aclchk.c File Reference

#include "postgres.h"
#include "access/genam.h"
#include "access/heapam.h"
#include "access/htup_details.h"
#include "access/sysattr.h"
#include "access/tableam.h"
#include "access/xact.h"
#include "catalog/binary_upgrade.h"
#include "catalog/catalog.h"
#include "catalog/dependency.h"
#include "catalog/indexing.h"
#include "catalog/objectaccess.h"
#include "catalog/pg_aggregate.h"
#include "catalog/pg_am.h"
#include "catalog/pg_authid.h"
#include "catalog/pg_cast.h"
#include "catalog/pg_class.h"
#include "catalog/pg_collation.h"
#include "catalog/pg_conversion.h"
#include "catalog/pg_database.h"
#include "catalog/pg_default_acl.h"
#include "catalog/pg_event_trigger.h"
#include "catalog/pg_extension.h"
#include "catalog/pg_foreign_data_wrapper.h"
#include "catalog/pg_foreign_server.h"
#include "catalog/pg_init_privs.h"
#include "catalog/pg_language.h"
#include "catalog/pg_largeobject.h"
#include "catalog/pg_largeobject_metadata.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_opclass.h"
#include "catalog/pg_operator.h"
#include "catalog/pg_opfamily.h"
#include "catalog/pg_parameter_acl.h"
#include "catalog/pg_proc.h"
#include "catalog/pg_statistic_ext.h"
#include "catalog/pg_subscription.h"
#include "catalog/pg_tablespace.h"
#include "catalog/pg_transform.h"
#include "catalog/pg_ts_config.h"
#include "catalog/pg_ts_dict.h"
#include "catalog/pg_ts_parser.h"
#include "catalog/pg_ts_template.h"
#include "catalog/pg_type.h"
#include "commands/dbcommands.h"
#include "commands/defrem.h"
#include "commands/event_trigger.h"
#include "commands/extension.h"
#include "commands/proclang.h"
#include "commands/tablespace.h"
#include "foreign/foreign.h"
#include "miscadmin.h"
#include "nodes/makefuncs.h"
#include "parser/parse_func.h"
#include "parser/parse_type.h"
#include "utils/acl.h"
#include "utils/aclchk_internal.h"
#include "utils/builtins.h"
#include "utils/fmgroids.h"
#include "utils/guc.h"
#include "utils/lsyscache.h"
#include "utils/rel.h"
#include "utils/syscache.h"

Include dependency graph for aclchk.c:

Go to the source code of this file.

Data Structures
struct	InternalDefaultACL

Functions
static void	ExecGrantStmt_oids (InternalGrant *istmt)
static void	ExecGrant_Relation (InternalGrant *istmt)
static void	ExecGrant_common (InternalGrant *istmt, Oid classid, AclMode default_privs, void(*object_check)(InternalGrant *istmt, HeapTuple tuple))
static void	ExecGrant_Language_check (InternalGrant *istmt, HeapTuple tuple)
static void	ExecGrant_Largeobject (InternalGrant *istmt)
static void	ExecGrant_Type_check (InternalGrant *istmt, HeapTuple tuple)
static void	ExecGrant_Parameter (InternalGrant *istmt)
static void	SetDefaultACLsInSchemas (InternalDefaultACL *iacls, List *nspnames)
static void	SetDefaultACL (InternalDefaultACL *iacls)
static List *	objectNamesToOids (ObjectType objtype, List *objnames, bool is_grant)
static List *	objectsInSchemaToOids (ObjectType objtype, List *nspnames)
static List *	getRelationsInNamespace (Oid namespaceId, char relkind)
static void	expand_col_privileges (List *colnames, Oid table_oid, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
static void	expand_all_col_privileges (Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
static AclMode	string_to_privilege (const char *privname)
static const char *	privilege_to_string (AclMode privilege)
static AclMode	restrict_and_check_grant (bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
static AclMode	pg_aclmask (ObjectType objtype, Oid object_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
static AclMode	object_aclmask (Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how)
static AclMode	pg_attribute_aclmask (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
static AclMode	pg_attribute_aclmask_ext (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
static AclMode	pg_class_aclmask_ext (Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
static AclMode	pg_parameter_acl_aclmask (Oid acl_oid, Oid roleid, AclMode mask, AclMaskHow how)
static AclMode	pg_largeobject_aclmask_snapshot (Oid lobj_oid, Oid roleid, AclMode mask, AclMaskHow how, Snapshot snapshot)
static AclMode	pg_namespace_aclmask (Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how)
static AclMode	pg_type_aclmask (Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how)
static void	recordExtensionInitPriv (Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
static void	recordExtensionInitPrivWorker (Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
static Acl *	merge_acl_with_grant (Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
void	ExecuteGrantStmt (GrantStmt *stmt)
void	ExecAlterDefaultPrivilegesStmt (ParseState *pstate, AlterDefaultPrivilegesStmt *stmt)
void	RemoveRoleFromObjectACL (Oid roleid, Oid classid, Oid objid)
static void	ExecGrant_Attribute (InternalGrant *istmt, Oid relOid, const char *relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)
void	aclcheck_error (AclResult aclerr, ObjectType objtype, const char *objectname)
void	aclcheck_error_col (AclResult aclerr, ObjectType objtype, const char *objectname, const char *colname)
void	aclcheck_error_type (AclResult aclerr, Oid typeOid)
AclMode	pg_class_aclmask (Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)
static AclMode	pg_parameter_aclmask (const char *name, Oid roleid, AclMode mask, AclMaskHow how)
AclResult	object_aclcheck (Oid classid, Oid objectid, Oid roleid, AclMode mode)
AclResult	pg_attribute_aclcheck (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode)
AclResult	pg_attribute_aclcheck_ext (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
AclResult	pg_attribute_aclcheck_all (Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
AclResult	pg_class_aclcheck (Oid table_oid, Oid roleid, AclMode mode)
AclResult	pg_class_aclcheck_ext (Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)
AclResult	pg_parameter_aclcheck (const char *name, Oid roleid, AclMode mode)
AclResult	pg_largeobject_aclcheck_snapshot (Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)
bool	object_ownercheck (Oid classid, Oid objectid, Oid roleid)
bool	has_createrole_privilege (Oid roleid)
bool	has_bypassrls_privilege (Oid roleid)
static Acl *	get_default_acl_internal (Oid roleId, Oid nsp_oid, char objtype)
Acl *	get_user_default_acl (ObjectType objtype, Oid ownerId, Oid nsp_oid)
void	recordDependencyOnNewAcl (Oid classId, Oid objectId, int32 objsubId, Oid ownerId, Acl *acl)
void	recordExtObjInitPriv (Oid objoid, Oid classoid)
void	removeExtObjInitPriv (Oid objoid, Oid classoid)

Variables
bool	binary_upgrade_record_init_privs = false

Function Documentation

aclcheck_error()

void aclcheck_error	(	AclResult	aclerr,
		ObjectType	objtype,
		const char *	objectname
	)

Definition at line 2669 of file aclchk.c.

{
    switch (aclerr)
    {
        case ACLCHECK_OK:
            /* no error, so return to caller */
            break;
        case ACLCHECK_NO_PRIV:
            {
                const char *msg = "???";
 
                switch (objtype)
                {
                    case OBJECT_AGGREGATE:
                        msg = gettext_noop("permission denied for aggregate %s");
                        break;
                    case OBJECT_COLLATION:
                        msg = gettext_noop("permission denied for collation %s");
                        break;
                    case OBJECT_COLUMN:
                        msg = gettext_noop("permission denied for column %s");
                        break;
                    case OBJECT_CONVERSION:
                        msg = gettext_noop("permission denied for conversion %s");
                        break;
                    case OBJECT_DATABASE:
                        msg = gettext_noop("permission denied for database %s");
                        break;
                    case OBJECT_DOMAIN:
                        msg = gettext_noop("permission denied for domain %s");
                        break;
                    case OBJECT_EVENT_TRIGGER:
                        msg = gettext_noop("permission denied for event trigger %s");
                        break;
                    case OBJECT_EXTENSION:
                        msg = gettext_noop("permission denied for extension %s");
                        break;
                    case OBJECT_FDW:
                        msg = gettext_noop("permission denied for foreign-data wrapper %s");
                        break;
                    case OBJECT_FOREIGN_SERVER:
                        msg = gettext_noop("permission denied for foreign server %s");
                        break;
                    case OBJECT_FOREIGN_TABLE:
                        msg = gettext_noop("permission denied for foreign table %s");
                        break;
                    case OBJECT_FUNCTION:
                        msg = gettext_noop("permission denied for function %s");
                        break;
                    case OBJECT_INDEX:
                        msg = gettext_noop("permission denied for index %s");
                        break;
                    case OBJECT_LANGUAGE:
                        msg = gettext_noop("permission denied for language %s");
                        break;
                    case OBJECT_LARGEOBJECT:
                        msg = gettext_noop("permission denied for large object %s");
                        break;
                    case OBJECT_MATVIEW:
                        msg = gettext_noop("permission denied for materialized view %s");
                        break;
                    case OBJECT_OPCLASS:
                        msg = gettext_noop("permission denied for operator class %s");
                        break;
                    case OBJECT_OPERATOR:
                        msg = gettext_noop("permission denied for operator %s");
                        break;
                    case OBJECT_OPFAMILY:
                        msg = gettext_noop("permission denied for operator family %s");
                        break;
                    case OBJECT_PARAMETER_ACL:
                        msg = gettext_noop("permission denied for parameter %s");
                        break;
                    case OBJECT_POLICY:
                        msg = gettext_noop("permission denied for policy %s");
                        break;
                    case OBJECT_PROCEDURE:
                        msg = gettext_noop("permission denied for procedure %s");
                        break;
                    case OBJECT_PUBLICATION:
                        msg = gettext_noop("permission denied for publication %s");
                        break;
                    case OBJECT_ROUTINE:
                        msg = gettext_noop("permission denied for routine %s");
                        break;
                    case OBJECT_SCHEMA:
                        msg = gettext_noop("permission denied for schema %s");
                        break;
                    case OBJECT_SEQUENCE:
                        msg = gettext_noop("permission denied for sequence %s");
                        break;
                    case OBJECT_STATISTIC_EXT:
                        msg = gettext_noop("permission denied for statistics object %s");
                        break;
                    case OBJECT_SUBSCRIPTION:
                        msg = gettext_noop("permission denied for subscription %s");
                        break;
                    case OBJECT_TABLE:
                        msg = gettext_noop("permission denied for table %s");
                        break;
                    case OBJECT_TABLESPACE:
                        msg = gettext_noop("permission denied for tablespace %s");
                        break;
                    case OBJECT_TSCONFIGURATION:
                        msg = gettext_noop("permission denied for text search configuration %s");
                        break;
                    case OBJECT_TSDICTIONARY:
                        msg = gettext_noop("permission denied for text search dictionary %s");
                        break;
                    case OBJECT_TYPE:
                        msg = gettext_noop("permission denied for type %s");
                        break;
                    case OBJECT_VIEW:
                        msg = gettext_noop("permission denied for view %s");
                        break;
                        /* these currently aren't used */
                    case OBJECT_ACCESS_METHOD:
                    case OBJECT_AMOP:
                    case OBJECT_AMPROC:
                    case OBJECT_ATTRIBUTE:
                    case OBJECT_CAST:
                    case OBJECT_DEFAULT:
                    case OBJECT_DEFACL:
                    case OBJECT_DOMCONSTRAINT:
                    case OBJECT_PUBLICATION_NAMESPACE:
                    case OBJECT_PUBLICATION_REL:
                    case OBJECT_ROLE:
                    case OBJECT_RULE:
                    case OBJECT_TABCONSTRAINT:
                    case OBJECT_TRANSFORM:
                    case OBJECT_TRIGGER:
                    case OBJECT_TSPARSER:
                    case OBJECT_TSTEMPLATE:
                    case OBJECT_USER_MAPPING:
                        elog(ERROR, "unsupported object type: %d", objtype);
                }
 
                ereport(ERROR,
                        (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                         errmsg(msg, objectname)));
                break;
            }
        case ACLCHECK_NOT_OWNER:
            {
                const char *msg = "???";
 
                switch (objtype)
                {
                    case OBJECT_AGGREGATE:
                        msg = gettext_noop("must be owner of aggregate %s");
                        break;
                    case OBJECT_COLLATION:
                        msg = gettext_noop("must be owner of collation %s");
                        break;
                    case OBJECT_CONVERSION:
                        msg = gettext_noop("must be owner of conversion %s");
                        break;
                    case OBJECT_DATABASE:
                        msg = gettext_noop("must be owner of database %s");
                        break;
                    case OBJECT_DOMAIN:
                        msg = gettext_noop("must be owner of domain %s");
                        break;
                    case OBJECT_EVENT_TRIGGER:
                        msg = gettext_noop("must be owner of event trigger %s");
                        break;
                    case OBJECT_EXTENSION:
                        msg = gettext_noop("must be owner of extension %s");
                        break;
                    case OBJECT_FDW:
                        msg = gettext_noop("must be owner of foreign-data wrapper %s");
                        break;
                    case OBJECT_FOREIGN_SERVER:
                        msg = gettext_noop("must be owner of foreign server %s");
                        break;
                    case OBJECT_FOREIGN_TABLE:
                        msg = gettext_noop("must be owner of foreign table %s");
                        break;
                    case OBJECT_FUNCTION:
                        msg = gettext_noop("must be owner of function %s");
                        break;
                    case OBJECT_INDEX:
                        msg = gettext_noop("must be owner of index %s");
                        break;
                    case OBJECT_LANGUAGE:
                        msg = gettext_noop("must be owner of language %s");
                        break;
                    case OBJECT_LARGEOBJECT:
                        msg = gettext_noop("must be owner of large object %s");
                        break;
                    case OBJECT_MATVIEW:
                        msg = gettext_noop("must be owner of materialized view %s");
                        break;
                    case OBJECT_OPCLASS:
                        msg = gettext_noop("must be owner of operator class %s");
                        break;
                    case OBJECT_OPERATOR:
                        msg = gettext_noop("must be owner of operator %s");
                        break;
                    case OBJECT_OPFAMILY:
                        msg = gettext_noop("must be owner of operator family %s");
                        break;
                    case OBJECT_PROCEDURE:
                        msg = gettext_noop("must be owner of procedure %s");
                        break;
                    case OBJECT_PUBLICATION:
                        msg = gettext_noop("must be owner of publication %s");
                        break;
                    case OBJECT_ROUTINE:
                        msg = gettext_noop("must be owner of routine %s");
                        break;
                    case OBJECT_SEQUENCE:
                        msg = gettext_noop("must be owner of sequence %s");
                        break;
                    case OBJECT_SUBSCRIPTION:
                        msg = gettext_noop("must be owner of subscription %s");
                        break;
                    case OBJECT_TABLE:
                        msg = gettext_noop("must be owner of table %s");
                        break;
                    case OBJECT_TYPE:
                        msg = gettext_noop("must be owner of type %s");
                        break;
                    case OBJECT_VIEW:
                        msg = gettext_noop("must be owner of view %s");
                        break;
                    case OBJECT_SCHEMA:
                        msg = gettext_noop("must be owner of schema %s");
                        break;
                    case OBJECT_STATISTIC_EXT:
                        msg = gettext_noop("must be owner of statistics object %s");
                        break;
                    case OBJECT_TABLESPACE:
                        msg = gettext_noop("must be owner of tablespace %s");
                        break;
                    case OBJECT_TSCONFIGURATION:
                        msg = gettext_noop("must be owner of text search configuration %s");
                        break;
                    case OBJECT_TSDICTIONARY:
                        msg = gettext_noop("must be owner of text search dictionary %s");
                        break;
 
                        /*
                         * Special cases: For these, the error message talks
                         * about "relation", because that's where the
                         * ownership is attached.  See also
                         * check_object_ownership().
                         */
                    case OBJECT_COLUMN:
                    case OBJECT_POLICY:
                    case OBJECT_RULE:
                    case OBJECT_TABCONSTRAINT:
                    case OBJECT_TRIGGER:
                        msg = gettext_noop("must be owner of relation %s");
                        break;
                        /* these currently aren't used */
                    case OBJECT_ACCESS_METHOD:
                    case OBJECT_AMOP:
                    case OBJECT_AMPROC:
                    case OBJECT_ATTRIBUTE:
                    case OBJECT_CAST:
                    case OBJECT_DEFAULT:
                    case OBJECT_DEFACL:
                    case OBJECT_DOMCONSTRAINT:
                    case OBJECT_PARAMETER_ACL:
                    case OBJECT_PUBLICATION_NAMESPACE:
                    case OBJECT_PUBLICATION_REL:
                    case OBJECT_ROLE:
                    case OBJECT_TRANSFORM:
                    case OBJECT_TSPARSER:
                    case OBJECT_TSTEMPLATE:
                    case OBJECT_USER_MAPPING:
                        elog(ERROR, "unsupported object type: %d", objtype);
                }
 
                ereport(ERROR,
                        (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                         errmsg(msg, objectname)));
                break;
            }
        default:
            elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
            break;
    }
}

References ACLCHECK_NO_PRIV, ACLCHECK_NOT_OWNER, ACLCHECK_OK, elog(), ereport, errcode(), errmsg(), ERROR, gettext_noop, OBJECT_ACCESS_METHOD, OBJECT_AGGREGATE, OBJECT_AMOP, OBJECT_AMPROC, OBJECT_ATTRIBUTE, OBJECT_CAST, OBJECT_COLLATION, OBJECT_COLUMN, OBJECT_CONVERSION, OBJECT_DATABASE, OBJECT_DEFACL, OBJECT_DEFAULT, OBJECT_DOMAIN, OBJECT_DOMCONSTRAINT, OBJECT_EVENT_TRIGGER, OBJECT_EXTENSION, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FOREIGN_TABLE, OBJECT_FUNCTION, OBJECT_INDEX, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_MATVIEW, OBJECT_OPCLASS, OBJECT_OPERATOR, OBJECT_OPFAMILY, OBJECT_PARAMETER_ACL, OBJECT_POLICY, OBJECT_PROCEDURE, OBJECT_PUBLICATION, OBJECT_PUBLICATION_NAMESPACE, OBJECT_PUBLICATION_REL, OBJECT_ROLE, OBJECT_ROUTINE, OBJECT_RULE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_STATISTIC_EXT, OBJECT_SUBSCRIPTION, OBJECT_TABCONSTRAINT, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TRANSFORM, OBJECT_TRIGGER, OBJECT_TSCONFIGURATION, OBJECT_TSDICTIONARY, OBJECT_TSPARSER, OBJECT_TSTEMPLATE, OBJECT_TYPE, OBJECT_USER_MAPPING, and OBJECT_VIEW.

Referenced by aclcheck_error_col(), aclcheck_error_type(), AlterCollation(), AlterDatabase(), AlterDatabaseOwner(), AlterDatabaseRefreshColl(), AlterDatabaseSet(), AlterEventTrigger(), AlterEventTriggerOwner_internal(), AlterExtensionNamespace(), AlterForeignServer(), AlterForeignServerOwner_internal(), AlterFunction(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), AlterOperator(), AlterOpFamilyAdd(), AlterPublication(), AlterPublicationOwner_internal(), AlterRoleSet(), AlterSchemaOwner_internal(), AlterStatistics(), AlterSubscription(), AlterSubscriptionOwner_internal(), AlterTableMoveAll(), AlterTableSpaceOptions(), AlterTSConfiguration(), AlterTSDictionary(), AlterTypeOwner(), ATExecChangeOwner(), ATPrepSetTableSpace(), ATSimplePermissions(), brin_desummarize_range(), brin_summarize_range(), calculate_database_size(), calculate_tablespace_size(), call_pltcl_start_proc(), check_object_ownership(), check_temp_tablespaces(), checkFkeyPermissions(), CheckFunctionValidatorAccess(), compute_return_type(), CreateConversionCommand(), createdb(), CreateForeignServer(), CreateForeignTable(), CreateFunction(), CreateProceduralLanguage(), CreatePublication(), CreateSchemaCommand(), CreateStatistics(), CreateSubscription(), CreateTransform(), CreateTriggerFiringOn(), currtid_internal(), DefineAggregate(), DefineCollation(), DefineDomain(), DefineEnum(), DefineIndex(), DefineOpClass(), DefineOperator(), DefineOpFamily(), DefineQueryRewrite(), DefineRange(), DefineRelation(), DefineTSConfiguration(), DefineTSDictionary(), DefineType(), dropdb(), DropSubscription(), DropTableSpace(), EnableDisableRule(), ExecAlterExtensionContentsStmt(), ExecAlterExtensionStmt(), ExecBuildGroupingEqual(), ExecBuildParamSetEqual(), ExecCheckPermissions(), ExecInitAgg(), ExecInitExprRec(), ExecInitFunc(), ExecInitWindowAgg(), ExecReindex(), ExecuteCallStmt(), ExecuteDoStmt(), ExecuteTruncateGuts(), findRangeCanonicalFunction(), findRangeSubtypeDiffFunction(), get_connect_string(), get_other_operator(), get_rel_from_relname(), gin_clean_pending_list(), HandleFunctionRequest(), heap_force_common(), ImportForeignSchema(), init_sexpr(), initialize_peragg(), LockViewRecurse_walker(), LogicalRepSyncTableStart(), lookup_agg_function(), LookupCreationNamespace(), LookupExplicitNamespace(), MergeAttributes(), movedb(), OperatorCreate(), pg_prewarm(), pgrowlocks(), ProcedureCreate(), PublicationAddTables(), RangeVarCallbackForAlterRelation(), RangeVarCallbackForDropRelation(), RangeVarCallbackForLockTable(), RangeVarCallbackForPolicy(), RangeVarCallbackForReindexIndex(), RangeVarCallbackForRenameRule(), RangeVarCallbackForRenameTrigger(), RangeVarCallbackOwnsRelation(), RangeVarCallbackOwnsTable(), RangeVarGetAndCheckCreationNamespace(), ReindexMultipleInternal(), ReindexMultipleTables(), renameatt_check(), RenameDatabase(), RenameSchema(), RenameTableSpace(), restrict_and_check_grant(), TargetPrivilegesCheck(), transformTableLikeClause(), truncate_check_perms(), TypeCreate(), user_mapping_ddl_aclcheck(), ValidateJoinEstimator(), and ValidateRestrictionEstimator().

aclcheck_error_col()

void aclcheck_error_col	(	AclResult	aclerr,
		ObjectType	objtype,
		const char *	objectname,
		const char *	colname
	)

Definition at line 2958 of file aclchk.c.

{
    switch (aclerr)
    {
        case ACLCHECK_OK:
            /* no error, so return to caller */
            break;
        case ACLCHECK_NO_PRIV:
            ereport(ERROR,
                    (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                     errmsg("permission denied for column \"%s\" of relation \"%s\"",
                            colname, objectname)));
            break;
        case ACLCHECK_NOT_OWNER:
            /* relation msg is OK since columns don't have separate owners */
            aclcheck_error(aclerr, objtype, objectname);
            break;
        default:
            elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
            break;
    }
}

References aclcheck_error(), ACLCHECK_NO_PRIV, ACLCHECK_NOT_OWNER, ACLCHECK_OK, elog(), ereport, errcode(), errmsg(), and ERROR.

Referenced by restrict_and_check_grant().

aclcheck_error_type()

void aclcheck_error_type	(	AclResult	aclerr,
		Oid	typeOid
	)

Definition at line 2988 of file aclchk.c.

{
    Oid         element_type = get_element_type(typeOid);
 
    aclcheck_error(aclerr, OBJECT_TYPE, format_type_be(element_type ? element_type : typeOid));
}

References aclcheck_error(), format_type_be(), get_element_type(), and OBJECT_TYPE.

Referenced by AggregateCreate(), AlterType(), AlterTypeNamespace_oid(), AlterTypeOwner(), ATExecAddColumn(), ATPrepAlterColumnType(), BuildDescForRelation(), check_object_ownership(), checkDomainOwner(), checkEnumOwner(), compute_return_type(), CreateCast(), CreateTransform(), DefineDomain(), DefineOpClass(), DefineOperator(), DefineRelation(), interpret_function_parameter_list(), and RenameType().

ExecAlterDefaultPrivilegesStmt()

void ExecAlterDefaultPrivilegesStmt	(	ParseState *	pstate,
		AlterDefaultPrivilegesStmt *	stmt
	)

Definition at line 966 of file aclchk.c.

{
    GrantStmt  *action = stmt->action;
    InternalDefaultACL iacls;
    ListCell   *cell;
    List       *rolespecs = NIL;
    List       *nspnames = NIL;
    DefElem    *drolespecs = NULL;
    DefElem    *dnspnames = NULL;
    AclMode     all_privileges;
    const char *errormsg;
 
    /* Deconstruct the "options" part of the statement */
    foreach(cell, stmt->options)
    {
        DefElem    *defel = (DefElem *) lfirst(cell);
 
        if (strcmp(defel->defname, "schemas") == 0)
        {
            if (dnspnames)
                errorConflictingDefElem(defel, pstate);
            dnspnames = defel;
        }
        else if (strcmp(defel->defname, "roles") == 0)
        {
            if (drolespecs)
                errorConflictingDefElem(defel, pstate);
            drolespecs = defel;
        }
        else
            elog(ERROR, "option \"%s\" not recognized", defel->defname);
    }
 
    if (dnspnames)
        nspnames = (List *) dnspnames->arg;
    if (drolespecs)
        rolespecs = (List *) drolespecs->arg;
 
    /* Prepare the InternalDefaultACL representation of the statement */
    /* roleid to be filled below */
    /* nspid to be filled in SetDefaultACLsInSchemas */
    iacls.is_grant = action->is_grant;
    iacls.objtype = action->objtype;
    /* all_privs to be filled below */
    /* privileges to be filled below */
    iacls.grantees = NIL;       /* filled below */
    iacls.grant_option = action->grant_option;
    iacls.behavior = action->behavior;
 
    /*
     * Convert the RoleSpec list into an Oid list.  Note that at this point we
     * insert an ACL_ID_PUBLIC into the list if appropriate, so downstream
     * there shouldn't be any additional work needed to support this case.
     */
    foreach(cell, action->grantees)
    {
        RoleSpec   *grantee = (RoleSpec *) lfirst(cell);
        Oid         grantee_uid;
 
        switch (grantee->roletype)
        {
            case ROLESPEC_PUBLIC:
                grantee_uid = ACL_ID_PUBLIC;
                break;
            default:
                grantee_uid = get_rolespec_oid(grantee, false);
                break;
        }
        iacls.grantees = lappend_oid(iacls.grantees, grantee_uid);
    }
 
    /*
     * Convert action->privileges, a list of privilege strings, into an
     * AclMode bitmask.
     */
    switch (action->objtype)
    {
        case OBJECT_TABLE:
            all_privileges = ACL_ALL_RIGHTS_RELATION;
            errormsg = gettext_noop("invalid privilege type %s for relation");
            break;
        case OBJECT_SEQUENCE:
            all_privileges = ACL_ALL_RIGHTS_SEQUENCE;
            errormsg = gettext_noop("invalid privilege type %s for sequence");
            break;
        case OBJECT_FUNCTION:
            all_privileges = ACL_ALL_RIGHTS_FUNCTION;
            errormsg = gettext_noop("invalid privilege type %s for function");
            break;
        case OBJECT_PROCEDURE:
            all_privileges = ACL_ALL_RIGHTS_FUNCTION;
            errormsg = gettext_noop("invalid privilege type %s for procedure");
            break;
        case OBJECT_ROUTINE:
            all_privileges = ACL_ALL_RIGHTS_FUNCTION;
            errormsg = gettext_noop("invalid privilege type %s for routine");
            break;
        case OBJECT_TYPE:
            all_privileges = ACL_ALL_RIGHTS_TYPE;
            errormsg = gettext_noop("invalid privilege type %s for type");
            break;
        case OBJECT_SCHEMA:
            all_privileges = ACL_ALL_RIGHTS_SCHEMA;
            errormsg = gettext_noop("invalid privilege type %s for schema");
            break;
        default:
            elog(ERROR, "unrecognized GrantStmt.objtype: %d",
                 (int) action->objtype);
            /* keep compiler quiet */
            all_privileges = ACL_NO_RIGHTS;
            errormsg = NULL;
    }
 
    if (action->privileges == NIL)
    {
        iacls.all_privs = true;
 
        /*
         * will be turned into ACL_ALL_RIGHTS_* by the internal routines
         * depending on the object type
         */
        iacls.privileges = ACL_NO_RIGHTS;
    }
    else
    {
        iacls.all_privs = false;
        iacls.privileges = ACL_NO_RIGHTS;
 
        foreach(cell, action->privileges)
        {
            AccessPriv *privnode = (AccessPriv *) lfirst(cell);
            AclMode     priv;
 
            if (privnode->cols)
                ereport(ERROR,
                        (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                         errmsg("default privileges cannot be set for columns")));
 
            if (privnode->priv_name == NULL)    /* parser mistake? */
                elog(ERROR, "AccessPriv node must specify privilege");
            priv = string_to_privilege(privnode->priv_name);
 
            if (priv & ~((AclMode) all_privileges))
                ereport(ERROR,
                        (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                         errmsg(errormsg, privilege_to_string(priv))));
 
            iacls.privileges |= priv;
        }
    }
 
    if (rolespecs == NIL)
    {
        /* Set permissions for myself */
        iacls.roleid = GetUserId();
 
        SetDefaultACLsInSchemas(&iacls, nspnames);
    }
    else
    {
        /* Look up the role OIDs and do permissions checks */
        ListCell   *rolecell;
 
        foreach(rolecell, rolespecs)
        {
            RoleSpec   *rolespec = lfirst(rolecell);
 
            iacls.roleid = get_rolespec_oid(rolespec, false);
 
            if (!has_privs_of_role(GetUserId(), iacls.roleid))
                ereport(ERROR,
                        (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                         errmsg("permission denied to change default privileges")));
 
            SetDefaultACLsInSchemas(&iacls, nspnames);
        }
    }
}

References ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TYPE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, generate_unaccent_rules::action, InternalDefaultACL::all_privs, DefElem::arg, InternalDefaultACL::behavior, AccessPriv::cols, DefElem::defname, elog(), ereport, errcode(), errmsg(), ERROR, errorConflictingDefElem(), get_rolespec_oid(), gettext_noop, GetUserId(), InternalDefaultACL::grant_option, InternalDefaultACL::grantees, has_privs_of_role(), if(), InternalDefaultACL::is_grant, lappend_oid(), lfirst, NIL, OBJECT_FUNCTION, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TYPE, InternalDefaultACL::objtype, AccessPriv::priv_name, privilege_to_string(), InternalDefaultACL::privileges, InternalDefaultACL::roleid, ROLESPEC_PUBLIC, RoleSpec::roletype, SetDefaultACLsInSchemas(), stmt, and string_to_privilege().

Referenced by ProcessUtilitySlow().

ExecGrant_Attribute()

static void ExecGrant_Attribute ( InternalGrant *  istmt, Oid  relOid, const char *  relname, AttrNumber  attnum, Oid  ownerId, AclMode  col_privileges, Relation  attRelation, const Acl *  old_rel_acl  )

static

Definition at line 1658 of file aclchk.c.

{
    HeapTuple   attr_tuple;
    Form_pg_attribute pg_attribute_tuple;
    Acl        *old_acl;
    Acl        *new_acl;
    Acl        *merged_acl;
    Datum       aclDatum;
    bool        isNull;
    Oid         grantorId;
    AclMode     avail_goptions;
    bool        need_update;
    HeapTuple   newtuple;
    Datum       values[Natts_pg_attribute] = {0};
    bool        nulls[Natts_pg_attribute] = {0};
    bool        replaces[Natts_pg_attribute] = {0};
    int         noldmembers;
    int         nnewmembers;
    Oid        *oldmembers;
    Oid        *newmembers;
 
    attr_tuple = SearchSysCache2(ATTNUM,
                                 ObjectIdGetDatum(relOid),
                                 Int16GetDatum(attnum));
    if (!HeapTupleIsValid(attr_tuple))
        elog(ERROR, "cache lookup failed for attribute %d of relation %u",
             attnum, relOid);
    pg_attribute_tuple = (Form_pg_attribute) GETSTRUCT(attr_tuple);
 
    /*
     * Get working copy of existing ACL. If there's no ACL, substitute the
     * proper default.
     */
    aclDatum = SysCacheGetAttr(ATTNUM, attr_tuple, Anum_pg_attribute_attacl,
                               &isNull);
    if (isNull)
    {
        old_acl = acldefault(OBJECT_COLUMN, ownerId);
        /* There are no old member roles according to the catalogs */
        noldmembers = 0;
        oldmembers = NULL;
    }
    else
    {
        old_acl = DatumGetAclPCopy(aclDatum);
        /* Get the roles mentioned in the existing ACL */
        noldmembers = aclmembers(old_acl, &oldmembers);
    }
 
    /*
     * In select_best_grantor we should consider existing table-level ACL bits
     * as well as the per-column ACL.  Build a new ACL that is their
     * concatenation.  (This is a bit cheap and dirty compared to merging them
     * properly with no duplications, but it's all we need here.)
     */
    merged_acl = aclconcat(old_rel_acl, old_acl);
 
    /* Determine ID to do the grant as, and available grant options */
    select_best_grantor(GetUserId(), col_privileges,
                        merged_acl, ownerId,
                        &grantorId, &avail_goptions);
 
    pfree(merged_acl);
 
    /*
     * Restrict the privileges to what we can actually grant, and emit the
     * standards-mandated warning and error messages.  Note: we don't track
     * whether the user actually used the ALL PRIVILEGES(columns) syntax for
     * each column; we just approximate it by whether all the possible
     * privileges are specified now.  Since the all_privs flag only determines
     * whether a warning is issued, this seems close enough.
     */
    col_privileges =
        restrict_and_check_grant(istmt->is_grant, avail_goptions,
                                 (col_privileges == ACL_ALL_RIGHTS_COLUMN),
                                 col_privileges,
                                 relOid, grantorId, OBJECT_COLUMN,
                                 relname, attnum,
                                 NameStr(pg_attribute_tuple->attname));
 
    /*
     * Generate new ACL.
     */
    new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
                                   istmt->grant_option,
                                   istmt->behavior, istmt->grantees,
                                   col_privileges, grantorId,
                                   ownerId);
 
    /*
     * We need the members of both old and new ACLs so we can correct the
     * shared dependency information.
     */
    nnewmembers = aclmembers(new_acl, &newmembers);
 
    /* finished building new ACL value, now insert it */
 
    /*
     * If the updated ACL is empty, we can set attacl to null, and maybe even
     * avoid an update of the pg_attribute row.  This is worth testing because
     * we'll come through here multiple times for any relation-level REVOKE,
     * even if there were never any column GRANTs.  Note we are assuming that
     * the "default" ACL state for columns is empty.
     */
    if (ACL_NUM(new_acl) > 0)
    {
        values[Anum_pg_attribute_attacl - 1] = PointerGetDatum(new_acl);
        need_update = true;
    }
    else
    {
        nulls[Anum_pg_attribute_attacl - 1] = true;
        need_update = !isNull;
    }
    replaces[Anum_pg_attribute_attacl - 1] = true;
 
    if (need_update)
    {
        newtuple = heap_modify_tuple(attr_tuple, RelationGetDescr(attRelation),
                                     values, nulls, replaces);
 
        CatalogTupleUpdate(attRelation, &newtuple->t_self, newtuple);
 
        /* Update initial privileges for extensions */
        recordExtensionInitPriv(relOid, RelationRelationId, attnum,
                                ACL_NUM(new_acl) > 0 ? new_acl : NULL);
 
        /* Update the shared dependency ACL info */
        updateAclDependencies(RelationRelationId, relOid, attnum,
                              ownerId,
                              noldmembers, oldmembers,
                              nnewmembers, newmembers);
    }
 
    pfree(new_acl);
 
    ReleaseSysCache(attr_tuple);
}

References ACL_ALL_RIGHTS_COLUMN, ACL_NUM, aclconcat(), acldefault(), aclmembers(), attnum, ATTNUM, InternalGrant::behavior, CatalogTupleUpdate(), DatumGetAclPCopy, elog(), ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, Int16GetDatum(), InternalGrant::is_grant, merge_acl_with_grant(), NameStr, OBJECT_COLUMN, ObjectIdGetDatum(), pfree(), PointerGetDatum(), recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), relname, restrict_and_check_grant(), SearchSysCache2(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, updateAclDependencies(), and values.

Referenced by ExecGrant_Relation().

ExecGrant_common()

static void ExecGrant_common ( InternalGrant *  istmt, Oid  classid, AclMode  default_privs, void(*)(InternalGrant *istmt, HeapTuple tuple)  object_check  )

static

Definition at line 2131 of file aclchk.c.

{
    int         cacheid;
    Relation    relation;
    ListCell   *cell;
 
    if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
        istmt->privileges = default_privs;
 
    cacheid = get_object_catcache_oid(classid);
 
    relation = table_open(classid, RowExclusiveLock);
 
    foreach(cell, istmt->objects)
    {
        Oid         objectid = lfirst_oid(cell);
        Datum       aclDatum;
        Datum       nameDatum;
        bool        isNull;
        AclMode     avail_goptions;
        AclMode     this_privileges;
        Acl        *old_acl;
        Acl        *new_acl;
        Oid         grantorId;
        Oid         ownerId;
        HeapTuple   tuple;
        HeapTuple   newtuple;
        Datum      *values = palloc0_array(Datum, RelationGetDescr(relation)->natts);
        bool       *nulls = palloc0_array(bool, RelationGetDescr(relation)->natts);
        bool       *replaces = palloc0_array(bool, RelationGetDescr(relation)->natts);
        int         noldmembers;
        int         nnewmembers;
        Oid        *oldmembers;
        Oid        *newmembers;
 
        tuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objectid));
        if (!HeapTupleIsValid(tuple))
            elog(ERROR, "cache lookup failed for %s %u", get_object_class_descr(classid), objectid);
 
        /*
         * Additional object-type-specific checks
         */
        if (object_check)
            object_check(istmt, tuple);
 
        /*
         * Get owner ID and working copy of existing ACL. If there's no ACL,
         * substitute the proper default.
         */
        ownerId = DatumGetObjectId(SysCacheGetAttrNotNull(cacheid,
                                                          tuple,
                                                          get_object_attnum_owner(classid)));
        aclDatum = SysCacheGetAttr(cacheid,
                                   tuple,
                                   get_object_attnum_acl(classid),
                                   &isNull);
        if (isNull)
        {
            old_acl = acldefault(get_object_type(classid, objectid), ownerId);
            /* There are no old member roles according to the catalogs */
            noldmembers = 0;
            oldmembers = NULL;
        }
        else
        {
            old_acl = DatumGetAclPCopy(aclDatum);
            /* Get the roles mentioned in the existing ACL */
            noldmembers = aclmembers(old_acl, &oldmembers);
        }
 
        /* Determine ID to do the grant as, and available grant options */
        select_best_grantor(GetUserId(), istmt->privileges,
                            old_acl, ownerId,
                            &grantorId, &avail_goptions);
 
        nameDatum = SysCacheGetAttrNotNull(cacheid, tuple,
                                           get_object_attnum_name(classid));
 
        /*
         * Restrict the privileges to what we can actually grant, and emit the
         * standards-mandated warning and error messages.
         */
        this_privileges =
            restrict_and_check_grant(istmt->is_grant, avail_goptions,
                                     istmt->all_privs, istmt->privileges,
                                     objectid, grantorId, get_object_type(classid, objectid),
                                     NameStr(*DatumGetName(nameDatum)),
                                     0, NULL);
 
        /*
         * Generate new ACL.
         */
        new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
                                       istmt->grant_option, istmt->behavior,
                                       istmt->grantees, this_privileges,
                                       grantorId, ownerId);
 
        /*
         * We need the members of both old and new ACLs so we can correct the
         * shared dependency information.
         */
        nnewmembers = aclmembers(new_acl, &newmembers);
 
        /* finished building new ACL value, now insert it */
        replaces[get_object_attnum_acl(classid) - 1] = true;
        values[get_object_attnum_acl(classid) - 1] = PointerGetDatum(new_acl);
 
        newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
                                     nulls, replaces);
 
        CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
 
        /* Update initial privileges for extensions */
        recordExtensionInitPriv(objectid, classid, 0, new_acl);
 
        /* Update the shared dependency ACL info */
        updateAclDependencies(classid,
                              objectid, 0,
                              ownerId,
                              noldmembers, oldmembers,
                              nnewmembers, newmembers);
 
        ReleaseSysCache(tuple);
 
        pfree(new_acl);
 
        /* prevent error when processing duplicate objects */
        CommandCounterIncrement();
    }
 
    table_close(relation, RowExclusiveLock);
}

References ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, DatumGetName(), DatumGetObjectId(), elog(), ERROR, get_object_attnum_acl(), get_object_attnum_name(), get_object_attnum_owner(), get_object_catcache_oid(), get_object_class_descr(), get_object_type(), GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), NameStr, ObjectIdGetDatum(), InternalGrant::objects, palloc0_array, pfree(), PointerGetDatum(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), SysCacheGetAttrNotNull(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

ExecGrant_Language_check()

static void ExecGrant_Language_check ( InternalGrant *  istmt, HeapTuple  tuple  )

static

Definition at line 2266 of file aclchk.c.

{
    Form_pg_language pg_language_tuple;
 
    pg_language_tuple = (Form_pg_language) GETSTRUCT(tuple);
 
    if (!pg_language_tuple->lanpltrusted)
        ereport(ERROR,
                (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                 errmsg("language \"%s\" is not trusted",
                        NameStr(pg_language_tuple->lanname)),
                 errdetail("GRANT and REVOKE are not allowed on untrusted languages, "
                           "because only superusers can use untrusted languages.")));
}

References ereport, errcode(), errdetail(), errmsg(), ERROR, GETSTRUCT, and NameStr.

Referenced by ExecGrantStmt_oids().

ExecGrant_Largeobject()

static void ExecGrant_Largeobject ( InternalGrant *  istmt )

static

Definition at line 2282 of file aclchk.c.

{
    Relation    relation;
    ListCell   *cell;
 
    if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
        istmt->privileges = ACL_ALL_RIGHTS_LARGEOBJECT;
 
    relation = table_open(LargeObjectMetadataRelationId,
                          RowExclusiveLock);
 
    foreach(cell, istmt->objects)
    {
        Oid         loid = lfirst_oid(cell);
        Form_pg_largeobject_metadata form_lo_meta;
        char        loname[NAMEDATALEN];
        Datum       aclDatum;
        bool        isNull;
        AclMode     avail_goptions;
        AclMode     this_privileges;
        Acl        *old_acl;
        Acl        *new_acl;
        Oid         grantorId;
        Oid         ownerId;
        HeapTuple   newtuple;
        Datum       values[Natts_pg_largeobject_metadata] = {0};
        bool        nulls[Natts_pg_largeobject_metadata] = {0};
        bool        replaces[Natts_pg_largeobject_metadata] = {0};
        int         noldmembers;
        int         nnewmembers;
        Oid        *oldmembers;
        Oid        *newmembers;
        ScanKeyData entry[1];
        SysScanDesc scan;
        HeapTuple   tuple;
 
        /* There's no syscache for pg_largeobject_metadata */
        ScanKeyInit(&entry[0],
                    Anum_pg_largeobject_metadata_oid,
                    BTEqualStrategyNumber, F_OIDEQ,
                    ObjectIdGetDatum(loid));
 
        scan = systable_beginscan(relation,
                                  LargeObjectMetadataOidIndexId, true,
                                  NULL, 1, entry);
 
        tuple = systable_getnext(scan);
        if (!HeapTupleIsValid(tuple))
            elog(ERROR, "could not find tuple for large object %u", loid);
 
        form_lo_meta = (Form_pg_largeobject_metadata) GETSTRUCT(tuple);
 
        /*
         * Get owner ID and working copy of existing ACL. If there's no ACL,
         * substitute the proper default.
         */
        ownerId = form_lo_meta->lomowner;
        aclDatum = heap_getattr(tuple,
                                Anum_pg_largeobject_metadata_lomacl,
                                RelationGetDescr(relation), &isNull);
        if (isNull)
        {
            old_acl = acldefault(OBJECT_LARGEOBJECT, ownerId);
            /* There are no old member roles according to the catalogs */
            noldmembers = 0;
            oldmembers = NULL;
        }
        else
        {
            old_acl = DatumGetAclPCopy(aclDatum);
            /* Get the roles mentioned in the existing ACL */
            noldmembers = aclmembers(old_acl, &oldmembers);
        }
 
        /* Determine ID to do the grant as, and available grant options */
        select_best_grantor(GetUserId(), istmt->privileges,
                            old_acl, ownerId,
                            &grantorId, &avail_goptions);
 
        /*
         * Restrict the privileges to what we can actually grant, and emit the
         * standards-mandated warning and error messages.
         */
        snprintf(loname, sizeof(loname), "large object %u", loid);
        this_privileges =
            restrict_and_check_grant(istmt->is_grant, avail_goptions,
                                     istmt->all_privs, istmt->privileges,
                                     loid, grantorId, OBJECT_LARGEOBJECT,
                                     loname, 0, NULL);
 
        /*
         * Generate new ACL.
         */
        new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
                                       istmt->grant_option, istmt->behavior,
                                       istmt->grantees, this_privileges,
                                       grantorId, ownerId);
 
        /*
         * We need the members of both old and new ACLs so we can correct the
         * shared dependency information.
         */
        nnewmembers = aclmembers(new_acl, &newmembers);
 
        /* finished building new ACL value, now insert it */
        replaces[Anum_pg_largeobject_metadata_lomacl - 1] = true;
        values[Anum_pg_largeobject_metadata_lomacl - 1]
            = PointerGetDatum(new_acl);
 
        newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
                                     values, nulls, replaces);
 
        CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
 
        /* Update initial privileges for extensions */
        recordExtensionInitPriv(loid, LargeObjectRelationId, 0, new_acl);
 
        /* Update the shared dependency ACL info */
        updateAclDependencies(LargeObjectRelationId,
                              form_lo_meta->oid, 0,
                              ownerId,
                              noldmembers, oldmembers,
                              nnewmembers, newmembers);
 
        systable_endscan(scan);
 
        pfree(new_acl);
 
        /* prevent error when processing duplicate objects */
        CommandCounterIncrement();
    }
 
    table_close(relation, RowExclusiveLock);
}

References ACL_ALL_RIGHTS_LARGEOBJECT, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, BTEqualStrategyNumber, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog(), ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_getattr(), heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), NAMEDATALEN, OBJECT_LARGEOBJECT, ObjectIdGetDatum(), InternalGrant::objects, pfree(), PointerGetDatum(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, restrict_and_check_grant(), RowExclusiveLock, ScanKeyInit(), select_best_grantor(), snprintf, systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

ExecGrant_Parameter()

static void ExecGrant_Parameter ( InternalGrant *  istmt )

static

Definition at line 2440 of file aclchk.c.

{
    Relation    relation;
    ListCell   *cell;
 
    if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
        istmt->privileges = ACL_ALL_RIGHTS_PARAMETER_ACL;
 
    relation = table_open(ParameterAclRelationId, RowExclusiveLock);
 
    foreach(cell, istmt->objects)
    {
        Oid         parameterId = lfirst_oid(cell);
        Datum       nameDatum;
        const char *parname;
        Datum       aclDatum;
        bool        isNull;
        AclMode     avail_goptions;
        AclMode     this_privileges;
        Acl        *old_acl;
        Acl        *new_acl;
        Oid         grantorId;
        Oid         ownerId;
        HeapTuple   tuple;
        int         noldmembers;
        int         nnewmembers;
        Oid        *oldmembers;
        Oid        *newmembers;
 
        tuple = SearchSysCache1(PARAMETERACLOID, ObjectIdGetDatum(parameterId));
        if (!HeapTupleIsValid(tuple))
            elog(ERROR, "cache lookup failed for parameter ACL %u",
                 parameterId);
 
        /* We'll need the GUC's name */
        nameDatum = SysCacheGetAttrNotNull(PARAMETERACLOID, tuple,
                                           Anum_pg_parameter_acl_parname);
        parname = TextDatumGetCString(nameDatum);
 
        /* Treat all parameters as belonging to the bootstrap superuser. */
        ownerId = BOOTSTRAP_SUPERUSERID;
 
        /*
         * Get working copy of existing ACL. If there's no ACL, substitute the
         * proper default.
         */
        aclDatum = SysCacheGetAttr(PARAMETERACLOID, tuple,
                                   Anum_pg_parameter_acl_paracl,
                                   &isNull);
 
        if (isNull)
        {
            old_acl = acldefault(istmt->objtype, ownerId);
            /* There are no old member roles according to the catalogs */
            noldmembers = 0;
            oldmembers = NULL;
        }
        else
        {
            old_acl = DatumGetAclPCopy(aclDatum);
            /* Get the roles mentioned in the existing ACL */
            noldmembers = aclmembers(old_acl, &oldmembers);
        }
 
        /* Determine ID to do the grant as, and available grant options */
        select_best_grantor(GetUserId(), istmt->privileges,
                            old_acl, ownerId,
                            &grantorId, &avail_goptions);
 
        /*
         * Restrict the privileges to what we can actually grant, and emit the
         * standards-mandated warning and error messages.
         */
        this_privileges =
            restrict_and_check_grant(istmt->is_grant, avail_goptions,
                                     istmt->all_privs, istmt->privileges,
                                     parameterId, grantorId,
                                     OBJECT_PARAMETER_ACL,
                                     parname,
                                     0, NULL);
 
        /*
         * Generate new ACL.
         */
        new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
                                       istmt->grant_option, istmt->behavior,
                                       istmt->grantees, this_privileges,
                                       grantorId, ownerId);
 
        /*
         * We need the members of both old and new ACLs so we can correct the
         * shared dependency information.
         */
        nnewmembers = aclmembers(new_acl, &newmembers);
 
        /*
         * If the new ACL is equal to the default, we don't need the catalog
         * entry any longer.  Delete it rather than updating it, to avoid
         * leaving a degenerate entry.
         */
        if (aclequal(new_acl, acldefault(istmt->objtype, ownerId)))
        {
            CatalogTupleDelete(relation, &tuple->t_self);
        }
        else
        {
            /* finished building new ACL value, now insert it */
            HeapTuple   newtuple;
            Datum       values[Natts_pg_parameter_acl] = {0};
            bool        nulls[Natts_pg_parameter_acl] = {0};
            bool        replaces[Natts_pg_parameter_acl] = {0};
 
            replaces[Anum_pg_parameter_acl_paracl - 1] = true;
            values[Anum_pg_parameter_acl_paracl - 1] = PointerGetDatum(new_acl);
 
            newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
                                         values, nulls, replaces);
 
            CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
        }
 
        /* Update initial privileges for extensions */
        recordExtensionInitPriv(parameterId, ParameterAclRelationId, 0,
                                new_acl);
 
        /* Update the shared dependency ACL info */
        updateAclDependencies(ParameterAclRelationId, parameterId, 0,
                              ownerId,
                              noldmembers, oldmembers,
                              nnewmembers, newmembers);
 
        ReleaseSysCache(tuple);
        pfree(new_acl);
 
        /* prevent error when processing duplicate objects */
        CommandCounterIncrement();
    }
 
    table_close(relation, RowExclusiveLock);
}

References ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_NO_RIGHTS, acldefault(), aclequal(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleDelete(), CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog(), ERROR, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), OBJECT_PARAMETER_ACL, ObjectIdGetDatum(), InternalGrant::objects, InternalGrant::objtype, PARAMETERACLOID, pfree(), PointerGetDatum(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), SysCacheGetAttrNotNull(), HeapTupleData::t_self, table_close(), table_open(), TextDatumGetCString, updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

ExecGrant_Relation()

static void ExecGrant_Relation ( InternalGrant *  istmt )

static

Definition at line 1803 of file aclchk.c.

{
    Relation    relation;
    Relation    attRelation;
    ListCell   *cell;
 
    relation = table_open(RelationRelationId, RowExclusiveLock);
    attRelation = table_open(AttributeRelationId, RowExclusiveLock);
 
    foreach(cell, istmt->objects)
    {
        Oid         relOid = lfirst_oid(cell);
        Datum       aclDatum;
        Form_pg_class pg_class_tuple;
        bool        isNull;
        AclMode     this_privileges;
        AclMode    *col_privileges;
        int         num_col_privileges;
        bool        have_col_privileges;
        Acl        *old_acl;
        Acl        *old_rel_acl;
        int         noldmembers;
        Oid        *oldmembers;
        Oid         ownerId;
        HeapTuple   tuple;
        ListCell   *cell_colprivs;
 
        tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(relOid));
        if (!HeapTupleIsValid(tuple))
            elog(ERROR, "cache lookup failed for relation %u", relOid);
        pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
 
        /* Not sensible to grant on an index */
        if (pg_class_tuple->relkind == RELKIND_INDEX ||
            pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX)
            ereport(ERROR,
                    (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                     errmsg("\"%s\" is an index",
                            NameStr(pg_class_tuple->relname))));
 
        /* Composite types aren't tables either */
        if (pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
            ereport(ERROR,
                    (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                     errmsg("\"%s\" is a composite type",
                            NameStr(pg_class_tuple->relname))));
 
        /* Used GRANT SEQUENCE on a non-sequence? */
        if (istmt->objtype == OBJECT_SEQUENCE &&
            pg_class_tuple->relkind != RELKIND_SEQUENCE)
            ereport(ERROR,
                    (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                     errmsg("\"%s\" is not a sequence",
                            NameStr(pg_class_tuple->relname))));
 
        /* Adjust the default permissions based on object type */
        if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
        {
            if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
                this_privileges = ACL_ALL_RIGHTS_SEQUENCE;
            else
                this_privileges = ACL_ALL_RIGHTS_RELATION;
        }
        else
            this_privileges = istmt->privileges;
 
        /*
         * The GRANT TABLE syntax can be used for sequences and non-sequences,
         * so we have to look at the relkind to determine the supported
         * permissions.  The OR of table and sequence permissions were already
         * checked.
         */
        if (istmt->objtype == OBJECT_TABLE)
        {
            if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
            {
                /*
                 * For backward compatibility, just throw a warning for
                 * invalid sequence permissions when using the non-sequence
                 * GRANT syntax.
                 */
                if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_SEQUENCE))
                {
                    /*
                     * Mention the object name because the user needs to know
                     * which operations succeeded.  This is required because
                     * WARNING allows the command to continue.
                     */
                    ereport(WARNING,
                            (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                             errmsg("sequence \"%s\" only supports USAGE, SELECT, and UPDATE privileges",
                                    NameStr(pg_class_tuple->relname))));
                    this_privileges &= (AclMode) ACL_ALL_RIGHTS_SEQUENCE;
                }
            }
            else
            {
                if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_RELATION))
                {
                    /*
                     * USAGE is the only permission supported by sequences but
                     * not by non-sequences.  Don't mention the object name
                     * because we didn't in the combined TABLE | SEQUENCE
                     * check.
                     */
                    ereport(ERROR,
                            (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                             errmsg("invalid privilege type %s for table",
                                    "USAGE")));
                }
            }
        }
 
        /*
         * Set up array in which we'll accumulate any column privilege bits
         * that need modification.  The array is indexed such that entry [0]
         * corresponds to FirstLowInvalidHeapAttributeNumber.
         */
        num_col_privileges = pg_class_tuple->relnatts - FirstLowInvalidHeapAttributeNumber + 1;
        col_privileges = (AclMode *) palloc0(num_col_privileges * sizeof(AclMode));
        have_col_privileges = false;
 
        /*
         * If we are revoking relation privileges that are also column
         * privileges, we must implicitly revoke them from each column too,
         * per SQL spec.  (We don't need to implicitly add column privileges
         * during GRANT because the permissions-checking code always checks
         * both relation and per-column privileges.)
         */
        if (!istmt->is_grant &&
            (this_privileges & ACL_ALL_RIGHTS_COLUMN) != 0)
        {
            expand_all_col_privileges(relOid, pg_class_tuple,
                                      this_privileges & ACL_ALL_RIGHTS_COLUMN,
                                      col_privileges,
                                      num_col_privileges);
            have_col_privileges = true;
        }
 
        /*
         * Get owner ID and working copy of existing ACL. If there's no ACL,
         * substitute the proper default.
         */
        ownerId = pg_class_tuple->relowner;
        aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
                                   &isNull);
        if (isNull)
        {
            switch (pg_class_tuple->relkind)
            {
                case RELKIND_SEQUENCE:
                    old_acl = acldefault(OBJECT_SEQUENCE, ownerId);
                    break;
                default:
                    old_acl = acldefault(OBJECT_TABLE, ownerId);
                    break;
            }
            /* There are no old member roles according to the catalogs */
            noldmembers = 0;
            oldmembers = NULL;
        }
        else
        {
            old_acl = DatumGetAclPCopy(aclDatum);
            /* Get the roles mentioned in the existing ACL */
            noldmembers = aclmembers(old_acl, &oldmembers);
        }
 
        /* Need an extra copy of original rel ACL for column handling */
        old_rel_acl = aclcopy(old_acl);
 
        /*
         * Handle relation-level privileges, if any were specified
         */
        if (this_privileges != ACL_NO_RIGHTS)
        {
            AclMode     avail_goptions;
            Acl        *new_acl;
            Oid         grantorId;
            HeapTuple   newtuple;
            Datum       values[Natts_pg_class] = {0};
            bool        nulls[Natts_pg_class] = {0};
            bool        replaces[Natts_pg_class] = {0};
            int         nnewmembers;
            Oid        *newmembers;
            ObjectType  objtype;
 
            /* Determine ID to do the grant as, and available grant options */
            select_best_grantor(GetUserId(), this_privileges,
                                old_acl, ownerId,
                                &grantorId, &avail_goptions);
 
            switch (pg_class_tuple->relkind)
            {
                case RELKIND_SEQUENCE:
                    objtype = OBJECT_SEQUENCE;
                    break;
                default:
                    objtype = OBJECT_TABLE;
                    break;
            }
 
            /*
             * Restrict the privileges to what we can actually grant, and emit
             * the standards-mandated warning and error messages.
             */
            this_privileges =
                restrict_and_check_grant(istmt->is_grant, avail_goptions,
                                         istmt->all_privs, this_privileges,
                                         relOid, grantorId, objtype,
                                         NameStr(pg_class_tuple->relname),
                                         0, NULL);
 
            /*
             * Generate new ACL.
             */
            new_acl = merge_acl_with_grant(old_acl,
                                           istmt->is_grant,
                                           istmt->grant_option,
                                           istmt->behavior,
                                           istmt->grantees,
                                           this_privileges,
                                           grantorId,
                                           ownerId);
 
            /*
             * We need the members of both old and new ACLs so we can correct
             * the shared dependency information.
             */
            nnewmembers = aclmembers(new_acl, &newmembers);
 
            /* finished building new ACL value, now insert it */
            replaces[Anum_pg_class_relacl - 1] = true;
            values[Anum_pg_class_relacl - 1] = PointerGetDatum(new_acl);
 
            newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
                                         values, nulls, replaces);
 
            CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
 
            /* Update initial privileges for extensions */
            recordExtensionInitPriv(relOid, RelationRelationId, 0, new_acl);
 
            /* Update the shared dependency ACL info */
            updateAclDependencies(RelationRelationId, relOid, 0,
                                  ownerId,
                                  noldmembers, oldmembers,
                                  nnewmembers, newmembers);
 
            pfree(new_acl);
        }
 
        /*
         * Handle column-level privileges, if any were specified or implied.
         * We first expand the user-specified column privileges into the
         * array, and then iterate over all nonempty array entries.
         */
        foreach(cell_colprivs, istmt->col_privs)
        {
            AccessPriv *col_privs = (AccessPriv *) lfirst(cell_colprivs);
 
            if (col_privs->priv_name == NULL)
                this_privileges = ACL_ALL_RIGHTS_COLUMN;
            else
                this_privileges = string_to_privilege(col_privs->priv_name);
 
            if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_COLUMN))
                ereport(ERROR,
                        (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                         errmsg("invalid privilege type %s for column",
                                privilege_to_string(this_privileges))));
 
            if (pg_class_tuple->relkind == RELKIND_SEQUENCE &&
                this_privileges & ~((AclMode) ACL_SELECT))
            {
                /*
                 * The only column privilege allowed on sequences is SELECT.
                 * This is a warning not error because we do it that way for
                 * relation-level privileges.
                 */
                ereport(WARNING,
                        (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                         errmsg("sequence \"%s\" only supports SELECT column privileges",
                                NameStr(pg_class_tuple->relname))));
 
                this_privileges &= (AclMode) ACL_SELECT;
            }
 
            expand_col_privileges(col_privs->cols, relOid,
                                  this_privileges,
                                  col_privileges,
                                  num_col_privileges);
            have_col_privileges = true;
        }
 
        if (have_col_privileges)
        {
            AttrNumber  i;
 
            for (i = 0; i < num_col_privileges; i++)
            {
                if (col_privileges[i] == ACL_NO_RIGHTS)
                    continue;
                ExecGrant_Attribute(istmt,
                                    relOid,
                                    NameStr(pg_class_tuple->relname),
                                    i + FirstLowInvalidHeapAttributeNumber,
                                    ownerId,
                                    col_privileges[i],
                                    attRelation,
                                    old_rel_acl);
            }
        }
 
        pfree(old_rel_acl);
        pfree(col_privileges);
 
        ReleaseSysCache(tuple);
 
        /* prevent error when processing duplicate objects */
        CommandCounterIncrement();
    }
 
    table_close(attRelation, RowExclusiveLock);
    table_close(relation, RowExclusiveLock);
}

References ACL_ALL_RIGHTS_COLUMN, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SEQUENCE, ACL_NO_RIGHTS, ACL_SELECT, aclcopy(), acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), InternalGrant::col_privs, AccessPriv::cols, CommandCounterIncrement(), DatumGetAclPCopy, elog(), ereport, errcode(), errmsg(), ERROR, ExecGrant_Attribute(), expand_all_col_privileges(), expand_col_privileges(), FirstLowInvalidHeapAttributeNumber, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, i, InternalGrant::is_grant, lfirst, lfirst_oid, merge_acl_with_grant(), NameStr, OBJECT_SEQUENCE, OBJECT_TABLE, ObjectIdGetDatum(), InternalGrant::objects, InternalGrant::objtype, palloc0(), pfree(), PointerGetDatum(), AccessPriv::priv_name, privilege_to_string(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), RELOID, restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), string_to_privilege(), SysCacheGetAttr(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), values, and WARNING.

Referenced by ExecGrantStmt_oids().

ExecGrant_Type_check()

static void ExecGrant_Type_check ( InternalGrant *  istmt, HeapTuple  tuple  )

static

Definition at line 2418 of file aclchk.c.

{
    Form_pg_type pg_type_tuple;
 
    pg_type_tuple = (Form_pg_type) GETSTRUCT(tuple);
 
    if (IsTrueArrayType(pg_type_tuple))
        ereport(ERROR,
                (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                 errmsg("cannot set privileges of array types"),
                 errhint("Set the privileges of the element type instead.")));
 
    /* Used GRANT DOMAIN on a non-domain? */
    if (istmt->objtype == OBJECT_DOMAIN &&
        pg_type_tuple->typtype != TYPTYPE_DOMAIN)
        ereport(ERROR,
                (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                 errmsg("\"%s\" is not a domain",
                        NameStr(pg_type_tuple->typname))));
}

References ereport, errcode(), errhint(), errmsg(), ERROR, GETSTRUCT, NameStr, OBJECT_DOMAIN, and InternalGrant::objtype.

Referenced by ExecGrantStmt_oids().

ExecGrantStmt_oids()

static void ExecGrantStmt_oids ( InternalGrant *  istmt )

static

Definition at line 592 of file aclchk.c.

{
    switch (istmt->objtype)
    {
        case OBJECT_TABLE:
        case OBJECT_SEQUENCE:
            ExecGrant_Relation(istmt);
            break;
        case OBJECT_DATABASE:
            ExecGrant_common(istmt, DatabaseRelationId, ACL_ALL_RIGHTS_DATABASE, NULL);
            break;
        case OBJECT_DOMAIN:
        case OBJECT_TYPE:
            ExecGrant_common(istmt, TypeRelationId, ACL_ALL_RIGHTS_TYPE, ExecGrant_Type_check);
            break;
        case OBJECT_FDW:
            ExecGrant_common(istmt, ForeignDataWrapperRelationId, ACL_ALL_RIGHTS_FDW, NULL);
            break;
        case OBJECT_FOREIGN_SERVER:
            ExecGrant_common(istmt, ForeignServerRelationId, ACL_ALL_RIGHTS_FOREIGN_SERVER, NULL);
            break;
        case OBJECT_FUNCTION:
        case OBJECT_PROCEDURE:
        case OBJECT_ROUTINE:
            ExecGrant_common(istmt, ProcedureRelationId, ACL_ALL_RIGHTS_FUNCTION, NULL);
            break;
        case OBJECT_LANGUAGE:
            ExecGrant_common(istmt, LanguageRelationId, ACL_ALL_RIGHTS_LANGUAGE, ExecGrant_Language_check);
            break;
        case OBJECT_LARGEOBJECT:
            ExecGrant_Largeobject(istmt);
            break;
        case OBJECT_SCHEMA:
            ExecGrant_common(istmt, NamespaceRelationId, ACL_ALL_RIGHTS_SCHEMA, NULL);
            break;
        case OBJECT_TABLESPACE:
            ExecGrant_common(istmt, TableSpaceRelationId, ACL_ALL_RIGHTS_TABLESPACE, NULL);
            break;
        case OBJECT_PARAMETER_ACL:
            ExecGrant_Parameter(istmt);
            break;
        default:
            elog(ERROR, "unrecognized GrantStmt.objtype: %d",
                 (int) istmt->objtype);
    }
 
    /*
     * Pass the info to event triggers about the just-executed GRANT.  Note
     * that we prefer to do it after actually executing it, because that gives
     * the functions a chance to adjust the istmt with privileges actually
     * granted.
     */
    if (EventTriggerSupportsObjectType(istmt->objtype))
        EventTriggerCollectGrant(istmt);
}

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, elog(), ERROR, EventTriggerCollectGrant(), EventTriggerSupportsObjectType(), ExecGrant_common(), ExecGrant_Language_check(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), ExecGrant_Type_check(), OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, and InternalGrant::objtype.

Referenced by ExecuteGrantStmt(), and RemoveRoleFromObjectACL().

ExecuteGrantStmt()

void ExecuteGrantStmt

(

GrantStmt *

stmt

)

Definition at line 382 of file aclchk.c.

{
    InternalGrant istmt;
    ListCell   *cell;
    const char *errormsg;
    AclMode     all_privileges;
 
    if (stmt->grantor)
    {
        Oid         grantor;
 
        grantor = get_rolespec_oid(stmt->grantor, false);
 
        /*
         * Currently, this clause is only for SQL compatibility, not very
         * interesting otherwise.
         */
        if (grantor != GetUserId())
            ereport(ERROR,
                    (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
                     errmsg("grantor must be current user")));
    }
 
    /*
     * Turn the regular GrantStmt into the InternalGrant form.
     */
    istmt.is_grant = stmt->is_grant;
    istmt.objtype = stmt->objtype;
 
    /* Collect the OIDs of the target objects */
    switch (stmt->targtype)
    {
        case ACL_TARGET_OBJECT:
            istmt.objects = objectNamesToOids(stmt->objtype, stmt->objects,
                                              stmt->is_grant);
            break;
        case ACL_TARGET_ALL_IN_SCHEMA:
            istmt.objects = objectsInSchemaToOids(stmt->objtype, stmt->objects);
            break;
            /* ACL_TARGET_DEFAULTS should not be seen here */
        default:
            elog(ERROR, "unrecognized GrantStmt.targtype: %d",
                 (int) stmt->targtype);
    }
 
    /* all_privs to be filled below */
    /* privileges to be filled below */
    istmt.col_privs = NIL;      /* may get filled below */
    istmt.grantees = NIL;       /* filled below */
    istmt.grant_option = stmt->grant_option;
    istmt.behavior = stmt->behavior;
 
    /*
     * Convert the RoleSpec list into an Oid list.  Note that at this point we
     * insert an ACL_ID_PUBLIC into the list if appropriate, so downstream
     * there shouldn't be any additional work needed to support this case.
     */
    foreach(cell, stmt->grantees)
    {
        RoleSpec   *grantee = (RoleSpec *) lfirst(cell);
        Oid         grantee_uid;
 
        switch (grantee->roletype)
        {
            case ROLESPEC_PUBLIC:
                grantee_uid = ACL_ID_PUBLIC;
                break;
            default:
                grantee_uid = get_rolespec_oid(grantee, false);
                break;
        }
        istmt.grantees = lappend_oid(istmt.grantees, grantee_uid);
    }
 
    /*
     * Convert stmt->privileges, a list of AccessPriv nodes, into an AclMode
     * bitmask.  Note: objtype can't be OBJECT_COLUMN.
     */
    switch (stmt->objtype)
    {
        case OBJECT_TABLE:
 
            /*
             * Because this might be a sequence, we test both relation and
             * sequence bits, and later do a more limited test when we know
             * the object type.
             */
            all_privileges = ACL_ALL_RIGHTS_RELATION | ACL_ALL_RIGHTS_SEQUENCE;
            errormsg = gettext_noop("invalid privilege type %s for relation");
            break;
        case OBJECT_SEQUENCE:
            all_privileges = ACL_ALL_RIGHTS_SEQUENCE;
            errormsg = gettext_noop("invalid privilege type %s for sequence");
            break;
        case OBJECT_DATABASE:
            all_privileges = ACL_ALL_RIGHTS_DATABASE;
            errormsg = gettext_noop("invalid privilege type %s for database");
            break;
        case OBJECT_DOMAIN:
            all_privileges = ACL_ALL_RIGHTS_TYPE;
            errormsg = gettext_noop("invalid privilege type %s for domain");
            break;
        case OBJECT_FUNCTION:
            all_privileges = ACL_ALL_RIGHTS_FUNCTION;
            errormsg = gettext_noop("invalid privilege type %s for function");
            break;
        case OBJECT_LANGUAGE:
            all_privileges = ACL_ALL_RIGHTS_LANGUAGE;
            errormsg = gettext_noop("invalid privilege type %s for language");
            break;
        case OBJECT_LARGEOBJECT:
            all_privileges = ACL_ALL_RIGHTS_LARGEOBJECT;
            errormsg = gettext_noop("invalid privilege type %s for large object");
            break;
        case OBJECT_SCHEMA:
            all_privileges = ACL_ALL_RIGHTS_SCHEMA;
            errormsg = gettext_noop("invalid privilege type %s for schema");
            break;
        case OBJECT_PROCEDURE:
            all_privileges = ACL_ALL_RIGHTS_FUNCTION;
            errormsg = gettext_noop("invalid privilege type %s for procedure");
            break;
        case OBJECT_ROUTINE:
            all_privileges = ACL_ALL_RIGHTS_FUNCTION;
            errormsg = gettext_noop("invalid privilege type %s for routine");
            break;
        case OBJECT_TABLESPACE:
            all_privileges = ACL_ALL_RIGHTS_TABLESPACE;
            errormsg = gettext_noop("invalid privilege type %s for tablespace");
            break;
        case OBJECT_TYPE:
            all_privileges = ACL_ALL_RIGHTS_TYPE;
            errormsg = gettext_noop("invalid privilege type %s for type");
            break;
        case OBJECT_FDW:
            all_privileges = ACL_ALL_RIGHTS_FDW;
            errormsg = gettext_noop("invalid privilege type %s for foreign-data wrapper");
            break;
        case OBJECT_FOREIGN_SERVER:
            all_privileges = ACL_ALL_RIGHTS_FOREIGN_SERVER;
            errormsg = gettext_noop("invalid privilege type %s for foreign server");
            break;
        case OBJECT_PARAMETER_ACL:
            all_privileges = ACL_ALL_RIGHTS_PARAMETER_ACL;
            errormsg = gettext_noop("invalid privilege type %s for parameter");
            break;
        default:
            elog(ERROR, "unrecognized GrantStmt.objtype: %d",
                 (int) stmt->objtype);
            /* keep compiler quiet */
            all_privileges = ACL_NO_RIGHTS;
            errormsg = NULL;
    }
 
    if (stmt->privileges == NIL)
    {
        istmt.all_privs = true;
 
        /*
         * will be turned into ACL_ALL_RIGHTS_* by the internal routines
         * depending on the object type
         */
        istmt.privileges = ACL_NO_RIGHTS;
    }
    else
    {
        istmt.all_privs = false;
        istmt.privileges = ACL_NO_RIGHTS;
 
        foreach(cell, stmt->privileges)
        {
            AccessPriv *privnode = (AccessPriv *) lfirst(cell);
            AclMode     priv;
 
            /*
             * If it's a column-level specification, we just set it aside in
             * col_privs for the moment; but insist it's for a relation.
             */
            if (privnode->cols)
            {
                if (stmt->objtype != OBJECT_TABLE)
                    ereport(ERROR,
                            (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                             errmsg("column privileges are only valid for relations")));
                istmt.col_privs = lappend(istmt.col_privs, privnode);
                continue;
            }
 
            if (privnode->priv_name == NULL)    /* parser mistake? */
                elog(ERROR, "AccessPriv node must specify privilege or columns");
            priv = string_to_privilege(privnode->priv_name);
 
            if (priv & ~((AclMode) all_privileges))
                ereport(ERROR,
                        (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                         errmsg(errormsg, privilege_to_string(priv))));
 
            istmt.privileges |= priv;
        }
    }
 
    ExecGrantStmt_oids(&istmt);
}

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_LARGEOBJECT, ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, ACL_TARGET_ALL_IN_SCHEMA, ACL_TARGET_OBJECT, InternalGrant::all_privs, InternalGrant::behavior, InternalGrant::col_privs, AccessPriv::cols, elog(), ereport, errcode(), errmsg(), ERROR, ExecGrantStmt_oids(), get_rolespec_oid(), gettext_noop, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, InternalGrant::is_grant, lappend(), lappend_oid(), lfirst, NIL, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, objectNamesToOids(), InternalGrant::objects, objectsInSchemaToOids(), InternalGrant::objtype, AccessPriv::priv_name, privilege_to_string(), InternalGrant::privileges, ROLESPEC_PUBLIC, RoleSpec::roletype, stmt, and string_to_privilege().

Referenced by ProcessUtilitySlow(), and standard_ProcessUtility().

expand_all_col_privileges()

static void expand_all_col_privileges ( Oid  table_oid, Form_pg_class  classForm, AclMode  this_privileges, AclMode *  col_privileges, int  num_col_privileges  )

static

Definition at line 1612 of file aclchk.c.

{
    AttrNumber  curr_att;
 
    Assert(classForm->relnatts - FirstLowInvalidHeapAttributeNumber < num_col_privileges);
    for (curr_att = FirstLowInvalidHeapAttributeNumber + 1;
         curr_att <= classForm->relnatts;
         curr_att++)
    {
        HeapTuple   attTuple;
        bool        isdropped;
 
        if (curr_att == InvalidAttrNumber)
            continue;
 
        /* Views don't have any system columns at all */
        if (classForm->relkind == RELKIND_VIEW && curr_att < 0)
            continue;
 
        attTuple = SearchSysCache2(ATTNUM,
                                   ObjectIdGetDatum(table_oid),
                                   Int16GetDatum(curr_att));
        if (!HeapTupleIsValid(attTuple))
            elog(ERROR, "cache lookup failed for attribute %d of relation %u",
                 curr_att, table_oid);
 
        isdropped = ((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped;
 
        ReleaseSysCache(attTuple);
 
        /* ignore dropped columns */
        if (isdropped)
            continue;
 
        col_privileges[curr_att - FirstLowInvalidHeapAttributeNumber] |= this_privileges;
    }
}

References Assert(), ATTNUM, elog(), ERROR, FirstLowInvalidHeapAttributeNumber, GETSTRUCT, HeapTupleIsValid, Int16GetDatum(), InvalidAttrNumber, ObjectIdGetDatum(), ReleaseSysCache(), and SearchSysCache2().

Referenced by ExecGrant_Relation().

expand_col_privileges()

static void expand_col_privileges ( List *  colnames, Oid  table_oid, AclMode  this_privileges, AclMode *  col_privileges, int  num_col_privileges  )

static

Definition at line 1579 of file aclchk.c.

{
    ListCell   *cell;
 
    foreach(cell, colnames)
    {
        char       *colname = strVal(lfirst(cell));
        AttrNumber  attnum;
 
        attnum = get_attnum(table_oid, colname);
        if (attnum == InvalidAttrNumber)
            ereport(ERROR,
                    (errcode(ERRCODE_UNDEFINED_COLUMN),
                     errmsg("column \"%s\" of relation \"%s\" does not exist",
                            colname, get_rel_name(table_oid))));
        attnum -= FirstLowInvalidHeapAttributeNumber;
        if (attnum <= 0 || attnum >= num_col_privileges)
            elog(ERROR, "column number out of range");  /* safety check */
        col_privileges[attnum] |= this_privileges;
    }
}

References attnum, elog(), ereport, errcode(), errmsg(), ERROR, FirstLowInvalidHeapAttributeNumber, get_attnum(), get_rel_name(), InvalidAttrNumber, lfirst, and strVal.

Referenced by ExecGrant_Relation().

get_default_acl_internal()

static Acl* get_default_acl_internal ( Oid  roleId, Oid  nsp_oid, char  objtype  )

static

Definition at line 4081 of file aclchk.c.

{
    Acl        *result = NULL;
    HeapTuple   tuple;
 
    tuple = SearchSysCache3(DEFACLROLENSPOBJ,
                            ObjectIdGetDatum(roleId),
                            ObjectIdGetDatum(nsp_oid),
                            CharGetDatum(objtype));
 
    if (HeapTupleIsValid(tuple))
    {
        Datum       aclDatum;
        bool        isNull;
 
        aclDatum = SysCacheGetAttr(DEFACLROLENSPOBJ, tuple,
                                   Anum_pg_default_acl_defaclacl,
                                   &isNull);
        if (!isNull)
            result = DatumGetAclPCopy(aclDatum);
        ReleaseSysCache(tuple);
    }
 
    return result;
}

References CharGetDatum(), DatumGetAclPCopy, DEFACLROLENSPOBJ, HeapTupleIsValid, ObjectIdGetDatum(), ReleaseSysCache(), SearchSysCache3(), and SysCacheGetAttr().

Referenced by get_user_default_acl().

get_user_default_acl()

Acl* get_user_default_acl	(	ObjectType	objtype,
		Oid	ownerId,
		Oid	nsp_oid
	)

Definition at line 4116 of file aclchk.c.

{
    Acl        *result;
    Acl        *glob_acl;
    Acl        *schema_acl;
    Acl        *def_acl;
    char        defaclobjtype;
 
    /*
     * Use NULL during bootstrap, since pg_default_acl probably isn't there
     * yet.
     */
    if (IsBootstrapProcessingMode())
        return NULL;
 
    /* Check if object type is supported in pg_default_acl */
    switch (objtype)
    {
        case OBJECT_TABLE:
            defaclobjtype = DEFACLOBJ_RELATION;
            break;
 
        case OBJECT_SEQUENCE:
            defaclobjtype = DEFACLOBJ_SEQUENCE;
            break;
 
        case OBJECT_FUNCTION:
            defaclobjtype = DEFACLOBJ_FUNCTION;
            break;
 
        case OBJECT_TYPE:
            defaclobjtype = DEFACLOBJ_TYPE;
            break;
 
        case OBJECT_SCHEMA:
            defaclobjtype = DEFACLOBJ_NAMESPACE;
            break;
 
        default:
            return NULL;
    }
 
    /* Look up the relevant pg_default_acl entries */
    glob_acl = get_default_acl_internal(ownerId, InvalidOid, defaclobjtype);
    schema_acl = get_default_acl_internal(ownerId, nsp_oid, defaclobjtype);
 
    /* Quick out if neither entry exists */
    if (glob_acl == NULL && schema_acl == NULL)
        return NULL;
 
    /* We need to know the hard-wired default value, too */
    def_acl = acldefault(objtype, ownerId);
 
    /* If there's no global entry, substitute the hard-wired default */
    if (glob_acl == NULL)
        glob_acl = def_acl;
 
    /* Merge in any per-schema privileges */
    result = aclmerge(glob_acl, schema_acl, ownerId);
 
    /*
     * For efficiency, we want to return NULL if the result equals default.
     * This requires sorting both arrays to get an accurate comparison.
     */
    aclitemsort(result);
    aclitemsort(def_acl);
    if (aclequal(result, def_acl))
        result = NULL;
 
    return result;
}

References acldefault(), aclequal(), aclitemsort(), aclmerge(), get_default_acl_internal(), InvalidOid, IsBootstrapProcessingMode, OBJECT_FUNCTION, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, and OBJECT_TYPE.

Referenced by heap_create_with_catalog(), NamespaceCreate(), ProcedureCreate(), and TypeCreate().

getRelationsInNamespace()

static List * getRelationsInNamespace ( Oid  namespaceId, char  relkind  )

static

Definition at line 928 of file aclchk.c.

{
    List       *relations = NIL;
    ScanKeyData key[2];
    Relation    rel;
    TableScanDesc scan;
    HeapTuple   tuple;
 
    ScanKeyInit(&key[0],
                Anum_pg_class_relnamespace,
                BTEqualStrategyNumber, F_OIDEQ,
                ObjectIdGetDatum(namespaceId));
    ScanKeyInit(&key[1],
                Anum_pg_class_relkind,
                BTEqualStrategyNumber, F_CHAREQ,
                CharGetDatum(relkind));
 
    rel = table_open(RelationRelationId, AccessShareLock);
    scan = table_beginscan_catalog(rel, 2, key);
 
    while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
    {
        Oid         oid = ((Form_pg_class) GETSTRUCT(tuple))->oid;
 
        relations = lappend_oid(relations, oid);
    }
 
    table_endscan(scan);
    table_close(rel, AccessShareLock);
 
    return relations;
}

References AccessShareLock, BTEqualStrategyNumber, CharGetDatum(), ForwardScanDirection, GETSTRUCT, heap_getnext(), sort-test::key, lappend_oid(), NIL, ObjectIdGetDatum(), ScanKeyInit(), table_beginscan_catalog(), table_close(), table_endscan(), and table_open().

Referenced by objectsInSchemaToOids().

has_bypassrls_privilege()

bool has_bypassrls_privilege

(

Oid

roleid

)

Definition at line 4057 of file aclchk.c.

{
    bool        result = false;
    HeapTuple   utup;
 
    /* Superusers bypass all permission checking. */
    if (superuser_arg(roleid))
        return true;
 
    utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
    if (HeapTupleIsValid(utup))
    {
        result = ((Form_pg_authid) GETSTRUCT(utup))->rolbypassrls;
        ReleaseSysCache(utup);
    }
    return result;
}

References AUTHOID, GETSTRUCT, HeapTupleIsValid, ObjectIdGetDatum(), ReleaseSysCache(), rolbypassrls, SearchSysCache1(), and superuser_arg().

Referenced by AlterRole(), check_enable_rls(), CreateRole(), and RI_Initial_Check().

has_createrole_privilege()

bool has_createrole_privilege

(

Oid

roleid

)

Definition at line 4038 of file aclchk.c.

{
    bool        result = false;
    HeapTuple   utup;
 
    /* Superusers bypass all permission checking. */
    if (superuser_arg(roleid))
        return true;
 
    utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
    if (HeapTupleIsValid(utup))
    {
        result = ((Form_pg_authid) GETSTRUCT(utup))->rolcreaterole;
        ReleaseSysCache(utup);
    }
    return result;
}

References AUTHOID, GETSTRUCT, HeapTupleIsValid, ObjectIdGetDatum(), ReleaseSysCache(), rolcreaterole, SearchSysCache1(), and superuser_arg().

Referenced by check_object_ownership(), CreateRole(), and have_createrole_privilege().

merge_acl_with_grant()

static Acl* merge_acl_with_grant ( Acl *  old_acl, bool  is_grant, bool  grant_option, DropBehavior  behavior, List *  grantees, AclMode  privileges, Oid  grantorId, Oid  ownerId  )

static

Definition at line 172 of file aclchk.c.

{
    unsigned    modechg;
    ListCell   *j;
    Acl        *new_acl;
 
    modechg = is_grant ? ACL_MODECHG_ADD : ACL_MODECHG_DEL;
 
    new_acl = old_acl;
 
    foreach(j, grantees)
    {
        AclItem     aclitem;
        Acl        *newer_acl;
 
        aclitem.ai_grantee = lfirst_oid(j);
 
        /*
         * Grant options can only be granted to individual roles, not PUBLIC.
         * The reason is that if a user would re-grant a privilege that he
         * held through PUBLIC, and later the user is removed, the situation
         * is impossible to clean up.
         */
        if (is_grant && grant_option && aclitem.ai_grantee == ACL_ID_PUBLIC)
            ereport(ERROR,
                    (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                     errmsg("grant options can only be granted to roles")));
 
        aclitem.ai_grantor = grantorId;
 
        /*
         * The asymmetry in the conditions here comes from the spec.  In
         * GRANT, the grant_option flag signals WITH GRANT OPTION, which means
         * to grant both the basic privilege and its grant option. But in
         * REVOKE, plain revoke revokes both the basic privilege and its grant
         * option, while REVOKE GRANT OPTION revokes only the option.
         */
        ACLITEM_SET_PRIVS_GOPTIONS(aclitem,
                                   (is_grant || !grant_option) ? privileges : ACL_NO_RIGHTS,
                                   (!is_grant || grant_option) ? privileges : ACL_NO_RIGHTS);
 
        newer_acl = aclupdate(new_acl, &aclitem, modechg, ownerId, behavior);
 
        /* avoid memory leak when there are many grantees */
        pfree(new_acl);
        new_acl = newer_acl;
    }
 
    return new_acl;
}

References ACL_ID_PUBLIC, ACL_MODECHG_ADD, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACLITEM_SET_PRIVS_GOPTIONS, aclupdate(), AclItem::ai_grantee, AclItem::ai_grantor, ereport, errcode(), errmsg(), ERROR, j, lfirst_oid, and pfree().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), and SetDefaultACL().

object_aclcheck()

AclResult object_aclcheck	(	Oid	classid,
		Oid	objectid,
		Oid	roleid,
		AclMode	mode
	)

Definition at line 3760 of file aclchk.c.

{
    if (object_aclmask(classid, objectid, roleid, mode, ACLMASK_ANY) != 0)
        return ACLCHECK_OK;
    else
        return ACLCHECK_NO_PRIV;
}

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, and object_aclmask().

Referenced by AggregateCreate(), AlterExtensionNamespace(), AlterForeignServerOwner_internal(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), AlterPublicationOwner_internal(), AlterSchemaOwner_internal(), AlterSubscriptionOwner_internal(), AlterTableMoveAll(), AlterTypeOwner(), ATExecAddColumn(), ATExecChangeOwner(), ATPrepAlterColumnType(), ATPrepSetTableSpace(), BuildDescForRelation(), calculate_database_size(), calculate_tablespace_size(), call_pltcl_start_proc(), check_temp_tablespaces(), CheckFunctionValidatorAccess(), CheckMyDatabase(), compute_return_type(), CreateCast(), CreateConversionCommand(), createdb(), CreateForeignServer(), CreateForeignTable(), CreateFunction(), CreatePublication(), CreateSchemaCommand(), CreateSubscription(), CreateTransform(), CreateTriggerFiringOn(), DefineAggregate(), DefineCollation(), DefineDomain(), DefineEnum(), DefineIndex(), DefineOpClass(), DefineOperator(), DefineOpFamily(), DefineRange(), DefineRelation(), DefineTSConfiguration(), DefineTSDictionary(), DefineType(), ExecBuildGroupingEqual(), ExecBuildParamSetEqual(), ExecInitAgg(), ExecInitExprRec(), ExecInitFunc(), ExecInitWindowAgg(), ExecReindex(), ExecuteCallStmt(), ExecuteDoStmt(), extension_is_trusted(), findRangeCanonicalFunction(), findRangeSubtypeDiffFunction(), get_connect_string(), get_other_operator(), HandleFunctionRequest(), has_database_privilege_id(), has_database_privilege_id_id(), has_database_privilege_id_name(), has_database_privilege_name(), has_database_privilege_name_id(), has_database_privilege_name_name(), has_foreign_data_wrapper_privilege_id(), has_foreign_data_wrapper_privilege_id_id(), has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), has_foreign_data_wrapper_privilege_name_id(), has_foreign_data_wrapper_privilege_name_name(), has_function_privilege_id(), has_function_privilege_id_id(), has_function_privilege_id_name(), has_function_privilege_name(), has_function_privilege_name_id(), has_function_privilege_name_name(), has_language_privilege_id(), has_language_privilege_id_id(), has_language_privilege_id_name(), has_language_privilege_name(), has_language_privilege_name_id(), has_language_privilege_name_name(), has_schema_privilege_id(), has_schema_privilege_id_id(), has_schema_privilege_id_name(), has_schema_privilege_name(), has_schema_privilege_name_id(), has_schema_privilege_name_name(), has_server_privilege_id(), has_server_privilege_id_id(), has_server_privilege_id_name(), has_server_privilege_name(), has_server_privilege_name_id(), has_server_privilege_name_name(), has_tablespace_privilege_id(), has_tablespace_privilege_id_id(), has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), has_tablespace_privilege_name_id(), has_tablespace_privilege_name_name(), has_type_privilege_id(), has_type_privilege_id_id(), has_type_privilege_id_name(), has_type_privilege_name(), has_type_privilege_name_id(), has_type_privilege_name_name(), ImportForeignSchema(), init_sexpr(), initialize_peragg(), InitTempTableNamespace(), inline_function(), inline_set_returning_function(), interpret_function_parameter_list(), lookup_agg_function(), LookupCreationNamespace(), LookupExplicitNamespace(), movedb(), pg_namespace_aclmask(), PrepareTempTablespaces(), RangeVarCallbackForAlterRelation(), RangeVarGetAndCheckCreationNamespace(), recomputeNamespacePath(), ReindexMultipleInternal(), RenameSchema(), transformTableLikeClause(), user_mapping_ddl_aclcheck(), ValidateJoinEstimator(), and ValidateRestrictionEstimator().

object_aclmask()

static AclMode object_aclmask ( Oid  classid, Oid  objectid, Oid  roleid, AclMode  mask, AclMaskHow  how  )

static

Definition at line 3065 of file aclchk.c.

{
    int         cacheid;
    AclMode     result;
    HeapTuple   tuple;
    Datum       aclDatum;
    bool        isNull;
    Acl        *acl;
    Oid         ownerId;
 
    /* Special cases */
    switch (classid)
    {
        case NamespaceRelationId:
            return pg_namespace_aclmask(objectid, roleid, mask, how);
        case TypeRelationId:
            return pg_type_aclmask(objectid, roleid, mask, how);
    }
 
    /* Even more special cases */
    Assert(classid != RelationRelationId);  /* should use pg_class_acl* */
    Assert(classid != LargeObjectMetadataRelationId);   /* should use
                                                         * pg_largeobject_acl* */
 
    /* Superusers bypass all permission checking. */
    if (superuser_arg(roleid))
        return mask;
 
    /*
     * Get the objects's ACL from its catalog
     */
 
    cacheid = get_object_catcache_oid(classid);
 
    tuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objectid));
    if (!HeapTupleIsValid(tuple))
        ereport(ERROR,
                (errcode(ERRCODE_UNDEFINED_DATABASE),
                 errmsg("%s with OID %u does not exist", get_object_class_descr(classid), objectid)));
 
    ownerId = DatumGetObjectId(SysCacheGetAttrNotNull(cacheid,
                                                      tuple,
                                                      get_object_attnum_owner(classid)));
 
    aclDatum = SysCacheGetAttr(cacheid, tuple, get_object_attnum_acl(classid),
                               &isNull);
    if (isNull)
    {
        /* No ACL, so build default ACL */
        acl = acldefault(get_object_type(classid, objectid), ownerId);
        aclDatum = (Datum) 0;
    }
    else
    {
        /* detoast ACL if necessary */
        acl = DatumGetAclP(aclDatum);
    }
 
    result = aclmask(acl, roleid, ownerId, mask, how);
 
    /* if we have a detoasted copy, free it */
    if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
        pfree(acl);
 
    ReleaseSysCache(tuple);
 
    return result;
}

References acldefault(), aclmask(), Assert(), DatumGetAclP, DatumGetObjectId(), DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, get_object_attnum_acl(), get_object_attnum_owner(), get_object_catcache_oid(), get_object_class_descr(), get_object_type(), HeapTupleIsValid, ObjectIdGetDatum(), pfree(), pg_namespace_aclmask(), pg_type_aclmask(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), SysCacheGetAttr(), and SysCacheGetAttrNotNull().

Referenced by object_aclcheck(), and pg_aclmask().

object_ownercheck()

bool object_ownercheck	(	Oid	classid,
		Oid	objectid,
		Oid	roleid
	)

Definition at line 3961 of file aclchk.c.

{
    int         cacheid;
    Oid         ownerId;
 
    /* Superusers bypass all permission checking. */
    if (superuser_arg(roleid))
        return true;
 
    cacheid = get_object_catcache_oid(classid);
    if (cacheid != -1)
    {
        HeapTuple   tuple;
 
        tuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objectid));
        if (!HeapTupleIsValid(tuple))
            ereport(ERROR,
                    (errcode(ERRCODE_UNDEFINED_OBJECT),
                     errmsg("%s with OID %u does not exist", get_object_class_descr(classid), objectid)));
 
        ownerId = DatumGetObjectId(SysCacheGetAttrNotNull(cacheid,
                                                          tuple,
                                                          get_object_attnum_owner(classid)));
        ReleaseSysCache(tuple);
    }
    else
    {
        /* for catalogs without an appropriate syscache */
 
        Relation    rel;
        ScanKeyData entry[1];
        SysScanDesc scan;
        HeapTuple   tuple;
        bool        isnull;
 
        rel = table_open(classid, AccessShareLock);
 
        ScanKeyInit(&entry[0],
                    get_object_attnum_oid(classid),
                    BTEqualStrategyNumber, F_OIDEQ,
                    ObjectIdGetDatum(objectid));
 
        scan = systable_beginscan(rel,
                                  get_object_oid_index(classid), true,
                                  NULL, 1, entry);
 
        tuple = systable_getnext(scan);
        if (!HeapTupleIsValid(tuple))
            ereport(ERROR,
                    (errcode(ERRCODE_UNDEFINED_OBJECT),
                     errmsg("%s with OID %u does not exist", get_object_class_descr(classid), objectid)));
 
        ownerId = DatumGetObjectId(heap_getattr(tuple,
                                                get_object_attnum_owner(classid),
                                                RelationGetDescr(rel),
                                                &isnull));
        Assert(!isnull);
 
        systable_endscan(scan);
        table_close(rel, AccessShareLock);
    }
 
    return has_privs_of_role(roleid, ownerId);
}

References AccessShareLock, Assert(), BTEqualStrategyNumber, DatumGetObjectId(), ereport, errcode(), errmsg(), ERROR, get_object_attnum_oid(), get_object_attnum_owner(), get_object_catcache_oid(), get_object_class_descr(), get_object_oid_index(), has_privs_of_role(), heap_getattr(), HeapTupleIsValid, ObjectIdGetDatum(), RelationGetDescr, ReleaseSysCache(), ScanKeyInit(), SearchSysCache1(), superuser_arg(), SysCacheGetAttrNotNull(), systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by AlterCollation(), AlterDatabase(), AlterDatabaseOwner(), AlterDatabaseRefreshColl(), AlterDatabaseSet(), AlterEventTrigger(), AlterEventTriggerOwner_internal(), AlterExtensionNamespace(), AlterForeignServer(), AlterForeignServerOwner_internal(), AlterFunction(), AlterOperator(), AlterOpFamilyAdd(), AlterPublication(), AlterPublicationOwner_internal(), AlterRoleSet(), AlterSchemaOwner_internal(), AlterStatistics(), AlterSubscription(), AlterSubscriptionOwner_internal(), AlterTableMoveAll(), AlterTableSpaceOptions(), AlterTSConfiguration(), AlterTSDictionary(), AlterType(), AlterTypeNamespace_oid(), AlterTypeOwner(), ATExecChangeOwner(), ATSimplePermissions(), be_lo_unlink(), brin_desummarize_range(), brin_summarize_range(), check_enable_rls(), check_object_ownership(), checkDomainOwner(), checkEnumOwner(), cluster_rel(), CreateCast(), createdb(), CreateProceduralLanguage(), CreateStatistics(), CreateTransform(), DefineOpClass(), DefineQueryRewrite(), DefineType(), dropdb(), DropSubscription(), DropTableSpace(), EnableDisableRule(), ExecAlterExtensionContentsStmt(), ExecAlterExtensionStmt(), ExecuteTruncateGuts(), get_tables_to_cluster(), get_tables_to_cluster_partitioned(), gin_clean_pending_list(), heap_force_common(), MergeAttributes(), movedb(), OperatorCreate(), ProcedureCreate(), PublicationAddTables(), RangeVarCallbackForAlterRelation(), RangeVarCallbackForDropRelation(), RangeVarCallbackForPolicy(), RangeVarCallbackForReindexIndex(), RangeVarCallbackForRenameRule(), RangeVarCallbackForRenameTrigger(), RangeVarCallbackOwnsRelation(), RangeVarCallbackOwnsTable(), RangeVarGetAndCheckCreationNamespace(), ReindexMultipleTables(), RemoveObjects(), renameatt_check(), RenameDatabase(), RenameSchema(), RenameTableSpace(), RenameType(), RI_Initial_Check(), user_mapping_ddl_aclcheck(), and vacuum_is_relation_owner().

objectNamesToOids()

static List * objectNamesToOids ( ObjectType  objtype, List *  objnames, bool  is_grant  )

static

Definition at line 659 of file aclchk.c.

{
    List       *objects = NIL;
    ListCell   *cell;
 
    Assert(objnames != NIL);
 
    switch (objtype)
    {
        case OBJECT_TABLE:
        case OBJECT_SEQUENCE:
            foreach(cell, objnames)
            {
                RangeVar   *relvar = (RangeVar *) lfirst(cell);
                Oid         relOid;
 
                relOid = RangeVarGetRelid(relvar, NoLock, false);
                objects = lappend_oid(objects, relOid);
            }
            break;
        case OBJECT_DATABASE:
            foreach(cell, objnames)
            {
                char       *dbname = strVal(lfirst(cell));
                Oid         dbid;
 
                dbid = get_database_oid(dbname, false);
                objects = lappend_oid(objects, dbid);
            }
            break;
        case OBJECT_DOMAIN:
        case OBJECT_TYPE:
            foreach(cell, objnames)
            {
                List       *typname = (List *) lfirst(cell);
                Oid         oid;
 
                oid = typenameTypeId(NULL, makeTypeNameFromNameList(typname));
                objects = lappend_oid(objects, oid);
            }
            break;
        case OBJECT_FUNCTION:
            foreach(cell, objnames)
            {
                ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
                Oid         funcid;
 
                funcid = LookupFuncWithArgs(OBJECT_FUNCTION, func, false);
                objects = lappend_oid(objects, funcid);
            }
            break;
        case OBJECT_LANGUAGE:
            foreach(cell, objnames)
            {
                char       *langname = strVal(lfirst(cell));
                Oid         oid;
 
                oid = get_language_oid(langname, false);
                objects = lappend_oid(objects, oid);
            }
            break;
        case OBJECT_LARGEOBJECT:
            foreach(cell, objnames)
            {
                Oid         lobjOid = oidparse(lfirst(cell));
 
                if (!LargeObjectExists(lobjOid))
                    ereport(ERROR,
                            (errcode(ERRCODE_UNDEFINED_OBJECT),
                             errmsg("large object %u does not exist",
                                    lobjOid)));
 
                objects = lappend_oid(objects, lobjOid);
            }
            break;
        case OBJECT_SCHEMA:
            foreach(cell, objnames)
            {
                char       *nspname = strVal(lfirst(cell));
                Oid         oid;
 
                oid = get_namespace_oid(nspname, false);
                objects = lappend_oid(objects, oid);
            }
            break;
        case OBJECT_PROCEDURE:
            foreach(cell, objnames)
            {
                ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
                Oid         procid;
 
                procid = LookupFuncWithArgs(OBJECT_PROCEDURE, func, false);
                objects = lappend_oid(objects, procid);
            }
            break;
        case OBJECT_ROUTINE:
            foreach(cell, objnames)
            {
                ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
                Oid         routid;
 
                routid = LookupFuncWithArgs(OBJECT_ROUTINE, func, false);
                objects = lappend_oid(objects, routid);
            }
            break;
        case OBJECT_TABLESPACE:
            foreach(cell, objnames)
            {
                char       *spcname = strVal(lfirst(cell));
                Oid         spcoid;
 
                spcoid = get_tablespace_oid(spcname, false);
                objects = lappend_oid(objects, spcoid);
            }
            break;
        case OBJECT_FDW:
            foreach(cell, objnames)
            {
                char       *fdwname = strVal(lfirst(cell));
                Oid         fdwid = get_foreign_data_wrapper_oid(fdwname, false);
 
                objects = lappend_oid(objects, fdwid);
            }
            break;
        case OBJECT_FOREIGN_SERVER:
            foreach(cell, objnames)
            {
                char       *srvname = strVal(lfirst(cell));
                Oid         srvid = get_foreign_server_oid(srvname, false);
 
                objects = lappend_oid(objects, srvid);
            }
            break;
        case OBJECT_PARAMETER_ACL:
            foreach(cell, objnames)
            {
                /*
                 * In this code we represent a GUC by the OID of its entry in
                 * pg_parameter_acl, which we have to manufacture here if it
                 * doesn't exist yet.  (That's a hack for sure, but it avoids
                 * messing with all the GRANT/REVOKE infrastructure that
                 * expects to use OIDs for object identities.)  However, if
                 * this is a REVOKE, we can instead just ignore any GUCs that
                 * don't have such an entry, as they must not have any
                 * privileges needing removal.
                 */
                char       *parameter = strVal(lfirst(cell));
                Oid         parameterId = ParameterAclLookup(parameter, true);
 
                if (!OidIsValid(parameterId) && is_grant)
                {
                    parameterId = ParameterAclCreate(parameter);
 
                    /*
                     * Prevent error when processing duplicate objects, and
                     * make this new entry visible so that ExecGrant_Parameter
                     * can update it.
                     */
                    CommandCounterIncrement();
                }
                if (OidIsValid(parameterId))
                    objects = lappend_oid(objects, parameterId);
            }
            break;
        default:
            elog(ERROR, "unrecognized GrantStmt.objtype: %d",
                 (int) objtype);
    }
 
    return objects;
}

References Assert(), CommandCounterIncrement(), dbname, elog(), ereport, errcode(), errmsg(), ERROR, get_database_oid(), get_foreign_data_wrapper_oid(), get_foreign_server_oid(), get_language_oid(), get_namespace_oid(), get_tablespace_oid(), lappend_oid(), LargeObjectExists(), lfirst, LookupFuncWithArgs(), makeTypeNameFromNameList(), NIL, NoLock, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, OidIsValid, oidparse(), ParameterAclCreate(), ParameterAclLookup(), RangeVarGetRelid, strVal, typenameTypeId(), and typname.

Referenced by ExecuteGrantStmt().

objectsInSchemaToOids()

static List * objectsInSchemaToOids ( ObjectType  objtype, List *  nspnames  )

static

Definition at line 839 of file aclchk.c.

{
    List       *objects = NIL;
    ListCell   *cell;
 
    foreach(cell, nspnames)
    {
        char       *nspname = strVal(lfirst(cell));
        Oid         namespaceId;
        List       *objs;
 
        namespaceId = LookupExplicitNamespace(nspname, false);
 
        switch (objtype)
        {
            case OBJECT_TABLE:
                objs = getRelationsInNamespace(namespaceId, RELKIND_RELATION);
                objects = list_concat(objects, objs);
                objs = getRelationsInNamespace(namespaceId, RELKIND_VIEW);
                objects = list_concat(objects, objs);
                objs = getRelationsInNamespace(namespaceId, RELKIND_MATVIEW);
                objects = list_concat(objects, objs);
                objs = getRelationsInNamespace(namespaceId, RELKIND_FOREIGN_TABLE);
                objects = list_concat(objects, objs);
                objs = getRelationsInNamespace(namespaceId, RELKIND_PARTITIONED_TABLE);
                objects = list_concat(objects, objs);
                break;
            case OBJECT_SEQUENCE:
                objs = getRelationsInNamespace(namespaceId, RELKIND_SEQUENCE);
                objects = list_concat(objects, objs);
                break;
            case OBJECT_FUNCTION:
            case OBJECT_PROCEDURE:
            case OBJECT_ROUTINE:
                {
                    ScanKeyData key[2];
                    int         keycount;
                    Relation    rel;
                    TableScanDesc scan;
                    HeapTuple   tuple;
 
                    keycount = 0;
                    ScanKeyInit(&key[keycount++],
                                Anum_pg_proc_pronamespace,
                                BTEqualStrategyNumber, F_OIDEQ,
                                ObjectIdGetDatum(namespaceId));
 
                    if (objtype == OBJECT_FUNCTION)
                        /* includes aggregates and window functions */
                        ScanKeyInit(&key[keycount++],
                                    Anum_pg_proc_prokind,
                                    BTEqualStrategyNumber, F_CHARNE,
                                    CharGetDatum(PROKIND_PROCEDURE));
                    else if (objtype == OBJECT_PROCEDURE)
                        ScanKeyInit(&key[keycount++],
                                    Anum_pg_proc_prokind,
                                    BTEqualStrategyNumber, F_CHAREQ,
                                    CharGetDatum(PROKIND_PROCEDURE));
 
                    rel = table_open(ProcedureRelationId, AccessShareLock);
                    scan = table_beginscan_catalog(rel, keycount, key);
 
                    while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
                    {
                        Oid         oid = ((Form_pg_proc) GETSTRUCT(tuple))->oid;
 
                        objects = lappend_oid(objects, oid);
                    }
 
                    table_endscan(scan);
                    table_close(rel, AccessShareLock);
                }
                break;
            default:
                /* should not happen */
                elog(ERROR, "unrecognized GrantStmt.objtype: %d",
                     (int) objtype);
        }
    }
 
    return objects;
}

References AccessShareLock, BTEqualStrategyNumber, CharGetDatum(), elog(), ERROR, ForwardScanDirection, getRelationsInNamespace(), GETSTRUCT, heap_getnext(), sort-test::key, lappend_oid(), lfirst, list_concat(), LookupExplicitNamespace(), NIL, OBJECT_FUNCTION, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SEQUENCE, OBJECT_TABLE, ObjectIdGetDatum(), ScanKeyInit(), strVal, table_beginscan_catalog(), table_close(), table_endscan(), and table_open().

Referenced by ExecuteGrantStmt().

pg_aclmask()

static AclMode pg_aclmask ( ObjectType  objtype, Oid  object_oid, AttrNumber  attnum, Oid  roleid, AclMode  mask, AclMaskHow  how  )

static

Definition at line 3000 of file aclchk.c.

{
    switch (objtype)
    {
        case OBJECT_COLUMN:
            return
                pg_class_aclmask(object_oid, roleid, mask, how) |
                pg_attribute_aclmask(object_oid, attnum, roleid, mask, how);
        case OBJECT_TABLE:
        case OBJECT_SEQUENCE:
            return pg_class_aclmask(object_oid, roleid, mask, how);
        case OBJECT_DATABASE:
            return object_aclmask(DatabaseRelationId, object_oid, roleid, mask, how);
        case OBJECT_FUNCTION:
            return object_aclmask(ProcedureRelationId, object_oid, roleid, mask, how);
        case OBJECT_LANGUAGE:
            return object_aclmask(LanguageRelationId, object_oid, roleid, mask, how);
        case OBJECT_LARGEOBJECT:
            return pg_largeobject_aclmask_snapshot(object_oid, roleid,
                                                   mask, how, NULL);
        case OBJECT_PARAMETER_ACL:
            return pg_parameter_acl_aclmask(object_oid, roleid, mask, how);
        case OBJECT_SCHEMA:
            return object_aclmask(NamespaceRelationId, object_oid, roleid, mask, how);
        case OBJECT_STATISTIC_EXT:
            elog(ERROR, "grantable rights not supported for statistics objects");
            /* not reached, but keep compiler quiet */
            return ACL_NO_RIGHTS;
        case OBJECT_TABLESPACE:
            return object_aclmask(TableSpaceRelationId, object_oid, roleid, mask, how);
        case OBJECT_FDW:
            return object_aclmask(ForeignDataWrapperRelationId, object_oid, roleid, mask, how);
        case OBJECT_FOREIGN_SERVER:
            return object_aclmask(ForeignServerRelationId, object_oid, roleid, mask, how);
        case OBJECT_EVENT_TRIGGER:
            elog(ERROR, "grantable rights not supported for event triggers");
            /* not reached, but keep compiler quiet */
            return ACL_NO_RIGHTS;
        case OBJECT_TYPE:
            return object_aclmask(TypeRelationId, object_oid, roleid, mask, how);
        default:
            elog(ERROR, "unrecognized object type: %d",
                 (int) objtype);
            /* not reached, but keep compiler quiet */
            return ACL_NO_RIGHTS;
    }
}

References ACL_NO_RIGHTS, attnum, elog(), ERROR, object_aclmask(), OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_EVENT_TRIGGER, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_STATISTIC_EXT, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, pg_attribute_aclmask(), pg_class_aclmask(), pg_largeobject_aclmask_snapshot(), and pg_parameter_acl_aclmask().

Referenced by restrict_and_check_grant().

pg_attribute_aclcheck()

AclResult pg_attribute_aclcheck	(	Oid	table_oid,
		AttrNumber	attnum,
		Oid	roleid,
		AclMode	mode
	)

Definition at line 3779 of file aclchk.c.

{
    return pg_attribute_aclcheck_ext(table_oid, attnum, roleid, mode, NULL);
}

References attnum, mode, and pg_attribute_aclcheck_ext().

Referenced by BuildIndexValueDescription(), checkFkeyPermissions(), examine_simple_variable(), ExecBuildSlotPartitionKeyDescription(), ExecBuildSlotValueDescription(), ExecCheckOneRelPerms(), ExecCheckPermissionsModified(), ri_ReportViolation(), and statext_is_compatible_clause().

pg_attribute_aclcheck_all()

AclResult pg_attribute_aclcheck_all	(	Oid	table_oid,
		Oid	roleid,
		AclMode	mode,
		AclMaskHow	how
	)

Definition at line 3823 of file aclchk.c.

{
    AclResult   result;
    HeapTuple   classTuple;
    Form_pg_class classForm;
    AttrNumber  nattrs;
    AttrNumber  curr_att;
 
    /*
     * Must fetch pg_class row to check number of attributes.  As in
     * pg_attribute_aclmask, we prefer to return "no privileges" instead of
     * throwing an error if we get any unexpected lookup errors.
     */
    classTuple = SearchSysCache1(RELOID, ObjectIdGetDatum(table_oid));
    if (!HeapTupleIsValid(classTuple))
        return ACLCHECK_NO_PRIV;
    classForm = (Form_pg_class) GETSTRUCT(classTuple);
 
    nattrs = classForm->relnatts;
 
    ReleaseSysCache(classTuple);
 
    /*
     * Initialize result in case there are no non-dropped columns.  We want to
     * report failure in such cases for either value of 'how'.
     */
    result = ACLCHECK_NO_PRIV;
 
    for (curr_att = 1; curr_att <= nattrs; curr_att++)
    {
        HeapTuple   attTuple;
        AclMode     attmask;
 
        attTuple = SearchSysCache2(ATTNUM,
                                   ObjectIdGetDatum(table_oid),
                                   Int16GetDatum(curr_att));
        if (!HeapTupleIsValid(attTuple))
            continue;
 
        /* ignore dropped columns */
        if (((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped)
        {
            ReleaseSysCache(attTuple);
            continue;
        }
 
        /*
         * Here we hard-wire knowledge that the default ACL for a column
         * grants no privileges, so that we can fall out quickly in the very
         * common case where attacl is null.
         */
        if (heap_attisnull(attTuple, Anum_pg_attribute_attacl, NULL))
            attmask = 0;
        else
            attmask = pg_attribute_aclmask(table_oid, curr_att, roleid,
                                           mode, ACLMASK_ANY);
 
        ReleaseSysCache(attTuple);
 
        if (attmask != 0)
        {
            result = ACLCHECK_OK;
            if (how == ACLMASK_ANY)
                break;          /* succeed on any success */
        }
        else
        {
            result = ACLCHECK_NO_PRIV;
            if (how == ACLMASK_ALL)
                break;          /* fail on any failure */
        }
    }
 
    return result;
}

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ALL, ACLMASK_ANY, ATTNUM, GETSTRUCT, heap_attisnull(), HeapTupleIsValid, Int16GetDatum(), mode, ObjectIdGetDatum(), pg_attribute_aclmask(), ReleaseSysCache(), RELOID, SearchSysCache1(), and SearchSysCache2().

Referenced by ExecCheckOneRelPerms(), ExecCheckPermissionsModified(), has_any_column_privilege_id(), has_any_column_privilege_id_id(), has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_id(), has_any_column_privilege_name_name(), and statext_is_compatible_clause().

pg_attribute_aclcheck_ext()

AclResult pg_attribute_aclcheck_ext	(	Oid	table_oid,
		AttrNumber	attnum,
		Oid	roleid,
		AclMode	mode,
		bool *	is_missing
	)

Definition at line 3793 of file aclchk.c.

{
    if (pg_attribute_aclmask_ext(table_oid, attnum, roleid, mode,
                                 ACLMASK_ANY, is_missing) != 0)
        return ACLCHECK_OK;
    else
        return ACLCHECK_NO_PRIV;
}

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, attnum, mode, and pg_attribute_aclmask_ext().

Referenced by column_privilege_check(), and pg_attribute_aclcheck().

pg_attribute_aclmask()

static AclMode pg_attribute_aclmask ( Oid  table_oid, AttrNumber  attnum, Oid  roleid, AclMode  mask, AclMaskHow  how  )

static

Definition at line 3144 of file aclchk.c.

{
    return pg_attribute_aclmask_ext(table_oid, attnum, roleid,
                                    mask, how, NULL);
}

References attnum, and pg_attribute_aclmask_ext().

Referenced by pg_aclmask(), and pg_attribute_aclcheck_all().

pg_attribute_aclmask_ext()

static AclMode pg_attribute_aclmask_ext ( Oid  table_oid, AttrNumber  attnum, Oid  roleid, AclMode  mask, AclMaskHow  how, bool *  is_missing  )

static

Definition at line 3158 of file aclchk.c.

{
    AclMode     result;
    HeapTuple   classTuple;
    HeapTuple   attTuple;
    Form_pg_class classForm;
    Form_pg_attribute attributeForm;
    Datum       aclDatum;
    bool        isNull;
    Acl        *acl;
    Oid         ownerId;
 
    /*
     * First, get the column's ACL from its pg_attribute entry
     */
    attTuple = SearchSysCache2(ATTNUM,
                               ObjectIdGetDatum(table_oid),
                               Int16GetDatum(attnum));
    if (!HeapTupleIsValid(attTuple))
    {
        if (is_missing != NULL)
        {
            /* return "no privileges" instead of throwing an error */
            *is_missing = true;
            return 0;
        }
        else
            ereport(ERROR,
                    (errcode(ERRCODE_UNDEFINED_COLUMN),
                     errmsg("attribute %d of relation with OID %u does not exist",
                            attnum, table_oid)));
    }
 
    attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
 
    /* Check dropped columns, too */
    if (attributeForm->attisdropped)
    {
        if (is_missing != NULL)
        {
            /* return "no privileges" instead of throwing an error */
            *is_missing = true;
            ReleaseSysCache(attTuple);
            return 0;
        }
        else
            ereport(ERROR,
                    (errcode(ERRCODE_UNDEFINED_COLUMN),
                     errmsg("attribute %d of relation with OID %u does not exist",
                            attnum, table_oid)));
    }
 
    aclDatum = SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
                               &isNull);
 
    /*
     * Here we hard-wire knowledge that the default ACL for a column grants no
     * privileges, so that we can fall out quickly in the very common case
     * where attacl is null.
     */
    if (isNull)
    {
        ReleaseSysCache(attTuple);
        return 0;
    }
 
    /*
     * Must get the relation's ownerId from pg_class.  Since we already found
     * a pg_attribute entry, the only likely reason for this to fail is that a
     * concurrent DROP of the relation committed since then (which could only
     * happen if we don't have lock on the relation).  We prefer to report "no
     * privileges" rather than failing in such a case, so as to avoid unwanted
     * failures in has_column_privilege() tests.
     */
    classTuple = SearchSysCache1(RELOID, ObjectIdGetDatum(table_oid));
    if (!HeapTupleIsValid(classTuple))
    {
        ReleaseSysCache(attTuple);
        return 0;
    }
    classForm = (Form_pg_class) GETSTRUCT(classTuple);
 
    ownerId = classForm->relowner;
 
    ReleaseSysCache(classTuple);
 
    /* detoast column's ACL if necessary */
    acl = DatumGetAclP(aclDatum);
 
    result = aclmask(acl, roleid, ownerId, mask, how);
 
    /* if we have a detoasted copy, free it */
    if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
        pfree(acl);
 
    ReleaseSysCache(attTuple);
 
    return result;
}

References aclmask(), attnum, ATTNUM, DatumGetAclP, DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, GETSTRUCT, HeapTupleIsValid, Int16GetDatum(), ObjectIdGetDatum(), pfree(), ReleaseSysCache(), RELOID, SearchSysCache1(), SearchSysCache2(), and SysCacheGetAttr().

Referenced by pg_attribute_aclcheck_ext(), and pg_attribute_aclmask().

pg_class_aclcheck()

AclResult pg_class_aclcheck	(	Oid	table_oid,
		Oid	roleid,
		AclMode	mode
	)

Definition at line 3908 of file aclchk.c.

{
    return pg_class_aclcheck_ext(table_oid, roleid, mode, NULL);
}

References mode, and pg_class_aclcheck_ext().

Referenced by BuildIndexValueDescription(), checkFkeyPermissions(), CreateTriggerFiringOn(), currtid_internal(), currval_oid(), do_setval(), examine_simple_variable(), examine_variable(), ExecBuildSlotPartitionKeyDescription(), ExecBuildSlotValueDescription(), get_rel_from_relname(), has_any_column_privilege_id(), has_any_column_privilege_id_id(), has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_id(), has_any_column_privilege_name_name(), has_sequence_privilege_id(), has_sequence_privilege_id_id(), has_sequence_privilege_id_name(), has_sequence_privilege_name(), has_sequence_privilege_name_id(), has_sequence_privilege_name_name(), has_table_privilege_id(), has_table_privilege_id_id(), has_table_privilege_id_name(), has_table_privilege_name(), has_table_privilege_name_id(), has_table_privilege_name_name(), lastval(), LockTableAclCheck(), LogicalRepSyncTableStart(), nextval_internal(), pg_prewarm(), pg_sequence_last_value(), pg_sequence_parameters(), pgrowlocks(), ri_ReportViolation(), statext_is_compatible_clause(), TargetPrivilegesCheck(), transformTableLikeClause(), and truncate_check_perms().

pg_class_aclcheck_ext()

AclResult pg_class_aclcheck_ext	(	Oid	table_oid,
		Oid	roleid,
		AclMode	mode,
		bool *	is_missing
	)

Definition at line 3920 of file aclchk.c.

{
    if (pg_class_aclmask_ext(table_oid, roleid, mode,
                             ACLMASK_ANY, is_missing) != 0)
        return ACLCHECK_OK;
    else
        return ACLCHECK_NO_PRIV;
}

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, and pg_class_aclmask_ext().

Referenced by column_privilege_check(), and pg_class_aclcheck().

pg_class_aclmask()

AclMode pg_class_aclmask	(	Oid	table_oid,
		Oid	roleid,
		AclMode	mask,
		AclMaskHow	how
	)

Definition at line 3263 of file aclchk.c.

{
    return pg_class_aclmask_ext(table_oid, roleid, mask, how, NULL);
}

References pg_class_aclmask_ext().

Referenced by ExecCheckOneRelPerms(), and pg_aclmask().

pg_class_aclmask_ext()

static AclMode pg_class_aclmask_ext ( Oid  table_oid, Oid  roleid, AclMode  mask, AclMaskHow  how, bool *  is_missing  )

static

Definition at line 3276 of file aclchk.c.

{
    AclMode     result;
    HeapTuple   tuple;
    Form_pg_class classForm;
    Datum       aclDatum;
    bool        isNull;
    Acl        *acl;
    Oid         ownerId;
 
    /*
     * Must get the relation's tuple from pg_class
     */
    tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(table_oid));
    if (!HeapTupleIsValid(tuple))
    {
        if (is_missing != NULL)
        {
            /* return "no privileges" instead of throwing an error */
            *is_missing = true;
            return 0;
        }
        else
            ereport(ERROR,
                    (errcode(ERRCODE_UNDEFINED_TABLE),
                     errmsg("relation with OID %u does not exist",
                            table_oid)));
    }
 
    classForm = (Form_pg_class) GETSTRUCT(tuple);
 
    /*
     * Deny anyone permission to update a system catalog unless
     * pg_authid.rolsuper is set.
     *
     * As of 7.4 we have some updatable system views; those shouldn't be
     * protected in this way.  Assume the view rules can take care of
     * themselves.  ACL_USAGE is if we ever have system sequences.
     */
    if ((mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE | ACL_USAGE)) &&
        IsSystemClass(table_oid, classForm) &&
        classForm->relkind != RELKIND_VIEW &&
        !superuser_arg(roleid))
        mask &= ~(ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE | ACL_USAGE);
 
    /*
     * Otherwise, superusers bypass all permission-checking.
     */
    if (superuser_arg(roleid))
    {
        ReleaseSysCache(tuple);
        return mask;
    }
 
    /*
     * Normal case: get the relation's ACL from pg_class
     */
    ownerId = classForm->relowner;
 
    aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
                               &isNull);
    if (isNull)
    {
        /* No ACL, so build default ACL */
        switch (classForm->relkind)
        {
            case RELKIND_SEQUENCE:
                acl = acldefault(OBJECT_SEQUENCE, ownerId);
                break;
            default:
                acl = acldefault(OBJECT_TABLE, ownerId);
                break;
        }
        aclDatum = (Datum) 0;
    }
    else
    {
        /* detoast rel's ACL if necessary */
        acl = DatumGetAclP(aclDatum);
    }
 
    result = aclmask(acl, roleid, ownerId, mask, how);
 
    /* if we have a detoasted copy, free it */
    if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
        pfree(acl);
 
    ReleaseSysCache(tuple);
 
    /*
     * Check if ACL_SELECT is being checked and, if so, and not set already as
     * part of the result, then check if the user is a member of the
     * pg_read_all_data role, which allows read access to all relations.
     */
    if (mask & ACL_SELECT && !(result & ACL_SELECT) &&
        has_privs_of_role(roleid, ROLE_PG_READ_ALL_DATA))
        result |= ACL_SELECT;
 
    /*
     * Check if ACL_INSERT, ACL_UPDATE, or ACL_DELETE is being checked and, if
     * so, and not set already as part of the result, then check if the user
     * is a member of the pg_write_all_data role, which allows
     * INSERT/UPDATE/DELETE access to all relations (except system catalogs,
     * which requires superuser, see above).
     */
    if (mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE) &&
        !(result & (ACL_INSERT | ACL_UPDATE | ACL_DELETE)) &&
        has_privs_of_role(roleid, ROLE_PG_WRITE_ALL_DATA))
        result |= (mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE));
 
    return result;
}

References ACL_DELETE, ACL_INSERT, ACL_SELECT, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, acldefault(), aclmask(), DatumGetAclP, DatumGetPointer(), ereport, errcode(), ERRCODE_UNDEFINED_TABLE, errmsg(), ERROR, GETSTRUCT, has_privs_of_role(), HeapTupleIsValid, IsSystemClass(), OBJECT_SEQUENCE, OBJECT_TABLE, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), RELOID, SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by pg_class_aclcheck_ext(), and pg_class_aclmask().

pg_largeobject_aclcheck_snapshot()

AclResult pg_largeobject_aclcheck_snapshot	(	Oid	lobj_oid,
		Oid	roleid,
		AclMode	mode,
		Snapshot	snapshot
	)

Definition at line 3947 of file aclchk.c.

{
    if (pg_largeobject_aclmask_snapshot(lobj_oid, roleid, mode,
                                        ACLMASK_ANY, snapshot) != 0)
        return ACLCHECK_OK;
    else
        return ACLCHECK_NO_PRIV;
}

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, and pg_largeobject_aclmask_snapshot().

Referenced by be_lo_put(), and inv_open().

pg_largeobject_aclmask_snapshot()

static AclMode pg_largeobject_aclmask_snapshot ( Oid  lobj_oid, Oid  roleid, AclMode  mask, AclMaskHow  how, Snapshot  snapshot  )

static

Definition at line 3518 of file aclchk.c.

{
    AclMode     result;
    Relation    pg_lo_meta;
    ScanKeyData entry[1];
    SysScanDesc scan;
    HeapTuple   tuple;
    Datum       aclDatum;
    bool        isNull;
    Acl        *acl;
    Oid         ownerId;
 
    /* Superusers bypass all permission checking. */
    if (superuser_arg(roleid))
        return mask;
 
    /*
     * Get the largeobject's ACL from pg_largeobject_metadata
     */
    pg_lo_meta = table_open(LargeObjectMetadataRelationId,
                            AccessShareLock);
 
    ScanKeyInit(&entry[0],
                Anum_pg_largeobject_metadata_oid,
                BTEqualStrategyNumber, F_OIDEQ,
                ObjectIdGetDatum(lobj_oid));
 
    scan = systable_beginscan(pg_lo_meta,
                              LargeObjectMetadataOidIndexId, true,
                              snapshot, 1, entry);
 
    tuple = systable_getnext(scan);
    if (!HeapTupleIsValid(tuple))
        ereport(ERROR,
                (errcode(ERRCODE_UNDEFINED_OBJECT),
                 errmsg("large object %u does not exist", lobj_oid)));
 
    ownerId = ((Form_pg_largeobject_metadata) GETSTRUCT(tuple))->lomowner;
 
    aclDatum = heap_getattr(tuple, Anum_pg_largeobject_metadata_lomacl,
                            RelationGetDescr(pg_lo_meta), &isNull);
 
    if (isNull)
    {
        /* No ACL, so build default ACL */
        acl = acldefault(OBJECT_LARGEOBJECT, ownerId);
        aclDatum = (Datum) 0;
    }
    else
    {
        /* detoast ACL if necessary */
        acl = DatumGetAclP(aclDatum);
    }
 
    result = aclmask(acl, roleid, ownerId, mask, how);
 
    /* if we have a detoasted copy, free it */
    if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
        pfree(acl);
 
    systable_endscan(scan);
 
    table_close(pg_lo_meta, AccessShareLock);
 
    return result;
}

References AccessShareLock, acldefault(), aclmask(), BTEqualStrategyNumber, DatumGetAclP, DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, GETSTRUCT, heap_getattr(), HeapTupleIsValid, OBJECT_LARGEOBJECT, ObjectIdGetDatum(), pfree(), RelationGetDescr, ScanKeyInit(), superuser_arg(), systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by pg_aclmask(), and pg_largeobject_aclcheck_snapshot().

pg_namespace_aclmask()

static AclMode pg_namespace_aclmask ( Oid  nsp_oid, Oid  roleid, AclMode  mask, AclMaskHow  how  )

static

Definition at line 3591 of file aclchk.c.

{
    AclMode     result;
    HeapTuple   tuple;
    Datum       aclDatum;
    bool        isNull;
    Acl        *acl;
    Oid         ownerId;
 
    /* Superusers bypass all permission checking. */
    if (superuser_arg(roleid))
        return mask;
 
    /*
     * If we have been assigned this namespace as a temp namespace, check to
     * make sure we have CREATE TEMP permission on the database, and if so act
     * as though we have all standard (but not GRANT OPTION) permissions on
     * the namespace.  If we don't have CREATE TEMP, act as though we have
     * only USAGE (and not CREATE) rights.
     *
     * This may seem redundant given the check in InitTempTableNamespace, but
     * it really isn't since current user ID may have changed since then. The
     * upshot of this behavior is that a SECURITY DEFINER function can create
     * temp tables that can then be accessed (if permission is granted) by
     * code in the same session that doesn't have permissions to create temp
     * tables.
     *
     * XXX Would it be safe to ereport a special error message as
     * InitTempTableNamespace does?  Returning zero here means we'll get a
     * generic "permission denied for schema pg_temp_N" message, which is not
     * remarkably user-friendly.
     */
    if (isTempNamespace(nsp_oid))
    {
        if (object_aclcheck(DatabaseRelationId, MyDatabaseId, roleid,
                            ACL_CREATE_TEMP) == ACLCHECK_OK)
            return mask & ACL_ALL_RIGHTS_SCHEMA;
        else
            return mask & ACL_USAGE;
    }
 
    /*
     * Get the schema's ACL from pg_namespace
     */
    tuple = SearchSysCache1(NAMESPACEOID, ObjectIdGetDatum(nsp_oid));
    if (!HeapTupleIsValid(tuple))
        ereport(ERROR,
                (errcode(ERRCODE_UNDEFINED_SCHEMA),
                 errmsg("schema with OID %u does not exist", nsp_oid)));
 
    ownerId = ((Form_pg_namespace) GETSTRUCT(tuple))->nspowner;
 
    aclDatum = SysCacheGetAttr(NAMESPACEOID, tuple, Anum_pg_namespace_nspacl,
                               &isNull);
    if (isNull)
    {
        /* No ACL, so build default ACL */
        acl = acldefault(OBJECT_SCHEMA, ownerId);
        aclDatum = (Datum) 0;
    }
    else
    {
        /* detoast ACL if necessary */
        acl = DatumGetAclP(aclDatum);
    }
 
    result = aclmask(acl, roleid, ownerId, mask, how);
 
    /* if we have a detoasted copy, free it */
    if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
        pfree(acl);
 
    ReleaseSysCache(tuple);
 
    /*
     * Check if ACL_USAGE is being checked and, if so, and not set already as
     * part of the result, then check if the user is a member of the
     * pg_read_all_data or pg_write_all_data roles, which allow usage access
     * to all schemas.
     */
    if (mask & ACL_USAGE && !(result & ACL_USAGE) &&
        (has_privs_of_role(roleid, ROLE_PG_READ_ALL_DATA) ||
         has_privs_of_role(roleid, ROLE_PG_WRITE_ALL_DATA)))
        result |= ACL_USAGE;
    return result;
}

References ACL_ALL_RIGHTS_SCHEMA, ACL_CREATE_TEMP, ACL_USAGE, ACLCHECK_OK, acldefault(), aclmask(), DatumGetAclP, DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, GETSTRUCT, has_privs_of_role(), HeapTupleIsValid, isTempNamespace(), MyDatabaseId, NAMESPACEOID, object_aclcheck(), OBJECT_SCHEMA, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by object_aclmask().

pg_parameter_acl_aclmask()

static AclMode pg_parameter_acl_aclmask ( Oid  acl_oid, Oid  roleid, AclMode  mask, AclMaskHow  how  )

static

Definition at line 3459 of file aclchk.c.

{
    AclMode     result;
    HeapTuple   tuple;
    Datum       aclDatum;
    bool        isNull;
    Acl        *acl;
 
    /* Superusers bypass all permission checking. */
    if (superuser_arg(roleid))
        return mask;
 
    /* Get the ACL from pg_parameter_acl */
    tuple = SearchSysCache1(PARAMETERACLOID, ObjectIdGetDatum(acl_oid));
    if (!HeapTupleIsValid(tuple))
        ereport(ERROR,
                (errcode(ERRCODE_UNDEFINED_OBJECT),
                 errmsg("parameter ACL with OID %u does not exist",
                        acl_oid)));
 
    aclDatum = SysCacheGetAttr(PARAMETERACLOID, tuple,
                               Anum_pg_parameter_acl_paracl,
                               &isNull);
    if (isNull)
    {
        /* No ACL, so build default ACL */
        acl = acldefault(OBJECT_PARAMETER_ACL, BOOTSTRAP_SUPERUSERID);
        aclDatum = (Datum) 0;
    }
    else
    {
        /* detoast ACL if necessary */
        acl = DatumGetAclP(aclDatum);
    }
 
    result = aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
 
    /* if we have a detoasted copy, free it */
    if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
        pfree(acl);
 
    ReleaseSysCache(tuple);
 
    return result;
}

References acldefault(), aclmask(), DatumGetAclP, DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, HeapTupleIsValid, OBJECT_PARAMETER_ACL, ObjectIdGetDatum(), PARAMETERACLOID, pfree(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by pg_aclmask().

pg_parameter_aclcheck()

AclResult pg_parameter_aclcheck	(	const char *	name,
		Oid	roleid,
		AclMode	mode
	)

Definition at line 3935 of file aclchk.c.

{
    if (pg_parameter_aclmask(name, roleid, mode, ACLMASK_ANY) != 0)
        return ACLCHECK_OK;
    else
        return ACLCHECK_NO_PRIV;
}

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, name, and pg_parameter_aclmask().

Referenced by AlterSystemSetConfigFile(), has_param_priv_byname(), set_config_option_ext(), and validate_option_array_item().

pg_parameter_aclmask()

static AclMode pg_parameter_aclmask ( const char *  name, Oid  roleid, AclMode  mask, AclMaskHow  how  )

static

Definition at line 3395 of file aclchk.c.

{
    AclMode     result;
    char       *parname;
    text       *partext;
    HeapTuple   tuple;
 
    /* Superusers bypass all permission checking. */
    if (superuser_arg(roleid))
        return mask;
 
    /* Convert name to the form it should have in pg_parameter_acl... */
    parname = convert_GUC_name_for_parameter_acl(name);
    partext = cstring_to_text(parname);
 
    /* ... and look it up */
    tuple = SearchSysCache1(PARAMETERACLNAME, PointerGetDatum(partext));
 
    if (!HeapTupleIsValid(tuple))
    {
        /* If no entry, GUC has no permissions for non-superusers */
        result = ACL_NO_RIGHTS;
    }
    else
    {
        Datum       aclDatum;
        bool        isNull;
        Acl        *acl;
 
        aclDatum = SysCacheGetAttr(PARAMETERACLNAME, tuple,
                                   Anum_pg_parameter_acl_paracl,
                                   &isNull);
        if (isNull)
        {
            /* No ACL, so build default ACL */
            acl = acldefault(OBJECT_PARAMETER_ACL, BOOTSTRAP_SUPERUSERID);
            aclDatum = (Datum) 0;
        }
        else
        {
            /* detoast ACL if necessary */
            acl = DatumGetAclP(aclDatum);
        }
 
        result = aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
 
        /* if we have a detoasted copy, free it */
        if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
            pfree(acl);
 
        ReleaseSysCache(tuple);
    }
 
    pfree(parname);
    pfree(partext);
 
    return result;
}

References ACL_NO_RIGHTS, acldefault(), aclmask(), convert_GUC_name_for_parameter_acl(), cstring_to_text(), DatumGetAclP, DatumGetPointer(), HeapTupleIsValid, name, OBJECT_PARAMETER_ACL, PARAMETERACLNAME, pfree(), PointerGetDatum(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by pg_parameter_aclcheck().

pg_type_aclmask()

static AclMode pg_type_aclmask ( Oid  type_oid, Oid  roleid, AclMode  mask, AclMaskHow  how  )

static

Definition at line 3683 of file aclchk.c.

{
    AclMode     result;
    HeapTuple   tuple;
    Datum       aclDatum;
    bool        isNull;
    Acl        *acl;
    Oid         ownerId;
 
    Form_pg_type typeForm;
 
    /* Bypass permission checks for superusers */
    if (superuser_arg(roleid))
        return mask;
 
    /*
     * Must get the type's tuple from pg_type
     */
    tuple = SearchSysCache1(TYPEOID, ObjectIdGetDatum(type_oid));
    if (!HeapTupleIsValid(tuple))
        ereport(ERROR,
                (errcode(ERRCODE_UNDEFINED_OBJECT),
                 errmsg("type with OID %u does not exist",
                        type_oid)));
    typeForm = (Form_pg_type) GETSTRUCT(tuple);
 
    /*
     * "True" array types don't manage permissions of their own; consult the
     * element type instead.
     */
    if (IsTrueArrayType(typeForm))
    {
        Oid         elttype_oid = typeForm->typelem;
 
        ReleaseSysCache(tuple);
 
        tuple = SearchSysCache1(TYPEOID, ObjectIdGetDatum(elttype_oid));
        /* this case is not a user-facing error, so elog not ereport */
        if (!HeapTupleIsValid(tuple))
            elog(ERROR, "cache lookup failed for type %u", elttype_oid);
        typeForm = (Form_pg_type) GETSTRUCT(tuple);
    }
 
    /*
     * Now get the type's owner and ACL from the tuple
     */
    ownerId = typeForm->typowner;
 
    aclDatum = SysCacheGetAttr(TYPEOID, tuple,
                               Anum_pg_type_typacl, &isNull);
    if (isNull)
    {
        /* No ACL, so build default ACL */
        acl = acldefault(OBJECT_TYPE, ownerId);
        aclDatum = (Datum) 0;
    }
    else
    {
        /* detoast rel's ACL if necessary */
        acl = DatumGetAclP(aclDatum);
    }
 
    result = aclmask(acl, roleid, ownerId, mask, how);
 
    /* if we have a detoasted copy, free it */
    if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
        pfree(acl);
 
    ReleaseSysCache(tuple);
 
    return result;
}

References acldefault(), aclmask(), DatumGetAclP, DatumGetPointer(), elog(), ereport, errcode(), errmsg(), ERROR, GETSTRUCT, HeapTupleIsValid, OBJECT_TYPE, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), SysCacheGetAttr(), and TYPEOID.

Referenced by object_aclmask().

privilege_to_string()

static const char * privilege_to_string ( AclMode  privilege )

static

Definition at line 2624 of file aclchk.c.

{
    switch (privilege)
    {
        case ACL_INSERT:
            return "INSERT";
        case ACL_SELECT:
            return "SELECT";
        case ACL_UPDATE:
            return "UPDATE";
        case ACL_DELETE:
            return "DELETE";
        case ACL_TRUNCATE:
            return "TRUNCATE";
        case ACL_REFERENCES:
            return "REFERENCES";
        case ACL_TRIGGER:
            return "TRIGGER";
        case ACL_EXECUTE:
            return "EXECUTE";
        case ACL_USAGE:
            return "USAGE";
        case ACL_CREATE:
            return "CREATE";
        case ACL_CREATE_TEMP:
            return "TEMP";
        case ACL_CONNECT:
            return "CONNECT";
        case ACL_SET:
            return "SET";
        case ACL_ALTER_SYSTEM:
            return "ALTER SYSTEM";
        default:
            elog(ERROR, "unrecognized privilege: %d", (int) privilege);
    }
    return NULL;                /* appease compiler */
}

References ACL_ALTER_SYSTEM, ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_REFERENCES, ACL_SELECT, ACL_SET, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, elog(), and ERROR.

Referenced by ExecAlterDefaultPrivilegesStmt(), ExecGrant_Relation(), and ExecuteGrantStmt().

recordDependencyOnNewAcl()

void recordDependencyOnNewAcl	(	Oid	classId,
		Oid	objectId,
		int32	objsubId,
		Oid	ownerId,
		Acl *	acl
	)

Definition at line 4192 of file aclchk.c.

{
    int         nmembers;
    Oid        *members;
 
    /* Nothing to do if ACL is defaulted */
    if (acl == NULL)
        return;
 
    /* Extract roles mentioned in ACL */
    nmembers = aclmembers(acl, &members);
 
    /* Update the shared dependency ACL info */
    updateAclDependencies(classId, objectId, objsubId,
                          ownerId,
                          0, NULL,
                          nmembers, members);
}

References aclmembers(), and updateAclDependencies().

Referenced by GenerateTypeDependencies(), heap_create_with_catalog(), NamespaceCreate(), and ProcedureCreate().

recordExtensionInitPriv()

static void recordExtensionInitPriv ( Oid  objoid, Oid  classoid, int  objsubid, Acl *  new_acl  )

static

Definition at line 4465 of file aclchk.c.

{
    /*
     * Generally, we only record the initial privileges when an extension is
     * being created, but because we don't actually use CREATE EXTENSION
     * during binary upgrades with pg_upgrade, there is a variable to let us
     * know that the GRANT and REVOKE statements being issued, while this
     * variable is true, are for the initial privileges of the extension
     * object and therefore we need to record them.
     */
    if (!creating_extension && !binary_upgrade_record_init_privs)
        return;
 
    recordExtensionInitPrivWorker(objoid, classoid, objsubid, new_acl);
}

References binary_upgrade_record_init_privs, creating_extension, and recordExtensionInitPrivWorker().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), and ExecGrant_Relation().

recordExtensionInitPrivWorker()

static void recordExtensionInitPrivWorker ( Oid  objoid, Oid  classoid, int  objsubid, Acl *  new_acl  )

static

Definition at line 4494 of file aclchk.c.

{
    Relation    relation;
    ScanKeyData key[3];
    SysScanDesc scan;
    HeapTuple   tuple;
    HeapTuple   oldtuple;
 
    relation = table_open(InitPrivsRelationId, RowExclusiveLock);
 
    ScanKeyInit(&key[0],
                Anum_pg_init_privs_objoid,
                BTEqualStrategyNumber, F_OIDEQ,
                ObjectIdGetDatum(objoid));
    ScanKeyInit(&key[1],
                Anum_pg_init_privs_classoid,
                BTEqualStrategyNumber, F_OIDEQ,
                ObjectIdGetDatum(classoid));
    ScanKeyInit(&key[2],
                Anum_pg_init_privs_objsubid,
                BTEqualStrategyNumber, F_INT4EQ,
                Int32GetDatum(objsubid));
 
    scan = systable_beginscan(relation, InitPrivsObjIndexId, true,
                              NULL, 3, key);
 
    /* There should exist only one entry or none. */
    oldtuple = systable_getnext(scan);
 
    /* If we find an entry, update it with the latest ACL. */
    if (HeapTupleIsValid(oldtuple))
    {
        Datum       values[Natts_pg_init_privs] = {0};
        bool        nulls[Natts_pg_init_privs] = {0};
        bool        replace[Natts_pg_init_privs] = {0};
 
        /* If we have a new ACL to set, then update the row with it. */
        if (new_acl)
        {
            values[Anum_pg_init_privs_initprivs - 1] = PointerGetDatum(new_acl);
            replace[Anum_pg_init_privs_initprivs - 1] = true;
 
            oldtuple = heap_modify_tuple(oldtuple, RelationGetDescr(relation),
                                         values, nulls, replace);
 
            CatalogTupleUpdate(relation, &oldtuple->t_self, oldtuple);
        }
        else
        {
            /* new_acl is NULL, so delete the entry we found. */
            CatalogTupleDelete(relation, &oldtuple->t_self);
        }
    }
    else
    {
        Datum       values[Natts_pg_init_privs] = {0};
        bool        nulls[Natts_pg_init_privs] = {0};
 
        /*
         * Only add a new entry if the new ACL is non-NULL.
         *
         * If we are passed in a NULL ACL and no entry exists, we can just
         * fall through and do nothing.
         */
        if (new_acl)
        {
            /* No entry found, so add it. */
            values[Anum_pg_init_privs_objoid - 1] = ObjectIdGetDatum(objoid);
            values[Anum_pg_init_privs_classoid - 1] = ObjectIdGetDatum(classoid);
            values[Anum_pg_init_privs_objsubid - 1] = Int32GetDatum(objsubid);
 
            /* This function only handles initial privileges of extensions */
            values[Anum_pg_init_privs_privtype - 1] =
                CharGetDatum(INITPRIVS_EXTENSION);
 
            values[Anum_pg_init_privs_initprivs - 1] = PointerGetDatum(new_acl);
 
            tuple = heap_form_tuple(RelationGetDescr(relation), values, nulls);
 
            CatalogTupleInsert(relation, tuple);
        }
    }
 
    systable_endscan(scan);
 
    /* prevent error when processing objects multiple times */
    CommandCounterIncrement();
 
    table_close(relation, RowExclusiveLock);
}

References BTEqualStrategyNumber, CatalogTupleDelete(), CatalogTupleInsert(), CatalogTupleUpdate(), CharGetDatum(), CommandCounterIncrement(), heap_form_tuple(), heap_modify_tuple(), HeapTupleIsValid, INITPRIVS_EXTENSION, Int32GetDatum(), sort-test::key, ObjectIdGetDatum(), PointerGetDatum(), RelationGetDescr, RowExclusiveLock, ScanKeyInit(), systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), table_open(), and values.

Referenced by recordExtensionInitPriv(), recordExtObjInitPriv(), and removeExtObjInitPriv().

recordExtObjInitPriv()

void recordExtObjInitPriv	(	Oid	objoid,
		Oid	classoid
	)

Definition at line 4219 of file aclchk.c.

{
    /*
     * pg_class / pg_attribute
     *
     * If this is a relation then we need to see if there are any sub-objects
     * (eg: columns) for it and, if so, be sure to call
     * recordExtensionInitPrivWorker() for each one.
     */
    if (classoid == RelationRelationId)
    {
        Form_pg_class pg_class_tuple;
        Datum       aclDatum;
        bool        isNull;
        HeapTuple   tuple;
 
        tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(objoid));
        if (!HeapTupleIsValid(tuple))
            elog(ERROR, "cache lookup failed for relation %u", objoid);
        pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
 
        /*
         * Indexes don't have permissions, neither do the pg_class rows for
         * composite types.  (These cases are unreachable given the
         * restrictions in ALTER EXTENSION ADD, but let's check anyway.)
         */
        if (pg_class_tuple->relkind == RELKIND_INDEX ||
            pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
            pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
        {
            ReleaseSysCache(tuple);
            return;
        }
 
        /*
         * If this isn't a sequence then it's possibly going to have
         * column-level ACLs associated with it.
         */
        if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
        {
            AttrNumber  curr_att;
            AttrNumber  nattrs = pg_class_tuple->relnatts;
 
            for (curr_att = 1; curr_att <= nattrs; curr_att++)
            {
                HeapTuple   attTuple;
                Datum       attaclDatum;
 
                attTuple = SearchSysCache2(ATTNUM,
                                           ObjectIdGetDatum(objoid),
                                           Int16GetDatum(curr_att));
 
                if (!HeapTupleIsValid(attTuple))
                    continue;
 
                /* ignore dropped columns */
                if (((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped)
                {
                    ReleaseSysCache(attTuple);
                    continue;
                }
 
                attaclDatum = SysCacheGetAttr(ATTNUM, attTuple,
                                              Anum_pg_attribute_attacl,
                                              &isNull);
 
                /* no need to do anything for a NULL ACL */
                if (isNull)
                {
                    ReleaseSysCache(attTuple);
                    continue;
                }
 
                recordExtensionInitPrivWorker(objoid, classoid, curr_att,
                                              DatumGetAclP(attaclDatum));
 
                ReleaseSysCache(attTuple);
            }
        }
 
        aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
                                   &isNull);
 
        /* Add the record, if any, for the top-level object */
        if (!isNull)
            recordExtensionInitPrivWorker(objoid, classoid, 0,
                                          DatumGetAclP(aclDatum));
 
        ReleaseSysCache(tuple);
    }
    /* pg_largeobject_metadata */
    else if (classoid == LargeObjectMetadataRelationId)
    {
        Datum       aclDatum;
        bool        isNull;
        HeapTuple   tuple;
        ScanKeyData entry[1];
        SysScanDesc scan;
        Relation    relation;
 
        /*
         * Note: this is dead code, given that we don't allow large objects to
         * be made extension members.  But it seems worth carrying in case
         * some future caller of this function has need for it.
         */
        relation = table_open(LargeObjectMetadataRelationId, RowExclusiveLock);
 
        /* There's no syscache for pg_largeobject_metadata */
        ScanKeyInit(&entry[0],
                    Anum_pg_largeobject_metadata_oid,
                    BTEqualStrategyNumber, F_OIDEQ,
                    ObjectIdGetDatum(objoid));
 
        scan = systable_beginscan(relation,
                                  LargeObjectMetadataOidIndexId, true,
                                  NULL, 1, entry);
 
        tuple = systable_getnext(scan);
        if (!HeapTupleIsValid(tuple))
            elog(ERROR, "could not find tuple for large object %u", objoid);
 
        aclDatum = heap_getattr(tuple,
                                Anum_pg_largeobject_metadata_lomacl,
                                RelationGetDescr(relation), &isNull);
 
        /* Add the record, if any, for the top-level object */
        if (!isNull)
            recordExtensionInitPrivWorker(objoid, classoid, 0,
                                          DatumGetAclP(aclDatum));
 
        systable_endscan(scan);
    }
    /* This will error on unsupported classoid. */
    else if (get_object_attnum_acl(classoid) != InvalidAttrNumber)
    {
        Datum       aclDatum;
        bool        isNull;
        HeapTuple   tuple;
 
        tuple = SearchSysCache1(get_object_catcache_oid(classoid),
                                ObjectIdGetDatum(objoid));
        if (!HeapTupleIsValid(tuple))
            elog(ERROR, "cache lookup failed for %s %u",
                 get_object_class_descr(classoid), objoid);
 
        aclDatum = SysCacheGetAttr(get_object_catcache_oid(classoid), tuple,
                                   get_object_attnum_acl(classoid),
                                   &isNull);
 
        /* Add the record, if any, for the top-level object */
        if (!isNull)
            recordExtensionInitPrivWorker(objoid, classoid, 0,
                                          DatumGetAclP(aclDatum));
 
        ReleaseSysCache(tuple);
    }
}

References ATTNUM, BTEqualStrategyNumber, DatumGetAclP, elog(), ERROR, get_object_attnum_acl(), get_object_catcache_oid(), get_object_class_descr(), GETSTRUCT, heap_getattr(), HeapTupleIsValid, Int16GetDatum(), InvalidAttrNumber, ObjectIdGetDatum(), recordExtensionInitPrivWorker(), RelationGetDescr, ReleaseSysCache(), RELOID, RowExclusiveLock, ScanKeyInit(), SearchSysCache1(), SearchSysCache2(), SysCacheGetAttr(), systable_beginscan(), systable_endscan(), systable_getnext(), and table_open().

Referenced by ExecAlterExtensionContentsStmt().

removeExtObjInitPriv()

void removeExtObjInitPriv	(	Oid	objoid,
		Oid	classoid
	)

Definition at line 4382 of file aclchk.c.

{
    /*
     * If this is a relation then we need to see if there are any sub-objects
     * (eg: columns) for it and, if so, be sure to call
     * recordExtensionInitPrivWorker() for each one.
     */
    if (classoid == RelationRelationId)
    {
        Form_pg_class pg_class_tuple;
        HeapTuple   tuple;
 
        tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(objoid));
        if (!HeapTupleIsValid(tuple))
            elog(ERROR, "cache lookup failed for relation %u", objoid);
        pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
 
        /*
         * Indexes don't have permissions, neither do the pg_class rows for
         * composite types.  (These cases are unreachable given the
         * restrictions in ALTER EXTENSION DROP, but let's check anyway.)
         */
        if (pg_class_tuple->relkind == RELKIND_INDEX ||
            pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
            pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
        {
            ReleaseSysCache(tuple);
            return;
        }
 
        /*
         * If this isn't a sequence then it's possibly going to have
         * column-level ACLs associated with it.
         */
        if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
        {
            AttrNumber  curr_att;
            AttrNumber  nattrs = pg_class_tuple->relnatts;
 
            for (curr_att = 1; curr_att <= nattrs; curr_att++)
            {
                HeapTuple   attTuple;
 
                attTuple = SearchSysCache2(ATTNUM,
                                           ObjectIdGetDatum(objoid),
                                           Int16GetDatum(curr_att));
 
                if (!HeapTupleIsValid(attTuple))
                    continue;
 
                /* when removing, remove all entries, even dropped columns */
 
                recordExtensionInitPrivWorker(objoid, classoid, curr_att, NULL);
 
                ReleaseSysCache(attTuple);
            }
        }
 
        ReleaseSysCache(tuple);
    }
 
    /* Remove the record, if any, for the top-level object */
    recordExtensionInitPrivWorker(objoid, classoid, 0, NULL);
}

References ATTNUM, elog(), ERROR, GETSTRUCT, HeapTupleIsValid, Int16GetDatum(), ObjectIdGetDatum(), recordExtensionInitPrivWorker(), ReleaseSysCache(), RELOID, SearchSysCache1(), and SearchSysCache2().

Referenced by ExecAlterExtensionContentsStmt().

RemoveRoleFromObjectACL()

void RemoveRoleFromObjectACL	(	Oid	roleid,
		Oid	classid,
		Oid	objid
	)

Definition at line 1444 of file aclchk.c.

{
    if (classid == DefaultAclRelationId)
    {
        InternalDefaultACL iacls;
        Form_pg_default_acl pg_default_acl_tuple;
        Relation    rel;
        ScanKeyData skey[1];
        SysScanDesc scan;
        HeapTuple   tuple;
 
        /* first fetch info needed by SetDefaultACL */
        rel = table_open(DefaultAclRelationId, AccessShareLock);
 
        ScanKeyInit(&skey[0],
                    Anum_pg_default_acl_oid,
                    BTEqualStrategyNumber, F_OIDEQ,
                    ObjectIdGetDatum(objid));
 
        scan = systable_beginscan(rel, DefaultAclOidIndexId, true,
                                  NULL, 1, skey);
 
        tuple = systable_getnext(scan);
 
        if (!HeapTupleIsValid(tuple))
            elog(ERROR, "could not find tuple for default ACL %u", objid);
 
        pg_default_acl_tuple = (Form_pg_default_acl) GETSTRUCT(tuple);
 
        iacls.roleid = pg_default_acl_tuple->defaclrole;
        iacls.nspid = pg_default_acl_tuple->defaclnamespace;
 
        switch (pg_default_acl_tuple->defaclobjtype)
        {
            case DEFACLOBJ_RELATION:
                iacls.objtype = OBJECT_TABLE;
                break;
            case DEFACLOBJ_SEQUENCE:
                iacls.objtype = OBJECT_SEQUENCE;
                break;
            case DEFACLOBJ_FUNCTION:
                iacls.objtype = OBJECT_FUNCTION;
                break;
            case DEFACLOBJ_TYPE:
                iacls.objtype = OBJECT_TYPE;
                break;
            case DEFACLOBJ_NAMESPACE:
                iacls.objtype = OBJECT_SCHEMA;
                break;
            default:
                /* Shouldn't get here */
                elog(ERROR, "unexpected default ACL type: %d",
                     (int) pg_default_acl_tuple->defaclobjtype);
                break;
        }
 
        systable_endscan(scan);
        table_close(rel, AccessShareLock);
 
        iacls.is_grant = false;
        iacls.all_privs = true;
        iacls.privileges = ACL_NO_RIGHTS;
        iacls.grantees = list_make1_oid(roleid);
        iacls.grant_option = false;
        iacls.behavior = DROP_CASCADE;
 
        /* Do it */
        SetDefaultACL(&iacls);
    }
    else
    {
        InternalGrant istmt;
 
        switch (classid)
        {
            case RelationRelationId:
                /* it's OK to use TABLE for a sequence */
                istmt.objtype = OBJECT_TABLE;
                break;
            case DatabaseRelationId:
                istmt.objtype = OBJECT_DATABASE;
                break;
            case TypeRelationId:
                istmt.objtype = OBJECT_TYPE;
                break;
            case ProcedureRelationId:
                istmt.objtype = OBJECT_ROUTINE;
                break;
            case LanguageRelationId:
                istmt.objtype = OBJECT_LANGUAGE;
                break;
            case LargeObjectRelationId:
                istmt.objtype = OBJECT_LARGEOBJECT;
                break;
            case NamespaceRelationId:
                istmt.objtype = OBJECT_SCHEMA;
                break;
            case TableSpaceRelationId:
                istmt.objtype = OBJECT_TABLESPACE;
                break;
            case ForeignServerRelationId:
                istmt.objtype = OBJECT_FOREIGN_SERVER;
                break;
            case ForeignDataWrapperRelationId:
                istmt.objtype = OBJECT_FDW;
                break;
            case ParameterAclRelationId:
                istmt.objtype = OBJECT_PARAMETER_ACL;
                break;
            default:
                elog(ERROR, "unexpected object class %u", classid);
                break;
        }
        istmt.is_grant = false;
        istmt.objects = list_make1_oid(objid);
        istmt.all_privs = true;
        istmt.privileges = ACL_NO_RIGHTS;
        istmt.col_privs = NIL;
        istmt.grantees = list_make1_oid(roleid);
        istmt.grant_option = false;
        istmt.behavior = DROP_CASCADE;
 
        ExecGrantStmt_oids(&istmt);
    }
}

References AccessShareLock, ACL_NO_RIGHTS, InternalDefaultACL::all_privs, InternalGrant::all_privs, InternalDefaultACL::behavior, InternalGrant::behavior, BTEqualStrategyNumber, InternalGrant::col_privs, DROP_CASCADE, elog(), ERROR, ExecGrantStmt_oids(), GETSTRUCT, InternalDefaultACL::grant_option, InternalGrant::grant_option, InternalDefaultACL::grantees, InternalGrant::grantees, HeapTupleIsValid, InternalDefaultACL::is_grant, InternalGrant::is_grant, list_make1_oid, NIL, InternalDefaultACL::nspid, OBJECT_DATABASE, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, ObjectIdGetDatum(), InternalGrant::objects, InternalDefaultACL::objtype, InternalGrant::objtype, InternalDefaultACL::privileges, InternalGrant::privileges, InternalDefaultACL::roleid, ScanKeyInit(), SetDefaultACL(), systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by shdepDropOwned().

restrict_and_check_grant()

static AclMode restrict_and_check_grant ( bool  is_grant, AclMode  avail_goptions, bool  all_privs, AclMode  privileges, Oid  objectId, Oid  grantorId, ObjectType  objtype, const char *  objname, AttrNumber  att_number, const char *  colname  )

static

Definition at line 231 of file aclchk.c.

{
    AclMode     this_privileges;
    AclMode     whole_mask;
 
    switch (objtype)
    {
        case OBJECT_COLUMN:
            whole_mask = ACL_ALL_RIGHTS_COLUMN;
            break;
        case OBJECT_TABLE:
            whole_mask = ACL_ALL_RIGHTS_RELATION;
            break;
        case OBJECT_SEQUENCE:
            whole_mask = ACL_ALL_RIGHTS_SEQUENCE;
            break;
        case OBJECT_DATABASE:
            whole_mask = ACL_ALL_RIGHTS_DATABASE;
            break;
        case OBJECT_FUNCTION:
            whole_mask = ACL_ALL_RIGHTS_FUNCTION;
            break;
        case OBJECT_LANGUAGE:
            whole_mask = ACL_ALL_RIGHTS_LANGUAGE;
            break;
        case OBJECT_LARGEOBJECT:
            whole_mask = ACL_ALL_RIGHTS_LARGEOBJECT;
            break;
        case OBJECT_SCHEMA:
            whole_mask = ACL_ALL_RIGHTS_SCHEMA;
            break;
        case OBJECT_TABLESPACE:
            whole_mask = ACL_ALL_RIGHTS_TABLESPACE;
            break;
        case OBJECT_FDW:
            whole_mask = ACL_ALL_RIGHTS_FDW;
            break;
        case OBJECT_FOREIGN_SERVER:
            whole_mask = ACL_ALL_RIGHTS_FOREIGN_SERVER;
            break;
        case OBJECT_EVENT_TRIGGER:
            elog(ERROR, "grantable rights not supported for event triggers");
            /* not reached, but keep compiler quiet */
            return ACL_NO_RIGHTS;
        case OBJECT_TYPE:
            whole_mask = ACL_ALL_RIGHTS_TYPE;
            break;
        case OBJECT_PARAMETER_ACL:
            whole_mask = ACL_ALL_RIGHTS_PARAMETER_ACL;
            break;
        default:
            elog(ERROR, "unrecognized object type: %d", objtype);
            /* not reached, but keep compiler quiet */
            return ACL_NO_RIGHTS;
    }
 
    /*
     * If we found no grant options, consider whether to issue a hard error.
     * Per spec, having any privilege at all on the object will get you by
     * here.
     */
    if (avail_goptions == ACL_NO_RIGHTS)
    {
        if (pg_aclmask(objtype, objectId, att_number, grantorId,
                       whole_mask | ACL_GRANT_OPTION_FOR(whole_mask),
                       ACLMASK_ANY) == ACL_NO_RIGHTS)
        {
            if (objtype == OBJECT_COLUMN && colname)
                aclcheck_error_col(ACLCHECK_NO_PRIV, objtype, objname, colname);
            else
                aclcheck_error(ACLCHECK_NO_PRIV, objtype, objname);
        }
    }
 
    /*
     * Restrict the operation to what we can actually grant or revoke, and
     * issue a warning if appropriate.  (For REVOKE this isn't quite what the
     * spec says to do: the spec seems to want a warning only if no privilege
     * bits actually change in the ACL. In practice that behavior seems much
     * too noisy, as well as inconsistent with the GRANT case.)
     */
    this_privileges = privileges &