#include "access/htup.h"
#include "nodes/parsenodes.h"
#include "parser/parse_node.h"
#include "utils/snapshot.h"

Include dependency graph for acl.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures
struct	AclItem

Macros
#define	ACL_ID_PUBLIC 0 /* placeholder for id in a PUBLIC acl item */

#define	ACLITEM_GET_PRIVS(item) ((item).ai_privs & 0xFFFFFFFF)

#define	ACLITEM_GET_GOPTIONS(item) (((item).ai_privs >> 32) & 0xFFFFFFFF)

#define	ACLITEM_GET_RIGHTS(item) ((item).ai_privs)

#define	ACL_GRANT_OPTION_FOR(privs) (((AclMode) (privs) & 0xFFFFFFFF) << 32)

#define	ACL_OPTION_TO_PRIVS(privs) (((AclMode) (privs) >> 32) & 0xFFFFFFFF)

#define	ACLITEM_SET_PRIVS(item, privs)

#define	ACLITEM_SET_GOPTIONS(item, goptions)

#define	ACLITEM_SET_RIGHTS(item, rights) ((item).ai_privs = (AclMode) (rights))

#define	ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)

#define	ACLITEM_ALL_PRIV_BITS ((AclMode) 0xFFFFFFFF)

#define	ACLITEM_ALL_GOPTION_BITS ((AclMode) 0xFFFFFFFF << 32)

#define	ACL_NUM(ACL) (ARR_DIMS(ACL)[0])

#define	ACL_DAT(ACL) ((AclItem *) ARR_DATA_PTR(ACL))

#define	ACL_N_SIZE(N) (ARR_OVERHEAD_NONULLS(1) + ((N) * sizeof(AclItem)))

#define	ACL_SIZE(ACL) ARR_SIZE(ACL)

#define	DatumGetAclItemP(X) ((AclItem *) DatumGetPointer(X))

#define	PG_GETARG_ACLITEM_P(n) DatumGetAclItemP(PG_GETARG_DATUM(n))

#define	PG_RETURN_ACLITEM_P(x) PG_RETURN_POINTER(x)

#define	DatumGetAclP(X) ((Acl *) PG_DETOAST_DATUM(X))

#define	DatumGetAclPCopy(X) ((Acl *) PG_DETOAST_DATUM_COPY(X))

#define	PG_GETARG_ACL_P(n) DatumGetAclP(PG_GETARG_DATUM(n))

#define	PG_GETARG_ACL_P_COPY(n) DatumGetAclPCopy(PG_GETARG_DATUM(n))

#define	PG_RETURN_ACL_P(x) PG_RETURN_POINTER(x)

#define	ACL_MODECHG_ADD 1

#define	ACL_MODECHG_DEL 2

#define	ACL_MODECHG_EQL 3

#define	ACL_INSERT_CHR 'a' /* formerly known as "append" */

#define	ACL_SELECT_CHR 'r' /* formerly known as "read" */

#define	ACL_UPDATE_CHR 'w' /* formerly known as "write" */

#define	ACL_DELETE_CHR 'd'

#define	ACL_TRUNCATE_CHR 'D' /* super-delete, as it were */

#define	ACL_REFERENCES_CHR 'x'

#define	ACL_TRIGGER_CHR 't'

#define	ACL_EXECUTE_CHR 'X'

#define	ACL_USAGE_CHR 'U'

#define	ACL_CREATE_CHR 'C'

#define	ACL_CREATE_TEMP_CHR 'T'

#define	ACL_CONNECT_CHR 'c'

#define	ACL_SET_CHR 's'

#define	ACL_ALTER_SYSTEM_CHR 'A'

#define	ACL_MAINTAIN_CHR 'm'

#define	ACL_ALL_RIGHTS_STR "arwdDxtXUCTcsAm"

#define	ACL_ALL_RIGHTS_COLUMN (ACL_INSERT\|ACL_SELECT\|ACL_UPDATE\|ACL_REFERENCES)

#define	ACL_ALL_RIGHTS_RELATION (ACL_INSERT\|ACL_SELECT\|ACL_UPDATE\|ACL_DELETE\|ACL_TRUNCATE\|ACL_REFERENCES\|ACL_TRIGGER\|ACL_MAINTAIN)

#define	ACL_ALL_RIGHTS_SEQUENCE (ACL_USAGE\|ACL_SELECT\|ACL_UPDATE)

#define	ACL_ALL_RIGHTS_DATABASE (ACL_CREATE\|ACL_CREATE_TEMP\|ACL_CONNECT)

#define	ACL_ALL_RIGHTS_FDW (ACL_USAGE)

#define	ACL_ALL_RIGHTS_FOREIGN_SERVER (ACL_USAGE)

#define	ACL_ALL_RIGHTS_FUNCTION (ACL_EXECUTE)

#define	ACL_ALL_RIGHTS_LANGUAGE (ACL_USAGE)

#define	ACL_ALL_RIGHTS_LARGEOBJECT (ACL_SELECT\|ACL_UPDATE)

#define	ACL_ALL_RIGHTS_PARAMETER_ACL (ACL_SET\|ACL_ALTER_SYSTEM)

#define	ACL_ALL_RIGHTS_SCHEMA (ACL_USAGE\|ACL_CREATE)

#define	ACL_ALL_RIGHTS_TABLESPACE (ACL_CREATE)

#define	ACL_ALL_RIGHTS_TYPE (ACL_USAGE)

Typedefs
typedef struct AclItem	AclItem

typedef struct ArrayType	Acl

Enumerations
enum	AclMaskHow { ACLMASK_ALL , ACLMASK_ANY }

enum	AclResult { ACLCHECK_OK = 0 , ACLCHECK_NO_PRIV , ACLCHECK_NOT_OWNER }

Functions
Acl *	acldefault (ObjectType objtype, Oid ownerId)

Acl *	get_user_default_acl (ObjectType objtype, Oid ownerId, Oid nsp_oid)

void	recordDependencyOnNewAcl (Oid classId, Oid objectId, int32 objsubId, Oid ownerId, Acl *acl)

Acl *	aclupdate (const Acl old_acl, const AclItem mod_aip, int modechg, Oid ownerId, DropBehavior behavior)

Acl *	aclnewowner (const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)

Acl *	make_empty_acl (void)

Acl *	aclcopy (const Acl *orig_acl)

Acl *	aclconcat (const Acl left_acl, const Acl right_acl)

Acl *	aclmerge (const Acl left_acl, const Acl right_acl, Oid ownerId)

void	aclitemsort (Acl *acl)

bool	aclequal (const Acl left_acl, const Acl right_acl)

AclMode	aclmask (const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)

int	aclmembers (const Acl acl, Oid *roleids)

bool	has_privs_of_role (Oid member, Oid role)

bool	member_can_set_role (Oid member, Oid role)

void	check_can_set_role (Oid member, Oid role)

bool	is_member_of_role (Oid member, Oid role)

bool	is_member_of_role_nosuper (Oid member, Oid role)

bool	is_admin_of_role (Oid member, Oid role)

Oid	select_best_admin (Oid member, Oid role)

Oid	get_role_oid (const char *rolname, bool missing_ok)

Oid	get_role_oid_or_public (const char *rolname)

Oid	get_rolespec_oid (const RoleSpec *role, bool missing_ok)

void	check_rolespec_name (const RoleSpec role, const char detail_msg)

HeapTuple	get_rolespec_tuple (const RoleSpec *role)

char *	get_rolespec_name (const RoleSpec *role)

void	select_best_grantor (Oid roleId, AclMode privileges, const Acl acl, Oid ownerId, Oid grantorId, AclMode *grantOptions)

void	initialize_acl (void)

void	ExecuteGrantStmt (GrantStmt *stmt)

void	ExecAlterDefaultPrivilegesStmt (ParseState pstate, AlterDefaultPrivilegesStmt stmt)

void	RemoveRoleFromObjectACL (Oid roleid, Oid classid, Oid objid)

AclMode	pg_class_aclmask (Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)

AclResult	object_aclcheck (Oid classid, Oid objectid, Oid roleid, AclMode mode)

AclResult	object_aclcheck_ext (Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)

AclResult	pg_attribute_aclcheck (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode)

AclResult	pg_attribute_aclcheck_ext (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)

AclResult	pg_attribute_aclcheck_all (Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)

AclResult	pg_attribute_aclcheck_all_ext (Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)

AclResult	pg_class_aclcheck (Oid table_oid, Oid roleid, AclMode mode)

AclResult	pg_class_aclcheck_ext (Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)

AclResult	pg_parameter_aclcheck (const char *name, Oid roleid, AclMode mode)

AclResult	pg_largeobject_aclcheck_snapshot (Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)

void	aclcheck_error (AclResult aclerr, ObjectType objtype, const char *objectname)

void	aclcheck_error_col (AclResult aclerr, ObjectType objtype, const char objectname, const char colname)

void	aclcheck_error_type (AclResult aclerr, Oid typeOid)

void	recordExtObjInitPriv (Oid objoid, Oid classoid)

void	removeExtObjInitPriv (Oid objoid, Oid classoid)

void	ReplaceRoleInInitPriv (Oid oldroleid, Oid newroleid, Oid classid, Oid objid, int32 objsubid)

void	RemoveRoleFromInitPriv (Oid roleid, Oid classid, Oid objid, int32 objsubid)

bool	object_ownercheck (Oid classid, Oid objectid, Oid roleid)

bool	has_createrole_privilege (Oid roleid)

bool	has_bypassrls_privilege (Oid roleid)

Macro Definition Documentation

◆ ACL_ALL_RIGHTS_COLUMN

#define ACL_ALL_RIGHTS_COLUMN (ACL_INSERT|ACL_SELECT|ACL_UPDATE|ACL_REFERENCES)

Definition at line 159 of file acl.h.

◆ ACL_ALL_RIGHTS_DATABASE

#define ACL_ALL_RIGHTS_DATABASE (ACL_CREATE|ACL_CREATE_TEMP|ACL_CONNECT)

Definition at line 162 of file acl.h.

◆ ACL_ALL_RIGHTS_FDW

#define ACL_ALL_RIGHTS_FDW (ACL_USAGE)

Definition at line 163 of file acl.h.

◆ ACL_ALL_RIGHTS_FOREIGN_SERVER

#define ACL_ALL_RIGHTS_FOREIGN_SERVER (ACL_USAGE)

Definition at line 164 of file acl.h.

◆ ACL_ALL_RIGHTS_FUNCTION

#define ACL_ALL_RIGHTS_FUNCTION (ACL_EXECUTE)

Definition at line 165 of file acl.h.

◆ ACL_ALL_RIGHTS_LANGUAGE

#define ACL_ALL_RIGHTS_LANGUAGE (ACL_USAGE)

Definition at line 166 of file acl.h.

◆ ACL_ALL_RIGHTS_LARGEOBJECT

#define ACL_ALL_RIGHTS_LARGEOBJECT (ACL_SELECT|ACL_UPDATE)

Definition at line 167 of file acl.h.

◆ ACL_ALL_RIGHTS_PARAMETER_ACL

#define ACL_ALL_RIGHTS_PARAMETER_ACL (ACL_SET|ACL_ALTER_SYSTEM)

Definition at line 168 of file acl.h.

◆ ACL_ALL_RIGHTS_RELATION

Definition at line 160 of file acl.h.

◆ ACL_ALL_RIGHTS_SCHEMA

#define ACL_ALL_RIGHTS_SCHEMA (ACL_USAGE|ACL_CREATE)

Definition at line 169 of file acl.h.

◆ ACL_ALL_RIGHTS_SEQUENCE

#define ACL_ALL_RIGHTS_SEQUENCE (ACL_USAGE|ACL_SELECT|ACL_UPDATE)

Definition at line 161 of file acl.h.

◆ ACL_ALL_RIGHTS_STR

#define ACL_ALL_RIGHTS_STR "arwdDxtXUCTcsAm"

Definition at line 154 of file acl.h.

◆ ACL_ALL_RIGHTS_TABLESPACE

#define ACL_ALL_RIGHTS_TABLESPACE (ACL_CREATE)

Definition at line 170 of file acl.h.

◆ ACL_ALL_RIGHTS_TYPE

#define ACL_ALL_RIGHTS_TYPE (ACL_USAGE)

Definition at line 171 of file acl.h.

◆ ACL_ALTER_SYSTEM_CHR

#define ACL_ALTER_SYSTEM_CHR 'A'

Definition at line 150 of file acl.h.

◆ ACL_CONNECT_CHR

#define ACL_CONNECT_CHR 'c'

Definition at line 148 of file acl.h.

◆ ACL_CREATE_CHR

#define ACL_CREATE_CHR 'C'

Definition at line 146 of file acl.h.

◆ ACL_CREATE_TEMP_CHR

#define ACL_CREATE_TEMP_CHR 'T'

Definition at line 147 of file acl.h.

◆ ACL_DAT

#define ACL_DAT ( ACL ) ((AclItem *) ARR_DATA_PTR(ACL))

Definition at line 109 of file acl.h.

◆ ACL_DELETE_CHR

#define ACL_DELETE_CHR 'd'

Definition at line 140 of file acl.h.

◆ ACL_EXECUTE_CHR

#define ACL_EXECUTE_CHR 'X'

Definition at line 144 of file acl.h.

◆ ACL_GRANT_OPTION_FOR

#define ACL_GRANT_OPTION_FOR ( privs ) (((AclMode) (privs) & 0xFFFFFFFF) << 32)

Definition at line 70 of file acl.h.

◆ ACL_ID_PUBLIC

#define ACL_ID_PUBLIC 0 /* placeholder for id in a PUBLIC acl item */

Definition at line 46 of file acl.h.

◆ ACL_INSERT_CHR

#define ACL_INSERT_CHR 'a' /* formerly known as "append" */

Definition at line 137 of file acl.h.

◆ ACL_MAINTAIN_CHR

#define ACL_MAINTAIN_CHR 'm'

Definition at line 151 of file acl.h.

◆ ACL_MODECHG_ADD

#define ACL_MODECHG_ADD 1

Definition at line 129 of file acl.h.

◆ ACL_MODECHG_DEL

#define ACL_MODECHG_DEL 2

Definition at line 130 of file acl.h.

◆ ACL_MODECHG_EQL

#define ACL_MODECHG_EQL 3

Definition at line 131 of file acl.h.

◆ ACL_N_SIZE

#define ACL_N_SIZE ( N ) (ARR_OVERHEAD_NONULLS(1) + ((N) * sizeof(AclItem)))

Definition at line 110 of file acl.h.

◆ ACL_NUM

#define ACL_NUM ( ACL ) (ARR_DIMS(ACL)[0])

Definition at line 108 of file acl.h.

◆ ACL_OPTION_TO_PRIVS

#define ACL_OPTION_TO_PRIVS ( privs ) (((AclMode) (privs) >> 32) & 0xFFFFFFFF)

Definition at line 71 of file acl.h.

◆ ACL_REFERENCES_CHR

#define ACL_REFERENCES_CHR 'x'

Definition at line 142 of file acl.h.

◆ ACL_SELECT_CHR

#define ACL_SELECT_CHR 'r' /* formerly known as "read" */

Definition at line 138 of file acl.h.

◆ ACL_SET_CHR

#define ACL_SET_CHR 's'

Definition at line 149 of file acl.h.

◆ ACL_SIZE

#define ACL_SIZE ( ACL ) ARR_SIZE(ACL)

Definition at line 111 of file acl.h.

◆ ACL_TRIGGER_CHR

#define ACL_TRIGGER_CHR 't'

Definition at line 143 of file acl.h.

◆ ACL_TRUNCATE_CHR

#define ACL_TRUNCATE_CHR 'D' /* super-delete, as it were */

Definition at line 141 of file acl.h.

◆ ACL_UPDATE_CHR

#define ACL_UPDATE_CHR 'w' /* formerly known as "write" */

Definition at line 139 of file acl.h.

◆ ACL_USAGE_CHR

#define ACL_USAGE_CHR 'U'

Definition at line 145 of file acl.h.

◆ ACLITEM_ALL_GOPTION_BITS

#define ACLITEM_ALL_GOPTION_BITS ((AclMode) 0xFFFFFFFF << 32)

Definition at line 88 of file acl.h.

◆ ACLITEM_ALL_PRIV_BITS

#define ACLITEM_ALL_PRIV_BITS ((AclMode) 0xFFFFFFFF)

Definition at line 87 of file acl.h.

◆ ACLITEM_GET_GOPTIONS

#define ACLITEM_GET_GOPTIONS ( item ) (((item).ai_privs >> 32) & 0xFFFFFFFF)

Definition at line 67 of file acl.h.

◆ ACLITEM_GET_PRIVS

#define ACLITEM_GET_PRIVS ( item ) ((item).ai_privs & 0xFFFFFFFF)

Definition at line 66 of file acl.h.

◆ ACLITEM_GET_RIGHTS

#define ACLITEM_GET_RIGHTS ( item ) ((item).ai_privs)

Definition at line 68 of file acl.h.

◆ ACLITEM_SET_GOPTIONS

#define ACLITEM_SET_GOPTIONS	(	item,
		goptions
	)

Value:

((item).ai_privs = ((item).ai_privs & ~(((AclMode) 0xFFFFFFFF) << 32)) | \

(((AclMode) (goptions) & 0xFFFFFFFF) << 32))

AclMode

uint64 AclMode

Definition: parsenodes.h:74

Definition at line 76 of file acl.h.

◆ ACLITEM_SET_PRIVS

#define ACLITEM_SET_PRIVS	(	item,
		privs
	)

Value:

((item).ai_privs = ((item).ai_privs & ~((AclMode) 0xFFFFFFFF)) | \

((AclMode) (privs) & 0xFFFFFFFF))

Definition at line 73 of file acl.h.

◆ ACLITEM_SET_PRIVS_GOPTIONS

#define ACLITEM_SET_PRIVS_GOPTIONS	(	item,
		privs,
		goptions
	)

Value:

((item).ai_privs = ((AclMode) (privs) & 0xFFFFFFFF) | \

(((AclMode) (goptions) & 0xFFFFFFFF) << 32))

Definition at line 82 of file acl.h.

◆ ACLITEM_SET_RIGHTS

#define ACLITEM_SET_RIGHTS	(	item,
		rights
	)	((item).ai_privs = (AclMode) (rights))

Definition at line 79 of file acl.h.

◆ DatumGetAclItemP

#define DatumGetAclItemP ( X ) ((AclItem *) DatumGetPointer(X))

Definition at line 116 of file acl.h.

◆ DatumGetAclP

#define DatumGetAclP ( X ) ((Acl *) PG_DETOAST_DATUM(X))

Definition at line 120 of file acl.h.

◆ DatumGetAclPCopy

#define DatumGetAclPCopy ( X ) ((Acl *) PG_DETOAST_DATUM_COPY(X))

Definition at line 121 of file acl.h.

◆ PG_GETARG_ACL_P

#define PG_GETARG_ACL_P ( n ) DatumGetAclP(PG_GETARG_DATUM(n))

Definition at line 122 of file acl.h.

◆ PG_GETARG_ACL_P_COPY

#define PG_GETARG_ACL_P_COPY ( n ) DatumGetAclPCopy(PG_GETARG_DATUM(n))

Definition at line 123 of file acl.h.

◆ PG_GETARG_ACLITEM_P

#define PG_GETARG_ACLITEM_P ( n ) DatumGetAclItemP(PG_GETARG_DATUM(n))

Definition at line 117 of file acl.h.

◆ PG_RETURN_ACL_P

#define PG_RETURN_ACL_P ( x ) PG_RETURN_POINTER(x)

Definition at line 124 of file acl.h.

◆ PG_RETURN_ACLITEM_P

#define PG_RETURN_ACLITEM_P ( x ) PG_RETURN_POINTER(x)

Definition at line 118 of file acl.h.

Typedef Documentation

◆ Acl

typedef struct ArrayType Acl

Definition at line 106 of file acl.h.

◆ AclItem

typedef struct AclItem AclItem

Enumeration Type Documentation

◆ AclMaskHow

enum AclMaskHow

Enumerator
ACLMASK_ALL
ACLMASK_ANY

Definition at line 174 of file acl.h.

{
    ACLMASK_ALL,                /* normal case: compute all bits */
    ACLMASK_ANY,                /* return when result is known nonzero */
} AclMaskHow;

◆ AclResult

enum AclResult

Enumerator
ACLCHECK_OK
ACLCHECK_NO_PRIV
ACLCHECK_NOT_OWNER

Definition at line 181 of file acl.h.

{
    ACLCHECK_OK = 0,
    ACLCHECK_NO_PRIV,
    ACLCHECK_NOT_OWNER,
} AclResult;

Function Documentation

◆ aclcheck_error()

void aclcheck_error	(	AclResult	aclerr,
		ObjectType	objtype,
		const char *	objectname
	)

Definition at line 2639 of file aclchk.c.

{
    switch (aclerr)
    {
        case ACLCHECK_OK:
            /* no error, so return to caller */
            break;
        case ACLCHECK_NO_PRIV:
            {
                const char *msg = "???";
 
                switch (objtype)
                {
                    case OBJECT_AGGREGATE:
                        msg = gettext_noop("permission denied for aggregate %s");
                        break;
                    case OBJECT_COLLATION:
                        msg = gettext_noop("permission denied for collation %s");
                        break;
                    case OBJECT_COLUMN:
                        msg = gettext_noop("permission denied for column %s");
                        break;
                    case OBJECT_CONVERSION:
                        msg = gettext_noop("permission denied for conversion %s");
                        break;
                    case OBJECT_DATABASE:
                        msg = gettext_noop("permission denied for database %s");
                        break;
                    case OBJECT_DOMAIN:
                        msg = gettext_noop("permission denied for domain %s");
                        break;
                    case OBJECT_EVENT_TRIGGER:
                        msg = gettext_noop("permission denied for event trigger %s");
                        break;
                    case OBJECT_EXTENSION:
                        msg = gettext_noop("permission denied for extension %s");
                        break;
                    case OBJECT_FDW:
                        msg = gettext_noop("permission denied for foreign-data wrapper %s");
                        break;
                    case OBJECT_FOREIGN_SERVER:
                        msg = gettext_noop("permission denied for foreign server %s");
                        break;
                    case OBJECT_FOREIGN_TABLE:
                        msg = gettext_noop("permission denied for foreign table %s");
                        break;
                    case OBJECT_FUNCTION:
                        msg = gettext_noop("permission denied for function %s");
                        break;
                    case OBJECT_INDEX:
                        msg = gettext_noop("permission denied for index %s");
                        break;
                    case OBJECT_LANGUAGE:
                        msg = gettext_noop("permission denied for language %s");
                        break;
                    case OBJECT_LARGEOBJECT:
                        msg = gettext_noop("permission denied for large object %s");
                        break;
                    case OBJECT_MATVIEW:
                        msg = gettext_noop("permission denied for materialized view %s");
                        break;
                    case OBJECT_OPCLASS:
                        msg = gettext_noop("permission denied for operator class %s");
                        break;
                    case OBJECT_OPERATOR:
                        msg = gettext_noop("permission denied for operator %s");
                        break;
                    case OBJECT_OPFAMILY:
                        msg = gettext_noop("permission denied for operator family %s");
                        break;
                    case OBJECT_PARAMETER_ACL:
                        msg = gettext_noop("permission denied for parameter %s");
                        break;
                    case OBJECT_POLICY:
                        msg = gettext_noop("permission denied for policy %s");
                        break;
                    case OBJECT_PROCEDURE:
                        msg = gettext_noop("permission denied for procedure %s");
                        break;
                    case OBJECT_PUBLICATION:
                        msg = gettext_noop("permission denied for publication %s");
                        break;
                    case OBJECT_ROUTINE:
                        msg = gettext_noop("permission denied for routine %s");
                        break;
                    case OBJECT_SCHEMA:
                        msg = gettext_noop("permission denied for schema %s");
                        break;
                    case OBJECT_SEQUENCE:
                        msg = gettext_noop("permission denied for sequence %s");
                        break;
                    case OBJECT_STATISTIC_EXT:
                        msg = gettext_noop("permission denied for statistics object %s");
                        break;
                    case OBJECT_SUBSCRIPTION:
                        msg = gettext_noop("permission denied for subscription %s");
                        break;
                    case OBJECT_TABLE:
                        msg = gettext_noop("permission denied for table %s");
                        break;
                    case OBJECT_TABLESPACE:
                        msg = gettext_noop("permission denied for tablespace %s");
                        break;
                    case OBJECT_TSCONFIGURATION:
                        msg = gettext_noop("permission denied for text search configuration %s");
                        break;
                    case OBJECT_TSDICTIONARY:
                        msg = gettext_noop("permission denied for text search dictionary %s");
                        break;
                    case OBJECT_TYPE:
                        msg = gettext_noop("permission denied for type %s");
                        break;
                    case OBJECT_VIEW:
                        msg = gettext_noop("permission denied for view %s");
                        break;
                        /* these currently aren't used */
                    case OBJECT_ACCESS_METHOD:
                    case OBJECT_AMOP:
                    case OBJECT_AMPROC:
                    case OBJECT_ATTRIBUTE:
                    case OBJECT_CAST:
                    case OBJECT_DEFAULT:
                    case OBJECT_DEFACL:
                    case OBJECT_DOMCONSTRAINT:
                    case OBJECT_PUBLICATION_NAMESPACE:
                    case OBJECT_PUBLICATION_REL:
                    case OBJECT_ROLE:
                    case OBJECT_RULE:
                    case OBJECT_TABCONSTRAINT:
                    case OBJECT_TRANSFORM:
                    case OBJECT_TRIGGER:
                    case OBJECT_TSPARSER:
                    case OBJECT_TSTEMPLATE:
                    case OBJECT_USER_MAPPING:
                        elog(ERROR, "unsupported object type: %d", objtype);
                }
 
                ereport(ERROR,
                        (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                         errmsg(msg, objectname)));
                break;
            }
        case ACLCHECK_NOT_OWNER:
            {
                const char *msg = "???";
 
                switch (objtype)
                {
                    case OBJECT_AGGREGATE:
                        msg = gettext_noop("must be owner of aggregate %s");
                        break;
                    case OBJECT_COLLATION:
                        msg = gettext_noop("must be owner of collation %s");
                        break;
                    case OBJECT_CONVERSION:
                        msg = gettext_noop("must be owner of conversion %s");
                        break;
                    case OBJECT_DATABASE:
                        msg = gettext_noop("must be owner of database %s");
                        break;
                    case OBJECT_DOMAIN:
                        msg = gettext_noop("must be owner of domain %s");
                        break;
                    case OBJECT_EVENT_TRIGGER:
                        msg = gettext_noop("must be owner of event trigger %s");
                        break;
                    case OBJECT_EXTENSION:
                        msg = gettext_noop("must be owner of extension %s");
                        break;
                    case OBJECT_FDW:
                        msg = gettext_noop("must be owner of foreign-data wrapper %s");
                        break;
                    case OBJECT_FOREIGN_SERVER:
                        msg = gettext_noop("must be owner of foreign server %s");
                        break;
                    case OBJECT_FOREIGN_TABLE:
                        msg = gettext_noop("must be owner of foreign table %s");
                        break;
                    case OBJECT_FUNCTION:
                        msg = gettext_noop("must be owner of function %s");
                        break;
                    case OBJECT_INDEX:
                        msg = gettext_noop("must be owner of index %s");
                        break;
                    case OBJECT_LANGUAGE:
                        msg = gettext_noop("must be owner of language %s");
                        break;
                    case OBJECT_LARGEOBJECT:
                        msg = gettext_noop("must be owner of large object %s");
                        break;
                    case OBJECT_MATVIEW:
                        msg = gettext_noop("must be owner of materialized view %s");
                        break;
                    case OBJECT_OPCLASS:
                        msg = gettext_noop("must be owner of operator class %s");
                        break;
                    case OBJECT_OPERATOR:
                        msg = gettext_noop("must be owner of operator %s");
                        break;
                    case OBJECT_OPFAMILY:
                        msg = gettext_noop("must be owner of operator family %s");
                        break;
                    case OBJECT_PROCEDURE:
                        msg = gettext_noop("must be owner of procedure %s");
                        break;
                    case OBJECT_PUBLICATION:
                        msg = gettext_noop("must be owner of publication %s");
                        break;
                    case OBJECT_ROUTINE:
                        msg = gettext_noop("must be owner of routine %s");
                        break;
                    case OBJECT_SEQUENCE:
                        msg = gettext_noop("must be owner of sequence %s");
                        break;
                    case OBJECT_SUBSCRIPTION:
                        msg = gettext_noop("must be owner of subscription %s");
                        break;
                    case OBJECT_TABLE:
                        msg = gettext_noop("must be owner of table %s");
                        break;
                    case OBJECT_TYPE:
                        msg = gettext_noop("must be owner of type %s");
                        break;
                    case OBJECT_VIEW:
                        msg = gettext_noop("must be owner of view %s");
                        break;
                    case OBJECT_SCHEMA:
                        msg = gettext_noop("must be owner of schema %s");
                        break;
                    case OBJECT_STATISTIC_EXT:
                        msg = gettext_noop("must be owner of statistics object %s");
                        break;
                    case OBJECT_TABLESPACE:
                        msg = gettext_noop("must be owner of tablespace %s");
                        break;
                    case OBJECT_TSCONFIGURATION:
                        msg = gettext_noop("must be owner of text search configuration %s");
                        break;
                    case OBJECT_TSDICTIONARY:
                        msg = gettext_noop("must be owner of text search dictionary %s");
                        break;
 
                        /*
                         * Special cases: For these, the error message talks
                         * about "relation", because that's where the
                         * ownership is attached.  See also
                         * check_object_ownership().
                         */
                    case OBJECT_COLUMN:
                    case OBJECT_POLICY:
                    case OBJECT_RULE:
                    case OBJECT_TABCONSTRAINT:
                    case OBJECT_TRIGGER:
                        msg = gettext_noop("must be owner of relation %s");
                        break;
                        /* these currently aren't used */
                    case OBJECT_ACCESS_METHOD:
                    case OBJECT_AMOP:
                    case OBJECT_AMPROC:
                    case OBJECT_ATTRIBUTE:
                    case OBJECT_CAST:
                    case OBJECT_DEFAULT:
                    case OBJECT_DEFACL:
                    case OBJECT_DOMCONSTRAINT:
                    case OBJECT_PARAMETER_ACL:
                    case OBJECT_PUBLICATION_NAMESPACE:
                    case OBJECT_PUBLICATION_REL:
                    case OBJECT_ROLE:
                    case OBJECT_TRANSFORM:
                    case OBJECT_TSPARSER:
                    case OBJECT_TSTEMPLATE:
                    case OBJECT_USER_MAPPING:
                        elog(ERROR, "unsupported object type: %d", objtype);
                }
 
                ereport(ERROR,
                        (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                         errmsg(msg, objectname)));
                break;
            }
        default:
            elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
            break;
    }
}

References ACLCHECK_NO_PRIV, ACLCHECK_NOT_OWNER, ACLCHECK_OK, elog, ereport, errcode(), errmsg(), ERROR, gettext_noop, OBJECT_ACCESS_METHOD, OBJECT_AGGREGATE, OBJECT_AMOP, OBJECT_AMPROC, OBJECT_ATTRIBUTE, OBJECT_CAST, OBJECT_COLLATION, OBJECT_COLUMN, OBJECT_CONVERSION, OBJECT_DATABASE, OBJECT_DEFACL, OBJECT_DEFAULT, OBJECT_DOMAIN, OBJECT_DOMCONSTRAINT, OBJECT_EVENT_TRIGGER, OBJECT_EXTENSION, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FOREIGN_TABLE, OBJECT_FUNCTION, OBJECT_INDEX, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_MATVIEW, OBJECT_OPCLASS, OBJECT_OPERATOR, OBJECT_OPFAMILY, OBJECT_PARAMETER_ACL, OBJECT_POLICY, OBJECT_PROCEDURE, OBJECT_PUBLICATION, OBJECT_PUBLICATION_NAMESPACE, OBJECT_PUBLICATION_REL, OBJECT_ROLE, OBJECT_ROUTINE, OBJECT_RULE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_STATISTIC_EXT, OBJECT_SUBSCRIPTION, OBJECT_TABCONSTRAINT, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TRANSFORM, OBJECT_TRIGGER, OBJECT_TSCONFIGURATION, OBJECT_TSDICTIONARY, OBJECT_TSPARSER, OBJECT_TSTEMPLATE, OBJECT_TYPE, OBJECT_USER_MAPPING, and OBJECT_VIEW.

Referenced by aclcheck_error_col(), aclcheck_error_type(), AlterCollation(), AlterDatabase(), AlterDatabaseOwner(), AlterDatabaseRefreshColl(), AlterDatabaseSet(), AlterEventTrigger(), AlterEventTriggerOwner_internal(), AlterExtensionNamespace(), AlterForeignServer(), AlterForeignServerOwner_internal(), AlterFunction(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), AlterOperator(), AlterOpFamilyAdd(), AlterPublication(), AlterPublicationOwner_internal(), AlterRoleSet(), AlterSchemaOwner_internal(), AlterStatistics(), AlterSubscription(), AlterSubscriptionOwner_internal(), AlterTableMoveAll(), AlterTableSpaceOptions(), AlterTSConfiguration(), AlterTSDictionary(), AlterTypeOwner(), ATExecChangeOwner(), ATPrepSetTableSpace(), ATSimplePermissions(), brin_desummarize_range(), brin_summarize_range(), calculate_database_size(), calculate_tablespace_size(), call_pltcl_start_proc(), check_object_ownership(), check_temp_tablespaces(), checkFkeyPermissions(), CheckFunctionValidatorAccess(), compute_return_type(), CreateConversionCommand(), createdb(), CreateForeignServer(), CreateForeignTable(), CreateFunction(), CreateProceduralLanguage(), CreatePublication(), CreateSchemaCommand(), CreateStatistics(), CreateSubscription(), CreateTransform(), CreateTriggerFiringOn(), currtid_internal(), DefineAggregate(), DefineCollation(), DefineDomain(), DefineEnum(), DefineIndex(), DefineOpClass(), DefineOperator(), DefineOpFamily(), DefineQueryRewrite(), DefineRange(), DefineRelation(), DefineTSConfiguration(), DefineTSDictionary(), DefineType(), dropdb(), DropSubscription(), DropTableSpace(), EnableDisableRule(), ExecAlterExtensionContentsStmt(), ExecAlterExtensionStmt(), ExecBuildGroupingEqual(), ExecBuildParamSetEqual(), ExecCheckPermissions(), ExecInitAgg(), ExecInitExprRec(), ExecInitFunc(), ExecInitWindowAgg(), ExecReindex(), ExecuteCallStmt(), ExecuteDoStmt(), ExecuteTruncateGuts(), findRangeCanonicalFunction(), findRangeSubtypeDiffFunction(), get_connect_string(), get_other_operator(), get_rel_from_relname(), gin_clean_pending_list(), HandleFunctionRequest(), heap_force_common(), ImportForeignSchema(), init_sexpr(), initialize_peragg(), LockViewRecurse_walker(), LogicalRepSyncTableStart(), lookup_agg_function(), LookupCreationNamespace(), LookupExplicitNamespace(), MergeAttributes(), movedb(), OperatorCreate(), pg_prewarm(), pgrowlocks(), ProcedureCreate(), PublicationAddTables(), RangeVarCallbackForAlterRelation(), RangeVarCallbackForDropRelation(), RangeVarCallbackForLockTable(), RangeVarCallbackForPolicy(), RangeVarCallbackForReindexIndex(), RangeVarCallbackForRenameRule(), RangeVarCallbackForRenameTrigger(), RangeVarCallbackMaintainsTable(), RangeVarCallbackOwnsRelation(), RangeVarGetAndCheckCreationNamespace(), ReindexMultipleInternal(), ReindexMultipleTables(), renameatt_check(), RenameDatabase(), RenameSchema(), RenameTableSpace(), restrict_and_check_grant(), stats_lock_check_privileges(), TargetPrivilegesCheck(), transformTableLikeClause(), truncate_check_perms(), TypeCreate(), user_mapping_ddl_aclcheck(), ValidateJoinEstimator(), ValidateOperatorReference(), and ValidateRestrictionEstimator().

◆ aclcheck_error_col()

void aclcheck_error_col	(	AclResult	aclerr,
		ObjectType	objtype,
		const char *	objectname,
		const char *	colname
	)

Definition at line 2928 of file aclchk.c.

{
    switch (aclerr)
    {
        case ACLCHECK_OK:
            /* no error, so return to caller */
            break;
        case ACLCHECK_NO_PRIV:
            ereport(ERROR,
                    (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                     errmsg("permission denied for column \"%s\" of relation \"%s\"",
                            colname, objectname)));
            break;
        case ACLCHECK_NOT_OWNER:
            /* relation msg is OK since columns don't have separate owners */
            aclcheck_error(aclerr, objtype, objectname);
            break;
        default:
            elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
            break;
    }
}

References aclcheck_error(), ACLCHECK_NO_PRIV, ACLCHECK_NOT_OWNER, ACLCHECK_OK, elog, ereport, errcode(), errmsg(), and ERROR.

Referenced by restrict_and_check_grant().

◆ aclcheck_error_type()

void aclcheck_error_type	(	AclResult	aclerr,
		Oid	typeOid
	)

Definition at line 2958 of file aclchk.c.

{
    Oid         element_type = get_element_type(typeOid);
 
    aclcheck_error(aclerr, OBJECT_TYPE, format_type_be(element_type ? element_type : typeOid));
}

References aclcheck_error(), format_type_be(), get_element_type(), and OBJECT_TYPE.

Referenced by AggregateCreate(), AlterType(), AlterTypeNamespace_oid(), AlterTypeOwner(), ATPrepAlterColumnType(), BuildDescForRelation(), check_object_ownership(), checkDomainOwner(), checkEnumOwner(), compute_return_type(), CreateCast(), CreateTransform(), DefineDomain(), DefineOpClass(), DefineOperator(), DefineRelation(), interpret_function_parameter_list(), and RenameType().

◆ aclconcat()

Acl * aclconcat	(	const Acl *	left_acl,
		const Acl *	right_acl
	)

Definition at line 461 of file acl.c.

{
    Acl        *result_acl;
 
    result_acl = allocacl(ACL_NUM(left_acl) + ACL_NUM(right_acl));
 
    memcpy(ACL_DAT(result_acl),
           ACL_DAT(left_acl),
           ACL_NUM(left_acl) * sizeof(AclItem));
 
    memcpy(ACL_DAT(result_acl) + ACL_NUM(left_acl),
           ACL_DAT(right_acl),
           ACL_NUM(right_acl) * sizeof(AclItem));
 
    return result_acl;
}

References ACL_DAT, ACL_NUM, and allocacl().

Referenced by ExecGrant_Attribute().

◆ aclcopy()

Acl * aclcopy ( const Acl * orig_acl )

Definition at line 441 of file acl.c.

{
    Acl        *result_acl;
 
    result_acl = allocacl(ACL_NUM(orig_acl));
 
    memcpy(ACL_DAT(result_acl),
           ACL_DAT(orig_acl),
           ACL_NUM(orig_acl) * sizeof(AclItem));
 
    return result_acl;
}

References ACL_DAT, ACL_NUM, and allocacl().

Referenced by aclmerge(), ExecGrant_Relation(), and SetDefaultACL().

◆ acldefault()

Acl * acldefault	(	ObjectType	objtype,
		Oid	ownerId
	)

Definition at line 787 of file acl.c.

{
    AclMode     world_default;
    AclMode     owner_default;
    int         nacl;
    Acl        *acl;
    AclItem    *aip;
 
    switch (objtype)
    {
        case OBJECT_COLUMN:
            /* by default, columns have no extra privileges */
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_NO_RIGHTS;
            break;
        case OBJECT_TABLE:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_RELATION;
            break;
        case OBJECT_SEQUENCE:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_SEQUENCE;
            break;
        case OBJECT_DATABASE:
            /* for backwards compatibility, grant some rights by default */
            world_default = ACL_CREATE_TEMP | ACL_CONNECT;
            owner_default = ACL_ALL_RIGHTS_DATABASE;
            break;
        case OBJECT_FUNCTION:
            /* Grant EXECUTE by default, for now */
            world_default = ACL_EXECUTE;
            owner_default = ACL_ALL_RIGHTS_FUNCTION;
            break;
        case OBJECT_LANGUAGE:
            /* Grant USAGE by default, for now */
            world_default = ACL_USAGE;
            owner_default = ACL_ALL_RIGHTS_LANGUAGE;
            break;
        case OBJECT_LARGEOBJECT:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_LARGEOBJECT;
            break;
        case OBJECT_SCHEMA:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_SCHEMA;
            break;
        case OBJECT_TABLESPACE:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_TABLESPACE;
            break;
        case OBJECT_FDW:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_FDW;
            break;
        case OBJECT_FOREIGN_SERVER:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_FOREIGN_SERVER;
            break;
        case OBJECT_DOMAIN:
        case OBJECT_TYPE:
            world_default = ACL_USAGE;
            owner_default = ACL_ALL_RIGHTS_TYPE;
            break;
        case OBJECT_PARAMETER_ACL:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_PARAMETER_ACL;
            break;
        default:
            elog(ERROR, "unrecognized object type: %d", (int) objtype);
            world_default = ACL_NO_RIGHTS;  /* keep compiler quiet */
            owner_default = ACL_NO_RIGHTS;
            break;
    }
 
    nacl = 0;
    if (world_default != ACL_NO_RIGHTS)
        nacl++;
    if (owner_default != ACL_NO_RIGHTS)
        nacl++;
 
    acl = allocacl(nacl);
    aip = ACL_DAT(acl);
 
    if (world_default != ACL_NO_RIGHTS)
    {
        aip->ai_grantee = ACL_ID_PUBLIC;
        aip->ai_grantor = ownerId;
        ACLITEM_SET_PRIVS_GOPTIONS(*aip, world_default, ACL_NO_RIGHTS);
        aip++;
    }
 
    /*
     * Note that the owner's entry shows all ordinary privileges but no grant
     * options.  This is because his grant options come "from the system" and
     * not from his own efforts.  (The SQL spec says that the owner's rights
     * come from a "_SYSTEM" authid.)  However, we do consider that the
     * owner's ordinary privileges are self-granted; this lets him revoke
     * them.  We implement the owner's grant options without any explicit
     * "_SYSTEM"-like ACL entry, by internally special-casing the owner
     * wherever we are testing grant options.
     */
    if (owner_default != ACL_NO_RIGHTS)
    {
        aip->ai_grantee = ownerId;
        aip->ai_grantor = ownerId;
        ACLITEM_SET_PRIVS_GOPTIONS(*aip, owner_default, ACL_NO_RIGHTS);
    }
 
    return acl;
}

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_LARGEOBJECT, ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, ACL_CONNECT, ACL_CREATE_TEMP, ACL_DAT, ACL_EXECUTE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, ACL_USAGE, ACLITEM_SET_PRIVS_GOPTIONS, AclItem::ai_grantee, AclItem::ai_grantor, allocacl(), elog, ERROR, OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, and OBJECT_TYPE.

Referenced by acldefault_sql(), buildDefaultACLCommands(), dumpACL(), dumpRoleGUCPrivs(), dumpTable(), dumpTablespaces(), ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), get_user_default_acl(), object_aclmask_ext(), pg_class_aclmask_ext(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask_ext(), pg_parameter_acl_aclmask(), pg_parameter_aclmask(), pg_type_aclmask_ext(), and SetDefaultACL().

◆ aclequal()

bool aclequal	(	const Acl *	left_acl,
		const Acl *	right_acl
	)

Definition at line 543 of file acl.c.

{
    /* Check for cases where one or both are empty/null */
    if (left_acl == NULL || ACL_NUM(left_acl) == 0)
    {
        if (right_acl == NULL || ACL_NUM(right_acl) == 0)
            return true;
        else
            return false;
    }
    else
    {
        if (right_acl == NULL || ACL_NUM(right_acl) == 0)
            return false;
    }
 
    if (ACL_NUM(left_acl) != ACL_NUM(right_acl))
        return false;
 
    if (memcmp(ACL_DAT(left_acl),
               ACL_DAT(right_acl),
               ACL_NUM(left_acl) * sizeof(AclItem)) == 0)
        return true;
 
    return false;
}

References ACL_DAT, and ACL_NUM.

Referenced by ExecGrant_Parameter(), get_user_default_acl(), and SetDefaultACL().

◆ aclitemsort()

void aclitemsort ( Acl * acl )

Definition at line 529 of file acl.c.

{
    if (acl != NULL && ACL_NUM(acl) > 1)
        qsort(ACL_DAT(acl), ACL_NUM(acl), sizeof(AclItem), aclitemComparator);
}

References ACL_DAT, ACL_NUM, aclitemComparator(), and qsort.

Referenced by get_user_default_acl(), and SetDefaultACL().

◆ aclmask()

AclMode aclmask	(	const Acl *	acl,
		Oid	roleid,
		Oid	ownerId,
		AclMode	mask,
		AclMaskHow	how
	)

Definition at line 1372 of file acl.c.

{
    AclMode     result;
    AclMode     remaining;
    AclItem    *aidat;
    int         i,
                num;
 
    /*
     * Null ACL should not happen, since caller should have inserted
     * appropriate default
     */
    if (acl == NULL)
        elog(ERROR, "null ACL");
 
    check_acl(acl);
 
    /* Quick exit for mask == 0 */
    if (mask == 0)
        return 0;
 
    result = 0;
 
    /* Owner always implicitly has all grant options */
    if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
        has_privs_of_role(roleid, ownerId))
    {
        result = mask & ACLITEM_ALL_GOPTION_BITS;
        if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
            return result;
    }
 
    num = ACL_NUM(acl);
    aidat = ACL_DAT(acl);
 
    /*
     * Check privileges granted directly to roleid or to public
     */
    for (i = 0; i < num; i++)
    {
        AclItem    *aidata = &aidat[i];
 
        if (aidata->ai_grantee == ACL_ID_PUBLIC ||
            aidata->ai_grantee == roleid)
        {
            result |= aidata->ai_privs & mask;
            if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
                return result;
        }
    }
 
    /*
     * Check privileges granted indirectly via role memberships. We do this in
     * a separate pass to minimize expensive indirect membership tests.  In
     * particular, it's worth testing whether a given ACL entry grants any
     * privileges still of interest before we perform the has_privs_of_role
     * test.
     */
    remaining = mask & ~result;
    for (i = 0; i < num; i++)
    {
        AclItem    *aidata = &aidat[i];
 
        if (aidata->ai_grantee == ACL_ID_PUBLIC ||
            aidata->ai_grantee == roleid)
            continue;           /* already checked it */
 
        if ((aidata->ai_privs & remaining) &&
            has_privs_of_role(roleid, aidata->ai_grantee))
        {
            result |= aidata->ai_privs & mask;
            if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
                return result;
            remaining = mask & ~result;
        }
    }
 
    return result;
}

References ACL_DAT, ACL_ID_PUBLIC, ACL_NUM, ACLITEM_ALL_GOPTION_BITS, ACLMASK_ALL, AclItem::ai_grantee, AclItem::ai_privs, check_acl(), elog, ERROR, has_privs_of_role(), i, and remaining.

Referenced by check_circularity(), LockTableAclCheck(), object_aclmask_ext(), pg_attribute_aclcheck_all_ext(), pg_attribute_aclmask_ext(), pg_class_aclmask_ext(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask_ext(), pg_parameter_acl_aclmask(), pg_parameter_aclmask(), pg_type_aclmask_ext(), and recursive_revoke().

◆ aclmembers()

int aclmembers	(	const Acl *	acl,
		Oid **	roleids
	)

Definition at line 1524 of file acl.c.

{
    Oid        *list;
    const AclItem *acldat;
    int         i,
                j;
 
    if (acl == NULL || ACL_NUM(acl) == 0)
    {
        *roleids = NULL;
        return 0;
    }
 
    check_acl(acl);
 
    /* Allocate the worst-case space requirement */
    list = palloc(ACL_NUM(acl) * 2 * sizeof(Oid));
    acldat = ACL_DAT(acl);
 
    /*
     * Walk the ACL collecting mentioned RoleIds.
     */
    j = 0;
    for (i = 0; i < ACL_NUM(acl); i++)
    {
        const AclItem *ai = &acldat[i];
 
        if (ai->ai_grantee != ACL_ID_PUBLIC)
            list[j++] = ai->ai_grantee;
        /* grantor is currently never PUBLIC, but let's check anyway */
        if (ai->ai_grantor != ACL_ID_PUBLIC)
            list[j++] = ai->ai_grantor;
    }
 
    /* Sort the array */
    qsort(list, j, sizeof(Oid), oid_cmp);
 
    /*
     * We could repalloc the array down to minimum size, but it's hardly worth
     * it since it's only transient memory.
     */
    *roleids = list;
 
    /* Remove duplicates from the array */
    return qunique(list, j, sizeof(Oid), oid_cmp);
}

References ACL_DAT, ACL_ID_PUBLIC, ACL_NUM, AclItem::ai_grantee, AclItem::ai_grantor, check_acl(), i, j, sort-test::list, oid_cmp(), palloc(), qsort, and qunique().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), recordDependencyOnNewAcl(), recordExtensionInitPrivWorker(), RemoveRoleFromInitPriv(), ReplaceRoleInInitPriv(), and SetDefaultACL().

◆ aclmerge()

Acl * aclmerge	(	const Acl *	left_acl,
		const Acl *	right_acl,
		Oid	ownerId
	)

Definition at line 485 of file acl.c.

{
    Acl        *result_acl;
    AclItem    *aip;
    int         i,
                num;
 
    /* Check for cases where one or both are empty/null */
    if (left_acl == NULL || ACL_NUM(left_acl) == 0)
    {
        if (right_acl == NULL || ACL_NUM(right_acl) == 0)
            return NULL;
        else
            return aclcopy(right_acl);
    }
    else
    {
        if (right_acl == NULL || ACL_NUM(right_acl) == 0)
            return aclcopy(left_acl);
    }
 
    /* Merge them the hard way, one item at a time */
    result_acl = aclcopy(left_acl);
 
    aip = ACL_DAT(right_acl);
    num = ACL_NUM(right_acl);
 
    for (i = 0; i < num; i++, aip++)
    {
        Acl        *tmp_acl;
 
        tmp_acl = aclupdate(result_acl, aip, ACL_MODECHG_ADD,
                            ownerId, DROP_RESTRICT);
        pfree(result_acl);
        result_acl = tmp_acl;
    }
 
    return result_acl;
}

References ACL_DAT, ACL_MODECHG_ADD, ACL_NUM, aclcopy(), aclupdate(), DROP_RESTRICT, i, and pfree().

Referenced by get_user_default_acl().

◆ aclnewowner()

Acl * aclnewowner	(	const Acl *	old_acl,
		Oid	oldOwnerId,
		Oid	newOwnerId
	)

Definition at line 1103 of file acl.c.

{
    Acl        *new_acl;
    AclItem    *new_aip;
    AclItem    *old_aip;
    AclItem    *dst_aip;
    AclItem    *src_aip;
    AclItem    *targ_aip;
    bool        newpresent = false;
    int         dst,
                src,
                targ,
                num;
 
    check_acl(old_acl);
 
    /*
     * Make a copy of the given ACL, substituting new owner ID for old
     * wherever it appears as either grantor or grantee.  Also note if the new
     * owner ID is already present.
     */
    num = ACL_NUM(old_acl);
    old_aip = ACL_DAT(old_acl);
    new_acl = allocacl(num);
    new_aip = ACL_DAT(new_acl);
    memcpy(new_aip, old_aip, num * sizeof(AclItem));
    for (dst = 0, dst_aip = new_aip; dst < num; dst++, dst_aip++)
    {
        if (dst_aip->ai_grantor == oldOwnerId)
            dst_aip->ai_grantor = newOwnerId;
        else if (dst_aip->ai_grantor == newOwnerId)
            newpresent = true;
        if (dst_aip->ai_grantee == oldOwnerId)
            dst_aip->ai_grantee = newOwnerId;
        else if (dst_aip->ai_grantee == newOwnerId)
            newpresent = true;
    }
 
    /*
     * If the old ACL contained any references to the new owner, then we may
     * now have generated an ACL containing duplicate entries.  Find them and
     * merge them so that there are not duplicates.  (This is relatively
     * expensive since we use a stupid O(N^2) algorithm, but it's unlikely to
     * be the normal case.)
     *
     * To simplify deletion of duplicate entries, we temporarily leave them in
     * the array but set their privilege masks to zero; when we reach such an
     * entry it's just skipped.  (Thus, a side effect of this code will be to
     * remove privilege-free entries, should there be any in the input.)  dst
     * is the next output slot, targ is the currently considered input slot
     * (always >= dst), and src scans entries to the right of targ looking for
     * duplicates.  Once an entry has been emitted to dst it is known
     * duplicate-free and need not be considered anymore.
     */
    if (newpresent)
    {
        dst = 0;
        for (targ = 0, targ_aip = new_aip; targ < num; targ++, targ_aip++)
        {
            /* ignore if deleted in an earlier pass */
            if (ACLITEM_GET_RIGHTS(*targ_aip) == ACL_NO_RIGHTS)
                continue;
            /* find and merge any duplicates */
            for (src = targ + 1, src_aip = targ_aip + 1; src < num;
                 src++, src_aip++)
            {
                if (ACLITEM_GET_RIGHTS(*src_aip) == ACL_NO_RIGHTS)
                    continue;
                if (aclitem_match(targ_aip, src_aip))
                {
                    ACLITEM_SET_RIGHTS(*targ_aip,
                                       ACLITEM_GET_RIGHTS(*targ_aip) |
                                       ACLITEM_GET_RIGHTS(*src_aip));
                    /* mark the duplicate deleted */
                    ACLITEM_SET_RIGHTS(*src_aip, ACL_NO_RIGHTS);
                }
            }
            /* and emit to output */
            new_aip[dst] = *targ_aip;
            dst++;
        }
        /* Adjust array size to be 'dst' items */
        ARR_DIMS(new_acl)[0] = dst;
        SET_VARSIZE(new_acl, ACL_N_SIZE(dst));
    }
 
    return new_acl;
}

References ACL_DAT, ACL_N_SIZE, ACL_NO_RIGHTS, ACL_NUM, ACLITEM_GET_RIGHTS, aclitem_match(), ACLITEM_SET_RIGHTS, AclItem::ai_grantee, AclItem::ai_grantor, allocacl(), ARR_DIMS, check_acl(), and SET_VARSIZE.

Referenced by AlterDatabaseOwner(), AlterForeignDataWrapperOwner_internal(), AlterForeignServerOwner_internal(), AlterObjectOwner_internal(), AlterSchemaOwner_internal(), AlterTypeOwnerInternal(), ATExecChangeOwner(), change_owner_fix_column_acls(), and ReplaceRoleInInitPriv().

◆ aclupdate()

Acl * aclupdate	(	const Acl *	old_acl,
		const AclItem *	mod_aip,
		int	modechg,
		Oid	ownerId,
		DropBehavior	behavior
	)

Definition at line 976 of file acl.c.

{
    Acl        *new_acl = NULL;
    AclItem    *old_aip,
               *new_aip = NULL;
    AclMode     old_rights,
                old_goptions,
                new_rights,
                new_goptions;
    int         dst,
                num;
 
    /* Caller probably already checked old_acl, but be safe */
    check_acl(old_acl);
 
    /* If granting grant options, check for circularity */
    if (modechg != ACL_MODECHG_DEL &&
        ACLITEM_GET_GOPTIONS(*mod_aip) != ACL_NO_RIGHTS)
        check_circularity(old_acl, mod_aip, ownerId);
 
    num = ACL_NUM(old_acl);
    old_aip = ACL_DAT(old_acl);
 
    /*
     * Search the ACL for an existing entry for this grantee and grantor. If
     * one exists, just modify the entry in-place (well, in the same position,
     * since we actually return a copy); otherwise, insert the new entry at
     * the end.
     */
 
    for (dst = 0; dst < num; ++dst)
    {
        if (aclitem_match(mod_aip, old_aip + dst))
        {
            /* found a match, so modify existing item */
            new_acl = allocacl(num);
            new_aip = ACL_DAT(new_acl);
            memcpy(new_acl, old_acl, ACL_SIZE(old_acl));
            break;
        }
    }
 
    if (dst == num)
    {
        /* need to append a new item */
        new_acl = allocacl(num + 1);
        new_aip = ACL_DAT(new_acl);
        memcpy(new_aip, old_aip, num * sizeof(AclItem));
 
        /* initialize the new entry with no permissions */
        new_aip[dst].ai_grantee = mod_aip->ai_grantee;
        new_aip[dst].ai_grantor = mod_aip->ai_grantor;
        ACLITEM_SET_PRIVS_GOPTIONS(new_aip[dst],
                                   ACL_NO_RIGHTS, ACL_NO_RIGHTS);
        num++;                  /* set num to the size of new_acl */
    }
 
    old_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
    old_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
 
    /* apply the specified permissions change */
    switch (modechg)
    {
        case ACL_MODECHG_ADD:
            ACLITEM_SET_RIGHTS(new_aip[dst],
                               old_rights | ACLITEM_GET_RIGHTS(*mod_aip));
            break;
        case ACL_MODECHG_DEL:
            ACLITEM_SET_RIGHTS(new_aip[dst],
                               old_rights & ~ACLITEM_GET_RIGHTS(*mod_aip));
            break;
        case ACL_MODECHG_EQL:
            ACLITEM_SET_RIGHTS(new_aip[dst],
                               ACLITEM_GET_RIGHTS(*mod_aip));
            break;
    }
 
    new_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
    new_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
 
    /*
     * If the adjusted entry has no permissions, delete it from the list.
     */
    if (new_rights == ACL_NO_RIGHTS)
    {
        memmove(new_aip + dst,
                new_aip + dst + 1,
                (num - dst - 1) * sizeof(AclItem));
        /* Adjust array size to be 'num - 1' items */
        ARR_DIMS(new_acl)[0] = num - 1;
        SET_VARSIZE(new_acl, ACL_N_SIZE(num - 1));
    }
 
    /*
     * Remove abandoned privileges (cascading revoke).  Currently we can only
     * handle this when the grantee is not PUBLIC.
     */
    if ((old_goptions & ~new_goptions) != 0)
    {
        Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
        new_acl = recursive_revoke(new_acl, mod_aip->ai_grantee,
                                   (old_goptions & ~new_goptions),
                                   ownerId, behavior);
    }
 
    return new_acl;
}

References ACL_DAT, ACL_ID_PUBLIC, ACL_MODECHG_ADD, ACL_MODECHG_DEL, ACL_MODECHG_EQL, ACL_N_SIZE, ACL_NO_RIGHTS, ACL_NUM, ACL_SIZE, ACLITEM_GET_GOPTIONS, ACLITEM_GET_RIGHTS, aclitem_match(), ACLITEM_SET_PRIVS_GOPTIONS, ACLITEM_SET_RIGHTS, AclItem::ai_grantee, AclItem::ai_grantor, allocacl(), ARR_DIMS, Assert(), check_acl(), check_circularity(), recursive_revoke(), and SET_VARSIZE.

Referenced by aclmerge(), check_circularity(), merge_acl_with_grant(), and recursive_revoke().

◆ check_can_set_role()

void check_can_set_role	(	Oid	member,
		Oid	role
	)

Definition at line 5325 of file acl.c.

{
    if (!member_can_set_role(member, role))
        ereport(ERROR,
                (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                 errmsg("must be able to SET ROLE \"%s\"",
                        GetUserNameFromId(role, false))));
}

References ereport, errcode(), errmsg(), ERROR, GetUserNameFromId(), and member_can_set_role().

Referenced by AlterDatabaseOwner(), AlterForeignServerOwner_internal(), AlterObjectOwner_internal(), AlterPublicationOwner_internal(), AlterSchemaOwner_internal(), AlterSubscriptionOwner_internal(), AlterTypeOwner(), ATExecChangeOwner(), createdb(), and CreateSchemaCommand().

◆ check_rolespec_name()

void check_rolespec_name	(	const RoleSpec *	role,
		const char *	detail_msg
	)

Definition at line 5677 of file acl.c.

{
    if (!role)
        return;
 
    if (role->roletype != ROLESPEC_CSTRING)
        return;
 
    if (IsReservedName(role->rolename))
    {
        if (detail_msg)
            ereport(ERROR,
                    (errcode(ERRCODE_RESERVED_NAME),
                     errmsg("role name \"%s\" is reserved",
                            role->rolename),
                     errdetail_internal("%s", detail_msg)));
        else
            ereport(ERROR,
                    (errcode(ERRCODE_RESERVED_NAME),
                     errmsg("role name \"%s\" is reserved",
                            role->rolename)));
    }
}

References ereport, errcode(), errdetail_internal(), errmsg(), ERROR, IsReservedName(), RoleSpec::rolename, ROLESPEC_CSTRING, and RoleSpec::roletype.

Referenced by AlterRole(), and AlterRoleSet().

◆ ExecAlterDefaultPrivilegesStmt()

void ExecAlterDefaultPrivilegesStmt	(	ParseState *	pstate,
		AlterDefaultPrivilegesStmt *	stmt
	)

Definition at line 903 of file aclchk.c.

{
    GrantStmt  *action = stmt->action;
    InternalDefaultACL iacls;
    ListCell   *cell;
    List       *rolespecs = NIL;
    List       *nspnames = NIL;
    DefElem    *drolespecs = NULL;
    DefElem    *dnspnames = NULL;
    AclMode     all_privileges;
    const char *errormsg;
 
    /* Deconstruct the "options" part of the statement */
    foreach(cell, stmt->options)
    {
        DefElem    *defel = (DefElem *) lfirst(cell);
 
        if (strcmp(defel->defname, "schemas") == 0)
        {
            if (dnspnames)
                errorConflictingDefElem(defel, pstate);
            dnspnames = defel;
        }
        else if (strcmp(defel->defname, "roles") == 0)
        {
            if (drolespecs)
                errorConflictingDefElem(defel, pstate);
            drolespecs = defel;
        }
        else
            elog(ERROR, "option \"%s\" not recognized", defel->defname);
    }
 
    if (dnspnames)
        nspnames = (List *) dnspnames->arg;
    if (drolespecs)
        rolespecs = (List *) drolespecs->arg;
 
    /* Prepare the InternalDefaultACL representation of the statement */
    /* roleid to be filled below */
    /* nspid to be filled in SetDefaultACLsInSchemas */
    iacls.is_grant = action->is_grant;
    iacls.objtype = action->objtype;
    /* all_privs to be filled below */
    /* privileges to be filled below */
    iacls.grantees = NIL;       /* filled below */
    iacls.grant_option = action->grant_option;
    iacls.behavior = action->behavior;
 
    /*
     * Convert the RoleSpec list into an Oid list.  Note that at this point we
     * insert an ACL_ID_PUBLIC into the list if appropriate, so downstream
     * there shouldn't be any additional work needed to support this case.
     */
    foreach(cell, action->grantees)
    {
        RoleSpec   *grantee = (RoleSpec *) lfirst(cell);
        Oid         grantee_uid;
 
        switch (grantee->roletype)
        {
            case ROLESPEC_PUBLIC:
                grantee_uid = ACL_ID_PUBLIC;
                break;
            default:
                grantee_uid = get_rolespec_oid(grantee, false);
                break;
        }
        iacls.grantees = lappend_oid(iacls.grantees, grantee_uid);
    }
 
    /*
     * Convert action->privileges, a list of privilege strings, into an
     * AclMode bitmask.
     */
    switch (action->objtype)
    {
        case OBJECT_TABLE:
            all_privileges = ACL_ALL_RIGHTS_RELATION;
            errormsg = gettext_noop("invalid privilege type %s for relation");
            break;
        case OBJECT_SEQUENCE:
            all_privileges = ACL_ALL_RIGHTS_SEQUENCE;
            errormsg = gettext_noop("invalid privilege type %s for sequence");
            break;
        case OBJECT_FUNCTION:
            all_privileges = ACL_ALL_RIGHTS_FUNCTION;
            errormsg = gettext_noop("invalid privilege type %s for function");
            break;
        case OBJECT_PROCEDURE:
            all_privileges = ACL_ALL_RIGHTS_FUNCTION;
            errormsg = gettext_noop("invalid privilege type %s for procedure");
            break;
        case OBJECT_ROUTINE:
            all_privileges = ACL_ALL_RIGHTS_FUNCTION;
            errormsg = gettext_noop("invalid privilege type %s for routine");
            break;
        case OBJECT_TYPE:
            all_privileges = ACL_ALL_RIGHTS_TYPE;
            errormsg = gettext_noop("invalid privilege type %s for type");
            break;
        case OBJECT_SCHEMA:
            all_privileges = ACL_ALL_RIGHTS_SCHEMA;
            errormsg = gettext_noop("invalid privilege type %s for schema");
            break;
        case OBJECT_LARGEOBJECT:
            all_privileges = ACL_ALL_RIGHTS_LARGEOBJECT;
            errormsg = gettext_noop("invalid privilege type %s for large object");
            break;
        default:
            elog(ERROR, "unrecognized GrantStmt.objtype: %d",
                 (int) action->objtype);
            /* keep compiler quiet */
            all_privileges = ACL_NO_RIGHTS;
            errormsg = NULL;
    }
 
    if (action->privileges == NIL)
    {
        iacls.all_privs = true;
 
        /*
         * will be turned into ACL_ALL_RIGHTS_* by the internal routines
         * depending on the object type
         */
        iacls.privileges = ACL_NO_RIGHTS;
    }
    else
    {
        iacls.all_privs = false;
        iacls.privileges = ACL_NO_RIGHTS;
 
        foreach(cell, action->privileges)
        {
            AccessPriv *privnode = (AccessPriv *) lfirst(cell);
            AclMode     priv;
 
            if (privnode->cols)
                ereport(ERROR,
                        (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                         errmsg("default privileges cannot be set for columns")));
 
            if (privnode->priv_name == NULL)    /* parser mistake? */
                elog(ERROR, "AccessPriv node must specify privilege");
            priv = string_to_privilege(privnode->priv_name);
 
            if (priv & ~((AclMode) all_privileges))
                ereport(ERROR,
                        (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                         errmsg(errormsg, privilege_to_string(priv))));
 
            iacls.privileges |= priv;
        }
    }
 
    if (rolespecs == NIL)
    {
        /* Set permissions for myself */
        iacls.roleid = GetUserId();
 
        SetDefaultACLsInSchemas(&iacls, nspnames);
    }
    else
    {
        /* Look up the role OIDs and do permissions checks */
        ListCell   *rolecell;
 
        foreach(rolecell, rolespecs)
        {
            RoleSpec   *rolespec = lfirst(rolecell);
 
            iacls.roleid = get_rolespec_oid(rolespec, false);
 
            if (!has_privs_of_role(GetUserId(), iacls.roleid))
                ereport(ERROR,
                        (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                         errmsg("permission denied to change default privileges")));
 
            SetDefaultACLsInSchemas(&iacls, nspnames);
        }
    }
}

Referenced by ProcessUtilitySlow().

◆ ExecuteGrantStmt()

void ExecuteGrantStmt ( GrantStmt * stmt )

Definition at line 392 of file aclchk.c.

{
    InternalGrant istmt;
    ListCell   *cell;
    const char *errormsg;
    AclMode     all_privileges;
 
    if (stmt->grantor)
    {
        Oid         grantor;
 
        grantor = get_rolespec_oid(stmt->grantor, false);
 
        /*
         * Currently, this clause is only for SQL compatibility, not very
         * interesting otherwise.
         */
        if (grantor != GetUserId())
            ereport(ERROR,
                    (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
                     errmsg("grantor must be current user")));
    }
 
    /*
     * Turn the regular GrantStmt into the InternalGrant form.
     */
    istmt.is_grant = stmt->is_grant;
    istmt.objtype = stmt->objtype;
 
    /* Collect the OIDs of the target objects */
    switch (stmt->targtype)
    {
        case ACL_TARGET_OBJECT:
            istmt.objects = objectNamesToOids(stmt->objtype, stmt->objects,
                                              stmt->is_grant);
            break;
        case ACL_TARGET_ALL_IN_SCHEMA:
            istmt.objects = objectsInSchemaToOids(stmt->objtype, stmt->objects);
            break;
            /* ACL_TARGET_DEFAULTS should not be seen here */
        default:
            elog(ERROR, "unrecognized GrantStmt.targtype: %d",
                 (int) stmt->targtype);
    }
 
    /* all_privs to be filled below */
    /* privileges to be filled below */
    istmt.col_privs = NIL;      /* may get filled below */
    istmt.grantees = NIL;       /* filled below */
    istmt.grant_option = stmt->grant_option;
    istmt.behavior = stmt->behavior;
 
    /*
     * Convert the RoleSpec list into an Oid list.  Note that at this point we
     * insert an ACL_ID_PUBLIC into the list if appropriate, so downstream
     * there shouldn't be any additional work needed to support this case.
     */
    foreach(cell, stmt->grantees)
    {
        RoleSpec   *grantee = (RoleSpec *) lfirst(cell);
        Oid         grantee_uid;
 
        switch (grantee->roletype)
        {
            case ROLESPEC_PUBLIC:
                grantee_uid = ACL_ID_PUBLIC;
                break;
            default:
                grantee_uid = get_rolespec_oid(grantee, false);
                break;
        }
        istmt.grantees = lappend_oid(istmt.grantees, grantee_uid);
    }
 
    /*
     * Convert stmt->privileges, a list of AccessPriv nodes, into an AclMode
     * bitmask.  Note: objtype can't be OBJECT_COLUMN.
     */
    switch (stmt->objtype)
    {
        case OBJECT_TABLE:
 
            /*
             * Because this might be a sequence, we test both relation and
             * sequence bits, and later do a more limited test when we know
             * the object type.
             */
            all_privileges = ACL_ALL_RIGHTS_RELATION | ACL_ALL_RIGHTS_SEQUENCE;
            errormsg = gettext_noop("invalid privilege type %s for relation");
            break;
        case OBJECT_SEQUENCE:
            all_privileges = ACL_ALL_RIGHTS_SEQUENCE;
            errormsg = gettext_noop("invalid privilege type %s for sequence");
            break;
        case OBJECT_DATABASE:
            all_privileges = ACL_ALL_RIGHTS_DATABASE;
            errormsg = gettext_noop("invalid privilege type %s for database");
            break;
        case OBJECT_DOMAIN:
            all_privileges = ACL_ALL_RIGHTS_TYPE;
            errormsg = gettext_noop("invalid privilege type %s for domain");
            break;
        case OBJECT_FUNCTION:
            all_privileges = ACL_ALL_RIGHTS_FUNCTION;
            errormsg = gettext_noop("invalid privilege type %s for function");
            break;
        case OBJECT_LANGUAGE:
            all_privileges = ACL_ALL_RIGHTS_LANGUAGE;
            errormsg = gettext_noop("invalid privilege type %s for language");
            break;
        case OBJECT_LARGEOBJECT:
            all_privileges = ACL_ALL_RIGHTS_LARGEOBJECT;
            errormsg = gettext_noop("invalid privilege type %s for large object");
            break;
        case OBJECT_SCHEMA:
            all_privileges = ACL_ALL_RIGHTS_SCHEMA;
            errormsg = gettext_noop("invalid privilege type %s for schema");
            break;
        case OBJECT_PROCEDURE:
            all_privileges = ACL_ALL_RIGHTS_FUNCTION;
            errormsg = gettext_noop("invalid privilege type %s for procedure");
            break;
        case OBJECT_ROUTINE:
            all_privileges = ACL_ALL_RIGHTS_FUNCTION;
            errormsg = gettext_noop("invalid privilege type %s for routine");
            break;
        case OBJECT_TABLESPACE:
            all_privileges = ACL_ALL_RIGHTS_TABLESPACE;
            errormsg = gettext_noop("invalid privilege type %s for tablespace");
            break;
        case OBJECT_TYPE:
            all_privileges = ACL_ALL_RIGHTS_TYPE;
            errormsg = gettext_noop("invalid privilege type %s for type");
            break;
        case OBJECT_FDW:
            all_privileges = ACL_ALL_RIGHTS_FDW;
            errormsg = gettext_noop("invalid privilege type %s for foreign-data wrapper");
            break;
        case OBJECT_FOREIGN_SERVER:
            all_privileges = ACL_ALL_RIGHTS_FOREIGN_SERVER;
            errormsg = gettext_noop("invalid privilege type %s for foreign server");
            break;
        case OBJECT_PARAMETER_ACL:
            all_privileges = ACL_ALL_RIGHTS_PARAMETER_ACL;
            errormsg = gettext_noop("invalid privilege type %s for parameter");
            break;
        default:
            elog(ERROR, "unrecognized GrantStmt.objtype: %d",
                 (int) stmt->objtype);
            /* keep compiler quiet */
            all_privileges = ACL_NO_RIGHTS;
            errormsg = NULL;
    }
 
    if (stmt->privileges == NIL)
    {
        istmt.all_privs = true;
 
        /*
         * will be turned into ACL_ALL_RIGHTS_* by the internal routines
         * depending on the object type
         */
        istmt.privileges = ACL_NO_RIGHTS;
    }
    else
    {
        istmt.all_privs = false;
        istmt.privileges = ACL_NO_RIGHTS;
 
        foreach(cell, stmt->privileges)
        {
            AccessPriv *privnode = (AccessPriv *) lfirst(cell);
            AclMode     priv;
 
            /*
             * If it's a column-level specification, we just set it aside in
             * col_privs for the moment; but insist it's for a relation.
             */
            if (privnode->cols)
            {
                if (stmt->objtype != OBJECT_TABLE)
                    ereport(ERROR,
                            (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                             errmsg("column privileges are only valid for relations")));
                istmt.col_privs = lappend(istmt.col_privs, privnode);
                continue;
            }
 
            if (privnode->priv_name == NULL)    /* parser mistake? */
                elog(ERROR, "AccessPriv node must specify privilege or columns");
            priv = string_to_privilege(privnode->priv_name);
 
            if (priv & ~((AclMode) all_privileges))
                ereport(ERROR,
                        (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                         errmsg(errormsg, privilege_to_string(priv))));
 
            istmt.privileges |= priv;
        }
    }
 
    ExecGrantStmt_oids(&istmt);
}

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_LARGEOBJECT, ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, ACL_TARGET_ALL_IN_SCHEMA, ACL_TARGET_OBJECT, InternalGrant::all_privs, InternalGrant::behavior, InternalGrant::col_privs, AccessPriv::cols, elog, ereport, errcode(), errmsg(), ERROR, ExecGrantStmt_oids(), get_rolespec_oid(), gettext_noop, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, InternalGrant::is_grant, lappend(), lappend_oid(), lfirst, NIL, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, objectNamesToOids(), InternalGrant::objects, objectsInSchemaToOids(), InternalGrant::objtype, AccessPriv::priv_name, privilege_to_string(), InternalGrant::privileges, ROLESPEC_PUBLIC, RoleSpec::roletype, stmt, and string_to_privilege().

Referenced by ProcessUtilitySlow(), and standard_ProcessUtility().

◆ get_role_oid()

Oid get_role_oid	(	const char *	rolname,
		bool	missing_ok
	)

Definition at line 5536 of file acl.c.

{
    Oid         oid;
 
    oid = GetSysCacheOid1(AUTHNAME, Anum_pg_authid_oid,
                          CStringGetDatum(rolname));
    if (!OidIsValid(oid) && !missing_ok)
        ereport(ERROR,
                (errcode(ERRCODE_UNDEFINED_OBJECT),
                 errmsg("role \"%s\" does not exist", rolname)));
    return oid;
}

References CStringGetDatum(), ereport, errcode(), errmsg(), ERROR, GetSysCacheOid1, OidIsValid, and rolname.

Referenced by aclparse(), check_hba(), check_ident_usermap(), createdb(), CreateRole(), get_object_address_unqualified(), get_role_oid_or_public(), get_rolespec_oid(), GrantRole(), is_member(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), pg_has_role_name_name(), regrolein(), shell_check_detail(), and worker_spi_launch().

◆ get_role_oid_or_public()

Oid get_role_oid_or_public ( const char * rolname )

Definition at line 5554 of file acl.c.

{
    if (strcmp(rolname, "public") == 0)
        return ACL_ID_PUBLIC;
 
    return get_role_oid(rolname, false);
}

References ACL_ID_PUBLIC, get_role_oid(), and rolname.

◆ get_rolespec_name()

char * get_rolespec_name ( const RoleSpec * role )

Definition at line 5655 of file acl.c.

{
    HeapTuple   tp;
    Form_pg_authid authForm;
    char       *rolename;
 
    tp = get_rolespec_tuple(role);
    authForm = (Form_pg_authid) GETSTRUCT(tp);
    rolename = pstrdup(NameStr(authForm->rolname));
    ReleaseSysCache(tp);
 
    return rolename;
}

References get_rolespec_tuple(), GETSTRUCT(), NameStr, pstrdup(), and ReleaseSysCache().

Referenced by AddRoleMems(), and DelRoleMems().

◆ get_rolespec_oid()

Oid get_rolespec_oid	(	const RoleSpec *	role,
		bool	missing_ok
	)

Definition at line 5570 of file acl.c.

{
    Oid         oid;
 
    switch (role->roletype)
    {
        case ROLESPEC_CSTRING:
            Assert(role->rolename);
            oid = get_role_oid(role->rolename, missing_ok);
            break;
 
        case ROLESPEC_CURRENT_ROLE:
        case ROLESPEC_CURRENT_USER:
            oid = GetUserId();
            break;
 
        case ROLESPEC_SESSION_USER:
            oid = GetSessionUserId();
            break;
 
        case ROLESPEC_PUBLIC:
            ereport(ERROR,
                    (errcode(ERRCODE_UNDEFINED_OBJECT),
                     errmsg("role \"%s\" does not exist", "public")));
            oid = InvalidOid;   /* make compiler happy */
            break;
 
        default:
            elog(ERROR, "unexpected role type %d", role->roletype);
    }
 
    return oid;
}

References Assert(), elog, ereport, errcode(), errmsg(), ERROR, get_role_oid(), GetSessionUserId(), GetUserId(), InvalidOid, RoleSpec::rolename, ROLESPEC_CSTRING, ROLESPEC_CURRENT_ROLE, ROLESPEC_CURRENT_USER, ROLESPEC_PUBLIC, ROLESPEC_SESSION_USER, and RoleSpec::roletype.

Referenced by AlterUserMapping(), ATExecCmd(), CreateSchemaCommand(), CreateTableSpace(), CreateUserMapping(), ExecAlterDefaultPrivilegesStmt(), ExecAlterOwnerStmt(), ExecuteGrantStmt(), GrantRole(), policy_role_list_to_array(), ReassignOwnedObjects(), RemoveUserMapping(), and roleSpecsToIds().

◆ get_rolespec_tuple()

HeapTuple get_rolespec_tuple ( const RoleSpec * role )

Definition at line 5609 of file acl.c.

{
    HeapTuple   tuple;
 
    switch (role->roletype)
    {
        case ROLESPEC_CSTRING:
            Assert(role->rolename);
            tuple = SearchSysCache1(AUTHNAME, CStringGetDatum(role->rolename));
            if (!HeapTupleIsValid(tuple))
                ereport(ERROR,
                        (errcode(ERRCODE_UNDEFINED_OBJECT),
                         errmsg("role \"%s\" does not exist", role->rolename)));
            break;
 
        case ROLESPEC_CURRENT_ROLE:
        case ROLESPEC_CURRENT_USER:
            tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(GetUserId()));
            if (!HeapTupleIsValid(tuple))
                elog(ERROR, "cache lookup failed for role %u", GetUserId());
            break;
 
        case ROLESPEC_SESSION_USER:
            tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(GetSessionUserId()));
            if (!HeapTupleIsValid(tuple))
                elog(ERROR, "cache lookup failed for role %u", GetSessionUserId());
            break;
 
        case ROLESPEC_PUBLIC:
            ereport(ERROR,
                    (errcode(ERRCODE_UNDEFINED_OBJECT),
                     errmsg("role \"%s\" does not exist", "public")));
            tuple = NULL;       /* make compiler happy */
            break;
 
        default:
            elog(ERROR, "unexpected role type %d", role->roletype);
    }
 
    return tuple;
}

References Assert(), CStringGetDatum(), elog, ereport, errcode(), errmsg(), ERROR, GetSessionUserId(), GetUserId(), HeapTupleIsValid, ObjectIdGetDatum(), RoleSpec::rolename, ROLESPEC_CSTRING, ROLESPEC_CURRENT_ROLE, ROLESPEC_CURRENT_USER, ROLESPEC_PUBLIC, ROLESPEC_SESSION_USER, RoleSpec::roletype, and SearchSysCache1().

Referenced by AlterRole(), AlterRoleSet(), CreateRole(), and get_rolespec_name().

◆ get_user_default_acl()

Acl * get_user_default_acl	(	ObjectType	objtype,
		Oid	ownerId,
		Oid	nsp_oid
	)

Definition at line 4232 of file aclchk.c.

{
    Acl        *result;
    Acl        *glob_acl;
    Acl        *schema_acl;
    Acl        *def_acl;
    char        defaclobjtype;
 
    /*
     * Use NULL during bootstrap, since pg_default_acl probably isn't there
     * yet.
     */
    if (IsBootstrapProcessingMode())
        return NULL;
 
    /* Check if object type is supported in pg_default_acl */
    switch (objtype)
    {
        case OBJECT_TABLE:
            defaclobjtype = DEFACLOBJ_RELATION;
            break;
 
        case OBJECT_SEQUENCE:
            defaclobjtype = DEFACLOBJ_SEQUENCE;
            break;
 
        case OBJECT_FUNCTION:
            defaclobjtype = DEFACLOBJ_FUNCTION;
            break;
 
        case OBJECT_TYPE:
            defaclobjtype = DEFACLOBJ_TYPE;
            break;
 
        case OBJECT_SCHEMA:
            defaclobjtype = DEFACLOBJ_NAMESPACE;
            break;
 
        case OBJECT_LARGEOBJECT:
            defaclobjtype = DEFACLOBJ_LARGEOBJECT;
            break;
 
        default:
            return NULL;
    }
 
    /* Look up the relevant pg_default_acl entries */
    glob_acl = get_default_acl_internal(ownerId, InvalidOid, defaclobjtype);
    schema_acl = get_default_acl_internal(ownerId, nsp_oid, defaclobjtype);
 
    /* Quick out if neither entry exists */
    if (glob_acl == NULL && schema_acl == NULL)
        return NULL;
 
    /* We need to know the hard-wired default value, too */
    def_acl = acldefault(objtype, ownerId);
 
    /* If there's no global entry, substitute the hard-wired default */
    if (glob_acl == NULL)
        glob_acl = def_acl;
 
    /* Merge in any per-schema privileges */
    result = aclmerge(glob_acl, schema_acl, ownerId);
 
    /*
     * For efficiency, we want to return NULL if the result equals default.
     * This requires sorting both arrays to get an accurate comparison.
     */
    aclitemsort(result);
    aclitemsort(def_acl);
    if (aclequal(result, def_acl))
        result = NULL;
 
    return result;
}

References acldefault(), aclequal(), aclitemsort(), aclmerge(), get_default_acl_internal(), InvalidOid, IsBootstrapProcessingMode, OBJECT_FUNCTION, OBJECT_LARGEOBJECT, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, and OBJECT_TYPE.

Referenced by heap_create_with_catalog(), LargeObjectCreate(), NamespaceCreate(), ProcedureCreate(), and TypeCreate().

◆ has_bypassrls_privilege()

bool has_bypassrls_privilege ( Oid roleid )

Definition at line 4173 of file aclchk.c.

{
    bool        result = false;
    HeapTuple   utup;
 
    /* Superusers bypass all permission checking. */
    if (superuser_arg(roleid))
        return true;
 
    utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
    if (HeapTupleIsValid(utup))
    {
        result = ((Form_pg_authid) GETSTRUCT(utup))->rolbypassrls;
        ReleaseSysCache(utup);
    }
    return result;
}

References GETSTRUCT(), HeapTupleIsValid, ObjectIdGetDatum(), ReleaseSysCache(), rolbypassrls, SearchSysCache1(), and superuser_arg().

Referenced by AlterRole(), check_enable_rls(), CreateRole(), and RI_Initial_Check().

◆ has_createrole_privilege()

bool has_createrole_privilege ( Oid roleid )

Definition at line 4154 of file aclchk.c.

{
    bool        result = false;
    HeapTuple   utup;
 
    /* Superusers bypass all permission checking. */
    if (superuser_arg(roleid))
        return true;
 
    utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
    if (HeapTupleIsValid(utup))
    {
        result = ((Form_pg_authid) GETSTRUCT(utup))->rolcreaterole;
        ReleaseSysCache(utup);
    }
    return result;
}

References GETSTRUCT(), HeapTupleIsValid, ObjectIdGetDatum(), ReleaseSysCache(), rolcreaterole, SearchSysCache1(), and superuser_arg().

Referenced by check_object_ownership(), CreateRole(), and have_createrole_privilege().

◆ has_privs_of_role()

bool has_privs_of_role	(	Oid	member,
		Oid	role
	)

Definition at line 5268 of file acl.c.

{
    /* Fast path for simple case */
    if (member == role)
        return true;
 
    /* Superusers have every privilege, so are part of every role */
    if (superuser_arg(member))
        return true;
 
    /*
     * Find all the roles that member has the privileges of, including
     * multi-level recursion, then see if target role is any one of them.
     */
    return list_member_oid(roles_is_member_of(member, ROLERECURSE_PRIVS,
                                              InvalidOid, NULL),
                           role);
}

References InvalidOid, list_member_oid(), ROLERECURSE_PRIVS, roles_is_member_of(), and superuser_arg().

Referenced by aclmask(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), bbsink_server_new(), calculate_database_size(), calculate_tablespace_size(), check_role_for_policy(), check_role_grantor(), ConfigOptionIsVisible(), convert_and_check_filename(), CreateSubscription(), DoCopy(), DropOwnedObjects(), ExecAlterDefaultPrivilegesStmt(), file_fdw_validator(), GetConfigOptionValues(), InitPostgres(), object_ownercheck(), pg_class_aclmask_ext(), pg_namespace_aclmask_ext(), pg_role_aclcheck(), pg_signal_backend(), pg_stat_get_wal_receiver(), pg_stat_get_wal_senders(), pg_stat_statements_internal(), pgrowlocks(), ReassignOwnedObjects(), ReindexMultipleTables(), shell_check_detail(), standard_ProcessUtility(), and TerminateOtherDBBackends().

◆ initialize_acl()

void initialize_acl ( void )

Definition at line 5024 of file acl.c.

{
    if (!IsBootstrapProcessingMode())
    {
        cached_db_hash =
            GetSysCacheHashValue1(DATABASEOID,
                                  ObjectIdGetDatum(MyDatabaseId));
 
        /*
         * In normal mode, set a callback on any syscache invalidation of rows
         * of pg_auth_members (for roles_is_member_of()) pg_database (for
         * roles_is_member_of())
         */
        CacheRegisterSyscacheCallback(AUTHMEMROLEMEM,
                                      RoleMembershipCacheCallback,
                                      (Datum) 0);
        CacheRegisterSyscacheCallback(AUTHOID,
                                      RoleMembershipCacheCallback,
                                      (Datum) 0);
        CacheRegisterSyscacheCallback(DATABASEOID,
                                      RoleMembershipCacheCallback,
                                      (Datum) 0);
    }
}

References cached_db_hash, CacheRegisterSyscacheCallback(), GetSysCacheHashValue1, IsBootstrapProcessingMode, MyDatabaseId, ObjectIdGetDatum(), and RoleMembershipCacheCallback().

Referenced by InitPostgres().

◆ is_admin_of_role()

bool is_admin_of_role	(	Oid	member,
		Oid	role
	)

Definition at line 5398 of file acl.c.

{
    Oid         admin_role;
 
    if (superuser_arg(member))
        return true;
 
    /* By policy, a role cannot have WITH ADMIN OPTION on itself. */
    if (member == role)
        return false;
 
    (void) roles_is_member_of(member, ROLERECURSE_MEMBERS, role, &admin_role);
    return OidIsValid(admin_role);
}

References OidIsValid, ROLERECURSE_MEMBERS, roles_is_member_of(), and superuser_arg().

Referenced by AlterRole(), AlterRoleSet(), check_object_ownership(), check_role_membership_authorization(), DropRole(), pg_role_aclcheck(), and RenameRole().

◆ is_member_of_role()

bool is_member_of_role	(	Oid	member,
		Oid	role
	)

Definition at line 5348 of file acl.c.

{
    /* Fast path for simple case */
    if (member == role)
        return true;
 
    /* Superusers have every privilege, so are part of every role */
    if (superuser_arg(member))
        return true;
 
    /*
     * Find all the roles that member is a member of, including multi-level
     * recursion, then see if target role is any one of them.
     */
    return list_member_oid(roles_is_member_of(member, ROLERECURSE_MEMBERS,
                                              InvalidOid, NULL),
                           role);
}

References InvalidOid, list_member_oid(), ROLERECURSE_MEMBERS, roles_is_member_of(), and superuser_arg().

Referenced by pg_role_aclcheck().

◆ is_member_of_role_nosuper()

bool is_member_of_role_nosuper	(	Oid	member,
		Oid	role
	)

Definition at line 5376 of file acl.c.

{
    /* Fast path for simple case */
    if (member == role)
        return true;
 
    /*
     * Find all the roles that member is a member of, including multi-level
     * recursion, then see if target role is any one of them.
     */
    return list_member_oid(roles_is_member_of(member, ROLERECURSE_MEMBERS,
                                              InvalidOid, NULL),
                           role);
}

References InvalidOid, list_member_oid(), ROLERECURSE_MEMBERS, and roles_is_member_of().

Referenced by AddRoleMems(), and is_member().

◆ make_empty_acl()

Acl * make_empty_acl ( void )

Definition at line 432 of file acl.c.

{
    return allocacl(0);
}

References allocacl().

Referenced by SetDefaultACL().

◆ member_can_set_role()

bool member_can_set_role	(	Oid	member,
		Oid	role
	)

Definition at line 5302 of file acl.c.

{
    /* Fast path for simple case */
    if (member == role)
        return true;
 
    /* Superusers have every privilege, so can always SET ROLE */
    if (superuser_arg(member))
        return true;
 
    /*
     * Find all the roles that member can access via SET ROLE, including
     * multi-level recursion, then see if target role is any one of them.
     */
    return list_member_oid(roles_is_member_of(member, ROLERECURSE_SETROLE,
                                              InvalidOid, NULL),
                           role);
}

References InvalidOid, list_member_oid(), ROLERECURSE_SETROLE, roles_is_member_of(), and superuser_arg().

Referenced by check_can_set_role(), check_role(), pg_role_aclcheck(), and SwitchToUntrustedUser().

◆ object_aclcheck()

AclResult object_aclcheck	(	Oid	classid,
		Oid	objectid,
		Oid	roleid,
		AclMode	mode
	)

Definition at line 3821 of file aclchk.c.

{
    return object_aclcheck_ext(classid, objectid, roleid, mode, NULL);
}

References mode, and object_aclcheck_ext().

◆ object_aclcheck_ext()

AclResult object_aclcheck_ext	(	Oid	classid,
		Oid	objectid,
		Oid	roleid,
		AclMode	mode,
		bool *	is_missing
	)

Definition at line 3831 of file aclchk.c.

{
    if (object_aclmask_ext(classid, objectid, roleid, mode, ACLMASK_ANY,
                           is_missing) != 0)
        return ACLCHECK_OK;
    else
        return ACLCHECK_NO_PRIV;
}

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, and object_aclmask_ext().

Referenced by has_database_privilege_id(), has_database_privilege_id_id(), has_database_privilege_name_id(), has_foreign_data_wrapper_privilege_id(), has_foreign_data_wrapper_privilege_id_id(), has_foreign_data_wrapper_privilege_name_id(), has_function_privilege_id(), has_function_privilege_id_id(), has_function_privilege_name_id(), has_language_privilege_id(), has_language_privilege_id_id(), has_language_privilege_name_id(), has_schema_privilege_id(), has_schema_privilege_id_id(), has_schema_privilege_name_id(), has_server_privilege_id(), has_server_privilege_id_id(), has_server_privilege_name_id(), has_tablespace_privilege_id(), has_tablespace_privilege_id_id(), has_tablespace_privilege_name_id(), has_type_privilege_id(), has_type_privilege_id_id(), has_type_privilege_name_id(), object_aclcheck(), and pg_namespace_aclmask_ext().

◆ object_ownercheck()

bool object_ownercheck	(	Oid	classid,
		Oid	objectid,
		Oid	roleid
	)

Definition at line 4075 of file aclchk.c.

{
    int         cacheid;
    Oid         ownerId;
 
    /* Superusers bypass all permission checking. */
    if (superuser_arg(roleid))
        return true;
 
    /* For large objects, the catalog to consult is pg_largeobject_metadata */
    if (classid == LargeObjectRelationId)
        classid = LargeObjectMetadataRelationId;
 
    cacheid = get_object_catcache_oid(classid);
    if (cacheid != -1)
    {
        /* we can get the object's tuple from the syscache */
        HeapTuple   tuple;
 
        tuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objectid));
        if (!HeapTupleIsValid(tuple))
            elog(ERROR, "cache lookup failed for %s %u",
                 get_object_class_descr(classid), objectid);
 
        ownerId = DatumGetObjectId(SysCacheGetAttrNotNull(cacheid,
                                                          tuple,
                                                          get_object_attnum_owner(classid)));
        ReleaseSysCache(tuple);
    }
    else
    {
        /* for catalogs without an appropriate syscache */
        Relation    rel;
        ScanKeyData entry[1];
        SysScanDesc scan;
        HeapTuple   tuple;
        bool        isnull;
 
        rel = table_open(classid, AccessShareLock);
 
        ScanKeyInit(&entry[0],
                    get_object_attnum_oid(classid),
                    BTEqualStrategyNumber, F_OIDEQ,
                    ObjectIdGetDatum(objectid));
 
        scan = systable_beginscan(rel,
                                  get_object_oid_index(classid), true,
                                  NULL, 1, entry);
 
        tuple = systable_getnext(scan);
        if (!HeapTupleIsValid(tuple))
            elog(ERROR, "could not find tuple for %s %u",
                 get_object_class_descr(classid), objectid);
 
        ownerId = DatumGetObjectId(heap_getattr(tuple,
                                                get_object_attnum_owner(classid),
                                                RelationGetDescr(rel),
                                                &isnull));
        Assert(!isnull);
 
        systable_endscan(scan);
        table_close(rel, AccessShareLock);
    }
 
    return has_privs_of_role(roleid, ownerId);
}

References AccessShareLock, Assert(), BTEqualStrategyNumber, DatumGetObjectId(), elog, ERROR, get_object_attnum_oid(), get_object_attnum_owner(), get_object_catcache_oid(), get_object_class_descr(), get_object_oid_index(), has_privs_of_role(), heap_getattr(), HeapTupleIsValid, ObjectIdGetDatum(), RelationGetDescr, ReleaseSysCache(), ScanKeyInit(), SearchSysCache1(), superuser_arg(), SysCacheGetAttrNotNull(), systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by AlterCollation(), AlterDatabase(), AlterDatabaseOwner(), AlterDatabaseRefreshColl(), AlterDatabaseSet(), AlterEventTrigger(), AlterEventTriggerOwner_internal(), AlterExtensionNamespace(), AlterForeignServer(), AlterForeignServerOwner_internal(), AlterFunction(), AlterOperator(), AlterOpFamilyAdd(), AlterPublication(), AlterPublicationOwner_internal(), AlterRoleSet(), AlterSchemaOwner_internal(), AlterStatistics(), AlterSubscription(), AlterSubscriptionOwner_internal(), AlterTableMoveAll(), AlterTableSpaceOptions(), AlterTSConfiguration(), AlterTSDictionary(), AlterType(), AlterTypeNamespace_oid(), AlterTypeOwner(), ATExecChangeOwner(), ATSimplePermissions(), be_lo_unlink(), brin_desummarize_range(), brin_summarize_range(), check_enable_rls(), check_object_ownership(), checkDomainOwner(), checkEnumOwner(), CreateCast(), createdb(), CreateProceduralLanguage(), CreateStatistics(), CreateTransform(), DefineOpClass(), DefineQueryRewrite(), DefineType(), dropdb(), DropSubscription(), DropTableSpace(), EnableDisableRule(), ExecAlterExtensionContentsStmt(), ExecAlterExtensionStmt(), ExecuteTruncateGuts(), gin_clean_pending_list(), heap_force_common(), MergeAttributes(), movedb(), OperatorCreate(), ProcedureCreate(), PublicationAddTables(), RangeVarCallbackForAlterRelation(), RangeVarCallbackForDropRelation(), RangeVarCallbackForPolicy(), RangeVarCallbackForRenameRule(), RangeVarCallbackForRenameTrigger(), RangeVarCallbackOwnsRelation(), RangeVarGetAndCheckCreationNamespace(), ReindexMultipleTables(), RemoveObjects(), renameatt_check(), RenameDatabase(), RenameSchema(), RenameTableSpace(), RenameType(), RI_Initial_Check(), stats_lock_check_privileges(), user_mapping_ddl_aclcheck(), vacuum_is_permitted_for_relation(), and ValidateOperatorReference().

◆ pg_attribute_aclcheck()

AclResult pg_attribute_aclcheck	(	Oid	table_oid,
		AttrNumber	attnum,
		Oid	roleid,
		AclMode	mode
	)

Definition at line 3853 of file aclchk.c.

{
    return pg_attribute_aclcheck_ext(table_oid, attnum, roleid, mode, NULL);
}

References attnum, mode, and pg_attribute_aclcheck_ext().

Referenced by BuildIndexValueDescription(), checkFkeyPermissions(), examine_simple_variable(), ExecBuildSlotPartitionKeyDescription(), ExecBuildSlotValueDescription(), ExecCheckOneRelPerms(), ExecCheckPermissionsModified(), ri_ReportViolation(), and statext_is_compatible_clause().

◆ pg_attribute_aclcheck_all()

AclResult pg_attribute_aclcheck_all	(	Oid	table_oid,
		Oid	roleid,
		AclMode	mode,
		AclMaskHow	how
	)

Definition at line 3895 of file aclchk.c.

{
    return pg_attribute_aclcheck_all_ext(table_oid, roleid, mode, how, NULL);
}

References mode, and pg_attribute_aclcheck_all_ext().

Referenced by ExecCheckOneRelPerms(), ExecCheckPermissionsModified(), has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_name(), and statext_is_compatible_clause().

◆ pg_attribute_aclcheck_all_ext()

AclResult pg_attribute_aclcheck_all_ext	(	Oid	table_oid,
		Oid	roleid,
		AclMode	mode,
		AclMaskHow	how,
		bool *	is_missing
	)

Definition at line 3906 of file aclchk.c.

{
    AclResult   result;
    HeapTuple   classTuple;
    Form_pg_class classForm;
    Oid         ownerId;
    AttrNumber  nattrs;
    AttrNumber  curr_att;
 
    /*
     * Must fetch pg_class row to get owner ID and number of attributes.
     */
    classTuple = SearchSysCache1(RELOID, ObjectIdGetDatum(table_oid));
    if (!HeapTupleIsValid(classTuple))
    {
        if (is_missing != NULL)
        {
            /* return "no privileges" instead of throwing an error */
            *is_missing = true;
            return ACLCHECK_NO_PRIV;
        }
        else
            ereport(ERROR,
                    (errcode(ERRCODE_UNDEFINED_TABLE),
                     errmsg("relation with OID %u does not exist",
                            table_oid)));
    }
    classForm = (Form_pg_class) GETSTRUCT(classTuple);
 
    ownerId = classForm->relowner;
    nattrs = classForm->relnatts;
 
    ReleaseSysCache(classTuple);
 
    /*
     * Initialize result in case there are no non-dropped columns.  We want to
     * report failure in such cases for either value of 'how'.
     */
    result = ACLCHECK_NO_PRIV;
 
    for (curr_att = 1; curr_att <= nattrs; curr_att++)
    {
        HeapTuple   attTuple;
        Datum       aclDatum;
        bool        isNull;
        Acl        *acl;
        AclMode     attmask;
 
        attTuple = SearchSysCache2(ATTNUM,
                                   ObjectIdGetDatum(table_oid),
                                   Int16GetDatum(curr_att));
 
        /*
         * Lookup failure probably indicates that the table was just dropped,
         * but we'll treat it the same as a dropped column rather than
         * throwing error.
         */
        if (!HeapTupleIsValid(attTuple))
            continue;
 
        /* ignore dropped columns */
        if (((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped)
        {
            ReleaseSysCache(attTuple);
            continue;
        }
 
        aclDatum = SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
                                   &isNull);
 
        /*
         * Here we hard-wire knowledge that the default ACL for a column
         * grants no privileges, so that we can fall out quickly in the very
         * common case where attacl is null.
         */
        if (isNull)
            attmask = 0;
        else
        {
            /* detoast column's ACL if necessary */
            acl = DatumGetAclP(aclDatum);
 
            attmask = aclmask(acl, roleid, ownerId, mode, ACLMASK_ANY);
 
            /* if we have a detoasted copy, free it */
            if ((Pointer) acl != DatumGetPointer(aclDatum))
                pfree(acl);
        }
 
        ReleaseSysCache(attTuple);
 
        if (attmask != 0)
        {
            result = ACLCHECK_OK;
            if (how == ACLMASK_ANY)
                break;          /* succeed on any success */
        }
        else
        {
            result = ACLCHECK_NO_PRIV;
            if (how == ACLMASK_ALL)
                break;          /* fail on any failure */
        }
    }
 
    return result;
}

References ACLCHECK_NO_PRIV, ACLCHECK_OK, aclmask(), ACLMASK_ALL, ACLMASK_ANY, DatumGetAclP, DatumGetPointer(), ereport, errcode(), ERRCODE_UNDEFINED_TABLE, errmsg(), ERROR, GETSTRUCT(), HeapTupleIsValid, Int16GetDatum(), mode, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), SearchSysCache2(), and SysCacheGetAttr().

Referenced by has_any_column_privilege_id(), has_any_column_privilege_id_id(), has_any_column_privilege_name_id(), and pg_attribute_aclcheck_all().

◆ pg_attribute_aclcheck_ext()

AclResult pg_attribute_aclcheck_ext	(	Oid	table_oid,
		AttrNumber	attnum,
		Oid	roleid,
		AclMode	mode,
		bool *	is_missing
	)

Definition at line 3865 of file aclchk.c.

{
    if (pg_attribute_aclmask_ext(table_oid, attnum, roleid, mode,
                                 ACLMASK_ANY, is_missing) != 0)
        return ACLCHECK_OK;
    else
        return ACLCHECK_NO_PRIV;
}

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, attnum, mode, and pg_attribute_aclmask_ext().

Referenced by column_privilege_check(), and pg_attribute_aclcheck().

◆ pg_class_aclcheck()

AclResult pg_class_aclcheck	(	Oid	table_oid,
		Oid	roleid,
		AclMode	mode
	)

Definition at line 4024 of file aclchk.c.

{
    return pg_class_aclcheck_ext(table_oid, roleid, mode, NULL);
}

References mode, and pg_class_aclcheck_ext().

Referenced by BuildIndexValueDescription(), checkFkeyPermissions(), cluster_is_permitted_for_relation(), CreateTriggerFiringOn(), currtid_internal(), currval_oid(), do_setval(), examine_simple_variable(), examine_variable(), ExecBuildSlotPartitionKeyDescription(), ExecBuildSlotValueDescription(), get_rel_from_relname(), has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_name(), has_sequence_privilege_id_name(), has_sequence_privilege_name(), has_sequence_privilege_name_name(), has_table_privilege_id_name(), has_table_privilege_name(), has_table_privilege_name_name(), lastval(), LockTableAclCheck(), LogicalRepSyncTableStart(), nextval_internal(), pg_get_sequence_data(), pg_prewarm(), pg_sequence_last_value(), pg_sequence_parameters(), pgrowlocks(), RangeVarCallbackForReindexIndex(), RangeVarCallbackMaintainsTable(), ReindexMultipleTables(), ri_ReportViolation(), statext_is_compatible_clause(), stats_lock_check_privileges(), TargetPrivilegesCheck(), transformTableLikeClause(), truncate_check_perms(), and vacuum_is_permitted_for_relation().

◆ pg_class_aclcheck_ext()

AclResult pg_class_aclcheck_ext	(	Oid	table_oid,
		Oid	roleid,
		AclMode	mode,
		bool *	is_missing
	)

Definition at line 4034 of file aclchk.c.

{
    if (pg_class_aclmask_ext(table_oid, roleid, mode,
                             ACLMASK_ANY, is_missing) != 0)
        return ACLCHECK_OK;
    else
        return ACLCHECK_NO_PRIV;
}

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, and pg_class_aclmask_ext().

Referenced by column_privilege_check(), has_any_column_privilege_id(), has_any_column_privilege_id_id(), has_any_column_privilege_name_id(), has_sequence_privilege_id(), has_sequence_privilege_id_id(), has_sequence_privilege_name_id(), has_table_privilege_id(), has_table_privilege_id_id(), has_table_privilege_name_id(), and pg_class_aclcheck().

◆ pg_class_aclmask()

AclMode pg_class_aclmask	(	Oid	table_oid,
		Oid	roleid,
		AclMode	mask,
		AclMaskHow	how
	)

Definition at line 3257 of file aclchk.c.

{
    return pg_class_aclmask_ext(table_oid, roleid, mask, how, NULL);
}

References pg_class_aclmask_ext().

Referenced by ExecCheckOneRelPerms(), and pg_aclmask().

◆ pg_largeobject_aclcheck_snapshot()

AclResult pg_largeobject_aclcheck_snapshot	(	Oid	lobj_oid,
		Oid	roleid,
		AclMode	mode,
		Snapshot	snapshot
	)

Definition at line 4061 of file aclchk.c.

{
    if (pg_largeobject_aclmask_snapshot(lobj_oid, roleid, mode,
                                        ACLMASK_ANY, snapshot) != 0)
        return ACLCHECK_OK;
    else
        return ACLCHECK_NO_PRIV;
}

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, and pg_largeobject_aclmask_snapshot().

Referenced by has_lo_priv_byid(), and inv_open().

◆ pg_parameter_aclcheck()

AclResult pg_parameter_aclcheck	(	const char *	name,
		Oid	roleid,
		AclMode	mode
	)

Definition at line 4049 of file aclchk.c.

{
    if (pg_parameter_aclmask(name, roleid, mode, ACLMASK_ANY) != 0)
        return ACLCHECK_OK;
    else
        return ACLCHECK_NO_PRIV;
}

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, name, and pg_parameter_aclmask().

Referenced by AlterSystemSetConfigFile(), has_param_priv_byname(), set_config_with_handle(), and validate_option_array_item().

◆ recordDependencyOnNewAcl()

void recordDependencyOnNewAcl	(	Oid	classId,
		Oid	objectId,
		int32	objsubId,
		Oid	ownerId,
		Acl *	acl
	)

Definition at line 4312 of file aclchk.c.

{
    int         nmembers;
    Oid        *members;
 
    /* Nothing to do if ACL is defaulted */
    if (acl == NULL)
        return;
 
    /* Extract roles mentioned in ACL */
    nmembers = aclmembers(acl, &members);
 
    /* Update the shared dependency ACL info */
    updateAclDependencies(classId, objectId, objsubId,
                          ownerId,
                          0, NULL,
                          nmembers, members);
}

References aclmembers(), and updateAclDependencies().

Referenced by GenerateTypeDependencies(), heap_create_with_catalog(), LargeObjectCreate(), NamespaceCreate(), and ProcedureCreate().

◆ recordExtObjInitPriv()

void recordExtObjInitPriv	(	Oid	objoid,
		Oid	classoid
	)

Definition at line 4339 of file aclchk.c.

{
    /*
     * pg_class / pg_attribute
     *
     * If this is a relation then we need to see if there are any sub-objects
     * (eg: columns) for it and, if so, be sure to call
     * recordExtensionInitPrivWorker() for each one.
     */
    if (classoid == RelationRelationId)
    {
        Form_pg_class pg_class_tuple;
        Datum       aclDatum;
        bool        isNull;
        HeapTuple   tuple;
 
        tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(objoid));
        if (!HeapTupleIsValid(tuple))
            elog(ERROR, "cache lookup failed for relation %u", objoid);
        pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
 
        /*
         * Indexes don't have permissions, neither do the pg_class rows for
         * composite types.  (These cases are unreachable given the
         * restrictions in ALTER EXTENSION ADD, but let's check anyway.)
         */
        if (pg_class_tuple->relkind == RELKIND_INDEX ||
            pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
            pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
        {
            ReleaseSysCache(tuple);
            return;
        }
 
        /*
         * If this isn't a sequence then it's possibly going to have
         * column-level ACLs associated with it.
         */
        if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
        {
            AttrNumber  curr_att;
            AttrNumber  nattrs = pg_class_tuple->relnatts;
 
            for (curr_att = 1; curr_att <= nattrs; curr_att++)
            {
                HeapTuple   attTuple;
                Datum       attaclDatum;
 
                attTuple = SearchSysCache2(ATTNUM,
                                           ObjectIdGetDatum(objoid),
                                           Int16GetDatum(curr_att));
 
                if (!HeapTupleIsValid(attTuple))
                    continue;
 
                /* ignore dropped columns */
                if (((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped)
                {
                    ReleaseSysCache(attTuple);
                    continue;
                }
 
                attaclDatum = SysCacheGetAttr(ATTNUM, attTuple,
                                              Anum_pg_attribute_attacl,
                                              &isNull);
 
                /* no need to do anything for a NULL ACL */
                if (isNull)
                {
                    ReleaseSysCache(attTuple);
                    continue;
                }
 
                recordExtensionInitPrivWorker(objoid, classoid, curr_att,
                                              DatumGetAclP(attaclDatum));
 
                ReleaseSysCache(attTuple);
            }
        }
 
        aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
                                   &isNull);
 
        /* Add the record, if any, for the top-level object */
        if (!isNull)
            recordExtensionInitPrivWorker(objoid, classoid, 0,
                                          DatumGetAclP(aclDatum));
 
        ReleaseSysCache(tuple);
    }
    else if (classoid == LargeObjectRelationId)
    {
        /* For large objects, we must consult pg_largeobject_metadata */
        Datum       aclDatum;
        bool        isNull;
        HeapTuple   tuple;
        ScanKeyData entry[1];
        SysScanDesc scan;
        Relation    relation;
 
        /*
         * Note: this is dead code, given that we don't allow large objects to
         * be made extension members.  But it seems worth carrying in case
         * some future caller of this function has need for it.
         */
        relation = table_open(LargeObjectMetadataRelationId, RowExclusiveLock);
 
        /* There's no syscache for pg_largeobject_metadata */
        ScanKeyInit(&entry[0],
                    Anum_pg_largeobject_metadata_oid,
                    BTEqualStrategyNumber, F_OIDEQ,
                    ObjectIdGetDatum(objoid));
 
        scan = systable_beginscan(relation,
                                  LargeObjectMetadataOidIndexId, true,
                                  NULL, 1, entry);
 
        tuple = systable_getnext(scan);
        if (!HeapTupleIsValid(tuple))
            elog(ERROR, "could not find tuple for large object %u", objoid);
 
        aclDatum = heap_getattr(tuple,
                                Anum_pg_largeobject_metadata_lomacl,
                                RelationGetDescr(relation), &isNull);
 
        /* Add the record, if any, for the top-level object */
        if (!isNull)
            recordExtensionInitPrivWorker(objoid, classoid, 0,
                                          DatumGetAclP(aclDatum));
 
        systable_endscan(scan);
    }
    /* This will error on unsupported classoid. */
    else if (get_object_attnum_acl(classoid) != InvalidAttrNumber)
    {
        int         cacheid;
        Datum       aclDatum;
        bool        isNull;
        HeapTuple   tuple;
 
        cacheid = get_object_catcache_oid(classoid);
        tuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objoid));
        if (!HeapTupleIsValid(tuple))
            elog(ERROR, "cache lookup failed for %s %u",
                 get_object_class_descr(classoid), objoid);
 
        aclDatum = SysCacheGetAttr(cacheid, tuple,
                                   get_object_attnum_acl(classoid),
                                   &isNull);
 
        /* Add the record, if any, for the top-level object */
        if (!isNull)
            recordExtensionInitPrivWorker(objoid, classoid, 0,
                                          DatumGetAclP(aclDatum));
 
        ReleaseSysCache(tuple);
    }
}

References BTEqualStrategyNumber, DatumGetAclP, elog, ERROR, get_object_attnum_acl(), get_object_catcache_oid(), get_object_class_descr(), GETSTRUCT(), heap_getattr(), HeapTupleIsValid, Int16GetDatum(), InvalidAttrNumber, ObjectIdGetDatum(), recordExtensionInitPrivWorker(), RelationGetDescr, ReleaseSysCache(), RowExclusiveLock, ScanKeyInit(), SearchSysCache1(), SearchSysCache2(), SysCacheGetAttr(), systable_beginscan(), systable_endscan(), systable_getnext(), and table_open().

Referenced by ExecAlterExtensionContentsRecurse().

◆ removeExtObjInitPriv()

void removeExtObjInitPriv	(	Oid	objoid,
		Oid	classoid
	)

Definition at line 4503 of file aclchk.c.

{
    /*
     * If this is a relation then we need to see if there are any sub-objects
     * (eg: columns) for it and, if so, be sure to call
     * recordExtensionInitPrivWorker() for each one.
     */
    if (classoid == RelationRelationId)
    {
        Form_pg_class pg_class_tuple;
        HeapTuple   tuple;
 
        tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(objoid));
        if (!HeapTupleIsValid(tuple))
            elog(ERROR, "cache lookup failed for relation %u", objoid);
        pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
 
        /*
         * Indexes don't have permissions, neither do the pg_class rows for
         * composite types.  (These cases are unreachable given the
         * restrictions in ALTER EXTENSION DROP, but let's check anyway.)
         */
        if (pg_class_tuple->relkind == RELKIND_INDEX ||
            pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
            pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
        {
            ReleaseSysCache(tuple);
            return;
        }
 
        /*
         * If this isn't a sequence then it's possibly going to have
         * column-level ACLs associated with it.
         */
        if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
        {
            AttrNumber  curr_att;
            AttrNumber  nattrs = pg_class_tuple->relnatts;
 
            for (curr_att = 1; curr_att <= nattrs; curr_att++)
            {
                HeapTuple   attTuple;
 
                attTuple = SearchSysCache2(ATTNUM,
                                           ObjectIdGetDatum(objoid),
                                           Int16GetDatum(curr_att));
 
                if (!HeapTupleIsValid(attTuple))
                    continue;
 
                /* when removing, remove all entries, even dropped columns */
 
                recordExtensionInitPrivWorker(objoid, classoid, curr_att, NULL);
 
                ReleaseSysCache(attTuple);
            }
        }
 
        ReleaseSysCache(tuple);
    }
 
    /* Remove the record, if any, for the top-level object */
    recordExtensionInitPrivWorker(objoid, classoid, 0, NULL);
}

References elog, ERROR, GETSTRUCT(), HeapTupleIsValid, Int16GetDatum(), ObjectIdGetDatum(), recordExtensionInitPrivWorker(), ReleaseSysCache(), SearchSysCache1(), and SearchSysCache2().

Referenced by ExecAlterExtensionContentsRecurse().

◆ RemoveRoleFromInitPriv()

void RemoveRoleFromInitPriv	(	Oid	roleid,
		Oid	classid,
		Oid	objid,
		int32	objsubid
	)

Definition at line 4852 of file aclchk.c.

{
    Relation    rel;
    ScanKeyData key[3];
    SysScanDesc scan;
    HeapTuple   oldtuple;
    int         cacheid;
    HeapTuple   objtuple;
    Oid         ownerId;
    Datum       oldAclDatum;
    bool        isNull;
    Acl        *old_acl;
    Acl        *new_acl;
    HeapTuple   newtuple;
    int         noldmembers;
    int         nnewmembers;
    Oid        *oldmembers;
    Oid        *newmembers;
 
    /* Search for existing pg_init_privs entry for the target object. */
    rel = table_open(InitPrivsRelationId, RowExclusiveLock);
 
    ScanKeyInit(&key[0],
                Anum_pg_init_privs_objoid,
                BTEqualStrategyNumber, F_OIDEQ,
                ObjectIdGetDatum(objid));
    ScanKeyInit(&key[1],
                Anum_pg_init_privs_classoid,
                BTEqualStrategyNumber, F_OIDEQ,
                ObjectIdGetDatum(classid));
    ScanKeyInit(&key[2],
                Anum_pg_init_privs_objsubid,
                BTEqualStrategyNumber, F_INT4EQ,
                Int32GetDatum(objsubid));
 
    scan = systable_beginscan(rel, InitPrivsObjIndexId, true,
                              NULL, 3, key);
 
    /* There should exist only one entry or none. */
    oldtuple = systable_getnext(scan);
 
    if (!HeapTupleIsValid(oldtuple))
    {
        /*
         * Hmm, why are we here if there's no entry?  But pack up and go away
         * quietly.
         */
        systable_endscan(scan);
        table_close(rel, RowExclusiveLock);
        return;
    }
 
    /* Get a writable copy of the existing ACL. */
    oldAclDatum = heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
                               RelationGetDescr(rel), &isNull);
    Assert(!isNull);
    old_acl = DatumGetAclPCopy(oldAclDatum);
 
    /*
     * We need the members of both old and new ACLs so we can correct the
     * shared dependency information.  Collect data before
     * merge_acl_with_grant throws away old_acl.
     */
    noldmembers = aclmembers(old_acl, &oldmembers);
 
    /* Must find out the owner's OID the hard way. */
    cacheid = get_object_catcache_oid(classid);
    objtuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objid));
    if (!HeapTupleIsValid(objtuple))
        elog(ERROR, "cache lookup failed for %s %u",
             get_object_class_descr(classid), objid);
 
    ownerId = DatumGetObjectId(SysCacheGetAttrNotNull(cacheid,
                                                      objtuple,
                                                      get_object_attnum_owner(classid)));
    ReleaseSysCache(objtuple);
 
    /*
     * Generate new ACL.  Grantor of rights is always the same as the owner.
     */
    if (old_acl != NULL)
        new_acl = merge_acl_with_grant(old_acl,
                                       false,   /* is_grant */
                                       false,   /* grant_option */
                                       DROP_RESTRICT,
                                       list_make1_oid(roleid),
                                       ACLITEM_ALL_PRIV_BITS,
                                       ownerId,
                                       ownerId);
    else
        new_acl = NULL;         /* this case shouldn't happen, probably */
 
    /* If we end with an empty ACL, delete the pg_init_privs entry. */
    if (new_acl == NULL || ACL_NUM(new_acl) == 0)
    {
        CatalogTupleDelete(rel, &oldtuple->t_self);
    }
    else
    {
        Datum       values[Natts_pg_init_privs] = {0};
        bool        nulls[Natts_pg_init_privs] = {0};
        bool        replaces[Natts_pg_init_privs] = {0};
 
        /* Update existing entry. */
        values[Anum_pg_init_privs_initprivs - 1] = PointerGetDatum(new_acl);
        replaces[Anum_pg_init_privs_initprivs - 1] = true;
 
        newtuple = heap_modify_tuple(oldtuple, RelationGetDescr(rel),
                                     values, nulls, replaces);
        CatalogTupleUpdate(rel, &newtuple->t_self, newtuple);
    }
 
    /*
     * Update the shared dependency ACL info.
     */
    nnewmembers = aclmembers(new_acl, &newmembers);
 
    updateInitAclDependencies(classid, objid, objsubid,
                              noldmembers, oldmembers,
                              nnewmembers, newmembers);
 
    systable_endscan(scan);
 
    /* prevent error when processing objects multiple times */
    CommandCounterIncrement();
 
    table_close(rel, RowExclusiveLock);
}

References ACL_NUM, ACLITEM_ALL_PRIV_BITS, aclmembers(), Assert(), BTEqualStrategyNumber, CatalogTupleDelete(), CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, DatumGetObjectId(), DROP_RESTRICT, elog, ERROR, get_object_attnum_owner(), get_object_catcache_oid(), get_object_class_descr(), heap_getattr(), heap_modify_tuple(), HeapTupleIsValid, Int32GetDatum(), sort-test::key, list_make1_oid, merge_acl_with_grant(), ObjectIdGetDatum(), PointerGetDatum(), RelationGetDescr, ReleaseSysCache(), RowExclusiveLock, ScanKeyInit(), SearchSysCache1(), SysCacheGetAttrNotNull(), systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), table_open(), updateInitAclDependencies(), and values.

Referenced by shdepDropOwned().

◆ RemoveRoleFromObjectACL()

void RemoveRoleFromObjectACL	(	Oid	roleid,
		Oid	classid,
		Oid	objid
	)

Definition at line 1407 of file aclchk.c.

{
    if (classid == DefaultAclRelationId)
    {
        InternalDefaultACL iacls;
        Form_pg_default_acl pg_default_acl_tuple;
        Relation    rel;
        ScanKeyData skey[1];
        SysScanDesc scan;
        HeapTuple   tuple;
 
        /* first fetch info needed by SetDefaultACL */
        rel = table_open(DefaultAclRelationId, AccessShareLock);
 
        ScanKeyInit(&skey[0],
                    Anum_pg_default_acl_oid,
                    BTEqualStrategyNumber, F_OIDEQ,
                    ObjectIdGetDatum(objid));
 
        scan = systable_beginscan(rel, DefaultAclOidIndexId, true,
                                  NULL, 1, skey);
 
        tuple = systable_getnext(scan);
 
        if (!HeapTupleIsValid(tuple))
            elog(ERROR, "could not find tuple for default ACL %u", objid);
 
        pg_default_acl_tuple = (Form_pg_default_acl) GETSTRUCT(tuple);
 
        iacls.roleid = pg_default_acl_tuple->defaclrole;
        iacls.nspid = pg_default_acl_tuple->defaclnamespace;
 
        switch (pg_default_acl_tuple->defaclobjtype)
        {
            case DEFACLOBJ_RELATION:
                iacls.objtype = OBJECT_TABLE;
                break;
            case DEFACLOBJ_SEQUENCE:
                iacls.objtype = OBJECT_SEQUENCE;
                break;
            case DEFACLOBJ_FUNCTION:
                iacls.objtype = OBJECT_FUNCTION;
                break;
            case DEFACLOBJ_TYPE:
                iacls.objtype = OBJECT_TYPE;
                break;
            case DEFACLOBJ_NAMESPACE:
                iacls.objtype = OBJECT_SCHEMA;
                break;
            case DEFACLOBJ_LARGEOBJECT:
                iacls.objtype = OBJECT_LARGEOBJECT;
                break;
            default:
                /* Shouldn't get here */
                elog(ERROR, "unexpected default ACL type: %d",
                     (int) pg_default_acl_tuple->defaclobjtype);
                break;
        }
 
        systable_endscan(scan);
        table_close(rel, AccessShareLock);
 
        iacls.is_grant = false;
        iacls.all_privs = true;
        iacls.privileges = ACL_NO_RIGHTS;
        iacls.grantees = list_make1_oid(roleid);
        iacls.grant_option = false;
        iacls.behavior = DROP_CASCADE;
 
        /* Do it */
        SetDefaultACL(&iacls);
    }
    else
    {
        InternalGrant istmt;
 
        switch (classid)
        {
            case RelationRelationId:
                /* it's OK to use TABLE for a sequence */
                istmt.objtype = OBJECT_TABLE;
                break;
            case DatabaseRelationId:
                istmt.objtype = OBJECT_DATABASE;
                break;
            case TypeRelationId:
                istmt.objtype = OBJECT_TYPE;
                break;
            case ProcedureRelationId:
                istmt.objtype = OBJECT_ROUTINE;
                break;
            case LanguageRelationId:
                istmt.objtype = OBJECT_LANGUAGE;
                break;
            case LargeObjectRelationId:
                istmt.objtype = OBJECT_LARGEOBJECT;
                break;
            case NamespaceRelationId:
                istmt.objtype = OBJECT_SCHEMA;
                break;
            case TableSpaceRelationId:
                istmt.objtype = OBJECT_TABLESPACE;
                break;
            case ForeignServerRelationId:
                istmt.objtype = OBJECT_FOREIGN_SERVER;
                break;
            case ForeignDataWrapperRelationId:
                istmt.objtype = OBJECT_FDW;
                break;
            case ParameterAclRelationId:
                istmt.objtype = OBJECT_PARAMETER_ACL;
                break;
            default:
                elog(ERROR, "unexpected object class %u", classid);
                break;
        }
        istmt.is_grant = false;
        istmt.objects = list_make1_oid(objid);
        istmt.all_privs = true;
        istmt.privileges = ACL_NO_RIGHTS;
        istmt.col_privs = NIL;
        istmt.grantees = list_make1_oid(roleid);
        istmt.grant_option = false;
        istmt.behavior = DROP_CASCADE;
 
        ExecGrantStmt_oids(&istmt);
    }
}

Referenced by shdepDropOwned().

◆ ReplaceRoleInInitPriv()

void ReplaceRoleInInitPriv	(	Oid	oldroleid,
		Oid	newroleid,
		Oid	classid,
		Oid	objid,
		int32	objsubid
	)

Definition at line 4743 of file aclchk.c.

{
    Relation    rel;
    ScanKeyData key[3];
    SysScanDesc scan;
    HeapTuple   oldtuple;
    Datum       oldAclDatum;
    bool        isNull;
    Acl        *old_acl;
    Acl        *new_acl;
    HeapTuple   newtuple;
    int         noldmembers;
    int         nnewmembers;
    Oid        *oldmembers;
    Oid        *newmembers;
 
    /* Search for existing pg_init_privs entry for the target object. */
    rel = table_open(InitPrivsRelationId, RowExclusiveLock);
 
    ScanKeyInit(&key[0],
                Anum_pg_init_privs_objoid,
                BTEqualStrategyNumber, F_OIDEQ,
                ObjectIdGetDatum(objid));
    ScanKeyInit(&key[1],
                Anum_pg_init_privs_classoid,
                BTEqualStrategyNumber, F_OIDEQ,
                ObjectIdGetDatum(classid));
    ScanKeyInit(&key[2],
                Anum_pg_init_privs_objsubid,
                BTEqualStrategyNumber, F_INT4EQ,
                Int32GetDatum(objsubid));
 
    scan = systable_beginscan(rel, InitPrivsObjIndexId, true,
                              NULL, 3, key);
 
    /* There should exist only one entry or none. */
    oldtuple = systable_getnext(scan);
 
    if (!HeapTupleIsValid(oldtuple))
    {
        /*
         * Hmm, why are we here if there's no entry?  But pack up and go away
         * quietly.
         */
        systable_endscan(scan);
        table_close(rel, RowExclusiveLock);
        return;
    }
 
    /* Get a writable copy of the existing ACL. */
    oldAclDatum = heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
                               RelationGetDescr(rel), &isNull);
    Assert(!isNull);
    old_acl = DatumGetAclPCopy(oldAclDatum);
 
    /*
     * Generate new ACL.  This usage of aclnewowner is a bit off-label when
     * oldroleid isn't the owner; but it does the job fine.
     */
    new_acl = aclnewowner(old_acl, oldroleid, newroleid);
 
    /*
     * If we end with an empty ACL, delete the pg_init_privs entry.  (That
     * probably can't happen here, but we may as well cover the case.)
     */
    if (new_acl == NULL || ACL_NUM(new_acl) == 0)
    {
        CatalogTupleDelete(rel, &oldtuple->t_self);
    }
    else
    {
        Datum       values[Natts_pg_init_privs] = {0};
        bool        nulls[Natts_pg_init_privs] = {0};
        bool        replaces[Natts_pg_init_privs] = {0};
 
        /* Update existing entry. */
        values[Anum_pg_init_privs_initprivs - 1] = PointerGetDatum(new_acl);
        replaces[Anum_pg_init_privs_initprivs - 1] = true;
 
        newtuple = heap_modify_tuple(oldtuple, RelationGetDescr(rel),
                                     values, nulls, replaces);
        CatalogTupleUpdate(rel, &newtuple->t_self, newtuple);
    }
 
    /*
     * Update the shared dependency ACL info.
     */
    noldmembers = aclmembers(old_acl, &oldmembers);
    nnewmembers = aclmembers(new_acl, &newmembers);
 
    updateInitAclDependencies(classid, objid, objsubid,
                              noldmembers, oldmembers,
                              nnewmembers, newmembers);
 
    systable_endscan(scan);
 
    /* prevent error when processing objects multiple times */
    CommandCounterIncrement();
 
    table_close(rel, RowExclusiveLock);
}

References ACL_NUM, aclmembers(), aclnewowner(), Assert(), BTEqualStrategyNumber, CatalogTupleDelete(), CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, heap_getattr(), heap_modify_tuple(), HeapTupleIsValid, Int32GetDatum(), sort-test::key, ObjectIdGetDatum(), PointerGetDatum(), RelationGetDescr, RowExclusiveLock, ScanKeyInit(), systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), table_open(), updateInitAclDependencies(), and values.

Referenced by shdepReassignOwned_InitAcl().

◆ select_best_admin()

Oid select_best_admin	(	Oid	member,
		Oid	role
	)

Definition at line 5423 of file acl.c.

{
    Oid         admin_role;
 
    /* By policy, a role cannot have WITH ADMIN OPTION on itself. */
    if (member == role)
        return InvalidOid;
 
    (void) roles_is_member_of(member, ROLERECURSE_PRIVS, role, &admin_role);
    return admin_role;
}

References InvalidOid, ROLERECURSE_PRIVS, and roles_is_member_of().

Referenced by check_role_grantor().

◆ select_best_grantor()

void select_best_grantor	(	Oid	roleId,
		AclMode	privileges,
		const Acl *	acl,
		Oid	ownerId,
		Oid *	grantorId,
		AclMode *	grantOptions
	)

Definition at line 5460 of file acl.c.

{
    AclMode     needed_goptions = ACL_GRANT_OPTION_FOR(privileges);
    List       *roles_list;
    int         nrights;
    ListCell   *l;
 
    /*
     * The object owner is always treated as having all grant options, so if
     * roleId is the owner it's easy.  Also, if roleId is a superuser it's
     * easy: superusers are implicitly members of every role, so they act as
     * the object owner.
     */
    if (roleId == ownerId || superuser_arg(roleId))
    {
        *grantorId = ownerId;
        *grantOptions = needed_goptions;
        return;
    }
 
    /*
     * Otherwise we have to do a careful search to see if roleId has the
     * privileges of any suitable role.  Note: we can hang onto the result of
     * roles_is_member_of() throughout this loop, because aclmask_direct()
     * doesn't query any role memberships.
     */
    roles_list = roles_is_member_of(roleId, ROLERECURSE_PRIVS,
                                    InvalidOid, NULL);
 
    /* initialize candidate result as default */
    *grantorId = roleId;
    *grantOptions = ACL_NO_RIGHTS;
    nrights = 0;
 
    foreach(l, roles_list)
    {
        Oid         otherrole = lfirst_oid(l);
        AclMode     otherprivs;
 
        otherprivs = aclmask_direct(acl, otherrole, ownerId,
                                    needed_goptions, ACLMASK_ALL);
        if (otherprivs == needed_goptions)
        {
            /* Found a suitable grantor */
            *grantorId = otherrole;
            *grantOptions = otherprivs;
            return;
        }
 
        /*
         * If it has just some of the needed privileges, remember best
         * candidate.
         */
        if (otherprivs != ACL_NO_RIGHTS)
        {
            int         nnewrights = pg_popcount64(otherprivs);
 
            if (nnewrights > nrights)
            {
                *grantorId = otherrole;
                *grantOptions = otherprivs;
                nrights = nnewrights;
            }
        }
    }
}

References ACL_GRANT_OPTION_FOR, ACL_NO_RIGHTS, ACLMASK_ALL, aclmask_direct(), InvalidOid, lfirst_oid, pg_popcount64(), ROLERECURSE_PRIVS, roles_is_member_of(), and superuser_arg().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), and ExecGrant_Relation().

Data Structures

Macros

Typedefs

Enumerations

Functions

Macro Definition Documentation

◆ ACL_ALL_RIGHTS_COLUMN

◆ ACL_ALL_RIGHTS_DATABASE

◆ ACL_ALL_RIGHTS_FDW

◆ ACL_ALL_RIGHTS_FOREIGN_SERVER

◆ ACL_ALL_RIGHTS_FUNCTION

◆ ACL_ALL_RIGHTS_LANGUAGE

◆ ACL_ALL_RIGHTS_LARGEOBJECT

◆ ACL_ALL_RIGHTS_PARAMETER_ACL

◆ ACL_ALL_RIGHTS_RELATION

◆ ACL_ALL_RIGHTS_SCHEMA

◆ ACL_ALL_RIGHTS_SEQUENCE

◆ ACL_ALL_RIGHTS_STR

◆ ACL_ALL_RIGHTS_TABLESPACE

◆ ACL_ALL_RIGHTS_TYPE

◆ ACL_ALTER_SYSTEM_CHR

◆ ACL_CONNECT_CHR

◆ ACL_CREATE_CHR

◆ ACL_CREATE_TEMP_CHR

◆ ACL_DAT

◆ ACL_DELETE_CHR

◆ ACL_EXECUTE_CHR

◆ ACL_GRANT_OPTION_FOR

◆ ACL_ID_PUBLIC

◆ ACL_INSERT_CHR

◆ ACL_MAINTAIN_CHR

◆ ACL_MODECHG_ADD

◆ ACL_MODECHG_DEL

◆ ACL_MODECHG_EQL

◆ ACL_N_SIZE

◆ ACL_NUM

◆ ACL_OPTION_TO_PRIVS

◆ ACL_REFERENCES_CHR

◆ ACL_SELECT_CHR

◆ ACL_SET_CHR

◆ ACL_SIZE

◆ ACL_TRIGGER_CHR

◆ ACL_TRUNCATE_CHR

◆ ACL_UPDATE_CHR

◆ ACL_USAGE_CHR

◆ ACLITEM_ALL_GOPTION_BITS

◆ ACLITEM_ALL_PRIV_BITS

◆ ACLITEM_GET_GOPTIONS

◆ ACLITEM_GET_PRIVS

◆ ACLITEM_GET_RIGHTS

◆ ACLITEM_SET_GOPTIONS

◆ ACLITEM_SET_PRIVS

◆ ACLITEM_SET_PRIVS_GOPTIONS

◆ ACLITEM_SET_RIGHTS

◆ DatumGetAclItemP

◆ DatumGetAclP

◆ DatumGetAclPCopy

◆ PG_GETARG_ACL_P

◆ PG_GETARG_ACL_P_COPY

◆ PG_GETARG_ACLITEM_P

◆ PG_RETURN_ACL_P

◆ PG_RETURN_ACLITEM_P

Typedef Documentation

◆ Acl

◆ AclItem

Enumeration Type Documentation

◆ AclMaskHow

◆ AclResult

Function Documentation

◆ aclcheck_error()

◆ aclcheck_error_col()

◆ aclcheck_error_type()

◆ aclconcat()

◆ aclcopy()

◆ acldefault()

◆ aclequal()

◆ aclitemsort()

◆ aclmask()

◆ aclmembers()

◆ aclmerge()