84 static const char *
getid(
const char *s,
char *n,
Node *escontext);
85 static void putid(
char *p,
const char *s);
146 bool in_quotes =
false;
150 while (isspace((
unsigned char) *s))
155 (isalnum((
unsigned char) *s) ||
166 in_quotes = !in_quotes;
176 (
errcode(ERRCODE_NAME_TOO_LONG),
177 errmsg(
"identifier too long"),
178 errdetail(
"Identifier must be less than %d characters.",
184 while (isspace((
unsigned char) *s))
200 for (src = s; *src; src++)
203 if (!isalnum((
unsigned char) *src) && *src !=
'_')
211 for (src = s; *src; src++)
263 if (strcmp(
name,
"group") != 0 && strcmp(
name,
"user") != 0)
265 (
errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
266 errmsg(
"unrecognized key word: \"%s\"",
name),
267 errhint(
"ACL key word must be \"group\" or \"user\".")));
274 (
errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
276 errhint(
"A name must follow the \"group\" or \"user\" key word.")));
281 (
errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
282 errmsg(
"missing \"=\" sign")));
286 for (++s,
read = 0; isalpha((
unsigned char) *s) || *s ==
'*'; s++)
343 (
errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
344 errmsg(
"invalid mode character: must be one of \"%s\"",
358 (
errcode(ERRCODE_UNDEFINED_OBJECT),
368 s =
getid(s + 1, name2, escontext);
371 if (name2[0] ==
'\0')
373 (
errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
374 errmsg(
"a name must follow the \"/\" sign")));
378 (
errcode(ERRCODE_UNDEFINED_OBJECT),
379 errmsg(
"role \"%s\" does not exist", name2)));
385 (
errcode(ERRCODE_INVALID_GRANTOR),
386 errmsg(
"defaulting grantor to user ID %u",
387 BOOTSTRAP_SUPERUSERID)));
486 if (left_acl == NULL ||
ACL_NUM(left_acl) == 0)
488 if (right_acl == NULL ||
ACL_NUM(right_acl) == 0)
495 if (right_acl == NULL ||
ACL_NUM(right_acl) == 0)
500 result_acl =
aclcopy(left_acl);
505 for (
i = 0;
i < num;
i++, aip++)
512 result_acl = tmp_acl;
524 if (acl != NULL &&
ACL_NUM(acl) > 1)
539 if (left_acl == NULL ||
ACL_NUM(left_acl) == 0)
541 if (right_acl == NULL ||
ACL_NUM(right_acl) == 0)
548 if (right_acl == NULL ||
ACL_NUM(right_acl) == 0)
571 (
errcode(ERRCODE_INVALID_PARAMETER_VALUE),
572 errmsg(
"ACL array contains wrong data type")));
575 (
errcode(ERRCODE_INVALID_PARAMETER_VALUE),
576 errmsg(
"ACL arrays must be one-dimensional")));
579 (
errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED),
580 errmsg(
"ACL arrays must not contain null values")));
595 Node *escontext = fcinfo->context;
604 while (isspace((
unsigned char) *s))
608 (
errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
609 errmsg(
"extra garbage at the end of the ACL specification")));
631 out =
palloc(strlen(
"=/") +
692 return a1->ai_grantee ==
a2->ai_grantee &&
693 a1->ai_grantor ==
a2->ai_grantor;
706 if (
a1->ai_grantee >
a2->ai_grantee)
708 if (
a1->ai_grantee <
a2->ai_grantee)
710 if (
a1->ai_grantor >
a2->ai_grantor)
712 if (
a1->ai_grantor <
a2->ai_grantor)
714 if (
a1->ai_privs >
a2->ai_privs)
716 if (
a1->ai_privs <
a2->ai_privs)
731 result =
a1->ai_privs ==
a2->ai_privs &&
732 a1->ai_grantee ==
a2->ai_grantee &&
733 a1->ai_grantor ==
a2->ai_grantor;
848 elog(
ERROR,
"unrecognized object type: %d", (
int) objtype);
945 elog(
ERROR,
"unrecognized object type abbreviation: %c", objtypec);
1000 for (dst = 0; dst < num; ++dst)
1007 memcpy(new_acl, old_acl,
ACL_SIZE(old_acl));
1017 memcpy(new_aip, old_aip, num *
sizeof(
AclItem));
1055 memmove(new_aip + dst,
1057 (num - dst - 1) *
sizeof(
AclItem));
1067 if ((old_goptions & ~new_goptions) != 0)
1071 (old_goptions & ~new_goptions),
1098 bool newpresent =
false;
1115 memcpy(new_aip, old_aip, num *
sizeof(
AclItem));
1116 for (dst = 0, dst_aip = new_aip; dst < num; dst++, dst_aip++)
1147 for (targ = 0, targ_aip = new_aip; targ < num; targ++, targ_aip++)
1153 for (src = targ + 1, src_aip = targ_aip + 1; src < num;
1168 new_aip[dst] = *targ_aip;
1216 memcpy(acl, old_acl,
ACL_SIZE(old_acl));
1222 for (
i = 0;
i < num;
i++)
1250 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1251 errmsg(
"grant options cannot be granted back to your own grantor")));
1287 if (grantee == ownerId)
1291 still_has =
aclmask(acl, grantee, ownerId,
1301 for (
i = 0;
i < num;
i++)
1303 if (aip[
i].ai_grantor == grantee
1311 (
errcode(ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST),
1312 errmsg(
"dependent privileges exist"),
1313 errhint(
"Use CASCADE to revoke them too.")));
1388 if ((how ==
ACLMASK_ALL) ? (result == mask) : (result != 0))
1398 for (
i = 0;
i < num;
i++)
1406 if ((how ==
ACLMASK_ALL) ? (result == mask) : (result != 0))
1419 for (
i = 0;
i < num;
i++)
1431 if ((how ==
ACLMASK_ALL) ? (result == mask) : (result != 0))
1476 if ((how ==
ACLMASK_ALL) ? (result == mask) : (result != 0))
1486 for (
i = 0;
i < num;
i++)
1493 if ((how ==
ACLMASK_ALL) ? (result == mask) : (result != 0))
1518 if (acl == NULL ||
ACL_NUM(acl) == 0)
1566 (
errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1567 errmsg(
"aclinsert is no longer supported")));
1576 (
errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1577 errmsg(
"aclremove is no longer supported")));
1594 for (
i = 0;
i < num; ++
i)
1613 static const priv_map any_priv_map[] = {
1667 for (chunk = priv_type; chunk; chunk = next_chunk)
1673 next_chunk = strchr(chunk,
',');
1675 *next_chunk++ =
'\0';
1678 while (*chunk && isspace((
unsigned char) *chunk))
1680 chunk_len = strlen(chunk);
1681 while (chunk_len > 0 && isspace((
unsigned char) chunk[chunk_len - 1]))
1683 chunk[chunk_len] =
'\0';
1686 for (this_priv = privileges; this_priv->
name; this_priv++)
1690 result |= this_priv->
value;
1694 if (!this_priv->
name)
1696 (
errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1697 errmsg(
"unrecognized privilege type: \"%s\"", chunk)));
1721 return "REFERENCES";
1737 return "ALTER SYSTEM";
1741 elog(
ERROR,
"unrecognized aclright: %d", aclright);
1822 aidata = &aidat[
idx[0]];
1823 priv_bit = UINT64CONST(1) <<
idx[1];
1829 bool nulls[4] = {0};
2034 static const priv_map table_priv_map[] = {
2052 {
"RULE WITH GRANT OPTION", 0},
2091 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2092 errmsg(
"\"%s\" is not a sequence",
2121 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2122 errmsg(
"\"%s\" is not a sequence",
2149 if (relkind ==
'\0')
2151 else if (relkind != RELKIND_SEQUENCE)
2153 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2154 errmsg(
"\"%s\" is not a sequence",
2181 if (relkind ==
'\0')
2183 else if (relkind != RELKIND_SEQUENCE)
2185 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2186 errmsg(
"\"%s\" is not a sequence",
2213 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2214 errmsg(
"\"%s\" is not a sequence",
2239 if (relkind ==
'\0')
2241 else if (relkind != RELKIND_SEQUENCE)
2243 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2244 errmsg(
"\"%s\" is not a sequence",
2259 static const priv_map sequence_priv_map[] = {
2486 bool is_missing =
false;
2503 else if (is_missing)
2510 else if (is_missing)
2864 if (attributeForm->attisdropped)
2867 attnum = attributeForm->attnum;
2879 if (tablename != NULL)
2883 (
errcode(ERRCODE_UNDEFINED_COLUMN),
2884 errmsg(
"column \"%s\" of relation \"%s\" does not exist",
2885 colname, tablename)));
2902 static const priv_map column_priv_map[] = {
3099 static const priv_map database_priv_map[] = {
3296 static const priv_map foreign_data_wrapper_priv_map[] = {
3483 (
errcode(ERRCODE_UNDEFINED_FUNCTION),
3496 static const priv_map function_priv_map[] = {
3687 static const priv_map language_priv_map[] = {
3878 static const priv_map schema_priv_map[] = {
4071 static const priv_map server_priv_map[] = {
4262 static const priv_map tablespace_priv_map[] = {
4448 (
errcode(ERRCODE_UNDEFINED_OBJECT),
4461 static const priv_map type_priv_map[] = {
4550 static const priv_map parameter_priv_map[] = {
4728 static const priv_map role_priv_map[] = {
4845 Oid admin_of,
Oid *admin_role)
4850 List *new_cached_roles;
4854 if (admin_role != NULL)
4893 foreach(l, roles_list)
4906 Oid otherid = form->roleid;
4912 if (otherid == admin_of && form->admin_option &&
4914 *admin_role = memberid;
4936 ROLE_PG_DATABASE_OWNER);
4943 new_cached_roles =
list_copy(roles_list);
5030 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
5031 errmsg(
"must be able to SET ROLE \"%s\"",
5180 const Acl *acl,
Oid ownerId,
5196 *grantorId = ownerId;
5197 *grantOptions = needed_goptions;
5211 *grantorId = roleId;
5215 foreach(l, roles_list)
5222 if (otherprivs == needed_goptions)
5225 *grantorId = otherrole;
5226 *grantOptions = otherprivs;
5238 if (nnewrights > nrights)
5240 *grantorId = otherrole;
5241 *grantOptions = otherprivs;
5242 nrights = nnewrights;
5263 (
errcode(ERRCODE_UNDEFINED_OBJECT),
5275 if (strcmp(
rolname,
"public") == 0)
5311 (
errcode(ERRCODE_UNDEFINED_OBJECT),
5312 errmsg(
"role \"%s\" does not exist",
"public")));
5339 (
errcode(ERRCODE_UNDEFINED_OBJECT),
5358 (
errcode(ERRCODE_UNDEFINED_OBJECT),
5359 errmsg(
"role \"%s\" does not exist",
"public")));
5408 (
errcode(ERRCODE_RESERVED_NAME),
5409 errmsg(
"role name \"%s\" is reserved",
5414 (
errcode(ERRCODE_RESERVED_NAME),
5415 errmsg(
"role name \"%s\" is reserved",
Datum idx(PG_FUNCTION_ARGS)
Datum pg_has_role_id_id(PG_FUNCTION_ARGS)
Datum has_schema_privilege_id(PG_FUNCTION_ARGS)
Datum hash_aclitem(PG_FUNCTION_ARGS)
void initialize_acl(void)
Datum has_sequence_privilege_name(PG_FUNCTION_ARGS)
Datum has_table_privilege_id_id(PG_FUNCTION_ARGS)
Datum has_server_privilege_id(PG_FUNCTION_ARGS)
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
Datum has_tablespace_privilege_id_id(PG_FUNCTION_ARGS)
Datum has_column_privilege_id_id_attnum(PG_FUNCTION_ARGS)
Datum has_server_privilege_name_name(PG_FUNCTION_ARGS)
Datum aclinsert(PG_FUNCTION_ARGS)
static AclMode convert_function_priv_string(text *priv_type_text)
static const char * getid(const char *s, char *n, Node *escontext)
static const char * convert_aclright_to_string(int aclright)
bool is_admin_of_role(Oid member, Oid role)
Datum has_column_privilege_id_name(PG_FUNCTION_ARGS)
static bool aclitem_match(const AclItem *a1, const AclItem *a2)
Datum pg_has_role_name_name(PG_FUNCTION_ARGS)
Datum has_language_privilege_name_name(PG_FUNCTION_ARGS)
Datum has_schema_privilege_name_name(PG_FUNCTION_ARGS)
Datum aclitem_eq(PG_FUNCTION_ARGS)
Datum has_tablespace_privilege_name_id(PG_FUNCTION_ARGS)
Datum makeaclitem(PG_FUNCTION_ARGS)
Datum has_table_privilege_id_name(PG_FUNCTION_ARGS)
Datum has_server_privilege_name_id(PG_FUNCTION_ARGS)
Datum has_column_privilege_name_id_attnum(PG_FUNCTION_ARGS)
Datum has_language_privilege_id_name(PG_FUNCTION_ARGS)
static int column_privilege_check(Oid tableoid, AttrNumber attnum, Oid roleid, AclMode mode)
static Oid convert_type_name(text *typename)
char * get_rolespec_name(const RoleSpec *role)
Oid select_best_admin(Oid member, Oid role)
Datum aclexplode(PG_FUNCTION_ARGS)
static Oid convert_database_name(text *databasename)
Datum aclitemout(PG_FUNCTION_ARGS)
Oid get_role_oid_or_public(const char *rolname)
Datum has_foreign_data_wrapper_privilege_name_id(PG_FUNCTION_ARGS)
Datum has_foreign_data_wrapper_privilege_id_id(PG_FUNCTION_ARGS)
bool aclequal(const Acl *left_acl, const Acl *right_acl)
Datum hash_aclitem_extended(PG_FUNCTION_ARGS)
static void check_acl(const Acl *acl)
Datum has_parameter_privilege_name_name(PG_FUNCTION_ARGS)
Datum has_foreign_data_wrapper_privilege_id(PG_FUNCTION_ARGS)
Datum has_database_privilege_name(PG_FUNCTION_ARGS)
static uint32 cached_db_hash
Datum has_type_privilege_name_name(PG_FUNCTION_ARGS)
Datum has_column_privilege_name_name_name(PG_FUNCTION_ARGS)
Datum pg_has_role_name(PG_FUNCTION_ARGS)
Datum has_sequence_privilege_id(PG_FUNCTION_ARGS)
static AclMode convert_type_priv_string(text *priv_type_text)
Datum has_tablespace_privilege_name(PG_FUNCTION_ARGS)
static AclMode convert_table_priv_string(text *priv_type_text)
static AclMode convert_server_priv_string(text *priv_type_text)
Datum has_table_privilege_name_id(PG_FUNCTION_ARGS)
Datum has_foreign_data_wrapper_privilege_name_name(PG_FUNCTION_ARGS)
Datum has_tablespace_privilege_id_name(PG_FUNCTION_ARGS)
static Acl * recursive_revoke(Acl *acl, Oid grantee, AclMode revoke_privs, Oid ownerId, DropBehavior behavior)
static void RoleMembershipCacheCallback(Datum arg, int cacheid, uint32 hashvalue)
Datum has_database_privilege_name_id(PG_FUNCTION_ARGS)
static Oid convert_schema_name(text *schemaname)
Datum has_column_privilege_name_name(PG_FUNCTION_ARGS)
static void putid(char *p, const char *s)
Datum has_schema_privilege_id_name(PG_FUNCTION_ARGS)
static void check_circularity(const Acl *old_acl, const AclItem *mod_aip, Oid ownerId)
static bool has_param_priv_byname(Oid roleid, const text *parameter, AclMode priv)
bool is_member_of_role(Oid member, Oid role)
Datum has_sequence_privilege_id_name(PG_FUNCTION_ARGS)
Datum has_database_privilege_id_name(PG_FUNCTION_ARGS)
static Oid convert_foreign_data_wrapper_name(text *fdwname)
Datum has_language_privilege_id(PG_FUNCTION_ARGS)
static AclMode convert_database_priv_string(text *priv_type_text)
Datum has_foreign_data_wrapper_privilege_name(PG_FUNCTION_ARGS)
Datum has_column_privilege_name_attnum(PG_FUNCTION_ARGS)
Datum has_column_privilege_id_attnum(PG_FUNCTION_ARGS)
Datum has_type_privilege_name_id(PG_FUNCTION_ARGS)
Datum has_any_column_privilege_name_id(PG_FUNCTION_ARGS)
Datum has_server_privilege_id_name(PG_FUNCTION_ARGS)
Datum has_language_privilege_name_id(PG_FUNCTION_ARGS)
Datum has_foreign_data_wrapper_privilege_id_name(PG_FUNCTION_ARGS)
Datum has_schema_privilege_name_id(PG_FUNCTION_ARGS)
Datum has_function_privilege_name_name(PG_FUNCTION_ARGS)
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
Datum has_any_column_privilege_name_name(PG_FUNCTION_ARGS)
bool is_member_of_role_nosuper(Oid member, Oid role)
Datum has_sequence_privilege_name_id(PG_FUNCTION_ARGS)
Datum has_schema_privilege_name(PG_FUNCTION_ARGS)
Datum acldefault_sql(PG_FUNCTION_ARGS)
bool has_privs_of_role(Oid member, Oid role)
static Oid convert_language_name(text *languagename)
Datum has_language_privilege_id_id(PG_FUNCTION_ARGS)
static AclMode convert_any_priv_string(text *priv_type_text, const priv_map *privileges)
Datum has_database_privilege_id_id(PG_FUNCTION_ARGS)
Datum has_function_privilege_name(PG_FUNCTION_ARGS)
int aclmembers(const Acl *acl, Oid **roleids)
Datum has_language_privilege_name(PG_FUNCTION_ARGS)
Acl * aclconcat(const Acl *left_acl, const Acl *right_acl)
Acl * aclcopy(const Acl *orig_acl)
Datum has_server_privilege_name(PG_FUNCTION_ARGS)
bool member_can_set_role(Oid member, Oid role)
Datum aclremove(PG_FUNCTION_ARGS)
Datum has_function_privilege_id(PG_FUNCTION_ARGS)
void aclitemsort(Acl *acl)
Datum has_table_privilege_id(PG_FUNCTION_ARGS)
Datum has_function_privilege_id_id(PG_FUNCTION_ARGS)
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
static Oid convert_server_name(text *servername)
Acl * acldefault(ObjectType objtype, Oid ownerId)
static Oid convert_tablespace_name(text *tablespacename)
Acl * make_empty_acl(void)
Datum has_column_privilege_name_name_attnum(PG_FUNCTION_ARGS)
static AclMode convert_parameter_priv_string(text *priv_text)
static Oid convert_table_name(text *tablename)
Datum has_column_privilege_name_id_name(PG_FUNCTION_ARGS)
static int count_one_bits(AclMode mask)
static AclMode convert_tablespace_priv_string(text *priv_type_text)
static AclMode convert_language_priv_string(text *priv_type_text)
Datum aclitemin(PG_FUNCTION_ARGS)
static AclMode convert_sequence_priv_string(text *priv_type_text)
Datum pg_has_role_id(PG_FUNCTION_ARGS)
Datum has_parameter_privilege_id_name(PG_FUNCTION_ARGS)
Acl * aclnewowner(const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)
static Acl * allocacl(int n)
static AttrNumber convert_column_name(Oid tableoid, text *column)
static AclMode convert_role_priv_string(text *priv_type_text)
Oid get_role_oid(const char *rolname, bool missing_ok)
Datum has_tablespace_privilege_name_name(PG_FUNCTION_ARGS)
Datum has_parameter_privilege_name(PG_FUNCTION_ARGS)
Datum has_any_column_privilege_name(PG_FUNCTION_ARGS)
Datum has_sequence_privilege_name_name(PG_FUNCTION_ARGS)
Datum has_function_privilege_name_id(PG_FUNCTION_ARGS)
Datum has_type_privilege_id_id(PG_FUNCTION_ARGS)
Datum has_server_privilege_id_id(PG_FUNCTION_ARGS)
static AclResult pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode)
Datum has_function_privilege_id_name(PG_FUNCTION_ARGS)
Datum has_table_privilege_name(PG_FUNCTION_ARGS)
Datum has_type_privilege_id_name(PG_FUNCTION_ARGS)
Datum has_column_privilege_id_name_attnum(PG_FUNCTION_ARGS)
void check_can_set_role(Oid member, Oid role)