PostgreSQL Source Code  git master
aclchk.c File Reference
Include dependency graph for aclchk.c:

Go to the source code of this file.

Data Structures

struct  InternalDefaultACL
 

Functions

static void ExecGrantStmt_oids (InternalGrant *istmt)
 
static void ExecGrant_Relation (InternalGrant *istmt)
 
static void ExecGrant_common (InternalGrant *istmt, Oid classid, AclMode default_privs, void(*object_check)(InternalGrant *istmt, HeapTuple tuple))
 
static void ExecGrant_Language_check (InternalGrant *istmt, HeapTuple tuple)
 
static void ExecGrant_Largeobject (InternalGrant *istmt)
 
static void ExecGrant_Type_check (InternalGrant *istmt, HeapTuple tuple)
 
static void ExecGrant_Parameter (InternalGrant *istmt)
 
static void SetDefaultACLsInSchemas (InternalDefaultACL *iacls, List *nspnames)
 
static void SetDefaultACL (InternalDefaultACL *iacls)
 
static ListobjectNamesToOids (ObjectType objtype, List *objnames, bool is_grant)
 
static ListobjectsInSchemaToOids (ObjectType objtype, List *nspnames)
 
static ListgetRelationsInNamespace (Oid namespaceId, char relkind)
 
static void expand_col_privileges (List *colnames, Oid table_oid, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
 
static void expand_all_col_privileges (Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
 
static AclMode string_to_privilege (const char *privname)
 
static const char * privilege_to_string (AclMode privilege)
 
static AclMode restrict_and_check_grant (bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
 
static AclMode pg_aclmask (ObjectType objtype, Oid object_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode object_aclmask (Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode object_aclmask_ext (Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
 
static AclMode pg_attribute_aclmask (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode pg_attribute_aclmask_ext (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
 
static AclMode pg_class_aclmask_ext (Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
 
static AclMode pg_parameter_acl_aclmask (Oid acl_oid, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode pg_largeobject_aclmask_snapshot (Oid lobj_oid, Oid roleid, AclMode mask, AclMaskHow how, Snapshot snapshot)
 
static AclMode pg_namespace_aclmask_ext (Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
 
static AclMode pg_type_aclmask_ext (Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
 
static void recordExtensionInitPriv (Oid objoid, Oid classoid, int objsubid, Oid ownerId, Acl *new_acl)
 
static void recordExtensionInitPrivWorker (Oid objoid, Oid classoid, int objsubid, Oid ownerId, Acl *new_acl)
 
static Aclmerge_acl_with_grant (Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
 
void ExecuteGrantStmt (GrantStmt *stmt)
 
void ExecAlterDefaultPrivilegesStmt (ParseState *pstate, AlterDefaultPrivilegesStmt *stmt)
 
void RemoveRoleFromObjectACL (Oid roleid, Oid classid, Oid objid)
 
static void ExecGrant_Attribute (InternalGrant *istmt, Oid relOid, const char *relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)
 
void aclcheck_error (AclResult aclerr, ObjectType objtype, const char *objectname)
 
void aclcheck_error_col (AclResult aclerr, ObjectType objtype, const char *objectname, const char *colname)
 
void aclcheck_error_type (AclResult aclerr, Oid typeOid)
 
AclMode pg_class_aclmask (Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode pg_parameter_aclmask (const char *name, Oid roleid, AclMode mask, AclMaskHow how)
 
AclResult object_aclcheck (Oid classid, Oid objectid, Oid roleid, AclMode mode)
 
AclResult object_aclcheck_ext (Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)
 
AclResult pg_attribute_aclcheck (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode)
 
AclResult pg_attribute_aclcheck_ext (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
 
AclResult pg_attribute_aclcheck_all (Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
 
AclResult pg_attribute_aclcheck_all_ext (Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)
 
AclResult pg_class_aclcheck (Oid table_oid, Oid roleid, AclMode mode)
 
AclResult pg_class_aclcheck_ext (Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)
 
AclResult pg_parameter_aclcheck (const char *name, Oid roleid, AclMode mode)
 
AclResult pg_largeobject_aclcheck_snapshot (Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)
 
bool object_ownercheck (Oid classid, Oid objectid, Oid roleid)
 
bool has_createrole_privilege (Oid roleid)
 
bool has_bypassrls_privilege (Oid roleid)
 
static Aclget_default_acl_internal (Oid roleId, Oid nsp_oid, char objtype)
 
Aclget_user_default_acl (ObjectType objtype, Oid ownerId, Oid nsp_oid)
 
void recordDependencyOnNewAcl (Oid classId, Oid objectId, int32 objsubId, Oid ownerId, Acl *acl)
 
void recordExtObjInitPriv (Oid objoid, Oid classoid)
 
void removeExtObjInitPriv (Oid objoid, Oid classoid)
 
void RemoveRoleFromInitPriv (Oid roleid, Oid classid, Oid objid, int32 objsubid)
 

Variables

bool binary_upgrade_record_init_privs = false
 

Function Documentation

◆ aclcheck_error()

void aclcheck_error ( AclResult  aclerr,
ObjectType  objtype,
const char *  objectname 
)

Definition at line 2702 of file aclchk.c.

2704 {
2705  switch (aclerr)
2706  {
2707  case ACLCHECK_OK:
2708  /* no error, so return to caller */
2709  break;
2710  case ACLCHECK_NO_PRIV:
2711  {
2712  const char *msg = "???";
2713 
2714  switch (objtype)
2715  {
2716  case OBJECT_AGGREGATE:
2717  msg = gettext_noop("permission denied for aggregate %s");
2718  break;
2719  case OBJECT_COLLATION:
2720  msg = gettext_noop("permission denied for collation %s");
2721  break;
2722  case OBJECT_COLUMN:
2723  msg = gettext_noop("permission denied for column %s");
2724  break;
2725  case OBJECT_CONVERSION:
2726  msg = gettext_noop("permission denied for conversion %s");
2727  break;
2728  case OBJECT_DATABASE:
2729  msg = gettext_noop("permission denied for database %s");
2730  break;
2731  case OBJECT_DOMAIN:
2732  msg = gettext_noop("permission denied for domain %s");
2733  break;
2734  case OBJECT_EVENT_TRIGGER:
2735  msg = gettext_noop("permission denied for event trigger %s");
2736  break;
2737  case OBJECT_EXTENSION:
2738  msg = gettext_noop("permission denied for extension %s");
2739  break;
2740  case OBJECT_FDW:
2741  msg = gettext_noop("permission denied for foreign-data wrapper %s");
2742  break;
2743  case OBJECT_FOREIGN_SERVER:
2744  msg = gettext_noop("permission denied for foreign server %s");
2745  break;
2746  case OBJECT_FOREIGN_TABLE:
2747  msg = gettext_noop("permission denied for foreign table %s");
2748  break;
2749  case OBJECT_FUNCTION:
2750  msg = gettext_noop("permission denied for function %s");
2751  break;
2752  case OBJECT_INDEX:
2753  msg = gettext_noop("permission denied for index %s");
2754  break;
2755  case OBJECT_LANGUAGE:
2756  msg = gettext_noop("permission denied for language %s");
2757  break;
2758  case OBJECT_LARGEOBJECT:
2759  msg = gettext_noop("permission denied for large object %s");
2760  break;
2761  case OBJECT_MATVIEW:
2762  msg = gettext_noop("permission denied for materialized view %s");
2763  break;
2764  case OBJECT_OPCLASS:
2765  msg = gettext_noop("permission denied for operator class %s");
2766  break;
2767  case OBJECT_OPERATOR:
2768  msg = gettext_noop("permission denied for operator %s");
2769  break;
2770  case OBJECT_OPFAMILY:
2771  msg = gettext_noop("permission denied for operator family %s");
2772  break;
2773  case OBJECT_PARAMETER_ACL:
2774  msg = gettext_noop("permission denied for parameter %s");
2775  break;
2776  case OBJECT_POLICY:
2777  msg = gettext_noop("permission denied for policy %s");
2778  break;
2779  case OBJECT_PROCEDURE:
2780  msg = gettext_noop("permission denied for procedure %s");
2781  break;
2782  case OBJECT_PUBLICATION:
2783  msg = gettext_noop("permission denied for publication %s");
2784  break;
2785  case OBJECT_ROUTINE:
2786  msg = gettext_noop("permission denied for routine %s");
2787  break;
2788  case OBJECT_SCHEMA:
2789  msg = gettext_noop("permission denied for schema %s");
2790  break;
2791  case OBJECT_SEQUENCE:
2792  msg = gettext_noop("permission denied for sequence %s");
2793  break;
2794  case OBJECT_STATISTIC_EXT:
2795  msg = gettext_noop("permission denied for statistics object %s");
2796  break;
2797  case OBJECT_SUBSCRIPTION:
2798  msg = gettext_noop("permission denied for subscription %s");
2799  break;
2800  case OBJECT_TABLE:
2801  msg = gettext_noop("permission denied for table %s");
2802  break;
2803  case OBJECT_TABLESPACE:
2804  msg = gettext_noop("permission denied for tablespace %s");
2805  break;
2807  msg = gettext_noop("permission denied for text search configuration %s");
2808  break;
2809  case OBJECT_TSDICTIONARY:
2810  msg = gettext_noop("permission denied for text search dictionary %s");
2811  break;
2812  case OBJECT_TYPE:
2813  msg = gettext_noop("permission denied for type %s");
2814  break;
2815  case OBJECT_VIEW:
2816  msg = gettext_noop("permission denied for view %s");
2817  break;
2818  /* these currently aren't used */
2819  case OBJECT_ACCESS_METHOD:
2820  case OBJECT_AMOP:
2821  case OBJECT_AMPROC:
2822  case OBJECT_ATTRIBUTE:
2823  case OBJECT_CAST:
2824  case OBJECT_DEFAULT:
2825  case OBJECT_DEFACL:
2826  case OBJECT_DOMCONSTRAINT:
2829  case OBJECT_ROLE:
2830  case OBJECT_RULE:
2831  case OBJECT_TABCONSTRAINT:
2832  case OBJECT_TRANSFORM:
2833  case OBJECT_TRIGGER:
2834  case OBJECT_TSPARSER:
2835  case OBJECT_TSTEMPLATE:
2836  case OBJECT_USER_MAPPING:
2837  elog(ERROR, "unsupported object type: %d", objtype);
2838  }
2839 
2840  ereport(ERROR,
2841  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2842  errmsg(msg, objectname)));
2843  break;
2844  }
2845  case ACLCHECK_NOT_OWNER:
2846  {
2847  const char *msg = "???";
2848 
2849  switch (objtype)
2850  {
2851  case OBJECT_AGGREGATE:
2852  msg = gettext_noop("must be owner of aggregate %s");
2853  break;
2854  case OBJECT_COLLATION:
2855  msg = gettext_noop("must be owner of collation %s");
2856  break;
2857  case OBJECT_CONVERSION:
2858  msg = gettext_noop("must be owner of conversion %s");
2859  break;
2860  case OBJECT_DATABASE:
2861  msg = gettext_noop("must be owner of database %s");
2862  break;
2863  case OBJECT_DOMAIN:
2864  msg = gettext_noop("must be owner of domain %s");
2865  break;
2866  case OBJECT_EVENT_TRIGGER:
2867  msg = gettext_noop("must be owner of event trigger %s");
2868  break;
2869  case OBJECT_EXTENSION:
2870  msg = gettext_noop("must be owner of extension %s");
2871  break;
2872  case OBJECT_FDW:
2873  msg = gettext_noop("must be owner of foreign-data wrapper %s");
2874  break;
2875  case OBJECT_FOREIGN_SERVER:
2876  msg = gettext_noop("must be owner of foreign server %s");
2877  break;
2878  case OBJECT_FOREIGN_TABLE:
2879  msg = gettext_noop("must be owner of foreign table %s");
2880  break;
2881  case OBJECT_FUNCTION:
2882  msg = gettext_noop("must be owner of function %s");
2883  break;
2884  case OBJECT_INDEX:
2885  msg = gettext_noop("must be owner of index %s");
2886  break;
2887  case OBJECT_LANGUAGE:
2888  msg = gettext_noop("must be owner of language %s");
2889  break;
2890  case OBJECT_LARGEOBJECT:
2891  msg = gettext_noop("must be owner of large object %s");
2892  break;
2893  case OBJECT_MATVIEW:
2894  msg = gettext_noop("must be owner of materialized view %s");
2895  break;
2896  case OBJECT_OPCLASS:
2897  msg = gettext_noop("must be owner of operator class %s");
2898  break;
2899  case OBJECT_OPERATOR:
2900  msg = gettext_noop("must be owner of operator %s");
2901  break;
2902  case OBJECT_OPFAMILY:
2903  msg = gettext_noop("must be owner of operator family %s");
2904  break;
2905  case OBJECT_PROCEDURE:
2906  msg = gettext_noop("must be owner of procedure %s");
2907  break;
2908  case OBJECT_PUBLICATION:
2909  msg = gettext_noop("must be owner of publication %s");
2910  break;
2911  case OBJECT_ROUTINE:
2912  msg = gettext_noop("must be owner of routine %s");
2913  break;
2914  case OBJECT_SEQUENCE:
2915  msg = gettext_noop("must be owner of sequence %s");
2916  break;
2917  case OBJECT_SUBSCRIPTION:
2918  msg = gettext_noop("must be owner of subscription %s");
2919  break;
2920  case OBJECT_TABLE:
2921  msg = gettext_noop("must be owner of table %s");
2922  break;
2923  case OBJECT_TYPE:
2924  msg = gettext_noop("must be owner of type %s");
2925  break;
2926  case OBJECT_VIEW:
2927  msg = gettext_noop("must be owner of view %s");
2928  break;
2929  case OBJECT_SCHEMA:
2930  msg = gettext_noop("must be owner of schema %s");
2931  break;
2932  case OBJECT_STATISTIC_EXT:
2933  msg = gettext_noop("must be owner of statistics object %s");
2934  break;
2935  case OBJECT_TABLESPACE:
2936  msg = gettext_noop("must be owner of tablespace %s");
2937  break;
2939  msg = gettext_noop("must be owner of text search configuration %s");
2940  break;
2941  case OBJECT_TSDICTIONARY:
2942  msg = gettext_noop("must be owner of text search dictionary %s");
2943  break;
2944 
2945  /*
2946  * Special cases: For these, the error message talks
2947  * about "relation", because that's where the
2948  * ownership is attached. See also
2949  * check_object_ownership().
2950  */
2951  case OBJECT_COLUMN:
2952  case OBJECT_POLICY:
2953  case OBJECT_RULE:
2954  case OBJECT_TABCONSTRAINT:
2955  case OBJECT_TRIGGER:
2956  msg = gettext_noop("must be owner of relation %s");
2957  break;
2958  /* these currently aren't used */
2959  case OBJECT_ACCESS_METHOD:
2960  case OBJECT_AMOP:
2961  case OBJECT_AMPROC:
2962  case OBJECT_ATTRIBUTE:
2963  case OBJECT_CAST:
2964  case OBJECT_DEFAULT:
2965  case OBJECT_DEFACL:
2966  case OBJECT_DOMCONSTRAINT:
2967  case OBJECT_PARAMETER_ACL:
2970  case OBJECT_ROLE:
2971  case OBJECT_TRANSFORM:
2972  case OBJECT_TSPARSER:
2973  case OBJECT_TSTEMPLATE:
2974  case OBJECT_USER_MAPPING:
2975  elog(ERROR, "unsupported object type: %d", objtype);
2976  }
2977 
2978  ereport(ERROR,
2979  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2980  errmsg(msg, objectname)));
2981  break;
2982  }
2983  default:
2984  elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
2985  break;
2986  }
2987 }
@ ACLCHECK_NO_PRIV
Definition: acl.h:184
@ ACLCHECK_OK
Definition: acl.h:183
@ ACLCHECK_NOT_OWNER
Definition: acl.h:185
#define gettext_noop(x)
Definition: c.h:1196
int errcode(int sqlerrcode)
Definition: elog.c:857
int errmsg(const char *fmt,...)
Definition: elog.c:1070
#define ERROR
Definition: elog.h:39
#define elog(elevel,...)
Definition: elog.h:224
#define ereport(elevel,...)
Definition: elog.h:149
@ OBJECT_EVENT_TRIGGER
Definition: parsenodes.h:2275
@ OBJECT_FDW
Definition: parsenodes.h:2277
@ OBJECT_TSPARSER
Definition: parsenodes.h:2308
@ OBJECT_COLLATION
Definition: parsenodes.h:2268
@ OBJECT_USER_MAPPING
Definition: parsenodes.h:2311
@ OBJECT_ACCESS_METHOD
Definition: parsenodes.h:2261
@ OBJECT_OPCLASS
Definition: parsenodes.h:2285
@ OBJECT_DEFACL
Definition: parsenodes.h:2272
@ OBJECT_AGGREGATE
Definition: parsenodes.h:2262
@ OBJECT_MATVIEW
Definition: parsenodes.h:2284
@ OBJECT_SCHEMA
Definition: parsenodes.h:2297
@ OBJECT_POLICY
Definition: parsenodes.h:2289
@ OBJECT_OPERATOR
Definition: parsenodes.h:2286
@ OBJECT_FOREIGN_TABLE
Definition: parsenodes.h:2279
@ OBJECT_TSCONFIGURATION
Definition: parsenodes.h:2306
@ OBJECT_OPFAMILY
Definition: parsenodes.h:2287
@ OBJECT_DOMAIN
Definition: parsenodes.h:2273
@ OBJECT_COLUMN
Definition: parsenodes.h:2267
@ OBJECT_TABLESPACE
Definition: parsenodes.h:2303
@ OBJECT_ROLE
Definition: parsenodes.h:2294
@ OBJECT_ROUTINE
Definition: parsenodes.h:2295
@ OBJECT_LARGEOBJECT
Definition: parsenodes.h:2283
@ OBJECT_PUBLICATION_NAMESPACE
Definition: parsenodes.h:2292
@ OBJECT_PROCEDURE
Definition: parsenodes.h:2290
@ OBJECT_EXTENSION
Definition: parsenodes.h:2276
@ OBJECT_INDEX
Definition: parsenodes.h:2281
@ OBJECT_DEFAULT
Definition: parsenodes.h:2271
@ OBJECT_DATABASE
Definition: parsenodes.h:2270
@ OBJECT_SEQUENCE
Definition: parsenodes.h:2298
@ OBJECT_TSTEMPLATE
Definition: parsenodes.h:2309
@ OBJECT_LANGUAGE
Definition: parsenodes.h:2282
@ OBJECT_AMOP
Definition: parsenodes.h:2263
@ OBJECT_PUBLICATION_REL
Definition: parsenodes.h:2293
@ OBJECT_FOREIGN_SERVER
Definition: parsenodes.h:2278
@ OBJECT_TSDICTIONARY
Definition: parsenodes.h:2307
@ OBJECT_ATTRIBUTE
Definition: parsenodes.h:2265
@ OBJECT_PUBLICATION
Definition: parsenodes.h:2291
@ OBJECT_RULE
Definition: parsenodes.h:2296
@ OBJECT_CONVERSION
Definition: parsenodes.h:2269
@ OBJECT_AMPROC
Definition: parsenodes.h:2264
@ OBJECT_TABLE
Definition: parsenodes.h:2302
@ OBJECT_VIEW
Definition: parsenodes.h:2312
@ OBJECT_PARAMETER_ACL
Definition: parsenodes.h:2288
@ OBJECT_TYPE
Definition: parsenodes.h:2310
@ OBJECT_FUNCTION
Definition: parsenodes.h:2280
@ OBJECT_TABCONSTRAINT
Definition: parsenodes.h:2301
@ OBJECT_DOMCONSTRAINT
Definition: parsenodes.h:2274
@ OBJECT_SUBSCRIPTION
Definition: parsenodes.h:2299
@ OBJECT_STATISTIC_EXT
Definition: parsenodes.h:2300
@ OBJECT_CAST
Definition: parsenodes.h:2266
@ OBJECT_TRIGGER
Definition: parsenodes.h:2305
@ OBJECT_TRANSFORM
Definition: parsenodes.h:2304

References ACLCHECK_NO_PRIV, ACLCHECK_NOT_OWNER, ACLCHECK_OK, elog, ereport, errcode(), errmsg(), ERROR, gettext_noop, OBJECT_ACCESS_METHOD, OBJECT_AGGREGATE, OBJECT_AMOP, OBJECT_AMPROC, OBJECT_ATTRIBUTE, OBJECT_CAST, OBJECT_COLLATION, OBJECT_COLUMN, OBJECT_CONVERSION, OBJECT_DATABASE, OBJECT_DEFACL, OBJECT_DEFAULT, OBJECT_DOMAIN, OBJECT_DOMCONSTRAINT, OBJECT_EVENT_TRIGGER, OBJECT_EXTENSION, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FOREIGN_TABLE, OBJECT_FUNCTION, OBJECT_INDEX, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_MATVIEW, OBJECT_OPCLASS, OBJECT_OPERATOR, OBJECT_OPFAMILY, OBJECT_PARAMETER_ACL, OBJECT_POLICY, OBJECT_PROCEDURE, OBJECT_PUBLICATION, OBJECT_PUBLICATION_NAMESPACE, OBJECT_PUBLICATION_REL, OBJECT_ROLE, OBJECT_ROUTINE, OBJECT_RULE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_STATISTIC_EXT, OBJECT_SUBSCRIPTION, OBJECT_TABCONSTRAINT, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TRANSFORM, OBJECT_TRIGGER, OBJECT_TSCONFIGURATION, OBJECT_TSDICTIONARY, OBJECT_TSPARSER, OBJECT_TSTEMPLATE, OBJECT_TYPE, OBJECT_USER_MAPPING, and OBJECT_VIEW.

Referenced by aclcheck_error_col(), aclcheck_error_type(), AlterCollation(), AlterDatabase(), AlterDatabaseOwner(), AlterDatabaseRefreshColl(), AlterDatabaseSet(), AlterEventTrigger(), AlterEventTriggerOwner_internal(), AlterExtensionNamespace(), AlterForeignServer(), AlterForeignServerOwner_internal(), AlterFunction(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), AlterOperator(), AlterOpFamilyAdd(), AlterPublication(), AlterPublicationOwner_internal(), AlterRoleSet(), AlterSchemaOwner_internal(), AlterStatistics(), AlterSubscription(), AlterSubscriptionOwner_internal(), AlterTableMoveAll(), AlterTableSpaceOptions(), AlterTSConfiguration(), AlterTSDictionary(), AlterTypeOwner(), ATExecChangeOwner(), ATPrepSetTableSpace(), ATSimplePermissions(), brin_desummarize_range(), brin_summarize_range(), calculate_database_size(), calculate_tablespace_size(), call_pltcl_start_proc(), check_object_ownership(), check_temp_tablespaces(), checkFkeyPermissions(), CheckFunctionValidatorAccess(), checkPartition(), compute_return_type(), CreateConversionCommand(), createdb(), CreateForeignServer(), CreateForeignTable(), CreateFunction(), CreateProceduralLanguage(), CreatePublication(), CreateSchemaCommand(), CreateStatistics(), CreateSubscription(), CreateTransform(), CreateTriggerFiringOn(), currtid_internal(), DefineAggregate(), DefineCollation(), DefineDomain(), DefineEnum(), DefineIndex(), DefineOpClass(), DefineOperator(), DefineOpFamily(), DefineQueryRewrite(), DefineRange(), DefineRelation(), DefineTSConfiguration(), DefineTSDictionary(), DefineType(), dropdb(), DropSubscription(), DropTableSpace(), EnableDisableRule(), ExecAlterExtensionContentsStmt(), ExecAlterExtensionStmt(), ExecBuildGroupingEqual(), ExecBuildParamSetEqual(), ExecCheckPermissions(), ExecInitAgg(), ExecInitExprRec(), ExecInitFunc(), ExecInitWindowAgg(), ExecReindex(), ExecuteCallStmt(), ExecuteDoStmt(), ExecuteTruncateGuts(), findRangeCanonicalFunction(), findRangeSubtypeDiffFunction(), get_connect_string(), get_other_operator(), get_rel_from_relname(), gin_clean_pending_list(), HandleFunctionRequest(), heap_force_common(), ImportForeignSchema(), init_sexpr(), initialize_peragg(), LockViewRecurse_walker(), LogicalRepSyncTableStart(), lookup_agg_function(), LookupCreationNamespace(), LookupExplicitNamespace(), MergeAttributes(), movedb(), OperatorCreate(), pg_prewarm(), pgrowlocks(), ProcedureCreate(), PublicationAddTables(), RangeVarCallbackForAlterRelation(), RangeVarCallbackForDropRelation(), RangeVarCallbackForLockTable(), RangeVarCallbackForPolicy(), RangeVarCallbackForReindexIndex(), RangeVarCallbackForRenameRule(), RangeVarCallbackForRenameTrigger(), RangeVarCallbackMaintainsTable(), RangeVarCallbackOwnsRelation(), RangeVarGetAndCheckCreationNamespace(), ReindexMultipleInternal(), ReindexMultipleTables(), renameatt_check(), RenameDatabase(), RenameSchema(), RenameTableSpace(), restrict_and_check_grant(), TargetPrivilegesCheck(), transformTableLikeClause(), truncate_check_perms(), TypeCreate(), user_mapping_ddl_aclcheck(), ValidateJoinEstimator(), ValidateOperatorReference(), and ValidateRestrictionEstimator().

◆ aclcheck_error_col()

void aclcheck_error_col ( AclResult  aclerr,
ObjectType  objtype,
const char *  objectname,
const char *  colname 
)

Definition at line 2991 of file aclchk.c.

2993 {
2994  switch (aclerr)
2995  {
2996  case ACLCHECK_OK:
2997  /* no error, so return to caller */
2998  break;
2999  case ACLCHECK_NO_PRIV:
3000  ereport(ERROR,
3001  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
3002  errmsg("permission denied for column \"%s\" of relation \"%s\"",
3003  colname, objectname)));
3004  break;
3005  case ACLCHECK_NOT_OWNER:
3006  /* relation msg is OK since columns don't have separate owners */
3007  aclcheck_error(aclerr, objtype, objectname);
3008  break;
3009  default:
3010  elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
3011  break;
3012  }
3013 }
void aclcheck_error(AclResult aclerr, ObjectType objtype, const char *objectname)
Definition: aclchk.c:2702

References aclcheck_error(), ACLCHECK_NO_PRIV, ACLCHECK_NOT_OWNER, ACLCHECK_OK, elog, ereport, errcode(), errmsg(), and ERROR.

Referenced by restrict_and_check_grant().

◆ aclcheck_error_type()

void aclcheck_error_type ( AclResult  aclerr,
Oid  typeOid 
)

◆ ExecAlterDefaultPrivilegesStmt()

void ExecAlterDefaultPrivilegesStmt ( ParseState pstate,
AlterDefaultPrivilegesStmt stmt 
)

Definition at line 975 of file aclchk.c.

976 {
977  GrantStmt *action = stmt->action;
978  InternalDefaultACL iacls;
979  ListCell *cell;
980  List *rolespecs = NIL;
981  List *nspnames = NIL;
982  DefElem *drolespecs = NULL;
983  DefElem *dnspnames = NULL;
984  AclMode all_privileges;
985  const char *errormsg;
986 
987  /* Deconstruct the "options" part of the statement */
988  foreach(cell, stmt->options)
989  {
990  DefElem *defel = (DefElem *) lfirst(cell);
991 
992  if (strcmp(defel->defname, "schemas") == 0)
993  {
994  if (dnspnames)
995  errorConflictingDefElem(defel, pstate);
996  dnspnames = defel;
997  }
998  else if (strcmp(defel->defname, "roles") == 0)
999  {
1000  if (drolespecs)
1001  errorConflictingDefElem(defel, pstate);
1002  drolespecs = defel;
1003  }
1004  else
1005  elog(ERROR, "option \"%s\" not recognized", defel->defname);
1006  }
1007 
1008  if (dnspnames)
1009  nspnames = (List *) dnspnames->arg;
1010  if (drolespecs)
1011  rolespecs = (List *) drolespecs->arg;
1012 
1013  /* Prepare the InternalDefaultACL representation of the statement */
1014  /* roleid to be filled below */
1015  /* nspid to be filled in SetDefaultACLsInSchemas */
1016  iacls.is_grant = action->is_grant;
1017  iacls.objtype = action->objtype;
1018  /* all_privs to be filled below */
1019  /* privileges to be filled below */
1020  iacls.grantees = NIL; /* filled below */
1021  iacls.grant_option = action->grant_option;
1022  iacls.behavior = action->behavior;
1023 
1024  /*
1025  * Convert the RoleSpec list into an Oid list. Note that at this point we
1026  * insert an ACL_ID_PUBLIC into the list if appropriate, so downstream
1027  * there shouldn't be any additional work needed to support this case.
1028  */
1029  foreach(cell, action->grantees)
1030  {
1031  RoleSpec *grantee = (RoleSpec *) lfirst(cell);
1032  Oid grantee_uid;
1033 
1034  switch (grantee->roletype)
1035  {
1036  case ROLESPEC_PUBLIC:
1037  grantee_uid = ACL_ID_PUBLIC;
1038  break;
1039  default:
1040  grantee_uid = get_rolespec_oid(grantee, false);
1041  break;
1042  }
1043  iacls.grantees = lappend_oid(iacls.grantees, grantee_uid);
1044  }
1045 
1046  /*
1047  * Convert action->privileges, a list of privilege strings, into an
1048  * AclMode bitmask.
1049  */
1050  switch (action->objtype)
1051  {
1052  case OBJECT_TABLE:
1053  all_privileges = ACL_ALL_RIGHTS_RELATION;
1054  errormsg = gettext_noop("invalid privilege type %s for relation");
1055  break;
1056  case OBJECT_SEQUENCE:
1057  all_privileges = ACL_ALL_RIGHTS_SEQUENCE;
1058  errormsg = gettext_noop("invalid privilege type %s for sequence");
1059  break;
1060  case OBJECT_FUNCTION:
1061  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
1062  errormsg = gettext_noop("invalid privilege type %s for function");
1063  break;
1064  case OBJECT_PROCEDURE:
1065  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
1066  errormsg = gettext_noop("invalid privilege type %s for procedure");
1067  break;
1068  case OBJECT_ROUTINE:
1069  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
1070  errormsg = gettext_noop("invalid privilege type %s for routine");
1071  break;
1072  case OBJECT_TYPE:
1073  all_privileges = ACL_ALL_RIGHTS_TYPE;
1074  errormsg = gettext_noop("invalid privilege type %s for type");
1075  break;
1076  case OBJECT_SCHEMA:
1077  all_privileges = ACL_ALL_RIGHTS_SCHEMA;
1078  errormsg = gettext_noop("invalid privilege type %s for schema");
1079  break;
1080  default:
1081  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
1082  (int) action->objtype);
1083  /* keep compiler quiet */
1084  all_privileges = ACL_NO_RIGHTS;
1085  errormsg = NULL;
1086  }
1087 
1088  if (action->privileges == NIL)
1089  {
1090  iacls.all_privs = true;
1091 
1092  /*
1093  * will be turned into ACL_ALL_RIGHTS_* by the internal routines
1094  * depending on the object type
1095  */
1096  iacls.privileges = ACL_NO_RIGHTS;
1097  }
1098  else
1099  {
1100  iacls.all_privs = false;
1101  iacls.privileges = ACL_NO_RIGHTS;
1102 
1103  foreach(cell, action->privileges)
1104  {
1105  AccessPriv *privnode = (AccessPriv *) lfirst(cell);
1106  AclMode priv;
1107 
1108  if (privnode->cols)
1109  ereport(ERROR,
1110  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1111  errmsg("default privileges cannot be set for columns")));
1112 
1113  if (privnode->priv_name == NULL) /* parser mistake? */
1114  elog(ERROR, "AccessPriv node must specify privilege");
1115  priv = string_to_privilege(privnode->priv_name);
1116 
1117  if (priv & ~((AclMode) all_privileges))
1118  ereport(ERROR,
1119  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1120  errmsg(errormsg, privilege_to_string(priv))));
1121 
1122  iacls.privileges |= priv;
1123  }
1124  }
1125 
1126  if (rolespecs == NIL)
1127  {
1128  /* Set permissions for myself */
1129  iacls.roleid = GetUserId();
1130 
1131  SetDefaultACLsInSchemas(&iacls, nspnames);
1132  }
1133  else
1134  {
1135  /* Look up the role OIDs and do permissions checks */
1136  ListCell *rolecell;
1137 
1138  foreach(rolecell, rolespecs)
1139  {
1140  RoleSpec *rolespec = lfirst(rolecell);
1141 
1142  iacls.roleid = get_rolespec_oid(rolespec, false);
1143 
1144  if (!has_privs_of_role(GetUserId(), iacls.roleid))
1145  ereport(ERROR,
1146  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1147  errmsg("permission denied to change default privileges")));
1148 
1149  SetDefaultACLsInSchemas(&iacls, nspnames);
1150  }
1151  }
1152 }
bool has_privs_of_role(Oid member, Oid role)
Definition: acl.c:5128
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
Definition: acl.c:5448
#define ACL_ALL_RIGHTS_SCHEMA
Definition: acl.h:169
#define ACL_ALL_RIGHTS_SEQUENCE
Definition: acl.h:161
#define ACL_ALL_RIGHTS_FUNCTION
Definition: acl.h:165
#define ACL_ALL_RIGHTS_TYPE
Definition: acl.h:171
#define ACL_ALL_RIGHTS_RELATION
Definition: acl.h:160
#define ACL_ID_PUBLIC
Definition: acl.h:46
static AclMode string_to_privilege(const char *privname)
Definition: aclchk.c:2612
static void SetDefaultACLsInSchemas(InternalDefaultACL *iacls, List *nspnames)
Definition: aclchk.c:1160
static const char * privilege_to_string(AclMode privilege)
Definition: aclchk.c:2655
void errorConflictingDefElem(DefElem *defel, ParseState *pstate)
Definition: define.c:384
#define stmt
Definition: indent_codes.h:59
if(TABLE==NULL||TABLE_index==NULL)
Definition: isn.c:77
List * lappend_oid(List *list, Oid datum)
Definition: list.c:375
Oid GetUserId(void)
Definition: miscinit.c:514
@ ROLESPEC_PUBLIC
Definition: parsenodes.h:398
uint64 AclMode
Definition: parsenodes.h:74
#define ACL_NO_RIGHTS
Definition: parsenodes.h:92
#define lfirst(lc)
Definition: pg_list.h:172
#define NIL
Definition: pg_list.h:68
char * priv_name
Definition: parsenodes.h:2548
List * cols
Definition: parsenodes.h:2549
char * defname
Definition: parsenodes.h:815
Node * arg
Definition: parsenodes.h:816
AclMode privileges
Definition: aclchk.c:98
List * grantees
Definition: aclchk.c:99
DropBehavior behavior
Definition: aclchk.c:101
ObjectType objtype
Definition: aclchk.c:96
Definition: pg_list.h:54
RoleSpecType roletype
Definition: parsenodes.h:404

References ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TYPE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, generate_unaccent_rules::action, InternalDefaultACL::all_privs, DefElem::arg, InternalDefaultACL::behavior, AccessPriv::cols, DefElem::defname, elog, ereport, errcode(), errmsg(), ERROR, errorConflictingDefElem(), get_rolespec_oid(), gettext_noop, GetUserId(), InternalDefaultACL::grant_option, InternalDefaultACL::grantees, has_privs_of_role(), if(), InternalDefaultACL::is_grant, lappend_oid(), lfirst, NIL, OBJECT_FUNCTION, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TYPE, InternalDefaultACL::objtype, AccessPriv::priv_name, privilege_to_string(), InternalDefaultACL::privileges, InternalDefaultACL::roleid, ROLESPEC_PUBLIC, RoleSpec::roletype, SetDefaultACLsInSchemas(), stmt, and string_to_privilege().

Referenced by ProcessUtilitySlow().

◆ ExecGrant_Attribute()

static void ExecGrant_Attribute ( InternalGrant istmt,
Oid  relOid,
const char *  relname,
AttrNumber  attnum,
Oid  ownerId,
AclMode  col_privileges,
Relation  attRelation,
const Acl old_rel_acl 
)
static

Definition at line 1679 of file aclchk.c.

1682 {
1683  HeapTuple attr_tuple;
1684  Form_pg_attribute pg_attribute_tuple;
1685  Acl *old_acl;
1686  Acl *new_acl;
1687  Acl *merged_acl;
1688  Datum aclDatum;
1689  bool isNull;
1690  Oid grantorId;
1691  AclMode avail_goptions;
1692  bool need_update;
1693  HeapTuple newtuple;
1694  Datum values[Natts_pg_attribute] = {0};
1695  bool nulls[Natts_pg_attribute] = {0};
1696  bool replaces[Natts_pg_attribute] = {0};
1697  int noldmembers;
1698  int nnewmembers;
1699  Oid *oldmembers;
1700  Oid *newmembers;
1701 
1702  attr_tuple = SearchSysCache2(ATTNUM,
1703  ObjectIdGetDatum(relOid),
1705  if (!HeapTupleIsValid(attr_tuple))
1706  elog(ERROR, "cache lookup failed for attribute %d of relation %u",
1707  attnum, relOid);
1708  pg_attribute_tuple = (Form_pg_attribute) GETSTRUCT(attr_tuple);
1709 
1710  /*
1711  * Get working copy of existing ACL. If there's no ACL, substitute the
1712  * proper default.
1713  */
1714  aclDatum = SysCacheGetAttr(ATTNUM, attr_tuple, Anum_pg_attribute_attacl,
1715  &isNull);
1716  if (isNull)
1717  {
1718  old_acl = acldefault(OBJECT_COLUMN, ownerId);
1719  /* There are no old member roles according to the catalogs */
1720  noldmembers = 0;
1721  oldmembers = NULL;
1722  }
1723  else
1724  {
1725  old_acl = DatumGetAclPCopy(aclDatum);
1726  /* Get the roles mentioned in the existing ACL */
1727  noldmembers = aclmembers(old_acl, &oldmembers);
1728  }
1729 
1730  /*
1731  * In select_best_grantor we should consider existing table-level ACL bits
1732  * as well as the per-column ACL. Build a new ACL that is their
1733  * concatenation. (This is a bit cheap and dirty compared to merging them
1734  * properly with no duplications, but it's all we need here.)
1735  */
1736  merged_acl = aclconcat(old_rel_acl, old_acl);
1737 
1738  /* Determine ID to do the grant as, and available grant options */
1739  select_best_grantor(GetUserId(), col_privileges,
1740  merged_acl, ownerId,
1741  &grantorId, &avail_goptions);
1742 
1743  pfree(merged_acl);
1744 
1745  /*
1746  * Restrict the privileges to what we can actually grant, and emit the
1747  * standards-mandated warning and error messages. Note: we don't track
1748  * whether the user actually used the ALL PRIVILEGES(columns) syntax for
1749  * each column; we just approximate it by whether all the possible
1750  * privileges are specified now. Since the all_privs flag only determines
1751  * whether a warning is issued, this seems close enough.
1752  */
1753  col_privileges =
1754  restrict_and_check_grant(istmt->is_grant, avail_goptions,
1755  (col_privileges == ACL_ALL_RIGHTS_COLUMN),
1756  col_privileges,
1757  relOid, grantorId, OBJECT_COLUMN,
1758  relname, attnum,
1759  NameStr(pg_attribute_tuple->attname));
1760 
1761  /*
1762  * Generate new ACL.
1763  */
1764  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
1765  istmt->grant_option,
1766  istmt->behavior, istmt->grantees,
1767  col_privileges, grantorId,
1768  ownerId);
1769 
1770  /*
1771  * We need the members of both old and new ACLs so we can correct the
1772  * shared dependency information.
1773  */
1774  nnewmembers = aclmembers(new_acl, &newmembers);
1775 
1776  /* finished building new ACL value, now insert it */
1777 
1778  /*
1779  * If the updated ACL is empty, we can set attacl to null, and maybe even
1780  * avoid an update of the pg_attribute row. This is worth testing because
1781  * we'll come through here multiple times for any relation-level REVOKE,
1782  * even if there were never any column GRANTs. Note we are assuming that
1783  * the "default" ACL state for columns is empty.
1784  */
1785  if (ACL_NUM(new_acl) > 0)
1786  {
1787  values[Anum_pg_attribute_attacl - 1] = PointerGetDatum(new_acl);
1788  need_update = true;
1789  }
1790  else
1791  {
1792  nulls[Anum_pg_attribute_attacl - 1] = true;
1793  need_update = !isNull;
1794  }
1795  replaces[Anum_pg_attribute_attacl - 1] = true;
1796 
1797  if (need_update)
1798  {
1799  newtuple = heap_modify_tuple(attr_tuple, RelationGetDescr(attRelation),
1800  values, nulls, replaces);
1801 
1802  CatalogTupleUpdate(attRelation, &newtuple->t_self, newtuple);
1803 
1804  /* Update initial privileges for extensions */
1805  recordExtensionInitPriv(relOid, RelationRelationId, attnum, ownerId,
1806  ACL_NUM(new_acl) > 0 ? new_acl : NULL);
1807 
1808  /* Update the shared dependency ACL info */
1809  updateAclDependencies(RelationRelationId, relOid, attnum,
1810  ownerId,
1811  noldmembers, oldmembers,
1812  nnewmembers, newmembers);
1813  }
1814 
1815  pfree(new_acl);
1816 
1817  ReleaseSysCache(attr_tuple);
1818 }
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
Definition: acl.c:5338
int aclmembers(const Acl *acl, Oid **roleids)
Definition: acl.c:1517
Acl * aclconcat(const Acl *left_acl, const Acl *right_acl)
Definition: acl.c:460
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:786
#define ACL_ALL_RIGHTS_COLUMN
Definition: acl.h:159
#define ACL_NUM(ACL)
Definition: acl.h:108
#define DatumGetAclPCopy(X)
Definition: acl.h:121
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
Definition: aclchk.c:181
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Oid ownerId, Acl *new_acl)
Definition: aclchk.c:4693
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
Definition: aclchk.c:240
static Datum values[MAXATTR]
Definition: bootstrap.c:152
#define NameStr(name)
Definition: c.h:746
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, const Datum *replValues, const bool *replIsnull, const bool *doReplace)
Definition: heaptuple.c:1209
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
#define GETSTRUCT(TUP)
Definition: htup_details.h:653
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:313
void pfree(void *pointer)
Definition: mcxt.c:1520
int16 attnum
Definition: pg_attribute.h:74
FormData_pg_attribute * Form_pg_attribute
Definition: pg_attribute.h:209
NameData relname
Definition: pg_class.h:38
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
Definition: pg_shdepend.c:487
static Datum PointerGetDatum(const void *X)
Definition: postgres.h:322
uintptr_t Datum
Definition: postgres.h:64
static Datum Int16GetDatum(int16 X)
Definition: postgres.h:172
static Datum ObjectIdGetDatum(Oid X)
Definition: postgres.h:252
#define RelationGetDescr(relation)
Definition: rel.h:531
ItemPointerData t_self
Definition: htup.h:65
DropBehavior behavior
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:266
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
Definition: syscache.c:479
HeapTuple SearchSysCache2(int cacheId, Datum key1, Datum key2)
Definition: syscache.c:229

References ACL_ALL_RIGHTS_COLUMN, ACL_NUM, aclconcat(), acldefault(), aclmembers(), attnum, InternalGrant::behavior, CatalogTupleUpdate(), DatumGetAclPCopy, elog, ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, Int16GetDatum(), InternalGrant::is_grant, merge_acl_with_grant(), NameStr, OBJECT_COLUMN, ObjectIdGetDatum(), pfree(), PointerGetDatum(), recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), relname, restrict_and_check_grant(), SearchSysCache2(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, updateAclDependencies(), and values.

Referenced by ExecGrant_Relation().

◆ ExecGrant_common()

static void ExecGrant_common ( InternalGrant istmt,
Oid  classid,
AclMode  default_privs,
void(*)(InternalGrant *istmt, HeapTuple tuple)  object_check 
)
static

Definition at line 2153 of file aclchk.c.

2155 {
2156  int cacheid;
2157  Relation relation;
2158  ListCell *cell;
2159 
2160  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2161  istmt->privileges = default_privs;
2162 
2163  cacheid = get_object_catcache_oid(classid);
2164 
2165  relation = table_open(classid, RowExclusiveLock);
2166 
2167  foreach(cell, istmt->objects)
2168  {
2169  Oid objectid = lfirst_oid(cell);
2170  Datum aclDatum;
2171  Datum nameDatum;
2172  bool isNull;
2173  AclMode avail_goptions;
2174  AclMode this_privileges;
2175  Acl *old_acl;
2176  Acl *new_acl;
2177  Oid grantorId;
2178  Oid ownerId;
2179  HeapTuple tuple;
2180  HeapTuple newtuple;
2181  Datum *values = palloc0_array(Datum, RelationGetDescr(relation)->natts);
2182  bool *nulls = palloc0_array(bool, RelationGetDescr(relation)->natts);
2183  bool *replaces = palloc0_array(bool, RelationGetDescr(relation)->natts);
2184  int noldmembers;
2185  int nnewmembers;
2186  Oid *oldmembers;
2187  Oid *newmembers;
2188 
2189  tuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objectid));
2190  if (!HeapTupleIsValid(tuple))
2191  elog(ERROR, "cache lookup failed for %s %u", get_object_class_descr(classid), objectid);
2192 
2193  /*
2194  * Additional object-type-specific checks
2195  */
2196  if (object_check)
2197  object_check(istmt, tuple);
2198 
2199  /*
2200  * Get owner ID and working copy of existing ACL. If there's no ACL,
2201  * substitute the proper default.
2202  */
2203  ownerId = DatumGetObjectId(SysCacheGetAttrNotNull(cacheid,
2204  tuple,
2205  get_object_attnum_owner(classid)));
2206  aclDatum = SysCacheGetAttr(cacheid,
2207  tuple,
2208  get_object_attnum_acl(classid),
2209  &isNull);
2210  if (isNull)
2211  {
2212  old_acl = acldefault(get_object_type(classid, objectid), ownerId);
2213  /* There are no old member roles according to the catalogs */
2214  noldmembers = 0;
2215  oldmembers = NULL;
2216  }
2217  else
2218  {
2219  old_acl = DatumGetAclPCopy(aclDatum);
2220  /* Get the roles mentioned in the existing ACL */
2221  noldmembers = aclmembers(old_acl, &oldmembers);
2222  }
2223 
2224  /* Determine ID to do the grant as, and available grant options */
2226  old_acl, ownerId,
2227  &grantorId, &avail_goptions);
2228 
2229  nameDatum = SysCacheGetAttrNotNull(cacheid, tuple,
2230  get_object_attnum_name(classid));
2231 
2232  /*
2233  * Restrict the privileges to what we can actually grant, and emit the
2234  * standards-mandated warning and error messages.
2235  */
2236  this_privileges =
2237  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2238  istmt->all_privs, istmt->privileges,
2239  objectid, grantorId, get_object_type(classid, objectid),
2240  NameStr(*DatumGetName(nameDatum)),
2241  0, NULL);
2242 
2243  /*
2244  * Generate new ACL.
2245  */
2246  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2247  istmt->grant_option, istmt->behavior,
2248  istmt->grantees, this_privileges,
2249  grantorId, ownerId);
2250 
2251  /*
2252  * We need the members of both old and new ACLs so we can correct the
2253  * shared dependency information.
2254  */
2255  nnewmembers = aclmembers(new_acl, &newmembers);
2256 
2257  /* finished building new ACL value, now insert it */
2258  replaces[get_object_attnum_acl(classid) - 1] = true;
2259  values[get_object_attnum_acl(classid) - 1] = PointerGetDatum(new_acl);
2260 
2261  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
2262  nulls, replaces);
2263 
2264  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2265 
2266  /* Update initial privileges for extensions */
2267  recordExtensionInitPriv(objectid, classid, 0, ownerId, new_acl);
2268 
2269  /* Update the shared dependency ACL info */
2270  updateAclDependencies(classid,
2271  objectid, 0,
2272  ownerId,
2273  noldmembers, oldmembers,
2274  nnewmembers, newmembers);
2275 
2276  ReleaseSysCache(tuple);
2277 
2278  pfree(new_acl);
2279 
2280  /* prevent error when processing duplicate objects */
2282  }
2283 
2284  table_close(relation, RowExclusiveLock);
2285 }
#define palloc0_array(type, count)
Definition: fe_memutils.h:65
#define RowExclusiveLock
Definition: lockdefs.h:38
AttrNumber get_object_attnum_owner(Oid class_id)
AttrNumber get_object_attnum_name(Oid class_id)
AttrNumber get_object_attnum_acl(Oid class_id)
int get_object_catcache_oid(Oid class_id)
ObjectType get_object_type(Oid class_id, Oid object_id)
const char * get_object_class_descr(Oid class_id)
#define lfirst_oid(lc)
Definition: pg_list.h:174
static Name DatumGetName(Datum X)
Definition: postgres.h:360
static Oid DatumGetObjectId(Datum X)
Definition: postgres.h:242
AclMode privileges
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:218
Datum SysCacheGetAttrNotNull(int cacheId, HeapTuple tup, AttrNumber attributeNumber)
Definition: syscache.c:510
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:126
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:40
void CommandCounterIncrement(void)
Definition: xact.c:1097

References ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, DatumGetName(), DatumGetObjectId(), elog, ERROR, get_object_attnum_acl(), get_object_attnum_name(), get_object_attnum_owner(), get_object_catcache_oid(), get_object_class_descr(), get_object_type(), GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), NameStr, ObjectIdGetDatum(), InternalGrant::objects, palloc0_array, pfree(), PointerGetDatum(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), SysCacheGetAttrNotNull(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Language_check()

static void ExecGrant_Language_check ( InternalGrant istmt,
HeapTuple  tuple 
)
static

Definition at line 2288 of file aclchk.c.

2289 {
2290  Form_pg_language pg_language_tuple;
2291 
2292  pg_language_tuple = (Form_pg_language) GETSTRUCT(tuple);
2293 
2294  if (!pg_language_tuple->lanpltrusted)
2295  ereport(ERROR,
2296  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2297  errmsg("language \"%s\" is not trusted",
2298  NameStr(pg_language_tuple->lanname)),
2299  errdetail("GRANT and REVOKE are not allowed on untrusted languages, "
2300  "because only superusers can use untrusted languages.")));
2301 }
int errdetail(const char *fmt,...)
Definition: elog.c:1203
FormData_pg_language * Form_pg_language
Definition: pg_language.h:65

References ereport, errcode(), errdetail(), errmsg(), ERROR, GETSTRUCT, and NameStr.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Largeobject()

static void ExecGrant_Largeobject ( InternalGrant istmt)
static

Definition at line 2304 of file aclchk.c.

2305 {
2306  Relation relation;
2307  ListCell *cell;
2308 
2309  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2311 
2312  relation = table_open(LargeObjectMetadataRelationId,
2314 
2315  foreach(cell, istmt->objects)
2316  {
2317  Oid loid = lfirst_oid(cell);
2318  Form_pg_largeobject_metadata form_lo_meta;
2319  char loname[NAMEDATALEN];
2320  Datum aclDatum;
2321  bool isNull;
2322  AclMode avail_goptions;
2323  AclMode this_privileges;
2324  Acl *old_acl;
2325  Acl *new_acl;
2326  Oid grantorId;
2327  Oid ownerId;
2328  HeapTuple newtuple;
2329  Datum values[Natts_pg_largeobject_metadata] = {0};
2330  bool nulls[Natts_pg_largeobject_metadata] = {0};
2331  bool replaces[Natts_pg_largeobject_metadata] = {0};
2332  int noldmembers;
2333  int nnewmembers;
2334  Oid *oldmembers;
2335  Oid *newmembers;
2336  ScanKeyData entry[1];
2337  SysScanDesc scan;
2338  HeapTuple tuple;
2339 
2340  /* There's no syscache for pg_largeobject_metadata */
2341  ScanKeyInit(&entry[0],
2342  Anum_pg_largeobject_metadata_oid,
2343  BTEqualStrategyNumber, F_OIDEQ,
2344  ObjectIdGetDatum(loid));
2345 
2346  scan = systable_beginscan(relation,
2347  LargeObjectMetadataOidIndexId, true,
2348  NULL, 1, entry);
2349 
2350  tuple = systable_getnext(scan);
2351  if (!HeapTupleIsValid(tuple))
2352  elog(ERROR, "could not find tuple for large object %u", loid);
2353 
2354  form_lo_meta = (Form_pg_largeobject_metadata) GETSTRUCT(tuple);
2355 
2356  /*
2357  * Get owner ID and working copy of existing ACL. If there's no ACL,
2358  * substitute the proper default.
2359  */
2360  ownerId = form_lo_meta->lomowner;
2361  aclDatum = heap_getattr(tuple,
2362  Anum_pg_largeobject_metadata_lomacl,
2363  RelationGetDescr(relation), &isNull);
2364  if (isNull)
2365  {
2366  old_acl = acldefault(OBJECT_LARGEOBJECT, ownerId);
2367  /* There are no old member roles according to the catalogs */
2368  noldmembers = 0;
2369  oldmembers = NULL;
2370  }
2371  else
2372  {
2373  old_acl = DatumGetAclPCopy(aclDatum);
2374  /* Get the roles mentioned in the existing ACL */
2375  noldmembers = aclmembers(old_acl, &oldmembers);
2376  }
2377 
2378  /* Determine ID to do the grant as, and available grant options */
2380  old_acl, ownerId,
2381  &grantorId, &avail_goptions);
2382 
2383  /*
2384  * Restrict the privileges to what we can actually grant, and emit the
2385  * standards-mandated warning and error messages.
2386  */
2387  snprintf(loname, sizeof(loname), "large object %u", loid);
2388  this_privileges =
2389  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2390  istmt->all_privs, istmt->privileges,
2391  loid, grantorId, OBJECT_LARGEOBJECT,
2392  loname, 0, NULL);
2393 
2394  /*
2395  * Generate new ACL.
2396  */
2397  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2398  istmt->grant_option, istmt->behavior,
2399  istmt->grantees, this_privileges,
2400  grantorId, ownerId);
2401 
2402  /*
2403  * We need the members of both old and new ACLs so we can correct the
2404  * shared dependency information.
2405  */
2406  nnewmembers = aclmembers(new_acl, &newmembers);
2407 
2408  /* finished building new ACL value, now insert it */
2409  replaces[Anum_pg_largeobject_metadata_lomacl - 1] = true;
2410  values[Anum_pg_largeobject_metadata_lomacl - 1]
2411  = PointerGetDatum(new_acl);
2412 
2413  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
2414  values, nulls, replaces);
2415 
2416  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2417 
2418  /* Update initial privileges for extensions */
2419  recordExtensionInitPriv(loid, LargeObjectRelationId, 0,
2420  ownerId, new_acl);
2421 
2422  /* Update the shared dependency ACL info */
2423  updateAclDependencies(LargeObjectRelationId,
2424  form_lo_meta->oid, 0,
2425  ownerId,
2426  noldmembers, oldmembers,
2427  nnewmembers, newmembers);
2428 
2429  systable_endscan(scan);
2430 
2431  pfree(new_acl);
2432 
2433  /* prevent error when processing duplicate objects */
2435  }
2436 
2437  table_close(relation, RowExclusiveLock);
2438 }
#define ACL_ALL_RIGHTS_LARGEOBJECT
Definition: acl.h:167
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:596
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:503
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:384
static Datum heap_getattr(HeapTuple tup, int attnum, TupleDesc tupleDesc, bool *isnull)
Definition: htup_details.h:792
#define NAMEDATALEN
FormData_pg_largeobject_metadata * Form_pg_largeobject_metadata
#define snprintf
Definition: port.h:238
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
#define BTEqualStrategyNumber
Definition: stratnum.h:31

References ACL_ALL_RIGHTS_LARGEOBJECT, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, BTEqualStrategyNumber, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_getattr(), heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), NAMEDATALEN, OBJECT_LARGEOBJECT, ObjectIdGetDatum(), InternalGrant::objects, pfree(), PointerGetDatum(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, restrict_and_check_grant(), RowExclusiveLock, ScanKeyInit(), select_best_grantor(), snprintf, systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Parameter()

static void ExecGrant_Parameter ( InternalGrant istmt)
static

Definition at line 2469 of file aclchk.c.

2470 {
2471  Relation relation;
2472  ListCell *cell;
2473 
2474  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2476 
2477  relation = table_open(ParameterAclRelationId, RowExclusiveLock);
2478 
2479  foreach(cell, istmt->objects)
2480  {
2481  Oid parameterId = lfirst_oid(cell);
2482  Datum nameDatum;
2483  const char *parname;
2484  Datum aclDatum;
2485  bool isNull;
2486  AclMode avail_goptions;
2487  AclMode this_privileges;
2488  Acl *old_acl;
2489  Acl *new_acl;
2490  Oid grantorId;
2491  Oid ownerId;
2492  HeapTuple tuple;
2493  int noldmembers;
2494  int nnewmembers;
2495  Oid *oldmembers;
2496  Oid *newmembers;
2497 
2498  tuple = SearchSysCache1(PARAMETERACLOID, ObjectIdGetDatum(parameterId));
2499  if (!HeapTupleIsValid(tuple))
2500  elog(ERROR, "cache lookup failed for parameter ACL %u",
2501  parameterId);
2502 
2503  /* We'll need the GUC's name */
2504  nameDatum = SysCacheGetAttrNotNull(PARAMETERACLOID, tuple,
2505  Anum_pg_parameter_acl_parname);
2506  parname = TextDatumGetCString(nameDatum);
2507 
2508  /* Treat all parameters as belonging to the bootstrap superuser. */
2509  ownerId = BOOTSTRAP_SUPERUSERID;
2510 
2511  /*
2512  * Get working copy of existing ACL. If there's no ACL, substitute the
2513  * proper default.
2514  */
2515  aclDatum = SysCacheGetAttr(PARAMETERACLOID, tuple,
2516  Anum_pg_parameter_acl_paracl,
2517  &isNull);
2518 
2519  if (isNull)
2520  {
2521  old_acl = acldefault(istmt->objtype, ownerId);
2522  /* There are no old member roles according to the catalogs */
2523  noldmembers = 0;
2524  oldmembers = NULL;
2525  }
2526  else
2527  {
2528  old_acl = DatumGetAclPCopy(aclDatum);
2529  /* Get the roles mentioned in the existing ACL */
2530  noldmembers = aclmembers(old_acl, &oldmembers);
2531  }
2532 
2533  /* Determine ID to do the grant as, and available grant options */
2535  old_acl, ownerId,
2536  &grantorId, &avail_goptions);
2537 
2538  /*
2539  * Restrict the privileges to what we can actually grant, and emit the
2540  * standards-mandated warning and error messages.
2541  */
2542  this_privileges =
2543  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2544  istmt->all_privs, istmt->privileges,
2545  parameterId, grantorId,
2547  parname,
2548  0, NULL);
2549 
2550  /*
2551  * Generate new ACL.
2552  */
2553  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2554  istmt->grant_option, istmt->behavior,
2555  istmt->grantees, this_privileges,
2556  grantorId, ownerId);
2557 
2558  /*
2559  * We need the members of both old and new ACLs so we can correct the
2560  * shared dependency information.
2561  */
2562  nnewmembers = aclmembers(new_acl, &newmembers);
2563 
2564  /*
2565  * If the new ACL is equal to the default, we don't need the catalog
2566  * entry any longer. Delete it rather than updating it, to avoid
2567  * leaving a degenerate entry.
2568  */
2569  if (aclequal(new_acl, acldefault(istmt->objtype, ownerId)))
2570  {
2571  CatalogTupleDelete(relation, &tuple->t_self);
2572  }
2573  else
2574  {
2575  /* finished building new ACL value, now insert it */
2576  HeapTuple newtuple;
2577  Datum values[Natts_pg_parameter_acl] = {0};
2578  bool nulls[Natts_pg_parameter_acl] = {0};
2579  bool replaces[Natts_pg_parameter_acl] = {0};
2580 
2581  replaces[Anum_pg_parameter_acl_paracl - 1] = true;
2582  values[Anum_pg_parameter_acl_paracl - 1] = PointerGetDatum(new_acl);
2583 
2584  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
2585  values, nulls, replaces);
2586 
2587  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2588  }
2589 
2590  /* Update initial privileges for extensions */
2591  recordExtensionInitPriv(parameterId, ParameterAclRelationId, 0,
2592  ownerId, new_acl);
2593 
2594  /* Update the shared dependency ACL info */
2595  updateAclDependencies(ParameterAclRelationId, parameterId, 0,
2596  ownerId,
2597  noldmembers, oldmembers,
2598  nnewmembers, newmembers);
2599 
2600  ReleaseSysCache(tuple);
2601  pfree(new_acl);
2602 
2603  /* prevent error when processing duplicate objects */
2605  }
2606 
2607  table_close(relation, RowExclusiveLock);
2608 }
bool aclequal(const Acl *left_acl, const Acl *right_acl)
Definition: acl.c:542
#define ACL_ALL_RIGHTS_PARAMETER_ACL
Definition: acl.h:168
#define TextDatumGetCString(d)
Definition: builtins.h:98
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
Definition: indexing.c:365
ObjectType objtype

References ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_NO_RIGHTS, acldefault(), aclequal(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleDelete(), CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ERROR, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), OBJECT_PARAMETER_ACL, ObjectIdGetDatum(), InternalGrant::objects, InternalGrant::objtype, pfree(), PointerGetDatum(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), SysCacheGetAttrNotNull(), HeapTupleData::t_self, table_close(), table_open(), TextDatumGetCString, updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Relation()

static void ExecGrant_Relation ( InternalGrant istmt)
static

Definition at line 1824 of file aclchk.c.

1825 {
1826  Relation relation;
1827  Relation attRelation;
1828  ListCell *cell;
1829 
1830  relation = table_open(RelationRelationId, RowExclusiveLock);
1831  attRelation = table_open(AttributeRelationId, RowExclusiveLock);
1832 
1833  foreach(cell, istmt->objects)
1834  {
1835  Oid relOid = lfirst_oid(cell);
1836  Datum aclDatum;
1837  Form_pg_class pg_class_tuple;
1838  bool isNull;
1839  AclMode this_privileges;
1840  AclMode *col_privileges;
1841  int num_col_privileges;
1842  bool have_col_privileges;
1843  Acl *old_acl;
1844  Acl *old_rel_acl;
1845  int noldmembers;
1846  Oid *oldmembers;
1847  Oid ownerId;
1848  HeapTuple tuple;
1849  ListCell *cell_colprivs;
1850 
1851  tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(relOid));
1852  if (!HeapTupleIsValid(tuple))
1853  elog(ERROR, "cache lookup failed for relation %u", relOid);
1854  pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
1855 
1856  /* Not sensible to grant on an index */
1857  if (pg_class_tuple->relkind == RELKIND_INDEX ||
1858  pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX)
1859  ereport(ERROR,
1860  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1861  errmsg("\"%s\" is an index",
1862  NameStr(pg_class_tuple->relname))));
1863 
1864  /* Composite types aren't tables either */
1865  if (pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
1866  ereport(ERROR,
1867  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1868  errmsg("\"%s\" is a composite type",
1869  NameStr(pg_class_tuple->relname))));
1870 
1871  /* Used GRANT SEQUENCE on a non-sequence? */
1872  if (istmt->objtype == OBJECT_SEQUENCE &&
1873  pg_class_tuple->relkind != RELKIND_SEQUENCE)
1874  ereport(ERROR,
1875  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1876  errmsg("\"%s\" is not a sequence",
1877  NameStr(pg_class_tuple->relname))));
1878 
1879  /* Adjust the default permissions based on object type */
1880  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
1881  {
1882  if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1883  this_privileges = ACL_ALL_RIGHTS_SEQUENCE;
1884  else
1885  this_privileges = ACL_ALL_RIGHTS_RELATION;
1886  }
1887  else
1888  this_privileges = istmt->privileges;
1889 
1890  /*
1891  * The GRANT TABLE syntax can be used for sequences and non-sequences,
1892  * so we have to look at the relkind to determine the supported
1893  * permissions. The OR of table and sequence permissions were already
1894  * checked.
1895  */
1896  if (istmt->objtype == OBJECT_TABLE)
1897  {
1898  if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1899  {
1900  /*
1901  * For backward compatibility, just throw a warning for
1902  * invalid sequence permissions when using the non-sequence
1903  * GRANT syntax.
1904  */
1905  if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_SEQUENCE))
1906  {
1907  /*
1908  * Mention the object name because the user needs to know
1909  * which operations succeeded. This is required because
1910  * WARNING allows the command to continue.
1911  */
1912  ereport(WARNING,
1913  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1914  errmsg("sequence \"%s\" only supports USAGE, SELECT, and UPDATE privileges",
1915  NameStr(pg_class_tuple->relname))));
1916  this_privileges &= (AclMode) ACL_ALL_RIGHTS_SEQUENCE;
1917  }
1918  }
1919  else
1920  {
1921  if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_RELATION))
1922  {
1923  /*
1924  * USAGE is the only permission supported by sequences but
1925  * not by non-sequences. Don't mention the object name
1926  * because we didn't in the combined TABLE | SEQUENCE
1927  * check.
1928  */
1929  ereport(ERROR,
1930  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1931  errmsg("invalid privilege type %s for table",
1932  "USAGE")));
1933  }
1934  }
1935  }
1936 
1937  /*
1938  * Set up array in which we'll accumulate any column privilege bits
1939  * that need modification. The array is indexed such that entry [0]
1940  * corresponds to FirstLowInvalidHeapAttributeNumber.
1941  */
1942  num_col_privileges = pg_class_tuple->relnatts - FirstLowInvalidHeapAttributeNumber + 1;
1943  col_privileges = (AclMode *) palloc0(num_col_privileges * sizeof(AclMode));
1944  have_col_privileges = false;
1945 
1946  /*
1947  * If we are revoking relation privileges that are also column
1948  * privileges, we must implicitly revoke them from each column too,
1949  * per SQL spec. (We don't need to implicitly add column privileges
1950  * during GRANT because the permissions-checking code always checks
1951  * both relation and per-column privileges.)
1952  */
1953  if (!istmt->is_grant &&
1954  (this_privileges & ACL_ALL_RIGHTS_COLUMN) != 0)
1955  {
1956  expand_all_col_privileges(relOid, pg_class_tuple,
1957  this_privileges & ACL_ALL_RIGHTS_COLUMN,
1958  col_privileges,
1959  num_col_privileges);
1960  have_col_privileges = true;
1961  }
1962 
1963  /*
1964  * Get owner ID and working copy of existing ACL. If there's no ACL,
1965  * substitute the proper default.
1966  */
1967  ownerId = pg_class_tuple->relowner;
1968  aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
1969  &isNull);
1970  if (isNull)
1971  {
1972  switch (pg_class_tuple->relkind)
1973  {
1974  case RELKIND_SEQUENCE:
1975  old_acl = acldefault(OBJECT_SEQUENCE, ownerId);
1976  break;
1977  default:
1978  old_acl = acldefault(OBJECT_TABLE, ownerId);
1979  break;
1980  }
1981  /* There are no old member roles according to the catalogs */
1982  noldmembers = 0;
1983  oldmembers = NULL;
1984  }
1985  else
1986  {
1987  old_acl = DatumGetAclPCopy(aclDatum);
1988  /* Get the roles mentioned in the existing ACL */
1989  noldmembers = aclmembers(old_acl, &oldmembers);
1990  }
1991 
1992  /* Need an extra copy of original rel ACL for column handling */
1993  old_rel_acl = aclcopy(old_acl);
1994 
1995  /*
1996  * Handle relation-level privileges, if any were specified
1997  */
1998  if (this_privileges != ACL_NO_RIGHTS)
1999  {
2000  AclMode avail_goptions;
2001  Acl *new_acl;
2002  Oid grantorId;
2003  HeapTuple newtuple;
2004  Datum values[Natts_pg_class] = {0};
2005  bool nulls[Natts_pg_class] = {0};
2006  bool replaces[Natts_pg_class] = {0};
2007  int nnewmembers;
2008  Oid *newmembers;
2009  ObjectType objtype;
2010 
2011  /* Determine ID to do the grant as, and available grant options */
2012  select_best_grantor(GetUserId(), this_privileges,
2013  old_acl, ownerId,
2014  &grantorId, &avail_goptions);
2015 
2016  switch (pg_class_tuple->relkind)
2017  {
2018  case RELKIND_SEQUENCE:
2019  objtype = OBJECT_SEQUENCE;
2020  break;
2021  default:
2022  objtype = OBJECT_TABLE;
2023  break;
2024  }
2025 
2026  /*
2027  * Restrict the privileges to what we can actually grant, and emit
2028  * the standards-mandated warning and error messages.
2029  */
2030  this_privileges =
2031  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2032  istmt->all_privs, this_privileges,
2033  relOid, grantorId, objtype,
2034  NameStr(pg_class_tuple->relname),
2035  0, NULL);
2036 
2037  /*
2038  * Generate new ACL.
2039  */
2040  new_acl = merge_acl_with_grant(old_acl,
2041  istmt->is_grant,
2042  istmt->grant_option,
2043  istmt->behavior,
2044  istmt->grantees,
2045  this_privileges,
2046  grantorId,
2047  ownerId);
2048 
2049  /*
2050  * We need the members of both old and new ACLs so we can correct
2051  * the shared dependency information.
2052  */
2053  nnewmembers = aclmembers(new_acl, &newmembers);
2054 
2055  /* finished building new ACL value, now insert it */
2056  replaces[Anum_pg_class_relacl - 1] = true;
2057  values[Anum_pg_class_relacl - 1] = PointerGetDatum(new_acl);
2058 
2059  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
2060  values, nulls, replaces);
2061 
2062  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2063 
2064  /* Update initial privileges for extensions */
2065  recordExtensionInitPriv(relOid, RelationRelationId, 0,
2066  ownerId, new_acl);
2067 
2068  /* Update the shared dependency ACL info */
2069  updateAclDependencies(RelationRelationId, relOid, 0,
2070  ownerId,
2071  noldmembers, oldmembers,
2072  nnewmembers, newmembers);
2073 
2074  pfree(new_acl);
2075  }
2076 
2077  /*
2078  * Handle column-level privileges, if any were specified or implied.
2079  * We first expand the user-specified column privileges into the
2080  * array, and then iterate over all nonempty array entries.
2081  */
2082  foreach(cell_colprivs, istmt->col_privs)
2083  {
2084  AccessPriv *col_privs = (AccessPriv *) lfirst(cell_colprivs);
2085 
2086  if (col_privs->priv_name == NULL)
2087  this_privileges = ACL_ALL_RIGHTS_COLUMN;
2088  else
2089  this_privileges = string_to_privilege(col_privs->priv_name);
2090 
2091  if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_COLUMN))
2092  ereport(ERROR,
2093  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2094  errmsg("invalid privilege type %s for column",
2095  privilege_to_string(this_privileges))));
2096 
2097  if (pg_class_tuple->relkind == RELKIND_SEQUENCE &&
2098  this_privileges & ~((AclMode) ACL_SELECT))
2099  {
2100  /*
2101  * The only column privilege allowed on sequences is SELECT.
2102  * This is a warning not error because we do it that way for
2103  * relation-level privileges.
2104  */
2105  ereport(WARNING,
2106  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2107  errmsg("sequence \"%s\" only supports SELECT column privileges",
2108  NameStr(pg_class_tuple->relname))));
2109 
2110  this_privileges &= (AclMode) ACL_SELECT;
2111  }
2112 
2113  expand_col_privileges(col_privs->cols, relOid,
2114  this_privileges,
2115  col_privileges,
2116  num_col_privileges);
2117  have_col_privileges = true;
2118  }
2119 
2120  if (have_col_privileges)
2121  {
2122  AttrNumber i;
2123 
2124  for (i = 0; i < num_col_privileges; i++)
2125  {
2126  if (col_privileges[i] == ACL_NO_RIGHTS)
2127  continue;
2128  ExecGrant_Attribute(istmt,
2129  relOid,
2130  NameStr(pg_class_tuple->relname),
2132  ownerId,
2133  col_privileges[i],
2134  attRelation,
2135  old_rel_acl);
2136  }
2137  }
2138 
2139  pfree(old_rel_acl);
2140  pfree(col_privileges);
2141 
2142  ReleaseSysCache(tuple);
2143 
2144  /* prevent error when processing duplicate objects */
2146  }
2147 
2148  table_close(attRelation, RowExclusiveLock);
2149  table_close(relation, RowExclusiveLock);
2150 }
Acl * aclcopy(const Acl *orig_acl)
Definition: acl.c:440
static void expand_all_col_privileges(Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
Definition: aclchk.c:1633
static void expand_col_privileges(List *colnames, Oid table_oid, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
Definition: aclchk.c:1600
static void ExecGrant_Attribute(InternalGrant *istmt, Oid relOid, const char *relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)
Definition: aclchk.c:1679
int16 AttrNumber
Definition: attnum.h:21
#define WARNING
Definition: elog.h:36
int i
Definition: isn.c:73
void * palloc0(Size size)
Definition: mcxt.c:1346
ObjectType
Definition: parsenodes.h:2260
#define ACL_SELECT
Definition: parsenodes.h:77
FormData_pg_class * Form_pg_class
Definition: pg_class.h:153
#define FirstLowInvalidHeapAttributeNumber
Definition: sysattr.h:27

References ACL_ALL_RIGHTS_COLUMN, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SEQUENCE, ACL_NO_RIGHTS, ACL_SELECT, aclcopy(), acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), InternalGrant::col_privs, AccessPriv::cols, CommandCounterIncrement(), DatumGetAclPCopy, elog, ereport, errcode(), errmsg(), ERROR, ExecGrant_Attribute(), expand_all_col_privileges(), expand_col_privileges(), FirstLowInvalidHeapAttributeNumber, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, i, InternalGrant::is_grant, lfirst, lfirst_oid, merge_acl_with_grant(), NameStr, OBJECT_SEQUENCE, OBJECT_TABLE, ObjectIdGetDatum(), InternalGrant::objects, InternalGrant::objtype, palloc0(), pfree(), PointerGetDatum(), AccessPriv::priv_name, privilege_to_string(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), string_to_privilege(), SysCacheGetAttr(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), values, and WARNING.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Type_check()

static void ExecGrant_Type_check ( InternalGrant istmt,
HeapTuple  tuple 
)
static

Definition at line 2441 of file aclchk.c.

2442 {
2443  Form_pg_type pg_type_tuple;
2444 
2445  pg_type_tuple = (Form_pg_type) GETSTRUCT(tuple);
2446 
2447  /* Disallow GRANT on dependent types */
2448  if (IsTrueArrayType(pg_type_tuple))
2449  ereport(ERROR,
2450  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2451  errmsg("cannot set privileges of array types"),
2452  errhint("Set the privileges of the element type instead.")));
2453  if (pg_type_tuple->typtype == TYPTYPE_MULTIRANGE)
2454  ereport(ERROR,
2455  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2456  errmsg("cannot set privileges of multirange types"),
2457  errhint("Set the privileges of the range type instead.")));
2458 
2459  /* Used GRANT DOMAIN on a non-domain? */
2460  if (istmt->objtype == OBJECT_DOMAIN &&
2461  pg_type_tuple->typtype != TYPTYPE_DOMAIN)
2462  ereport(ERROR,
2463  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2464  errmsg("\"%s\" is not a domain",
2465  NameStr(pg_type_tuple->typname))));
2466 }
int errhint(const char *fmt,...)
Definition: elog.c:1317
FormData_pg_type * Form_pg_type
Definition: pg_type.h:261

References ereport, errcode(), errhint(), errmsg(), ERROR, GETSTRUCT, NameStr, OBJECT_DOMAIN, and InternalGrant::objtype.

Referenced by ExecGrantStmt_oids().

◆ ExecGrantStmt_oids()

static void ExecGrantStmt_oids ( InternalGrant istmt)
static

Definition at line 601 of file aclchk.c.

602 {
603  switch (istmt->objtype)
604  {
605  case OBJECT_TABLE:
606  case OBJECT_SEQUENCE:
607  ExecGrant_Relation(istmt);
608  break;
609  case OBJECT_DATABASE:
610  ExecGrant_common(istmt, DatabaseRelationId, ACL_ALL_RIGHTS_DATABASE, NULL);
611  break;
612  case OBJECT_DOMAIN:
613  case OBJECT_TYPE:
615  break;
616  case OBJECT_FDW:
617  ExecGrant_common(istmt, ForeignDataWrapperRelationId, ACL_ALL_RIGHTS_FDW, NULL);
618  break;
620  ExecGrant_common(istmt, ForeignServerRelationId, ACL_ALL_RIGHTS_FOREIGN_SERVER, NULL);
621  break;
622  case OBJECT_FUNCTION:
623  case OBJECT_PROCEDURE:
624  case OBJECT_ROUTINE:
625  ExecGrant_common(istmt, ProcedureRelationId, ACL_ALL_RIGHTS_FUNCTION, NULL);
626  break;
627  case OBJECT_LANGUAGE:
629  break;
630  case OBJECT_LARGEOBJECT:
631  ExecGrant_Largeobject(istmt);
632  break;
633  case OBJECT_SCHEMA:
634  ExecGrant_common(istmt, NamespaceRelationId, ACL_ALL_RIGHTS_SCHEMA, NULL);
635  break;
636  case OBJECT_TABLESPACE:
637  ExecGrant_common(istmt, TableSpaceRelationId, ACL_ALL_RIGHTS_TABLESPACE, NULL);
638  break;
640  ExecGrant_Parameter(istmt);
641  break;
642  default:
643  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
644  (int) istmt->objtype);
645  }
646 
647  /*
648  * Pass the info to event triggers about the just-executed GRANT. Note
649  * that we prefer to do it after actually executing it, because that gives
650  * the functions a chance to adjust the istmt with privileges actually
651  * granted.
652  */
655 }
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
Definition: acl.h:164
#define ACL_ALL_RIGHTS_TABLESPACE
Definition: acl.h:170
#define ACL_ALL_RIGHTS_DATABASE
Definition: acl.h:162
#define ACL_ALL_RIGHTS_LANGUAGE
Definition: acl.h:166
#define ACL_ALL_RIGHTS_FDW
Definition: acl.h:163
static void ExecGrant_Type_check(InternalGrant *istmt, HeapTuple tuple)
Definition: aclchk.c:2441
static void ExecGrant_common(InternalGrant *istmt, Oid classid, AclMode default_privs, void(*object_check)(InternalGrant *istmt, HeapTuple tuple))
Definition: aclchk.c:2153
static void ExecGrant_Largeobject(InternalGrant *istmt)
Definition: aclchk.c:2304
static void ExecGrant_Parameter(InternalGrant *istmt)
Definition: aclchk.c:2469
static void ExecGrant_Relation(InternalGrant *istmt)
Definition: aclchk.c:1824
static void ExecGrant_Language_check(InternalGrant *istmt, HeapTuple tuple)
Definition: aclchk.c:2288
bool EventTriggerSupportsObjectType(ObjectType obtype)
void EventTriggerCollectGrant(InternalGrant *istmt)

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, elog, ERROR, EventTriggerCollectGrant(), EventTriggerSupportsObjectType(), ExecGrant_common(), ExecGrant_Language_check(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), ExecGrant_Type_check(), OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, and InternalGrant::objtype.

Referenced by ExecuteGrantStmt(), and RemoveRoleFromObjectACL().

◆ ExecuteGrantStmt()

void ExecuteGrantStmt ( GrantStmt stmt)

Definition at line 391 of file aclchk.c.

392 {
393  InternalGrant istmt;
394  ListCell *cell;
395  const char *errormsg;
396  AclMode all_privileges;
397 
398  if (stmt->grantor)
399  {
400  Oid grantor;
401 
402  grantor = get_rolespec_oid(stmt->grantor, false);
403 
404  /*
405  * Currently, this clause is only for SQL compatibility, not very
406  * interesting otherwise.
407  */
408  if (grantor != GetUserId())
409  ereport(ERROR,
410  (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
411  errmsg("grantor must be current user")));
412  }
413 
414  /*
415  * Turn the regular GrantStmt into the InternalGrant form.
416  */
417  istmt.is_grant = stmt->is_grant;
418  istmt.objtype = stmt->objtype;
419 
420  /* Collect the OIDs of the target objects */
421  switch (stmt->targtype)
422  {
423  case ACL_TARGET_OBJECT:
424  istmt.objects = objectNamesToOids(stmt->objtype, stmt->objects,
425  stmt->is_grant);
426  break;
428  istmt.objects = objectsInSchemaToOids(stmt->objtype, stmt->objects);
429  break;
430  /* ACL_TARGET_DEFAULTS should not be seen here */
431  default:
432  elog(ERROR, "unrecognized GrantStmt.targtype: %d",
433  (int) stmt->targtype);
434  }
435 
436  /* all_privs to be filled below */
437  /* privileges to be filled below */
438  istmt.col_privs = NIL; /* may get filled below */
439  istmt.grantees = NIL; /* filled below */
440  istmt.grant_option = stmt->grant_option;
441  istmt.behavior = stmt->behavior;
442 
443  /*
444  * Convert the RoleSpec list into an Oid list. Note that at this point we
445  * insert an ACL_ID_PUBLIC into the list if appropriate, so downstream
446  * there shouldn't be any additional work needed to support this case.
447  */
448  foreach(cell, stmt->grantees)
449  {
450  RoleSpec *grantee = (RoleSpec *) lfirst(cell);
451  Oid grantee_uid;
452 
453  switch (grantee->roletype)
454  {
455  case ROLESPEC_PUBLIC:
456  grantee_uid = ACL_ID_PUBLIC;
457  break;
458  default:
459  grantee_uid = get_rolespec_oid(grantee, false);
460  break;
461  }
462  istmt.grantees = lappend_oid(istmt.grantees, grantee_uid);
463  }
464 
465  /*
466  * Convert stmt->privileges, a list of AccessPriv nodes, into an AclMode
467  * bitmask. Note: objtype can't be OBJECT_COLUMN.
468  */
469  switch (stmt->objtype)
470  {
471  case OBJECT_TABLE:
472 
473  /*
474  * Because this might be a sequence, we test both relation and
475  * sequence bits, and later do a more limited test when we know
476  * the object type.
477  */
479  errormsg = gettext_noop("invalid privilege type %s for relation");
480  break;
481  case OBJECT_SEQUENCE:
482  all_privileges = ACL_ALL_RIGHTS_SEQUENCE;
483  errormsg = gettext_noop("invalid privilege type %s for sequence");
484  break;
485  case OBJECT_DATABASE:
486  all_privileges = ACL_ALL_RIGHTS_DATABASE;
487  errormsg = gettext_noop("invalid privilege type %s for database");
488  break;
489  case OBJECT_DOMAIN:
490  all_privileges = ACL_ALL_RIGHTS_TYPE;
491  errormsg = gettext_noop("invalid privilege type %s for domain");
492  break;
493  case OBJECT_FUNCTION:
494  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
495  errormsg = gettext_noop("invalid privilege type %s for function");
496  break;
497  case OBJECT_LANGUAGE:
498  all_privileges = ACL_ALL_RIGHTS_LANGUAGE;
499  errormsg = gettext_noop("invalid privilege type %s for language");
500  break;
501  case OBJECT_LARGEOBJECT:
502  all_privileges = ACL_ALL_RIGHTS_LARGEOBJECT;
503  errormsg = gettext_noop("invalid privilege type %s for large object");
504  break;
505  case OBJECT_SCHEMA:
506  all_privileges = ACL_ALL_RIGHTS_SCHEMA;
507  errormsg = gettext_noop("invalid privilege type %s for schema");
508  break;
509  case OBJECT_PROCEDURE:
510  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
511  errormsg = gettext_noop("invalid privilege type %s for procedure");
512  break;
513  case OBJECT_ROUTINE:
514  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
515  errormsg = gettext_noop("invalid privilege type %s for routine");
516  break;
517  case OBJECT_TABLESPACE:
518  all_privileges = ACL_ALL_RIGHTS_TABLESPACE;
519  errormsg = gettext_noop("invalid privilege type %s for tablespace");
520  break;
521  case OBJECT_TYPE:
522  all_privileges = ACL_ALL_RIGHTS_TYPE;
523  errormsg = gettext_noop("invalid privilege type %s for type");
524  break;
525  case OBJECT_FDW:
526  all_privileges = ACL_ALL_RIGHTS_FDW;
527  errormsg = gettext_noop("invalid privilege type %s for foreign-data wrapper");
528  break;
530  all_privileges = ACL_ALL_RIGHTS_FOREIGN_SERVER;
531  errormsg = gettext_noop("invalid privilege type %s for foreign server");
532  break;
534  all_privileges = ACL_ALL_RIGHTS_PARAMETER_ACL;
535  errormsg = gettext_noop("invalid privilege type %s for parameter");
536  break;
537  default:
538  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
539  (int) stmt->objtype);
540  /* keep compiler quiet */
541  all_privileges = ACL_NO_RIGHTS;
542  errormsg = NULL;
543  }
544 
545  if (stmt->privileges == NIL)
546  {
547  istmt.all_privs = true;
548 
549  /*
550  * will be turned into ACL_ALL_RIGHTS_* by the internal routines
551  * depending on the object type
552  */
553  istmt.privileges = ACL_NO_RIGHTS;
554  }
555  else
556  {
557  istmt.all_privs = false;
558  istmt.privileges = ACL_NO_RIGHTS;
559 
560  foreach(cell, stmt->privileges)
561  {
562  AccessPriv *privnode = (AccessPriv *) lfirst(cell);
563  AclMode priv;
564 
565  /*
566  * If it's a column-level specification, we just set it aside in
567  * col_privs for the moment; but insist it's for a relation.
568  */
569  if (privnode->cols)
570  {
571  if (stmt->objtype != OBJECT_TABLE)
572  ereport(ERROR,
573  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
574  errmsg("column privileges are only valid for relations")));
575  istmt.col_privs = lappend(istmt.col_privs, privnode);
576  continue;
577  }
578 
579  if (privnode->priv_name == NULL) /* parser mistake? */
580  elog(ERROR, "AccessPriv node must specify privilege or columns");
581  priv = string_to_privilege(privnode->priv_name);
582 
583  if (priv & ~((AclMode) all_privileges))
584  ereport(ERROR,
585  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
586  errmsg(errormsg, privilege_to_string(priv))));
587 
588  istmt.privileges |= priv;
589  }
590  }
591 
592  ExecGrantStmt_oids(&istmt);
593 }
static void ExecGrantStmt_oids(InternalGrant *istmt)
Definition: aclchk.c:601
static List * objectNamesToOids(ObjectType objtype, List *objnames, bool is_grant)
Definition: aclchk.c:668
static List * objectsInSchemaToOids(ObjectType objtype, List *nspnames)
Definition: aclchk.c:848
List * lappend(List *list, void *datum)
Definition: list.c:339
@ ACL_TARGET_OBJECT
Definition: parsenodes.h:2491
@ ACL_TARGET_ALL_IN_SCHEMA
Definition: parsenodes.h:2492

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_LARGEOBJECT, ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, ACL_TARGET_ALL_IN_SCHEMA, ACL_TARGET_OBJECT, InternalGrant::all_privs, InternalGrant::behavior, InternalGrant::col_privs, AccessPriv::cols, elog, ereport, errcode(), errmsg(), ERROR, ExecGrantStmt_oids(), get_rolespec_oid(), gettext_noop, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, InternalGrant::is_grant, lappend(), lappend_oid(), lfirst, NIL, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, objectNamesToOids(), InternalGrant::objects, objectsInSchemaToOids(), InternalGrant::objtype, AccessPriv::priv_name, privilege_to_string(), InternalGrant::privileges, ROLESPEC_PUBLIC, RoleSpec::roletype, stmt, and string_to_privilege().

Referenced by ProcessUtilitySlow(), and standard_ProcessUtility().

◆ expand_all_col_privileges()

static void expand_all_col_privileges ( Oid  table_oid,
Form_pg_class  classForm,
AclMode  this_privileges,
AclMode col_privileges,
int  num_col_privileges 
)
static

Definition at line 1633 of file aclchk.c.

1637 {
1638  AttrNumber curr_att;
1639 
1640  Assert(classForm->relnatts - FirstLowInvalidHeapAttributeNumber < num_col_privileges);
1641  for (curr_att = FirstLowInvalidHeapAttributeNumber + 1;
1642  curr_att <= classForm->relnatts;
1643  curr_att++)
1644  {
1645  HeapTuple attTuple;
1646  bool isdropped;
1647 
1648  if (curr_att == InvalidAttrNumber)
1649  continue;
1650 
1651  /* Views don't have any system columns at all */
1652  if (classForm->relkind == RELKIND_VIEW && curr_att < 0)
1653  continue;
1654 
1655  attTuple = SearchSysCache2(ATTNUM,
1656  ObjectIdGetDatum(table_oid),
1657  Int16GetDatum(curr_att));
1658  if (!HeapTupleIsValid(attTuple))
1659  elog(ERROR, "cache lookup failed for attribute %d of relation %u",
1660  curr_att, table_oid);
1661 
1662  isdropped = ((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped;
1663 
1664  ReleaseSysCache(attTuple);
1665 
1666  /* ignore dropped columns */
1667  if (isdropped)
1668  continue;
1669 
1670  col_privileges[curr_att - FirstLowInvalidHeapAttributeNumber] |= this_privileges;
1671  }
1672 }
#define InvalidAttrNumber
Definition: attnum.h:23
#define Assert(condition)
Definition: c.h:858

References Assert, elog, ERROR, FirstLowInvalidHeapAttributeNumber, GETSTRUCT, HeapTupleIsValid, Int16GetDatum(), InvalidAttrNumber, ObjectIdGetDatum(), ReleaseSysCache(), and SearchSysCache2().

Referenced by ExecGrant_Relation().

◆ expand_col_privileges()

static void expand_col_privileges ( List colnames,
Oid  table_oid,
AclMode  this_privileges,
AclMode col_privileges,
int  num_col_privileges 
)
static

Definition at line 1600 of file aclchk.c.

1604 {
1605  ListCell *cell;
1606 
1607  foreach(cell, colnames)
1608  {
1609  char *colname = strVal(lfirst(cell));
1611 
1612  attnum = get_attnum(table_oid, colname);
1613  if (attnum == InvalidAttrNumber)
1614  ereport(ERROR,
1615  (errcode(ERRCODE_UNDEFINED_COLUMN),
1616  errmsg("column \"%s\" of relation \"%s\" does not exist",
1617  colname, get_rel_name(table_oid))));
1619  if (attnum <= 0 || attnum >= num_col_privileges)
1620  elog(ERROR, "column number out of range"); /* safety check */
1621  col_privileges[attnum] |= this_privileges;
1622  }
1623 }
AttrNumber get_attnum(Oid relid, const char *attname)
Definition: lsyscache.c:858
char * get_rel_name(Oid relid)
Definition: lsyscache.c:1928
#define strVal(v)
Definition: value.h:82

References attnum, elog, ereport, errcode(), errmsg(), ERROR, FirstLowInvalidHeapAttributeNumber, get_attnum(), get_rel_name(), InvalidAttrNumber, lfirst, and strVal.

Referenced by ExecGrant_Relation().

◆ get_default_acl_internal()

static Acl* get_default_acl_internal ( Oid  roleId,
Oid  nsp_oid,
char  objtype 
)
static

Definition at line 4268 of file aclchk.c.

4269 {
4270  Acl *result = NULL;
4271  HeapTuple tuple;
4272 
4273  tuple = SearchSysCache3(DEFACLROLENSPOBJ,
4274  ObjectIdGetDatum(roleId),
4275  ObjectIdGetDatum(nsp_oid),
4276  CharGetDatum(objtype));
4277 
4278  if (HeapTupleIsValid(tuple))
4279  {
4280  Datum aclDatum;
4281  bool isNull;
4282 
4283  aclDatum = SysCacheGetAttr(DEFACLROLENSPOBJ, tuple,
4284  Anum_pg_default_acl_defaclacl,
4285  &isNull);
4286  if (!isNull)
4287  result = DatumGetAclPCopy(aclDatum);
4288  ReleaseSysCache(tuple);
4289  }
4290 
4291  return result;
4292 }
static Datum CharGetDatum(char X)
Definition: postgres.h:122
HeapTuple SearchSysCache3(int cacheId, Datum key1, Datum key2, Datum key3)
Definition: syscache.c:240

References CharGetDatum(), DatumGetAclPCopy, HeapTupleIsValid, ObjectIdGetDatum(), ReleaseSysCache(), SearchSysCache3(), and SysCacheGetAttr().

Referenced by get_user_default_acl().

◆ get_user_default_acl()

Acl* get_user_default_acl ( ObjectType  objtype,
Oid  ownerId,
Oid  nsp_oid 
)

Definition at line 4303 of file aclchk.c.

4304 {
4305  Acl *result;
4306  Acl *glob_acl;
4307  Acl *schema_acl;
4308  Acl *def_acl;
4309  char defaclobjtype;
4310 
4311  /*
4312  * Use NULL during bootstrap, since pg_default_acl probably isn't there
4313  * yet.
4314  */
4316  return NULL;
4317 
4318  /* Check if object type is supported in pg_default_acl */
4319  switch (objtype)
4320  {
4321  case OBJECT_TABLE:
4322  defaclobjtype = DEFACLOBJ_RELATION;
4323  break;
4324 
4325  case OBJECT_SEQUENCE:
4326  defaclobjtype = DEFACLOBJ_SEQUENCE;
4327  break;
4328 
4329  case OBJECT_FUNCTION:
4330  defaclobjtype = DEFACLOBJ_FUNCTION;
4331  break;
4332 
4333  case OBJECT_TYPE:
4334  defaclobjtype = DEFACLOBJ_TYPE;
4335  break;
4336 
4337  case OBJECT_SCHEMA:
4338  defaclobjtype = DEFACLOBJ_NAMESPACE;
4339  break;
4340 
4341  default:
4342  return NULL;
4343  }
4344 
4345  /* Look up the relevant pg_default_acl entries */
4346  glob_acl = get_default_acl_internal(ownerId, InvalidOid, defaclobjtype);
4347  schema_acl = get_default_acl_internal(ownerId, nsp_oid, defaclobjtype);
4348 
4349  /* Quick out if neither entry exists */
4350  if (glob_acl == NULL && schema_acl == NULL)
4351  return NULL;
4352 
4353  /* We need to know the hard-wired default value, too */
4354  def_acl = acldefault(objtype, ownerId);
4355 
4356  /* If there's no global entry, substitute the hard-wired default */
4357  if (glob_acl == NULL)
4358  glob_acl = def_acl;
4359 
4360  /* Merge in any per-schema privileges */
4361  result = aclmerge(glob_acl, schema_acl, ownerId);
4362 
4363  /*
4364  * For efficiency, we want to return NULL if the result equals default.
4365  * This requires sorting both arrays to get an accurate comparison.
4366  */
4367  aclitemsort(result);
4368  aclitemsort(def_acl);
4369  if (aclequal(result, def_acl))
4370  result = NULL;
4371 
4372  return result;
4373 }
void aclitemsort(Acl *acl)
Definition: acl.c:528
Acl * aclmerge(const Acl *left_acl, const Acl *right_acl, Oid ownerId)
Definition: acl.c:484
static Acl * get_default_acl_internal(Oid roleId, Oid nsp_oid, char objtype)
Definition: aclchk.c:4268
#define IsBootstrapProcessingMode()
Definition: miscadmin.h:454
#define InvalidOid
Definition: postgres_ext.h:36

References acldefault(), aclequal(), aclitemsort(), aclmerge(), get_default_acl_internal(), InvalidOid, IsBootstrapProcessingMode, OBJECT_FUNCTION, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, and OBJECT_TYPE.

Referenced by heap_create_with_catalog(), NamespaceCreate(), ProcedureCreate(), and TypeCreate().

◆ getRelationsInNamespace()

static List * getRelationsInNamespace ( Oid  namespaceId,
char  relkind 
)
static

Definition at line 937 of file aclchk.c.

938 {
939  List *relations = NIL;
940  ScanKeyData key[2];
941  Relation rel;
942  TableScanDesc scan;
943  HeapTuple tuple;
944 
945  ScanKeyInit(&key[0],
946  Anum_pg_class_relnamespace,
947  BTEqualStrategyNumber, F_OIDEQ,
948  ObjectIdGetDatum(namespaceId));
949  ScanKeyInit(&key[1],
950  Anum_pg_class_relkind,
951  BTEqualStrategyNumber, F_CHAREQ,
952  CharGetDatum(relkind));
953 
954  rel = table_open(RelationRelationId, AccessShareLock);
955  scan = table_beginscan_catalog(rel, 2, key);
956 
957  while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
958  {
959  Oid oid = ((Form_pg_class) GETSTRUCT(tuple))->oid;
960 
961  relations = lappend_oid(relations, oid);
962  }
963 
964  table_endscan(scan);
966 
967  return relations;
968 }
HeapTuple heap_getnext(TableScanDesc sscan, ScanDirection direction)
Definition: heapam.c:1251
#define AccessShareLock
Definition: lockdefs.h:36
@ ForwardScanDirection
Definition: sdir.h:28
TableScanDesc table_beginscan_catalog(Relation relation, int nkeys, struct ScanKeyData *key)
Definition: tableam.c:112
static void table_endscan(TableScanDesc scan)
Definition: tableam.h:1029

References AccessShareLock, BTEqualStrategyNumber, CharGetDatum(), ForwardScanDirection, GETSTRUCT, heap_getnext(), sort-test::key, lappend_oid(), NIL, ObjectIdGetDatum(), ScanKeyInit(), table_beginscan_catalog(), table_close(), table_endscan(), and table_open().

Referenced by objectsInSchemaToOids().

◆ has_bypassrls_privilege()

bool has_bypassrls_privilege ( Oid  roleid)

Definition at line 4244 of file aclchk.c.

4245 {
4246  bool result = false;
4247  HeapTuple utup;
4248 
4249  /* Superusers bypass all permission checking. */
4250  if (superuser_arg(roleid))
4251  return true;
4252 
4253  utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
4254  if (HeapTupleIsValid(utup))
4255  {
4256  result = ((Form_pg_authid) GETSTRUCT(utup))->rolbypassrls;
4257  ReleaseSysCache(utup);
4258  }
4259  return result;
4260 }
FormData_pg_authid * Form_pg_authid
Definition: pg_authid.h:56
bool rolbypassrls
Definition: pg_authid.h:41
bool superuser_arg(Oid roleid)
Definition: superuser.c:56

References GETSTRUCT, HeapTupleIsValid, ObjectIdGetDatum(), ReleaseSysCache(), rolbypassrls, SearchSysCache1(), and superuser_arg().

Referenced by AlterRole(), check_enable_rls(), CreateRole(), and RI_Initial_Check().

◆ has_createrole_privilege()

bool has_createrole_privilege ( Oid  roleid)

Definition at line 4225 of file aclchk.c.

4226 {
4227  bool result = false;
4228  HeapTuple utup;
4229 
4230  /* Superusers bypass all permission checking. */
4231  if (superuser_arg(roleid))
4232  return true;
4233 
4234  utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
4235  if (HeapTupleIsValid(utup))
4236  {
4237  result = ((Form_pg_authid) GETSTRUCT(utup))->rolcreaterole;
4238  ReleaseSysCache(utup);
4239  }
4240  return result;
4241 }
bool rolcreaterole
Definition: pg_authid.h:37

References GETSTRUCT, HeapTupleIsValid, ObjectIdGetDatum(), ReleaseSysCache(), rolcreaterole, SearchSysCache1(), and superuser_arg().

Referenced by check_object_ownership(), CreateRole(), and have_createrole_privilege().

◆ merge_acl_with_grant()

static Acl* merge_acl_with_grant ( Acl old_acl,
bool  is_grant,
bool  grant_option,
DropBehavior  behavior,
List grantees,
AclMode  privileges,
Oid  grantorId,
Oid  ownerId 
)
static

Definition at line 181 of file aclchk.c.

185 {
186  unsigned modechg;
187  ListCell *j;
188  Acl *new_acl;
189 
190  modechg = is_grant ? ACL_MODECHG_ADD : ACL_MODECHG_DEL;
191 
192  new_acl = old_acl;
193 
194  foreach(j, grantees)
195  {
196  AclItem aclitem;
197  Acl *newer_acl;
198 
199  aclitem.ai_grantee = lfirst_oid(j);
200 
201  /*
202  * Grant options can only be granted to individual roles, not PUBLIC.
203  * The reason is that if a user would re-grant a privilege that he
204  * held through PUBLIC, and later the user is removed, the situation
205  * is impossible to clean up.
206  */
207  if (is_grant && grant_option && aclitem.ai_grantee == ACL_ID_PUBLIC)
208  ereport(ERROR,
209  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
210  errmsg("grant options can only be granted to roles")));
211 
212  aclitem.ai_grantor = grantorId;
213 
214  /*
215  * The asymmetry in the conditions here comes from the spec. In
216  * GRANT, the grant_option flag signals WITH GRANT OPTION, which means
217  * to grant both the basic privilege and its grant option. But in
218  * REVOKE, plain revoke revokes both the basic privilege and its grant
219  * option, while REVOKE GRANT OPTION revokes only the option.
220  */
222  (is_grant || !grant_option) ? privileges : ACL_NO_RIGHTS,
223  (!is_grant || grant_option) ? privileges : ACL_NO_RIGHTS);
224 
225  newer_acl = aclupdate(new_acl, &aclitem, modechg, ownerId, behavior);
226 
227  /* avoid memory leak when there are many grantees */
228  pfree(new_acl);
229  new_acl = newer_acl;
230  }
231 
232  return new_acl;
233 }
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
Definition: acl.c:975
#define ACL_MODECHG_DEL
Definition: acl.h:130
#define ACL_MODECHG_ADD
Definition: acl.h:129
#define ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)
Definition: acl.h:82
int j
Definition: isn.c:74
Definition: acl.h:55
Oid ai_grantee
Definition: acl.h:56
Oid ai_grantor
Definition: acl.h:57

References ACL_ID_PUBLIC, ACL_MODECHG_ADD, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACLITEM_SET_PRIVS_GOPTIONS, aclupdate(), AclItem::ai_grantee, AclItem::ai_grantor, ereport, errcode(), errmsg(), ERROR, j, lfirst_oid, and pfree().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), RemoveRoleFromInitPriv(), and SetDefaultACL().

◆ object_aclcheck()

AclResult object_aclcheck ( Oid  classid,
Oid  objectid,
Oid  roleid,
AclMode  mode 
)

Definition at line 3890 of file aclchk.c.

3891 {
3892  return object_aclcheck_ext(classid, objectid, roleid, mode, NULL);
3893 }
AclResult object_aclcheck_ext(Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)
Definition: aclchk.c:3900
static PgChecksumMode mode
Definition: pg_checksums.c:56

References mode, and object_aclcheck_ext().

Referenced by AggregateCreate(), AlterExtensionNamespace(), AlterForeignServerOwner_internal(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), AlterPublicationOwner_internal(), AlterSchemaOwner_internal(), AlterSubscriptionOwner_internal(), AlterTableMoveAll(), AlterTypeOwner(), ATExecChangeOwner(), ATPrepAlterColumnType(), ATPrepSetTableSpace(), BuildDescForRelation(), calculate_database_size(), calculate_tablespace_size(), call_pltcl_start_proc(), check_temp_tablespaces(), CheckFunctionValidatorAccess(), CheckMyDatabase(), compute_return_type(), CreateCast(), CreateConversionCommand(), createdb(), CreateForeignServer(), CreateForeignTable(), CreateFunction(), CreatePublication(), CreateSchemaCommand(), CreateSubscription(), CreateTransform(), CreateTriggerFiringOn(), DefineAggregate(), DefineCollation(), DefineDomain(), DefineEnum(), DefineIndex(), DefineOpClass(), DefineOperator(), DefineOpFamily(), DefineRange(), DefineRelation(), DefineTSConfiguration(), DefineTSDictionary(), DefineType(), ExecBuildGroupingEqual(), ExecBuildParamSetEqual(), ExecInitAgg(), ExecInitExprRec(), ExecInitFunc(), ExecInitWindowAgg(), ExecReindex(), ExecuteCallStmt(), ExecuteDoStmt(), extension_is_trusted(), findRangeCanonicalFunction(), findRangeSubtypeDiffFunction(), get_connect_string(), get_other_operator(), HandleFunctionRequest(), has_database_privilege_id_name(), has_database_privilege_name(), has_database_privilege_name_name(), has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), has_foreign_data_wrapper_privilege_name_name(), has_function_privilege_id_name(), has_function_privilege_name(), has_function_privilege_name_name(), has_language_privilege_id_name(), has_language_privilege_name(), has_language_privilege_name_name(), has_schema_privilege_id_name(), has_schema_privilege_name(), has_schema_privilege_name_name(), has_server_privilege_id_name(), has_server_privilege_name(), has_server_privilege_name_name(), has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), has_tablespace_privilege_name_name(), has_type_privilege_id_name(), has_type_privilege_name(), has_type_privilege_name_name(), ImportForeignSchema(), init_sexpr(), initialize_peragg(), InitTempTableNamespace(), inline_function(), inline_set_returning_function(), interpret_function_parameter_list(), lookup_agg_function(), LookupCreationNamespace(), LookupExplicitNamespace(), movedb(), PrepareTempTablespaces(), preprocessNamespacePath(), RangeVarCallbackForAlterRelation(), RangeVarGetAndCheckCreationNamespace(), ReindexMultipleInternal(), RenameSchema(), transformTableLikeClause(), user_mapping_ddl_aclcheck(), ValidateJoinEstimator(), and ValidateRestrictionEstimator().

◆ object_aclcheck_ext()

◆ object_aclmask()

static AclMode object_aclmask ( Oid  classid,
Oid  objectid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 3098 of file aclchk.c.

3100 {
3101  return object_aclmask_ext(classid, objectid, roleid, mask, how, NULL);
3102 }

References object_aclmask_ext().

Referenced by pg_aclmask().

◆ object_aclmask_ext()

static AclMode object_aclmask_ext ( Oid  classid,
Oid  objectid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
bool is_missing 
)
static

Definition at line 3109 of file aclchk.c.

3112 {
3113  int cacheid;
3114  AclMode result;
3115  HeapTuple tuple;
3116  Datum aclDatum;
3117  bool isNull;
3118  Acl *acl;
3119  Oid ownerId;
3120 
3121  /* Special cases */
3122  switch (classid)
3123  {
3124  case NamespaceRelationId:
3125  return pg_namespace_aclmask_ext(objectid, roleid, mask, how,
3126  is_missing);
3127  case TypeRelationId:
3128  return pg_type_aclmask_ext(objectid, roleid, mask, how,
3129  is_missing);
3130  }
3131 
3132  /* Even more special cases */
3133  Assert(classid != RelationRelationId); /* should use pg_class_acl* */
3134  Assert(classid != LargeObjectMetadataRelationId); /* should use
3135  * pg_largeobject_acl* */
3136 
3137  /* Superusers bypass all permission checking. */
3138  if (superuser_arg(roleid))
3139  return mask;
3140 
3141  /*
3142  * Get the object's ACL from its catalog
3143  */
3144 
3145  cacheid = get_object_catcache_oid(classid);
3146 
3147  tuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objectid));
3148  if (!HeapTupleIsValid(tuple))
3149  {
3150  if (is_missing != NULL)
3151  {
3152  /* return "no privileges" instead of throwing an error */
3153  *is_missing = true;
3154  return 0;
3155  }
3156  else
3157  ereport(ERROR,
3158  (errcode(ERRCODE_UNDEFINED_OBJECT),
3159  errmsg("%s with OID %u does not exist",
3160  get_object_class_descr(classid), objectid)));
3161  }
3162 
3163  ownerId = DatumGetObjectId(SysCacheGetAttrNotNull(cacheid,
3164  tuple,
3165  get_object_attnum_owner(classid)));
3166 
3167  aclDatum = SysCacheGetAttr(cacheid, tuple, get_object_attnum_acl(classid),
3168  &isNull);
3169  if (isNull)
3170  {
3171  /* No ACL, so build default ACL */
3172  acl = acldefault(get_object_type(classid, objectid), ownerId);
3173  aclDatum = (Datum) 0;
3174  }
3175  else
3176  {
3177  /* detoast ACL if necessary */
3178  acl = DatumGetAclP(aclDatum);
3179  }
3180 
3181  result = aclmask(acl, roleid, ownerId, mask, how);
3182 
3183  /* if we have a detoasted copy, free it */
3184  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3185  pfree(acl);
3186 
3187  ReleaseSysCache(tuple);
3188 
3189  return result;
3190 }
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Definition: acl.c:1365
#define DatumGetAclP(X)
Definition: acl.h:120
static AclMode pg_namespace_aclmask_ext(Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:3662
static AclMode pg_type_aclmask_ext(Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:3764
char * Pointer
Definition: c.h:483
static Pointer DatumGetPointer(Datum X)
Definition: postgres.h:312

References acldefault(), aclmask(), Assert, DatumGetAclP, DatumGetObjectId(), DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, get_object_attnum_acl(), get_object_attnum_owner(), get_object_catcache_oid(), get_object_class_descr(), get_object_type(), HeapTupleIsValid, ObjectIdGetDatum(), pfree(), pg_namespace_aclmask_ext(), pg_type_aclmask_ext(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), SysCacheGetAttr(), and SysCacheGetAttrNotNull().

Referenced by object_aclcheck_ext(), and object_aclmask().

◆ object_ownercheck()

bool object_ownercheck ( Oid  classid,
Oid  objectid,
Oid  roleid 
)

Definition at line 4144 of file aclchk.c.

4145 {
4146  int cacheid;
4147  Oid ownerId;
4148 
4149  /* Superusers bypass all permission checking. */
4150  if (superuser_arg(roleid))
4151  return true;
4152 
4153  /* For large objects, the catalog to consult is pg_largeobject_metadata */
4154  if (classid == LargeObjectRelationId)
4155  classid = LargeObjectMetadataRelationId;
4156 
4157  cacheid = get_object_catcache_oid(classid);
4158  if (cacheid != -1)
4159  {
4160  /* we can get the object's tuple from the syscache */
4161  HeapTuple tuple;
4162 
4163  tuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objectid));
4164  if (!HeapTupleIsValid(tuple))
4165  ereport(ERROR,
4166  (errcode(ERRCODE_UNDEFINED_OBJECT),
4167  errmsg("%s with OID %u does not exist", get_object_class_descr(classid), objectid)));
4168 
4169  ownerId = DatumGetObjectId(SysCacheGetAttrNotNull(cacheid,
4170  tuple,
4171  get_object_attnum_owner(classid)));
4172  ReleaseSysCache(tuple);
4173  }
4174  else
4175  {
4176  /* for catalogs without an appropriate syscache */
4177  Relation rel;
4178  ScanKeyData entry[1];
4179  SysScanDesc scan;
4180  HeapTuple tuple;
4181  bool isnull;
4182 
4183  rel = table_open(classid, AccessShareLock);
4184 
4185  ScanKeyInit(&entry[0],
4186  get_object_attnum_oid(classid),
4187  BTEqualStrategyNumber, F_OIDEQ,
4188  ObjectIdGetDatum(objectid));
4189 
4190  scan = systable_beginscan(rel,
4191  get_object_oid_index(classid), true,
4192  NULL, 1, entry);
4193 
4194  tuple = systable_getnext(scan);
4195  if (!HeapTupleIsValid(tuple))
4196  ereport(ERROR,
4197  (errcode(ERRCODE_UNDEFINED_OBJECT),
4198  errmsg("%s with OID %u does not exist", get_object_class_descr(classid), objectid)));
4199 
4200  ownerId = DatumGetObjectId(heap_getattr(tuple,
4201  get_object_attnum_owner(classid),
4202  RelationGetDescr(rel),
4203  &isnull));
4204  Assert(!isnull);
4205 
4206  systable_endscan(scan);
4208  }
4209 
4210  return has_privs_of_role(roleid, ownerId);
4211 }
AttrNumber get_object_attnum_oid(Oid class_id)
Oid get_object_oid_index(Oid class_id)

References AccessShareLock, Assert, BTEqualStrategyNumber, DatumGetObjectId(), ereport, errcode(), errmsg(), ERROR, get_object_attnum_oid(), get_object_attnum_owner(), get_object_catcache_oid(), get_object_class_descr(), get_object_oid_index(), has_privs_of_role(), heap_getattr(), HeapTupleIsValid, ObjectIdGetDatum(), RelationGetDescr, ReleaseSysCache(), ScanKeyInit(), SearchSysCache1(), superuser_arg(), SysCacheGetAttrNotNull(), systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by AlterCollation(), AlterDatabase(), AlterDatabaseOwner(), AlterDatabaseRefreshColl(), AlterDatabaseSet(), AlterEventTrigger(), AlterEventTriggerOwner_internal(), AlterExtensionNamespace(), AlterForeignServer(), AlterForeignServerOwner_internal(), AlterFunction(), AlterOperator(), AlterOpFamilyAdd(), AlterPublication(), AlterPublicationOwner_internal(), AlterRoleSet(), AlterSchemaOwner_internal(), AlterStatistics(), AlterSubscription(), AlterSubscriptionOwner_internal(), AlterTableMoveAll(), AlterTableSpaceOptions(), AlterTSConfiguration(), AlterTSDictionary(), AlterType(), AlterTypeNamespace_oid(), AlterTypeOwner(), ATExecChangeOwner(), ATSimplePermissions(), be_lo_unlink(), brin_desummarize_range(), brin_summarize_range(), check_enable_rls(), check_object_ownership(), checkDomainOwner(), checkEnumOwner(), checkPartition(), CreateCast(), createdb(), CreateProceduralLanguage(), CreateStatistics(), CreateTransform(), DefineOpClass(), DefineQueryRewrite(), DefineType(), dropdb(), DropSubscription(), DropTableSpace(), EnableDisableRule(), ExecAlterExtensionContentsStmt(), ExecAlterExtensionStmt(), ExecuteTruncateGuts(), gin_clean_pending_list(), heap_force_common(), MergeAttributes(), movedb(), OperatorCreate(), ProcedureCreate(), PublicationAddTables(), RangeVarCallbackForAlterRelation(), RangeVarCallbackForDropRelation(), RangeVarCallbackForPolicy(), RangeVarCallbackForRenameRule(), RangeVarCallbackForRenameTrigger(), RangeVarCallbackOwnsRelation(), RangeVarGetAndCheckCreationNamespace(), ReindexMultipleTables(), RemoveObjects(), renameatt_check(), RenameDatabase(), RenameSchema(), RenameTableSpace(), RenameType(), RI_Initial_Check(), user_mapping_ddl_aclcheck(), vacuum_is_permitted_for_relation(), and ValidateOperatorReference().

◆ objectNamesToOids()

static List * objectNamesToOids ( ObjectType  objtype,
List objnames,
bool  is_grant 
)
static

Definition at line 668 of file aclchk.c.

669 {
670  List *objects = NIL;
671  ListCell *cell;
672 
673  Assert(objnames != NIL);
674 
675  switch (objtype)
676  {
677  case OBJECT_TABLE:
678  case OBJECT_SEQUENCE:
679  foreach(cell, objnames)
680  {
681  RangeVar *relvar = (RangeVar *) lfirst(cell);
682  Oid relOid;
683 
684  relOid = RangeVarGetRelid(relvar, NoLock, false);
685  objects = lappend_oid(objects, relOid);
686  }
687  break;
688  case OBJECT_DATABASE:
689  foreach(cell, objnames)
690  {
691  char *dbname = strVal(lfirst(cell));
692  Oid dbid;
693 
694  dbid = get_database_oid(dbname, false);
695  objects = lappend_oid(objects, dbid);
696  }
697  break;
698  case OBJECT_DOMAIN:
699  case OBJECT_TYPE:
700  foreach(cell, objnames)
701  {
702  List *typname = (List *) lfirst(cell);
703  Oid oid;
704 
706  objects = lappend_oid(objects, oid);
707  }
708  break;
709  case OBJECT_FUNCTION:
710  foreach(cell, objnames)
711  {
712  ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
713  Oid funcid;
714 
715  funcid = LookupFuncWithArgs(OBJECT_FUNCTION, func, false);
716  objects = lappend_oid(objects, funcid);
717  }
718  break;
719  case OBJECT_LANGUAGE:
720  foreach(cell, objnames)
721  {
722  char *langname = strVal(lfirst(cell));
723  Oid oid;
724 
725  oid = get_language_oid(langname, false);
726  objects = lappend_oid(objects, oid);
727  }
728  break;
729  case OBJECT_LARGEOBJECT:
730  foreach(cell, objnames)
731  {
732  Oid lobjOid = oidparse(lfirst(cell));
733 
734  if (!LargeObjectExists(lobjOid))
735  ereport(ERROR,
736  (errcode(ERRCODE_UNDEFINED_OBJECT),
737  errmsg("large object %u does not exist",
738  lobjOid)));
739 
740  objects = lappend_oid(objects, lobjOid);
741  }
742  break;
743  case OBJECT_SCHEMA:
744  foreach(cell, objnames)
745  {
746  char *nspname = strVal(lfirst(cell));
747  Oid oid;
748 
749  oid = get_namespace_oid(nspname, false);
750  objects = lappend_oid(objects, oid);
751  }
752  break;
753  case OBJECT_PROCEDURE:
754  foreach(cell, objnames)
755  {
756  ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
757  Oid procid;
758 
759  procid = LookupFuncWithArgs(OBJECT_PROCEDURE, func, false);
760  objects = lappend_oid(objects, procid);
761  }
762  break;
763  case OBJECT_ROUTINE:
764  foreach(cell, objnames)
765  {
766  ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
767  Oid routid;
768 
769  routid = LookupFuncWithArgs(OBJECT_ROUTINE, func, false);
770  objects = lappend_oid(objects, routid);
771  }
772  break;
773  case OBJECT_TABLESPACE:
774  foreach(cell, objnames)
775  {
776  char *spcname = strVal(lfirst(cell));
777  Oid spcoid;
778 
779  spcoid = get_tablespace_oid(spcname, false);
780  objects = lappend_oid(objects, spcoid);
781  }
782  break;
783  case OBJECT_FDW:
784  foreach(cell, objnames)
785  {
786  char *fdwname = strVal(lfirst(cell));
787  Oid fdwid = get_foreign_data_wrapper_oid(fdwname, false);
788 
789  objects = lappend_oid(objects, fdwid);
790  }
791  break;
793  foreach(cell, objnames)
794  {
795  char *srvname = strVal(lfirst(cell));
796  Oid srvid = get_foreign_server_oid(srvname, false);
797 
798  objects = lappend_oid(objects, srvid);
799  }
800  break;
802  foreach(cell, objnames)
803  {
804  /*
805  * In this code we represent a GUC by the OID of its entry in
806  * pg_parameter_acl, which we have to manufacture here if it
807  * doesn't exist yet. (That's a hack for sure, but it avoids
808  * messing with all the GRANT/REVOKE infrastructure that
809  * expects to use OIDs for object identities.) However, if
810  * this is a REVOKE, we can instead just ignore any GUCs that
811  * don't have such an entry, as they must not have any
812  * privileges needing removal.
813  */
814  char *parameter = strVal(lfirst(cell));
815  Oid parameterId = ParameterAclLookup(parameter, true);
816 
817  if (!OidIsValid(parameterId) && is_grant)
818  {
819  parameterId = ParameterAclCreate(parameter);
820 
821  /*
822  * Prevent error when processing duplicate objects, and
823  * make this new entry visible so that ExecGrant_Parameter
824  * can update it.
825  */
827  }
828  if (OidIsValid(parameterId))
829  objects = lappend_oid(objects, parameterId);
830  }
831  break;
832  default:
833  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
834  (int) objtype);
835  }
836 
837  return objects;
838 }
Oid get_tablespace_oid(const char *tablespacename, bool missing_ok)
Definition: tablespace.c:1426
#define OidIsValid(objectId)
Definition: c.h:775
Oid get_database_oid(const char *dbname, bool missing_ok)
Definition: dbcommands.c:3107
Oid get_foreign_server_oid(const char *servername, bool missing_ok)
Definition: foreign.c:694
Oid get_foreign_data_wrapper_oid(const char *fdwname, bool missing_ok)
Definition: foreign.c:671
#define NoLock
Definition: lockdefs.h:34
TypeName * makeTypeNameFromNameList(List *names)
Definition: makefuncs.c:458
Oid get_namespace_oid(const char *nspname, bool missing_ok)
Definition: namespace.c:3520
#define RangeVarGetRelid(relation, lockmode, missing_ok)
Definition: namespace.h:80
Oid oidparse(Node *node)
Definition: oid.c:235
Oid LookupFuncWithArgs(ObjectType objtype, ObjectWithArgs *func, bool missing_ok)
Definition: parse_func.c:2206
Oid typenameTypeId(ParseState *pstate, const TypeName *typeName)
Definition: parse_type.c:291
bool LargeObjectExists(Oid loid)
Oid ParameterAclLookup(const char *parameter, bool missing_ok)
Oid ParameterAclCreate(const char *parameter)
NameData typname
Definition: pg_type.h:41
Oid get_language_oid(const char *langname, bool missing_ok)
Definition: proclang.c:226
char * dbname
Definition: streamutil.c:52

References Assert, CommandCounterIncrement(), dbname, elog, ereport, errcode(), errmsg(), ERROR, get_database_oid(), get_foreign_data_wrapper_oid(), get_foreign_server_oid(), get_language_oid(), get_namespace_oid(), get_tablespace_oid(), lappend_oid(), LargeObjectExists(), lfirst, LookupFuncWithArgs(), makeTypeNameFromNameList(), NIL, NoLock, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, OidIsValid, oidparse(), ParameterAclCreate(), ParameterAclLookup(), RangeVarGetRelid, strVal, typenameTypeId(), and typname.

Referenced by ExecuteGrantStmt().

◆ objectsInSchemaToOids()

static List * objectsInSchemaToOids ( ObjectType  objtype,
List nspnames 
)
static

Definition at line 848 of file aclchk.c.

849 {
850  List *objects = NIL;
851  ListCell *cell;
852 
853  foreach(cell, nspnames)
854  {
855  char *nspname = strVal(lfirst(cell));
856  Oid namespaceId;
857  List *objs;
858 
859  namespaceId = LookupExplicitNamespace(nspname, false);
860 
861  switch (objtype)
862  {
863  case OBJECT_TABLE:
864  objs = getRelationsInNamespace(namespaceId, RELKIND_RELATION);
865  objects = list_concat(objects, objs);
866  objs = getRelationsInNamespace(namespaceId, RELKIND_VIEW);
867  objects = list_concat(objects, objs);
868  objs = getRelationsInNamespace(namespaceId, RELKIND_MATVIEW);
869  objects = list_concat(objects, objs);
870  objs = getRelationsInNamespace(namespaceId, RELKIND_FOREIGN_TABLE);
871  objects = list_concat(objects, objs);
872  objs = getRelationsInNamespace(namespaceId, RELKIND_PARTITIONED_TABLE);
873  objects = list_concat(objects, objs);
874  break;
875  case OBJECT_SEQUENCE:
876  objs = getRelationsInNamespace(namespaceId, RELKIND_SEQUENCE);
877  objects = list_concat(objects, objs);
878  break;
879  case OBJECT_FUNCTION:
880  case OBJECT_PROCEDURE:
881  case OBJECT_ROUTINE:
882  {
883  ScanKeyData key[2];
884  int keycount;
885  Relation rel;
886  TableScanDesc scan;
887  HeapTuple tuple;
888 
889  keycount = 0;
890  ScanKeyInit(&key[keycount++],
891  Anum_pg_proc_pronamespace,
892  BTEqualStrategyNumber, F_OIDEQ,
893  ObjectIdGetDatum(namespaceId));
894 
895  if (objtype == OBJECT_FUNCTION)
896  /* includes aggregates and window functions */
897  ScanKeyInit(&key[keycount++],
898  Anum_pg_proc_prokind,
899  BTEqualStrategyNumber, F_CHARNE,
900  CharGetDatum(PROKIND_PROCEDURE));
901  else if (objtype == OBJECT_PROCEDURE)
902  ScanKeyInit(&key[keycount++],
903  Anum_pg_proc_prokind,
904  BTEqualStrategyNumber, F_CHAREQ,
905  CharGetDatum(PROKIND_PROCEDURE));
906 
907  rel = table_open(ProcedureRelationId, AccessShareLock);
908  scan = table_beginscan_catalog(rel, keycount, key);
909 
910  while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
911  {
912  Oid oid = ((Form_pg_proc) GETSTRUCT(tuple))->oid;
913 
914  objects = lappend_oid(objects, oid);
915  }
916 
917  table_endscan(scan);
919  }
920  break;
921  default:
922  /* should not happen */
923  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
924  (int) objtype);
925  }
926  }
927 
928  return objects;
929 }
static List * getRelationsInNamespace(Oid namespaceId, char relkind)
Definition: aclchk.c:937
List * list_concat(List *list1, const List *list2)
Definition: list.c:561
Oid LookupExplicitNamespace(const char *nspname, bool missing_ok)
Definition: namespace.c:3370
FormData_pg_proc * Form_pg_proc
Definition: pg_proc.h:136

References AccessShareLock, BTEqualStrategyNumber, CharGetDatum(), elog, ERROR, ForwardScanDirection, getRelationsInNamespace(), GETSTRUCT, heap_getnext(), sort-test::key, lappend_oid(), lfirst, list_concat(), LookupExplicitNamespace(), NIL, OBJECT_FUNCTION, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SEQUENCE, OBJECT_TABLE, ObjectIdGetDatum(), ScanKeyInit(), strVal, table_beginscan_catalog(), table_close(), table_endscan(), and table_open().

Referenced by ExecuteGrantStmt().

◆ pg_aclmask()

static AclMode pg_aclmask ( ObjectType  objtype,
Oid  object_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 3033 of file aclchk.c.

3035 {
3036  switch (objtype)
3037  {
3038  case OBJECT_COLUMN:
3039  return
3040  pg_class_aclmask(object_oid, roleid, mask, how) |
3041  pg_attribute_aclmask(object_oid, attnum, roleid, mask, how);
3042  case OBJECT_TABLE:
3043  case OBJECT_SEQUENCE:
3044  return pg_class_aclmask(object_oid, roleid, mask, how);
3045  case OBJECT_DATABASE:
3046  return object_aclmask(DatabaseRelationId, object_oid, roleid, mask, how);
3047  case OBJECT_FUNCTION:
3048  return object_aclmask(ProcedureRelationId, object_oid, roleid, mask, how);
3049  case OBJECT_LANGUAGE:
3050  return object_aclmask(LanguageRelationId, object_oid, roleid, mask, how);
3051  case OBJECT_LARGEOBJECT:
3052  return pg_largeobject_aclmask_snapshot(object_oid, roleid,
3053  mask, how, NULL);
3054  case OBJECT_PARAMETER_ACL:
3055  return pg_parameter_acl_aclmask(object_oid, roleid, mask, how);
3056  case OBJECT_SCHEMA:
3057  return object_aclmask(NamespaceRelationId, object_oid, roleid, mask, how);
3058  case OBJECT_STATISTIC_EXT:
3059  elog(ERROR, "grantable rights not supported for statistics objects");
3060  /* not reached, but keep compiler quiet */
3061  return ACL_NO_RIGHTS;
3062  case OBJECT_TABLESPACE:
3063  return object_aclmask(TableSpaceRelationId, object_oid, roleid, mask, how);
3064  case OBJECT_FDW:
3065  return object_aclmask(ForeignDataWrapperRelationId, object_oid, roleid, mask, how);
3066  case OBJECT_FOREIGN_SERVER:
3067  return object_aclmask(ForeignServerRelationId, object_oid, roleid, mask, how);
3068  case OBJECT_EVENT_TRIGGER:
3069  elog(ERROR, "grantable rights not supported for event triggers");
3070  /* not reached, but keep compiler quiet */
3071  return ACL_NO_RIGHTS;
3072  case OBJECT_TYPE:
3073  return object_aclmask(TypeRelationId, object_oid, roleid, mask, how);
3074  default:
3075  elog(ERROR, "unrecognized object type: %d",
3076  (int) objtype);
3077  /* not reached, but keep compiler quiet */
3078  return ACL_NO_RIGHTS;
3079  }
3080 }
static AclMode pg_largeobject_aclmask_snapshot(Oid lobj_oid, Oid roleid, AclMode mask, AclMaskHow how, Snapshot snapshot)
Definition: aclchk.c:3589
static AclMode pg_attribute_aclmask(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3201
static AclMode pg_parameter_acl_aclmask(Oid acl_oid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3530
static AclMode object_aclmask(Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3098
AclMode pg_class_aclmask(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3326

References ACL_NO_RIGHTS, attnum, elog, ERROR, object_aclmask(), OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_EVENT_TRIGGER, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_STATISTIC_EXT, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, pg_attribute_aclmask(), pg_class_aclmask(), pg_largeobject_aclmask_snapshot(), and pg_parameter_acl_aclmask().

Referenced by restrict_and_check_grant().

◆ pg_attribute_aclcheck()

AclResult pg_attribute_aclcheck ( Oid  table_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mode 
)

Definition at line 3922 of file aclchk.c.

3924 {
3925  return pg_attribute_aclcheck_ext(table_oid, attnum, roleid, mode, NULL);
3926 }
AclResult pg_attribute_aclcheck_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
Definition: aclchk.c:3934

References attnum, mode, and pg_attribute_aclcheck_ext().

Referenced by BuildIndexValueDescription(), checkFkeyPermissions(), examine_simple_variable(), ExecBuildSlotPartitionKeyDescription(), ExecBuildSlotValueDescription(), ExecCheckOneRelPerms(), ExecCheckPermissionsModified(), ri_ReportViolation(), and statext_is_compatible_clause().

◆ pg_attribute_aclcheck_all()

AclResult pg_attribute_aclcheck_all ( Oid  table_oid,
Oid  roleid,
AclMode  mode,
AclMaskHow  how 
)

Definition at line 3964 of file aclchk.c.

3966 {
3967  return pg_attribute_aclcheck_all_ext(table_oid, roleid, mode, how, NULL);
3968 }
AclResult pg_attribute_aclcheck_all_ext(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:3975

References mode, and pg_attribute_aclcheck_all_ext().

Referenced by ExecCheckOneRelPerms(), ExecCheckPermissionsModified(), has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_name(), and statext_is_compatible_clause().

◆ pg_attribute_aclcheck_all_ext()

AclResult pg_attribute_aclcheck_all_ext ( Oid  table_oid,
Oid  roleid,
AclMode  mode,
AclMaskHow  how,
bool is_missing 
)

Definition at line 3975 of file aclchk.c.

3978 {
3979  AclResult result;
3980  HeapTuple classTuple;
3981  Form_pg_class classForm;
3982  Oid ownerId;
3983  AttrNumber nattrs;
3984  AttrNumber curr_att;
3985 
3986  /*
3987  * Must fetch pg_class row to get owner ID and number of attributes.
3988  */
3989  classTuple = SearchSysCache1(RELOID, ObjectIdGetDatum(table_oid));
3990  if (!HeapTupleIsValid(classTuple))
3991  {
3992  if (is_missing != NULL)
3993  {
3994  /* return "no privileges" instead of throwing an error */
3995  *is_missing = true;
3996  return ACLCHECK_NO_PRIV;
3997  }
3998  else
3999  ereport(ERROR,
4001  errmsg("relation with OID %u does not exist",
4002  table_oid)));
4003  }
4004  classForm = (Form_pg_class) GETSTRUCT(classTuple);
4005 
4006  ownerId = classForm->relowner;
4007  nattrs = classForm->relnatts;
4008 
4009  ReleaseSysCache(classTuple);
4010 
4011  /*
4012  * Initialize result in case there are no non-dropped columns. We want to
4013  * report failure in such cases for either value of 'how'.
4014  */
4015  result = ACLCHECK_NO_PRIV;
4016 
4017  for (curr_att = 1; curr_att <= nattrs; curr_att++)
4018  {
4019  HeapTuple attTuple;
4020  Datum aclDatum;
4021  bool isNull;
4022  Acl *acl;
4023  AclMode attmask;
4024 
4025  attTuple = SearchSysCache2(ATTNUM,
4026  ObjectIdGetDatum(table_oid),
4027  Int16GetDatum(curr_att));
4028 
4029  /*
4030  * Lookup failure probably indicates that the table was just dropped,
4031  * but we'll treat it the same as a dropped column rather than
4032  * throwing error.
4033  */
4034  if (!HeapTupleIsValid(attTuple))
4035  continue;
4036 
4037  /* ignore dropped columns */
4038  if (((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped)
4039  {
4040  ReleaseSysCache(attTuple);
4041  continue;
4042  }
4043 
4044  aclDatum = SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
4045  &isNull);
4046 
4047  /*
4048  * Here we hard-wire knowledge that the default ACL for a column
4049  * grants no privileges, so that we can fall out quickly in the very
4050  * common case where attacl is null.
4051  */
4052  if (isNull)
4053  attmask = 0;
4054  else
4055  {
4056  /* detoast column's ACL if necessary */
4057  acl = DatumGetAclP(aclDatum);
4058 
4059  attmask = aclmask(acl, roleid, ownerId, mode, ACLMASK_ANY);
4060 
4061  /* if we have a detoasted copy, free it */
4062  if ((Pointer) acl != DatumGetPointer(aclDatum))
4063  pfree(acl);
4064  }
4065 
4066  ReleaseSysCache(attTuple);
4067 
4068  if (attmask != 0)
4069  {
4070  result = ACLCHECK_OK;
4071  if (how == ACLMASK_ANY)
4072  break; /* succeed on any success */
4073  }
4074  else
4075  {
4076  result = ACLCHECK_NO_PRIV;
4077  if (how == ACLMASK_ALL)
4078  break; /* fail on any failure */
4079  }
4080  }
4081 
4082  return result;
4083 }
AclResult
Definition: acl.h:182
@ ACLMASK_ALL
Definition: acl.h:176
#define ERRCODE_UNDEFINED_TABLE
Definition: pgbench.c:78

References ACLCHECK_NO_PRIV, ACLCHECK_OK, aclmask(), ACLMASK_ALL, ACLMASK_ANY, DatumGetAclP, DatumGetPointer(), ereport, errcode(), ERRCODE_UNDEFINED_TABLE, errmsg(), ERROR, GETSTRUCT, HeapTupleIsValid, Int16GetDatum(), mode, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), SearchSysCache2(), and SysCacheGetAttr().

Referenced by has_any_column_privilege_id(), has_any_column_privilege_id_id(), has_any_column_privilege_name_id(), and pg_attribute_aclcheck_all().

◆ pg_attribute_aclcheck_ext()

AclResult pg_attribute_aclcheck_ext ( Oid  table_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mode,
bool is_missing 
)

Definition at line 3934 of file aclchk.c.

3936 {
3937  if (pg_attribute_aclmask_ext(table_oid, attnum, roleid, mode,
3938  ACLMASK_ANY, is_missing) != 0)
3939  return ACLCHECK_OK;
3940  else
3941  return ACLCHECK_NO_PRIV;
3942 }
static AclMode pg_attribute_aclmask_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:3212

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, attnum, mode, and pg_attribute_aclmask_ext().

Referenced by column_privilege_check(), and pg_attribute_aclcheck().

◆ pg_attribute_aclmask()

static AclMode pg_attribute_aclmask ( Oid  table_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 3201 of file aclchk.c.

3203 {
3204  return pg_attribute_aclmask_ext(table_oid, attnum, roleid,
3205  mask, how, NULL);
3206 }

References attnum, and pg_attribute_aclmask_ext().

Referenced by pg_aclmask().

◆ pg_attribute_aclmask_ext()

static AclMode pg_attribute_aclmask_ext ( Oid  table_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
bool is_missing 
)
static

Definition at line 3212 of file aclchk.c.

3214 {
3215  AclMode result;
3216  HeapTuple classTuple;
3217  HeapTuple attTuple;
3218  Form_pg_class classForm;
3219  Form_pg_attribute attributeForm;
3220  Datum aclDatum;
3221  bool isNull;
3222  Acl *acl;
3223  Oid ownerId;
3224 
3225  /*
3226  * First, get the column's ACL from its pg_attribute entry
3227  */
3228  attTuple = SearchSysCache2(ATTNUM,
3229  ObjectIdGetDatum(table_oid),
3231  if (!HeapTupleIsValid(attTuple))
3232  {
3233  if (is_missing != NULL)
3234  {
3235  /* return "no privileges" instead of throwing an error */
3236  *is_missing = true;
3237  return 0;
3238  }
3239  else
3240  ereport(ERROR,
3241  (errcode(ERRCODE_UNDEFINED_COLUMN),
3242  errmsg("attribute %d of relation with OID %u does not exist",
3243  attnum, table_oid)));
3244  }
3245 
3246  attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
3247 
3248  /* Check dropped columns, too */
3249  if (attributeForm->attisdropped)
3250  {
3251  if (is_missing != NULL)
3252  {
3253  /* return "no privileges" instead of throwing an error */
3254  *is_missing = true;
3255  ReleaseSysCache(attTuple);
3256  return 0;
3257  }
3258  else
3259  ereport(ERROR,
3260  (errcode(ERRCODE_UNDEFINED_COLUMN),
3261  errmsg("attribute %d of relation with OID %u does not exist",
3262  attnum, table_oid)));
3263  }
3264 
3265  aclDatum = SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
3266  &isNull);
3267 
3268  /*
3269  * Here we hard-wire knowledge that the default ACL for a column grants no
3270  * privileges, so that we can fall out quickly in the very common case
3271  * where attacl is null.
3272  */
3273  if (isNull)
3274  {
3275  ReleaseSysCache(attTuple);
3276  return 0;
3277  }
3278 
3279  /*
3280  * Must get the relation's ownerId from pg_class. Since we already found
3281  * a pg_attribute entry, the only likely reason for this to fail is that a
3282  * concurrent DROP of the relation committed since then (which could only
3283  * happen if we don't have lock on the relation). Treat that similarly to
3284  * not finding the attribute entry.
3285  */
3286  classTuple = SearchSysCache1(RELOID, ObjectIdGetDatum(table_oid));
3287  if (!HeapTupleIsValid(classTuple))
3288  {
3289  ReleaseSysCache(attTuple);
3290  if (is_missing != NULL)
3291  {
3292  /* return "no privileges" instead of throwing an error */
3293  *is_missing = true;
3294  return 0;
3295  }
3296  else
3297  ereport(ERROR,
3299  errmsg("relation with OID %u does not exist",
3300  table_oid)));
3301  }
3302  classForm = (Form_pg_class) GETSTRUCT(classTuple);
3303 
3304  ownerId = classForm->relowner;
3305 
3306  ReleaseSysCache(classTuple);
3307 
3308  /* detoast column's ACL if necessary */
3309  acl = DatumGetAclP(aclDatum);
3310 
3311  result = aclmask(acl, roleid, ownerId, mask, how);
3312 
3313  /* if we have a detoasted copy, free it */
3314  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3315  pfree(acl);
3316 
3317  ReleaseSysCache(attTuple);
3318 
3319  return result;
3320 }

References aclmask(), attnum, DatumGetAclP, DatumGetPointer(), ereport, errcode(), ERRCODE_UNDEFINED_TABLE, errmsg(), ERROR, GETSTRUCT, HeapTupleIsValid, Int16GetDatum(), ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), SearchSysCache2(), and SysCacheGetAttr().

Referenced by pg_attribute_aclcheck_ext(), and pg_attribute_aclmask().

◆ pg_class_aclcheck()

◆ pg_class_aclcheck_ext()

AclResult pg_class_aclcheck_ext ( Oid  table_oid,
Oid  roleid,
AclMode  mode,
bool is_missing 
)

Definition at line 4103 of file aclchk.c.

4105 {
4106  if (pg_class_aclmask_ext(table_oid, roleid, mode,
4107  ACLMASK_ANY, is_missing) != 0)
4108  return ACLCHECK_OK;
4109  else
4110  return ACLCHECK_NO_PRIV;
4111 }
static AclMode pg_class_aclmask_ext(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:3336

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, and pg_class_aclmask_ext().

Referenced by column_privilege_check(), has_any_column_privilege_id(), has_any_column_privilege_id_id(), has_any_column_privilege_name_id(), has_sequence_privilege_id(), has_sequence_privilege_id_id(), has_sequence_privilege_name_id(), has_table_privilege_id(), has_table_privilege_id_id(), has_table_privilege_name_id(), and pg_class_aclcheck().

◆ pg_class_aclmask()

AclMode pg_class_aclmask ( Oid  table_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)

Definition at line 3326 of file aclchk.c.

3328 {
3329  return pg_class_aclmask_ext(table_oid, roleid, mask, how, NULL);
3330 }

References pg_class_aclmask_ext().

Referenced by ExecCheckOneRelPerms(), and pg_aclmask().

◆ pg_class_aclmask_ext()

static AclMode pg_class_aclmask_ext ( Oid  table_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
bool is_missing 
)
static

Definition at line 3336 of file aclchk.c.

3338 {
3339  AclMode result;
3340  HeapTuple tuple;
3341  Form_pg_class classForm;
3342  Datum aclDatum;
3343  bool isNull;
3344  Acl *acl;
3345  Oid ownerId;
3346 
3347  /*
3348  * Must get the relation's tuple from pg_class
3349  */
3350  tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(table_oid));
3351  if (!HeapTupleIsValid(tuple))
3352  {
3353  if (is_missing != NULL)
3354  {
3355  /* return "no privileges" instead of throwing an error */
3356  *is_missing = true;
3357  return 0;
3358  }
3359  else
3360  ereport(ERROR,
3362  errmsg("relation with OID %u does not exist",
3363  table_oid)));
3364  }
3365 
3366  classForm = (Form_pg_class) GETSTRUCT(tuple);
3367 
3368  /*
3369  * Deny anyone permission to update a system catalog unless
3370  * pg_authid.rolsuper is set.
3371  *
3372  * As of 7.4 we have some updatable system views; those shouldn't be
3373  * protected in this way. Assume the view rules can take care of
3374  * themselves. ACL_USAGE is if we ever have system sequences.
3375  */
3376  if ((mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE | ACL_USAGE)) &&
3377  IsSystemClass(table_oid, classForm) &&
3378  classForm->relkind != RELKIND_VIEW &&
3379  !superuser_arg(roleid))
3381 
3382  /*
3383  * Otherwise, superusers bypass all permission-checking.
3384  */
3385  if (superuser_arg(roleid))
3386  {
3387  ReleaseSysCache(tuple);
3388  return mask;
3389  }
3390 
3391  /*
3392  * Normal case: get the relation's ACL from pg_class
3393  */
3394  ownerId = classForm->relowner;
3395 
3396  aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
3397  &isNull);
3398  if (isNull)
3399  {
3400  /* No ACL, so build default ACL */
3401  switch (classForm->relkind)
3402  {
3403  case RELKIND_SEQUENCE:
3404  acl = acldefault(OBJECT_SEQUENCE, ownerId);
3405  break;
3406  default:
3407  acl = acldefault(OBJECT_TABLE, ownerId);
3408  break;
3409  }
3410  aclDatum = (Datum) 0;
3411  }
3412  else
3413  {
3414  /* detoast rel's ACL if necessary */
3415  acl = DatumGetAclP(aclDatum);
3416  }
3417 
3418  result = aclmask(acl, roleid, ownerId, mask, how);
3419 
3420  /* if we have a detoasted copy, free it */
3421  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3422  pfree(acl);
3423 
3424  ReleaseSysCache(tuple);
3425 
3426  /*
3427  * Check if ACL_SELECT is being checked and, if so, and not set already as
3428  * part of the result, then check if the user is a member of the
3429  * pg_read_all_data role, which allows read access to all relations.
3430  */
3431  if (mask & ACL_SELECT && !(result & ACL_SELECT) &&
3432  has_privs_of_role(roleid, ROLE_PG_READ_ALL_DATA))
3433  result |= ACL_SELECT;
3434 
3435  /*
3436  * Check if ACL_INSERT, ACL_UPDATE, or ACL_DELETE is being checked and, if
3437  * so, and not set already as part of the result, then check if the user
3438  * is a member of the pg_write_all_data role, which allows
3439  * INSERT/UPDATE/DELETE access to all relations (except system catalogs,
3440  * which requires superuser, see above).
3441  */
3442  if (mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE) &&
3443  !(result & (ACL_INSERT | ACL_UPDATE | ACL_DELETE)) &&
3444  has_privs_of_role(roleid, ROLE_PG_WRITE_ALL_DATA))
3445  result |= (mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE));
3446 
3447  /*
3448  * Check if ACL_MAINTAIN is being checked and, if so, and not already set
3449  * as part of the result, then check if the user is a member of the
3450  * pg_maintain role, which allows VACUUM, ANALYZE, CLUSTER, REFRESH
3451  * MATERIALIZED VIEW, and REINDEX on all relations.
3452  */
3453  if (mask & ACL_MAINTAIN &&
3454  !(result & ACL_MAINTAIN) &&
3455  has_privs_of_role(roleid, ROLE_PG_MAINTAIN))
3456  result |= ACL_MAINTAIN;
3457 
3458  return result;
3459 }
bool IsSystemClass(Oid relid, Form_pg_class reltuple)
Definition: catalog.c:85
#define ACL_DELETE
Definition: parsenodes.h:79
#define ACL_MAINTAIN
Definition: parsenodes.h:90
#define ACL_USAGE
Definition: parsenodes.h:84
#define ACL_INSERT
Definition: parsenodes.h:76
#define ACL_UPDATE
Definition: parsenodes.h:78
#define ACL_TRUNCATE
Definition: parsenodes.h:80

References ACL_DELETE, ACL_INSERT, ACL_MAINTAIN, ACL_SELECT, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, acldefault(), aclmask(), DatumGetAclP, DatumGetPointer(), ereport, errcode(), ERRCODE_UNDEFINED_TABLE, errmsg(), ERROR, GETSTRUCT, has_privs_of_role(), HeapTupleIsValid, IsSystemClass(), OBJECT_SEQUENCE, OBJECT_TABLE, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by pg_class_aclcheck_ext(), and pg_class_aclmask().

◆ pg_largeobject_aclcheck_snapshot()

AclResult pg_largeobject_aclcheck_snapshot ( Oid  lobj_oid,
Oid  roleid,
AclMode  mode,
Snapshot  snapshot 
)

Definition at line 4130 of file aclchk.c.

4132 {
4133  if (pg_largeobject_aclmask_snapshot(lobj_oid, roleid, mode,
4134  ACLMASK_ANY, snapshot) != 0)
4135  return ACLCHECK_OK;
4136  else
4137  return ACLCHECK_NO_PRIV;
4138 }

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, and pg_largeobject_aclmask_snapshot().

Referenced by inv_open().

◆ pg_largeobject_aclmask_snapshot()

static AclMode pg_largeobject_aclmask_snapshot ( Oid  lobj_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
Snapshot  snapshot 
)
static

Definition at line 3589 of file aclchk.c.

3592 {
3593  AclMode result;
3594  Relation pg_lo_meta;
3595  ScanKeyData entry[1];
3596  SysScanDesc scan;
3597  HeapTuple tuple;
3598  Datum aclDatum;
3599  bool isNull;
3600  Acl *acl;
3601  Oid ownerId;
3602 
3603  /* Superusers bypass all permission checking. */
3604  if (superuser_arg(roleid))
3605  return mask;
3606 
3607  /*
3608  * Get the largeobject's ACL from pg_largeobject_metadata
3609  */
3610  pg_lo_meta = table_open(LargeObjectMetadataRelationId,
3611  AccessShareLock);
3612 
3613  ScanKeyInit(&entry[0],
3614  Anum_pg_largeobject_metadata_oid,
3615  BTEqualStrategyNumber, F_OIDEQ,
3616  ObjectIdGetDatum(lobj_oid));
3617 
3618  scan = systable_beginscan(pg_lo_meta,
3619  LargeObjectMetadataOidIndexId, true,
3620  snapshot, 1, entry);
3621 
3622  tuple = systable_getnext(scan);
3623  if (!HeapTupleIsValid(tuple))
3624  ereport(ERROR,
3625  (errcode(ERRCODE_UNDEFINED_OBJECT),
3626  errmsg("large object %u does not exist", lobj_oid)));
3627 
3628  ownerId = ((Form_pg_largeobject_metadata) GETSTRUCT(tuple))->lomowner;
3629 
3630  aclDatum = heap_getattr(tuple, Anum_pg_largeobject_metadata_lomacl,
3631  RelationGetDescr(pg_lo_meta), &isNull);
3632 
3633  if (isNull)
3634  {
3635  /* No ACL, so build default ACL */
3636  acl = acldefault(OBJECT_LARGEOBJECT, ownerId);
3637  aclDatum = (Datum) 0;
3638  }
3639  else
3640  {
3641  /* detoast ACL if necessary */
3642  acl = DatumGetAclP(aclDatum);
3643  }
3644 
3645  result = aclmask(acl, roleid, ownerId, mask, how);
3646 
3647  /* if we have a detoasted copy, free it */
3648  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3649  pfree(acl);
3650 
3651  systable_endscan(scan);
3652 
3653  table_close(pg_lo_meta, AccessShareLock);
3654 
3655  return result;
3656 }

References AccessShareLock, acldefault(), aclmask(), BTEqualStrategyNumber, DatumGetAclP, DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, GETSTRUCT, heap_getattr(), HeapTupleIsValid, OBJECT_LARGEOBJECT, ObjectIdGetDatum(), pfree(), RelationGetDescr, ScanKeyInit(), superuser_arg(), systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by pg_aclmask(), and pg_largeobject_aclcheck_snapshot().

◆ pg_namespace_aclmask_ext()

static AclMode pg_namespace_aclmask_ext ( Oid  nsp_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
bool is_missing 
)
static

Definition at line 3662 of file aclchk.c.

3665 {
3666  AclMode result;
3667  HeapTuple tuple;
3668  Datum aclDatum;
3669  bool isNull;
3670  Acl *acl;
3671  Oid ownerId;
3672 
3673  /* Superusers bypass all permission checking. */
3674  if (superuser_arg(roleid))
3675  return mask;
3676 
3677  /*
3678  * If we have been assigned this namespace as a temp namespace, check to
3679  * make sure we have CREATE TEMP permission on the database, and if so act
3680  * as though we have all standard (but not GRANT OPTION) permissions on
3681  * the namespace. If we don't have CREATE TEMP, act as though we have
3682  * only USAGE (and not CREATE) rights.
3683  *
3684  * This may seem redundant given the check in InitTempTableNamespace, but
3685  * it really isn't since current user ID may have changed since then. The
3686  * upshot of this behavior is that a SECURITY DEFINER function can create
3687  * temp tables that can then be accessed (if permission is granted) by
3688  * code in the same session that doesn't have permissions to create temp
3689  * tables.
3690  *
3691  * XXX Would it be safe to ereport a special error message as
3692  * InitTempTableNamespace does? Returning zero here means we'll get a
3693  * generic "permission denied for schema pg_temp_N" message, which is not
3694  * remarkably user-friendly.
3695  */
3696  if (isTempNamespace(nsp_oid))
3697  {
3698  if (object_aclcheck_ext(DatabaseRelationId, MyDatabaseId, roleid,
3699  ACL_CREATE_TEMP, is_missing) == ACLCHECK_OK)
3700  return mask & ACL_ALL_RIGHTS_SCHEMA;
3701  else
3702  return mask & ACL_USAGE;
3703  }
3704 
3705  /*
3706  * Get the schema's ACL from pg_namespace
3707  */
3708  tuple = SearchSysCache1(NAMESPACEOID, ObjectIdGetDatum(nsp_oid));
3709  if (!HeapTupleIsValid(tuple))
3710  {
3711  if (is_missing != NULL)
3712  {
3713  /* return "no privileges" instead of throwing an error */
3714  *is_missing = true;
3715  return 0;
3716  }
3717  else
3718  ereport(ERROR,
3719  (errcode(ERRCODE_UNDEFINED_SCHEMA),
3720  errmsg("schema with OID %u does not exist", nsp_oid)));
3721  }
3722 
3723  ownerId = ((Form_pg_namespace) GETSTRUCT(tuple))->nspowner;
3724 
3725  aclDatum = SysCacheGetAttr(NAMESPACEOID, tuple, Anum_pg_namespace_nspacl,
3726  &isNull);
3727  if (isNull)
3728  {
3729  /* No ACL, so build default ACL */
3730  acl = acldefault(OBJECT_SCHEMA, ownerId);
3731  aclDatum = (Datum) 0;
3732  }
3733  else
3734  {
3735  /* detoast ACL if necessary */
3736  acl = DatumGetAclP(aclDatum);
3737  }
3738 
3739  result = aclmask(acl, roleid, ownerId, mask, how);
3740 
3741  /* if we have a detoasted copy, free it */
3742  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3743  pfree(acl);
3744 
3745  ReleaseSysCache(tuple);
3746 
3747  /*
3748  * Check if ACL_USAGE is being checked and, if so, and not set already as
3749  * part of the result, then check if the user is a member of the
3750  * pg_read_all_data or pg_write_all_data roles, which allow usage access
3751  * to all schemas.
3752  */
3753  if (mask & ACL_USAGE && !(result & ACL_USAGE) &&
3754  (has_privs_of_role(roleid, ROLE_PG_READ_ALL_DATA) ||
3755  has_privs_of_role(roleid, ROLE_PG_WRITE_ALL_DATA)))
3756  result |= ACL_USAGE;
3757  return result;
3758 }
Oid MyDatabaseId
Definition: globals.c:91
bool isTempNamespace(Oid namespaceId)
Definition: namespace.c:3634
#define ACL_CREATE_TEMP
Definition: parsenodes.h:86
FormData_pg_namespace * Form_pg_namespace
Definition: pg_namespace.h:52

References ACL_ALL_RIGHTS_SCHEMA, ACL_CREATE_TEMP, ACL_USAGE, ACLCHECK_OK, acldefault(), aclmask(), DatumGetAclP, DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, GETSTRUCT, has_privs_of_role(), HeapTupleIsValid, isTempNamespace(), MyDatabaseId, object_aclcheck_ext(), OBJECT_SCHEMA, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by object_aclmask_ext().

◆ pg_parameter_acl_aclmask()

static AclMode pg_parameter_acl_aclmask ( Oid  acl_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 3530 of file aclchk.c.

3531 {
3532  AclMode result;
3533  HeapTuple tuple;
3534  Datum aclDatum;
3535  bool isNull;
3536  Acl *acl;
3537 
3538  /* Superusers bypass all permission checking. */
3539  if (superuser_arg(roleid))
3540  return mask;
3541 
3542  /* Get the ACL from pg_parameter_acl */
3543  tuple = SearchSysCache1(PARAMETERACLOID, ObjectIdGetDatum(acl_oid));
3544  if (!HeapTupleIsValid(tuple))
3545  ereport(ERROR,
3546  (errcode(ERRCODE_UNDEFINED_OBJECT),
3547  errmsg("parameter ACL with OID %u does not exist",
3548  acl_oid)));
3549 
3550  aclDatum = SysCacheGetAttr(PARAMETERACLOID, tuple,
3551  Anum_pg_parameter_acl_paracl,
3552  &isNull);
3553  if (isNull)
3554  {
3555  /* No ACL, so build default ACL */
3556  acl = acldefault(OBJECT_PARAMETER_ACL, BOOTSTRAP_SUPERUSERID);
3557  aclDatum = (Datum) 0;
3558  }
3559  else
3560  {
3561  /* detoast ACL if necessary */
3562  acl = DatumGetAclP(aclDatum);
3563  }
3564 
3565  result = aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3566 
3567  /* if we have a detoasted copy, free it */
3568  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3569  pfree(acl);
3570 
3571  ReleaseSysCache(tuple);
3572 
3573  return result;
3574 }

References acldefault(), aclmask(), DatumGetAclP, DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, HeapTupleIsValid, OBJECT_PARAMETER_ACL, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by pg_aclmask().

◆ pg_parameter_aclcheck()

AclResult pg_parameter_aclcheck ( const char *  name,
Oid  roleid,
AclMode  mode 
)

Definition at line 4118 of file aclchk.c.

4119 {
4120  if (pg_parameter_aclmask(name, roleid, mode, ACLMASK_ANY) != 0)
4121  return ACLCHECK_OK;
4122  else
4123  return ACLCHECK_NO_PRIV;
4124 }
static AclMode pg_parameter_aclmask(const char *name, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3466
const char * name

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, name, and pg_parameter_aclmask().

Referenced by AlterSystemSetConfigFile(), has_param_priv_byname(), set_config_with_handle(), and validate_option_array_item().

◆ pg_parameter_aclmask()

static AclMode pg_parameter_aclmask ( const char *  name,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 3466 of file aclchk.c.

3467 {
3468  AclMode result;
3469  char *parname;
3470  text *partext;
3471  HeapTuple tuple;
3472 
3473  /* Superusers bypass all permission checking. */
3474  if (superuser_arg(roleid))
3475  return mask;
3476 
3477  /* Convert name to the form it should have in pg_parameter_acl... */
3479  partext = cstring_to_text(parname);
3480 
3481  /* ... and look it up */
3482  tuple = SearchSysCache1(PARAMETERACLNAME, PointerGetDatum(partext));
3483 
3484  if (!HeapTupleIsValid(tuple))
3485  {
3486  /* If no entry, GUC has no permissions for non-superusers */
3487  result = ACL_NO_RIGHTS;
3488  }
3489  else
3490  {
3491  Datum aclDatum;
3492  bool isNull;
3493  Acl *acl;
3494 
3495  aclDatum = SysCacheGetAttr(PARAMETERACLNAME, tuple,
3496  Anum_pg_parameter_acl_paracl,
3497  &isNull);
3498  if (isNull)
3499  {
3500  /* No ACL, so build default ACL */
3501  acl = acldefault(OBJECT_PARAMETER_ACL, BOOTSTRAP_SUPERUSERID);
3502  aclDatum = (Datum) 0;
3503  }
3504  else
3505  {
3506  /* detoast ACL if necessary */
3507  acl = DatumGetAclP(aclDatum);
3508  }
3509 
3510  result = aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3511 
3512  /* if we have a detoasted copy, free it */
3513  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3514  pfree(acl);
3515 
3516  ReleaseSysCache(tuple);
3517  }
3518 
3519  pfree(parname);
3520  pfree(partext);
3521 
3522  return result;
3523 }
char * convert_GUC_name_for_parameter_acl(const char *name)
Definition: guc.c:1376
Definition: c.h:687
text * cstring_to_text(const char *s)
Definition: varlena.c:184

References ACL_NO_RIGHTS, acldefault(), aclmask(), convert_GUC_name_for_parameter_acl(), cstring_to_text(), DatumGetAclP, DatumGetPointer(), HeapTupleIsValid, name, OBJECT_PARAMETER_ACL, pfree(), PointerGetDatum(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by pg_parameter_aclcheck().

◆ pg_type_aclmask_ext()

static AclMode pg_type_aclmask_ext ( Oid  type_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
bool is_missing 
)
static

Definition at line 3764 of file aclchk.c.

3766 {
3767  AclMode result;
3768  HeapTuple tuple;
3769  Form_pg_type typeForm;
3770  Datum aclDatum;
3771  bool isNull;
3772  Acl *acl;
3773  Oid ownerId;
3774 
3775  /* Bypass permission checks for superusers */
3776  if (superuser_arg(roleid))
3777  return mask;
3778 
3779  /*
3780  * Must get the type's tuple from pg_type
3781  */
3782  tuple = SearchSysCache1(TYPEOID, ObjectIdGetDatum(type_oid));
3783  if (!HeapTupleIsValid(tuple))
3784  {
3785  if (is_missing != NULL)
3786  {
3787  /* return "no privileges" instead of throwing an error */
3788  *is_missing = true;
3789  return 0;
3790  }
3791  else
3792  ereport(ERROR,
3793  (errcode(ERRCODE_UNDEFINED_OBJECT),
3794  errmsg("type with OID %u does not exist",
3795  type_oid)));
3796  }
3797  typeForm = (Form_pg_type) GETSTRUCT(tuple);
3798 
3799  /*
3800  * "True" array types don't manage permissions of their own; consult the
3801  * element type instead.
3802  */
3803  if (IsTrueArrayType(typeForm))
3804  {
3805  Oid elttype_oid = typeForm->typelem;
3806 
3807  ReleaseSysCache(tuple);
3808 
3809  tuple = SearchSysCache1(TYPEOID, ObjectIdGetDatum(elttype_oid));
3810  if (!HeapTupleIsValid(tuple))
3811  {
3812  if (is_missing != NULL)
3813  {
3814  /* return "no privileges" instead of throwing an error */
3815  *is_missing = true;
3816  return 0;
3817  }
3818  else
3819  ereport(ERROR,
3820  (errcode(ERRCODE_UNDEFINED_OBJECT),
3821  errmsg("type with OID %u does not exist",
3822  elttype_oid)));
3823  }
3824  typeForm = (Form_pg_type) GETSTRUCT(tuple);
3825  }
3826 
3827  /*
3828  * Likewise, multirange types don't manage their own permissions; consult
3829  * the associated range type. (Note we must do this after the array step
3830  * to get the right answer for arrays of multiranges.)
3831  */
3832  if (typeForm->typtype == TYPTYPE_MULTIRANGE)
3833  {
3834  Oid rangetype = get_multirange_range(typeForm->oid);
3835 
3836  ReleaseSysCache(tuple);
3837 
3838  tuple = SearchSysCache1(TYPEOID, ObjectIdGetDatum(rangetype));
3839  if (!HeapTupleIsValid(tuple))
3840  {
3841  if (is_missing != NULL)
3842  {
3843  /* return "no privileges" instead of throwing an error */
3844  *is_missing = true;
3845  return 0;
3846  }
3847  else
3848  ereport(ERROR,
3849  (errcode(ERRCODE_UNDEFINED_OBJECT),
3850  errmsg("type with OID %u does not exist",
3851  rangetype)));
3852  }
3853  typeForm = (Form_pg_type) GETSTRUCT(tuple);
3854  }
3855 
3856  /*
3857  * Now get the type's owner and ACL from the tuple
3858  */
3859  ownerId = typeForm->typowner;
3860 
3861  aclDatum = SysCacheGetAttr(TYPEOID, tuple,
3862  Anum_pg_type_typacl, &isNull);
3863  if (isNull)
3864  {
3865  /* No ACL, so build default ACL */
3866  acl = acldefault(OBJECT_TYPE, ownerId);
3867  aclDatum = (Datum) 0;
3868  }
3869  else
3870  {
3871  /* detoast rel's ACL if necessary */
3872  acl = DatumGetAclP(aclDatum);
3873  }
3874 
3875  result = aclmask(acl, roleid, ownerId, mask, how);
3876 
3877  /* if we have a detoasted copy, free it */
3878  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3879  pfree(acl);
3880 
3881  ReleaseSysCache(tuple);
3882 
3883  return result;
3884 }
Oid get_multirange_range(Oid multirangeOid)
Definition: lsyscache.c:3483

References acldefault(), aclmask(), DatumGetAclP, DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, get_multirange_range(), GETSTRUCT, HeapTupleIsValid, OBJECT_TYPE, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by object_aclmask_ext().

◆ privilege_to_string()

static const char * privilege_to_string ( AclMode  privilege)
static

Definition at line 2655 of file aclchk.c.

2656 {
2657  switch (privilege)
2658  {
2659  case ACL_INSERT:
2660  return "INSERT";
2661  case ACL_SELECT:
2662  return "SELECT";
2663  case ACL_UPDATE:
2664  return "UPDATE";
2665  case ACL_DELETE:
2666  return "DELETE";
2667  case ACL_TRUNCATE:
2668  return "TRUNCATE";
2669  case ACL_REFERENCES:
2670  return "REFERENCES";
2671  case ACL_TRIGGER:
2672  return "TRIGGER";
2673  case ACL_EXECUTE:
2674  return "EXECUTE";
2675  case ACL_USAGE:
2676  return "USAGE";
2677  case ACL_CREATE:
2678  return "CREATE";
2679  case ACL_CREATE_TEMP:
2680  return "TEMP";
2681  case ACL_CONNECT:
2682  return "CONNECT";
2683  case ACL_SET:
2684  return "SET";
2685  case ACL_ALTER_SYSTEM:
2686  return "ALTER SYSTEM";
2687  case ACL_MAINTAIN:
2688  return "MAINTAIN";
2689  default:
2690  elog(ERROR, "unrecognized privilege: %d", (int) privilege);
2691  }
2692  return NULL; /* appease compiler */
2693 }
#define ACL_SET
Definition: parsenodes.h:88
#define ACL_CONNECT
Definition: parsenodes.h:87
#define ACL_ALTER_SYSTEM
Definition: parsenodes.h:89
#define ACL_REFERENCES
Definition: parsenodes.h:81
#define ACL_EXECUTE
Definition: parsenodes.h:83
#define ACL_CREATE
Definition: parsenodes.h:85
#define ACL_TRIGGER
Definition: parsenodes.h:82

References ACL_ALTER_SYSTEM, ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_MAINTAIN, ACL_REFERENCES, ACL_SELECT, ACL_SET, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, elog, and ERROR.

Referenced by ExecAlterDefaultPrivilegesStmt(), ExecGrant_Relation(), and ExecuteGrantStmt().

◆ recordDependencyOnNewAcl()

void recordDependencyOnNewAcl ( Oid  classId,
Oid  objectId,
int32  objsubId,
Oid  ownerId,
Acl acl 
)

Definition at line 4379 of file aclchk.c.

4381 {
4382  int nmembers;
4383  Oid *members;
4384 
4385  /* Nothing to do if ACL is defaulted */
4386  if (acl == NULL)
4387  return;
4388 
4389  /* Extract roles mentioned in ACL */
4390  nmembers = aclmembers(acl, &members);
4391 
4392  /* Update the shared dependency ACL info */
4393  updateAclDependencies(classId, objectId, objsubId,
4394  ownerId,
4395  0, NULL,
4396  nmembers, members);
4397 }

References aclmembers(), and updateAclDependencies().

Referenced by GenerateTypeDependencies(), heap_create_with_catalog(), NamespaceCreate(), and ProcedureCreate().

◆ recordExtensionInitPriv()

static void recordExtensionInitPriv ( Oid  objoid,
Oid  classoid,
int  objsubid,
Oid  ownerId,
Acl new_acl 
)
static

Definition at line 4693 of file aclchk.c.

4695 {
4696  /*
4697  * Generally, we only record the initial privileges when an extension is
4698  * being created, but because we don't actually use CREATE EXTENSION
4699  * during binary upgrades with pg_upgrade, there is a variable to let us
4700  * know that the GRANT and REVOKE statements being issued, while this
4701  * variable is true, are for the initial privileges of the extension
4702  * object and therefore we need to record them.
4703  */
4705  return;
4706 
4707  recordExtensionInitPrivWorker(objoid, classoid, objsubid, ownerId, new_acl);
4708 }
bool binary_upgrade_record_init_privs
Definition: aclchk.c:109
static void recordExtensionInitPrivWorker(Oid objoid, Oid classoid, int objsubid, Oid ownerId, Acl *new_acl)
Definition: aclchk.c:4723
bool creating_extension
Definition: extension.c:71

References binary_upgrade_record_init_privs, creating_extension, and recordExtensionInitPrivWorker().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), and ExecGrant_Relation().

◆ recordExtensionInitPrivWorker()

static void recordExtensionInitPrivWorker ( Oid  objoid,
Oid  classoid,
int  objsubid,
Oid  ownerId,
Acl new_acl 
)
static

Definition at line 4723 of file aclchk.c.

4725 {
4726  Relation relation;
4727  ScanKeyData key[3];
4728  SysScanDesc scan;
4729  HeapTuple tuple;
4730  HeapTuple oldtuple;
4731  int noldmembers;
4732  int nnewmembers;
4733  Oid *oldmembers;
4734  Oid *newmembers;
4735 
4736  /* We'll need the role membership of the new ACL. */
4737  nnewmembers = aclmembers(new_acl, &newmembers);
4738 
4739  /* Search pg_init_privs for an existing entry. */
4740  relation = table_open(InitPrivsRelationId, RowExclusiveLock);
4741 
4742  ScanKeyInit(&key[0],
4743  Anum_pg_init_privs_objoid,
4744  BTEqualStrategyNumber, F_OIDEQ,
4745  ObjectIdGetDatum(objoid));
4746  ScanKeyInit(&key[1],
4747  Anum_pg_init_privs_classoid,
4748  BTEqualStrategyNumber, F_OIDEQ,
4749  ObjectIdGetDatum(classoid));
4750  ScanKeyInit(&key[2],
4751  Anum_pg_init_privs_objsubid,
4752  BTEqualStrategyNumber, F_INT4EQ,
4753  Int32GetDatum(objsubid));
4754 
4755  scan = systable_beginscan(relation, InitPrivsObjIndexId, true,
4756  NULL, 3, key);
4757 
4758  /* There should exist only one entry or none. */
4759  oldtuple = systable_getnext(scan);
4760 
4761  /* If we find an entry, update it with the latest ACL. */
4762  if (HeapTupleIsValid(oldtuple))
4763  {
4764  Datum values[Natts_pg_init_privs] = {0};
4765  bool nulls[Natts_pg_init_privs] = {0};
4766  bool replace[Natts_pg_init_privs] = {0};
4767  Datum oldAclDatum;
4768  bool isNull;
4769  Acl *old_acl;
4770 
4771  /* Update pg_shdepend for roles mentioned in the old/new ACLs. */
4772  oldAclDatum = heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4773  RelationGetDescr(relation), &isNull);
4774  if (!isNull)
4775  old_acl = DatumGetAclP(oldAclDatum);
4776  else
4777  old_acl = NULL; /* this case shouldn't happen, probably */
4778  noldmembers = aclmembers(old_acl, &oldmembers);
4779 
4780  updateInitAclDependencies(classoid, objoid, objsubid,
4781  ownerId,
4782  noldmembers, oldmembers,
4783  nnewmembers, newmembers);
4784 
4785  /* If we have a new ACL to set, then update the row with it. */
4786  if (new_acl)
4787  {
4788  values[Anum_pg_init_privs_initprivs - 1] = PointerGetDatum(new_acl);
4789  replace[Anum_pg_init_privs_initprivs - 1] = true;
4790 
4791  oldtuple = heap_modify_tuple(oldtuple, RelationGetDescr(relation),
4792  values, nulls, replace);
4793 
4794  CatalogTupleUpdate(relation, &oldtuple->t_self, oldtuple);
4795  }
4796  else
4797  {
4798  /* new_acl is NULL, so delete the entry we found. */
4799  CatalogTupleDelete(relation, &oldtuple->t_self);
4800  }
4801  }
4802  else
4803  {
4804  Datum values[Natts_pg_init_privs] = {0};
4805  bool nulls[Natts_pg_init_privs] = {0};
4806 
4807  /*
4808  * Only add a new entry if the new ACL is non-NULL.
4809  *
4810  * If we are passed in a NULL ACL and no entry exists, we can just
4811  * fall through and do nothing.
4812  */
4813  if (new_acl)
4814  {
4815  /* No entry found, so add it. */
4816  values[Anum_pg_init_privs_objoid - 1] = ObjectIdGetDatum(objoid);
4817  values[Anum_pg_init_privs_classoid - 1] = ObjectIdGetDatum(classoid);
4818  values[Anum_pg_init_privs_objsubid - 1] = Int32GetDatum(objsubid);
4819 
4820  /* This function only handles initial privileges of extensions */
4821  values[Anum_pg_init_privs_privtype - 1] =
4823 
4824  values[Anum_pg_init_privs_initprivs - 1] = PointerGetDatum(new_acl);
4825 
4826  tuple = heap_form_tuple(RelationGetDescr(relation), values, nulls);
4827 
4828  CatalogTupleInsert(relation, tuple);
4829 
4830  /* Update pg_shdepend, too. */
4831  noldmembers = 0;
4832  oldmembers = NULL;
4833 
4834  updateInitAclDependencies(classoid, objoid, objsubid,
4835  ownerId,
4836  noldmembers, oldmembers,
4837  nnewmembers, newmembers);
4838  }
4839  }
4840 
4841  systable_endscan(scan);
4842 
4843  /* prevent error when processing objects multiple times */
4845 
4846  table_close(relation, RowExclusiveLock);
4847 }
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
Definition: heaptuple.c:1116
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
Definition: indexing.c:233
@ INITPRIVS_EXTENSION
Definition: pg_init_privs.h:80
void updateInitAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
Definition: pg_shdepend.c:506
static Datum Int32GetDatum(int32 X)
Definition: postgres.h:212

References aclmembers(), BTEqualStrategyNumber, CatalogTupleDelete(), CatalogTupleInsert(), CatalogTupleUpdate(), CharGetDatum(), CommandCounterIncrement(), DatumGetAclP, heap_form_tuple(), heap_getattr(), heap_modify_tuple(), HeapTupleIsValid, INITPRIVS_EXTENSION, Int32GetDatum(), sort-test::key, ObjectIdGetDatum(), PointerGetDatum(), RelationGetDescr, RowExclusiveLock, ScanKeyInit(), systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), table_open(), updateInitAclDependencies(), and values.

Referenced by recordExtensionInitPriv(), recordExtObjInitPriv(), and removeExtObjInitPriv().

◆ recordExtObjInitPriv()

void recordExtObjInitPriv ( Oid  objoid,
Oid  classoid 
)

Definition at line 4406 of file aclchk.c.

4407 {
4408  /*
4409  * pg_class / pg_attribute
4410  *
4411  * If this is a relation then we need to see if there are any sub-objects
4412  * (eg: columns) for it and, if so, be sure to call
4413  * recordExtensionInitPrivWorker() for each one.
4414  */
4415  if (classoid == RelationRelationId)
4416  {
4417  Form_pg_class pg_class_tuple;
4418  Datum aclDatum;
4419  bool isNull;
4420  HeapTuple tuple;
4421 
4422  tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(objoid));
4423  if (!HeapTupleIsValid(tuple))
4424  elog(ERROR, "cache lookup failed for relation %u", objoid);
4425  pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
4426 
4427  /*
4428  * Indexes don't have permissions, neither do the pg_class rows for
4429  * composite types. (These cases are unreachable given the
4430  * restrictions in ALTER EXTENSION ADD, but let's check anyway.)
4431  */
4432  if (pg_class_tuple->relkind == RELKIND_INDEX ||
4433  pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4434  pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4435  {
4436  ReleaseSysCache(tuple);
4437  return;
4438  }
4439 
4440  /*
4441  * If this isn't a sequence then it's possibly going to have
4442  * column-level ACLs associated with it.
4443  */
4444  if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4445  {
4446  AttrNumber curr_att;
4447  AttrNumber nattrs = pg_class_tuple->relnatts;
4448 
4449  for (curr_att = 1; curr_att <= nattrs; curr_att++)
4450  {
4451  HeapTuple attTuple;
4452  Datum attaclDatum;
4453 
4454  attTuple = SearchSysCache2(ATTNUM,
4455  ObjectIdGetDatum(objoid),
4456  Int16GetDatum(curr_att));
4457 
4458  if (!HeapTupleIsValid(attTuple))
4459  continue;
4460 
4461  /* ignore dropped columns */
4462  if (((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped)
4463  {
4464  ReleaseSysCache(attTuple);
4465  continue;
4466  }
4467 
4468  attaclDatum = SysCacheGetAttr(ATTNUM, attTuple,
4469  Anum_pg_attribute_attacl,
4470  &isNull);
4471 
4472  /* no need to do anything for a NULL ACL */
4473  if (isNull)
4474  {
4475  ReleaseSysCache(attTuple);
4476  continue;
4477  }
4478 
4479  recordExtensionInitPrivWorker(objoid, classoid, curr_att,
4480  pg_class_tuple->relowner,
4481  DatumGetAclP(attaclDatum));
4482 
4483  ReleaseSysCache(attTuple);
4484  }
4485  }
4486 
4487  aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
4488  &isNull);
4489 
4490  /* Add the record, if any, for the top-level object */
4491  if (!isNull)
4492  recordExtensionInitPrivWorker(objoid, classoid, 0,
4493  pg_class_tuple->relowner,
4494  DatumGetAclP(aclDatum));
4495 
4496  ReleaseSysCache(tuple);
4497  }
4498  else if (classoid == LargeObjectRelationId)
4499  {
4500  /* For large objects, we must consult pg_largeobject_metadata */
4501  Datum aclDatum;
4502  bool isNull;
4503  HeapTuple tuple;
4504  Form_pg_largeobject_metadata form_lo_meta;
4505  ScanKeyData entry[1];
4506  SysScanDesc scan;
4507  Relation relation;
4508 
4509  /*
4510  * Note: this is dead code, given that we don't allow large objects to
4511  * be made extension members. But it seems worth carrying in case
4512  * some future caller of this function has need for it.
4513  */
4514  relation = table_open(LargeObjectMetadataRelationId, RowExclusiveLock);
4515 
4516  /* There's no syscache for pg_largeobject_metadata */
4517  ScanKeyInit(&entry[0],
4518  Anum_pg_largeobject_metadata_oid,
4519  BTEqualStrategyNumber, F_OIDEQ,
4520  ObjectIdGetDatum(objoid));
4521 
4522  scan = systable_beginscan(relation,
4523  LargeObjectMetadataOidIndexId, true,
4524  NULL, 1, entry);
4525 
4526  tuple = systable_getnext(scan);
4527  if (!HeapTupleIsValid(tuple))
4528  elog(ERROR, "could not find tuple for large object %u", objoid);
4529  form_lo_meta = (Form_pg_largeobject_metadata) GETSTRUCT(tuple);
4530 
4531  aclDatum = heap_getattr(tuple,
4532  Anum_pg_largeobject_metadata_lomacl,
4533  RelationGetDescr(relation), &isNull);
4534 
4535  /* Add the record, if any, for the top-level object */
4536  if (!isNull)
4537  recordExtensionInitPrivWorker(objoid, classoid, 0,
4538  form_lo_meta->lomowner,
4539  DatumGetAclP(aclDatum));
4540 
4541  systable_endscan(scan);
4542  }
4543  /* This will error on unsupported classoid. */
4544  else if (get_object_attnum_acl(classoid) != InvalidAttrNumber)
4545  {
4546  int cacheid;
4547  Oid ownerId;
4548  Datum aclDatum;
4549  bool isNull;
4550  HeapTuple tuple;
4551 
4552  cacheid = get_object_catcache_oid(classoid);
4553  tuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objoid));
4554  if (!HeapTupleIsValid(tuple))
4555  elog(ERROR, "cache lookup failed for %s %u",
4556  get_object_class_descr(classoid), objoid);
4557 
4558  ownerId = DatumGetObjectId(SysCacheGetAttrNotNull(cacheid,
4559  tuple,
4560  get_object_attnum_owner(classoid)));
4561  aclDatum = SysCacheGetAttr(cacheid, tuple,
4562  get_object_attnum_acl(classoid),
4563  &isNull);
4564 
4565  /* Add the record, if any, for the top-level object */
4566  if (!isNull)
4567  recordExtensionInitPrivWorker(objoid, classoid, 0,
4568  ownerId, DatumGetAclP(aclDatum));
4569 
4570  ReleaseSysCache(tuple);
4571  }
4572 }

References BTEqualStrategyNumber, DatumGetAclP, DatumGetObjectId(), elog, ERROR, get_object_attnum_acl(), get_object_attnum_owner(), get_object_catcache_oid(), get_object_class_descr(), GETSTRUCT, heap_getattr(), HeapTupleIsValid, Int16GetDatum(), InvalidAttrNumber, ObjectIdGetDatum(), recordExtensionInitPrivWorker(), RelationGetDescr, ReleaseSysCache(), RowExclusiveLock, ScanKeyInit(), SearchSysCache1(), SearchSysCache2(), SysCacheGetAttr(), SysCacheGetAttrNotNull(), systable_beginscan(), systable_endscan(), systable_getnext(), and table_open().

Referenced by ExecAlterExtensionContentsRecurse().

◆ removeExtObjInitPriv()

void removeExtObjInitPriv ( Oid  objoid,
Oid  classoid 
)

Definition at line 4579 of file aclchk.c.

4580 {
4581  Oid ownerId;
4582 
4583  /*
4584  * If this is a relation then we need to see if there are any sub-objects
4585  * (eg: columns) for it and, if so, be sure to call
4586  * recordExtensionInitPrivWorker() for each one.
4587  */
4588  if (classoid == RelationRelationId)
4589  {
4590  Form_pg_class pg_class_tuple;
4591  HeapTuple tuple;
4592 
4593  tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(objoid));
4594  if (!HeapTupleIsValid(tuple))
4595  elog(ERROR, "cache lookup failed for relation %u", objoid);
4596  pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
4597  ownerId = pg_class_tuple->relowner;
4598 
4599  /*
4600  * Indexes don't have permissions, neither do the pg_class rows for
4601  * composite types. (These cases are unreachable given the
4602  * restrictions in ALTER EXTENSION DROP, but let's check anyway.)
4603  */
4604  if (pg_class_tuple->relkind == RELKIND_INDEX ||
4605  pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4606  pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4607  {
4608  ReleaseSysCache(tuple);
4609  return;
4610  }
4611 
4612  /*
4613  * If this isn't a sequence then it's possibly going to have
4614  * column-level ACLs associated with it.
4615  */
4616  if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4617  {
4618  AttrNumber curr_att;
4619  AttrNumber nattrs = pg_class_tuple->relnatts;
4620 
4621  for (curr_att = 1; curr_att <= nattrs; curr_att++)
4622  {
4623  HeapTuple attTuple;
4624 
4625  attTuple = SearchSysCache2(ATTNUM,
4626  ObjectIdGetDatum(objoid),
4627  Int16GetDatum(curr_att));
4628 
4629  if (!HeapTupleIsValid(attTuple))
4630  continue;
4631 
4632  /* when removing, remove all entries, even dropped columns */
4633 
4634  recordExtensionInitPrivWorker(objoid, classoid, curr_att,
4635  ownerId, NULL);
4636 
4637  ReleaseSysCache(attTuple);
4638  }
4639  }
4640 
4641  ReleaseSysCache(tuple);
4642  }
4643  else
4644  {
4645  /* Must find out the owner's OID the hard way */
4646  AttrNumber ownerattnum;
4647  int cacheid;
4648  HeapTuple tuple;
4649 
4650  /*
4651  * If the object is of a kind that has no owner, it should not have
4652  * any pg_init_privs entry either.
4653  */
4654  ownerattnum = get_object_attnum_owner(classoid);
4655  if (ownerattnum == InvalidAttrNumber)
4656  return;
4657  cacheid = get_object_catcache_oid(classoid);
4658  tuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objoid));
4659  if (!HeapTupleIsValid(tuple))
4660  elog(ERROR, "cache lookup failed for %s %u",
4661  get_object_class_descr(classoid), objoid);
4662 
4663  ownerId = DatumGetObjectId(SysCacheGetAttrNotNull(cacheid,
4664  tuple,
4665  ownerattnum));
4666 
4667  ReleaseSysCache(tuple);
4668  }
4669 
4670  /* Remove the record, if any, for the top-level object */
4671  recordExtensionInitPrivWorker(objoid, classoid, 0, ownerId, NULL);
4672 }

References DatumGetObjectId(), elog, ERROR, get_object_attnum_owner(), get_object_catcache_oid(), get_object_class_descr(), GETSTRUCT, HeapTupleIsValid, Int16GetDatum(), InvalidAttrNumber, ObjectIdGetDatum(), recordExtensionInitPrivWorker(), ReleaseSysCache(), SearchSysCache1(), SearchSysCache2(), and SysCacheGetAttrNotNull().

Referenced by ExecAlterExtensionContentsRecurse().

◆ RemoveRoleFromInitPriv()

void RemoveRoleFromInitPriv ( Oid  roleid,
Oid  classid,
Oid  objid,
int32  objsubid 
)

Definition at line 4855 of file aclchk.c.

4856 {
4857  Relation rel;
4858  ScanKeyData key[3];
4859  SysScanDesc scan;
4860  HeapTuple oldtuple;
4861  int cacheid;
4862  HeapTuple objtuple;
4863  Oid ownerId;
4864  Datum oldAclDatum;
4865  bool isNull;
4866  Acl *old_acl;
4867  Acl *new_acl;
4868  HeapTuple newtuple;
4869  int noldmembers;
4870  int nnewmembers;
4871  Oid *oldmembers;
4872  Oid *newmembers;
4873 
4874  /* Search for existing pg_init_privs entry for the target object. */
4875  rel = table_open(InitPrivsRelationId, RowExclusiveLock);
4876 
4877  ScanKeyInit(&key[0],
4878  Anum_pg_init_privs_objoid,
4879  BTEqualStrategyNumber, F_OIDEQ,
4880  ObjectIdGetDatum(objid));
4881  ScanKeyInit(&key[1],
4882  Anum_pg_init_privs_classoid,
4883  BTEqualStrategyNumber, F_OIDEQ,
4884  ObjectIdGetDatum(classid));
4885  ScanKeyInit(&key[2],
4886  Anum_pg_init_privs_objsubid,
4887  BTEqualStrategyNumber, F_INT4EQ,
4888  Int32GetDatum(objsubid));
4889 
4890  scan = systable_beginscan(rel, InitPrivsObjIndexId, true,
4891  NULL, 3, key);
4892 
4893  /* There should exist only one entry or none. */
4894  oldtuple = systable_getnext(scan);
4895 
4896  if (!HeapTupleIsValid(oldtuple))
4897  {
4898  /*
4899  * Hmm, why are we here if there's no entry? But pack up and go away
4900  * quietly.
4901  */
4902  systable_endscan(scan);
4904  return;
4905  }
4906 
4907  /* Get a writable copy of the existing ACL. */
4908  oldAclDatum = heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4909  RelationGetDescr(rel), &isNull);
4910  if (!isNull)