PostgreSQL Source Code  git master
acl.c
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * acl.c
4  * Basic access control list data structures manipulation routines.
5  *
6  * Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
7  * Portions Copyright (c) 1994, Regents of the University of California
8  *
9  *
10  * IDENTIFICATION
11  * src/backend/utils/adt/acl.c
12  *
13  *-------------------------------------------------------------------------
14  */
15 #include "postgres.h"
16 
17 #include <ctype.h>
18 
19 #include "access/hash.h"
20 #include "access/htup_details.h"
21 #include "catalog/catalog.h"
22 #include "catalog/namespace.h"
23 #include "catalog/pg_authid.h"
24 #include "catalog/pg_auth_members.h"
25 #include "catalog/pg_type.h"
26 #include "catalog/pg_class.h"
27 #include "commands/dbcommands.h"
28 #include "commands/proclang.h"
29 #include "commands/tablespace.h"
30 #include "foreign/foreign.h"
31 #include "funcapi.h"
32 #include "miscadmin.h"
33 #include "utils/acl.h"
34 #include "utils/builtins.h"
35 #include "utils/catcache.h"
36 #include "utils/inval.h"
37 #include "utils/lsyscache.h"
38 #include "utils/memutils.h"
39 #include "utils/syscache.h"
40 #include "utils/varlena.h"
41 
42 
43 typedef struct
44 {
45  const char *name;
46  AclMode value;
47 } priv_map;
48 
49 /*
50  * We frequently need to test whether a given role is a member of some other
51  * role. In most of these tests the "given role" is the same, namely the
52  * active current user. So we can optimize it by keeping a cached list of
53  * all the roles the "given role" is a member of, directly or indirectly.
54  * The cache is flushed whenever we detect a change in pg_auth_members.
55  *
56  * There are actually two caches, one computed under "has_privs" rules
57  * (do not recurse where rolinherit isn't true) and one computed under
58  * "is_member" rules (recurse regardless of rolinherit).
59  *
60  * Possibly this mechanism should be generalized to allow caching membership
61  * info for multiple roles?
62  *
63  * The has_privs cache is:
64  * cached_privs_role is the role OID the cache is for.
65  * cached_privs_roles is an OID list of roles that cached_privs_role
66  * has the privileges of (always including itself).
67  * The cache is valid if cached_privs_role is not InvalidOid.
68  *
69  * The is_member cache is similarly:
70  * cached_member_role is the role OID the cache is for.
71  * cached_membership_roles is an OID list of roles that cached_member_role
72  * is a member of (always including itself).
73  * The cache is valid if cached_member_role is not InvalidOid.
74  */
75 static Oid cached_privs_role = InvalidOid;
76 static List *cached_privs_roles = NIL;
77 static Oid cached_member_role = InvalidOid;
78 static List *cached_membership_roles = NIL;
79 
80 
81 static const char *getid(const char *s, char *n);
82 static void putid(char *p, const char *s);
83 static Acl *allocacl(int n);
84 static void check_acl(const Acl *acl);
85 static const char *aclparse(const char *s, AclItem *aip);
86 static bool aclitem_match(const AclItem *a1, const AclItem *a2);
87 static int aclitemComparator(const void *arg1, const void *arg2);
88 static void check_circularity(const Acl *old_acl, const AclItem *mod_aip,
89  Oid ownerId);
90 static Acl *recursive_revoke(Acl *acl, Oid grantee, AclMode revoke_privs,
91  Oid ownerId, DropBehavior behavior);
92 
93 static AclMode convert_priv_string(text *priv_type_text);
94 static AclMode convert_any_priv_string(text *priv_type_text,
95  const priv_map *privileges);
96 
97 static Oid convert_table_name(text *tablename);
98 static AclMode convert_table_priv_string(text *priv_type_text);
99 static AclMode convert_sequence_priv_string(text *priv_type_text);
100 static AttrNumber convert_column_name(Oid tableoid, text *column);
101 static AclMode convert_column_priv_string(text *priv_type_text);
102 static Oid convert_database_name(text *databasename);
103 static AclMode convert_database_priv_string(text *priv_type_text);
104 static Oid convert_foreign_data_wrapper_name(text *fdwname);
105 static AclMode convert_foreign_data_wrapper_priv_string(text *priv_type_text);
106 static Oid convert_function_name(text *functionname);
107 static AclMode convert_function_priv_string(text *priv_type_text);
108 static Oid convert_language_name(text *languagename);
109 static AclMode convert_language_priv_string(text *priv_type_text);
110 static Oid convert_schema_name(text *schemaname);
111 static AclMode convert_schema_priv_string(text *priv_type_text);
112 static Oid convert_server_name(text *servername);
113 static AclMode convert_server_priv_string(text *priv_type_text);
114 static Oid convert_tablespace_name(text *tablespacename);
115 static AclMode convert_tablespace_priv_string(text *priv_type_text);
116 static Oid convert_type_name(text *typename);
117 static AclMode convert_type_priv_string(text *priv_type_text);
118 static AclMode convert_role_priv_string(text *priv_type_text);
119 static AclResult pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode);
120 
121 static void RoleMembershipCacheCallback(Datum arg, int cacheid, uint32 hashvalue);
122 
123 
124 /*
125  * getid
126  * Consumes the first alphanumeric string (identifier) found in string
127  * 's', ignoring any leading white space. If it finds a double quote
128  * it returns the word inside the quotes.
129  *
130  * RETURNS:
131  * the string position in 's' that points to the next non-space character
132  * in 's', after any quotes. Also:
133  * - loads the identifier into 'n'. (If no identifier is found, 'n'
134  * contains an empty string.) 'n' must be NAMEDATALEN bytes.
135  */
136 static const char *
137 getid(const char *s, char *n)
138 {
139  int len = 0;
140  bool in_quotes = false;
141 
142  Assert(s && n);
143 
144  while (isspace((unsigned char) *s))
145  s++;
146  /* This code had better match what putid() does, below */
147  for (;
148  *s != '\0' &&
149  (isalnum((unsigned char) *s) ||
150  *s == '_' ||
151  *s == '"' ||
152  in_quotes);
153  s++)
154  {
155  if (*s == '"')
156  {
157  /* safe to look at next char (could be '\0' though) */
158  if (*(s + 1) != '"')
159  {
160  in_quotes = !in_quotes;
161  continue;
162  }
163  /* it's an escaped double quote; skip the escaping char */
164  s++;
165  }
166 
167  /* Add the character to the string */
168  if (len >= NAMEDATALEN - 1)
169  ereport(ERROR,
170  (errcode(ERRCODE_NAME_TOO_LONG),
171  errmsg("identifier too long"),
172  errdetail("Identifier must be less than %d characters.",
173  NAMEDATALEN)));
174 
175  n[len++] = *s;
176  }
177  n[len] = '\0';
178  while (isspace((unsigned char) *s))
179  s++;
180  return s;
181 }
182 
183 /*
184  * Write a role name at *p, adding double quotes if needed.
185  * There must be at least (2*NAMEDATALEN)+2 bytes available at *p.
186  * This needs to be kept in sync with copyAclUserName in pg_dump/dumputils.c
187  */
188 static void
189 putid(char *p, const char *s)
190 {
191  const char *src;
192  bool safe = true;
193 
194  for (src = s; *src; src++)
195  {
196  /* This test had better match what getid() does, above */
197  if (!isalnum((unsigned char) *src) && *src != '_')
198  {
199  safe = false;
200  break;
201  }
202  }
203  if (!safe)
204  *p++ = '"';
205  for (src = s; *src; src++)
206  {
207  /* A double quote character in a username is encoded as "" */
208  if (*src == '"')
209  *p++ = '"';
210  *p++ = *src;
211  }
212  if (!safe)
213  *p++ = '"';
214  *p = '\0';
215 }
216 
217 /*
218  * aclparse
219  * Consumes and parses an ACL specification of the form:
220  * [group|user] [A-Za-z0-9]*=[rwaR]*
221  * from string 's', ignoring any leading white space or white space
222  * between the optional id type keyword (group|user) and the actual
223  * ACL specification.
224  *
225  * The group|user decoration is unnecessary in the roles world,
226  * but we still accept it for backward compatibility.
227  *
228  * This routine is called by the parser as well as aclitemin(), hence
229  * the added generality.
230  *
231  * RETURNS:
232  * the string position in 's' immediately following the ACL
233  * specification. Also:
234  * - loads the structure pointed to by 'aip' with the appropriate
235  * UID/GID, id type identifier and mode type values.
236  */
237 static const char *
238 aclparse(const char *s, AclItem *aip)
239 {
240  AclMode privs,
241  goption,
242  read;
243  char name[NAMEDATALEN];
244  char name2[NAMEDATALEN];
245 
246  Assert(s && aip);
247 
248 #ifdef ACLDEBUG
249  elog(LOG, "aclparse: input = \"%s\"", s);
250 #endif
251  s = getid(s, name);
252  if (*s != '=')
253  {
254  /* we just read a keyword, not a name */
255  if (strcmp(name, "group") != 0 && strcmp(name, "user") != 0)
256  ereport(ERROR,
257  (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
258  errmsg("unrecognized key word: \"%s\"", name),
259  errhint("ACL key word must be \"group\" or \"user\".")));
260  s = getid(s, name); /* move s to the name beyond the keyword */
261  if (name[0] == '\0')
262  ereport(ERROR,
263  (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
264  errmsg("missing name"),
265  errhint("A name must follow the \"group\" or \"user\" key word.")));
266  }
267 
268  if (*s != '=')
269  ereport(ERROR,
270  (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
271  errmsg("missing \"=\" sign")));
272 
273  privs = goption = ACL_NO_RIGHTS;
274 
275  for (++s, read = 0; isalpha((unsigned char) *s) || *s == '*'; s++)
276  {
277  switch (*s)
278  {
279  case '*':
280  goption |= read;
281  break;
282  case ACL_INSERT_CHR:
283  read = ACL_INSERT;
284  break;
285  case ACL_SELECT_CHR:
286  read = ACL_SELECT;
287  break;
288  case ACL_UPDATE_CHR:
289  read = ACL_UPDATE;
290  break;
291  case ACL_DELETE_CHR:
292  read = ACL_DELETE;
293  break;
294  case ACL_TRUNCATE_CHR:
295  read = ACL_TRUNCATE;
296  break;
297  case ACL_REFERENCES_CHR:
298  read = ACL_REFERENCES;
299  break;
300  case ACL_TRIGGER_CHR:
301  read = ACL_TRIGGER;
302  break;
303  case ACL_EXECUTE_CHR:
304  read = ACL_EXECUTE;
305  break;
306  case ACL_USAGE_CHR:
307  read = ACL_USAGE;
308  break;
309  case ACL_CREATE_CHR:
310  read = ACL_CREATE;
311  break;
312  case ACL_CREATE_TEMP_CHR:
313  read = ACL_CREATE_TEMP;
314  break;
315  case ACL_CONNECT_CHR:
316  read = ACL_CONNECT;
317  break;
318  case 'R': /* ignore old RULE privileges */
319  read = 0;
320  break;
321  default:
322  ereport(ERROR,
323  (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
324  errmsg("invalid mode character: must be one of \"%s\"",
325  ACL_ALL_RIGHTS_STR)));
326  }
327 
328  privs |= read;
329  }
330 
331  if (name[0] == '\0')
332  aip->ai_grantee = ACL_ID_PUBLIC;
333  else
334  aip->ai_grantee = get_role_oid(name, false);
335 
336  /*
337  * XXX Allow a degree of backward compatibility by defaulting the grantor
338  * to the superuser.
339  */
340  if (*s == '/')
341  {
342  s = getid(s + 1, name2);
343  if (name2[0] == '\0')
344  ereport(ERROR,
345  (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
346  errmsg("a name must follow the \"/\" sign")));
347  aip->ai_grantor = get_role_oid(name2, false);
348  }
349  else
350  {
351  aip->ai_grantor = BOOTSTRAP_SUPERUSERID;
352  ereport(WARNING,
353  (errcode(ERRCODE_INVALID_GRANTOR),
354  errmsg("defaulting grantor to user ID %u",
355  BOOTSTRAP_SUPERUSERID)));
356  }
357 
358  ACLITEM_SET_PRIVS_GOPTIONS(*aip, privs, goption);
359 
360 #ifdef ACLDEBUG
361  elog(LOG, "aclparse: correctly read [%u %x %x]",
362  aip->ai_grantee, privs, goption);
363 #endif
364 
365  return s;
366 }
367 
368 /*
369  * allocacl
370  * Allocates storage for a new Acl with 'n' entries.
371  *
372  * RETURNS:
373  * the new Acl
374  */
375 static Acl *
376 allocacl(int n)
377 {
378  Acl *new_acl;
379  Size size;
380 
381  if (n < 0)
382  elog(ERROR, "invalid size: %d", n);
383  size = ACL_N_SIZE(n);
384  new_acl = (Acl *) palloc0(size);
385  SET_VARSIZE(new_acl, size);
386  new_acl->ndim = 1;
387  new_acl->dataoffset = 0; /* we never put in any nulls */
388  new_acl->elemtype = ACLITEMOID;
389  ARR_LBOUND(new_acl)[0] = 1;
390  ARR_DIMS(new_acl)[0] = n;
391  return new_acl;
392 }
393 
394 /*
395  * Create a zero-entry ACL
396  */
397 Acl *
398 make_empty_acl(void)
399 {
400  return allocacl(0);
401 }
402 
403 /*
404  * Copy an ACL
405  */
406 Acl *
407 aclcopy(const Acl *orig_acl)
408 {
409  Acl *result_acl;
410 
411  result_acl = allocacl(ACL_NUM(orig_acl));
412 
413  memcpy(ACL_DAT(result_acl),
414  ACL_DAT(orig_acl),
415  ACL_NUM(orig_acl) * sizeof(AclItem));
416 
417  return result_acl;
418 }
419 
420 /*
421  * Concatenate two ACLs
422  *
423  * This is a bit cheesy, since we may produce an ACL with redundant entries.
424  * Be careful what the result is used for!
425  */
426 Acl *
427 aclconcat(const Acl *left_acl, const Acl *right_acl)
428 {
429  Acl *result_acl;
430 
431  result_acl = allocacl(ACL_NUM(left_acl) + ACL_NUM(right_acl));
432 
433  memcpy(ACL_DAT(result_acl),
434  ACL_DAT(left_acl),
435  ACL_NUM(left_acl) * sizeof(AclItem));
436 
437  memcpy(ACL_DAT(result_acl) + ACL_NUM(left_acl),
438  ACL_DAT(right_acl),
439  ACL_NUM(right_acl) * sizeof(AclItem));
440 
441  return result_acl;
442 }
443 
444 /*
445  * Merge two ACLs
446  *
447  * This produces a properly merged ACL with no redundant entries.
448  * Returns NULL on NULL input.
449  */
450 Acl *
451 aclmerge(const Acl *left_acl, const Acl *right_acl, Oid ownerId)
452 {
453  Acl *result_acl;
454  AclItem *aip;
455  int i,
456  num;
457 
458  /* Check for cases where one or both are empty/null */
459  if (left_acl == NULL || ACL_NUM(left_acl) == 0)
460  {
461  if (right_acl == NULL || ACL_NUM(right_acl) == 0)
462  return NULL;
463  else
464  return aclcopy(right_acl);
465  }
466  else
467  {
468  if (right_acl == NULL || ACL_NUM(right_acl) == 0)
469  return aclcopy(left_acl);
470  }
471 
472  /* Merge them the hard way, one item at a time */
473  result_acl = aclcopy(left_acl);
474 
475  aip = ACL_DAT(right_acl);
476  num = ACL_NUM(right_acl);
477 
478  for (i = 0; i < num; i++, aip++)
479  {
480  Acl *tmp_acl;
481 
482  tmp_acl = aclupdate(result_acl, aip, ACL_MODECHG_ADD,
483  ownerId, DROP_RESTRICT);
484  pfree(result_acl);
485  result_acl = tmp_acl;
486  }
487 
488  return result_acl;
489 }
490 
491 /*
492  * Sort the items in an ACL (into an arbitrary but consistent order)
493  */
494 void
495 aclitemsort(Acl *acl)
496 {
497  if (acl != NULL && ACL_NUM(acl) > 1)
498  qsort(ACL_DAT(acl), ACL_NUM(acl), sizeof(AclItem), aclitemComparator);
499 }
500 
501 /*
502  * Check if two ACLs are exactly equal
503  *
504  * This will not detect equality if the two arrays contain the same items
505  * in different orders. To handle that case, sort both inputs first,
506  * using aclitemsort().
507  */
508 bool
509 aclequal(const Acl *left_acl, const Acl *right_acl)
510 {
511  /* Check for cases where one or both are empty/null */
512  if (left_acl == NULL || ACL_NUM(left_acl) == 0)
513  {
514  if (right_acl == NULL || ACL_NUM(right_acl) == 0)
515  return true;
516  else
517  return false;
518  }
519  else
520  {
521  if (right_acl == NULL || ACL_NUM(right_acl) == 0)
522  return false;
523  }
524 
525  if (ACL_NUM(left_acl) != ACL_NUM(right_acl))
526  return false;
527 
528  if (memcmp(ACL_DAT(left_acl),
529  ACL_DAT(right_acl),
530  ACL_NUM(left_acl) * sizeof(AclItem)) == 0)
531  return true;
532 
533  return false;
534 }
535 
536 /*
537  * Verify that an ACL array is acceptable (one-dimensional and has no nulls)
538  */
539 static void
540 check_acl(const Acl *acl)
541 {
542  if (ARR_ELEMTYPE(acl) != ACLITEMOID)
543  ereport(ERROR,
544  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
545  errmsg("ACL array contains wrong data type")));
546  if (ARR_NDIM(acl) != 1)
547  ereport(ERROR,
548  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
549  errmsg("ACL arrays must be one-dimensional")));
550  if (ARR_HASNULL(acl))
551  ereport(ERROR,
552  (errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED),
553  errmsg("ACL arrays must not contain null values")));
554 }
555 
556 /*
557  * aclitemin
558  * Allocates storage for, and fills in, a new AclItem given a string
559  * 's' that contains an ACL specification. See aclparse for details.
560  *
561  * RETURNS:
562  * the new AclItem
563  */
564 Datum
565 aclitemin(PG_FUNCTION_ARGS)
566 {
567  const char *s = PG_GETARG_CSTRING(0);
568  AclItem *aip;
569 
570  aip = (AclItem *) palloc(sizeof(AclItem));
571  s = aclparse(s, aip);
572  while (isspace((unsigned char) *s))
573  ++s;
574  if (*s)
575  ereport(ERROR,
576  (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
577  errmsg("extra garbage at the end of the ACL specification")));
578 
579  PG_RETURN_ACLITEM_P(aip);
580 }
581 
582 /*
583  * aclitemout
584  * Allocates storage for, and fills in, a new null-delimited string
585  * containing a formatted ACL specification. See aclparse for details.
586  *
587  * RETURNS:
588  * the new string
589  */
590 Datum
591 aclitemout(PG_FUNCTION_ARGS)
592 {
593  AclItem *aip = PG_GETARG_ACLITEM_P(0);
594  char *p;
595  char *out;
596  HeapTuple htup;
597  unsigned i;
598 
599  out = palloc(strlen("=/") +
600  2 * N_ACL_RIGHTS +
601  2 * (2 * NAMEDATALEN + 2) +
602  1);
603 
604  p = out;
605  *p = '\0';
606 
607  if (aip->ai_grantee != ACL_ID_PUBLIC)
608  {
609  htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantee));
610  if (HeapTupleIsValid(htup))
611  {
612  putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
613  ReleaseSysCache(htup);
614  }
615  else
616  {
617  /* Generate numeric OID if we don't find an entry */
618  sprintf(p, "%u", aip->ai_grantee);
619  }
620  }
621  while (*p)
622  ++p;
623 
624  *p++ = '=';
625 
626  for (i = 0; i < N_ACL_RIGHTS; ++i)
627  {
628  if (ACLITEM_GET_PRIVS(*aip) & (1 << i))
629  *p++ = ACL_ALL_RIGHTS_STR[i];
630  if (ACLITEM_GET_GOPTIONS(*aip) & (1 << i))
631  *p++ = '*';
632  }
633 
634  *p++ = '/';
635  *p = '\0';
636 
637  htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantor));
638  if (HeapTupleIsValid(htup))
639  {
640  putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
641  ReleaseSysCache(htup);
642  }
643  else
644  {
645  /* Generate numeric OID if we don't find an entry */
646  sprintf(p, "%u", aip->ai_grantor);
647  }
648 
649  PG_RETURN_CSTRING(out);
650 }
651 
652 /*
653  * aclitem_match
654  * Two AclItems are considered to match iff they have the same
655  * grantee and grantor; the privileges are ignored.
656  */
657 static bool
658 aclitem_match(const AclItem *a1, const AclItem *a2)
659 {
660  return a1->ai_grantee == a2->ai_grantee &&
661  a1->ai_grantor == a2->ai_grantor;
662 }
663 
664 /*
665  * aclitemComparator
666  * qsort comparison function for AclItems
667  */
668 static int
669 aclitemComparator(const void *arg1, const void *arg2)
670 {
671  const AclItem *a1 = (const AclItem *) arg1;
672  const AclItem *a2 = (const AclItem *) arg2;
673 
674  if (a1->ai_grantee > a2->ai_grantee)
675  return 1;
676  if (a1->ai_grantee < a2->ai_grantee)
677  return -1;
678  if (a1->ai_grantor > a2->ai_grantor)
679  return 1;
680  if (a1->ai_grantor < a2->ai_grantor)
681  return -1;
682  if (a1->ai_privs > a2->ai_privs)
683  return 1;
684  if (a1->ai_privs < a2->ai_privs)
685  return -1;
686  return 0;
687 }
688 
689 /*
690  * aclitem equality operator
691  */
692 Datum
693 aclitem_eq(PG_FUNCTION_ARGS)
694 {
695  AclItem *a1 = PG_GETARG_ACLITEM_P(0);
696  AclItem *a2 = PG_GETARG_ACLITEM_P(1);
697  bool result;
698 
699  result = a1->ai_privs == a2->ai_privs &&
700  a1->ai_grantee == a2->ai_grantee &&
701  a1->ai_grantor == a2->ai_grantor;
702  PG_RETURN_BOOL(result);
703 }
704 
705 /*
706  * aclitem hash function
707  *
708  * We make aclitems hashable not so much because anyone is likely to hash
709  * them, as because we want array equality to work on aclitem arrays, and
710  * with the typcache mechanism we must have a hash or btree opclass.
711  */
712 Datum
713 hash_aclitem(PG_FUNCTION_ARGS)
714 {
715  AclItem *a = PG_GETARG_ACLITEM_P(0);
716 
717  /* not very bright, but avoids any issue of padding in struct */
718  PG_RETURN_UINT32((uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor));
719 }
720 
721 /*
722  * 64-bit hash function for aclitem.
723  *
724  * Similar to hash_aclitem, but accepts a seed and returns a uint64 value.
725  */
726 Datum
727 hash_aclitem_extended(PG_FUNCTION_ARGS)
728 {
729  AclItem *a = PG_GETARG_ACLITEM_P(0);
730  uint64 seed = PG_GETARG_INT64(1);
731  uint32 sum = (uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor);
732 
733  return (seed == 0) ? UInt64GetDatum(sum) : hash_uint32_extended(sum, seed);
734 }
735 
736 /*
737  * acldefault() --- create an ACL describing default access permissions
738  *
739  * Change this routine if you want to alter the default access policy for
740  * newly-created objects (or any object with a NULL acl entry). When
741  * you make a change here, don't forget to update the GRANT man page,
742  * which explains all the default permissions.
743  *
744  * Note that these are the hard-wired "defaults" that are used in the
745  * absence of any pg_default_acl entry.
746  */
747 Acl *
748 acldefault(ObjectType objtype, Oid ownerId)
749 {
750  AclMode world_default;
751  AclMode owner_default;
752  int nacl;
753  Acl *acl;
754  AclItem *aip;
755 
756  switch (objtype)
757  {
758  case OBJECT_COLUMN:
759  /* by default, columns have no extra privileges */
760  world_default = ACL_NO_RIGHTS;
761  owner_default = ACL_NO_RIGHTS;
762  break;
763  case OBJECT_TABLE:
764  world_default = ACL_NO_RIGHTS;
765  owner_default = ACL_ALL_RIGHTS_RELATION;
766  break;
767  case OBJECT_SEQUENCE:
768  world_default = ACL_NO_RIGHTS;
769  owner_default = ACL_ALL_RIGHTS_SEQUENCE;
770  break;
771  case OBJECT_DATABASE:
772  /* for backwards compatibility, grant some rights by default */
773  world_default = ACL_CREATE_TEMP | ACL_CONNECT;
774  owner_default = ACL_ALL_RIGHTS_DATABASE;
775  break;
776  case OBJECT_FUNCTION:
777  /* Grant EXECUTE by default, for now */
778  world_default = ACL_EXECUTE;
779  owner_default = ACL_ALL_RIGHTS_FUNCTION;
780  break;
781  case OBJECT_LANGUAGE:
782  /* Grant USAGE by default, for now */
783  world_default = ACL_USAGE;
784  owner_default = ACL_ALL_RIGHTS_LANGUAGE;
785  break;
786  case OBJECT_LARGEOBJECT:
787  world_default = ACL_NO_RIGHTS;
788  owner_default = ACL_ALL_RIGHTS_LARGEOBJECT;
789  break;
790  case OBJECT_SCHEMA:
791  world_default = ACL_NO_RIGHTS;
792  owner_default = ACL_ALL_RIGHTS_SCHEMA;
793  break;
794  case OBJECT_TABLESPACE:
795  world_default = ACL_NO_RIGHTS;
796  owner_default = ACL_ALL_RIGHTS_TABLESPACE;
797  break;
798  case OBJECT_FDW:
799  world_default = ACL_NO_RIGHTS;
800  owner_default = ACL_ALL_RIGHTS_FDW;
801  break;
802  case OBJECT_FOREIGN_SERVER:
803  world_default = ACL_NO_RIGHTS;
804  owner_default = ACL_ALL_RIGHTS_FOREIGN_SERVER;
805  break;
806  case OBJECT_DOMAIN:
807  case OBJECT_TYPE:
808  world_default = ACL_USAGE;
809  owner_default = ACL_ALL_RIGHTS_TYPE;
810  break;
811  default:
812  elog(ERROR, "unrecognized objtype: %d", (int) objtype);
813  world_default = ACL_NO_RIGHTS; /* keep compiler quiet */
814  owner_default = ACL_NO_RIGHTS;
815  break;
816  }
817 
818  nacl = 0;
819  if (world_default != ACL_NO_RIGHTS)
820  nacl++;
821  if (owner_default != ACL_NO_RIGHTS)
822  nacl++;
823 
824  acl = allocacl(nacl);
825  aip = ACL_DAT(acl);
826 
827  if (world_default != ACL_NO_RIGHTS)
828  {
829  aip->ai_grantee = ACL_ID_PUBLIC;
830  aip->ai_grantor = ownerId;
831  ACLITEM_SET_PRIVS_GOPTIONS(*aip, world_default, ACL_NO_RIGHTS);
832  aip++;
833  }
834 
835  /*
836  * Note that the owner's entry shows all ordinary privileges but no grant
837  * options. This is because his grant options come "from the system" and
838  * not from his own efforts. (The SQL spec says that the owner's rights
839  * come from a "_SYSTEM" authid.) However, we do consider that the
840  * owner's ordinary privileges are self-granted; this lets him revoke
841  * them. We implement the owner's grant options without any explicit
842  * "_SYSTEM"-like ACL entry, by internally special-casing the owner
843  * wherever we are testing grant options.
844  */
845  if (owner_default != ACL_NO_RIGHTS)
846  {
847  aip->ai_grantee = ownerId;
848  aip->ai_grantor = ownerId;
849  ACLITEM_SET_PRIVS_GOPTIONS(*aip, owner_default, ACL_NO_RIGHTS);
850  }
851 
852  return acl;
853 }
854 
855 
856 /*
857  * SQL-accessible version of acldefault(). Hackish mapping from "char" type to
858  * OBJECT_* values, but it's only used in the information schema, not
859  * documented for general use.
860  */
861 Datum
862 acldefault_sql(PG_FUNCTION_ARGS)
863 {
864  char objtypec = PG_GETARG_CHAR(0);
865  Oid owner = PG_GETARG_OID(1);
866  ObjectType objtype = 0;
867 
868  switch (objtypec)
869  {
870  case 'c':
871  objtype = OBJECT_COLUMN;
872  break;
873  case 'r':
874  objtype = OBJECT_TABLE;
875  break;
876  case 's':
877  objtype = OBJECT_SEQUENCE;
878  break;
879  case 'd':
880  objtype = OBJECT_DATABASE;
881  break;
882  case 'f':
883  objtype = OBJECT_FUNCTION;
884  break;
885  case 'l':
886  objtype = OBJECT_LANGUAGE;
887  break;
888  case 'L':
889  objtype = OBJECT_LARGEOBJECT;
890  break;
891  case 'n':
892  objtype = OBJECT_SCHEMA;
893  break;
894  case 't':
895  objtype = OBJECT_TABLESPACE;
896  break;
897  case 'F':
898  objtype = OBJECT_FDW;
899  break;
900  case 'S':
901  objtype = OBJECT_FOREIGN_SERVER;
902  break;
903  case 'T':
904  objtype = OBJECT_TYPE;
905  break;
906  default:
907  elog(ERROR, "unrecognized objtype abbreviation: %c", objtypec);
908  }
909 
910  PG_RETURN_ACL_P(acldefault(objtype, owner));
911 }
912 
913 
914 /*
915  * Update an ACL array to add or remove specified privileges.
916  *
917  * old_acl: the input ACL array
918  * mod_aip: defines the privileges to be added, removed, or substituted
919  * modechg: ACL_MODECHG_ADD, ACL_MODECHG_DEL, or ACL_MODECHG_EQL
920  * ownerId: Oid of object owner
921  * behavior: RESTRICT or CASCADE behavior for recursive removal
922  *
923  * ownerid and behavior are only relevant when the update operation specifies
924  * deletion of grant options.
925  *
926  * The result is a modified copy; the input object is not changed.
927  *
928  * NB: caller is responsible for having detoasted the input ACL, if needed.
929  */
930 Acl *
931 aclupdate(const Acl *old_acl, const AclItem *mod_aip,
932  int modechg, Oid ownerId, DropBehavior behavior)
933 {
934  Acl *new_acl = NULL;
935  AclItem *old_aip,
936  *new_aip = NULL;
937  AclMode old_rights,
938  old_goptions,
939  new_rights,
940  new_goptions;
941  int dst,
942  num;
943 
944  /* Caller probably already checked old_acl, but be safe */
945  check_acl(old_acl);
946 
947  /* If granting grant options, check for circularity */
948  if (modechg != ACL_MODECHG_DEL &&
949  ACLITEM_GET_GOPTIONS(*mod_aip) != ACL_NO_RIGHTS)
950  check_circularity(old_acl, mod_aip, ownerId);
951 
952  num = ACL_NUM(old_acl);
953  old_aip = ACL_DAT(old_acl);
954 
955  /*
956  * Search the ACL for an existing entry for this grantee and grantor. If
957  * one exists, just modify the entry in-place (well, in the same position,
958  * since we actually return a copy); otherwise, insert the new entry at
959  * the end.
960  */
961 
962  for (dst = 0; dst < num; ++dst)
963  {
964  if (aclitem_match(mod_aip, old_aip + dst))
965  {
966  /* found a match, so modify existing item */
967  new_acl = allocacl(num);
968  new_aip = ACL_DAT(new_acl);
969  memcpy(new_acl, old_acl, ACL_SIZE(old_acl));
970  break;
971  }
972  }
973 
974  if (dst == num)
975  {
976  /* need to append a new item */
977  new_acl = allocacl(num + 1);
978  new_aip = ACL_DAT(new_acl);
979  memcpy(new_aip, old_aip, num * sizeof(AclItem));
980 
981  /* initialize the new entry with no permissions */
982  new_aip[dst].ai_grantee = mod_aip->ai_grantee;
983  new_aip[dst].ai_grantor = mod_aip->ai_grantor;
984  ACLITEM_SET_PRIVS_GOPTIONS(new_aip[dst],
985  ACL_NO_RIGHTS, ACL_NO_RIGHTS);
986  num++; /* set num to the size of new_acl */
987  }
988 
989  old_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
990  old_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
991 
992  /* apply the specified permissions change */
993  switch (modechg)
994  {
995  case ACL_MODECHG_ADD:
996  ACLITEM_SET_RIGHTS(new_aip[dst],
997  old_rights | ACLITEM_GET_RIGHTS(*mod_aip));
998  break;
999  case ACL_MODECHG_DEL:
1000  ACLITEM_SET_RIGHTS(new_aip[dst],
1001  old_rights & ~ACLITEM_GET_RIGHTS(*mod_aip));
1002  break;
1003  case ACL_MODECHG_EQL:
1004  ACLITEM_SET_RIGHTS(new_aip[dst],
1005  ACLITEM_GET_RIGHTS(*mod_aip));
1006  break;
1007  }
1008 
1009  new_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
1010  new_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
1011 
1012  /*
1013  * If the adjusted entry has no permissions, delete it from the list.
1014  */
1015  if (new_rights == ACL_NO_RIGHTS)
1016  {
1017  memmove(new_aip + dst,
1018  new_aip + dst + 1,
1019  (num - dst - 1) * sizeof(AclItem));
1020  /* Adjust array size to be 'num - 1' items */
1021  ARR_DIMS(new_acl)[0] = num - 1;
1022  SET_VARSIZE(new_acl, ACL_N_SIZE(num - 1));
1023  }
1024 
1025  /*
1026  * Remove abandoned privileges (cascading revoke). Currently we can only
1027  * handle this when the grantee is not PUBLIC.
1028  */
1029  if ((old_goptions & ~new_goptions) != 0)
1030  {
1031  Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1032  new_acl = recursive_revoke(new_acl, mod_aip->ai_grantee,
1033  (old_goptions & ~new_goptions),
1034  ownerId, behavior);
1035  }
1036 
1037  return new_acl;
1038 }
1039 
1040 /*
1041  * Update an ACL array to reflect a change of owner to the parent object
1042  *
1043  * old_acl: the input ACL array (must not be NULL)
1044  * oldOwnerId: Oid of the old object owner
1045  * newOwnerId: Oid of the new object owner
1046  *
1047  * The result is a modified copy; the input object is not changed.
1048  *
1049  * NB: caller is responsible for having detoasted the input ACL, if needed.
1050  */
1051 Acl *
1052 aclnewowner(const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)
1053 {
1054  Acl *new_acl;
1055  AclItem *new_aip;
1056  AclItem *old_aip;
1057  AclItem *dst_aip;
1058  AclItem *src_aip;
1059  AclItem *targ_aip;
1060  bool newpresent = false;
1061  int dst,
1062  src,
1063  targ,
1064  num;
1065 
1066  check_acl(old_acl);
1067 
1068  /*
1069  * Make a copy of the given ACL, substituting new owner ID for old
1070  * wherever it appears as either grantor or grantee. Also note if the new
1071  * owner ID is already present.
1072  */
1073  num = ACL_NUM(old_acl);
1074  old_aip = ACL_DAT(old_acl);
1075  new_acl = allocacl(num);
1076  new_aip = ACL_DAT(new_acl);
1077  memcpy(new_aip, old_aip, num * sizeof(AclItem));
1078  for (dst = 0, dst_aip = new_aip; dst < num; dst++, dst_aip++)
1079  {
1080  if (dst_aip->ai_grantor == oldOwnerId)
1081  dst_aip->ai_grantor = newOwnerId;
1082  else if (dst_aip->ai_grantor == newOwnerId)
1083  newpresent = true;
1084  if (dst_aip->ai_grantee == oldOwnerId)
1085  dst_aip->ai_grantee = newOwnerId;
1086  else if (dst_aip->ai_grantee == newOwnerId)
1087  newpresent = true;
1088  }
1089 
1090  /*
1091  * If the old ACL contained any references to the new owner, then we may
1092  * now have generated an ACL containing duplicate entries. Find them and
1093  * merge them so that there are not duplicates. (This is relatively
1094  * expensive since we use a stupid O(N^2) algorithm, but it's unlikely to
1095  * be the normal case.)
1096  *
1097  * To simplify deletion of duplicate entries, we temporarily leave them in
1098  * the array but set their privilege masks to zero; when we reach such an
1099  * entry it's just skipped. (Thus, a side effect of this code will be to
1100  * remove privilege-free entries, should there be any in the input.) dst
1101  * is the next output slot, targ is the currently considered input slot
1102  * (always >= dst), and src scans entries to the right of targ looking for
1103  * duplicates. Once an entry has been emitted to dst it is known
1104  * duplicate-free and need not be considered anymore.
1105  */
1106  if (newpresent)
1107  {
1108  dst = 0;
1109  for (targ = 0, targ_aip = new_aip; targ < num; targ++, targ_aip++)
1110  {
1111  /* ignore if deleted in an earlier pass */
1112  if (ACLITEM_GET_RIGHTS(*targ_aip) == ACL_NO_RIGHTS)
1113  continue;
1114  /* find and merge any duplicates */
1115  for (src = targ + 1, src_aip = targ_aip + 1; src < num;
1116  src++, src_aip++)
1117  {
1118  if (ACLITEM_GET_RIGHTS(*src_aip) == ACL_NO_RIGHTS)
1119  continue;
1120  if (aclitem_match(targ_aip, src_aip))
1121  {
1122  ACLITEM_SET_RIGHTS(*targ_aip,
1123  ACLITEM_GET_RIGHTS(*targ_aip) |
1124  ACLITEM_GET_RIGHTS(*src_aip));
1125  /* mark the duplicate deleted */
1126  ACLITEM_SET_RIGHTS(*src_aip, ACL_NO_RIGHTS);
1127  }
1128  }
1129  /* and emit to output */
1130  new_aip[dst] = *targ_aip;
1131  dst++;
1132  }
1133  /* Adjust array size to be 'dst' items */
1134  ARR_DIMS(new_acl)[0] = dst;
1135  SET_VARSIZE(new_acl, ACL_N_SIZE(dst));
1136  }
1137 
1138  return new_acl;
1139 }
1140 
1141 
1142 /*
1143  * When granting grant options, we must disallow attempts to set up circular
1144  * chains of grant options. Suppose A (the object owner) grants B some
1145  * privileges with grant option, and B re-grants them to C. If C could
1146  * grant the privileges to B as well, then A would be unable to effectively
1147  * revoke the privileges from B, since recursive_revoke would consider that
1148  * B still has 'em from C.
1149  *
1150  * We check for this by recursively deleting all grant options belonging to
1151  * the target grantee, and then seeing if the would-be grantor still has the
1152  * grant option or not.
1153  */
1154 static void
1155 check_circularity(const Acl *old_acl, const AclItem *mod_aip,
1156  Oid ownerId)
1157 {
1158  Acl *acl;
1159  AclItem *aip;
1160  int i,
1161  num;
1162  AclMode own_privs;
1163 
1164  check_acl(old_acl);
1165 
1166  /*
1167  * For now, grant options can only be granted to roles, not PUBLIC.
1168  * Otherwise we'd have to work a bit harder here.
1169  */
1170  Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1171 
1172  /* The owner always has grant options, no need to check */
1173  if (mod_aip->ai_grantor == ownerId)
1174  return;
1175 
1176  /* Make a working copy */
1177  acl = allocacl(ACL_NUM(old_acl));
1178  memcpy(acl, old_acl, ACL_SIZE(old_acl));
1179 
1180  /* Zap all grant options of target grantee, plus what depends on 'em */
1181 cc_restart:
1182  num = ACL_NUM(acl);
1183  aip = ACL_DAT(acl);
1184  for (i = 0; i < num; i++)
1185  {
1186  if (aip[i].ai_grantee == mod_aip->ai_grantee &&
1187  ACLITEM_GET_GOPTIONS(aip[i]) != ACL_NO_RIGHTS)
1188  {
1189  Acl *new_acl;
1190 
1191  /* We'll actually zap ordinary privs too, but no matter */
1192  new_acl = aclupdate(acl, &aip[i], ACL_MODECHG_DEL,
1193  ownerId, DROP_CASCADE);
1194 
1195  pfree(acl);
1196  acl = new_acl;
1197 
1198  goto cc_restart;
1199  }
1200  }
1201 
1202  /* Now we can compute grantor's independently-derived privileges */
1203  own_privs = aclmask(acl,
1204  mod_aip->ai_grantor,
1205  ownerId,
1206  ACL_GRANT_OPTION_FOR(ACLITEM_GET_GOPTIONS(*mod_aip)),
1207  ACLMASK_ALL);
1208  own_privs = ACL_OPTION_TO_PRIVS(own_privs);
1209 
1210  if ((ACLITEM_GET_GOPTIONS(*mod_aip) & ~own_privs) != 0)
1211  ereport(ERROR,
1212  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1213  errmsg("grant options cannot be granted back to your own grantor")));
1214 
1215  pfree(acl);
1216 }
1217 
1218 
1219 /*
1220  * Ensure that no privilege is "abandoned". A privilege is abandoned
1221  * if the user that granted the privilege loses the grant option. (So
1222  * the chain through which it was granted is broken.) Either the
1223  * abandoned privileges are revoked as well, or an error message is
1224  * printed, depending on the drop behavior option.
1225  *
1226  * acl: the input ACL list
1227  * grantee: the user from whom some grant options have been revoked
1228  * revoke_privs: the grant options being revoked
1229  * ownerId: Oid of object owner
1230  * behavior: RESTRICT or CASCADE behavior for recursive removal
1231  *
1232  * The input Acl object is pfree'd if replaced.
1233  */
1234 static Acl *
1235 recursive_revoke(Acl *acl,
1236  Oid grantee,
1237  AclMode revoke_privs,
1238  Oid ownerId,
1239  DropBehavior behavior)
1240 {
1241  AclMode still_has;
1242  AclItem *aip;
1243  int i,
1244  num;
1245 
1246  check_acl(acl);
1247 
1248  /* The owner can never truly lose grant options, so short-circuit */
1249  if (grantee == ownerId)
1250  return acl;
1251 
1252  /* The grantee might still have some grant options via another grantor */
1253  still_has = aclmask(acl, grantee, ownerId,
1254  ACL_GRANT_OPTION_FOR(revoke_privs),
1255  ACLMASK_ALL);
1256  revoke_privs &= ~ACL_OPTION_TO_PRIVS(still_has);
1257  if (revoke_privs == ACL_NO_RIGHTS)
1258  return acl;
1259 
1260 restart:
1261  num = ACL_NUM(acl);
1262  aip = ACL_DAT(acl);
1263  for (i = 0; i < num; i++)
1264  {
1265  if (aip[i].ai_grantor == grantee
1266  && (ACLITEM_GET_PRIVS(aip[i]) & revoke_privs) != 0)
1267  {
1268  AclItem mod_acl;
1269  Acl *new_acl;
1270 
1271  if (behavior == DROP_RESTRICT)
1272  ereport(ERROR,
1273  (errcode(ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST),
1274  errmsg("dependent privileges exist"),
1275  errhint("Use CASCADE to revoke them too.")));
1276 
1277  mod_acl.ai_grantor = grantee;
1278  mod_acl.ai_grantee = aip[i].ai_grantee;
1279  ACLITEM_SET_PRIVS_GOPTIONS(mod_acl,
1280  revoke_privs,
1281  revoke_privs);
1282 
1283  new_acl = aclupdate(acl, &mod_acl, ACL_MODECHG_DEL,
1284  ownerId, behavior);
1285 
1286  pfree(acl);
1287  acl = new_acl;
1288 
1289  goto restart;
1290  }
1291  }
1292 
1293  return acl;
1294 }
1295 
1296 
1297 /*
1298  * aclmask --- compute bitmask of all privileges held by roleid.
1299  *
1300  * When 'how' = ACLMASK_ALL, this simply returns the privilege bits
1301  * held by the given roleid according to the given ACL list, ANDed
1302  * with 'mask'. (The point of passing 'mask' is to let the routine
1303  * exit early if all privileges of interest have been found.)
1304  *
1305  * When 'how' = ACLMASK_ANY, returns as soon as any bit in the mask
1306  * is known true. (This lets us exit soonest in cases where the
1307  * caller is only going to test for zero or nonzero result.)
1308  *
1309  * Usage patterns:
1310  *
1311  * To see if any of a set of privileges are held:
1312  * if (aclmask(acl, roleid, ownerId, privs, ACLMASK_ANY) != 0)
1313  *
1314  * To see if all of a set of privileges are held:
1315  * if (aclmask(acl, roleid, ownerId, privs, ACLMASK_ALL) == privs)
1316  *
1317  * To determine exactly which of a set of privileges are held:
1318  * heldprivs = aclmask(acl, roleid, ownerId, privs, ACLMASK_ALL);
1319  */
1320 AclMode
1321 aclmask(const Acl *acl, Oid roleid, Oid ownerId,
1322  AclMode mask, AclMaskHow how)
1323 {
1324  AclMode result;
1325  AclMode remaining;
1326  AclItem *aidat;
1327  int i,
1328  num;
1329 
1330  /*
1331  * Null ACL should not happen, since caller should have inserted
1332  * appropriate default
1333  */
1334  if (acl == NULL)
1335  elog(ERROR, "null ACL");
1336 
1337  check_acl(acl);
1338 
1339  /* Quick exit for mask == 0 */
1340  if (mask == 0)
1341  return 0;
1342 
1343  result = 0;
1344 
1345  /* Owner always implicitly has all grant options */
1346  if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1347  has_privs_of_role(roleid, ownerId))
1348  {
1349  result = mask & ACLITEM_ALL_GOPTION_BITS;
1350  if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1351  return result;
1352  }
1353 
1354  num = ACL_NUM(acl);
1355  aidat = ACL_DAT(acl);
1356 
1357  /*
1358  * Check privileges granted directly to roleid or to public
1359  */
1360  for (i = 0; i < num; i++)
1361  {
1362  AclItem *aidata = &aidat[i];
1363 
1364  if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1365  aidata->ai_grantee == roleid)
1366  {
1367  result |= aidata->ai_privs & mask;
1368  if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1369  return result;
1370  }
1371  }
1372 
1373  /*
1374  * Check privileges granted indirectly via role memberships. We do this in
1375  * a separate pass to minimize expensive indirect membership tests. In
1376  * particular, it's worth testing whether a given ACL entry grants any
1377  * privileges still of interest before we perform the has_privs_of_role
1378  * test.
1379  */
1380  remaining = mask & ~result;
1381  for (i = 0; i < num; i++)
1382  {
1383  AclItem *aidata = &aidat[i];
1384 
1385  if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1386  aidata->ai_grantee == roleid)
1387  continue; /* already checked it */
1388 
1389  if ((aidata->ai_privs & remaining) &&
1390  has_privs_of_role(roleid, aidata->ai_grantee))
1391  {
1392  result |= aidata->ai_privs & mask;
1393  if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1394  return result;
1395  remaining = mask & ~result;
1396  }
1397  }
1398 
1399  return result;
1400 }
1401 
1402 
1403 /*
1404  * aclmask_direct --- compute bitmask of all privileges held by roleid.
1405  *
1406  * This is exactly like aclmask() except that we consider only privileges
1407  * held *directly* by roleid, not those inherited via role membership.
1408  */
1409 static AclMode
1410 aclmask_direct(const Acl *acl, Oid roleid, Oid ownerId,
1411  AclMode mask, AclMaskHow how)
1412 {
1413  AclMode result;
1414  AclItem *aidat;
1415  int i,
1416  num;
1417 
1418  /*
1419  * Null ACL should not happen, since caller should have inserted
1420  * appropriate default
1421  */
1422  if (acl == NULL)
1423  elog(ERROR, "null ACL");
1424 
1425  check_acl(acl);
1426 
1427  /* Quick exit for mask == 0 */
1428  if (mask == 0)
1429  return 0;
1430 
1431  result = 0;
1432 
1433  /* Owner always implicitly has all grant options */
1434  if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1435  roleid == ownerId)
1436  {
1437  result = mask & ACLITEM_ALL_GOPTION_BITS;
1438  if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1439  return result;
1440  }
1441 
1442  num = ACL_NUM(acl);
1443  aidat = ACL_DAT(acl);
1444 
1445  /*
1446  * Check privileges granted directly to roleid (and not to public)
1447  */
1448  for (i = 0; i < num; i++)
1449  {
1450  AclItem *aidata = &aidat[i];
1451 
1452  if (aidata->ai_grantee == roleid)
1453  {
1454  result |= aidata->ai_privs & mask;
1455  if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1456  return result;
1457  }
1458  }
1459 
1460  return result;
1461 }
1462 
1463 
1464 /*
1465  * aclmembers
1466  * Find out all the roleids mentioned in an Acl.
1467  * Note that we do not distinguish grantors from grantees.
1468  *
1469  * *roleids is set to point to a palloc'd array containing distinct OIDs
1470  * in sorted order. The length of the array is the function result.
1471  */
1472 int
1473 aclmembers(const Acl *acl, Oid **roleids)
1474 {
1475  Oid *list;
1476  const AclItem *acldat;
1477  int i,
1478  j,
1479  k;
1480 
1481  if (acl == NULL || ACL_NUM(acl) == 0)
1482  {
1483  *roleids = NULL;
1484  return 0;
1485  }
1486 
1487  check_acl(acl);
1488 
1489  /* Allocate the worst-case space requirement */
1490  list = palloc(ACL_NUM(acl) * 2 * sizeof(Oid));
1491  acldat = ACL_DAT(acl);
1492 
1493  /*
1494  * Walk the ACL collecting mentioned RoleIds.
1495  */
1496  j = 0;
1497  for (i = 0; i < ACL_NUM(acl); i++)
1498  {
1499  const AclItem *ai = &acldat[i];
1500 
1501  if (ai->ai_grantee != ACL_ID_PUBLIC)
1502  list[j++] = ai->ai_grantee;
1503  /* grantor is currently never PUBLIC, but let's check anyway */
1504  if (ai->ai_grantor != ACL_ID_PUBLIC)
1505  list[j++] = ai->ai_grantor;
1506  }
1507 
1508  /* Sort the array */
1509  qsort(list, j, sizeof(Oid), oid_cmp);
1510 
1511  /* Remove duplicates from the array */
1512  k = 0;
1513  for (i = 1; i < j; i++)
1514  {
1515  if (list[k] != list[i])
1516  list[++k] = list[i];
1517  }
1518 
1519  /*
1520  * We could repalloc the array down to minimum size, but it's hardly worth
1521  * it since it's only transient memory.
1522  */
1523  *roleids = list;
1524 
1525  return k + 1;
1526 }
1527 
1528 
1529 /*
1530  * aclinsert (exported function)
1531  */
1532 Datum
1533 aclinsert(PG_FUNCTION_ARGS)
1534 {
1535  ereport(ERROR,
1536  (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1537  errmsg("aclinsert is no longer supported")));
1538 
1539  PG_RETURN_NULL(); /* keep compiler quiet */
1540 }
1541 
1542 Datum
1543 aclremove(PG_FUNCTION_ARGS)
1544 {
1545  ereport(ERROR,
1546  (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1547  errmsg("aclremove is no longer supported")));
1548 
1549  PG_RETURN_NULL(); /* keep compiler quiet */
1550 }
1551 
1552 Datum
1553 aclcontains(PG_FUNCTION_ARGS)
1554 {
1555  Acl *acl = PG_GETARG_ACL_P(0);
1556  AclItem *aip = PG_GETARG_ACLITEM_P(1);
1557  AclItem *aidat;
1558  int i,
1559  num;
1560 
1561  check_acl(acl);
1562  num = ACL_NUM(acl);
1563  aidat = ACL_DAT(acl);
1564  for (i = 0; i < num; ++i)
1565  {
1566  if (aip->ai_grantee == aidat[i].ai_grantee &&
1567  aip->ai_grantor == aidat[i].ai_grantor &&
1568  (ACLITEM_GET_RIGHTS(*aip) & ACLITEM_GET_RIGHTS(aidat[i])) == ACLITEM_GET_RIGHTS(*aip))
1569  PG_RETURN_BOOL(true);
1570  }
1571  PG_RETURN_BOOL(false);
1572 }
1573 
1574 Datum
1575 makeaclitem(PG_FUNCTION_ARGS)
1576 {
1577  Oid grantee = PG_GETARG_OID(0);
1578  Oid grantor = PG_GETARG_OID(1);
1579  text *privtext = PG_GETARG_TEXT_PP(2);
1580  bool goption = PG_GETARG_BOOL(3);
1581  AclItem *result;
1582  AclMode priv;
1583 
1584  priv = convert_priv_string(privtext);
1585 
1586  result = (AclItem *) palloc(sizeof(AclItem));
1587 
1588  result->ai_grantee = grantee;
1589  result->ai_grantor = grantor;
1590 
1591  ACLITEM_SET_PRIVS_GOPTIONS(*result, priv,
1592  (goption ? priv : ACL_NO_RIGHTS));
1593 
1594  PG_RETURN_ACLITEM_P(result);
1595 }
1596 
1597 static AclMode
1598 convert_priv_string(text *priv_type_text)
1599 {
1600  char *priv_type = text_to_cstring(priv_type_text);
1601 
1602  if (pg_strcasecmp(priv_type, "SELECT") == 0)
1603  return ACL_SELECT;
1604  if (pg_strcasecmp(priv_type, "INSERT") == 0)
1605  return ACL_INSERT;
1606  if (pg_strcasecmp(priv_type, "UPDATE") == 0)
1607  return ACL_UPDATE;
1608  if (pg_strcasecmp(priv_type, "DELETE") == 0)
1609  return ACL_DELETE;
1610  if (pg_strcasecmp(priv_type, "TRUNCATE") == 0)
1611  return ACL_TRUNCATE;
1612  if (pg_strcasecmp(priv_type, "REFERENCES") == 0)
1613  return ACL_REFERENCES;
1614  if (pg_strcasecmp(priv_type, "TRIGGER") == 0)
1615  return ACL_TRIGGER;
1616  if (pg_strcasecmp(priv_type, "EXECUTE") == 0)
1617  return ACL_EXECUTE;
1618  if (pg_strcasecmp(priv_type, "USAGE") == 0)
1619  return ACL_USAGE;
1620  if (pg_strcasecmp(priv_type, "CREATE") == 0)
1621  return ACL_CREATE;
1622  if (pg_strcasecmp(priv_type, "TEMP") == 0)
1623  return ACL_CREATE_TEMP;
1624  if (pg_strcasecmp(priv_type, "TEMPORARY") == 0)
1625  return ACL_CREATE_TEMP;
1626  if (pg_strcasecmp(priv_type, "CONNECT") == 0)
1627  return ACL_CONNECT;
1628  if (pg_strcasecmp(priv_type, "RULE") == 0)
1629  return 0; /* ignore old RULE privileges */
1630 
1631  ereport(ERROR,
1632  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1633  errmsg("unrecognized privilege type: \"%s\"", priv_type)));
1634  return ACL_NO_RIGHTS; /* keep compiler quiet */
1635 }
1636 
1637 
1638 /*
1639  * convert_any_priv_string: recognize privilege strings for has_foo_privilege
1640  *
1641  * We accept a comma-separated list of case-insensitive privilege names,
1642  * producing a bitmask of the OR'd privilege bits. We are liberal about
1643  * whitespace between items, not so much about whitespace within items.
1644  * The allowed privilege names are given as an array of priv_map structs,
1645  * terminated by one with a NULL name pointer.
1646  */
1647 static AclMode
1648 convert_any_priv_string(text *priv_type_text,
1649  const priv_map *privileges)
1650 {
1651  AclMode result = 0;
1652  char *priv_type = text_to_cstring(priv_type_text);
1653  char *chunk;
1654  char *next_chunk;
1655 
1656  /* We rely on priv_type being a private, modifiable string */
1657  for (chunk = priv_type; chunk; chunk = next_chunk)
1658  {
1659  int chunk_len;
1660  const priv_map *this_priv;
1661 
1662  /* Split string at commas */
1663  next_chunk = strchr(chunk, ',');
1664  if (next_chunk)
1665  *next_chunk++ = '\0';
1666 
1667  /* Drop leading/trailing whitespace in this chunk */
1668  while (*chunk && isspace((unsigned char) *chunk))
1669  chunk++;
1670  chunk_len = strlen(chunk);
1671  while (chunk_len > 0 && isspace((unsigned char) chunk[chunk_len - 1]))
1672  chunk_len--;
1673  chunk[chunk_len] = '\0';
1674 
1675  /* Match to the privileges list */
1676  for (this_priv = privileges; this_priv->name; this_priv++)
1677  {
1678  if (pg_strcasecmp(this_priv->name, chunk) == 0)
1679  {
1680  result |= this_priv->value;
1681  break;
1682  }
1683  }
1684  if (!this_priv->name)
1685  ereport(ERROR,
1686  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1687  errmsg("unrecognized privilege type: \"%s\"", chunk)));
1688  }
1689 
1690  pfree(priv_type);
1691  return result;
1692 }
1693 
1694 
1695 static const char *
1696 convert_aclright_to_string(int aclright)
1697 {
1698  switch (aclright)
1699  {
1700  case ACL_INSERT:
1701  return "INSERT";
1702  case ACL_SELECT:
1703  return "SELECT";
1704  case ACL_UPDATE:
1705  return "UPDATE";
1706  case ACL_DELETE:
1707  return "DELETE";
1708  case ACL_TRUNCATE:
1709  return "TRUNCATE";
1710  case ACL_REFERENCES:
1711  return "REFERENCES";
1712  case ACL_TRIGGER:
1713  return "TRIGGER";
1714  case ACL_EXECUTE:
1715  return "EXECUTE";
1716  case ACL_USAGE:
1717  return "USAGE";
1718  case ACL_CREATE:
1719  return "CREATE";
1720  case ACL_CREATE_TEMP:
1721  return "TEMPORARY";
1722  case ACL_CONNECT:
1723  return "CONNECT";
1724  default:
1725  elog(ERROR, "unrecognized aclright: %d", aclright);
1726  return NULL;
1727  }
1728 }
1729 
1730 
1731 /*----------
1732  * Convert an aclitem[] to a table.
1733  *
1734  * Example:
1735  *
1736  * aclexplode('{=r/joe,foo=a*w/joe}'::aclitem[])
1737  *
1738  * returns the table
1739  *
1740  * {{ OID(joe), 0::OID, 'SELECT', false },
1741  * { OID(joe), OID(foo), 'INSERT', true },
1742  * { OID(joe), OID(foo), 'UPDATE', false }}
1743  *----------
1744  */
1745 Datum
1746 aclexplode(PG_FUNCTION_ARGS)
1747 {
1748  Acl *acl = PG_GETARG_ACL_P(0);
1749  FuncCallContext *funcctx;
1750  int *idx;
1751  AclItem *aidat;
1752 
1753  if (SRF_IS_FIRSTCALL())
1754  {
1755  TupleDesc tupdesc;
1756  MemoryContext oldcontext;
1757 
1758  check_acl(acl);
1759 
1760  funcctx = SRF_FIRSTCALL_INIT();
1761  oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
1762 
1763  /*
1764  * build tupdesc for result tuples (matches out parameters in pg_proc
1765  * entry)
1766  */
1767  tupdesc = CreateTemplateTupleDesc(4, false);
1768  TupleDescInitEntry(tupdesc, (AttrNumber) 1, "grantor",
1769  OIDOID, -1, 0);
1770  TupleDescInitEntry(tupdesc, (AttrNumber) 2, "grantee",
1771  OIDOID, -1, 0);
1772  TupleDescInitEntry(tupdesc, (AttrNumber) 3, "privilege_type",
1773  TEXTOID, -1, 0);
1774  TupleDescInitEntry(tupdesc, (AttrNumber) 4, "is_grantable",
1775  BOOLOID, -1, 0);
1776 
1777  funcctx->tuple_desc = BlessTupleDesc(tupdesc);
1778 
1779  /* allocate memory for user context */
1780  idx = (int *) palloc(sizeof(int[2]));
1781  idx[0] = 0; /* ACL array item index */
1782  idx[1] = -1; /* privilege type counter */
1783  funcctx->user_fctx = (void *) idx;
1784 
1785  MemoryContextSwitchTo(oldcontext);
1786  }
1787 
1788  funcctx = SRF_PERCALL_SETUP();
1789  idx = (int *) funcctx->user_fctx;
1790  aidat = ACL_DAT(acl);
1791 
1792  /* need test here in case acl has no items */
1793  while (idx[0] < ACL_NUM(acl))
1794  {
1795  AclItem *aidata;
1796  AclMode priv_bit;
1797 
1798  idx[1]++;
1799  if (idx[1] == N_ACL_RIGHTS)
1800  {
1801  idx[1] = 0;
1802  idx[0]++;
1803  if (idx[0] >= ACL_NUM(acl)) /* done */
1804  break;
1805  }
1806  aidata = &aidat[idx[0]];
1807  priv_bit = 1 << idx[1];
1808 
1809  if (ACLITEM_GET_PRIVS(*aidata) & priv_bit)
1810  {
1811  Datum result;
1812  Datum values[4];
1813  bool nulls[4];
1814  HeapTuple tuple;
1815 
1816  values[0] = ObjectIdGetDatum(aidata->ai_grantor);
1817  values[1] = ObjectIdGetDatum(aidata->ai_grantee);
1818  values[2] = CStringGetTextDatum(convert_aclright_to_string(priv_bit));
1819  values[3] = BoolGetDatum((ACLITEM_GET_GOPTIONS(*aidata) & priv_bit) != 0);
1820 
1821  MemSet(nulls, 0, sizeof(nulls));
1822 
1823  tuple = heap_form_tuple(funcctx->tuple_desc, values, nulls);
1824  result = HeapTupleGetDatum(tuple);
1825 
1826  SRF_RETURN_NEXT(funcctx, result);
1827  }
1828  }
1829 
1830  SRF_RETURN_DONE(funcctx);
1831 }
1832 
1833 
1834 /*
1835  * has_table_privilege variants
1836  * These are all named "has_table_privilege" at the SQL level.
1837  * They take various combinations of relation name, relation OID,
1838  * user name, user OID, or implicit user = current_user.
1839  *
1840  * The result is a boolean value: true if user has the indicated
1841  * privilege, false if not. The variants that take a relation OID
1842  * return NULL if the OID doesn't exist (rather than failing, as
1843  * they did before Postgres 8.4).
1844  */
1845 
1846 /*
1847  * has_table_privilege_name_name
1848  * Check user privileges on a table given
1849  * name username, text tablename, and text priv name.
1850  */
1851 Datum
1852 has_table_privilege_name_name(PG_FUNCTION_ARGS)
1853 {
1854  Name rolename = PG_GETARG_NAME(0);
1855  text *tablename = PG_GETARG_TEXT_PP(1);
1856  text *priv_type_text = PG_GETARG_TEXT_PP(2);
1857  Oid roleid;
1858  Oid tableoid;
1859  AclMode mode;
1860  AclResult aclresult;
1861 
1862  roleid = get_role_oid_or_public(NameStr(*rolename));
1863  tableoid = convert_table_name(tablename);
1864  mode = convert_table_priv_string(priv_type_text);
1865 
1866  aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1867 
1868  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1869 }
1870 
1871 /*
1872  * has_table_privilege_name
1873  * Check user privileges on a table given
1874  * text tablename and text priv name.
1875  * current_user is assumed
1876  */
1877 Datum
1878 has_table_privilege_name(PG_FUNCTION_ARGS)
1879 {
1880  text *tablename = PG_GETARG_TEXT_PP(0);
1881  text *priv_type_text = PG_GETARG_TEXT_PP(1);
1882  Oid roleid;
1883  Oid tableoid;
1884  AclMode mode;
1885  AclResult aclresult;
1886 
1887  roleid = GetUserId();
1888  tableoid = convert_table_name(tablename);
1889  mode = convert_table_priv_string(priv_type_text);
1890 
1891  aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1892 
1893  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1894 }
1895 
1896 /*
1897  * has_table_privilege_name_id
1898  * Check user privileges on a table given
1899  * name usename, table oid, and text priv name.
1900  */
1901 Datum
1902 has_table_privilege_name_id(PG_FUNCTION_ARGS)
1903 {
1904  Name username = PG_GETARG_NAME(0);
1905  Oid tableoid = PG_GETARG_OID(1);
1906  text *priv_type_text = PG_GETARG_TEXT_PP(2);
1907  Oid roleid;
1908  AclMode mode;
1909  AclResult aclresult;
1910 
1911  roleid = get_role_oid_or_public(NameStr(*username));
1912  mode = convert_table_priv_string(priv_type_text);
1913 
1914  if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
1915  PG_RETURN_NULL();
1916 
1917  aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1918 
1919  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1920 }
1921 
1922 /*
1923  * has_table_privilege_id
1924  * Check user privileges on a table given
1925  * table oid, and text priv name.
1926  * current_user is assumed
1927  */
1928 Datum
1929 has_table_privilege_id(PG_FUNCTION_ARGS)
1930 {
1931  Oid tableoid = PG_GETARG_OID(0);
1932  text *priv_type_text = PG_GETARG_TEXT_PP(1);
1933  Oid roleid;
1934  AclMode mode;
1935  AclResult aclresult;
1936 
1937  roleid = GetUserId();
1938  mode = convert_table_priv_string(priv_type_text);
1939 
1940  if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
1941  PG_RETURN_NULL();
1942 
1943  aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1944 
1945  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1946 }
1947 
1948 /*
1949  * has_table_privilege_id_name
1950  * Check user privileges on a table given
1951  * roleid, text tablename, and text priv name.
1952  */
1953 Datum
1954 has_table_privilege_id_name(PG_FUNCTION_ARGS)
1955 {
1956  Oid roleid = PG_GETARG_OID(0);
1957  text *tablename = PG_GETARG_TEXT_PP(1);
1958  text *priv_type_text = PG_GETARG_TEXT_PP(2);
1959  Oid tableoid;
1960  AclMode mode;
1961  AclResult aclresult;
1962 
1963  tableoid = convert_table_name(tablename);
1964  mode = convert_table_priv_string(priv_type_text);
1965 
1966  aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1967 
1968  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1969 }
1970 
1971 /*
1972  * has_table_privilege_id_id
1973  * Check user privileges on a table given
1974  * roleid, table oid, and text priv name.
1975  */
1976 Datum
1977 has_table_privilege_id_id(PG_FUNCTION_ARGS)
1978 {
1979  Oid roleid = PG_GETARG_OID(0);
1980  Oid tableoid = PG_GETARG_OID(1);
1981  text *priv_type_text = PG_GETARG_TEXT_PP(2);
1982  AclMode mode;
1983  AclResult aclresult;
1984 
1985  mode = convert_table_priv_string(priv_type_text);
1986 
1987  if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
1988  PG_RETURN_NULL();
1989 
1990  aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1991 
1992  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1993 }
1994 
1995 /*
1996  * Support routines for has_table_privilege family.
1997  */
1998 
1999 /*
2000  * Given a table name expressed as a string, look it up and return Oid
2001  */
2002 static Oid
2003 convert_table_name(text *tablename)
2004 {
2005  RangeVar *relrv;
2006 
2007  relrv = makeRangeVarFromNameList(textToQualifiedNameList(tablename));
2008 
2009  /* We might not even have permissions on this relation; don't lock it. */
2010  return RangeVarGetRelid(relrv, NoLock, false);
2011 }
2012 
2013 /*
2014  * convert_table_priv_string
2015  * Convert text string to AclMode value.
2016  */
2017 static AclMode
2018 convert_table_priv_string(text *priv_type_text)
2019 {
2020  static const priv_map table_priv_map[] = {
2021  {"SELECT", ACL_SELECT},
2022  {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2023  {"INSERT", ACL_INSERT},
2024  {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2025  {"UPDATE", ACL_UPDATE},
2026  {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2027  {"DELETE", ACL_DELETE},
2028  {"DELETE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_DELETE)},
2029  {"TRUNCATE", ACL_TRUNCATE},
2030  {"TRUNCATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRUNCATE)},
2031  {"REFERENCES", ACL_REFERENCES},
2032  {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2033  {"TRIGGER", ACL_TRIGGER},
2034  {"TRIGGER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRIGGER)},
2035  {"RULE", 0}, /* ignore old RULE privileges */
2036  {"RULE WITH GRANT OPTION", 0},
2037  {NULL, 0}
2038  };
2039 
2040  return convert_any_priv_string(priv_type_text, table_priv_map);
2041 }
2042 
2043 /*
2044  * has_sequence_privilege variants
2045  * These are all named "has_sequence_privilege" at the SQL level.
2046  * They take various combinations of relation name, relation OID,
2047  * user name, user OID, or implicit user = current_user.
2048  *
2049  * The result is a boolean value: true if user has the indicated
2050  * privilege, false if not. The variants that take a relation OID
2051  * return NULL if the OID doesn't exist.
2052  */
2053 
2054 /*
2055  * has_sequence_privilege_name_name
2056  * Check user privileges on a sequence given
2057  * name username, text sequencename, and text priv name.
2058  */
2059 Datum
2060 has_sequence_privilege_name_name(PG_FUNCTION_ARGS)
2061 {
2062  Name rolename = PG_GETARG_NAME(0);
2063  text *sequencename = PG_GETARG_TEXT_PP(1);
2064  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2065  Oid roleid;
2066  Oid sequenceoid;
2067  AclMode mode;
2068  AclResult aclresult;
2069 
2070  roleid = get_role_oid_or_public(NameStr(*rolename));
2071  mode = convert_sequence_priv_string(priv_type_text);
2072  sequenceoid = convert_table_name(sequencename);
2073  if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2074  ereport(ERROR,
2075  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2076  errmsg("\"%s\" is not a sequence",
2077  text_to_cstring(sequencename))));
2078 
2079  aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2080 
2081  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2082 }
2083 
2084 /*
2085  * has_sequence_privilege_name
2086  * Check user privileges on a sequence given
2087  * text sequencename and text priv name.
2088  * current_user is assumed
2089  */
2090 Datum
2091 has_sequence_privilege_name(PG_FUNCTION_ARGS)
2092 {
2093  text *sequencename = PG_GETARG_TEXT_PP(0);
2094  text *priv_type_text = PG_GETARG_TEXT_PP(1);
2095  Oid roleid;
2096  Oid sequenceoid;
2097  AclMode mode;
2098  AclResult aclresult;
2099 
2100  roleid = GetUserId();
2101  mode = convert_sequence_priv_string(priv_type_text);
2102  sequenceoid = convert_table_name(sequencename);
2103  if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2104  ereport(ERROR,
2105  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2106  errmsg("\"%s\" is not a sequence",
2107  text_to_cstring(sequencename))));
2108 
2109  aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2110 
2111  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2112 }
2113 
2114 /*
2115  * has_sequence_privilege_name_id
2116  * Check user privileges on a sequence given
2117  * name usename, sequence oid, and text priv name.
2118  */
2119 Datum
2120 has_sequence_privilege_name_id(PG_FUNCTION_ARGS)
2121 {
2122  Name username = PG_GETARG_NAME(0);
2123  Oid sequenceoid = PG_GETARG_OID(1);
2124  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2125  Oid roleid;
2126  AclMode mode;
2127  AclResult aclresult;
2128  char relkind;
2129 
2130  roleid = get_role_oid_or_public(NameStr(*username));
2131  mode = convert_sequence_priv_string(priv_type_text);
2132  relkind = get_rel_relkind(sequenceoid);
2133  if (relkind == '\0')
2134  PG_RETURN_NULL();
2135  else if (relkind != RELKIND_SEQUENCE)
2136  ereport(ERROR,
2137  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2138  errmsg("\"%s\" is not a sequence",
2139  get_rel_name(sequenceoid))));
2140 
2141  aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2142 
2143  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2144 }
2145 
2146 /*
2147  * has_sequence_privilege_id
2148  * Check user privileges on a sequence given
2149  * sequence oid, and text priv name.
2150  * current_user is assumed
2151  */
2152 Datum
2153 has_sequence_privilege_id(PG_FUNCTION_ARGS)
2154 {
2155  Oid sequenceoid = PG_GETARG_OID(0);
2156  text *priv_type_text = PG_GETARG_TEXT_PP(1);
2157  Oid roleid;
2158  AclMode mode;
2159  AclResult aclresult;
2160  char relkind;
2161 
2162  roleid = GetUserId();
2163  mode = convert_sequence_priv_string(priv_type_text);
2164  relkind = get_rel_relkind(sequenceoid);
2165  if (relkind == '\0')
2166  PG_RETURN_NULL();
2167  else if (relkind != RELKIND_SEQUENCE)
2168  ereport(ERROR,
2169  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2170  errmsg("\"%s\" is not a sequence",
2171  get_rel_name(sequenceoid))));
2172 
2173  aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2174 
2175  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2176 }
2177 
2178 /*
2179  * has_sequence_privilege_id_name
2180  * Check user privileges on a sequence given
2181  * roleid, text sequencename, and text priv name.
2182  */
2183 Datum
2184 has_sequence_privilege_id_name(PG_FUNCTION_ARGS)
2185 {
2186  Oid roleid = PG_GETARG_OID(0);
2187  text *sequencename = PG_GETARG_TEXT_PP(1);
2188  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2189  Oid sequenceoid;
2190  AclMode mode;
2191  AclResult aclresult;
2192 
2193  mode = convert_sequence_priv_string(priv_type_text);
2194  sequenceoid = convert_table_name(sequencename);
2195  if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2196  ereport(ERROR,
2197  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2198  errmsg("\"%s\" is not a sequence",
2199  text_to_cstring(sequencename))));
2200 
2201  aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2202 
2203  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2204 }
2205 
2206 /*
2207  * has_sequence_privilege_id_id
2208  * Check user privileges on a sequence given
2209  * roleid, sequence oid, and text priv name.
2210  */
2211 Datum
2212 has_sequence_privilege_id_id(PG_FUNCTION_ARGS)
2213 {
2214  Oid roleid = PG_GETARG_OID(0);
2215  Oid sequenceoid = PG_GETARG_OID(1);
2216  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2217  AclMode mode;
2218  AclResult aclresult;
2219  char relkind;
2220 
2221  mode = convert_sequence_priv_string(priv_type_text);
2222  relkind = get_rel_relkind(sequenceoid);
2223  if (relkind == '\0')
2224  PG_RETURN_NULL();
2225  else if (relkind != RELKIND_SEQUENCE)
2226  ereport(ERROR,
2227  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2228  errmsg("\"%s\" is not a sequence",
2229  get_rel_name(sequenceoid))));
2230 
2231  aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2232 
2233  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2234 }
2235 
2236 /*
2237  * convert_sequence_priv_string
2238  * Convert text string to AclMode value.
2239  */
2240 static AclMode
2241 convert_sequence_priv_string(text *priv_type_text)
2242 {
2243  static const priv_map sequence_priv_map[] = {
2244  {"USAGE", ACL_USAGE},
2245  {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
2246  {"SELECT", ACL_SELECT},
2247  {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2248  {"UPDATE", ACL_UPDATE},
2249  {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2250  {NULL, 0}
2251  };
2252 
2253  return convert_any_priv_string(priv_type_text, sequence_priv_map);
2254 }
2255 
2256 
2257 /*
2258  * has_any_column_privilege variants
2259  * These are all named "has_any_column_privilege" at the SQL level.
2260  * They take various combinations of relation name, relation OID,
2261  * user name, user OID, or implicit user = current_user.
2262  *
2263  * The result is a boolean value: true if user has the indicated
2264  * privilege for any column of the table, false if not. The variants
2265  * that take a relation OID return NULL if the OID doesn't exist.
2266  */
2267 
2268 /*
2269  * has_any_column_privilege_name_name
2270  * Check user privileges on any column of a table given
2271  * name username, text tablename, and text priv name.
2272  */
2273 Datum
2274 has_any_column_privilege_name_name(PG_FUNCTION_ARGS)
2275 {
2276  Name rolename = PG_GETARG_NAME(0);
2277  text *tablename = PG_GETARG_TEXT_PP(1);
2278  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2279  Oid roleid;
2280  Oid tableoid;
2281  AclMode mode;
2282  AclResult aclresult;
2283 
2284  roleid = get_role_oid_or_public(NameStr(*rolename));
2285  tableoid = convert_table_name(tablename);
2286  mode = convert_column_priv_string(priv_type_text);
2287 
2288  /* First check at table level, then examine each column if needed */
2289  aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2290  if (aclresult != ACLCHECK_OK)
2291  aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2292  ACLMASK_ANY);
2293 
2294  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2295 }
2296 
2297 /*
2298  * has_any_column_privilege_name
2299  * Check user privileges on any column of a table given
2300  * text tablename and text priv name.
2301  * current_user is assumed
2302  */
2303 Datum
2304 has_any_column_privilege_name(PG_FUNCTION_ARGS)
2305 {
2306  text *tablename = PG_GETARG_TEXT_PP(0);
2307  text *priv_type_text = PG_GETARG_TEXT_PP(1);
2308  Oid roleid;
2309  Oid tableoid;
2310  AclMode mode;
2311  AclResult aclresult;
2312 
2313  roleid = GetUserId();
2314  tableoid = convert_table_name(tablename);
2315  mode = convert_column_priv_string(priv_type_text);
2316 
2317  /* First check at table level, then examine each column if needed */
2318  aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2319  if (aclresult != ACLCHECK_OK)
2320  aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2321  ACLMASK_ANY);
2322 
2323  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2324 }
2325 
2326 /*
2327  * has_any_column_privilege_name_id
2328  * Check user privileges on any column of a table given
2329  * name usename, table oid, and text priv name.
2330  */
2331 Datum
2332 has_any_column_privilege_name_id(PG_FUNCTION_ARGS)
2333 {
2334  Name username = PG_GETARG_NAME(0);
2335  Oid tableoid = PG_GETARG_OID(1);
2336  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2337  Oid roleid;
2338  AclMode mode;
2339  AclResult aclresult;
2340 
2341  roleid = get_role_oid_or_public(NameStr(*username));
2342  mode = convert_column_priv_string(priv_type_text);
2343 
2344  if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
2345  PG_RETURN_NULL();
2346 
2347  /* First check at table level, then examine each column if needed */
2348  aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2349  if (aclresult != ACLCHECK_OK)
2350  aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2351  ACLMASK_ANY);
2352 
2353  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2354 }
2355 
2356 /*
2357  * has_any_column_privilege_id
2358  * Check user privileges on any column of a table given
2359  * table oid, and text priv name.
2360  * current_user is assumed
2361  */
2362 Datum
2363 has_any_column_privilege_id(PG_FUNCTION_ARGS)
2364 {
2365  Oid tableoid = PG_GETARG_OID(0);
2366  text *priv_type_text = PG_GETARG_TEXT_PP(1);
2367  Oid roleid;
2368  AclMode mode;
2369  AclResult aclresult;
2370 
2371  roleid = GetUserId();
2372  mode = convert_column_priv_string(priv_type_text);
2373 
2374  if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
2375  PG_RETURN_NULL();
2376 
2377  /* First check at table level, then examine each column if needed */
2378  aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2379  if (aclresult != ACLCHECK_OK)
2380  aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2381  ACLMASK_ANY);
2382 
2383  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2384 }
2385 
2386 /*
2387  * has_any_column_privilege_id_name
2388  * Check user privileges on any column of a table given
2389  * roleid, text tablename, and text priv name.
2390  */
2391 Datum
2392 has_any_column_privilege_id_name(PG_FUNCTION_ARGS)
2393 {
2394  Oid roleid = PG_GETARG_OID(0);
2395  text *tablename = PG_GETARG_TEXT_PP(1);
2396  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2397  Oid tableoid;
2398  AclMode mode;
2399  AclResult aclresult;
2400 
2401  tableoid = convert_table_name(tablename);
2402  mode = convert_column_priv_string(priv_type_text);
2403 
2404  /* First check at table level, then examine each column if needed */
2405  aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2406  if (aclresult != ACLCHECK_OK)
2407  aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2408  ACLMASK_ANY);
2409 
2410  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2411 }
2412 
2413 /*
2414  * has_any_column_privilege_id_id
2415  * Check user privileges on any column of a table given
2416  * roleid, table oid, and text priv name.
2417  */
2418 Datum
2419 has_any_column_privilege_id_id(PG_FUNCTION_ARGS)
2420 {
2421  Oid roleid = PG_GETARG_OID(0);
2422  Oid tableoid = PG_GETARG_OID(1);
2423  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2424  AclMode mode;
2425  AclResult aclresult;
2426 
2427  mode = convert_column_priv_string(priv_type_text);
2428 
2429  if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
2430  PG_RETURN_NULL();
2431 
2432  /* First check at table level, then examine each column if needed */
2433  aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2434  if (aclresult != ACLCHECK_OK)
2435  aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2436  ACLMASK_ANY);
2437 
2438  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2439 }
2440 
2441 
2442 /*
2443  * has_column_privilege variants
2444  * These are all named "has_column_privilege" at the SQL level.
2445  * They take various combinations of relation name, relation OID,
2446  * column name, column attnum, user name, user OID, or
2447  * implicit user = current_user.
2448  *
2449  * The result is a boolean value: true if user has the indicated
2450  * privilege, false if not. The variants that take a relation OID
2451  * and an integer attnum return NULL (rather than throwing an error)
2452  * if the column doesn't exist or is dropped.
2453  */
2454 
2455 /*
2456  * column_privilege_check: check column privileges, but don't throw an error
2457  * for dropped column or table
2458  *
2459  * Returns 1 if have the privilege, 0 if not, -1 if dropped column/table.
2460  */
2461 static int
2462 column_privilege_check(Oid tableoid, AttrNumber attnum,
2463  Oid roleid, AclMode mode)
2464 {
2465  AclResult aclresult;
2466  HeapTuple attTuple;
2467  Form_pg_attribute attributeForm;
2468 
2469  /*
2470  * First check if we have the privilege at the table level. We check
2471  * existence of the pg_class row before risking calling pg_class_aclcheck.
2472  * Note: it might seem there's a race condition against concurrent DROP,
2473  * but really it's safe because there will be no syscache flush between
2474  * here and there. So if we see the row in the syscache, so will
2475  * pg_class_aclcheck.
2476  */
2477  if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
2478  return -1;
2479 
2480  aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2481 
2482  if (aclresult == ACLCHECK_OK)
2483  return true;
2484 
2485  /*
2486  * No table privilege, so try per-column privileges. Again, we have to
2487  * check for dropped attribute first, and we rely on the syscache not to
2488  * notice a concurrent drop before pg_attribute_aclcheck fetches the row.
2489  */
2490  attTuple = SearchSysCache2(ATTNUM,
2491  ObjectIdGetDatum(tableoid),
2492  Int16GetDatum(attnum));
2493  if (!HeapTupleIsValid(attTuple))
2494  return -1;
2495  attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
2496  if (attributeForm->attisdropped)
2497  {
2498  ReleaseSysCache(attTuple);
2499  return -1;
2500  }
2501  ReleaseSysCache(attTuple);
2502 
2503  aclresult = pg_attribute_aclcheck(tableoid, attnum, roleid, mode);
2504 
2505  return (aclresult == ACLCHECK_OK);
2506 }
2507 
2508 /*
2509  * has_column_privilege_name_name_name
2510  * Check user privileges on a column given
2511  * name username, text tablename, text colname, and text priv name.
2512  */
2513 Datum
2514 has_column_privilege_name_name_name(PG_FUNCTION_ARGS)
2515 {
2516  Name rolename = PG_GETARG_NAME(0);
2517  text *tablename = PG_GETARG_TEXT_PP(1);
2518  text *column = PG_GETARG_TEXT_PP(2);
2519  text *priv_type_text = PG_GETARG_TEXT_PP(3);
2520  Oid roleid;
2521  Oid tableoid;
2522  AttrNumber colattnum;
2523  AclMode mode;
2524  int privresult;
2525 
2526  roleid = get_role_oid_or_public(NameStr(*rolename));
2527  tableoid = convert_table_name(tablename);
2528  colattnum = convert_column_name(tableoid, column);
2529  mode = convert_column_priv_string(priv_type_text);
2530 
2531  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2532  if (privresult < 0)
2533  PG_RETURN_NULL();
2534  PG_RETURN_BOOL(privresult);
2535 }
2536 
2537 /*
2538  * has_column_privilege_name_name_attnum
2539  * Check user privileges on a column given
2540  * name username, text tablename, int attnum, and text priv name.
2541  */
2542 Datum
2543 has_column_privilege_name_name_attnum(PG_FUNCTION_ARGS)
2544 {
2545  Name rolename = PG_GETARG_NAME(0);
2546  text *tablename = PG_GETARG_TEXT_PP(1);
2547  AttrNumber colattnum = PG_GETARG_INT16(2);
2548  text *priv_type_text = PG_GETARG_TEXT_PP(3);
2549  Oid roleid;
2550  Oid tableoid;
2551  AclMode mode;
2552  int privresult;
2553 
2554  roleid = get_role_oid_or_public(NameStr(*rolename));
2555  tableoid = convert_table_name(tablename);
2556  mode = convert_column_priv_string(priv_type_text);
2557 
2558  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2559  if (privresult < 0)
2560  PG_RETURN_NULL();
2561  PG_RETURN_BOOL(privresult);
2562 }
2563 
2564 /*
2565  * has_column_privilege_name_id_name
2566  * Check user privileges on a column given
2567  * name username, table oid, text colname, and text priv name.
2568  */
2569 Datum
2570 has_column_privilege_name_id_name(PG_FUNCTION_ARGS)
2571 {
2572  Name username = PG_GETARG_NAME(0);
2573  Oid tableoid = PG_GETARG_OID(1);
2574  text *column = PG_GETARG_TEXT_PP(2);
2575  text *priv_type_text = PG_GETARG_TEXT_PP(3);
2576  Oid roleid;
2577  AttrNumber colattnum;
2578  AclMode mode;
2579  int privresult;
2580 
2581  roleid = get_role_oid_or_public(NameStr(*username));
2582  colattnum = convert_column_name(tableoid, column);
2583  mode = convert_column_priv_string(priv_type_text);
2584 
2585  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2586  if (privresult < 0)
2587  PG_RETURN_NULL();
2588  PG_RETURN_BOOL(privresult);
2589 }
2590 
2591 /*
2592  * has_column_privilege_name_id_attnum
2593  * Check user privileges on a column given
2594  * name username, table oid, int attnum, and text priv name.
2595  */
2596 Datum
2597 has_column_privilege_name_id_attnum(PG_FUNCTION_ARGS)
2598 {
2599  Name username = PG_GETARG_NAME(0);
2600  Oid tableoid = PG_GETARG_OID(1);
2601  AttrNumber colattnum = PG_GETARG_INT16(2);
2602  text *priv_type_text = PG_GETARG_TEXT_PP(3);
2603  Oid roleid;
2604  AclMode mode;
2605  int privresult;
2606 
2607  roleid = get_role_oid_or_public(NameStr(*username));
2608  mode = convert_column_priv_string(priv_type_text);
2609 
2610  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2611  if (privresult < 0)
2612  PG_RETURN_NULL();
2613  PG_RETURN_BOOL(privresult);
2614 }
2615 
2616 /*
2617  * has_column_privilege_id_name_name
2618  * Check user privileges on a column given
2619  * oid roleid, text tablename, text colname, and text priv name.
2620  */
2621 Datum
2622 has_column_privilege_id_name_name(PG_FUNCTION_ARGS)
2623 {
2624  Oid roleid = PG_GETARG_OID(0);
2625  text *tablename = PG_GETARG_TEXT_PP(1);
2626  text *column = PG_GETARG_TEXT_PP(2);
2627  text *priv_type_text = PG_GETARG_TEXT_PP(3);
2628  Oid tableoid;
2629  AttrNumber colattnum;
2630  AclMode mode;
2631  int privresult;
2632 
2633  tableoid = convert_table_name(tablename);
2634  colattnum = convert_column_name(tableoid, column);
2635  mode = convert_column_priv_string(priv_type_text);
2636 
2637  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2638  if (privresult < 0)
2639  PG_RETURN_NULL();
2640  PG_RETURN_BOOL(privresult);
2641 }
2642 
2643 /*
2644  * has_column_privilege_id_name_attnum
2645  * Check user privileges on a column given
2646  * oid roleid, text tablename, int attnum, and text priv name.
2647  */
2648 Datum
2649 has_column_privilege_id_name_attnum(PG_FUNCTION_ARGS)
2650 {
2651  Oid roleid = PG_GETARG_OID(0);
2652  text *tablename = PG_GETARG_TEXT_PP(1);
2653  AttrNumber colattnum = PG_GETARG_INT16(2);
2654  text *priv_type_text = PG_GETARG_TEXT_PP(3);
2655  Oid tableoid;
2656  AclMode mode;
2657  int privresult;
2658 
2659  tableoid = convert_table_name(tablename);
2660  mode = convert_column_priv_string(priv_type_text);
2661 
2662  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2663  if (privresult < 0)
2664  PG_RETURN_NULL();
2665  PG_RETURN_BOOL(privresult);
2666 }
2667 
2668 /*
2669  * has_column_privilege_id_id_name
2670  * Check user privileges on a column given
2671  * oid roleid, table oid, text colname, and text priv name.
2672  */
2673 Datum
2674 has_column_privilege_id_id_name(PG_FUNCTION_ARGS)
2675 {
2676  Oid roleid = PG_GETARG_OID(0);
2677  Oid tableoid = PG_GETARG_OID(1);
2678  text *column = PG_GETARG_TEXT_PP(2);
2679  text *priv_type_text = PG_GETARG_TEXT_PP(3);
2680  AttrNumber colattnum;
2681  AclMode mode;
2682  int privresult;
2683 
2684  colattnum = convert_column_name(tableoid, column);
2685  mode = convert_column_priv_string(priv_type_text);
2686 
2687  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2688  if (privresult < 0)
2689  PG_RETURN_NULL();
2690  PG_RETURN_BOOL(privresult);
2691 }
2692 
2693 /*
2694  * has_column_privilege_id_id_attnum
2695  * Check user privileges on a column given
2696  * oid roleid, table oid, int attnum, and text priv name.
2697  */
2698 Datum
2699 has_column_privilege_id_id_attnum(PG_FUNCTION_ARGS)
2700 {
2701  Oid roleid = PG_GETARG_OID(0);
2702  Oid tableoid = PG_GETARG_OID(1);
2703  AttrNumber colattnum = PG_GETARG_INT16(2);
2704  text *priv_type_text = PG_GETARG_TEXT_PP(3);
2705  AclMode mode;
2706  int privresult;
2707 
2708  mode = convert_column_priv_string(priv_type_text);
2709 
2710  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2711  if (privresult < 0)
2712  PG_RETURN_NULL();
2713  PG_RETURN_BOOL(privresult);
2714 }
2715 
2716 /*
2717  * has_column_privilege_name_name
2718  * Check user privileges on a column given
2719  * text tablename, text colname, and text priv name.
2720  * current_user is assumed
2721  */
2722 Datum
2723 has_column_privilege_name_name(PG_FUNCTION_ARGS)
2724 {
2725  text *tablename = PG_GETARG_TEXT_PP(0);
2726  text *column = PG_GETARG_TEXT_PP(1);
2727  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2728  Oid roleid;
2729  Oid tableoid;
2730  AttrNumber colattnum;
2731  AclMode mode;
2732  int privresult;
2733 
2734  roleid = GetUserId();
2735  tableoid = convert_table_name(tablename);
2736  colattnum = convert_column_name(tableoid, column);
2737  mode = convert_column_priv_string(priv_type_text);
2738 
2739  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2740  if (privresult < 0)
2741  PG_RETURN_NULL();
2742  PG_RETURN_BOOL(privresult);
2743 }
2744 
2745 /*
2746  * has_column_privilege_name_attnum
2747  * Check user privileges on a column given
2748  * text tablename, int attnum, and text priv name.
2749  * current_user is assumed
2750  */
2751 Datum
2752 has_column_privilege_name_attnum(PG_FUNCTION_ARGS)
2753 {
2754  text *tablename = PG_GETARG_TEXT_PP(0);
2755  AttrNumber colattnum = PG_GETARG_INT16(1);
2756  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2757  Oid roleid;
2758  Oid tableoid;
2759  AclMode mode;
2760  int privresult;
2761 
2762  roleid = GetUserId();
2763  tableoid = convert_table_name(tablename);
2764  mode = convert_column_priv_string(priv_type_text);
2765 
2766  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2767  if (privresult < 0)
2768  PG_RETURN_NULL();
2769  PG_RETURN_BOOL(privresult);
2770 }
2771 
2772 /*
2773  * has_column_privilege_id_name
2774  * Check user privileges on a column given
2775  * table oid, text colname, and text priv name.
2776  * current_user is assumed
2777  */
2778 Datum
2779 has_column_privilege_id_name(PG_FUNCTION_ARGS)
2780 {
2781  Oid tableoid = PG_GETARG_OID(0);
2782  text *column = PG_GETARG_TEXT_PP(1);
2783  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2784  Oid roleid;
2785  AttrNumber colattnum;
2786  AclMode mode;
2787  int privresult;
2788 
2789  roleid = GetUserId();
2790  colattnum = convert_column_name(tableoid, column);
2791  mode = convert_column_priv_string(priv_type_text);
2792 
2793  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2794  if (privresult < 0)
2795  PG_RETURN_NULL();
2796  PG_RETURN_BOOL(privresult);
2797 }
2798 
2799 /*
2800  * has_column_privilege_id_attnum
2801  * Check user privileges on a column given
2802  * table oid, int attnum, and text priv name.
2803  * current_user is assumed
2804  */
2805 Datum
2806 has_column_privilege_id_attnum(PG_FUNCTION_ARGS)
2807 {
2808  Oid tableoid = PG_GETARG_OID(0);
2809  AttrNumber colattnum = PG_GETARG_INT16(1);
2810  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2811  Oid roleid;
2812  AclMode mode;
2813  int privresult;
2814 
2815  roleid = GetUserId();
2816  mode = convert_column_priv_string(priv_type_text);
2817 
2818  privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2819  if (privresult < 0)
2820  PG_RETURN_NULL();
2821  PG_RETURN_BOOL(privresult);
2822 }
2823 
2824 /*
2825  * Support routines for has_column_privilege family.
2826  */
2827 
2828 /*
2829  * Given a table OID and a column name expressed as a string, look it up
2830  * and return the column number
2831  */
2832 static AttrNumber
2833 convert_column_name(Oid tableoid, text *column)
2834 {
2835  AttrNumber attnum;
2836  char *colname;
2837 
2838  colname = text_to_cstring(column);
2839  attnum = get_attnum(tableoid, colname);
2840  if (attnum == InvalidAttrNumber)
2841  ereport(ERROR,
2842  (errcode(ERRCODE_UNDEFINED_COLUMN),
2843  errmsg("column \"%s\" of relation \"%s\" does not exist",
2844  colname, get_rel_name(tableoid))));
2845  pfree(colname);
2846  return attnum;
2847 }
2848 
2849 /*
2850  * convert_column_priv_string
2851  * Convert text string to AclMode value.
2852  */
2853 static AclMode
2854 convert_column_priv_string(text *priv_type_text)
2855 {
2856  static const priv_map column_priv_map[] = {
2857  {"SELECT", ACL_SELECT},
2858  {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2859  {"INSERT", ACL_INSERT},
2860  {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2861  {"UPDATE", ACL_UPDATE},
2862  {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2863  {"REFERENCES", ACL_REFERENCES},
2864  {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2865  {NULL, 0}
2866  };
2867 
2868  return convert_any_priv_string(priv_type_text, column_priv_map);
2869 }
2870 
2871 
2872 /*
2873  * has_database_privilege variants
2874  * These are all named "has_database_privilege" at the SQL level.
2875  * They take various combinations of database name, database OID,
2876  * user name, user OID, or implicit user = current_user.
2877  *
2878  * The result is a boolean value: true if user has the indicated
2879  * privilege, false if not, or NULL if object doesn't exist.
2880  */
2881 
2882 /*
2883  * has_database_privilege_name_name
2884  * Check user privileges on a database given
2885  * name username, text databasename, and text priv name.
2886  */
2887 Datum
2888 has_database_privilege_name_name(PG_FUNCTION_ARGS)
2889 {
2890  Name username = PG_GETARG_NAME(0);
2891  text *databasename = PG_GETARG_TEXT_PP(1);
2892  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2893  Oid roleid;
2894  Oid databaseoid;
2895  AclMode mode;
2896  AclResult aclresult;
2897 
2898  roleid = get_role_oid_or_public(NameStr(*username));
2899  databaseoid = convert_database_name(databasename);
2900  mode = convert_database_priv_string(priv_type_text);
2901 
2902  aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
2903 
2904  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2905 }
2906 
2907 /*
2908  * has_database_privilege_name
2909  * Check user privileges on a database given
2910  * text databasename and text priv name.
2911  * current_user is assumed
2912  */
2913 Datum
2914 has_database_privilege_name(PG_FUNCTION_ARGS)
2915 {
2916  text *databasename = PG_GETARG_TEXT_PP(0);
2917  text *priv_type_text = PG_GETARG_TEXT_PP(1);
2918  Oid roleid;
2919  Oid databaseoid;
2920  AclMode mode;
2921  AclResult aclresult;
2922 
2923  roleid = GetUserId();
2924  databaseoid = convert_database_name(databasename);
2925  mode = convert_database_priv_string(priv_type_text);
2926 
2927  aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
2928 
2929  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2930 }
2931 
2932 /*
2933  * has_database_privilege_name_id
2934  * Check user privileges on a database given
2935  * name usename, database oid, and text priv name.
2936  */
2937 Datum
2938 has_database_privilege_name_id(PG_FUNCTION_ARGS)
2939 {
2940  Name username = PG_GETARG_NAME(0);
2941  Oid databaseoid = PG_GETARG_OID(1);
2942  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2943  Oid roleid;
2944  AclMode mode;
2945  AclResult aclresult;
2946 
2947  roleid = get_role_oid_or_public(NameStr(*username));
2948  mode = convert_database_priv_string(priv_type_text);
2949 
2950  if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
2951  PG_RETURN_NULL();
2952 
2953  aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
2954 
2955  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2956 }
2957 
2958 /*
2959  * has_database_privilege_id
2960  * Check user privileges on a database given
2961  * database oid, and text priv name.
2962  * current_user is assumed
2963  */
2964 Datum
2965 has_database_privilege_id(PG_FUNCTION_ARGS)
2966 {
2967  Oid databaseoid = PG_GETARG_OID(0);
2968  text *priv_type_text = PG_GETARG_TEXT_PP(1);
2969  Oid roleid;
2970  AclMode mode;
2971  AclResult aclresult;
2972 
2973  roleid = GetUserId();
2974  mode = convert_database_priv_string(priv_type_text);
2975 
2976  if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
2977  PG_RETURN_NULL();
2978 
2979  aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
2980 
2981  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2982 }
2983 
2984 /*
2985  * has_database_privilege_id_name
2986  * Check user privileges on a database given
2987  * roleid, text databasename, and text priv name.
2988  */
2989 Datum
2990 has_database_privilege_id_name(PG_FUNCTION_ARGS)
2991 {
2992  Oid roleid = PG_GETARG_OID(0);
2993  text *databasename = PG_GETARG_TEXT_PP(1);
2994  text *priv_type_text = PG_GETARG_TEXT_PP(2);
2995  Oid databaseoid;
2996  AclMode mode;
2997  AclResult aclresult;
2998 
2999  databaseoid = convert_database_name(databasename);
3000  mode = convert_database_priv_string(priv_type_text);
3001 
3002  aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
3003 
3004  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3005 }
3006 
3007 /*
3008  * has_database_privilege_id_id
3009  * Check user privileges on a database given
3010  * roleid, database oid, and text priv name.
3011  */
3012 Datum
3013 has_database_privilege_id_id(PG_FUNCTION_ARGS)
3014 {
3015  Oid roleid = PG_GETARG_OID(0);
3016  Oid databaseoid = PG_GETARG_OID(1);
3017  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3018  AclMode mode;
3019  AclResult aclresult;
3020 
3021  mode = convert_database_priv_string(priv_type_text);
3022 
3023  if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
3024  PG_RETURN_NULL();
3025 
3026  aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
3027 
3028  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3029 }
3030 
3031 /*
3032  * Support routines for has_database_privilege family.
3033  */
3034 
3035 /*
3036  * Given a database name expressed as a string, look it up and return Oid
3037  */
3038 static Oid
3039 convert_database_name(text *databasename)
3040 {
3041  char *dbname = text_to_cstring(databasename);
3042 
3043  return get_database_oid(dbname, false);
3044 }
3045 
3046 /*
3047  * convert_database_priv_string
3048  * Convert text string to AclMode value.
3049  */
3050 static AclMode
3051 convert_database_priv_string(text *priv_type_text)
3052 {
3053  static const priv_map database_priv_map[] = {
3054  {"CREATE", ACL_CREATE},
3055  {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
3056  {"TEMPORARY", ACL_CREATE_TEMP},
3057  {"TEMPORARY WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3058  {"TEMP", ACL_CREATE_TEMP},
3059  {"TEMP WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3060  {"CONNECT", ACL_CONNECT},
3061  {"CONNECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CONNECT)},
3062  {NULL, 0}
3063  };
3064 
3065  return convert_any_priv_string(priv_type_text, database_priv_map);
3066 
3067 }
3068 
3069 
3070 /*
3071  * has_foreign_data_wrapper_privilege variants
3072  * These are all named "has_foreign_data_wrapper_privilege" at the SQL level.
3073  * They take various combinations of foreign-data wrapper name,
3074  * fdw OID, user name, user OID, or implicit user = current_user.
3075  *
3076  * The result is a boolean value: true if user has the indicated
3077  * privilege, false if not.
3078  */
3079 
3080 /*
3081  * has_foreign_data_wrapper_privilege_name_name
3082  * Check user privileges on a foreign-data wrapper given
3083  * name username, text fdwname, and text priv name.
3084  */
3085 Datum
3086 has_foreign_data_wrapper_privilege_name_name(PG_FUNCTION_ARGS)
3087 {
3088  Name username = PG_GETARG_NAME(0);
3089  text *fdwname = PG_GETARG_TEXT_PP(1);
3090  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3091  Oid roleid;
3092  Oid fdwid;
3093  AclMode mode;
3094  AclResult aclresult;
3095 
3096  roleid = get_role_oid_or_public(NameStr(*username));
3097  fdwid = convert_foreign_data_wrapper_name(fdwname);
3098  mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3099 
3100  aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3101 
3102  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3103 }
3104 
3105 /*
3106  * has_foreign_data_wrapper_privilege_name
3107  * Check user privileges on a foreign-data wrapper given
3108  * text fdwname and text priv name.
3109  * current_user is assumed
3110  */
3111 Datum
3112 has_foreign_data_wrapper_privilege_name(PG_FUNCTION_ARGS)
3113 {
3114  text *fdwname = PG_GETARG_TEXT_PP(0);
3115  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3116  Oid roleid;
3117  Oid fdwid;
3118  AclMode mode;
3119  AclResult aclresult;
3120 
3121  roleid = GetUserId();
3122  fdwid = convert_foreign_data_wrapper_name(fdwname);
3123  mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3124 
3125  aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3126 
3127  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3128 }
3129 
3130 /*
3131  * has_foreign_data_wrapper_privilege_name_id
3132  * Check user privileges on a foreign-data wrapper given
3133  * name usename, foreign-data wrapper oid, and text priv name.
3134  */
3135 Datum
3136 has_foreign_data_wrapper_privilege_name_id(PG_FUNCTION_ARGS)
3137 {
3138  Name username = PG_GETARG_NAME(0);
3139  Oid fdwid = PG_GETARG_OID(1);
3140  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3141  Oid roleid;
3142  AclMode mode;
3143  AclResult aclresult;
3144 
3145  roleid = get_role_oid_or_public(NameStr(*username));
3146  mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3147 
3148  aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3149 
3150  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3151 }
3152 
3153 /*
3154  * has_foreign_data_wrapper_privilege_id
3155  * Check user privileges on a foreign-data wrapper given
3156  * foreign-data wrapper oid, and text priv name.
3157  * current_user is assumed
3158  */
3159 Datum
3160 has_foreign_data_wrapper_privilege_id(PG_FUNCTION_ARGS)
3161 {
3162  Oid fdwid = PG_GETARG_OID(0);
3163  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3164  Oid roleid;
3165  AclMode mode;
3166  AclResult aclresult;
3167 
3168  roleid = GetUserId();
3169  mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3170 
3171  aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3172 
3173  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3174 }
3175 
3176 /*
3177  * has_foreign_data_wrapper_privilege_id_name
3178  * Check user privileges on a foreign-data wrapper given
3179  * roleid, text fdwname, and text priv name.
3180  */
3181 Datum
3182 has_foreign_data_wrapper_privilege_id_name(PG_FUNCTION_ARGS)
3183 {
3184  Oid roleid = PG_GETARG_OID(0);
3185  text *fdwname = PG_GETARG_TEXT_PP(1);
3186  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3187  Oid fdwid;
3188  AclMode mode;
3189  AclResult aclresult;
3190 
3191  fdwid = convert_foreign_data_wrapper_name(fdwname);
3192  mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3193 
3194  aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3195 
3196  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3197 }
3198 
3199 /*
3200  * has_foreign_data_wrapper_privilege_id_id
3201  * Check user privileges on a foreign-data wrapper given
3202  * roleid, fdw oid, and text priv name.
3203  */
3204 Datum
3205 has_foreign_data_wrapper_privilege_id_id(PG_FUNCTION_ARGS)
3206 {
3207  Oid roleid = PG_GETARG_OID(0);
3208  Oid fdwid = PG_GETARG_OID(1);
3209  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3210  AclMode mode;
3211  AclResult aclresult;
3212 
3213  mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3214 
3215  aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3216 
3217  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3218 }
3219 
3220 /*
3221  * Support routines for has_foreign_data_wrapper_privilege family.
3222  */
3223 
3224 /*
3225  * Given a FDW name expressed as a string, look it up and return Oid
3226  */
3227 static Oid
3228 convert_foreign_data_wrapper_name(text *fdwname)
3229 {
3230  char *fdwstr = text_to_cstring(fdwname);
3231 
3232  return get_foreign_data_wrapper_oid(fdwstr, false);
3233 }
3234 
3235 /*
3236  * convert_foreign_data_wrapper_priv_string
3237  * Convert text string to AclMode value.
3238  */
3239 static AclMode
3240 convert_foreign_data_wrapper_priv_string(text *priv_type_text)
3241 {
3242  static const priv_map foreign_data_wrapper_priv_map[] = {
3243  {"USAGE", ACL_USAGE},
3244  {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3245  {NULL, 0}
3246  };
3247 
3248  return convert_any_priv_string(priv_type_text, foreign_data_wrapper_priv_map);
3249 }
3250 
3251 
3252 /*
3253  * has_function_privilege variants
3254  * These are all named "has_function_privilege" at the SQL level.
3255  * They take various combinations of function name, function OID,
3256  * user name, user OID, or implicit user = current_user.
3257  *
3258  * The result is a boolean value: true if user has the indicated
3259  * privilege, false if not, or NULL if object doesn't exist.
3260  */
3261 
3262 /*
3263  * has_function_privilege_name_name
3264  * Check user privileges on a function given
3265  * name username, text functionname, and text priv name.
3266  */
3267 Datum
3268 has_function_privilege_name_name(PG_FUNCTION_ARGS)
3269 {
3270  Name username = PG_GETARG_NAME(0);
3271  text *functionname = PG_GETARG_TEXT_PP(1);
3272  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3273  Oid roleid;
3274  Oid functionoid;
3275  AclMode mode;
3276  AclResult aclresult;
3277 
3278  roleid = get_role_oid_or_public(NameStr(*username));
3279  functionoid = convert_function_name(functionname);
3280  mode = convert_function_priv_string(priv_type_text);
3281 
3282  aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3283 
3284  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3285 }
3286 
3287 /*
3288  * has_function_privilege_name
3289  * Check user privileges on a function given
3290  * text functionname and text priv name.
3291  * current_user is assumed
3292  */
3293 Datum
3294 has_function_privilege_name(PG_FUNCTION_ARGS)
3295 {
3296  text *functionname = PG_GETARG_TEXT_PP(0);
3297  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3298  Oid roleid;
3299  Oid functionoid;
3300  AclMode mode;
3301  AclResult aclresult;
3302 
3303  roleid = GetUserId();
3304  functionoid = convert_function_name(functionname);
3305  mode = convert_function_priv_string(priv_type_text);
3306 
3307  aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3308 
3309  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3310 }
3311 
3312 /*
3313  * has_function_privilege_name_id
3314  * Check user privileges on a function given
3315  * name usename, function oid, and text priv name.
3316  */
3317 Datum
3318 has_function_privilege_name_id(PG_FUNCTION_ARGS)
3319 {
3320  Name username = PG_GETARG_NAME(0);
3321  Oid functionoid = PG_GETARG_OID(1);
3322  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3323  Oid roleid;
3324  AclMode mode;
3325  AclResult aclresult;
3326 
3327  roleid = get_role_oid_or_public(NameStr(*username));
3328  mode = convert_function_priv_string(priv_type_text);
3329 
3330  if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
3331  PG_RETURN_NULL();
3332 
3333  aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3334 
3335  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3336 }
3337 
3338 /*
3339  * has_function_privilege_id
3340  * Check user privileges on a function given
3341  * function oid, and text priv name.
3342  * current_user is assumed
3343  */
3344 Datum
3345 has_function_privilege_id(PG_FUNCTION_ARGS)
3346 {
3347  Oid functionoid = PG_GETARG_OID(0);
3348  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3349  Oid roleid;
3350  AclMode mode;
3351  AclResult aclresult;
3352 
3353  roleid = GetUserId();
3354  mode = convert_function_priv_string(priv_type_text);
3355 
3356  if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
3357  PG_RETURN_NULL();
3358 
3359  aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3360 
3361  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3362 }
3363 
3364 /*
3365  * has_function_privilege_id_name
3366  * Check user privileges on a function given
3367  * roleid, text functionname, and text priv name.
3368  */
3369 Datum
3370 has_function_privilege_id_name(PG_FUNCTION_ARGS)
3371 {
3372  Oid roleid = PG_GETARG_OID(0);
3373  text *functionname = PG_GETARG_TEXT_PP(1);
3374  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3375  Oid functionoid;
3376  AclMode mode;
3377  AclResult aclresult;
3378 
3379  functionoid = convert_function_name(functionname);
3380  mode = convert_function_priv_string(priv_type_text);
3381 
3382  aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3383 
3384  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3385 }
3386 
3387 /*
3388  * has_function_privilege_id_id
3389  * Check user privileges on a function given
3390  * roleid, function oid, and text priv name.
3391  */
3392 Datum
3393 has_function_privilege_id_id(PG_FUNCTION_ARGS)
3394 {
3395  Oid roleid = PG_GETARG_OID(0);
3396  Oid functionoid = PG_GETARG_OID(1);
3397  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3398  AclMode mode;
3399  AclResult aclresult;
3400 
3401  mode = convert_function_priv_string(priv_type_text);
3402 
3403  if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
3404  PG_RETURN_NULL();
3405 
3406  aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3407 
3408  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3409 }
3410 
3411 /*
3412  * Support routines for has_function_privilege family.
3413  */
3414 
3415 /*
3416  * Given a function name expressed as a string, look it up and return Oid
3417  */
3418 static Oid
3419 convert_function_name(text *functionname)
3420 {
3421  char *funcname = text_to_cstring(functionname);
3422  Oid oid;
3423 
3424  oid = DatumGetObjectId(DirectFunctionCall1(regprocedurein,
3425  CStringGetDatum(funcname)));
3426 
3427  if (!OidIsValid(oid))
3428  ereport(ERROR,
3429  (errcode(ERRCODE_UNDEFINED_FUNCTION),
3430  errmsg("function \"%s\" does not exist", funcname)));
3431 
3432  return oid;
3433 }
3434 
3435 /*
3436  * convert_function_priv_string
3437  * Convert text string to AclMode value.
3438  */
3439 static AclMode
3440 convert_function_priv_string(text *priv_type_text)
3441 {
3442  static const priv_map function_priv_map[] = {
3443  {"EXECUTE", ACL_EXECUTE},
3444  {"EXECUTE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_EXECUTE)},
3445  {NULL, 0}
3446  };
3447 
3448  return convert_any_priv_string(priv_type_text, function_priv_map);
3449 }
3450 
3451 
3452 /*
3453  * has_language_privilege variants
3454  * These are all named "has_language_privilege" at the SQL level.
3455  * They take various combinations of language name, language OID,
3456  * user name, user OID, or implicit user = current_user.
3457  *
3458  * The result is a boolean value: true if user has the indicated
3459  * privilege, false if not, or NULL if object doesn't exist.
3460  */
3461 
3462 /*
3463  * has_language_privilege_name_name
3464  * Check user privileges on a language given
3465  * name username, text languagename, and text priv name.
3466  */
3467 Datum
3468 has_language_privilege_name_name(PG_FUNCTION_ARGS)
3469 {
3470  Name username = PG_GETARG_NAME(0);
3471  text *languagename = PG_GETARG_TEXT_PP(1);
3472  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3473  Oid roleid;
3474  Oid languageoid;
3475  AclMode mode;
3476  AclResult aclresult;
3477 
3478  roleid = get_role_oid_or_public(NameStr(*username));
3479  languageoid = convert_language_name(languagename);
3480  mode = convert_language_priv_string(priv_type_text);
3481 
3482  aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3483 
3484  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3485 }
3486 
3487 /*
3488  * has_language_privilege_name
3489  * Check user privileges on a language given
3490  * text languagename and text priv name.
3491  * current_user is assumed
3492  */
3493 Datum
3494 has_language_privilege_name(PG_FUNCTION_ARGS)
3495 {
3496  text *languagename = PG_GETARG_TEXT_PP(0);
3497  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3498  Oid roleid;
3499  Oid languageoid;
3500  AclMode mode;
3501  AclResult aclresult;
3502 
3503  roleid = GetUserId();
3504  languageoid = convert_language_name(languagename);
3505  mode = convert_language_priv_string(priv_type_text);
3506 
3507  aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3508 
3509  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3510 }
3511 
3512 /*
3513  * has_language_privilege_name_id
3514  * Check user privileges on a language given
3515  * name usename, language oid, and text priv name.
3516  */
3517 Datum
3518 has_language_privilege_name_id(PG_FUNCTION_ARGS)
3519 {
3520  Name username = PG_GETARG_NAME(0);
3521  Oid languageoid = PG_GETARG_OID(1);
3522  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3523  Oid roleid;
3524  AclMode mode;
3525  AclResult aclresult;
3526 
3527  roleid = get_role_oid_or_public(NameStr(*username));
3528  mode = convert_language_priv_string(priv_type_text);
3529 
3530  if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
3531  PG_RETURN_NULL();
3532 
3533  aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3534 
3535  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3536 }
3537 
3538 /*
3539  * has_language_privilege_id
3540  * Check user privileges on a language given
3541  * language oid, and text priv name.
3542  * current_user is assumed
3543  */
3544 Datum
3545 has_language_privilege_id(PG_FUNCTION_ARGS)
3546 {
3547  Oid languageoid = PG_GETARG_OID(0);
3548  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3549  Oid roleid;
3550  AclMode mode;
3551  AclResult aclresult;
3552 
3553  roleid = GetUserId();
3554  mode = convert_language_priv_string(priv_type_text);
3555 
3556  if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
3557  PG_RETURN_NULL();
3558 
3559  aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3560 
3561  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3562 }
3563 
3564 /*
3565  * has_language_privilege_id_name
3566  * Check user privileges on a language given
3567  * roleid, text languagename, and text priv name.
3568  */
3569 Datum
3570 has_language_privilege_id_name(PG_FUNCTION_ARGS)
3571 {
3572  Oid roleid = PG_GETARG_OID(0);
3573  text *languagename = PG_GETARG_TEXT_PP(1);
3574  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3575  Oid languageoid;
3576  AclMode mode;
3577  AclResult aclresult;
3578 
3579  languageoid = convert_language_name(languagename);
3580  mode = convert_language_priv_string(priv_type_text);
3581 
3582  aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3583 
3584  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3585 }
3586 
3587 /*
3588  * has_language_privilege_id_id
3589  * Check user privileges on a language given
3590  * roleid, language oid, and text priv name.
3591  */
3592 Datum
3593 has_language_privilege_id_id(PG_FUNCTION_ARGS)
3594 {
3595  Oid roleid = PG_GETARG_OID(0);
3596  Oid languageoid = PG_GETARG_OID(1);
3597  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3598  AclMode mode;
3599  AclResult aclresult;
3600 
3601  mode = convert_language_priv_string(priv_type_text);
3602 
3603  if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
3604  PG_RETURN_NULL();
3605 
3606  aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3607 
3608  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3609 }
3610 
3611 /*
3612  * Support routines for has_language_privilege family.
3613  */
3614 
3615 /*
3616  * Given a language name expressed as a string, look it up and return Oid
3617  */
3618 static Oid
3619 convert_language_name(text *languagename)
3620 {
3621  char *langname = text_to_cstring(languagename);
3622 
3623  return get_language_oid(langname, false);
3624 }
3625 
3626 /*
3627  * convert_language_priv_string
3628  * Convert text string to AclMode value.
3629  */
3630 static AclMode
3631 convert_language_priv_string(text *priv_type_text)
3632 {
3633  static const priv_map language_priv_map[] = {
3634  {"USAGE", ACL_USAGE},
3635  {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3636  {NULL, 0}
3637  };
3638 
3639  return convert_any_priv_string(priv_type_text, language_priv_map);
3640 }
3641 
3642 
3643 /*
3644  * has_schema_privilege variants
3645  * These are all named "has_schema_privilege" at the SQL level.
3646  * They take various combinations of schema name, schema OID,
3647  * user name, user OID, or implicit user = current_user.
3648  *
3649  * The result is a boolean value: true if user has the indicated
3650  * privilege, false if not, or NULL if object doesn't exist.
3651  */
3652 
3653 /*
3654  * has_schema_privilege_name_name
3655  * Check user privileges on a schema given
3656  * name username, text schemaname, and text priv name.
3657  */
3658 Datum
3659 has_schema_privilege_name_name(PG_FUNCTION_ARGS)
3660 {
3661  Name username = PG_GETARG_NAME(0);
3662  text *schemaname = PG_GETARG_TEXT_PP(1);
3663  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3664  Oid roleid;
3665  Oid schemaoid;
3666  AclMode mode;
3667  AclResult aclresult;
3668 
3669  roleid = get_role_oid_or_public(NameStr(*username));
3670  schemaoid = convert_schema_name(schemaname);
3671  mode = convert_schema_priv_string(priv_type_text);
3672 
3673  aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3674 
3675  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3676 }
3677 
3678 /*
3679  * has_schema_privilege_name
3680  * Check user privileges on a schema given
3681  * text schemaname and text priv name.
3682  * current_user is assumed
3683  */
3684 Datum
3685 has_schema_privilege_name(PG_FUNCTION_ARGS)
3686 {
3687  text *schemaname = PG_GETARG_TEXT_PP(0);
3688  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3689  Oid roleid;
3690  Oid schemaoid;
3691  AclMode mode;
3692  AclResult aclresult;
3693 
3694  roleid = GetUserId();
3695  schemaoid = convert_schema_name(schemaname);
3696  mode = convert_schema_priv_string(priv_type_text);
3697 
3698  aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3699 
3700  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3701 }
3702 
3703 /*
3704  * has_schema_privilege_name_id
3705  * Check user privileges on a schema given
3706  * name usename, schema oid, and text priv name.
3707  */
3708 Datum
3709 has_schema_privilege_name_id(PG_FUNCTION_ARGS)
3710 {
3711  Name username = PG_GETARG_NAME(0);
3712  Oid schemaoid = PG_GETARG_OID(1);
3713  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3714  Oid roleid;
3715  AclMode mode;
3716  AclResult aclresult;
3717 
3718  roleid = get_role_oid_or_public(NameStr(*username));
3719  mode = convert_schema_priv_string(priv_type_text);
3720 
3721  if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
3722  PG_RETURN_NULL();
3723 
3724  aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3725 
3726  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3727 }
3728 
3729 /*
3730  * has_schema_privilege_id
3731  * Check user privileges on a schema given
3732  * schema oid, and text priv name.
3733  * current_user is assumed
3734  */
3735 Datum
3736 has_schema_privilege_id(PG_FUNCTION_ARGS)
3737 {
3738  Oid schemaoid = PG_GETARG_OID(0);
3739  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3740  Oid roleid;
3741  AclMode mode;
3742  AclResult aclresult;
3743 
3744  roleid = GetUserId();
3745  mode = convert_schema_priv_string(priv_type_text);
3746 
3747  if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
3748  PG_RETURN_NULL();
3749 
3750  aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3751 
3752  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3753 }
3754 
3755 /*
3756  * has_schema_privilege_id_name
3757  * Check user privileges on a schema given
3758  * roleid, text schemaname, and text priv name.
3759  */
3760 Datum
3761 has_schema_privilege_id_name(PG_FUNCTION_ARGS)
3762 {
3763  Oid roleid = PG_GETARG_OID(0);
3764  text *schemaname = PG_GETARG_TEXT_PP(1);
3765  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3766  Oid schemaoid;
3767  AclMode mode;
3768  AclResult aclresult;
3769 
3770  schemaoid = convert_schema_name(schemaname);
3771  mode = convert_schema_priv_string(priv_type_text);
3772 
3773  aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3774 
3775  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3776 }
3777 
3778 /*
3779  * has_schema_privilege_id_id
3780  * Check user privileges on a schema given
3781  * roleid, schema oid, and text priv name.
3782  */
3783 Datum
3784 has_schema_privilege_id_id(PG_FUNCTION_ARGS)
3785 {
3786  Oid roleid = PG_GETARG_OID(0);
3787  Oid schemaoid = PG_GETARG_OID(1);
3788  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3789  AclMode mode;
3790  AclResult aclresult;
3791 
3792  mode = convert_schema_priv_string(priv_type_text);
3793 
3794  if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
3795  PG_RETURN_NULL();
3796 
3797  aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3798 
3799  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3800 }
3801 
3802 /*
3803  * Support routines for has_schema_privilege family.
3804  */
3805 
3806 /*
3807  * Given a schema name expressed as a string, look it up and return Oid
3808  */
3809 static Oid
3810 convert_schema_name(text *schemaname)
3811 {
3812  char *nspname = text_to_cstring(schemaname);
3813 
3814  return get_namespace_oid(nspname, false);
3815 }
3816 
3817 /*
3818  * convert_schema_priv_string
3819  * Convert text string to AclMode value.
3820  */
3821 static AclMode
3822 convert_schema_priv_string(text *priv_type_text)
3823 {
3824  static const priv_map schema_priv_map[] = {
3825  {"CREATE", ACL_CREATE},
3826  {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
3827  {"USAGE", ACL_USAGE},
3828  {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3829  {NULL, 0}
3830  };
3831 
3832  return convert_any_priv_string(priv_type_text, schema_priv_map);
3833 }
3834 
3835 
3836 /*
3837  * has_server_privilege variants
3838  * These are all named "has_server_privilege" at the SQL level.
3839  * They take various combinations of foreign server name,
3840  * server OID, user name, user OID, or implicit user = current_user.
3841  *
3842  * The result is a boolean value: true if user has the indicated
3843  * privilege, false if not.
3844  */
3845 
3846 /*
3847  * has_server_privilege_name_name
3848  * Check user privileges on a foreign server given
3849  * name username, text servername, and text priv name.
3850  */
3851 Datum
3852 has_server_privilege_name_name(PG_FUNCTION_ARGS)
3853 {
3854  Name username = PG_GETARG_NAME(0);
3855  text *servername = PG_GETARG_TEXT_PP(1);
3856  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3857  Oid roleid;
3858  Oid serverid;
3859  AclMode mode;
3860  AclResult aclresult;
3861 
3862  roleid = get_role_oid_or_public(NameStr(*username));
3863  serverid = convert_server_name(servername);
3864  mode = convert_server_priv_string(priv_type_text);
3865 
3866  aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
3867 
3868  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3869 }
3870 
3871 /*
3872  * has_server_privilege_name
3873  * Check user privileges on a foreign server given
3874  * text servername and text priv name.
3875  * current_user is assumed
3876  */
3877 Datum
3878 has_server_privilege_name(PG_FUNCTION_ARGS)
3879 {
3880  text *servername = PG_GETARG_TEXT_PP(0);
3881  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3882  Oid roleid;
3883  Oid serverid;
3884  AclMode mode;
3885  AclResult aclresult;
3886 
3887  roleid = GetUserId();
3888  serverid = convert_server_name(servername);
3889  mode = convert_server_priv_string(priv_type_text);
3890 
3891  aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
3892 
3893  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3894 }
3895 
3896 /*
3897  * has_server_privilege_name_id
3898  * Check user privileges on a foreign server given
3899  * name usename, foreign server oid, and text priv name.
3900  */
3901 Datum
3902 has_server_privilege_name_id(PG_FUNCTION_ARGS)
3903 {
3904  Name username = PG_GETARG_NAME(0);
3905  Oid serverid = PG_GETARG_OID(1);
3906  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3907  Oid roleid;
3908  AclMode mode;
3909  AclResult aclresult;
3910 
3911  roleid = get_role_oid_or_public(NameStr(*username));
3912  mode = convert_server_priv_string(priv_type_text);
3913 
3914  aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
3915 
3916  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3917 }
3918 
3919 /*
3920  * has_server_privilege_id
3921  * Check user privileges on a foreign server given
3922  * server oid, and text priv name.
3923  * current_user is assumed
3924  */
3925 Datum
3926 has_server_privilege_id(PG_FUNCTION_ARGS)
3927 {
3928  Oid serverid = PG_GETARG_OID(0);
3929  text *priv_type_text = PG_GETARG_TEXT_PP(1);
3930  Oid roleid;
3931  AclMode mode;
3932  AclResult aclresult;
3933 
3934  roleid = GetUserId();
3935  mode = convert_server_priv_string(priv_type_text);
3936 
3937  aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
3938 
3939  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3940 }
3941 
3942 /*
3943  * has_server_privilege_id_name
3944  * Check user privileges on a foreign server given
3945  * roleid, text servername, and text priv name.
3946  */
3947 Datum
3948 has_server_privilege_id_name(PG_FUNCTION_ARGS)
3949 {
3950  Oid roleid = PG_GETARG_OID(0);
3951  text *servername = PG_GETARG_TEXT_PP(1);
3952  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3953  Oid serverid;
3954  AclMode mode;
3955  AclResult aclresult;
3956 
3957  serverid = convert_server_name(servername);
3958  mode = convert_server_priv_string(priv_type_text);
3959 
3960  aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
3961 
3962  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3963 }
3964 
3965 /*
3966  * has_server_privilege_id_id
3967  * Check user privileges on a foreign server given
3968  * roleid, server oid, and text priv name.
3969  */
3970 Datum
3971 has_server_privilege_id_id(PG_FUNCTION_ARGS)
3972 {
3973  Oid roleid = PG_GETARG_OID(0);
3974  Oid serverid = PG_GETARG_OID(1);
3975  text *priv_type_text = PG_GETARG_TEXT_PP(2);
3976  AclMode mode;
3977  AclResult aclresult;
3978 
3979  mode = convert_server_priv_string(priv_type_text);
3980 
3981  aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
3982 
3983  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3984 }
3985 
3986 /*
3987  * Support routines for has_server_privilege family.
3988  */
3989 
3990 /*
3991  * Given a server name expressed as a string, look it up and return Oid
3992  */
3993 static Oid
3994 convert_server_name(text *servername)
3995 {
3996  char *serverstr = text_to_cstring(servername);
3997 
3998  return get_foreign_server_oid(serverstr, false);
3999 }
4000 
4001 /*
4002  * convert_server_priv_string
4003  * Convert text string to AclMode value.
4004  */
4005 static AclMode
4006 convert_server_priv_string(text *priv_type_text)
4007 {
4008  static const priv_map server_priv_map[] = {
4009  {"USAGE", ACL_USAGE},
4010  {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
4011  {NULL, 0}
4012  };
4013 
4014  return convert_any_priv_string(priv_type_text, server_priv_map);
4015 }
4016 
4017 
4018 /*
4019  * has_tablespace_privilege variants
4020  * These are all named "has_tablespace_privilege" at the SQL level.
4021  * They take various combinations of tablespace name, tablespace OID,
4022  * user name, user OID, or implicit user = current_user.
4023  *
4024  * The result is a boolean value: true if user has the indicated
4025  * privilege, false if not.
4026  */
4027 
4028 /*
4029  * has_tablespace_privilege_name_name
4030  * Check user privileges on a tablespace given
4031  * name username, text tablespacename, and text priv name.
4032  */
4033 Datum
4034 has_tablespace_privilege_name_name(PG_FUNCTION_ARGS)
4035 {
4036  Name username = PG_GETARG_NAME(0);
4037  text *tablespacename = PG_GETARG_TEXT_PP(1);
4038  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4039  Oid roleid;
4040  Oid tablespaceoid;
4041  AclMode mode;
4042  AclResult aclresult;
4043 
4044  roleid = get_role_oid_or_public(NameStr(*username));
4045  tablespaceoid = convert_tablespace_name(tablespacename);
4046  mode = convert_tablespace_priv_string(priv_type_text);
4047 
4048  aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4049 
4050  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4051 }
4052 
4053 /*
4054  * has_tablespace_privilege_name
4055  * Check user privileges on a tablespace given
4056  * text tablespacename and text priv name.
4057  * current_user is assumed
4058  */
4059 Datum
4060 has_tablespace_privilege_name(PG_FUNCTION_ARGS)
4061 {
4062  text *tablespacename = PG_GETARG_TEXT_PP(0);
4063  text *priv_type_text = PG_GETARG_TEXT_PP(1);
4064  Oid roleid;
4065  Oid tablespaceoid;
4066  AclMode mode;
4067  AclResult aclresult;
4068 
4069  roleid = GetUserId();
4070  tablespaceoid = convert_tablespace_name(tablespacename);
4071  mode = convert_tablespace_priv_string(priv_type_text);
4072 
4073  aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4074 
4075  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4076 }
4077 
4078 /*
4079  * has_tablespace_privilege_name_id
4080  * Check user privileges on a tablespace given
4081  * name usename, tablespace oid, and text priv name.
4082  */
4083 Datum
4084 has_tablespace_privilege_name_id(PG_FUNCTION_ARGS)
4085 {
4086  Name username = PG_GETARG_NAME(0);
4087  Oid tablespaceoid = PG_GETARG_OID(1);
4088  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4089  Oid roleid;
4090  AclMode mode;
4091  AclResult aclresult;
4092 
4093  roleid = get_role_oid_or_public(NameStr(*username));
4094  mode = convert_tablespace_priv_string(priv_type_text);
4095 
4096  aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4097 
4098  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4099 }
4100 
4101 /*
4102  * has_tablespace_privilege_id
4103  * Check user privileges on a tablespace given
4104  * tablespace oid, and text priv name.
4105  * current_user is assumed
4106  */
4107 Datum
4108 has_tablespace_privilege_id(PG_FUNCTION_ARGS)
4109 {
4110  Oid tablespaceoid = PG_GETARG_OID(0);
4111  text *priv_type_text = PG_GETARG_TEXT_PP(1);
4112  Oid roleid;
4113  AclMode mode;
4114  AclResult aclresult;
4115 
4116  roleid = GetUserId();
4117  mode = convert_tablespace_priv_string(priv_type_text);
4118 
4119  aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4120 
4121  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4122 }
4123 
4124 /*
4125  * has_tablespace_privilege_id_name
4126  * Check user privileges on a tablespace given
4127  * roleid, text tablespacename, and text priv name.
4128  */
4129 Datum
4130 has_tablespace_privilege_id_name(PG_FUNCTION_ARGS)
4131 {
4132  Oid roleid = PG_GETARG_OID(0);
4133  text *tablespacename = PG_GETARG_TEXT_PP(1);
4134  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4135  Oid tablespaceoid;
4136  AclMode mode;
4137  AclResult aclresult;
4138 
4139  tablespaceoid = convert_tablespace_name(tablespacename);
4140  mode = convert_tablespace_priv_string(priv_type_text);
4141 
4142  aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4143 
4144  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4145 }
4146 
4147 /*
4148  * has_tablespace_privilege_id_id
4149  * Check user privileges on a tablespace given
4150  * roleid, tablespace oid, and text priv name.
4151  */
4152 Datum
4153 has_tablespace_privilege_id_id(PG_FUNCTION_ARGS)
4154 {
4155  Oid roleid = PG_GETARG_OID(0);
4156  Oid tablespaceoid = PG_GETARG_OID(1);
4157  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4158  AclMode mode;
4159  AclResult aclresult;
4160 
4161  mode = convert_tablespace_priv_string(priv_type_text);
4162 
4163  aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4164 
4165  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4166 }
4167 
4168 /*
4169  * Support routines for has_tablespace_privilege family.
4170  */
4171 
4172 /*
4173  * Given a tablespace name expressed as a string, look it up and return Oid
4174  */
4175 static Oid
4176 convert_tablespace_name(text *tablespacename)
4177 {
4178  char *spcname = text_to_cstring(tablespacename);
4179 
4180  return get_tablespace_oid(spcname, false);
4181 }
4182 
4183 /*
4184  * convert_tablespace_priv_string
4185  * Convert text string to AclMode value.
4186  */
4187 static AclMode
4188 convert_tablespace_priv_string(text *priv_type_text)
4189 {
4190  static const priv_map tablespace_priv_map[] = {
4191  {"CREATE", ACL_CREATE},
4192  {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4193  {NULL, 0}
4194  };
4195 
4196  return convert_any_priv_string(priv_type_text, tablespace_priv_map);
4197 }
4198 
4199 /*
4200  * has_type_privilege variants
4201  * These are all named "has_type_privilege" at the SQL level.
4202  * They take various combinations of type name, type OID,
4203  * user name, user OID, or implicit user = current_user.
4204  *
4205  * The result is a boolean value: true if user has the indicated
4206  * privilege, false if not, or NULL if object doesn't exist.
4207  */
4208 
4209 /*
4210  * has_type_privilege_name_name
4211  * Check user privileges on a type given
4212  * name username, text typename, and text priv name.
4213  */
4214 Datum
4215 has_type_privilege_name_name(PG_FUNCTION_ARGS)
4216 {
4217  Name username = PG_GETARG_NAME(0);
4218  text *typename = PG_GETARG_TEXT_PP(1);
4219  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4220  Oid roleid;
4221  Oid typeoid;
4222  AclMode mode;
4223  AclResult aclresult;
4224 
4225  roleid = get_role_oid_or_public(NameStr(*username));
4226  typeoid = convert_type_name(typename);
4227  mode = convert_type_priv_string(priv_type_text);
4228 
4229  aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4230 
4231  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4232 }
4233 
4234 /*
4235  * has_type_privilege_name
4236  * Check user privileges on a type given
4237  * text typename and text priv name.
4238  * current_user is assumed
4239  */
4240 Datum
4241 has_type_privilege_name(PG_FUNCTION_ARGS)
4242 {
4243  text *typename = PG_GETARG_TEXT_PP(0);
4244  text *priv_type_text = PG_GETARG_TEXT_PP(1);
4245  Oid roleid;
4246  Oid typeoid;
4247  AclMode mode;
4248  AclResult aclresult;
4249 
4250  roleid = GetUserId();
4251  typeoid = convert_type_name(typename);
4252  mode = convert_type_priv_string(priv_type_text);
4253 
4254  aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4255 
4256  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4257 }
4258 
4259 /*
4260  * has_type_privilege_name_id
4261  * Check user privileges on a type given
4262  * name usename, type oid, and text priv name.
4263  */
4264 Datum
4265 has_type_privilege_name_id(PG_FUNCTION_ARGS)
4266 {
4267  Name username = PG_GETARG_NAME(0);
4268  Oid typeoid = PG_GETARG_OID(1);
4269  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4270  Oid roleid;
4271  AclMode mode;
4272  AclResult aclresult;
4273 
4274  roleid = get_role_oid_or_public(NameStr(*username));
4275  mode = convert_type_priv_string(priv_type_text);
4276 
4277  if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
4278  PG_RETURN_NULL();
4279 
4280  aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4281 
4282  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4283 }
4284 
4285 /*
4286  * has_type_privilege_id
4287  * Check user privileges on a type given
4288  * type oid, and text priv name.
4289  * current_user is assumed
4290  */
4291 Datum
4292 has_type_privilege_id(PG_FUNCTION_ARGS)
4293 {
4294  Oid typeoid = PG_GETARG_OID(0);
4295  text *priv_type_text = PG_GETARG_TEXT_PP(1);
4296  Oid roleid;
4297  AclMode mode;
4298  AclResult aclresult;
4299 
4300  roleid = GetUserId();
4301  mode = convert_type_priv_string(priv_type_text);
4302 
4303  if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
4304  PG_RETURN_NULL();
4305 
4306  aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4307 
4308  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4309 }
4310 
4311 /*
4312  * has_type_privilege_id_name
4313  * Check user privileges on a type given
4314  * roleid, text typename, and text priv name.
4315  */
4316 Datum
4317 has_type_privilege_id_name(PG_FUNCTION_ARGS)
4318 {
4319  Oid roleid = PG_GETARG_OID(0);
4320  text *typename = PG_GETARG_TEXT_PP(1);
4321  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4322  Oid typeoid;
4323  AclMode mode;
4324  AclResult aclresult;
4325 
4326  typeoid = convert_type_name(typename);
4327  mode = convert_type_priv_string(priv_type_text);
4328 
4329  aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4330 
4331  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4332 }
4333 
4334 /*
4335  * has_type_privilege_id_id
4336  * Check user privileges on a type given
4337  * roleid, type oid, and text priv name.
4338  */
4339 Datum
4340 has_type_privilege_id_id(PG_FUNCTION_ARGS)
4341 {
4342  Oid roleid = PG_GETARG_OID(0);
4343  Oid typeoid = PG_GETARG_OID(1);
4344  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4345  AclMode mode;
4346  AclResult aclresult;
4347 
4348  mode = convert_type_priv_string(priv_type_text);
4349 
4350  if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
4351  PG_RETURN_NULL();
4352 
4353  aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4354 
4355  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4356 }
4357 
4358 /*
4359  * Support routines for has_type_privilege family.
4360  */
4361 
4362 /*
4363  * Given a type name expressed as a string, look it up and return Oid
4364  */
4365 static Oid
4366 convert_type_name(text *typename)
4367 {
4368  char *typname = text_to_cstring(typename);
4369  Oid oid;
4370 
4371  oid = DatumGetObjectId(DirectFunctionCall1(regtypein,
4372  CStringGetDatum(typname)));
4373 
4374  if (!OidIsValid(oid))
4375  ereport(ERROR,
4376  (errcode(ERRCODE_UNDEFINED_OBJECT),
4377  errmsg("type \"%s\" does not exist", typname)));
4378 
4379  return oid;
4380 }
4381 
4382 /*
4383  * convert_type_priv_string
4384  * Convert text string to AclMode value.
4385  */
4386 static AclMode
4387 convert_type_priv_string(text *priv_type_text)
4388 {
4389  static const priv_map type_priv_map[] = {
4390  {"USAGE", ACL_USAGE},
4391  {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
4392  {NULL, 0}
4393  };
4394 
4395  return convert_any_priv_string(priv_type_text, type_priv_map);
4396 }
4397 
4398 
4399 /*
4400  * pg_has_role variants
4401  * These are all named "pg_has_role" at the SQL level.
4402  * They take various combinations of role name, role OID,
4403  * user name, user OID, or implicit user = current_user.
4404  *
4405  * The result is a boolean value: true if user has the indicated
4406  * privilege, false if not.
4407  */
4408 
4409 /*
4410  * pg_has_role_name_name
4411  * Check user privileges on a role given
4412  * name username, name rolename, and text priv name.
4413  */
4414 Datum
4415 pg_has_role_name_name(PG_FUNCTION_ARGS)
4416 {
4417  Name username = PG_GETARG_NAME(0);
4418  Name rolename = PG_GETARG_NAME(1);
4419  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4420  Oid roleid;
4421  Oid roleoid;
4422  AclMode mode;
4423  AclResult aclresult;
4424 
4425  roleid = get_role_oid(NameStr(*username), false);
4426  roleoid = get_role_oid(NameStr(*rolename), false);
4427  mode = convert_role_priv_string(priv_type_text);
4428 
4429  aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4430 
4431  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4432 }
4433 
4434 /*
4435  * pg_has_role_name
4436  * Check user privileges on a role given
4437  * name rolename and text priv name.
4438  * current_user is assumed
4439  */
4440 Datum
4441 pg_has_role_name(PG_FUNCTION_ARGS)
4442 {
4443  Name rolename = PG_GETARG_NAME(0);
4444  text *priv_type_text = PG_GETARG_TEXT_PP(1);
4445  Oid roleid;
4446  Oid roleoid;
4447  AclMode mode;
4448  AclResult aclresult;
4449 
4450  roleid = GetUserId();
4451  roleoid = get_role_oid(NameStr(*rolename), false);
4452  mode = convert_role_priv_string(priv_type_text);
4453 
4454  aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4455 
4456  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4457 }
4458 
4459 /*
4460  * pg_has_role_name_id
4461  * Check user privileges on a role given
4462  * name usename, role oid, and text priv name.
4463  */
4464 Datum
4465 pg_has_role_name_id(PG_FUNCTION_ARGS)
4466 {
4467  Name username = PG_GETARG_NAME(0);
4468  Oid roleoid = PG_GETARG_OID(1);
4469  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4470  Oid roleid;
4471  AclMode mode;
4472  AclResult aclresult;
4473 
4474  roleid = get_role_oid(NameStr(*username), false);
4475  mode = convert_role_priv_string(priv_type_text);
4476 
4477  aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4478 
4479  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4480 }
4481 
4482 /*
4483  * pg_has_role_id
4484  * Check user privileges on a role given
4485  * role oid, and text priv name.
4486  * current_user is assumed
4487  */
4488 Datum
4489 pg_has_role_id(PG_FUNCTION_ARGS)
4490 {
4491  Oid roleoid = PG_GETARG_OID(0);
4492  text *priv_type_text = PG_GETARG_TEXT_PP(1);
4493  Oid roleid;
4494  AclMode mode;
4495  AclResult aclresult;
4496 
4497  roleid = GetUserId();
4498  mode = convert_role_priv_string(priv_type_text);
4499 
4500  aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4501 
4502  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4503 }
4504 
4505 /*
4506  * pg_has_role_id_name
4507  * Check user privileges on a role given
4508  * roleid, name rolename, and text priv name.
4509  */
4510 Datum
4511 pg_has_role_id_name(PG_FUNCTION_ARGS)
4512 {
4513  Oid roleid = PG_GETARG_OID(0);
4514  Name rolename = PG_GETARG_NAME(1);
4515  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4516  Oid roleoid;
4517  AclMode mode;
4518  AclResult aclresult;
4519 
4520  roleoid = get_role_oid(NameStr(*rolename), false);
4521  mode = convert_role_priv_string(priv_type_text);
4522 
4523  aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4524 
4525  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4526 }
4527 
4528 /*
4529  * pg_has_role_id_id
4530  * Check user privileges on a role given
4531  * roleid, role oid, and text priv name.
4532  */
4533 Datum
4534 pg_has_role_id_id(PG_FUNCTION_ARGS)
4535 {
4536  Oid roleid = PG_GETARG_OID(0);
4537  Oid roleoid = PG_GETARG_OID(1);
4538  text *priv_type_text = PG_GETARG_TEXT_PP(2);
4539  AclMode mode;
4540  AclResult aclresult;
4541 
4542  mode = convert_role_priv_string(priv_type_text);
4543 
4544  aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4545 
4546  PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4547 }
4548 
4549 /*
4550  * Support routines for pg_has_role family.
4551  */
4552 
4553 /*
4554  * convert_role_priv_string
4555  * Convert text string to AclMode value.
4556  *
4557  * We use USAGE to denote whether the privileges of the role are accessible
4558  * (has_privs), MEMBER to denote is_member, and MEMBER WITH GRANT OPTION
4559  * (or ADMIN OPTION) to denote is_admin. There is no ACL bit corresponding
4560  * to MEMBER so we cheat and use ACL_CREATE for that. This convention
4561  * is shared only with pg_role_aclcheck, below.
4562  */
4563 static AclMode
4564 convert_role_priv_string(text *priv_type_text)
4565 {
4566  static const priv_map role_priv_map[] = {
4567  {"USAGE", ACL_USAGE},
4568  {"MEMBER", ACL_CREATE},
4569  {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4570  {"USAGE WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4571  {"MEMBER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4572  {"MEMBER WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4573  {NULL, 0}
4574  };
4575 
4576  return convert_any_priv_string(priv_type_text, role_priv_map);
4577 }
4578 
4579 /*
4580  * pg_role_aclcheck
4581  * Quick-and-dirty support for pg_has_role
4582  */
4583 static AclResult
4584 pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode)
4585 {
4586  if (mode & ACL_GRANT_OPTION_FOR(ACL_CREATE))
4587  {
4588  /*
4589  * XXX For roleid == role_oid, is_admin_of_role() also examines the
4590  * session and call stack. That suits two-argument pg_has_role(), but
4591  * it gives the three-argument version a lamentable whimsy.
4592  */
4593  if (is_admin_of_role(roleid, role_oid))
4594  return ACLCHECK_OK;
4595  }
4596  if (mode & ACL_CREATE)
4597  {
4598  if (is_member_of_role(roleid, role_oid))
4599  return ACLCHECK_OK;
4600  }
4601  if (mode & ACL_USAGE)
4602  {
4603  if (has_privs_of_role(roleid, role_oid))
4604  return ACLCHECK_OK;
4605  }
4606  return ACLCHECK_NO_PRIV;
4607 }
4608 
4609 
4610 /*
4611  * initialization function (called by InitPostgres)
4612  */
4613 void
4614 initialize_acl(void)
4615 {
4616  if (!IsBootstrapProcessingMode())
4617  {
4618  /*
4619  * In normal mode, set a callback on any syscache invalidation of
4620  * pg_auth_members rows
4621  */
4622  CacheRegisterSyscacheCallback(AUTHMEMROLEMEM,
4623  RoleMembershipCacheCallback,
4624  (Datum) 0);
4625  }
4626 }
4627 
4628 /*
4629  * RoleMembershipCacheCallback
4630  * Syscache inval callback function
4631  */
4632 static void
4633 RoleMembershipCacheCallback(Datum arg, int cacheid, uint32 hashvalue)
4634 {
4635  /* Force membership caches to be recomputed on next use */
4636  cached_privs_role = InvalidOid;
4637  cached_member_role = InvalidOid;
4638 }
4639 
4640 
4641 /* Check if specified role has rolinherit set */
4642 static bool
4643 has_rolinherit(Oid roleid)
4644 {
4645  bool result = false;
4646  HeapTuple utup;
4647 
4648  utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
4649  if (HeapTupleIsValid(utup))
4650  {
4651  result = ((Form_pg_authid) GETSTRUCT(utup))->rolinherit;
4652  ReleaseSysCache(utup);
4653  }
4654  return result;
4655 }
4656 
4657 
4658 /*
4659  * Get a list of roles that the specified roleid has the privileges of
4660  *
4661  * This is defined not to recurse through roles that don't have rolinherit
4662  * set; for such roles, membership implies the ability to do SET ROLE, but
4663  * the privileges are not available until you've done so.
4664  *
4665  * Since indirect membership testing is relatively expensive, we cache
4666  * a list of memberships. Hence, the result is only guaranteed good until
4667  * the next call of roles_has_privs_of()!
4668  *
4669  * For the benefit of select_best_grantor, the result is defined to be
4670  * in breadth-first order, ie, closer relationships earlier.
4671  */
4672 static List *
4673 roles_has_privs_of(Oid roleid)
4674 {
4675  List *roles_list;
4676  ListCell *l;
4677  List *new_cached_privs_roles;
4678  MemoryContext oldctx;
4679 
4680  /* If cache is already valid, just return the list */
4681  if (OidIsValid(cached_privs_role) && cached_privs_role == roleid)
4682  return cached_privs_roles;
4683 
4684  /*
4685  * Find all the roles that roleid is a member of, including multi-level
4686  * recursion. The role itself will always be the first element of the
4687  * resulting list.
4688  *
4689  * Each element of the list is scanned to see if it adds any indirect
4690  * memberships. We can use a single list as both the record of
4691  * already-found memberships and the agenda of roles yet to be scanned.
4692  * This is a bit tricky but works because the foreach() macro doesn't
4693  * fetch the next list element until the bottom of the loop.
4694  */
4695  roles_list = list_make1_oid(roleid);
4696 
4697  foreach(l, roles_list)
4698  {
4699  Oid memberid = lfirst_oid(l);
4700  CatCList *memlist;
4701  int i;
4702 
4703  /* Ignore non-inheriting roles */
4704  if (!has_rolinherit(memberid))
4705  continue;
4706 
4707  /* Find roles that memberid is directly a member of */
4708  memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
4709  ObjectIdGetDatum(memberid));
4710  for (i = 0; i < memlist->n_members; i++)
4711  {
4712  HeapTuple tup = &memlist->members[i]->tuple;
4713  Oid otherid = ((Form_pg_auth_members) GETSTRUCT(tup))->roleid;
4714 
4715  /*
4716  * Even though there shouldn't be any loops in the membership
4717  * graph, we must test for having already seen this role. It is
4718  * legal for instance to have both A->B and A->C->B.
4719  */
4720  roles_list = list_append_unique_oid(roles_list, otherid);
4721  }
4722  ReleaseSysCacheList(memlist);
4723  }
4724 
4725  /*
4726  * Copy the completed list into TopMemoryContext so it will persist.
4727  */
4728  oldctx = MemoryContextSwitchTo(TopMemoryContext);
4729  new_cached_privs_roles = list_copy(roles_list);
4730  MemoryContextSwitchTo(oldctx);
4731  list_free(roles_list);
4732 
4733  /*
4734  * Now safe to assign to state variable
4735  */
4736  cached_privs_role = InvalidOid; /* just paranoia */
4737  list_free(cached_privs_roles);
4738  cached_privs_roles = new_cached_privs_roles;
4739  cached_privs_role = roleid;
4740 
4741  /* And now we can return the answer */
4742  return cached_privs_roles;
4743 }
4744 
4745 
4746 /*
4747  * Get a list of roles that the specified roleid is a member of
4748  *
4749  * This is defined to recurse through roles regardless of rolinherit.
4750  *
4751  * Since indirect membership testing is relatively expensive, we cache
4752  * a list of memberships. Hence, the result is only guaranteed good until
4753  * the next call of roles_is_member_of()!
4754  */
4755 static List *
4756 roles_is_member_of(Oid roleid)
4757 {
4758  List *roles_list;
4759  ListCell *l;
4760  List *new_cached_membership_roles;
4761  MemoryContext oldctx;
4762 
4763  /* If cache is already valid, just return the list */
4764  if (OidIsValid(cached_member_role) && cached_member_role == roleid)
4765  return cached_membership_roles;
4766 
4767  /*
4768  * Find all the roles that roleid is a member of, including multi-level
4769  * recursion. The role itself will always be the first element of the
4770  * resulting list.
4771  *
4772  * Each element of the list is scanned to see if it adds any indirect
4773  * memberships. We can use a single list as both the record of
4774  * already-found memberships and the agenda of roles yet to be scanned.
4775  * This is a bit tricky but works because the foreach() macro doesn't
4776  * fetch the next list element until the bottom of the loop.
4777  */
4778  roles_list = list_make1_oid(roleid);
4779 
4780  foreach(l, roles_list)
4781  {
4782  Oid memberid = lfirst_oid(l);
4783  CatCList *memlist;
4784  int i;
4785 
4786  /* Find roles that memberid is directly a member of */
4787  memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
4788  ObjectIdGetDatum(memberid));
4789  for (i = 0; i < memlist->n_members; i++)
4790  {
4791  HeapTuple tup = &memlist->members[i]->tuple;
4792  Oid otherid = ((Form_pg_auth_members) GETSTRUCT(tup))->roleid;
4793 
4794  /*
4795  * Even though there shouldn't be any loops in the membership
4796  * graph, we must test for having already seen this role. It is
4797  * legal for instance to have both A->B and A->C->B.
4798  */
4799  roles_list = list_append_unique_oid(roles_list, otherid);
4800  }
4801  ReleaseSysCacheList(memlist);
4802  }
4803 
4804  /*
4805  * Copy the completed list into TopMemoryContext so it will persist.
4806  */
4807  oldctx = MemoryContextSwitchTo(TopMemoryContext);
4808  new_cached_membership_roles = list_copy(roles_list);
4809  MemoryContextSwitchTo(oldctx);
4810  list_free(roles_list);
4811 
4812  /*
4813  * Now safe to assign to state variable
4814  */
4815  cached_member_role = InvalidOid; /* just paranoia */
4816  list_free(cached_membership_roles);
4817  cached_membership_roles = new_cached_membership_roles;
4818  cached_member_role = roleid;
4819 
4820  /* And now we can return the answer */
4821  return cached_membership_roles;
4822 }
4823 
4824 
4825 /*
4826  * Does member have the privileges of role (directly or indirectly)?
4827  *
4828  * This is defined not to recurse through roles that don't have rolinherit
4829  * set; for such roles, membership implies the ability to do SET ROLE, but
4830  * the privileges are not available until you've done so.
4831  */
4832 bool
4833 has_privs_of_role(Oid member, Oid role)
4834 {
4835  /* Fast path for simple case */
4836  if (member == role)
4837  return true;
4838 
4839  /* Superusers have every privilege, so are part of every role */
4840  if (superuser_arg(member))
4841  return true;
4842 
4843  /*
4844  * Find all the roles that member has the privileges of, including
4845  * multi-level recursion, then see if target role is any one of them.
4846  */
4847  return list_member_oid(roles_has_privs_of(member), role);
4848 }
4849 
4850 
4851 /*
4852  * Is member a member of role (directly or indirectly)?
4853  *
4854  * This is defined to recurse through roles regardless of rolinherit.
4855  */
4856 bool
4857 is_member_of_role(Oid member, Oid role)
4858 {
4859  /* Fast path for simple case */
4860  if (member == role)
4861  return true;
4862 
4863  /* Superusers have every privilege, so are part of every role */
4864  if (superuser_arg(member))
4865  return true;
4866 
4867  /*
4868  * Find all the roles that member is a member of, including multi-level
4869  * recursion, then see if target role is any one of them.
4870  */
4871  return list_member_oid(roles_is_member_of(member), role);
4872 }
4873 
4874 /*
4875  * check_is_member_of_role
4876  * is_member_of_role with a standard permission-violation error if not
4877  */
4878 void
4879 check_is_member_of_role(Oid member, Oid role)
4880 {
4881  if (!is_member_of_role(member, role))
4882  ereport(ERROR,
4883  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
4884  errmsg("must be member of role \"%s\"",
4885  GetUserNameFromId(role, false))));
4886 }
4887 
4888 /*
4889  * Is member a member of role, not considering superuserness?
4890  *
4891  * This is identical to is_member_of_role except we ignore superuser
4892  * status.
4893  */
4894 bool
4895 is_member_of_role_nosuper(Oid member, Oid role)
4896 {
4897  /* Fast path for simple case */
4898  if (member == role)
4899  return true;
4900 
4901  /*
4902  * Find all the roles that member is a member of, including multi-level
4903  * recursion, then see if target role is any one of them.
4904  */
4905  return list_member_oid(roles_is_member_of(member), role);
4906 }
4907 
4908 
4909 /*
4910  * Is member an admin of role? That is, is member the role itself (subject to
4911  * restrictions below), a member (directly or indirectly) WITH ADMIN OPTION,
4912  * or a superuser?
4913  */
4914 bool
4915 is_admin_of_role(Oid member, Oid role)
4916 {
4917  bool result = false;
4918  List *roles_list;
4919  ListCell *l;
4920 
4921  if (superuser_arg(member))
4922  return true;
4923 
4924  if (member == role)
4925 
4926  /*
4927  * A role can admin itself when it matches the session user and we're
4928  * outside any security-restricted operation, SECURITY DEFINER or
4929  * similar context. SQL-standard roles cannot self-admin. However,
4930  * SQL-standard users are distinct from roles, and they are not
4931  * grantable like roles: PostgreSQL's role-user duality extends the
4932  * standard. Checking for a session user match has the effect of
4933  * letting a role self-admin only when it's conspicuously behaving
4934  * like a user. Note that allowing self-admin under a mere SET ROLE
4935  * would make WITH ADMIN OPTION largely irrelevant; any member could
4936  * SET ROLE to issue the otherwise-forbidden command.
4937  *
4938  * Withholding self-admin in a security-restricted operation prevents
4939  * object owners from harnessing the session user identity during
4940  * administrative maintenance. Suppose Alice owns a database, has
4941  * issued "GRANT alice TO bob", and runs a daily ANALYZE. Bob creates
4942  * an alice-owned SECURITY DEFINER function that issues "REVOKE alice
4943  * FROM carol". If he creates an expression index calling that
4944  * function, Alice will attempt the REVOKE during each ANALYZE.
4945  * Checking InSecurityRestrictedOperation() thwarts that attack.
4946  *
4947  * Withholding self-admin in SECURITY DEFINER functions makes their
4948  * behavior independent of the calling user. There's no security or
4949  * SQL-standard-conformance need for that restriction, though.
4950  *
4951  * A role cannot have actual WITH ADMIN OPTION on itself, because that
4952  * would imply a membership loop. Therefore, we're done either way.
4953  */
4954  return member == GetSessionUserId() &&
4955  !InLocalUserIdChange() && !InSecurityRestrictedOperation();
4956 
4957  /*
4958  * Find all the roles that member is a member of, including multi-level
4959  * recursion. We build a list in the same way that is_member_of_role does
4960  * to track visited and unvisited roles.
4961  */
4962  roles_list = list_make1_oid(member);
4963 
4964  foreach(l, roles_list)
4965  {
4966  Oid memberid = lfirst_oid(l);
4967  CatCList *memlist;
4968  int i;
4969 
4970  /* Find roles that memberid is directly a member of */
4971  memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
4972  ObjectIdGetDatum(memberid));
4973  for (i = 0; i < memlist->n_members; i++)
4974  {
4975  HeapTuple tup = &memlist->members[i]->tuple;
4976  Oid otherid = ((Form_pg_auth_members) GETSTRUCT(tup))->roleid;
4977 
4978  if (otherid == role &&
4979  ((Form_pg_auth_members) GETSTRUCT(tup))->admin_option)
4980  {
4981  /* Found what we came for, so can stop searching */
4982  result = true;
4983  break;
4984  }
4985 
4986  roles_list = list_append_unique_oid(roles_list, otherid);
4987  }
4988  ReleaseSysCacheList(memlist);
4989  if (result)
4990  break;
4991  }
4992 
4993  list_free(roles_list);
4994 
4995  return result;
4996 }
4997 
4998 
4999 /* does what it says ... */
5000 static int
5001 count_one_bits(AclMode mask)
5002 {
5003  int nbits = 0;
5004 
5005  /* this code relies on AclMode being an unsigned type */
5006  while (mask)
5007  {
5008  if (mask & 1)
5009  nbits++;
5010  mask >>= 1;
5011  }
5012  return nbits;
5013 }
5014 
5015 
5016 /*
5017  * Select the effective grantor ID for a GRANT or REVOKE operation.
5018  *
5019  * The grantor must always be either the object owner or some role that has
5020  * been explicitly granted grant options. This ensures that all granted
5021  * privileges appear to flow from the object owner, and there are never
5022  * multiple "original sources" of a privilege. Therefore, if the would-be
5023  * grantor is a member of a role that has the needed grant options, we have
5024  * to do the grant as that role instead.
5025  *
5026  * It is possible that the would-be grantor is a member of several roles
5027  * that have different subsets of the desired grant options, but no one
5028  * role has 'em all. In this case we pick a role with the largest number
5029  * of desired options. Ties are broken in favor of closer ancestors.
5030  *
5031  * roleId: the role attempting to do the GRANT/REVOKE
5032  * privileges: the privileges to be granted/revoked
5033  * acl: the ACL of the object in question
5034  * ownerId: the role owning the object in question
5035  * *grantorId: receives the OID of the role to do the grant as
5036  * *grantOptions: receives the grant options actually held by grantorId
5037  *
5038  * If no grant options exist, we set grantorId to roleId, grantOptions to 0.
5039  */
5040 void
5041 select_best_grantor(Oid roleId, AclMode privileges,
5042  const Acl *acl, Oid ownerId,
5043  Oid *grantorId, AclMode *grantOptions)
5044 {
5045  AclMode needed_goptions = ACL_GRANT_OPTION_FOR(privileges);
5046  List *roles_list;
5047  int nrights;
5048  ListCell *l;
5049 
5050  /*
5051  * The object owner is always treated as having all grant options, so if
5052  * roleId is the owner it's easy. Also, if roleId is a superuser it's
5053  * easy: superusers are implicitly members of every role, so they act as
5054  * the object owner.
5055  */
5056  if (roleId == ownerId || superuser_arg(roleId))
5057  {
5058  *grantorId = ownerId;
5059  *grantOptions = needed_goptions;
5060  return;
5061  }
5062 
5063  /*
5064  * Otherwise we have to do a careful search to see if roleId has the
5065  * privileges of any suitable role. Note: we can hang onto the result of
5066  * roles_has_privs_of() throughout this loop, because aclmask_direct()
5067  * doesn't query any role memberships.
5068  */
5069  roles_list = roles_has_privs_of(roleId);
5070 
5071  /* initialize candidate result as default */
5072  *grantorId = roleId;
5073  *grantOptions = ACL_NO_RIGHTS;
5074  nrights = 0;
5075 
5076  foreach(l, roles_list)
5077  {
5078  Oid otherrole = lfirst_oid(l);
5079  AclMode otherprivs;
5080 
5081  otherprivs = aclmask_direct(acl, otherrole, ownerId,
5082  needed_goptions, ACLMASK_ALL);
5083  if (otherprivs == needed_goptions)
5084  {
5085  /* Found a suitable grantor */
5086  *grantorId = otherrole;
5087  *grantOptions = otherprivs;
5088  return;
5089  }
5090 
5091  /*
5092  * If it has just some of the needed privileges, remember best
5093  * candidate.
5094  */
5095  if (otherprivs != ACL_NO_RIGHTS)
5096  {
5097  int nnewrights = count_one_bits(otherprivs);
5098 
5099  if (nnewrights > nrights)
5100  {
5101  *grantorId = otherrole;
5102  *grantOptions = otherprivs;
5103  nrights = nnewrights;
5104  }
5105  }
5106  }
5107 }
5108 
5109 /*
5110  * get_role_oid - Given a role name, look up the role's OID.
5111  *
5112  * If missing_ok is false, throw an error if role name not found. If
5113  * true, just return InvalidOid.
5114  */
5115 Oid
5116 get_role_oid(const char *rolname, bool missing_ok)
5117 {
5118  Oid oid;
5119 
5120  oid = GetSysCacheOid1(AUTHNAME, CStringGetDatum(rolname));
5121  if (!OidIsValid(oid) && !missing_ok)
5122  ereport(ERROR,
5123  (errcode(ERRCODE_UNDEFINED_OBJECT),
5124  errmsg("role \"%s\" does not exist", rolname)));
5125  return oid;
5126 }
5127 
5128 /*
5129  * get_role_oid_or_public - As above, but return ACL_ID_PUBLIC if the
5130  * role name is "public".
5131  */
5132 Oid
5133 get_role_oid_or_public(const char *rolname)
5134 {
5135  if (strcmp(rolname, "public") == 0)
5136  return ACL_ID_PUBLIC;
5137 
5138  return get_role_oid(rolname, false);
5139 }
5140 
5141 /*
5142  * Given a RoleSpec node, return the OID it corresponds to. If missing_ok is
5143  * true, return InvalidOid if the role does not exist.
5144  *
5145  * PUBLIC is always disallowed here. Routines wanting to handle the PUBLIC
5146  * case must check the case separately.
5147  */
5148 Oid
5149 get_rolespec_oid(const RoleSpec *role, bool missing_ok)
5150 {
5151  Oid oid;
5152 
5153  switch (role->roletype)
5154  {
5155  case ROLESPEC_CSTRING:
5156  Assert(role->rolename);
5157  oid = get_role_oid(role->rolename, missing_ok);
5158  break;
5159 
5160  case ROLESPEC_CURRENT_USER:
5161  oid = GetUserId();
5162  break;
5163 
5164  case ROLESPEC_SESSION_USER:
5165  oid = GetSessionUserId();
5166  break;
5167 
5168  case ROLESPEC_PUBLIC:
5169  ereport(ERROR,
5170  (errcode(ERRCODE_UNDEFINED_OBJECT),
5171  errmsg("role \"%s\" does not exist", "public")));
5172  oid = InvalidOid; /* make compiler happy */
5173  break;
5174 
5175  default:
5176  elog(ERROR, "unexpected role type %d", role->roletype);
5177  }
5178 
5179  return oid;
5180 }
5181 
5182 /*
5183  * Given a RoleSpec node, return the pg_authid HeapTuple it corresponds to.
5184  * Caller must ReleaseSysCache when done with the result tuple.
5185  */
5186 HeapTuple
5187 get_rolespec_tuple(const RoleSpec *role)
5188 {
5189  HeapTuple tuple;
5190 
5191  switch (role->roletype)
5192  {
5193  case ROLESPEC_CSTRING:
5194  Assert(role->rolename);
5195  tuple = SearchSysCache1(AUTHNAME, CStringGetDatum(role->rolename));
5196  if (!HeapTupleIsValid(tuple))
5197  ereport(ERROR,
5198  (errcode(ERRCODE_UNDEFINED_OBJECT),
5199  errmsg("role \"%s\" does not exist", role->rolename)));
5200  break;
5201 
5202  case ROLESPEC_CURRENT_USER:
5203  tuple = SearchSysCache1(AUTHOID, GetUserId());
5204  if (!HeapTupleIsValid(tuple))
5205  elog(ERROR, "cache lookup failed for role %u", GetUserId());
5206  break;
5207 
5208  case ROLESPEC_SESSION_USER:
5209  tuple = SearchSysCache1(AUTHOID, GetSessionUserId());
5210  if (!HeapTupleIsValid(tuple))
5211  elog(ERROR, "cache lookup failed for role %u", GetSessionUserId());
5212  break;
5213 
5214  case ROLESPEC_PUBLIC:
5215  ereport(ERROR,
5216  (errcode(ERRCODE_UNDEFINED_OBJECT),
5217  errmsg("role \"%s\" does not exist", "public")));
5218  tuple = NULL; /* make compiler happy */
5219  break;
5220 
5221  default:
5222  elog(ERROR, "unexpected role type %d", role->roletype);
5223  }
5224 
5225  return tuple;
5226 }
5227 
5228 /*
5229  * Given a RoleSpec, returns a palloc'ed copy of the corresponding role's name.
5230  */
5231 char *
5232 get_rolespec_name(const RoleSpec *role)
5233 {
5234  HeapTuple tp;
5235  Form_pg_authid authForm;
5236  char *rolename;
5237 
5238  tp = get_rolespec_tuple(role);
5239  authForm = (Form_pg_authid) GETSTRUCT(tp);
5240  rolename = pstrdup(NameStr(authForm->rolname));
5241  ReleaseSysCache(tp);
5242 
5243  return rolename;
5244 }
5245 
5246 /*
5247  * Given a RoleSpec, throw an error if the name is reserved, using detail_msg,
5248  * if provided.
5249  *
5250  * If node is NULL, no error is thrown. If detail_msg is NULL then no detail
5251  * message is provided.
5252  */
5253 void
5254 check_rolespec_name(const RoleSpec *role, const char *detail_msg)
5255 {
5256  if (!role)
5257  return;
5258 
5259  if (role->roletype != ROLESPEC_CSTRING)
5260  return;
5261 
5262  if (IsReservedName(role->rolename))
5263  {
5264  if (detail_msg)
5265  ereport(ERROR,
5266  (errcode(ERRCODE_RESERVED_NAME),
5267  errmsg("role name \"%s\" is reserved",
5268  role->rolename),
5269  errdetail("%s", detail_msg)));
5270  else
5271  ereport(ERROR,
5272  (errcode(ERRCODE_RESERVED_NAME),
5273  errmsg("role name \"%s\" is reserved",
5274  role->rolename)));
5275  }
5276 }
remaining
int remaining
Definition: informix.c:692
InLocalUserIdChange
bool InLocalUserIdChange(void)
Definition: miscinit.c:502
AclItem::ai_grantee
Oid ai_grantee
Definition: acl.h:57
has_column_privilege_name_name_name
Datum has_column_privilege_name_name_name(PG_FUNCTION_ARGS)
Definition: acl.c:2514
putid
static void putid(char *p, const char *s)
Definition: acl.c:189
priv_map
Definition: acl.c:43
NIL
#define NIL
Definition: pg_list.h:69
ACL_MODECHG_EQL
#define ACL_MODECHG_EQL
Definition: acl.h:132
get_tablespace_oid
Oid get_tablespace_oid(const char *tablespacename, bool missing_ok)
Definition: tablespace.c:1382
has_column_privilege_id_id_attnum
Datum has_column_privilege_id_id_attnum(PG_FUNCTION_ARGS)
Definition: acl.c:2699
convert_aclright_to_string
static const char * convert_aclright_to_string(int aclright)
Definition: acl.c:1696
ACL_INSERT_CHR
#define ACL_INSERT_CHR
Definition: acl.h:138
ACL_ALL_RIGHTS_FUNCTION
#define ACL_ALL_RIGHTS_FUNCTION
Definition: acl.h:163
has_any_column_privilege_name
Datum has_any_column_privilege_name(PG_FUNCTION_ARGS)
Definition: acl.c:2304
convert_language_name
static Oid convert_language_name(text *languagename)
Definition: acl.c:3619
has_tablespace_privilege_name_id
Datum has_tablespace_privilege_name_id(PG_FUNCTION_ARGS)
Definition: acl.c:4084
has_column_privilege_name_name_attnum
Datum has_column_privilege_name_name_attnum(PG_FUNCTION_ARGS)
Definition: acl.c:2543
cached_member_role
static Oid cached_member_role
Definition: acl.c:77
has_foreign_data_wrapper_privilege_id_name
Datum has_foreign_data_wrapper_privilege_id_name(PG_FUNCTION_ARGS)
Definition: acl.c:3182
catclist::n_members
int n_members
Definition: catcache.h:176
has_database_privilege_name_id
Datum has_database_privilege_name_id(PG_FUNCTION_ARGS)
Definition: acl.c:2938
pg_tablespace_aclcheck
AclResult pg_tablespace_aclcheck(Oid spc_oid, Oid roleid, AclMode mode)
Definition: aclchk.c:4701
has_server_privilege_name_name
Datum has_server_privilege_name_name(PG_FUNCTION_ARGS)
Definition: acl.c:3852
get_namespace_oid
Oid get_namespace_oid(const char *nspname, bool missing_ok)
Definition: namespace.c:3024
ACLITEM_GET_GOPTIONS
#define ACLITEM_GET_GOPTIONS(item)
Definition: acl.h:68
has_function_privilege_name
Datum has_function_privilege_name(PG_FUNCTION_ARGS)
Definition: acl.c:3294
errhint
int errhint(const char *fmt,...)
Definition: elog.c:987
list_append_unique_oid
List * list_append_unique_oid(List *list, Oid datum)
Definition: list.c:999
has_sequence_privilege_id_name
Datum has_sequence_privilege_id_name(PG_FUNCTION_ARGS)
Definition: acl.c:2184
GETSTRUCT
#define GETSTRUCT(TUP)
Definition: htup_details.h:668
has_schema_privilege_name_name
Datum has_schema_privilege_name_name(PG_FUNCTION_ARGS)
Definition: acl.c:3659
PG_RETURN_ACL_P
#define PG_RETURN_ACL_P(x)
Definition: acl.h:125
has_sequence_privilege_name_name
Datum has_sequence_privilege_name_name(PG_FUNCTION_ARGS)
Definition: acl.c:2060
convert_column_name
static AttrNumber convert_column_name(Oid tableoid, text *column)
Definition: acl.c:2833
aclcontains
Datum aclcontains(PG_FUNCTION_ARGS)
Definition: acl.c:1553
has_database_privilege_name
Datum has_database_privilege_name(PG_FUNCTION_ARGS)
Definition: acl.c:2914
convert_schema_name
static Oid convert_schema_name(text *schemaname)
Definition: acl.c:3810
pg_attribute_aclcheck
AclResult pg_attribute_aclcheck(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode)
Definition: aclchk.c:4513
pg_role_aclcheck
static AclResult pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode)
Definition: acl.c:4584
GetUserId
Oid GetUserId(void)
Definition: miscinit.c:379
aclexplode
Datum aclexplode(PG_FUNCTION_ARGS)
Definition: acl.c:1746
has_type_privilege_id
Datum has_type_privilege_id(PG_FUNCTION_ARGS)
Definition: acl.c:4292
ACL_CONNECT_CHR
#define ACL_CONNECT_CHR
Definition: acl.h:149
ACLITEM_ALL_GOPTION_BITS
#define ACLITEM_ALL_GOPTION_BITS
Definition: acl.h:89
SRF_IS_FIRSTCALL
#define SRF_IS_FIRSTCALL()
Definition: funcapi.h:294
RangeVarGetRelid
#define RangeVarGetRelid(relation, lockmode, missing_ok)
Definition: namespace.h:63
hash_uint32_extended
Datum hash_uint32_extended(uint32 k, uint64 seed)
Definition: hashfunc.c:914
get_rel_relkind
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:1805
UInt64GetDatum
#define UInt64GetDatum(X)
Definition: postgres.h:633
hash_aclitem_extended
Datum hash_aclitem_extended(PG_FUNCTION_ARGS)
Definition: acl.c:727
DatumGetObjectId
#define DatumGetObjectId(X)
Definition: postgres.h:485
pstrdup
char * pstrdup(const char *in)
Definition: mcxt.c:1161
pg_has_role_name
Datum pg_has_role_name(PG_FUNCTION_ARGS)
Definition: acl.c:4441
pg_foreign_data_wrapper_aclcheck
AclResult pg_foreign_data_wrapper_aclcheck(Oid fdw_oid, Oid roleid, AclMode mode)
Definition: aclchk.c:4714
convert_function_priv_string
static AclMode convert_function_priv_string(text *priv_type_text)
Definition: acl.c:3440
ArrayType::dataoffset
int32 dataoffset
Definition: array.h:84
allocacl
static Acl * allocacl(int n)
Definition: acl.c:376
has_privs_of_role
bool has_privs_of_role(Oid member, Oid role)
Definition: acl.c:4833
convert_foreign_data_wrapper_name
static Oid convert_foreign_data_wrapper_name(text *fdwname)
Definition: acl.c:3228
ACL_MODECHG_DEL
#define ACL_MODECHG_DEL
Definition: acl.h:131
aclmask
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Definition: acl.c:1321
MemoryContextSwitchTo
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:109
get_language_oid
Oid get_language_oid(const char *langname, bool missing_ok)
Definition: proclang.c:549
Int16GetDatum
#define Int16GetDatum(X)
Definition: postgres.h:436
is_admin_of_role
bool is_admin_of_role(Oid member, Oid role)
Definition: acl.c:4915
ACL_DELETE_CHR
#define ACL_DELETE_CHR
Definition: acl.h:141
has_rolinherit
static bool has_rolinherit(Oid roleid)
Definition: acl.c:4643
aclinsert
Datum aclinsert(PG_FUNCTION_ARGS)
Definition: acl.c:1533
list_copy
List * list_copy(const List *oldlist)
Definition: list.c:1160
ACL_SIZE
#define ACL_SIZE(ACL)
Definition: acl.h:112
get_role_oid_or_public
Oid get_role_oid_or_public(const char *rolname)
Definition: acl.c:5133
errcode
int errcode(int sqlerrcode)
Definition: elog.c:575
acldefault
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:748
MemSet
#define MemSet(start, val, len)
Definition: c.h:908
ACL_DELETE
#define ACL_DELETE
Definition: parsenodes.h:77
has_function_privilege_id_name
Datum has_function_privilege_id_name(PG_FUNCTION_ARGS)
Definition: acl.c:3370
aclitemin
Datum aclitemin(PG_FUNCTION_ARGS)
Definition: acl.c:565
idx
Datum idx(PG_FUNCTION_ARGS)
Definition: _int_op.c:264
ACL_ALL_RIGHTS_TABLESPACE
#define ACL_ALL_RIGHTS_TABLESPACE
Definition: acl.h:167
convert_tablespace_name
static Oid convert_tablespace_name(text *tablespacename)
Definition: acl.c:4176
PG_GETARG_ACLITEM_P
#define PG_GETARG_ACLITEM_P(n)
Definition: acl.h:118
makeRangeVarFromNameList
RangeVar * makeRangeVarFromNameList(List *names)
Definition: namespace.c:3042
heap_form_tuple
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, Datum *values, bool *isnull)
Definition: heaptuple.c:1074
DirectFunctionCall1
#define DirectFunctionCall1(func, arg1)
Definition: fmgr.h:590
PG_GETARG_BOOL
#define PG_GETARG_BOOL(n)
Definition: fmgr.h:244
has_table_privilege_name_id
Datum has_table_privilege_name_id(PG_FUNCTION_ARGS)
Definition: acl.c:1902
pg_strcasecmp
int pg_strcasecmp(const char *s1, const char *s2)
Definition: pgstrcasecmp.c:36
initialize_acl
void initialize_acl(void)
Definition: acl.c:4614
LOG
#define LOG
Definition: elog.h:26
Oid
unsigned int Oid
Definition: postgres_ext.h:31
pg_type.h
IsReservedName
bool IsReservedName(const char *name)
Definition: catalog.c:194
pg_has_role_id
Datum pg_has_role_id(PG_FUNCTION_ARGS)
Definition: acl.c:4489
has_server_privilege_name_id
Datum has_server_privilege_name_id(PG_FUNCTION_ARGS)
Definition: acl.c:3902
aclequal
bool aclequal(const Acl *left_acl, const Acl *right_acl)
Definition: acl.c:509
priv_map::name
const char * name
Definition: acl.c:45
has_sequence_privilege_name
Datum has_sequence_privilege_name(PG_FUNCTION_ARGS)
Definition: acl.c:2091
has_type_privilege_name_id
Datum has_type_privilege_name_id(PG_FUNCTION_ARGS)
Definition: acl.c:4265
OidIsValid
#define OidIsValid(objectId)
Definition: c.h:605
has_server_privilege_id
Datum has_server_privilege_id(PG_FUNCTION_ARGS)
Definition: acl.c:3926
pg_namespace_aclcheck
AclResult pg_namespace_aclcheck(Oid nsp_oid, Oid roleid, AclMode mode)
Definition: aclchk.c:4689
SRF_PERCALL_SETUP
#define SRF_PERCALL_SETUP()
Definition: funcapi.h:298
make_empty_acl
Acl * make_empty_acl(void)
Definition: acl.c:398
has_function_privilege_name_id
Datum has_function_privilege_name_id(PG_FUNCTION_ARGS)
Definition: acl.c:3318
GetSessionUserId
Oid GetSessionUserId(void)
Definition: miscinit.c:413
pg_language_aclcheck
AclResult pg_language_aclcheck(Oid lang_oid, Oid roleid, AclMode mode)
Definition: aclchk.c:4663
has_any_column_privilege_id_id
Datum has_any_column_privilege_id_id(PG_FUNCTION_ARGS)
Definition: acl.c:2419
AclItem::ai_grantor
Oid ai_grantor
Definition: acl.h:58
relkind
char relkind
Definition: pg_class.h:51
FuncCallContext::tuple_desc
TupleDesc tuple_desc
Definition: funcapi.h:121
PG_RETURN_UINT32
#define PG_RETURN_UINT32(x)
Definition: fmgr.h:320
convert_any_priv_string
static AclMode convert_any_priv_string(text *priv_type_text, const priv_map *privileges)
Definition: acl.c:1648
has_any_column_privilege_name_name
Datum has_any_column_privilege_name_name(PG_FUNCTION_ARGS)
Definition: acl.c:2274
pg_has_role_name_name
Datum pg_has_role_name_name(PG_FUNCTION_ARGS)
Definition: acl.c:4415
PG_GETARG_TEXT_PP
#define PG_GETARG_TEXT_PP(n)
Definition: fmgr.h:278
get_role_oid
Oid get_role_oid(const char *rolname, bool missing_ok)
Definition: acl.c:5116
has_schema_privilege_id_name
Datum has_schema_privilege_id_name(PG_FUNCTION_ARGS)
Definition: acl.c:3761
GetSysCacheOid1
#define GetSysCacheOid1(cacheId, key1)
Definition: syscache.h:191
ARR_LBOUND
#define ARR_LBOUND(a)
Definition: array.h:281
has_foreign_data_wrapper_privilege_id
Datum has_foreign_data_wrapper_privilege_id(PG_FUNCTION_ARGS)
Definition: acl.c:3160
catclist::members
CatCTup * members[FLEXIBLE_ARRAY_MEMBER]
Definition: catcache.h:178
NAMEDATALEN
#define NAMEDATALEN
Definition: pg_config_manual.h:29
SRF_RETURN_NEXT
#define SRF_RETURN_NEXT(_funcctx, _result)
Definition: funcapi.h:300
AclItem::ai_privs
AclMode ai_privs
Definition: acl.h:59
grantor
Oid grantor
Definition: pg_auth_members.h:34
ACL_ALL_RIGHTS_LANGUAGE
#define ACL_ALL_RIGHTS_LANGUAGE
Definition: acl.h:164
has_language_privilege_name
Datum has_language_privilege_name(PG_FUNCTION_ARGS)
Definition: acl.c:3494
Form_pg_authid
FormData_pg_authid * Form_pg_authid
Definition: pg_authid.h:55
member
Oid member
Definition: pg_auth_members.h:33
AclMode
uint32 AclMode
Definition: parsenodes.h:72
get_foreign_data_wrapper_oid
Oid get_foreign_data_wrapper_oid(const char *fdwname, bool missing_ok)
Definition: foreign.c:659
pg_has_role_id_name
Datum pg_has_role_id_name(PG_FUNCTION_ARGS)
Definition: acl.c:4511
roles_has_privs_of
static List * roles_has_privs_of(Oid roleid)
Definition: acl.c:4673
SearchSysCacheExists1
#define SearchSysCacheExists1(cacheId, key1)
Definition: syscache.h:182
pfree
void pfree(void *pointer)
Definition: mcxt.c:1031
ACL_CREATE_TEMP_CHR
#define ACL_CREATE_TEMP_CHR
Definition: acl.h:148
count_one_bits
static int count_one_bits(AclMode mask)
Definition: acl.c:5001
has_type_privilege_id_id
Datum has_type_privilege_id_id(PG_FUNCTION_ARGS)
Definition: acl.c:4340
check_circularity
static void check_circularity(const Acl *old_acl, const AclItem *mod_aip, Oid ownerId)
Definition: acl.c:1155
ObjectIdGetDatum
#define ObjectIdGetDatum(X)
Definition: postgres.h:492
ERROR
#define ERROR
Definition: elog.h:43
cached_privs_role
static Oid cached_privs_role
Definition: acl.c:75
regprocedurein
Datum regprocedurein(PG_FUNCTION_ARGS)
Definition: regproc.c:231
has_function_privilege_id
Datum has_function_privilege_id(PG_FUNCTION_ARGS)
Definition: acl.c:3345
ACL_CREATE
#define ACL_CREATE
Definition: parsenodes.h:84
getid
static const char * getid(const char *s, char *n)
Definition: acl.c:137
ArrayType::elemtype
Oid elemtype
Definition: array.h:85
has_column_privilege_name_id_name
Datum has_column_privilege_name_id_name(PG_FUNCTION_ARGS)
Definition: acl.c:2570
has_tablespace_privilege_id_id
Datum has_tablespace_privilege_id_id(PG_FUNCTION_ARGS)
Definition: acl.c:4153
ARR_DIMS
#define ARR_DIMS(a)
Definition: array.h:279
has_foreign_data_wrapper_privilege_name_id
Datum has_foreign_data_wrapper_privilege_name_id(PG_FUNCTION_ARGS)
Definition: acl.c:3136
ACL_NUM
#define ACL_NUM(ACL)
Definition: acl.h:109
roles_is_member_of
static List * roles_is_member_of(Oid roleid)
Definition: acl.c:4756
ACL_NO_RIGHTS
#define ACL_NO_RIGHTS
Definition: parsenodes.h:88
pg_has_role_id_id
Datum pg_has_role_id_id(PG_FUNCTION_ARGS)
Definition: acl.c:4534
ACL_ALL_RIGHTS_SCHEMA
#define ACL_ALL_RIGHTS_SCHEMA
Definition: acl.h:166
has_table_privilege_id_name
Datum has_table_privilege_id_name(PG_FUNCTION_ARGS)
Definition: acl.c:1954
has_column_privilege_id_attnum
Datum has_column_privilege_id_attnum(PG_FUNCTION_ARGS)
Definition: acl.c:2806
BlessTupleDesc
TupleDesc BlessTupleDesc(TupleDesc tupdesc)
Definition: execTuples.c:1109
nameData
Definition: c.h:570
ACL_TRIGGER
#define ACL_TRIGGER
Definition: parsenodes.h:80
pg_foreign_server_aclcheck
AclResult pg_foreign_server_aclcheck(Oid srv_oid, Oid roleid, AclMode mode)
Definition: aclchk.c:4727
ACL_TRUNCATE_CHR
#define ACL_TRUNCATE_CHR
Definition: acl.h:142
convert_type_priv_string
static AclMode convert_type_priv_string(text *priv_type_text)
Definition: acl.c:4387
NoLock
#define NoLock
Definition: lockdefs.h:34
ACL_REFERENCES_CHR
#define ACL_REFERENCES_CHR
Definition: acl.h:143
convert_table_priv_string
static AclMode convert_table_priv_string(text *priv_type_text)
Definition: acl.c:2018
memmove
#define memmove(d, s, c)
Definition: c.h:1135
PG_GETARG_OID
#define PG_GETARG_OID(n)
Definition: fmgr.h:245
get_attnum
AttrNumber get_attnum(Oid relid, const char *attname)
Definition: lsyscache.c:806
N_ACL_RIGHTS
#define N_ACL_RIGHTS
Definition: parsenodes.h:87
has_column_privilege_id_name_attnum
Datum has_column_privilege_id_name_attnum(PG_FUNCTION_ARGS)
Definition: acl.c:2649
errdetail
int errdetail(const char *fmt,...)
Definition: elog.c:873
CStringGetDatum
#define CStringGetDatum(X)
Definition: postgres.h:563
convert_tablespace_priv_string
static AclMode convert_tablespace_priv_string(text *priv_type_text)
Definition: acl.c:4188
ACL_ALL_RIGHTS_TYPE
#define ACL_ALL_RIGHTS_TYPE
Definition: acl.h:168
has_tablespace_privilege_id_name
Datum has_tablespace_privilege_id_name(PG_FUNCTION_ARGS)
Definition: acl.c:4130
has_column_privilege_id_id_name
Datum has_column_privilege_id_id_name(PG_FUNCTION_ARGS)
Definition: acl.c:2674
has_column_privilege_name_id_attnum
Datum has_column_privilege_name_id_attnum(PG_FUNCTION_ARGS)
Definition: acl.c:2597
convert_database_name
static Oid convert_database_name(text *databasename)
Definition: acl.c:3039
Form_pg_attribute
FormData_pg_attribute * Form_pg_attribute
Definition: pg_attribute.h:197
uint32
unsigned int uint32
Definition: c.h:325
has_database_privilege_id
Datum has_database_privilege_id(PG_FUNCTION_ARGS)
Definition: acl.c:2965
convert_database_priv_string
static AclMode convert_database_priv_string(text *priv_type_text)
Definition: acl.c:3051
ARR_HASNULL
#define ARR_HASNULL(a)
Definition: array.h:276
ACL_USAGE
#define ACL_USAGE
Definition: parsenodes.h:82
SearchSysCacheList1
#define SearchSysCacheList1(cacheId, key1)
Definition: syscache.h:209
ACLITEM_GET_RIGHTS
#define ACLITEM_GET_RIGHTS(item)
Definition: acl.h:69
TupleDescInitEntry
void TupleDescInitEntry(TupleDesc desc, AttrNumber attributeNumber, const char *attributeName, Oid oidtypeid, int32 typmod, int attdim)
Definition: tupdesc.c:600
check_is_member_of_role
void check_is_member_of_role(Oid member, Oid role)
Definition: acl.c:4879
htup_details.h
convert_language_priv_string
static AclMode convert_language_priv_string(text *priv_type_text)
Definition: acl.c:3631
ereport
#define ereport(elevel, rest)
Definition: elog.h:122
superuser_arg
bool superuser_arg(Oid roleid)
Definition: superuser.c:57
has_tablespace_privilege_name_name
Datum has_tablespace_privilege_name_name(PG_FUNCTION_ARGS)
Definition: acl.c:4034
has_foreign_data_wrapper_privilege_name_name
Datum has_foreign_data_wrapper_privilege_name_name(PG_FUNCTION_ARGS)
Definition: acl.c:3086
TopMemoryContext
MemoryContext TopMemoryContext
Definition: mcxt.c:44
ACL_CONNECT
#define ACL_CONNECT
Definition: parsenodes.h:86
textToQualifiedNameList
List * textToQualifiedNameList(text *textval)
Definition: varlena.c:3232
get_rolespec_name
char * get_rolespec_name(const RoleSpec *role)
Definition: acl.c:5232
ObjectType
ObjectType
Definition: parsenodes.h:1634
aclitemout
Datum aclitemout(PG_FUNCTION_ARGS)
Definition: acl.c:591
has_schema_privilege_name_id
Datum has_schema_privilege_name_id(PG_FUNCTION_ARGS)
Definition: acl.c:3709
has_type_privilege_name_name
Datum has_type_privilege_name_name(PG_FUNCTION_ARGS)
Definition: acl.c:4215
has_server_privilege_name
Datum has_server_privilege_name(PG_FUNCTION_ARGS)
Definition: acl.c:3878
convert_server_name
static Oid convert_server_name(text *servername)
Definition: acl.c:3994
has_language_privilege_name_id
Datum has_language_privilege_name_id(PG_FUNCTION_ARGS)
Definition: acl.c:3518
has_language_privilege_id
Datum has_language_privilege_id(PG_FUNCTION_ARGS)
Definition: acl.c:3545
convert_server_priv_string
static AclMode convert_server_priv_string(text *priv_type_text)
Definition: acl.c:4006
has_table_privilege_name_name
Datum has_table_privilege_name_name(PG_FUNCTION_ARGS)
Definition: acl.c:1852
aclconcat
Acl * aclconcat(const Acl *left_acl, const Acl *right_acl)
Definition: acl.c:427
has_type_privilege_name
Datum has_type_privilege_name(PG_FUNCTION_ARGS)
Definition: acl.c:4241
has_server_privilege_id_name
Datum has_server_privilege_id_name(PG_FUNCTION_ARGS)
Definition: acl.c:3948
has_schema_privilege_id
Datum has_schema_privilege_id(PG_FUNCTION_ARGS)
Definition: acl.c:3736
WARNING
#define WARNING
Definition: elog.h:40
SearchSysCache1
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:1112
has_database_privilege_id_name
Datum has_database_privilege_id_name(PG_FUNCTION_ARGS)
Definition: acl.c:2990
ACLITEM_SET_RIGHTS
#define ACLITEM_SET_RIGHTS(item, rights)
Definition: acl.h:80
ACL_SELECT_CHR
#define ACL_SELECT_CHR
Definition: acl.h:139
ACL_UPDATE
#define ACL_UPDATE
Definition: parsenodes.h:76
ReleaseSysCacheList
#define ReleaseSysCacheList(x)
Definition: syscache.h:216
regtypein
Datum regtypein(PG_FUNCTION_ARGS)
Definition: regproc.c:1061
DropBehavior
DropBehavior
Definition: parsenodes.h:1705
CacheRegisterSyscacheCallback
void CacheRegisterSyscacheCallback(int cacheid, SyscacheCallbackFunction func, Datum arg)
Definition: inval.c:1397
ACL_GRANT_OPTION_FOR
#define ACL_GRANT_OPTION_FOR(privs)
Definition: acl.h:71
palloc0
void * palloc0(Size size)
Definition: mcxt.c:955
has_database_privilege_name_name
Datum has_database_privilege_name_name(PG_FUNCTION_ARGS)
Definition: acl.c:2888
AclResult
AclResult
Definition: acl.h:178
PG_RETURN_BOOL
#define PG_RETURN_BOOL(x)
Definition: fmgr.h:324
Datum
uintptr_t Datum
Definition: postgres.h:367
cached_membership_roles
static List * cached_membership_roles
Definition: acl.c:78
check_rolespec_name
void check_rolespec_name(const RoleSpec *role, const char *detail_msg)
Definition: acl.c:5254
ReleaseSysCache
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1160
ACL_MODECHG_ADD
#define ACL_MODECHG_ADD
Definition: acl.h:130
ACL_SELECT
#define ACL_SELECT
Definition: parsenodes.h:75
RoleSpec::roletype
RoleSpecType roletype
Definition: parsenodes.h:329
ACL_DAT
#define ACL_DAT(ACL)
Definition: acl.h:110
list_make1_oid
#define list_make1_oid(x1)
Definition: pg_list.h:151
get_rolespec_oid
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
Definition: acl.c:5149
aclparse
static const char * aclparse(const char *s, AclItem *aip)
Definition: acl.c:238
hash_aclitem
Datum hash_aclitem(PG_FUNCTION_ARGS)
Definition: acl.c:713
ACL_ALL_RIGHTS_SEQUENCE
#define ACL_ALL_RIGHTS_SEQUENCE
Definition: acl.h:159
Form_pg_auth_members
FormData_pg_auth_members * Form_pg_auth_members
Definition: pg_auth_members.h:43
PG_GETARG_INT16
#define PG_GETARG_INT16(n)
Definition: fmgr.h:241
aclremove
Datum aclremove(PG_FUNCTION_ARGS)
Definition: acl.c:1543
has_language_privilege_id_id
Datum has_language_privilege_id_id(PG_FUNCTION_ARGS)
Definition: acl.c:3593
priv_map::value
AclMode value
Definition: acl.c:46
has_sequence_privilege_id_id
Datum has_sequence_privilege_id_id(PG_FUNCTION_ARGS)
Definition: acl.c:2212
admin_option
bool admin_option
Definition: pg_auth_members.h:35
convert_priv_string
static AclMode convert_priv_string(text *priv_type_text)
Definition: acl.c:1598
BoolGetDatum
#define BoolGetDatum(X)
Definition: postgres.h:387
ACL_ALL_RIGHTS_STR
#define ACL_ALL_RIGHTS_STR
Definition: acl.h:152
ACL_USAGE_CHR
#define ACL_USAGE_CHR
Definition: acl.h:146
username
static char * username
Definition: initdb.c:132
get_database_oid
Oid get_database_oid(const char *dbname, bool missing_ok)
Definition: dbcommands.c:2009
InvalidOid
#define InvalidOid
Definition: postgres_ext.h:36
attnum
int16 attnum
Definition: pg_attribute.h:79
AclItem
Definition: acl.h:55
ACL_ALL_RIGHTS_LARGEOBJECT
#define ACL_ALL_RIGHTS_LARGEOBJECT
Definition: acl.h:165
a1
static FormData_pg_attribute a1
Definition: heap.c:147
is_member_of_role
bool is_member_of_role(Oid member, Oid role)
Definition: acl.c:4857
aclcopy
Acl * aclcopy(const Acl *orig_acl)
Definition: acl.c:407
ACL_OPTION_TO_PRIVS
#define ACL_OPTION_TO_PRIVS(privs)
Definition: acl.h:72
pg_class.h
ACL_REFERENCES
#define ACL_REFERENCES
Definition: parsenodes.h:79
aclmerge
Acl * aclmerge(const Acl *left_acl, const Acl *right_acl, Oid ownerId)
Definition: acl.c:451
list_member_oid
bool list_member_oid(const List *list, Oid datum)
Definition: list.c:505
aclmembers
int aclmembers(const Acl *acl, Oid **roleids)
Definition: acl.c:1473
HeapTupleIsValid
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
pg_database_aclcheck
AclResult pg_database_aclcheck(Oid db_oid, Oid roleid, AclMode mode)
Definition: aclchk.c:4639
convert_foreign_data_wrapper_priv_string
static AclMode convert_foreign_data_wrapper_priv_string(text *priv_type_text)
Definition: acl.c:3240
GetUserNameFromId
char * GetUserNameFromId(Oid roleid, bool noerr)
Definition: miscinit.c:787
Assert
#define Assert(condition)
Definition: c.h:699
has_any_column_privilege_id_name
Datum has_any_column_privilege_id_name(PG_FUNCTION_ARGS)
Definition: acl.c:2392
convert_table_name
static Oid convert_table_name(text *tablename)
Definition: acl.c:2003
InSecurityRestrictedOperation
bool InSecurityRestrictedOperation(void)
Definition: miscinit.c:511
has_sequence_privilege_id
Datum has_sequence_privilege_id(PG_FUNCTION_ARGS)
Definition: acl.c:2153
convert_function_name
static Oid convert_function_name(text *functionname)
Definition: acl.c:3419
has_tablespace_privilege_id
Datum has_tablespace_privilege_id(PG_FUNCTION_ARGS)
Definition: acl.c:4108
ACL_INSERT
#define ACL_INSERT
Definition: parsenodes.h:74
has_function_privilege_name_name
Datum has_function_privilege_name_name(PG_FUNCTION_ARGS)
Definition: acl.c:3268
PG_RETURN_CSTRING
#define PG_RETURN_CSTRING(x)
Definition: fmgr.h:327
FuncCallContext::multi_call_memory_ctx
MemoryContext multi_call_memory_ctx
Definition: funcapi.h:110
get_rolespec_tuple
HeapTuple get_rolespec_tuple(const RoleSpec *role)
Definition: acl.c:5187
acldefault_sql
Datum acldefault_sql(PG_FUNCTION_ARGS)
Definition: acl.c:862
oid_cmp
int oid_cmp(const void *p1, const void *p2)
Definition: oid.c:336
pg_attribute_aclcheck_all
AclResult pg_attribute_aclcheck_all(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
Definition: aclchk.c:4542
aclitem_match
static bool aclitem_match(const AclItem *a1, const AclItem *a2)
Definition: acl.c:658
Size
size_t Size
Definition: c.h:433
dbname
char * dbname
Definition: streamutil.c:51
has_foreign_data_wrapper_privilege_name
Datum has_foreign_data_wrapper_privilege_name(PG_FUNCTION_ARGS)
Definition: acl.c:3112
pg_auth_members.h
has_table_privilege_id_id
Datum has_table_privilege_id_id(PG_FUNCTION_ARGS)
Definition: acl.c:1977
makeaclitem
Datum makeaclitem(PG_FUNCTION_ARGS)
Definition: acl.c:1575
ACLITEM_GET_PRIVS
#define ACLITEM_GET_PRIVS(item)
Definition: acl.h:67
ACL_UPDATE_CHR
#define ACL_UPDATE_CHR
Definition: acl.h:140
has_column_privilege_name_attnum
Datum has_column_privilege_name_attnum(PG_FUNCTION_ARGS)
Definition: acl.c:2752
SearchSysCache2
HeapTuple SearchSysCache2(int cacheId, Datum key1, Datum key2)
Definition: syscache.c:1123
RoleSpec::rolename
char * rolename
Definition: parsenodes.h:330
has_foreign_data_wrapper_privilege_id_id
Datum has_foreign_data_wrapper_privilege_id_id(PG_FUNCTION_ARGS)
Definition: acl.c:3205
select_best_grantor
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
Definition: acl.c:5041
HeapTupleGetDatum
#define HeapTupleGetDatum(tuple)
Definition: funcapi.h:231
CreateTemplateTupleDesc
TupleDesc CreateTemplateTupleDesc(int natts, bool hasoid)
Definition: tupdesc.c:45
ARR_NDIM
#define ARR_NDIM(a)
Definition: array.h:275
name
const char * name
Definition: encode.c:521
PG_GETARG_ACL_P
#define PG_GETARG_ACL_P(n)
Definition: acl.h:123
InvalidAttrNumber
#define InvalidAttrNumber
Definition: attnum.h:23
ACL_ALL_RIGHTS_DATABASE
#define ACL_ALL_RIGHTS_DATABASE
Definition: acl.h:160
RoleMembershipCacheCallback
static void RoleMembershipCacheCallback(Datum arg, int cacheid, uint32 hashvalue)
Definition: acl.c:4633
pg_class_aclcheck
AclResult pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode)
Definition: aclchk.c:4627
has_schema_privilege_name
Datum has_schema_privilege_name(PG_FUNCTION_ARGS)
Definition: acl.c:3685
ACL_ALL_RIGHTS_FOREIGN_SERVER
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
Definition: acl.h:162
aclitemsort
void aclitemsort(Acl *acl)
Definition: acl.c:495
has_table_privilege_id
Datum has_table_privilege_id(PG_FUNCTION_ARGS)
Definition: acl.c:1929
has_database_privilege_id_id
Datum has_database_privilege_id_id(PG_FUNCTION_ARGS)
Definition: acl.c:3013
values
static Datum values[MAXATTR]
Definition: bootstrap.c:164
IsBootstrapProcessingMode
#define IsBootstrapProcessingMode()
Definition: miscadmin.h:372
text_to_cstring
char * text_to_cstring(const text *t)
Definition: varlena.c:182
column_privilege_check
static int column_privilege_check(Oid tableoid, AttrNumber attnum, Oid roleid, AclMode mode)
Definition: acl.c:2462
ACL_TRIGGER_CHR
#define ACL_TRIGGER_CHR
Definition: acl.h:144