#include "postgres.h"
#include <ctype.h>
#include "access/htup_details.h"
#include "bootstrap/bootstrap.h"
#include "catalog/catalog.h"
#include "catalog/namespace.h"
#include "catalog/pg_auth_members.h"
#include "catalog/pg_authid.h"
#include "catalog/pg_class.h"
#include "catalog/pg_database.h"
#include "catalog/pg_foreign_data_wrapper.h"
#include "catalog/pg_foreign_server.h"
#include "catalog/pg_language.h"
#include "catalog/pg_largeobject.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_proc.h"
#include "catalog/pg_tablespace.h"
#include "catalog/pg_type.h"
#include "commands/proclang.h"
#include "commands/tablespace.h"
#include "common/hashfn.h"
#include "foreign/foreign.h"
#include "funcapi.h"
#include "lib/bloomfilter.h"
#include "lib/qunique.h"
#include "miscadmin.h"
#include "port/pg_bitutils.h"
#include "storage/large_object.h"
#include "utils/acl.h"
#include "utils/array.h"
#include "utils/builtins.h"
#include "utils/catcache.h"
#include "utils/inval.h"
#include "utils/lsyscache.h"
#include "utils/memutils.h"
#include "utils/snapmgr.h"
#include "utils/syscache.h"
#include "utils/varlena.h"

Include dependency graph for acl.c:

Data Structures
struct	priv_map

Macros
#define	ROLES_LIST_BLOOM_THRESHOLD 1024

Enumerations
enum	RoleRecurseType { ROLERECURSE_MEMBERS = 0 , ROLERECURSE_PRIVS = 1 , ROLERECURSE_SETROLE = 2 }

Functions
static const char *	getid (const char s, char n, Node *escontext)

static void	putid (char p, const char s)

static Acl *	allocacl (int n)

static void	check_acl (const Acl *acl)

static const char *	aclparse (const char s, AclItem aip, Node *escontext)

static bool	aclitem_match (const AclItem a1, const AclItem a2)

static int	aclitemComparator (const void arg1, const void arg2)

static void	check_circularity (const Acl old_acl, const AclItem mod_aip, Oid ownerId)

static Acl *	recursive_revoke (Acl *acl, Oid grantee, AclMode revoke_privs, Oid ownerId, DropBehavior behavior)

static AclMode	convert_any_priv_string (text priv_type_text, const priv_map privileges)

static Oid	convert_table_name (text *tablename)

static AclMode	convert_table_priv_string (text *priv_type_text)

static AclMode	convert_sequence_priv_string (text *priv_type_text)

static AttrNumber	convert_column_name (Oid tableoid, text *column)

static AclMode	convert_column_priv_string (text *priv_type_text)

static Oid	convert_database_name (text *databasename)

static AclMode	convert_database_priv_string (text *priv_type_text)

static Oid	convert_foreign_data_wrapper_name (text *fdwname)

static AclMode	convert_foreign_data_wrapper_priv_string (text *priv_type_text)

static Oid	convert_function_name (text *functionname)

static AclMode	convert_function_priv_string (text *priv_type_text)

static Oid	convert_language_name (text *languagename)

static AclMode	convert_language_priv_string (text *priv_type_text)

static Oid	convert_schema_name (text *schemaname)

static AclMode	convert_schema_priv_string (text *priv_type_text)

static Oid	convert_server_name (text *servername)

static AclMode	convert_server_priv_string (text *priv_type_text)

static Oid	convert_tablespace_name (text *tablespacename)

static AclMode	convert_tablespace_priv_string (text *priv_type_text)

static Oid	convert_type_name (text *typename)

static AclMode	convert_type_priv_string (text *priv_type_text)

static AclMode	convert_parameter_priv_string (text *priv_text)

static AclMode	convert_largeobject_priv_string (text *priv_type_text)

static AclMode	convert_role_priv_string (text *priv_type_text)

static AclResult	pg_role_aclcheck (Oid role_oid, Oid roleid, AclMode mode)

static void	RoleMembershipCacheCallback (Datum arg, SysCacheIdentifier cacheid, uint32 hashvalue)

static bool	is_safe_acl_char (unsigned char c, bool is_getid)

Acl *	make_empty_acl (void)

Acl *	aclcopy (const Acl *orig_acl)

Acl *	aclconcat (const Acl left_acl, const Acl right_acl)

Acl *	aclmerge (const Acl left_acl, const Acl right_acl, Oid ownerId)

void	aclitemsort (Acl *acl)

bool	aclequal (const Acl left_acl, const Acl right_acl)

Datum	aclitemin (PG_FUNCTION_ARGS)

Datum	aclitemout (PG_FUNCTION_ARGS)

Datum	aclitem_eq (PG_FUNCTION_ARGS)

Datum	hash_aclitem (PG_FUNCTION_ARGS)

Datum	hash_aclitem_extended (PG_FUNCTION_ARGS)

Acl *	acldefault (ObjectType objtype, Oid ownerId)

Datum	acldefault_sql (PG_FUNCTION_ARGS)

Acl *	aclupdate (const Acl old_acl, const AclItem mod_aip, int modechg, Oid ownerId, DropBehavior behavior)

Acl *	aclnewowner (const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)

AclMode	aclmask (const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)

static AclMode	aclmask_direct (const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)

int	aclmembers (const Acl acl, Oid *roleids)

Datum	aclinsert (PG_FUNCTION_ARGS)

Datum	aclremove (PG_FUNCTION_ARGS)

Datum	aclcontains (PG_FUNCTION_ARGS)

Datum	makeaclitem (PG_FUNCTION_ARGS)

static const char *	convert_aclright_to_string (int aclright)

Datum	aclexplode (PG_FUNCTION_ARGS)

Datum	has_table_privilege_name_name (PG_FUNCTION_ARGS)

Datum	has_table_privilege_name (PG_FUNCTION_ARGS)

Datum	has_table_privilege_name_id (PG_FUNCTION_ARGS)

Datum	has_table_privilege_id (PG_FUNCTION_ARGS)

Datum	has_table_privilege_id_name (PG_FUNCTION_ARGS)

Datum	has_table_privilege_id_id (PG_FUNCTION_ARGS)

Datum	has_sequence_privilege_name_name (PG_FUNCTION_ARGS)

Datum	has_sequence_privilege_name (PG_FUNCTION_ARGS)

Datum	has_sequence_privilege_name_id (PG_FUNCTION_ARGS)

Datum	has_sequence_privilege_id (PG_FUNCTION_ARGS)

Datum	has_sequence_privilege_id_name (PG_FUNCTION_ARGS)

Datum	has_sequence_privilege_id_id (PG_FUNCTION_ARGS)

Datum	has_any_column_privilege_name_name (PG_FUNCTION_ARGS)

Datum	has_any_column_privilege_name (PG_FUNCTION_ARGS)

Datum	has_any_column_privilege_name_id (PG_FUNCTION_ARGS)

Datum	has_any_column_privilege_id (PG_FUNCTION_ARGS)

Datum	has_any_column_privilege_id_name (PG_FUNCTION_ARGS)

Datum	has_any_column_privilege_id_id (PG_FUNCTION_ARGS)

static int	column_privilege_check (Oid tableoid, AttrNumber attnum, Oid roleid, AclMode mode)

Datum	has_column_privilege_name_name_name (PG_FUNCTION_ARGS)

Datum	has_column_privilege_name_name_attnum (PG_FUNCTION_ARGS)

Datum	has_column_privilege_name_id_name (PG_FUNCTION_ARGS)

Datum	has_column_privilege_name_id_attnum (PG_FUNCTION_ARGS)

Datum	has_column_privilege_id_name_name (PG_FUNCTION_ARGS)

Datum	has_column_privilege_id_name_attnum (PG_FUNCTION_ARGS)

Datum	has_column_privilege_id_id_name (PG_FUNCTION_ARGS)

Datum	has_column_privilege_id_id_attnum (PG_FUNCTION_ARGS)

Datum	has_column_privilege_name_name (PG_FUNCTION_ARGS)

Datum	has_column_privilege_name_attnum (PG_FUNCTION_ARGS)

Datum	has_column_privilege_id_name (PG_FUNCTION_ARGS)

Datum	has_column_privilege_id_attnum (PG_FUNCTION_ARGS)

Datum	has_database_privilege_name_name (PG_FUNCTION_ARGS)

Datum	has_database_privilege_name (PG_FUNCTION_ARGS)

Datum	has_database_privilege_name_id (PG_FUNCTION_ARGS)

Datum	has_database_privilege_id (PG_FUNCTION_ARGS)

Datum	has_database_privilege_id_name (PG_FUNCTION_ARGS)

Datum	has_database_privilege_id_id (PG_FUNCTION_ARGS)

Datum	has_foreign_data_wrapper_privilege_name_name (PG_FUNCTION_ARGS)

Datum	has_foreign_data_wrapper_privilege_name (PG_FUNCTION_ARGS)

Datum	has_foreign_data_wrapper_privilege_name_id (PG_FUNCTION_ARGS)

Datum	has_foreign_data_wrapper_privilege_id (PG_FUNCTION_ARGS)

Datum	has_foreign_data_wrapper_privilege_id_name (PG_FUNCTION_ARGS)

Datum	has_foreign_data_wrapper_privilege_id_id (PG_FUNCTION_ARGS)

Datum	has_function_privilege_name_name (PG_FUNCTION_ARGS)

Datum	has_function_privilege_name (PG_FUNCTION_ARGS)

Datum	has_function_privilege_name_id (PG_FUNCTION_ARGS)

Datum	has_function_privilege_id (PG_FUNCTION_ARGS)

Datum	has_function_privilege_id_name (PG_FUNCTION_ARGS)

Datum	has_function_privilege_id_id (PG_FUNCTION_ARGS)

Datum	has_language_privilege_name_name (PG_FUNCTION_ARGS)

Datum	has_language_privilege_name (PG_FUNCTION_ARGS)

Datum	has_language_privilege_name_id (PG_FUNCTION_ARGS)

Datum	has_language_privilege_id (PG_FUNCTION_ARGS)

Datum	has_language_privilege_id_name (PG_FUNCTION_ARGS)

Datum	has_language_privilege_id_id (PG_FUNCTION_ARGS)

Datum	has_schema_privilege_name_name (PG_FUNCTION_ARGS)

Datum	has_schema_privilege_name (PG_FUNCTION_ARGS)

Datum	has_schema_privilege_name_id (PG_FUNCTION_ARGS)

Datum	has_schema_privilege_id (PG_FUNCTION_ARGS)

Datum	has_schema_privilege_id_name (PG_FUNCTION_ARGS)

Datum	has_schema_privilege_id_id (PG_FUNCTION_ARGS)

Datum	has_server_privilege_name_name (PG_FUNCTION_ARGS)

Datum	has_server_privilege_name (PG_FUNCTION_ARGS)

Datum	has_server_privilege_name_id (PG_FUNCTION_ARGS)

Datum	has_server_privilege_id (PG_FUNCTION_ARGS)

Datum	has_server_privilege_id_name (PG_FUNCTION_ARGS)

Datum	has_server_privilege_id_id (PG_FUNCTION_ARGS)

Datum	has_tablespace_privilege_name_name (PG_FUNCTION_ARGS)

Datum	has_tablespace_privilege_name (PG_FUNCTION_ARGS)

Datum	has_tablespace_privilege_name_id (PG_FUNCTION_ARGS)

Datum	has_tablespace_privilege_id (PG_FUNCTION_ARGS)

Datum	has_tablespace_privilege_id_name (PG_FUNCTION_ARGS)

Datum	has_tablespace_privilege_id_id (PG_FUNCTION_ARGS)

Datum	has_type_privilege_name_name (PG_FUNCTION_ARGS)

Datum	has_type_privilege_name (PG_FUNCTION_ARGS)

Datum	has_type_privilege_name_id (PG_FUNCTION_ARGS)

Datum	has_type_privilege_id (PG_FUNCTION_ARGS)

Datum	has_type_privilege_id_name (PG_FUNCTION_ARGS)

Datum	has_type_privilege_id_id (PG_FUNCTION_ARGS)

static bool	has_param_priv_byname (Oid roleid, const text *parameter, AclMode priv)

Datum	has_parameter_privilege_name_name (PG_FUNCTION_ARGS)

Datum	has_parameter_privilege_name (PG_FUNCTION_ARGS)

Datum	has_parameter_privilege_id_name (PG_FUNCTION_ARGS)

static bool	has_lo_priv_byid (Oid roleid, Oid lobjId, AclMode priv, bool *is_missing)

Datum	has_largeobject_privilege_name_id (PG_FUNCTION_ARGS)

Datum	has_largeobject_privilege_id (PG_FUNCTION_ARGS)

Datum	has_largeobject_privilege_id_id (PG_FUNCTION_ARGS)

Datum	pg_has_role_name_name (PG_FUNCTION_ARGS)

Datum	pg_has_role_name (PG_FUNCTION_ARGS)

Datum	pg_has_role_name_id (PG_FUNCTION_ARGS)

Datum	pg_has_role_id (PG_FUNCTION_ARGS)

Datum	pg_has_role_id_name (PG_FUNCTION_ARGS)

Datum	pg_has_role_id_id (PG_FUNCTION_ARGS)

void	initialize_acl (void)

static List *	roles_list_append (List roles_list, bloom_filter *bf, Oid role)

static List *	roles_is_member_of (Oid roleid, enum RoleRecurseType type, Oid admin_of, Oid *admin_role)

bool	has_privs_of_role (Oid member, Oid role)

bool	member_can_set_role (Oid member, Oid role)

void	check_can_set_role (Oid member, Oid role)

bool	is_member_of_role (Oid member, Oid role)

bool	is_member_of_role_nosuper (Oid member, Oid role)

bool	is_admin_of_role (Oid member, Oid role)

Oid	select_best_admin (Oid member, Oid role)

void	select_best_grantor (const RoleSpec grantedBy, AclMode privileges, const Acl acl, Oid ownerId, Oid grantorId, AclMode grantOptions)

Oid	get_role_oid (const char *rolname, bool missing_ok)

Oid	get_role_oid_or_public (const char *rolname)

Oid	get_rolespec_oid (const RoleSpec *role, bool missing_ok)

HeapTuple	get_rolespec_tuple (const RoleSpec *role)

char *	get_rolespec_name (const RoleSpec *role)

void	check_rolespec_name (const RoleSpec role, const char detail_msg)

Variables
static Oid	cached_role [] = {InvalidOid, InvalidOid, InvalidOid}

static List *	cached_roles [] = {NIL, NIL, NIL}

static uint32	cached_db_hash

Macro Definition Documentation

◆ ROLES_LIST_BLOOM_THRESHOLD

#define ROLES_LIST_BLOOM_THRESHOLD 1024

Definition at line 92 of file acl.c.

Enumeration Type Documentation

◆ RoleRecurseType

enum RoleRecurseType

Enumerator
ROLERECURSE_MEMBERS
ROLERECURSE_PRIVS
ROLERECURSE_SETROLE

Definition at line 76 of file acl.c.

{
    ROLERECURSE_MEMBERS = 0,    /* recurse unconditionally */
    ROLERECURSE_PRIVS = 1,      /* recurse through inheritable grants */
    ROLERECURSE_SETROLE = 2     /* recurse through grants with set_option */
};

Function Documentation

◆ aclconcat()

Acl * aclconcat	(	const Acl *	left_acl,
		const Acl *	right_acl
	)

Definition at line 491 of file acl.c.

{
    Acl        *result_acl;
 
    result_acl = allocacl(ACL_NUM(left_acl) + ACL_NUM(right_acl));
 
    memcpy(ACL_DAT(result_acl),
           ACL_DAT(left_acl),
           ACL_NUM(left_acl) * sizeof(AclItem));
 
    memcpy(ACL_DAT(result_acl) + ACL_NUM(left_acl),
           ACL_DAT(right_acl),
           ACL_NUM(right_acl) * sizeof(AclItem));
 
    return result_acl;
}

References ACL_DAT, ACL_NUM, allocacl(), and fb().

Referenced by ExecGrant_Attribute().

◆ aclcontains()

Datum aclcontains ( PG_FUNCTION_ARGS )

Definition at line 1640 of file acl.c.

{
    Acl        *acl = PG_GETARG_ACL_P(0);
    AclItem    *aip = PG_GETARG_ACLITEM_P(1);
    AclItem    *aidat;
    int         i,
                num;
 
    check_acl(acl);
    num = ACL_NUM(acl);
    aidat = ACL_DAT(acl);
    for (i = 0; i < num; ++i)
    {
        if (aip->ai_grantee == aidat[i].ai_grantee &&
            aip->ai_grantor == aidat[i].ai_grantor &&
            (ACLITEM_GET_RIGHTS(*aip) & ACLITEM_GET_RIGHTS(aidat[i])) == ACLITEM_GET_RIGHTS(*aip))
            PG_RETURN_BOOL(true);
    }
    PG_RETURN_BOOL(false);
}

References ACL_DAT, ACL_NUM, ACLITEM_GET_RIGHTS, check_acl(), fb(), i, PG_GETARG_ACL_P, PG_GETARG_ACLITEM_P, and PG_RETURN_BOOL.

◆ aclcopy()

Acl * aclcopy ( const Acl * orig_acl )

Definition at line 471 of file acl.c.

{
    Acl        *result_acl;
 
    result_acl = allocacl(ACL_NUM(orig_acl));
 
    memcpy(ACL_DAT(result_acl),
           ACL_DAT(orig_acl),
           ACL_NUM(orig_acl) * sizeof(AclItem));
 
    return result_acl;
}

References ACL_DAT, ACL_NUM, allocacl(), and fb().

Referenced by aclmerge(), ExecGrant_Relation(), and SetDefaultACL().

◆ acldefault()

Acl * acldefault	(	ObjectType	objtype,
		Oid	ownerId
	)

Definition at line 827 of file acl.c.

{
    AclMode     world_default;
    AclMode     owner_default;
    int         nacl;
    Acl        *acl;
    AclItem    *aip;
 
    switch (objtype)
    {
        case OBJECT_COLUMN:
            /* by default, columns have no extra privileges */
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_NO_RIGHTS;
            break;
        case OBJECT_TABLE:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_RELATION;
            break;
        case OBJECT_SEQUENCE:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_SEQUENCE;
            break;
        case OBJECT_DATABASE:
            /* for backwards compatibility, grant some rights by default */
            world_default = ACL_CREATE_TEMP | ACL_CONNECT;
            owner_default = ACL_ALL_RIGHTS_DATABASE;
            break;
        case OBJECT_FUNCTION:
            /* Grant EXECUTE by default, for now */
            world_default = ACL_EXECUTE;
            owner_default = ACL_ALL_RIGHTS_FUNCTION;
            break;
        case OBJECT_LANGUAGE:
            /* Grant USAGE by default, for now */
            world_default = ACL_USAGE;
            owner_default = ACL_ALL_RIGHTS_LANGUAGE;
            break;
        case OBJECT_LARGEOBJECT:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_LARGEOBJECT;
            break;
        case OBJECT_SCHEMA:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_SCHEMA;
            break;
        case OBJECT_TABLESPACE:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_TABLESPACE;
            break;
        case OBJECT_FDW:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_FDW;
            break;
        case OBJECT_FOREIGN_SERVER:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_FOREIGN_SERVER;
            break;
        case OBJECT_DOMAIN:
        case OBJECT_TYPE:
            world_default = ACL_USAGE;
            owner_default = ACL_ALL_RIGHTS_TYPE;
            break;
        case OBJECT_PARAMETER_ACL:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_PARAMETER_ACL;
            break;
        case OBJECT_PROPGRAPH:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_PROPGRAPH;
            break;
        default:
            elog(ERROR, "unrecognized object type: %d", (int) objtype);
            world_default = ACL_NO_RIGHTS;  /* keep compiler quiet */
            owner_default = ACL_NO_RIGHTS;
            break;
    }
 
    nacl = 0;
    if (world_default != ACL_NO_RIGHTS)
        nacl++;
    if (owner_default != ACL_NO_RIGHTS)
        nacl++;
 
    acl = allocacl(nacl);
    aip = ACL_DAT(acl);
 
    if (world_default != ACL_NO_RIGHTS)
    {
        aip->ai_grantee = ACL_ID_PUBLIC;
        aip->ai_grantor = ownerId;
        ACLITEM_SET_PRIVS_GOPTIONS(*aip, world_default, ACL_NO_RIGHTS);
        aip++;
    }
 
    /*
     * Note that the owner's entry shows all ordinary privileges but no grant
     * options.  This is because his grant options come "from the system" and
     * not from his own efforts.  (The SQL spec says that the owner's rights
     * come from a "_SYSTEM" authid.)  However, we do consider that the
     * owner's ordinary privileges are self-granted; this lets him revoke
     * them.  We implement the owner's grant options without any explicit
     * "_SYSTEM"-like ACL entry, by internally special-casing the owner
     * wherever we are testing grant options.
     */
    if (owner_default != ACL_NO_RIGHTS)
    {
        aip->ai_grantee = ownerId;
        aip->ai_grantor = ownerId;
        ACLITEM_SET_PRIVS_GOPTIONS(*aip, owner_default, ACL_NO_RIGHTS);
    }
 
    return acl;
}

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_LARGEOBJECT, ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_ALL_RIGHTS_PROPGRAPH, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, ACL_CONNECT, ACL_CREATE_TEMP, ACL_DAT, ACL_EXECUTE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, ACL_USAGE, ACLITEM_SET_PRIVS_GOPTIONS, allocacl(), elog, ERROR, fb(), OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_PROPGRAPH, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, and OBJECT_TYPE.

Referenced by acldefault_sql(), buildDefaultACLCommands(), dumpACL(), dumpRoleGUCPrivs(), dumpTable(), dumpTablespaces(), ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), get_user_default_acl(), object_aclmask_ext(), pg_class_aclmask_ext(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask_ext(), pg_parameter_acl_aclmask(), pg_parameter_aclmask(), pg_type_aclmask_ext(), and SetDefaultACL().

◆ acldefault_sql()

Datum acldefault_sql ( PG_FUNCTION_ARGS )

Definition at line 948 of file acl.c.

{
    char        objtypec = PG_GETARG_CHAR(0);
    Oid         owner = PG_GETARG_OID(1);
    ObjectType  objtype = 0;
 
    switch (objtypec)
    {
        case 'c':
            objtype = OBJECT_COLUMN;
            break;
        case 'r':
            objtype = OBJECT_TABLE;
            break;
        case 's':
            objtype = OBJECT_SEQUENCE;
            break;
        case 'd':
            objtype = OBJECT_DATABASE;
            break;
        case 'f':
            objtype = OBJECT_FUNCTION;
            break;
        case 'l':
            objtype = OBJECT_LANGUAGE;
            break;
        case 'L':
            objtype = OBJECT_LARGEOBJECT;
            break;
        case 'n':
            objtype = OBJECT_SCHEMA;
            break;
        case 'p':
            objtype = OBJECT_PARAMETER_ACL;
            break;
        case 't':
            objtype = OBJECT_TABLESPACE;
            break;
        case 'F':
            objtype = OBJECT_FDW;
            break;
        case 'S':
            objtype = OBJECT_FOREIGN_SERVER;
            break;
        case 'T':
            objtype = OBJECT_TYPE;
            break;
        default:
            elog(ERROR, "unrecognized object type abbreviation: %c", objtypec);
    }
 
    PG_RETURN_ACL_P(acldefault(objtype, owner));
}

References acldefault(), elog, ERROR, fb(), OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, PG_GETARG_CHAR, PG_GETARG_OID, and PG_RETURN_ACL_P.

◆ aclequal()

bool aclequal	(	const Acl *	left_acl,
		const Acl *	right_acl
	)

Definition at line 573 of file acl.c.

{
    /* Check for cases where one or both are empty/null */
    if (left_acl == NULL || ACL_NUM(left_acl) == 0)
    {
        if (right_acl == NULL || ACL_NUM(right_acl) == 0)
            return true;
        else
            return false;
    }
    else
    {
        if (right_acl == NULL || ACL_NUM(right_acl) == 0)
            return false;
    }
 
    if (ACL_NUM(left_acl) != ACL_NUM(right_acl))
        return false;
 
    if (memcmp(ACL_DAT(left_acl),
               ACL_DAT(right_acl),
               ACL_NUM(left_acl) * sizeof(AclItem)) == 0)
        return true;
 
    return false;
}

References ACL_DAT, ACL_NUM, and fb().

Referenced by ExecGrant_Parameter(), get_user_default_acl(), and SetDefaultACL().

◆ aclexplode()

Datum aclexplode ( PG_FUNCTION_ARGS )

Definition at line 1818 of file acl.c.

{
    Acl        *acl = PG_GETARG_ACL_P(0);
    FuncCallContext *funcctx;
    int        *idx;
    AclItem    *aidat;
 
    if (SRF_IS_FIRSTCALL())
    {
        TupleDesc   tupdesc;
        MemoryContext oldcontext;
 
        check_acl(acl);
 
        funcctx = SRF_FIRSTCALL_INIT();
        oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
 
        /*
         * build tupdesc for result tuples (matches out parameters in pg_proc
         * entry)
         */
        tupdesc = CreateTemplateTupleDesc(4);
        TupleDescInitEntry(tupdesc, (AttrNumber) 1, "grantor",
                           OIDOID, -1, 0);
        TupleDescInitEntry(tupdesc, (AttrNumber) 2, "grantee",
                           OIDOID, -1, 0);
        TupleDescInitEntry(tupdesc, (AttrNumber) 3, "privilege_type",
                           TEXTOID, -1, 0);
        TupleDescInitEntry(tupdesc, (AttrNumber) 4, "is_grantable",
                           BOOLOID, -1, 0);
 
        TupleDescFinalize(tupdesc);
        funcctx->tuple_desc = BlessTupleDesc(tupdesc);
 
        /* allocate memory for user context */
        idx = palloc_array(int, 2);
        idx[0] = 0;             /* ACL array item index */
        idx[1] = -1;            /* privilege type counter */
        funcctx->user_fctx = idx;
 
        MemoryContextSwitchTo(oldcontext);
    }
 
    funcctx = SRF_PERCALL_SETUP();
    idx = (int *) funcctx->user_fctx;
    aidat = ACL_DAT(acl);
 
    /* need test here in case acl has no items */
    while (idx[0] < ACL_NUM(acl))
    {
        AclItem    *aidata;
        AclMode     priv_bit;
 
        idx[1]++;
        if (idx[1] == N_ACL_RIGHTS)
        {
            idx[1] = 0;
            idx[0]++;
            if (idx[0] >= ACL_NUM(acl)) /* done */
                break;
        }
        aidata = &aidat[idx[0]];
        priv_bit = UINT64CONST(1) << idx[1];
 
        if (ACLITEM_GET_PRIVS(*aidata) & priv_bit)
        {
            Datum       result;
            Datum       values[4];
            bool        nulls[4] = {0};
            HeapTuple   tuple;
 
            values[0] = ObjectIdGetDatum(aidata->ai_grantor);
            values[1] = ObjectIdGetDatum(aidata->ai_grantee);
            values[2] = CStringGetTextDatum(convert_aclright_to_string(priv_bit));
            values[3] = BoolGetDatum((ACLITEM_GET_GOPTIONS(*aidata) & priv_bit) != 0);
 
            tuple = heap_form_tuple(funcctx->tuple_desc, values, nulls);
            result = HeapTupleGetDatum(tuple);
 
            SRF_RETURN_NEXT(funcctx, result);
        }
    }
 
    SRF_RETURN_DONE(funcctx);
}

References ACL_DAT, ACL_NUM, ACLITEM_GET_GOPTIONS, ACLITEM_GET_PRIVS, BlessTupleDesc(), BoolGetDatum(), check_acl(), convert_aclright_to_string(), CreateTemplateTupleDesc(), CStringGetTextDatum, fb(), heap_form_tuple(), HeapTupleGetDatum(), idx(), MemoryContextSwitchTo(), N_ACL_RIGHTS, ObjectIdGetDatum(), palloc_array, PG_GETARG_ACL_P, SRF_FIRSTCALL_INIT, SRF_IS_FIRSTCALL, SRF_PERCALL_SETUP, SRF_RETURN_DONE, SRF_RETURN_NEXT, TupleDescFinalize(), TupleDescInitEntry(), UINT64CONST, and values.

◆ aclinsert()

Datum aclinsert ( PG_FUNCTION_ARGS )

Definition at line 1620 of file acl.c.

{
    ereport(ERROR,
            (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
             errmsg("aclinsert is no longer supported")));
 
    PG_RETURN_NULL();           /* keep compiler quiet */
}

References ereport, errcode(), errmsg, ERROR, fb(), and PG_RETURN_NULL.

◆ aclitem_eq()

Datum aclitem_eq ( PG_FUNCTION_ARGS )

Definition at line 772 of file acl.c.

{
    AclItem    *a1 = PG_GETARG_ACLITEM_P(0);
    AclItem    *a2 = PG_GETARG_ACLITEM_P(1);
    bool        result;
 
    result = a1->ai_privs == a2->ai_privs &&
        a1->ai_grantee == a2->ai_grantee &&
        a1->ai_grantor == a2->ai_grantor;
    PG_RETURN_BOOL(result);
}

References a1, a2, PG_GETARG_ACLITEM_P, and PG_RETURN_BOOL.

◆ aclitem_match()

static bool aclitem_match	(	const AclItem *	a1,
		const AclItem *	a2
	)

static

Definition at line 737 of file acl.c.

{
    return a1->ai_grantee == a2->ai_grantee &&
        a1->ai_grantor == a2->ai_grantor;
}

References a1, and a2.

Referenced by aclnewowner(), and aclupdate().

◆ aclitemComparator()

static int aclitemComparator	(	const void *	arg1,
		const void *	arg2
	)

static

Definition at line 748 of file acl.c.

{
    const AclItem *a1 = (const AclItem *) arg1;
    const AclItem *a2 = (const AclItem *) arg2;
 
    if (a1->ai_grantee > a2->ai_grantee)
        return 1;
    if (a1->ai_grantee < a2->ai_grantee)
        return -1;
    if (a1->ai_grantor > a2->ai_grantor)
        return 1;
    if (a1->ai_grantor < a2->ai_grantor)
        return -1;
    if (a1->ai_privs > a2->ai_privs)
        return 1;
    if (a1->ai_privs < a2->ai_privs)
        return -1;
    return 0;
}

References a1, a2, and fb().

Referenced by aclitemsort().

◆ aclitemin()

Datum aclitemin ( PG_FUNCTION_ARGS )

Definition at line 629 of file acl.c.

{
    const char *s = PG_GETARG_CSTRING(0);
    Node       *escontext = fcinfo->context;
    AclItem    *aip;
 
    aip = palloc_object(AclItem);
 
    s = aclparse(s, aip, escontext);
    if (s == NULL)
        PG_RETURN_NULL();
 
    while (isspace((unsigned char) *s))
        ++s;
    if (*s)
        ereturn(escontext, (Datum) 0,
                (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
                 errmsg("extra garbage at the end of the ACL specification")));
 
    PG_RETURN_ACLITEM_P(aip);
}

References aclparse(), ereturn, errcode(), errmsg, fb(), palloc_object, PG_GETARG_CSTRING, PG_RETURN_ACLITEM_P, and PG_RETURN_NULL.

◆ aclitemout()

Datum aclitemout ( PG_FUNCTION_ARGS )

Definition at line 664 of file acl.c.

{
    AclItem    *aip = PG_GETARG_ACLITEM_P(0);
    char       *p;
    char       *out;
    HeapTuple   htup;
    unsigned    i;
 
    out = palloc(strlen("=/") +
                 2 * N_ACL_RIGHTS +
                 2 * (2 * NAMEDATALEN + 2) +
                 1);
 
    p = out;
    *p = '\0';
 
    if (aip->ai_grantee != ACL_ID_PUBLIC)
    {
        if (!IsBootstrapProcessingMode())
            htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantee));
        else
            htup = NULL;
        if (HeapTupleIsValid(htup))
        {
            putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
            ReleaseSysCache(htup);
        }
        else
        {
            /* No such entry, or bootstrap mode: print numeric OID */
            sprintf(p, "%u", aip->ai_grantee);
        }
    }
    while (*p)
        ++p;
 
    *p++ = '=';
 
    for (i = 0; i < N_ACL_RIGHTS; ++i)
    {
        if (ACLITEM_GET_PRIVS(*aip) & (UINT64CONST(1) << i))
            *p++ = ACL_ALL_RIGHTS_STR[i];
        if (ACLITEM_GET_GOPTIONS(*aip) & (UINT64CONST(1) << i))
            *p++ = '*';
    }
 
    *p++ = '/';
    *p = '\0';
 
    if (!IsBootstrapProcessingMode())
        htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantor));
    else
        htup = NULL;
    if (HeapTupleIsValid(htup))
    {
        putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
        ReleaseSysCache(htup);
    }
    else
    {
        /* No such entry, or bootstrap mode: print numeric OID */
        sprintf(p, "%u", aip->ai_grantor);
    }
 
    PG_RETURN_CSTRING(out);
}

References ACL_ALL_RIGHTS_STR, ACL_ID_PUBLIC, ACLITEM_GET_GOPTIONS, ACLITEM_GET_PRIVS, fb(), Form_pg_authid, GETSTRUCT(), HeapTupleIsValid, i, IsBootstrapProcessingMode, N_ACL_RIGHTS, NAMEDATALEN, NameStr, ObjectIdGetDatum(), palloc(), PG_GETARG_ACLITEM_P, PG_RETURN_CSTRING, putid(), ReleaseSysCache(), rolname, SearchSysCache1(), sprintf, and UINT64CONST.

◆ aclitemsort()

void aclitemsort ( Acl * acl )

Definition at line 559 of file acl.c.

{
    if (acl != NULL && ACL_NUM(acl) > 1)
        qsort(ACL_DAT(acl), ACL_NUM(acl), sizeof(AclItem), aclitemComparator);
}

References ACL_DAT, ACL_NUM, aclitemComparator(), fb(), and qsort.

Referenced by get_user_default_acl(), and SetDefaultACL().

◆ aclmask()

AclMode aclmask	(	const Acl *	acl,
		Oid	roleid,
		Oid	ownerId,
		AclMode	mask,
		AclMaskHow	how
	)

Definition at line 1416 of file acl.c.

{
    AclMode     result;
    AclMode     remaining;
    AclItem    *aidat;
    int         i,
                num;
 
    /*
     * Null ACL should not happen, since caller should have inserted
     * appropriate default
     */
    if (acl == NULL)
        elog(ERROR, "null ACL");
 
    check_acl(acl);
 
    /* Quick exit for mask == 0 */
    if (mask == 0)
        return 0;
 
    result = 0;
 
    /* Owner always implicitly has all grant options */
    if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
        has_privs_of_role(roleid, ownerId))
    {
        result = mask & ACLITEM_ALL_GOPTION_BITS;
        if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
            return result;
    }
 
    num = ACL_NUM(acl);
    aidat = ACL_DAT(acl);
 
    /*
     * Check privileges granted directly to roleid or to public
     */
    for (i = 0; i < num; i++)
    {
        AclItem    *aidata = &aidat[i];
 
        if (aidata->ai_grantee == ACL_ID_PUBLIC ||
            aidata->ai_grantee == roleid)
        {
            result |= aidata->ai_privs & mask;
            if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
                return result;
        }
    }
 
    /*
     * Check privileges granted indirectly via role memberships. We do this in
     * a separate pass to minimize expensive indirect membership tests.  In
     * particular, it's worth testing whether a given ACL entry grants any
     * privileges still of interest before we perform the has_privs_of_role
     * test.
     */
    remaining = mask & ~result;
    for (i = 0; i < num; i++)
    {
        AclItem    *aidata = &aidat[i];
 
        if (aidata->ai_grantee == ACL_ID_PUBLIC ||
            aidata->ai_grantee == roleid)
            continue;           /* already checked it */
 
        if ((aidata->ai_privs & remaining) &&
            has_privs_of_role(roleid, aidata->ai_grantee))
        {
            result |= aidata->ai_privs & mask;
            if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
                return result;
            remaining = mask & ~result;
        }
    }
 
    return result;
}

References ACL_DAT, ACL_ID_PUBLIC, ACL_NUM, ACLITEM_ALL_GOPTION_BITS, ACLMASK_ALL, AclItem::ai_privs, check_acl(), elog, ERROR, fb(), has_privs_of_role(), i, and remaining.

Referenced by check_circularity(), LockTableAclCheck(), object_aclmask_ext(), pg_attribute_aclcheck_all_ext(), pg_attribute_aclmask_ext(), pg_class_aclmask_ext(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask_ext(), pg_parameter_acl_aclmask(), pg_parameter_aclmask(), pg_type_aclmask_ext(), and recursive_revoke().

◆ aclmask_direct()

static AclMode aclmask_direct	(	const Acl *	acl,
		Oid	roleid,
		Oid	ownerId,
		AclMode	mask,
		AclMaskHow	how
	)

static

Definition at line 1505 of file acl.c.

{
    AclMode     result;
    AclItem    *aidat;
    int         i,
                num;
 
    /*
     * Null ACL should not happen, since caller should have inserted
     * appropriate default
     */
    if (acl == NULL)
        elog(ERROR, "null ACL");
 
    check_acl(acl);
 
    /* Quick exit for mask == 0 */
    if (mask == 0)
        return 0;
 
    result = 0;
 
    /* Owner always implicitly has all grant options */
    if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
        roleid == ownerId)
    {
        result = mask & ACLITEM_ALL_GOPTION_BITS;
        if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
            return result;
    }
 
    num = ACL_NUM(acl);
    aidat = ACL_DAT(acl);
 
    /*
     * Check privileges granted directly to roleid (and not to public)
     */
    for (i = 0; i < num; i++)
    {
        AclItem    *aidata = &aidat[i];
 
        if (aidata->ai_grantee == roleid)
        {
            result |= aidata->ai_privs & mask;
            if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
                return result;
        }
    }
 
    return result;
}

References ACL_DAT, ACL_NUM, ACLITEM_ALL_GOPTION_BITS, ACLMASK_ALL, AclItem::ai_privs, check_acl(), elog, ERROR, fb(), and i.

Referenced by select_best_grantor().

◆ aclmembers()

int aclmembers	(	const Acl *	acl,
		Oid **	roleids
	)

Definition at line 1568 of file acl.c.

{
    Oid        *list;
    const AclItem *acldat;
    int         i,
                j;
 
    if (acl == NULL || ACL_NUM(acl) == 0)
    {
        *roleids = NULL;
        return 0;
    }
 
    check_acl(acl);
 
    /* Allocate the worst-case space requirement */
    list = palloc(ACL_NUM(acl) * 2 * sizeof(Oid));
    acldat = ACL_DAT(acl);
 
    /*
     * Walk the ACL collecting mentioned RoleIds.
     */
    j = 0;
    for (i = 0; i < ACL_NUM(acl); i++)
    {
        const AclItem *ai = &acldat[i];
 
        if (ai->ai_grantee != ACL_ID_PUBLIC)
            list[j++] = ai->ai_grantee;
        /* grantor is currently never PUBLIC, but let's check anyway */
        if (ai->ai_grantor != ACL_ID_PUBLIC)
            list[j++] = ai->ai_grantor;
    }
 
    /* Sort the array */
    qsort(list, j, sizeof(Oid), oid_cmp);
 
    /*
     * We could repalloc the array down to minimum size, but it's hardly worth
     * it since it's only transient memory.
     */
    *roleids = list;
 
    /* Remove duplicates from the array */
    return qunique(list, j, sizeof(Oid), oid_cmp);
}

References ACL_DAT, ACL_ID_PUBLIC, ACL_NUM, check_acl(), fb(), i, j, oid_cmp(), palloc(), qsort, and qunique().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), recordDependencyOnNewAcl(), recordExtensionInitPrivWorker(), RemoveRoleFromInitPriv(), ReplaceRoleInInitPriv(), and SetDefaultACL().

◆ aclmerge()

Acl * aclmerge	(	const Acl *	left_acl,
		const Acl *	right_acl,
		Oid	ownerId
	)

Definition at line 515 of file acl.c.

{
    Acl        *result_acl;
    AclItem    *aip;
    int         i,
                num;
 
    /* Check for cases where one or both are empty/null */
    if (left_acl == NULL || ACL_NUM(left_acl) == 0)
    {
        if (right_acl == NULL || ACL_NUM(right_acl) == 0)
            return NULL;
        else
            return aclcopy(right_acl);
    }
    else
    {
        if (right_acl == NULL || ACL_NUM(right_acl) == 0)
            return aclcopy(left_acl);
    }
 
    /* Merge them the hard way, one item at a time */
    result_acl = aclcopy(left_acl);
 
    aip = ACL_DAT(right_acl);
    num = ACL_NUM(right_acl);
 
    for (i = 0; i < num; i++, aip++)
    {
        Acl        *tmp_acl;
 
        tmp_acl = aclupdate(result_acl, aip, ACL_MODECHG_ADD,
                            ownerId, DROP_RESTRICT);
        pfree(result_acl);
        result_acl = tmp_acl;
    }
 
    return result_acl;
}

References ACL_DAT, ACL_MODECHG_ADD, ACL_NUM, aclcopy(), aclupdate(), DROP_RESTRICT, fb(), i, and pfree().

Referenced by get_user_default_acl().

◆ aclnewowner()

Acl * aclnewowner	(	const Acl *	old_acl,
		Oid	oldOwnerId,
		Oid	newOwnerId
	)

Definition at line 1147 of file acl.c.

{
    Acl        *new_acl;
    AclItem    *new_aip;
    AclItem    *old_aip;
    AclItem    *dst_aip;
    AclItem    *src_aip;
    AclItem    *targ_aip;
    bool        newpresent = false;
    int         dst,
                src,
                targ,
                num;
 
    check_acl(old_acl);
 
    /*
     * Make a copy of the given ACL, substituting new owner ID for old
     * wherever it appears as either grantor or grantee.  Also note if the new
     * owner ID is already present.
     */
    num = ACL_NUM(old_acl);
    old_aip = ACL_DAT(old_acl);
    new_acl = allocacl(num);
    new_aip = ACL_DAT(new_acl);
    memcpy(new_aip, old_aip, num * sizeof(AclItem));
    for (dst = 0, dst_aip = new_aip; dst < num; dst++, dst_aip++)
    {
        if (dst_aip->ai_grantor == oldOwnerId)
            dst_aip->ai_grantor = newOwnerId;
        else if (dst_aip->ai_grantor == newOwnerId)
            newpresent = true;
        if (dst_aip->ai_grantee == oldOwnerId)
            dst_aip->ai_grantee = newOwnerId;
        else if (dst_aip->ai_grantee == newOwnerId)
            newpresent = true;
    }
 
    /*
     * If the old ACL contained any references to the new owner, then we may
     * now have generated an ACL containing duplicate entries.  Find them and
     * merge them so that there are not duplicates.  (This is relatively
     * expensive since we use a stupid O(N^2) algorithm, but it's unlikely to
     * be the normal case.)
     *
     * To simplify deletion of duplicate entries, we temporarily leave them in
     * the array but set their privilege masks to zero; when we reach such an
     * entry it's just skipped.  (Thus, a side effect of this code will be to
     * remove privilege-free entries, should there be any in the input.)  dst
     * is the next output slot, targ is the currently considered input slot
     * (always >= dst), and src scans entries to the right of targ looking for
     * duplicates.  Once an entry has been emitted to dst it is known
     * duplicate-free and need not be considered anymore.
     */
    if (newpresent)
    {
        dst = 0;
        for (targ = 0, targ_aip = new_aip; targ < num; targ++, targ_aip++)
        {
            /* ignore if deleted in an earlier pass */
            if (ACLITEM_GET_RIGHTS(*targ_aip) == ACL_NO_RIGHTS)
                continue;
            /* find and merge any duplicates */
            for (src = targ + 1, src_aip = targ_aip + 1; src < num;
                 src++, src_aip++)
            {
                if (ACLITEM_GET_RIGHTS(*src_aip) == ACL_NO_RIGHTS)
                    continue;
                if (aclitem_match(targ_aip, src_aip))
                {
                    ACLITEM_SET_RIGHTS(*targ_aip,
                                       ACLITEM_GET_RIGHTS(*targ_aip) |
                                       ACLITEM_GET_RIGHTS(*src_aip));
                    /* mark the duplicate deleted */
                    ACLITEM_SET_RIGHTS(*src_aip, ACL_NO_RIGHTS);
                }
            }
            /* and emit to output */
            new_aip[dst] = *targ_aip;
            dst++;
        }
        /* Adjust array size to be 'dst' items */
        ARR_DIMS(new_acl)[0] = dst;
        SET_VARSIZE(new_acl, ACL_N_SIZE(dst));
    }
 
    return new_acl;
}

References ACL_DAT, ACL_N_SIZE, ACL_NO_RIGHTS, ACL_NUM, ACLITEM_GET_RIGHTS, aclitem_match(), ACLITEM_SET_RIGHTS, allocacl(), ARR_DIMS, check_acl(), fb(), and SET_VARSIZE().

Referenced by AlterDatabaseOwner(), AlterForeignDataWrapperOwner_internal(), AlterForeignServerOwner_internal(), AlterObjectOwner_internal(), AlterSchemaOwner_internal(), AlterTypeOwnerInternal(), ATExecChangeOwner(), change_owner_fix_column_acls(), and ReplaceRoleInInitPriv().

◆ aclparse()

static const char * aclparse	(	const char *	s,
		AclItem *	aip,
		Node *	escontext
	)

static

Definition at line 279 of file acl.c.

{
    AclMode     privs,
                goption,
                read;
    char        name[NAMEDATALEN];
    char        name2[NAMEDATALEN];
 
    Assert(s && aip);
 
    s = getid(s, name, escontext);
    if (s == NULL)
        return NULL;
    if (*s != '=')
    {
        /* we just read a keyword, not a name */
        if (strcmp(name, "group") != 0 && strcmp(name, "user") != 0)
            ereturn(escontext, NULL,
                    (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
                     errmsg("unrecognized key word: \"%s\"", name),
                     errhint("ACL key word must be \"group\" or \"user\".")));
        /* move s to the name beyond the keyword */
        s = getid(s, name, escontext);
        if (s == NULL)
            return NULL;
        if (name[0] == '\0')
            ereturn(escontext, NULL,
                    (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
                     errmsg("missing name"),
                     errhint("A name must follow the \"group\" or \"user\" key word.")));
    }
 
    if (*s != '=')
        ereturn(escontext, NULL,
                (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
                 errmsg("missing \"=\" sign")));
 
    privs = goption = ACL_NO_RIGHTS;
 
    for (++s, read = 0; isalpha((unsigned char) *s) || *s == '*'; s++)
    {
        switch (*s)
        {
            case '*':
                goption |= read;
                break;
            case ACL_INSERT_CHR:
                read = ACL_INSERT;
                break;
            case ACL_SELECT_CHR:
                read = ACL_SELECT;
                break;
            case ACL_UPDATE_CHR:
                read = ACL_UPDATE;
                break;
            case ACL_DELETE_CHR:
                read = ACL_DELETE;
                break;
            case ACL_TRUNCATE_CHR:
                read = ACL_TRUNCATE;
                break;
            case ACL_REFERENCES_CHR:
                read = ACL_REFERENCES;
                break;
            case ACL_TRIGGER_CHR:
                read = ACL_TRIGGER;
                break;
            case ACL_EXECUTE_CHR:
                read = ACL_EXECUTE;
                break;
            case ACL_USAGE_CHR:
                read = ACL_USAGE;
                break;
            case ACL_CREATE_CHR:
                read = ACL_CREATE;
                break;
            case ACL_CREATE_TEMP_CHR:
                read = ACL_CREATE_TEMP;
                break;
            case ACL_CONNECT_CHR:
                read = ACL_CONNECT;
                break;
            case ACL_SET_CHR:
                read = ACL_SET;
                break;
            case ACL_ALTER_SYSTEM_CHR:
                read = ACL_ALTER_SYSTEM;
                break;
            case ACL_MAINTAIN_CHR:
                read = ACL_MAINTAIN;
                break;
            default:
                ereturn(escontext, NULL,
                        (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
                         errmsg("invalid mode character: must be one of \"%s\"",
                                ACL_ALL_RIGHTS_STR)));
        }
 
        privs |= read;
    }
 
    if (name[0] == '\0')
        aip->ai_grantee = ACL_ID_PUBLIC;
    else
    {
        if (IsBootstrapProcessingMode())
            aip->ai_grantee = boot_get_role_oid(name);
        else
            aip->ai_grantee = get_role_oid(name, true);
        if (!OidIsValid(aip->ai_grantee))
            ereturn(escontext, NULL,
                    (errcode(ERRCODE_UNDEFINED_OBJECT),
                     errmsg("role \"%s\" does not exist", name)));
    }
 
    /*
     * XXX Allow a degree of backward compatibility by defaulting the grantor
     * to the superuser.  We condone that practice in the catalog .dat files
     * (i.e., in bootstrap mode) for brevity; otherwise, issue a warning.
     */
    if (*s == '/')
    {
        s = getid(s + 1, name2, escontext);
        if (s == NULL)
            return NULL;
        if (name2[0] == '\0')
            ereturn(escontext, NULL,
                    (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
                     errmsg("a name must follow the \"/\" sign")));
        if (IsBootstrapProcessingMode())
            aip->ai_grantor = boot_get_role_oid(name2);
        else
            aip->ai_grantor = get_role_oid(name2, true);
        if (!OidIsValid(aip->ai_grantor))
            ereturn(escontext, NULL,
                    (errcode(ERRCODE_UNDEFINED_OBJECT),
                     errmsg("role \"%s\" does not exist", name2)));
    }
    else
    {
        aip->ai_grantor = BOOTSTRAP_SUPERUSERID;
        if (!IsBootstrapProcessingMode())
            ereport(WARNING,
                    (errcode(ERRCODE_INVALID_GRANTOR),
                     errmsg("defaulting grantor to user ID %u",
                            BOOTSTRAP_SUPERUSERID)));
    }
 
    ACLITEM_SET_PRIVS_GOPTIONS(*aip, privs, goption);
 
    return s;
}

References ACL_ALL_RIGHTS_STR, ACL_ALTER_SYSTEM, ACL_ALTER_SYSTEM_CHR, ACL_CONNECT, ACL_CONNECT_CHR, ACL_CREATE, ACL_CREATE_CHR, ACL_CREATE_TEMP, ACL_CREATE_TEMP_CHR, ACL_DELETE, ACL_DELETE_CHR, ACL_EXECUTE, ACL_EXECUTE_CHR, ACL_ID_PUBLIC, ACL_INSERT, ACL_INSERT_CHR, ACL_MAINTAIN, ACL_MAINTAIN_CHR, ACL_NO_RIGHTS, ACL_REFERENCES, ACL_REFERENCES_CHR, ACL_SELECT, ACL_SELECT_CHR, ACL_SET, ACL_SET_CHR, ACL_TRIGGER, ACL_TRIGGER_CHR, ACL_TRUNCATE, ACL_TRUNCATE_CHR, ACL_UPDATE, ACL_UPDATE_CHR, ACL_USAGE, ACL_USAGE_CHR, ACLITEM_SET_PRIVS_GOPTIONS, Assert, boot_get_role_oid(), ereport, ereturn, errcode(), errhint(), errmsg, fb(), get_role_oid(), getid(), IsBootstrapProcessingMode, name, NAMEDATALEN, OidIsValid, read, and WARNING.

Referenced by aclitemin().

◆ aclremove()

Datum aclremove ( PG_FUNCTION_ARGS )

Definition at line 1630 of file acl.c.

{
    ereport(ERROR,
            (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
             errmsg("aclremove is no longer supported")));
 
    PG_RETURN_NULL();           /* keep compiler quiet */
}

References ereport, errcode(), errmsg, ERROR, fb(), and PG_RETURN_NULL.

◆ aclupdate()

Acl * aclupdate	(	const Acl *	old_acl,
		const AclItem *	mod_aip,
		int	modechg,
		Oid	ownerId,
		DropBehavior	behavior
	)

Definition at line 1020 of file acl.c.

{
    Acl        *new_acl = NULL;
    AclItem    *old_aip,
               *new_aip = NULL;
    AclMode     old_rights,
                old_goptions,
                new_rights,
                new_goptions;
    int         dst,
                num;
 
    /* Caller probably already checked old_acl, but be safe */
    check_acl(old_acl);
 
    /* If granting grant options, check for circularity */
    if (modechg != ACL_MODECHG_DEL &&
        ACLITEM_GET_GOPTIONS(*mod_aip) != ACL_NO_RIGHTS)
        check_circularity(old_acl, mod_aip, ownerId);
 
    num = ACL_NUM(old_acl);
    old_aip = ACL_DAT(old_acl);
 
    /*
     * Search the ACL for an existing entry for this grantee and grantor. If
     * one exists, just modify the entry in-place (well, in the same position,
     * since we actually return a copy); otherwise, insert the new entry at
     * the end.
     */
 
    for (dst = 0; dst < num; ++dst)
    {
        if (aclitem_match(mod_aip, old_aip + dst))
        {
            /* found a match, so modify existing item */
            new_acl = allocacl(num);
            new_aip = ACL_DAT(new_acl);
            memcpy(new_acl, old_acl, ACL_SIZE(old_acl));
            break;
        }
    }
 
    if (dst == num)
    {
        /* need to append a new item */
        new_acl = allocacl(num + 1);
        new_aip = ACL_DAT(new_acl);
        memcpy(new_aip, old_aip, num * sizeof(AclItem));
 
        /* initialize the new entry with no permissions */
        new_aip[dst].ai_grantee = mod_aip->ai_grantee;
        new_aip[dst].ai_grantor = mod_aip->ai_grantor;
        ACLITEM_SET_PRIVS_GOPTIONS(new_aip[dst],
                                   ACL_NO_RIGHTS, ACL_NO_RIGHTS);
        num++;                  /* set num to the size of new_acl */
    }
 
    old_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
    old_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
 
    /* apply the specified permissions change */
    switch (modechg)
    {
        case ACL_MODECHG_ADD:
            ACLITEM_SET_RIGHTS(new_aip[dst],
                               old_rights | ACLITEM_GET_RIGHTS(*mod_aip));
            break;
        case ACL_MODECHG_DEL:
            ACLITEM_SET_RIGHTS(new_aip[dst],
                               old_rights & ~ACLITEM_GET_RIGHTS(*mod_aip));
            break;
        case ACL_MODECHG_EQL:
            ACLITEM_SET_RIGHTS(new_aip[dst],
                               ACLITEM_GET_RIGHTS(*mod_aip));
            break;
    }
 
    new_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
    new_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
 
    /*
     * If the adjusted entry has no permissions, delete it from the list.
     */
    if (new_rights == ACL_NO_RIGHTS)
    {
        memmove(new_aip + dst,
                new_aip + dst + 1,
                (num - dst - 1) * sizeof(AclItem));
        /* Adjust array size to be 'num - 1' items */
        ARR_DIMS(new_acl)[0] = num - 1;
        SET_VARSIZE(new_acl, ACL_N_SIZE(num - 1));
    }
 
    /*
     * Remove abandoned privileges (cascading revoke).  Currently we can only
     * handle this when the grantee is not PUBLIC.
     */
    if ((old_goptions & ~new_goptions) != 0)
    {
        Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
        new_acl = recursive_revoke(new_acl, mod_aip->ai_grantee,
                                   (old_goptions & ~new_goptions),
                                   ownerId, behavior);
    }
 
    return new_acl;
}

References ACL_DAT, ACL_ID_PUBLIC, ACL_MODECHG_ADD, ACL_MODECHG_DEL, ACL_MODECHG_EQL, ACL_N_SIZE, ACL_NO_RIGHTS, ACL_NUM, ACL_SIZE, ACLITEM_GET_GOPTIONS, ACLITEM_GET_RIGHTS, aclitem_match(), ACLITEM_SET_PRIVS_GOPTIONS, ACLITEM_SET_RIGHTS, allocacl(), ARR_DIMS, Assert, check_acl(), check_circularity(), fb(), recursive_revoke(), and SET_VARSIZE().

Referenced by aclmerge(), check_circularity(), merge_acl_with_grant(), and recursive_revoke().

◆ allocacl()

static Acl * allocacl ( int n )

static

Definition at line 440 of file acl.c.

{
    Acl        *new_acl;
    Size        size;
 
    if (n < 0)
        elog(ERROR, "invalid size: %d", n);
    size = ACL_N_SIZE(n);
    new_acl = (Acl *) palloc0(size);
    SET_VARSIZE(new_acl, size);
    new_acl->ndim = 1;
    new_acl->dataoffset = 0;    /* we never put in any nulls */
    new_acl->elemtype = ACLITEMOID;
    ARR_LBOUND(new_acl)[0] = 1;
    ARR_DIMS(new_acl)[0] = n;
    return new_acl;
}

References ACL_N_SIZE, ARR_DIMS, ARR_LBOUND, elog, ERROR, fb(), palloc0(), and SET_VARSIZE().

Referenced by aclconcat(), aclcopy(), acldefault(), aclnewowner(), aclupdate(), check_circularity(), and make_empty_acl().

◆ check_acl()

static void check_acl ( const Acl * acl )

static

Definition at line 604 of file acl.c.

{
    if (ARR_ELEMTYPE(acl) != ACLITEMOID)
        ereport(ERROR,
                (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                 errmsg("ACL array contains wrong data type")));
    if (ARR_NDIM(acl) != 1)
        ereport(ERROR,
                (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                 errmsg("ACL arrays must be one-dimensional")));
    if (ARR_HASNULL(acl))
        ereport(ERROR,
                (errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED),
                 errmsg("ACL arrays must not contain null values")));
}

References ARR_ELEMTYPE, ARR_HASNULL, ARR_NDIM, ereport, errcode(), errmsg, ERROR, and fb().

Referenced by aclcontains(), aclexplode(), aclmask(), aclmask_direct(), aclmembers(), aclnewowner(), aclupdate(), check_circularity(), and recursive_revoke().

◆ check_can_set_role()

void check_can_set_role	(	Oid	member,
		Oid	role
	)

Definition at line 5371 of file acl.c.

{
    if (!member_can_set_role(member, role))
        ereport(ERROR,
                (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                 errmsg("must be able to SET ROLE \"%s\"",
                        GetUserNameFromId(role, false))));
}

References ereport, errcode(), errmsg, ERROR, fb(), GetUserNameFromId(), and member_can_set_role().

Referenced by AlterDatabaseOwner(), AlterForeignServerOwner_internal(), AlterObjectOwner_internal(), AlterPublicationOwner_internal(), AlterSchemaOwner_internal(), AlterSubscriptionOwner_internal(), AlterTypeOwner(), ATExecChangeOwner(), createdb(), and CreateSchemaCommand().

◆ check_circularity()

static void check_circularity	(	const Acl *	old_acl,
		const AclItem *	mod_aip,
		Oid	ownerId
	)

static

Definition at line 1250 of file acl.c.

{
    Acl        *acl;
    AclItem    *aip;
    int         i,
                num;
    AclMode     own_privs;
 
    check_acl(old_acl);
 
    /*
     * For now, grant options can only be granted to roles, not PUBLIC.
     * Otherwise we'd have to work a bit harder here.
     */
    Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
 
    /* The owner always has grant options, no need to check */
    if (mod_aip->ai_grantor == ownerId)
        return;
 
    /* Make a working copy */
    acl = allocacl(ACL_NUM(old_acl));
    memcpy(acl, old_acl, ACL_SIZE(old_acl));
 
    /* Zap all grant options of target grantee, plus what depends on 'em */
cc_restart:
    num = ACL_NUM(acl);
    aip = ACL_DAT(acl);
    for (i = 0; i < num; i++)
    {
        if (aip[i].ai_grantee == mod_aip->ai_grantee &&
            ACLITEM_GET_GOPTIONS(aip[i]) != ACL_NO_RIGHTS)
        {
            Acl        *new_acl;
 
            /* We'll actually zap ordinary privs too, but no matter */
            new_acl = aclupdate(acl, &aip[i], ACL_MODECHG_DEL,
                                ownerId, DROP_CASCADE);
 
            pfree(acl);
            acl = new_acl;
 
            goto cc_restart;
        }
    }
 
    /* Now we can compute grantor's independently-derived privileges */
    own_privs = aclmask(acl,
                        mod_aip->ai_grantor,
                        ownerId,
                        ACL_GRANT_OPTION_FOR(ACLITEM_GET_GOPTIONS(*mod_aip)),
                        ACLMASK_ALL);
    own_privs = ACL_OPTION_TO_PRIVS(own_privs);
 
    if ((ACLITEM_GET_GOPTIONS(*mod_aip) & ~own_privs) != 0)
        ereport(ERROR,
                (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                 errmsg("grant options cannot be granted back to your own grantor")));
 
    pfree(acl);
}

References ACL_DAT, ACL_GRANT_OPTION_FOR, ACL_ID_PUBLIC, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACL_NUM, ACL_OPTION_TO_PRIVS, ACL_SIZE, ACLITEM_GET_GOPTIONS, aclmask(), ACLMASK_ALL, aclupdate(), allocacl(), Assert, check_acl(), DROP_CASCADE, ereport, errcode(), errmsg, ERROR, fb(), i, and pfree().

Referenced by aclupdate().

◆ check_rolespec_name()

void check_rolespec_name	(	const RoleSpec *	role,
		const char *	detail_msg
	)

Definition at line 5746 of file acl.c.

{
    if (!role)
        return;
 
    if (role->roletype != ROLESPEC_CSTRING)
        return;
 
    if (IsReservedName(role->rolename))
    {
        if (detail_msg)
            ereport(ERROR,
                    (errcode(ERRCODE_RESERVED_NAME),
                     errmsg("role name \"%s\" is reserved",
                            role->rolename),
                     errdetail_internal("%s", detail_msg)));
        else
            ereport(ERROR,
                    (errcode(ERRCODE_RESERVED_NAME),
                     errmsg("role name \"%s\" is reserved",
                            role->rolename)));
    }
}

References ereport, errcode(), errdetail_internal(), errmsg, ERROR, fb(), IsReservedName(), RoleSpec::rolename, ROLESPEC_CSTRING, and RoleSpec::roletype.

Referenced by AlterRole(), and AlterRoleSet().

◆ column_privilege_check()

static int column_privilege_check	(	Oid	tableoid,
		AttrNumber	attnum,
		Oid	roleid,
		AclMode	mode
	)

static

Definition at line 2564 of file acl.c.

{
    AclResult   aclresult;
    bool        is_missing = false;
 
    /*
     * If convert_column_name failed, we can just return -1 immediately.
     */
    if (attnum == InvalidAttrNumber)
        return -1;
 
    /*
     * Check for column-level privileges first. This serves in part as a check
     * on whether the column even exists, so we need to do it before checking
     * table-level privilege.
     */
    aclresult = pg_attribute_aclcheck_ext(tableoid, attnum, roleid,
                                          mode, &is_missing);
    if (aclresult == ACLCHECK_OK)
        return 1;
    else if (is_missing)
        return -1;
 
    /* Next check if we have the privilege at the table level */
    aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
    if (aclresult == ACLCHECK_OK)
        return 1;
    else if (is_missing)
        return -1;
    else
        return 0;
}

References ACLCHECK_OK, attnum, fb(), InvalidAttrNumber, mode, pg_attribute_aclcheck_ext(), and pg_class_aclcheck_ext().

Referenced by has_column_privilege_id_attnum(), has_column_privilege_id_id_attnum(), has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), and has_column_privilege_name_name_name().

◆ convert_aclright_to_string()

static const char * convert_aclright_to_string ( int aclright )

static

Definition at line 1762 of file acl.c.

{
    switch (aclright)
    {
        case ACL_INSERT:
            return "INSERT";
        case ACL_SELECT:
            return "SELECT";
        case ACL_UPDATE:
            return "UPDATE";
        case ACL_DELETE:
            return "DELETE";
        case ACL_TRUNCATE:
            return "TRUNCATE";
        case ACL_REFERENCES:
            return "REFERENCES";
        case ACL_TRIGGER:
            return "TRIGGER";
        case ACL_EXECUTE:
            return "EXECUTE";
        case ACL_USAGE:
            return "USAGE";
        case ACL_CREATE:
            return "CREATE";
        case ACL_CREATE_TEMP:
            return "TEMPORARY";
        case ACL_CONNECT:
            return "CONNECT";
        case ACL_SET:
            return "SET";
        case ACL_ALTER_SYSTEM:
            return "ALTER SYSTEM";
        case ACL_MAINTAIN:
            return "MAINTAIN";
        default:
            elog(ERROR, "unrecognized aclright: %d", aclright);
            return NULL;
    }
}

References ACL_ALTER_SYSTEM, ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_MAINTAIN, ACL_REFERENCES, ACL_SELECT, ACL_SET, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, elog, ERROR, and fb().

Referenced by aclexplode().

◆ convert_any_priv_string()

static AclMode convert_any_priv_string	(	text *	priv_type_text,
		const priv_map *	privileges
	)

static

Definition at line 1714 of file acl.c.

{
    AclMode     result = 0;
    char       *priv_type = text_to_cstring(priv_type_text);
    char       *chunk;
    char       *next_chunk;
 
    /* We rely on priv_type being a private, modifiable string */
    for (chunk = priv_type; chunk; chunk = next_chunk)
    {
        int         chunk_len;
        const priv_map *this_priv;
 
        /* Split string at commas */
        next_chunk = strchr(chunk, ',');
        if (next_chunk)
            *next_chunk++ = '\0';
 
        /* Drop leading/trailing whitespace in this chunk */
        while (*chunk && isspace((unsigned char) *chunk))
            chunk++;
        chunk_len = strlen(chunk);
        while (chunk_len > 0 && isspace((unsigned char) chunk[chunk_len - 1]))
            chunk_len--;
        chunk[chunk_len] = '\0';
 
        /* Match to the privileges list */
        for (this_priv = privileges; this_priv->name; this_priv++)
        {
            if (pg_strcasecmp(this_priv->name, chunk) == 0)
            {
                result |= this_priv->value;
                break;
            }
        }
        if (!this_priv->name)
            ereport(ERROR,
                    (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                     errmsg("unrecognized privilege type: \"%s\"", chunk)));
    }
 
    pfree(priv_type);
    return result;
}

References ereport, errcode(), errmsg, ERROR, fb(), priv_map::name, pfree(), pg_strcasecmp(), and text_to_cstring().

Referenced by convert_column_priv_string(), convert_database_priv_string(), convert_foreign_data_wrapper_priv_string(), convert_function_priv_string(), convert_language_priv_string(), convert_largeobject_priv_string(), convert_parameter_priv_string(), convert_role_priv_string(), convert_schema_priv_string(), convert_sequence_priv_string(), convert_server_priv_string(), convert_table_priv_string(), convert_tablespace_priv_string(), convert_type_priv_string(), and makeaclitem().

◆ convert_column_name()

static AttrNumber convert_column_name	(	Oid	tableoid,
		text *	column
	)

static

Definition at line 2924 of file acl.c.

{
    char       *colname;
    HeapTuple   attTuple;
    AttrNumber  attnum;
 
    colname = text_to_cstring(column);
 
    /*
     * We don't use get_attnum() here because it will report that dropped
     * columns don't exist.  We need to treat dropped columns differently from
     * nonexistent columns.
     */
    attTuple = SearchSysCache2(ATTNAME,
                               ObjectIdGetDatum(tableoid),
                               CStringGetDatum(colname));
    if (HeapTupleIsValid(attTuple))
    {
        Form_pg_attribute attributeForm;
 
        attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
        /* We want to return NULL for dropped columns */
        if (attributeForm->attisdropped)
            attnum = InvalidAttrNumber;
        else
            attnum = attributeForm->attnum;
        ReleaseSysCache(attTuple);
    }
    else
    {
        char       *tablename = get_rel_name(tableoid);
 
        /*
         * If the table OID is bogus, or it's just been dropped, we'll get
         * NULL back.  In such cases we want has_column_privilege to return
         * NULL too, so just return InvalidAttrNumber.
         */
        if (tablename != NULL)
        {
            /* tableoid exists, colname does not, so throw error */
            ereport(ERROR,
                    (errcode(ERRCODE_UNDEFINED_COLUMN),
                     errmsg("column \"%s\" of relation \"%s\" does not exist",
                            colname, tablename)));
        }
        /* tableoid doesn't exist, so act like attisdropped case */
        attnum = InvalidAttrNumber;
    }
 
    pfree(colname);
    return attnum;
}

References attnum, CStringGetDatum(), ereport, errcode(), errmsg, ERROR, fb(), get_rel_name(), GETSTRUCT(), HeapTupleIsValid, InvalidAttrNumber, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache2(), and text_to_cstring().

Referenced by has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_name(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), and has_column_privilege_name_name_name().

◆ convert_column_priv_string()

static AclMode convert_column_priv_string ( text * priv_type_text )

static

Definition at line 2982 of file acl.c.

{
    static const priv_map column_priv_map[] = {
        {"SELECT", ACL_SELECT},
        {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
        {"INSERT", ACL_INSERT},
        {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
        {"UPDATE", ACL_UPDATE},
        {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
        {"REFERENCES", ACL_REFERENCES},
        {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
        {NULL, 0}
    };
 
    return convert_any_priv_string(priv_type_text, column_priv_map);
}

References ACL_GRANT_OPTION_FOR, ACL_INSERT, ACL_REFERENCES, ACL_SELECT, ACL_UPDATE, convert_any_priv_string(), and fb().

◆ convert_database_name()

static Oid convert_database_name ( text * databasename )

static

Definition at line 3176 of file acl.c.

{
    char       *dbname = text_to_cstring(databasename);
 
    return get_database_oid(dbname, false);
}

References dbname, fb(), get_database_oid(), and text_to_cstring().

Referenced by has_database_privilege_id_name(), has_database_privilege_name(), and has_database_privilege_name_name().

◆ convert_database_priv_string()

static AclMode convert_database_priv_string ( text * priv_type_text )

static

Definition at line 3188 of file acl.c.

{
    static const priv_map database_priv_map[] = {
        {"CREATE", ACL_CREATE},
        {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
        {"TEMPORARY", ACL_CREATE_TEMP},
        {"TEMPORARY WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
        {"TEMP", ACL_CREATE_TEMP},
        {"TEMP WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
        {"CONNECT", ACL_CONNECT},
        {"CONNECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CONNECT)},
        {NULL, 0}
    };
 
    return convert_any_priv_string(priv_type_text, database_priv_map);
}

References ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_GRANT_OPTION_FOR, convert_any_priv_string(), and fb().

Referenced by has_database_privilege_id(), has_database_privilege_id_id(), has_database_privilege_id_name(), has_database_privilege_name(), has_database_privilege_name_id(), and has_database_privilege_name_name().

◆ convert_foreign_data_wrapper_name()

static Oid convert_foreign_data_wrapper_name ( text * fdwname )

static

Definition at line 3382 of file acl.c.

{
    char       *fdwstr = text_to_cstring(fdwname);
 
    return get_foreign_data_wrapper_oid(fdwstr, false);
}

References fb(), get_foreign_data_wrapper_oid(), and text_to_cstring().

Referenced by has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), and has_foreign_data_wrapper_privilege_name_name().

◆ convert_foreign_data_wrapper_priv_string()

static AclMode convert_foreign_data_wrapper_priv_string ( text * priv_type_text )

static

Definition at line 3394 of file acl.c.

{
    static const priv_map foreign_data_wrapper_priv_map[] = {
        {"USAGE", ACL_USAGE},
        {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
        {NULL, 0}
    };
 
    return convert_any_priv_string(priv_type_text, foreign_data_wrapper_priv_map);
}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_foreign_data_wrapper_privilege_id(), has_foreign_data_wrapper_privilege_id_id(), has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), has_foreign_data_wrapper_privilege_name_id(), and has_foreign_data_wrapper_privilege_name_name().

◆ convert_function_name()

static Oid convert_function_name ( text * functionname )

static

Definition at line 3582 of file acl.c.

{
    char       *funcname = text_to_cstring(functionname);
    Oid         oid;
 
    oid = DatumGetObjectId(DirectFunctionCall1(regprocedurein,
                                               CStringGetDatum(funcname)));
 
    if (!OidIsValid(oid))
        ereport(ERROR,
                (errcode(ERRCODE_UNDEFINED_FUNCTION),
                 errmsg("function \"%s\" does not exist", funcname)));
 
    return oid;
}

References CStringGetDatum(), DatumGetObjectId(), DirectFunctionCall1, ereport, errcode(), errmsg, ERROR, fb(), funcname, OidIsValid, regprocedurein(), and text_to_cstring().

Referenced by has_function_privilege_id_name(), has_function_privilege_name(), and has_function_privilege_name_name().

◆ convert_function_priv_string()

static AclMode convert_function_priv_string ( text * priv_type_text )

static

Definition at line 3603 of file acl.c.

{
    static const priv_map function_priv_map[] = {
        {"EXECUTE", ACL_EXECUTE},
        {"EXECUTE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_EXECUTE)},
        {NULL, 0}
    };
 
    return convert_any_priv_string(priv_type_text, function_priv_map);
}

References ACL_EXECUTE, ACL_GRANT_OPTION_FOR, convert_any_priv_string(), and fb().

Referenced by has_function_privilege_id(), has_function_privilege_id_id(), has_function_privilege_id_name(), has_function_privilege_name(), has_function_privilege_name_id(), and has_function_privilege_name_name().

◆ convert_language_name()

static Oid convert_language_name ( text * languagename )

static

Definition at line 3791 of file acl.c.

{
    char       *langname = text_to_cstring(languagename);
 
    return get_language_oid(langname, false);
}

References fb(), get_language_oid(), and text_to_cstring().

Referenced by has_language_privilege_id_name(), has_language_privilege_name(), and has_language_privilege_name_name().

◆ convert_language_priv_string()

static AclMode convert_language_priv_string ( text * priv_type_text )

static

Definition at line 3803 of file acl.c.

{
    static const priv_map language_priv_map[] = {
        {"USAGE", ACL_USAGE},
        {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
        {NULL, 0}
    };
 
    return convert_any_priv_string(priv_type_text, language_priv_map);
}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_language_privilege_id(), has_language_privilege_id_id(), has_language_privilege_id_name(), has_language_privilege_name(), has_language_privilege_name_id(), and has_language_privilege_name_name().

◆ convert_largeobject_priv_string()

static AclMode convert_largeobject_priv_string ( text * priv_type_text )

static

Definition at line 4838 of file acl.c.

{
    static const priv_map largeobject_priv_map[] = {
        {"SELECT", ACL_SELECT},
        {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
        {"UPDATE", ACL_UPDATE},
        {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
        {NULL, 0}
    };
 
    return convert_any_priv_string(priv_type_text, largeobject_priv_map);
}

References ACL_GRANT_OPTION_FOR, ACL_SELECT, ACL_UPDATE, convert_any_priv_string(), and fb().

Referenced by has_largeobject_privilege_id(), has_largeobject_privilege_id_id(), and has_largeobject_privilege_name_id().

◆ convert_parameter_priv_string()

static AclMode convert_parameter_priv_string ( text * priv_text )

static

Definition at line 4702 of file acl.c.

{
    static const priv_map parameter_priv_map[] = {
        {"SET", ACL_SET},
        {"SET WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SET)},
        {"ALTER SYSTEM", ACL_ALTER_SYSTEM},
        {"ALTER SYSTEM WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_ALTER_SYSTEM)},
        {NULL, 0}
    };
 
    return convert_any_priv_string(priv_text, parameter_priv_map);
}

References ACL_ALTER_SYSTEM, ACL_GRANT_OPTION_FOR, ACL_SET, convert_any_priv_string(), and fb().

Referenced by has_parameter_privilege_id_name(), has_parameter_privilege_name(), and has_parameter_privilege_name_name().

◆ convert_role_priv_string()

static AclMode convert_role_priv_string ( text * priv_type_text )

static

Definition at line 5016 of file acl.c.

{
    static const priv_map role_priv_map[] = {
        {"USAGE", ACL_USAGE},
        {"MEMBER", ACL_CREATE},
        {"SET", ACL_SET},
        {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
        {"USAGE WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
        {"MEMBER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
        {"MEMBER WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
        {"SET WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
        {"SET WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
        {NULL, 0}
    };
 
    return convert_any_priv_string(priv_type_text, role_priv_map);
}

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_SET, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by pg_has_role_id(), pg_has_role_id_id(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), and pg_has_role_name_name().

◆ convert_schema_name()

static Oid convert_schema_name ( text * schemaname )

static

Definition at line 3991 of file acl.c.

{
    char       *nspname = text_to_cstring(schemaname);
 
    return get_namespace_oid(nspname, false);
}

References get_namespace_oid(), and text_to_cstring().

Referenced by has_schema_privilege_id_name(), has_schema_privilege_name(), and has_schema_privilege_name_name().

◆ convert_schema_priv_string()

static AclMode convert_schema_priv_string ( text * priv_type_text )

static

Definition at line 4003 of file acl.c.

{
    static const priv_map schema_priv_map[] = {
        {"CREATE", ACL_CREATE},
        {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
        {"USAGE", ACL_USAGE},
        {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
        {NULL, 0}
    };
 
    return convert_any_priv_string(priv_type_text, schema_priv_map);
}

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_schema_privilege_id(), has_schema_privilege_id_id(), has_schema_privilege_id_name(), has_schema_privilege_name(), has_schema_privilege_name_id(), and has_schema_privilege_name_name().

◆ convert_sequence_priv_string()

static AclMode convert_sequence_priv_string ( text * priv_type_text )

static

Definition at line 2327 of file acl.c.

{
    static const priv_map sequence_priv_map[] = {
        {"USAGE", ACL_USAGE},
        {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
        {"SELECT", ACL_SELECT},
        {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
        {"UPDATE", ACL_UPDATE},
        {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
        {NULL, 0}
    };
 
    return convert_any_priv_string(priv_type_text, sequence_priv_map);
}

References ACL_GRANT_OPTION_FOR, ACL_SELECT, ACL_UPDATE, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_sequence_privilege_id(), has_sequence_privilege_id_id(), has_sequence_privilege_id_name(), has_sequence_privilege_name(), has_sequence_privilege_name_id(), and has_sequence_privilege_name_name().

◆ convert_server_name()

static Oid convert_server_name ( text * servername )

static

Definition at line 4193 of file acl.c.

{
    char       *serverstr = text_to_cstring(servername);
 
    return get_foreign_server_oid(serverstr, false);
}

References fb(), get_foreign_server_oid(), and text_to_cstring().

Referenced by has_server_privilege_id_name(), has_server_privilege_name(), and has_server_privilege_name_name().

◆ convert_server_priv_string()

static AclMode convert_server_priv_string ( text * priv_type_text )

static

Definition at line 4205 of file acl.c.

{
    static const priv_map server_priv_map[] = {
        {"USAGE", ACL_USAGE},
        {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
        {NULL, 0}
    };
 
    return convert_any_priv_string(priv_type_text, server_priv_map);
}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_server_privilege_id(), has_server_privilege_id_id(), has_server_privilege_id_name(), has_server_privilege_name(), has_server_privilege_name_id(), and has_server_privilege_name_name().

◆ convert_table_name()

static Oid convert_table_name ( text * tablename )

static

Definition at line 2077 of file acl.c.

{
    RangeVar   *relrv;
 
    relrv = makeRangeVarFromNameList(textToQualifiedNameList(tablename));
 
    /* We might not even have permissions on this relation; don't lock it. */
    return RangeVarGetRelid(relrv, NoLock, false);
}

References fb(), makeRangeVarFromNameList(), NoLock, RangeVarGetRelid, and textToQualifiedNameList().

Referenced by has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), has_column_privilege_name_name_name(), has_sequence_privilege_id_name(), has_sequence_privilege_name(), has_sequence_privilege_name_name(), has_table_privilege_id_name(), has_table_privilege_name(), and has_table_privilege_name_name().

◆ convert_table_priv_string()

static AclMode convert_table_priv_string ( text * priv_type_text )

static

Definition at line 2092 of file acl.c.

{
    static const priv_map table_priv_map[] = {
        {"SELECT", ACL_SELECT},
        {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
        {"INSERT", ACL_INSERT},
        {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
        {"UPDATE", ACL_UPDATE},
        {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
        {"DELETE", ACL_DELETE},
        {"DELETE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_DELETE)},
        {"TRUNCATE", ACL_TRUNCATE},
        {"TRUNCATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRUNCATE)},
        {"REFERENCES", ACL_REFERENCES},
        {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
        {"TRIGGER", ACL_TRIGGER},
        {"TRIGGER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRIGGER)},
        {"MAINTAIN", ACL_MAINTAIN},
        {"MAINTAIN WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_MAINTAIN)},
        {NULL, 0}
    };
 
    return convert_any_priv_string(priv_type_text, table_priv_map);
}

References ACL_DELETE, ACL_GRANT_OPTION_FOR, ACL_INSERT, ACL_MAINTAIN, ACL_REFERENCES, ACL_SELECT, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, convert_any_priv_string(), and fb().

Referenced by has_table_privilege_id(), has_table_privilege_id_id(), has_table_privilege_id_name(), has_table_privilege_name(), has_table_privilege_name_id(), and has_table_privilege_name_name().

◆ convert_tablespace_name()

static Oid convert_tablespace_name ( text * tablespacename )

static

Definition at line 4393 of file acl.c.

{
    char       *spcname = text_to_cstring(tablespacename);
 
    return get_tablespace_oid(spcname, false);
}

References fb(), get_tablespace_oid(), and text_to_cstring().

Referenced by has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), and has_tablespace_privilege_name_name().

◆ convert_tablespace_priv_string()

static AclMode convert_tablespace_priv_string ( text * priv_type_text )

static

Definition at line 4405 of file acl.c.

{
    static const priv_map tablespace_priv_map[] = {
        {"CREATE", ACL_CREATE},
        {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
        {NULL, 0}
    };
 
    return convert_any_priv_string(priv_type_text, tablespace_priv_map);
}

References ACL_CREATE, ACL_GRANT_OPTION_FOR, convert_any_priv_string(), and fb().

Referenced by has_tablespace_privilege_id(), has_tablespace_privilege_id_id(), has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), has_tablespace_privilege_name_id(), and has_tablespace_privilege_name_name().

◆ convert_type_name()

static Oid convert_type_name ( text * typename )

static

Definition at line 4592 of file acl.c.

{
    char       *typname = text_to_cstring(typename);
    Oid         oid;
 
    oid = DatumGetObjectId(DirectFunctionCall1(regtypein,
                                               CStringGetDatum(typname)));
 
    if (!OidIsValid(oid))
        ereport(ERROR,
                (errcode(ERRCODE_UNDEFINED_OBJECT),
                 errmsg("type \"%s\" does not exist", typname)));
 
    return oid;
}

References CStringGetDatum(), DatumGetObjectId(), DirectFunctionCall1, ereport, errcode(), errmsg, ERROR, fb(), OidIsValid, regtypein(), text_to_cstring(), and typname.

Referenced by has_type_privilege_id_name(), has_type_privilege_name(), and has_type_privilege_name_name().

◆ convert_type_priv_string()

static AclMode convert_type_priv_string ( text * priv_type_text )

static

Definition at line 4613 of file acl.c.

{
    static const priv_map type_priv_map[] = {
        {"USAGE", ACL_USAGE},
        {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
        {NULL, 0}
    };
 
    return convert_any_priv_string(priv_type_text, type_priv_map);
}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, convert_any_priv_string(), and fb().

Referenced by has_type_privilege_id(), has_type_privilege_id_id(), has_type_privilege_id_name(), has_type_privilege_name(), has_type_privilege_name_id(), and has_type_privilege_name_name().

◆ get_role_oid()

Oid get_role_oid	(	const char *	rolname,
		bool	missing_ok
	)

Definition at line 5605 of file acl.c.

{
    Oid         oid;
 
    oid = GetSysCacheOid1(AUTHNAME, Anum_pg_authid_oid,
                          CStringGetDatum(rolname));
    if (!OidIsValid(oid) && !missing_ok)
        ereport(ERROR,
                (errcode(ERRCODE_UNDEFINED_OBJECT),
                 errmsg("role \"%s\" does not exist", rolname)));
    return oid;
}

References CStringGetDatum(), ereport, errcode(), errmsg, ERROR, fb(), GetSysCacheOid1, OidIsValid, and rolname.

Referenced by aclparse(), check_hba(), check_ident_usermap(), createdb(), CreateRole(), get_object_address_unqualified(), get_role_oid_or_public(), get_rolespec_oid(), GrantRole(), is_member(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), pg_has_role_name_name(), regrolein(), shell_check_detail(), and worker_spi_launch().

◆ get_role_oid_or_public()

Oid get_role_oid_or_public ( const char * rolname )

Definition at line 5623 of file acl.c.

{
    if (strcmp(rolname, "public") == 0)
        return ACL_ID_PUBLIC;
 
    return get_role_oid(rolname, false);
}

References ACL_ID_PUBLIC, fb(), get_role_oid(), and rolname.

◆ get_rolespec_name()

char * get_rolespec_name ( const RoleSpec * role )

Definition at line 5724 of file acl.c.

{
    HeapTuple   tp;
    Form_pg_authid authForm;
    char       *rolename;
 
    tp = get_rolespec_tuple(role);
    authForm = (Form_pg_authid) GETSTRUCT(tp);
    rolename = pstrdup(NameStr(authForm->rolname));
    ReleaseSysCache(tp);
 
    return rolename;
}

References fb(), Form_pg_authid, get_rolespec_tuple(), GETSTRUCT(), NameStr, pstrdup(), and ReleaseSysCache().

Referenced by AddRoleMems(), and DelRoleMems().

◆ get_rolespec_oid()

Oid get_rolespec_oid	(	const RoleSpec *	role,
		bool	missing_ok
	)

Definition at line 5639 of file acl.c.

{
    Oid         oid;
 
    switch (role->roletype)
    {
        case ROLESPEC_CSTRING:
            Assert(role->rolename);
            oid = get_role_oid(role->rolename, missing_ok);
            break;
 
        case ROLESPEC_CURRENT_ROLE:
        case ROLESPEC_CURRENT_USER:
            oid = GetUserId();
            break;
 
        case ROLESPEC_SESSION_USER:
            oid = GetSessionUserId();
            break;
 
        case ROLESPEC_PUBLIC:
            ereport(ERROR,
                    (errcode(ERRCODE_UNDEFINED_OBJECT),
                     errmsg("role \"%s\" does not exist", "public")));
            oid = InvalidOid;   /* make compiler happy */
            break;
 
        default:
            elog(ERROR, "unexpected role type %d", role->roletype);
    }
 
    return oid;
}

References Assert, elog, ereport, errcode(), errmsg, ERROR, fb(), get_role_oid(), GetSessionUserId(), GetUserId(), InvalidOid, RoleSpec::rolename, ROLESPEC_CSTRING, ROLESPEC_CURRENT_ROLE, ROLESPEC_CURRENT_USER, ROLESPEC_PUBLIC, ROLESPEC_SESSION_USER, and RoleSpec::roletype.

Referenced by AlterUserMapping(), ATExecCmd(), CreateSchemaCommand(), CreateTableSpace(), CreateUserMapping(), ExecAlterDefaultPrivilegesStmt(), ExecAlterOwnerStmt(), ExecuteGrantStmt(), GrantRole(), policy_role_list_to_array(), ReassignOwnedObjects(), RemoveUserMapping(), roleSpecsToIds(), and select_best_grantor().

◆ get_rolespec_tuple()

HeapTuple get_rolespec_tuple ( const RoleSpec * role )

Definition at line 5678 of file acl.c.

{
    HeapTuple   tuple;
 
    switch (role->roletype)
    {
        case ROLESPEC_CSTRING:
            Assert(role->rolename);
            tuple = SearchSysCache1(AUTHNAME, CStringGetDatum(role->rolename));
            if (!HeapTupleIsValid(tuple))
                ereport(ERROR,
                        (errcode(ERRCODE_UNDEFINED_OBJECT),
                         errmsg("role \"%s\" does not exist", role->rolename)));
            break;
 
        case ROLESPEC_CURRENT_ROLE:
        case ROLESPEC_CURRENT_USER:
            tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(GetUserId()));
            if (!HeapTupleIsValid(tuple))
                elog(ERROR, "cache lookup failed for role %u", GetUserId());
            break;
 
        case ROLESPEC_SESSION_USER:
            tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(GetSessionUserId()));
            if (!HeapTupleIsValid(tuple))
                elog(ERROR, "cache lookup failed for role %u", GetSessionUserId());
            break;
 
        case ROLESPEC_PUBLIC:
            ereport(ERROR,
                    (errcode(ERRCODE_UNDEFINED_OBJECT),
                     errmsg("role \"%s\" does not exist", "public")));
            tuple = NULL;       /* make compiler happy */
            break;
 
        default:
            elog(ERROR, "unexpected role type %d", role->roletype);
    }
 
    return tuple;
}

References Assert, CStringGetDatum(), elog, ereport, errcode(), errmsg, ERROR, fb(), GetSessionUserId(), GetUserId(), HeapTupleIsValid, ObjectIdGetDatum(), RoleSpec::rolename, ROLESPEC_CSTRING, ROLESPEC_CURRENT_ROLE, ROLESPEC_CURRENT_USER, ROLESPEC_PUBLIC, ROLESPEC_SESSION_USER, RoleSpec::roletype, and SearchSysCache1().

Referenced by AlterRole(), AlterRoleSet(), CreateRole(), and get_rolespec_name().

◆ getid()

static const char * getid	(	const char *	s,
		char *	n,
		Node *	escontext
	)

static

Definition at line 171 of file acl.c.

{
    int         len = 0;
    bool        in_quotes = false;
 
    Assert(s && n);
 
    while (isspace((unsigned char) *s))
        s++;
    for (;
         *s != '\0' &&
         (in_quotes || *s == '"' || is_safe_acl_char(*s, true));
         s++)
    {
        if (*s == '"')
        {
            if (!in_quotes)
            {
                in_quotes = true;
                continue;
            }
            /* safe to look at next char (could be '\0' though) */
            if (*(s + 1) != '"')
            {
                in_quotes = false;
                continue;
            }
            /* it's an escaped double quote; skip the escaping char */
            s++;
        }
 
        /* Add the character to the string */
        if (len >= NAMEDATALEN - 1)
            ereturn(escontext, NULL,
                    (errcode(ERRCODE_NAME_TOO_LONG),
                     errmsg("identifier too long"),
                     errdetail("Identifier must be less than %d characters.",
                               NAMEDATALEN)));
 
        n[len++] = *s;
    }
    n[len] = '\0';
    while (isspace((unsigned char) *s))
        s++;
    return s;
}

References Assert, ereturn, errcode(), errdetail(), errmsg, fb(), is_safe_acl_char(), len, and NAMEDATALEN.

Referenced by aclparse().

◆ has_any_column_privilege_id()

Datum has_any_column_privilege_id ( PG_FUNCTION_ARGS )

Definition at line 2453 of file acl.c.

{
    Oid         tableoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = GetUserId();
    mode = convert_column_priv_string(priv_type_text);
 
    /* First check at table level, then examine each column if needed */
    aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
    if (aclresult != ACLCHECK_OK)
    {
        if (is_missing)
            PG_RETURN_NULL();
        aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
                                                  ACLMASK_ANY, &is_missing);
        if (is_missing)
            PG_RETURN_NULL();
    }
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), fb(), GetUserId(), mode, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_any_column_privilege_id_id()

Datum has_any_column_privilege_id_id ( PG_FUNCTION_ARGS )

Definition at line 2513 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         tableoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    mode = convert_column_priv_string(priv_type_text);
 
    /* First check at table level, then examine each column if needed */
    aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
    if (aclresult != ACLCHECK_OK)
    {
        if (is_missing)
            PG_RETURN_NULL();
        aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
                                                  ACLMASK_ANY, &is_missing);
        if (is_missing)
            PG_RETURN_NULL();
    }
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), fb(), mode, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_any_column_privilege_id_name()

Datum has_any_column_privilege_id_name ( PG_FUNCTION_ARGS )

Definition at line 2486 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *tablename = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         tableoid;
    AclMode     mode;
    AclResult   aclresult;
 
    tableoid = convert_table_name(tablename);
    mode = convert_column_priv_string(priv_type_text);
 
    /* First check at table level, then examine each column if needed */
    aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    if (aclresult != ACLCHECK_OK)
        aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
                                              ACLMASK_ANY);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), fb(), mode, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_any_column_privilege_name()

Datum has_any_column_privilege_name ( PG_FUNCTION_ARGS )

Definition at line 2390 of file acl.c.

{
    text       *tablename = PG_GETARG_TEXT_PP(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    Oid         tableoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = GetUserId();
    tableoid = convert_table_name(tablename);
    mode = convert_column_priv_string(priv_type_text);
 
    /* First check at table level, then examine each column if needed */
    aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    if (aclresult != ACLCHECK_OK)
        aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
                                              ACLMASK_ANY);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), fb(), GetUserId(), mode, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_any_column_privilege_name_id()

Datum has_any_column_privilege_name_id ( PG_FUNCTION_ARGS )

Definition at line 2418 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         tableoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_column_priv_string(priv_type_text);
 
    /* First check at table level, then examine each column if needed */
    aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
    if (aclresult != ACLCHECK_OK)
    {
        if (is_missing)
            PG_RETURN_NULL();
        aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
                                                  ACLMASK_ANY, &is_missing);
        if (is_missing)
            PG_RETURN_NULL();
    }
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_any_column_privilege_name_name()

Datum has_any_column_privilege_name_name ( PG_FUNCTION_ARGS )

Definition at line 2360 of file acl.c.

{
    Name        rolename = PG_GETARG_NAME(0);
    text       *tablename = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    Oid         tableoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = get_role_oid_or_public(NameStr(*rolename));
    tableoid = convert_table_name(tablename);
    mode = convert_column_priv_string(priv_type_text);
 
    /* First check at table level, then examine each column if needed */
    aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    if (aclresult != ACLCHECK_OK)
        aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
                                              ACLMASK_ANY);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), fb(), get_role_oid_or_public(), mode, NameStr, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_column_privilege_id_attnum()

Datum has_column_privilege_id_attnum ( PG_FUNCTION_ARGS )

Definition at line 2896 of file acl.c.

{
    Oid         tableoid = PG_GETARG_OID(0);
    AttrNumber  colattnum = PG_GETARG_INT16(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    AclMode     mode;
    int         privresult;
 
    roleid = GetUserId();
    mode = convert_column_priv_string(priv_type_text);
 
    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

References column_privilege_check(), convert_column_priv_string(), fb(), GetUserId(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_id_attnum()

Datum has_column_privilege_id_id_attnum ( PG_FUNCTION_ARGS )

Definition at line 2789 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         tableoid = PG_GETARG_OID(1);
    AttrNumber  colattnum = PG_GETARG_INT16(2);
    text       *priv_type_text = PG_GETARG_TEXT_PP(3);
    AclMode     mode;
    int         privresult;
 
    mode = convert_column_priv_string(priv_type_text);
 
    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

References column_privilege_check(), convert_column_priv_string(), fb(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_id_name()

Datum has_column_privilege_id_id_name ( PG_FUNCTION_ARGS )

Definition at line 2764 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         tableoid = PG_GETARG_OID(1);
    text       *column = PG_GETARG_TEXT_PP(2);
    text       *priv_type_text = PG_GETARG_TEXT_PP(3);
    AttrNumber  colattnum;
    AclMode     mode;
    int         privresult;
 
    colattnum = convert_column_name(tableoid, column);
    mode = convert_column_priv_string(priv_type_text);
 
    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), fb(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name()

Datum has_column_privilege_id_name ( PG_FUNCTION_ARGS )

Definition at line 2869 of file acl.c.

{
    Oid         tableoid = PG_GETARG_OID(0);
    text       *column = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    AttrNumber  colattnum;
    AclMode     mode;
    int         privresult;
 
    roleid = GetUserId();
    colattnum = convert_column_name(tableoid, column);
    mode = convert_column_priv_string(priv_type_text);
 
    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), fb(), GetUserId(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name_attnum()

Datum has_column_privilege_id_name_attnum ( PG_FUNCTION_ARGS )

Definition at line 2739 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *tablename = PG_GETARG_TEXT_PP(1);
    AttrNumber  colattnum = PG_GETARG_INT16(2);
    text       *priv_type_text = PG_GETARG_TEXT_PP(3);
    Oid         tableoid;
    AclMode     mode;
    int         privresult;
 
    tableoid = convert_table_name(tablename);
    mode = convert_column_priv_string(priv_type_text);
 
    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), fb(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name_name()

Datum has_column_privilege_id_name_name ( PG_FUNCTION_ARGS )

Definition at line 2712 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *tablename = PG_GETARG_TEXT_PP(1);
    text       *column = PG_GETARG_TEXT_PP(2);
    text       *priv_type_text = PG_GETARG_TEXT_PP(3);
    Oid         tableoid;
    AttrNumber  colattnum;
    AclMode     mode;
    int         privresult;
 
    tableoid = convert_table_name(tablename);
    colattnum = convert_column_name(tableoid, column);
    mode = convert_column_priv_string(priv_type_text);
 
    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), fb(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_attnum()

Datum has_column_privilege_name_attnum ( PG_FUNCTION_ARGS )

Definition at line 2842 of file acl.c.

{
    text       *tablename = PG_GETARG_TEXT_PP(0);
    AttrNumber  colattnum = PG_GETARG_INT16(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    Oid         tableoid;
    AclMode     mode;
    int         privresult;
 
    roleid = GetUserId();
    tableoid = convert_table_name(tablename);
    mode = convert_column_priv_string(priv_type_text);
 
    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), fb(), GetUserId(), mode, PG_GETARG_INT16, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_id_attnum()

Datum has_column_privilege_name_id_attnum ( PG_FUNCTION_ARGS )

Definition at line 2687 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         tableoid = PG_GETARG_OID(1);
    AttrNumber  colattnum = PG_GETARG_INT16(2);
    text       *priv_type_text = PG_GETARG_TEXT_PP(3);
    Oid         roleid;
    AclMode     mode;
    int         privresult;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_column_priv_string(priv_type_text);
 
    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

References column_privilege_check(), convert_column_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_INT16, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_column_privilege_name_id_name()

Datum has_column_privilege_name_id_name ( PG_FUNCTION_ARGS )

Definition at line 2660 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         tableoid = PG_GETARG_OID(1);
    text       *column = PG_GETARG_TEXT_PP(2);
    text       *priv_type_text = PG_GETARG_TEXT_PP(3);
    Oid         roleid;
    AttrNumber  colattnum;
    AclMode     mode;
    int         privresult;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    colattnum = convert_column_name(tableoid, column);
    mode = convert_column_priv_string(priv_type_text);
 
    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_column_privilege_name_name()

Datum has_column_privilege_name_name ( PG_FUNCTION_ARGS )

Definition at line 2813 of file acl.c.

{
    text       *tablename = PG_GETARG_TEXT_PP(0);
    text       *column = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    Oid         tableoid;
    AttrNumber  colattnum;
    AclMode     mode;
    int         privresult;
 
    roleid = GetUserId();
    tableoid = convert_table_name(tablename);
    colattnum = convert_column_name(tableoid, column);
    mode = convert_column_priv_string(priv_type_text);
 
    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), fb(), GetUserId(), mode, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_name_attnum()

Datum has_column_privilege_name_name_attnum ( PG_FUNCTION_ARGS )

Definition at line 2633 of file acl.c.

{
    Name        rolename = PG_GETARG_NAME(0);
    text       *tablename = PG_GETARG_TEXT_PP(1);
    AttrNumber  colattnum = PG_GETARG_INT16(2);
    text       *priv_type_text = PG_GETARG_TEXT_PP(3);
    Oid         roleid;
    Oid         tableoid;
    AclMode     mode;
    int         privresult;
 
    roleid = get_role_oid_or_public(NameStr(*rolename));
    tableoid = convert_table_name(tablename);
    mode = convert_column_priv_string(priv_type_text);
 
    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), fb(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_INT16, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_name_name()

Datum has_column_privilege_name_name_name ( PG_FUNCTION_ARGS )

Definition at line 2604 of file acl.c.

{
    Name        rolename = PG_GETARG_NAME(0);
    text       *tablename = PG_GETARG_TEXT_PP(1);
    text       *column = PG_GETARG_TEXT_PP(2);
    text       *priv_type_text = PG_GETARG_TEXT_PP(3);
    Oid         roleid;
    Oid         tableoid;
    AttrNumber  colattnum;
    AclMode     mode;
    int         privresult;
 
    roleid = get_role_oid_or_public(NameStr(*rolename));
    tableoid = convert_table_name(tablename);
    colattnum = convert_column_name(tableoid, column);
    mode = convert_column_priv_string(priv_type_text);
 
    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), fb(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id()

Datum has_database_privilege_id ( PG_FUNCTION_ARGS )

Definition at line 3096 of file acl.c.

{
    Oid         databaseoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = GetUserId();
    mode = convert_database_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(DatabaseRelationId, databaseoid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_database_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id_id()

Datum has_database_privilege_id_id ( PG_FUNCTION_ARGS )

Definition at line 3147 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         databaseoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    mode = convert_database_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(DatabaseRelationId, databaseoid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_database_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id_name()

Datum has_database_privilege_id_name ( PG_FUNCTION_ARGS )

Definition at line 3124 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *databasename = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         databaseoid;
    AclMode     mode;
    AclResult   aclresult;
 
    databaseoid = convert_database_name(databasename);
    mode = convert_database_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_database_privilege_name()

Datum has_database_privilege_name ( PG_FUNCTION_ARGS )

Definition at line 3042 of file acl.c.

{
    text       *databasename = PG_GETARG_TEXT_PP(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    Oid         databaseoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = GetUserId();
    databaseoid = convert_database_name(databasename);
    mode = convert_database_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_database_privilege_name_id()

Datum has_database_privilege_name_id ( PG_FUNCTION_ARGS )

Definition at line 3066 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         databaseoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_database_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(DatabaseRelationId, databaseoid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_database_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_database_privilege_name_name()

Datum has_database_privilege_name_name ( PG_FUNCTION_ARGS )

Definition at line 3016 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    text       *databasename = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    Oid         databaseoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    databaseoid = convert_database_name(databasename);
    mode = convert_database_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_foreign_data_wrapper_privilege_id()

Datum has_foreign_data_wrapper_privilege_id ( PG_FUNCTION_ARGS )

Definition at line 3302 of file acl.c.

{
    Oid         fdwid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = GetUserId();
    mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(ForeignDataWrapperRelationId, fdwid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_foreign_data_wrapper_privilege_id_id()

Datum has_foreign_data_wrapper_privilege_id_id ( PG_FUNCTION_ARGS )

Definition at line 3353 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         fdwid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(ForeignDataWrapperRelationId, fdwid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_foreign_data_wrapper_privilege_id_name()

Datum has_foreign_data_wrapper_privilege_id_name ( PG_FUNCTION_ARGS )

Definition at line 3330 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *fdwname = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         fdwid;
    AclMode     mode;
    AclResult   aclresult;
 
    fdwid = convert_foreign_data_wrapper_name(fdwname);
    mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_foreign_data_wrapper_privilege_name()

Datum has_foreign_data_wrapper_privilege_name ( PG_FUNCTION_ARGS )

Definition at line 3248 of file acl.c.

{
    text       *fdwname = PG_GETARG_TEXT_PP(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    Oid         fdwid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = GetUserId();
    fdwid = convert_foreign_data_wrapper_name(fdwname);
    mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_foreign_data_wrapper_privilege_name_id()

Datum has_foreign_data_wrapper_privilege_name_id ( PG_FUNCTION_ARGS )

Definition at line 3272 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         fdwid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(ForeignDataWrapperRelationId, fdwid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_foreign_data_wrapper_privilege_name_name()

Datum has_foreign_data_wrapper_privilege_name_name ( PG_FUNCTION_ARGS )

Definition at line 3222 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    text       *fdwname = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    Oid         fdwid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    fdwid = convert_foreign_data_wrapper_name(fdwname);
    mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_function_privilege_id()

Datum has_function_privilege_id ( PG_FUNCTION_ARGS )

Definition at line 3502 of file acl.c.

{
    Oid         functionoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = GetUserId();
    mode = convert_function_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(ProcedureRelationId, functionoid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_function_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_function_privilege_id_id()

Datum has_function_privilege_id_id ( PG_FUNCTION_ARGS )

Definition at line 3553 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         functionoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    mode = convert_function_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(ProcedureRelationId, functionoid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_function_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_function_privilege_id_name()

Datum has_function_privilege_id_name ( PG_FUNCTION_ARGS )

Definition at line 3530 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *functionname = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         functionoid;
    AclMode     mode;
    AclResult   aclresult;
 
    functionoid = convert_function_name(functionname);
    mode = convert_function_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_function_privilege_name()

Datum has_function_privilege_name ( PG_FUNCTION_ARGS )

Definition at line 3448 of file acl.c.

{
    text       *functionname = PG_GETARG_TEXT_PP(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    Oid         functionoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = GetUserId();
    functionoid = convert_function_name(functionname);
    mode = convert_function_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_function_privilege_name_id()

Datum has_function_privilege_name_id ( PG_FUNCTION_ARGS )

Definition at line 3472 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         functionoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_function_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(ProcedureRelationId, functionoid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_function_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_function_privilege_name_name()

Datum has_function_privilege_name_name ( PG_FUNCTION_ARGS )

Definition at line 3422 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    text       *functionname = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    Oid         functionoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    functionoid = convert_function_name(functionname);
    mode = convert_function_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_language_privilege_id()

Datum has_language_privilege_id ( PG_FUNCTION_ARGS )

Definition at line 3711 of file acl.c.

{
    Oid         languageoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = GetUserId();
    mode = convert_language_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(LanguageRelationId, languageoid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_language_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_language_privilege_id_id()

Datum has_language_privilege_id_id ( PG_FUNCTION_ARGS )

Definition at line 3762 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         languageoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    mode = convert_language_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(LanguageRelationId, languageoid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_language_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_language_privilege_id_name()

Datum has_language_privilege_id_name ( PG_FUNCTION_ARGS )

Definition at line 3739 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *languagename = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         languageoid;
    AclMode     mode;
    AclResult   aclresult;
 
    languageoid = convert_language_name(languagename);
    mode = convert_language_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_language_privilege_name()

Datum has_language_privilege_name ( PG_FUNCTION_ARGS )

Definition at line 3657 of file acl.c.

{
    text       *languagename = PG_GETARG_TEXT_PP(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    Oid         languageoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = GetUserId();
    languageoid = convert_language_name(languagename);
    mode = convert_language_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_language_privilege_name_id()

Datum has_language_privilege_name_id ( PG_FUNCTION_ARGS )

Definition at line 3681 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         languageoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_language_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(LanguageRelationId, languageoid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_language_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_language_privilege_name_name()

Datum has_language_privilege_name_name ( PG_FUNCTION_ARGS )

Definition at line 3631 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    text       *languagename = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    Oid         languageoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    languageoid = convert_language_name(languagename);
    mode = convert_language_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_largeobject_privilege_id()

Datum has_largeobject_privilege_id ( PG_FUNCTION_ARGS )

Definition at line 4791 of file acl.c.

{
    Oid         lobjId = PG_GETARG_OID(0);
    Oid         roleid = GetUserId();
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    AclMode     mode;
    bool        is_missing = false;
    bool        result;
 
    mode = convert_largeobject_priv_string(priv_type_text);
    result = has_lo_priv_byid(roleid, lobjId, mode, &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(result);
}

References convert_largeobject_priv_string(), fb(), GetUserId(), has_lo_priv_byid(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_largeobject_privilege_id_id()

Datum has_largeobject_privilege_id_id ( PG_FUNCTION_ARGS )

Definition at line 4815 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         lobjId = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    AclMode     mode;
    bool        is_missing = false;
    bool        result;
 
    mode = convert_largeobject_priv_string(priv_type_text);
    result = has_lo_priv_byid(roleid, lobjId, mode, &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(result);
}

References convert_largeobject_priv_string(), fb(), has_lo_priv_byid(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_largeobject_privilege_name_id()

Datum has_largeobject_privilege_name_id ( PG_FUNCTION_ARGS )

Definition at line 4765 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         roleid = get_role_oid_or_public(NameStr(*username));
    Oid         lobjId = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    AclMode     mode;
    bool        is_missing = false;
    bool        result;
 
    mode = convert_largeobject_priv_string(priv_type_text);
    result = has_lo_priv_byid(roleid, lobjId, mode, &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(result);
}

References convert_largeobject_priv_string(), fb(), get_role_oid_or_public(), has_lo_priv_byid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_lo_priv_byid()

static bool has_lo_priv_byid	(	Oid	roleid,
		Oid	lobjId,
		AclMode	priv,
		bool *	is_missing
	)

static

Definition at line 4732 of file acl.c.

{
    Snapshot    snapshot = NULL;
    AclResult   aclresult;
 
    if (priv & ACL_UPDATE)
        snapshot = NULL;
    else
        snapshot = GetActiveSnapshot();
 
    if (!LargeObjectExistsWithSnapshot(lobjId, snapshot))
    {
        Assert(is_missing != NULL);
        *is_missing = true;
        return false;
    }
 
    if (lo_compat_privileges)
        return true;
 
    aclresult = pg_largeobject_aclcheck_snapshot(lobjId,
                                                 roleid,
                                                 priv,
                                                 snapshot);
    return aclresult == ACLCHECK_OK;
}

References ACL_UPDATE, ACLCHECK_OK, Assert, fb(), GetActiveSnapshot(), LargeObjectExistsWithSnapshot(), lo_compat_privileges, and pg_largeobject_aclcheck_snapshot().

Referenced by has_largeobject_privilege_id(), has_largeobject_privilege_id_id(), and has_largeobject_privilege_name_id().

◆ has_param_priv_byname()

static bool has_param_priv_byname	(	Oid	roleid,
		const text *	parameter,
		AclMode	priv
	)

static

Definition at line 4641 of file acl.c.

{
    char       *paramstr = text_to_cstring(parameter);
 
    return pg_parameter_aclcheck(paramstr, roleid, priv) == ACLCHECK_OK;
}

References ACLCHECK_OK, fb(), pg_parameter_aclcheck(), and text_to_cstring().

Referenced by has_parameter_privilege_id_name(), has_parameter_privilege_name(), and has_parameter_privilege_name_name().

◆ has_parameter_privilege_id_name()

Datum has_parameter_privilege_id_name ( PG_FUNCTION_ARGS )

Definition at line 4684 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *parameter = PG_GETARG_TEXT_PP(1);
    AclMode     priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(2));
 
    PG_RETURN_BOOL(has_param_priv_byname(roleid, parameter, priv));
}

References convert_parameter_priv_string(), fb(), has_param_priv_byname(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_parameter_privilege_name()

Datum has_parameter_privilege_name ( PG_FUNCTION_ARGS )

Definition at line 4670 of file acl.c.

{
    text       *parameter = PG_GETARG_TEXT_PP(0);
    AclMode     priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(1));
 
    PG_RETURN_BOOL(has_param_priv_byname(GetUserId(), parameter, priv));
}

References convert_parameter_priv_string(), fb(), GetUserId(), has_param_priv_byname(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_parameter_privilege_name_name()

Datum has_parameter_privilege_name_name ( PG_FUNCTION_ARGS )

Definition at line 4654 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    text       *parameter = PG_GETARG_TEXT_PP(1);
    AclMode     priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(2));
    Oid         roleid = get_role_oid_or_public(NameStr(*username));
 
    PG_RETURN_BOOL(has_param_priv_byname(roleid, parameter, priv));
}

References convert_parameter_priv_string(), fb(), get_role_oid_or_public(), has_param_priv_byname(), NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_privs_of_role()

bool has_privs_of_role	(	Oid	member,
		Oid	role
	)

Definition at line 5314 of file acl.c.

{
    /* Fast path for simple case */
    if (member == role)
        return true;
 
    /* Superusers have every privilege, so are part of every role */
    if (superuser_arg(member))
        return true;
 
    /*
     * Find all the roles that member has the privileges of, including
     * multi-level recursion, then see if target role is any one of them.
     */
    return list_member_oid(roles_is_member_of(member, ROLERECURSE_PRIVS,
                                              InvalidOid, NULL),
                           role);
}

References fb(), InvalidOid, list_member_oid(), ROLERECURSE_PRIVS, roles_is_member_of(), and superuser_arg().

Referenced by aclmask(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), bbsink_server_new(), calculate_database_size(), calculate_tablespace_size(), check_role_for_policy(), check_role_grantor(), ConfigOptionIsVisible(), convert_and_check_filename(), CreateSubscription(), DoCopy(), DropOwnedObjects(), ExecAlterDefaultPrivilegesStmt(), ExecCheckpoint(), file_fdw_validator(), GetConfigOptionValues(), InitPostgres(), object_ownercheck(), pg_class_aclmask_ext(), pg_get_multixact_stats(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask_ext(), pg_role_aclcheck(), pg_signal_backend(), pg_stat_get_recovery(), pg_stat_get_wal_receiver(), pg_stat_get_wal_senders(), pg_stat_statements_internal(), pgrowlocks(), ReassignOwnedObjects(), ReindexMultipleTables(), select_best_grantor(), shell_check_detail(), and TerminateOtherDBBackends().

◆ has_schema_privilege_id()

Datum has_schema_privilege_id ( PG_FUNCTION_ARGS )

Definition at line 3911 of file acl.c.

{
    Oid         schemaoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = GetUserId();
    mode = convert_schema_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(NamespaceRelationId, schemaoid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_schema_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_schema_privilege_id_id()

Datum has_schema_privilege_id_id ( PG_FUNCTION_ARGS )

Definition at line 3962 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         schemaoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    mode = convert_schema_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(NamespaceRelationId, schemaoid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_schema_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_schema_privilege_id_name()

Datum has_schema_privilege_id_name ( PG_FUNCTION_ARGS )

Definition at line 3939 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *schemaname = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         schemaoid;
    AclMode     mode;
    AclResult   aclresult;
 
    schemaoid = convert_schema_name(schemaname);
    mode = convert_schema_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_schema_privilege_name()

Datum has_schema_privilege_name ( PG_FUNCTION_ARGS )

Definition at line 3857 of file acl.c.

{
    text       *schemaname = PG_GETARG_TEXT_PP(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    Oid         schemaoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = GetUserId();
    schemaoid = convert_schema_name(schemaname);
    mode = convert_schema_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_schema_privilege_name_id()

Datum has_schema_privilege_name_id ( PG_FUNCTION_ARGS )

Definition at line 3881 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         schemaoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_schema_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(NamespaceRelationId, schemaoid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_schema_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_schema_privilege_name_name()

Datum has_schema_privilege_name_name ( PG_FUNCTION_ARGS )

Definition at line 3831 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    text       *schemaname = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    Oid         schemaoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    schemaoid = convert_schema_name(schemaname);
    mode = convert_schema_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_sequence_privilege_id()

Datum has_sequence_privilege_id ( PG_FUNCTION_ARGS )

Definition at line 2231 of file acl.c.

{
    Oid         sequenceoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    char        relkind;
    bool        is_missing = false;
 
    roleid = GetUserId();
    mode = convert_sequence_priv_string(priv_type_text);
    relkind = get_rel_relkind(sequenceoid);
    if (relkind == '\0')
        PG_RETURN_NULL();
    else if (relkind != RELKIND_SEQUENCE)
        ereport(ERROR,
                (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                 errmsg("\"%s\" is not a sequence",
                        get_rel_name(sequenceoid))));
 
    aclresult = pg_class_aclcheck_ext(sequenceoid, roleid, mode, &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg, ERROR, fb(), get_rel_name(), get_rel_relkind(), GetUserId(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_sequence_privilege_id_id()

Datum has_sequence_privilege_id_id ( PG_FUNCTION_ARGS )

Definition at line 2294 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         sequenceoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    AclMode     mode;
    AclResult   aclresult;
    char        relkind;
    bool        is_missing = false;
 
    mode = convert_sequence_priv_string(priv_type_text);
    relkind = get_rel_relkind(sequenceoid);
    if (relkind == '\0')
        PG_RETURN_NULL();
    else if (relkind != RELKIND_SEQUENCE)
        ereport(ERROR,
                (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                 errmsg("\"%s\" is not a sequence",
                        get_rel_name(sequenceoid))));
 
    aclresult = pg_class_aclcheck_ext(sequenceoid, roleid, mode, &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg, ERROR, fb(), get_rel_name(), get_rel_relkind(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_sequence_privilege_id_name()

Datum has_sequence_privilege_id_name ( PG_FUNCTION_ARGS )

Definition at line 2266 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *sequencename = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         sequenceoid;
    AclMode     mode;
    AclResult   aclresult;
 
    mode = convert_sequence_priv_string(priv_type_text);
    sequenceoid = convert_table_name(sequencename);
    if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
        ereport(ERROR,
                (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                 errmsg("\"%s\" is not a sequence",
                        text_to_cstring(sequencename))));
 
    aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg, ERROR, fb(), get_rel_relkind(), mode, pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and text_to_cstring().

◆ has_sequence_privilege_name()

Datum has_sequence_privilege_name ( PG_FUNCTION_ARGS )

Definition at line 2165 of file acl.c.

{
    text       *sequencename = PG_GETARG_TEXT_PP(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    Oid         sequenceoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = GetUserId();
    mode = convert_sequence_priv_string(priv_type_text);
    sequenceoid = convert_table_name(sequencename);
    if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
        ereport(ERROR,
                (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                 errmsg("\"%s\" is not a sequence",
                        text_to_cstring(sequencename))));
 
    aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg, ERROR, fb(), get_rel_relkind(), GetUserId(), mode, pg_class_aclcheck(), PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and text_to_cstring().

◆ has_sequence_privilege_name_id()

Datum has_sequence_privilege_name_id ( PG_FUNCTION_ARGS )

Definition at line 2194 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         sequenceoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    char        relkind;
    bool        is_missing = false;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_sequence_priv_string(priv_type_text);
    relkind = get_rel_relkind(sequenceoid);
    if (relkind == '\0')
        PG_RETURN_NULL();
    else if (relkind != RELKIND_SEQUENCE)
        ereport(ERROR,
                (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                 errmsg("\"%s\" is not a sequence",
                        get_rel_name(sequenceoid))));
 
    aclresult = pg_class_aclcheck_ext(sequenceoid, roleid, mode, &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg, ERROR, fb(), get_rel_name(), get_rel_relkind(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_sequence_privilege_name_name()

Datum has_sequence_privilege_name_name ( PG_FUNCTION_ARGS )

Definition at line 2134 of file acl.c.

{
    Name        rolename = PG_GETARG_NAME(0);
    text       *sequencename = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    Oid         sequenceoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = get_role_oid_or_public(NameStr(*rolename));
    mode = convert_sequence_priv_string(priv_type_text);
    sequenceoid = convert_table_name(sequencename);
    if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
        ereport(ERROR,
                (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                 errmsg("\"%s\" is not a sequence",
                        text_to_cstring(sequencename))));
 
    aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg, ERROR, fb(), get_rel_relkind(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and text_to_cstring().

◆ has_server_privilege_id()

Datum has_server_privilege_id ( PG_FUNCTION_ARGS )

Definition at line 4113 of file acl.c.

{
    Oid         serverid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = GetUserId();
    mode = convert_server_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(ForeignServerRelationId, serverid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_server_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_server_privilege_id_id()

Datum has_server_privilege_id_id ( PG_FUNCTION_ARGS )

Definition at line 4164 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         serverid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    mode = convert_server_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(ForeignServerRelationId, serverid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_server_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_server_privilege_id_name()

Datum has_server_privilege_id_name ( PG_FUNCTION_ARGS )

Definition at line 4141 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *servername = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         serverid;
    AclMode     mode;
    AclResult   aclresult;
 
    serverid = convert_server_name(servername);
    mode = convert_server_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_server_privilege_name()

Datum has_server_privilege_name ( PG_FUNCTION_ARGS )

Definition at line 4059 of file acl.c.

{
    text       *servername = PG_GETARG_TEXT_PP(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    Oid         serverid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = GetUserId();
    serverid = convert_server_name(servername);
    mode = convert_server_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_server_privilege_name_id()

Datum has_server_privilege_name_id ( PG_FUNCTION_ARGS )

Definition at line 4083 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         serverid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_server_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(ForeignServerRelationId, serverid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_server_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_server_privilege_name_name()

Datum has_server_privilege_name_name ( PG_FUNCTION_ARGS )

Definition at line 4033 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    text       *servername = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    Oid         serverid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    serverid = convert_server_name(servername);
    mode = convert_server_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_table_privilege_id()

Datum has_table_privilege_id ( PG_FUNCTION_ARGS )

Definition at line 2001 of file acl.c.

{
    Oid         tableoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = GetUserId();
    mode = convert_table_priv_string(priv_type_text);
 
    aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_table_priv_string(), fb(), GetUserId(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_table_privilege_id_id()

Datum has_table_privilege_id_id ( PG_FUNCTION_ARGS )

Definition at line 2050 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         tableoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    mode = convert_table_priv_string(priv_type_text);
 
    aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_table_priv_string(), fb(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_table_privilege_id_name()

Datum has_table_privilege_id_name ( PG_FUNCTION_ARGS )

Definition at line 2027 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *tablename = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         tableoid;
    AclMode     mode;
    AclResult   aclresult;
 
    tableoid = convert_table_name(tablename);
    mode = convert_table_priv_string(priv_type_text);
 
    aclresult = pg_class_aclcheck(tableoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), fb(), mode, pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_table_privilege_name()

Datum has_table_privilege_name ( PG_FUNCTION_ARGS )

Definition at line 1949 of file acl.c.

{
    text       *tablename = PG_GETARG_TEXT_PP(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    Oid         tableoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = GetUserId();
    tableoid = convert_table_name(tablename);
    mode = convert_table_priv_string(priv_type_text);
 
    aclresult = pg_class_aclcheck(tableoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), fb(), GetUserId(), mode, pg_class_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_table_privilege_name_id()

Datum has_table_privilege_name_id ( PG_FUNCTION_ARGS )

Definition at line 1973 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         tableoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_table_priv_string(priv_type_text);
 
    aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_table_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_table_privilege_name_name()

Datum has_table_privilege_name_name ( PG_FUNCTION_ARGS )

Definition at line 1923 of file acl.c.

{
    Name        rolename = PG_GETARG_NAME(0);
    text       *tablename = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    Oid         tableoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = get_role_oid_or_public(NameStr(*rolename));
    tableoid = convert_table_name(tablename);
    mode = convert_table_priv_string(priv_type_text);
 
    aclresult = pg_class_aclcheck(tableoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_id()

Datum has_tablespace_privilege_id ( PG_FUNCTION_ARGS )

Definition at line 4313 of file acl.c.

{
    Oid         tablespaceoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = GetUserId();
    mode = convert_tablespace_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(TableSpaceRelationId, tablespaceoid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_tablespace_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_tablespace_privilege_id_id()

Datum has_tablespace_privilege_id_id ( PG_FUNCTION_ARGS )

Definition at line 4364 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         tablespaceoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    mode = convert_tablespace_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(TableSpaceRelationId, tablespaceoid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_tablespace_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_tablespace_privilege_id_name()

Datum has_tablespace_privilege_id_name ( PG_FUNCTION_ARGS )

Definition at line 4341 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *tablespacename = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         tablespaceoid;
    AclMode     mode;
    AclResult   aclresult;
 
    tablespaceoid = convert_tablespace_name(tablespacename);
    mode = convert_tablespace_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_name()

Datum has_tablespace_privilege_name ( PG_FUNCTION_ARGS )

Definition at line 4259 of file acl.c.

{
    text       *tablespacename = PG_GETARG_TEXT_PP(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    Oid         tablespaceoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = GetUserId();
    tablespaceoid = convert_tablespace_name(tablespacename);
    mode = convert_tablespace_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_name_id()

Datum has_tablespace_privilege_name_id ( PG_FUNCTION_ARGS )

Definition at line 4283 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         tablespaceoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_tablespace_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(TableSpaceRelationId, tablespaceoid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_tablespace_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_tablespace_privilege_name_name()

Datum has_tablespace_privilege_name_name ( PG_FUNCTION_ARGS )

Definition at line 4233 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    text       *tablespacename = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    Oid         tablespaceoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    tablespaceoid = convert_tablespace_name(tablespacename);
    mode = convert_tablespace_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_type_privilege_id()

Datum has_type_privilege_id ( PG_FUNCTION_ARGS )

Definition at line 4512 of file acl.c.

{
    Oid         typeoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = GetUserId();
    mode = convert_type_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(TypeRelationId, typeoid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_type_priv_string(), fb(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_type_privilege_id_id()

Datum has_type_privilege_id_id ( PG_FUNCTION_ARGS )

Definition at line 4563 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         typeoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    mode = convert_type_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(TypeRelationId, typeoid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_type_priv_string(), fb(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_type_privilege_id_name()

Datum has_type_privilege_id_name ( PG_FUNCTION_ARGS )

Definition at line 4540 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *typename = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         typeoid;
    AclMode     mode;
    AclResult   aclresult;
 
    typeoid = convert_type_name(typename);
    mode = convert_type_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), fb(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_type_privilege_name()

Datum has_type_privilege_name ( PG_FUNCTION_ARGS )

Definition at line 4458 of file acl.c.

{
    text       *typename = PG_GETARG_TEXT_PP(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    Oid         typeoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = GetUserId();
    typeoid = convert_type_name(typename);
    mode = convert_type_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), fb(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_type_privilege_name_id()

Datum has_type_privilege_name_id ( PG_FUNCTION_ARGS )

Definition at line 4482 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         typeoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    bool        is_missing = false;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_type_priv_string(priv_type_text);
 
    aclresult = object_aclcheck_ext(TypeRelationId, typeoid,
                                    roleid, mode,
                                    &is_missing);
 
    if (is_missing)
        PG_RETURN_NULL();
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_type_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_type_privilege_name_name()

Datum has_type_privilege_name_name ( PG_FUNCTION_ARGS )

Definition at line 4432 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    text       *typename = PG_GETARG_TEXT_PP(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    Oid         typeoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = get_role_oid_or_public(NameStr(*username));
    typeoid = convert_type_name(typename);
    mode = convert_type_priv_string(priv_type_text);
 
    aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), fb(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ hash_aclitem()

Datum hash_aclitem ( PG_FUNCTION_ARGS )

Definition at line 792 of file acl.c.

{
    AclItem    *a = PG_GETARG_ACLITEM_P(0);
 
    /* not very bright, but avoids any issue of padding in struct */
    PG_RETURN_UINT32((uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor));
}

References a, PG_GETARG_ACLITEM_P, and PG_RETURN_UINT32.

◆ hash_aclitem_extended()

Datum hash_aclitem_extended ( PG_FUNCTION_ARGS )

Definition at line 806 of file acl.c.

{
    AclItem    *a = PG_GETARG_ACLITEM_P(0);
    uint64      seed = PG_GETARG_INT64(1);
    uint32      sum = (uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor);
 
    return (seed == 0) ? UInt64GetDatum(sum) : hash_uint32_extended(sum, seed);
}

References a, hash_uint32_extended(), PG_GETARG_ACLITEM_P, PG_GETARG_INT64, and UInt64GetDatum().

◆ initialize_acl()

void initialize_acl ( void )

Definition at line 5069 of file acl.c.

{
    if (!IsBootstrapProcessingMode())
    {
        cached_db_hash =
            GetSysCacheHashValue1(DATABASEOID,
                                  ObjectIdGetDatum(MyDatabaseId));
 
        /*
         * In normal mode, set a callback on any syscache invalidation of rows
         * of pg_auth_members (for roles_is_member_of()) pg_database (for
         * roles_is_member_of())
         */
        CacheRegisterSyscacheCallback(AUTHMEMROLEMEM,
                                      RoleMembershipCacheCallback,
                                      (Datum) 0);
        CacheRegisterSyscacheCallback(AUTHOID,
                                      RoleMembershipCacheCallback,
                                      (Datum) 0);
        CacheRegisterSyscacheCallback(DATABASEOID,
                                      RoleMembershipCacheCallback,
                                      (Datum) 0);
    }
}

References cached_db_hash, CacheRegisterSyscacheCallback(), fb(), GetSysCacheHashValue1, IsBootstrapProcessingMode, MyDatabaseId, ObjectIdGetDatum(), and RoleMembershipCacheCallback().

Referenced by InitPostgres().

◆ is_admin_of_role()

bool is_admin_of_role	(	Oid	member,
		Oid	role
	)

Definition at line 5444 of file acl.c.

{
    Oid         admin_role;
 
    if (superuser_arg(member))
        return true;
 
    /* By policy, a role cannot have WITH ADMIN OPTION on itself. */
    if (member == role)
        return false;
 
    (void) roles_is_member_of(member, ROLERECURSE_MEMBERS, role, &admin_role);
    return OidIsValid(admin_role);
}

References fb(), OidIsValid, ROLERECURSE_MEMBERS, roles_is_member_of(), and superuser_arg().

Referenced by AlterRole(), AlterRoleSet(), check_object_ownership(), check_role_membership_authorization(), DropRole(), pg_role_aclcheck(), and RenameRole().

◆ is_member_of_role()

bool is_member_of_role	(	Oid	member,
		Oid	role
	)

Definition at line 5394 of file acl.c.

{
    /* Fast path for simple case */
    if (member == role)
        return true;
 
    /* Superusers have every privilege, so are part of every role */
    if (superuser_arg(member))
        return true;
 
    /*
     * Find all the roles that member is a member of, including multi-level
     * recursion, then see if target role is any one of them.
     */
    return list_member_oid(roles_is_member_of(member, ROLERECURSE_MEMBERS,
                                              InvalidOid, NULL),
                           role);
}

References fb(), InvalidOid, list_member_oid(), ROLERECURSE_MEMBERS, roles_is_member_of(), and superuser_arg().

Referenced by pg_role_aclcheck().

◆ is_member_of_role_nosuper()

bool is_member_of_role_nosuper	(	Oid	member,
		Oid	role
	)

Definition at line 5422 of file acl.c.

{
    /* Fast path for simple case */
    if (member == role)
        return true;
 
    /*
     * Find all the roles that member is a member of, including multi-level
     * recursion, then see if target role is any one of them.
     */
    return list_member_oid(roles_is_member_of(member, ROLERECURSE_MEMBERS,
                                              InvalidOid, NULL),
                           role);
}

References fb(), InvalidOid, list_member_oid(), ROLERECURSE_MEMBERS, and roles_is_member_of().

Referenced by AddRoleMems(), and is_member().

◆ is_safe_acl_char()

static bool is_safe_acl_char	(	unsigned char	c,
		bool	is_getid
	)

inlinestatic

Definition at line 148 of file acl.c.

{
    if (IS_HIGHBIT_SET(c))
        return is_getid;
    return isalnum(c) || c == '_';
}

References fb(), and IS_HIGHBIT_SET.

Referenced by getid(), and putid().

◆ make_empty_acl()

Acl * make_empty_acl ( void )

Definition at line 462 of file acl.c.

{
    return allocacl(0);
}

References allocacl().

Referenced by SetDefaultACL().

◆ makeaclitem()

Datum makeaclitem ( PG_FUNCTION_ARGS )

Definition at line 1662 of file acl.c.

{
    Oid         grantee = PG_GETARG_OID(0);
    Oid         grantor = PG_GETARG_OID(1);
    text       *privtext = PG_GETARG_TEXT_PP(2);
    bool        goption = PG_GETARG_BOOL(3);
    AclItem    *result;
    AclMode     priv;
    static const priv_map any_priv_map[] = {
        {"SELECT", ACL_SELECT},
        {"INSERT", ACL_INSERT},
        {"UPDATE", ACL_UPDATE},
        {"DELETE", ACL_DELETE},
        {"TRUNCATE", ACL_TRUNCATE},
        {"REFERENCES", ACL_REFERENCES},
        {"TRIGGER", ACL_TRIGGER},
        {"EXECUTE", ACL_EXECUTE},
        {"USAGE", ACL_USAGE},
        {"CREATE", ACL_CREATE},
        {"TEMP", ACL_CREATE_TEMP},
        {"TEMPORARY", ACL_CREATE_TEMP},
        {"CONNECT", ACL_CONNECT},
        {"SET", ACL_SET},
        {"ALTER SYSTEM", ACL_ALTER_SYSTEM},
        {"MAINTAIN", ACL_MAINTAIN},
        {NULL, 0}
    };
 
    priv = convert_any_priv_string(privtext, any_priv_map);
 
    result = palloc_object(AclItem);
 
    result->ai_grantee = grantee;
    result->ai_grantor = grantor;
 
    ACLITEM_SET_PRIVS_GOPTIONS(*result, priv,
                               (goption ? priv : ACL_NO_RIGHTS));
 
    PG_RETURN_ACLITEM_P(result);
}

References ACL_ALTER_SYSTEM, ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_MAINTAIN, ACL_NO_RIGHTS, ACL_REFERENCES, ACL_SELECT, ACL_SET, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, ACLITEM_SET_PRIVS_GOPTIONS, AclItem::ai_grantee, AclItem::ai_grantor, convert_any_priv_string(), fb(), palloc_object, PG_GETARG_BOOL, PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_ACLITEM_P.

◆ member_can_set_role()

bool member_can_set_role	(	Oid	member,
		Oid	role
	)

Definition at line 5348 of file acl.c.

{
    /* Fast path for simple case */
    if (member == role)
        return true;
 
    /* Superusers have every privilege, so can always SET ROLE */
    if (superuser_arg(member))
        return true;
 
    /*
     * Find all the roles that member can access via SET ROLE, including
     * multi-level recursion, then see if target role is any one of them.
     */
    return list_member_oid(roles_is_member_of(member, ROLERECURSE_SETROLE,
                                              InvalidOid, NULL),
                           role);
}

References fb(), InvalidOid, list_member_oid(), ROLERECURSE_SETROLE, roles_is_member_of(), and superuser_arg().

Referenced by check_can_set_role(), check_role(), pg_role_aclcheck(), and SwitchToUntrustedUser().

◆ pg_has_role_id()

Datum pg_has_role_id ( PG_FUNCTION_ARGS )

Definition at line 4941 of file acl.c.

{
    Oid         roleoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = GetUserId();
    mode = convert_role_priv_string(priv_type_text);
 
    aclresult = pg_role_aclcheck(roleoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_role_priv_string(), fb(), GetUserId(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_id_id()

Datum pg_has_role_id_id ( PG_FUNCTION_ARGS )

Definition at line 4986 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         roleoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    AclMode     mode;
    AclResult   aclresult;
 
    mode = convert_role_priv_string(priv_type_text);
 
    aclresult = pg_role_aclcheck(roleoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_role_priv_string(), fb(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_id_name()

Datum pg_has_role_id_name ( PG_FUNCTION_ARGS )

Definition at line 4963 of file acl.c.

{
    Oid         roleid = PG_GETARG_OID(0);
    Name        rolename = PG_GETARG_NAME(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleoid = get_role_oid(NameStr(*rolename), false);
    mode = convert_role_priv_string(priv_type_text);
 
    aclresult = pg_role_aclcheck(roleoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_role_priv_string(), fb(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_name()

Datum pg_has_role_name ( PG_FUNCTION_ARGS )

Definition at line 4893 of file acl.c.

{
    Name        rolename = PG_GETARG_NAME(0);
    text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    Oid         roleid;
    Oid         roleoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = GetUserId();
    roleoid = get_role_oid(NameStr(*rolename), false);
    mode = convert_role_priv_string(priv_type_text);
 
    aclresult = pg_role_aclcheck(roleoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_role_priv_string(), fb(), get_role_oid(), GetUserId(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_name_id()

Datum pg_has_role_name_id ( PG_FUNCTION_ARGS )

Definition at line 4917 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         roleoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = get_role_oid(NameStr(*username), false);
    mode = convert_role_priv_string(priv_type_text);
 
    aclresult = pg_role_aclcheck(roleoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_role_priv_string(), fb(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, pg_role_aclcheck(), and username.

◆ pg_has_role_name_name()

Datum pg_has_role_name_name ( PG_FUNCTION_ARGS )

Definition at line 4867 of file acl.c.

{
    Name        username = PG_GETARG_NAME(0);
    Name        rolename = PG_GETARG_NAME(1);
    text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    Oid         roleid;
    Oid         roleoid;
    AclMode     mode;
    AclResult   aclresult;
 
    roleid = get_role_oid(NameStr(*username), false);
    roleoid = get_role_oid(NameStr(*rolename), false);
    mode = convert_role_priv_string(priv_type_text);
 
    aclresult = pg_role_aclcheck(roleoid, roleid, mode);
 
    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

References ACLCHECK_OK, convert_role_priv_string(), fb(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, pg_role_aclcheck(), and username.

◆ pg_role_aclcheck()

static AclResult pg_role_aclcheck	(	Oid	role_oid,
		Oid	roleid,
		AclMode	mode
	)

static

Definition at line 5039 of file acl.c.

{
    if (mode & ACL_GRANT_OPTION_FOR(ACL_CREATE))
    {
        if (is_admin_of_role(roleid, role_oid))
            return ACLCHECK_OK;
    }
    if (mode & ACL_CREATE)
    {
        if (is_member_of_role(roleid, role_oid))
            return ACLCHECK_OK;
    }
    if (mode & ACL_USAGE)
    {
        if (has_privs_of_role(roleid, role_oid))
            return ACLCHECK_OK;
    }
    if (mode & ACL_SET)
    {
        if (member_can_set_role(roleid, role_oid))
            return ACLCHECK_OK;
    }
    return ACLCHECK_NO_PRIV;
}

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_SET, ACL_USAGE, ACLCHECK_NO_PRIV, ACLCHECK_OK, fb(), has_privs_of_role(), is_admin_of_role(), is_member_of_role(), member_can_set_role(), and mode.

Referenced by pg_has_role_id(), pg_has_role_id_id(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), and pg_has_role_name_name().

◆ putid()

static void putid	(	char *	p,
		const char *	s
	)

static

Definition at line 224 of file acl.c.

{
    const char *src;
    bool        safe = true;
 
    /* Detect whether we need to use double quotes */
    for (src = s; *src; src++)
    {
        if (!is_safe_acl_char(*src, false))
        {
            safe = false;
            break;
        }
    }
    if (!safe)
        *p++ = '"';
    for (src = s; *src; src++)
    {
        /* A double quote character in a username is encoded as "" */
        if (*src == '"')
            *p++ = '"';
        *p++ = *src;
    }
    if (!safe)
        *p++ = '"';
    *p = '\0';
}

References fb(), and is_safe_acl_char().

Referenced by aclitemout().

◆ recursive_revoke()

static Acl * recursive_revoke	(	Acl *	acl,
		Oid	grantee,
		AclMode	revoke_privs,
		Oid	ownerId,
		DropBehavior	behavior
	)

static

Definition at line 1330 of file acl.c.

{
    AclMode     still_has;
    AclItem    *aip;
    int         i,
                num;
 
    check_acl(acl);
 
    /* The owner can never truly lose grant options, so short-circuit */
    if (grantee == ownerId)
        return acl;
 
    /* The grantee might still have some grant options via another grantor */
    still_has = aclmask(acl, grantee, ownerId,
                        ACL_GRANT_OPTION_FOR(revoke_privs),
                        ACLMASK_ALL);
    revoke_privs &= ~ACL_OPTION_TO_PRIVS(still_has);
    if (revoke_privs == ACL_NO_RIGHTS)
        return acl;
 
restart:
    num = ACL_NUM(acl);
    aip = ACL_DAT(acl);
    for (i = 0; i < num; i++)
    {
        if (aip[i].ai_grantor == grantee
            && (ACLITEM_GET_PRIVS(aip[i]) & revoke_privs) != 0)
        {
            AclItem     mod_acl;
            Acl        *new_acl;
 
            if (behavior == DROP_RESTRICT)
                ereport(ERROR,
                        (errcode(ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST),
                         errmsg("dependent privileges exist"),
                         errhint("Use CASCADE to revoke them too.")));
 
            mod_acl.ai_grantor = grantee;
            mod_acl.ai_grantee = aip[i].ai_grantee;
            ACLITEM_SET_PRIVS_GOPTIONS(mod_acl,
                                       revoke_privs,
                                       revoke_privs);
 
            new_acl = aclupdate(acl, &mod_acl, ACL_MODECHG_DEL,
                                ownerId, behavior);
 
            pfree(acl);
            acl = new_acl;
 
            goto restart;
        }
    }
 
    return acl;
}

References ACL_DAT, ACL_GRANT_OPTION_FOR, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACL_NUM, ACLITEM_GET_PRIVS, ACLITEM_SET_PRIVS_GOPTIONS, aclmask(), ACLMASK_ALL, aclupdate(), check_acl(), DROP_RESTRICT, ereport, errcode(), errhint(), errmsg, ERROR, fb(), i, and pfree().

Referenced by aclupdate().

◆ RoleMembershipCacheCallback()

static void RoleMembershipCacheCallback	(	Datum	arg,
		SysCacheIdentifier	cacheid,
		uint32	hashvalue
	)

static

Definition at line 5099 of file acl.c.

{
    if (cacheid == DATABASEOID &&
        hashvalue != cached_db_hash &&
        hashvalue != 0)
    {
        return;                 /* ignore pg_database changes for other DBs */
    }
 
    /* Force membership caches to be recomputed on next use */
    cached_role[ROLERECURSE_MEMBERS] = InvalidOid;
    cached_role[ROLERECURSE_PRIVS] = InvalidOid;
    cached_role[ROLERECURSE_SETROLE] = InvalidOid;
}

References cached_db_hash, cached_role, fb(), InvalidOid, ROLERECURSE_MEMBERS, ROLERECURSE_PRIVS, and ROLERECURSE_SETROLE.

Referenced by initialize_acl().

◆ roles_is_member_of()

static List * roles_is_member_of	(	Oid	roleid,
		enum RoleRecurseType	type,
		Oid	admin_of,
		Oid *	admin_role
	)

static

Definition at line 5182 of file acl.c.

{
    Oid         dba;
    List       *roles_list;
    ListCell   *l;
    List       *new_cached_roles;
    MemoryContext oldctx;
    bloom_filter *bf = NULL;
 
    Assert(OidIsValid(admin_of) == (admin_role != NULL));
    if (admin_role != NULL)
        *admin_role = InvalidOid;
 
    /* If cache is valid and ADMIN OPTION not sought, just return the list */
    if (cached_role[type] == roleid && !OidIsValid(admin_of) &&
        OidIsValid(cached_role[type]))
        return cached_roles[type];
 
    /*
     * Role expansion happens in a non-database backend when guc.c checks
     * ROLE_PG_READ_ALL_SETTINGS for a physical walsender SHOW command.  In
     * that case, no role gets pg_database_owner.
     */
    if (!OidIsValid(MyDatabaseId))
        dba = InvalidOid;
    else
    {
        HeapTuple   dbtup;
 
        dbtup = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(MyDatabaseId));
        if (!HeapTupleIsValid(dbtup))
            elog(ERROR, "cache lookup failed for database %u", MyDatabaseId);
        dba = ((Form_pg_database) GETSTRUCT(dbtup))->datdba;
        ReleaseSysCache(dbtup);
    }
 
    /*
     * Find all the roles that roleid is a member of, including multi-level
     * recursion.  The role itself will always be the first element of the
     * resulting list.
     *
     * Each element of the list is scanned to see if it adds any indirect
     * memberships.  We can use a single list as both the record of
     * already-found memberships and the agenda of roles yet to be scanned.
     * This is a bit tricky but works because the foreach() macro doesn't
     * fetch the next list element until the bottom of the loop.
     */
    roles_list = list_make1_oid(roleid);
 
    foreach(l, roles_list)
    {
        Oid         memberid = lfirst_oid(l);
        CatCList   *memlist;
        int         i;
 
        /* Find roles that memberid is directly a member of */
        memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
                                      ObjectIdGetDatum(memberid));
        for (i = 0; i < memlist->n_members; i++)
        {
            HeapTuple   tup = &memlist->members[i]->tuple;
            Form_pg_auth_members form = (Form_pg_auth_members) GETSTRUCT(tup);
            Oid         otherid = form->roleid;
 
            /*
             * While otherid==InvalidOid shouldn't appear in the catalog, the
             * OidIsValid() avoids crashing if that arises.
             */
            if (otherid == admin_of && form->admin_option &&
                OidIsValid(admin_of) && !OidIsValid(*admin_role))
                *admin_role = memberid;
 
            /* If we're supposed to ignore non-heritable grants, do so. */
            if (type == ROLERECURSE_PRIVS && !form->inherit_option)
                continue;
 
            /* If we're supposed to ignore non-SET grants, do so. */
            if (type == ROLERECURSE_SETROLE && !form->set_option)
                continue;
 
            /*
             * Even though there shouldn't be any loops in the membership
             * graph, we must test for having already seen this role. It is
             * legal for instance to have both A->B and A->C->B.
             */
            roles_list = roles_list_append(roles_list, &bf, otherid);
        }
        ReleaseSysCacheList(memlist);
 
        /* implement pg_database_owner implicit membership */
        if (memberid == dba && OidIsValid(dba))
            roles_list = roles_list_append(roles_list, &bf,
                                           ROLE_PG_DATABASE_OWNER);
    }
 
    /*
     * Free the Bloom filter created by roles_list_append(), if there is one.
     */
    if (bf)
        bloom_free(bf);
 
    /*
     * Copy the completed list into TopMemoryContext so it will persist.
     */
    oldctx = MemoryContextSwitchTo(TopMemoryContext);
    new_cached_roles = list_copy(roles_list);
    MemoryContextSwitchTo(oldctx);
    list_free(roles_list);
 
    /*
     * Now safe to assign to state variable
     */
    cached_role[type] = InvalidOid; /* just paranoia */
    list_free(cached_roles[type]);
    cached_roles[type] = new_cached_roles;
    cached_role[type] = roleid;
 
    /* And now we can return the answer */
    return cached_roles[type];
}

References Assert, bloom_free(), cached_role, cached_roles, elog, ERROR, fb(), Form_pg_auth_members, Form_pg_database, GETSTRUCT(), HeapTupleIsValid, i, InvalidOid, lfirst_oid, list_copy(), list_free(), list_make1_oid, MemoryContextSwitchTo(), MyDatabaseId, ObjectIdGetDatum(), OidIsValid, ReleaseSysCache(), ReleaseSysCacheList, ROLERECURSE_PRIVS, ROLERECURSE_SETROLE, roles_list_append(), SearchSysCache1(), SearchSysCacheList1, TopMemoryContext, and type.

Referenced by has_privs_of_role(), is_admin_of_role(), is_member_of_role(), is_member_of_role_nosuper(), member_can_set_role(), select_best_admin(), and select_best_grantor().

◆ roles_list_append()

static List * roles_list_append	(	List *	roles_list,
		bloom_filter **	bf,
		Oid	role
	)

inlinestatic

Definition at line 5122 of file acl.c.

{
    unsigned char *roleptr = (unsigned char *) &role;
 
    /*
     * If there is a previously-created Bloom filter, use it to try to
     * determine whether the role is missing from the list.  If it says yes,
     * that's a hard fact and we can go ahead and add the role.  If it says
     * no, that's only probabilistic and we'd better search the list.  Without
     * a filter, we must always do an ordinary linear search through the
     * existing list.
     */
    if ((*bf && bloom_lacks_element(*bf, roleptr, sizeof(Oid))) ||
        !list_member_oid(roles_list, role))
    {
        /*
         * If the list is large, we take on the overhead of creating and
         * populating a Bloom filter to speed up future calls to this
         * function.
         */
        if (*bf == NULL &&
            list_length(roles_list) > ROLES_LIST_BLOOM_THRESHOLD)
        {
            *bf = bloom_create(ROLES_LIST_BLOOM_THRESHOLD * 10, work_mem, 0);
            foreach_oid(roleid, roles_list)
                bloom_add_element(*bf, (unsigned char *) &roleid, sizeof(Oid));
        }
 
        /*
         * Finally, add the role to the list and the Bloom filter, if it
         * exists.
         */
        roles_list = lappend_oid(roles_list, role);
        if (*bf)
            bloom_add_element(*bf, roleptr, sizeof(Oid));
    }
 
    return roles_list;
}

References bloom_add_element(), bloom_create(), bloom_lacks_element(), fb(), foreach_oid, lappend_oid(), list_length(), list_member_oid(), ROLES_LIST_BLOOM_THRESHOLD, and work_mem.

Referenced by roles_is_member_of().

◆ select_best_admin()

Oid select_best_admin	(	Oid	member,
		Oid	role
	)

Definition at line 5469 of file acl.c.

{
    Oid         admin_role;
 
    /* By policy, a role cannot have WITH ADMIN OPTION on itself. */
    if (member == role)
        return InvalidOid;
 
    (void) roles_is_member_of(member, ROLERECURSE_PRIVS, role, &admin_role);
    return admin_role;
}

References fb(), InvalidOid, ROLERECURSE_PRIVS, and roles_is_member_of().

Referenced by check_role_grantor().

◆ select_best_grantor()

void select_best_grantor	(	const RoleSpec *	grantedBy,
		AclMode	privileges,
		const Acl *	acl,
		Oid	ownerId,
		Oid *	grantorId,
		AclMode *	grantOptions
	)

Definition at line 5508 of file acl.c.

{
    Oid         roleId = GetUserId();
    AclMode     needed_goptions = ACL_GRANT_OPTION_FOR(privileges);
    List       *roles_list;
    int         nrights;
    ListCell   *l;
 
    /*
     * If we have GRANTED BY, resolve it and verify current user is allowed to
     * specify that role.
     */
    if (grantedBy)
    {
        Oid         grantor = get_rolespec_oid(grantedBy, false);
 
        if (!has_privs_of_role(roleId, grantor))
            ereport(ERROR,
                    (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                     errmsg("must inherit privileges of role \"%s\"",
                            GetUserNameFromId(grantor, false))));
        /* Use exactly that grantor, whether it has privileges or not */
        *grantorId = grantor;
        *grantOptions = aclmask_direct(acl, grantor, ownerId,
                                       needed_goptions, ACLMASK_ALL);
        return;
    }
 
    /*
     * The object owner is always treated as having all grant options, so if
     * roleId is the owner it's easy.  Also, if roleId is a superuser it's
     * easy: superusers are implicitly members of every role, so they act as
     * the object owner.
     */
    if (roleId == ownerId || superuser_arg(roleId))
    {
        *grantorId = ownerId;
        *grantOptions = needed_goptions;
        return;
    }
 
    /*
     * Otherwise we have to do a careful search to see if roleId has the
     * privileges of any suitable role.  Note: we can hang onto the result of
     * roles_is_member_of() throughout this loop, because aclmask_direct()
     * doesn't query any role memberships.
     */
    roles_list = roles_is_member_of(roleId, ROLERECURSE_PRIVS,
                                    InvalidOid, NULL);
 
    /* initialize candidate result as default */
    *grantorId = roleId;
    *grantOptions = ACL_NO_RIGHTS;
    nrights = 0;
 
    foreach(l, roles_list)
    {
        Oid         otherrole = lfirst_oid(l);
        AclMode     otherprivs;
 
        otherprivs = aclmask_direct(acl, otherrole, ownerId,
                                    needed_goptions, ACLMASK_ALL);
        if (otherprivs == needed_goptions)
        {
            /* Found a suitable grantor */
            *grantorId = otherrole;
            *grantOptions = otherprivs;
            return;
        }
 
        /*
         * If it has just some of the needed privileges, remember best
         * candidate.
         */
        if (otherprivs != ACL_NO_RIGHTS)
        {
            int         nnewrights = pg_popcount64(otherprivs);
 
            if (nnewrights > nrights)
            {
                *grantorId = otherrole;
                *grantOptions = otherprivs;
                nrights = nnewrights;
            }
        }
    }
}

References ACL_GRANT_OPTION_FOR, ACL_NO_RIGHTS, ACLMASK_ALL, aclmask_direct(), ereport, errcode(), errmsg, ERROR, fb(), get_rolespec_oid(), GetUserId(), GetUserNameFromId(), has_privs_of_role(), InvalidOid, lfirst_oid, pg_popcount64(), ROLERECURSE_PRIVS, roles_is_member_of(), and superuser_arg().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), and ExecGrant_Relation().

Variable Documentation

◆ cached_db_hash

uint32 cached_db_hash

static

Definition at line 84 of file acl.c.

Referenced by initialize_acl(), and RoleMembershipCacheCallback().

◆ cached_role

Oid cached_role[] = {InvalidOid, InvalidOid, InvalidOid}

static

Definition at line 82 of file acl.c.

82{InvalidOid, InvalidOid, InvalidOid};

Referenced by RoleMembershipCacheCallback(), and roles_is_member_of().

◆ cached_roles

List* cached_roles[] = {NIL, NIL, NIL}

static

Definition at line 83 of file acl.c.

83{NIL, NIL, NIL};

NIL

#define NIL

Definition pg_list.h:68

Referenced by roles_is_member_of().

Data Structures

Macros

Enumerations

Functions

Variables

Macro Definition Documentation

◆ ROLES_LIST_BLOOM_THRESHOLD

Enumeration Type Documentation

◆ RoleRecurseType

Function Documentation

◆ aclconcat()

◆ aclcontains()

◆ aclcopy()

◆ acldefault()

◆ acldefault_sql()

◆ aclequal()

◆ aclexplode()

◆ aclinsert()

◆ aclitem_eq()

◆ aclitem_match()

◆ aclitemComparator()

◆ aclitemin()

◆ aclitemout()

◆ aclitemsort()

◆ aclmask()

◆ aclmask_direct()

◆ aclmembers()

◆ aclmerge()

◆ aclnewowner()

◆ aclparse()

◆ aclremove()

◆ aclupdate()

◆ allocacl()

◆ check_acl()

◆ check_can_set_role()

◆ check_circularity()

◆ check_rolespec_name()

◆ column_privilege_check()

◆ convert_aclright_to_string()

◆ convert_any_priv_string()

◆ convert_column_name()

◆ convert_column_priv_string()

◆ convert_database_name()

◆ convert_database_priv_string()

◆ convert_foreign_data_wrapper_name()

◆ convert_foreign_data_wrapper_priv_string()

◆ convert_function_name()

◆ convert_function_priv_string()

◆ convert_language_name()

◆ convert_language_priv_string()

◆ convert_largeobject_priv_string()

◆ convert_parameter_priv_string()

◆ convert_role_priv_string()

◆ convert_schema_name()

◆ convert_schema_priv_string()

◆ convert_sequence_priv_string()

◆ convert_server_name()

◆ convert_server_priv_string()

◆ convert_table_name()

◆ convert_table_priv_string()

◆ convert_tablespace_name()

◆ convert_tablespace_priv_string()

◆ convert_type_name()

◆ convert_type_priv_string()

◆ get_role_oid()

◆ get_role_oid_or_public()

◆ get_rolespec_name()

◆ get_rolespec_oid()

◆ get_rolespec_tuple()

◆ getid()

◆ has_any_column_privilege_id()

◆ has_any_column_privilege_id_id()

◆ has_any_column_privilege_id_name()

◆ has_any_column_privilege_name()

◆ has_any_column_privilege_name_id()

◆ has_any_column_privilege_name_name()

◆ has_column_privilege_id_attnum()

◆ has_column_privilege_id_id_attnum()

◆ has_column_privilege_id_id_name()

◆ has_column_privilege_id_name()