PostgreSQL Source Code git master
Data Structures | Macros | Enumerations | Functions | Variables
acl.c File Reference
#include "postgres.h"
#include <ctype.h>
#include "access/htup_details.h"
#include "catalog/catalog.h"
#include "catalog/namespace.h"
#include "catalog/pg_auth_members.h"
#include "catalog/pg_authid.h"
#include "catalog/pg_class.h"
#include "catalog/pg_database.h"
#include "catalog/pg_foreign_data_wrapper.h"
#include "catalog/pg_foreign_server.h"
#include "catalog/pg_language.h"
#include "catalog/pg_largeobject.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_proc.h"
#include "catalog/pg_tablespace.h"
#include "catalog/pg_type.h"
#include "commands/dbcommands.h"
#include "commands/proclang.h"
#include "commands/tablespace.h"
#include "common/hashfn.h"
#include "foreign/foreign.h"
#include "funcapi.h"
#include "lib/bloomfilter.h"
#include "lib/qunique.h"
#include "miscadmin.h"
#include "storage/large_object.h"
#include "utils/acl.h"
#include "utils/array.h"
#include "utils/builtins.h"
#include "utils/catcache.h"
#include "utils/inval.h"
#include "utils/lsyscache.h"
#include "utils/memutils.h"
#include "utils/snapmgr.h"
#include "utils/syscache.h"
#include "utils/varlena.h"
Include dependency graph for acl.c:

Go to the source code of this file.

Data Structures

struct  priv_map
 

Macros

#define ROLES_LIST_BLOOM_THRESHOLD   1024
 

Enumerations

enum  RoleRecurseType { ROLERECURSE_MEMBERS = 0 , ROLERECURSE_PRIVS = 1 , ROLERECURSE_SETROLE = 2 }
 

Functions

static const char * getid (const char *s, char *n, Node *escontext)
 
static void putid (char *p, const char *s)
 
static Aclallocacl (int n)
 
static void check_acl (const Acl *acl)
 
static const char * aclparse (const char *s, AclItem *aip, Node *escontext)
 
static bool aclitem_match (const AclItem *a1, const AclItem *a2)
 
static int aclitemComparator (const void *arg1, const void *arg2)
 
static void check_circularity (const Acl *old_acl, const AclItem *mod_aip, Oid ownerId)
 
static Aclrecursive_revoke (Acl *acl, Oid grantee, AclMode revoke_privs, Oid ownerId, DropBehavior behavior)
 
static AclMode convert_any_priv_string (text *priv_type_text, const priv_map *privileges)
 
static Oid convert_table_name (text *tablename)
 
static AclMode convert_table_priv_string (text *priv_type_text)
 
static AclMode convert_sequence_priv_string (text *priv_type_text)
 
static AttrNumber convert_column_name (Oid tableoid, text *column)
 
static AclMode convert_column_priv_string (text *priv_type_text)
 
static Oid convert_database_name (text *databasename)
 
static AclMode convert_database_priv_string (text *priv_type_text)
 
static Oid convert_foreign_data_wrapper_name (text *fdwname)
 
static AclMode convert_foreign_data_wrapper_priv_string (text *priv_type_text)
 
static Oid convert_function_name (text *functionname)
 
static AclMode convert_function_priv_string (text *priv_type_text)
 
static Oid convert_language_name (text *languagename)
 
static AclMode convert_language_priv_string (text *priv_type_text)
 
static Oid convert_schema_name (text *schemaname)
 
static AclMode convert_schema_priv_string (text *priv_type_text)
 
static Oid convert_server_name (text *servername)
 
static AclMode convert_server_priv_string (text *priv_type_text)
 
static Oid convert_tablespace_name (text *tablespacename)
 
static AclMode convert_tablespace_priv_string (text *priv_type_text)
 
static Oid convert_type_name (text *typename)
 
static AclMode convert_type_priv_string (text *priv_type_text)
 
static AclMode convert_parameter_priv_string (text *priv_text)
 
static AclMode convert_largeobject_priv_string (text *priv_type_text)
 
static AclMode convert_role_priv_string (text *priv_type_text)
 
static AclResult pg_role_aclcheck (Oid role_oid, Oid roleid, AclMode mode)
 
static void RoleMembershipCacheCallback (Datum arg, int cacheid, uint32 hashvalue)
 
Aclmake_empty_acl (void)
 
Aclaclcopy (const Acl *orig_acl)
 
Aclaclconcat (const Acl *left_acl, const Acl *right_acl)
 
Aclaclmerge (const Acl *left_acl, const Acl *right_acl, Oid ownerId)
 
void aclitemsort (Acl *acl)
 
bool aclequal (const Acl *left_acl, const Acl *right_acl)
 
Datum aclitemin (PG_FUNCTION_ARGS)
 
Datum aclitemout (PG_FUNCTION_ARGS)
 
Datum aclitem_eq (PG_FUNCTION_ARGS)
 
Datum hash_aclitem (PG_FUNCTION_ARGS)
 
Datum hash_aclitem_extended (PG_FUNCTION_ARGS)
 
Aclacldefault (ObjectType objtype, Oid ownerId)
 
Datum acldefault_sql (PG_FUNCTION_ARGS)
 
Aclaclupdate (const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
 
Aclaclnewowner (const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)
 
AclMode aclmask (const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
 
static AclMode aclmask_direct (const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
 
int aclmembers (const Acl *acl, Oid **roleids)
 
Datum aclinsert (PG_FUNCTION_ARGS)
 
Datum aclremove (PG_FUNCTION_ARGS)
 
Datum aclcontains (PG_FUNCTION_ARGS)
 
Datum makeaclitem (PG_FUNCTION_ARGS)
 
static const char * convert_aclright_to_string (int aclright)
 
Datum aclexplode (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_id_id (PG_FUNCTION_ARGS)
 
static int column_privilege_check (Oid tableoid, AttrNumber attnum, Oid roleid, AclMode mode)
 
Datum has_column_privilege_name_name_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_name_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_id_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_id_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_name_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_name_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_id_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_id_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_attnum (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_id_id (PG_FUNCTION_ARGS)
 
static bool has_param_priv_byname (Oid roleid, const text *parameter, AclMode priv)
 
Datum has_parameter_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_parameter_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_parameter_privilege_id_name (PG_FUNCTION_ARGS)
 
static bool has_lo_priv_byid (Oid roleid, Oid lobjId, AclMode priv, bool *is_missing)
 
Datum has_largeobject_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_largeobject_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_largeobject_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum pg_has_role_name_name (PG_FUNCTION_ARGS)
 
Datum pg_has_role_name (PG_FUNCTION_ARGS)
 
Datum pg_has_role_name_id (PG_FUNCTION_ARGS)
 
Datum pg_has_role_id (PG_FUNCTION_ARGS)
 
Datum pg_has_role_id_name (PG_FUNCTION_ARGS)
 
Datum pg_has_role_id_id (PG_FUNCTION_ARGS)
 
void initialize_acl (void)
 
static Listroles_list_append (List *roles_list, bloom_filter **bf, Oid role)
 
static Listroles_is_member_of (Oid roleid, enum RoleRecurseType type, Oid admin_of, Oid *admin_role)
 
bool has_privs_of_role (Oid member, Oid role)
 
bool member_can_set_role (Oid member, Oid role)
 
void check_can_set_role (Oid member, Oid role)
 
bool is_member_of_role (Oid member, Oid role)
 
bool is_member_of_role_nosuper (Oid member, Oid role)
 
bool is_admin_of_role (Oid member, Oid role)
 
Oid select_best_admin (Oid member, Oid role)
 
void select_best_grantor (Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
 
Oid get_role_oid (const char *rolname, bool missing_ok)
 
Oid get_role_oid_or_public (const char *rolname)
 
Oid get_rolespec_oid (const RoleSpec *role, bool missing_ok)
 
HeapTuple get_rolespec_tuple (const RoleSpec *role)
 
char * get_rolespec_name (const RoleSpec *role)
 
void check_rolespec_name (const RoleSpec *role, const char *detail_msg)
 

Variables

static Oid cached_role [] = {InvalidOid, InvalidOid, InvalidOid}
 
static Listcached_roles [] = {NIL, NIL, NIL}
 
static uint32 cached_db_hash
 

Macro Definition Documentation

◆ ROLES_LIST_BLOOM_THRESHOLD

#define ROLES_LIST_BLOOM_THRESHOLD   1024

Definition at line 91 of file acl.c.

Enumeration Type Documentation

◆ RoleRecurseType

enum RoleRecurseType
Enumerator
ROLERECURSE_MEMBERS 
ROLERECURSE_PRIVS 
ROLERECURSE_SETROLE 

Definition at line 75 of file acl.c.

76{
77 ROLERECURSE_MEMBERS = 0, /* recurse unconditionally */
78 ROLERECURSE_PRIVS = 1, /* recurse through inheritable grants */
79 ROLERECURSE_SETROLE = 2 /* recurse through grants with set_option */
80};
ROLERECURSE_PRIVS
@ ROLERECURSE_PRIVS
Definition: acl.c:78
ROLERECURSE_MEMBERS
@ ROLERECURSE_MEMBERS
Definition: acl.c:77
ROLERECURSE_SETROLE
@ ROLERECURSE_SETROLE
Definition: acl.c:79

Function Documentation

◆ aclconcat()

Acl * aclconcat ( const Acl left_acl,
const Acl right_acl 
)

Definition at line 461 of file acl.c.

462{
463 Acl *result_acl;
464
465 result_acl = allocacl(ACL_NUM(left_acl) + ACL_NUM(right_acl));
466
467 memcpy(ACL_DAT(result_acl),
468 ACL_DAT(left_acl),
469 ACL_NUM(left_acl) * sizeof(AclItem));
470
471 memcpy(ACL_DAT(result_acl) + ACL_NUM(left_acl),
472 ACL_DAT(right_acl),
473 ACL_NUM(right_acl) * sizeof(AclItem));
474
475 return result_acl;
476}
allocacl
static Acl * allocacl(int n)
Definition: acl.c:410
ACL_DAT
#define ACL_DAT(ACL)
Definition: acl.h:109
ACL_NUM
#define ACL_NUM(ACL)
Definition: acl.h:108
AclItem
Definition: acl.h:55

References ACL_DAT, ACL_NUM, and allocacl().

Referenced by ExecGrant_Attribute().

◆ aclcontains()

Datum aclcontains ( PG_FUNCTION_ARGS  )

Definition at line 1596 of file acl.c.

1597{
1598 Acl *acl = PG_GETARG_ACL_P(0);
1599 AclItem *aip = PG_GETARG_ACLITEM_P(1);
1600 AclItem *aidat;
1601 int i,
1602 num;
1603
1604 check_acl(acl);
1605 num = ACL_NUM(acl);
1606 aidat = ACL_DAT(acl);
1607 for (i = 0; i < num; ++i)
1608 {
1609 if (aip->ai_grantee == aidat[i].ai_grantee &&
1610 aip->ai_grantor == aidat[i].ai_grantor &&
1611 (ACLITEM_GET_RIGHTS(*aip) & ACLITEM_GET_RIGHTS(aidat[i])) == ACLITEM_GET_RIGHTS(*aip))
1612 PG_RETURN_BOOL(true);
1613 }
1614 PG_RETURN_BOOL(false);
1615}
check_acl
static void check_acl(const Acl *acl)
Definition: acl.c:574
PG_GETARG_ACLITEM_P
#define PG_GETARG_ACLITEM_P(n)
Definition: acl.h:117
PG_GETARG_ACL_P
#define PG_GETARG_ACL_P(n)
Definition: acl.h:122
ACLITEM_GET_RIGHTS
#define ACLITEM_GET_RIGHTS(item)
Definition: acl.h:68
PG_RETURN_BOOL
#define PG_RETURN_BOOL(x)
Definition: fmgr.h:359
i
int i
Definition: isn.c:77
AclItem::ai_grantee
Oid ai_grantee
Definition: acl.h:56
AclItem::ai_grantor
Oid ai_grantor
Definition: acl.h:57

References ACL_DAT, ACL_NUM, ACLITEM_GET_RIGHTS, AclItem::ai_grantee, AclItem::ai_grantor, check_acl(), i, PG_GETARG_ACL_P, PG_GETARG_ACLITEM_P, and PG_RETURN_BOOL.

◆ aclcopy()

Acl * aclcopy ( const Acl orig_acl)

Definition at line 441 of file acl.c.

442{
443 Acl *result_acl;
444
445 result_acl = allocacl(ACL_NUM(orig_acl));
446
447 memcpy(ACL_DAT(result_acl),
448 ACL_DAT(orig_acl),
449 ACL_NUM(orig_acl) * sizeof(AclItem));
450
451 return result_acl;
452}

References ACL_DAT, ACL_NUM, and allocacl().

Referenced by aclmerge(), ExecGrant_Relation(), and SetDefaultACL().

◆ acldefault()

Acl * acldefault ( ObjectType  objtype,
Oid  ownerId 
)

Definition at line 787 of file acl.c.

788{
789 AclMode world_default;
790 AclMode owner_default;
791 int nacl;
792 Acl *acl;
793 AclItem *aip;
794
795 switch (objtype)
796 {
797 case OBJECT_COLUMN:
798 /* by default, columns have no extra privileges */
799 world_default = ACL_NO_RIGHTS;
800 owner_default = ACL_NO_RIGHTS;
801 break;
802 case OBJECT_TABLE:
803 world_default = ACL_NO_RIGHTS;
804 owner_default = ACL_ALL_RIGHTS_RELATION;
805 break;
806 case OBJECT_SEQUENCE:
807 world_default = ACL_NO_RIGHTS;
808 owner_default = ACL_ALL_RIGHTS_SEQUENCE;
809 break;
810 case OBJECT_DATABASE:
811 /* for backwards compatibility, grant some rights by default */
812 world_default = ACL_CREATE_TEMP | ACL_CONNECT;
813 owner_default = ACL_ALL_RIGHTS_DATABASE;
814 break;
815 case OBJECT_FUNCTION:
816 /* Grant EXECUTE by default, for now */
817 world_default = ACL_EXECUTE;
818 owner_default = ACL_ALL_RIGHTS_FUNCTION;
819 break;
820 case OBJECT_LANGUAGE:
821 /* Grant USAGE by default, for now */
822 world_default = ACL_USAGE;
823 owner_default = ACL_ALL_RIGHTS_LANGUAGE;
824 break;
825 case OBJECT_LARGEOBJECT:
826 world_default = ACL_NO_RIGHTS;
827 owner_default = ACL_ALL_RIGHTS_LARGEOBJECT;
828 break;
829 case OBJECT_SCHEMA:
830 world_default = ACL_NO_RIGHTS;
831 owner_default = ACL_ALL_RIGHTS_SCHEMA;
832 break;
833 case OBJECT_TABLESPACE:
834 world_default = ACL_NO_RIGHTS;
835 owner_default = ACL_ALL_RIGHTS_TABLESPACE;
836 break;
837 case OBJECT_FDW:
838 world_default = ACL_NO_RIGHTS;
839 owner_default = ACL_ALL_RIGHTS_FDW;
840 break;
841 case OBJECT_FOREIGN_SERVER:
842 world_default = ACL_NO_RIGHTS;
843 owner_default = ACL_ALL_RIGHTS_FOREIGN_SERVER;
844 break;
845 case OBJECT_DOMAIN:
846 case OBJECT_TYPE:
847 world_default = ACL_USAGE;
848 owner_default = ACL_ALL_RIGHTS_TYPE;
849 break;
850 case OBJECT_PARAMETER_ACL:
851 world_default = ACL_NO_RIGHTS;
852 owner_default = ACL_ALL_RIGHTS_PARAMETER_ACL;
853 break;
854 default:
855 elog(ERROR, "unrecognized object type: %d", (int) objtype);
856 world_default = ACL_NO_RIGHTS; /* keep compiler quiet */
857 owner_default = ACL_NO_RIGHTS;
858 break;
859 }
860
861 nacl = 0;
862 if (world_default != ACL_NO_RIGHTS)
863 nacl++;
864 if (owner_default != ACL_NO_RIGHTS)
865 nacl++;
866
867 acl = allocacl(nacl);
868 aip = ACL_DAT(acl);
869
870 if (world_default != ACL_NO_RIGHTS)
871 {
872 aip->ai_grantee = ACL_ID_PUBLIC;
873 aip->ai_grantor = ownerId;
874 ACLITEM_SET_PRIVS_GOPTIONS(*aip, world_default, ACL_NO_RIGHTS);
875 aip++;
876 }
877
878 /*
879 * Note that the owner's entry shows all ordinary privileges but no grant
880 * options. This is because his grant options come "from the system" and
881 * not from his own efforts. (The SQL spec says that the owner's rights
882 * come from a "_SYSTEM" authid.) However, we do consider that the
883 * owner's ordinary privileges are self-granted; this lets him revoke
884 * them. We implement the owner's grant options without any explicit
885 * "_SYSTEM"-like ACL entry, by internally special-casing the owner
886 * wherever we are testing grant options.
887 */
888 if (owner_default != ACL_NO_RIGHTS)
889 {
890 aip->ai_grantee = ownerId;
891 aip->ai_grantor = ownerId;
892 ACLITEM_SET_PRIVS_GOPTIONS(*aip, owner_default, ACL_NO_RIGHTS);
893 }
894
895 return acl;
896}
ACL_ALL_RIGHTS_FOREIGN_SERVER
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
Definition: acl.h:164
ACL_ALL_RIGHTS_TABLESPACE
#define ACL_ALL_RIGHTS_TABLESPACE
Definition: acl.h:170
ACL_ALL_RIGHTS_PARAMETER_ACL
#define ACL_ALL_RIGHTS_PARAMETER_ACL
Definition: acl.h:168
ACL_ALL_RIGHTS_SCHEMA
#define ACL_ALL_RIGHTS_SCHEMA
Definition: acl.h:169
ACL_ALL_RIGHTS_SEQUENCE
#define ACL_ALL_RIGHTS_SEQUENCE
Definition: acl.h:161
ACL_ALL_RIGHTS_DATABASE
#define ACL_ALL_RIGHTS_DATABASE
Definition: acl.h:162
ACL_ALL_RIGHTS_FUNCTION
#define ACL_ALL_RIGHTS_FUNCTION
Definition: acl.h:165
ACL_ALL_RIGHTS_LANGUAGE
#define ACL_ALL_RIGHTS_LANGUAGE
Definition: acl.h:166
ACL_ALL_RIGHTS_TYPE
#define ACL_ALL_RIGHTS_TYPE
Definition: acl.h:171
ACL_ALL_RIGHTS_FDW
#define ACL_ALL_RIGHTS_FDW
Definition: acl.h:163
ACLITEM_SET_PRIVS_GOPTIONS
#define ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)
Definition: acl.h:82
ACL_ALL_RIGHTS_RELATION
#define ACL_ALL_RIGHTS_RELATION
Definition: acl.h:160
ACL_ID_PUBLIC
#define ACL_ID_PUBLIC
Definition: acl.h:46
ACL_ALL_RIGHTS_LARGEOBJECT
#define ACL_ALL_RIGHTS_LARGEOBJECT
Definition: acl.h:167
ERROR
#define ERROR
Definition: elog.h:39
elog
#define elog(elevel,...)
Definition: elog.h:226
ACL_CREATE_TEMP
#define ACL_CREATE_TEMP
Definition: parsenodes.h:86
AclMode
uint64 AclMode
Definition: parsenodes.h:74
ACL_USAGE
#define ACL_USAGE
Definition: parsenodes.h:84
ACL_NO_RIGHTS
#define ACL_NO_RIGHTS
Definition: parsenodes.h:92
OBJECT_FDW
@ OBJECT_FDW
Definition: parsenodes.h:2333
OBJECT_SCHEMA
@ OBJECT_SCHEMA
Definition: parsenodes.h:2353
OBJECT_DOMAIN
@ OBJECT_DOMAIN
Definition: parsenodes.h:2329
OBJECT_COLUMN
@ OBJECT_COLUMN
Definition: parsenodes.h:2323
OBJECT_TABLESPACE
@ OBJECT_TABLESPACE
Definition: parsenodes.h:2359
OBJECT_LARGEOBJECT
@ OBJECT_LARGEOBJECT
Definition: parsenodes.h:2339
OBJECT_DATABASE
@ OBJECT_DATABASE
Definition: parsenodes.h:2326
OBJECT_SEQUENCE
@ OBJECT_SEQUENCE
Definition: parsenodes.h:2354
OBJECT_LANGUAGE
@ OBJECT_LANGUAGE
Definition: parsenodes.h:2338
OBJECT_FOREIGN_SERVER
@ OBJECT_FOREIGN_SERVER
Definition: parsenodes.h:2334
OBJECT_TABLE
@ OBJECT_TABLE
Definition: parsenodes.h:2358
OBJECT_PARAMETER_ACL
@ OBJECT_PARAMETER_ACL
Definition: parsenodes.h:2344
OBJECT_TYPE
@ OBJECT_TYPE
Definition: parsenodes.h:2366
OBJECT_FUNCTION
@ OBJECT_FUNCTION
Definition: parsenodes.h:2336
ACL_CONNECT
#define ACL_CONNECT
Definition: parsenodes.h:87
ACL_EXECUTE
#define ACL_EXECUTE
Definition: parsenodes.h:83

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_LARGEOBJECT, ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, ACL_CONNECT, ACL_CREATE_TEMP, ACL_DAT, ACL_EXECUTE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, ACL_USAGE, ACLITEM_SET_PRIVS_GOPTIONS, AclItem::ai_grantee, AclItem::ai_grantor, allocacl(), elog, ERROR, OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, and OBJECT_TYPE.

Referenced by acldefault_sql(), buildDefaultACLCommands(), dumpACL(), dumpRoleGUCPrivs(), dumpTable(), dumpTablespaces(), ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), get_user_default_acl(), object_aclmask_ext(), pg_class_aclmask_ext(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask_ext(), pg_parameter_acl_aclmask(), pg_parameter_aclmask(), pg_type_aclmask_ext(), and SetDefaultACL().

◆ acldefault_sql()

Datum acldefault_sql ( PG_FUNCTION_ARGS  )

Definition at line 904 of file acl.c.

905{
906 char objtypec = PG_GETARG_CHAR(0);
907 Oid owner = PG_GETARG_OID(1);
908 ObjectType objtype = 0;
909
910 switch (objtypec)
911 {
912 case 'c':
913 objtype = OBJECT_COLUMN;
914 break;
915 case 'r':
916 objtype = OBJECT_TABLE;
917 break;
918 case 's':
919 objtype = OBJECT_SEQUENCE;
920 break;
921 case 'd':
922 objtype = OBJECT_DATABASE;
923 break;
924 case 'f':
925 objtype = OBJECT_FUNCTION;
926 break;
927 case 'l':
928 objtype = OBJECT_LANGUAGE;
929 break;
930 case 'L':
931 objtype = OBJECT_LARGEOBJECT;
932 break;
933 case 'n':
934 objtype = OBJECT_SCHEMA;
935 break;
936 case 'p':
937 objtype = OBJECT_PARAMETER_ACL;
938 break;
939 case 't':
940 objtype = OBJECT_TABLESPACE;
941 break;
942 case 'F':
943 objtype = OBJECT_FDW;
944 break;
945 case 'S':
946 objtype = OBJECT_FOREIGN_SERVER;
947 break;
948 case 'T':
949 objtype = OBJECT_TYPE;
950 break;
951 default:
952 elog(ERROR, "unrecognized object type abbreviation: %c", objtypec);
953 }
954
955 PG_RETURN_ACL_P(acldefault(objtype, owner));
956}
acldefault
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:787
PG_RETURN_ACL_P
#define PG_RETURN_ACL_P(x)
Definition: acl.h:124
PG_GETARG_OID
#define PG_GETARG_OID(n)
Definition: fmgr.h:275
PG_GETARG_CHAR
#define PG_GETARG_CHAR(n)
Definition: fmgr.h:273
ObjectType
ObjectType
Definition: parsenodes.h:2316
Oid
unsigned int Oid
Definition: postgres_ext.h:30

References acldefault(), elog, ERROR, OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, PG_GETARG_CHAR, PG_GETARG_OID, and PG_RETURN_ACL_P.

◆ aclequal()

bool aclequal ( const Acl left_acl,
const Acl right_acl 
)

Definition at line 543 of file acl.c.

544{
545 /* Check for cases where one or both are empty/null */
546 if (left_acl == NULL || ACL_NUM(left_acl) == 0)
547 {
548 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
549 return true;
550 else
551 return false;
552 }
553 else
554 {
555 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
556 return false;
557 }
558
559 if (ACL_NUM(left_acl) != ACL_NUM(right_acl))
560 return false;
561
562 if (memcmp(ACL_DAT(left_acl),
563 ACL_DAT(right_acl),
564 ACL_NUM(left_acl) * sizeof(AclItem)) == 0)
565 return true;
566
567 return false;
568}

References ACL_DAT, and ACL_NUM.

Referenced by ExecGrant_Parameter(), get_user_default_acl(), and SetDefaultACL().

◆ aclexplode()

Datum aclexplode ( PG_FUNCTION_ARGS  )

Definition at line 1774 of file acl.c.

1775{
1776 Acl *acl = PG_GETARG_ACL_P(0);
1777 FuncCallContext *funcctx;
1778 int *idx;
1779 AclItem *aidat;
1780
1781 if (SRF_IS_FIRSTCALL())
1782 {
1783 TupleDesc tupdesc;
1784 MemoryContext oldcontext;
1785
1786 check_acl(acl);
1787
1788 funcctx = SRF_FIRSTCALL_INIT();
1789 oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
1790
1791 /*
1792 * build tupdesc for result tuples (matches out parameters in pg_proc
1793 * entry)
1794 */
1795 tupdesc = CreateTemplateTupleDesc(4);
1796 TupleDescInitEntry(tupdesc, (AttrNumber) 1, "grantor",
1797 OIDOID, -1, 0);
1798 TupleDescInitEntry(tupdesc, (AttrNumber) 2, "grantee",
1799 OIDOID, -1, 0);
1800 TupleDescInitEntry(tupdesc, (AttrNumber) 3, "privilege_type",
1801 TEXTOID, -1, 0);
1802 TupleDescInitEntry(tupdesc, (AttrNumber) 4, "is_grantable",
1803 BOOLOID, -1, 0);
1804
1805 funcctx->tuple_desc = BlessTupleDesc(tupdesc);
1806
1807 /* allocate memory for user context */
1808 idx = (int *) palloc(sizeof(int[2]));
1809 idx[0] = 0; /* ACL array item index */
1810 idx[1] = -1; /* privilege type counter */
1811 funcctx->user_fctx = idx;
1812
1813 MemoryContextSwitchTo(oldcontext);
1814 }
1815
1816 funcctx = SRF_PERCALL_SETUP();
1817 idx = (int *) funcctx->user_fctx;
1818 aidat = ACL_DAT(acl);
1819
1820 /* need test here in case acl has no items */
1821 while (idx[0] < ACL_NUM(acl))
1822 {
1823 AclItem *aidata;
1824 AclMode priv_bit;
1825
1826 idx[1]++;
1827 if (idx[1] == N_ACL_RIGHTS)
1828 {
1829 idx[1] = 0;
1830 idx[0]++;
1831 if (idx[0] >= ACL_NUM(acl)) /* done */
1832 break;
1833 }
1834 aidata = &aidat[idx[0]];
1835 priv_bit = UINT64CONST(1) << idx[1];
1836
1837 if (ACLITEM_GET_PRIVS(*aidata) & priv_bit)
1838 {
1839 Datum result;
1840 Datum values[4];
1841 bool nulls[4] = {0};
1842 HeapTuple tuple;
1843
1844 values[0] = ObjectIdGetDatum(aidata->ai_grantor);
1845 values[1] = ObjectIdGetDatum(aidata->ai_grantee);
1846 values[2] = CStringGetTextDatum(convert_aclright_to_string(priv_bit));
1847 values[3] = BoolGetDatum((ACLITEM_GET_GOPTIONS(*aidata) & priv_bit) != 0);
1848
1849 tuple = heap_form_tuple(funcctx->tuple_desc, values, nulls);
1850 result = HeapTupleGetDatum(tuple);
1851
1852 SRF_RETURN_NEXT(funcctx, result);
1853 }
1854 }
1855
1856 SRF_RETURN_DONE(funcctx);
1857}
idx
Datum idx(PG_FUNCTION_ARGS)
Definition: _int_op.c:262
convert_aclright_to_string
static const char * convert_aclright_to_string(int aclright)
Definition: acl.c:1718
ACLITEM_GET_PRIVS
#define ACLITEM_GET_PRIVS(item)
Definition: acl.h:66
ACLITEM_GET_GOPTIONS
#define ACLITEM_GET_GOPTIONS(item)
Definition: acl.h:67
AttrNumber
int16 AttrNumber
Definition: attnum.h:21
values
static Datum values[MAXATTR]
Definition: bootstrap.c:151
CStringGetTextDatum
#define CStringGetTextDatum(s)
Definition: builtins.h:97
UINT64CONST
#define UINT64CONST(x)
Definition: c.h:517
BlessTupleDesc
TupleDesc BlessTupleDesc(TupleDesc tupdesc)
Definition: execTuples.c:2260
SRF_IS_FIRSTCALL
#define SRF_IS_FIRSTCALL()
Definition: funcapi.h:304
SRF_PERCALL_SETUP
#define SRF_PERCALL_SETUP()
Definition: funcapi.h:308
SRF_RETURN_NEXT
#define SRF_RETURN_NEXT(_funcctx, _result)
Definition: funcapi.h:310
SRF_FIRSTCALL_INIT
#define SRF_FIRSTCALL_INIT()
Definition: funcapi.h:306
HeapTupleGetDatum
static Datum HeapTupleGetDatum(const HeapTupleData *tuple)
Definition: funcapi.h:230
SRF_RETURN_DONE
#define SRF_RETURN_DONE(_funcctx)
Definition: funcapi.h:328
heap_form_tuple
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
Definition: heaptuple.c:1117
palloc
void * palloc(Size size)
Definition: mcxt.c:1939
MemoryContextSwitchTo
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:124
N_ACL_RIGHTS
#define N_ACL_RIGHTS
Definition: parsenodes.h:91
Datum
uintptr_t Datum
Definition: postgres.h:69
BoolGetDatum
static Datum BoolGetDatum(bool X)
Definition: postgres.h:107
ObjectIdGetDatum
static Datum ObjectIdGetDatum(Oid X)
Definition: postgres.h:257
FuncCallContext::user_fctx
void * user_fctx
Definition: funcapi.h:82
FuncCallContext::multi_call_memory_ctx
MemoryContext multi_call_memory_ctx
Definition: funcapi.h:101
FuncCallContext::tuple_desc
TupleDesc tuple_desc
Definition: funcapi.h:112
CreateTemplateTupleDesc
TupleDesc CreateTemplateTupleDesc(int natts)
Definition: tupdesc.c:175
TupleDescInitEntry
void TupleDescInitEntry(TupleDesc desc, AttrNumber attributeNumber, const char *attributeName, Oid oidtypeid, int32 typmod, int attdim)
Definition: tupdesc.c:835

References ACL_DAT, ACL_NUM, ACLITEM_GET_GOPTIONS, ACLITEM_GET_PRIVS, AclItem::ai_grantee, AclItem::ai_grantor, BlessTupleDesc(), BoolGetDatum(), check_acl(), convert_aclright_to_string(), CreateTemplateTupleDesc(), CStringGetTextDatum, heap_form_tuple(), HeapTupleGetDatum(), idx(), MemoryContextSwitchTo(), FuncCallContext::multi_call_memory_ctx, N_ACL_RIGHTS, ObjectIdGetDatum(), palloc(), PG_GETARG_ACL_P, SRF_FIRSTCALL_INIT, SRF_IS_FIRSTCALL, SRF_PERCALL_SETUP, SRF_RETURN_DONE, SRF_RETURN_NEXT, FuncCallContext::tuple_desc, TupleDescInitEntry(), UINT64CONST, FuncCallContext::user_fctx, and values.

◆ aclinsert()

Datum aclinsert ( PG_FUNCTION_ARGS  )

Definition at line 1576 of file acl.c.

1577{
1578 ereport(ERROR,
1579 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1580 errmsg("aclinsert is no longer supported")));
1581
1582 PG_RETURN_NULL(); /* keep compiler quiet */
1583}
errcode
int errcode(int sqlerrcode)
Definition: elog.c:854
errmsg
int errmsg(const char *fmt,...)
Definition: elog.c:1071
ereport
#define ereport(elevel,...)
Definition: elog.h:149
PG_RETURN_NULL
#define PG_RETURN_NULL()
Definition: fmgr.h:345

References ereport, errcode(), errmsg(), ERROR, and PG_RETURN_NULL.

◆ aclitem_eq()

Datum aclitem_eq ( PG_FUNCTION_ARGS  )

Definition at line 732 of file acl.c.

733{
734 AclItem *a1 = PG_GETARG_ACLITEM_P(0);
735 AclItem *a2 = PG_GETARG_ACLITEM_P(1);
736 bool result;
737
738 result = a1->ai_privs == a2->ai_privs &&
739 a1->ai_grantee == a2->ai_grantee &&
740 a1->ai_grantor == a2->ai_grantor;
741 PG_RETURN_BOOL(result);
742}
a1
static const FormData_pg_attribute a1
Definition: heap.c:144
a2
static const FormData_pg_attribute a2
Definition: heap.c:157

References a1, a2, PG_GETARG_ACLITEM_P, and PG_RETURN_BOOL.

◆ aclitem_match()

static bool aclitem_match ( const AclItem a1,
const AclItem a2 
)
static

Definition at line 697 of file acl.c.

698{
699 return a1->ai_grantee == a2->ai_grantee &&
700 a1->ai_grantor == a2->ai_grantor;
701}

References a1, and a2.

Referenced by aclnewowner(), and aclupdate().

◆ aclitemComparator()

static int aclitemComparator ( const void *  arg1,
const void *  arg2 
)
static

Definition at line 708 of file acl.c.

709{
710 const AclItem *a1 = (const AclItem *) arg1;
711 const AclItem *a2 = (const AclItem *) arg2;
712
713 if (a1->ai_grantee > a2->ai_grantee)
714 return 1;
715 if (a1->ai_grantee < a2->ai_grantee)
716 return -1;
717 if (a1->ai_grantor > a2->ai_grantor)
718 return 1;
719 if (a1->ai_grantor < a2->ai_grantor)
720 return -1;
721 if (a1->ai_privs > a2->ai_privs)
722 return 1;
723 if (a1->ai_privs < a2->ai_privs)
724 return -1;
725 return 0;
726}

References a1, and a2.

Referenced by aclitemsort().

◆ aclitemin()

Datum aclitemin ( PG_FUNCTION_ARGS  )

Definition at line 599 of file acl.c.

600{
601 const char *s = PG_GETARG_CSTRING(0);
602 Node *escontext = fcinfo->context;
603 AclItem *aip;
604
605 aip = (AclItem *) palloc(sizeof(AclItem));
606
607 s = aclparse(s, aip, escontext);
608 if (s == NULL)
609 PG_RETURN_NULL();
610
611 while (isspace((unsigned char) *s))
612 ++s;
613 if (*s)
614 ereturn(escontext, (Datum) 0,
615 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
616 errmsg("extra garbage at the end of the ACL specification")));
617
618 PG_RETURN_ACLITEM_P(aip);
619}
aclparse
static const char * aclparse(const char *s, AclItem *aip, Node *escontext)
Definition: acl.c:257
PG_RETURN_ACLITEM_P
#define PG_RETURN_ACLITEM_P(x)
Definition: acl.h:118
ereturn
#define ereturn(context, dummy_value,...)
Definition: elog.h:278
PG_GETARG_CSTRING
#define PG_GETARG_CSTRING(n)
Definition: fmgr.h:277
Node
Definition: nodes.h:135

References aclparse(), ereturn, errcode(), errmsg(), palloc(), PG_GETARG_CSTRING, PG_RETURN_ACLITEM_P, and PG_RETURN_NULL.

◆ aclitemout()

Datum aclitemout ( PG_FUNCTION_ARGS  )

Definition at line 630 of file acl.c.

631{
632 AclItem *aip = PG_GETARG_ACLITEM_P(0);
633 char *p;
634 char *out;
635 HeapTuple htup;
636 unsigned i;
637
638 out = palloc(strlen("=/") +
639 2 * N_ACL_RIGHTS +
640 2 * (2 * NAMEDATALEN + 2) +
641 1);
642
643 p = out;
644 *p = '\0';
645
646 if (aip->ai_grantee != ACL_ID_PUBLIC)
647 {
648 htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantee));
649 if (HeapTupleIsValid(htup))
650 {
651 putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
652 ReleaseSysCache(htup);
653 }
654 else
655 {
656 /* Generate numeric OID if we don't find an entry */
657 sprintf(p, "%u", aip->ai_grantee);
658 }
659 }
660 while (*p)
661 ++p;
662
663 *p++ = '=';
664
665 for (i = 0; i < N_ACL_RIGHTS; ++i)
666 {
667 if (ACLITEM_GET_PRIVS(*aip) & (UINT64CONST(1) << i))
668 *p++ = ACL_ALL_RIGHTS_STR[i];
669 if (ACLITEM_GET_GOPTIONS(*aip) & (UINT64CONST(1) << i))
670 *p++ = '*';
671 }
672
673 *p++ = '/';
674 *p = '\0';
675
676 htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantor));
677 if (HeapTupleIsValid(htup))
678 {
679 putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
680 ReleaseSysCache(htup);
681 }
682 else
683 {
684 /* Generate numeric OID if we don't find an entry */
685 sprintf(p, "%u", aip->ai_grantor);
686 }
687
688 PG_RETURN_CSTRING(out);
689}
putid
static void putid(char *p, const char *s)
Definition: acl.c:205
ACL_ALL_RIGHTS_STR
#define ACL_ALL_RIGHTS_STR
Definition: acl.h:154
NameStr
#define NameStr(name)
Definition: c.h:717
PG_RETURN_CSTRING
#define PG_RETURN_CSTRING(x)
Definition: fmgr.h:362
HeapTupleIsValid
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
GETSTRUCT
static void * GETSTRUCT(const HeapTupleData *tuple)
Definition: htup_details.h:728
rolname
NameData rolname
Definition: pg_authid.h:34
Form_pg_authid
FormData_pg_authid * Form_pg_authid
Definition: pg_authid.h:56
NAMEDATALEN
#define NAMEDATALEN
Definition: pg_config_manual.h:29
sprintf
#define sprintf
Definition: port.h:241
ReleaseSysCache
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:269
SearchSysCache1
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:221

References ACL_ALL_RIGHTS_STR, ACL_ID_PUBLIC, ACLITEM_GET_GOPTIONS, ACLITEM_GET_PRIVS, AclItem::ai_grantee, AclItem::ai_grantor, GETSTRUCT(), HeapTupleIsValid, i, N_ACL_RIGHTS, NAMEDATALEN, NameStr, ObjectIdGetDatum(), palloc(), PG_GETARG_ACLITEM_P, PG_RETURN_CSTRING, putid(), ReleaseSysCache(), rolname, SearchSysCache1(), sprintf, and UINT64CONST.

◆ aclitemsort()

void aclitemsort ( Acl acl)

Definition at line 529 of file acl.c.

530{
531 if (acl != NULL && ACL_NUM(acl) > 1)
532 qsort(ACL_DAT(acl), ACL_NUM(acl), sizeof(AclItem), aclitemComparator);
533}
aclitemComparator
static int aclitemComparator(const void *arg1, const void *arg2)
Definition: acl.c:708
qsort
#define qsort(a, b, c, d)
Definition: port.h:479

References ACL_DAT, ACL_NUM, aclitemComparator(), and qsort.

Referenced by get_user_default_acl(), and SetDefaultACL().

◆ aclmask()

AclMode aclmask ( const Acl acl,
Oid  roleid,
Oid  ownerId,
AclMode  mask,
AclMaskHow  how 
)

Definition at line 1372 of file acl.c.

1374{
1375 AclMode result;
1376 AclMode remaining;
1377 AclItem *aidat;
1378 int i,
1379 num;
1380
1381 /*
1382 * Null ACL should not happen, since caller should have inserted
1383 * appropriate default
1384 */
1385 if (acl == NULL)
1386 elog(ERROR, "null ACL");
1387
1388 check_acl(acl);
1389
1390 /* Quick exit for mask == 0 */
1391 if (mask == 0)
1392 return 0;
1393
1394 result = 0;
1395
1396 /* Owner always implicitly has all grant options */
1397 if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1398 has_privs_of_role(roleid, ownerId))
1399 {
1400 result = mask & ACLITEM_ALL_GOPTION_BITS;
1401 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1402 return result;
1403 }
1404
1405 num = ACL_NUM(acl);
1406 aidat = ACL_DAT(acl);
1407
1408 /*
1409 * Check privileges granted directly to roleid or to public
1410 */
1411 for (i = 0; i < num; i++)
1412 {
1413 AclItem *aidata = &aidat[i];
1414
1415 if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1416 aidata->ai_grantee == roleid)
1417 {
1418 result |= aidata->ai_privs & mask;
1419 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1420 return result;
1421 }
1422 }
1423
1424 /*
1425 * Check privileges granted indirectly via role memberships. We do this in
1426 * a separate pass to minimize expensive indirect membership tests. In
1427 * particular, it's worth testing whether a given ACL entry grants any
1428 * privileges still of interest before we perform the has_privs_of_role
1429 * test.
1430 */
1431 remaining = mask & ~result;
1432 for (i = 0; i < num; i++)
1433 {
1434 AclItem *aidata = &aidat[i];
1435
1436 if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1437 aidata->ai_grantee == roleid)
1438 continue; /* already checked it */
1439
1440 if ((aidata->ai_privs & remaining) &&
1441 has_privs_of_role(roleid, aidata->ai_grantee))
1442 {
1443 result |= aidata->ai_privs & mask;
1444 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1445 return result;
1446 remaining = mask & ~result;
1447 }
1448 }
1449
1450 return result;
1451}
has_privs_of_role
bool has_privs_of_role(Oid member, Oid role)
Definition: acl.c:5268
ACLITEM_ALL_GOPTION_BITS
#define ACLITEM_ALL_GOPTION_BITS
Definition: acl.h:88
ACLMASK_ALL
@ ACLMASK_ALL
Definition: acl.h:176
remaining
int remaining
Definition: informix.c:692
AclItem::ai_privs
AclMode ai_privs
Definition: acl.h:58

References ACL_DAT, ACL_ID_PUBLIC, ACL_NUM, ACLITEM_ALL_GOPTION_BITS, ACLMASK_ALL, AclItem::ai_grantee, AclItem::ai_privs, check_acl(), elog, ERROR, has_privs_of_role(), i, and remaining.

Referenced by check_circularity(), LockTableAclCheck(), object_aclmask_ext(), pg_attribute_aclcheck_all_ext(), pg_attribute_aclmask_ext(), pg_class_aclmask_ext(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask_ext(), pg_parameter_acl_aclmask(), pg_parameter_aclmask(), pg_type_aclmask_ext(), and recursive_revoke().

◆ aclmask_direct()

static AclMode aclmask_direct ( const Acl acl,
Oid  roleid,
Oid  ownerId,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 1461 of file acl.c.

1463{
1464 AclMode result;
1465 AclItem *aidat;
1466 int i,
1467 num;
1468
1469 /*
1470 * Null ACL should not happen, since caller should have inserted
1471 * appropriate default
1472 */
1473 if (acl == NULL)
1474 elog(ERROR, "null ACL");
1475
1476 check_acl(acl);
1477
1478 /* Quick exit for mask == 0 */
1479 if (mask == 0)
1480 return 0;
1481
1482 result = 0;
1483
1484 /* Owner always implicitly has all grant options */
1485 if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1486 roleid == ownerId)
1487 {
1488 result = mask & ACLITEM_ALL_GOPTION_BITS;
1489 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1490 return result;
1491 }
1492
1493 num = ACL_NUM(acl);
1494 aidat = ACL_DAT(acl);
1495
1496 /*
1497 * Check privileges granted directly to roleid (and not to public)
1498 */
1499 for (i = 0; i < num; i++)
1500 {
1501 AclItem *aidata = &aidat[i];
1502
1503 if (aidata->ai_grantee == roleid)
1504 {
1505 result |= aidata->ai_privs & mask;
1506 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1507 return result;
1508 }
1509 }
1510
1511 return result;
1512}

References ACL_DAT, ACL_NUM, ACLITEM_ALL_GOPTION_BITS, ACLMASK_ALL, AclItem::ai_grantee, AclItem::ai_privs, check_acl(), elog, ERROR, and i.

Referenced by select_best_grantor().

◆ aclmembers()

int aclmembers ( const Acl acl,
Oid **  roleids 
)

Definition at line 1524 of file acl.c.

1525{
1526 Oid *list;
1527 const AclItem *acldat;
1528 int i,
1529 j;
1530
1531 if (acl == NULL || ACL_NUM(acl) == 0)
1532 {
1533 *roleids = NULL;
1534 return 0;
1535 }
1536
1537 check_acl(acl);
1538
1539 /* Allocate the worst-case space requirement */
1540 list = palloc(ACL_NUM(acl) * 2 * sizeof(Oid));
1541 acldat = ACL_DAT(acl);
1542
1543 /*
1544 * Walk the ACL collecting mentioned RoleIds.
1545 */
1546 j = 0;
1547 for (i = 0; i < ACL_NUM(acl); i++)
1548 {
1549 const AclItem *ai = &acldat[i];
1550
1551 if (ai->ai_grantee != ACL_ID_PUBLIC)
1552 list[j++] = ai->ai_grantee;
1553 /* grantor is currently never PUBLIC, but let's check anyway */
1554 if (ai->ai_grantor != ACL_ID_PUBLIC)
1555 list[j++] = ai->ai_grantor;
1556 }
1557
1558 /* Sort the array */
1559 qsort(list, j, sizeof(Oid), oid_cmp);
1560
1561 /*
1562 * We could repalloc the array down to minimum size, but it's hardly worth
1563 * it since it's only transient memory.
1564 */
1565 *roleids = list;
1566
1567 /* Remove duplicates from the array */
1568 return qunique(list, j, sizeof(Oid), oid_cmp);
1569}
j
int j
Definition: isn.c:78
oid_cmp
int oid_cmp(const void *p1, const void *p2)
Definition: oid.c:258
qunique
static size_t qunique(void *array, size_t elements, size_t width, int(*compare)(const void *, const void *))
Definition: qunique.h:21

References ACL_DAT, ACL_ID_PUBLIC, ACL_NUM, AclItem::ai_grantee, AclItem::ai_grantor, check_acl(), i, j, sort-test::list, oid_cmp(), palloc(), qsort, and qunique().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), recordDependencyOnNewAcl(), recordExtensionInitPrivWorker(), RemoveRoleFromInitPriv(), ReplaceRoleInInitPriv(), and SetDefaultACL().

◆ aclmerge()

Acl * aclmerge ( const Acl left_acl,
const Acl right_acl,
Oid  ownerId 
)

Definition at line 485 of file acl.c.

486{
487 Acl *result_acl;
488 AclItem *aip;
489 int i,
490 num;
491
492 /* Check for cases where one or both are empty/null */
493 if (left_acl == NULL || ACL_NUM(left_acl) == 0)
494 {
495 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
496 return NULL;
497 else
498 return aclcopy(right_acl);
499 }
500 else
501 {
502 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
503 return aclcopy(left_acl);
504 }
505
506 /* Merge them the hard way, one item at a time */
507 result_acl = aclcopy(left_acl);
508
509 aip = ACL_DAT(right_acl);
510 num = ACL_NUM(right_acl);
511
512 for (i = 0; i < num; i++, aip++)
513 {
514 Acl *tmp_acl;
515
516 tmp_acl = aclupdate(result_acl, aip, ACL_MODECHG_ADD,
517 ownerId, DROP_RESTRICT);
518 pfree(result_acl);
519 result_acl = tmp_acl;
520 }
521
522 return result_acl;
523}
aclupdate
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
Definition: acl.c:976
aclcopy
Acl * aclcopy(const Acl *orig_acl)
Definition: acl.c:441
ACL_MODECHG_ADD
#define ACL_MODECHG_ADD
Definition: acl.h:129
pfree
void pfree(void *pointer)
Definition: mcxt.c:2146
DROP_RESTRICT
@ DROP_RESTRICT
Definition: parsenodes.h:2390

References ACL_DAT, ACL_MODECHG_ADD, ACL_NUM, aclcopy(), aclupdate(), DROP_RESTRICT, i, and pfree().

Referenced by get_user_default_acl().

◆ aclnewowner()

Acl * aclnewowner ( const Acl old_acl,
Oid  oldOwnerId,
Oid  newOwnerId 
)

Definition at line 1103 of file acl.c.

1104{
1105 Acl *new_acl;
1106 AclItem *new_aip;
1107 AclItem *old_aip;
1108 AclItem *dst_aip;
1109 AclItem *src_aip;
1110 AclItem *targ_aip;
1111 bool newpresent = false;
1112 int dst,
1113 src,
1114 targ,
1115 num;
1116
1117 check_acl(old_acl);
1118
1119 /*
1120 * Make a copy of the given ACL, substituting new owner ID for old
1121 * wherever it appears as either grantor or grantee. Also note if the new
1122 * owner ID is already present.
1123 */
1124 num = ACL_NUM(old_acl);
1125 old_aip = ACL_DAT(old_acl);
1126 new_acl = allocacl(num);
1127 new_aip = ACL_DAT(new_acl);
1128 memcpy(new_aip, old_aip, num * sizeof(AclItem));
1129 for (dst = 0, dst_aip = new_aip; dst < num; dst++, dst_aip++)
1130 {
1131 if (dst_aip->ai_grantor == oldOwnerId)
1132 dst_aip->ai_grantor = newOwnerId;
1133 else if (dst_aip->ai_grantor == newOwnerId)
1134 newpresent = true;
1135 if (dst_aip->ai_grantee == oldOwnerId)
1136 dst_aip->ai_grantee = newOwnerId;
1137 else if (dst_aip->ai_grantee == newOwnerId)
1138 newpresent = true;
1139 }
1140
1141 /*
1142 * If the old ACL contained any references to the new owner, then we may
1143 * now have generated an ACL containing duplicate entries. Find them and
1144 * merge them so that there are not duplicates. (This is relatively
1145 * expensive since we use a stupid O(N^2) algorithm, but it's unlikely to
1146 * be the normal case.)
1147 *
1148 * To simplify deletion of duplicate entries, we temporarily leave them in
1149 * the array but set their privilege masks to zero; when we reach such an
1150 * entry it's just skipped. (Thus, a side effect of this code will be to
1151 * remove privilege-free entries, should there be any in the input.) dst
1152 * is the next output slot, targ is the currently considered input slot
1153 * (always >= dst), and src scans entries to the right of targ looking for
1154 * duplicates. Once an entry has been emitted to dst it is known
1155 * duplicate-free and need not be considered anymore.
1156 */
1157 if (newpresent)
1158 {
1159 dst = 0;
1160 for (targ = 0, targ_aip = new_aip; targ < num; targ++, targ_aip++)
1161 {
1162 /* ignore if deleted in an earlier pass */
1163 if (ACLITEM_GET_RIGHTS(*targ_aip) == ACL_NO_RIGHTS)
1164 continue;
1165 /* find and merge any duplicates */
1166 for (src = targ + 1, src_aip = targ_aip + 1; src < num;
1167 src++, src_aip++)
1168 {
1169 if (ACLITEM_GET_RIGHTS(*src_aip) == ACL_NO_RIGHTS)
1170 continue;
1171 if (aclitem_match(targ_aip, src_aip))
1172 {
1173 ACLITEM_SET_RIGHTS(*targ_aip,
1174 ACLITEM_GET_RIGHTS(*targ_aip) |
1175 ACLITEM_GET_RIGHTS(*src_aip));
1176 /* mark the duplicate deleted */
1177 ACLITEM_SET_RIGHTS(*src_aip, ACL_NO_RIGHTS);
1178 }
1179 }
1180 /* and emit to output */
1181 new_aip[dst] = *targ_aip;
1182 dst++;
1183 }
1184 /* Adjust array size to be 'dst' items */
1185 ARR_DIMS(new_acl)[0] = dst;
1186 SET_VARSIZE(new_acl, ACL_N_SIZE(dst));
1187 }
1188
1189 return new_acl;
1190}
aclitem_match
static bool aclitem_match(const AclItem *a1, const AclItem *a2)
Definition: acl.c:697
ACL_N_SIZE
#define ACL_N_SIZE(N)
Definition: acl.h:110
ACLITEM_SET_RIGHTS
#define ACLITEM_SET_RIGHTS(item, rights)
Definition: acl.h:79
ARR_DIMS
#define ARR_DIMS(a)
Definition: array.h:294
SET_VARSIZE
#define SET_VARSIZE(PTR, len)
Definition: varatt.h:305

References ACL_DAT, ACL_N_SIZE, ACL_NO_RIGHTS, ACL_NUM, ACLITEM_GET_RIGHTS, aclitem_match(), ACLITEM_SET_RIGHTS, AclItem::ai_grantee, AclItem::ai_grantor, allocacl(), ARR_DIMS, check_acl(), and SET_VARSIZE.

Referenced by AlterDatabaseOwner(), AlterForeignDataWrapperOwner_internal(), AlterForeignServerOwner_internal(), AlterObjectOwner_internal(), AlterSchemaOwner_internal(), AlterTypeOwnerInternal(), ATExecChangeOwner(), change_owner_fix_column_acls(), and ReplaceRoleInInitPriv().

◆ aclparse()

static const char * aclparse ( const char *  s,
AclItem aip,
Node escontext 
)
static

Definition at line 257 of file acl.c.

258{
259 AclMode privs,
260 goption,
261 read;
262 char name[NAMEDATALEN];
263 char name2[NAMEDATALEN];
264
265 Assert(s && aip);
266
267 s = getid(s, name, escontext);
268 if (s == NULL)
269 return NULL;
270 if (*s != '=')
271 {
272 /* we just read a keyword, not a name */
273 if (strcmp(name, "group") != 0 && strcmp(name, "user") != 0)
274 ereturn(escontext, NULL,
275 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
276 errmsg("unrecognized key word: \"%s\"", name),
277 errhint("ACL key word must be \"group\" or \"user\".")));
278 /* move s to the name beyond the keyword */
279 s = getid(s, name, escontext);
280 if (s == NULL)
281 return NULL;
282 if (name[0] == '\0')
283 ereturn(escontext, NULL,
284 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
285 errmsg("missing name"),
286 errhint("A name must follow the \"group\" or \"user\" key word.")));
287 }
288
289 if (*s != '=')
290 ereturn(escontext, NULL,
291 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
292 errmsg("missing \"=\" sign")));
293
294 privs = goption = ACL_NO_RIGHTS;
295
296 for (++s, read = 0; isalpha((unsigned char) *s) || *s == '*'; s++)
297 {
298 switch (*s)
299 {
300 case '*':
301 goption |= read;
302 break;
303 case ACL_INSERT_CHR:
304 read = ACL_INSERT;
305 break;
306 case ACL_SELECT_CHR:
307 read = ACL_SELECT;
308 break;
309 case ACL_UPDATE_CHR:
310 read = ACL_UPDATE;
311 break;
312 case ACL_DELETE_CHR:
313 read = ACL_DELETE;
314 break;
315 case ACL_TRUNCATE_CHR:
316 read = ACL_TRUNCATE;
317 break;
318 case ACL_REFERENCES_CHR:
319 read = ACL_REFERENCES;
320 break;
321 case ACL_TRIGGER_CHR:
322 read = ACL_TRIGGER;
323 break;
324 case ACL_EXECUTE_CHR:
325 read = ACL_EXECUTE;
326 break;
327 case ACL_USAGE_CHR:
328 read = ACL_USAGE;
329 break;
330 case ACL_CREATE_CHR:
331 read = ACL_CREATE;
332 break;
333 case ACL_CREATE_TEMP_CHR:
334 read = ACL_CREATE_TEMP;
335 break;
336 case ACL_CONNECT_CHR:
337 read = ACL_CONNECT;
338 break;
339 case ACL_SET_CHR:
340 read = ACL_SET;
341 break;
342 case ACL_ALTER_SYSTEM_CHR:
343 read = ACL_ALTER_SYSTEM;
344 break;
345 case ACL_MAINTAIN_CHR:
346 read = ACL_MAINTAIN;
347 break;
348 default:
349 ereturn(escontext, NULL,
350 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
351 errmsg("invalid mode character: must be one of \"%s\"",
352 ACL_ALL_RIGHTS_STR)));
353 }
354
355 privs |= read;
356 }
357
358 if (name[0] == '\0')
359 aip->ai_grantee = ACL_ID_PUBLIC;
360 else
361 {
362 aip->ai_grantee = get_role_oid(name, true);
363 if (!OidIsValid(aip->ai_grantee))
364 ereturn(escontext, NULL,
365 (errcode(ERRCODE_UNDEFINED_OBJECT),
366 errmsg("role \"%s\" does not exist", name)));
367 }
368
369 /*
370 * XXX Allow a degree of backward compatibility by defaulting the grantor
371 * to the superuser.
372 */
373 if (*s == '/')
374 {
375 s = getid(s + 1, name2, escontext);
376 if (s == NULL)
377 return NULL;
378 if (name2[0] == '\0')
379 ereturn(escontext, NULL,
380 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
381 errmsg("a name must follow the \"/\" sign")));
382 aip->ai_grantor = get_role_oid(name2, true);
383 if (!OidIsValid(aip->ai_grantor))
384 ereturn(escontext, NULL,
385 (errcode(ERRCODE_UNDEFINED_OBJECT),
386 errmsg("role \"%s\" does not exist", name2)));
387 }
388 else
389 {
390 aip->ai_grantor = BOOTSTRAP_SUPERUSERID;
391 ereport(WARNING,
392 (errcode(ERRCODE_INVALID_GRANTOR),
393 errmsg("defaulting grantor to user ID %u",
394 BOOTSTRAP_SUPERUSERID)));
395 }
396
397 ACLITEM_SET_PRIVS_GOPTIONS(*aip, privs, goption);
398
399 return s;
400}
getid
static const char * getid(const char *s, char *n, Node *escontext)
Definition: acl.c:153
get_role_oid
Oid get_role_oid(const char *rolname, bool missing_ok)
Definition: acl.c:5536
ACL_CREATE_CHR
#define ACL_CREATE_CHR
Definition: acl.h:146
ACL_SET_CHR
#define ACL_SET_CHR
Definition: acl.h:149
ACL_REFERENCES_CHR
#define ACL_REFERENCES_CHR
Definition: acl.h:142
ACL_TRUNCATE_CHR
#define ACL_TRUNCATE_CHR
Definition: acl.h:141
ACL_SELECT_CHR
#define ACL_SELECT_CHR
Definition: acl.h:138
ACL_EXECUTE_CHR
#define ACL_EXECUTE_CHR
Definition: acl.h:144
ACL_DELETE_CHR
#define ACL_DELETE_CHR
Definition: acl.h:140
ACL_INSERT_CHR
#define ACL_INSERT_CHR
Definition: acl.h:137
ACL_UPDATE_CHR
#define ACL_UPDATE_CHR
Definition: acl.h:139
ACL_ALTER_SYSTEM_CHR
#define ACL_ALTER_SYSTEM_CHR
Definition: acl.h:150
ACL_USAGE_CHR
#define ACL_USAGE_CHR
Definition: acl.h:145
ACL_CONNECT_CHR
#define ACL_CONNECT_CHR
Definition: acl.h:148
ACL_TRIGGER_CHR
#define ACL_TRIGGER_CHR
Definition: acl.h:143
ACL_CREATE_TEMP_CHR
#define ACL_CREATE_TEMP_CHR
Definition: acl.h:147
ACL_MAINTAIN_CHR
#define ACL_MAINTAIN_CHR
Definition: acl.h:151
OidIsValid
#define OidIsValid(objectId)
Definition: c.h:746
errhint
int errhint(const char *fmt,...)
Definition: elog.c:1318
WARNING
#define WARNING
Definition: elog.h:36
Assert
Assert(PointerIsAligned(start, uint64))
read
#define read(a, b, c)
Definition: win32.h:13
ACL_SET
#define ACL_SET
Definition: parsenodes.h:88
ACL_DELETE
#define ACL_DELETE
Definition: parsenodes.h:79
ACL_MAINTAIN
#define ACL_MAINTAIN
Definition: parsenodes.h:90
ACL_INSERT
#define ACL_INSERT
Definition: parsenodes.h:76
ACL_UPDATE
#define ACL_UPDATE
Definition: parsenodes.h:78
ACL_ALTER_SYSTEM
#define ACL_ALTER_SYSTEM
Definition: parsenodes.h:89
ACL_REFERENCES
#define ACL_REFERENCES
Definition: parsenodes.h:81
ACL_SELECT
#define ACL_SELECT
Definition: parsenodes.h:77
ACL_TRUNCATE
#define ACL_TRUNCATE
Definition: parsenodes.h:80
ACL_CREATE
#define ACL_CREATE
Definition: parsenodes.h:85
ACL_TRIGGER
#define ACL_TRIGGER
Definition: parsenodes.h:82
name
const char * name
Definition: wait_event_funcs.c:28

References ACL_ALL_RIGHTS_STR, ACL_ALTER_SYSTEM, ACL_ALTER_SYSTEM_CHR, ACL_CONNECT, ACL_CONNECT_CHR, ACL_CREATE, ACL_CREATE_CHR, ACL_CREATE_TEMP, ACL_CREATE_TEMP_CHR, ACL_DELETE, ACL_DELETE_CHR, ACL_EXECUTE, ACL_EXECUTE_CHR, ACL_ID_PUBLIC, ACL_INSERT, ACL_INSERT_CHR, ACL_MAINTAIN, ACL_MAINTAIN_CHR, ACL_NO_RIGHTS, ACL_REFERENCES, ACL_REFERENCES_CHR, ACL_SELECT, ACL_SELECT_CHR, ACL_SET, ACL_SET_CHR, ACL_TRIGGER, ACL_TRIGGER_CHR, ACL_TRUNCATE, ACL_TRUNCATE_CHR, ACL_UPDATE, ACL_UPDATE_CHR, ACL_USAGE, ACL_USAGE_CHR, ACLITEM_SET_PRIVS_GOPTIONS, AclItem::ai_grantee, AclItem::ai_grantor, Assert(), ereport, ereturn, errcode(), errhint(), errmsg(), get_role_oid(), getid(), name, NAMEDATALEN, OidIsValid, read, and WARNING.

Referenced by aclitemin().

◆ aclremove()

Datum aclremove ( PG_FUNCTION_ARGS  )

Definition at line 1586 of file acl.c.

1587{
1588 ereport(ERROR,
1589 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1590 errmsg("aclremove is no longer supported")));
1591
1592 PG_RETURN_NULL(); /* keep compiler quiet */
1593}

References ereport, errcode(), errmsg(), ERROR, and PG_RETURN_NULL.

◆ aclupdate()

Acl * aclupdate ( const Acl old_acl,
const AclItem mod_aip,
int  modechg,
Oid  ownerId,
DropBehavior  behavior 
)

Definition at line 976 of file acl.c.

978{
979 Acl *new_acl = NULL;
980 AclItem *old_aip,
981 *new_aip = NULL;
982 AclMode old_rights,
983 old_goptions,
984 new_rights,
985 new_goptions;
986 int dst,
987 num;
988
989 /* Caller probably already checked old_acl, but be safe */
990 check_acl(old_acl);
991
992 /* If granting grant options, check for circularity */
993 if (modechg != ACL_MODECHG_DEL &&
994 ACLITEM_GET_GOPTIONS(*mod_aip) != ACL_NO_RIGHTS)
995 check_circularity(old_acl, mod_aip, ownerId);
996
997 num = ACL_NUM(old_acl);
998 old_aip = ACL_DAT(old_acl);
999
1000 /*
1001 * Search the ACL for an existing entry for this grantee and grantor. If
1002 * one exists, just modify the entry in-place (well, in the same position,
1003 * since we actually return a copy); otherwise, insert the new entry at
1004 * the end.
1005 */
1006
1007 for (dst = 0; dst < num; ++dst)
1008 {
1009 if (aclitem_match(mod_aip, old_aip + dst))
1010 {
1011 /* found a match, so modify existing item */
1012 new_acl = allocacl(num);
1013 new_aip = ACL_DAT(new_acl);
1014 memcpy(new_acl, old_acl, ACL_SIZE(old_acl));
1015 break;
1016 }
1017 }
1018
1019 if (dst == num)
1020 {
1021 /* need to append a new item */
1022 new_acl = allocacl(num + 1);
1023 new_aip = ACL_DAT(new_acl);
1024 memcpy(new_aip, old_aip, num * sizeof(AclItem));
1025
1026 /* initialize the new entry with no permissions */
1027 new_aip[dst].ai_grantee = mod_aip->ai_grantee;
1028 new_aip[dst].ai_grantor = mod_aip->ai_grantor;
1029 ACLITEM_SET_PRIVS_GOPTIONS(new_aip[dst],
1030 ACL_NO_RIGHTS, ACL_NO_RIGHTS);
1031 num++; /* set num to the size of new_acl */
1032 }
1033
1034 old_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
1035 old_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
1036
1037 /* apply the specified permissions change */
1038 switch (modechg)
1039 {
1040 case ACL_MODECHG_ADD:
1041 ACLITEM_SET_RIGHTS(new_aip[dst],
1042 old_rights | ACLITEM_GET_RIGHTS(*mod_aip));
1043 break;
1044 case ACL_MODECHG_DEL:
1045 ACLITEM_SET_RIGHTS(new_aip[dst],
1046 old_rights & ~ACLITEM_GET_RIGHTS(*mod_aip));
1047 break;
1048 case ACL_MODECHG_EQL:
1049 ACLITEM_SET_RIGHTS(new_aip[dst],
1050 ACLITEM_GET_RIGHTS(*mod_aip));
1051 break;
1052 }
1053
1054 new_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
1055 new_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
1056
1057 /*
1058 * If the adjusted entry has no permissions, delete it from the list.
1059 */
1060 if (new_rights == ACL_NO_RIGHTS)
1061 {
1062 memmove(new_aip + dst,
1063 new_aip + dst + 1,
1064 (num - dst - 1) * sizeof(AclItem));
1065 /* Adjust array size to be 'num - 1' items */
1066 ARR_DIMS(new_acl)[0] = num - 1;
1067 SET_VARSIZE(new_acl, ACL_N_SIZE(num - 1));
1068 }
1069
1070 /*
1071 * Remove abandoned privileges (cascading revoke). Currently we can only
1072 * handle this when the grantee is not PUBLIC.
1073 */
1074 if ((old_goptions & ~new_goptions) != 0)
1075 {
1076 Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1077 new_acl = recursive_revoke(new_acl, mod_aip->ai_grantee,
1078 (old_goptions & ~new_goptions),
1079 ownerId, behavior);
1080 }
1081
1082 return new_acl;
1083}
recursive_revoke
static Acl * recursive_revoke(Acl *acl, Oid grantee, AclMode revoke_privs, Oid ownerId, DropBehavior behavior)
Definition: acl.c:1286
check_circularity
static void check_circularity(const Acl *old_acl, const AclItem *mod_aip, Oid ownerId)
Definition: acl.c:1206
ACL_SIZE
#define ACL_SIZE(ACL)
Definition: acl.h:111
ACL_MODECHG_DEL
#define ACL_MODECHG_DEL
Definition: acl.h:130
ACL_MODECHG_EQL
#define ACL_MODECHG_EQL
Definition: acl.h:131

References ACL_DAT, ACL_ID_PUBLIC, ACL_MODECHG_ADD, ACL_MODECHG_DEL, ACL_MODECHG_EQL, ACL_N_SIZE, ACL_NO_RIGHTS, ACL_NUM, ACL_SIZE, ACLITEM_GET_GOPTIONS, ACLITEM_GET_RIGHTS, aclitem_match(), ACLITEM_SET_PRIVS_GOPTIONS, ACLITEM_SET_RIGHTS, AclItem::ai_grantee, AclItem::ai_grantor, allocacl(), ARR_DIMS, Assert(), check_acl(), check_circularity(), recursive_revoke(), and SET_VARSIZE.

Referenced by aclmerge(), check_circularity(), merge_acl_with_grant(), and recursive_revoke().

◆ allocacl()

static Acl * allocacl ( int  n)
static

Definition at line 410 of file acl.c.

411{
412 Acl *new_acl;
413 Size size;
414
415 if (n < 0)
416 elog(ERROR, "invalid size: %d", n);
417 size = ACL_N_SIZE(n);
418 new_acl = (Acl *) palloc0(size);
419 SET_VARSIZE(new_acl, size);
420 new_acl->ndim = 1;
421 new_acl->dataoffset = 0; /* we never put in any nulls */
422 new_acl->elemtype = ACLITEMOID;
423 ARR_LBOUND(new_acl)[0] = 1;
424 ARR_DIMS(new_acl)[0] = n;
425 return new_acl;
426}
ARR_LBOUND
#define ARR_LBOUND(a)
Definition: array.h:296
Size
size_t Size
Definition: c.h:576
palloc0
void * palloc0(Size size)
Definition: mcxt.c:1969
ArrayType::elemtype
Oid elemtype
Definition: array.h:97
ArrayType::ndim
int ndim
Definition: array.h:95
ArrayType::dataoffset
int32 dataoffset
Definition: array.h:96

References ACL_N_SIZE, ARR_DIMS, ARR_LBOUND, ArrayType::dataoffset, ArrayType::elemtype, elog, ERROR, ArrayType::ndim, palloc0(), and SET_VARSIZE.

Referenced by aclconcat(), aclcopy(), acldefault(), aclnewowner(), aclupdate(), check_circularity(), and make_empty_acl().

◆ check_acl()

static void check_acl ( const Acl acl)
static

Definition at line 574 of file acl.c.

575{
576 if (ARR_ELEMTYPE(acl) != ACLITEMOID)
577 ereport(ERROR,
578 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
579 errmsg("ACL array contains wrong data type")));
580 if (ARR_NDIM(acl) != 1)
581 ereport(ERROR,
582 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
583 errmsg("ACL arrays must be one-dimensional")));
584 if (ARR_HASNULL(acl))
585 ereport(ERROR,
586 (errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED),
587 errmsg("ACL arrays must not contain null values")));
588}
ARR_NDIM
#define ARR_NDIM(a)
Definition: array.h:290
ARR_ELEMTYPE
#define ARR_ELEMTYPE(a)
Definition: array.h:292
ARR_HASNULL
#define ARR_HASNULL(a)
Definition: array.h:291

References ARR_ELEMTYPE, ARR_HASNULL, ARR_NDIM, ereport, errcode(), errmsg(), and ERROR.

Referenced by aclcontains(), aclexplode(), aclmask(), aclmask_direct(), aclmembers(), aclnewowner(), aclupdate(), check_circularity(), and recursive_revoke().

◆ check_can_set_role()

void check_can_set_role ( Oid  member,
Oid  role 
)

Definition at line 5325 of file acl.c.

5326{
5327 if (!member_can_set_role(member, role))
5328 ereport(ERROR,
5329 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
5330 errmsg("must be able to SET ROLE \"%s\"",
5331 GetUserNameFromId(role, false))));
5332}
member_can_set_role
bool member_can_set_role(Oid member, Oid role)
Definition: acl.c:5302
GetUserNameFromId
char * GetUserNameFromId(Oid roleid, bool noerr)
Definition: miscinit.c:1039

References ereport, errcode(), errmsg(), ERROR, GetUserNameFromId(), and member_can_set_role().

Referenced by AlterDatabaseOwner(), AlterForeignServerOwner_internal(), AlterObjectOwner_internal(), AlterPublicationOwner_internal(), AlterSchemaOwner_internal(), AlterSubscriptionOwner_internal(), AlterTypeOwner(), ATExecChangeOwner(), createdb(), and CreateSchemaCommand().

◆ check_circularity()

static void check_circularity ( const Acl old_acl,
const AclItem mod_aip,
Oid  ownerId 
)
static

Definition at line 1206 of file acl.c.

1208{
1209 Acl *acl;
1210 AclItem *aip;
1211 int i,
1212 num;
1213 AclMode own_privs;
1214
1215 check_acl(old_acl);
1216
1217 /*
1218 * For now, grant options can only be granted to roles, not PUBLIC.
1219 * Otherwise we'd have to work a bit harder here.
1220 */
1221 Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1222
1223 /* The owner always has grant options, no need to check */
1224 if (mod_aip->ai_grantor == ownerId)
1225 return;
1226
1227 /* Make a working copy */
1228 acl = allocacl(ACL_NUM(old_acl));
1229 memcpy(acl, old_acl, ACL_SIZE(old_acl));
1230
1231 /* Zap all grant options of target grantee, plus what depends on 'em */
1232cc_restart:
1233 num = ACL_NUM(acl);
1234 aip = ACL_DAT(acl);
1235 for (i = 0; i < num; i++)
1236 {
1237 if (aip[i].ai_grantee == mod_aip->ai_grantee &&
1238 ACLITEM_GET_GOPTIONS(aip[i]) != ACL_NO_RIGHTS)
1239 {
1240 Acl *new_acl;
1241
1242 /* We'll actually zap ordinary privs too, but no matter */
1243 new_acl = aclupdate(acl, &aip[i], ACL_MODECHG_DEL,
1244 ownerId, DROP_CASCADE);
1245
1246 pfree(acl);
1247 acl = new_acl;
1248
1249 goto cc_restart;
1250 }
1251 }
1252
1253 /* Now we can compute grantor's independently-derived privileges */
1254 own_privs = aclmask(acl,
1255 mod_aip->ai_grantor,
1256 ownerId,
1257 ACL_GRANT_OPTION_FOR(ACLITEM_GET_GOPTIONS(*mod_aip)),
1258 ACLMASK_ALL);
1259 own_privs = ACL_OPTION_TO_PRIVS(own_privs);
1260
1261 if ((ACLITEM_GET_GOPTIONS(*mod_aip) & ~own_privs) != 0)
1262 ereport(ERROR,
1263 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1264 errmsg("grant options cannot be granted back to your own grantor")));
1265
1266 pfree(acl);
1267}
aclmask
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Definition: acl.c:1372
ACL_OPTION_TO_PRIVS
#define ACL_OPTION_TO_PRIVS(privs)
Definition: acl.h:71
ACL_GRANT_OPTION_FOR
#define ACL_GRANT_OPTION_FOR(privs)
Definition: acl.h:70
DROP_CASCADE
@ DROP_CASCADE
Definition: parsenodes.h:2391

References ACL_DAT, ACL_GRANT_OPTION_FOR, ACL_ID_PUBLIC, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACL_NUM, ACL_OPTION_TO_PRIVS, ACL_SIZE, ACLITEM_GET_GOPTIONS, aclmask(), ACLMASK_ALL, aclupdate(), AclItem::ai_grantee, AclItem::ai_grantor, allocacl(), Assert(), check_acl(), DROP_CASCADE, ereport, errcode(), errmsg(), ERROR, i, and pfree().

Referenced by aclupdate().

◆ check_rolespec_name()

void check_rolespec_name ( const RoleSpec role,
const char *  detail_msg 
)

Definition at line 5677 of file acl.c.

5678{
5679 if (!role)
5680 return;
5681
5682 if (role->roletype != ROLESPEC_CSTRING)
5683 return;
5684
5685 if (IsReservedName(role->rolename))
5686 {
5687 if (detail_msg)
5688 ereport(ERROR,
5689 (errcode(ERRCODE_RESERVED_NAME),
5690 errmsg("role name \"%s\" is reserved",
5691 role->rolename),
5692 errdetail_internal("%s", detail_msg)));
5693 else
5694 ereport(ERROR,
5695 (errcode(ERRCODE_RESERVED_NAME),
5696 errmsg("role name \"%s\" is reserved",
5697 role->rolename)));
5698 }
5699}
IsReservedName
bool IsReservedName(const char *name)
Definition: catalog.c:278
errdetail_internal
int errdetail_internal(const char *fmt,...)
Definition: elog.c:1231
ROLESPEC_CSTRING
@ ROLESPEC_CSTRING
Definition: parsenodes.h:405
RoleSpec::roletype
RoleSpecType roletype
Definition: parsenodes.h:415
RoleSpec::rolename
char * rolename
Definition: parsenodes.h:416

References ereport, errcode(), errdetail_internal(), errmsg(), ERROR, IsReservedName(), RoleSpec::rolename, ROLESPEC_CSTRING, and RoleSpec::roletype.

Referenced by AlterRole(), and AlterRoleSet().

◆ column_privilege_check()

static int column_privilege_check ( Oid  tableoid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mode 
)
static

Definition at line 2519 of file acl.c.

2521{
2522 AclResult aclresult;
2523 bool is_missing = false;
2524
2525 /*
2526 * If convert_column_name failed, we can just return -1 immediately.
2527 */
2528 if (attnum == InvalidAttrNumber)
2529 return -1;
2530
2531 /*
2532 * Check for column-level privileges first. This serves in part as a check
2533 * on whether the column even exists, so we need to do it before checking
2534 * table-level privilege.
2535 */
2536 aclresult = pg_attribute_aclcheck_ext(tableoid, attnum, roleid,
2537 mode, &is_missing);
2538 if (aclresult == ACLCHECK_OK)
2539 return 1;
2540 else if (is_missing)
2541 return -1;
2542
2543 /* Next check if we have the privilege at the table level */
2544 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2545 if (aclresult == ACLCHECK_OK)
2546 return 1;
2547 else if (is_missing)
2548 return -1;
2549 else
2550 return 0;
2551}
AclResult
AclResult
Definition: acl.h:182
ACLCHECK_OK
@ ACLCHECK_OK
Definition: acl.h:183
pg_class_aclcheck_ext
AclResult pg_class_aclcheck_ext(Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)
Definition: aclchk.c:4034
pg_attribute_aclcheck_ext
AclResult pg_attribute_aclcheck_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
Definition: aclchk.c:3865
InvalidAttrNumber
#define InvalidAttrNumber
Definition: attnum.h:23
attnum
int16 attnum
Definition: pg_attribute.h:74
mode
static PgChecksumMode mode
Definition: pg_checksums.c:55

References ACLCHECK_OK, attnum, InvalidAttrNumber, mode, pg_attribute_aclcheck_ext(), and pg_class_aclcheck_ext().

Referenced by has_column_privilege_id_attnum(), has_column_privilege_id_id_attnum(), has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), and has_column_privilege_name_name_name().

◆ convert_aclright_to_string()

static const char * convert_aclright_to_string ( int  aclright)
static

Definition at line 1718 of file acl.c.

1719{
1720 switch (aclright)
1721 {
1722 case ACL_INSERT:
1723 return "INSERT";
1724 case ACL_SELECT:
1725 return "SELECT";
1726 case ACL_UPDATE:
1727 return "UPDATE";
1728 case ACL_DELETE:
1729 return "DELETE";
1730 case ACL_TRUNCATE:
1731 return "TRUNCATE";
1732 case ACL_REFERENCES:
1733 return "REFERENCES";
1734 case ACL_TRIGGER:
1735 return "TRIGGER";
1736 case ACL_EXECUTE:
1737 return "EXECUTE";
1738 case ACL_USAGE:
1739 return "USAGE";
1740 case ACL_CREATE:
1741 return "CREATE";
1742 case ACL_CREATE_TEMP:
1743 return "TEMPORARY";
1744 case ACL_CONNECT:
1745 return "CONNECT";
1746 case ACL_SET:
1747 return "SET";
1748 case ACL_ALTER_SYSTEM:
1749 return "ALTER SYSTEM";
1750 case ACL_MAINTAIN:
1751 return "MAINTAIN";
1752 default:
1753 elog(ERROR, "unrecognized aclright: %d", aclright);
1754 return NULL;
1755 }
1756}

References ACL_ALTER_SYSTEM, ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_MAINTAIN, ACL_REFERENCES, ACL_SELECT, ACL_SET, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, elog, and ERROR.

Referenced by aclexplode().

◆ convert_any_priv_string()

static AclMode convert_any_priv_string ( text priv_type_text,
const priv_map privileges 
)
static

Definition at line 1670 of file acl.c.

1672{
1673 AclMode result = 0;
1674 char *priv_type = text_to_cstring(priv_type_text);
1675 char *chunk;
1676 char *next_chunk;
1677
1678 /* We rely on priv_type being a private, modifiable string */
1679 for (chunk = priv_type; chunk; chunk = next_chunk)
1680 {
1681 int chunk_len;
1682 const priv_map *this_priv;
1683
1684 /* Split string at commas */
1685 next_chunk = strchr(chunk, ',');
1686 if (next_chunk)
1687 *next_chunk++ = '\0';
1688
1689 /* Drop leading/trailing whitespace in this chunk */
1690 while (*chunk && isspace((unsigned char) *chunk))
1691 chunk++;
1692 chunk_len = strlen(chunk);
1693 while (chunk_len > 0 && isspace((unsigned char) chunk[chunk_len - 1]))
1694 chunk_len--;
1695 chunk[chunk_len] = '\0';
1696
1697 /* Match to the privileges list */
1698 for (this_priv = privileges; this_priv->name; this_priv++)
1699 {
1700 if (pg_strcasecmp(this_priv->name, chunk) == 0)
1701 {
1702 result |= this_priv->value;
1703 break;
1704 }
1705 }
1706 if (!this_priv->name)
1707 ereport(ERROR,
1708 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1709 errmsg("unrecognized privilege type: \"%s\"", chunk)));
1710 }
1711
1712 pfree(priv_type);
1713 return result;
1714}
pg_strcasecmp
int pg_strcasecmp(const char *s1, const char *s2)
Definition: pgstrcasecmp.c:36
priv_map
Definition: acl.c:56
priv_map::name
const char * name
Definition: acl.c:57
priv_map::value
AclMode value
Definition: acl.c:58
text_to_cstring
char * text_to_cstring(const text *t)
Definition: varlena.c:225

References ereport, errcode(), errmsg(), ERROR, priv_map::name, pfree(), pg_strcasecmp(), text_to_cstring(), and priv_map::value.

Referenced by convert_column_priv_string(), convert_database_priv_string(), convert_foreign_data_wrapper_priv_string(), convert_function_priv_string(), convert_language_priv_string(), convert_largeobject_priv_string(), convert_parameter_priv_string(), convert_role_priv_string(), convert_schema_priv_string(), convert_sequence_priv_string(), convert_server_priv_string(), convert_table_priv_string(), convert_tablespace_priv_string(), convert_type_priv_string(), and makeaclitem().

◆ convert_column_name()

static AttrNumber convert_column_name ( Oid  tableoid,
text column 
)
static

Definition at line 2879 of file acl.c.

2880{
2881 char *colname;
2882 HeapTuple attTuple;
2883 AttrNumber attnum;
2884
2885 colname = text_to_cstring(column);
2886
2887 /*
2888 * We don't use get_attnum() here because it will report that dropped
2889 * columns don't exist. We need to treat dropped columns differently from
2890 * nonexistent columns.
2891 */
2892 attTuple = SearchSysCache2(ATTNAME,
2893 ObjectIdGetDatum(tableoid),
2894 CStringGetDatum(colname));
2895 if (HeapTupleIsValid(attTuple))
2896 {
2897 Form_pg_attribute attributeForm;
2898
2899 attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
2900 /* We want to return NULL for dropped columns */
2901 if (attributeForm->attisdropped)
2902 attnum = InvalidAttrNumber;
2903 else
2904 attnum = attributeForm->attnum;
2905 ReleaseSysCache(attTuple);
2906 }
2907 else
2908 {
2909 char *tablename = get_rel_name(tableoid);
2910
2911 /*
2912 * If the table OID is bogus, or it's just been dropped, we'll get
2913 * NULL back. In such cases we want has_column_privilege to return
2914 * NULL too, so just return InvalidAttrNumber.
2915 */
2916 if (tablename != NULL)
2917 {
2918 /* tableoid exists, colname does not, so throw error */
2919 ereport(ERROR,
2920 (errcode(ERRCODE_UNDEFINED_COLUMN),
2921 errmsg("column \"%s\" of relation \"%s\" does not exist",
2922 colname, tablename)));
2923 }
2924 /* tableoid doesn't exist, so act like attisdropped case */
2925 attnum = InvalidAttrNumber;
2926 }
2927
2928 pfree(colname);
2929 return attnum;
2930}
get_rel_name
char * get_rel_name(Oid relid)
Definition: lsyscache.c:2068
Form_pg_attribute
FormData_pg_attribute * Form_pg_attribute
Definition: pg_attribute.h:202
CStringGetDatum
static Datum CStringGetDatum(const char *X)
Definition: postgres.h:355
SearchSysCache2
HeapTuple SearchSysCache2(int cacheId, Datum key1, Datum key2)
Definition: syscache.c:232

References attnum, CStringGetDatum(), ereport, errcode(), errmsg(), ERROR, get_rel_name(), GETSTRUCT(), HeapTupleIsValid, InvalidAttrNumber, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache2(), and text_to_cstring().

Referenced by has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_name(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), and has_column_privilege_name_name_name().

◆ convert_column_priv_string()

static AclMode convert_column_priv_string ( text priv_type_text)
static

Definition at line 2937 of file acl.c.

2938{
2939 static const priv_map column_priv_map[] = {
2940 {"SELECT", ACL_SELECT},
2941 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2942 {"INSERT", ACL_INSERT},
2943 {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2944 {"UPDATE", ACL_UPDATE},
2945 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2946 {"REFERENCES", ACL_REFERENCES},
2947 {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2948 {NULL, 0}
2949 };
2950
2951 return convert_any_priv_string(priv_type_text, column_priv_map);
2952}
convert_any_priv_string
static AclMode convert_any_priv_string(text *priv_type_text, const priv_map *privileges)
Definition: acl.c:1670

References ACL_GRANT_OPTION_FOR, ACL_INSERT, ACL_REFERENCES, ACL_SELECT, ACL_UPDATE, and convert_any_priv_string().

Referenced by has_any_column_privilege_id(), has_any_column_privilege_id_id(), has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_id(), has_any_column_privilege_name_name(), has_column_privilege_id_attnum(), has_column_privilege_id_id_attnum(), has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), and has_column_privilege_name_name_name().

◆ convert_database_name()

static Oid convert_database_name ( text databasename)
static

Definition at line 3131 of file acl.c.

3132{
3133 char *dbname = text_to_cstring(databasename);
3134
3135 return get_database_oid(dbname, false);
3136}
get_database_oid
Oid get_database_oid(const char *dbname, bool missing_ok)
Definition: dbcommands.c:3141
dbname
char * dbname
Definition: streamutil.c:49

References dbname, get_database_oid(), and text_to_cstring().

Referenced by has_database_privilege_id_name(), has_database_privilege_name(), and has_database_privilege_name_name().

◆ convert_database_priv_string()

static AclMode convert_database_priv_string ( text priv_type_text)
static

Definition at line 3143 of file acl.c.

3144{
3145 static const priv_map database_priv_map[] = {
3146 {"CREATE", ACL_CREATE},
3147 {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
3148 {"TEMPORARY", ACL_CREATE_TEMP},
3149 {"TEMPORARY WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3150 {"TEMP", ACL_CREATE_TEMP},
3151 {"TEMP WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3152 {"CONNECT", ACL_CONNECT},
3153 {"CONNECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CONNECT)},
3154 {NULL, 0}
3155 };
3156
3157 return convert_any_priv_string(priv_type_text, database_priv_map);
3158}

References ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_GRANT_OPTION_FOR, and convert_any_priv_string().

Referenced by has_database_privilege_id(), has_database_privilege_id_id(), has_database_privilege_id_name(), has_database_privilege_name(), has_database_privilege_name_id(), and has_database_privilege_name_name().

◆ convert_foreign_data_wrapper_name()

static Oid convert_foreign_data_wrapper_name ( text fdwname)
static

Definition at line 3337 of file acl.c.

3338{
3339 char *fdwstr = text_to_cstring(fdwname);
3340
3341 return get_foreign_data_wrapper_oid(fdwstr, false);
3342}
get_foreign_data_wrapper_oid
Oid get_foreign_data_wrapper_oid(const char *fdwname, bool missing_ok)
Definition: foreign.c:681

References get_foreign_data_wrapper_oid(), and text_to_cstring().

Referenced by has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), and has_foreign_data_wrapper_privilege_name_name().

◆ convert_foreign_data_wrapper_priv_string()

static AclMode convert_foreign_data_wrapper_priv_string ( text priv_type_text)
static

Definition at line 3349 of file acl.c.

3350{
3351 static const priv_map foreign_data_wrapper_priv_map[] = {
3352 {"USAGE", ACL_USAGE},
3353 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3354 {NULL, 0}
3355 };
3356
3357 return convert_any_priv_string(priv_type_text, foreign_data_wrapper_priv_map);
3358}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_foreign_data_wrapper_privilege_id(), has_foreign_data_wrapper_privilege_id_id(), has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), has_foreign_data_wrapper_privilege_name_id(), and has_foreign_data_wrapper_privilege_name_name().

◆ convert_function_name()

static Oid convert_function_name ( text functionname)
static

Definition at line 3537 of file acl.c.

3538{
3539 char *funcname = text_to_cstring(functionname);
3540 Oid oid;
3541
3542 oid = DatumGetObjectId(DirectFunctionCall1(regprocedurein,
3543 CStringGetDatum(funcname)));
3544
3545 if (!OidIsValid(oid))
3546 ereport(ERROR,
3547 (errcode(ERRCODE_UNDEFINED_FUNCTION),
3548 errmsg("function \"%s\" does not exist", funcname)));
3549
3550 return oid;
3551}
DirectFunctionCall1
#define DirectFunctionCall1(func, arg1)
Definition: fmgr.h:682
funcname
#define funcname
Definition: indent_codes.h:69
DatumGetObjectId
static Oid DatumGetObjectId(Datum X)
Definition: postgres.h:247
regprocedurein
Datum regprocedurein(PG_FUNCTION_ARGS)
Definition: regproc.c:224

References CStringGetDatum(), DatumGetObjectId(), DirectFunctionCall1, ereport, errcode(), errmsg(), ERROR, funcname, OidIsValid, regprocedurein(), and text_to_cstring().

Referenced by has_function_privilege_id_name(), has_function_privilege_name(), and has_function_privilege_name_name().

◆ convert_function_priv_string()

static AclMode convert_function_priv_string ( text priv_type_text)
static

Definition at line 3558 of file acl.c.

3559{
3560 static const priv_map function_priv_map[] = {
3561 {"EXECUTE", ACL_EXECUTE},
3562 {"EXECUTE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_EXECUTE)},
3563 {NULL, 0}
3564 };
3565
3566 return convert_any_priv_string(priv_type_text, function_priv_map);
3567}

References ACL_EXECUTE, ACL_GRANT_OPTION_FOR, and convert_any_priv_string().

Referenced by has_function_privilege_id(), has_function_privilege_id_id(), has_function_privilege_id_name(), has_function_privilege_name(), has_function_privilege_name_id(), and has_function_privilege_name_name().

◆ convert_language_name()

static Oid convert_language_name ( text languagename)
static

Definition at line 3746 of file acl.c.

3747{
3748 char *langname = text_to_cstring(languagename);
3749
3750 return get_language_oid(langname, false);
3751}
get_language_oid
Oid get_language_oid(const char *langname, bool missing_ok)
Definition: proclang.c:226

References get_language_oid(), and text_to_cstring().

Referenced by has_language_privilege_id_name(), has_language_privilege_name(), and has_language_privilege_name_name().

◆ convert_language_priv_string()

static AclMode convert_language_priv_string ( text priv_type_text)
static

Definition at line 3758 of file acl.c.

3759{
3760 static const priv_map language_priv_map[] = {
3761 {"USAGE", ACL_USAGE},
3762 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3763 {NULL, 0}
3764 };
3765
3766 return convert_any_priv_string(priv_type_text, language_priv_map);
3767}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_language_privilege_id(), has_language_privilege_id_id(), has_language_privilege_id_name(), has_language_privilege_name(), has_language_privilege_name_id(), and has_language_privilege_name_name().

◆ convert_largeobject_priv_string()

static AclMode convert_largeobject_priv_string ( text priv_type_text)
static

Definition at line 4793 of file acl.c.

4794{
4795 static const priv_map largeobject_priv_map[] = {
4796 {"SELECT", ACL_SELECT},
4797 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
4798 {"UPDATE", ACL_UPDATE},
4799 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
4800 {NULL, 0}
4801 };
4802
4803 return convert_any_priv_string(priv_type_text, largeobject_priv_map);
4804}

References ACL_GRANT_OPTION_FOR, ACL_SELECT, ACL_UPDATE, and convert_any_priv_string().

Referenced by has_largeobject_privilege_id(), has_largeobject_privilege_id_id(), and has_largeobject_privilege_name_id().

◆ convert_parameter_priv_string()

static AclMode convert_parameter_priv_string ( text priv_text)
static

Definition at line 4657 of file acl.c.

4658{
4659 static const priv_map parameter_priv_map[] = {
4660 {"SET", ACL_SET},
4661 {"SET WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SET)},
4662 {"ALTER SYSTEM", ACL_ALTER_SYSTEM},
4663 {"ALTER SYSTEM WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_ALTER_SYSTEM)},
4664 {NULL, 0}
4665 };
4666
4667 return convert_any_priv_string(priv_text, parameter_priv_map);
4668}

References ACL_ALTER_SYSTEM, ACL_GRANT_OPTION_FOR, ACL_SET, and convert_any_priv_string().

Referenced by has_parameter_privilege_id_name(), has_parameter_privilege_name(), and has_parameter_privilege_name_name().

◆ convert_role_priv_string()

static AclMode convert_role_priv_string ( text priv_type_text)
static

Definition at line 4971 of file acl.c.

4972{
4973 static const priv_map role_priv_map[] = {
4974 {"USAGE", ACL_USAGE},
4975 {"MEMBER", ACL_CREATE},
4976 {"SET", ACL_SET},
4977 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4978 {"USAGE WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4979 {"MEMBER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4980 {"MEMBER WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4981 {"SET WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4982 {"SET WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4983 {NULL, 0}
4984 };
4985
4986 return convert_any_priv_string(priv_type_text, role_priv_map);
4987}

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_SET, ACL_USAGE, and convert_any_priv_string().

Referenced by pg_has_role_id(), pg_has_role_id_id(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), and pg_has_role_name_name().

◆ convert_schema_name()

static Oid convert_schema_name ( text schemaname)
static

Definition at line 3946 of file acl.c.

3947{
3948 char *nspname = text_to_cstring(schemaname);
3949
3950 return get_namespace_oid(nspname, false);
3951}
get_namespace_oid
Oid get_namespace_oid(const char *nspname, bool missing_ok)
Definition: namespace.c:3535

References get_namespace_oid(), and text_to_cstring().

Referenced by has_schema_privilege_id_name(), has_schema_privilege_name(), and has_schema_privilege_name_name().

◆ convert_schema_priv_string()

static AclMode convert_schema_priv_string ( text priv_type_text)
static

Definition at line 3958 of file acl.c.

3959{
3960 static const priv_map schema_priv_map[] = {
3961 {"CREATE", ACL_CREATE},
3962 {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
3963 {"USAGE", ACL_USAGE},
3964 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3965 {NULL, 0}
3966 };
3967
3968 return convert_any_priv_string(priv_type_text, schema_priv_map);
3969}

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_schema_privilege_id(), has_schema_privilege_id_id(), has_schema_privilege_id_name(), has_schema_privilege_name(), has_schema_privilege_name_id(), and has_schema_privilege_name_name().

◆ convert_sequence_priv_string()

static AclMode convert_sequence_priv_string ( text priv_type_text)
static

Definition at line 2282 of file acl.c.

2283{
2284 static const priv_map sequence_priv_map[] = {
2285 {"USAGE", ACL_USAGE},
2286 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
2287 {"SELECT", ACL_SELECT},
2288 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2289 {"UPDATE", ACL_UPDATE},
2290 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2291 {NULL, 0}
2292 };
2293
2294 return convert_any_priv_string(priv_type_text, sequence_priv_map);
2295}

References ACL_GRANT_OPTION_FOR, ACL_SELECT, ACL_UPDATE, ACL_USAGE, and convert_any_priv_string().

Referenced by has_sequence_privilege_id(), has_sequence_privilege_id_id(), has_sequence_privilege_id_name(), has_sequence_privilege_name(), has_sequence_privilege_name_id(), and has_sequence_privilege_name_name().

◆ convert_server_name()

static Oid convert_server_name ( text servername)
static

Definition at line 4148 of file acl.c.

4149{
4150 char *serverstr = text_to_cstring(servername);
4151
4152 return get_foreign_server_oid(serverstr, false);
4153}
get_foreign_server_oid
Oid get_foreign_server_oid(const char *servername, bool missing_ok)
Definition: foreign.c:704

References get_foreign_server_oid(), and text_to_cstring().

Referenced by has_server_privilege_id_name(), has_server_privilege_name(), and has_server_privilege_name_name().

◆ convert_server_priv_string()

static AclMode convert_server_priv_string ( text priv_type_text)
static

Definition at line 4160 of file acl.c.

4161{
4162 static const priv_map server_priv_map[] = {
4163 {"USAGE", ACL_USAGE},
4164 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
4165 {NULL, 0}
4166 };
4167
4168 return convert_any_priv_string(priv_type_text, server_priv_map);
4169}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_server_privilege_id(), has_server_privilege_id_id(), has_server_privilege_id_name(), has_server_privilege_name(), has_server_privilege_name_id(), and has_server_privilege_name_name().

◆ convert_table_name()

static Oid convert_table_name ( text tablename)
static

Definition at line 2032 of file acl.c.

2033{
2034 RangeVar *relrv;
2035
2036 relrv = makeRangeVarFromNameList(textToQualifiedNameList(tablename));
2037
2038 /* We might not even have permissions on this relation; don't lock it. */
2039 return RangeVarGetRelid(relrv, NoLock, false);
2040}
NoLock
#define NoLock
Definition: lockdefs.h:34
makeRangeVarFromNameList
RangeVar * makeRangeVarFromNameList(const List *names)
Definition: namespace.c:3554
RangeVarGetRelid
#define RangeVarGetRelid(relation, lockmode, missing_ok)
Definition: namespace.h:80
textToQualifiedNameList
List * textToQualifiedNameList(text *textval)
Definition: varlena.c:3467

References makeRangeVarFromNameList(), NoLock, RangeVarGetRelid, and textToQualifiedNameList().

Referenced by has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), has_column_privilege_name_name_name(), has_sequence_privilege_id_name(), has_sequence_privilege_name(), has_sequence_privilege_name_name(), has_table_privilege_id_name(), has_table_privilege_name(), and has_table_privilege_name_name().

◆ convert_table_priv_string()

static AclMode convert_table_priv_string ( text priv_type_text)
static

Definition at line 2047 of file acl.c.

2048{
2049 static const priv_map table_priv_map[] = {
2050 {"SELECT", ACL_SELECT},
2051 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2052 {"INSERT", ACL_INSERT},
2053 {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2054 {"UPDATE", ACL_UPDATE},
2055 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2056 {"DELETE", ACL_DELETE},
2057 {"DELETE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_DELETE)},
2058 {"TRUNCATE", ACL_TRUNCATE},
2059 {"TRUNCATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRUNCATE)},
2060 {"REFERENCES", ACL_REFERENCES},
2061 {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2062 {"TRIGGER", ACL_TRIGGER},
2063 {"TRIGGER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRIGGER)},
2064 {"MAINTAIN", ACL_MAINTAIN},
2065 {"MAINTAIN WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_MAINTAIN)},
2066 {NULL, 0}
2067 };
2068
2069 return convert_any_priv_string(priv_type_text, table_priv_map);
2070}

References ACL_DELETE, ACL_GRANT_OPTION_FOR, ACL_INSERT, ACL_MAINTAIN, ACL_REFERENCES, ACL_SELECT, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, and convert_any_priv_string().

Referenced by has_table_privilege_id(), has_table_privilege_id_id(), has_table_privilege_id_name(), has_table_privilege_name(), has_table_privilege_name_id(), and has_table_privilege_name_name().

◆ convert_tablespace_name()

static Oid convert_tablespace_name ( text tablespacename)
static

Definition at line 4348 of file acl.c.

4349{
4350 char *spcname = text_to_cstring(tablespacename);
4351
4352 return get_tablespace_oid(spcname, false);
4353}
get_tablespace_oid
Oid get_tablespace_oid(const char *tablespacename, bool missing_ok)
Definition: tablespace.c:1426

References get_tablespace_oid(), and text_to_cstring().

Referenced by has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), and has_tablespace_privilege_name_name().

◆ convert_tablespace_priv_string()

static AclMode convert_tablespace_priv_string ( text priv_type_text)
static

Definition at line 4360 of file acl.c.

4361{
4362 static const priv_map tablespace_priv_map[] = {
4363 {"CREATE", ACL_CREATE},
4364 {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4365 {NULL, 0}
4366 };
4367
4368 return convert_any_priv_string(priv_type_text, tablespace_priv_map);
4369}

References ACL_CREATE, ACL_GRANT_OPTION_FOR, and convert_any_priv_string().

Referenced by has_tablespace_privilege_id(), has_tablespace_privilege_id_id(), has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), has_tablespace_privilege_name_id(), and has_tablespace_privilege_name_name().

◆ convert_type_name()

static Oid convert_type_name ( text typename)
static

Definition at line 4547 of file acl.c.

4548{
4549 char *typname = text_to_cstring(typename);
4550 Oid oid;
4551
4552 oid = DatumGetObjectId(DirectFunctionCall1(regtypein,
4553 CStringGetDatum(typname)));
4554
4555 if (!OidIsValid(oid))
4556 ereport(ERROR,
4557 (errcode(ERRCODE_UNDEFINED_OBJECT),
4558 errmsg("type \"%s\" does not exist", typname)));
4559
4560 return oid;
4561}
typname
NameData typname
Definition: pg_type.h:41
regtypein
Datum regtypein(PG_FUNCTION_ARGS)
Definition: regproc.c:1176

References CStringGetDatum(), DatumGetObjectId(), DirectFunctionCall1, ereport, errcode(), errmsg(), ERROR, OidIsValid, regtypein(), text_to_cstring(), and typname.

Referenced by has_type_privilege_id_name(), has_type_privilege_name(), and has_type_privilege_name_name().

◆ convert_type_priv_string()

static AclMode convert_type_priv_string ( text priv_type_text)
static

Definition at line 4568 of file acl.c.

4569{
4570 static const priv_map type_priv_map[] = {
4571 {"USAGE", ACL_USAGE},
4572 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
4573 {NULL, 0}
4574 };
4575
4576 return convert_any_priv_string(priv_type_text, type_priv_map);
4577}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_type_privilege_id(), has_type_privilege_id_id(), has_type_privilege_id_name(), has_type_privilege_name(), has_type_privilege_name_id(), and has_type_privilege_name_name().

◆ get_role_oid()

Oid get_role_oid ( const char *  rolname,
bool  missing_ok 
)

Definition at line 5536 of file acl.c.

5537{
5538 Oid oid;
5539
5540 oid = GetSysCacheOid1(AUTHNAME, Anum_pg_authid_oid,
5541 CStringGetDatum(rolname));
5542 if (!OidIsValid(oid) && !missing_ok)
5543 ereport(ERROR,
5544 (errcode(ERRCODE_UNDEFINED_OBJECT),
5545 errmsg("role \"%s\" does not exist", rolname)));
5546 return oid;
5547}
GetSysCacheOid1
#define GetSysCacheOid1(cacheId, oidcol, key1)
Definition: syscache.h:109

References CStringGetDatum(), ereport, errcode(), errmsg(), ERROR, GetSysCacheOid1, OidIsValid, and rolname.

Referenced by aclparse(), check_hba(), check_ident_usermap(), createdb(), CreateRole(), get_object_address_unqualified(), get_role_oid_or_public(), get_rolespec_oid(), GrantRole(), is_member(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), pg_has_role_name_name(), regrolein(), shell_check_detail(), and worker_spi_launch().

◆ get_role_oid_or_public()

Oid get_role_oid_or_public ( const char *  rolname)

Definition at line 5554 of file acl.c.

5555{
5556 if (strcmp(rolname, "public") == 0)
5557 return ACL_ID_PUBLIC;
5558
5559 return get_role_oid(rolname, false);
5560}

References ACL_ID_PUBLIC, get_role_oid(), and rolname.

Referenced by has_any_column_privilege_name_id(), has_any_column_privilege_name_name(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name_attnum(), has_column_privilege_name_name_name(), has_database_privilege_name_id(), has_database_privilege_name_name(), has_foreign_data_wrapper_privilege_name_id(), has_foreign_data_wrapper_privilege_name_name(), has_function_privilege_name_id(), has_function_privilege_name_name(), has_language_privilege_name_id(), has_language_privilege_name_name(), has_largeobject_privilege_name_id(), has_parameter_privilege_name_name(), has_schema_privilege_name_id(), has_schema_privilege_name_name(), has_sequence_privilege_name_id(), has_sequence_privilege_name_name(), has_server_privilege_name_id(), has_server_privilege_name_name(), has_table_privilege_name_id(), has_table_privilege_name_name(), has_tablespace_privilege_name_id(), has_tablespace_privilege_name_name(), has_type_privilege_name_id(), and has_type_privilege_name_name().

◆ get_rolespec_name()

char * get_rolespec_name ( const RoleSpec role)

Definition at line 5655 of file acl.c.

5656{
5657 HeapTuple tp;
5658 Form_pg_authid authForm;
5659 char *rolename;
5660
5661 tp = get_rolespec_tuple(role);
5662 authForm = (Form_pg_authid) GETSTRUCT(tp);
5663 rolename = pstrdup(NameStr(authForm->rolname));
5664 ReleaseSysCache(tp);
5665
5666 return rolename;
5667}
get_rolespec_tuple
HeapTuple get_rolespec_tuple(const RoleSpec *role)
Definition: acl.c:5609
pstrdup
char * pstrdup(const char *in)
Definition: mcxt.c:2321

References get_rolespec_tuple(), GETSTRUCT(), NameStr, pstrdup(), and ReleaseSysCache().

Referenced by AddRoleMems(), and DelRoleMems().

◆ get_rolespec_oid()

Oid get_rolespec_oid ( const RoleSpec role,
bool  missing_ok 
)

Definition at line 5570 of file acl.c.

5571{
5572 Oid oid;
5573
5574 switch (role->roletype)
5575 {
5576 case ROLESPEC_CSTRING:
5577 Assert(role->rolename);
5578 oid = get_role_oid(role->rolename, missing_ok);
5579 break;
5580
5581 case ROLESPEC_CURRENT_ROLE:
5582 case ROLESPEC_CURRENT_USER:
5583 oid = GetUserId();
5584 break;
5585
5586 case ROLESPEC_SESSION_USER:
5587 oid = GetSessionUserId();
5588 break;
5589
5590 case ROLESPEC_PUBLIC:
5591 ereport(ERROR,
5592 (errcode(ERRCODE_UNDEFINED_OBJECT),
5593 errmsg("role \"%s\" does not exist", "public")));
5594 oid = InvalidOid; /* make compiler happy */
5595 break;
5596
5597 default:
5598 elog(ERROR, "unexpected role type %d", role->roletype);
5599 }
5600
5601 return oid;
5602}
GetUserId
Oid GetUserId(void)
Definition: miscinit.c:520
GetSessionUserId
Oid GetSessionUserId(void)
Definition: miscinit.c:559
ROLESPEC_CURRENT_USER
@ ROLESPEC_CURRENT_USER
Definition: parsenodes.h:407
ROLESPEC_SESSION_USER
@ ROLESPEC_SESSION_USER
Definition: parsenodes.h:408
ROLESPEC_CURRENT_ROLE
@ ROLESPEC_CURRENT_ROLE
Definition: parsenodes.h:406
ROLESPEC_PUBLIC
@ ROLESPEC_PUBLIC
Definition: parsenodes.h:409
InvalidOid
#define InvalidOid
Definition: postgres_ext.h:35

References Assert(), elog, ereport, errcode(), errmsg(), ERROR, get_role_oid(), GetSessionUserId(), GetUserId(), InvalidOid, RoleSpec::rolename, ROLESPEC_CSTRING, ROLESPEC_CURRENT_ROLE, ROLESPEC_CURRENT_USER, ROLESPEC_PUBLIC, ROLESPEC_SESSION_USER, and RoleSpec::roletype.

Referenced by AlterUserMapping(), ATExecCmd(), CreateSchemaCommand(), CreateTableSpace(), CreateUserMapping(), ExecAlterDefaultPrivilegesStmt(), ExecAlterOwnerStmt(), ExecuteGrantStmt(), GrantRole(), policy_role_list_to_array(), ReassignOwnedObjects(), RemoveUserMapping(), and roleSpecsToIds().

◆ get_rolespec_tuple()

HeapTuple get_rolespec_tuple ( const RoleSpec role)

Definition at line 5609 of file acl.c.

5610{
5611 HeapTuple tuple;
5612
5613 switch (role->roletype)
5614 {
5615 case ROLESPEC_CSTRING:
5616 Assert(role->rolename);
5617 tuple = SearchSysCache1(AUTHNAME, CStringGetDatum(role->rolename));
5618 if (!HeapTupleIsValid(tuple))
5619 ereport(ERROR,
5620 (errcode(ERRCODE_UNDEFINED_OBJECT),
5621 errmsg("role \"%s\" does not exist", role->rolename)));
5622 break;
5623
5624 case ROLESPEC_CURRENT_ROLE:
5625 case ROLESPEC_CURRENT_USER:
5626 tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(GetUserId()));
5627 if (!HeapTupleIsValid(tuple))
5628 elog(ERROR, "cache lookup failed for role %u", GetUserId());
5629 break;
5630
5631 case ROLESPEC_SESSION_USER:
5632 tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(GetSessionUserId()));
5633 if (!HeapTupleIsValid(tuple))
5634 elog(ERROR, "cache lookup failed for role %u", GetSessionUserId());
5635 break;
5636
5637 case ROLESPEC_PUBLIC:
5638 ereport(ERROR,
5639 (errcode(ERRCODE_UNDEFINED_OBJECT),
5640 errmsg("role \"%s\" does not exist", "public")));
5641 tuple = NULL; /* make compiler happy */
5642 break;
5643
5644 default:
5645 elog(ERROR, "unexpected role type %d", role->roletype);
5646 }
5647
5648 return tuple;
5649}

References Assert(), CStringGetDatum(), elog, ereport, errcode(), errmsg(), ERROR, GetSessionUserId(), GetUserId(), HeapTupleIsValid, ObjectIdGetDatum(), RoleSpec::rolename, ROLESPEC_CSTRING, ROLESPEC_CURRENT_ROLE, ROLESPEC_CURRENT_USER, ROLESPEC_PUBLIC, ROLESPEC_SESSION_USER, RoleSpec::roletype, and SearchSysCache1().

Referenced by AlterRole(), AlterRoleSet(), CreateRole(), and get_rolespec_name().

◆ getid()

static const char * getid ( const char *  s,
char *  n,
Node escontext 
)
static

Definition at line 153 of file acl.c.

154{
155 int len = 0;
156 bool in_quotes = false;
157
158 Assert(s && n);
159
160 while (isspace((unsigned char) *s))
161 s++;
162 /* This code had better match what putid() does, below */
163 for (;
164 *s != '\0' &&
165 (isalnum((unsigned char) *s) ||
166 *s == '_' ||
167 *s == '"' ||
168 in_quotes);
169 s++)
170 {
171 if (*s == '"')
172 {
173 /* safe to look at next char (could be '\0' though) */
174 if (*(s + 1) != '"')
175 {
176 in_quotes = !in_quotes;
177 continue;
178 }
179 /* it's an escaped double quote; skip the escaping char */
180 s++;
181 }
182
183 /* Add the character to the string */
184 if (len >= NAMEDATALEN - 1)
185 ereturn(escontext, NULL,
186 (errcode(ERRCODE_NAME_TOO_LONG),
187 errmsg("identifier too long"),
188 errdetail("Identifier must be less than %d characters.",
189 NAMEDATALEN)));
190
191 n[len++] = *s;
192 }
193 n[len] = '\0';
194 while (isspace((unsigned char) *s))
195 s++;
196 return s;
197}
errdetail
int errdetail(const char *fmt,...)
Definition: elog.c:1204
len
const void size_t len
Definition: pg_crc32c_sse42.c:28

References Assert(), ereturn, errcode(), errdetail(), errmsg(), len, and NAMEDATALEN.

Referenced by aclparse().

◆ has_any_column_privilege_id()

Datum has_any_column_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 2408 of file acl.c.

2409{
2410 Oid tableoid = PG_GETARG_OID(0);
2411 text *priv_type_text = PG_GETARG_TEXT_PP(1);
2412 Oid roleid;
2413 AclMode mode;
2414 AclResult aclresult;
2415 bool is_missing = false;
2416
2417 roleid = GetUserId();
2418 mode = convert_column_priv_string(priv_type_text);
2419
2420 /* First check at table level, then examine each column if needed */
2421 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2422 if (aclresult != ACLCHECK_OK)
2423 {
2424 if (is_missing)
2425 PG_RETURN_NULL();
2426 aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
2427 ACLMASK_ANY, &is_missing);
2428 if (is_missing)
2429 PG_RETURN_NULL();
2430 }
2431
2432 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2433}
convert_column_priv_string
static AclMode convert_column_priv_string(text *priv_type_text)
Definition: acl.c:2937
ACLMASK_ANY
@ ACLMASK_ANY
Definition: acl.h:177
pg_attribute_aclcheck_all_ext
AclResult pg_attribute_aclcheck_all_ext(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:3906
PG_GETARG_TEXT_PP
#define PG_GETARG_TEXT_PP(n)
Definition: fmgr.h:309
varlena
Definition: c.h:658

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), GetUserId(), mode, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_any_column_privilege_id_id()

Datum has_any_column_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 2468 of file acl.c.

2469{
2470 Oid roleid = PG_GETARG_OID(0);
2471 Oid tableoid = PG_GETARG_OID(1);
2472 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2473 AclMode mode;
2474 AclResult aclresult;
2475 bool is_missing = false;
2476
2477 mode = convert_column_priv_string(priv_type_text);
2478
2479 /* First check at table level, then examine each column if needed */
2480 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2481 if (aclresult != ACLCHECK_OK)
2482 {
2483 if (is_missing)
2484 PG_RETURN_NULL();
2485 aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
2486 ACLMASK_ANY, &is_missing);
2487 if (is_missing)
2488 PG_RETURN_NULL();
2489 }
2490
2491 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2492}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), mode, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_any_column_privilege_id_name()

Datum has_any_column_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2441 of file acl.c.

2442{
2443 Oid roleid = PG_GETARG_OID(0);
2444 text *tablename = PG_GETARG_TEXT_PP(1);
2445 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2446 Oid tableoid;
2447 AclMode mode;
2448 AclResult aclresult;
2449
2450 tableoid = convert_table_name(tablename);
2451 mode = convert_column_priv_string(priv_type_text);
2452
2453 /* First check at table level, then examine each column if needed */
2454 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2455 if (aclresult != ACLCHECK_OK)
2456 aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2457 ACLMASK_ANY);
2458
2459 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2460}
convert_table_name
static Oid convert_table_name(text *tablename)
Definition: acl.c:2032
pg_attribute_aclcheck_all
AclResult pg_attribute_aclcheck_all(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
Definition: aclchk.c:3895
pg_class_aclcheck
AclResult pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode)
Definition: aclchk.c:4024

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), mode, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_any_column_privilege_name()

Datum has_any_column_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 2345 of file acl.c.

2346{
2347 text *tablename = PG_GETARG_TEXT_PP(0);
2348 text *priv_type_text = PG_GETARG_TEXT_PP(1);
2349 Oid roleid;
2350 Oid tableoid;
2351 AclMode mode;
2352 AclResult aclresult;
2353
2354 roleid = GetUserId();
2355 tableoid = convert_table_name(tablename);
2356 mode = convert_column_priv_string(priv_type_text);
2357
2358 /* First check at table level, then examine each column if needed */
2359 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2360 if (aclresult != ACLCHECK_OK)
2361 aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2362 ACLMASK_ANY);
2363
2364 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2365}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), GetUserId(), mode, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_any_column_privilege_name_id()

Datum has_any_column_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 2373 of file acl.c.

2374{
2375 Name username = PG_GETARG_NAME(0);
2376 Oid tableoid = PG_GETARG_OID(1);
2377 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2378 Oid roleid;
2379 AclMode mode;
2380 AclResult aclresult;
2381 bool is_missing = false;
2382
2383 roleid = get_role_oid_or_public(NameStr(*username));
2384 mode = convert_column_priv_string(priv_type_text);
2385
2386 /* First check at table level, then examine each column if needed */
2387 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2388 if (aclresult != ACLCHECK_OK)
2389 {
2390 if (is_missing)
2391 PG_RETURN_NULL();
2392 aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
2393 ACLMASK_ANY, &is_missing);
2394 if (is_missing)
2395 PG_RETURN_NULL();
2396 }
2397
2398 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2399}
get_role_oid_or_public
Oid get_role_oid_or_public(const char *rolname)
Definition: acl.c:5554
PG_GETARG_NAME
#define PG_GETARG_NAME(n)
Definition: fmgr.h:278
username
static char * username
Definition: initdb.c:153
nameData
Definition: c.h:712

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), get_role_oid_or_public(), mode, NameStr, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_any_column_privilege_name_name()

Datum has_any_column_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2315 of file acl.c.

2316{
2317 Name rolename = PG_GETARG_NAME(0);
2318 text *tablename = PG_GETARG_TEXT_PP(1);
2319 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2320 Oid roleid;
2321 Oid tableoid;
2322 AclMode mode;
2323 AclResult aclresult;
2324
2325 roleid = get_role_oid_or_public(NameStr(*rolename));
2326 tableoid = convert_table_name(tablename);
2327 mode = convert_column_priv_string(priv_type_text);
2328
2329 /* First check at table level, then examine each column if needed */
2330 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2331 if (aclresult != ACLCHECK_OK)
2332 aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2333 ACLMASK_ANY);
2334
2335 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2336}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), get_role_oid_or_public(), mode, NameStr, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_column_privilege_id_attnum()

Datum has_column_privilege_id_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2851 of file acl.c.

2852{
2853 Oid tableoid = PG_GETARG_OID(0);
2854 AttrNumber colattnum = PG_GETARG_INT16(1);
2855 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2856 Oid roleid;
2857 AclMode mode;
2858 int privresult;
2859
2860 roleid = GetUserId();
2861 mode = convert_column_priv_string(priv_type_text);
2862
2863 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2864 if (privresult < 0)
2865 PG_RETURN_NULL();
2866 PG_RETURN_BOOL(privresult);
2867}
column_privilege_check
static int column_privilege_check(Oid tableoid, AttrNumber attnum, Oid roleid, AclMode mode)
Definition: acl.c:2519
PG_GETARG_INT16
#define PG_GETARG_INT16(n)
Definition: fmgr.h:271

References column_privilege_check(), convert_column_priv_string(), GetUserId(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_id_attnum()

Datum has_column_privilege_id_id_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2744 of file acl.c.

2745{
2746 Oid roleid = PG_GETARG_OID(0);
2747 Oid tableoid = PG_GETARG_OID(1);
2748 AttrNumber colattnum = PG_GETARG_INT16(2);
2749 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2750 AclMode mode;
2751 int privresult;
2752
2753 mode = convert_column_priv_string(priv_type_text);
2754
2755 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2756 if (privresult < 0)
2757 PG_RETURN_NULL();
2758 PG_RETURN_BOOL(privresult);
2759}

References column_privilege_check(), convert_column_priv_string(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_id_name()

Datum has_column_privilege_id_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2719 of file acl.c.

2720{
2721 Oid roleid = PG_GETARG_OID(0);
2722 Oid tableoid = PG_GETARG_OID(1);
2723 text *column = PG_GETARG_TEXT_PP(2);
2724 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2725 AttrNumber colattnum;
2726 AclMode mode;
2727 int privresult;
2728
2729 colattnum = convert_column_name(tableoid, column);
2730 mode = convert_column_priv_string(priv_type_text);
2731
2732 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2733 if (privresult < 0)
2734 PG_RETURN_NULL();
2735 PG_RETURN_BOOL(privresult);
2736}
convert_column_name
static AttrNumber convert_column_name(Oid tableoid, text *column)
Definition: acl.c:2879

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name()

Datum has_column_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2824 of file acl.c.

2825{
2826 Oid tableoid = PG_GETARG_OID(0);
2827 text *column = PG_GETARG_TEXT_PP(1);
2828 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2829 Oid roleid;
2830 AttrNumber colattnum;
2831 AclMode mode;
2832 int privresult;
2833
2834 roleid = GetUserId();
2835 colattnum = convert_column_name(tableoid, column);
2836 mode = convert_column_priv_string(priv_type_text);
2837
2838 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2839 if (privresult < 0)
2840 PG_RETURN_NULL();
2841 PG_RETURN_BOOL(privresult);
2842}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), GetUserId(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name_attnum()

Datum has_column_privilege_id_name_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2694 of file acl.c.

2695{
2696 Oid roleid = PG_GETARG_OID(0);
2697 text *tablename = PG_GETARG_TEXT_PP(1);
2698 AttrNumber colattnum = PG_GETARG_INT16(2);
2699 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2700 Oid tableoid;
2701 AclMode mode;
2702 int privresult;
2703
2704 tableoid = convert_table_name(tablename);
2705 mode = convert_column_priv_string(priv_type_text);
2706
2707 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2708 if (privresult < 0)
2709 PG_RETURN_NULL();
2710 PG_RETURN_BOOL(privresult);
2711}

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name_name()

Datum has_column_privilege_id_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2667 of file acl.c.

2668{
2669 Oid roleid = PG_GETARG_OID(0);
2670 text *tablename = PG_GETARG_TEXT_PP(1);
2671 text *column = PG_GETARG_TEXT_PP(2);
2672 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2673 Oid tableoid;
2674 AttrNumber colattnum;
2675 AclMode mode;
2676 int privresult;
2677
2678 tableoid = convert_table_name(tablename);
2679 colattnum = convert_column_name(tableoid, column);
2680 mode = convert_column_priv_string(priv_type_text);
2681
2682 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2683 if (privresult < 0)
2684 PG_RETURN_NULL();
2685 PG_RETURN_BOOL(privresult);
2686}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_attnum()

Datum has_column_privilege_name_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2797 of file acl.c.

2798{
2799 text *tablename = PG_GETARG_TEXT_PP(0);
2800 AttrNumber colattnum = PG_GETARG_INT16(1);
2801 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2802 Oid roleid;
2803 Oid tableoid;
2804 AclMode mode;
2805 int privresult;
2806
2807 roleid = GetUserId();
2808 tableoid = convert_table_name(tablename);
2809 mode = convert_column_priv_string(priv_type_text);
2810
2811 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2812 if (privresult < 0)
2813 PG_RETURN_NULL();
2814 PG_RETURN_BOOL(privresult);
2815}

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), GetUserId(), mode, PG_GETARG_INT16, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_id_attnum()

Datum has_column_privilege_name_id_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2642 of file acl.c.

2643{
2644 Name username = PG_GETARG_NAME(0);
2645 Oid tableoid = PG_GETARG_OID(1);
2646 AttrNumber colattnum = PG_GETARG_INT16(2);
2647 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2648 Oid roleid;
2649 AclMode mode;
2650 int privresult;
2651
2652 roleid = get_role_oid_or_public(NameStr(*username));
2653 mode = convert_column_priv_string(priv_type_text);
2654
2655 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2656 if (privresult < 0)
2657 PG_RETURN_NULL();
2658 PG_RETURN_BOOL(privresult);
2659}

References column_privilege_check(), convert_column_priv_string(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_INT16, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_column_privilege_name_id_name()

Datum has_column_privilege_name_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2615 of file acl.c.

2616{
2617 Name username = PG_GETARG_NAME(0);
2618 Oid tableoid = PG_GETARG_OID(1);
2619 text *column = PG_GETARG_TEXT_PP(2);
2620 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2621 Oid roleid;
2622 AttrNumber colattnum;
2623 AclMode mode;
2624 int privresult;
2625
2626 roleid = get_role_oid_or_public(NameStr(*username));
2627 colattnum = convert_column_name(tableoid, column);
2628 mode = convert_column_priv_string(priv_type_text);
2629
2630 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2631 if (privresult < 0)
2632 PG_RETURN_NULL();
2633 PG_RETURN_BOOL(privresult);
2634}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_column_privilege_name_name()

Datum has_column_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2768 of file acl.c.

2769{
2770 text *tablename = PG_GETARG_TEXT_PP(0);
2771 text *column = PG_GETARG_TEXT_PP(1);
2772 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2773 Oid roleid;
2774 Oid tableoid;
2775 AttrNumber colattnum;
2776 AclMode mode;
2777 int privresult;
2778
2779 roleid = GetUserId();
2780 tableoid = convert_table_name(tablename);
2781 colattnum = convert_column_name(tableoid, column);
2782 mode = convert_column_priv_string(priv_type_text);
2783
2784 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2785 if (privresult < 0)
2786 PG_RETURN_NULL();
2787 PG_RETURN_BOOL(privresult);
2788}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), GetUserId(), mode, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_name_attnum()

Datum has_column_privilege_name_name_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2588 of file acl.c.

2589{
2590 Name rolename = PG_GETARG_NAME(0);
2591 text *tablename = PG_GETARG_TEXT_PP(1);
2592 AttrNumber colattnum = PG_GETARG_INT16(2);
2593 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2594 Oid roleid;
2595 Oid tableoid;
2596 AclMode mode;
2597 int privresult;
2598
2599 roleid = get_role_oid_or_public(NameStr(*rolename));
2600 tableoid = convert_table_name(tablename);
2601 mode = convert_column_priv_string(priv_type_text);
2602
2603 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2604 if (privresult < 0)
2605 PG_RETURN_NULL();
2606 PG_RETURN_BOOL(privresult);
2607}

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_INT16, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_name_name()

Datum has_column_privilege_name_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2559 of file acl.c.

2560{
2561 Name rolename = PG_GETARG_NAME(0);
2562 text *tablename = PG_GETARG_TEXT_PP(1);
2563 text *column = PG_GETARG_TEXT_PP(2);
2564 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2565 Oid roleid;
2566 Oid tableoid;
2567 AttrNumber colattnum;
2568 AclMode mode;
2569 int privresult;
2570
2571 roleid = get_role_oid_or_public(NameStr(*rolename));
2572 tableoid = convert_table_name(tablename);
2573 colattnum = convert_column_name(tableoid, column);
2574 mode = convert_column_priv_string(priv_type_text);
2575
2576 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2577 if (privresult < 0)
2578 PG_RETURN_NULL();
2579 PG_RETURN_BOOL(privresult);
2580}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id()

Datum has_database_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3051 of file acl.c.

3052{
3053 Oid databaseoid = PG_GETARG_OID(0);
3054 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3055 Oid roleid;
3056 AclMode mode;
3057 AclResult aclresult;
3058 bool is_missing = false;
3059
3060 roleid = GetUserId();
3061 mode = convert_database_priv_string(priv_type_text);
3062
3063 aclresult = object_aclcheck_ext(DatabaseRelationId, databaseoid,
3064 roleid, mode,
3065 &is_missing);
3066
3067 if (is_missing)
3068 PG_RETURN_NULL();
3069
3070 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3071}
convert_database_priv_string
static AclMode convert_database_priv_string(text *priv_type_text)
Definition: acl.c:3143
object_aclcheck_ext
AclResult object_aclcheck_ext(Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)
Definition: aclchk.c:3831

References ACLCHECK_OK, convert_database_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id_id()

Datum has_database_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3102 of file acl.c.

3103{
3104 Oid roleid = PG_GETARG_OID(0);
3105 Oid databaseoid = PG_GETARG_OID(1);
3106 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3107 AclMode mode;
3108 AclResult aclresult;
3109 bool is_missing = false;
3110
3111 mode = convert_database_priv_string(priv_type_text);
3112
3113 aclresult = object_aclcheck_ext(DatabaseRelationId, databaseoid,
3114 roleid, mode,
3115 &is_missing);
3116
3117 if (is_missing)
3118 PG_RETURN_NULL();
3119
3120 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3121}

References ACLCHECK_OK, convert_database_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id_name()

Datum has_database_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3079 of file acl.c.

3080{
3081 Oid roleid = PG_GETARG_OID(0);
3082 text *databasename = PG_GETARG_TEXT_PP(1);
3083 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3084 Oid databaseoid;
3085 AclMode mode;
3086 AclResult aclresult;
3087
3088 databaseoid = convert_database_name(databasename);
3089 mode = convert_database_priv_string(priv_type_text);
3090
3091 aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
3092
3093 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3094}
convert_database_name
static Oid convert_database_name(text *databasename)
Definition: acl.c:3131
object_aclcheck
AclResult object_aclcheck(Oid classid, Oid objectid, Oid roleid, AclMode mode)
Definition: aclchk.c:3821

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_database_privilege_name()

Datum has_database_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 2997 of file acl.c.

2998{
2999 text *databasename = PG_GETARG_TEXT_PP(0);
3000 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3001 Oid roleid;
3002 Oid databaseoid;
3003 AclMode mode;
3004 AclResult aclresult;
3005
3006 roleid = GetUserId();
3007 databaseoid = convert_database_name(databasename);
3008 mode = convert_database_priv_string(priv_type_text);
3009
3010 aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
3011
3012 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3013}

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_database_privilege_name_id()

Datum has_database_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3021 of file acl.c.

3022{
3023 Name username = PG_GETARG_NAME(0);
3024 Oid databaseoid = PG_GETARG_OID(1);
3025 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3026 Oid roleid;
3027 AclMode mode;
3028 AclResult aclresult;
3029 bool is_missing = false;
3030
3031 roleid = get_role_oid_or_public(NameStr(*username));
3032 mode = convert_database_priv_string(priv_type_text);
3033
3034 aclresult = object_aclcheck_ext(DatabaseRelationId, databaseoid,
3035 roleid, mode,
3036 &is_missing);
3037
3038 if (is_missing)
3039 PG_RETURN_NULL();
3040
3041 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3042}

References ACLCHECK_OK, convert_database_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_database_privilege_name_name()

Datum has_database_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2971 of file acl.c.

2972{
2973 Name username = PG_GETARG_NAME(0);
2974 text *databasename = PG_GETARG_TEXT_PP(1);
2975 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2976 Oid roleid;
2977 Oid databaseoid;
2978 AclMode mode;
2979 AclResult aclresult;
2980
2981 roleid = get_role_oid_or_public(NameStr(*username));
2982 databaseoid = convert_database_name(databasename);
2983 mode = convert_database_priv_string(priv_type_text);
2984
2985 aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
2986
2987 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2988}

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_foreign_data_wrapper_privilege_id()

Datum has_foreign_data_wrapper_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3257 of file acl.c.

3258{
3259 Oid fdwid = PG_GETARG_OID(0);
3260 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3261 Oid roleid;
3262 AclMode mode;
3263 AclResult aclresult;
3264 bool is_missing = false;
3265
3266 roleid = GetUserId();
3267 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3268
3269 aclresult = object_aclcheck_ext(ForeignDataWrapperRelationId, fdwid,
3270 roleid, mode,
3271 &is_missing);
3272
3273 if (is_missing)
3274 PG_RETURN_NULL();
3275
3276 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3277}
convert_foreign_data_wrapper_priv_string
static AclMode convert_foreign_data_wrapper_priv_string(text *priv_type_text)
Definition: acl.c:3349

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_foreign_data_wrapper_privilege_id_id()

Datum has_foreign_data_wrapper_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3308 of file acl.c.

3309{
3310 Oid roleid = PG_GETARG_OID(0);
3311 Oid fdwid = PG_GETARG_OID(1);
3312 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3313 AclMode mode;
3314 AclResult aclresult;
3315 bool is_missing = false;
3316
3317 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3318
3319 aclresult = object_aclcheck_ext(ForeignDataWrapperRelationId, fdwid,
3320 roleid, mode,
3321 &is_missing);
3322
3323 if (is_missing)
3324 PG_RETURN_NULL();
3325
3326 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3327}

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_foreign_data_wrapper_privilege_id_name()

Datum has_foreign_data_wrapper_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3285 of file acl.c.

3286{
3287 Oid roleid = PG_GETARG_OID(0);
3288 text *fdwname = PG_GETARG_TEXT_PP(1);
3289 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3290 Oid fdwid;
3291 AclMode mode;
3292 AclResult aclresult;
3293
3294 fdwid = convert_foreign_data_wrapper_name(fdwname);
3295 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3296
3297 aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
3298
3299 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3300}
convert_foreign_data_wrapper_name
static Oid convert_foreign_data_wrapper_name(text *fdwname)
Definition: acl.c:3337

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_foreign_data_wrapper_privilege_name()

Datum has_foreign_data_wrapper_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3203 of file acl.c.

3204{
3205 text *fdwname = PG_GETARG_TEXT_PP(0);
3206 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3207 Oid roleid;
3208 Oid fdwid;
3209 AclMode mode;
3210 AclResult aclresult;
3211
3212 roleid = GetUserId();
3213 fdwid = convert_foreign_data_wrapper_name(fdwname);
3214 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3215
3216 aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
3217
3218 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3219}

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_foreign_data_wrapper_privilege_name_id()

Datum has_foreign_data_wrapper_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3227 of file acl.c.

3228{
3229 Name username = PG_GETARG_NAME(0);
3230 Oid fdwid = PG_GETARG_OID(1);
3231 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3232 Oid roleid;
3233 AclMode mode;
3234 AclResult aclresult;
3235 bool is_missing = false;
3236
3237 roleid = get_role_oid_or_public(NameStr(*username));
3238 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3239
3240 aclresult = object_aclcheck_ext(ForeignDataWrapperRelationId, fdwid,
3241 roleid, mode,
3242 &is_missing);
3243
3244 if (is_missing)
3245 PG_RETURN_NULL();
3246
3247 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3248}

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_foreign_data_wrapper_privilege_name_name()

Datum has_foreign_data_wrapper_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3177 of file acl.c.

3178{
3179 Name username = PG_GETARG_NAME(0);
3180 text *fdwname = PG_GETARG_TEXT_PP(1);
3181 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3182 Oid roleid;
3183 Oid fdwid;
3184 AclMode mode;
3185 AclResult aclresult;
3186
3187 roleid = get_role_oid_or_public(NameStr(*username));
3188 fdwid = convert_foreign_data_wrapper_name(fdwname);
3189 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3190
3191 aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
3192
3193 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3194}

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_function_privilege_id()

Datum has_function_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3457 of file acl.c.

3458{
3459 Oid functionoid = PG_GETARG_OID(0);
3460 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3461 Oid roleid;
3462 AclMode mode;
3463 AclResult aclresult;
3464 bool is_missing = false;
3465
3466 roleid = GetUserId();
3467 mode = convert_function_priv_string(priv_type_text);
3468
3469 aclresult = object_aclcheck_ext(ProcedureRelationId, functionoid,
3470 roleid, mode,
3471 &is_missing);
3472
3473 if (is_missing)
3474 PG_RETURN_NULL();
3475
3476 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3477}
convert_function_priv_string
static AclMode convert_function_priv_string(text *priv_type_text)
Definition: acl.c:3558

References ACLCHECK_OK, convert_function_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_function_privilege_id_id()

Datum has_function_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3508 of file acl.c.

3509{
3510 Oid roleid = PG_GETARG_OID(0);
3511 Oid functionoid = PG_GETARG_OID(1);
3512 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3513 AclMode mode;
3514 AclResult aclresult;
3515 bool is_missing = false;
3516
3517 mode = convert_function_priv_string(priv_type_text);
3518
3519 aclresult = object_aclcheck_ext(ProcedureRelationId, functionoid,
3520 roleid, mode,
3521 &is_missing);
3522
3523 if (is_missing)
3524 PG_RETURN_NULL();
3525
3526 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3527}

References ACLCHECK_OK, convert_function_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_function_privilege_id_name()

Datum has_function_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3485 of file acl.c.

3486{
3487 Oid roleid = PG_GETARG_OID(0);
3488 text *functionname = PG_GETARG_TEXT_PP(1);
3489 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3490 Oid functionoid;
3491 AclMode mode;
3492 AclResult aclresult;
3493
3494 functionoid = convert_function_name(functionname);
3495 mode = convert_function_priv_string(priv_type_text);
3496
3497 aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
3498
3499 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3500}
convert_function_name
static Oid convert_function_name(text *functionname)
Definition: acl.c:3537

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_function_privilege_name()

Datum has_function_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3403 of file acl.c.

3404{
3405 text *functionname = PG_GETARG_TEXT_PP(0);
3406 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3407 Oid roleid;
3408 Oid functionoid;
3409 AclMode mode;
3410 AclResult aclresult;
3411
3412 roleid = GetUserId();
3413 functionoid = convert_function_name(functionname);
3414 mode = convert_function_priv_string(priv_type_text);
3415
3416 aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
3417
3418 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3419}

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_function_privilege_name_id()

Datum has_function_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3427 of file acl.c.

3428{
3429 Name username = PG_GETARG_NAME(0);
3430 Oid functionoid = PG_GETARG_OID(1);
3431 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3432 Oid roleid;
3433 AclMode mode;
3434 AclResult aclresult;
3435 bool is_missing = false;
3436
3437 roleid = get_role_oid_or_public(NameStr(*username));
3438 mode = convert_function_priv_string(priv_type_text);
3439
3440 aclresult = object_aclcheck_ext(ProcedureRelationId, functionoid,
3441 roleid, mode,
3442 &is_missing);
3443
3444 if (is_missing)
3445 PG_RETURN_NULL();
3446
3447 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3448}

References ACLCHECK_OK, convert_function_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_function_privilege_name_name()

Datum has_function_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3377 of file acl.c.

3378{
3379 Name username = PG_GETARG_NAME(0);
3380 text *functionname = PG_GETARG_TEXT_PP(1);
3381 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3382 Oid roleid;
3383 Oid functionoid;
3384 AclMode mode;
3385 AclResult aclresult;
3386
3387 roleid = get_role_oid_or_public(NameStr(*username));
3388 functionoid = convert_function_name(functionname);
3389 mode = convert_function_priv_string(priv_type_text);
3390
3391 aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
3392
3393 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3394}

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_language_privilege_id()

Datum has_language_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3666 of file acl.c.

3667{
3668 Oid languageoid = PG_GETARG_OID(0);
3669 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3670 Oid roleid;
3671 AclMode mode;
3672 AclResult aclresult;
3673 bool is_missing = false;
3674
3675 roleid = GetUserId();
3676 mode = convert_language_priv_string(priv_type_text);
3677
3678 aclresult = object_aclcheck_ext(LanguageRelationId, languageoid,
3679 roleid, mode,
3680 &is_missing);
3681
3682 if (is_missing)
3683 PG_RETURN_NULL();
3684
3685 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3686}
convert_language_priv_string
static AclMode convert_language_priv_string(text *priv_type_text)
Definition: acl.c:3758

References ACLCHECK_OK, convert_language_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_language_privilege_id_id()

Datum has_language_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3717 of file acl.c.

3718{
3719 Oid roleid = PG_GETARG_OID(0);
3720 Oid languageoid = PG_GETARG_OID(1);
3721 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3722 AclMode mode;
3723 AclResult aclresult;
3724 bool is_missing = false;
3725
3726 mode = convert_language_priv_string(priv_type_text);
3727
3728 aclresult = object_aclcheck_ext(LanguageRelationId, languageoid,
3729 roleid, mode,
3730 &is_missing);
3731
3732 if (is_missing)
3733 PG_RETURN_NULL();
3734
3735 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3736}

References ACLCHECK_OK, convert_language_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_language_privilege_id_name()

Datum has_language_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3694 of file acl.c.

3695{
3696 Oid roleid = PG_GETARG_OID(0);
3697 text *languagename = PG_GETARG_TEXT_PP(1);
3698 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3699 Oid languageoid;
3700 AclMode mode;
3701 AclResult aclresult;
3702
3703 languageoid = convert_language_name(languagename);
3704 mode = convert_language_priv_string(priv_type_text);
3705
3706 aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
3707
3708 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3709}
convert_language_name
static Oid convert_language_name(text *languagename)
Definition: acl.c:3746

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_language_privilege_name()

Datum has_language_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3612 of file acl.c.

3613{
3614 text *languagename = PG_GETARG_TEXT_PP(0);
3615 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3616 Oid roleid;
3617 Oid languageoid;
3618 AclMode mode;
3619 AclResult aclresult;
3620
3621 roleid = GetUserId();
3622 languageoid = convert_language_name(languagename);
3623 mode = convert_language_priv_string(priv_type_text);
3624
3625 aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
3626
3627 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3628}

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_language_privilege_name_id()

Datum has_language_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3636 of file acl.c.

3637{
3638 Name username = PG_GETARG_NAME(0);
3639 Oid languageoid = PG_GETARG_OID(1);
3640 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3641 Oid roleid;
3642 AclMode mode;
3643 AclResult aclresult;
3644 bool is_missing = false;
3645
3646 roleid = get_role_oid_or_public(NameStr(*username));
3647 mode = convert_language_priv_string(priv_type_text);
3648
3649 aclresult = object_aclcheck_ext(LanguageRelationId, languageoid,
3650 roleid, mode,
3651 &is_missing);
3652
3653 if (is_missing)
3654 PG_RETURN_NULL();
3655
3656 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3657}

References ACLCHECK_OK, convert_language_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_language_privilege_name_name()

Datum has_language_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3586 of file acl.c.

3587{
3588 Name username = PG_GETARG_NAME(0);
3589 text *languagename = PG_GETARG_TEXT_PP(1);
3590 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3591 Oid roleid;
3592 Oid languageoid;
3593 AclMode mode;
3594 AclResult aclresult;
3595
3596 roleid = get_role_oid_or_public(NameStr(*username));
3597 languageoid = convert_language_name(languagename);
3598 mode = convert_language_priv_string(priv_type_text);
3599
3600 aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
3601
3602 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3603}

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_largeobject_privilege_id()

Datum has_largeobject_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4746 of file acl.c.

4747{
4748 Oid lobjId = PG_GETARG_OID(0);
4749 Oid roleid = GetUserId();
4750 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4751 AclMode mode;
4752 bool is_missing = false;
4753 bool result;
4754
4755 mode = convert_largeobject_priv_string(priv_type_text);
4756 result = has_lo_priv_byid(roleid, lobjId, mode, &is_missing);
4757
4758 if (is_missing)
4759 PG_RETURN_NULL();
4760
4761 PG_RETURN_BOOL(result);
4762}
convert_largeobject_priv_string
static AclMode convert_largeobject_priv_string(text *priv_type_text)
Definition: acl.c:4793
has_lo_priv_byid
static bool has_lo_priv_byid(Oid roleid, Oid lobjId, AclMode priv, bool *is_missing)
Definition: acl.c:4687

References convert_largeobject_priv_string(), GetUserId(), has_lo_priv_byid(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_largeobject_privilege_id_id()

Datum has_largeobject_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4770 of file acl.c.

4771{
4772 Oid roleid = PG_GETARG_OID(0);
4773 Oid lobjId = PG_GETARG_OID(1);
4774 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4775 AclMode mode;
4776 bool is_missing = false;
4777 bool result;
4778
4779 mode = convert_largeobject_priv_string(priv_type_text);
4780 result = has_lo_priv_byid(roleid, lobjId, mode, &is_missing);
4781
4782 if (is_missing)
4783 PG_RETURN_NULL();
4784
4785 PG_RETURN_BOOL(result);
4786}

References convert_largeobject_priv_string(), has_lo_priv_byid(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_largeobject_privilege_name_id()

Datum has_largeobject_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4720 of file acl.c.

4721{
4722 Name username = PG_GETARG_NAME(0);
4723 Oid roleid = get_role_oid_or_public(NameStr(*username));
4724 Oid lobjId = PG_GETARG_OID(1);
4725 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4726 AclMode mode;
4727 bool is_missing = false;
4728 bool result;
4729
4730 mode = convert_largeobject_priv_string(priv_type_text);
4731 result = has_lo_priv_byid(roleid, lobjId, mode, &is_missing);
4732
4733 if (is_missing)
4734 PG_RETURN_NULL();
4735
4736 PG_RETURN_BOOL(result);
4737}

References convert_largeobject_priv_string(), get_role_oid_or_public(), has_lo_priv_byid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_lo_priv_byid()

static bool has_lo_priv_byid ( Oid  roleid,
Oid  lobjId,
AclMode  priv,
bool *  is_missing 
)
static

Definition at line 4687 of file acl.c.

4688{
4689 Snapshot snapshot = NULL;
4690 AclResult aclresult;
4691
4692 if (priv & ACL_UPDATE)
4693 snapshot = NULL;
4694 else
4695 snapshot = GetActiveSnapshot();
4696
4697 if (!LargeObjectExistsWithSnapshot(lobjId, snapshot))
4698 {
4699 Assert(is_missing != NULL);
4700 *is_missing = true;
4701 return false;
4702 }
4703
4704 if (lo_compat_privileges)
4705 return true;
4706
4707 aclresult = pg_largeobject_aclcheck_snapshot(lobjId,
4708 roleid,
4709 priv,
4710 snapshot);
4711 return aclresult == ACLCHECK_OK;
4712}
pg_largeobject_aclcheck_snapshot
AclResult pg_largeobject_aclcheck_snapshot(Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)
Definition: aclchk.c:4061
lo_compat_privileges
bool lo_compat_privileges
Definition: inv_api.c:56
LargeObjectExistsWithSnapshot
bool LargeObjectExistsWithSnapshot(Oid loid, Snapshot snapshot)
Definition: pg_largeobject.c:176
GetActiveSnapshot
Snapshot GetActiveSnapshot(void)
Definition: snapmgr.c:787

References ACL_UPDATE, ACLCHECK_OK, Assert(), GetActiveSnapshot(), LargeObjectExistsWithSnapshot(), lo_compat_privileges, and pg_largeobject_aclcheck_snapshot().

Referenced by has_largeobject_privilege_id(), has_largeobject_privilege_id_id(), and has_largeobject_privilege_name_id().

◆ has_param_priv_byname()

static bool has_param_priv_byname ( Oid  roleid,
const text parameter,
AclMode  priv 
)
static

Definition at line 4596 of file acl.c.

4597{
4598 char *paramstr = text_to_cstring(parameter);
4599
4600 return pg_parameter_aclcheck(paramstr, roleid, priv) == ACLCHECK_OK;
4601}
pg_parameter_aclcheck
AclResult pg_parameter_aclcheck(const char *name, Oid roleid, AclMode mode)
Definition: aclchk.c:4049

References ACLCHECK_OK, pg_parameter_aclcheck(), and text_to_cstring().

Referenced by has_parameter_privilege_id_name(), has_parameter_privilege_name(), and has_parameter_privilege_name_name().

◆ has_parameter_privilege_id_name()

Datum has_parameter_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4639 of file acl.c.

4640{
4641 Oid roleid = PG_GETARG_OID(0);
4642 text *parameter = PG_GETARG_TEXT_PP(1);
4643 AclMode priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(2));
4644
4645 PG_RETURN_BOOL(has_param_priv_byname(roleid, parameter, priv));
4646}
has_param_priv_byname
static bool has_param_priv_byname(Oid roleid, const text *parameter, AclMode priv)
Definition: acl.c:4596
convert_parameter_priv_string
static AclMode convert_parameter_priv_string(text *priv_text)
Definition: acl.c:4657

References convert_parameter_priv_string(), has_param_priv_byname(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_parameter_privilege_name()

Datum has_parameter_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4625 of file acl.c.

4626{
4627 text *parameter = PG_GETARG_TEXT_PP(0);
4628 AclMode priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(1));
4629
4630 PG_RETURN_BOOL(has_param_priv_byname(GetUserId(), parameter, priv));
4631}

References convert_parameter_priv_string(), GetUserId(), has_param_priv_byname(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_parameter_privilege_name_name()

Datum has_parameter_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4609 of file acl.c.

4610{
4611 Name username = PG_GETARG_NAME(0);
4612 text *parameter = PG_GETARG_TEXT_PP(1);
4613 AclMode priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(2));
4614 Oid roleid = get_role_oid_or_public(NameStr(*username));
4615
4616 PG_RETURN_BOOL(has_param_priv_byname(roleid, parameter, priv));
4617}

References convert_parameter_priv_string(), get_role_oid_or_public(), has_param_priv_byname(), NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_privs_of_role()

bool has_privs_of_role ( Oid  member,
Oid  role 
)

Definition at line 5268 of file acl.c.

5269{
5270 /* Fast path for simple case */
5271 if (member == role)
5272 return true;
5273
5274 /* Superusers have every privilege, so are part of every role */
5275 if (superuser_arg(member))
5276 return true;
5277
5278 /*
5279 * Find all the roles that member has the privileges of, including
5280 * multi-level recursion, then see if target role is any one of them.
5281 */
5282 return list_member_oid(roles_is_member_of(member, ROLERECURSE_PRIVS,
5283 InvalidOid, NULL),
5284 role);
5285}
roles_is_member_of
static List * roles_is_member_of(Oid roleid, enum RoleRecurseType type, Oid admin_of, Oid *admin_role)
Definition: acl.c:5136
list_member_oid
bool list_member_oid(const List *list, Oid datum)
Definition: list.c:722
superuser_arg
bool superuser_arg(Oid roleid)
Definition: superuser.c:56

References InvalidOid, list_member_oid(), ROLERECURSE_PRIVS, roles_is_member_of(), and superuser_arg().

Referenced by aclmask(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), bbsink_server_new(), calculate_database_size(), calculate_tablespace_size(), check_role_for_policy(), check_role_grantor(), ConfigOptionIsVisible(), convert_and_check_filename(), CreateSubscription(), DoCopy(), DropOwnedObjects(), ExecAlterDefaultPrivilegesStmt(), file_fdw_validator(), GetConfigOptionValues(), InitPostgres(), object_ownercheck(), pg_class_aclmask_ext(), pg_namespace_aclmask_ext(), pg_role_aclcheck(), pg_signal_backend(), pg_stat_get_wal_receiver(), pg_stat_get_wal_senders(), pg_stat_statements_internal(), pgrowlocks(), ReassignOwnedObjects(), ReindexMultipleTables(), shell_check_detail(), standard_ProcessUtility(), and TerminateOtherDBBackends().

◆ has_schema_privilege_id()

Datum has_schema_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3866 of file acl.c.

3867{
3868 Oid schemaoid = PG_GETARG_OID(0);
3869 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3870 Oid roleid;
3871 AclMode mode;
3872 AclResult aclresult;
3873 bool is_missing = false;
3874
3875 roleid = GetUserId();
3876 mode = convert_schema_priv_string(priv_type_text);
3877
3878 aclresult = object_aclcheck_ext(NamespaceRelationId, schemaoid,
3879 roleid, mode,
3880 &is_missing);
3881
3882 if (is_missing)
3883 PG_RETURN_NULL();
3884
3885 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3886}
convert_schema_priv_string
static AclMode convert_schema_priv_string(text *priv_type_text)
Definition: acl.c:3958

References ACLCHECK_OK, convert_schema_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_schema_privilege_id_id()

Datum has_schema_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3917 of file acl.c.

3918{
3919 Oid roleid = PG_GETARG_OID(0);
3920 Oid schemaoid = PG_GETARG_OID(1);
3921 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3922 AclMode mode;
3923 AclResult aclresult;
3924 bool is_missing = false;
3925
3926 mode = convert_schema_priv_string(priv_type_text);
3927
3928 aclresult = object_aclcheck_ext(NamespaceRelationId, schemaoid,
3929 roleid, mode,
3930 &is_missing);
3931
3932 if (is_missing)
3933 PG_RETURN_NULL();
3934
3935 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3936}

References ACLCHECK_OK, convert_schema_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_schema_privilege_id_name()

Datum has_schema_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3894 of file acl.c.

3895{
3896 Oid roleid = PG_GETARG_OID(0);
3897 text *schemaname = PG_GETARG_TEXT_PP(1);
3898 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3899 Oid schemaoid;
3900 AclMode mode;
3901 AclResult aclresult;
3902
3903 schemaoid = convert_schema_name(schemaname);
3904 mode = convert_schema_priv_string(priv_type_text);
3905
3906 aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
3907
3908 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3909}
convert_schema_name
static Oid convert_schema_name(text *schemaname)
Definition: acl.c:3946

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_schema_privilege_name()

Datum has_schema_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3812 of file acl.c.

3813{
3814 text *schemaname = PG_GETARG_TEXT_PP(0);
3815 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3816 Oid roleid;
3817 Oid schemaoid;
3818 AclMode mode;
3819 AclResult aclresult;
3820
3821 roleid = GetUserId();
3822 schemaoid = convert_schema_name(schemaname);
3823 mode = convert_schema_priv_string(priv_type_text);
3824
3825 aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
3826
3827 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3828}

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_schema_privilege_name_id()

Datum has_schema_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3836 of file acl.c.

3837{
3838 Name username = PG_GETARG_NAME(0);
3839 Oid schemaoid = PG_GETARG_OID(1);
3840 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3841 Oid roleid;
3842 AclMode mode;
3843 AclResult aclresult;
3844 bool is_missing = false;
3845
3846 roleid = get_role_oid_or_public(NameStr(*username));
3847 mode = convert_schema_priv_string(priv_type_text);
3848
3849 aclresult = object_aclcheck_ext(NamespaceRelationId, schemaoid,
3850 roleid, mode,
3851 &is_missing);
3852
3853 if (is_missing)
3854 PG_RETURN_NULL();
3855
3856 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3857}

References ACLCHECK_OK, convert_schema_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_schema_privilege_name_name()

Datum has_schema_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3786 of file acl.c.

3787{
3788 Name username = PG_GETARG_NAME(0);
3789 text *schemaname = PG_GETARG_TEXT_PP(1);
3790 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3791 Oid roleid;
3792 Oid schemaoid;
3793 AclMode mode;
3794 AclResult aclresult;
3795
3796 roleid = get_role_oid_or_public(NameStr(*username));
3797 schemaoid = convert_schema_name(schemaname);
3798 mode = convert_schema_priv_string(priv_type_text);
3799
3800 aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
3801
3802 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3803}

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_sequence_privilege_id()

Datum has_sequence_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 2186 of file acl.c.

2187{
2188 Oid sequenceoid = PG_GETARG_OID(0);
2189 text *priv_type_text = PG_GETARG_TEXT_PP(1);
2190 Oid roleid;
2191 AclMode mode;
2192 AclResult aclresult;
2193 char relkind;
2194 bool is_missing = false;
2195
2196 roleid = GetUserId();
2197 mode = convert_sequence_priv_string(priv_type_text);
2198 relkind = get_rel_relkind(sequenceoid);
2199 if (relkind == '\0')
2200 PG_RETURN_NULL();
2201 else if (relkind != RELKIND_SEQUENCE)
2202 ereport(ERROR,
2203 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2204 errmsg("\"%s\" is not a sequence",
2205 get_rel_name(sequenceoid))));
2206
2207 aclresult = pg_class_aclcheck_ext(sequenceoid, roleid, mode, &is_missing);
2208
2209 if (is_missing)
2210 PG_RETURN_NULL();
2211
2212 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2213}
convert_sequence_priv_string
static AclMode convert_sequence_priv_string(text *priv_type_text)
Definition: acl.c:2282
get_rel_relkind
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:2143

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg(), ERROR, get_rel_name(), get_rel_relkind(), GetUserId(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_sequence_privilege_id_id()

Datum has_sequence_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 2249 of file acl.c.

2250{
2251 Oid roleid = PG_GETARG_OID(0);
2252 Oid sequenceoid = PG_GETARG_OID(1);
2253 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2254 AclMode mode;
2255 AclResult aclresult;
2256 char relkind;
2257 bool is_missing = false;
2258
2259 mode = convert_sequence_priv_string(priv_type_text);
2260 relkind = get_rel_relkind(sequenceoid);
2261 if (relkind == '\0')
2262 PG_RETURN_NULL();
2263 else if (relkind != RELKIND_SEQUENCE)
2264 ereport(ERROR,
2265 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2266 errmsg("\"%s\" is not a sequence",
2267 get_rel_name(sequenceoid))));
2268
2269 aclresult = pg_class_aclcheck_ext(sequenceoid, roleid, mode, &is_missing);
2270
2271 if (is_missing)
2272 PG_RETURN_NULL();
2273
2274 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2275}

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg(), ERROR, get_rel_name(), get_rel_relkind(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_sequence_privilege_id_name()

Datum has_sequence_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2221 of file acl.c.

2222{
2223 Oid roleid = PG_GETARG_OID(0);
2224 text *sequencename = PG_GETARG_TEXT_PP(1);
2225 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2226 Oid sequenceoid;
2227 AclMode mode;
2228 AclResult aclresult;
2229
2230 mode = convert_sequence_priv_string(priv_type_text);
2231 sequenceoid = convert_table_name(sequencename);
2232 if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2233 ereport(ERROR,
2234 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2235 errmsg("\"%s\" is not a sequence",
2236 text_to_cstring(sequencename))));
2237
2238 aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2239
2240 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2241}

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), mode, pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and text_to_cstring().

◆ has_sequence_privilege_name()

Datum has_sequence_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 2120 of file acl.c.

2121{
2122 text *sequencename = PG_GETARG_TEXT_PP(0);
2123 text *priv_type_text = PG_GETARG_TEXT_PP(1);
2124 Oid roleid;
2125 Oid sequenceoid;
2126 AclMode mode;
2127 AclResult aclresult;
2128
2129 roleid = GetUserId();
2130 mode = convert_sequence_priv_string(priv_type_text);
2131 sequenceoid = convert_table_name(sequencename);
2132 if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2133 ereport(ERROR,
2134 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2135 errmsg("\"%s\" is not a sequence",
2136 text_to_cstring(sequencename))));
2137
2138 aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2139
2140 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2141}

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), GetUserId(), mode, pg_class_aclcheck(), PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and text_to_cstring().

◆ has_sequence_privilege_name_id()

Datum has_sequence_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 2149 of file acl.c.

2150{
2151 Name username = PG_GETARG_NAME(0);
2152 Oid sequenceoid = PG_GETARG_OID(1);
2153 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2154 Oid roleid;
2155 AclMode mode;
2156 AclResult aclresult;
2157 char relkind;
2158 bool is_missing = false;
2159
2160 roleid = get_role_oid_or_public(NameStr(*username));
2161 mode = convert_sequence_priv_string(priv_type_text);
2162 relkind = get_rel_relkind(sequenceoid);
2163 if (relkind == '\0')
2164 PG_RETURN_NULL();
2165 else if (relkind != RELKIND_SEQUENCE)
2166 ereport(ERROR,
2167 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2168 errmsg("\"%s\" is not a sequence",
2169 get_rel_name(sequenceoid))));
2170
2171 aclresult = pg_class_aclcheck_ext(sequenceoid, roleid, mode, &is_missing);
2172
2173 if (is_missing)
2174 PG_RETURN_NULL();
2175
2176 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2177}

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg(), ERROR, get_rel_name(), get_rel_relkind(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_sequence_privilege_name_name()

Datum has_sequence_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2089 of file acl.c.

2090{
2091 Name rolename = PG_GETARG_NAME(0);
2092 text *sequencename = PG_GETARG_TEXT_PP(1);
2093 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2094 Oid roleid;
2095 Oid sequenceoid;
2096 AclMode mode;
2097 AclResult aclresult;
2098
2099 roleid = get_role_oid_or_public(NameStr(*rolename));
2100 mode = convert_sequence_priv_string(priv_type_text);
2101 sequenceoid = convert_table_name(sequencename);
2102 if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2103 ereport(ERROR,
2104 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2105 errmsg("\"%s\" is not a sequence",
2106 text_to_cstring(sequencename))));
2107
2108 aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2109
2110 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2111}

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and text_to_cstring().

◆ has_server_privilege_id()

Datum has_server_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4068 of file acl.c.

4069{
4070 Oid serverid = PG_GETARG_OID(0);
4071 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4072 Oid roleid;
4073 AclMode mode;
4074 AclResult aclresult;
4075 bool is_missing = false;
4076
4077 roleid = GetUserId();
4078 mode = convert_server_priv_string(priv_type_text);
4079
4080 aclresult = object_aclcheck_ext(ForeignServerRelationId, serverid,
4081 roleid, mode,
4082 &is_missing);
4083
4084 if (is_missing)
4085 PG_RETURN_NULL();
4086
4087 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4088}
convert_server_priv_string
static AclMode convert_server_priv_string(text *priv_type_text)
Definition: acl.c:4160

References ACLCHECK_OK, convert_server_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_server_privilege_id_id()

Datum has_server_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4119 of file acl.c.

4120{
4121 Oid roleid = PG_GETARG_OID(0);
4122 Oid serverid = PG_GETARG_OID(1);
4123 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4124 AclMode mode;
4125 AclResult aclresult;
4126 bool is_missing = false;
4127
4128 mode = convert_server_priv_string(priv_type_text);
4129
4130 aclresult = object_aclcheck_ext(ForeignServerRelationId, serverid,
4131 roleid, mode,
4132 &is_missing);
4133
4134 if (is_missing)
4135 PG_RETURN_NULL();
4136
4137 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4138}

References ACLCHECK_OK, convert_server_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_server_privilege_id_name()

Datum has_server_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4096 of file acl.c.

4097{
4098 Oid roleid = PG_GETARG_OID(0);
4099 text *servername = PG_GETARG_TEXT_PP(1);
4100 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4101 Oid serverid;
4102 AclMode mode;
4103 AclResult aclresult;
4104
4105 serverid = convert_server_name(servername);
4106 mode = convert_server_priv_string(priv_type_text);
4107
4108 aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
4109
4110 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4111}
convert_server_name
static Oid convert_server_name(text *servername)
Definition: acl.c:4148

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_server_privilege_name()

Datum has_server_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4014 of file acl.c.

4015{
4016 text *servername = PG_GETARG_TEXT_PP(0);
4017 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4018 Oid roleid;
4019 Oid serverid;
4020 AclMode mode;
4021 AclResult aclresult;
4022
4023 roleid = GetUserId();
4024 serverid = convert_server_name(servername);
4025 mode = convert_server_priv_string(priv_type_text);
4026
4027 aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
4028
4029 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4030}

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_server_privilege_name_id()

Datum has_server_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4038 of file acl.c.

4039{
4040 Name username = PG_GETARG_NAME(0);
4041 Oid serverid = PG_GETARG_OID(1);
4042 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4043 Oid roleid;
4044 AclMode mode;
4045 AclResult aclresult;
4046 bool is_missing = false;
4047
4048 roleid = get_role_oid_or_public(NameStr(*username));
4049 mode = convert_server_priv_string(priv_type_text);
4050
4051 aclresult = object_aclcheck_ext(ForeignServerRelationId, serverid,
4052 roleid, mode,
4053 &is_missing);
4054
4055 if (is_missing)
4056 PG_RETURN_NULL();
4057
4058 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4059}

References ACLCHECK_OK, convert_server_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_server_privilege_name_name()

Datum has_server_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3988 of file acl.c.

3989{
3990 Name username = PG_GETARG_NAME(0);
3991 text *servername = PG_GETARG_TEXT_PP(1);
3992 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3993 Oid roleid;
3994 Oid serverid;
3995 AclMode mode;
3996 AclResult aclresult;
3997
3998 roleid = get_role_oid_or_public(NameStr(*username));
3999 serverid = convert_server_name(servername);
4000 mode = convert_server_priv_string(priv_type_text);
4001
4002 aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
4003
4004 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4005}

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_table_privilege_id()

Datum has_table_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 1956 of file acl.c.

1957{
1958 Oid tableoid = PG_GETARG_OID(0);
1959 text *priv_type_text = PG_GETARG_TEXT_PP(1);
1960 Oid roleid;
1961 AclMode mode;
1962 AclResult aclresult;
1963 bool is_missing = false;
1964
1965 roleid = GetUserId();
1966 mode = convert_table_priv_string(priv_type_text);
1967
1968 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
1969
1970 if (is_missing)
1971 PG_RETURN_NULL();
1972
1973 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1974}
convert_table_priv_string
static AclMode convert_table_priv_string(text *priv_type_text)
Definition: acl.c:2047

References ACLCHECK_OK, convert_table_priv_string(), GetUserId(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_table_privilege_id_id()

Datum has_table_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 2005 of file acl.c.

2006{
2007 Oid roleid = PG_GETARG_OID(0);
2008 Oid tableoid = PG_GETARG_OID(1);
2009 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2010 AclMode mode;
2011 AclResult aclresult;
2012 bool is_missing = false;
2013
2014 mode = convert_table_priv_string(priv_type_text);
2015
2016 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2017
2018 if (is_missing)
2019 PG_RETURN_NULL();
2020
2021 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2022}

References ACLCHECK_OK, convert_table_priv_string(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_table_privilege_id_name()

Datum has_table_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 1982 of file acl.c.

1983{
1984 Oid roleid = PG_GETARG_OID(0);
1985 text *tablename = PG_GETARG_TEXT_PP(1);
1986 text *priv_type_text = PG_GETARG_TEXT_PP(2);
1987 Oid tableoid;
1988 AclMode mode;
1989 AclResult aclresult;
1990
1991 tableoid = convert_table_name(tablename);
1992 mode = convert_table_priv_string(priv_type_text);
1993
1994 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1995
1996 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1997}

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), mode, pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_table_privilege_name()

Datum has_table_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 1904 of file acl.c.

1905{
1906 text *tablename = PG_GETARG_TEXT_PP(0);
1907 text *priv_type_text = PG_GETARG_TEXT_PP(1);
1908 Oid roleid;
1909 Oid tableoid;
1910 AclMode mode;
1911 AclResult aclresult;
1912
1913 roleid = GetUserId();
1914 tableoid = convert_table_name(tablename);
1915 mode = convert_table_priv_string(priv_type_text);
1916
1917 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1918
1919 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1920}

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), GetUserId(), mode, pg_class_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_table_privilege_name_id()

Datum has_table_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 1928 of file acl.c.

1929{
1930 Name username = PG_GETARG_NAME(0);
1931 Oid tableoid = PG_GETARG_OID(1);
1932 text *priv_type_text = PG_GETARG_TEXT_PP(2);
1933 Oid roleid;
1934 AclMode mode;
1935 AclResult aclresult;
1936 bool is_missing = false;
1937
1938 roleid = get_role_oid_or_public(NameStr(*username));
1939 mode = convert_table_priv_string(priv_type_text);
1940
1941 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
1942
1943 if (is_missing)
1944 PG_RETURN_NULL();
1945
1946 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1947}

References ACLCHECK_OK, convert_table_priv_string(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_table_privilege_name_name()

Datum has_table_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 1878 of file acl.c.

1879{
1880 Name rolename = PG_GETARG_NAME(0);
1881 text *tablename = PG_GETARG_TEXT_PP(1);
1882 text *priv_type_text = PG_GETARG_TEXT_PP(2);
1883 Oid roleid;
1884 Oid tableoid;
1885 AclMode mode;
1886 AclResult aclresult;
1887
1888 roleid = get_role_oid_or_public(NameStr(*rolename));
1889 tableoid = convert_table_name(tablename);
1890 mode = convert_table_priv_string(priv_type_text);
1891
1892 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1893
1894 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1895}

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_id()

Datum has_tablespace_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4268 of file acl.c.

4269{
4270 Oid tablespaceoid = PG_GETARG_OID(0);
4271 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4272 Oid roleid;
4273 AclMode mode;
4274 AclResult aclresult;
4275 bool is_missing = false;
4276
4277 roleid = GetUserId();
4278 mode = convert_tablespace_priv_string(priv_type_text);
4279
4280 aclresult = object_aclcheck_ext(TableSpaceRelationId, tablespaceoid,
4281 roleid, mode,
4282 &is_missing);
4283
4284 if (is_missing)
4285 PG_RETURN_NULL();
4286
4287 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4288}
convert_tablespace_priv_string
static AclMode convert_tablespace_priv_string(text *priv_type_text)
Definition: acl.c:4360

References ACLCHECK_OK, convert_tablespace_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_tablespace_privilege_id_id()

Datum has_tablespace_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4319 of file acl.c.

4320{
4321 Oid roleid = PG_GETARG_OID(0);
4322 Oid tablespaceoid = PG_GETARG_OID(1);
4323 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4324 AclMode mode;
4325 AclResult aclresult;
4326 bool is_missing = false;
4327
4328 mode = convert_tablespace_priv_string(priv_type_text);
4329
4330 aclresult = object_aclcheck_ext(TableSpaceRelationId, tablespaceoid,
4331 roleid, mode,
4332 &is_missing);
4333
4334 if (is_missing)
4335 PG_RETURN_NULL();
4336
4337 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4338}

References ACLCHECK_OK, convert_tablespace_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_tablespace_privilege_id_name()

Datum has_tablespace_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4296 of file acl.c.

4297{
4298 Oid roleid = PG_GETARG_OID(0);
4299 text *tablespacename = PG_GETARG_TEXT_PP(1);
4300 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4301 Oid tablespaceoid;
4302 AclMode mode;
4303 AclResult aclresult;
4304
4305 tablespaceoid = convert_tablespace_name(tablespacename);
4306 mode = convert_tablespace_priv_string(priv_type_text);
4307
4308 aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
4309
4310 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4311}
convert_tablespace_name
static Oid convert_tablespace_name(text *tablespacename)
Definition: acl.c:4348

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_name()

Datum has_tablespace_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4214 of file acl.c.

4215{
4216 text *tablespacename = PG_GETARG_TEXT_PP(0);
4217 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4218 Oid roleid;
4219 Oid tablespaceoid;
4220 AclMode mode;
4221 AclResult aclresult;
4222
4223 roleid = GetUserId();
4224 tablespaceoid = convert_tablespace_name(tablespacename);
4225 mode = convert_tablespace_priv_string(priv_type_text);
4226
4227 aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
4228
4229 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4230}

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_name_id()

Datum has_tablespace_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4238 of file acl.c.

4239{
4240 Name username = PG_GETARG_NAME(0);
4241 Oid tablespaceoid = PG_GETARG_OID(1);
4242 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4243 Oid roleid;
4244 AclMode mode;
4245 AclResult aclresult;
4246 bool is_missing = false;
4247
4248 roleid = get_role_oid_or_public(NameStr(*username));
4249 mode = convert_tablespace_priv_string(priv_type_text);
4250
4251 aclresult = object_aclcheck_ext(TableSpaceRelationId, tablespaceoid,
4252 roleid, mode,
4253 &is_missing);
4254
4255 if (is_missing)
4256 PG_RETURN_NULL();
4257
4258 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4259}

References ACLCHECK_OK, convert_tablespace_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_tablespace_privilege_name_name()

Datum has_tablespace_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4188 of file acl.c.

4189{
4190 Name username = PG_GETARG_NAME(0);
4191 text *tablespacename = PG_GETARG_TEXT_PP(1);
4192 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4193 Oid roleid;
4194 Oid tablespaceoid;
4195 AclMode mode;
4196 AclResult aclresult;
4197
4198 roleid = get_role_oid_or_public(NameStr(*username));
4199 tablespaceoid = convert_tablespace_name(tablespacename);
4200 mode = convert_tablespace_priv_string(priv_type_text);
4201
4202 aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
4203
4204 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4205}

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_type_privilege_id()

Datum has_type_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4467 of file acl.c.

4468{
4469 Oid typeoid = PG_GETARG_OID(0);
4470 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4471 Oid roleid;
4472 AclMode mode;
4473 AclResult aclresult;
4474 bool is_missing = false;
4475
4476 roleid = GetUserId();
4477 mode = convert_type_priv_string(priv_type_text);
4478
4479 aclresult = object_aclcheck_ext(TypeRelationId, typeoid,
4480 roleid, mode,
4481 &is_missing);
4482
4483 if (is_missing)
4484 PG_RETURN_NULL();
4485
4486 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4487}
convert_type_priv_string
static AclMode convert_type_priv_string(text *priv_type_text)
Definition: acl.c:4568

References ACLCHECK_OK, convert_type_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_type_privilege_id_id()

Datum has_type_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4518 of file acl.c.

4519{
4520 Oid roleid = PG_GETARG_OID(0);
4521 Oid typeoid = PG_GETARG_OID(1);
4522 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4523 AclMode mode;
4524 AclResult aclresult;
4525 bool is_missing = false;
4526
4527 mode = convert_type_priv_string(priv_type_text);
4528
4529 aclresult = object_aclcheck_ext(TypeRelationId, typeoid,
4530 roleid, mode,
4531 &is_missing);
4532
4533 if (is_missing)
4534 PG_RETURN_NULL();
4535
4536 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4537}

References ACLCHECK_OK, convert_type_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_type_privilege_id_name()

Datum has_type_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4495 of file acl.c.

4496{
4497 Oid roleid = PG_GETARG_OID(0);
4498 text *typename = PG_GETARG_TEXT_PP(1);
4499 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4500 Oid typeoid;
4501 AclMode mode;
4502 AclResult aclresult;
4503
4504 typeoid = convert_type_name(typename);
4505 mode = convert_type_priv_string(priv_type_text);
4506
4507 aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
4508
4509 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4510}
convert_type_name
static Oid convert_type_name(text *typename)
Definition: acl.c:4547

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_type_privilege_name()

Datum has_type_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4413 of file acl.c.

4414{
4415 text *typename = PG_GETARG_TEXT_PP(0);
4416 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4417 Oid roleid;
4418 Oid typeoid;
4419 AclMode mode;
4420 AclResult aclresult;
4421
4422 roleid = GetUserId();
4423 typeoid = convert_type_name(typename);
4424 mode = convert_type_priv_string(priv_type_text);
4425
4426 aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
4427
4428 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4429}

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_type_privilege_name_id()

Datum has_type_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4437 of file acl.c.

4438{
4439 Name username = PG_GETARG_NAME(0);
4440 Oid typeoid = PG_GETARG_OID(1);
4441 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4442 Oid roleid;
4443 AclMode mode;
4444 AclResult aclresult;
4445 bool is_missing = false;
4446
4447 roleid = get_role_oid_or_public(NameStr(*username));
4448 mode = convert_type_priv_string(priv_type_text);
4449
4450 aclresult = object_aclcheck_ext(TypeRelationId, typeoid,
4451 roleid, mode,
4452 &is_missing);
4453
4454 if (is_missing)
4455 PG_RETURN_NULL();
4456
4457 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4458}

References ACLCHECK_OK, convert_type_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_type_privilege_name_name()

Datum has_type_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4387 of file acl.c.

4388{
4389 Name username = PG_GETARG_NAME(0);
4390 text *typename = PG_GETARG_TEXT_PP(1);
4391 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4392 Oid roleid;
4393 Oid typeoid;
4394 AclMode mode;
4395 AclResult aclresult;
4396
4397 roleid = get_role_oid_or_public(NameStr(*username));
4398 typeoid = convert_type_name(typename);
4399 mode = convert_type_priv_string(priv_type_text);
4400
4401 aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
4402
4403 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4404}

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ hash_aclitem()

Datum hash_aclitem ( PG_FUNCTION_ARGS  )

Definition at line 752 of file acl.c.

753{
754 AclItem *a = PG_GETARG_ACLITEM_P(0);
755
756 /* not very bright, but avoids any issue of padding in struct */
757 PG_RETURN_UINT32((uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor));
758}
uint32
uint32_t uint32
Definition: c.h:502
PG_RETURN_UINT32
#define PG_RETURN_UINT32(x)
Definition: fmgr.h:355
a
int a
Definition: isn.c:73

References a, PG_GETARG_ACLITEM_P, and PG_RETURN_UINT32.

◆ hash_aclitem_extended()

Datum hash_aclitem_extended ( PG_FUNCTION_ARGS  )

Definition at line 766 of file acl.c.

767{
768 AclItem *a = PG_GETARG_ACLITEM_P(0);
769 uint64 seed = PG_GETARG_INT64(1);
770 uint32 sum = (uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor);
771
772 return (seed == 0) ? UInt64GetDatum(sum) : hash_uint32_extended(sum, seed);
773}
uint64
uint64_t uint64
Definition: c.h:503
PG_GETARG_INT64
#define PG_GETARG_INT64(n)
Definition: fmgr.h:283
hash_uint32_extended
static Datum hash_uint32_extended(uint32 k, uint64 seed)
Definition: hashfn.h:49
UInt64GetDatum
static Datum UInt64GetDatum(uint64 X)
Definition: postgres.h:441

References a, hash_uint32_extended(), PG_GETARG_ACLITEM_P, PG_GETARG_INT64, and UInt64GetDatum().

◆ initialize_acl()

void initialize_acl ( void  )

Definition at line 5024 of file acl.c.

5025{
5026 if (!IsBootstrapProcessingMode())
5027 {
5028 cached_db_hash =
5029 GetSysCacheHashValue1(DATABASEOID,
5030 ObjectIdGetDatum(MyDatabaseId));
5031
5032 /*
5033 * In normal mode, set a callback on any syscache invalidation of rows
5034 * of pg_auth_members (for roles_is_member_of()) pg_database (for
5035 * roles_is_member_of())
5036 */
5037 CacheRegisterSyscacheCallback(AUTHMEMROLEMEM,
5038 RoleMembershipCacheCallback,
5039 (Datum) 0);
5040 CacheRegisterSyscacheCallback(AUTHOID,
5041 RoleMembershipCacheCallback,
5042 (Datum) 0);
5043 CacheRegisterSyscacheCallback(DATABASEOID,
5044 RoleMembershipCacheCallback,
5045 (Datum) 0);
5046 }
5047}
cached_db_hash
static uint32 cached_db_hash
Definition: acl.c:83
RoleMembershipCacheCallback
static void RoleMembershipCacheCallback(Datum arg, int cacheid, uint32 hashvalue)
Definition: acl.c:5054
MyDatabaseId
Oid MyDatabaseId
Definition: globals.c:95
CacheRegisterSyscacheCallback
void CacheRegisterSyscacheCallback(int cacheid, SyscacheCallbackFunction func, Datum arg)
Definition: inval.c:1812
IsBootstrapProcessingMode
#define IsBootstrapProcessingMode()
Definition: miscadmin.h:477
GetSysCacheHashValue1
#define GetSysCacheHashValue1(cacheId, key1)
Definition: syscache.h:118

References cached_db_hash, CacheRegisterSyscacheCallback(), GetSysCacheHashValue1, IsBootstrapProcessingMode, MyDatabaseId, ObjectIdGetDatum(), and RoleMembershipCacheCallback().

Referenced by InitPostgres().

◆ is_admin_of_role()

bool is_admin_of_role ( Oid  member,
Oid  role 
)

Definition at line 5398 of file acl.c.

5399{
5400 Oid admin_role;
5401
5402 if (superuser_arg(member))
5403 return true;
5404
5405 /* By policy, a role cannot have WITH ADMIN OPTION on itself. */
5406 if (member == role)
5407 return false;
5408
5409 (void) roles_is_member_of(member, ROLERECURSE_MEMBERS, role, &admin_role);
5410 return OidIsValid(admin_role);
5411}

References OidIsValid, ROLERECURSE_MEMBERS, roles_is_member_of(), and superuser_arg().

Referenced by AlterRole(), AlterRoleSet(), check_object_ownership(), check_role_membership_authorization(), DropRole(), pg_role_aclcheck(), and RenameRole().

◆ is_member_of_role()

bool is_member_of_role ( Oid  member,
Oid  role 
)

Definition at line 5348 of file acl.c.

5349{
5350 /* Fast path for simple case */
5351 if (member == role)
5352 return true;
5353
5354 /* Superusers have every privilege, so are part of every role */
5355 if (superuser_arg(member))
5356 return true;
5357
5358 /*
5359 * Find all the roles that member is a member of, including multi-level
5360 * recursion, then see if target role is any one of them.
5361 */
5362 return list_member_oid(roles_is_member_of(member, ROLERECURSE_MEMBERS,
5363 InvalidOid, NULL),
5364 role);
5365}

References InvalidOid, list_member_oid(), ROLERECURSE_MEMBERS, roles_is_member_of(), and superuser_arg().

Referenced by pg_role_aclcheck().

◆ is_member_of_role_nosuper()

bool is_member_of_role_nosuper ( Oid  member,
Oid  role 
)

Definition at line 5376 of file acl.c.

5377{
5378 /* Fast path for simple case */
5379 if (member == role)
5380 return true;
5381
5382 /*
5383 * Find all the roles that member is a member of, including multi-level
5384 * recursion, then see if target role is any one of them.
5385 */
5386 return list_member_oid(roles_is_member_of(member, ROLERECURSE_MEMBERS,
5387 InvalidOid, NULL),
5388 role);
5389}

References InvalidOid, list_member_oid(), ROLERECURSE_MEMBERS, and roles_is_member_of().

Referenced by AddRoleMems(), and is_member().

◆ make_empty_acl()

Acl * make_empty_acl ( void  )

Definition at line 432 of file acl.c.

433{
434 return allocacl(0);
435}

References allocacl().

Referenced by SetDefaultACL().

◆ makeaclitem()

Datum makeaclitem ( PG_FUNCTION_ARGS  )

Definition at line 1618 of file acl.c.

1619{
1620 Oid grantee = PG_GETARG_OID(0);
1621 Oid grantor = PG_GETARG_OID(1);
1622 text *privtext = PG_GETARG_TEXT_PP(2);
1623 bool goption = PG_GETARG_BOOL(3);
1624 AclItem *result;
1625 AclMode priv;
1626 static const priv_map any_priv_map[] = {
1627 {"SELECT", ACL_SELECT},
1628 {"INSERT", ACL_INSERT},
1629 {"UPDATE", ACL_UPDATE},
1630 {"DELETE", ACL_DELETE},
1631 {"TRUNCATE", ACL_TRUNCATE},
1632 {"REFERENCES", ACL_REFERENCES},
1633 {"TRIGGER", ACL_TRIGGER},
1634 {"EXECUTE", ACL_EXECUTE},
1635 {"USAGE", ACL_USAGE},
1636 {"CREATE", ACL_CREATE},
1637 {"TEMP", ACL_CREATE_TEMP},
1638 {"TEMPORARY", ACL_CREATE_TEMP},
1639 {"CONNECT", ACL_CONNECT},
1640 {"SET", ACL_SET},
1641 {"ALTER SYSTEM", ACL_ALTER_SYSTEM},
1642 {"MAINTAIN", ACL_MAINTAIN},
1643 {NULL, 0}
1644 };
1645
1646 priv = convert_any_priv_string(privtext, any_priv_map);
1647
1648 result = (AclItem *) palloc(sizeof(AclItem));
1649
1650 result->ai_grantee = grantee;
1651 result->ai_grantor = grantor;
1652
1653 ACLITEM_SET_PRIVS_GOPTIONS(*result, priv,
1654 (goption ? priv : ACL_NO_RIGHTS));
1655
1656 PG_RETURN_ACLITEM_P(result);
1657}
PG_GETARG_BOOL
#define PG_GETARG_BOOL(n)
Definition: fmgr.h:274

References ACL_ALTER_SYSTEM, ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_MAINTAIN, ACL_NO_RIGHTS, ACL_REFERENCES, ACL_SELECT, ACL_SET, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, ACLITEM_SET_PRIVS_GOPTIONS, AclItem::ai_grantee, AclItem::ai_grantor, convert_any_priv_string(), palloc(), PG_GETARG_BOOL, PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_ACLITEM_P.

◆ member_can_set_role()

bool member_can_set_role ( Oid  member,
Oid  role 
)

Definition at line 5302 of file acl.c.

5303{
5304 /* Fast path for simple case */
5305 if (member == role)
5306 return true;
5307
5308 /* Superusers have every privilege, so can always SET ROLE */
5309 if (superuser_arg(member))
5310 return true;
5311
5312 /*
5313 * Find all the roles that member can access via SET ROLE, including
5314 * multi-level recursion, then see if target role is any one of them.
5315 */
5316 return list_member_oid(roles_is_member_of(member, ROLERECURSE_SETROLE,
5317 InvalidOid, NULL),
5318 role);
5319}

References InvalidOid, list_member_oid(), ROLERECURSE_SETROLE, roles_is_member_of(), and superuser_arg().

Referenced by check_can_set_role(), check_role(), pg_role_aclcheck(), and SwitchToUntrustedUser().

◆ pg_has_role_id()

Datum pg_has_role_id ( PG_FUNCTION_ARGS  )

Definition at line 4896 of file acl.c.

4897{
4898 Oid roleoid = PG_GETARG_OID(0);
4899 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4900 Oid roleid;
4901 AclMode mode;
4902 AclResult aclresult;
4903
4904 roleid = GetUserId();
4905 mode = convert_role_priv_string(priv_type_text);
4906
4907 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4908
4909 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4910}
convert_role_priv_string
static AclMode convert_role_priv_string(text *priv_type_text)
Definition: acl.c:4971
pg_role_aclcheck
static AclResult pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode)
Definition: acl.c:4994

References ACLCHECK_OK, convert_role_priv_string(), GetUserId(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_id_id()

Datum pg_has_role_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4941 of file acl.c.

4942{
4943 Oid roleid = PG_GETARG_OID(0);
4944 Oid roleoid = PG_GETARG_OID(1);
4945 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4946 AclMode mode;
4947 AclResult aclresult;
4948
4949 mode = convert_role_priv_string(priv_type_text);
4950
4951 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4952
4953 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4954}

References ACLCHECK_OK, convert_role_priv_string(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_id_name()

Datum pg_has_role_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4918 of file acl.c.

4919{
4920 Oid roleid = PG_GETARG_OID(0);
4921 Name rolename = PG_GETARG_NAME(1);
4922 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4923 Oid roleoid;
4924 AclMode mode;
4925 AclResult aclresult;
4926
4927 roleoid = get_role_oid(NameStr(*rolename), false);
4928 mode = convert_role_priv_string(priv_type_text);
4929
4930 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4931
4932 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4933}

References ACLCHECK_OK, convert_role_priv_string(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_name()

Datum pg_has_role_name ( PG_FUNCTION_ARGS  )

Definition at line 4848 of file acl.c.

4849{
4850 Name rolename = PG_GETARG_NAME(0);
4851 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4852 Oid roleid;
4853 Oid roleoid;
4854 AclMode mode;
4855 AclResult aclresult;
4856
4857 roleid = GetUserId();
4858 roleoid = get_role_oid(NameStr(*rolename), false);
4859 mode = convert_role_priv_string(priv_type_text);
4860
4861 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4862
4863 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4864}

References ACLCHECK_OK, convert_role_priv_string(), get_role_oid(), GetUserId(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_name_id()

Datum pg_has_role_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4872 of file acl.c.

4873{
4874 Name username = PG_GETARG_NAME(0);
4875 Oid roleoid = PG_GETARG_OID(1);
4876 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4877 Oid roleid;
4878 AclMode mode;
4879 AclResult aclresult;
4880
4881 roleid = get_role_oid(NameStr(*username), false);
4882 mode = convert_role_priv_string(priv_type_text);
4883
4884 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4885
4886 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4887}

References ACLCHECK_OK, convert_role_priv_string(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, pg_role_aclcheck(), and username.

◆ pg_has_role_name_name()

Datum pg_has_role_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4822 of file acl.c.

4823{
4824 Name username = PG_GETARG_NAME(0);
4825 Name rolename = PG_GETARG_NAME(1);
4826 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4827 Oid roleid;
4828 Oid roleoid;
4829 AclMode mode;
4830 AclResult aclresult;
4831
4832 roleid = get_role_oid(NameStr(*username), false);
4833 roleoid = get_role_oid(NameStr(*rolename), false);
4834 mode = convert_role_priv_string(priv_type_text);
4835
4836 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4837
4838 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4839}

References ACLCHECK_OK, convert_role_priv_string(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, pg_role_aclcheck(), and username.

◆ pg_role_aclcheck()

static AclResult pg_role_aclcheck ( Oid  role_oid,
Oid  roleid,
AclMode  mode 
)
static

Definition at line 4994 of file acl.c.

4995{
4996 if (mode & ACL_GRANT_OPTION_FOR(ACL_CREATE))
4997 {
4998 if (is_admin_of_role(roleid, role_oid))
4999 return ACLCHECK_OK;
5000 }
5001 if (mode & ACL_CREATE)
5002 {
5003 if (is_member_of_role(roleid, role_oid))
5004 return ACLCHECK_OK;
5005 }
5006 if (mode & ACL_USAGE)
5007 {
5008 if (has_privs_of_role(roleid, role_oid))
5009 return ACLCHECK_OK;
5010 }
5011 if (mode & ACL_SET)
5012 {
5013 if (member_can_set_role(roleid, role_oid))
5014 return ACLCHECK_OK;
5015 }
5016 return ACLCHECK_NO_PRIV;
5017}
is_admin_of_role
bool is_admin_of_role(Oid member, Oid role)
Definition: acl.c:5398
is_member_of_role
bool is_member_of_role(Oid member, Oid role)
Definition: acl.c:5348
ACLCHECK_NO_PRIV
@ ACLCHECK_NO_PRIV
Definition: acl.h:184

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_SET, ACL_USAGE, ACLCHECK_NO_PRIV, ACLCHECK_OK, has_privs_of_role(), is_admin_of_role(), is_member_of_role(), member_can_set_role(), and mode.

Referenced by pg_has_role_id(), pg_has_role_id_id(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), and pg_has_role_name_name().

◆ putid()

static void putid ( char *  p,
const char *  s 
)
static

Definition at line 205 of file acl.c.

206{
207 const char *src;
208 bool safe = true;
209
210 for (src = s; *src; src++)
211 {
212 /* This test had better match what getid() does, above */
213 if (!isalnum((unsigned char) *src) && *src != '_')
214 {
215 safe = false;
216 break;
217 }
218 }
219 if (!safe)
220 *p++ = '"';
221 for (src = s; *src; src++)
222 {
223 /* A double quote character in a username is encoded as "" */
224 if (*src == '"')
225 *p++ = '"';
226 *p++ = *src;
227 }
228 if (!safe)
229 *p++ = '"';
230 *p = '\0';
231}

Referenced by aclitemout().

◆ recursive_revoke()

static Acl * recursive_revoke ( Acl acl,
Oid  grantee,
AclMode  revoke_privs,
Oid  ownerId,
DropBehavior  behavior 
)
static

Definition at line 1286 of file acl.c.

1291{
1292 AclMode still_has;
1293 AclItem *aip;
1294 int i,
1295 num;
1296
1297 check_acl(acl);
1298
1299 /* The owner can never truly lose grant options, so short-circuit */
1300 if (grantee == ownerId)
1301 return acl;
1302
1303 /* The grantee might still have some grant options via another grantor */
1304 still_has = aclmask(acl, grantee, ownerId,
1305 ACL_GRANT_OPTION_FOR(revoke_privs),
1306 ACLMASK_ALL);
1307 revoke_privs &= ~ACL_OPTION_TO_PRIVS(still_has);
1308 if (revoke_privs == ACL_NO_RIGHTS)
1309 return acl;
1310
1311restart:
1312 num = ACL_NUM(acl);
1313 aip = ACL_DAT(acl);
1314 for (i = 0; i < num; i++)
1315 {
1316 if (aip[i].ai_grantor == grantee
1317 && (ACLITEM_GET_PRIVS(aip[i]) & revoke_privs) != 0)
1318 {
1319 AclItem mod_acl;
1320 Acl *new_acl;
1321
1322 if (behavior == DROP_RESTRICT)
1323 ereport(ERROR,
1324 (errcode(ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST),
1325 errmsg("dependent privileges exist"),
1326 errhint("Use CASCADE to revoke them too.")));
1327
1328 mod_acl.ai_grantor = grantee;
1329 mod_acl.ai_grantee = aip[i].ai_grantee;
1330 ACLITEM_SET_PRIVS_GOPTIONS(mod_acl,
1331 revoke_privs,
1332 revoke_privs);
1333
1334 new_acl = aclupdate(acl, &mod_acl, ACL_MODECHG_DEL,
1335 ownerId, behavior);
1336
1337 pfree(acl);
1338 acl = new_acl;
1339
1340 goto restart;
1341 }
1342 }
1343
1344 return acl;
1345}

References ACL_DAT, ACL_GRANT_OPTION_FOR, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACL_NUM, ACLITEM_GET_PRIVS, ACLITEM_SET_PRIVS_GOPTIONS, aclmask(), ACLMASK_ALL, aclupdate(), AclItem::ai_grantee, AclItem::ai_grantor, check_acl(), DROP_RESTRICT, ereport, errcode(), errhint(), errmsg(), ERROR, i, and pfree().

Referenced by aclupdate().

◆ RoleMembershipCacheCallback()

static void RoleMembershipCacheCallback ( Datum  arg,
int  cacheid,
uint32  hashvalue 
)
static

Definition at line 5054 of file acl.c.

5055{
5056 if (cacheid == DATABASEOID &&
5057 hashvalue != cached_db_hash &&
5058 hashvalue != 0)
5059 {
5060 return; /* ignore pg_database changes for other DBs */
5061 }
5062
5063 /* Force membership caches to be recomputed on next use */
5064 cached_role[ROLERECURSE_MEMBERS] = InvalidOid;
5065 cached_role[ROLERECURSE_PRIVS] = InvalidOid;
5066 cached_role[ROLERECURSE_SETROLE] = InvalidOid;
5067}
cached_role
static Oid cached_role[]
Definition: acl.c:81

References cached_db_hash, cached_role, InvalidOid, ROLERECURSE_MEMBERS, ROLERECURSE_PRIVS, and ROLERECURSE_SETROLE.

Referenced by initialize_acl().

◆ roles_is_member_of()

static List * roles_is_member_of ( Oid  roleid,
enum RoleRecurseType  type,
Oid  admin_of,
Oid admin_role 
)
static

Definition at line 5136 of file acl.c.

5138{
5139 Oid dba;
5140 List *roles_list;
5141 ListCell *l;
5142 List *new_cached_roles;
5143 MemoryContext oldctx;
5144 bloom_filter *bf = NULL;
5145
5146 Assert(OidIsValid(admin_of) == PointerIsValid(admin_role));
5147 if (admin_role != NULL)
5148 *admin_role = InvalidOid;
5149
5150 /* If cache is valid and ADMIN OPTION not sought, just return the list */
5151 if (cached_role[type] == roleid && !OidIsValid(admin_of) &&
5152 OidIsValid(cached_role[type]))
5153 return cached_roles[type];
5154
5155 /*
5156 * Role expansion happens in a non-database backend when guc.c checks
5157 * ROLE_PG_READ_ALL_SETTINGS for a physical walsender SHOW command. In
5158 * that case, no role gets pg_database_owner.
5159 */
5160 if (!OidIsValid(MyDatabaseId))
5161 dba = InvalidOid;
5162 else
5163 {
5164 HeapTuple dbtup;
5165
5166 dbtup = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(MyDatabaseId));
5167 if (!HeapTupleIsValid(dbtup))
5168 elog(ERROR, "cache lookup failed for database %u", MyDatabaseId);
5169 dba = ((Form_pg_database) GETSTRUCT(dbtup))->datdba;
5170 ReleaseSysCache(dbtup);
5171 }
5172
5173 /*
5174 * Find all the roles that roleid is a member of, including multi-level
5175 * recursion. The role itself will always be the first element of the
5176 * resulting list.
5177 *
5178 * Each element of the list is scanned to see if it adds any indirect
5179 * memberships. We can use a single list as both the record of
5180 * already-found memberships and the agenda of roles yet to be scanned.
5181 * This is a bit tricky but works because the foreach() macro doesn't
5182 * fetch the next list element until the bottom of the loop.
5183 */
5184 roles_list = list_make1_oid(roleid);
5185
5186 foreach(l, roles_list)
5187 {
5188 Oid memberid = lfirst_oid(l);
5189 CatCList *memlist;
5190 int i;
5191
5192 /* Find roles that memberid is directly a member of */
5193 memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
5194 ObjectIdGetDatum(memberid));
5195 for (i = 0; i < memlist->n_members; i++)
5196 {
5197 HeapTuple tup = &memlist->members[i]->tuple;
5198 Form_pg_auth_members form = (Form_pg_auth_members) GETSTRUCT(tup);
5199 Oid otherid = form->roleid;
5200
5201 /*
5202 * While otherid==InvalidOid shouldn't appear in the catalog, the
5203 * OidIsValid() avoids crashing if that arises.
5204 */
5205 if (otherid == admin_of && form->admin_option &&
5206 OidIsValid(admin_of) && !OidIsValid(*admin_role))
5207 *admin_role = memberid;
5208
5209 /* If we're supposed to ignore non-heritable grants, do so. */
5210 if (type == ROLERECURSE_PRIVS && !form->inherit_option)
5211 continue;
5212
5213 /* If we're supposed to ignore non-SET grants, do so. */
5214 if (type == ROLERECURSE_SETROLE && !form->set_option)
5215 continue;
5216
5217 /*
5218 * Even though there shouldn't be any loops in the membership
5219 * graph, we must test for having already seen this role. It is
5220 * legal for instance to have both A->B and A->C->B.
5221 */
5222 roles_list = roles_list_append(roles_list, &bf, otherid);
5223 }
5224 ReleaseSysCacheList(memlist);
5225
5226 /* implement pg_database_owner implicit membership */
5227 if (memberid == dba && OidIsValid(dba))
5228 roles_list = roles_list_append(roles_list, &bf,
5229 ROLE_PG_DATABASE_OWNER);
5230 }
5231
5232 /*
5233 * Free the Bloom filter created by roles_list_append(), if there is one.
5234 */
5235 if (bf)
5236 bloom_free(bf);
5237
5238 /*
5239 * Copy the completed list into TopMemoryContext so it will persist.
5240 */
5241 oldctx = MemoryContextSwitchTo(TopMemoryContext);
5242 new_cached_roles = list_copy(roles_list);
5243 MemoryContextSwitchTo(oldctx);
5244 list_free(roles_list);
5245
5246 /*
5247 * Now safe to assign to state variable
5248 */
5249 cached_role[type] = InvalidOid; /* just paranoia */
5250 list_free(cached_roles[type]);
5251 cached_roles[type] = new_cached_roles;
5252 cached_role[type] = roleid;
5253
5254 /* And now we can return the answer */
5255 return cached_roles[type];
5256}
roles_list_append
static List * roles_list_append(List *roles_list, bloom_filter **bf, Oid role)
Definition: acl.c:5076
cached_roles
static List * cached_roles[]
Definition: acl.c:82
bloom_free
void bloom_free(bloom_filter *filter)
Definition: bloomfilter.c:126
PointerIsValid
#define PointerIsValid(pointer)
Definition: c.h:734
list_copy
List * list_copy(const List *oldlist)
Definition: list.c:1573
list_free
void list_free(List *list)
Definition: list.c:1546
TopMemoryContext
MemoryContext TopMemoryContext
Definition: mcxt.c:165
Form_pg_auth_members
FormData_pg_auth_members * Form_pg_auth_members
Definition: pg_auth_members.h:46
Form_pg_database
FormData_pg_database * Form_pg_database
Definition: pg_database.h:96
list_make1_oid
#define list_make1_oid(x1)
Definition: pg_list.h:242
lfirst_oid
#define lfirst_oid(lc)
Definition: pg_list.h:174
List
Definition: pg_list.h:54
bloom_filter
Definition: bloomfilter.c:45
catclist::members
CatCTup * members[FLEXIBLE_ARRAY_MEMBER]
Definition: catcache.h:180
catclist::n_members
int n_members
Definition: catcache.h:178
catctup::tuple
HeapTupleData tuple
Definition: catcache.h:123
ReleaseSysCacheList
#define ReleaseSysCacheList(x)
Definition: syscache.h:134
SearchSysCacheList1
#define SearchSysCacheList1(cacheId, key1)
Definition: syscache.h:127
type
const char * type
Definition: wait_event_funcs.c:27

References Assert(), bloom_free(), cached_role, cached_roles, elog, ERROR, GETSTRUCT(), HeapTupleIsValid, i, InvalidOid, lfirst_oid, list_copy(), list_free(), list_make1_oid, catclist::members, MemoryContextSwitchTo(), MyDatabaseId, catclist::n_members, ObjectIdGetDatum(), OidIsValid, PointerIsValid, ReleaseSysCache(), ReleaseSysCacheList, ROLERECURSE_PRIVS, ROLERECURSE_SETROLE, roles_list_append(), SearchSysCache1(), SearchSysCacheList1, TopMemoryContext, catctup::tuple, and type.

Referenced by has_privs_of_role(), is_admin_of_role(), is_member_of_role(), is_member_of_role_nosuper(), member_can_set_role(), select_best_admin(), and select_best_grantor().

◆ roles_list_append()

static List * roles_list_append ( List roles_list,
bloom_filter **  bf,
Oid  role 
)
inlinestatic

Definition at line 5076 of file acl.c.

5077{
5078 unsigned char *roleptr = (unsigned char *) &role;
5079
5080 /*
5081 * If there is a previously-created Bloom filter, use it to try to
5082 * determine whether the role is missing from the list. If it says yes,
5083 * that's a hard fact and we can go ahead and add the role. If it says
5084 * no, that's only probabilistic and we'd better search the list. Without
5085 * a filter, we must always do an ordinary linear search through the
5086 * existing list.
5087 */
5088 if ((*bf && bloom_lacks_element(*bf, roleptr, sizeof(Oid))) ||
5089 !list_member_oid(roles_list, role))
5090 {
5091 /*
5092 * If the list is large, we take on the overhead of creating and
5093 * populating a Bloom filter to speed up future calls to this
5094 * function.
5095 */
5096 if (*bf == NULL &&
5097 list_length(roles_list) > ROLES_LIST_BLOOM_THRESHOLD)
5098 {
5099 *bf = bloom_create(ROLES_LIST_BLOOM_THRESHOLD * 10, work_mem, 0);
5100 foreach_oid(roleid, roles_list)
5101 bloom_add_element(*bf, (unsigned char *) &roleid, sizeof(Oid));
5102 }
5103
5104 /*
5105 * Finally, add the role to the list and the Bloom filter, if it
5106 * exists.
5107 */
5108 roles_list = lappend_oid(roles_list, role);
5109 if (*bf)
5110 bloom_add_element(*bf, roleptr, sizeof(Oid));
5111 }
5112
5113 return roles_list;
5114}
ROLES_LIST_BLOOM_THRESHOLD
#define ROLES_LIST_BLOOM_THRESHOLD
Definition: acl.c:91
bloom_create
bloom_filter * bloom_create(int64 total_elems, int bloom_work_mem, uint64 seed)
Definition: bloomfilter.c:87
bloom_lacks_element
bool bloom_lacks_element(bloom_filter *filter, unsigned char *elem, size_t len)
Definition: bloomfilter.c:157
bloom_add_element
void bloom_add_element(bloom_filter *filter, unsigned char *elem, size_t len)
Definition: bloomfilter.c:135
work_mem
int work_mem
Definition: globals.c:132
lappend_oid
List * lappend_oid(List *list, Oid datum)
Definition: list.c:375
list_length
static int list_length(const List *l)
Definition: pg_list.h:152
foreach_oid
#define foreach_oid(var, lst)
Definition: pg_list.h:471

References bloom_add_element(), bloom_create(), bloom_lacks_element(), foreach_oid, lappend_oid(), list_length(), list_member_oid(), ROLES_LIST_BLOOM_THRESHOLD, and work_mem.

Referenced by roles_is_member_of().

◆ select_best_admin()

Oid select_best_admin ( Oid  member,
Oid  role 
)

Definition at line 5423 of file acl.c.

5424{
5425 Oid admin_role;
5426
5427 /* By policy, a role cannot have WITH ADMIN OPTION on itself. */
5428 if (member == role)
5429 return InvalidOid;
5430
5431 (void) roles_is_member_of(member, ROLERECURSE_PRIVS, role, &admin_role);
5432 return admin_role;
5433}

References InvalidOid, ROLERECURSE_PRIVS, and roles_is_member_of().

Referenced by check_role_grantor().

◆ select_best_grantor()

void select_best_grantor ( Oid  roleId,
AclMode  privileges,
const Acl acl,
Oid  ownerId,
Oid grantorId,
AclMode grantOptions 
)

Definition at line 5460 of file acl.c.

5463{
5464 AclMode needed_goptions = ACL_GRANT_OPTION_FOR(privileges);
5465 List *roles_list;
5466 int nrights;
5467 ListCell *l;
5468
5469 /*
5470 * The object owner is always treated as having all grant options, so if
5471 * roleId is the owner it's easy. Also, if roleId is a superuser it's
5472 * easy: superusers are implicitly members of every role, so they act as
5473 * the object owner.
5474 */
5475 if (roleId == ownerId || superuser_arg(roleId))
5476 {
5477 *grantorId = ownerId;
5478 *grantOptions = needed_goptions;
5479 return;
5480 }
5481
5482 /*
5483 * Otherwise we have to do a careful search to see if roleId has the
5484 * privileges of any suitable role. Note: we can hang onto the result of
5485 * roles_is_member_of() throughout this loop, because aclmask_direct()
5486 * doesn't query any role memberships.
5487 */
5488 roles_list = roles_is_member_of(roleId, ROLERECURSE_PRIVS,
5489 InvalidOid, NULL);
5490
5491 /* initialize candidate result as default */
5492 *grantorId = roleId;
5493 *grantOptions = ACL_NO_RIGHTS;
5494 nrights = 0;
5495
5496 foreach(l, roles_list)
5497 {
5498 Oid otherrole = lfirst_oid(l);
5499 AclMode otherprivs;
5500
5501 otherprivs = aclmask_direct(acl, otherrole, ownerId,
5502 needed_goptions, ACLMASK_ALL);
5503 if (otherprivs == needed_goptions)
5504 {
5505 /* Found a suitable grantor */
5506 *grantorId = otherrole;
5507 *grantOptions = otherprivs;
5508 return;
5509 }
5510
5511 /*
5512 * If it has just some of the needed privileges, remember best
5513 * candidate.
5514 */
5515 if (otherprivs != ACL_NO_RIGHTS)
5516 {
5517 int nnewrights = pg_popcount64(otherprivs);
5518
5519 if (nnewrights > nrights)
5520 {
5521 *grantorId = otherrole;
5522 *grantOptions = otherprivs;
5523 nrights = nnewrights;
5524 }
5525 }
5526 }
5527}
aclmask_direct
static AclMode aclmask_direct(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Definition: acl.c:1461
pg_popcount64
int pg_popcount64(uint64 word)
Definition: pg_bitutils.c:515

References ACL_GRANT_OPTION_FOR, ACL_NO_RIGHTS, ACLMASK_ALL, aclmask_direct(), InvalidOid, lfirst_oid, pg_popcount64(), ROLERECURSE_PRIVS, roles_is_member_of(), and superuser_arg().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), and ExecGrant_Relation().

Variable Documentation

◆ cached_db_hash

uint32 cached_db_hash
static

Definition at line 83 of file acl.c.

Referenced by initialize_acl(), and RoleMembershipCacheCallback().

◆ cached_role

Oid cached_role[] = {InvalidOid, InvalidOid, InvalidOid}
static

Definition at line 81 of file acl.c.

Referenced by RoleMembershipCacheCallback(), and roles_is_member_of().

◆ cached_roles

List* cached_roles[] = {NIL, NIL, NIL}
static

Definition at line 82 of file acl.c.

Referenced by roles_is_member_of().