. (This is relatively
1174 * expensive since we use a stupid O(N^2) algorithm, but it's unlikely to
1175 * be the normal case.)
1176 *
1177 * To simplify deletion of duplicate entries, we temporarily leave them in
1178 * the array but set their privilege masks to zero; when we reach such an
1179 * entry it's just skipped. (Thus, a side effect of this code will be to
1180 * remove privilege-free entries, should there be any in the input.) dst
1181 * is the next output slot, targ is the currently considered input slot
1182 * (always >= dst), and src scans entries to the right of targ looking for
1183 * duplicates. Once an entry has been emitted to dst it is known
1184 * duplicate-free and need not be considered anymore.
1185 */
1186 if (newpresent)
1187 {
1188 dst = 0;
1189 for (targ = 0, targ_aip = new_aip; targ < num; targ++, targ_aip++)
1190 {
1191 /* ignore if deleted in an earlier pass */
1192 if (ACLITEM_GET_RIGHTS(*targ_aip) == ACL_NO_RIGHTS)
1193 continue;
1194 /* find and merge any duplicates */
1195 for (src = targ + 1, src_aip = targ_aip + 1; src < num;
1196 src++, src_aip++)
1197 {
1198 if (ACLITEM_GET_RIGHTS(*src_aip) == ACL_NO_RIGHTS)
1199 continue;
1200 if (aclitem_match(targ_aip, src_aip))
1201 {
1202 ACLITEM_SET_RIGHTS(*targ_aip,
1203 ACLITEM_GET_RIGHTS(*targ_aip) |
1204 ACLITEM_GET_RIGHTS(*src_aip));
1205 /* mark the duplicate deleted */
1206 ACLITEM_SET_RIGHTS(*src_aip, ACL_NO_RIGHTS);
1207 }
1208 }
1209 /* and emit to output */
1210 new_aip[dst] = *targ_aip;
1211 dst++;
1212 }
1213 /* Adjust array size to be 'dst' items */
1214 ARR_DIMS(new_acl)[0] = dst;
1215 SET_VARSIZE(new_acl, ACL_N_SIZE(dst));
1216 }
1217
1218 return new_acl;
1219}
aclitem_match
static bool aclitem_match(const AclItem *a1, const AclItem *a2)
Definition acl.c:726
ACL_N_SIZE
#define ACL_N_SIZE(N)
Definition acl.h:110
ACLITEM_SET_RIGHTS
#define ACLITEM_SET_RIGHTS(item, rights)
Definition acl.h:79
ARR_DIMS
#define ARR_DIMS(a)
Definition array.h:294
SET_VARSIZE
static void SET_VARSIZE(void *PTR, Size len)
Definition varatt.h:432

References ACL_DAT, ACL_N_SIZE, ACL_NO_RIGHTS, ACL_NUM, ACLITEM_GET_RIGHTS, aclitem_match(), ACLITEM_SET_RIGHTS, allocacl(), ARR_DIMS, check_acl(), fb(), and SET_VARSIZE().

Referenced by AlterDatabaseOwner(), AlterForeignDataWrapperOwner_internal(), AlterForeignServerOwner_internal(), AlterObjectOwner_internal(), AlterSchemaOwner_internal(), AlterTypeOwnerInternal(), ATExecChangeOwner(), change_owner_fix_column_acls(), and ReplaceRoleInInitPriv().

◆ aclparse()

static const char * aclparse ( const char s,
AclItem aip,
Node escontext 
)
static

Definition at line 278 of file acl.c.

279{
280 AclMode privs,
281 goption,
282 read;
283 char name[NAMEDATALEN];
284 char name2[NAMEDATALEN];
285
286 Assert(s && aip);
287
288 s = getid(s, name, escontext);
289 if (s == NULL)
290 return NULL;
291 if (*s != '=')
292 {
293 /* we just read a keyword, not a name */
294 if (strcmp(name, "group") != 0 && strcmp(name, "user") != 0)
295 ereturn(escontext, NULL,
296 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
297 errmsg("unrecognized key word: \"%s\"", name),
298 errhint("ACL key word must be \"group\" or \"user\".")));
299 /* move s to the name beyond the keyword */
300 s = getid(s, name, escontext);
301 if (s == NULL)
302 return NULL;
303 if (name[0] == '\0')
304 ereturn(escontext, NULL,
305 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
306 errmsg("missing name"),
307 errhint("A name must follow the \"group\" or \"user\" key word.")));
308 }
309
310 if (*s != '=')
311 ereturn(escontext, NULL,
312 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
313 errmsg("missing \"=\" sign")));
314
315 privs = goption = ACL_NO_RIGHTS;
316
317 for (++s, read = 0; isalpha((unsigned char) *s) || *s == '*'; s++)
318 {
319 switch (*s)
320 {
321 case '*':
322 goption |= read;
323 break;
324 case ACL_INSERT_CHR:
325 read = ACL_INSERT;
326 break;
327 case ACL_SELECT_CHR:
328 read = ACL_SELECT;
329 break;
330 case ACL_UPDATE_CHR:
331 read = ACL_UPDATE;
332 break;
333 case ACL_DELETE_CHR:
334 read = ACL_DELETE;
335 break;
336 case ACL_TRUNCATE_CHR:
337 read = ACL_TRUNCATE;
338 break;
339 case ACL_REFERENCES_CHR:
340 read = ACL_REFERENCES;
341 break;
342 case ACL_TRIGGER_CHR:
343 read = ACL_TRIGGER;
344 break;
345 case ACL_EXECUTE_CHR:
346 read = ACL_EXECUTE;
347 break;
348 case ACL_USAGE_CHR:
349 read = ACL_USAGE;
350 break;
351 case ACL_CREATE_CHR:
352 read = ACL_CREATE;
353 break;
354 case ACL_CREATE_TEMP_CHR:
355 read = ACL_CREATE_TEMP;
356 break;
357 case ACL_CONNECT_CHR:
358 read = ACL_CONNECT;
359 break;
360 case ACL_SET_CHR:
361 read = ACL_SET;
362 break;
363 case ACL_ALTER_SYSTEM_CHR:
364 read = ACL_ALTER_SYSTEM;
365 break;
366 case ACL_MAINTAIN_CHR:
367 read = ACL_MAINTAIN;
368 break;
369 default:
370 ereturn(escontext, NULL,
371 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
372 errmsg("invalid mode character: must be one of \"%s\"",
373 ACL_ALL_RIGHTS_STR)));
374 }
375
376 privs |= read;
377 }
378
379 if (name[0] == '\0')
380 aip->ai_grantee = ACL_ID_PUBLIC;
381 else
382 {
383 if (IsBootstrapProcessingMode())
384 aip->ai_grantee = boot_get_role_oid(name);
385 else
386 aip->ai_grantee = get_role_oid(name, true);
387 if (!OidIsValid(aip->ai_grantee))
388 ereturn(escontext, NULL,
389 (errcode(ERRCODE_UNDEFINED_OBJECT),
390 errmsg("role \"%s\" does not exist", name)));
391 }
392
393 /*
394 * XXX Allow a degree of backward compatibility by defaulting the grantor
395 * to the superuser. We condone that practice in the catalog .dat files
396 * (i.e., in bootstrap mode) for brevity; otherwise, issue a warning.
397 */
398 if (*s == '/')
399 {
400 s = getid(s + 1, name2, escontext);
401 if (s == NULL)
402 return NULL;
403 if (name2[0] == '\0')
404 ereturn(escontext, NULL,
405 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
406 errmsg("a name must follow the \"/\" sign")));
407 if (IsBootstrapProcessingMode())
408 aip->ai_grantor = boot_get_role_oid(name2);
409 else
410 aip->ai_grantor = get_role_oid(name2, true);
411 if (!OidIsValid(aip->ai_grantor))
412 ereturn(escontext, NULL,
413 (errcode(ERRCODE_UNDEFINED_OBJECT),
414 errmsg("role \"%s\" does not exist", name2)));
415 }
416 else
417 {
418 aip->ai_grantor = BOOTSTRAP_SUPERUSERID;
419 if (!IsBootstrapProcessingMode())
420 ereport(WARNING,
421 (errcode(ERRCODE_INVALID_GRANTOR),
422 errmsg("defaulting grantor to user ID %u",
423 BOOTSTRAP_SUPERUSERID)));
424 }
425
426 ACLITEM_SET_PRIVS_GOPTIONS(*aip, privs, goption);
427
428 return s;
429}
getid
static const char * getid(const char *s, char *n, Node *escontext)
Definition acl.c:170
get_role_oid
Oid get_role_oid(const char *rolname, bool missing_ok)
Definition acl.c:5566
ACL_CREATE_CHR
#define ACL_CREATE_CHR
Definition acl.h:146
ACL_SET_CHR
#define ACL_SET_CHR
Definition acl.h:149
ACL_REFERENCES_CHR
#define ACL_REFERENCES_CHR
Definition acl.h:142
ACL_TRUNCATE_CHR
#define ACL_TRUNCATE_CHR
Definition acl.h:141
ACL_SELECT_CHR
#define ACL_SELECT_CHR
Definition acl.h:138
ACL_EXECUTE_CHR
#define ACL_EXECUTE_CHR
Definition acl.h:144
ACL_DELETE_CHR
#define ACL_DELETE_CHR
Definition acl.h:140
ACL_INSERT_CHR
#define ACL_INSERT_CHR
Definition acl.h:137
ACL_UPDATE_CHR
#define ACL_UPDATE_CHR
Definition acl.h:139
ACL_ALTER_SYSTEM_CHR
#define ACL_ALTER_SYSTEM_CHR
Definition acl.h:150
ACL_USAGE_CHR
#define ACL_USAGE_CHR
Definition acl.h:145
ACL_CONNECT_CHR
#define ACL_CONNECT_CHR
Definition acl.h:148
ACL_TRIGGER_CHR
#define ACL_TRIGGER_CHR
Definition acl.h:143
ACL_CREATE_TEMP_CHR
#define ACL_CREATE_TEMP_CHR
Definition acl.h:147
ACL_MAINTAIN_CHR
#define ACL_MAINTAIN_CHR
Definition acl.h:151
boot_get_role_oid
Oid boot_get_role_oid(const char *rolname)
Definition bootstrap.c:1086
Assert
#define Assert(condition)
Definition c.h:906
OidIsValid
#define OidIsValid(objectId)
Definition c.h:821
errhint
int errhint(const char *fmt,...) pg_attribute_printf(1
WARNING
#define WARNING
Definition elog.h:36
read
#define read(a, b, c)
Definition win32.h:13
IsBootstrapProcessingMode
#define IsBootstrapProcessingMode()
Definition miscadmin.h:477
ACL_SET
#define ACL_SET
Definition parsenodes.h:88
ACL_DELETE
#define ACL_DELETE
Definition parsenodes.h:79
ACL_MAINTAIN
#define ACL_MAINTAIN
Definition parsenodes.h:90
ACL_INSERT
#define ACL_INSERT
Definition parsenodes.h:76
ACL_UPDATE
#define ACL_UPDATE
Definition parsenodes.h:78
ACL_ALTER_SYSTEM
#define ACL_ALTER_SYSTEM
Definition parsenodes.h:89
ACL_REFERENCES
#define ACL_REFERENCES
Definition parsenodes.h:81
ACL_SELECT
#define ACL_SELECT
Definition parsenodes.h:77
ACL_TRUNCATE
#define ACL_TRUNCATE
Definition parsenodes.h:80
ACL_CREATE
#define ACL_CREATE
Definition parsenodes.h:85
ACL_TRIGGER
#define ACL_TRIGGER
Definition parsenodes.h:82
name
const char * name
Definition wait_event_funcs.c:28

References ACL_ALL_RIGHTS_STR, ACL_ALTER_SYSTEM, ACL_ALTER_SYSTEM_CHR, ACL_CONNECT, ACL_CONNECT_CHR, ACL_CREATE, ACL_CREATE_CHR, ACL_CREATE_TEMP, ACL_CREATE_TEMP_CHR, ACL_DELETE, ACL_DELETE_CHR, ACL_EXECUTE, ACL_EXECUTE_CHR, ACL_ID_PUBLIC, ACL_INSERT, ACL_INSERT_CHR, ACL_MAINTAIN, ACL_MAINTAIN_CHR, ACL_NO_RIGHTS, ACL_REFERENCES, ACL_REFERENCES_CHR, ACL_SELECT, ACL_SELECT_CHR, ACL_SET, ACL_SET_CHR, ACL_TRIGGER, ACL_TRIGGER_CHR, ACL_TRUNCATE, ACL_TRUNCATE_CHR, ACL_UPDATE, ACL_UPDATE_CHR, ACL_USAGE, ACL_USAGE_CHR, ACLITEM_SET_PRIVS_GOPTIONS, Assert, boot_get_role_oid(), ereport, ereturn, errcode(), errhint(), errmsg, fb(), get_role_oid(), getid(), IsBootstrapProcessingMode, name, NAMEDATALEN, OidIsValid, read, and WARNING.

Referenced by aclitemin().

◆ aclremove()

Datum aclremove ( PG_FUNCTION_ARGS  )

Definition at line 1615 of file acl.c.

1616{
1617 ereport(ERROR,
1618 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1619 errmsg("aclremove is no longer supported")));
1620
1621 PG_RETURN_NULL(); /* keep compiler quiet */
1622}

References ereport, errcode(), errmsg, ERROR, fb(), and PG_RETURN_NULL.

◆ aclupdate()

Acl * aclupdate ( const Acl old_acl,
const AclItem mod_aip,
int  modechg,
Oid  ownerId,
DropBehavior  behavior 
)

Definition at line 1005 of file acl.c.

1007{
1008 Acl *new_acl = NULL;
1009 AclItem *old_aip,
1010 *new_aip = NULL;
1011 AclMode old_rights,
1012 old_goptions,
1013 new_rights,
1014 new_goptions;
1015 int dst,
1016 num;
1017
1018 /* Caller probably already checked old_acl, but be safe */
1019 check_acl(old_acl);
1020
1021 /* If granting grant options, check for circularity */
1022 if (modechg != ACL_MODECHG_DEL &&
1023 ACLITEM_GET_GOPTIONS(*mod_aip) != ACL_NO_RIGHTS)
1024 check_circularity(old_acl, mod_aip, ownerId);
1025
1026 num = ACL_NUM(old_acl);
1027 old_aip = ACL_DAT(old_acl);
1028
1029 /*
1030 * Search the ACL for an existing entry for this grantee and grantor. If
1031 * one exists, just modify the entry in-place (well, in the same position,
1032 * since we actually return a copy); otherwise, insert the new entry at
1033 * the end.
1034 */
1035
1036 for (dst = 0; dst < num; ++dst)
1037 {
1038 if (aclitem_match(mod_aip, old_aip + dst))
1039 {
1040 /* found a match, so modify existing item */
1041 new_acl = allocacl(num);
1042 new_aip = ACL_DAT(new_acl);
1043 memcpy(new_acl, old_acl, ACL_SIZE(old_acl));
1044 break;
1045 }
1046 }
1047
1048 if (dst == num)
1049 {
1050 /* need to append a new item */
1051 new_acl = allocacl(num + 1);
1052 new_aip = ACL_DAT(new_acl);
1053 memcpy(new_aip, old_aip, num * sizeof(AclItem));
1054
1055 /* initialize the new entry with no permissions */
1056 new_aip[dst].ai_grantee = mod_aip->ai_grantee;
1057 new_aip[dst].ai_grantor = mod_aip->ai_grantor;
1058 ACLITEM_SET_PRIVS_GOPTIONS(new_aip[dst],
1059 ACL_NO_RIGHTS, ACL_NO_RIGHTS);
1060 num++; /* set num to the size of new_acl */
1061 }
1062
1063 old_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
1064 old_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
1065
1066 /* apply the specified permissions change */
1067 switch (modechg)
1068 {
1069 case ACL_MODECHG_ADD:
1070 ACLITEM_SET_RIGHTS(new_aip[dst],
1071 old_rights | ACLITEM_GET_RIGHTS(*mod_aip));
1072 break;
1073 case ACL_MODECHG_DEL:
1074 ACLITEM_SET_RIGHTS(new_aip[dst],
1075 old_rights & ~ACLITEM_GET_RIGHTS(*mod_aip));
1076 break;
1077 case ACL_MODECHG_EQL:
1078 ACLITEM_SET_RIGHTS(new_aip[dst],
1079 ACLITEM_GET_RIGHTS(*mod_aip));
1080 break;
1081 }
1082
1083 new_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
1084 new_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
1085
1086 /*
1087 * If the adjusted entry has no permissions, delete it from the list.
1088 */
1089 if (new_rights == ACL_NO_RIGHTS)
1090 {
1091 memmove(new_aip + dst,
1092 new_aip + dst + 1,
1093 (num - dst - 1) * sizeof(AclItem));
1094 /* Adjust array size to be 'num - 1' items */
1095 ARR_DIMS(new_acl)[0] = num - 1;
1096 SET_VARSIZE(new_acl, ACL_N_SIZE(num - 1));
1097 }
1098
1099 /*
1100 * Remove abandoned privileges (cascading revoke). Currently we can only
1101 * handle this when the grantee is not PUBLIC.
1102 */
1103 if ((old_goptions & ~new_goptions) != 0)
1104 {
1105 Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1106 new_acl = recursive_revoke(new_acl, mod_aip->ai_grantee,
1107 (old_goptions & ~new_goptions),
1108 ownerId, behavior);
1109 }
1110
1111 return new_acl;
1112}
recursive_revoke
static Acl * recursive_revoke(Acl *acl, Oid grantee, AclMode revoke_privs, Oid ownerId, DropBehavior behavior)
Definition acl.c:1315
check_circularity
static void check_circularity(const Acl *old_acl, const AclItem *mod_aip, Oid ownerId)
Definition acl.c:1235
ACL_SIZE
#define ACL_SIZE(ACL)
Definition acl.h:111
ACL_MODECHG_DEL
#define ACL_MODECHG_DEL
Definition acl.h:130
ACL_MODECHG_EQL
#define ACL_MODECHG_EQL
Definition acl.h:131

References ACL_DAT, ACL_ID_PUBLIC, ACL_MODECHG_ADD, ACL_MODECHG_DEL, ACL_MODECHG_EQL, ACL_N_SIZE, ACL_NO_RIGHTS, ACL_NUM, ACL_SIZE, ACLITEM_GET_GOPTIONS, ACLITEM_GET_RIGHTS, aclitem_match(), ACLITEM_SET_PRIVS_GOPTIONS, ACLITEM_SET_RIGHTS, allocacl(), ARR_DIMS, Assert, check_acl(), check_circularity(), fb(), recursive_revoke(), and SET_VARSIZE().

Referenced by aclmerge(), check_circularity(), merge_acl_with_grant(), and recursive_revoke().

◆ allocacl()

static Acl * allocacl ( int  n)
static

Definition at line 439 of file acl.c.

440{
441 Acl *new_acl;
442 Size size;
443
444 if (n < 0)
445 elog(ERROR, "invalid size: %d", n);
446 size = ACL_N_SIZE(n);
447 new_acl = (Acl *) palloc0(size);
448 SET_VARSIZE(new_acl, size);
449 new_acl->ndim = 1;
450 new_acl->dataoffset = 0; /* we never put in any nulls */
451 new_acl->elemtype = ACLITEMOID;
452 ARR_LBOUND(new_acl)[0] = 1;
453 ARR_DIMS(new_acl)[0] = n;
454 return new_acl;
455}
ARR_LBOUND
#define ARR_LBOUND(a)
Definition array.h:296
Size
size_t Size
Definition c.h:652
palloc0
void * palloc0(Size size)
Definition mcxt.c:1417

References ACL_N_SIZE, ARR_DIMS, ARR_LBOUND, elog, ERROR, fb(), palloc0(), and SET_VARSIZE().

Referenced by aclconcat(), aclcopy(), acldefault(), aclnewowner(), aclupdate(), check_circularity(), and make_empty_acl().

◆ check_acl()

static void check_acl ( const Acl acl)
static

Definition at line 603 of file acl.c.

604{
605 if (ARR_ELEMTYPE(acl) != ACLITEMOID)
606 ereport(ERROR,
607 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
608 errmsg("ACL array contains wrong data type")));
609 if (ARR_NDIM(acl) != 1)
610 ereport(ERROR,
611 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
612 errmsg("ACL arrays must be one-dimensional")));
613 if (ARR_HASNULL(acl))
614 ereport(ERROR,
615 (errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED),
616 errmsg("ACL arrays must not contain null values")));
617}
ARR_NDIM
#define ARR_NDIM(a)
Definition array.h:290
ARR_ELEMTYPE
#define ARR_ELEMTYPE(a)
Definition array.h:292
ARR_HASNULL
#define ARR_HASNULL(a)
Definition array.h:291

References ARR_ELEMTYPE, ARR_HASNULL, ARR_NDIM, ereport, errcode(), errmsg, ERROR, and fb().

Referenced by aclcontains(), aclexplode(), aclmask(), aclmask_direct(), aclmembers(), aclnewowner(), aclupdate(), check_circularity(), and recursive_revoke().

◆ check_can_set_role()

void check_can_set_role ( Oid  member,
Oid  role 
)

Definition at line 5355 of file acl.c.

5356{
5357 if (!member_can_set_role(member, role))
5358 ereport(ERROR,
5359 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
5360 errmsg("must be able to SET ROLE \"%s\"",
5361 GetUserNameFromId(role, false))));
5362}
member_can_set_role
bool member_can_set_role(Oid member, Oid role)
Definition acl.c:5332
GetUserNameFromId
char * GetUserNameFromId(Oid roleid, bool noerr)
Definition miscinit.c:989

References ereport, errcode(), errmsg, ERROR, fb(), GetUserNameFromId(), and member_can_set_role().

Referenced by AlterDatabaseOwner(), AlterForeignServerOwner_internal(), AlterObjectOwner_internal(), AlterPublicationOwner_internal(), AlterSchemaOwner_internal(), AlterSubscriptionOwner_internal(), AlterTypeOwner(), ATExecChangeOwner(), createdb(), and CreateSchemaCommand().

◆ check_circularity()

static void check_circularity ( const Acl old_acl,
const AclItem mod_aip,
Oid  ownerId 
)
static

Definition at line 1235 of file acl.c.

1237{
1238 Acl *acl;
1239 AclItem *aip;
1240 int i,
1241 num;
1242 AclMode own_privs;
1243
1244 check_acl(old_acl);
1245
1246 /*
1247 * For now, grant options can only be granted to roles, not PUBLIC.
1248 * Otherwise we'd have to work a bit harder here.
1249 */
1250 Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1251
1252 /* The owner always has grant options, no need to check */
1253 if (mod_aip->ai_grantor == ownerId)
1254 return;
1255
1256 /* Make a working copy */
1257 acl = allocacl(ACL_NUM(old_acl));
1258 memcpy(acl, old_acl, ACL_SIZE(old_acl));
1259
1260 /* Zap all grant options of target grantee, plus what depends on 'em */
1261cc_restart:
1262 num = ACL_NUM(acl);
1263 aip = ACL_DAT(acl);
1264 for (i = 0; i < num; i++)
1265 {
1266 if (aip[i].ai_grantee == mod_aip->ai_grantee &&
1267 ACLITEM_GET_GOPTIONS(aip[i]) != ACL_NO_RIGHTS)
1268 {
1269 Acl *new_acl;
1270
1271 /* We'll actually zap ordinary privs too, but no matter */
1272 new_acl = aclupdate(acl, &aip[i], ACL_MODECHG_DEL,
1273 ownerId, DROP_CASCADE);
1274
1275 pfree(acl);
1276 acl = new_acl;
1277
1278 goto cc_restart;
1279 }
1280 }
1281
1282 /* Now we can compute grantor's independently-derived privileges */
1283 own_privs = aclmask(acl,
1284 mod_aip->ai_grantor,
1285 ownerId,
1286 ACL_GRANT_OPTION_FOR(ACLITEM_GET_GOPTIONS(*mod_aip)),
1287 ACLMASK_ALL);
1288 own_privs = ACL_OPTION_TO_PRIVS(own_privs);
1289
1290 if ((ACLITEM_GET_GOPTIONS(*mod_aip) & ~own_privs) != 0)
1291 ereport(ERROR,
1292 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1293 errmsg("grant options cannot be granted back to your own grantor")));
1294
1295 pfree(acl);
1296}
aclmask
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Definition acl.c:1401
ACL_OPTION_TO_PRIVS
#define ACL_OPTION_TO_PRIVS(privs)
Definition acl.h:71
ACL_GRANT_OPTION_FOR
#define ACL_GRANT_OPTION_FOR(privs)
Definition acl.h:70
DROP_CASCADE
@ DROP_CASCADE
Definition parsenodes.h:2428

References ACL_DAT, ACL_GRANT_OPTION_FOR, ACL_ID_PUBLIC, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACL_NUM, ACL_OPTION_TO_PRIVS, ACL_SIZE, ACLITEM_GET_GOPTIONS, aclmask(), ACLMASK_ALL, aclupdate(), allocacl(), Assert, check_acl(), DROP_CASCADE, ereport, errcode(), errmsg, ERROR, fb(), i, and pfree().

Referenced by aclupdate().

◆ check_rolespec_name()

void check_rolespec_name ( const RoleSpec role,
const char detail_msg 
)

Definition at line 5707 of file acl.c.

5708{
5709 if (!role)
5710 return;
5711
5712 if (role->roletype != ROLESPEC_CSTRING)
5713 return;
5714
5715 if (IsReservedName(role->rolename))
5716 {
5717 if (detail_msg)
5718 ereport(ERROR,
5719 (errcode(ERRCODE_RESERVED_NAME),
5720 errmsg("role name \"%s\" is reserved",
5721 role->rolename),
5722 errdetail_internal("%s", detail_msg)));
5723 else
5724 ereport(ERROR,
5725 (errcode(ERRCODE_RESERVED_NAME),
5726 errmsg("role name \"%s\" is reserved",
5727 role->rolename)));
5728 }
5729}
IsReservedName
bool IsReservedName(const char *name)
Definition catalog.c:278
errdetail_internal
int int errdetail_internal(const char *fmt,...) pg_attribute_printf(1
ROLESPEC_CSTRING
@ ROLESPEC_CSTRING
Definition parsenodes.h:419
RoleSpec::roletype
RoleSpecType roletype
Definition parsenodes.h:429
RoleSpec::rolename
char * rolename
Definition parsenodes.h:430

References ereport, errcode(), errdetail_internal(), errmsg, ERROR, fb(), IsReservedName(), RoleSpec::rolename, ROLESPEC_CSTRING, and RoleSpec::roletype.

Referenced by AlterRole(), and AlterRoleSet().

◆ column_privilege_check()

static int column_privilege_check ( Oid  tableoid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mode 
)
static

Definition at line 2548 of file acl.c.

2550{
2551 AclResult aclresult;
2552 bool is_missing = false;
2553
2554 /*
2555 * If convert_column_name failed, we can just return -1 immediately.
2556 */
2557 if (attnum == InvalidAttrNumber)
2558 return -1;
2559
2560 /*
2561 * Check for column-level privileges first. This serves in part as a check
2562 * on whether the column even exists, so we need to do it before checking
2563 * table-level privilege.
2564 */
2565 aclresult = pg_attribute_aclcheck_ext(tableoid, attnum, roleid,
2566 mode, &is_missing);
2567 if (aclresult == ACLCHECK_OK)
2568 return 1;
2569 else if (is_missing)
2570 return -1;
2571
2572 /* Next check if we have the privilege at the table level */
2573 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2574 if (aclresult == ACLCHECK_OK)
2575 return 1;
2576 else if (is_missing)
2577 return -1;
2578 else
2579 return 0;
2580}
AclResult
AclResult
Definition acl.h:182
ACLCHECK_OK
@ ACLCHECK_OK
Definition acl.h:183
pg_class_aclcheck_ext
AclResult pg_class_aclcheck_ext(Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)
Definition aclchk.c:4067
pg_attribute_aclcheck_ext
AclResult pg_attribute_aclcheck_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
Definition aclchk.c:3898
InvalidAttrNumber
#define InvalidAttrNumber
Definition attnum.h:23
attnum
int16 attnum
Definition pg_attribute.h:76
mode
static PgChecksumMode mode
Definition pg_checksums.c:56

References ACLCHECK_OK, attnum, fb(), InvalidAttrNumber, mode, pg_attribute_aclcheck_ext(), and pg_class_aclcheck_ext().

Referenced by has_column_privilege_id_attnum(), has_column_privilege_id_id_attnum(), has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), and has_column_privilege_name_name_name().

◆ convert_aclright_to_string()

static const char * convert_aclright_to_string ( int  aclright)
static

Definition at line 1747 of file acl.c.

1748{
1749 switch (aclright)
1750 {
1751 case ACL_INSERT:
1752 return "INSERT";
1753 case ACL_SELECT:
1754 return "SELECT";
1755 case ACL_UPDATE:
1756 return "UPDATE";
1757 case ACL_DELETE:
1758 return "DELETE";
1759 case ACL_TRUNCATE:
1760 return "TRUNCATE";
1761 case ACL_REFERENCES:
1762 return "REFERENCES";
1763 case ACL_TRIGGER:
1764 return "TRIGGER";
1765 case ACL_EXECUTE:
1766 return "EXECUTE";
1767 case ACL_USAGE:
1768 return "USAGE";
1769 case ACL_CREATE:
1770 return "CREATE";
1771 case ACL_CREATE_TEMP:
1772 return "TEMPORARY";
1773 case ACL_CONNECT:
1774 return "CONNECT";
1775 case ACL_SET:
1776 return "SET";
1777 case ACL_ALTER_SYSTEM:
1778 return "ALTER SYSTEM";
1779 case ACL_MAINTAIN:
1780 return "MAINTAIN";
1781 default:
1782 elog(ERROR, "unrecognized aclright: %d", aclright);
1783 return NULL;
1784 }
1785}

References ACL_ALTER_SYSTEM, ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_MAINTAIN, ACL_REFERENCES, ACL_SELECT, ACL_SET, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, elog, ERROR, and fb().

Referenced by aclexplode().

◆ convert_any_priv_string()

static AclMode convert_any_priv_string ( text priv_type_text,
const priv_map privileges 
)
static

Definition at line 1699 of file acl.c.

1701{
1702 AclMode result = 0;
1703 char *priv_type = text_to_cstring(priv_type_text);
1704 char *chunk;
1705 char *next_chunk;
1706
1707 /* We rely on priv_type being a private, modifiable string */
1708 for (chunk = priv_type; chunk; chunk = next_chunk)
1709 {
1710 int chunk_len;
1711 const priv_map *this_priv;
1712
1713 /* Split string at commas */
1714 next_chunk = strchr(chunk, ',');
1715 if (next_chunk)
1716 *next_chunk++ = '\0';
1717
1718 /* Drop leading/trailing whitespace in this chunk */
1719 while (*chunk && isspace((unsigned char) *chunk))
1720 chunk++;
1721 chunk_len = strlen(chunk);
1722 while (chunk_len > 0 && isspace((unsigned char) chunk[chunk_len - 1]))
1723 chunk_len--;
1724 chunk[chunk_len] = '\0';
1725
1726 /* Match to the privileges list */
1727 for (this_priv = privileges; this_priv->name; this_priv++)
1728 {
1729 if (pg_strcasecmp(this_priv->name, chunk) == 0)
1730 {
1731 result |= this_priv->value;
1732 break;
1733 }
1734 }
1735 if (!this_priv->name)
1736 ereport(ERROR,
1737 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1738 errmsg("unrecognized privilege type: \"%s\"", chunk)));
1739 }
1740
1741 pfree(priv_type);
1742 return result;
1743}
pg_strcasecmp
int pg_strcasecmp(const char *s1, const char *s2)
Definition pgstrcasecmp.c:32
priv_map
Definition acl.c:56
text_to_cstring
char * text_to_cstring(const text *t)
Definition varlena.c:215

References ereport, errcode(), errmsg, ERROR, fb(), priv_map::name, pfree(), pg_strcasecmp(), and text_to_cstring().

Referenced by convert_column_priv_string(), convert_database_priv_string(), convert_foreign_data_wrapper_priv_string(), convert_function_priv_string(), convert_language_priv_string(), convert_largeobject_priv_string(), convert_parameter_priv_string(), convert_role_priv_string(), convert_schema_priv_string(), convert_sequence_priv_string(), convert_server_priv_string(), convert_table_priv_string(), convert_tablespace_priv_string(), convert_type_priv_string(), and makeaclitem().

◆ convert_column_name()

static AttrNumber convert_column_name ( Oid  tableoid,
text column 
)
static

Definition at line 2908 of file acl.c.

2909{
2910 char *colname;
2911 HeapTuple attTuple;
2912 AttrNumber attnum;
2913
2914 colname = text_to_cstring(column);
2915
2916 /*
2917 * We don't use get_attnum() here because it will report that dropped
2918 * columns don't exist. We need to treat dropped columns differently from
2919 * nonexistent columns.
2920 */
2921 attTuple = SearchSysCache2(ATTNAME,
2922 ObjectIdGetDatum(tableoid),
2923 CStringGetDatum(colname));
2924 if (HeapTupleIsValid(attTuple))
2925 {
2926 Form_pg_attribute attributeForm;
2927
2928 attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
2929 /* We want to return NULL for dropped columns */
2930 if (attributeForm->attisdropped)
2931 attnum = InvalidAttrNumber;
2932 else
2933 attnum = attributeForm->attnum;
2934 ReleaseSysCache(attTuple);
2935 }
2936 else
2937 {
2938 char *tablename = get_rel_name(tableoid);
2939
2940 /*
2941 * If the table OID is bogus, or it's just been dropped, we'll get
2942 * NULL back. In such cases we want has_column_privilege to return
2943 * NULL too, so just return InvalidAttrNumber.
2944 */
2945 if (tablename != NULL)
2946 {
2947 /* tableoid exists, colname does not, so throw error */
2948 ereport(ERROR,
2949 (errcode(ERRCODE_UNDEFINED_COLUMN),
2950 errmsg("column \"%s\" of relation \"%s\" does not exist",
2951 colname, tablename)));
2952 }
2953 /* tableoid doesn't exist, so act like attisdropped case */
2954 attnum = InvalidAttrNumber;
2955 }
2956
2957 pfree(colname);
2958 return attnum;
2959}
get_rel_name
char * get_rel_name(Oid relid)
Definition lsyscache.c:2078
Form_pg_attribute
FormData_pg_attribute * Form_pg_attribute
Definition pg_attribute.h:206
CStringGetDatum
static Datum CStringGetDatum(const char *X)
Definition postgres.h:380
SearchSysCache2
HeapTuple SearchSysCache2(SysCacheIdentifier cacheId, Datum key1, Datum key2)
Definition syscache.c:230

References attnum, CStringGetDatum(), ereport, errcode(), errmsg, ERROR, fb(), get_rel_name(), GETSTRUCT(), HeapTupleIsValid, InvalidAttrNumber, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache2(), and text_to_cstring().

Referenced by has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_name(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), and has_column_privilege_name_name_name().

◆ convert_column_priv_string()

static AclMode convert_column_priv_string ( text priv_type_text)
static

Definition at line 2966 of file acl.c.

2967{
2968 static const priv_map column_priv_map[] = {
2969 {"SELECT", ACL_SELECT},
2970 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2971 {"INSERT", ACL_INSERT},
2972 {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2973 {"UPDATE", ACL_UPDATE},
2974 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2975 {"REFERENCES", ACL_REFERENCES},
2976 {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2977 {NULL, 0}
2978 };
2979
2980 return convert_any_priv_string(priv_type_text, column_priv_map);
2981}
convert_any_priv_string
static AclMode convert_any_priv_string(text *priv_type_text, const priv_map *privileges)
Definition acl.c:1699

References ACL_GRANT_OPTION_FOR, ACL_INSERT, ACL_REFERENCES, ACL_SELECT, ACL_UPDATE, convert_any_priv_string(), and fb().

Referenced by has_any_column_privilege_id(), has_any_column_privilege_id_id(), has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_id(), has_any_column_privilege_name_name(), has_column_privilege_id_attnum(), has_column_privilege_id_id_attnum(), has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), and has_column_privilege_name_name_name().

◆ convert_database_name()

static Oid convert_database_name ( text databasename)
static

Definition at line 3160 of file acl.c.

3161{
3162 char *dbname = text_to_cstring(databasename);
3163
3164 return get_database_oid(dbname, false);
3165}
get_database_oid
Oid get_database_oid(const char *dbname, bool missing_ok)
Definition dbcommands.c:3182
dbname
char * dbname
Definition streamutil.c:49

References dbname, fb(), get_database_oid(), and text_to_cstring().

Referenced by has_database_privilege_id_name(), has_database_privilege_name(), and has_database_privilege_name_name().

◆ convert_database_priv_string()

static AclMode convert_database_priv_string ( text priv_type_text)
static

Definition at line 3172 of file acl.c.

3173{
3174 static const priv_map database_priv_map[] = {
3175 {"CREATE", ACL_CREATE},
3176 {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
3177 {"TEMPORARY", ACL_CREATE_TEMP},
3178 {"TEMPORARY WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3179 {"TEMP", ACL_CREATE_TEMP},
3180 {"TEMP WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3181 {"CONNECT", ACL_CONNECT},
3182 {"CONNECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CONNECT)},
3183 {NULL, 0}
3184 };
3185
3186 return convert_any_priv_string(priv_type_text, database_priv_map);
3187}

References ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_GRANT_OPTION_FOR, convert_any_priv_string(), and fb().

Referenced by has_database_privilege_id(), has_database_privilege_id_id(), has_database_privilege_id_name(), has_database_privilege_name(), has_database_privilege_name_id(), and has_database_privilege_name_name().

◆ convert_foreign_data_wrapper_name()

static Oid convert_foreign_data_wrapper_name ( text fdwname)
static

Definition at line 3366 of file acl.c.

3367{
3368 char *fdwstr = text_to_cstring(fdwname);
3369
3370 return get_foreign_data_wrapper_oid(fdwstr, false);
3371}
get_foreign_data_wrapper_oid
Oid get_foreign_data_wrapper_oid(const char *fdwname, bool missing_ok)
Definition foreign.c:768

References fb(), get_foreign_data_wrapper_oid(), and text_to_cstring().

Referenced by has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), and has_foreign_data_wrapper_privilege_name_name().

◆ convert_foreign_data_wrapper_priv_string()

static AclMode convert_foreign_data_wrapper_priv_string ( text priv_type_text)
static

Definition at line 3378 of file acl.c.

3379{
3380 static const priv_map foreign_data_wrapper_priv_map[] = {
3381 {"USAGE", ACL_USAGE},
3382 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3383 {NULL, 0}
3384 };
3385
3386 return convert_any_priv_string(priv_type_text, foreign_data_wrapper_priv_map);
3387}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_foreign_data_wrapper_privilege_id(), has_foreign_data_wrapper_privilege_id_id(), has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), has_foreign_data_wrapper_privilege_name_id(), and has_foreign_data_wrapper_privilege_name_name().

◆ convert_function_name()

static Oid convert_function_name ( text functionname)
static

Definition at line 3566 of file acl.c.

3567{
3568 char *funcname = text_to_cstring(functionname);
3569 Oid oid;
3570
3571 oid = DatumGetObjectId(DirectFunctionCall1(regprocedurein,
3572 CStringGetDatum(funcname)));
3573
3574 if (!OidIsValid(oid))
3575 ereport(ERROR,
3576 (errcode(ERRCODE_UNDEFINED_FUNCTION),
3577 errmsg("function \"%s\" does not exist", funcname)));
3578
3579 return oid;
3580}
DirectFunctionCall1
#define DirectFunctionCall1(func, arg1)
Definition fmgr.h:684
funcname
#define funcname
Definition indent_codes.h:69
DatumGetObjectId
static Oid DatumGetObjectId(Datum X)
Definition postgres.h:252
regprocedurein
Datum regprocedurein(PG_FUNCTION_ARGS)
Definition regproc.c:229

References CStringGetDatum(), DatumGetObjectId(), DirectFunctionCall1, ereport, errcode(), errmsg, ERROR, fb(), funcname, OidIsValid, regprocedurein(), and text_to_cstring().

Referenced by has_function_privilege_id_name(), has_function_privilege_name(), and has_function_privilege_name_name().

◆ convert_function_priv_string()

static AclMode convert_function_priv_string ( text priv_type_text)
static

Definition at line 3587 of file acl.c.

3588{
3589 static const priv_map function_priv_map[] = {
3590 {"EXECUTE", ACL_EXECUTE},
3591 {"EXECUTE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_EXECUTE)},
3592 {NULL, 0}
3593 };
3594
3595 return convert_any_priv_string(priv_type_text, function_priv_map);
3596}

References ACL_EXECUTE, ACL_GRANT_OPTION_FOR, convert_any_priv_string(), and fb().

Referenced by has_function_privilege_id(), has_function_privilege_id_id(), has_function_privilege_id_name(), has_function_privilege_name(), has_function_privilege_name_id(), and has_function_privilege_name_name().

◆ convert_language_name()

static Oid convert_language_name ( text languagename)
static

Definition at line 3775 of file acl.c.

3776{
3777 char *langname = text_to_cstring(languagename);
3778
3779 return get_language_oid(langname, false);
3780}
get_language_oid
Oid get_language_oid(const char *langname, bool missing_ok)
Definition proclang.c:227

References fb(), get_language_oid(), and text_to_cstring().

Referenced by has_language_privilege_id_name(), has_language_privilege_name(), and has_language_privilege_name_name().

◆ convert_language_priv_string()

static AclMode convert_language_priv_string ( text priv_type_text)
static

Definition at line 3787 of file acl.c.

3788{
3789 static const priv_map language_priv_map[] = {
3790 {"USAGE", ACL_USAGE},
3791 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3792 {NULL, 0}
3793 };
3794
3795 return convert_any_priv_string(priv_type_text, language_priv_map);
3796}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_language_privilege_id(), has_language_privilege_id_id(), has_language_privilege_id_name(), has_language_privilege_name(), has_language_privilege_name_id(), and has_language_privilege_name_name().

◆ convert_largeobject_priv_string()

static AclMode convert_largeobject_priv_string ( text priv_type_text)
static

Definition at line 4822 of file acl.c.

4823{
4824 static const priv_map largeobject_priv_map[] = {
4825 {"SELECT", ACL_SELECT},
4826 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
4827 {"UPDATE", ACL_UPDATE},
4828 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
4829 {NULL, 0}
4830 };
4831
4832 return convert_any_priv_string(priv_type_text, largeobject_priv_map);
4833}

References ACL_GRANT_OPTION_FOR, ACL_SELECT, ACL_UPDATE, convert_any_priv_string(), and fb().

Referenced by has_largeobject_privilege_id(), has_largeobject_privilege_id_id(), and has_largeobject_privilege_name_id().

◆ convert_parameter_priv_string()

static AclMode convert_parameter_priv_string ( text priv_text)
static

Definition at line 4686 of file acl.c.

4687{
4688 static const priv_map parameter_priv_map[] = {
4689 {"SET", ACL_SET},
4690 {"SET WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SET)},
4691 {"ALTER SYSTEM", ACL_ALTER_SYSTEM},
4692 {"ALTER SYSTEM WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_ALTER_SYSTEM)},
4693 {NULL, 0}
4694 };
4695
4696 return convert_any_priv_string(priv_text, parameter_priv_map);
4697}

References ACL_ALTER_SYSTEM, ACL_GRANT_OPTION_FOR, ACL_SET, convert_any_priv_string(), and fb().

Referenced by has_parameter_privilege_id_name(), has_parameter_privilege_name(), and has_parameter_privilege_name_name().

◆ convert_role_priv_string()

static AclMode convert_role_priv_string ( text priv_type_text)
static

Definition at line 5000 of file acl.c.

5001{
5002 static const priv_map role_priv_map[] = {
5003 {"USAGE", ACL_USAGE},
5004 {"MEMBER", ACL_CREATE},
5005 {"SET", ACL_SET},
5006 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
5007 {"USAGE WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
5008 {"MEMBER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
5009 {"MEMBER WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
5010 {"SET WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
5011 {"SET WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
5012 {NULL, 0}
5013 };
5014
5015 return convert_any_priv_string(priv_type_text, role_priv_map);
5016}

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_SET, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by pg_has_role_id(), pg_has_role_id_id(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), and pg_has_role_name_name().

◆ convert_schema_name()

static Oid convert_schema_name ( text schemaname)
static

Definition at line 3975 of file acl.c.

3976{
3977 char *nspname = text_to_cstring(schemaname);
3978
3979 return get_namespace_oid(nspname, false);
3980}
get_namespace_oid
Oid get_namespace_oid(const char *nspname, bool missing_ok)
Definition namespace.c:3607

References get_namespace_oid(), and text_to_cstring().

Referenced by has_schema_privilege_id_name(), has_schema_privilege_name(), and has_schema_privilege_name_name().

◆ convert_schema_priv_string()

static AclMode convert_schema_priv_string ( text priv_type_text)
static

Definition at line 3987 of file acl.c.

3988{
3989 static const priv_map schema_priv_map[] = {
3990 {"CREATE", ACL_CREATE},
3991 {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
3992 {"USAGE", ACL_USAGE},
3993 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3994 {NULL, 0}
3995 };
3996
3997 return convert_any_priv_string(priv_type_text, schema_priv_map);
3998}

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_schema_privilege_id(), has_schema_privilege_id_id(), has_schema_privilege_id_name(), has_schema_privilege_name(), has_schema_privilege_name_id(), and has_schema_privilege_name_name().

◆ convert_sequence_priv_string()

static AclMode convert_sequence_priv_string ( text priv_type_text)
static

Definition at line 2311 of file acl.c.

2312{
2313 static const priv_map sequence_priv_map[] = {
2314 {"USAGE", ACL_USAGE},
2315 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
2316 {"SELECT", ACL_SELECT},
2317 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2318 {"UPDATE", ACL_UPDATE},
2319 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2320 {NULL, 0}
2321 };
2322
2323 return convert_any_priv_string(priv_type_text, sequence_priv_map);
2324}

References ACL_GRANT_OPTION_FOR, ACL_SELECT, ACL_UPDATE, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_sequence_privilege_id(), has_sequence_privilege_id_id(), has_sequence_privilege_id_name(), has_sequence_privilege_name(), has_sequence_privilege_name_id(), and has_sequence_privilege_name_name().

◆ convert_server_name()

static Oid convert_server_name ( text servername)
static

Definition at line 4177 of file acl.c.

4178{
4179 char *serverstr = text_to_cstring(servername);
4180
4181 return get_foreign_server_oid(serverstr, false);
4182}
get_foreign_server_oid
Oid get_foreign_server_oid(const char *servername, bool missing_ok)
Definition foreign.c:791

References fb(), get_foreign_server_oid(), and text_to_cstring().

Referenced by has_server_privilege_id_name(), has_server_privilege_name(), and has_server_privilege_name_name().

◆ convert_server_priv_string()

static AclMode convert_server_priv_string ( text priv_type_text)
static

Definition at line 4189 of file acl.c.

4190{
4191 static const priv_map server_priv_map[] = {
4192 {"USAGE", ACL_USAGE},
4193 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
4194 {NULL, 0}
4195 };
4196
4197 return convert_any_priv_string(priv_type_text, server_priv_map);
4198}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_server_privilege_id(), has_server_privilege_id_id(), has_server_privilege_id_name(), has_server_privilege_name(), has_server_privilege_name_id(), and has_server_privilege_name_name().

◆ convert_table_name()

static Oid convert_table_name ( text tablename)
static

Definition at line 2061 of file acl.c.

2062{
2063 RangeVar *relrv;
2064
2065 relrv = makeRangeVarFromNameList(textToQualifiedNameList(tablename));
2066
2067 /* We might not even have permissions on this relation; don't lock it. */
2068 return RangeVarGetRelid(relrv, NoLock, false);
2069}
NoLock
#define NoLock
Definition lockdefs.h:34
makeRangeVarFromNameList
RangeVar * makeRangeVarFromNameList(const List *names)
Definition namespace.c:3626
RangeVarGetRelid
#define RangeVarGetRelid(relation, lockmode, missing_ok)
Definition namespace.h:98
textToQualifiedNameList
List * textToQualifiedNameList(text *textval)
Definition varlena.c:2717

References fb(), makeRangeVarFromNameList(), NoLock, RangeVarGetRelid, and textToQualifiedNameList().

Referenced by has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), has_column_privilege_name_name_name(), has_sequence_privilege_id_name(), has_sequence_privilege_name(), has_sequence_privilege_name_name(), has_table_privilege_id_name(), has_table_privilege_name(), and has_table_privilege_name_name().

◆ convert_table_priv_string()

static AclMode convert_table_priv_string ( text priv_type_text)
static

Definition at line 2076 of file acl.c.

2077{
2078 static const priv_map table_priv_map[] = {
2079 {"SELECT", ACL_SELECT},
2080 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2081 {"INSERT", ACL_INSERT},
2082 {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2083 {"UPDATE", ACL_UPDATE},
2084 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2085 {"DELETE", ACL_DELETE},
2086 {"DELETE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_DELETE)},
2087 {"TRUNCATE", ACL_TRUNCATE},
2088 {"TRUNCATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRUNCATE)},
2089 {"REFERENCES", ACL_REFERENCES},
2090 {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2091 {"TRIGGER", ACL_TRIGGER},
2092 {"TRIGGER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRIGGER)},
2093 {"MAINTAIN", ACL_MAINTAIN},
2094 {"MAINTAIN WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_MAINTAIN)},
2095 {NULL, 0}
2096 };
2097
2098 return convert_any_priv_string(priv_type_text, table_priv_map);
2099}

References ACL_DELETE, ACL_GRANT_OPTION_FOR, ACL_INSERT, ACL_MAINTAIN, ACL_REFERENCES, ACL_SELECT, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, convert_any_priv_string(), and fb().

Referenced by has_table_privilege_id(), has_table_privilege_id_id(), has_table_privilege_id_name(), has_table_privilege_name(), has_table_privilege_name_id(), and has_table_privilege_name_name().

◆ convert_tablespace_name()

static Oid convert_tablespace_name ( text tablespacename)
static

Definition at line 4377 of file acl.c.

4378{
4379 char *spcname = text_to_cstring(tablespacename);
4380
4381 return get_tablespace_oid(spcname, false);
4382}
get_tablespace_oid
Oid get_tablespace_oid(const char *tablespacename, bool missing_ok)
Definition tablespace.c:1439

References fb(), get_tablespace_oid(), and text_to_cstring().

Referenced by has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), and has_tablespace_privilege_name_name().

◆ convert_tablespace_priv_string()

static AclMode convert_tablespace_priv_string ( text priv_type_text)
static

Definition at line 4389 of file acl.c.

4390{
4391 static const priv_map tablespace_priv_map[] = {
4392 {"CREATE", ACL_CREATE},
4393 {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4394 {NULL, 0}
4395 };
4396
4397 return convert_any_priv_string(priv_type_text, tablespace_priv_map);
4398}

References ACL_CREATE, ACL_GRANT_OPTION_FOR, convert_any_priv_string(), and fb().

Referenced by has_tablespace_privilege_id(), has_tablespace_privilege_id_id(), has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), has_tablespace_privilege_name_id(), and has_tablespace_privilege_name_name().

◆ convert_type_name()

static Oid convert_type_name ( text typename)
static

Definition at line 4576 of file acl.c.

4577{
4578 char *typname = text_to_cstring(typename);
4579 Oid oid;
4580
4581 oid = DatumGetObjectId(DirectFunctionCall1(regtypein,
4582 CStringGetDatum(typname)));
4583
4584 if (!OidIsValid(oid))
4585 ereport(ERROR,
4586 (errcode(ERRCODE_UNDEFINED_OBJECT),
4587 errmsg("type \"%s\" does not exist", typname)));
4588
4589 return oid;
4590}
typname
NameData typname
Definition pg_type.h:43
regtypein
Datum regtypein(PG_FUNCTION_ARGS)
Definition regproc.c:1184

References CStringGetDatum(), DatumGetObjectId(), DirectFunctionCall1, ereport, errcode(), errmsg, ERROR, fb(), OidIsValid, regtypein(), text_to_cstring(), and typname.

Referenced by has_type_privilege_id_name(), has_type_privilege_name(), and has_type_privilege_name_name().

◆ convert_type_priv_string()

static AclMode convert_type_priv_string ( text priv_type_text)
static

Definition at line 4597 of file acl.c.

4598{
4599 static const priv_map type_priv_map[] = {
4600 {"USAGE", ACL_USAGE},
4601 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
4602 {NULL, 0}
4603 };
4604
4605 return convert_any_priv_string(priv_type_text, type_priv_map);
4606}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_type_privilege_id(), has_type_privilege_id_id(), has_type_privilege_id_name(), has_type_privilege_name(), has_type_privilege_name_id(), and has_type_privilege_name_name().

◆ get_role_oid()

Oid get_role_oid ( const char rolname,
bool  missing_ok 
)

Definition at line 5566 of file acl.c.

5567{
5568 Oid oid;
5569
5570 oid = GetSysCacheOid1(AUTHNAME, Anum_pg_authid_oid,
5571 CStringGetDatum(rolname));
5572 if (!OidIsValid(oid) && !missing_ok)
5573 ereport(ERROR,
5574 (errcode(ERRCODE_UNDEFINED_OBJECT),
5575 errmsg("role \"%s\" does not exist", rolname)));
5576 return oid;
5577}
GetSysCacheOid1
#define GetSysCacheOid1(cacheId, oidcol, key1)
Definition syscache.h:109

References CStringGetDatum(), ereport, errcode(), errmsg, ERROR, fb(), GetSysCacheOid1, OidIsValid, and rolname.

Referenced by aclparse(), check_hba(), check_ident_usermap(), createdb(), CreateRole(), get_object_address_unqualified(), get_role_oid_or_public(), get_rolespec_oid(), GrantRole(), is_member(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), pg_has_role_name_name(), regrolein(), shell_check_detail(), and worker_spi_launch().

◆ get_role_oid_or_public()

Oid get_role_oid_or_public ( const char rolname)

Definition at line 5584 of file acl.c.

5585{
5586 if (strcmp(rolname, "public") == 0)
5587 return ACL_ID_PUBLIC;
5588
5589 return get_role_oid(rolname, false);
5590}

References ACL_ID_PUBLIC, fb(), get_role_oid(), and rolname.

Referenced by has_any_column_privilege_name_id(), has_any_column_privilege_name_name(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name_attnum(), has_column_privilege_name_name_name(), has_database_privilege_name_id(), has_database_privilege_name_name(), has_foreign_data_wrapper_privilege_name_id(), has_foreign_data_wrapper_privilege_name_name(), has_function_privilege_name_id(), has_function_privilege_name_name(), has_language_privilege_name_id(), has_language_privilege_name_name(), has_largeobject_privilege_name_id(), has_parameter_privilege_name_name(), has_schema_privilege_name_id(), has_schema_privilege_name_name(), has_sequence_privilege_name_id(), has_sequence_privilege_name_name(), has_server_privilege_name_id(), has_server_privilege_name_name(), has_table_privilege_name_id(), has_table_privilege_name_name(), has_tablespace_privilege_name_id(), has_tablespace_privilege_name_name(), has_type_privilege_name_id(), and has_type_privilege_name_name().

◆ get_rolespec_name()

char * get_rolespec_name ( const RoleSpec role)

Definition at line 5685 of file acl.c.

5686{
5687 HeapTuple tp;
5688 Form_pg_authid authForm;
5689 char *rolename;
5690
5691 tp = get_rolespec_tuple(role);
5692 authForm = (Form_pg_authid) GETSTRUCT(tp);
5693 rolename = pstrdup(NameStr(authForm->rolname));
5694 ReleaseSysCache(tp);
5695
5696 return rolename;
5697}
get_rolespec_tuple
HeapTuple get_rolespec_tuple(const RoleSpec *role)
Definition acl.c:5639
pstrdup
char * pstrdup(const char *in)
Definition mcxt.c:1781

References fb(), Form_pg_authid, get_rolespec_tuple(), GETSTRUCT(), NameStr, pstrdup(), and ReleaseSysCache().

Referenced by AddRoleMems(), and DelRoleMems().

◆ get_rolespec_oid()

Oid get_rolespec_oid ( const RoleSpec role,
bool  missing_ok 
)

Definition at line 5600 of file acl.c.

5601{
5602 Oid oid;
5603
5604 switch (role->roletype)
5605 {
5606 case ROLESPEC_CSTRING:
5607 Assert(role->rolename);
5608 oid = get_role_oid(role->rolename, missing_ok);
5609 break;
5610
5611 case ROLESPEC_CURRENT_ROLE:
5612 case ROLESPEC_CURRENT_USER:
5613 oid = GetUserId();
5614 break;
5615
5616 case ROLESPEC_SESSION_USER:
5617 oid = GetSessionUserId();
5618 break;
5619
5620 case ROLESPEC_PUBLIC:
5621 ereport(ERROR,
5622 (errcode(ERRCODE_UNDEFINED_OBJECT),
5623 errmsg("role \"%s\" does not exist", "public")));
5624 oid = InvalidOid; /* make compiler happy */
5625 break;
5626
5627 default:
5628 elog(ERROR, "unexpected role type %d", role->roletype);
5629 }
5630
5631 return oid;
5632}
GetUserId
Oid GetUserId(void)
Definition miscinit.c:470
GetSessionUserId
Oid GetSessionUserId(void)
Definition miscinit.c:509
ROLESPEC_CURRENT_USER
@ ROLESPEC_CURRENT_USER
Definition parsenodes.h:421
ROLESPEC_SESSION_USER
@ ROLESPEC_SESSION_USER
Definition parsenodes.h:422
ROLESPEC_CURRENT_ROLE
@ ROLESPEC_CURRENT_ROLE
Definition parsenodes.h:420
ROLESPEC_PUBLIC
@ ROLESPEC_PUBLIC
Definition parsenodes.h:423
InvalidOid
#define InvalidOid
Definition postgres_ext.h:37

References Assert, elog, ereport, errcode(), errmsg, ERROR, fb(), get_role_oid(), GetSessionUserId(), GetUserId(), InvalidOid, RoleSpec::rolename, ROLESPEC_CSTRING, ROLESPEC_CURRENT_ROLE, ROLESPEC_CURRENT_USER, ROLESPEC_PUBLIC, ROLESPEC_SESSION_USER, and RoleSpec::roletype.

Referenced by AlterUserMapping(), ATExecCmd(), CreateSchemaCommand(), CreateTableSpace(), CreateUserMapping(), ExecAlterDefaultPrivilegesStmt(), ExecAlterOwnerStmt(), ExecuteGrantStmt(), GrantRole(), policy_role_list_to_array(), ReassignOwnedObjects(), RemoveUserMapping(), and roleSpecsToIds().

◆ get_rolespec_tuple()

HeapTuple get_rolespec_tuple ( const RoleSpec role)

Definition at line 5639 of file acl.c.

5640{
5641 HeapTuple tuple;
5642
5643 switch (role->roletype)
5644 {
5645 case ROLESPEC_CSTRING:
5646 Assert(role->rolename);
5647 tuple = SearchSysCache1(AUTHNAME, CStringGetDatum(role->rolename));
5648 if (!HeapTupleIsValid(tuple))
5649 ereport(ERROR,
5650 (errcode(ERRCODE_UNDEFINED_OBJECT),
5651 errmsg("role \"%s\" does not exist", role->rolename)));
5652 break;
5653
5654 case ROLESPEC_CURRENT_ROLE:
5655 case ROLESPEC_CURRENT_USER:
5656 tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(GetUserId()));
5657 if (!HeapTupleIsValid(tuple))
5658 elog(ERROR, "cache lookup failed for role %u", GetUserId());
5659 break;
5660
5661 case ROLESPEC_SESSION_USER:
5662 tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(GetSessionUserId()));
5663 if (!HeapTupleIsValid(tuple))
5664 elog(ERROR, "cache lookup failed for role %u", GetSessionUserId());
5665 break;
5666
5667 case ROLESPEC_PUBLIC:
5668 ereport(ERROR,
5669 (errcode(ERRCODE_UNDEFINED_OBJECT),
5670 errmsg("role \"%s\" does not exist", "public")));
5671 tuple = NULL; /* make compiler happy */
5672 break;
5673
5674 default:
5675 elog(ERROR, "unexpected role type %d", role->roletype);
5676 }
5677
5678 return tuple;
5679}

References Assert, CStringGetDatum(), elog, ereport, errcode(), errmsg, ERROR, fb(), GetSessionUserId(), GetUserId(), HeapTupleIsValid, ObjectIdGetDatum(), RoleSpec::rolename, ROLESPEC_CSTRING, ROLESPEC_CURRENT_ROLE, ROLESPEC_CURRENT_USER, ROLESPEC_PUBLIC, ROLESPEC_SESSION_USER, RoleSpec::roletype, and SearchSysCache1().

Referenced by AlterRole(), AlterRoleSet(), CreateRole(), and get_rolespec_name().

◆ getid()

static const char * getid ( const char s,
char n,
Node escontext 
)
static

Definition at line 170 of file acl.c.

171{
172 int len = 0;
173 bool in_quotes = false;
174
175 Assert(s && n);
176
177 while (isspace((unsigned char) *s))
178 s++;
179 for (;
180 *s != '\0' &&
181 (in_quotes || *s == '"' || is_safe_acl_char(*s, true));
182 s++)
183 {
184 if (*s == '"')
185 {
186 if (!in_quotes)
187 {
188 in_quotes = true;
189 continue;
190 }
191 /* safe to look at next char (could be '\0' though) */
192 if (*(s + 1) != '"')
193 {
194 in_quotes = false;
195 continue;
196 }
197 /* it's an escaped double quote; skip the escaping char */
198 s++;
199 }
200
201 /* Add the character to the string */
202 if (len >= NAMEDATALEN - 1)
203 ereturn(escontext, NULL,
204 (errcode(ERRCODE_NAME_TOO_LONG),
205 errmsg("identifier too long"),
206 errdetail("Identifier must be less than %d characters.",
207 NAMEDATALEN)));
208
209 n[len++] = *s;
210 }
211 n[len] = '\0';
212 while (isspace((unsigned char) *s))
213 s++;
214 return s;
215}
is_safe_acl_char
static bool is_safe_acl_char(unsigned char c, bool is_getid)
Definition acl.c:147
errdetail
int errdetail(const char *fmt,...) pg_attribute_printf(1
len
const void size_t len
Definition pg_crc32c_sse42.c:31

References Assert, ereturn, errcode(), errdetail(), errmsg, fb(), is_safe_acl_char(), len, and NAMEDATALEN.

Referenced by aclparse().

◆ has_any_column_privilege_id()

Datum has_any_column_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 2437 of file acl.c.

2438{
2439 Oid tableoid = PG_GETARG_OID(0);
2440 text *priv_type_text = PG_GETARG_TEXT_PP(1);
2441 Oid roleid;
2442 AclMode mode;
2443 AclResult aclresult;
2444 bool is_missing = false;
2445
2446 roleid = GetUserId();
2447 mode = convert_column_priv_string(priv_type_text);
2448
2449 /* First check at table level, then examine each column if needed */
2450 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2451 if (aclresult != ACLCHECK_OK)
2452 {
2453 if (is_missing)
2454 PG_RETURN_NULL();
2455 aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
2456 ACLMASK_ANY, &is_missing);
2457 if (is_missing)
2458 PG_RETURN_NULL();
2459 }
2460
2461 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2462}
convert_column_priv_string
static AclMode convert_column_priv_string(text *priv_type_text)
Definition acl.c:2966
ACLMASK_ANY
@ ACLMASK_ANY
Definition acl.h:177
pg_attribute_aclcheck_all_ext
AclResult pg_attribute_aclcheck_all_ext(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)
Definition aclchk.c:3939
PG_GETARG_TEXT_PP
#define PG_GETARG_TEXT_PP(n)
Definition fmgr.h:310
varlena
Definition c.h:739

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), fb(), GetUserId(), mode, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_any_column_privilege_id_id()

Datum has_any_column_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 2497 of file acl.c.

2498{
2499 Oid roleid = PG_GETARG_OID(0);
2500 Oid tableoid = PG_GETARG_OID(1);
2501 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2502 AclMode mode;
2503 AclResult aclresult;
2504 bool is_missing = false;
2505
2506 mode = convert_column_priv_string(priv_type_text);
2507
2508 /* First check at table level, then examine each column if needed */
2509 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2510 if (aclresult != ACLCHECK_OK)
2511 {
2512 if (is_missing)
2513 PG_RETURN_NULL();
2514 aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
2515 ACLMASK_ANY, &is_missing);
2516 if (is_missing)
2517 PG_RETURN_NULL();
2518 }
2519
2520 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2521}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), fb(), mode, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_any_column_privilege_id_name()

Datum has_any_column_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2470 of file acl.c.

2471{
2472 Oid roleid = PG_GETARG_OID(0);
2473 text *tablename = PG_GETARG_TEXT_PP(1);
2474 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2475 Oid tableoid;
2476 AclMode mode;
2477 AclResult aclresult;
2478
2479 tableoid = convert_table_name(tablename);
2480 mode = convert_column_priv_string(priv_type_text);
2481
2482 /* First check at table level, then examine each column if needed */
2483 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2484 if (aclresult != ACLCHECK_OK)
2485 aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2486 ACLMASK_ANY);
2487
2488 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2489}
convert_table_name
static Oid convert_table_name(text *tablename)
Definition acl.c:2061
pg_attribute_aclcheck_all
AclResult pg_attribute_aclcheck_all(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
Definition aclchk.c:3928
pg_class_aclcheck
AclResult pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode)
Definition aclchk.c:4057

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), fb(), mode, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_any_column_privilege_name()

Datum has_any_column_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 2374 of file acl.c.

2375{
2376 text *tablename = PG_GETARG_TEXT_PP(0);
2377 text *priv_type_text = PG_GETARG_TEXT_PP(1);
2378 Oid roleid;
2379 Oid tableoid;
2380 AclMode mode;
2381 AclResult aclresult;
2382
2383 roleid = GetUserId();
2384 tableoid = convert_table_name(tablename);
2385 mode = convert_column_priv_string(priv_type_text);
2386
2387 /* First check at table level, then examine each column if needed */
2388 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2389 if (aclresult != ACLCHECK_OK)
2390 aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2391 ACLMASK_ANY);
2392
2393 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2394}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), fb(), GetUserId(), mode, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_any_column_privilege_name_id()

Datum has_any_column_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 2402 of file acl.c.

2403{
2404 Name username = PG_GETARG_NAME(0);
2405 Oid tableoid = PG_GETARG_OID(1);
2406 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2407 Oid roleid;
2408 AclMode mode;
2409 AclResult aclresult;
2410 bool is_missing = false;
2411
2412 roleid = get_role_oid_or_public(NameStr(*username));
2413 mode = convert_column_priv_string(priv_type_text);
2414
2415 /* First check at table level, then examine each column if needed */
2416 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2417 if (aclresult != ACLCHECK_OK)
2418 {
2419 if (is_missing)
2420 PG_RETURN_NULL();
2421 aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
2422 ACLMASK_ANY, &is_missing);
2423 if (is_missing)
2424 PG_RETURN_NULL();
2425 }
2426
2427 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2428}
get_role_oid_or_public
Oid get_role_oid_or_public(const char *rolname)
Definition acl.c:5584
PG_GETARG_NAME
#define PG_GETARG_NAME(n)
Definition fmgr.h:279
username
static char * username
Definition initdb.c:153
nameData
Definition c.h:793

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_any_column_privilege_name_name()

Datum has_any_column_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2344 of file acl.c.

2345{
2346 Name rolename = PG_GETARG_NAME(0);
2347 text *tablename = PG_GETARG_TEXT_PP(1);
2348 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2349 Oid roleid;
2350 Oid tableoid;
2351 AclMode mode;
2352 AclResult aclresult;
2353
2354 roleid = get_role_oid_or_public(NameStr(*rolename));
2355 tableoid = convert_table_name(tablename);
2356 mode = convert_column_priv_string(priv_type_text);
2357
2358 /* First check at table level, then examine each column if needed */
2359 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2360 if (aclresult != ACLCHECK_OK)
2361 aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2362 ACLMASK_ANY);
2363
2364 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2365}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), fb(), get_role_oid_or_public(), mode, NameStr, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_column_privilege_id_attnum()

Datum has_column_privilege_id_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2880 of file acl.c.

2881{
2882 Oid tableoid = PG_GETARG_OID(0);
2883 AttrNumber colattnum = PG_GETARG_INT16(1);
2884 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2885 Oid roleid;
2886 AclMode mode;
2887 int privresult;
2888
2889 roleid = GetUserId();
2890 mode = convert_column_priv_string(priv_type_text);
2891
2892 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2893 if (privresult < 0)
2894 PG_RETURN_NULL();
2895 PG_RETURN_BOOL(privresult);
2896}
column_privilege_check
static int column_privilege_check(Oid tableoid, AttrNumber attnum, Oid roleid, AclMode mode)
Definition acl.c:2548
PG_GETARG_INT16
#define PG_GETARG_INT16(n)
Definition fmgr.h:271

References column_privilege_check(), convert_column_priv_string(), fb(), GetUserId(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_id_attnum()

Datum has_column_privilege_id_id_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2773 of file acl.c.

2774{
2775 Oid roleid = PG_GETARG_OID(0);
2776 Oid tableoid = PG_GETARG_OID(1);
2777 AttrNumber colattnum = PG_GETARG_INT16(2);
2778 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2779 AclMode mode;
2780 int privresult;
2781
2782 mode = convert_column_priv_string(priv_type_text);
2783
2784 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2785 if (privresult < 0)
2786 PG_RETURN_NULL();
2787 PG_RETURN_BOOL(privresult);
2788}

References column_privilege_check(), convert_column_priv_string(), fb(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_id_name()

Datum has_column_privilege_id_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2748 of file acl.c.

2749{
2750 Oid roleid = PG_GETARG_OID(0);
2751 Oid tableoid = PG_GETARG_OID(1);
2752 text *column = PG_GETARG_TEXT_PP(2);
2753 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2754 AttrNumber colattnum;
2755 AclMode mode;
2756 int privresult;
2757
2758 colattnum = convert_column_name(tableoid, column);
2759 mode = convert_column_priv_string(priv_type_text);
2760
2761 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2762 if (privresult < 0)
2763 PG_RETURN_NULL();
2764 PG_RETURN_BOOL(privresult);
2765}
convert_column_name
static AttrNumber convert_column_name(Oid tableoid, text *column)
Definition acl.c:2908

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), fb(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name()

Datum has_column_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2853 of file acl.c.

2854{
2855 Oid tableoid = PG_GETARG_OID(0);
2856 text *column = PG_GETARG_TEXT_PP(1);
2857 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2858 Oid roleid;
2859 AttrNumber colattnum;
2860 AclMode mode;
2861 int privresult;
2862
2863 roleid = GetUserId();
2864 colattnum = convert_column_name(tableoid, column);
2865 mode = convert_column_priv_string(priv_type_text);
2866
2867 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2868 if (privresult < 0)
2869 PG_RETURN_NULL();
2870 PG_RETURN_BOOL(privresult);
2871}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), fb(), GetUserId(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name_attnum()

Datum has_column_privilege_id_name_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2723 of file acl.c.

2724{
2725 Oid roleid = PG_GETARG_OID(0);
2726 text *tablename = PG_GETARG_TEXT_PP(1);
2727 AttrNumber colattnum = PG_GETARG_INT16(2);
2728 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2729 Oid tableoid;
2730 AclMode mode;
2731 int privresult;
2732
2733 tableoid = convert_table_name(tablename);
2734 mode = convert_column_priv_string(priv_type_text);
2735
2736 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2737 if (privresult < 0)
2738 PG_RETURN_NULL();
2739 PG_RETURN_BOOL(privresult);
2740}

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), fb(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name_name()

Datum has_column_privilege_id_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2696 of file acl.c.

2697{
2698 Oid roleid = PG_GETARG_OID(0);
2699 text *tablename = PG_GETARG_TEXT_PP(1);
2700 text *column = PG_GETARG_TEXT_PP(2);
2701 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2702 Oid tableoid;
2703 AttrNumber colattnum;
2704 AclMode mode;
2705 int privresult;
2706
2707 tableoid = convert_table_name(tablename);
2708 colattnum = convert_column_name(tableoid, column);
2709 mode = convert_column_priv_string(priv_type_text);
2710
2711 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2712 if (privresult < 0)
2713 PG_RETURN_NULL();
2714 PG_RETURN_BOOL(privresult);
2715}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), fb(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_attnum()

Datum has_column_privilege_name_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2826 of file acl.c.

2827{
2828 text *tablename = PG_GETARG_TEXT_PP(0);
2829 AttrNumber colattnum = PG_GETARG_INT16(1);
2830 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2831 Oid roleid;
2832 Oid tableoid;
2833 AclMode mode;
2834 int privresult;
2835
2836 roleid = GetUserId();
2837 tableoid = convert_table_name(tablename);
2838 mode = convert_column_priv_string(priv_type_text);
2839
2840 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2841 if (privresult < 0)
2842 PG_RETURN_NULL();
2843 PG_RETURN_BOOL(privresult);
2844}

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), fb(), GetUserId(), mode, PG_GETARG_INT16, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_id_attnum()

Datum has_column_privilege_name_id_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2671 of file acl.c.

2672{
2673 Name username = PG_GETARG_NAME(0);
2674 Oid tableoid = PG_GETARG_OID(1);
2675 AttrNumber colattnum = PG_GETARG_INT16(2);
2676 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2677 Oid roleid;
2678 AclMode mode;
2679 int privresult;
2680
2681 roleid = get_role_oid_or_public(NameStr(*username));
2682 mode = convert_column_priv_string(priv_type_text);
2683
2684 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2685 if (privresult < 0)
2686 PG_RETURN_NULL();
2687 PG_RETURN_BOOL(privresult);
2688}

References column_privilege_check(), convert_column_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_INT16, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_column_privilege_name_id_name()

Datum has_column_privilege_name_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2644 of file acl.c.

2645{
2646 Name username = PG_GETARG_NAME(0);
2647 Oid tableoid = PG_GETARG_OID(1);
2648 text *column = PG_GETARG_TEXT_PP(2);
2649 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2650 Oid roleid;
2651 AttrNumber colattnum;
2652 AclMode mode;
2653 int privresult;
2654
2655 roleid = get_role_oid_or_public(NameStr(*username));
2656 colattnum = convert_column_name(tableoid, column);
2657 mode = convert_column_priv_string(priv_type_text);
2658
2659 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2660 if (privresult < 0)
2661 PG_RETURN_NULL();
2662 PG_RETURN_BOOL(privresult);
2663}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_column_privilege_name_name()

Datum has_column_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2797 of file acl.c.

2798{
2799 text *tablename = PG_GETARG_TEXT_PP(0);
2800 text *column = PG_GETARG_TEXT_PP(1);
2801 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2802 Oid roleid;
2803 Oid tableoid;
2804 AttrNumber colattnum;
2805 AclMode mode;
2806 int privresult;
2807
2808 roleid = GetUserId();
2809 tableoid = convert_table_name(tablename);
2810 colattnum = convert_column_name(tableoid, column);
2811 mode = convert_column_priv_string(priv_type_text);
2812
2813 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2814 if (privresult < 0)
2815 PG_RETURN_NULL();
2816 PG_RETURN_BOOL(privresult);
2817}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), fb(), GetUserId(), mode, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_name_attnum()

Datum has_column_privilege_name_name_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2617 of file acl.c.

2618{
2619 Name rolename = PG_GETARG_NAME(0);
2620 text *tablename = PG_GETARG_TEXT_PP(1);
2621 AttrNumber colattnum = PG_GETARG_INT16(2);
2622 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2623 Oid roleid;
2624 Oid tableoid;
2625 AclMode mode;
2626 int privresult;
2627
2628 roleid = get_role_oid_or_public(NameStr(*rolename));
2629 tableoid = convert_table_name(tablename);
2630 mode = convert_column_priv_string(priv_type_text);
2631
2632 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2633 if (privresult < 0)
2634 PG_RETURN_NULL();
2635 PG_RETURN_BOOL(privresult);
2636}

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), fb(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_INT16, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_name_name()

Datum has_column_privilege_name_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2588 of file acl.c.

2589{
2590 Name rolename = PG_GETARG_NAME(0);
2591 text *tablename = PG_GETARG_TEXT_PP(1);
2592 text *column = PG_GETARG_TEXT_PP(2);
2593 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2594 Oid roleid;
2595 Oid tableoid;
2596 AttrNumber colattnum;
2597 AclMode mode;
2598 int privresult;
2599
2600 roleid = get_role_oid_or_public(NameStr(*rolename));
2601 tableoid = convert_table_name(tablename);
2602 colattnum = convert_column_name(tableoid, column);
2603 mode = convert_column_priv_string(priv_type_text);
2604
2605 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2606 if (privresult < 0)
2607 PG_RETURN_NULL();
2608 PG_RETURN_BOOL(privresult);
2609}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), fb(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id()

Datum has_database_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3080 of file acl.c.

3081{
3082 Oid databaseoid = PG_GETARG_OID(0);
3083 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3084 Oid roleid;
3085 AclMode mode;
3086 AclResult aclresult;
3087 bool is_missing = false;
3088
3089 roleid = GetUserId();
3090 mode = convert_database_priv_string(priv_type_text);
3091
3092 aclresult = object_aclcheck_ext(DatabaseRelationId, databaseoid,
3093 roleid, mode,
3094 &is_missing);
3095
3096 if (is_missing)
3097 PG_RETURN_NULL();
3098
3099 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3100}
convert_database_priv_string
static AclMode convert_database_priv_string(text *priv_type_text)
Definition acl.c:3172
object_aclcheck_ext
AclResult object_aclcheck_ext(Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)
Definition aclchk.c:3864

References ACLCHECK_OK, convert_database_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id_id()

Datum has_database_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3131 of file acl.c.

3132{
3133 Oid roleid = PG_GETARG_OID(0);
3134 Oid databaseoid = PG_GETARG_OID(1);
3135 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3136 AclMode mode;
3137 AclResult aclresult;
3138 bool is_missing = false;
3139
3140 mode = convert_database_priv_string(priv_type_text);
3141
3142 aclresult = object_aclcheck_ext(DatabaseRelationId, databaseoid,
3143 roleid, mode,
3144 &is_missing);
3145
3146 if (is_missing)
3147 PG_RETURN_NULL();
3148
3149 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3150}

References ACLCHECK_OK, convert_database_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id_name()

Datum has_database_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3108 of file acl.c.

3109{
3110 Oid roleid = PG_GETARG_OID(0);
3111 text *databasename = PG_GETARG_TEXT_PP(1);
3112 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3113 Oid databaseoid;
3114 AclMode mode;
3115 AclResult aclresult;
3116
3117 databaseoid = convert_database_name(databasename);
3118 mode = convert_database_priv_string(priv_type_text);
3119
3120 aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
3121
3122 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3123}
convert_database_name
static Oid convert_database_name(text *databasename)
Definition acl.c:3160
object_aclcheck
AclResult object_aclcheck(Oid classid, Oid objectid, Oid roleid, AclMode mode)
Definition aclchk.c:3854

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_database_privilege_name()

Datum has_database_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3026 of file acl.c.

3027{
3028 text *databasename = PG_GETARG_TEXT_PP(0);
3029 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3030 Oid roleid;
3031 Oid databaseoid;
3032 AclMode mode;
3033 AclResult aclresult;
3034
3035 roleid = GetUserId();
3036 databaseoid = convert_database_name(databasename);
3037 mode = convert_database_priv_string(priv_type_text);
3038
3039 aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
3040
3041 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3042}

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_database_privilege_name_id()

Datum has_database_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3050 of file acl.c.

3051{
3052 Name username = PG_GETARG_NAME(0);
3053 Oid databaseoid = PG_GETARG_OID(1);
3054 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3055 Oid roleid;
3056 AclMode mode;
3057 AclResult aclresult;
3058 bool is_missing = false;
3059
3060 roleid = get_role_oid_or_public(NameStr(*username));
3061 mode = convert_database_priv_string(priv_type_text);
3062
3063 aclresult = object_aclcheck_ext(DatabaseRelationId, databaseoid,
3064 roleid, mode,
3065 &is_missing);
3066
3067 if (is_missing)
3068 PG_RETURN_NULL();
3069
3070 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3071}

References ACLCHECK_OK, convert_database_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_database_privilege_name_name()

Datum has_database_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3000 of file acl.c.

3001{
3002 Name username = PG_GETARG_NAME(0);
3003 text *databasename = PG_GETARG_TEXT_PP(1);
3004 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3005 Oid roleid;
3006 Oid databaseoid;
3007 AclMode mode;
3008 AclResult aclresult;
3009
3010 roleid = get_role_oid_or_public(NameStr(*username));
3011 databaseoid = convert_database_name(databasename);
3012 mode = convert_database_priv_string(priv_type_text);
3013
3014 aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
3015
3016 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3017}

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_foreign_data_wrapper_privilege_id()

Datum has_foreign_data_wrapper_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3286 of file acl.c.

3287{
3288 Oid fdwid = PG_GETARG_OID(0);
3289 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3290 Oid roleid;
3291 AclMode mode;
3292 AclResult aclresult;
3293 bool is_missing = false;
3294
3295 roleid = GetUserId();
3296 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3297
3298 aclresult = object_aclcheck_ext(ForeignDataWrapperRelationId, fdwid,
3299 roleid, mode,
3300 &is_missing);
3301
3302 if (is_missing)
3303 PG_RETURN_NULL();
3304
3305 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3306}
convert_foreign_data_wrapper_priv_string
static AclMode convert_foreign_data_wrapper_priv_string(text *priv_type_text)
Definition acl.c:3378

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_foreign_data_wrapper_privilege_id_id()

Datum has_foreign_data_wrapper_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3337 of file acl.c.

3338{
3339 Oid roleid = PG_GETARG_OID(0);
3340 Oid fdwid = PG_GETARG_OID(1);
3341 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3342 AclMode mode;
3343 AclResult aclresult;
3344 bool is_missing = false;
3345
3346 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3347
3348 aclresult = object_aclcheck_ext(ForeignDataWrapperRelationId, fdwid,
3349 roleid, mode,
3350 &is_missing);
3351
3352 if (is_missing)
3353 PG_RETURN_NULL();
3354
3355 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3356}

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_foreign_data_wrapper_privilege_id_name()

Datum has_foreign_data_wrapper_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3314 of file acl.c.

3315{
3316 Oid roleid = PG_GETARG_OID(0);
3317 text *fdwname = PG_GETARG_TEXT_PP(1);
3318 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3319 Oid fdwid;
3320 AclMode mode;
3321 AclResult aclresult;
3322
3323 fdwid = convert_foreign_data_wrapper_name(fdwname);
3324 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3325
3326 aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
3327
3328 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3329}
convert_foreign_data_wrapper_name
static Oid convert_foreign_data_wrapper_name(text *fdwname)
Definition acl.c:3366

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_foreign_data_wrapper_privilege_name()

Datum has_foreign_data_wrapper_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3232 of file acl.c.

3233{
3234 text *fdwname = PG_GETARG_TEXT_PP(0);
3235 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3236 Oid roleid;
3237 Oid fdwid;
3238 AclMode mode;
3239 AclResult aclresult;
3240
3241 roleid = GetUserId();
3242 fdwid = convert_foreign_data_wrapper_name(fdwname);
3243 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3244
3245 aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
3246
3247 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3248}

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_foreign_data_wrapper_privilege_name_id()

Datum has_foreign_data_wrapper_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3256 of file acl.c.

3257{
3258 Name username = PG_GETARG_NAME(0);
3259 Oid fdwid = PG_GETARG_OID(1);
3260 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3261 Oid roleid;
3262 AclMode mode;
3263 AclResult aclresult;
3264 bool is_missing = false;
3265
3266 roleid = get_role_oid_or_public(NameStr(*username));
3267 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3268
3269 aclresult = object_aclcheck_ext(ForeignDataWrapperRelationId, fdwid,
3270 roleid, mode,
3271 &is_missing);
3272
3273 if (is_missing)
3274 PG_RETURN_NULL();
3275
3276 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3277}

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_foreign_data_wrapper_privilege_name_name()

Datum has_foreign_data_wrapper_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3206 of file acl.c.

3207{
3208 Name username = PG_GETARG_NAME(0);
3209 text *fdwname = PG_GETARG_TEXT_PP(1);
3210 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3211 Oid roleid;
3212 Oid fdwid;
3213 AclMode mode;
3214 AclResult aclresult;
3215
3216 roleid = get_role_oid_or_public(NameStr(*username));
3217 fdwid = convert_foreign_data_wrapper_name(fdwname);
3218 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3219
3220 aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
3221
3222 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3223}

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_function_privilege_id()

Datum has_function_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3486 of file acl.c.

3487{
3488 Oid functionoid = PG_GETARG_OID(0);
3489 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3490 Oid roleid;
3491 AclMode mode;
3492 AclResult aclresult;
3493 bool is_missing = false;
3494
3495 roleid = GetUserId();
3496 mode = convert_function_priv_string(priv_type_text);
3497
3498 aclresult = object_aclcheck_ext(ProcedureRelationId, functionoid,
3499 roleid, mode,
3500 &is_missing);
3501
3502 if (is_missing)
3503 PG_RETURN_NULL();
3504
3505 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3506}
convert_function_priv_string
static AclMode convert_function_priv_string(text *priv_type_text)
Definition acl.c:3587

References ACLCHECK_OK, convert_function_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_function_privilege_id_id()

Datum has_function_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3537 of file acl.c.

3538{
3539 Oid roleid = PG_GETARG_OID(0);
3540 Oid functionoid = PG_GETARG_OID(1);
3541 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3542 AclMode mode;
3543 AclResult aclresult;
3544 bool is_missing = false;
3545
3546 mode = convert_function_priv_string(priv_type_text);
3547
3548 aclresult = object_aclcheck_ext(ProcedureRelationId, functionoid,
3549 roleid, mode,
3550 &is_missing);
3551
3552 if (is_missing)
3553 PG_RETURN_NULL();
3554
3555 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3556}

References ACLCHECK_OK, convert_function_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_function_privilege_id_name()

Datum has_function_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3514 of file acl.c.

3515{
3516 Oid roleid = PG_GETARG_OID(0);
3517 text *functionname = PG_GETARG_TEXT_PP(1);
3518 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3519 Oid functionoid;
3520 AclMode mode;
3521 AclResult aclresult;
3522
3523 functionoid = convert_function_name(functionname);
3524 mode = convert_function_priv_string(priv_type_text);
3525
3526 aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
3527
3528 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3529}
convert_function_name
static Oid convert_function_name(text *functionname)
Definition acl.c:3566

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_function_privilege_name()

Datum has_function_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3432 of file acl.c.

3433{
3434 text *functionname = PG_GETARG_TEXT_PP(0);
3435 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3436 Oid roleid;
3437 Oid functionoid;
3438 AclMode mode;
3439 AclResult aclresult;
3440
3441 roleid = GetUserId();
3442 functionoid = convert_function_name(functionname);
3443 mode = convert_function_priv_string(priv_type_text);
3444
3445 aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
3446
3447 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3448}

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_function_privilege_name_id()

Datum has_function_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3456 of file acl.c.

3457{
3458 Name username = PG_GETARG_NAME(0);
3459 Oid functionoid = PG_GETARG_OID(1);
3460 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3461 Oid roleid;
3462 AclMode mode;
3463 AclResult aclresult;
3464 bool is_missing = false;
3465
3466 roleid = get_role_oid_or_public(NameStr(*username));
3467 mode = convert_function_priv_string(priv_type_text);
3468
3469 aclresult = object_aclcheck_ext(ProcedureRelationId, functionoid,
3470 roleid, mode,
3471 &is_missing);
3472
3473 if (is_missing)
3474 PG_RETURN_NULL();
3475
3476 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3477}

References ACLCHECK_OK, convert_function_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_function_privilege_name_name()

Datum has_function_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3406 of file acl.c.

3407{
3408 Name username = PG_GETARG_NAME(0);
3409 text *functionname = PG_GETARG_TEXT_PP(1);
3410 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3411 Oid roleid;
3412 Oid functionoid;
3413 AclMode mode;
3414 AclResult aclresult;
3415
3416 roleid = get_role_oid_or_public(NameStr(*username));
3417 functionoid = convert_function_name(functionname);
3418 mode = convert_function_priv_string(priv_type_text);
3419
3420 aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
3421
3422 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3423}

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_language_privilege_id()

Datum has_language_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3695 of file acl.c.

3696{
3697 Oid languageoid = PG_GETARG_OID(0);
3698 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3699 Oid roleid;
3700 AclMode mode;
3701 AclResult aclresult;
3702 bool is_missing = false;
3703
3704 roleid = GetUserId();
3705 mode = convert_language_priv_string(priv_type_text);
3706
3707 aclresult = object_aclcheck_ext(LanguageRelationId, languageoid,
3708 roleid, mode,
3709 &is_missing);
3710
3711 if (is_missing)
3712 PG_RETURN_NULL();
3713
3714 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3715}
convert_language_priv_string
static AclMode convert_language_priv_string(text *priv_type_text)
Definition acl.c:3787

References ACLCHECK_OK, convert_language_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_language_privilege_id_id()

Datum has_language_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3746 of file acl.c.

3747{
3748 Oid roleid = PG_GETARG_OID(0);
3749 Oid languageoid = PG_GETARG_OID(1);
3750 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3751 AclMode mode;
3752 AclResult aclresult;
3753 bool is_missing = false;
3754
3755 mode = convert_language_priv_string(priv_type_text);
3756
3757 aclresult = object_aclcheck_ext(LanguageRelationId, languageoid,
3758 roleid, mode,
3759 &is_missing);
3760
3761 if (is_missing)
3762 PG_RETURN_NULL();
3763
3764 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3765}

References ACLCHECK_OK, convert_language_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_language_privilege_id_name()

Datum has_language_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3723 of file acl.c.

3724{
3725 Oid roleid = PG_GETARG_OID(0);
3726 text *languagename = PG_GETARG_TEXT_PP(1);
3727 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3728 Oid languageoid;
3729 AclMode mode;
3730 AclResult aclresult;
3731
3732 languageoid = convert_language_name(languagename);
3733 mode = convert_language_priv_string(priv_type_text);
3734
3735 aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
3736
3737 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3738}
convert_language_name
static Oid convert_language_name(text *languagename)
Definition acl.c:3775

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_language_privilege_name()

Datum has_language_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3641 of file acl.c.

3642{
3643 text *languagename = PG_GETARG_TEXT_PP(0);
3644 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3645 Oid roleid;
3646 Oid languageoid;
3647 AclMode mode;
3648 AclResult aclresult;
3649
3650 roleid = GetUserId();
3651 languageoid = convert_language_name(languagename);
3652 mode = convert_language_priv_string(priv_type_text);
3653
3654 aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
3655
3656 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3657}

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_language_privilege_name_id()

Datum has_language_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3665 of file acl.c.

3666{
3667 Name username = PG_GETARG_NAME(0);
3668 Oid languageoid = PG_GETARG_OID(1);
3669 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3670 Oid roleid;
3671 AclMode mode;
3672 AclResult aclresult;
3673 bool is_missing = false;
3674
3675 roleid = get_role_oid_or_public(NameStr(*username));
3676 mode = convert_language_priv_string(priv_type_text);
3677
3678 aclresult = object_aclcheck_ext(LanguageRelationId, languageoid,
3679 roleid, mode,
3680 &is_missing);
3681
3682 if (is_missing)
3683 PG_RETURN_NULL();
3684
3685 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3686}

References ACLCHECK_OK, convert_language_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_language_privilege_name_name()

Datum has_language_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3615 of file acl.c.

3616{
3617 Name username = PG_GETARG_NAME(0);
3618 text *languagename = PG_GETARG_TEXT_PP(1);
3619 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3620 Oid roleid;
3621 Oid languageoid;
3622 AclMode mode;
3623 AclResult aclresult;
3624
3625 roleid = get_role_oid_or_public(NameStr(*username));
3626 languageoid = convert_language_name(languagename);
3627 mode = convert_language_priv_string(priv_type_text);
3628
3629 aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
3630
3631 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3632}

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_largeobject_privilege_id()

Datum has_largeobject_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4775 of file acl.c.

4776{
4777 Oid lobjId = PG_GETARG_OID(0);
4778 Oid roleid = GetUserId();
4779 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4780 AclMode mode;
4781 bool is_missing = false;
4782 bool result;
4783
4784 mode = convert_largeobject_priv_string(priv_type_text);
4785 result = has_lo_priv_byid(roleid, lobjId, mode, &is_missing);
4786
4787 if (is_missing)
4788 PG_RETURN_NULL();
4789
4790 PG_RETURN_BOOL(result);
4791}
convert_largeobject_priv_string
static AclMode convert_largeobject_priv_string(text *priv_type_text)
Definition acl.c:4822
has_lo_priv_byid
static bool has_lo_priv_byid(Oid roleid, Oid lobjId, AclMode priv, bool *is_missing)
Definition acl.c:4716

References convert_largeobject_priv_string(), fb(), GetUserId(), has_lo_priv_byid(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_largeobject_privilege_id_id()

Datum has_largeobject_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4799 of file acl.c.

4800{
4801 Oid roleid = PG_GETARG_OID(0);
4802 Oid lobjId = PG_GETARG_OID(1);
4803 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4804 AclMode mode;
4805 bool is_missing = false;
4806 bool result;
4807
4808 mode = convert_largeobject_priv_string(priv_type_text);
4809 result = has_lo_priv_byid(roleid, lobjId, mode, &is_missing);
4810
4811 if (is_missing)
4812 PG_RETURN_NULL();
4813
4814 PG_RETURN_BOOL(result);
4815}

References convert_largeobject_priv_string(), fb(), has_lo_priv_byid(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_largeobject_privilege_name_id()

Datum has_largeobject_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4749 of file acl.c.

4750{
4751 Name username = PG_GETARG_NAME(0);
4752 Oid roleid = get_role_oid_or_public(NameStr(*username));
4753 Oid lobjId = PG_GETARG_OID(1);
4754 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4755 AclMode mode;
4756 bool is_missing = false;
4757 bool result;
4758
4759 mode = convert_largeobject_priv_string(priv_type_text);
4760 result = has_lo_priv_byid(roleid, lobjId, mode, &is_missing);
4761
4762 if (is_missing)
4763 PG_RETURN_NULL();
4764
4765 PG_RETURN_BOOL(result);
4766}

References convert_largeobject_priv_string(), fb(), get_role_oid_or_public(), has_lo_priv_byid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_lo_priv_byid()

static bool has_lo_priv_byid ( Oid  roleid,
Oid  lobjId,
AclMode  priv,
bool is_missing 
)
static

Definition at line 4716 of file acl.c.

4717{
4718 Snapshot snapshot = NULL;
4719 AclResult aclresult;
4720
4721 if (priv & ACL_UPDATE)
4722 snapshot = NULL;
4723 else
4724 snapshot = GetActiveSnapshot();
4725
4726 if (!LargeObjectExistsWithSnapshot(lobjId, snapshot))
4727 {
4728 Assert(is_missing != NULL);
4729 *is_missing = true;
4730 return false;
4731 }
4732
4733 if (lo_compat_privileges)
4734 return true;
4735
4736 aclresult = pg_largeobject_aclcheck_snapshot(lobjId,
4737 roleid,
4738 priv,
4739 snapshot);
4740 return aclresult == ACLCHECK_OK;
4741}
pg_largeobject_aclcheck_snapshot
AclResult pg_largeobject_aclcheck_snapshot(Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)
Definition aclchk.c:4094
lo_compat_privileges
bool lo_compat_privileges
Definition inv_api.c:56
LargeObjectExistsWithSnapshot
bool LargeObjectExistsWithSnapshot(Oid loid, Snapshot snapshot)
Definition pg_largeobject.c:178
GetActiveSnapshot
Snapshot GetActiveSnapshot(void)
Definition snapmgr.c:800

References ACL_UPDATE, ACLCHECK_OK, Assert, fb(), GetActiveSnapshot(), LargeObjectExistsWithSnapshot(), lo_compat_privileges, and pg_largeobject_aclcheck_snapshot().

Referenced by has_largeobject_privilege_id(), has_largeobject_privilege_id_id(), and has_largeobject_privilege_name_id().

◆ has_param_priv_byname()

static bool has_param_priv_byname ( Oid  roleid,
const text parameter,
AclMode  priv 
)
static

Definition at line 4625 of file acl.c.

4626{
4627 char *paramstr = text_to_cstring(parameter);
4628
4629 return pg_parameter_aclcheck(paramstr, roleid, priv) == ACLCHECK_OK;
4630}
pg_parameter_aclcheck
AclResult pg_parameter_aclcheck(const char *name, Oid roleid, AclMode mode)
Definition aclchk.c:4082

References ACLCHECK_OK, fb(), pg_parameter_aclcheck(), and text_to_cstring().

Referenced by has_parameter_privilege_id_name(), has_parameter_privilege_name(), and has_parameter_privilege_name_name().

◆ has_parameter_privilege_id_name()

Datum has_parameter_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4668 of file acl.c.

4669{
4670 Oid roleid = PG_GETARG_OID(0);
4671 text *parameter = PG_GETARG_TEXT_PP(1);
4672 AclMode priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(2));
4673
4674 PG_RETURN_BOOL(has_param_priv_byname(roleid, parameter, priv));
4675}
has_param_priv_byname
static bool has_param_priv_byname(Oid roleid, const text *parameter, AclMode priv)
Definition acl.c:4625
convert_parameter_priv_string
static AclMode convert_parameter_priv_string(text *priv_text)
Definition acl.c:4686

References convert_parameter_priv_string(), fb(), has_param_priv_byname(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_parameter_privilege_name()

Datum has_parameter_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4654 of file acl.c.

4655{
4656 text *parameter = PG_GETARG_TEXT_PP(0);
4657 AclMode priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(1));
4658
4659 PG_RETURN_BOOL(has_param_priv_byname(GetUserId(), parameter, priv));
4660}

References convert_parameter_priv_string(), fb(), GetUserId(), has_param_priv_byname(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_parameter_privilege_name_name()

Datum has_parameter_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4638 of file acl.c.

4639{
4640 Name username = PG_GETARG_NAME(0);
4641 text *parameter = PG_GETARG_TEXT_PP(1);
4642 AclMode priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(2));
4643 Oid roleid = get_role_oid_or_public(NameStr(*username));
4644
4645 PG_RETURN_BOOL(has_param_priv_byname(roleid, parameter, priv));
4646}

References convert_parameter_priv_string(), fb(), get_role_oid_or_public(), has_param_priv_byname(), NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_privs_of_role()

bool has_privs_of_role ( Oid  member,
Oid  role 
)

Definition at line 5298 of file acl.c.

5299{
5300 /* Fast path for simple case */
5301 if (member == role)
5302 return true;
5303
5304 /* Superusers have every privilege, so are part of every role */
5305 if (superuser_arg(member))
5306 return true;
5307
5308 /*
5309 * Find all the roles that member has the privileges of, including
5310 * multi-level recursion, then see if target role is any one of them.
5311 */
5312 return list_member_oid(roles_is_member_of(member, ROLERECURSE_PRIVS,
5313 InvalidOid, NULL),
5314 role);
5315}
roles_is_member_of
static List * roles_is_member_of(Oid roleid, enum RoleRecurseType type, Oid admin_of, Oid *admin_role)
Definition acl.c:5166
list_member_oid
bool list_member_oid(const List *list, Oid datum)
Definition list.c:722
superuser_arg
bool superuser_arg(Oid roleid)
Definition superuser.c:57

References fb(), InvalidOid, list_member_oid(), ROLERECURSE_PRIVS, roles_is_member_of(), and superuser_arg().

Referenced by aclmask(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), bbsink_server_new(), calculate_database_size(), calculate_tablespace_size(), check_role_for_policy(), check_role_grantor(), ConfigOptionIsVisible(), convert_and_check_filename(), CreateSubscription(), DoCopy(), DropOwnedObjects(), ExecAlterDefaultPrivilegesStmt(), ExecCheckpoint(), file_fdw_validator(), GetConfigOptionValues(), InitPostgres(), object_ownercheck(), pg_class_aclmask_ext(), pg_get_multixact_stats(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask_ext(), pg_role_aclcheck(), pg_signal_backend(), pg_stat_get_recovery(), pg_stat_get_wal_receiver(), pg_stat_get_wal_senders(), pg_stat_statements_internal(), pgrowlocks(), ReassignOwnedObjects(), ReindexMultipleTables(), shell_check_detail(), and TerminateOtherDBBackends().

◆ has_schema_privilege_id()

Datum has_schema_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3895 of file acl.c.

3896{
3897 Oid schemaoid = PG_GETARG_OID(0);
3898 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3899 Oid roleid;
3900 AclMode mode;
3901 AclResult aclresult;
3902 bool is_missing = false;
3903
3904 roleid = GetUserId();
3905 mode = convert_schema_priv_string(priv_type_text);
3906
3907 aclresult = object_aclcheck_ext(NamespaceRelationId, schemaoid,
3908 roleid, mode,
3909 &is_missing);
3910
3911 if (is_missing)
3912 PG_RETURN_NULL();
3913
3914 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3915}
convert_schema_priv_string
static AclMode convert_schema_priv_string(text *priv_type_text)
Definition acl.c:3987

References ACLCHECK_OK, convert_schema_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_schema_privilege_id_id()

Datum has_schema_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3946 of file acl.c.

3947{
3948 Oid roleid = PG_GETARG_OID(0);
3949 Oid schemaoid = PG_GETARG_OID(1);
3950 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3951 AclMode mode;
3952 AclResult aclresult;
3953 bool is_missing = false;
3954
3955 mode = convert_schema_priv_string(priv_type_text);
3956
3957 aclresult = object_aclcheck_ext(NamespaceRelationId, schemaoid,
3958 roleid, mode,
3959 &is_missing);
3960
3961 if (is_missing)
3962 PG_RETURN_NULL();
3963
3964 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3965}

References ACLCHECK_OK, convert_schema_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_schema_privilege_id_name()

Datum has_schema_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3923 of file acl.c.

3924{
3925 Oid roleid = PG_GETARG_OID(0);
3926 text *schemaname = PG_GETARG_TEXT_PP(1);
3927 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3928 Oid schemaoid;
3929 AclMode mode;
3930 AclResult aclresult;
3931
3932 schemaoid = convert_schema_name(schemaname);
3933 mode = convert_schema_priv_string(priv_type_text);
3934
3935 aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
3936
3937 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3938}
convert_schema_name
static Oid convert_schema_name(text *schemaname)
Definition acl.c:3975

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_schema_privilege_name()

Datum has_schema_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3841 of file acl.c.

3842{
3843 text *schemaname = PG_GETARG_TEXT_PP(0);
3844 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3845 Oid roleid;
3846 Oid schemaoid;
3847 AclMode mode;
3848 AclResult aclresult;
3849
3850 roleid = GetUserId();
3851 schemaoid = convert_schema_name(schemaname);
3852 mode = convert_schema_priv_string(priv_type_text);
3853
3854 aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
3855
3856 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3857}

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_schema_privilege_name_id()

Datum has_schema_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3865 of file acl.c.

3866{
3867 Name username = PG_GETARG_NAME(0);
3868 Oid schemaoid = PG_GETARG_OID(1);
3869 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3870 Oid roleid;
3871 AclMode mode;
3872 AclResult aclresult;
3873 bool is_missing = false;
3874
3875 roleid = get_role_oid_or_public(NameStr(*username));
3876 mode = convert_schema_priv_string(priv_type_text);
3877
3878 aclresult = object_aclcheck_ext(NamespaceRelationId, schemaoid,
3879 roleid, mode,
3880 &is_missing);
3881
3882 if (is_missing)
3883 PG_RETURN_NULL();
3884
3885 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3886}

References ACLCHECK_OK, convert_schema_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_schema_privilege_name_name()

Datum has_schema_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3815 of file acl.c.

3816{
3817 Name username = PG_GETARG_NAME(0);
3818 text *schemaname = PG_GETARG_TEXT_PP(1);
3819 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3820 Oid roleid;
3821 Oid schemaoid;
3822 AclMode mode;
3823 AclResult aclresult;
3824
3825 roleid = get_role_oid_or_public(NameStr(*username));
3826 schemaoid = convert_schema_name(schemaname);
3827 mode = convert_schema_priv_string(priv_type_text);
3828
3829 aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
3830
3831 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3832}

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_sequence_privilege_id()

Datum has_sequence_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 2215 of file acl.c.

2216{
2217 Oid sequenceoid = PG_GETARG_OID(0);
2218 text *priv_type_text = PG_GETARG_TEXT_PP(1);
2219 Oid roleid;
2220 AclMode mode;
2221 AclResult aclresult;
2222 char relkind;
2223 bool is_missing = false;
2224
2225 roleid = GetUserId();
2226 mode = convert_sequence_priv_string(priv_type_text);
2227 relkind = get_rel_relkind(sequenceoid);
2228 if (relkind == '\0')
2229 PG_RETURN_NULL();
2230 else if (relkind != RELKIND_SEQUENCE)
2231 ereport(ERROR,
2232 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2233 errmsg("\"%s\" is not a sequence",
2234 get_rel_name(sequenceoid))));
2235
2236 aclresult = pg_class_aclcheck_ext(sequenceoid, roleid, mode, &is_missing);
2237
2238 if (is_missing)
2239 PG_RETURN_NULL();
2240
2241 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2242}
convert_sequence_priv_string
static AclMode convert_sequence_priv_string(text *priv_type_text)
Definition acl.c:2311
get_rel_relkind
char get_rel_relkind(Oid relid)
Definition lsyscache.c:2153

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg, ERROR, fb(), get_rel_name(), get_rel_relkind(), GetUserId(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_sequence_privilege_id_id()

Datum has_sequence_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 2278 of file acl.c.

2279{
2280 Oid roleid = PG_GETARG_OID(0);
2281 Oid sequenceoid = PG_GETARG_OID(1);
2282 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2283 AclMode mode;
2284 AclResult aclresult;
2285 char relkind;
2286 bool is_missing = false;
2287
2288 mode = convert_sequence_priv_string(priv_type_text);
2289 relkind = get_rel_relkind(sequenceoid);
2290 if (relkind == '\0')
2291 PG_RETURN_NULL();
2292 else if (relkind != RELKIND_SEQUENCE)
2293 ereport(ERROR,
2294 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2295 errmsg("\"%s\" is not a sequence",
2296 get_rel_name(sequenceoid))));
2297
2298 aclresult = pg_class_aclcheck_ext(sequenceoid, roleid, mode, &is_missing);
2299
2300 if (is_missing)
2301 PG_RETURN_NULL();
2302
2303 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2304}

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg, ERROR, fb(), get_rel_name(), get_rel_relkind(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_sequence_privilege_id_name()

Datum has_sequence_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2250 of file acl.c.

2251{
2252 Oid roleid = PG_GETARG_OID(0);
2253 text *sequencename = PG_GETARG_TEXT_PP(1);
2254 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2255 Oid sequenceoid;
2256 AclMode mode;
2257 AclResult aclresult;
2258
2259 mode = convert_sequence_priv_string(priv_type_text);
2260 sequenceoid = convert_table_name(sequencename);
2261 if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2262 ereport(ERROR,
2263 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2264 errmsg("\"%s\" is not a sequence",
2265 text_to_cstring(sequencename))));
2266
2267 aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2268
2269 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2270}

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg, ERROR, fb(), get_rel_relkind(), mode, pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and text_to_cstring().

◆ has_sequence_privilege_name()

Datum has_sequence_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 2149 of file acl.c.

2150{
2151 text *sequencename = PG_GETARG_TEXT_PP(0);
2152 text *priv_type_text = PG_GETARG_TEXT_PP(1);
2153 Oid roleid;
2154 Oid sequenceoid;
2155 AclMode mode;
2156 AclResult aclresult;
2157
2158 roleid = GetUserId();
2159 mode = convert_sequence_priv_string(priv_type_text);
2160 sequenceoid = convert_table_name(sequencename);
2161 if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2162 ereport(ERROR,
2163 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2164 errmsg("\"%s\" is not a sequence",
2165 text_to_cstring(sequencename))));
2166
2167 aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2168
2169 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2170}

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg, ERROR, fb(), get_rel_relkind(), GetUserId(), mode, pg_class_aclcheck(), PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and text_to_cstring().

◆ has_sequence_privilege_name_id()

Datum has_sequence_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 2178 of file acl.c.

2179{
2180 Name username = PG_GETARG_NAME(0);
2181 Oid sequenceoid = PG_GETARG_OID(1);
2182 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2183 Oid roleid;
2184 AclMode mode;
2185 AclResult aclresult;
2186 char relkind;
2187 bool is_missing = false;
2188
2189 roleid = get_role_oid_or_public(NameStr(*username));
2190 mode = convert_sequence_priv_string(priv_type_text);
2191 relkind = get_rel_relkind(sequenceoid);
2192 if (relkind == '\0')
2193 PG_RETURN_NULL();
2194 else if (relkind != RELKIND_SEQUENCE)
2195 ereport(ERROR,
2196 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2197 errmsg("\"%s\" is not a sequence",
2198 get_rel_name(sequenceoid))));
2199
2200 aclresult = pg_class_aclcheck_ext(sequenceoid, roleid, mode, &is_missing);
2201
2202 if (is_missing)
2203 PG_RETURN_NULL();
2204
2205 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2206}

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg, ERROR, fb(), get_rel_name(), get_rel_relkind(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_sequence_privilege_name_name()

Datum has_sequence_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2118 of file acl.c.

2119{
2120 Name rolename = PG_GETARG_NAME(0);
2121 text *sequencename = PG_GETARG_TEXT_PP(1);
2122 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2123 Oid roleid;
2124 Oid sequenceoid;
2125 AclMode mode;
2126 AclResult aclresult;
2127
2128 roleid = get_role_oid_or_public(NameStr(*rolename));
2129 mode = convert_sequence_priv_string(priv_type_text);
2130 sequenceoid = convert_table_name(sequencename);
2131 if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2132 ereport(ERROR,
2133 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2134 errmsg("\"%s\" is not a sequence",
2135 text_to_cstring(sequencename))));
2136
2137 aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2138
2139 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2140}

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg, ERROR, fb(), get_rel_relkind(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and text_to_cstring().

◆ has_server_privilege_id()

Datum has_server_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4097 of file acl.c.

4098{
4099 Oid serverid = PG_GETARG_OID(0);
4100 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4101 Oid roleid;
4102 AclMode mode;
4103 AclResult aclresult;
4104 bool is_missing = false;
4105
4106 roleid = GetUserId();
4107 mode = convert_server_priv_string(priv_type_text);
4108
4109 aclresult = object_aclcheck_ext(ForeignServerRelationId, serverid,
4110 roleid, mode,
4111 &is_missing);
4112
4113 if (is_missing)
4114 PG_RETURN_NULL();
4115
4116 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4117}
convert_server_priv_string
static AclMode convert_server_priv_string(text *priv_type_text)
Definition acl.c:4189

References ACLCHECK_OK, convert_server_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_server_privilege_id_id()

Datum has_server_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4148 of file acl.c.

4149{
4150 Oid roleid = PG_GETARG_OID(0);
4151 Oid serverid = PG_GETARG_OID(1);
4152 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4153 AclMode mode;
4154 AclResult aclresult;
4155 bool is_missing = false;
4156
4157 mode = convert_server_priv_string(priv_type_text);
4158
4159 aclresult = object_aclcheck_ext(ForeignServerRelationId, serverid,
4160 roleid, mode,
4161 &is_missing);
4162
4163 if (is_missing)
4164 PG_RETURN_NULL();
4165
4166 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4167}

References ACLCHECK_OK, convert_server_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_server_privilege_id_name()

Datum has_server_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4125 of file acl.c.

4126{
4127 Oid roleid = PG_GETARG_OID(0);
4128 text *servername = PG_GETARG_TEXT_PP(1);
4129 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4130 Oid serverid;
4131 AclMode mode;
4132 AclResult aclresult;
4133
4134 serverid = convert_server_name(servername);
4135 mode = convert_server_priv_string(priv_type_text);
4136
4137 aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
4138
4139 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4140}
convert_server_name
static Oid convert_server_name(text *servername)
Definition acl.c:4177

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_server_privilege_name()

Datum has_server_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4043 of file acl.c.

4044{
4045 text *servername = PG_GETARG_TEXT_PP(0);
4046 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4047 Oid roleid;
4048 Oid serverid;
4049 AclMode mode;
4050 AclResult aclresult;
4051
4052 roleid = GetUserId();
4053 serverid = convert_server_name(servername);
4054 mode = convert_server_priv_string(priv_type_text);
4055
4056 aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
4057
4058 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4059}

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_server_privilege_name_id()

Datum has_server_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4067 of file acl.c.

4068{
4069 Name username = PG_GETARG_NAME(0);
4070 Oid serverid = PG_GETARG_OID(1);
4071 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4072 Oid roleid;
4073 AclMode mode;
4074 AclResult aclresult;
4075 bool is_missing = false;
4076
4077 roleid = get_role_oid_or_public(NameStr(*username));
4078 mode = convert_server_priv_string(priv_type_text);
4079
4080 aclresult = object_aclcheck_ext(ForeignServerRelationId, serverid,
4081 roleid, mode,
4082 &is_missing);
4083
4084 if (is_missing)
4085 PG_RETURN_NULL();
4086
4087 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4088}

References ACLCHECK_OK, convert_server_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_server_privilege_name_name()

Datum has_server_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4017 of file acl.c.

4018{
4019 Name username = PG_GETARG_NAME(0);
4020 text *servername = PG_GETARG_TEXT_PP(1);
4021 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4022 Oid roleid;
4023 Oid serverid;
4024 AclMode mode;
4025 AclResult aclresult;
4026
4027 roleid = get_role_oid_or_public(NameStr(*username));
4028 serverid = convert_server_name(servername);
4029 mode = convert_server_priv_string(priv_type_text);
4030
4031 aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
4032
4033 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4034}

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_table_privilege_id()

Datum has_table_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 1985 of file acl.c.

1986{
1987 Oid tableoid = PG_GETARG_OID(0);
1988 text *priv_type_text = PG_GETARG_TEXT_PP(1);
1989 Oid roleid;
1990 AclMode mode;
1991 AclResult aclresult;
1992 bool is_missing = false;
1993
1994 roleid = GetUserId();
1995 mode = convert_table_priv_string(priv_type_text);
1996
1997 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
1998
1999 if (is_missing)
2000 PG_RETURN_NULL();
2001
2002 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2003}
convert_table_priv_string
static AclMode convert_table_priv_string(text *priv_type_text)
Definition acl.c:2076

References ACLCHECK_OK, convert_table_priv_string(), fb(), GetUserId(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_table_privilege_id_id()

Datum has_table_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 2034 of file acl.c.

2035{
2036 Oid roleid = PG_GETARG_OID(0);
2037 Oid tableoid = PG_GETARG_OID(1);
2038 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2039 AclMode mode;
2040 AclResult aclresult;
2041 bool is_missing = false;
2042
2043 mode = convert_table_priv_string(priv_type_text);
2044
2045 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2046
2047 if (is_missing)
2048 PG_RETURN_NULL();
2049
2050 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2051}

References ACLCHECK_OK, convert_table_priv_string(), fb(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_table_privilege_id_name()

Datum has_table_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2011 of file acl.c.

2012{
2013 Oid roleid = PG_GETARG_OID(0);
2014 text *tablename = PG_GETARG_TEXT_PP(1);
2015 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2016 Oid tableoid;
2017 AclMode mode;
2018 AclResult aclresult;
2019
2020 tableoid = convert_table_name(tablename);
2021 mode = convert_table_priv_string(priv_type_text);
2022
2023 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2024
2025 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2026}

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), fb(), mode, pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_table_privilege_name()

Datum has_table_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 1933 of file acl.c.

1934{
1935 text *tablename = PG_GETARG_TEXT_PP(0);
1936 text *priv_type_text = PG_GETARG_TEXT_PP(1);
1937 Oid roleid;
1938 Oid tableoid;
1939 AclMode mode;
1940 AclResult aclresult;
1941
1942 roleid = GetUserId();
1943 tableoid = convert_table_name(tablename);
1944 mode = convert_table_priv_string(priv_type_text);
1945
1946 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1947
1948 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1949}

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), fb(), GetUserId(), mode, pg_class_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_table_privilege_name_id()

Datum has_table_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 1957 of file acl.c.

1958{
1959 Name username = PG_GETARG_NAME(0);
1960 Oid tableoid = PG_GETARG_OID(1);
1961 text *priv_type_text = PG_GETARG_TEXT_PP(2);
1962 Oid roleid;
1963 AclMode mode;
1964 AclResult aclresult;
1965 bool is_missing = false;
1966
1967 roleid = get_role_oid_or_public(NameStr(*username));
1968 mode = convert_table_priv_string(priv_type_text);
1969
1970 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
1971
1972 if (is_missing)
1973 PG_RETURN_NULL();
1974
1975 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1976}

References ACLCHECK_OK, convert_table_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_table_privilege_name_name()

Datum has_table_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 1907 of file acl.c.

1908{
1909 Name rolename = PG_GETARG_NAME(0);
1910 text *tablename = PG_GETARG_TEXT_PP(1);
1911 text *priv_type_text = PG_GETARG_TEXT_PP(2);
1912 Oid roleid;
1913 Oid tableoid;
1914 AclMode mode;
1915 AclResult aclresult;
1916
1917 roleid = get_role_oid_or_public(NameStr(*rolename));
1918 tableoid = convert_table_name(tablename);
1919 mode = convert_table_priv_string(priv_type_text);
1920
1921 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1922
1923 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1924}

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_id()

Datum has_tablespace_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4297 of file acl.c.

4298{
4299 Oid tablespaceoid = PG_GETARG_OID(0);
4300 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4301 Oid roleid;
4302 AclMode mode;
4303 AclResult aclresult;
4304 bool is_missing = false;
4305
4306 roleid = GetUserId();
4307 mode = convert_tablespace_priv_string(priv_type_text);
4308
4309 aclresult = object_aclcheck_ext(TableSpaceRelationId, tablespaceoid,
4310 roleid, mode,
4311 &is_missing);
4312
4313 if (is_missing)
4314 PG_RETURN_NULL();
4315
4316 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4317}
convert_tablespace_priv_string
static AclMode convert_tablespace_priv_string(text *priv_type_text)
Definition acl.c:4389

References ACLCHECK_OK, convert_tablespace_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_tablespace_privilege_id_id()

Datum has_tablespace_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4348 of file acl.c.

4349{
4350 Oid roleid = PG_GETARG_OID(0);
4351 Oid tablespaceoid = PG_GETARG_OID(1);
4352 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4353 AclMode mode;
4354 AclResult aclresult;
4355 bool is_missing = false;
4356
4357 mode = convert_tablespace_priv_string(priv_type_text);
4358
4359 aclresult = object_aclcheck_ext(TableSpaceRelationId, tablespaceoid,
4360 roleid, mode,
4361 &is_missing);
4362
4363 if (is_missing)
4364 PG_RETURN_NULL();
4365
4366 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4367}

References ACLCHECK_OK, convert_tablespace_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_tablespace_privilege_id_name()

Datum has_tablespace_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4325 of file acl.c.

4326{
4327 Oid roleid = PG_GETARG_OID(0);
4328 text *tablespacename = PG_GETARG_TEXT_PP(1);
4329 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4330 Oid tablespaceoid;
4331 AclMode mode;
4332 AclResult aclresult;
4333
4334 tablespaceoid = convert_tablespace_name(tablespacename);
4335 mode = convert_tablespace_priv_string(priv_type_text);
4336
4337 aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
4338
4339 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4340}
convert_tablespace_name
static Oid convert_tablespace_name(text *tablespacename)
Definition acl.c:4377

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_name()

Datum has_tablespace_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4243 of file acl.c.

4244{
4245 text *tablespacename = PG_GETARG_TEXT_PP(0);
4246 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4247 Oid roleid;
4248 Oid tablespaceoid;
4249 AclMode mode;
4250 AclResult aclresult;
4251
4252 roleid = GetUserId();
4253 tablespaceoid = convert_tablespace_name(tablespacename);
4254 mode = convert_tablespace_priv_string(priv_type_text);
4255
4256 aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
4257
4258 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4259}

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_name_id()

Datum has_tablespace_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4267 of file acl.c.

4268{
4269 Name username = PG_GETARG_NAME(0);
4270 Oid tablespaceoid = PG_GETARG_OID(1);
4271 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4272 Oid roleid;
4273 AclMode mode;
4274 AclResult aclresult;
4275 bool is_missing = false;
4276
4277 roleid = get_role_oid_or_public(NameStr(*username));
4278 mode = convert_tablespace_priv_string(priv_type_text);
4279
4280 aclresult = object_aclcheck_ext(TableSpaceRelationId, tablespaceoid,
4281 roleid, mode,
4282 &is_missing);
4283
4284 if (is_missing)
4285 PG_RETURN_NULL();
4286
4287 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4288}

References ACLCHECK_OK, convert_tablespace_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_tablespace_privilege_name_name()

Datum has_tablespace_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4217 of file acl.c.

4218{
4219 Name username = PG_GETARG_NAME(0);
4220 text *tablespacename = PG_GETARG_TEXT_PP(1);
4221 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4222 Oid roleid;
4223 Oid tablespaceoid;
4224 AclMode mode;
4225 AclResult aclresult;
4226
4227 roleid = get_role_oid_or_public(NameStr(*username));
4228 tablespaceoid = convert_tablespace_name(tablespacename);
4229 mode = convert_tablespace_priv_string(priv_type_text);
4230
4231 aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
4232
4233 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4234}

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_type_privilege_id()

Datum has_type_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4496 of file acl.c.

4497{
4498 Oid typeoid = PG_GETARG_OID(0);
4499 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4500 Oid roleid;
4501 AclMode mode;
4502 AclResult aclresult;
4503 bool is_missing = false;
4504
4505 roleid = GetUserId();
4506 mode = convert_type_priv_string(priv_type_text);
4507
4508 aclresult = object_aclcheck_ext(TypeRelationId, typeoid,
4509 roleid, mode,
4510 &is_missing);
4511
4512 if (is_missing)
4513 PG_RETURN_NULL();
4514
4515 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4516}
convert_type_priv_string
static AclMode convert_type_priv_string(text *priv_type_text)
Definition acl.c:4597

References ACLCHECK_OK, convert_type_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_type_privilege_id_id()

Datum has_type_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4547 of file acl.c.

4548{
4549 Oid roleid = PG_GETARG_OID(0);
4550 Oid typeoid = PG_GETARG_OID(1);
4551 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4552 AclMode mode;
4553 AclResult aclresult;
4554 bool is_missing = false;
4555
4556 mode = convert_type_priv_string(priv_type_text);
4557
4558 aclresult = object_aclcheck_ext(TypeRelationId, typeoid,
4559 roleid, mode,
4560 &is_missing);
4561
4562 if (is_missing)
4563 PG_RETURN_NULL();
4564
4565 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4566}

References ACLCHECK_OK, convert_type_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_type_privilege_id_name()

Datum has_type_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4524 of file acl.c.

4525{
4526 Oid roleid = PG_GETARG_OID(0);
4527 text *typename = PG_GETARG_TEXT_PP(1);
4528 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4529 Oid typeoid;
4530 AclMode mode;
4531 AclResult aclresult;
4532
4533 typeoid = convert_type_name(typename);
4534 mode = convert_type_priv_string(priv_type_text);
4535
4536 aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
4537
4538 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4539}
convert_type_name
static Oid convert_type_name(text *typename)
Definition acl.c:4576

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_type_privilege_name()

Datum has_type_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4442 of file acl.c.

4443{
4444 text *typename = PG_GETARG_TEXT_PP(0);
4445 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4446 Oid roleid;
4447 Oid typeoid;
4448 AclMode mode;
4449 AclResult aclresult;
4450
4451 roleid = GetUserId();
4452 typeoid = convert_type_name(typename);
4453 mode = convert_type_priv_string(priv_type_text);
4454
4455 aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
4456
4457 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4458}

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_type_privilege_name_id()

Datum has_type_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4466 of file acl.c.

4467{
4468 Name username = PG_GETARG_NAME(0);
4469 Oid typeoid = PG_GETARG_OID(1);
4470 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4471 Oid roleid;
4472 AclMode mode;
4473 AclResult aclresult;
4474 bool is_missing = false;
4475
4476 roleid = get_role_oid_or_public(NameStr(*username));
4477 mode = convert_type_priv_string(priv_type_text);
4478
4479 aclresult = object_aclcheck_ext(TypeRelationId, typeoid,
4480 roleid, mode,
4481 &is_missing);
4482
4483 if (is_missing)
4484 PG_RETURN_NULL();
4485
4486 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4487}

References ACLCHECK_OK, convert_type_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_type_privilege_name_name()

Datum has_type_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4416 of file acl.c.

4417{
4418 Name username = PG_GETARG_NAME(0);
4419 text *typename = PG_GETARG_TEXT_PP(1);
4420 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4421 Oid roleid;
4422 Oid typeoid;
4423 AclMode mode;
4424 AclResult aclresult;
4425
4426 roleid = get_role_oid_or_public(NameStr(*username));
4427 typeoid = convert_type_name(typename);
4428 mode = convert_type_priv_string(priv_type_text);
4429
4430 aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
4431
4432 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4433}

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ hash_aclitem()

Datum hash_aclitem ( PG_FUNCTION_ARGS  )

Definition at line 781 of file acl.c.

782{
783 AclItem *a = PG_GETARG_ACLITEM_P(0);
784
785 /* not very bright, but avoids any issue of padding in struct */
786 PG_RETURN_UINT32((uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor));
787}
uint32
uint32_t uint32
Definition c.h:579
PG_RETURN_UINT32
#define PG_RETURN_UINT32(x)
Definition fmgr.h:356
a
int a
Definition isn.c:73

References a, PG_GETARG_ACLITEM_P, and PG_RETURN_UINT32.

◆ hash_aclitem_extended()

Datum hash_aclitem_extended ( PG_FUNCTION_ARGS  )

Definition at line 795 of file acl.c.

796{
797 AclItem *a = PG_GETARG_ACLITEM_P(0);
798 uint64 seed = PG_GETARG_INT64(1);
799 uint32 sum = (uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor);
800
801 return (seed == 0) ? UInt64GetDatum(sum) : hash_uint32_extended(sum, seed);
802}
uint64
uint64_t uint64
Definition c.h:580
PG_GETARG_INT64
#define PG_GETARG_INT64(n)
Definition fmgr.h:284
hash_uint32_extended
static Datum hash_uint32_extended(uint32 k, uint64 seed)
Definition hashfn.h:49
UInt64GetDatum
static Datum UInt64GetDatum(uint64 X)
Definition postgres.h:443

References a, hash_uint32_extended(), PG_GETARG_ACLITEM_P, PG_GETARG_INT64, and UInt64GetDatum().

◆ initialize_acl()

void initialize_acl ( void  )

Definition at line 5053 of file acl.c.

5054{
5055 if (!IsBootstrapProcessingMode())
5056 {
5057 cached_db_hash =
5058 GetSysCacheHashValue1(DATABASEOID,
5059 ObjectIdGetDatum(MyDatabaseId));
5060
5061 /*
5062 * In normal mode, set a callback on any syscache invalidation of rows
5063 * of pg_auth_members (for roles_is_member_of()) pg_database (for
5064 * roles_is_member_of())
5065 */
5066 CacheRegisterSyscacheCallback(AUTHMEMROLEMEM,
5067 RoleMembershipCacheCallback,
5068 (Datum) 0);
5069 CacheRegisterSyscacheCallback(AUTHOID,
5070 RoleMembershipCacheCallback,
5071 (Datum) 0);
5072 CacheRegisterSyscacheCallback(DATABASEOID,
5073 RoleMembershipCacheCallback,
5074 (Datum) 0);
5075 }
5076}
cached_db_hash
static uint32 cached_db_hash
Definition acl.c:83
RoleMembershipCacheCallback
static void RoleMembershipCacheCallback(Datum arg, SysCacheIdentifier cacheid, uint32 hashvalue)
Definition acl.c:5083
MyDatabaseId
Oid MyDatabaseId
Definition globals.c:94
CacheRegisterSyscacheCallback
void CacheRegisterSyscacheCallback(SysCacheIdentifier cacheid, SyscacheCallbackFunction func, Datum arg)
Definition inval.c:1816
GetSysCacheHashValue1
#define GetSysCacheHashValue1(cacheId, key1)
Definition syscache.h:118

References cached_db_hash, CacheRegisterSyscacheCallback(), fb(), GetSysCacheHashValue1, IsBootstrapProcessingMode, MyDatabaseId, ObjectIdGetDatum(), and RoleMembershipCacheCallback().

Referenced by InitPostgres().

◆ is_admin_of_role()

bool is_admin_of_role ( Oid  member,
Oid  role 
)

Definition at line 5428 of file acl.c.

5429{
5430 Oid admin_role;
5431
5432 if (superuser_arg(member))
5433 return true;
5434
5435 /* By policy, a role cannot have WITH ADMIN OPTION on itself. */
5436 if (member == role)
5437 return false;
5438
5439 (void) roles_is_member_of(member, ROLERECURSE_MEMBERS, role, &admin_role);
5440 return OidIsValid(admin_role);
5441}

References fb(), OidIsValid, ROLERECURSE_MEMBERS, roles_is_member_of(), and superuser_arg().

Referenced by AlterRole(), AlterRoleSet(), check_object_ownership(), check_role_membership_authorization(), DropRole(), pg_role_aclcheck(), and RenameRole().

◆ is_member_of_role()

bool is_member_of_role ( Oid  member,
Oid  role 
)

Definition at line 5378 of file acl.c.

5379{
5380 /* Fast path for simple case */
5381 if (member == role)
5382 return true;
5383
5384 /* Superusers have every privilege, so are part of every role */
5385 if (superuser_arg(member))
5386 return true;
5387
5388 /*
5389 * Find all the roles that member is a member of, including multi-level
5390 * recursion, then see if target role is any one of them.
5391 */
5392 return list_member_oid(roles_is_member_of(member, ROLERECURSE_MEMBERS,
5393 InvalidOid, NULL),
5394 role);
5395}

References fb(), InvalidOid, list_member_oid(), ROLERECURSE_MEMBERS, roles_is_member_of(), and superuser_arg().

Referenced by pg_role_aclcheck().

◆ is_member_of_role_nosuper()

bool is_member_of_role_nosuper ( Oid  member,
Oid  role 
)

Definition at line 5406 of file acl.c.

5407{
5408 /* Fast path for simple case */
5409 if (member == role)
5410 return true;
5411
5412 /*
5413 * Find all the roles that member is a member of, including multi-level
5414 * recursion, then see if target role is any one of them.
5415 */
5416 return list_member_oid(roles_is_member_of(member, ROLERECURSE_MEMBERS,
5417 InvalidOid, NULL),
5418 role);
5419}

References fb(), InvalidOid, list_member_oid(), ROLERECURSE_MEMBERS, and roles_is_member_of().

Referenced by AddRoleMems(), and is_member().

◆ is_safe_acl_char()

static bool is_safe_acl_char ( unsigned char  c,
bool  is_getid 
)
inlinestatic

Definition at line 147 of file acl.c.

148{
149 if (IS_HIGHBIT_SET(c))
150 return is_getid;
151 return isalnum(c) || c == '_';
152}
IS_HIGHBIT_SET
#define IS_HIGHBIT_SET(ch)
Definition c.h:1207
c
char * c
Definition preproc-cursor.c:31

References fb(), and IS_HIGHBIT_SET.

Referenced by getid(), and putid().

◆ make_empty_acl()

Acl * make_empty_acl ( void  )

Definition at line 461 of file acl.c.

462{
463 return allocacl(0);
464}

References allocacl().

Referenced by SetDefaultACL().

◆ makeaclitem()

Datum makeaclitem ( PG_FUNCTION_ARGS  )

Definition at line 1647 of file acl.c.

1648{
1649 Oid grantee = PG_GETARG_OID(0);
1650 Oid grantor = PG_GETARG_OID(1);
1651 text *privtext = PG_GETARG_TEXT_PP(2);
1652 bool goption = PG_GETARG_BOOL(3);
1653 AclItem *result;
1654 AclMode priv;
1655 static const priv_map any_priv_map[] = {
1656 {"SELECT", ACL_SELECT},
1657 {"INSERT", ACL_INSERT},
1658 {"UPDATE", ACL_UPDATE},
1659 {"DELETE", ACL_DELETE},
1660 {"TRUNCATE", ACL_TRUNCATE},
1661 {"REFERENCES", ACL_REFERENCES},
1662 {"TRIGGER", ACL_TRIGGER},
1663 {"EXECUTE", ACL_EXECUTE},
1664 {"USAGE", ACL_USAGE},
1665 {"CREATE", ACL_CREATE},
1666 {"TEMP", ACL_CREATE_TEMP},
1667 {"TEMPORARY", ACL_CREATE_TEMP},
1668 {"CONNECT", ACL_CONNECT},
1669 {"SET", ACL_SET},
1670 {"ALTER SYSTEM", ACL_ALTER_SYSTEM},
1671 {"MAINTAIN", ACL_MAINTAIN},
1672 {NULL, 0}
1673 };
1674
1675 priv = convert_any_priv_string(privtext, any_priv_map);
1676
1677 result = palloc_object(AclItem);
1678
1679 result->ai_grantee = grantee;
1680 result->ai_grantor = grantor;
1681
1682 ACLITEM_SET_PRIVS_GOPTIONS(*result, priv,
1683 (goption ? priv : ACL_NO_RIGHTS));
1684
1685 PG_RETURN_ACLITEM_P(result);
1686}
PG_GETARG_BOOL
#define PG_GETARG_BOOL(n)
Definition fmgr.h:274
AclItem::ai_grantee
Oid ai_grantee
Definition acl.h:56
AclItem::ai_grantor
Oid ai_grantor
Definition acl.h:57

References ACL_ALTER_SYSTEM, ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_MAINTAIN, ACL_NO_RIGHTS, ACL_REFERENCES, ACL_SELECT, ACL_SET, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, ACLITEM_SET_PRIVS_GOPTIONS, AclItem::ai_grantee, AclItem::ai_grantor, convert_any_priv_string(), fb(), palloc_object, PG_GETARG_BOOL, PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_ACLITEM_P.

◆ member_can_set_role()

bool member_can_set_role ( Oid  member,
Oid  role 
)

Definition at line 5332 of file acl.c.

5333{
5334 /* Fast path for simple case */
5335 if (member == role)
5336 return true;
5337
5338 /* Superusers have every privilege, so can always SET ROLE */
5339 if (superuser_arg(member))
5340 return true;
5341
5342 /*
5343 * Find all the roles that member can access via SET ROLE, including
5344 * multi-level recursion, then see if target role is any one of them.
5345 */
5346 return list_member_oid(roles_is_member_of(member, ROLERECURSE_SETROLE,
5347 InvalidOid, NULL),
5348 role);
5349}

References fb(), InvalidOid, list_member_oid(), ROLERECURSE_SETROLE, roles_is_member_of(), and superuser_arg().

Referenced by check_can_set_role(), check_role(), pg_role_aclcheck(), and SwitchToUntrustedUser().

◆ pg_has_role_id()

Datum pg_has_role_id ( PG_FUNCTION_ARGS  )

Definition at line 4925 of file acl.c.

4926{
4927 Oid roleoid = PG_GETARG_OID(0);
4928 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4929 Oid roleid;
4930 AclMode mode;
4931 AclResult aclresult;
4932
4933 roleid = GetUserId();
4934 mode = convert_role_priv_string(priv_type_text);
4935
4936 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4937
4938 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4939}
convert_role_priv_string
static AclMode convert_role_priv_string(text *priv_type_text)
Definition acl.c:5000
pg_role_aclcheck
static AclResult pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode)
Definition acl.c:5023

References ACLCHECK_OK, convert_role_priv_string(), fb(), GetUserId(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_id_id()

Datum pg_has_role_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4970 of file acl.c.

4971{
4972 Oid roleid = PG_GETARG_OID(0);
4973 Oid roleoid = PG_GETARG_OID(1);
4974 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4975 AclMode mode;
4976 AclResult aclresult;
4977
4978 mode = convert_role_priv_string(priv_type_text);
4979
4980 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4981
4982 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4983}

References ACLCHECK_OK, convert_role_priv_string(), fb(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_id_name()

Datum pg_has_role_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4947 of file acl.c.

4948{
4949 Oid roleid = PG_GETARG_OID(0);
4950 Name rolename = PG_GETARG_NAME(1);
4951 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4952 Oid roleoid;
4953 AclMode mode;
4954 AclResult aclresult;
4955
4956 roleoid = get_role_oid(NameStr(*rolename), false);
4957 mode = convert_role_priv_string(priv_type_text);
4958
4959 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4960
4961 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4962}

References ACLCHECK_OK, convert_role_priv_string(), fb(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_name()

Datum pg_has_role_name ( PG_FUNCTION_ARGS  )

Definition at line 4877 of file acl.c.

4878{
4879 Name rolename = PG_GETARG_NAME(0);
4880 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4881 Oid roleid;
4882 Oid roleoid;
4883 AclMode mode;
4884 AclResult aclresult;
4885
4886 roleid = GetUserId();
4887 roleoid = get_role_oid(NameStr(*rolename), false);
4888 mode = convert_role_priv_string(priv_type_text);
4889
4890 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4891
4892 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4893}

References ACLCHECK_OK, convert_role_priv_string(), fb(), get_role_oid(), GetUserId(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_name_id()

Datum pg_has_role_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4901 of file acl.c.

4902{
4903 Name username = PG_GETARG_NAME(0);
4904 Oid roleoid = PG_GETARG_OID(1);
4905 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4906 Oid roleid;
4907 AclMode mode;
4908 AclResult aclresult;
4909
4910 roleid = get_role_oid(NameStr(*username), false);
4911 mode = convert_role_priv_string(priv_type_text);
4912
4913 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4914
4915 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4916}

References ACLCHECK_OK, convert_role_priv_string(), fb(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, pg_role_aclcheck(), and username.

◆ pg_has_role_name_name()

Datum pg_has_role_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4851 of file acl.c.

4852{
4853 Name username = PG_GETARG_NAME(0);
4854 Name rolename = PG_GETARG_NAME(1);
4855 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4856 Oid roleid;
4857 Oid roleoid;
4858 AclMode mode;
4859 AclResult aclresult;
4860
4861 roleid = get_role_oid(NameStr(*username), false);
4862 roleoid = get_role_oid(NameStr(*rolename), false);
4863 mode = convert_role_priv_string(priv_type_text);
4864
4865 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4866
4867 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4868}

References ACLCHECK_OK, convert_role_priv_string(), fb(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, pg_role_aclcheck(), and username.

◆ pg_role_aclcheck()

static AclResult pg_role_aclcheck ( Oid  role_oid,
Oid  roleid,
AclMode  mode 
)
static

Definition at line 5023 of file acl.c.

5024{
5025 if (mode & ACL_GRANT_OPTION_FOR(ACL_CREATE))
5026 {
5027 if (is_admin_of_role(roleid, role_oid))
5028 return ACLCHECK_OK;
5029 }
5030 if (mode & ACL_CREATE)
5031 {
5032 if (is_member_of_role(roleid, role_oid))
5033 return ACLCHECK_OK;
5034 }
5035 if (mode & ACL_USAGE)
5036 {
5037 if (has_privs_of_role(roleid, role_oid))
5038 return ACLCHECK_OK;
5039 }
5040 if (mode & ACL_SET)
5041 {
5042 if (member_can_set_role(roleid, role_oid))
5043 return ACLCHECK_OK;
5044 }
5045 return ACLCHECK_NO_PRIV;
5046}
is_admin_of_role
bool is_admin_of_role(Oid member, Oid role)
Definition acl.c:5428
is_member_of_role
bool is_member_of_role(Oid member, Oid role)
Definition acl.c:5378
ACLCHECK_NO_PRIV
@ ACLCHECK_NO_PRIV
Definition acl.h:184

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_SET, ACL_USAGE, ACLCHECK_NO_PRIV, ACLCHECK_OK, fb(), has_privs_of_role(), is_admin_of_role(), is_member_of_role(), member_can_set_role(), and mode.

Referenced by pg_has_role_id(), pg_has_role_id_id(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), and pg_has_role_name_name().

◆ putid()

static void putid ( char p,
const char s 
)
static

Definition at line 223 of file acl.c.

224{
225 const char *src;
226 bool safe = true;
227
228 /* Detect whether we need to use double quotes */
229 for (src = s; *src; src++)
230 {
231 if (!is_safe_acl_char(*src, false))
232 {
233 safe = false;
234 break;
235 }
236 }
237 if (!safe)
238 *p++ = '"';
239 for (src = s; *src; src++)
240 {
241 /* A double quote character in a username is encoded as "" */
242 if (*src == '"')
243 *p++ = '"';
244 *p++ = *src;
245 }
246 if (!safe)
247 *p++ = '"';
248 *p = '\0';
249}

References fb(), and is_safe_acl_char().

Referenced by aclitemout().

◆ recursive_revoke()

static Acl * recursive_revoke ( Acl acl,
Oid  grantee,
AclMode  revoke_privs,
Oid  ownerId,
DropBehavior  behavior 
)
static

Definition at line 1315 of file acl.c.

1320{
1321 AclMode still_has;
1322 AclItem *aip;
1323 int i,
1324 num;
1325
1326 check_acl(acl);
1327
1328 /* The owner can never truly lose grant options, so short-circuit */
1329 if (grantee == ownerId)
1330 return acl;
1331
1332 /* The grantee might still have some grant options via another grantor */
1333 still_has = aclmask(acl, grantee, ownerId,
1334 ACL_GRANT_OPTION_FOR(revoke_privs),
1335 ACLMASK_ALL);
1336 revoke_privs &= ~ACL_OPTION_TO_PRIVS(still_has);
1337 if (revoke_privs == ACL_NO_RIGHTS)
1338 return acl;
1339
1340restart:
1341 num = ACL_NUM(acl);
1342 aip = ACL_DAT(acl);
1343 for (i = 0; i < num; i++)
1344 {
1345 if (aip[i].ai_grantor == grantee
1346 && (ACLITEM_GET_PRIVS(aip[i]) & revoke_privs) != 0)
1347 {
1348 AclItem mod_acl;
1349 Acl *new_acl;
1350
1351 if (behavior == DROP_RESTRICT)
1352 ereport(ERROR,
1353 (errcode(ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST),
1354 errmsg("dependent privileges exist"),
1355 errhint("Use CASCADE to revoke them too.")));
1356
1357 mod_acl.ai_grantor = grantee;
1358 mod_acl.ai_grantee = aip[i].ai_grantee;
1359 ACLITEM_SET_PRIVS_GOPTIONS(mod_acl,
1360 revoke_privs,
1361 revoke_privs);
1362
1363 new_acl = aclupdate(acl, &mod_acl, ACL_MODECHG_DEL,
1364 ownerId, behavior);
1365
1366 pfree(acl);
1367 acl = new_acl;
1368
1369 goto restart;
1370 }
1371 }
1372
1373 return acl;
1374}

References ACL_DAT, ACL_GRANT_OPTION_FOR, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACL_NUM, ACLITEM_GET_PRIVS, ACLITEM_SET_PRIVS_GOPTIONS, aclmask(), ACLMASK_ALL, aclupdate(), check_acl(), DROP_RESTRICT, ereport, errcode(), errhint(), errmsg, ERROR, fb(), i, and pfree().

Referenced by aclupdate().

◆ RoleMembershipCacheCallback()

static void RoleMembershipCacheCallback ( Datum  arg,
SysCacheIdentifier  cacheid,
uint32  hashvalue 
)
static

Definition at line 5083 of file acl.c.

5085{
5086 if (cacheid == DATABASEOID &&
5087 hashvalue != cached_db_hash &&
5088 hashvalue != 0)
5089 {
5090 return; /* ignore pg_database changes for other DBs */
5091 }
5092
5093 /* Force membership caches to be recomputed on next use */
5094 cached_role[ROLERECURSE_MEMBERS] = InvalidOid;
5095 cached_role[ROLERECURSE_PRIVS] = InvalidOid;
5096 cached_role[ROLERECURSE_SETROLE] = InvalidOid;
5097}
cached_role
static Oid cached_role[]
Definition acl.c:81

References cached_db_hash, cached_role, fb(), InvalidOid, ROLERECURSE_MEMBERS, ROLERECURSE_PRIVS, and ROLERECURSE_SETROLE.

Referenced by initialize_acl().

◆ roles_is_member_of()

static List * roles_is_member_of ( Oid  roleid,
enum RoleRecurseType  type,
Oid  admin_of,
Oid admin_role 
)
static

Definition at line 5166 of file acl.c.

5168{
5169 Oid dba;
5170 List *roles_list;
5171 ListCell *l;
5172 List *new_cached_roles;
5173 MemoryContext oldctx;
5174 bloom_filter *bf = NULL;
5175
5176 Assert(OidIsValid(admin_of) == (admin_role != NULL));
5177 if (admin_role != NULL)
5178 *admin_role = InvalidOid;
5179
5180 /* If cache is valid and ADMIN OPTION not sought, just return the list */
5181 if (cached_role[type] == roleid && !OidIsValid(admin_of) &&
5182 OidIsValid(cached_role[type]))
5183 return cached_roles[type];
5184
5185 /*
5186 * Role expansion happens in a non-database backend when guc.c checks
5187 * ROLE_PG_READ_ALL_SETTINGS for a physical walsender SHOW command. In
5188 * that case, no role gets pg_database_owner.
5189 */
5190 if (!OidIsValid(MyDatabaseId))
5191 dba = InvalidOid;
5192 else
5193 {
5194 HeapTuple dbtup;
5195
5196 dbtup = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(MyDatabaseId));
5197 if (!HeapTupleIsValid(dbtup))
5198 elog(ERROR, "cache lookup failed for database %u", MyDatabaseId);
5199 dba = ((Form_pg_database) GETSTRUCT(dbtup))->datdba;
5200 ReleaseSysCache(dbtup);
5201 }
5202
5203 /*
5204 * Find all the roles that roleid is a member of, including multi-level
5205 * recursion. The role itself will always be the first element of the
5206 * resulting list.
5207 *
5208 * Each element of the list is scanned to see if it adds any indirect
5209 * memberships. We can use a single list as both the record of
5210 * already-found memberships and the agenda of roles yet to be scanned.
5211 * This is a bit tricky but works because the foreach() macro doesn't
5212 * fetch the next list element until the bottom of the loop.
5213 */
5214 roles_list = list_make1_oid(roleid);
5215
5216 foreach(l, roles_list)
5217 {
5218 Oid memberid = lfirst_oid(l);
5219 CatCList *memlist;
5220 int i;
5221
5222 /* Find roles that memberid is directly a member of */
5223 memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
5224 ObjectIdGetDatum(memberid));
5225 for (i = 0; i < memlist->n_members; i++)
5226 {
5227 HeapTuple tup = &memlist->members[i]->tuple;
5228 Form_pg_auth_members form = (Form_pg_auth_members) GETSTRUCT(tup);
5229 Oid otherid = form->roleid;
5230
5231 /*
5232 * While otherid==InvalidOid shouldn't appear in the catalog, the
5233 * OidIsValid() avoids crashing if that arises.
5234 */
5235 if (otherid == admin_of && form->admin_option &&
5236 OidIsValid(admin_of) && !OidIsValid(*admin_role))
5237 *admin_role = memberid;
5238
5239 /* If we're supposed to ignore non-heritable grants, do so. */
5240 if (type == ROLERECURSE_PRIVS && !form->inherit_option)
5241 continue;
5242
5243 /* If we're supposed to ignore non-SET grants, do so. */
5244 if (type == ROLERECURSE_SETROLE && !form->set_option)
5245 continue;
5246
5247 /*
5248 * Even though there shouldn't be any loops in the membership
5249 * graph, we must test for having already seen this role. It is
5250 * legal for instance to have both A->B and A->C->B.
5251 */
5252 roles_list = roles_list_append(roles_list, &bf, otherid);
5253 }
5254 ReleaseSysCacheList(memlist);
5255
5256 /* implement pg_database_owner implicit membership */
5257 if (memberid == dba && OidIsValid(dba))
5258 roles_list = roles_list_append(roles_list, &bf,
5259 ROLE_PG_DATABASE_OWNER);
5260 }
5261
5262 /*
5263 * Free the Bloom filter created by roles_list_append(), if there is one.
5264 */
5265 if (bf)
5266 bloom_free(bf);
5267
5268 /*
5269 * Copy the completed list into TopMemoryContext so it will persist.
5270 */
5271 oldctx = MemoryContextSwitchTo(TopMemoryContext);
5272 new_cached_roles = list_copy(roles_list);
5273 MemoryContextSwitchTo(oldctx);
5274 list_free(roles_list);
5275
5276 /*
5277 * Now safe to assign to state variable
5278 */
5279 cached_role[type] = InvalidOid; /* just paranoia */
5280 list_free(cached_roles[type]);
5281 cached_roles[type] = new_cached_roles;
5282 cached_role[type] = roleid;
5283
5284 /* And now we can return the answer */
5285 return cached_roles[type];
5286}
roles_list_append
static List * roles_list_append(List *roles_list, bloom_filter **bf, Oid role)
Definition acl.c:5106
cached_roles
static List * cached_roles[]
Definition acl.c:82
bloom_free
void bloom_free(bloom_filter *filter)
Definition bloomfilter.c:126
list_copy
List * list_copy(const List *oldlist)
Definition list.c:1573
list_free
void list_free(List *list)
Definition list.c:1546
TopMemoryContext
MemoryContext TopMemoryContext
Definition mcxt.c:166
Form_pg_auth_members
END_CATALOG_STRUCT typedef FormData_pg_auth_members * Form_pg_auth_members
Definition pg_auth_members.h:63
Form_pg_database
END_CATALOG_STRUCT typedef FormData_pg_database * Form_pg_database
Definition pg_database.h:100
list_make1_oid
#define list_make1_oid(x1)
Definition pg_list.h:242
lfirst_oid
#define lfirst_oid(lc)
Definition pg_list.h:174
List
Definition pg_list.h:54
bloom_filter
Definition bloomfilter.c:45
ReleaseSysCacheList
#define ReleaseSysCacheList(x)
Definition syscache.h:134
SearchSysCacheList1
#define SearchSysCacheList1(cacheId, key1)
Definition syscache.h:127
type
const char * type
Definition wait_event_funcs.c:27

References Assert, bloom_free(), cached_role, cached_roles, elog, ERROR, fb(), Form_pg_auth_members, Form_pg_database, GETSTRUCT(), HeapTupleIsValid, i, InvalidOid, lfirst_oid, list_copy(), list_free(), list_make1_oid, MemoryContextSwitchTo(), MyDatabaseId, ObjectIdGetDatum(), OidIsValid, ReleaseSysCache(), ReleaseSysCacheList, ROLERECURSE_PRIVS, ROLERECURSE_SETROLE, roles_list_append(), SearchSysCache1(), SearchSysCacheList1, TopMemoryContext, and type.

Referenced by has_privs_of_role(), is_admin_of_role(), is_member_of_role(), is_member_of_role_nosuper(), member_can_set_role(), select_best_admin(), and select_best_grantor().

◆ roles_list_append()

static List * roles_list_append ( List roles_list,
bloom_filter **  bf,
Oid  role 
)
inlinestatic

Definition at line 5106 of file acl.c.

5107{
5108 unsigned char *roleptr = (unsigned char *) &role;
5109
5110 /*
5111 * If there is a previously-created Bloom filter, use it to try to
5112 * determine whether the role is missing from the list. If it says yes,
5113 * that's a hard fact and we can go ahead and add the role. If it says
5114 * no, that's only probabilistic and we'd better search the list. Without
5115 * a filter, we must always do an ordinary linear search through the
5116 * existing list.
5117 */
5118 if ((*bf && bloom_lacks_element(*bf, roleptr, sizeof(Oid))) ||
5119 !list_member_oid(roles_list, role))
5120 {
5121 /*
5122 * If the list is large, we take on the overhead of creating and
5123 * populating a Bloom filter to speed up future calls to this
5124 * function.
5125 */
5126 if (*bf == NULL &&
5127 list_length(roles_list) > ROLES_LIST_BLOOM_THRESHOLD)
5128 {
5129 *bf = bloom_create(ROLES_LIST_BLOOM_THRESHOLD * 10, work_mem, 0);
5130 foreach_oid(roleid, roles_list)
5131 bloom_add_element(*bf, (unsigned char *) &roleid, sizeof(Oid));
5132 }
5133
5134 /*
5135 * Finally, add the role to the list and the Bloom filter, if it
5136 * exists.
5137 */
5138 roles_list = lappend_oid(roles_list, role);
5139 if (*bf)
5140 bloom_add_element(*bf, roleptr, sizeof(Oid));
5141 }
5142
5143 return roles_list;
5144}
ROLES_LIST_BLOOM_THRESHOLD
#define ROLES_LIST_BLOOM_THRESHOLD
Definition acl.c:91
bloom_create
bloom_filter * bloom_create(int64 total_elems, int bloom_work_mem, uint64 seed)
Definition bloomfilter.c:87
bloom_lacks_element
bool bloom_lacks_element(bloom_filter *filter, unsigned char *elem, size_t len)
Definition bloomfilter.c:157
bloom_add_element
void bloom_add_element(bloom_filter *filter, unsigned char *elem, size_t len)
Definition bloomfilter.c:135
work_mem
int work_mem
Definition globals.c:131
lappend_oid
List * lappend_oid(List *list, Oid datum)
Definition list.c:375
list_length
static int list_length(const List *l)
Definition pg_list.h:152
foreach_oid
#define foreach_oid(var, lst)
Definition pg_list.h:471

References bloom_add_element(), bloom_create(), bloom_lacks_element(), fb(), foreach_oid, lappend_oid(), list_length(), list_member_oid(), ROLES_LIST_BLOOM_THRESHOLD, and work_mem.

Referenced by roles_is_member_of().

◆ select_best_admin()

Oid select_best_admin ( Oid  member,
Oid  role 
)

Definition at line 5453 of file acl.c.

5454{
5455 Oid admin_role;
5456
5457 /* By policy, a role cannot have WITH ADMIN OPTION on itself. */
5458 if (member == role)
5459 return InvalidOid;
5460
5461 (void) roles_is_member_of(member, ROLERECURSE_PRIVS, role, &admin_role);
5462 return admin_role;
5463}

References fb(), InvalidOid, ROLERECURSE_PRIVS, and roles_is_member_of().

Referenced by check_role_grantor().

◆ select_best_grantor()

void select_best_grantor ( Oid  roleId,
AclMode  privileges,
const Acl acl,
Oid  ownerId,
Oid grantorId,
AclMode grantOptions 
)

Definition at line 5490 of file acl.c.

5493{
5494 AclMode needed_goptions = ACL_GRANT_OPTION_FOR(privileges);
5495 List *roles_list;
5496 int nrights;
5497 ListCell *l;
5498
5499 /*
5500 * The object owner is always treated as having all grant options, so if
5501 * roleId is the owner it's easy. Also, if roleId is a superuser it's
5502 * easy: superusers are implicitly members of every role, so they act as
5503 * the object owner.
5504 */
5505 if (roleId == ownerId || superuser_arg(roleId))
5506 {
5507 *grantorId = ownerId;
5508 *grantOptions = needed_goptions;
5509 return;
5510 }
5511
5512 /*
5513 * Otherwise we have to do a careful search to see if roleId has the
5514 * privileges of any suitable role. Note: we can hang onto the result of
5515 * roles_is_member_of() throughout this loop, because aclmask_direct()
5516 * doesn't query any role memberships.
5517 */
5518 roles_list = roles_is_member_of(roleId, ROLERECURSE_PRIVS,
5519 InvalidOid, NULL);
5520
5521 /* initialize candidate result as default */
5522 *grantorId = roleId;
5523 *grantOptions = ACL_NO_RIGHTS;
5524 nrights = 0;
5525
5526 foreach(l, roles_list)
5527 {
5528 Oid otherrole = lfirst_oid(l);
5529 AclMode otherprivs;
5530
5531 otherprivs = aclmask_direct(acl, otherrole, ownerId,
5532 needed_goptions, ACLMASK_ALL);
5533 if (otherprivs == needed_goptions)
5534 {
5535 /* Found a suitable grantor */
5536 *grantorId = otherrole;
5537 *grantOptions = otherprivs;
5538 return;
5539 }
5540
5541 /*
5542 * If it has just some of the needed privileges, remember best
5543 * candidate.
5544 */
5545 if (otherprivs != ACL_NO_RIGHTS)
5546 {
5547 int nnewrights = pg_popcount64(otherprivs);
5548
5549 if (nnewrights > nrights)
5550 {
5551 *grantorId = otherrole;
5552 *grantOptions = otherprivs;
5553 nrights = nnewrights;
5554 }
5555 }
5556 }
5557}
aclmask_direct
static AclMode aclmask_direct(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Definition acl.c:1490
pg_popcount64
static int pg_popcount64(uint64 word)
Definition pg_bitutils.h:328

References ACL_GRANT_OPTION_FOR, ACL_NO_RIGHTS, ACLMASK_ALL, aclmask_direct(), fb(), InvalidOid, lfirst_oid, pg_popcount64(), ROLERECURSE_PRIVS, roles_is_member_of(), and superuser_arg().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), and ExecGrant_Relation().

Variable Documentation

◆ cached_db_hash

uint32 cached_db_hash
static

Definition at line 83 of file acl.c.

Referenced by initialize_acl(), and RoleMembershipCacheCallback().

◆ cached_role

Oid cached_role[] = {InvalidOid, InvalidOid, InvalidOid}
static

Definition at line 81 of file acl.c.

81{InvalidOid, InvalidOid, InvalidOid};

Referenced by RoleMembershipCacheCallback(), and roles_is_member_of().

◆ cached_roles

List* cached_roles[] = {NIL, NIL, NIL}
static

Definition at line 82 of file acl.c.

82{NIL, NIL, NIL};
NIL
#define NIL
Definition pg_list.h:68

Referenced by roles_is_member_of().