91 #define ROLES_LIST_BLOOM_THRESHOLD 1024
93 static const char *
getid(
const char *s,
char *n,
Node *escontext);
94 static void putid(
char *p,
const char *s);
156 bool in_quotes =
false;
160 while (isspace((
unsigned char) *s))
165 (isalnum((
unsigned char) *s) ||
176 in_quotes = !in_quotes;
186 (
errcode(ERRCODE_NAME_TOO_LONG),
187 errmsg(
"identifier too long"),
188 errdetail(
"Identifier must be less than %d characters.",
194 while (isspace((
unsigned char) *s))
210 for (src = s; *src; src++)
213 if (!isalnum((
unsigned char) *src) && *src !=
'_')
221 for (src = s; *src; src++)
273 if (strcmp(
name,
"group") != 0 && strcmp(
name,
"user") != 0)
275 (
errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
276 errmsg(
"unrecognized key word: \"%s\"",
name),
277 errhint(
"ACL key word must be \"group\" or \"user\".")));
284 (
errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
286 errhint(
"A name must follow the \"group\" or \"user\" key word.")));
291 (
errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
292 errmsg(
"missing \"=\" sign")));
296 for (++s,
read = 0; isalpha((
unsigned char) *s) || *s ==
'*'; s++)
350 (
errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
351 errmsg(
"invalid mode character: must be one of \"%s\"",
365 (
errcode(ERRCODE_UNDEFINED_OBJECT),
375 s =
getid(s + 1, name2, escontext);
378 if (name2[0] ==
'\0')
380 (
errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
381 errmsg(
"a name must follow the \"/\" sign")));
385 (
errcode(ERRCODE_UNDEFINED_OBJECT),
386 errmsg(
"role \"%s\" does not exist", name2)));
392 (
errcode(ERRCODE_INVALID_GRANTOR),
393 errmsg(
"defaulting grantor to user ID %u",
394 BOOTSTRAP_SUPERUSERID)));
493 if (left_acl == NULL ||
ACL_NUM(left_acl) == 0)
495 if (right_acl == NULL ||
ACL_NUM(right_acl) == 0)
502 if (right_acl == NULL ||
ACL_NUM(right_acl) == 0)
507 result_acl =
aclcopy(left_acl);
512 for (
i = 0;
i < num;
i++, aip++)
519 result_acl = tmp_acl;
531 if (acl != NULL &&
ACL_NUM(acl) > 1)
546 if (left_acl == NULL ||
ACL_NUM(left_acl) == 0)
548 if (right_acl == NULL ||
ACL_NUM(right_acl) == 0)
555 if (right_acl == NULL ||
ACL_NUM(right_acl) == 0)
578 (
errcode(ERRCODE_INVALID_PARAMETER_VALUE),
579 errmsg(
"ACL array contains wrong data type")));
582 (
errcode(ERRCODE_INVALID_PARAMETER_VALUE),
583 errmsg(
"ACL arrays must be one-dimensional")));
586 (
errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED),
587 errmsg(
"ACL arrays must not contain null values")));
602 Node *escontext = fcinfo->context;
611 while (isspace((
unsigned char) *s))
615 (
errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
616 errmsg(
"extra garbage at the end of the ACL specification")));
638 out =
palloc(strlen(
"=/") +
699 return a1->ai_grantee ==
a2->ai_grantee &&
700 a1->ai_grantor ==
a2->ai_grantor;
713 if (
a1->ai_grantee >
a2->ai_grantee)
715 if (
a1->ai_grantee <
a2->ai_grantee)
717 if (
a1->ai_grantor >
a2->ai_grantor)
719 if (
a1->ai_grantor <
a2->ai_grantor)
721 if (
a1->ai_privs >
a2->ai_privs)
723 if (
a1->ai_privs <
a2->ai_privs)
738 result =
a1->ai_privs ==
a2->ai_privs &&
739 a1->ai_grantee ==
a2->ai_grantee &&
740 a1->ai_grantor ==
a2->ai_grantor;
855 elog(
ERROR,
"unrecognized object type: %d", (
int) objtype);
952 elog(
ERROR,
"unrecognized object type abbreviation: %c", objtypec);
1007 for (dst = 0; dst < num; ++dst)
1014 memcpy(new_acl, old_acl,
ACL_SIZE(old_acl));
1024 memcpy(new_aip, old_aip, num *
sizeof(
AclItem));
1062 memmove(new_aip + dst,
1064 (num - dst - 1) *
sizeof(
AclItem));
1074 if ((old_goptions & ~new_goptions) != 0)
1078 (old_goptions & ~new_goptions),
1111 bool newpresent =
false;
1128 memcpy(new_aip, old_aip, num *
sizeof(
AclItem));
1129 for (dst = 0, dst_aip = new_aip; dst < num; dst++, dst_aip++)
1160 for (targ = 0, targ_aip = new_aip; targ < num; targ++, targ_aip++)
1166 for (src = targ + 1, src_aip = targ_aip + 1; src < num;
1181 new_aip[dst] = *targ_aip;
1229 memcpy(acl, old_acl,
ACL_SIZE(old_acl));
1235 for (
i = 0;
i < num;
i++)
1263 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1264 errmsg(
"grant options cannot be granted back to your own grantor")));
1300 if (grantee == ownerId)
1304 still_has =
aclmask(acl, grantee, ownerId,
1314 for (
i = 0;
i < num;
i++)
1316 if (aip[
i].ai_grantor == grantee
1324 (
errcode(ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST),
1325 errmsg(
"dependent privileges exist"),
1326 errhint(
"Use CASCADE to revoke them too.")));
1401 if ((how ==
ACLMASK_ALL) ? (result == mask) : (result != 0))
1411 for (
i = 0;
i < num;
i++)
1419 if ((how ==
ACLMASK_ALL) ? (result == mask) : (result != 0))
1432 for (
i = 0;
i < num;
i++)
1444 if ((how ==
ACLMASK_ALL) ? (result == mask) : (result != 0))
1489 if ((how ==
ACLMASK_ALL) ? (result == mask) : (result != 0))
1499 for (
i = 0;
i < num;
i++)
1506 if ((how ==
ACLMASK_ALL) ? (result == mask) : (result != 0))
1531 if (acl == NULL ||
ACL_NUM(acl) == 0)
1579 (
errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1580 errmsg(
"aclinsert is no longer supported")));
1589 (
errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1590 errmsg(
"aclremove is no longer supported")));
1607 for (
i = 0;
i < num; ++
i)
1626 static const priv_map any_priv_map[] = {
1685 next_chunk = strchr(
chunk,
',');
1687 *next_chunk++ =
'\0';
1690 while (*
chunk && isspace((
unsigned char) *
chunk))
1692 chunk_len = strlen(
chunk);
1693 while (chunk_len > 0 && isspace((
unsigned char)
chunk[chunk_len - 1]))
1695 chunk[chunk_len] =
'\0';
1698 for (this_priv = privileges; this_priv->
name; this_priv++)
1702 result |= this_priv->
value;
1706 if (!this_priv->
name)
1708 (
errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1709 errmsg(
"unrecognized privilege type: \"%s\"",
chunk)));
1733 return "REFERENCES";
1749 return "ALTER SYSTEM";
1753 elog(
ERROR,
"unrecognized aclright: %d", aclright);
1834 aidata = &aidat[
idx[0]];
1841 bool nulls[4] = {0};
1936 bool is_missing =
false;
1963 bool is_missing =
false;
2012 bool is_missing =
false;
2049 static const priv_map table_priv_map[] = {
2104 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2105 errmsg(
"\"%s\" is not a sequence",
2134 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2135 errmsg(
"\"%s\" is not a sequence",
2158 bool is_missing =
false;
2163 if (relkind ==
'\0')
2165 else if (relkind != RELKIND_SEQUENCE)
2167 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2168 errmsg(
"\"%s\" is not a sequence",
2194 bool is_missing =
false;
2199 if (relkind ==
'\0')
2201 else if (relkind != RELKIND_SEQUENCE)
2203 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2204 errmsg(
"\"%s\" is not a sequence",
2234 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2235 errmsg(
"\"%s\" is not a sequence",
2257 bool is_missing =
false;
2261 if (relkind ==
'\0')
2263 else if (relkind != RELKIND_SEQUENCE)
2265 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2266 errmsg(
"\"%s\" is not a sequence",
2284 static const priv_map sequence_priv_map[] = {
2381 bool is_missing =
false;
2415 bool is_missing =
false;
2475 bool is_missing =
false;
2523 bool is_missing =
false;
2540 else if (is_missing)
2547 else if (is_missing)
2901 if (attributeForm->attisdropped)
2904 attnum = attributeForm->attnum;
2916 if (tablename != NULL)
2920 (
errcode(ERRCODE_UNDEFINED_COLUMN),
2921 errmsg(
"column \"%s\" of relation \"%s\" does not exist",
2922 colname, tablename)));
2939 static const priv_map column_priv_map[] = {
3029 bool is_missing =
false;
3058 bool is_missing =
false;
3109 bool is_missing =
false;
3145 static const priv_map database_priv_map[] = {
3235 bool is_missing =
false;
3264 bool is_missing =
false;
3315 bool is_missing =
false;
3351 static const priv_map foreign_data_wrapper_priv_map[] = {
3435 bool is_missing =
false;
3464 bool is_missing =
false;
3515 bool is_missing =
false;
3547 (
errcode(ERRCODE_UNDEFINED_FUNCTION),
3560 static const priv_map function_priv_map[] = {
3644 bool is_missing =
false;
3673 bool is_missing =
false;
3724 bool is_missing =
false;
3760 static const priv_map language_priv_map[] = {
3844 bool is_missing =
false;
3873 bool is_missing =
false;
3924 bool is_missing =
false;
3960 static const priv_map schema_priv_map[] = {
4046 bool is_missing =
false;
4075 bool is_missing =
false;
4126 bool is_missing =
false;
4162 static const priv_map server_priv_map[] = {
4246 bool is_missing =
false;
4275 bool is_missing =
false;
4326 bool is_missing =
false;
4362 static const priv_map tablespace_priv_map[] = {
4445 bool is_missing =
false;
4474 bool is_missing =
false;
4525 bool is_missing =
false;
4557 (
errcode(ERRCODE_UNDEFINED_OBJECT),
4570 static const priv_map type_priv_map[] = {
4659 static const priv_map parameter_priv_map[] = {
4699 Assert(is_missing != NULL);
4727 bool is_missing =
false;
4752 bool is_missing =
false;
4776 bool is_missing =
false;
4795 static const priv_map largeobject_priv_map[] = {
4973 static const priv_map role_priv_map[] = {
5056 if (cacheid == DATABASEOID &&
5075 static inline List *
5078 unsigned char *roleptr = (
unsigned char *) &role;
5137 Oid admin_of,
Oid *admin_role)
5142 List *new_cached_roles;
5147 if (admin_role != NULL)
5186 foreach(l, roles_list)
5199 Oid otherid = form->roleid;
5205 if (otherid == admin_of && form->admin_option &&
5207 *admin_role = memberid;
5229 ROLE_PG_DATABASE_OWNER);
5242 new_cached_roles =
list_copy(roles_list);
5329 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
5330 errmsg(
"must be able to SET ROLE \"%s\"",
5479 const Acl *acl,
Oid ownerId,
5495 *grantorId = ownerId;
5496 *grantOptions = needed_goptions;
5510 *grantorId = roleId;
5514 foreach(l, roles_list)
5521 if (otherprivs == needed_goptions)
5524 *grantorId = otherrole;
5525 *grantOptions = otherprivs;
5537 if (nnewrights > nrights)
5539 *grantorId = otherrole;
5540 *grantOptions = otherprivs;
5541 nrights = nnewrights;
5562 (
errcode(ERRCODE_UNDEFINED_OBJECT),
5574 if (strcmp(
rolname,
"public") == 0)
5610 (
errcode(ERRCODE_UNDEFINED_OBJECT),
5611 errmsg(
"role \"%s\" does not exist",
"public")));
5638 (
errcode(ERRCODE_UNDEFINED_OBJECT),
5657 (
errcode(ERRCODE_UNDEFINED_OBJECT),
5658 errmsg(
"role \"%s\" does not exist",
"public")));
5707 (
errcode(ERRCODE_RESERVED_NAME),
5708 errmsg(
"role name \"%s\" is reserved",
5713 (
errcode(ERRCODE_RESERVED_NAME),
5714 errmsg(
"role name \"%s\" is reserved",
Datum idx(PG_FUNCTION_ARGS)
Datum pg_has_role_id_id(PG_FUNCTION_ARGS)
Datum has_schema_privilege_id(PG_FUNCTION_ARGS)
Datum has_largeobject_privilege_id_id(PG_FUNCTION_ARGS)
Datum hash_aclitem(PG_FUNCTION_ARGS)
void initialize_acl(void)
Datum has_sequence_privilege_name(PG_FUNCTION_ARGS)
Datum has_table_privilege_id_id(PG_FUNCTION_ARGS)
Datum has_server_privilege_id(PG_FUNCTION_ARGS)
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
Datum has_tablespace_privilege_id_id(PG_FUNCTION_ARGS)
Datum has_column_privilege_id_id_attnum(PG_FUNCTION_ARGS)
Datum has_server_privilege_name_name(PG_FUNCTION_ARGS)
Datum aclinsert(PG_FUNCTION_ARGS)
static AclMode convert_function_priv_string(text *priv_type_text)
Datum has_largeobject_privilege_name_id(PG_FUNCTION_ARGS)
static const char * getid(const char *s, char *n, Node *escontext)
static const char * convert_aclright_to_string(int aclright)
bool is_admin_of_role(Oid member, Oid role)
Datum has_column_privilege_id_name(PG_FUNCTION_ARGS)
static bool aclitem_match(const AclItem *a1, const AclItem *a2)
Datum pg_has_role_name_name(PG_FUNCTION_ARGS)
Datum has_language_privilege_name_name(PG_FUNCTION_ARGS)
Datum has_schema_privilege_name_name(PG_FUNCTION_ARGS)
Datum aclitem_eq(PG_FUNCTION_ARGS)
Datum has_tablespace_privilege_name_id(PG_FUNCTION_ARGS)
Datum makeaclitem(PG_FUNCTION_ARGS)
Datum has_table_privilege_id_name(PG_FUNCTION_ARGS)
Datum has_server_privilege_name_id(PG_FUNCTION_ARGS)
Datum has_column_privilege_name_id_attnum(PG_FUNCTION_ARGS)
Datum has_language_privilege_id_name(PG_FUNCTION_ARGS)