PostgreSQL Source Code  git master
aclchk.c File Reference
Include dependency graph for aclchk.c:

Go to the source code of this file.

Data Structures

struct  InternalDefaultACL
 

Functions

static void ExecGrantStmt_oids (InternalGrant *istmt)
 
static void ExecGrant_Relation (InternalGrant *istmt)
 
static void ExecGrant_common (InternalGrant *istmt, Oid classid, AclMode default_privs, void(*object_check)(InternalGrant *istmt, HeapTuple tuple))
 
static void ExecGrant_Language_check (InternalGrant *istmt, HeapTuple tuple)
 
static void ExecGrant_Largeobject (InternalGrant *istmt)
 
static void ExecGrant_Type_check (InternalGrant *istmt, HeapTuple tuple)
 
static void ExecGrant_Parameter (InternalGrant *istmt)
 
static void SetDefaultACLsInSchemas (InternalDefaultACL *iacls, List *nspnames)
 
static void SetDefaultACL (InternalDefaultACL *iacls)
 
static ListobjectNamesToOids (ObjectType objtype, List *objnames, bool is_grant)
 
static ListobjectsInSchemaToOids (ObjectType objtype, List *nspnames)
 
static ListgetRelationsInNamespace (Oid namespaceId, char relkind)
 
static void expand_col_privileges (List *colnames, Oid table_oid, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
 
static void expand_all_col_privileges (Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
 
static AclMode string_to_privilege (const char *privname)
 
static const char * privilege_to_string (AclMode privilege)
 
static AclMode restrict_and_check_grant (bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
 
static AclMode pg_aclmask (ObjectType objtype, Oid object_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode object_aclmask (Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode object_aclmask_ext (Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
 
static AclMode pg_attribute_aclmask (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode pg_attribute_aclmask_ext (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
 
static AclMode pg_class_aclmask_ext (Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
 
static AclMode pg_parameter_acl_aclmask (Oid acl_oid, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode pg_largeobject_aclmask_snapshot (Oid lobj_oid, Oid roleid, AclMode mask, AclMaskHow how, Snapshot snapshot)
 
static AclMode pg_namespace_aclmask_ext (Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
 
static AclMode pg_type_aclmask_ext (Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
 
static void recordExtensionInitPriv (Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
 
static void recordExtensionInitPrivWorker (Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
 
static Aclmerge_acl_with_grant (Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
 
void ExecuteGrantStmt (GrantStmt *stmt)
 
void ExecAlterDefaultPrivilegesStmt (ParseState *pstate, AlterDefaultPrivilegesStmt *stmt)
 
void RemoveRoleFromObjectACL (Oid roleid, Oid classid, Oid objid)
 
static void ExecGrant_Attribute (InternalGrant *istmt, Oid relOid, const char *relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)
 
void aclcheck_error (AclResult aclerr, ObjectType objtype, const char *objectname)
 
void aclcheck_error_col (AclResult aclerr, ObjectType objtype, const char *objectname, const char *colname)
 
void aclcheck_error_type (AclResult aclerr, Oid typeOid)
 
AclMode pg_class_aclmask (Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode pg_parameter_aclmask (const char *name, Oid roleid, AclMode mask, AclMaskHow how)
 
AclResult object_aclcheck (Oid classid, Oid objectid, Oid roleid, AclMode mode)
 
AclResult object_aclcheck_ext (Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)
 
AclResult pg_attribute_aclcheck (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode)
 
AclResult pg_attribute_aclcheck_ext (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
 
AclResult pg_attribute_aclcheck_all (Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
 
AclResult pg_attribute_aclcheck_all_ext (Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)
 
AclResult pg_class_aclcheck (Oid table_oid, Oid roleid, AclMode mode)
 
AclResult pg_class_aclcheck_ext (Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)
 
AclResult pg_parameter_aclcheck (const char *name, Oid roleid, AclMode mode)
 
AclResult pg_largeobject_aclcheck_snapshot (Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)
 
bool object_ownercheck (Oid classid, Oid objectid, Oid roleid)
 
bool has_createrole_privilege (Oid roleid)
 
bool has_bypassrls_privilege (Oid roleid)
 
static Aclget_default_acl_internal (Oid roleId, Oid nsp_oid, char objtype)
 
Aclget_user_default_acl (ObjectType objtype, Oid ownerId, Oid nsp_oid)
 
void recordDependencyOnNewAcl (Oid classId, Oid objectId, int32 objsubId, Oid ownerId, Acl *acl)
 
void recordExtObjInitPriv (Oid objoid, Oid classoid)
 
void removeExtObjInitPriv (Oid objoid, Oid classoid)
 

Variables

bool binary_upgrade_record_init_privs = false
 

Function Documentation

◆ aclcheck_error()

void aclcheck_error ( AclResult  aclerr,
ObjectType  objtype,
const char *  objectname 
)

Definition at line 2688 of file aclchk.c.

2690 {
2691  switch (aclerr)
2692  {
2693  case ACLCHECK_OK:
2694  /* no error, so return to caller */
2695  break;
2696  case ACLCHECK_NO_PRIV:
2697  {
2698  const char *msg = "???";
2699 
2700  switch (objtype)
2701  {
2702  case OBJECT_AGGREGATE:
2703  msg = gettext_noop("permission denied for aggregate %s");
2704  break;
2705  case OBJECT_COLLATION:
2706  msg = gettext_noop("permission denied for collation %s");
2707  break;
2708  case OBJECT_COLUMN:
2709  msg = gettext_noop("permission denied for column %s");
2710  break;
2711  case OBJECT_CONVERSION:
2712  msg = gettext_noop("permission denied for conversion %s");
2713  break;
2714  case OBJECT_DATABASE:
2715  msg = gettext_noop("permission denied for database %s");
2716  break;
2717  case OBJECT_DOMAIN:
2718  msg = gettext_noop("permission denied for domain %s");
2719  break;
2720  case OBJECT_EVENT_TRIGGER:
2721  msg = gettext_noop("permission denied for event trigger %s");
2722  break;
2723  case OBJECT_EXTENSION:
2724  msg = gettext_noop("permission denied for extension %s");
2725  break;
2726  case OBJECT_FDW:
2727  msg = gettext_noop("permission denied for foreign-data wrapper %s");
2728  break;
2729  case OBJECT_FOREIGN_SERVER:
2730  msg = gettext_noop("permission denied for foreign server %s");
2731  break;
2732  case OBJECT_FOREIGN_TABLE:
2733  msg = gettext_noop("permission denied for foreign table %s");
2734  break;
2735  case OBJECT_FUNCTION:
2736  msg = gettext_noop("permission denied for function %s");
2737  break;
2738  case OBJECT_INDEX:
2739  msg = gettext_noop("permission denied for index %s");
2740  break;
2741  case OBJECT_LANGUAGE:
2742  msg = gettext_noop("permission denied for language %s");
2743  break;
2744  case OBJECT_LARGEOBJECT:
2745  msg = gettext_noop("permission denied for large object %s");
2746  break;
2747  case OBJECT_MATVIEW:
2748  msg = gettext_noop("permission denied for materialized view %s");
2749  break;
2750  case OBJECT_OPCLASS:
2751  msg = gettext_noop("permission denied for operator class %s");
2752  break;
2753  case OBJECT_OPERATOR:
2754  msg = gettext_noop("permission denied for operator %s");
2755  break;
2756  case OBJECT_OPFAMILY:
2757  msg = gettext_noop("permission denied for operator family %s");
2758  break;
2759  case OBJECT_PARAMETER_ACL:
2760  msg = gettext_noop("permission denied for parameter %s");
2761  break;
2762  case OBJECT_POLICY:
2763  msg = gettext_noop("permission denied for policy %s");
2764  break;
2765  case OBJECT_PROCEDURE:
2766  msg = gettext_noop("permission denied for procedure %s");
2767  break;
2768  case OBJECT_PUBLICATION:
2769  msg = gettext_noop("permission denied for publication %s");
2770  break;
2771  case OBJECT_ROUTINE:
2772  msg = gettext_noop("permission denied for routine %s");
2773  break;
2774  case OBJECT_SCHEMA:
2775  msg = gettext_noop("permission denied for schema %s");
2776  break;
2777  case OBJECT_SEQUENCE:
2778  msg = gettext_noop("permission denied for sequence %s");
2779  break;
2780  case OBJECT_STATISTIC_EXT:
2781  msg = gettext_noop("permission denied for statistics object %s");
2782  break;
2783  case OBJECT_SUBSCRIPTION:
2784  msg = gettext_noop("permission denied for subscription %s");
2785  break;
2786  case OBJECT_TABLE:
2787  msg = gettext_noop("permission denied for table %s");
2788  break;
2789  case OBJECT_TABLESPACE:
2790  msg = gettext_noop("permission denied for tablespace %s");
2791  break;
2793  msg = gettext_noop("permission denied for text search configuration %s");
2794  break;
2795  case OBJECT_TSDICTIONARY:
2796  msg = gettext_noop("permission denied for text search dictionary %s");
2797  break;
2798  case OBJECT_TYPE:
2799  msg = gettext_noop("permission denied for type %s");
2800  break;
2801  case OBJECT_VIEW:
2802  msg = gettext_noop("permission denied for view %s");
2803  break;
2804  /* these currently aren't used */
2805  case OBJECT_ACCESS_METHOD:
2806  case OBJECT_AMOP:
2807  case OBJECT_AMPROC:
2808  case OBJECT_ATTRIBUTE:
2809  case OBJECT_CAST:
2810  case OBJECT_DEFAULT:
2811  case OBJECT_DEFACL:
2812  case OBJECT_DOMCONSTRAINT:
2815  case OBJECT_ROLE:
2816  case OBJECT_RULE:
2817  case OBJECT_TABCONSTRAINT:
2818  case OBJECT_TRANSFORM:
2819  case OBJECT_TRIGGER:
2820  case OBJECT_TSPARSER:
2821  case OBJECT_TSTEMPLATE:
2822  case OBJECT_USER_MAPPING:
2823  elog(ERROR, "unsupported object type: %d", objtype);
2824  }
2825 
2826  ereport(ERROR,
2827  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2828  errmsg(msg, objectname)));
2829  break;
2830  }
2831  case ACLCHECK_NOT_OWNER:
2832  {
2833  const char *msg = "???";
2834 
2835  switch (objtype)
2836  {
2837  case OBJECT_AGGREGATE:
2838  msg = gettext_noop("must be owner of aggregate %s");
2839  break;
2840  case OBJECT_COLLATION:
2841  msg = gettext_noop("must be owner of collation %s");
2842  break;
2843  case OBJECT_CONVERSION:
2844  msg = gettext_noop("must be owner of conversion %s");
2845  break;
2846  case OBJECT_DATABASE:
2847  msg = gettext_noop("must be owner of database %s");
2848  break;
2849  case OBJECT_DOMAIN:
2850  msg = gettext_noop("must be owner of domain %s");
2851  break;
2852  case OBJECT_EVENT_TRIGGER:
2853  msg = gettext_noop("must be owner of event trigger %s");
2854  break;
2855  case OBJECT_EXTENSION:
2856  msg = gettext_noop("must be owner of extension %s");
2857  break;
2858  case OBJECT_FDW:
2859  msg = gettext_noop("must be owner of foreign-data wrapper %s");
2860  break;
2861  case OBJECT_FOREIGN_SERVER:
2862  msg = gettext_noop("must be owner of foreign server %s");
2863  break;
2864  case OBJECT_FOREIGN_TABLE:
2865  msg = gettext_noop("must be owner of foreign table %s");
2866  break;
2867  case OBJECT_FUNCTION:
2868  msg = gettext_noop("must be owner of function %s");
2869  break;
2870  case OBJECT_INDEX:
2871  msg = gettext_noop("must be owner of index %s");
2872  break;
2873  case OBJECT_LANGUAGE:
2874  msg = gettext_noop("must be owner of language %s");
2875  break;
2876  case OBJECT_LARGEOBJECT:
2877  msg = gettext_noop("must be owner of large object %s");
2878  break;
2879  case OBJECT_MATVIEW:
2880  msg = gettext_noop("must be owner of materialized view %s");
2881  break;
2882  case OBJECT_OPCLASS:
2883  msg = gettext_noop("must be owner of operator class %s");
2884  break;
2885  case OBJECT_OPERATOR:
2886  msg = gettext_noop("must be owner of operator %s");
2887  break;
2888  case OBJECT_OPFAMILY:
2889  msg = gettext_noop("must be owner of operator family %s");
2890  break;
2891  case OBJECT_PROCEDURE:
2892  msg = gettext_noop("must be owner of procedure %s");
2893  break;
2894  case OBJECT_PUBLICATION:
2895  msg = gettext_noop("must be owner of publication %s");
2896  break;
2897  case OBJECT_ROUTINE:
2898  msg = gettext_noop("must be owner of routine %s");
2899  break;
2900  case OBJECT_SEQUENCE:
2901  msg = gettext_noop("must be owner of sequence %s");
2902  break;
2903  case OBJECT_SUBSCRIPTION:
2904  msg = gettext_noop("must be owner of subscription %s");
2905  break;
2906  case OBJECT_TABLE:
2907  msg = gettext_noop("must be owner of table %s");
2908  break;
2909  case OBJECT_TYPE:
2910  msg = gettext_noop("must be owner of type %s");
2911  break;
2912  case OBJECT_VIEW:
2913  msg = gettext_noop("must be owner of view %s");
2914  break;
2915  case OBJECT_SCHEMA:
2916  msg = gettext_noop("must be owner of schema %s");
2917  break;
2918  case OBJECT_STATISTIC_EXT:
2919  msg = gettext_noop("must be owner of statistics object %s");
2920  break;
2921  case OBJECT_TABLESPACE:
2922  msg = gettext_noop("must be owner of tablespace %s");
2923  break;
2925  msg = gettext_noop("must be owner of text search configuration %s");
2926  break;
2927  case OBJECT_TSDICTIONARY:
2928  msg = gettext_noop("must be owner of text search dictionary %s");
2929  break;
2930 
2931  /*
2932  * Special cases: For these, the error message talks
2933  * about "relation", because that's where the
2934  * ownership is attached. See also
2935  * check_object_ownership().
2936  */
2937  case OBJECT_COLUMN:
2938  case OBJECT_POLICY:
2939  case OBJECT_RULE:
2940  case OBJECT_TABCONSTRAINT:
2941  case OBJECT_TRIGGER:
2942  msg = gettext_noop("must be owner of relation %s");
2943  break;
2944  /* these currently aren't used */
2945  case OBJECT_ACCESS_METHOD:
2946  case OBJECT_AMOP:
2947  case OBJECT_AMPROC:
2948  case OBJECT_ATTRIBUTE:
2949  case OBJECT_CAST:
2950  case OBJECT_DEFAULT:
2951  case OBJECT_DEFACL:
2952  case OBJECT_DOMCONSTRAINT:
2953  case OBJECT_PARAMETER_ACL:
2956  case OBJECT_ROLE:
2957  case OBJECT_TRANSFORM:
2958  case OBJECT_TSPARSER:
2959  case OBJECT_TSTEMPLATE:
2960  case OBJECT_USER_MAPPING:
2961  elog(ERROR, "unsupported object type: %d", objtype);
2962  }
2963 
2964  ereport(ERROR,
2965  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2966  errmsg(msg, objectname)));
2967  break;
2968  }
2969  default:
2970  elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
2971  break;
2972  }
2973 }
@ ACLCHECK_NO_PRIV
Definition: acl.h:184
@ ACLCHECK_OK
Definition: acl.h:183
@ ACLCHECK_NOT_OWNER
Definition: acl.h:185
#define gettext_noop(x)
Definition: c.h:1183
int errcode(int sqlerrcode)
Definition: elog.c:859
int errmsg(const char *fmt,...)
Definition: elog.c:1072
#define ERROR
Definition: elog.h:39
#define elog(elevel,...)
Definition: elog.h:224
#define ereport(elevel,...)
Definition: elog.h:149
@ OBJECT_EVENT_TRIGGER
Definition: parsenodes.h:2123
@ OBJECT_FDW
Definition: parsenodes.h:2125
@ OBJECT_TSPARSER
Definition: parsenodes.h:2156
@ OBJECT_COLLATION
Definition: parsenodes.h:2116
@ OBJECT_USER_MAPPING
Definition: parsenodes.h:2159
@ OBJECT_ACCESS_METHOD
Definition: parsenodes.h:2109
@ OBJECT_OPCLASS
Definition: parsenodes.h:2133
@ OBJECT_DEFACL
Definition: parsenodes.h:2120
@ OBJECT_AGGREGATE
Definition: parsenodes.h:2110
@ OBJECT_MATVIEW
Definition: parsenodes.h:2132
@ OBJECT_SCHEMA
Definition: parsenodes.h:2145
@ OBJECT_POLICY
Definition: parsenodes.h:2137
@ OBJECT_OPERATOR
Definition: parsenodes.h:2134
@ OBJECT_FOREIGN_TABLE
Definition: parsenodes.h:2127
@ OBJECT_TSCONFIGURATION
Definition: parsenodes.h:2154
@ OBJECT_OPFAMILY
Definition: parsenodes.h:2135
@ OBJECT_DOMAIN
Definition: parsenodes.h:2121
@ OBJECT_COLUMN
Definition: parsenodes.h:2115
@ OBJECT_TABLESPACE
Definition: parsenodes.h:2151
@ OBJECT_ROLE
Definition: parsenodes.h:2142
@ OBJECT_ROUTINE
Definition: parsenodes.h:2143
@ OBJECT_LARGEOBJECT
Definition: parsenodes.h:2131
@ OBJECT_PUBLICATION_NAMESPACE
Definition: parsenodes.h:2140
@ OBJECT_PROCEDURE
Definition: parsenodes.h:2138
@ OBJECT_EXTENSION
Definition: parsenodes.h:2124
@ OBJECT_INDEX
Definition: parsenodes.h:2129
@ OBJECT_DEFAULT
Definition: parsenodes.h:2119
@ OBJECT_DATABASE
Definition: parsenodes.h:2118
@ OBJECT_SEQUENCE
Definition: parsenodes.h:2146
@ OBJECT_TSTEMPLATE
Definition: parsenodes.h:2157
@ OBJECT_LANGUAGE
Definition: parsenodes.h:2130
@ OBJECT_AMOP
Definition: parsenodes.h:2111
@ OBJECT_PUBLICATION_REL
Definition: parsenodes.h:2141
@ OBJECT_FOREIGN_SERVER
Definition: parsenodes.h:2126
@ OBJECT_TSDICTIONARY
Definition: parsenodes.h:2155
@ OBJECT_ATTRIBUTE
Definition: parsenodes.h:2113
@ OBJECT_PUBLICATION
Definition: parsenodes.h:2139
@ OBJECT_RULE
Definition: parsenodes.h:2144
@ OBJECT_CONVERSION
Definition: parsenodes.h:2117
@ OBJECT_AMPROC
Definition: parsenodes.h:2112
@ OBJECT_TABLE
Definition: parsenodes.h:2150
@ OBJECT_VIEW
Definition: parsenodes.h:2160
@ OBJECT_PARAMETER_ACL
Definition: parsenodes.h:2136
@ OBJECT_TYPE
Definition: parsenodes.h:2158
@ OBJECT_FUNCTION
Definition: parsenodes.h:2128
@ OBJECT_TABCONSTRAINT
Definition: parsenodes.h:2149
@ OBJECT_DOMCONSTRAINT
Definition: parsenodes.h:2122
@ OBJECT_SUBSCRIPTION
Definition: parsenodes.h:2147
@ OBJECT_STATISTIC_EXT
Definition: parsenodes.h:2148
@ OBJECT_CAST
Definition: parsenodes.h:2114
@ OBJECT_TRIGGER
Definition: parsenodes.h:2153
@ OBJECT_TRANSFORM
Definition: parsenodes.h:2152

References ACLCHECK_NO_PRIV, ACLCHECK_NOT_OWNER, ACLCHECK_OK, elog, ereport, errcode(), errmsg(), ERROR, gettext_noop, OBJECT_ACCESS_METHOD, OBJECT_AGGREGATE, OBJECT_AMOP, OBJECT_AMPROC, OBJECT_ATTRIBUTE, OBJECT_CAST, OBJECT_COLLATION, OBJECT_COLUMN, OBJECT_CONVERSION, OBJECT_DATABASE, OBJECT_DEFACL, OBJECT_DEFAULT, OBJECT_DOMAIN, OBJECT_DOMCONSTRAINT, OBJECT_EVENT_TRIGGER, OBJECT_EXTENSION, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FOREIGN_TABLE, OBJECT_FUNCTION, OBJECT_INDEX, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_MATVIEW, OBJECT_OPCLASS, OBJECT_OPERATOR, OBJECT_OPFAMILY, OBJECT_PARAMETER_ACL, OBJECT_POLICY, OBJECT_PROCEDURE, OBJECT_PUBLICATION, OBJECT_PUBLICATION_NAMESPACE, OBJECT_PUBLICATION_REL, OBJECT_ROLE, OBJECT_ROUTINE, OBJECT_RULE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_STATISTIC_EXT, OBJECT_SUBSCRIPTION, OBJECT_TABCONSTRAINT, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TRANSFORM, OBJECT_TRIGGER, OBJECT_TSCONFIGURATION, OBJECT_TSDICTIONARY, OBJECT_TSPARSER, OBJECT_TSTEMPLATE, OBJECT_TYPE, OBJECT_USER_MAPPING, and OBJECT_VIEW.

Referenced by aclcheck_error_col(), aclcheck_error_type(), AlterCollation(), AlterDatabase(), AlterDatabaseOwner(), AlterDatabaseRefreshColl(), AlterDatabaseSet(), AlterEventTrigger(), AlterEventTriggerOwner_internal(), AlterExtensionNamespace(), AlterForeignServer(), AlterForeignServerOwner_internal(), AlterFunction(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), AlterOperator(), AlterOpFamilyAdd(), AlterPublication(), AlterPublicationOwner_internal(), AlterRoleSet(), AlterSchemaOwner_internal(), AlterStatistics(), AlterSubscription(), AlterSubscriptionOwner_internal(), AlterTableMoveAll(), AlterTableSpaceOptions(), AlterTSConfiguration(), AlterTSDictionary(), AlterTypeOwner(), ATExecChangeOwner(), ATPrepSetTableSpace(), ATSimplePermissions(), brin_desummarize_range(), brin_summarize_range(), calculate_database_size(), calculate_tablespace_size(), call_pltcl_start_proc(), check_object_ownership(), check_temp_tablespaces(), checkFkeyPermissions(), CheckFunctionValidatorAccess(), compute_return_type(), CreateConversionCommand(), createdb(), CreateForeignServer(), CreateForeignTable(), CreateFunction(), CreateProceduralLanguage(), CreatePublication(), CreateSchemaCommand(), CreateStatistics(), CreateSubscription(), CreateTransform(), CreateTriggerFiringOn(), currtid_internal(), DefineAggregate(), DefineCollation(), DefineDomain(), DefineEnum(), DefineIndex(), DefineOpClass(), DefineOperator(), DefineOpFamily(), DefineQueryRewrite(), DefineRange(), DefineRelation(), DefineTSConfiguration(), DefineTSDictionary(), DefineType(), dropdb(), DropSubscription(), DropTableSpace(), EnableDisableRule(), ExecAlterExtensionContentsStmt(), ExecAlterExtensionStmt(), ExecBuildGroupingEqual(), ExecBuildParamSetEqual(), ExecCheckPermissions(), ExecInitAgg(), ExecInitExprRec(), ExecInitFunc(), ExecInitWindowAgg(), ExecReindex(), ExecuteCallStmt(), ExecuteDoStmt(), ExecuteTruncateGuts(), findRangeCanonicalFunction(), findRangeSubtypeDiffFunction(), get_connect_string(), get_other_operator(), get_rel_from_relname(), gin_clean_pending_list(), HandleFunctionRequest(), heap_force_common(), ImportForeignSchema(), init_sexpr(), initialize_peragg(), LockViewRecurse_walker(), LogicalRepSyncTableStart(), lookup_agg_function(), LookupCreationNamespace(), LookupExplicitNamespace(), MergeAttributes(), movedb(), OperatorCreate(), pg_prewarm(), pgrowlocks(), ProcedureCreate(), PublicationAddTables(), RangeVarCallbackForAlterRelation(), RangeVarCallbackForDropRelation(), RangeVarCallbackForLockTable(), RangeVarCallbackForPolicy(), RangeVarCallbackForReindexIndex(), RangeVarCallbackForRenameRule(), RangeVarCallbackForRenameTrigger(), RangeVarCallbackMaintainsTable(), RangeVarCallbackOwnsRelation(), RangeVarGetAndCheckCreationNamespace(), ReindexMultipleInternal(), ReindexMultipleTables(), renameatt_check(), RenameDatabase(), RenameSchema(), RenameTableSpace(), restrict_and_check_grant(), TargetPrivilegesCheck(), transformTableLikeClause(), truncate_check_perms(), TypeCreate(), user_mapping_ddl_aclcheck(), ValidateJoinEstimator(), ValidateOperatorReference(), and ValidateRestrictionEstimator().

◆ aclcheck_error_col()

void aclcheck_error_col ( AclResult  aclerr,
ObjectType  objtype,
const char *  objectname,
const char *  colname 
)

Definition at line 2977 of file aclchk.c.

2979 {
2980  switch (aclerr)
2981  {
2982  case ACLCHECK_OK:
2983  /* no error, so return to caller */
2984  break;
2985  case ACLCHECK_NO_PRIV:
2986  ereport(ERROR,
2987  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2988  errmsg("permission denied for column \"%s\" of relation \"%s\"",
2989  colname, objectname)));
2990  break;
2991  case ACLCHECK_NOT_OWNER:
2992  /* relation msg is OK since columns don't have separate owners */
2993  aclcheck_error(aclerr, objtype, objectname);
2994  break;
2995  default:
2996  elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
2997  break;
2998  }
2999 }
void aclcheck_error(AclResult aclerr, ObjectType objtype, const char *objectname)
Definition: aclchk.c:2688

References aclcheck_error(), ACLCHECK_NO_PRIV, ACLCHECK_NOT_OWNER, ACLCHECK_OK, elog, ereport, errcode(), errmsg(), and ERROR.

Referenced by restrict_and_check_grant().

◆ aclcheck_error_type()

void aclcheck_error_type ( AclResult  aclerr,
Oid  typeOid 
)

◆ ExecAlterDefaultPrivilegesStmt()

void ExecAlterDefaultPrivilegesStmt ( ParseState pstate,
AlterDefaultPrivilegesStmt stmt 
)

Definition at line 975 of file aclchk.c.

976 {
977  GrantStmt *action = stmt->action;
978  InternalDefaultACL iacls;
979  ListCell *cell;
980  List *rolespecs = NIL;
981  List *nspnames = NIL;
982  DefElem *drolespecs = NULL;
983  DefElem *dnspnames = NULL;
984  AclMode all_privileges;
985  const char *errormsg;
986 
987  /* Deconstruct the "options" part of the statement */
988  foreach(cell, stmt->options)
989  {
990  DefElem *defel = (DefElem *) lfirst(cell);
991 
992  if (strcmp(defel->defname, "schemas") == 0)
993  {
994  if (dnspnames)
995  errorConflictingDefElem(defel, pstate);
996  dnspnames = defel;
997  }
998  else if (strcmp(defel->defname, "roles") == 0)
999  {
1000  if (drolespecs)
1001  errorConflictingDefElem(defel, pstate);
1002  drolespecs = defel;
1003  }
1004  else
1005  elog(ERROR, "option \"%s\" not recognized", defel->defname);
1006  }
1007 
1008  if (dnspnames)
1009  nspnames = (List *) dnspnames->arg;
1010  if (drolespecs)
1011  rolespecs = (List *) drolespecs->arg;
1012 
1013  /* Prepare the InternalDefaultACL representation of the statement */
1014  /* roleid to be filled below */
1015  /* nspid to be filled in SetDefaultACLsInSchemas */
1016  iacls.is_grant = action->is_grant;
1017  iacls.objtype = action->objtype;
1018  /* all_privs to be filled below */
1019  /* privileges to be filled below */
1020  iacls.grantees = NIL; /* filled below */
1021  iacls.grant_option = action->grant_option;
1022  iacls.behavior = action->behavior;
1023 
1024  /*
1025  * Convert the RoleSpec list into an Oid list. Note that at this point we
1026  * insert an ACL_ID_PUBLIC into the list if appropriate, so downstream
1027  * there shouldn't be any additional work needed to support this case.
1028  */
1029  foreach(cell, action->grantees)
1030  {
1031  RoleSpec *grantee = (RoleSpec *) lfirst(cell);
1032  Oid grantee_uid;
1033 
1034  switch (grantee->roletype)
1035  {
1036  case ROLESPEC_PUBLIC:
1037  grantee_uid = ACL_ID_PUBLIC;
1038  break;
1039  default:
1040  grantee_uid = get_rolespec_oid(grantee, false);
1041  break;
1042  }
1043  iacls.grantees = lappend_oid(iacls.grantees, grantee_uid);
1044  }
1045 
1046  /*
1047  * Convert action->privileges, a list of privilege strings, into an
1048  * AclMode bitmask.
1049  */
1050  switch (action->objtype)
1051  {
1052  case OBJECT_TABLE:
1053  all_privileges = ACL_ALL_RIGHTS_RELATION;
1054  errormsg = gettext_noop("invalid privilege type %s for relation");
1055  break;
1056  case OBJECT_SEQUENCE:
1057  all_privileges = ACL_ALL_RIGHTS_SEQUENCE;
1058  errormsg = gettext_noop("invalid privilege type %s for sequence");
1059  break;
1060  case OBJECT_FUNCTION:
1061  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
1062  errormsg = gettext_noop("invalid privilege type %s for function");
1063  break;
1064  case OBJECT_PROCEDURE:
1065  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
1066  errormsg = gettext_noop("invalid privilege type %s for procedure");
1067  break;
1068  case OBJECT_ROUTINE:
1069  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
1070  errormsg = gettext_noop("invalid privilege type %s for routine");
1071  break;
1072  case OBJECT_TYPE:
1073  all_privileges = ACL_ALL_RIGHTS_TYPE;
1074  errormsg = gettext_noop("invalid privilege type %s for type");
1075  break;
1076  case OBJECT_SCHEMA:
1077  all_privileges = ACL_ALL_RIGHTS_SCHEMA;
1078  errormsg = gettext_noop("invalid privilege type %s for schema");
1079  break;
1080  default:
1081  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
1082  (int) action->objtype);
1083  /* keep compiler quiet */
1084  all_privileges = ACL_NO_RIGHTS;
1085  errormsg = NULL;
1086  }
1087 
1088  if (action->privileges == NIL)
1089  {
1090  iacls.all_privs = true;
1091 
1092  /*
1093  * will be turned into ACL_ALL_RIGHTS_* by the internal routines
1094  * depending on the object type
1095  */
1096  iacls.privileges = ACL_NO_RIGHTS;
1097  }
1098  else
1099  {
1100  iacls.all_privs = false;
1101  iacls.privileges = ACL_NO_RIGHTS;
1102 
1103  foreach(cell, action->privileges)
1104  {
1105  AccessPriv *privnode = (AccessPriv *) lfirst(cell);
1106  AclMode priv;
1107 
1108  if (privnode->cols)
1109  ereport(ERROR,
1110  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1111  errmsg("default privileges cannot be set for columns")));
1112 
1113  if (privnode->priv_name == NULL) /* parser mistake? */
1114  elog(ERROR, "AccessPriv node must specify privilege");
1115  priv = string_to_privilege(privnode->priv_name);
1116 
1117  if (priv & ~((AclMode) all_privileges))
1118  ereport(ERROR,
1119  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1120  errmsg(errormsg, privilege_to_string(priv))));
1121 
1122  iacls.privileges |= priv;
1123  }
1124  }
1125 
1126  if (rolespecs == NIL)
1127  {
1128  /* Set permissions for myself */
1129  iacls.roleid = GetUserId();
1130 
1131  SetDefaultACLsInSchemas(&iacls, nspnames);
1132  }
1133  else
1134  {
1135  /* Look up the role OIDs and do permissions checks */
1136  ListCell *rolecell;
1137 
1138  foreach(rolecell, rolespecs)
1139  {
1140  RoleSpec *rolespec = lfirst(rolecell);
1141 
1142  iacls.roleid = get_rolespec_oid(rolespec, false);
1143 
1144  if (!has_privs_of_role(GetUserId(), iacls.roleid))
1145  ereport(ERROR,
1146  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1147  errmsg("permission denied to change default privileges")));
1148 
1149  SetDefaultACLsInSchemas(&iacls, nspnames);
1150  }
1151  }
1152 }
bool has_privs_of_role(Oid member, Oid role)
Definition: acl.c:5066
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
Definition: acl.c:5386
#define ACL_ALL_RIGHTS_SCHEMA
Definition: acl.h:169
#define ACL_ALL_RIGHTS_SEQUENCE
Definition: acl.h:161
#define ACL_ALL_RIGHTS_FUNCTION
Definition: acl.h:165
#define ACL_ALL_RIGHTS_TYPE
Definition: acl.h:171
#define ACL_ALL_RIGHTS_RELATION
Definition: acl.h:160
#define ACL_ID_PUBLIC
Definition: acl.h:46
static AclMode string_to_privilege(const char *privname)
Definition: aclchk.c:2598
static void SetDefaultACLsInSchemas(InternalDefaultACL *iacls, List *nspnames)
Definition: aclchk.c:1160
static const char * privilege_to_string(AclMode privilege)
Definition: aclchk.c:2641
void errorConflictingDefElem(DefElem *defel, ParseState *pstate)
Definition: define.c:384
#define stmt
Definition: indent_codes.h:59
if(TABLE==NULL||TABLE_index==NULL)
Definition: isn.c:77
List * lappend_oid(List *list, Oid datum)
Definition: list.c:375
Oid GetUserId(void)
Definition: miscinit.c:514
@ ROLESPEC_PUBLIC
Definition: parsenodes.h:397
uint64 AclMode
Definition: parsenodes.h:74
#define ACL_NO_RIGHTS
Definition: parsenodes.h:92
#define lfirst(lc)
Definition: pg_list.h:172
#define NIL
Definition: pg_list.h:68
char * priv_name
Definition: parsenodes.h:2394
List * cols
Definition: parsenodes.h:2395
char * defname
Definition: parsenodes.h:811
Node * arg
Definition: parsenodes.h:812
AclMode privileges
Definition: aclchk.c:98
List * grantees
Definition: aclchk.c:99
DropBehavior behavior
Definition: aclchk.c:101
ObjectType objtype
Definition: aclchk.c:96
Definition: pg_list.h:54
RoleSpecType roletype
Definition: parsenodes.h:403

References ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TYPE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, generate_unaccent_rules::action, InternalDefaultACL::all_privs, DefElem::arg, InternalDefaultACL::behavior, AccessPriv::cols, DefElem::defname, elog, ereport, errcode(), errmsg(), ERROR, errorConflictingDefElem(), get_rolespec_oid(), gettext_noop, GetUserId(), InternalDefaultACL::grant_option, InternalDefaultACL::grantees, has_privs_of_role(), if(), InternalDefaultACL::is_grant, lappend_oid(), lfirst, NIL, OBJECT_FUNCTION, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TYPE, InternalDefaultACL::objtype, AccessPriv::priv_name, privilege_to_string(), InternalDefaultACL::privileges, InternalDefaultACL::roleid, ROLESPEC_PUBLIC, RoleSpec::roletype, SetDefaultACLsInSchemas(), stmt, and string_to_privilege().

Referenced by ProcessUtilitySlow().

◆ ExecGrant_Attribute()

static void ExecGrant_Attribute ( InternalGrant istmt,
Oid  relOid,
const char *  relname,
AttrNumber  attnum,
Oid  ownerId,
AclMode  col_privileges,
Relation  attRelation,
const Acl old_rel_acl 
)
static

Definition at line 1667 of file aclchk.c.

1670 {
1671  HeapTuple attr_tuple;
1672  Form_pg_attribute pg_attribute_tuple;
1673  Acl *old_acl;
1674  Acl *new_acl;
1675  Acl *merged_acl;
1676  Datum aclDatum;
1677  bool isNull;
1678  Oid grantorId;
1679  AclMode avail_goptions;
1680  bool need_update;
1681  HeapTuple newtuple;
1682  Datum values[Natts_pg_attribute] = {0};
1683  bool nulls[Natts_pg_attribute] = {0};
1684  bool replaces[Natts_pg_attribute] = {0};
1685  int noldmembers;
1686  int nnewmembers;
1687  Oid *oldmembers;
1688  Oid *newmembers;
1689 
1690  attr_tuple = SearchSysCache2(ATTNUM,
1691  ObjectIdGetDatum(relOid),
1693  if (!HeapTupleIsValid(attr_tuple))
1694  elog(ERROR, "cache lookup failed for attribute %d of relation %u",
1695  attnum, relOid);
1696  pg_attribute_tuple = (Form_pg_attribute) GETSTRUCT(attr_tuple);
1697 
1698  /*
1699  * Get working copy of existing ACL. If there's no ACL, substitute the
1700  * proper default.
1701  */
1702  aclDatum = SysCacheGetAttr(ATTNUM, attr_tuple, Anum_pg_attribute_attacl,
1703  &isNull);
1704  if (isNull)
1705  {
1706  old_acl = acldefault(OBJECT_COLUMN, ownerId);
1707  /* There are no old member roles according to the catalogs */
1708  noldmembers = 0;
1709  oldmembers = NULL;
1710  }
1711  else
1712  {
1713  old_acl = DatumGetAclPCopy(aclDatum);
1714  /* Get the roles mentioned in the existing ACL */
1715  noldmembers = aclmembers(old_acl, &oldmembers);
1716  }
1717 
1718  /*
1719  * In select_best_grantor we should consider existing table-level ACL bits
1720  * as well as the per-column ACL. Build a new ACL that is their
1721  * concatenation. (This is a bit cheap and dirty compared to merging them
1722  * properly with no duplications, but it's all we need here.)
1723  */
1724  merged_acl = aclconcat(old_rel_acl, old_acl);
1725 
1726  /* Determine ID to do the grant as, and available grant options */
1727  select_best_grantor(GetUserId(), col_privileges,
1728  merged_acl, ownerId,
1729  &grantorId, &avail_goptions);
1730 
1731  pfree(merged_acl);
1732 
1733  /*
1734  * Restrict the privileges to what we can actually grant, and emit the
1735  * standards-mandated warning and error messages. Note: we don't track
1736  * whether the user actually used the ALL PRIVILEGES(columns) syntax for
1737  * each column; we just approximate it by whether all the possible
1738  * privileges are specified now. Since the all_privs flag only determines
1739  * whether a warning is issued, this seems close enough.
1740  */
1741  col_privileges =
1742  restrict_and_check_grant(istmt->is_grant, avail_goptions,
1743  (col_privileges == ACL_ALL_RIGHTS_COLUMN),
1744  col_privileges,
1745  relOid, grantorId, OBJECT_COLUMN,
1746  relname, attnum,
1747  NameStr(pg_attribute_tuple->attname));
1748 
1749  /*
1750  * Generate new ACL.
1751  */
1752  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
1753  istmt->grant_option,
1754  istmt->behavior, istmt->grantees,
1755  col_privileges, grantorId,
1756  ownerId);
1757 
1758  /*
1759  * We need the members of both old and new ACLs so we can correct the
1760  * shared dependency information.
1761  */
1762  nnewmembers = aclmembers(new_acl, &newmembers);
1763 
1764  /* finished building new ACL value, now insert it */
1765 
1766  /*
1767  * If the updated ACL is empty, we can set attacl to null, and maybe even
1768  * avoid an update of the pg_attribute row. This is worth testing because
1769  * we'll come through here multiple times for any relation-level REVOKE,
1770  * even if there were never any column GRANTs. Note we are assuming that
1771  * the "default" ACL state for columns is empty.
1772  */
1773  if (ACL_NUM(new_acl) > 0)
1774  {
1775  values[Anum_pg_attribute_attacl - 1] = PointerGetDatum(new_acl);
1776  need_update = true;
1777  }
1778  else
1779  {
1780  nulls[Anum_pg_attribute_attacl - 1] = true;
1781  need_update = !isNull;
1782  }
1783  replaces[Anum_pg_attribute_attacl - 1] = true;
1784 
1785  if (need_update)
1786  {
1787  newtuple = heap_modify_tuple(attr_tuple, RelationGetDescr(attRelation),
1788  values, nulls, replaces);
1789 
1790  CatalogTupleUpdate(attRelation, &newtuple->t_self, newtuple);
1791 
1792  /* Update initial privileges for extensions */
1793  recordExtensionInitPriv(relOid, RelationRelationId, attnum,
1794  ACL_NUM(new_acl) > 0 ? new_acl : NULL);
1795 
1796  /* Update the shared dependency ACL info */
1797  updateAclDependencies(RelationRelationId, relOid, attnum,
1798  ownerId,
1799  noldmembers, oldmembers,
1800  nnewmembers, newmembers);
1801  }
1802 
1803  pfree(new_acl);
1804 
1805  ReleaseSysCache(attr_tuple);
1806 }
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
Definition: acl.c:5276
int aclmembers(const Acl *acl, Oid **roleids)
Definition: acl.c:1509
Acl * aclconcat(const Acl *left_acl, const Acl *right_acl)
Definition: acl.c:452
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:778
#define ACL_ALL_RIGHTS_COLUMN
Definition: acl.h:159
#define ACL_NUM(ACL)
Definition: acl.h:108
#define DatumGetAclPCopy(X)
Definition: acl.h:121
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
Definition: aclchk.c:4638
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
Definition: aclchk.c:181
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
Definition: aclchk.c:240
static Datum values[MAXATTR]
Definition: bootstrap.c:152
#define NameStr(name)
Definition: c.h:733
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, const Datum *replValues, const bool *replIsnull, const bool *doReplace)
Definition: heaptuple.c:1209
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
#define GETSTRUCT(TUP)
Definition: htup_details.h:653
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:313
void pfree(void *pointer)
Definition: mcxt.c:1508
int16 attnum
Definition: pg_attribute.h:74
FormData_pg_attribute * Form_pg_attribute
Definition: pg_attribute.h:209
NameData relname
Definition: pg_class.h:38
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
Definition: pg_shdepend.c:477
static Datum PointerGetDatum(const void *X)
Definition: postgres.h:322
uintptr_t Datum
Definition: postgres.h:64
static Datum Int16GetDatum(int16 X)
Definition: postgres.h:172
static Datum ObjectIdGetDatum(Oid X)
Definition: postgres.h:252
#define RelationGetDescr(relation)
Definition: rel.h:531
ItemPointerData t_self
Definition: htup.h:65
DropBehavior behavior
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:266
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
Definition: syscache.c:479
HeapTuple SearchSysCache2(int cacheId, Datum key1, Datum key2)
Definition: syscache.c:229

References ACL_ALL_RIGHTS_COLUMN, ACL_NUM, aclconcat(), acldefault(), aclmembers(), attnum, InternalGrant::behavior, CatalogTupleUpdate(), DatumGetAclPCopy, elog, ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, Int16GetDatum(), InternalGrant::is_grant, merge_acl_with_grant(), NameStr, OBJECT_COLUMN, ObjectIdGetDatum(), pfree(), PointerGetDatum(), recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), relname, restrict_and_check_grant(), SearchSysCache2(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, updateAclDependencies(), and values.

Referenced by ExecGrant_Relation().

◆ ExecGrant_common()

static void ExecGrant_common ( InternalGrant istmt,
Oid  classid,
AclMode  default_privs,
void(*)(InternalGrant *istmt, HeapTuple tuple)  object_check 
)
static

Definition at line 2140 of file aclchk.c.

2142 {
2143  int cacheid;
2144  Relation relation;
2145  ListCell *cell;
2146 
2147  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2148  istmt->privileges = default_privs;
2149 
2150  cacheid = get_object_catcache_oid(classid);
2151 
2152  relation = table_open(classid, RowExclusiveLock);
2153 
2154  foreach(cell, istmt->objects)
2155  {
2156  Oid objectid = lfirst_oid(cell);
2157  Datum aclDatum;
2158  Datum nameDatum;
2159  bool isNull;
2160  AclMode avail_goptions;
2161  AclMode this_privileges;
2162  Acl *old_acl;
2163  Acl *new_acl;
2164  Oid grantorId;
2165  Oid ownerId;
2166  HeapTuple tuple;
2167  HeapTuple newtuple;
2168  Datum *values = palloc0_array(Datum, RelationGetDescr(relation)->natts);
2169  bool *nulls = palloc0_array(bool, RelationGetDescr(relation)->natts);
2170  bool *replaces = palloc0_array(bool, RelationGetDescr(relation)->natts);
2171  int noldmembers;
2172  int nnewmembers;
2173  Oid *oldmembers;
2174  Oid *newmembers;
2175 
2176  tuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objectid));
2177  if (!HeapTupleIsValid(tuple))
2178  elog(ERROR, "cache lookup failed for %s %u", get_object_class_descr(classid), objectid);
2179 
2180  /*
2181  * Additional object-type-specific checks
2182  */
2183  if (object_check)
2184  object_check(istmt, tuple);
2185 
2186  /*
2187  * Get owner ID and working copy of existing ACL. If there's no ACL,
2188  * substitute the proper default.
2189  */
2190  ownerId = DatumGetObjectId(SysCacheGetAttrNotNull(cacheid,
2191  tuple,
2192  get_object_attnum_owner(classid)));
2193  aclDatum = SysCacheGetAttr(cacheid,
2194  tuple,
2195  get_object_attnum_acl(classid),
2196  &isNull);
2197  if (isNull)
2198  {
2199  old_acl = acldefault(get_object_type(classid, objectid), ownerId);
2200  /* There are no old member roles according to the catalogs */
2201  noldmembers = 0;
2202  oldmembers = NULL;
2203  }
2204  else
2205  {
2206  old_acl = DatumGetAclPCopy(aclDatum);
2207  /* Get the roles mentioned in the existing ACL */
2208  noldmembers = aclmembers(old_acl, &oldmembers);
2209  }
2210 
2211  /* Determine ID to do the grant as, and available grant options */
2213  old_acl, ownerId,
2214  &grantorId, &avail_goptions);
2215 
2216  nameDatum = SysCacheGetAttrNotNull(cacheid, tuple,
2217  get_object_attnum_name(classid));
2218 
2219  /*
2220  * Restrict the privileges to what we can actually grant, and emit the
2221  * standards-mandated warning and error messages.
2222  */
2223  this_privileges =
2224  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2225  istmt->all_privs, istmt->privileges,
2226  objectid, grantorId, get_object_type(classid, objectid),
2227  NameStr(*DatumGetName(nameDatum)),
2228  0, NULL);
2229 
2230  /*
2231  * Generate new ACL.
2232  */
2233  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2234  istmt->grant_option, istmt->behavior,
2235  istmt->grantees, this_privileges,
2236  grantorId, ownerId);
2237 
2238  /*
2239  * We need the members of both old and new ACLs so we can correct the
2240  * shared dependency information.
2241  */
2242  nnewmembers = aclmembers(new_acl, &newmembers);
2243 
2244  /* finished building new ACL value, now insert it */
2245  replaces[get_object_attnum_acl(classid) - 1] = true;
2246  values[get_object_attnum_acl(classid) - 1] = PointerGetDatum(new_acl);
2247 
2248  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
2249  nulls, replaces);
2250 
2251  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2252 
2253  /* Update initial privileges for extensions */
2254  recordExtensionInitPriv(objectid, classid, 0, new_acl);
2255 
2256  /* Update the shared dependency ACL info */
2257  updateAclDependencies(classid,
2258  objectid, 0,
2259  ownerId,
2260  noldmembers, oldmembers,
2261  nnewmembers, newmembers);
2262 
2263  ReleaseSysCache(tuple);
2264 
2265  pfree(new_acl);
2266 
2267  /* prevent error when processing duplicate objects */
2269  }
2270 
2271  table_close(relation, RowExclusiveLock);
2272 }
#define palloc0_array(type, count)
Definition: fe_memutils.h:65
#define RowExclusiveLock
Definition: lockdefs.h:38
AttrNumber get_object_attnum_owner(Oid class_id)
AttrNumber get_object_attnum_name(Oid class_id)
AttrNumber get_object_attnum_acl(Oid class_id)
int get_object_catcache_oid(Oid class_id)
ObjectType get_object_type(Oid class_id, Oid object_id)
const char * get_object_class_descr(Oid class_id)
#define lfirst_oid(lc)
Definition: pg_list.h:174
static Name DatumGetName(Datum X)
Definition: postgres.h:360
static Oid DatumGetObjectId(Datum X)
Definition: postgres.h:242
AclMode privileges
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:218
Datum SysCacheGetAttrNotNull(int cacheId, HeapTuple tup, AttrNumber attributeNumber)
Definition: syscache.c:510
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:126
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:40
void CommandCounterIncrement(void)
Definition: xact.c:1079

References ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, DatumGetName(), DatumGetObjectId(), elog, ERROR, get_object_attnum_acl(), get_object_attnum_name(), get_object_attnum_owner(), get_object_catcache_oid(), get_object_class_descr(), get_object_type(), GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), NameStr, ObjectIdGetDatum(), InternalGrant::objects, palloc0_array, pfree(), PointerGetDatum(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), SysCacheGetAttrNotNull(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Language_check()

static void ExecGrant_Language_check ( InternalGrant istmt,
HeapTuple  tuple 
)
static

Definition at line 2275 of file aclchk.c.

2276 {
2277  Form_pg_language pg_language_tuple;
2278 
2279  pg_language_tuple = (Form_pg_language) GETSTRUCT(tuple);
2280 
2281  if (!pg_language_tuple->lanpltrusted)
2282  ereport(ERROR,
2283  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2284  errmsg("language \"%s\" is not trusted",
2285  NameStr(pg_language_tuple->lanname)),
2286  errdetail("GRANT and REVOKE are not allowed on untrusted languages, "
2287  "because only superusers can use untrusted languages.")));
2288 }
int errdetail(const char *fmt,...)
Definition: elog.c:1205
FormData_pg_language * Form_pg_language
Definition: pg_language.h:65

References ereport, errcode(), errdetail(), errmsg(), ERROR, GETSTRUCT, and NameStr.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Largeobject()

static void ExecGrant_Largeobject ( InternalGrant istmt)
static

Definition at line 2291 of file aclchk.c.

2292 {
2293  Relation relation;
2294  ListCell *cell;
2295 
2296  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2298 
2299  relation = table_open(LargeObjectMetadataRelationId,
2301 
2302  foreach(cell, istmt->objects)
2303  {
2304  Oid loid = lfirst_oid(cell);
2305  Form_pg_largeobject_metadata form_lo_meta;
2306  char loname[NAMEDATALEN];
2307  Datum aclDatum;
2308  bool isNull;
2309  AclMode avail_goptions;
2310  AclMode this_privileges;
2311  Acl *old_acl;
2312  Acl *new_acl;
2313  Oid grantorId;
2314  Oid ownerId;
2315  HeapTuple newtuple;
2316  Datum values[Natts_pg_largeobject_metadata] = {0};
2317  bool nulls[Natts_pg_largeobject_metadata] = {0};
2318  bool replaces[Natts_pg_largeobject_metadata] = {0};
2319  int noldmembers;
2320  int nnewmembers;
2321  Oid *oldmembers;
2322  Oid *newmembers;
2323  ScanKeyData entry[1];
2324  SysScanDesc scan;
2325  HeapTuple tuple;
2326 
2327  /* There's no syscache for pg_largeobject_metadata */
2328  ScanKeyInit(&entry[0],
2329  Anum_pg_largeobject_metadata_oid,
2330  BTEqualStrategyNumber, F_OIDEQ,
2331  ObjectIdGetDatum(loid));
2332 
2333  scan = systable_beginscan(relation,
2334  LargeObjectMetadataOidIndexId, true,
2335  NULL, 1, entry);
2336 
2337  tuple = systable_getnext(scan);
2338  if (!HeapTupleIsValid(tuple))
2339  elog(ERROR, "could not find tuple for large object %u", loid);
2340 
2341  form_lo_meta = (Form_pg_largeobject_metadata) GETSTRUCT(tuple);
2342 
2343  /*
2344  * Get owner ID and working copy of existing ACL. If there's no ACL,
2345  * substitute the proper default.
2346  */
2347  ownerId = form_lo_meta->lomowner;
2348  aclDatum = heap_getattr(tuple,
2349  Anum_pg_largeobject_metadata_lomacl,
2350  RelationGetDescr(relation), &isNull);
2351  if (isNull)
2352  {
2353  old_acl = acldefault(OBJECT_LARGEOBJECT, ownerId);
2354  /* There are no old member roles according to the catalogs */
2355  noldmembers = 0;
2356  oldmembers = NULL;
2357  }
2358  else
2359  {
2360  old_acl = DatumGetAclPCopy(aclDatum);
2361  /* Get the roles mentioned in the existing ACL */
2362  noldmembers = aclmembers(old_acl, &oldmembers);
2363  }
2364 
2365  /* Determine ID to do the grant as, and available grant options */
2367  old_acl, ownerId,
2368  &grantorId, &avail_goptions);
2369 
2370  /*
2371  * Restrict the privileges to what we can actually grant, and emit the
2372  * standards-mandated warning and error messages.
2373  */
2374  snprintf(loname, sizeof(loname), "large object %u", loid);
2375  this_privileges =
2376  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2377  istmt->all_privs, istmt->privileges,
2378  loid, grantorId, OBJECT_LARGEOBJECT,
2379  loname, 0, NULL);
2380 
2381  /*
2382  * Generate new ACL.
2383  */
2384  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2385  istmt->grant_option, istmt->behavior,
2386  istmt->grantees, this_privileges,
2387  grantorId, ownerId);
2388 
2389  /*
2390  * We need the members of both old and new ACLs so we can correct the
2391  * shared dependency information.
2392  */
2393  nnewmembers = aclmembers(new_acl, &newmembers);
2394 
2395  /* finished building new ACL value, now insert it */
2396  replaces[Anum_pg_largeobject_metadata_lomacl - 1] = true;
2397  values[Anum_pg_largeobject_metadata_lomacl - 1]
2398  = PointerGetDatum(new_acl);
2399 
2400  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
2401  values, nulls, replaces);
2402 
2403  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2404 
2405  /* Update initial privileges for extensions */
2406  recordExtensionInitPriv(loid, LargeObjectRelationId, 0, new_acl);
2407 
2408  /* Update the shared dependency ACL info */
2409  updateAclDependencies(LargeObjectRelationId,
2410  form_lo_meta->oid, 0,
2411  ownerId,
2412  noldmembers, oldmembers,
2413  nnewmembers, newmembers);
2414 
2415  systable_endscan(scan);
2416 
2417  pfree(new_acl);
2418 
2419  /* prevent error when processing duplicate objects */
2421  }
2422 
2423  table_close(relation, RowExclusiveLock);
2424 }
#define ACL_ALL_RIGHTS_LARGEOBJECT
Definition: acl.h:167
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:596
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:503
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:384
static Datum heap_getattr(HeapTuple tup, int attnum, TupleDesc tupleDesc, bool *isnull)
Definition: htup_details.h:792
#define NAMEDATALEN
FormData_pg_largeobject_metadata * Form_pg_largeobject_metadata
#define snprintf
Definition: port.h:238
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
#define BTEqualStrategyNumber
Definition: stratnum.h:31

References ACL_ALL_RIGHTS_LARGEOBJECT, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, BTEqualStrategyNumber, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_getattr(), heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), NAMEDATALEN, OBJECT_LARGEOBJECT, ObjectIdGetDatum(), InternalGrant::objects, pfree(), PointerGetDatum(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, restrict_and_check_grant(), RowExclusiveLock, ScanKeyInit(), select_best_grantor(), snprintf, systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Parameter()

static void ExecGrant_Parameter ( InternalGrant istmt)
static

Definition at line 2455 of file aclchk.c.

2456 {
2457  Relation relation;
2458  ListCell *cell;
2459 
2460  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2462 
2463  relation = table_open(ParameterAclRelationId, RowExclusiveLock);
2464 
2465  foreach(cell, istmt->objects)
2466  {
2467  Oid parameterId = lfirst_oid(cell);
2468  Datum nameDatum;
2469  const char *parname;
2470  Datum aclDatum;
2471  bool isNull;
2472  AclMode avail_goptions;
2473  AclMode this_privileges;
2474  Acl *old_acl;
2475  Acl *new_acl;
2476  Oid grantorId;
2477  Oid ownerId;
2478  HeapTuple tuple;
2479  int noldmembers;
2480  int nnewmembers;
2481  Oid *oldmembers;
2482  Oid *newmembers;
2483 
2484  tuple = SearchSysCache1(PARAMETERACLOID, ObjectIdGetDatum(parameterId));
2485  if (!HeapTupleIsValid(tuple))
2486  elog(ERROR, "cache lookup failed for parameter ACL %u",
2487  parameterId);
2488 
2489  /* We'll need the GUC's name */
2490  nameDatum = SysCacheGetAttrNotNull(PARAMETERACLOID, tuple,
2491  Anum_pg_parameter_acl_parname);
2492  parname = TextDatumGetCString(nameDatum);
2493 
2494  /* Treat all parameters as belonging to the bootstrap superuser. */
2495  ownerId = BOOTSTRAP_SUPERUSERID;
2496 
2497  /*
2498  * Get working copy of existing ACL. If there's no ACL, substitute the
2499  * proper default.
2500  */
2501  aclDatum = SysCacheGetAttr(PARAMETERACLOID, tuple,
2502  Anum_pg_parameter_acl_paracl,
2503  &isNull);
2504 
2505  if (isNull)
2506  {
2507  old_acl = acldefault(istmt->objtype, ownerId);
2508  /* There are no old member roles according to the catalogs */
2509  noldmembers = 0;
2510  oldmembers = NULL;
2511  }
2512  else
2513  {
2514  old_acl = DatumGetAclPCopy(aclDatum);
2515  /* Get the roles mentioned in the existing ACL */
2516  noldmembers = aclmembers(old_acl, &oldmembers);
2517  }
2518 
2519  /* Determine ID to do the grant as, and available grant options */
2521  old_acl, ownerId,
2522  &grantorId, &avail_goptions);
2523 
2524  /*
2525  * Restrict the privileges to what we can actually grant, and emit the
2526  * standards-mandated warning and error messages.
2527  */
2528  this_privileges =
2529  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2530  istmt->all_privs, istmt->privileges,
2531  parameterId, grantorId,
2533  parname,
2534  0, NULL);
2535 
2536  /*
2537  * Generate new ACL.
2538  */
2539  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2540  istmt->grant_option, istmt->behavior,
2541  istmt->grantees, this_privileges,
2542  grantorId, ownerId);
2543 
2544  /*
2545  * We need the members of both old and new ACLs so we can correct the
2546  * shared dependency information.
2547  */
2548  nnewmembers = aclmembers(new_acl, &newmembers);
2549 
2550  /*
2551  * If the new ACL is equal to the default, we don't need the catalog
2552  * entry any longer. Delete it rather than updating it, to avoid
2553  * leaving a degenerate entry.
2554  */
2555  if (aclequal(new_acl, acldefault(istmt->objtype, ownerId)))
2556  {
2557  CatalogTupleDelete(relation, &tuple->t_self);
2558  }
2559  else
2560  {
2561  /* finished building new ACL value, now insert it */
2562  HeapTuple newtuple;
2563  Datum values[Natts_pg_parameter_acl] = {0};
2564  bool nulls[Natts_pg_parameter_acl] = {0};
2565  bool replaces[Natts_pg_parameter_acl] = {0};
2566 
2567  replaces[Anum_pg_parameter_acl_paracl - 1] = true;
2568  values[Anum_pg_parameter_acl_paracl - 1] = PointerGetDatum(new_acl);
2569 
2570  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
2571  values, nulls, replaces);
2572 
2573  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2574  }
2575 
2576  /* Update initial privileges for extensions */
2577  recordExtensionInitPriv(parameterId, ParameterAclRelationId, 0,
2578  new_acl);
2579 
2580  /* Update the shared dependency ACL info */
2581  updateAclDependencies(ParameterAclRelationId, parameterId, 0,
2582  ownerId,
2583  noldmembers, oldmembers,
2584  nnewmembers, newmembers);
2585 
2586  ReleaseSysCache(tuple);
2587  pfree(new_acl);
2588 
2589  /* prevent error when processing duplicate objects */
2591  }
2592 
2593  table_close(relation, RowExclusiveLock);
2594 }
bool aclequal(const Acl *left_acl, const Acl *right_acl)
Definition: acl.c:534
#define ACL_ALL_RIGHTS_PARAMETER_ACL
Definition: acl.h:168
#define TextDatumGetCString(d)
Definition: builtins.h:98
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
Definition: indexing.c:365
ObjectType objtype

References ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_NO_RIGHTS, acldefault(), aclequal(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleDelete(), CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ERROR, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), OBJECT_PARAMETER_ACL, ObjectIdGetDatum(), InternalGrant::objects, InternalGrant::objtype, pfree(), PointerGetDatum(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), SysCacheGetAttrNotNull(), HeapTupleData::t_self, table_close(), table_open(), TextDatumGetCString, updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Relation()

static void ExecGrant_Relation ( InternalGrant istmt)
static

Definition at line 1812 of file aclchk.c.

1813 {
1814  Relation relation;
1815  Relation attRelation;
1816  ListCell *cell;
1817 
1818  relation = table_open(RelationRelationId, RowExclusiveLock);
1819  attRelation = table_open(AttributeRelationId, RowExclusiveLock);
1820 
1821  foreach(cell, istmt->objects)
1822  {
1823  Oid relOid = lfirst_oid(cell);
1824  Datum aclDatum;
1825  Form_pg_class pg_class_tuple;
1826  bool isNull;
1827  AclMode this_privileges;
1828  AclMode *col_privileges;
1829  int num_col_privileges;
1830  bool have_col_privileges;
1831  Acl *old_acl;
1832  Acl *old_rel_acl;
1833  int noldmembers;
1834  Oid *oldmembers;
1835  Oid ownerId;
1836  HeapTuple tuple;
1837  ListCell *cell_colprivs;
1838 
1839  tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(relOid));
1840  if (!HeapTupleIsValid(tuple))
1841  elog(ERROR, "cache lookup failed for relation %u", relOid);
1842  pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
1843 
1844  /* Not sensible to grant on an index */
1845  if (pg_class_tuple->relkind == RELKIND_INDEX ||
1846  pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX)
1847  ereport(ERROR,
1848  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1849  errmsg("\"%s\" is an index",
1850  NameStr(pg_class_tuple->relname))));
1851 
1852  /* Composite types aren't tables either */
1853  if (pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
1854  ereport(ERROR,
1855  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1856  errmsg("\"%s\" is a composite type",
1857  NameStr(pg_class_tuple->relname))));
1858 
1859  /* Used GRANT SEQUENCE on a non-sequence? */
1860  if (istmt->objtype == OBJECT_SEQUENCE &&
1861  pg_class_tuple->relkind != RELKIND_SEQUENCE)
1862  ereport(ERROR,
1863  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1864  errmsg("\"%s\" is not a sequence",
1865  NameStr(pg_class_tuple->relname))));
1866 
1867  /* Adjust the default permissions based on object type */
1868  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
1869  {
1870  if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1871  this_privileges = ACL_ALL_RIGHTS_SEQUENCE;
1872  else
1873  this_privileges = ACL_ALL_RIGHTS_RELATION;
1874  }
1875  else
1876  this_privileges = istmt->privileges;
1877 
1878  /*
1879  * The GRANT TABLE syntax can be used for sequences and non-sequences,
1880  * so we have to look at the relkind to determine the supported
1881  * permissions. The OR of table and sequence permissions were already
1882  * checked.
1883  */
1884  if (istmt->objtype == OBJECT_TABLE)
1885  {
1886  if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1887  {
1888  /*
1889  * For backward compatibility, just throw a warning for
1890  * invalid sequence permissions when using the non-sequence
1891  * GRANT syntax.
1892  */
1893  if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_SEQUENCE))
1894  {
1895  /*
1896  * Mention the object name because the user needs to know
1897  * which operations succeeded. This is required because
1898  * WARNING allows the command to continue.
1899  */
1900  ereport(WARNING,
1901  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1902  errmsg("sequence \"%s\" only supports USAGE, SELECT, and UPDATE privileges",
1903  NameStr(pg_class_tuple->relname))));
1904  this_privileges &= (AclMode) ACL_ALL_RIGHTS_SEQUENCE;
1905  }
1906  }
1907  else
1908  {
1909  if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_RELATION))
1910  {
1911  /*
1912  * USAGE is the only permission supported by sequences but
1913  * not by non-sequences. Don't mention the object name
1914  * because we didn't in the combined TABLE | SEQUENCE
1915  * check.
1916  */
1917  ereport(ERROR,
1918  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1919  errmsg("invalid privilege type %s for table",
1920  "USAGE")));
1921  }
1922  }
1923  }
1924 
1925  /*
1926  * Set up array in which we'll accumulate any column privilege bits
1927  * that need modification. The array is indexed such that entry [0]
1928  * corresponds to FirstLowInvalidHeapAttributeNumber.
1929  */
1930  num_col_privileges = pg_class_tuple->relnatts - FirstLowInvalidHeapAttributeNumber + 1;
1931  col_privileges = (AclMode *) palloc0(num_col_privileges * sizeof(AclMode));
1932  have_col_privileges = false;
1933 
1934  /*
1935  * If we are revoking relation privileges that are also column
1936  * privileges, we must implicitly revoke them from each column too,
1937  * per SQL spec. (We don't need to implicitly add column privileges
1938  * during GRANT because the permissions-checking code always checks
1939  * both relation and per-column privileges.)
1940  */
1941  if (!istmt->is_grant &&
1942  (this_privileges & ACL_ALL_RIGHTS_COLUMN) != 0)
1943  {
1944  expand_all_col_privileges(relOid, pg_class_tuple,
1945  this_privileges & ACL_ALL_RIGHTS_COLUMN,
1946  col_privileges,
1947  num_col_privileges);
1948  have_col_privileges = true;
1949  }
1950 
1951  /*
1952  * Get owner ID and working copy of existing ACL. If there's no ACL,
1953  * substitute the proper default.
1954  */
1955  ownerId = pg_class_tuple->relowner;
1956  aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
1957  &isNull);
1958  if (isNull)
1959  {
1960  switch (pg_class_tuple->relkind)
1961  {
1962  case RELKIND_SEQUENCE:
1963  old_acl = acldefault(OBJECT_SEQUENCE, ownerId);
1964  break;
1965  default:
1966  old_acl = acldefault(OBJECT_TABLE, ownerId);
1967  break;
1968  }
1969  /* There are no old member roles according to the catalogs */
1970  noldmembers = 0;
1971  oldmembers = NULL;
1972  }
1973  else
1974  {
1975  old_acl = DatumGetAclPCopy(aclDatum);
1976  /* Get the roles mentioned in the existing ACL */
1977  noldmembers = aclmembers(old_acl, &oldmembers);
1978  }
1979 
1980  /* Need an extra copy of original rel ACL for column handling */
1981  old_rel_acl = aclcopy(old_acl);
1982 
1983  /*
1984  * Handle relation-level privileges, if any were specified
1985  */
1986  if (this_privileges != ACL_NO_RIGHTS)
1987  {
1988  AclMode avail_goptions;
1989  Acl *new_acl;
1990  Oid grantorId;
1991  HeapTuple newtuple;
1992  Datum values[Natts_pg_class] = {0};
1993  bool nulls[Natts_pg_class] = {0};
1994  bool replaces[Natts_pg_class] = {0};
1995  int nnewmembers;
1996  Oid *newmembers;
1997  ObjectType objtype;
1998 
1999  /* Determine ID to do the grant as, and available grant options */
2000  select_best_grantor(GetUserId(), this_privileges,
2001  old_acl, ownerId,
2002  &grantorId, &avail_goptions);
2003 
2004  switch (pg_class_tuple->relkind)
2005  {
2006  case RELKIND_SEQUENCE:
2007  objtype = OBJECT_SEQUENCE;
2008  break;
2009  default:
2010  objtype = OBJECT_TABLE;
2011  break;
2012  }
2013 
2014  /*
2015  * Restrict the privileges to what we can actually grant, and emit
2016  * the standards-mandated warning and error messages.
2017  */
2018  this_privileges =
2019  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2020  istmt->all_privs, this_privileges,
2021  relOid, grantorId, objtype,
2022  NameStr(pg_class_tuple->relname),
2023  0, NULL);
2024 
2025  /*
2026  * Generate new ACL.
2027  */
2028  new_acl = merge_acl_with_grant(old_acl,
2029  istmt->is_grant,
2030  istmt->grant_option,
2031  istmt->behavior,
2032  istmt->grantees,
2033  this_privileges,
2034  grantorId,
2035  ownerId);
2036 
2037  /*
2038  * We need the members of both old and new ACLs so we can correct
2039  * the shared dependency information.
2040  */
2041  nnewmembers = aclmembers(new_acl, &newmembers);
2042 
2043  /* finished building new ACL value, now insert it */
2044  replaces[Anum_pg_class_relacl - 1] = true;
2045  values[Anum_pg_class_relacl - 1] = PointerGetDatum(new_acl);
2046 
2047  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
2048  values, nulls, replaces);
2049 
2050  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2051 
2052  /* Update initial privileges for extensions */
2053  recordExtensionInitPriv(relOid, RelationRelationId, 0, new_acl);
2054 
2055  /* Update the shared dependency ACL info */
2056  updateAclDependencies(RelationRelationId, relOid, 0,
2057  ownerId,
2058  noldmembers, oldmembers,
2059  nnewmembers, newmembers);
2060 
2061  pfree(new_acl);
2062  }
2063 
2064  /*
2065  * Handle column-level privileges, if any were specified or implied.
2066  * We first expand the user-specified column privileges into the
2067  * array, and then iterate over all nonempty array entries.
2068  */
2069  foreach(cell_colprivs, istmt->col_privs)
2070  {
2071  AccessPriv *col_privs = (AccessPriv *) lfirst(cell_colprivs);
2072 
2073  if (col_privs->priv_name == NULL)
2074  this_privileges = ACL_ALL_RIGHTS_COLUMN;
2075  else
2076  this_privileges = string_to_privilege(col_privs->priv_name);
2077 
2078  if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_COLUMN))
2079  ereport(ERROR,
2080  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2081  errmsg("invalid privilege type %s for column",
2082  privilege_to_string(this_privileges))));
2083 
2084  if (pg_class_tuple->relkind == RELKIND_SEQUENCE &&
2085  this_privileges & ~((AclMode) ACL_SELECT))
2086  {
2087  /*
2088  * The only column privilege allowed on sequences is SELECT.
2089  * This is a warning not error because we do it that way for
2090  * relation-level privileges.
2091  */
2092  ereport(WARNING,
2093  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2094  errmsg("sequence \"%s\" only supports SELECT column privileges",
2095  NameStr(pg_class_tuple->relname))));
2096 
2097  this_privileges &= (AclMode) ACL_SELECT;
2098  }
2099 
2100  expand_col_privileges(col_privs->cols, relOid,
2101  this_privileges,
2102  col_privileges,
2103  num_col_privileges);
2104  have_col_privileges = true;
2105  }
2106 
2107  if (have_col_privileges)
2108  {
2109  AttrNumber i;
2110 
2111  for (i = 0; i < num_col_privileges; i++)
2112  {
2113  if (col_privileges[i] == ACL_NO_RIGHTS)
2114  continue;
2115  ExecGrant_Attribute(istmt,
2116  relOid,
2117  NameStr(pg_class_tuple->relname),
2119  ownerId,
2120  col_privileges[i],
2121  attRelation,
2122  old_rel_acl);
2123  }
2124  }
2125 
2126  pfree(old_rel_acl);
2127  pfree(col_privileges);
2128 
2129  ReleaseSysCache(tuple);
2130 
2131  /* prevent error when processing duplicate objects */
2133  }
2134 
2135  table_close(attRelation, RowExclusiveLock);
2136  table_close(relation, RowExclusiveLock);
2137 }
Acl * aclcopy(const Acl *orig_acl)
Definition: acl.c:432
static void expand_all_col_privileges(Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
Definition: aclchk.c:1621
static void expand_col_privileges(List *colnames, Oid table_oid, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
Definition: aclchk.c:1588
static void ExecGrant_Attribute(InternalGrant *istmt, Oid relOid, const char *relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)
Definition: aclchk.c:1667
int16 AttrNumber
Definition: attnum.h:21
#define WARNING
Definition: elog.h:36
int i
Definition: isn.c:73
void * palloc0(Size size)
Definition: mcxt.c:1334
ObjectType
Definition: parsenodes.h:2108
#define ACL_SELECT
Definition: parsenodes.h:77
FormData_pg_class * Form_pg_class
Definition: pg_class.h:153
#define FirstLowInvalidHeapAttributeNumber
Definition: sysattr.h:27

References ACL_ALL_RIGHTS_COLUMN, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SEQUENCE, ACL_NO_RIGHTS, ACL_SELECT, aclcopy(), acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), InternalGrant::col_privs, AccessPriv::cols, CommandCounterIncrement(), DatumGetAclPCopy, elog, ereport, errcode(), errmsg(), ERROR, ExecGrant_Attribute(), expand_all_col_privileges(), expand_col_privileges(), FirstLowInvalidHeapAttributeNumber, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, i, InternalGrant::is_grant, lfirst, lfirst_oid, merge_acl_with_grant(), NameStr, OBJECT_SEQUENCE, OBJECT_TABLE, ObjectIdGetDatum(), InternalGrant::objects, InternalGrant::objtype, palloc0(), pfree(), PointerGetDatum(), AccessPriv::priv_name, privilege_to_string(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), string_to_privilege(), SysCacheGetAttr(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), values, and WARNING.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Type_check()

static void ExecGrant_Type_check ( InternalGrant istmt,
HeapTuple  tuple 
)
static

Definition at line 2427 of file aclchk.c.

2428 {
2429  Form_pg_type pg_type_tuple;
2430 
2431  pg_type_tuple = (Form_pg_type) GETSTRUCT(tuple);
2432 
2433  /* Disallow GRANT on dependent types */
2434  if (IsTrueArrayType(pg_type_tuple))
2435  ereport(ERROR,
2436  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2437  errmsg("cannot set privileges of array types"),
2438  errhint("Set the privileges of the element type instead.")));
2439  if (pg_type_tuple->typtype == TYPTYPE_MULTIRANGE)
2440  ereport(ERROR,
2441  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2442  errmsg("cannot set privileges of multirange types"),
2443  errhint("Set the privileges of the range type instead.")));
2444 
2445  /* Used GRANT DOMAIN on a non-domain? */
2446  if (istmt->objtype == OBJECT_DOMAIN &&
2447  pg_type_tuple->typtype != TYPTYPE_DOMAIN)
2448  ereport(ERROR,
2449  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2450  errmsg("\"%s\" is not a domain",
2451  NameStr(pg_type_tuple->typname))));
2452 }
int errhint(const char *fmt,...)
Definition: elog.c:1319
FormData_pg_type * Form_pg_type
Definition: pg_type.h:261

References ereport, errcode(), errhint(), errmsg(), ERROR, GETSTRUCT, NameStr, OBJECT_DOMAIN, and InternalGrant::objtype.

Referenced by ExecGrantStmt_oids().

◆ ExecGrantStmt_oids()

static void ExecGrantStmt_oids ( InternalGrant istmt)
static

Definition at line 601 of file aclchk.c.

602 {
603  switch (istmt->objtype)
604  {
605  case OBJECT_TABLE:
606  case OBJECT_SEQUENCE:
607  ExecGrant_Relation(istmt);
608  break;
609  case OBJECT_DATABASE:
610  ExecGrant_common(istmt, DatabaseRelationId, ACL_ALL_RIGHTS_DATABASE, NULL);
611  break;
612  case OBJECT_DOMAIN:
613  case OBJECT_TYPE:
615  break;
616  case OBJECT_FDW:
617  ExecGrant_common(istmt, ForeignDataWrapperRelationId, ACL_ALL_RIGHTS_FDW, NULL);
618  break;
620  ExecGrant_common(istmt, ForeignServerRelationId, ACL_ALL_RIGHTS_FOREIGN_SERVER, NULL);
621  break;
622  case OBJECT_FUNCTION:
623  case OBJECT_PROCEDURE:
624  case OBJECT_ROUTINE:
625  ExecGrant_common(istmt, ProcedureRelationId, ACL_ALL_RIGHTS_FUNCTION, NULL);
626  break;
627  case OBJECT_LANGUAGE:
629  break;
630  case OBJECT_LARGEOBJECT:
631  ExecGrant_Largeobject(istmt);
632  break;
633  case OBJECT_SCHEMA:
634  ExecGrant_common(istmt, NamespaceRelationId, ACL_ALL_RIGHTS_SCHEMA, NULL);
635  break;
636  case OBJECT_TABLESPACE:
637  ExecGrant_common(istmt, TableSpaceRelationId, ACL_ALL_RIGHTS_TABLESPACE, NULL);
638  break;
640  ExecGrant_Parameter(istmt);
641  break;
642  default:
643  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
644  (int) istmt->objtype);
645  }
646 
647  /*
648  * Pass the info to event triggers about the just-executed GRANT. Note
649  * that we prefer to do it after actually executing it, because that gives
650  * the functions a chance to adjust the istmt with privileges actually
651  * granted.
652  */
655 }
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
Definition: acl.h:164
#define ACL_ALL_RIGHTS_TABLESPACE
Definition: acl.h:170
#define ACL_ALL_RIGHTS_DATABASE
Definition: acl.h:162
#define ACL_ALL_RIGHTS_LANGUAGE
Definition: acl.h:166
#define ACL_ALL_RIGHTS_FDW
Definition: acl.h:163
static void ExecGrant_Type_check(InternalGrant *istmt, HeapTuple tuple)
Definition: aclchk.c:2427
static void ExecGrant_common(InternalGrant *istmt, Oid classid, AclMode default_privs, void(*object_check)(InternalGrant *istmt, HeapTuple tuple))
Definition: aclchk.c:2140
static void ExecGrant_Largeobject(InternalGrant *istmt)
Definition: aclchk.c:2291
static void ExecGrant_Parameter(InternalGrant *istmt)
Definition: aclchk.c:2455
static void ExecGrant_Relation(InternalGrant *istmt)
Definition: aclchk.c:1812
static void ExecGrant_Language_check(InternalGrant *istmt, HeapTuple tuple)
Definition: aclchk.c:2275
bool EventTriggerSupportsObjectType(ObjectType obtype)
void EventTriggerCollectGrant(InternalGrant *istmt)

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, elog, ERROR, EventTriggerCollectGrant(), EventTriggerSupportsObjectType(), ExecGrant_common(), ExecGrant_Language_check(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), ExecGrant_Type_check(), OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, and InternalGrant::objtype.

Referenced by ExecuteGrantStmt(), and RemoveRoleFromObjectACL().

◆ ExecuteGrantStmt()

void ExecuteGrantStmt ( GrantStmt stmt)

Definition at line 391 of file aclchk.c.

392 {
393  InternalGrant istmt;
394  ListCell *cell;
395  const char *errormsg;
396  AclMode all_privileges;
397 
398  if (stmt->grantor)
399  {
400  Oid grantor;
401 
402  grantor = get_rolespec_oid(stmt->grantor, false);
403 
404  /*
405  * Currently, this clause is only for SQL compatibility, not very
406  * interesting otherwise.
407  */
408  if (grantor != GetUserId())
409  ereport(ERROR,
410  (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
411  errmsg("grantor must be current user")));
412  }
413 
414  /*
415  * Turn the regular GrantStmt into the InternalGrant form.
416  */
417  istmt.is_grant = stmt->is_grant;
418  istmt.objtype = stmt->objtype;
419 
420  /* Collect the OIDs of the target objects */
421  switch (stmt->targtype)
422  {
423  case ACL_TARGET_OBJECT:
424  istmt.objects = objectNamesToOids(stmt->objtype, stmt->objects,
425  stmt->is_grant);
426  break;
428  istmt.objects = objectsInSchemaToOids(stmt->objtype, stmt->objects);
429  break;
430  /* ACL_TARGET_DEFAULTS should not be seen here */
431  default:
432  elog(ERROR, "unrecognized GrantStmt.targtype: %d",
433  (int) stmt->targtype);
434  }
435 
436  /* all_privs to be filled below */
437  /* privileges to be filled below */
438  istmt.col_privs = NIL; /* may get filled below */
439  istmt.grantees = NIL; /* filled below */
440  istmt.grant_option = stmt->grant_option;
441  istmt.behavior = stmt->behavior;
442 
443  /*
444  * Convert the RoleSpec list into an Oid list. Note that at this point we
445  * insert an ACL_ID_PUBLIC into the list if appropriate, so downstream
446  * there shouldn't be any additional work needed to support this case.
447  */
448  foreach(cell, stmt->grantees)
449  {
450  RoleSpec *grantee = (RoleSpec *) lfirst(cell);
451  Oid grantee_uid;
452 
453  switch (grantee->roletype)
454  {
455  case ROLESPEC_PUBLIC:
456  grantee_uid = ACL_ID_PUBLIC;
457  break;
458  default:
459  grantee_uid = get_rolespec_oid(grantee, false);
460  break;
461  }
462  istmt.grantees = lappend_oid(istmt.grantees, grantee_uid);
463  }
464 
465  /*
466  * Convert stmt->privileges, a list of AccessPriv nodes, into an AclMode
467  * bitmask. Note: objtype can't be OBJECT_COLUMN.
468  */
469  switch (stmt->objtype)
470  {
471  case OBJECT_TABLE:
472 
473  /*
474  * Because this might be a sequence, we test both relation and
475  * sequence bits, and later do a more limited test when we know
476  * the object type.
477  */
479  errormsg = gettext_noop("invalid privilege type %s for relation");
480  break;
481  case OBJECT_SEQUENCE:
482  all_privileges = ACL_ALL_RIGHTS_SEQUENCE;
483  errormsg = gettext_noop("invalid privilege type %s for sequence");
484  break;
485  case OBJECT_DATABASE:
486  all_privileges = ACL_ALL_RIGHTS_DATABASE;
487  errormsg = gettext_noop("invalid privilege type %s for database");
488  break;
489  case OBJECT_DOMAIN:
490  all_privileges = ACL_ALL_RIGHTS_TYPE;
491  errormsg = gettext_noop("invalid privilege type %s for domain");
492  break;
493  case OBJECT_FUNCTION:
494  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
495  errormsg = gettext_noop("invalid privilege type %s for function");
496  break;
497  case OBJECT_LANGUAGE:
498  all_privileges = ACL_ALL_RIGHTS_LANGUAGE;
499  errormsg = gettext_noop("invalid privilege type %s for language");
500  break;
501  case OBJECT_LARGEOBJECT:
502  all_privileges = ACL_ALL_RIGHTS_LARGEOBJECT;
503  errormsg = gettext_noop("invalid privilege type %s for large object");
504  break;
505  case OBJECT_SCHEMA:
506  all_privileges = ACL_ALL_RIGHTS_SCHEMA;
507  errormsg = gettext_noop("invalid privilege type %s for schema");
508  break;
509  case OBJECT_PROCEDURE:
510  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
511  errormsg = gettext_noop("invalid privilege type %s for procedure");
512  break;
513  case OBJECT_ROUTINE:
514  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
515  errormsg = gettext_noop("invalid privilege type %s for routine");
516  break;
517  case OBJECT_TABLESPACE:
518  all_privileges = ACL_ALL_RIGHTS_TABLESPACE;
519  errormsg = gettext_noop("invalid privilege type %s for tablespace");
520  break;
521  case OBJECT_TYPE:
522  all_privileges = ACL_ALL_RIGHTS_TYPE;
523  errormsg = gettext_noop("invalid privilege type %s for type");
524  break;
525  case OBJECT_FDW:
526  all_privileges = ACL_ALL_RIGHTS_FDW;
527  errormsg = gettext_noop("invalid privilege type %s for foreign-data wrapper");
528  break;
530  all_privileges = ACL_ALL_RIGHTS_FOREIGN_SERVER;
531  errormsg = gettext_noop("invalid privilege type %s for foreign server");
532  break;
534  all_privileges = ACL_ALL_RIGHTS_PARAMETER_ACL;
535  errormsg = gettext_noop("invalid privilege type %s for parameter");
536  break;
537  default:
538  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
539  (int) stmt->objtype);
540  /* keep compiler quiet */
541  all_privileges = ACL_NO_RIGHTS;
542  errormsg = NULL;
543  }
544 
545  if (stmt->privileges == NIL)
546  {
547  istmt.all_privs = true;
548 
549  /*
550  * will be turned into ACL_ALL_RIGHTS_* by the internal routines
551  * depending on the object type
552  */
553  istmt.privileges = ACL_NO_RIGHTS;
554  }
555  else
556  {
557  istmt.all_privs = false;
558  istmt.privileges = ACL_NO_RIGHTS;
559 
560  foreach(cell, stmt->privileges)
561  {
562  AccessPriv *privnode = (AccessPriv *) lfirst(cell);
563  AclMode priv;
564 
565  /*
566  * If it's a column-level specification, we just set it aside in
567  * col_privs for the moment; but insist it's for a relation.
568  */
569  if (privnode->cols)
570  {
571  if (stmt->objtype != OBJECT_TABLE)
572  ereport(ERROR,
573  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
574  errmsg("column privileges are only valid for relations")));
575  istmt.col_privs = lappend(istmt.col_privs, privnode);
576  continue;
577  }
578 
579  if (privnode->priv_name == NULL) /* parser mistake? */
580  elog(ERROR, "AccessPriv node must specify privilege or columns");
581  priv = string_to_privilege(privnode->priv_name);
582 
583  if (priv & ~((AclMode) all_privileges))
584  ereport(ERROR,
585  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
586  errmsg(errormsg, privilege_to_string(priv))));
587 
588  istmt.privileges |= priv;
589  }
590  }
591 
592  ExecGrantStmt_oids(&istmt);
593 }
static void ExecGrantStmt_oids(InternalGrant *istmt)
Definition: aclchk.c:601
static List * objectNamesToOids(ObjectType objtype, List *objnames, bool is_grant)
Definition: aclchk.c:668
static List * objectsInSchemaToOids(ObjectType objtype, List *nspnames)
Definition: aclchk.c:848
List * lappend(List *list, void *datum)
Definition: list.c:339
@ ACL_TARGET_OBJECT
Definition: parsenodes.h:2337
@ ACL_TARGET_ALL_IN_SCHEMA
Definition: parsenodes.h:2338

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_LARGEOBJECT, ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, ACL_TARGET_ALL_IN_SCHEMA, ACL_TARGET_OBJECT, InternalGrant::all_privs, InternalGrant::behavior, InternalGrant::col_privs, AccessPriv::cols, elog, ereport, errcode(), errmsg(), ERROR, ExecGrantStmt_oids(), get_rolespec_oid(), gettext_noop, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, InternalGrant::is_grant, lappend(), lappend_oid(), lfirst, NIL, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, objectNamesToOids(), InternalGrant::objects, objectsInSchemaToOids(), InternalGrant::objtype, AccessPriv::priv_name, privilege_to_string(), InternalGrant::privileges, ROLESPEC_PUBLIC, RoleSpec::roletype, stmt, and string_to_privilege().

Referenced by ProcessUtilitySlow(), and standard_ProcessUtility().

◆ expand_all_col_privileges()

static void expand_all_col_privileges ( Oid  table_oid,
Form_pg_class  classForm,
AclMode  this_privileges,
AclMode col_privileges,
int  num_col_privileges 
)
static

Definition at line 1621 of file aclchk.c.

1625 {
1626  AttrNumber curr_att;
1627 
1628  Assert(classForm->relnatts - FirstLowInvalidHeapAttributeNumber < num_col_privileges);
1629  for (curr_att = FirstLowInvalidHeapAttributeNumber + 1;
1630  curr_att <= classForm->relnatts;
1631  curr_att++)
1632  {
1633  HeapTuple attTuple;
1634  bool isdropped;
1635 
1636  if (curr_att == InvalidAttrNumber)
1637  continue;
1638 
1639  /* Views don't have any system columns at all */
1640  if (classForm->relkind == RELKIND_VIEW && curr_att < 0)
1641  continue;
1642 
1643  attTuple = SearchSysCache2(ATTNUM,
1644  ObjectIdGetDatum(table_oid),
1645  Int16GetDatum(curr_att));
1646  if (!HeapTupleIsValid(attTuple))
1647  elog(ERROR, "cache lookup failed for attribute %d of relation %u",
1648  curr_att, table_oid);
1649 
1650  isdropped = ((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped;
1651 
1652  ReleaseSysCache(attTuple);
1653 
1654  /* ignore dropped columns */
1655  if (isdropped)
1656  continue;
1657 
1658  col_privileges[curr_att - FirstLowInvalidHeapAttributeNumber] |= this_privileges;
1659  }
1660 }
#define InvalidAttrNumber
Definition: attnum.h:23
Assert(fmt[strlen(fmt) - 1] !='\n')

References Assert(), elog, ERROR, FirstLowInvalidHeapAttributeNumber, GETSTRUCT, HeapTupleIsValid, Int16GetDatum(), InvalidAttrNumber, ObjectIdGetDatum(), ReleaseSysCache(), and SearchSysCache2().

Referenced by ExecGrant_Relation().

◆ expand_col_privileges()

static void expand_col_privileges ( List colnames,
Oid  table_oid,
AclMode  this_privileges,
AclMode col_privileges,
int  num_col_privileges 
)
static

Definition at line 1588 of file aclchk.c.

1592 {
1593  ListCell *cell;
1594 
1595  foreach(cell, colnames)
1596  {
1597  char *colname = strVal(lfirst(cell));
1599 
1600  attnum = get_attnum(table_oid, colname);
1601  if (attnum == InvalidAttrNumber)
1602  ereport(ERROR,
1603  (errcode(ERRCODE_UNDEFINED_COLUMN),
1604  errmsg("column \"%s\" of relation \"%s\" does not exist",
1605  colname, get_rel_name(table_oid))));
1607  if (attnum <= 0 || attnum >= num_col_privileges)
1608  elog(ERROR, "column number out of range"); /* safety check */
1609  col_privileges[attnum] |= this_privileges;
1610  }
1611 }
AttrNumber get_attnum(Oid relid, const char *attname)
Definition: lsyscache.c:858
char * get_rel_name(Oid relid)
Definition: lsyscache.c:1906
#define strVal(v)
Definition: value.h:82

References attnum, elog, ereport, errcode(), errmsg(), ERROR, FirstLowInvalidHeapAttributeNumber, get_attnum(), get_rel_name(), InvalidAttrNumber, lfirst, and strVal.

Referenced by ExecGrant_Relation().

◆ get_default_acl_internal()

static Acl* get_default_acl_internal ( Oid  roleId,
Oid  nsp_oid,
char  objtype 
)
static

Definition at line 4254 of file aclchk.c.

4255 {
4256  Acl *result = NULL;
4257  HeapTuple tuple;
4258 
4259  tuple = SearchSysCache3(DEFACLROLENSPOBJ,
4260  ObjectIdGetDatum(roleId),
4261  ObjectIdGetDatum(nsp_oid),
4262  CharGetDatum(objtype));
4263 
4264  if (HeapTupleIsValid(tuple))
4265  {
4266  Datum aclDatum;
4267  bool isNull;
4268 
4269  aclDatum = SysCacheGetAttr(DEFACLROLENSPOBJ, tuple,
4270  Anum_pg_default_acl_defaclacl,
4271  &isNull);
4272  if (!isNull)
4273  result = DatumGetAclPCopy(aclDatum);
4274  ReleaseSysCache(tuple);
4275  }
4276 
4277  return result;
4278 }
static Datum CharGetDatum(char X)
Definition: postgres.h:122
HeapTuple SearchSysCache3(int cacheId, Datum key1, Datum key2, Datum key3)
Definition: syscache.c:240

References CharGetDatum(), DatumGetAclPCopy, HeapTupleIsValid, ObjectIdGetDatum(), ReleaseSysCache(), SearchSysCache3(), and SysCacheGetAttr().

Referenced by get_user_default_acl().

◆ get_user_default_acl()

Acl* get_user_default_acl ( ObjectType  objtype,
Oid  ownerId,
Oid  nsp_oid 
)

Definition at line 4289 of file aclchk.c.

4290 {
4291  Acl *result;
4292  Acl *glob_acl;
4293  Acl *schema_acl;
4294  Acl *def_acl;
4295  char defaclobjtype;
4296 
4297  /*
4298  * Use NULL during bootstrap, since pg_default_acl probably isn't there
4299  * yet.
4300  */
4302  return NULL;
4303 
4304  /* Check if object type is supported in pg_default_acl */
4305  switch (objtype)
4306  {
4307  case OBJECT_TABLE:
4308  defaclobjtype = DEFACLOBJ_RELATION;
4309  break;
4310 
4311  case OBJECT_SEQUENCE:
4312  defaclobjtype = DEFACLOBJ_SEQUENCE;
4313  break;
4314 
4315  case OBJECT_FUNCTION:
4316  defaclobjtype = DEFACLOBJ_FUNCTION;
4317  break;
4318 
4319  case OBJECT_TYPE:
4320  defaclobjtype = DEFACLOBJ_TYPE;
4321  break;
4322 
4323  case OBJECT_SCHEMA:
4324  defaclobjtype = DEFACLOBJ_NAMESPACE;
4325  break;
4326 
4327  default:
4328  return NULL;
4329  }
4330 
4331  /* Look up the relevant pg_default_acl entries */
4332  glob_acl = get_default_acl_internal(ownerId, InvalidOid, defaclobjtype);
4333  schema_acl = get_default_acl_internal(ownerId, nsp_oid, defaclobjtype);
4334 
4335  /* Quick out if neither entry exists */
4336  if (glob_acl == NULL && schema_acl == NULL)
4337  return NULL;
4338 
4339  /* We need to know the hard-wired default value, too */
4340  def_acl = acldefault(objtype, ownerId);
4341 
4342  /* If there's no global entry, substitute the hard-wired default */
4343  if (glob_acl == NULL)
4344  glob_acl = def_acl;
4345 
4346  /* Merge in any per-schema privileges */
4347  result = aclmerge(glob_acl, schema_acl, ownerId);
4348 
4349  /*
4350  * For efficiency, we want to return NULL if the result equals default.
4351  * This requires sorting both arrays to get an accurate comparison.
4352  */
4353  aclitemsort(result);
4354  aclitemsort(def_acl);
4355  if (aclequal(result, def_acl))
4356  result = NULL;
4357 
4358  return result;
4359 }
void aclitemsort(Acl *acl)
Definition: acl.c:520
Acl * aclmerge(const Acl *left_acl, const Acl *right_acl, Oid ownerId)
Definition: acl.c:476
static Acl * get_default_acl_internal(Oid roleId, Oid nsp_oid, char objtype)
Definition: aclchk.c:4254
#define IsBootstrapProcessingMode()
Definition: miscadmin.h:451
#define InvalidOid
Definition: postgres_ext.h:36

References acldefault(), aclequal(), aclitemsort(), aclmerge(), get_default_acl_internal(), InvalidOid, IsBootstrapProcessingMode, OBJECT_FUNCTION, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, and OBJECT_TYPE.

Referenced by heap_create_with_catalog(), NamespaceCreate(), ProcedureCreate(), and TypeCreate().

◆ getRelationsInNamespace()

static List * getRelationsInNamespace ( Oid  namespaceId,
char  relkind 
)
static

Definition at line 937 of file aclchk.c.

938 {
939  List *relations = NIL;
940  ScanKeyData key[2];
941  Relation rel;
942  TableScanDesc scan;
943  HeapTuple tuple;
944 
945  ScanKeyInit(&key[0],
946  Anum_pg_class_relnamespace,
947  BTEqualStrategyNumber, F_OIDEQ,
948  ObjectIdGetDatum(namespaceId));
949  ScanKeyInit(&key[1],
950  Anum_pg_class_relkind,
951  BTEqualStrategyNumber, F_CHAREQ,
952  CharGetDatum(relkind));
953 
954  rel = table_open(RelationRelationId, AccessShareLock);
955  scan = table_beginscan_catalog(rel, 2, key);
956 
957  while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
958  {
959  Oid oid = ((Form_pg_class) GETSTRUCT(tuple))->oid;
960 
961  relations = lappend_oid(relations, oid);
962  }
963 
964  table_endscan(scan);
966 
967  return relations;
968 }
HeapTuple heap_getnext(TableScanDesc sscan, ScanDirection direction)
Definition: heapam.c:1082
#define AccessShareLock
Definition: lockdefs.h:36
@ ForwardScanDirection
Definition: sdir.h:28
TableScanDesc table_beginscan_catalog(Relation relation, int nkeys, struct ScanKeyData *key)
Definition: tableam.c:112
static void table_endscan(TableScanDesc scan)
Definition: tableam.h:1009

References AccessShareLock, BTEqualStrategyNumber, CharGetDatum(), ForwardScanDirection, GETSTRUCT, heap_getnext(), sort-test::key, lappend_oid(), NIL, ObjectIdGetDatum(), ScanKeyInit(), table_beginscan_catalog(), table_close(), table_endscan(), and table_open().

Referenced by objectsInSchemaToOids().

◆ has_bypassrls_privilege()

bool has_bypassrls_privilege ( Oid  roleid)

Definition at line 4230 of file aclchk.c.

4231 {
4232  bool result = false;
4233  HeapTuple utup;
4234 
4235  /* Superusers bypass all permission checking. */
4236  if (superuser_arg(roleid))
4237  return true;
4238 
4239  utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
4240  if (HeapTupleIsValid(utup))
4241  {
4242  result = ((Form_pg_authid) GETSTRUCT(utup))->rolbypassrls;
4243  ReleaseSysCache(utup);
4244  }
4245  return result;
4246 }
FormData_pg_authid * Form_pg_authid
Definition: pg_authid.h:56
bool rolbypassrls
Definition: pg_authid.h:41
bool superuser_arg(Oid roleid)
Definition: superuser.c:56

References GETSTRUCT, HeapTupleIsValid, ObjectIdGetDatum(), ReleaseSysCache(), rolbypassrls, SearchSysCache1(), and superuser_arg().

Referenced by AlterRole(), check_enable_rls(), CreateRole(), and RI_Initial_Check().

◆ has_createrole_privilege()

bool has_createrole_privilege ( Oid  roleid)

Definition at line 4211 of file aclchk.c.

4212 {
4213  bool result = false;
4214  HeapTuple utup;
4215 
4216  /* Superusers bypass all permission checking. */
4217  if (superuser_arg(roleid))
4218  return true;
4219 
4220  utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
4221  if (HeapTupleIsValid(utup))
4222  {
4223  result = ((Form_pg_authid) GETSTRUCT(utup))->rolcreaterole;
4224  ReleaseSysCache(utup);
4225  }
4226  return result;
4227 }
bool rolcreaterole
Definition: pg_authid.h:37

References GETSTRUCT, HeapTupleIsValid, ObjectIdGetDatum(), ReleaseSysCache(), rolcreaterole, SearchSysCache1(), and superuser_arg().

Referenced by check_object_ownership(), CreateRole(), and have_createrole_privilege().

◆ merge_acl_with_grant()

static Acl* merge_acl_with_grant ( Acl old_acl,
bool  is_grant,
bool  grant_option,
DropBehavior  behavior,
List grantees,
AclMode  privileges,
Oid  grantorId,
Oid  ownerId 
)
static

Definition at line 181 of file aclchk.c.

185 {
186  unsigned modechg;
187  ListCell *j;
188  Acl *new_acl;
189 
190  modechg = is_grant ? ACL_MODECHG_ADD : ACL_MODECHG_DEL;
191 
192  new_acl = old_acl;
193 
194  foreach(j, grantees)
195  {
196  AclItem aclitem;
197  Acl *newer_acl;
198 
199  aclitem.ai_grantee = lfirst_oid(j);
200 
201  /*
202  * Grant options can only be granted to individual roles, not PUBLIC.
203  * The reason is that if a user would re-grant a privilege that he
204  * held through PUBLIC, and later the user is removed, the situation
205  * is impossible to clean up.
206  */
207  if (is_grant && grant_option && aclitem.ai_grantee == ACL_ID_PUBLIC)
208  ereport(ERROR,
209  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
210  errmsg("grant options can only be granted to roles")));
211 
212  aclitem.ai_grantor = grantorId;
213 
214  /*
215  * The asymmetry in the conditions here comes from the spec. In
216  * GRANT, the grant_option flag signals WITH GRANT OPTION, which means
217  * to grant both the basic privilege and its grant option. But in
218  * REVOKE, plain revoke revokes both the basic privilege and its grant
219  * option, while REVOKE GRANT OPTION revokes only the option.
220  */
222  (is_grant || !grant_option) ? privileges : ACL_NO_RIGHTS,
223  (!is_grant || grant_option) ? privileges : ACL_NO_RIGHTS);
224 
225  newer_acl = aclupdate(new_acl, &aclitem, modechg, ownerId, behavior);
226 
227  /* avoid memory leak when there are many grantees */
228  pfree(new_acl);
229  new_acl = newer_acl;
230  }
231 
232  return new_acl;
233 }
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
Definition: acl.c:967
#define ACL_MODECHG_DEL
Definition: acl.h:130
#define ACL_MODECHG_ADD
Definition: acl.h:129
#define ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)
Definition: acl.h:82
int j
Definition: isn.c:74
Definition: acl.h:55
Oid ai_grantee
Definition: acl.h:56
Oid ai_grantor
Definition: acl.h:57

References ACL_ID_PUBLIC, ACL_MODECHG_ADD, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACLITEM_SET_PRIVS_GOPTIONS, aclupdate(), AclItem::ai_grantee, AclItem::ai_grantor, ereport, errcode(), errmsg(), ERROR, j, lfirst_oid, and pfree().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), and SetDefaultACL().

◆ object_aclcheck()

AclResult object_aclcheck ( Oid  classid,
Oid  objectid,
Oid  roleid,
AclMode  mode 
)

Definition at line 3876 of file aclchk.c.

3877 {
3878  return object_aclcheck_ext(classid, objectid, roleid, mode, NULL);
3879 }
AclResult object_aclcheck_ext(Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)
Definition: aclchk.c:3886
static PgChecksumMode mode
Definition: pg_checksums.c:56

References mode, and object_aclcheck_ext().

Referenced by AggregateCreate(), AlterExtensionNamespace(), AlterForeignServerOwner_internal(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), AlterPublicationOwner_internal(), AlterSchemaOwner_internal(), AlterSubscriptionOwner_internal(), AlterTableMoveAll(), AlterTypeOwner(), ATExecChangeOwner(), ATPrepAlterColumnType(), ATPrepSetTableSpace(), BuildDescForRelation(), calculate_database_size(), calculate_tablespace_size(), call_pltcl_start_proc(), check_temp_tablespaces(), CheckFunctionValidatorAccess(), CheckMyDatabase(), compute_return_type(), CreateCast(), CreateConversionCommand(), createdb(), CreateForeignServer(), CreateForeignTable(), CreateFunction(), CreatePublication(), CreateSchemaCommand(), CreateSubscription(), CreateTransform(), CreateTriggerFiringOn(), DefineAggregate(), DefineCollation(), DefineDomain(), DefineEnum(), DefineIndex(), DefineOpClass(), DefineOperator(), DefineOpFamily(), DefineRange(), DefineRelation(), DefineTSConfiguration(), DefineTSDictionary(), DefineType(), ExecBuildGroupingEqual(), ExecBuildParamSetEqual(), ExecInitAgg(), ExecInitExprRec(), ExecInitFunc(), ExecInitWindowAgg(), ExecReindex(), ExecuteCallStmt(), ExecuteDoStmt(), extension_is_trusted(), findRangeCanonicalFunction(), findRangeSubtypeDiffFunction(), get_connect_string(), get_other_operator(), HandleFunctionRequest(), has_database_privilege_id_name(), has_database_privilege_name(), has_database_privilege_name_name(), has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), has_foreign_data_wrapper_privilege_name_name(), has_function_privilege_id_name(), has_function_privilege_name(), has_function_privilege_name_name(), has_language_privilege_id_name(), has_language_privilege_name(), has_language_privilege_name_name(), has_schema_privilege_id_name(), has_schema_privilege_name(), has_schema_privilege_name_name(), has_server_privilege_id_name(), has_server_privilege_name(), has_server_privilege_name_name(), has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), has_tablespace_privilege_name_name(), has_type_privilege_id_name(), has_type_privilege_name(), has_type_privilege_name_name(), ImportForeignSchema(), init_sexpr(), initialize_peragg(), InitTempTableNamespace(), inline_function(), inline_set_returning_function(), interpret_function_parameter_list(), lookup_agg_function(), LookupCreationNamespace(), LookupExplicitNamespace(), movedb(), PrepareTempTablespaces(), preprocessNamespacePath(), RangeVarCallbackForAlterRelation(), RangeVarGetAndCheckCreationNamespace(), ReindexMultipleInternal(), RenameSchema(), transformTableLikeClause(), user_mapping_ddl_aclcheck(), ValidateJoinEstimator(), and ValidateRestrictionEstimator().

◆ object_aclcheck_ext()

◆ object_aclmask()

static AclMode object_aclmask ( Oid  classid,
Oid  objectid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 3084 of file aclchk.c.

3086 {
3087  return object_aclmask_ext(classid, objectid, roleid, mask, how, NULL);
3088 }

References object_aclmask_ext().

Referenced by pg_aclmask().

◆ object_aclmask_ext()

static AclMode object_aclmask_ext ( Oid  classid,
Oid  objectid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
bool is_missing 
)
static

Definition at line 3095 of file aclchk.c.

3098 {
3099  int cacheid;
3100  AclMode result;
3101  HeapTuple tuple;
3102  Datum aclDatum;
3103  bool isNull;
3104  Acl *acl;
3105  Oid ownerId;
3106 
3107  /* Special cases */
3108  switch (classid)
3109  {
3110  case NamespaceRelationId:
3111  return pg_namespace_aclmask_ext(objectid, roleid, mask, how,
3112  is_missing);
3113  case TypeRelationId:
3114  return pg_type_aclmask_ext(objectid, roleid, mask, how,
3115  is_missing);
3116  }
3117 
3118  /* Even more special cases */
3119  Assert(classid != RelationRelationId); /* should use pg_class_acl* */
3120  Assert(classid != LargeObjectMetadataRelationId); /* should use
3121  * pg_largeobject_acl* */
3122 
3123  /* Superusers bypass all permission checking. */
3124  if (superuser_arg(roleid))
3125  return mask;
3126 
3127  /*
3128  * Get the object's ACL from its catalog
3129  */
3130 
3131  cacheid = get_object_catcache_oid(classid);
3132 
3133  tuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objectid));
3134  if (!HeapTupleIsValid(tuple))
3135  {
3136  if (is_missing != NULL)
3137  {
3138  /* return "no privileges" instead of throwing an error */
3139  *is_missing = true;
3140  return 0;
3141  }
3142  else
3143  ereport(ERROR,
3144  (errcode(ERRCODE_UNDEFINED_OBJECT),
3145  errmsg("%s with OID %u does not exist",
3146  get_object_class_descr(classid), objectid)));
3147  }
3148 
3149  ownerId = DatumGetObjectId(SysCacheGetAttrNotNull(cacheid,
3150  tuple,
3151  get_object_attnum_owner(classid)));
3152 
3153  aclDatum = SysCacheGetAttr(cacheid, tuple, get_object_attnum_acl(classid),
3154  &isNull);
3155  if (isNull)
3156  {
3157  /* No ACL, so build default ACL */
3158  acl = acldefault(get_object_type(classid, objectid), ownerId);
3159  aclDatum = (Datum) 0;
3160  }
3161  else
3162  {
3163  /* detoast ACL if necessary */
3164  acl = DatumGetAclP(aclDatum);
3165  }
3166 
3167  result = aclmask(acl, roleid, ownerId, mask, how);
3168 
3169  /* if we have a detoasted copy, free it */
3170  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3171  pfree(acl);
3172 
3173  ReleaseSysCache(tuple);
3174 
3175  return result;
3176 }
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Definition: acl.c:1357
#define DatumGetAclP(X)
Definition: acl.h:120
static AclMode pg_namespace_aclmask_ext(Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:3648
static AclMode pg_type_aclmask_ext(Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:3750
char * Pointer
Definition: c.h:470
static Pointer DatumGetPointer(Datum X)
Definition: postgres.h:312

References acldefault(), aclmask(), Assert(), DatumGetAclP, DatumGetObjectId(), DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, get_object_attnum_acl(), get_object_attnum_owner(), get_object_catcache_oid(), get_object_class_descr(), get_object_type(), HeapTupleIsValid, ObjectIdGetDatum(), pfree(), pg_namespace_aclmask_ext(), pg_type_aclmask_ext(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), SysCacheGetAttr(), and SysCacheGetAttrNotNull().

Referenced by object_aclcheck_ext(), and object_aclmask().

◆ object_ownercheck()

bool object_ownercheck ( Oid  classid,
Oid  objectid,
Oid  roleid 
)

Definition at line 4130 of file aclchk.c.

4131 {
4132  int cacheid;
4133  Oid ownerId;
4134 
4135  /* Superusers bypass all permission checking. */
4136  if (superuser_arg(roleid))
4137  return true;
4138 
4139  /* For large objects, the catalog to consult is pg_largeobject_metadata */
4140  if (classid == LargeObjectRelationId)
4141  classid = LargeObjectMetadataRelationId;
4142 
4143  cacheid = get_object_catcache_oid(classid);
4144  if (cacheid != -1)
4145  {
4146  /* we can get the object's tuple from the syscache */
4147  HeapTuple tuple;
4148 
4149  tuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objectid));
4150  if (!HeapTupleIsValid(tuple))
4151  ereport(ERROR,
4152  (errcode(ERRCODE_UNDEFINED_OBJECT),
4153  errmsg("%s with OID %u does not exist", get_object_class_descr(classid), objectid)));
4154 
4155  ownerId = DatumGetObjectId(SysCacheGetAttrNotNull(cacheid,
4156  tuple,
4157  get_object_attnum_owner(classid)));
4158  ReleaseSysCache(tuple);
4159  }
4160  else
4161  {
4162  /* for catalogs without an appropriate syscache */
4163  Relation rel;
4164  ScanKeyData entry[1];
4165  SysScanDesc scan;
4166  HeapTuple tuple;
4167  bool isnull;
4168 
4169  rel = table_open(classid, AccessShareLock);
4170 
4171  ScanKeyInit(&entry[0],
4172  get_object_attnum_oid(classid),
4173  BTEqualStrategyNumber, F_OIDEQ,
4174  ObjectIdGetDatum(objectid));
4175 
4176  scan = systable_beginscan(rel,
4177  get_object_oid_index(classid), true,
4178  NULL, 1, entry);
4179 
4180  tuple = systable_getnext(scan);
4181  if (!HeapTupleIsValid(tuple))
4182  ereport(ERROR,
4183  (errcode(ERRCODE_UNDEFINED_OBJECT),
4184  errmsg("%s with OID %u does not exist", get_object_class_descr(classid), objectid)));
4185 
4186  ownerId = DatumGetObjectId(heap_getattr(tuple,
4187  get_object_attnum_owner(classid),
4188  RelationGetDescr(rel),
4189  &isnull));
4190  Assert(!isnull);
4191 
4192  systable_endscan(scan);
4194  }
4195 
4196  return has_privs_of_role(roleid, ownerId);
4197 }
AttrNumber get_object_attnum_oid(Oid class_id)
Oid get_object_oid_index(Oid class_id)

References AccessShareLock, Assert(), BTEqualStrategyNumber, DatumGetObjectId(), ereport, errcode(), errmsg(), ERROR, get_object_attnum_oid(), get_object_attnum_owner(), get_object_catcache_oid(), get_object_class_descr(), get_object_oid_index(), has_privs_of_role(), heap_getattr(), HeapTupleIsValid, ObjectIdGetDatum(), RelationGetDescr, ReleaseSysCache(), ScanKeyInit(), SearchSysCache1(), superuser_arg(), SysCacheGetAttrNotNull(), systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by AlterCollation(), AlterDatabase(), AlterDatabaseOwner(), AlterDatabaseRefreshColl(), AlterDatabaseSet(), AlterEventTrigger(), AlterEventTriggerOwner_internal(), AlterExtensionNamespace(), AlterForeignServer(), AlterForeignServerOwner_internal(), AlterFunction(), AlterOperator(), AlterOpFamilyAdd(), AlterPublication(), AlterPublicationOwner_internal(), AlterRoleSet(), AlterSchemaOwner_internal(), AlterStatistics(), AlterSubscription(), AlterSubscriptionOwner_internal(), AlterTableMoveAll(), AlterTableSpaceOptions(), AlterTSConfiguration(), AlterTSDictionary(), AlterType(), AlterTypeNamespace_oid(), AlterTypeOwner(), ATExecChangeOwner(), ATSimplePermissions(), be_lo_unlink(), brin_desummarize_range(), brin_summarize_range(), check_enable_rls(), check_object_ownership(), checkDomainOwner(), checkEnumOwner(), CreateCast(), createdb(), CreateProceduralLanguage(), CreateStatistics(), CreateTransform(), DefineOpClass(), DefineQueryRewrite(), DefineType(), dropdb(), DropSubscription(), DropTableSpace(), EnableDisableRule(), ExecAlterExtensionContentsStmt(), ExecAlterExtensionStmt(), ExecuteTruncateGuts(), gin_clean_pending_list(), heap_force_common(), MergeAttributes(), movedb(), OperatorCreate(), ProcedureCreate(), PublicationAddTables(), RangeVarCallbackForAlterRelation(), RangeVarCallbackForDropRelation(), RangeVarCallbackForPolicy(), RangeVarCallbackForRenameRule(), RangeVarCallbackForRenameTrigger(), RangeVarCallbackOwnsRelation(), RangeVarGetAndCheckCreationNamespace(), ReindexMultipleTables(), RemoveObjects(), renameatt_check(), RenameDatabase(), RenameSchema(), RenameTableSpace(), RenameType(), RI_Initial_Check(), user_mapping_ddl_aclcheck(), vacuum_is_permitted_for_relation(), and ValidateOperatorReference().

◆ objectNamesToOids()

static List * objectNamesToOids ( ObjectType  objtype,
List objnames,
bool  is_grant 
)
static

Definition at line 668 of file aclchk.c.

669 {
670  List *objects = NIL;
671  ListCell *cell;
672 
673  Assert(objnames != NIL);
674 
675  switch (objtype)
676  {
677  case OBJECT_TABLE:
678  case OBJECT_SEQUENCE:
679  foreach(cell, objnames)
680  {
681  RangeVar *relvar = (RangeVar *) lfirst(cell);
682  Oid relOid;
683 
684  relOid = RangeVarGetRelid(relvar, NoLock, false);
685  objects = lappend_oid(objects, relOid);
686  }
687  break;
688  case OBJECT_DATABASE:
689  foreach(cell, objnames)
690  {
691  char *dbname = strVal(lfirst(cell));
692  Oid dbid;
693 
694  dbid = get_database_oid(dbname, false);
695  objects = lappend_oid(objects, dbid);
696  }
697  break;
698  case OBJECT_DOMAIN:
699  case OBJECT_TYPE:
700  foreach(cell, objnames)
701  {
702  List *typname = (List *) lfirst(cell);
703  Oid oid;
704 
706  objects = lappend_oid(objects, oid);
707  }
708  break;
709  case OBJECT_FUNCTION:
710  foreach(cell, objnames)
711  {
712  ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
713  Oid funcid;
714 
715  funcid = LookupFuncWithArgs(OBJECT_FUNCTION, func, false);
716  objects = lappend_oid(objects, funcid);
717  }
718  break;
719  case OBJECT_LANGUAGE:
720  foreach(cell, objnames)
721  {
722  char *langname = strVal(lfirst(cell));
723  Oid oid;
724 
725  oid = get_language_oid(langname, false);
726  objects = lappend_oid(objects, oid);
727  }
728  break;
729  case OBJECT_LARGEOBJECT:
730  foreach(cell, objnames)
731  {
732  Oid lobjOid = oidparse(lfirst(cell));
733 
734  if (!LargeObjectExists(lobjOid))
735  ereport(ERROR,
736  (errcode(ERRCODE_UNDEFINED_OBJECT),
737  errmsg("large object %u does not exist",
738  lobjOid)));
739 
740  objects = lappend_oid(objects, lobjOid);
741  }
742  break;
743  case OBJECT_SCHEMA:
744  foreach(cell, objnames)
745  {
746  char *nspname = strVal(lfirst(cell));
747  Oid oid;
748 
749  oid = get_namespace_oid(nspname, false);
750  objects = lappend_oid(objects, oid);
751  }
752  break;
753  case OBJECT_PROCEDURE:
754  foreach(cell, objnames)
755  {
756  ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
757  Oid procid;
758 
759  procid = LookupFuncWithArgs(OBJECT_PROCEDURE, func, false);
760  objects = lappend_oid(objects, procid);
761  }
762  break;
763  case OBJECT_ROUTINE:
764  foreach(cell, objnames)
765  {
766  ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
767  Oid routid;
768 
769  routid = LookupFuncWithArgs(OBJECT_ROUTINE, func, false);
770  objects = lappend_oid(objects, routid);
771  }
772  break;
773  case OBJECT_TABLESPACE:
774  foreach(cell, objnames)
775  {
776  char *spcname = strVal(lfirst(cell));
777  Oid spcoid;
778 
779  spcoid = get_tablespace_oid(spcname, false);
780  objects = lappend_oid(objects, spcoid);
781  }
782  break;
783  case OBJECT_FDW:
784  foreach(cell, objnames)
785  {
786  char *fdwname = strVal(lfirst(cell));
787  Oid fdwid = get_foreign_data_wrapper_oid(fdwname, false);
788 
789  objects = lappend_oid(objects, fdwid);
790  }
791  break;
793  foreach(cell, objnames)
794  {
795  char *srvname = strVal(lfirst(cell));
796  Oid srvid = get_foreign_server_oid(srvname, false);
797 
798  objects = lappend_oid(objects, srvid);
799  }
800  break;
802  foreach(cell, objnames)
803  {
804  /*
805  * In this code we represent a GUC by the OID of its entry in
806  * pg_parameter_acl, which we have to manufacture here if it
807  * doesn't exist yet. (That's a hack for sure, but it avoids
808  * messing with all the GRANT/REVOKE infrastructure that
809  * expects to use OIDs for object identities.) However, if
810  * this is a REVOKE, we can instead just ignore any GUCs that
811  * don't have such an entry, as they must not have any
812  * privileges needing removal.
813  */
814  char *parameter = strVal(lfirst(cell));
815  Oid parameterId = ParameterAclLookup(parameter, true);
816 
817  if (!OidIsValid(parameterId) && is_grant)
818  {
819  parameterId = ParameterAclCreate(parameter);
820 
821  /*
822  * Prevent error when processing duplicate objects, and
823  * make this new entry visible so that ExecGrant_Parameter
824  * can update it.
825  */
827  }
828  if (OidIsValid(parameterId))
829  objects = lappend_oid(objects, parameterId);
830  }
831  break;
832  default:
833  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
834  (int) objtype);
835  }
836 
837  return objects;
838 }
Oid get_tablespace_oid(const char *tablespacename, bool missing_ok)
Definition: tablespace.c:1426
#define OidIsValid(objectId)
Definition: c.h:762
Oid get_database_oid(const char *dbname, bool missing_ok)
Definition: dbcommands.c:3106
Oid get_foreign_server_oid(const char *servername, bool missing_ok)
Definition: foreign.c:694
Oid get_foreign_data_wrapper_oid(const char *fdwname, bool missing_ok)
Definition: foreign.c:671
#define NoLock
Definition: lockdefs.h:34
TypeName * makeTypeNameFromNameList(List *names)
Definition: makefuncs.c:458
Oid get_namespace_oid(const char *nspname, bool missing_ok)
Definition: namespace.c:3520
#define RangeVarGetRelid(relation, lockmode, missing_ok)
Definition: namespace.h:80
Oid oidparse(Node *node)
Definition: oid.c:235
Oid LookupFuncWithArgs(ObjectType objtype, ObjectWithArgs *func, bool missing_ok)
Definition: parse_func.c:2205
Oid typenameTypeId(ParseState *pstate, const TypeName *typeName)
Definition: parse_type.c:291
bool LargeObjectExists(Oid loid)
Oid ParameterAclLookup(const char *parameter, bool missing_ok)
Oid ParameterAclCreate(const char *parameter)
NameData typname
Definition: pg_type.h:41
Oid get_language_oid(const char *langname, bool missing_ok)
Definition: proclang.c:226
char * dbname
Definition: streamutil.c:51

References Assert(), CommandCounterIncrement(), dbname, elog, ereport, errcode(), errmsg(), ERROR, get_database_oid(), get_foreign_data_wrapper_oid(), get_foreign_server_oid(), get_language_oid(), get_namespace_oid(), get_tablespace_oid(), lappend_oid(), LargeObjectExists(), lfirst, LookupFuncWithArgs(), makeTypeNameFromNameList(), NIL, NoLock, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, OidIsValid, oidparse(), ParameterAclCreate(), ParameterAclLookup(), RangeVarGetRelid, strVal, typenameTypeId(), and typname.

Referenced by ExecuteGrantStmt().

◆ objectsInSchemaToOids()

static List * objectsInSchemaToOids ( ObjectType  objtype,
List nspnames 
)
static

Definition at line 848 of file aclchk.c.

849 {
850  List *objects = NIL;
851  ListCell *cell;
852 
853  foreach(cell, nspnames)
854  {
855  char *nspname = strVal(lfirst(cell));
856  Oid namespaceId;
857  List *objs;
858 
859  namespaceId = LookupExplicitNamespace(nspname, false);
860 
861  switch (objtype)
862  {
863  case OBJECT_TABLE:
864  objs = getRelationsInNamespace(namespaceId, RELKIND_RELATION);
865  objects = list_concat(objects, objs);
866  objs = getRelationsInNamespace(namespaceId, RELKIND_VIEW);
867  objects = list_concat(objects, objs);
868  objs = getRelationsInNamespace(namespaceId, RELKIND_MATVIEW);
869  objects = list_concat(objects, objs);
870  objs = getRelationsInNamespace(namespaceId, RELKIND_FOREIGN_TABLE);
871  objects = list_concat(objects, objs);
872  objs = getRelationsInNamespace(namespaceId, RELKIND_PARTITIONED_TABLE);
873  objects = list_concat(objects, objs);
874  break;
875  case OBJECT_SEQUENCE:
876  objs = getRelationsInNamespace(namespaceId, RELKIND_SEQUENCE);
877  objects = list_concat(objects, objs);
878  break;
879  case OBJECT_FUNCTION:
880  case OBJECT_PROCEDURE:
881  case OBJECT_ROUTINE:
882  {
883  ScanKeyData key[2];
884  int keycount;
885  Relation rel;
886  TableScanDesc scan;
887  HeapTuple tuple;
888 
889  keycount = 0;
890  ScanKeyInit(&key[keycount++],
891  Anum_pg_proc_pronamespace,
892  BTEqualStrategyNumber, F_OIDEQ,
893  ObjectIdGetDatum(namespaceId));
894 
895  if (objtype == OBJECT_FUNCTION)
896  /* includes aggregates and window functions */
897  ScanKeyInit(&key[keycount++],
898  Anum_pg_proc_prokind,
899  BTEqualStrategyNumber, F_CHARNE,
900  CharGetDatum(PROKIND_PROCEDURE));
901  else if (objtype == OBJECT_PROCEDURE)
902  ScanKeyInit(&key[keycount++],
903  Anum_pg_proc_prokind,
904  BTEqualStrategyNumber, F_CHAREQ,
905  CharGetDatum(PROKIND_PROCEDURE));
906 
907  rel = table_open(ProcedureRelationId, AccessShareLock);
908  scan = table_beginscan_catalog(rel, keycount, key);
909 
910  while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
911  {
912  Oid oid = ((Form_pg_proc) GETSTRUCT(tuple))->oid;
913 
914  objects = lappend_oid(objects, oid);
915  }
916 
917  table_endscan(scan);
919  }
920  break;
921  default:
922  /* should not happen */
923  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
924  (int) objtype);
925  }
926  }
927 
928  return objects;
929 }
static List * getRelationsInNamespace(Oid namespaceId, char relkind)
Definition: aclchk.c:937
List * list_concat(List *list1, const List *list2)
Definition: list.c:561
Oid LookupExplicitNamespace(const char *nspname, bool missing_ok)
Definition: namespace.c:3370
FormData_pg_proc * Form_pg_proc
Definition: pg_proc.h:136

References AccessShareLock, BTEqualStrategyNumber, CharGetDatum(), elog, ERROR, ForwardScanDirection, getRelationsInNamespace(), GETSTRUCT, heap_getnext(), sort-test::key, lappend_oid(), lfirst, list_concat(), LookupExplicitNamespace(), NIL, OBJECT_FUNCTION, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SEQUENCE, OBJECT_TABLE, ObjectIdGetDatum(), ScanKeyInit(), strVal, table_beginscan_catalog(), table_close(), table_endscan(), and table_open().

Referenced by ExecuteGrantStmt().

◆ pg_aclmask()

static AclMode pg_aclmask ( ObjectType  objtype,
Oid  object_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 3019 of file aclchk.c.

3021 {
3022  switch (objtype)
3023  {
3024  case OBJECT_COLUMN:
3025  return
3026  pg_class_aclmask(object_oid, roleid, mask, how) |
3027  pg_attribute_aclmask(object_oid, attnum, roleid, mask, how);
3028  case OBJECT_TABLE:
3029  case OBJECT_SEQUENCE:
3030  return pg_class_aclmask(object_oid, roleid, mask, how);
3031  case OBJECT_DATABASE:
3032  return object_aclmask(DatabaseRelationId, object_oid, roleid, mask, how);
3033  case OBJECT_FUNCTION:
3034  return object_aclmask(ProcedureRelationId, object_oid, roleid, mask, how);
3035  case OBJECT_LANGUAGE:
3036  return object_aclmask(LanguageRelationId, object_oid, roleid, mask, how);
3037  case OBJECT_LARGEOBJECT:
3038  return pg_largeobject_aclmask_snapshot(object_oid, roleid,
3039  mask, how, NULL);
3040  case OBJECT_PARAMETER_ACL:
3041  return pg_parameter_acl_aclmask(object_oid, roleid, mask, how);
3042  case OBJECT_SCHEMA:
3043  return object_aclmask(NamespaceRelationId, object_oid, roleid, mask, how);
3044  case OBJECT_STATISTIC_EXT:
3045  elog(ERROR, "grantable rights not supported for statistics objects");
3046  /* not reached, but keep compiler quiet */
3047  return ACL_NO_RIGHTS;
3048  case OBJECT_TABLESPACE:
3049  return object_aclmask(TableSpaceRelationId, object_oid, roleid, mask, how);
3050  case OBJECT_FDW:
3051  return object_aclmask(ForeignDataWrapperRelationId, object_oid, roleid, mask, how);
3052  case OBJECT_FOREIGN_SERVER:
3053  return object_aclmask(ForeignServerRelationId, object_oid, roleid, mask, how);
3054  case OBJECT_EVENT_TRIGGER:
3055  elog(ERROR, "grantable rights not supported for event triggers");
3056  /* not reached, but keep compiler quiet */
3057  return ACL_NO_RIGHTS;
3058  case OBJECT_TYPE:
3059  return object_aclmask(TypeRelationId, object_oid, roleid, mask, how);
3060  default:
3061  elog(ERROR, "unrecognized object type: %d",
3062  (int) objtype);
3063  /* not reached, but keep compiler quiet */
3064  return ACL_NO_RIGHTS;
3065  }
3066 }
static AclMode pg_largeobject_aclmask_snapshot(Oid lobj_oid, Oid roleid, AclMode mask, AclMaskHow how, Snapshot snapshot)
Definition: aclchk.c:3575
static AclMode pg_attribute_aclmask(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3187
static AclMode pg_parameter_acl_aclmask(Oid acl_oid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3516
static AclMode object_aclmask(Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3084
AclMode pg_class_aclmask(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3312

References ACL_NO_RIGHTS, attnum, elog, ERROR, object_aclmask(), OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_EVENT_TRIGGER, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_STATISTIC_EXT, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, pg_attribute_aclmask(), pg_class_aclmask(), pg_largeobject_aclmask_snapshot(), and pg_parameter_acl_aclmask().

Referenced by restrict_and_check_grant().

◆ pg_attribute_aclcheck()

AclResult pg_attribute_aclcheck ( Oid  table_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mode 
)

Definition at line 3908 of file aclchk.c.

3910 {
3911  return pg_attribute_aclcheck_ext(table_oid, attnum, roleid, mode, NULL);
3912 }
AclResult pg_attribute_aclcheck_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
Definition: aclchk.c:3920

References attnum, mode, and pg_attribute_aclcheck_ext().

Referenced by BuildIndexValueDescription(), checkFkeyPermissions(), examine_simple_variable(), ExecBuildSlotPartitionKeyDescription(), ExecBuildSlotValueDescription(), ExecCheckOneRelPerms(), ExecCheckPermissionsModified(), ri_ReportViolation(), and statext_is_compatible_clause().

◆ pg_attribute_aclcheck_all()

AclResult pg_attribute_aclcheck_all ( Oid  table_oid,
Oid  roleid,
AclMode  mode,
AclMaskHow  how 
)

Definition at line 3950 of file aclchk.c.

3952 {
3953  return pg_attribute_aclcheck_all_ext(table_oid, roleid, mode, how, NULL);
3954 }
AclResult pg_attribute_aclcheck_all_ext(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:3961

References mode, and pg_attribute_aclcheck_all_ext().

Referenced by ExecCheckOneRelPerms(), ExecCheckPermissionsModified(), has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_name(), and statext_is_compatible_clause().

◆ pg_attribute_aclcheck_all_ext()

AclResult pg_attribute_aclcheck_all_ext ( Oid  table_oid,
Oid  roleid,
AclMode  mode,
AclMaskHow  how,
bool is_missing 
)

Definition at line 3961 of file aclchk.c.

3964 {
3965  AclResult result;
3966  HeapTuple classTuple;
3967  Form_pg_class classForm;
3968  Oid ownerId;
3969  AttrNumber nattrs;
3970  AttrNumber curr_att;
3971 
3972  /*
3973  * Must fetch pg_class row to get owner ID and number of attributes.
3974  */
3975  classTuple = SearchSysCache1(RELOID, ObjectIdGetDatum(table_oid));
3976  if (!HeapTupleIsValid(classTuple))
3977  {
3978  if (is_missing != NULL)
3979  {
3980  /* return "no privileges" instead of throwing an error */
3981  *is_missing = true;
3982  return ACLCHECK_NO_PRIV;
3983  }
3984  else
3985  ereport(ERROR,
3987  errmsg("relation with OID %u does not exist",
3988  table_oid)));
3989  }
3990  classForm = (Form_pg_class) GETSTRUCT(classTuple);
3991 
3992  ownerId = classForm->relowner;
3993  nattrs = classForm->relnatts;
3994 
3995  ReleaseSysCache(classTuple);
3996 
3997  /*
3998  * Initialize result in case there are no non-dropped columns. We want to
3999  * report failure in such cases for either value of 'how'.
4000  */
4001  result = ACLCHECK_NO_PRIV;
4002 
4003  for (curr_att = 1; curr_att <= nattrs; curr_att++)
4004  {
4005  HeapTuple attTuple;
4006  Datum aclDatum;
4007  bool isNull;
4008  Acl *acl;
4009  AclMode attmask;
4010 
4011  attTuple = SearchSysCache2(ATTNUM,
4012  ObjectIdGetDatum(table_oid),
4013  Int16GetDatum(curr_att));
4014 
4015  /*
4016  * Lookup failure probably indicates that the table was just dropped,
4017  * but we'll treat it the same as a dropped column rather than
4018  * throwing error.
4019  */
4020  if (!HeapTupleIsValid(attTuple))
4021  continue;
4022 
4023  /* ignore dropped columns */
4024  if (((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped)
4025  {
4026  ReleaseSysCache(attTuple);
4027  continue;
4028  }
4029 
4030  aclDatum = SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
4031  &isNull);
4032 
4033  /*
4034  * Here we hard-wire knowledge that the default ACL for a column
4035  * grants no privileges, so that we can fall out quickly in the very
4036  * common case where attacl is null.
4037  */
4038  if (isNull)
4039  attmask = 0;
4040  else
4041  {
4042  /* detoast column's ACL if necessary */
4043  acl = DatumGetAclP(aclDatum);
4044 
4045  attmask = aclmask(acl, roleid, ownerId, mode, ACLMASK_ANY);
4046 
4047  /* if we have a detoasted copy, free it */
4048  if ((Pointer) acl != DatumGetPointer(aclDatum))
4049  pfree(acl);
4050  }
4051 
4052  ReleaseSysCache(attTuple);
4053 
4054  if (attmask != 0)
4055  {
4056  result = ACLCHECK_OK;
4057  if (how == ACLMASK_ANY)
4058  break; /* succeed on any success */
4059  }
4060  else
4061  {
4062  result = ACLCHECK_NO_PRIV;
4063  if (how == ACLMASK_ALL)
4064  break; /* fail on any failure */
4065  }
4066  }
4067 
4068  return result;
4069 }
AclResult
Definition: acl.h:182
@ ACLMASK_ALL
Definition: acl.h:176
#define ERRCODE_UNDEFINED_TABLE
Definition: pgbench.c:78

References ACLCHECK_NO_PRIV, ACLCHECK_OK, aclmask(), ACLMASK_ALL, ACLMASK_ANY, DatumGetAclP, DatumGetPointer(), ereport, errcode(), ERRCODE_UNDEFINED_TABLE, errmsg(), ERROR, GETSTRUCT, HeapTupleIsValid, Int16GetDatum(), mode, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), SearchSysCache2(), and SysCacheGetAttr().

Referenced by has_any_column_privilege_id(), has_any_column_privilege_id_id(), has_any_column_privilege_name_id(), and pg_attribute_aclcheck_all().

◆ pg_attribute_aclcheck_ext()

AclResult pg_attribute_aclcheck_ext ( Oid  table_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mode,
bool is_missing 
)

Definition at line 3920 of file aclchk.c.

3922 {
3923  if (pg_attribute_aclmask_ext(table_oid, attnum, roleid, mode,
3924  ACLMASK_ANY, is_missing) != 0)
3925  return ACLCHECK_OK;
3926  else
3927  return ACLCHECK_NO_PRIV;
3928 }
static AclMode pg_attribute_aclmask_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:3198

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, attnum, mode, and pg_attribute_aclmask_ext().

Referenced by column_privilege_check(), and pg_attribute_aclcheck().

◆ pg_attribute_aclmask()

static AclMode pg_attribute_aclmask ( Oid  table_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 3187 of file aclchk.c.

3189 {
3190  return pg_attribute_aclmask_ext(table_oid, attnum, roleid,
3191  mask, how, NULL);
3192 }

References attnum, and pg_attribute_aclmask_ext().

Referenced by pg_aclmask().

◆ pg_attribute_aclmask_ext()

static AclMode pg_attribute_aclmask_ext ( Oid  table_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
bool is_missing 
)
static

Definition at line 3198 of file aclchk.c.

3200 {
3201  AclMode result;
3202  HeapTuple classTuple;
3203  HeapTuple attTuple;
3204  Form_pg_class classForm;
3205  Form_pg_attribute attributeForm;
3206  Datum aclDatum;
3207  bool isNull;
3208  Acl *acl;
3209  Oid ownerId;
3210 
3211  /*
3212  * First, get the column's ACL from its pg_attribute entry
3213  */
3214  attTuple = SearchSysCache2(ATTNUM,
3215  ObjectIdGetDatum(table_oid),
3217  if (!HeapTupleIsValid(attTuple))
3218  {
3219  if (is_missing != NULL)
3220  {
3221  /* return "no privileges" instead of throwing an error */
3222  *is_missing = true;
3223  return 0;
3224  }
3225  else
3226  ereport(ERROR,
3227  (errcode(ERRCODE_UNDEFINED_COLUMN),
3228  errmsg("attribute %d of relation with OID %u does not exist",
3229  attnum, table_oid)));
3230  }
3231 
3232  attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
3233 
3234  /* Check dropped columns, too */
3235  if (attributeForm->attisdropped)
3236  {
3237  if (is_missing != NULL)
3238  {
3239  /* return "no privileges" instead of throwing an error */
3240  *is_missing = true;
3241  ReleaseSysCache(attTuple);
3242  return 0;
3243  }
3244  else
3245  ereport(ERROR,
3246  (errcode(ERRCODE_UNDEFINED_COLUMN),
3247  errmsg("attribute %d of relation with OID %u does not exist",
3248  attnum, table_oid)));
3249  }
3250 
3251  aclDatum = SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
3252  &isNull);
3253 
3254  /*
3255  * Here we hard-wire knowledge that the default ACL for a column grants no
3256  * privileges, so that we can fall out quickly in the very common case
3257  * where attacl is null.
3258  */
3259  if (isNull)
3260  {
3261  ReleaseSysCache(attTuple);
3262  return 0;
3263  }
3264 
3265  /*
3266  * Must get the relation's ownerId from pg_class. Since we already found
3267  * a pg_attribute entry, the only likely reason for this to fail is that a
3268  * concurrent DROP of the relation committed since then (which could only
3269  * happen if we don't have lock on the relation). Treat that similarly to
3270  * not finding the attribute entry.
3271  */
3272  classTuple = SearchSysCache1(RELOID, ObjectIdGetDatum(table_oid));
3273  if (!HeapTupleIsValid(classTuple))
3274  {
3275  ReleaseSysCache(attTuple);
3276  if (is_missing != NULL)
3277  {
3278  /* return "no privileges" instead of throwing an error */
3279  *is_missing = true;
3280  return 0;
3281  }
3282  else
3283  ereport(ERROR,
3285  errmsg("relation with OID %u does not exist",
3286  table_oid)));
3287  }
3288  classForm = (Form_pg_class) GETSTRUCT(classTuple);
3289 
3290  ownerId = classForm->relowner;
3291 
3292  ReleaseSysCache(classTuple);
3293 
3294  /* detoast column's ACL if necessary */
3295  acl = DatumGetAclP(aclDatum);
3296 
3297  result = aclmask(acl, roleid, ownerId, mask, how);
3298 
3299  /* if we have a detoasted copy, free it */
3300  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3301  pfree(acl);
3302 
3303  ReleaseSysCache(attTuple);
3304 
3305  return result;
3306 }

References aclmask(), attnum, DatumGetAclP, DatumGetPointer(), ereport, errcode(), ERRCODE_UNDEFINED_TABLE, errmsg(), ERROR, GETSTRUCT, HeapTupleIsValid, Int16GetDatum(), ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), SearchSysCache2(), and SysCacheGetAttr().

Referenced by pg_attribute_aclcheck_ext(), and pg_attribute_aclmask().

◆ pg_class_aclcheck()

◆ pg_class_aclcheck_ext()

AclResult pg_class_aclcheck_ext ( Oid  table_oid,
Oid  roleid,
AclMode  mode,
bool is_missing 
)

Definition at line 4089 of file aclchk.c.

4091 {
4092  if (pg_class_aclmask_ext(table_oid, roleid, mode,
4093  ACLMASK_ANY, is_missing) != 0)
4094  return ACLCHECK_OK;
4095  else
4096  return ACLCHECK_NO_PRIV;
4097 }
static AclMode pg_class_aclmask_ext(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:3322

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, and pg_class_aclmask_ext().

Referenced by column_privilege_check(), has_any_column_privilege_id(), has_any_column_privilege_id_id(), has_any_column_privilege_name_id(), has_sequence_privilege_id(), has_sequence_privilege_id_id(), has_sequence_privilege_name_id(), has_table_privilege_id(), has_table_privilege_id_id(), has_table_privilege_name_id(), and pg_class_aclcheck().

◆ pg_class_aclmask()

AclMode pg_class_aclmask ( Oid  table_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)

Definition at line 3312 of file aclchk.c.

3314 {
3315  return pg_class_aclmask_ext(table_oid, roleid, mask, how, NULL);
3316 }

References pg_class_aclmask_ext().

Referenced by ExecCheckOneRelPerms(), and pg_aclmask().

◆ pg_class_aclmask_ext()

static AclMode pg_class_aclmask_ext ( Oid  table_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
bool is_missing 
)
static

Definition at line 3322 of file aclchk.c.

3324 {
3325  AclMode result;
3326  HeapTuple tuple;
3327  Form_pg_class classForm;
3328  Datum aclDatum;
3329  bool isNull;
3330  Acl *acl;
3331  Oid ownerId;
3332 
3333  /*
3334  * Must get the relation's tuple from pg_class
3335  */
3336  tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(table_oid));
3337  if (!HeapTupleIsValid(tuple))
3338  {
3339  if (is_missing != NULL)
3340  {
3341  /* return "no privileges" instead of throwing an error */
3342  *is_missing = true;
3343  return 0;
3344  }
3345  else
3346  ereport(ERROR,
3348  errmsg("relation with OID %u does not exist",
3349  table_oid)));
3350  }
3351 
3352  classForm = (Form_pg_class) GETSTRUCT(tuple);
3353 
3354  /*
3355  * Deny anyone permission to update a system catalog unless
3356  * pg_authid.rolsuper is set.
3357  *
3358  * As of 7.4 we have some updatable system views; those shouldn't be
3359  * protected in this way. Assume the view rules can take care of
3360  * themselves. ACL_USAGE is if we ever have system sequences.
3361  */
3362  if ((mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE | ACL_USAGE)) &&
3363  IsSystemClass(table_oid, classForm) &&
3364  classForm->relkind != RELKIND_VIEW &&
3365  !superuser_arg(roleid))
3367 
3368  /*
3369  * Otherwise, superusers bypass all permission-checking.
3370  */
3371  if (superuser_arg(roleid))
3372  {
3373  ReleaseSysCache(tuple);
3374  return mask;
3375  }
3376 
3377  /*
3378  * Normal case: get the relation's ACL from pg_class
3379  */
3380  ownerId = classForm->relowner;
3381 
3382  aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
3383  &isNull);
3384  if (isNull)
3385  {
3386  /* No ACL, so build default ACL */
3387  switch (classForm->relkind)
3388  {
3389  case RELKIND_SEQUENCE:
3390  acl = acldefault(OBJECT_SEQUENCE, ownerId);
3391  break;
3392  default:
3393  acl = acldefault(OBJECT_TABLE, ownerId);
3394  break;
3395  }
3396  aclDatum = (Datum) 0;
3397  }
3398  else
3399  {
3400  /* detoast rel's ACL if necessary */
3401  acl = DatumGetAclP(aclDatum);
3402  }
3403 
3404  result = aclmask(acl, roleid, ownerId, mask, how);
3405 
3406  /* if we have a detoasted copy, free it */
3407  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3408  pfree(acl);
3409 
3410  ReleaseSysCache(tuple);
3411 
3412  /*
3413  * Check if ACL_SELECT is being checked and, if so, and not set already as
3414  * part of the result, then check if the user is a member of the
3415  * pg_read_all_data role, which allows read access to all relations.
3416  */
3417  if (mask & ACL_SELECT && !(result & ACL_SELECT) &&
3418  has_privs_of_role(roleid, ROLE_PG_READ_ALL_DATA))
3419  result |= ACL_SELECT;
3420 
3421  /*
3422  * Check if ACL_INSERT, ACL_UPDATE, or ACL_DELETE is being checked and, if
3423  * so, and not set already as part of the result, then check if the user
3424  * is a member of the pg_write_all_data role, which allows
3425  * INSERT/UPDATE/DELETE access to all relations (except system catalogs,
3426  * which requires superuser, see above).
3427  */
3428  if (mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE) &&
3429  !(result & (ACL_INSERT | ACL_UPDATE | ACL_DELETE)) &&
3430  has_privs_of_role(roleid, ROLE_PG_WRITE_ALL_DATA))
3431  result |= (mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE));
3432 
3433  /*
3434  * Check if ACL_MAINTAIN is being checked and, if so, and not already set
3435  * as part of the result, then check if the user is a member of the
3436  * pg_maintain role, which allows VACUUM, ANALYZE, CLUSTER, REFRESH
3437  * MATERIALIZED VIEW, and REINDEX on all relations.
3438  */
3439  if (mask & ACL_MAINTAIN &&
3440  !(result & ACL_MAINTAIN) &&
3441  has_privs_of_role(roleid, ROLE_PG_MAINTAIN))
3442  result |= ACL_MAINTAIN;
3443 
3444  return result;
3445 }
bool IsSystemClass(Oid relid, Form_pg_class reltuple)
Definition: catalog.c:85
#define ACL_DELETE
Definition: parsenodes.h:79
#define ACL_MAINTAIN
Definition: parsenodes.h:90
#define ACL_USAGE
Definition: parsenodes.h:84
#define ACL_INSERT
Definition: parsenodes.h:76
#define ACL_UPDATE
Definition: parsenodes.h:78
#define ACL_TRUNCATE
Definition: parsenodes.h:80

References ACL_DELETE, ACL_INSERT, ACL_MAINTAIN, ACL_SELECT, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, acldefault(), aclmask(), DatumGetAclP, DatumGetPointer(), ereport, errcode(), ERRCODE_UNDEFINED_TABLE, errmsg(), ERROR, GETSTRUCT, has_privs_of_role(), HeapTupleIsValid, IsSystemClass(), OBJECT_SEQUENCE, OBJECT_TABLE, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by pg_class_aclcheck_ext(), and pg_class_aclmask().

◆ pg_largeobject_aclcheck_snapshot()

AclResult pg_largeobject_aclcheck_snapshot ( Oid  lobj_oid,
Oid  roleid,
AclMode  mode,
Snapshot  snapshot 
)

Definition at line 4116 of file aclchk.c.

4118 {
4119  if (pg_largeobject_aclmask_snapshot(lobj_oid, roleid, mode,
4120  ACLMASK_ANY, snapshot) != 0)
4121  return ACLCHECK_OK;
4122  else
4123  return ACLCHECK_NO_PRIV;
4124 }

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, and pg_largeobject_aclmask_snapshot().

Referenced by be_lo_put(), and inv_open().

◆ pg_largeobject_aclmask_snapshot()

static AclMode pg_largeobject_aclmask_snapshot ( Oid  lobj_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
Snapshot  snapshot 
)
static

Definition at line 3575 of file aclchk.c.

3578 {
3579  AclMode result;
3580  Relation pg_lo_meta;
3581  ScanKeyData entry[1];
3582  SysScanDesc scan;
3583  HeapTuple tuple;
3584  Datum aclDatum;
3585  bool isNull;
3586  Acl *acl;
3587  Oid ownerId;
3588 
3589  /* Superusers bypass all permission checking. */
3590  if (superuser_arg(roleid))
3591  return mask;
3592 
3593  /*
3594  * Get the largeobject's ACL from pg_largeobject_metadata
3595  */
3596  pg_lo_meta = table_open(LargeObjectMetadataRelationId,
3597  AccessShareLock);
3598 
3599  ScanKeyInit(&entry[0],
3600  Anum_pg_largeobject_metadata_oid,
3601  BTEqualStrategyNumber, F_OIDEQ,
3602  ObjectIdGetDatum(lobj_oid));
3603 
3604  scan = systable_beginscan(pg_lo_meta,
3605  LargeObjectMetadataOidIndexId, true,
3606  snapshot, 1, entry);
3607 
3608  tuple = systable_getnext(scan);
3609  if (!HeapTupleIsValid(tuple))
3610  ereport(ERROR,
3611  (errcode(ERRCODE_UNDEFINED_OBJECT),
3612  errmsg("large object %u does not exist", lobj_oid)));
3613 
3614  ownerId = ((Form_pg_largeobject_metadata) GETSTRUCT(tuple))->lomowner;
3615 
3616  aclDatum = heap_getattr(tuple, Anum_pg_largeobject_metadata_lomacl,
3617  RelationGetDescr(pg_lo_meta), &isNull);
3618 
3619  if (isNull)
3620  {
3621  /* No ACL, so build default ACL */
3622  acl = acldefault(OBJECT_LARGEOBJECT, ownerId);
3623  aclDatum = (Datum) 0;
3624  }
3625  else
3626  {
3627  /* detoast ACL if necessary */
3628  acl = DatumGetAclP(aclDatum);
3629  }
3630 
3631  result = aclmask(acl, roleid, ownerId, mask, how);
3632 
3633  /* if we have a detoasted copy, free it */
3634  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3635  pfree(acl);
3636 
3637  systable_endscan(scan);
3638 
3639  table_close(pg_lo_meta, AccessShareLock);
3640 
3641  return result;
3642 }

References AccessShareLock, acldefault(), aclmask(), BTEqualStrategyNumber, DatumGetAclP, DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, GETSTRUCT, heap_getattr(), HeapTupleIsValid, OBJECT_LARGEOBJECT, ObjectIdGetDatum(), pfree(), RelationGetDescr, ScanKeyInit(), superuser_arg(), systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by pg_aclmask(), and pg_largeobject_aclcheck_snapshot().

◆ pg_namespace_aclmask_ext()

static AclMode pg_namespace_aclmask_ext ( Oid  nsp_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
bool is_missing 
)
static

Definition at line 3648 of file aclchk.c.

3651 {
3652  AclMode result;
3653  HeapTuple tuple;
3654  Datum aclDatum;
3655  bool isNull;
3656  Acl *acl;
3657  Oid ownerId;
3658 
3659  /* Superusers bypass all permission checking. */
3660  if (superuser_arg(roleid))
3661  return mask;
3662 
3663  /*
3664  * If we have been assigned this namespace as a temp namespace, check to
3665  * make sure we have CREATE TEMP permission on the database, and if so act
3666  * as though we have all standard (but not GRANT OPTION) permissions on
3667  * the namespace. If we don't have CREATE TEMP, act as though we have
3668  * only USAGE (and not CREATE) rights.
3669  *
3670  * This may seem redundant given the check in InitTempTableNamespace, but
3671  * it really isn't since current user ID may have changed since then. The
3672  * upshot of this behavior is that a SECURITY DEFINER function can create
3673  * temp tables that can then be accessed (if permission is granted) by
3674  * code in the same session that doesn't have permissions to create temp
3675  * tables.
3676  *
3677  * XXX Would it be safe to ereport a special error message as
3678  * InitTempTableNamespace does? Returning zero here means we'll get a
3679  * generic "permission denied for schema pg_temp_N" message, which is not
3680  * remarkably user-friendly.
3681  */
3682  if (isTempNamespace(nsp_oid))
3683  {
3684  if (object_aclcheck_ext(DatabaseRelationId, MyDatabaseId, roleid,
3685  ACL_CREATE_TEMP, is_missing) == ACLCHECK_OK)
3686  return mask & ACL_ALL_RIGHTS_SCHEMA;
3687  else
3688  return mask & ACL_USAGE;
3689  }
3690 
3691  /*
3692  * Get the schema's ACL from pg_namespace
3693  */
3694  tuple = SearchSysCache1(NAMESPACEOID, ObjectIdGetDatum(nsp_oid));
3695  if (!HeapTupleIsValid(tuple))
3696  {
3697  if (is_missing != NULL)
3698  {
3699  /* return "no privileges" instead of throwing an error */
3700  *is_missing = true;
3701  return 0;
3702  }
3703  else
3704  ereport(ERROR,
3705  (errcode(ERRCODE_UNDEFINED_SCHEMA),
3706  errmsg("schema with OID %u does not exist", nsp_oid)));
3707  }
3708 
3709  ownerId = ((Form_pg_namespace) GETSTRUCT(tuple))->nspowner;
3710 
3711  aclDatum = SysCacheGetAttr(NAMESPACEOID, tuple, Anum_pg_namespace_nspacl,
3712  &isNull);
3713  if (isNull)
3714  {
3715  /* No ACL, so build default ACL */
3716  acl = acldefault(OBJECT_SCHEMA, ownerId);
3717  aclDatum = (Datum) 0;
3718  }
3719  else
3720  {
3721  /* detoast ACL if necessary */
3722  acl = DatumGetAclP(aclDatum);
3723  }
3724 
3725  result = aclmask(acl, roleid, ownerId, mask, how);
3726 
3727  /* if we have a detoasted copy, free it */
3728  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3729  pfree(acl);
3730 
3731  ReleaseSysCache(tuple);
3732 
3733  /*
3734  * Check if ACL_USAGE is being checked and, if so, and not set already as
3735  * part of the result, then check if the user is a member of the
3736  * pg_read_all_data or pg_write_all_data roles, which allow usage access
3737  * to all schemas.
3738  */
3739  if (mask & ACL_USAGE && !(result & ACL_USAGE) &&
3740  (has_privs_of_role(roleid, ROLE_PG_READ_ALL_DATA) ||
3741  has_privs_of_role(roleid, ROLE_PG_WRITE_ALL_DATA)))
3742  result |= ACL_USAGE;
3743  return result;
3744 }
Oid MyDatabaseId
Definition: globals.c:91
bool isTempNamespace(Oid namespaceId)
Definition: namespace.c:3634
#define ACL_CREATE_TEMP
Definition: parsenodes.h:86
FormData_pg_namespace * Form_pg_namespace
Definition: pg_namespace.h:52

References ACL_ALL_RIGHTS_SCHEMA, ACL_CREATE_TEMP, ACL_USAGE, ACLCHECK_OK, acldefault(), aclmask(), DatumGetAclP, DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, GETSTRUCT, has_privs_of_role(), HeapTupleIsValid, isTempNamespace(), MyDatabaseId, object_aclcheck_ext(), OBJECT_SCHEMA, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by object_aclmask_ext().

◆ pg_parameter_acl_aclmask()

static AclMode pg_parameter_acl_aclmask ( Oid  acl_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 3516 of file aclchk.c.

3517 {
3518  AclMode result;
3519  HeapTuple tuple;
3520  Datum aclDatum;
3521  bool isNull;
3522  Acl *acl;
3523 
3524  /* Superusers bypass all permission checking. */
3525  if (superuser_arg(roleid))
3526  return mask;
3527 
3528  /* Get the ACL from pg_parameter_acl */
3529  tuple = SearchSysCache1(PARAMETERACLOID, ObjectIdGetDatum(acl_oid));
3530  if (!HeapTupleIsValid(tuple))
3531  ereport(ERROR,
3532  (errcode(ERRCODE_UNDEFINED_OBJECT),
3533  errmsg("parameter ACL with OID %u does not exist",
3534  acl_oid)));
3535 
3536  aclDatum = SysCacheGetAttr(PARAMETERACLOID, tuple,
3537  Anum_pg_parameter_acl_paracl,
3538  &isNull);
3539  if (isNull)
3540  {
3541  /* No ACL, so build default ACL */
3542  acl = acldefault(OBJECT_PARAMETER_ACL, BOOTSTRAP_SUPERUSERID);
3543  aclDatum = (Datum) 0;
3544  }
3545  else
3546  {
3547  /* detoast ACL if necessary */
3548  acl = DatumGetAclP(aclDatum);
3549  }
3550 
3551  result = aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3552 
3553  /* if we have a detoasted copy, free it */
3554  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3555  pfree(acl);
3556 
3557  ReleaseSysCache(tuple);
3558 
3559  return result;
3560 }

References acldefault(), aclmask(), DatumGetAclP, DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, HeapTupleIsValid, OBJECT_PARAMETER_ACL, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by pg_aclmask().

◆ pg_parameter_aclcheck()

AclResult pg_parameter_aclcheck ( const char *  name,
Oid  roleid,
AclMode  mode 
)

Definition at line 4104 of file aclchk.c.

4105 {
4106  if (pg_parameter_aclmask(name, roleid, mode, ACLMASK_ANY) != 0)
4107  return ACLCHECK_OK;
4108  else
4109  return ACLCHECK_NO_PRIV;
4110 }
static AclMode pg_parameter_aclmask(const char *name, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3452
const char * name

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, name, and pg_parameter_aclmask().

Referenced by AlterSystemSetConfigFile(), has_param_priv_byname(), set_config_with_handle(), and validate_option_array_item().

◆ pg_parameter_aclmask()

static AclMode pg_parameter_aclmask ( const char *  name,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 3452 of file aclchk.c.

3453 {
3454  AclMode result;
3455  char *parname;
3456  text *partext;
3457  HeapTuple tuple;
3458 
3459  /* Superusers bypass all permission checking. */
3460  if (superuser_arg(roleid))
3461  return mask;
3462 
3463  /* Convert name to the form it should have in pg_parameter_acl... */
3465  partext = cstring_to_text(parname);
3466 
3467  /* ... and look it up */
3468  tuple = SearchSysCache1(PARAMETERACLNAME, PointerGetDatum(partext));
3469 
3470  if (!HeapTupleIsValid(tuple))
3471  {
3472  /* If no entry, GUC has no permissions for non-superusers */
3473  result = ACL_NO_RIGHTS;
3474  }
3475  else
3476  {
3477  Datum aclDatum;
3478  bool isNull;
3479  Acl *acl;
3480 
3481  aclDatum = SysCacheGetAttr(PARAMETERACLNAME, tuple,
3482  Anum_pg_parameter_acl_paracl,
3483  &isNull);
3484  if (isNull)
3485  {
3486  /* No ACL, so build default ACL */
3487  acl = acldefault(OBJECT_PARAMETER_ACL, BOOTSTRAP_SUPERUSERID);
3488  aclDatum = (Datum) 0;
3489  }
3490  else
3491  {
3492  /* detoast ACL if necessary */
3493  acl = DatumGetAclP(aclDatum);
3494  }
3495 
3496  result = aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3497 
3498  /* if we have a detoasted copy, free it */
3499  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3500  pfree(acl);
3501 
3502  ReleaseSysCache(tuple);
3503  }
3504 
3505  pfree(parname);
3506  pfree(partext);
3507 
3508  return result;
3509 }
char * convert_GUC_name_for_parameter_acl(const char *name)
Definition: guc.c:1376
Definition: c.h:674
text * cstring_to_text(const char *s)
Definition: varlena.c:184

References ACL_NO_RIGHTS, acldefault(), aclmask(), convert_GUC_name_for_parameter_acl(), cstring_to_text(), DatumGetAclP, DatumGetPointer(), HeapTupleIsValid, name, OBJECT_PARAMETER_ACL, pfree(), PointerGetDatum(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by pg_parameter_aclcheck().

◆ pg_type_aclmask_ext()

static AclMode pg_type_aclmask_ext ( Oid  type_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
bool is_missing 
)
static

Definition at line 3750 of file aclchk.c.

3752 {
3753  AclMode result;
3754  HeapTuple tuple;
3755  Form_pg_type typeForm;
3756  Datum aclDatum;
3757  bool isNull;
3758  Acl *acl;
3759  Oid ownerId;
3760 
3761  /* Bypass permission checks for superusers */
3762  if (superuser_arg(roleid))
3763  return mask;
3764 
3765  /*
3766  * Must get the type's tuple from pg_type
3767  */
3768  tuple = SearchSysCache1(TYPEOID, ObjectIdGetDatum(type_oid));
3769  if (!HeapTupleIsValid(tuple))
3770  {
3771  if (is_missing != NULL)
3772  {
3773  /* return "no privileges" instead of throwing an error */
3774  *is_missing = true;
3775  return 0;
3776  }
3777  else
3778  ereport(ERROR,
3779  (errcode(ERRCODE_UNDEFINED_OBJECT),
3780  errmsg("type with OID %u does not exist",
3781  type_oid)));
3782  }
3783  typeForm = (Form_pg_type) GETSTRUCT(tuple);
3784 
3785  /*
3786  * "True" array types don't manage permissions of their own; consult the
3787  * element type instead.
3788  */
3789  if (IsTrueArrayType(typeForm))
3790  {
3791  Oid elttype_oid = typeForm->typelem;
3792 
3793  ReleaseSysCache(tuple);
3794 
3795  tuple = SearchSysCache1(TYPEOID, ObjectIdGetDatum(elttype_oid));
3796  if (!HeapTupleIsValid(tuple))
3797  {
3798  if (is_missing != NULL)
3799  {
3800  /* return "no privileges" instead of throwing an error */
3801  *is_missing = true;
3802  return 0;
3803  }
3804  else
3805  ereport(ERROR,
3806  (errcode(ERRCODE_UNDEFINED_OBJECT),
3807  errmsg("type with OID %u does not exist",
3808  elttype_oid)));
3809  }
3810  typeForm = (Form_pg_type) GETSTRUCT(tuple);
3811  }
3812 
3813  /*
3814  * Likewise, multirange types don't manage their own permissions; consult
3815  * the associated range type. (Note we must do this after the array step
3816  * to get the right answer for arrays of multiranges.)
3817  */
3818  if (typeForm->typtype == TYPTYPE_MULTIRANGE)
3819  {
3820  Oid rangetype = get_multirange_range(typeForm->oid);
3821 
3822  ReleaseSysCache(tuple);
3823 
3824  tuple = SearchSysCache1(TYPEOID, ObjectIdGetDatum(rangetype));
3825  if (!HeapTupleIsValid(tuple))
3826  {
3827  if (is_missing != NULL)
3828  {
3829  /* return "no privileges" instead of throwing an error */
3830  *is_missing = true;
3831  return 0;
3832  }
3833  else
3834  ereport(ERROR,
3835  (errcode(ERRCODE_UNDEFINED_OBJECT),
3836  errmsg("type with OID %u does not exist",
3837  rangetype)));
3838  }
3839  typeForm = (Form_pg_type) GETSTRUCT(tuple);
3840  }
3841 
3842  /*
3843  * Now get the type's owner and ACL from the tuple
3844  */
3845  ownerId = typeForm->typowner;
3846 
3847  aclDatum = SysCacheGetAttr(TYPEOID, tuple,
3848  Anum_pg_type_typacl, &isNull);
3849  if (isNull)
3850  {
3851  /* No ACL, so build default ACL */
3852  acl = acldefault(OBJECT_TYPE, ownerId);
3853  aclDatum = (Datum) 0;
3854  }
3855  else
3856  {
3857  /* detoast rel's ACL if necessary */
3858  acl = DatumGetAclP(aclDatum);
3859  }
3860 
3861  result = aclmask(acl, roleid, ownerId, mask, how);
3862 
3863  /* if we have a detoasted copy, free it */
3864  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3865  pfree(acl);
3866 
3867  ReleaseSysCache(tuple);
3868 
3869  return result;
3870 }
Oid get_multirange_range(Oid multirangeOid)
Definition: lsyscache.c:3439

References acldefault(), aclmask(), DatumGetAclP, DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, get_multirange_range(), GETSTRUCT, HeapTupleIsValid, OBJECT_TYPE, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by object_aclmask_ext().

◆ privilege_to_string()

static const char * privilege_to_string ( AclMode  privilege)
static

Definition at line 2641 of file aclchk.c.

2642 {
2643  switch (privilege)
2644  {
2645  case ACL_INSERT:
2646  return "INSERT";
2647  case ACL_SELECT:
2648  return "SELECT";
2649  case ACL_UPDATE:
2650  return "UPDATE";
2651  case ACL_DELETE:
2652  return "DELETE";
2653  case ACL_TRUNCATE:
2654  return "TRUNCATE";
2655  case ACL_REFERENCES:
2656  return "REFERENCES";
2657  case ACL_TRIGGER:
2658  return "TRIGGER";
2659  case ACL_EXECUTE:
2660  return "EXECUTE";
2661  case ACL_USAGE:
2662  return "USAGE";
2663  case ACL_CREATE:
2664  return "CREATE";
2665  case ACL_CREATE_TEMP:
2666  return "TEMP";
2667  case ACL_CONNECT:
2668  return "CONNECT";
2669  case ACL_SET:
2670  return "SET";
2671  case ACL_ALTER_SYSTEM:
2672  return "ALTER SYSTEM";
2673  case ACL_MAINTAIN:
2674  return "MAINTAIN";
2675  default:
2676  elog(ERROR, "unrecognized privilege: %d", (int) privilege);
2677  }
2678  return NULL; /* appease compiler */
2679 }
#define ACL_SET
Definition: parsenodes.h:88
#define ACL_CONNECT
Definition: parsenodes.h:87
#define ACL_ALTER_SYSTEM
Definition: parsenodes.h:89
#define ACL_REFERENCES
Definition: parsenodes.h:81
#define ACL_EXECUTE
Definition: parsenodes.h:83
#define ACL_CREATE
Definition: parsenodes.h:85
#define ACL_TRIGGER
Definition: parsenodes.h:82

References ACL_ALTER_SYSTEM, ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_MAINTAIN, ACL_REFERENCES, ACL_SELECT, ACL_SET, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, elog, and ERROR.

Referenced by ExecAlterDefaultPrivilegesStmt(), ExecGrant_Relation(), and ExecuteGrantStmt().

◆ recordDependencyOnNewAcl()

void recordDependencyOnNewAcl ( Oid  classId,
Oid  objectId,
int32  objsubId,
Oid  ownerId,
Acl acl 
)

Definition at line 4365 of file aclchk.c.

4367 {
4368  int nmembers;
4369  Oid *members;
4370 
4371  /* Nothing to do if ACL is defaulted */
4372  if (acl == NULL)
4373  return;
4374 
4375  /* Extract roles mentioned in ACL */
4376  nmembers = aclmembers(acl, &members);
4377 
4378  /* Update the shared dependency ACL info */
4379  updateAclDependencies(classId, objectId, objsubId,
4380  ownerId,
4381  0, NULL,
4382  nmembers, members);
4383 }

References aclmembers(), and updateAclDependencies().

Referenced by GenerateTypeDependencies(), heap_create_with_catalog(), NamespaceCreate(), and ProcedureCreate().

◆ recordExtensionInitPriv()

static void recordExtensionInitPriv ( Oid  objoid,
Oid  classoid,
int  objsubid,
Acl new_acl 
)
static

Definition at line 4638 of file aclchk.c.

4639 {
4640  /*
4641  * Generally, we only record the initial privileges when an extension is
4642  * being created, but because we don't actually use CREATE EXTENSION
4643  * during binary upgrades with pg_upgrade, there is a variable to let us
4644  * know that the GRANT and REVOKE statements being issued, while this
4645  * variable is true, are for the initial privileges of the extension
4646  * object and therefore we need to record them.
4647  */
4649  return;
4650 
4651  recordExtensionInitPrivWorker(objoid, classoid, objsubid, new_acl);
4652 }
static void recordExtensionInitPrivWorker(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
Definition: aclchk.c:4667
bool binary_upgrade_record_init_privs
Definition: aclchk.c:109
bool creating_extension
Definition: extension.c:71

References binary_upgrade_record_init_privs, creating_extension, and recordExtensionInitPrivWorker().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), and ExecGrant_Relation().

◆ recordExtensionInitPrivWorker()

static void recordExtensionInitPrivWorker ( Oid  objoid,
Oid  classoid,
int  objsubid,
Acl new_acl 
)
static

Definition at line 4667 of file aclchk.c.

4668 {
4669  Relation relation;
4670  ScanKeyData key[3];
4671  SysScanDesc scan;
4672  HeapTuple tuple;
4673  HeapTuple oldtuple;
4674 
4675  relation = table_open(InitPrivsRelationId, RowExclusiveLock);
4676 
4677  ScanKeyInit(&key[0],
4678  Anum_pg_init_privs_objoid,
4679  BTEqualStrategyNumber, F_OIDEQ,
4680  ObjectIdGetDatum(objoid));
4681  ScanKeyInit(&key[1],
4682  Anum_pg_init_privs_classoid,
4683  BTEqualStrategyNumber, F_OIDEQ,
4684  ObjectIdGetDatum(classoid));
4685  ScanKeyInit(&key[2],
4686  Anum_pg_init_privs_objsubid,
4687  BTEqualStrategyNumber, F_INT4EQ,
4688  Int32GetDatum(objsubid));
4689 
4690  scan = systable_beginscan(relation, InitPrivsObjIndexId, true,
4691  NULL, 3, key);
4692 
4693  /* There should exist only one entry or none. */
4694  oldtuple = systable_getnext(scan);
4695 
4696  /* If we find an entry, update it with the latest ACL. */
4697  if (HeapTupleIsValid(oldtuple))
4698  {
4699  Datum values[Natts_pg_init_privs] = {0};
4700  bool nulls[Natts_pg_init_privs] = {0};
4701  bool replace[Natts_pg_init_privs] = {0};
4702 
4703  /* If we have a new ACL to set, then update the row with it. */
4704  if (new_acl)
4705  {
4706  values[Anum_pg_init_privs_initprivs - 1] = PointerGetDatum(new_acl);
4707  replace[Anum_pg_init_privs_initprivs - 1] = true;
4708 
4709  oldtuple = heap_modify_tuple(oldtuple, RelationGetDescr(relation),
4710  values, nulls, replace);
4711 
4712  CatalogTupleUpdate(relation, &oldtuple->t_self, oldtuple);
4713  }
4714  else
4715  {
4716  /* new_acl is NULL, so delete the entry we found. */
4717  CatalogTupleDelete(relation, &oldtuple->t_self);
4718  }
4719  }
4720  else
4721  {
4722  Datum values[Natts_pg_init_privs] = {0};
4723  bool nulls[Natts_pg_init_privs] = {0};
4724 
4725  /*
4726  * Only add a new entry if the new ACL is non-NULL.
4727  *
4728  * If we are passed in a NULL ACL and no entry exists, we can just
4729  * fall through and do nothing.
4730  */
4731  if (new_acl)
4732  {
4733  /* No entry found, so add it. */
4734  values[Anum_pg_init_privs_objoid - 1] = ObjectIdGetDatum(objoid);
4735  values[Anum_pg_init_privs_classoid - 1] = ObjectIdGetDatum(classoid);
4736  values[Anum_pg_init_privs_objsubid - 1] = Int32GetDatum(objsubid);
4737 
4738  /* This function only handles initial privileges of extensions */
4739  values[Anum_pg_init_privs_privtype - 1] =
4741 
4742  values[Anum_pg_init_privs_initprivs - 1] = PointerGetDatum(new_acl);
4743 
4744  tuple = heap_form_tuple(RelationGetDescr(relation), values, nulls);
4745 
4746  CatalogTupleInsert(relation, tuple);
4747  }
4748  }
4749 
4750  systable_endscan(scan);
4751 
4752  /* prevent error when processing objects multiple times */
4754 
4755  table_close(relation, RowExclusiveLock);
4756 }
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
Definition: heaptuple.c:1116
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
Definition: indexing.c:233
@ INITPRIVS_EXTENSION
Definition: pg_init_privs.h:80
static Datum Int32GetDatum(int32 X)
Definition: postgres.h:212

References BTEqualStrategyNumber, CatalogTupleDelete(), CatalogTupleInsert(), CatalogTupleUpdate(), CharGetDatum(), CommandCounterIncrement(), heap_form_tuple(), heap_modify_tuple(), HeapTupleIsValid, INITPRIVS_EXTENSION, Int32GetDatum(), sort-test::key, ObjectIdGetDatum(), PointerGetDatum(), RelationGetDescr, RowExclusiveLock, ScanKeyInit(), systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), table_open(), and values.

Referenced by recordExtensionInitPriv(), recordExtObjInitPriv(), and removeExtObjInitPriv().

◆ recordExtObjInitPriv()

void recordExtObjInitPriv ( Oid  objoid,
Oid  classoid 
)

Definition at line 4392 of file aclchk.c.

4393 {
4394  /*
4395  * pg_class / pg_attribute
4396  *
4397  * If this is a relation then we need to see if there are any sub-objects
4398  * (eg: columns) for it and, if so, be sure to call
4399  * recordExtensionInitPrivWorker() for each one.
4400  */
4401  if (classoid == RelationRelationId)
4402  {
4403  Form_pg_class pg_class_tuple;
4404  Datum aclDatum;
4405  bool isNull;
4406  HeapTuple tuple;
4407 
4408  tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(objoid));
4409  if (!HeapTupleIsValid(tuple))
4410  elog(ERROR, "cache lookup failed for relation %u", objoid);
4411  pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
4412 
4413  /*
4414  * Indexes don't have permissions, neither do the pg_class rows for
4415  * composite types. (These cases are unreachable given the
4416  * restrictions in ALTER EXTENSION ADD, but let's check anyway.)
4417  */
4418  if (pg_class_tuple->relkind == RELKIND_INDEX ||
4419  pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4420  pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4421  {
4422  ReleaseSysCache(tuple);
4423  return;
4424  }
4425 
4426  /*
4427  * If this isn't a sequence then it's possibly going to have
4428  * column-level ACLs associated with it.
4429  */
4430  if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4431  {
4432  AttrNumber curr_att;
4433  AttrNumber nattrs = pg_class_tuple->relnatts;
4434 
4435  for (curr_att = 1; curr_att <= nattrs; curr_att++)
4436  {
4437  HeapTuple attTuple;
4438  Datum attaclDatum;
4439 
4440  attTuple = SearchSysCache2(ATTNUM,
4441  ObjectIdGetDatum(objoid),
4442  Int16GetDatum(curr_att));
4443 
4444  if (!HeapTupleIsValid(attTuple))
4445  continue;
4446 
4447  /* ignore dropped columns */
4448  if (((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped)
4449  {
4450  ReleaseSysCache(attTuple);
4451  continue;
4452  }
4453 
4454  attaclDatum = SysCacheGetAttr(ATTNUM, attTuple,
4455  Anum_pg_attribute_attacl,
4456  &isNull);
4457 
4458  /* no need to do anything for a NULL ACL */
4459  if (isNull)
4460  {
4461  ReleaseSysCache(attTuple);
4462  continue;
4463  }
4464 
4465  recordExtensionInitPrivWorker(objoid, classoid, curr_att,
4466  DatumGetAclP(attaclDatum));
4467 
4468  ReleaseSysCache(attTuple);
4469  }
4470  }
4471 
4472  aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
4473  &isNull);
4474 
4475  /* Add the record, if any, for the top-level object */
4476  if (!isNull)
4477  recordExtensionInitPrivWorker(objoid, classoid, 0,
4478  DatumGetAclP(aclDatum));
4479 
4480  ReleaseSysCache(tuple);
4481  }
4482  else if (classoid == LargeObjectRelationId)
4483  {
4484  /* For large objects, we must consult pg_largeobject_metadata */
4485  Datum aclDatum;
4486  bool isNull;
4487  HeapTuple tuple;
4488  ScanKeyData entry[1];
4489  SysScanDesc scan;
4490  Relation relation;
4491 
4492  /*
4493  * Note: this is dead code, given that we don't allow large objects to
4494  * be made extension members. But it seems worth carrying in case
4495  * some future caller of this function has need for it.
4496  */
4497  relation = table_open(LargeObjectMetadataRelationId, RowExclusiveLock);
4498 
4499  /* There's no syscache for pg_largeobject_metadata */
4500  ScanKeyInit(&entry[0],
4501  Anum_pg_largeobject_metadata_oid,
4502  BTEqualStrategyNumber, F_OIDEQ,
4503  ObjectIdGetDatum(objoid));
4504 
4505  scan = systable_beginscan(relation,
4506  LargeObjectMetadataOidIndexId, true,
4507  NULL, 1, entry);
4508 
4509  tuple = systable_getnext(scan);
4510  if (!HeapTupleIsValid(tuple))
4511  elog(ERROR, "could not find tuple for large object %u", objoid);
4512 
4513  aclDatum = heap_getattr(tuple,
4514  Anum_pg_largeobject_metadata_lomacl,
4515  RelationGetDescr(relation), &isNull);
4516 
4517  /* Add the record, if any, for the top-level object */
4518  if (!isNull)
4519  recordExtensionInitPrivWorker(objoid, classoid, 0,
4520  DatumGetAclP(aclDatum));
4521 
4522  systable_endscan(scan);
4523  }
4524  /* This will error on unsupported classoid. */
4525  else if (get_object_attnum_acl(classoid) != InvalidAttrNumber)
4526  {
4527  Datum aclDatum;
4528  bool isNull;
4529  HeapTuple tuple;
4530 
4531  tuple = SearchSysCache1(get_object_catcache_oid(classoid),
4532  ObjectIdGetDatum(objoid));
4533  if (!HeapTupleIsValid(tuple))
4534  elog(ERROR, "cache lookup failed for %s %u",
4535  get_object_class_descr(classoid), objoid);
4536 
4537  aclDatum = SysCacheGetAttr(get_object_catcache_oid(classoid), tuple,
4538  get_object_attnum_acl(classoid),
4539  &isNull);
4540 
4541  /* Add the record, if any, for the top-level object */
4542  if (!isNull)
4543  recordExtensionInitPrivWorker(objoid, classoid, 0,
4544  DatumGetAclP(aclDatum));
4545 
4546  ReleaseSysCache(tuple);
4547  }
4548 }

References BTEqualStrategyNumber, DatumGetAclP, elog, ERROR, get_object_attnum_acl(), get_object_catcache_oid(), get_object_class_descr(), GETSTRUCT, heap_getattr(), HeapTupleIsValid, Int16GetDatum(), InvalidAttrNumber, ObjectIdGetDatum(), recordExtensionInitPrivWorker(), RelationGetDescr, ReleaseSysCache(), RowExclusiveLock, ScanKeyInit(), SearchSysCache1(), SearchSysCache2(), SysCacheGetAttr(), systable_beginscan(), systable_endscan(), systable_getnext(), and table_open().

Referenced by ExecAlterExtensionContentsRecurse().

◆ removeExtObjInitPriv()

void removeExtObjInitPriv ( Oid  objoid,
Oid  classoid 
)

Definition at line 4555 of file aclchk.c.

4556 {
4557  /*
4558  * If this is a relation then we need to see if there are any sub-objects
4559  * (eg: columns) for it and, if so, be sure to call
4560  * recordExtensionInitPrivWorker() for each one.
4561  */
4562  if (classoid == RelationRelationId)
4563  {
4564  Form_pg_class pg_class_tuple;
4565  HeapTuple tuple;
4566 
4567  tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(objoid));
4568  if (!HeapTupleIsValid(tuple))
4569  elog(ERROR, "cache lookup failed for relation %u", objoid);
4570  pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
4571 
4572  /*
4573  * Indexes don't have permissions, neither do the pg_class rows for
4574  * composite types. (These cases are unreachable given the
4575  * restrictions in ALTER EXTENSION DROP, but let's check anyway.)
4576  */
4577  if (pg_class_tuple->relkind == RELKIND_INDEX ||
4578  pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4579  pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4580  {
4581  ReleaseSysCache(tuple);
4582  return;
4583  }
4584 
4585  /*
4586  * If this isn't a sequence then it's possibly going to have
4587  * column-level ACLs associated with it.
4588  */
4589  if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4590  {
4591  AttrNumber curr_att;
4592  AttrNumber nattrs = pg_class_tuple->relnatts;
4593 
4594  for (curr_att = 1; curr_att <= nattrs; curr_att++)
4595  {
4596  HeapTuple attTuple;
4597 
4598  attTuple = SearchSysCache2(ATTNUM,
4599  ObjectIdGetDatum(objoid),
4600  Int16GetDatum(curr_att));
4601 
4602  if (!HeapTupleIsValid(attTuple))
4603  continue;
4604 
4605  /* when removing, remove all entries, even dropped columns */
4606 
4607  recordExtensionInitPrivWorker(objoid, classoid, curr_att, NULL);
4608 
4609  ReleaseSysCache(attTuple);
4610  }
4611  }
4612 
4613  ReleaseSysCache(tuple);
4614  }
4615 
4616  /* Remove the record, if any, for the top-level object */
4617  recordExtensionInitPrivWorker(objoid, classoid, 0, NULL);
4618 }

References elog, ERROR, GETSTRUCT, HeapTupleIsValid, Int16GetDatum(), ObjectIdGetDatum(), recordExtensionInitPrivWorker(), ReleaseSysCache(), SearchSysCache1(), and SearchSysCache2().

Referenced by ExecAlterExtensionContentsRecurse().

◆ RemoveRoleFromObjectACL()

void RemoveRoleFromObjectACL ( Oid  roleid,
Oid  classid,
Oid  objid 
)

Definition at line 1453 of file aclchk.c.

1454 {
1455  if (classid == DefaultAclRelationId)
1456  {
1457  InternalDefaultACL iacls;
1458  Form_pg_default_acl pg_default_acl_tuple;
1459  Relation rel;
1460  ScanKeyData skey[1];
1461  SysScanDesc scan;
1462  HeapTuple tuple;
1463 
1464  /* first fetch info needed by SetDefaultACL */
1465  rel = table_open(DefaultAclRelationId, AccessShareLock);
1466 
1467  ScanKeyInit(&skey[0],
1468  Anum_pg_default_acl_oid,
1469  BTEqualStrategyNumber, F_OIDEQ,
1470  ObjectIdGetDatum(objid));
1471 
1472  scan = systable_beginscan(rel, DefaultAclOidIndexId, true,
1473  NULL, 1, skey);
1474 
1475  tuple = systable_getnext(scan);
1476 
1477  if (!HeapTupleIsValid(tuple))
1478  elog(ERROR, "could not find tuple for default ACL %u", objid);
1479 
1480  pg_default_acl_tuple = (Form_pg_default_acl) GETSTRUCT(tuple);
1481 
1482  iacls.roleid = pg_default_acl_tuple->defaclrole;
1483  iacls.nspid = pg_default_acl_tuple->defaclnamespace;
1484 
1485  switch (pg_default_acl_tuple->defaclobjtype)
1486  {
1487  case DEFACLOBJ_RELATION:
1488  iacls.objtype = OBJECT_TABLE;
1489  break;
1490  case DEFACLOBJ_SEQUENCE:
1491  iacls.objtype = OBJECT_SEQUENCE;
1492  break;
1493  case DEFACLOBJ_FUNCTION:
1494  iacls.objtype = OBJECT_FUNCTION;
1495  break;
1496  case DEFACLOBJ_TYPE:
1497  iacls.objtype = OBJECT_TYPE;
1498  break;
1499  case DEFACLOBJ_NAMESPACE:
1500  iacls.objtype = OBJECT_SCHEMA;
1501  break;
1502  default:
1503  /* Shouldn't get here */
1504  elog(ERROR, "unexpected default ACL type: %d",
1505  (int) pg_default_acl_tuple->defaclobjtype);
1506  break;
1507  }
1508 
1509  systable_endscan(scan);
1511 
1512  iacls.is_grant = false;
1513  iacls.all_privs = true;
1514  iacls.privileges = ACL_NO_RIGHTS;
1515  iacls.grantees = list_make1_oid(roleid);
1516  iacls.grant_option = false;
1517  iacls.behavior = DROP_CASCADE;
1518 
1519  /* Do it */
1520  SetDefaultACL(&iacls);
1521  }
1522  else
1523  {
1524  InternalGrant istmt;
1525 
1526  switch (classid)
1527  {
1528  case RelationRelationId:
1529  /* it's OK to use TABLE for a sequence */
1530  istmt.objtype = OBJECT_TABLE;
1531  break;
1532  case DatabaseRelationId:
1533  istmt.objtype = OBJECT_DATABASE;
1534  break;
1535  case TypeRelationId:
1536  istmt.objtype = OBJECT_TYPE;
1537  break;
1538  case ProcedureRelationId:
1539  istmt.objtype = OBJECT_ROUTINE;
1540  break;
1541  case LanguageRelationId:
1542  istmt.objtype = OBJECT_LANGUAGE;
1543  break;
1544  case LargeObjectRelationId:
1545  istmt.objtype = OBJECT_LARGEOBJECT;
1546  break;
1547  case NamespaceRelationId:
1548  istmt.objtype = OBJECT_SCHEMA;
1549  break;
1550  case TableSpaceRelationId:
1551  istmt.objtype = OBJECT_TABLESPACE;
1552  break;
1553  case ForeignServerRelationId:
1555  break;
1556  case ForeignDataWrapperRelationId:
1557  istmt.objtype = OBJECT_FDW;
1558  break;
1559  case ParameterAclRelationId:
1560  istmt.objtype = OBJECT_PARAMETER_ACL;
1561  break;
1562  default:
1563  elog(ERROR, "unexpected object class %u", classid);
1564  break;
1565  }
1566  istmt.is_grant = false;
1567  istmt.objects = list_make1_oid(objid);
1568  istmt.all_privs = true;
1569  istmt.privileges = ACL_NO_RIGHTS;
1570  istmt.col_privs = NIL;
1571  istmt.grantees = list_make1_oid(roleid);
1572  istmt.grant_option = false;
1573  istmt.behavior = DROP_CASCADE;
1574 
1575  ExecGrantStmt_oids(&istmt);
1576  }
1577 }
static void SetDefaultACL(InternalDefaultACL *iacls)
Definition: aclchk.c:1202
@ DROP_CASCADE
Definition: parsenodes.h:2183
FormData_pg_default_acl * Form_pg_default_acl
#define list_make1_oid(x1)
Definition: pg_list.h:242

References AccessShareLock, ACL_NO_RIGHTS, InternalDefaultACL::all_privs, InternalGrant::all_privs, InternalDefaultACL::behavior, InternalGrant::behavior, BTEqualStrategyNumber, InternalGrant::col_privs, DROP_CASCADE, elog, ERROR, ExecGrantStmt_oids(), GETSTRUCT, InternalDefaultACL::grant_option, InternalGrant::grant_option, InternalDefaultACL::grantees, InternalGrant::grantees, HeapTupleIsValid, InternalDefaultACL::is_grant, InternalGrant::is_grant, list_make1_oid, NIL, InternalDefaultACL::nspid, OBJECT_DATABASE, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, ObjectIdGetDatum(), InternalGrant::objects, InternalDefaultACL::objtype, InternalGrant::objtype, InternalDefaultACL::privileges, InternalGrant::privileges, InternalDefaultACL::roleid, ScanKeyInit(), SetDefaultACL(), systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by shdepDropOwned().

◆ restrict_and_check_grant()

static AclMode restrict_and_check_grant ( bool  is_grant,
AclMode  avail_goptions,
bool  all_privs,
AclMode  privileges,
Oid  objectId,
Oid  grantorId,
ObjectType  objtype,
const char *  objname,
AttrNumber  att_number,
const char *  colname 
)
static

Definition at line 240 of file aclchk.c.

244 {
245  AclMode this_privileges;
246  AclMode whole_mask;
247 
248  switch (objtype)
249  {
250  case OBJECT_COLUMN:
251  whole_mask = ACL_ALL_RIGHTS_COLUMN;
252  break;
253  case OBJECT_TABLE:
254  whole_mask = ACL_ALL_RIGHTS_RELATION;
255  break;
256  case OBJECT_SEQUENCE:
257  whole_mask = ACL_ALL_RIGHTS_SEQUENCE;
258  break;
259  case OBJECT_DATABASE:
260  whole_mask = ACL_ALL_RIGHTS_DATABASE;
261  break;
262  case OBJECT_FUNCTION:
263  whole_mask = ACL_ALL_RIGHTS_FUNCTION;
264  break;
265  case OBJECT_LANGUAGE:
266  whole_mask = ACL_ALL_RIGHTS_LANGUAGE;
267  break;
268  case OBJECT_LARGEOBJECT:
269  whole_mask = ACL_ALL_RIGHTS_LARGEOBJECT;
270  break;
271  case OBJECT_SCHEMA:
272  whole_mask = ACL_ALL_RIGHTS_SCHEMA;
273  break;
274  case OBJECT_TABLESPACE:
275  whole_mask = ACL_ALL_RIGHTS_TABLESPACE;
276  break;
277  case OBJECT_FDW:
278  whole_mask = ACL_ALL_RIGHTS_FDW;
279  break;
281  whole_mask = ACL_ALL_RIGHTS_FOREIGN_SERVER;
282  break;
284  elog(ERROR, "grantable rights not supported for event triggers");
285  /* not reached, but keep compiler quiet */
286  return ACL_NO_RIGHTS;
287  case OBJECT_TYPE:
288  whole_mask = ACL_ALL_RIGHTS_TYPE;
289  break;
291  whole_mask = ACL_ALL_RIGHTS_PARAMETER_ACL;
292  break;
293  default:
294  elog(ERROR, "unrecognized object type: %d", objtype);
295  /* not reached, but keep compiler quiet */
296  return ACL_NO_RIGHTS;
297  }
298 
299  /*
300  * If we found no grant options, consider whether to issue a hard error.
301  * Per spec, having any privilege at all on the object will get you by
302  * here.
303  */
304  if (avail_goptions == ACL_NO_RIGHTS)
305  {
306  if (pg_aclmask(objtype, objectId, att_number, grantorId,
307  whole_mask | ACL_GRANT_OPTION_FOR(whole_mask),
309  {
310  if (objtype == OBJECT_COLUMN && colname)
311  aclcheck_error_col(ACLCHECK_NO_PRIV, objtype, objname, colname);
312  else
313  aclcheck_error(ACLCHECK_NO_PRIV, objtype, objname);
314  }
315  }
316 
317  /*
318  * Restrict the operation to what we can actually grant or revoke, and
319  * issue a warning if appropriate. (For REVOKE this isn't quite what the
320  * spec says to do: the spec seems to want a warning only if no privilege
321  * bits actually change in the ACL. In practice that behavior seems much
322  * too noisy, as well as inconsistent with the GRANT case.)
323  */
324  this_privileges = privileges & ACL_OPTION_TO_PRIVS(avail_goptions);
325  if (is_grant)
326  {
327  if (this_privileges == 0)
328  {
329  if (objtype == OBJECT_COLUMN && colname)
331  (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
332  errmsg("no privileges were granted for column \"%s\" of relation \"%s\"",
333  colname, objname)));
334  else
336  (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
337  errmsg("no privileges were granted for \"%s\"",
338  objname)));
339  }
340  else if (!all_privs && this_privileges != privileges)
341  {
342  if (objtype == OBJECT_COLUMN && colname)
344  (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
345  errmsg("not all privileges were granted for column \"%s\" of relation \"%s\"",
346  colname, objname)));
347  else
349  (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
350  errmsg("not all privileges were granted for \"%s\"",
351  objname)));
352  }
353  }
354  else
355  {
356  if (this_privileges == 0)
357  {
358  if (objtype == OBJECT_COLUMN && colname)
360  (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
361  errmsg("no privileges could be revoked for column \"%s\" of relation \"%s\"",
362  colname, objname)));
363  else
365  (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
366  errmsg("no privileges could be revoked for \"%s\"",
367  objname)));
368  }
369  else if (!all_privs && this_privileges != privileges)
370  {
371  if (objtype == OBJECT_COLUMN && colname)
373  (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
374  errmsg("not all privileges could be revoked for column \"%s\" of relation \"%s\"",
375  colname, objname)));
376  else
378  (errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
379  errmsg("not all privileges could be revoked for \"%s\"",
380  objname)));
381  }
382  }
383 
384  return this_privileges;
385 }
#define ACL_OPTION_TO_PRIVS(privs)
Definition: acl.h:71
#define ACL_GRANT_OPTION_FOR(privs)
Definition: acl.h:70
void aclcheck_error_col(AclResult aclerr, ObjectType objtype, const char *objectname, const char *colname)
Definition: aclchk.c:2977
static AclMode pg_aclmask(ObjectType objtype, Oid object_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3019

References ACL_ALL_RIGHTS_COLUMN, ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_LARGEOBJECT, ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, ACL_GRANT_OPTION_FOR, ACL_NO_RIGHTS, ACL_OPTION_TO_PRIVS, aclcheck_error(), aclcheck_error_col(), ACLCHECK_NO_PRIV, ACLMASK_ANY, elog, ereport, errcode(), errmsg(), ERROR, OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_EVENT_TRIGGER, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, pg_aclmask(), and WARNING.

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), and ExecGrant_Relation().

◆ SetDefaultACL()

static void SetDefaultACL ( InternalDefaultACL iacls)
static

Definition at line 1202 of file aclchk.c.

1203 {
1204  AclMode this_privileges = iacls->privileges;
1205  char objtype;
1206  Relation rel;
1207  HeapTuple tuple;
1208  bool isNew;
1209  Acl *def_acl;
1210  Acl *old_acl;
1211  Acl *new_acl;
1212  HeapTuple newtuple;
1213  int noldmembers;
1214  int nnewmembers;
1215  Oid *oldmembers;
1216  Oid *newmembers;
1217 
1218  rel = table_open(DefaultAclRelationId, RowExclusiveLock);
1219 
1220  /*
1221  * The default for a global entry is the hard-wired default ACL for the
1222  * particular object type. The default for non-global entries is an empty
1223  * ACL. This must be so because global entries replace the hard-wired
1224  * defaults, while others are added on.
1225  */
1226  if (!OidIsValid(iacls->nspid))
1227  def_acl = acldefault(iacls->objtype, iacls->roleid);
1228  else
1229  def_acl = make_empty_acl();
1230 
1231  /*
1232  * Convert ACL object type to pg_default_acl object type and handle
1233  * all_privs option
1234  */
1235  switch (iacls->objtype)
1236  {
1237  case OBJECT_TABLE:
1238  objtype = DEFACLOBJ_RELATION;
1239  if (iacls->all_privs && this_privileges == ACL_NO_RIGHTS)
1240  this_privileges = ACL_ALL_RIGHTS_RELATION;
1241  break;
1242 
1243  case OBJECT_SEQUENCE:
1244  objtype = DEFACLOBJ_SEQUENCE;
1245  if (iacls->all_privs && this_privileges == ACL_NO_RIGHTS)
1246  this_privileges = ACL_ALL_RIGHTS_SEQUENCE;
1247  break;
1248 
1249  case OBJECT_FUNCTION:
1250  objtype = DEFACLOBJ_FUNCTION;
1251  if (iacls->all_privs && this_privileges == ACL_NO_RIGHTS)
1252  this_privileges = ACL_ALL_RIGHTS_FUNCTION;
1253  break;
1254 
1255  case OBJECT_TYPE:
1256  objtype = DEFACLOBJ_TYPE;
1257  if (iacls->all_privs && this_privileges == ACL_NO_RIGHTS)
1258  this_privileges = ACL_ALL_RIGHTS_TYPE;
1259  break;
1260 
1261  case OBJECT_SCHEMA:
1262  if (OidIsValid(iacls->nspid))
1263  ereport(ERROR,
1264  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1265  errmsg("cannot use IN SCHEMA clause when using GRANT/REVOKE ON SCHEMAS")));
1266  objtype = DEFACLOBJ_NAMESPACE;
1267  if (iacls->all_privs && this_privileges == ACL_NO_RIGHTS)
1268  this_privileges = ACL_ALL_RIGHTS_SCHEMA;
1269  break;
1270 
1271  default:
1272  elog(ERROR, "unrecognized object type: %d",
1273  (int) iacls->objtype);
1274  objtype = 0; /* keep compiler quiet */
1275  break;
1276  }
1277 
1278  /* Search for existing row for this object type in catalog */
1279  tuple = SearchSysCache3(DEFACLROLENSPOBJ,
1280  ObjectIdGetDatum(iacls->roleid),
1281  ObjectIdGetDatum(iacls->nspid),
1282  CharGetDatum(objtype));
1283 
1284  if (HeapTupleIsValid(tuple))
1285  {
1286  Datum aclDatum;
1287  bool isNull;
1288 
1289  aclDatum = SysCacheGetAttr(DEFACLROLENSPOBJ, tuple,
1290  Anum_pg_default_acl_defaclacl,
1291  &isNull);
1292  if (!isNull)
1293  old_acl = DatumGetAclPCopy(aclDatum);
1294  else
1295  old_acl = NULL; /* this case shouldn't happen, probably */
1296  isNew = false;
1297  }
1298  else
1299  {
1300  old_acl = NULL;
1301  isNew = true;
1302  }
1303 
1304  if (old_acl != NULL)
1305  {
1306  /*
1307  * We need the members of both old and new ACLs so we can correct the
1308  * shared dependency information. Collect data before
1309  * merge_acl_with_grant throws away old_acl.
1310  */
1311  noldmembers = aclmembers(old_acl, &oldmembers);
1312  }
1313  else
1314  {
1315  /* If no or null entry, start with the default ACL value */
1316  old_acl = aclcopy(def_acl);
1317  /* There are no old member roles according to the catalogs */
1318  noldmembers = 0;
1319  oldmembers = NULL;
1320  }
1321 
1322  /*
1323  * Generate new ACL. Grantor of rights is always the same as the target
1324  * role.
1325  */
1326  new_acl = merge_acl_with_grant(old_acl,
1327  iacls->is_grant,
1328  iacls->grant_option,
1329  iacls->behavior,
1330  iacls->grantees,
1331  this_privileges,
1332  iacls->roleid,
1333  iacls->roleid);
1334 
1335  /*
1336  * If the result is the same as the default value, we do not need an
1337  * explicit pg_default_acl entry, and should in fact remove the entry if
1338  * it exists. Must sort both arrays to compare properly.
1339  */
1340  aclitemsort(new_acl);
1341  aclitemsort(def_acl);
1342  if (aclequal(new_acl, def_acl))
1343  {
1344  /* delete old entry, if indeed there is one */
1345  if (!isNew)
1346  {
1347  ObjectAddress myself;
1348 
1349  /*
1350  * The dependency machinery will take care of removing all
1351  * associated dependency entries. We use DROP_RESTRICT since
1352  * there shouldn't be anything depending on this entry.
1353  */
1354  myself.classId = DefaultAclRelationId;
1355  myself.objectId = ((Form_pg_default_acl) GETSTRUCT(tuple))->oid;
1356  myself.objectSubId = 0;
1357 
1358  performDeletion(&myself, DROP_RESTRICT, 0);
1359  }
1360  }
1361  else
1362  {
1363  Datum values[Natts_pg_default_acl] = {0};
1364  bool nulls[Natts_pg_default_acl] = {0};
1365  bool replaces[Natts_pg_default_acl] = {0};
1366  Oid defAclOid;
1367 
1368  if (isNew)
1369  {
1370  /* insert new entry */
1371  defAclOid = GetNewOidWithIndex(rel, DefaultAclOidIndexId,
1372  Anum_pg_default_acl_oid);
1373  values[Anum_pg_default_acl_oid - 1] = ObjectIdGetDatum(defAclOid);
1374  values[Anum_pg_default_acl_defaclrole - 1] = ObjectIdGetDatum(iacls->roleid);
1375  values[Anum_pg_default_acl_defaclnamespace - 1] = ObjectIdGetDatum(iacls->nspid);
1376  values[Anum_pg_default_acl_defaclobjtype - 1] = CharGetDatum(objtype);
1377  values[Anum_pg_default_acl_defaclacl - 1] = PointerGetDatum(new_acl);
1378 
1379  newtuple = heap_form_tuple(RelationGetDescr(rel), values, nulls);
1380  CatalogTupleInsert(rel, newtuple);
1381  }
1382  else
1383  {
1384  defAclOid = ((Form_pg_default_acl) GETSTRUCT(tuple))->oid;
1385 
1386  /* update existing entry */
1387  values[Anum_pg_default_acl_defaclacl - 1] = PointerGetDatum(new_acl);
1388  replaces[Anum_pg_default_acl_defaclacl - 1] = true;
1389 
1390  newtuple = heap_modify_tuple(tuple, RelationGetDescr(rel),
1391  values, nulls, replaces);
1392  CatalogTupleUpdate(rel, &newtuple->t_self, newtuple);
1393  }
1394 
1395  /* these dependencies don't change in an update */
1396  if (isNew)
1397  {
1398  /* dependency on role */
1399  recordDependencyOnOwner(DefaultAclRelationId, defAclOid,
1400  iacls->roleid);
1401 
1402  /* dependency on namespace */
1403  if (OidIsValid(iacls->nspid))
1404  {
1405  ObjectAddress myself,
1406  referenced;
1407 
1408  myself.classId = DefaultAclRelationId;
1409  myself.objectId = defAclOid;
1410  myself.objectSubId = 0;
1411 
1412  referenced.classId = NamespaceRelationId;
1413  referenced.objectId = iacls->nspid;
1414  referenced.objectSubId = 0;
1415 
1416  recordDependencyOn(&myself, &referenced, DEPENDENCY_AUTO);
1417  }
1418  }
1419 
1420  /*
1421  * Update the shared dependency ACL info
1422  */
1423  nnewmembers = aclmembers(new_acl, &newmembers);
1424 
1425  updateAclDependencies(DefaultAclRelationId,
1426  defAclOid, 0,
1427  iacls->roleid,
1428  noldmembers, oldmembers,
1429  nnewmembers, newmembers);
1430 
1431  if (isNew)
1432  InvokeObjectPostCreateHook(DefaultAclRelationId, defAclOid, 0);
1433  else
1434  InvokeObjectPostAlterHook(DefaultAclRelationId, defAclOid, 0);
1435  }
1436 
1437  if (HeapTupleIsValid(tuple))
1438  ReleaseSysCache(tuple);
1439 
1441 
1442  /* prevent error when processing duplicate objects */
1444 }
Acl * make_empty_acl(void)
Definition: acl.c:423
Oid GetNewOidWithIndex(Relation relation, Oid indexId, AttrNumber oidcolumn)
Definition: catalog.c:391
void performDeletion(const ObjectAddress *object, DropBehavior behavior, int flags)
Definition: dependency.c:273
@ DEPENDENCY_AUTO
Definition: dependency.h:34
#define InvokeObjectPostCreateHook(classId, objectId, subId)
Definition: objectaccess.h:173
#define InvokeObjectPostAlterHook(classId, objectId, subId)
Definition: objectaccess.h:197
@ DROP_RESTRICT
Definition: parsenodes.h:2182
void recordDependencyOn(const ObjectAddress *depender, const ObjectAddress *referenced, DependencyType behavior)
Definition: pg_depend.c:44
void recordDependencyOnOwner(Oid classId, Oid objectId, Oid owner)
Definition: pg_shdepend.c:160

References ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TYPE, ACL_NO_RIGHTS, aclcopy(), acldefault(), aclequal(), aclitemsort(), aclmembers(), InternalDefaultACL::all_privs, InternalDefaultACL::behavior, CatalogTupleInsert(), CatalogTupleUpdate(), CharGetDatum(), ObjectAddress::classId, CommandCounterIncrement(), DatumGetAclPCopy, DEPENDENCY_AUTO, DROP_RESTRICT, elog, ereport, errcode(), errmsg(), ERROR, GetNewOidWithIndex(), GETSTRUCT, InternalDefaultACL::grant_option, InternalDefaultACL::grantees, heap_form_tuple(), heap_modify_tuple(), HeapTupleIsValid, InvokeObjectPostAlterHook, InvokeObjectPostCreateHook, InternalDefaultACL::is_grant, make_empty_acl(), merge_acl_with_grant(), InternalDefaultACL::nspid, OBJECT_FUNCTION, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TYPE, ObjectAddress::objectId, ObjectIdGetDatum(), ObjectAddress::objectSubId, InternalDefaultACL::objtype, OidIsValid, performDeletion(), PointerGetDatum(), InternalDefaultACL::privileges, recordDependencyOn(), recordDependencyOnOwner(), RelationGetDescr, ReleaseSysCache(), InternalDefaultACL::roleid, RowExclusiveLock, SearchSysCache3(), SysCacheGetAttr(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by RemoveRoleFromObjectACL(), and SetDefaultACLsInSchemas().

◆ SetDefaultACLsInSchemas()

static void SetDefaultACLsInSchemas ( InternalDefaultACL iacls,
List nspnames 
)
static

Definition at line 1160 of file aclchk.c.

1161 {
1162  if (nspnames == NIL)
1163  {
1164  /* Set database-wide permissions if no schema was specified */
1165  iacls->nspid = InvalidOid;
1166 
1167  SetDefaultACL(iacls);
1168  }
1169  else
1170  {
1171  /* Look up the schema OIDs and set permissions for each one */
1172  ListCell *nspcell;
1173 
1174  foreach(nspcell, nspnames)
1175  {
1176  char *nspname = strVal(lfirst(nspcell));
1177 
1178  iacls->nspid = get_namespace_oid(nspname, false);
1179 
1180  /*
1181  * We used to insist that the target role have CREATE privileges
1182  * on the schema, since without that it wouldn't be able to create
1183  * an object for which these default privileges would apply.
1184  * However, this check proved to be more confusing than helpful,
1185  * and it also caused certain database states to not be
1186  * dumpable/restorable, since revoking CREATE doesn't cause
1187  * default privileges for the schema to go away. So now, we just
1188  * allow the ALTER; if the user lacks CREATE he'll find out when
1189  * he tries to create an object.
1190  */
1191 
1192  SetDefaultACL(iacls);
1193  }
1194  }
1195 }

References get_namespace_oid(), InvalidOid, lfirst, NIL, InternalDefaultACL::nspid, SetDefaultACL(), and strVal.

Referenced by ExecAlterDefaultPrivilegesStmt().

◆ string_to_privilege()

static AclMode string_to_privilege ( const char *  privname)
static

Definition at line 2598 of file aclchk.c.

2599 {
2600  if (strcmp(privname, "insert") == 0)
2601  return ACL_INSERT;
2602  if (strcmp(privname, "select") == 0)
2603  return ACL_SELECT;
2604  if (strcmp(privname, "update") == 0)
2605  return ACL_UPDATE;
2606  if (strcmp(privname, "delete") == 0)
2607  return ACL_DELETE;
2608  if (strcmp(privname, "truncate") == 0)
2609  return ACL_TRUNCATE;
2610  if (strcmp(privname, "references") == 0)
2611  return ACL_REFERENCES;
2612  if (strcmp(privname, "trigger") == 0)
2613  return ACL_TRIGGER;
2614  if (strcmp(privname, "execute") == 0)
2615  return ACL_EXECUTE;
2616  if (strcmp(privname, "usage") == 0)
2617  return ACL_USAGE;
2618  if (strcmp(privname, "create") == 0)
2619  return ACL_CREATE;
2620  if (strcmp(privname, "temporary") == 0)
2621  return ACL_CREATE_TEMP;
2622  if (strcmp(privname, "temp") == 0)
2623  return ACL_CREATE_TEMP;
2624  if (strcmp(privname, "connect") == 0)
2625  return ACL_CONNECT;
2626  if (strcmp(privname, "set") == 0)
2627  return ACL_SET;
2628  if (strcmp(privname, "alter system") == 0)
2629  return ACL_ALTER_SYSTEM;
2630  if (strcmp(privname, "maintain") == 0)
2631  return ACL_MAINTAIN;
2632  if (strcmp(privname, "rule") == 0)
2633  return 0; /* ignore old RULE privileges */
2634  ereport(ERROR,
2635  (errcode(ERRCODE_SYNTAX_ERROR),
2636  errmsg("unrecognized privilege type \"%s\"", privname)));
2637  return 0; /* appease compiler */
2638 }

References ACL_ALTER_SYSTEM, ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_MAINTAIN, ACL_REFERENCES, ACL_SELECT, ACL_SET, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, ereport, errcode(), errmsg(), and ERROR.

Referenced by ExecAlterDefaultPrivilegesStmt(), ExecGrant_Relation(), and ExecuteGrantStmt().

Variable Documentation

◆ binary_upgrade_record_init_privs

bool binary_upgrade_record_init_privs = false

Definition at line 109 of file aclchk.c.

Referenced by binary_upgrade_set_record_init_privs(), and recordExtensionInitPriv().