PostgreSQL Source Code  git master
aclchk.c File Reference
#include "postgres.h"
#include "access/genam.h"
#include "access/heapam.h"
#include "access/htup_details.h"
#include "access/sysattr.h"
#include "access/tableam.h"
#include "access/xact.h"
#include "catalog/binary_upgrade.h"
#include "catalog/catalog.h"
#include "catalog/dependency.h"
#include "catalog/indexing.h"
#include "catalog/objectaccess.h"
#include "catalog/pg_aggregate.h"
#include "catalog/pg_am.h"
#include "catalog/pg_authid.h"
#include "catalog/pg_cast.h"
#include "catalog/pg_class.h"
#include "catalog/pg_collation.h"
#include "catalog/pg_conversion.h"
#include "catalog/pg_database.h"
#include "catalog/pg_default_acl.h"
#include "catalog/pg_event_trigger.h"
#include "catalog/pg_extension.h"
#include "catalog/pg_foreign_data_wrapper.h"
#include "catalog/pg_foreign_server.h"
#include "catalog/pg_init_privs.h"
#include "catalog/pg_language.h"
#include "catalog/pg_largeobject.h"
#include "catalog/pg_largeobject_metadata.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_opclass.h"
#include "catalog/pg_operator.h"
#include "catalog/pg_opfamily.h"
#include "catalog/pg_parameter_acl.h"
#include "catalog/pg_proc.h"
#include "catalog/pg_statistic_ext.h"
#include "catalog/pg_subscription.h"
#include "catalog/pg_tablespace.h"
#include "catalog/pg_transform.h"
#include "catalog/pg_ts_config.h"
#include "catalog/pg_ts_dict.h"
#include "catalog/pg_ts_parser.h"
#include "catalog/pg_ts_template.h"
#include "catalog/pg_type.h"
#include "commands/dbcommands.h"
#include "commands/defrem.h"
#include "commands/event_trigger.h"
#include "commands/extension.h"
#include "commands/proclang.h"
#include "commands/tablespace.h"
#include "foreign/foreign.h"
#include "miscadmin.h"
#include "nodes/makefuncs.h"
#include "parser/parse_func.h"
#include "parser/parse_type.h"
#include "utils/acl.h"
#include "utils/aclchk_internal.h"
#include "utils/builtins.h"
#include "utils/fmgroids.h"
#include "utils/guc.h"
#include "utils/lsyscache.h"
#include "utils/rel.h"
#include "utils/syscache.h"
Include dependency graph for aclchk.c:

Go to the source code of this file.

Data Structures

struct  InternalDefaultACL
 

Functions

static void ExecGrantStmt_oids (InternalGrant *istmt)
 
static void ExecGrant_Relation (InternalGrant *istmt)
 
static void ExecGrant_Database (InternalGrant *istmt)
 
static void ExecGrant_Fdw (InternalGrant *istmt)
 
static void ExecGrant_ForeignServer (InternalGrant *istmt)
 
static void ExecGrant_Function (InternalGrant *istmt)
 
static void ExecGrant_Language (InternalGrant *istmt)
 
static void ExecGrant_Largeobject (InternalGrant *istmt)
 
static void ExecGrant_Namespace (InternalGrant *istmt)
 
static void ExecGrant_Tablespace (InternalGrant *istmt)
 
static void ExecGrant_Type (InternalGrant *istmt)
 
static void ExecGrant_Parameter (InternalGrant *istmt)
 
static void SetDefaultACLsInSchemas (InternalDefaultACL *iacls, List *nspnames)
 
static void SetDefaultACL (InternalDefaultACL *iacls)
 
static ListobjectNamesToOids (ObjectType objtype, List *objnames, bool is_grant)
 
static ListobjectsInSchemaToOids (ObjectType objtype, List *nspnames)
 
static ListgetRelationsInNamespace (Oid namespaceId, char relkind)
 
static void expand_col_privileges (List *colnames, Oid table_oid, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
 
static void expand_all_col_privileges (Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
 
static AclMode string_to_privilege (const char *privname)
 
static const char * privilege_to_string (AclMode privilege)
 
static AclMode restrict_and_check_grant (bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
 
static AclMode pg_aclmask (ObjectType objtype, Oid object_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode object_aclmask (Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode pg_attribute_aclmask (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode pg_attribute_aclmask_ext (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
 
static AclMode pg_class_aclmask_ext (Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
 
static AclMode pg_parameter_acl_aclmask (Oid acl_oid, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode pg_largeobject_aclmask_snapshot (Oid lobj_oid, Oid roleid, AclMode mask, AclMaskHow how, Snapshot snapshot)
 
static AclMode pg_namespace_aclmask (Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode pg_type_aclmask (Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how)
 
static void recordExtensionInitPriv (Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
 
static void recordExtensionInitPrivWorker (Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
 
static Aclmerge_acl_with_grant (Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
 
void ExecuteGrantStmt (GrantStmt *stmt)
 
void ExecAlterDefaultPrivilegesStmt (ParseState *pstate, AlterDefaultPrivilegesStmt *stmt)
 
void RemoveRoleFromObjectACL (Oid roleid, Oid classid, Oid objid)
 
static void ExecGrant_Attribute (InternalGrant *istmt, Oid relOid, const char *relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)
 
void aclcheck_error (AclResult aclerr, ObjectType objtype, const char *objectname)
 
void aclcheck_error_col (AclResult aclerr, ObjectType objtype, const char *objectname, const char *colname)
 
void aclcheck_error_type (AclResult aclerr, Oid typeOid)
 
AclMode pg_class_aclmask (Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode pg_parameter_aclmask (const char *name, Oid roleid, AclMode mask, AclMaskHow how)
 
AclResult object_aclcheck (Oid classid, Oid objectid, Oid roleid, AclMode mode)
 
AclResult pg_attribute_aclcheck (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode)
 
AclResult pg_attribute_aclcheck_ext (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
 
AclResult pg_attribute_aclcheck_all (Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
 
AclResult pg_class_aclcheck (Oid table_oid, Oid roleid, AclMode mode)
 
AclResult pg_class_aclcheck_ext (Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)
 
AclResult pg_parameter_aclcheck (const char *name, Oid roleid, AclMode mode)
 
AclResult pg_largeobject_aclcheck_snapshot (Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)
 
bool object_ownercheck (Oid classid, Oid objectid, Oid roleid)
 
bool has_createrole_privilege (Oid roleid)
 
bool has_bypassrls_privilege (Oid roleid)
 
static Aclget_default_acl_internal (Oid roleId, Oid nsp_oid, char objtype)
 
Aclget_user_default_acl (ObjectType objtype, Oid ownerId, Oid nsp_oid)
 
void recordDependencyOnNewAcl (Oid classId, Oid objectId, int32 objsubId, Oid ownerId, Acl *acl)
 
void recordExtObjInitPriv (Oid objoid, Oid classoid)
 
void removeExtObjInitPriv (Oid objoid, Oid classoid)
 

Variables

bool binary_upgrade_record_init_privs = false
 

Function Documentation

◆ aclcheck_error()

void aclcheck_error ( AclResult  aclerr,
ObjectType  objtype,
const char *  objectname 
)

Definition at line 3477 of file aclchk.c.

3479 {
3480  switch (aclerr)
3481  {
3482  case ACLCHECK_OK:
3483  /* no error, so return to caller */
3484  break;
3485  case ACLCHECK_NO_PRIV:
3486  {
3487  const char *msg = "???";
3488 
3489  switch (objtype)
3490  {
3491  case OBJECT_AGGREGATE:
3492  msg = gettext_noop("permission denied for aggregate %s");
3493  break;
3494  case OBJECT_COLLATION:
3495  msg = gettext_noop("permission denied for collation %s");
3496  break;
3497  case OBJECT_COLUMN:
3498  msg = gettext_noop("permission denied for column %s");
3499  break;
3500  case OBJECT_CONVERSION:
3501  msg = gettext_noop("permission denied for conversion %s");
3502  break;
3503  case OBJECT_DATABASE:
3504  msg = gettext_noop("permission denied for database %s");
3505  break;
3506  case OBJECT_DOMAIN:
3507  msg = gettext_noop("permission denied for domain %s");
3508  break;
3509  case OBJECT_EVENT_TRIGGER:
3510  msg = gettext_noop("permission denied for event trigger %s");
3511  break;
3512  case OBJECT_EXTENSION:
3513  msg = gettext_noop("permission denied for extension %s");
3514  break;
3515  case OBJECT_FDW:
3516  msg = gettext_noop("permission denied for foreign-data wrapper %s");
3517  break;
3518  case OBJECT_FOREIGN_SERVER:
3519  msg = gettext_noop("permission denied for foreign server %s");
3520  break;
3521  case OBJECT_FOREIGN_TABLE:
3522  msg = gettext_noop("permission denied for foreign table %s");
3523  break;
3524  case OBJECT_FUNCTION:
3525  msg = gettext_noop("permission denied for function %s");
3526  break;
3527  case OBJECT_INDEX:
3528  msg = gettext_noop("permission denied for index %s");
3529  break;
3530  case OBJECT_LANGUAGE:
3531  msg = gettext_noop("permission denied for language %s");
3532  break;
3533  case OBJECT_LARGEOBJECT:
3534  msg = gettext_noop("permission denied for large object %s");
3535  break;
3536  case OBJECT_MATVIEW:
3537  msg = gettext_noop("permission denied for materialized view %s");
3538  break;
3539  case OBJECT_OPCLASS:
3540  msg = gettext_noop("permission denied for operator class %s");
3541  break;
3542  case OBJECT_OPERATOR:
3543  msg = gettext_noop("permission denied for operator %s");
3544  break;
3545  case OBJECT_OPFAMILY:
3546  msg = gettext_noop("permission denied for operator family %s");
3547  break;
3548  case OBJECT_PARAMETER_ACL:
3549  msg = gettext_noop("permission denied for parameter %s");
3550  break;
3551  case OBJECT_POLICY:
3552  msg = gettext_noop("permission denied for policy %s");
3553  break;
3554  case OBJECT_PROCEDURE:
3555  msg = gettext_noop("permission denied for procedure %s");
3556  break;
3557  case OBJECT_PUBLICATION:
3558  msg = gettext_noop("permission denied for publication %s");
3559  break;
3560  case OBJECT_ROUTINE:
3561  msg = gettext_noop("permission denied for routine %s");
3562  break;
3563  case OBJECT_SCHEMA:
3564  msg = gettext_noop("permission denied for schema %s");
3565  break;
3566  case OBJECT_SEQUENCE:
3567  msg = gettext_noop("permission denied for sequence %s");
3568  break;
3569  case OBJECT_STATISTIC_EXT:
3570  msg = gettext_noop("permission denied for statistics object %s");
3571  break;
3572  case OBJECT_SUBSCRIPTION:
3573  msg = gettext_noop("permission denied for subscription %s");
3574  break;
3575  case OBJECT_TABLE:
3576  msg = gettext_noop("permission denied for table %s");
3577  break;
3578  case OBJECT_TABLESPACE:
3579  msg = gettext_noop("permission denied for tablespace %s");
3580  break;
3582  msg = gettext_noop("permission denied for text search configuration %s");
3583  break;
3584  case OBJECT_TSDICTIONARY:
3585  msg = gettext_noop("permission denied for text search dictionary %s");
3586  break;
3587  case OBJECT_TYPE:
3588  msg = gettext_noop("permission denied for type %s");
3589  break;
3590  case OBJECT_VIEW:
3591  msg = gettext_noop("permission denied for view %s");
3592  break;
3593  /* these currently aren't used */
3594  case OBJECT_ACCESS_METHOD:
3595  case OBJECT_AMOP:
3596  case OBJECT_AMPROC:
3597  case OBJECT_ATTRIBUTE:
3598  case OBJECT_CAST:
3599  case OBJECT_DEFAULT:
3600  case OBJECT_DEFACL:
3601  case OBJECT_DOMCONSTRAINT:
3604  case OBJECT_ROLE:
3605  case OBJECT_RULE:
3606  case OBJECT_TABCONSTRAINT:
3607  case OBJECT_TRANSFORM:
3608  case OBJECT_TRIGGER:
3609  case OBJECT_TSPARSER:
3610  case OBJECT_TSTEMPLATE:
3611  case OBJECT_USER_MAPPING:
3612  elog(ERROR, "unsupported object type: %d", objtype);
3613  }
3614 
3615  ereport(ERROR,
3616  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
3617  errmsg(msg, objectname)));
3618  break;
3619  }
3620  case ACLCHECK_NOT_OWNER:
3621  {
3622  const char *msg = "???";
3623 
3624  switch (objtype)
3625  {
3626  case OBJECT_AGGREGATE:
3627  msg = gettext_noop("must be owner of aggregate %s");
3628  break;
3629  case OBJECT_COLLATION:
3630  msg = gettext_noop("must be owner of collation %s");
3631  break;
3632  case OBJECT_CONVERSION:
3633  msg = gettext_noop("must be owner of conversion %s");
3634  break;
3635  case OBJECT_DATABASE:
3636  msg = gettext_noop("must be owner of database %s");
3637  break;
3638  case OBJECT_DOMAIN:
3639  msg = gettext_noop("must be owner of domain %s");
3640  break;
3641  case OBJECT_EVENT_TRIGGER:
3642  msg = gettext_noop("must be owner of event trigger %s");
3643  break;
3644  case OBJECT_EXTENSION:
3645  msg = gettext_noop("must be owner of extension %s");
3646  break;
3647  case OBJECT_FDW:
3648  msg = gettext_noop("must be owner of foreign-data wrapper %s");
3649  break;
3650  case OBJECT_FOREIGN_SERVER:
3651  msg = gettext_noop("must be owner of foreign server %s");
3652  break;
3653  case OBJECT_FOREIGN_TABLE:
3654  msg = gettext_noop("must be owner of foreign table %s");
3655  break;
3656  case OBJECT_FUNCTION:
3657  msg = gettext_noop("must be owner of function %s");
3658  break;
3659  case OBJECT_INDEX:
3660  msg = gettext_noop("must be owner of index %s");
3661  break;
3662  case OBJECT_LANGUAGE:
3663  msg = gettext_noop("must be owner of language %s");
3664  break;
3665  case OBJECT_LARGEOBJECT:
3666  msg = gettext_noop("must be owner of large object %s");
3667  break;
3668  case OBJECT_MATVIEW:
3669  msg = gettext_noop("must be owner of materialized view %s");
3670  break;
3671  case OBJECT_OPCLASS:
3672  msg = gettext_noop("must be owner of operator class %s");
3673  break;
3674  case OBJECT_OPERATOR:
3675  msg = gettext_noop("must be owner of operator %s");
3676  break;
3677  case OBJECT_OPFAMILY:
3678  msg = gettext_noop("must be owner of operator family %s");
3679  break;
3680  case OBJECT_PROCEDURE:
3681  msg = gettext_noop("must be owner of procedure %s");
3682  break;
3683  case OBJECT_PUBLICATION:
3684  msg = gettext_noop("must be owner of publication %s");
3685  break;
3686  case OBJECT_ROUTINE:
3687  msg = gettext_noop("must be owner of routine %s");
3688  break;
3689  case OBJECT_SEQUENCE:
3690  msg = gettext_noop("must be owner of sequence %s");
3691  break;
3692  case OBJECT_SUBSCRIPTION:
3693  msg = gettext_noop("must be owner of subscription %s");
3694  break;
3695  case OBJECT_TABLE:
3696  msg = gettext_noop("must be owner of table %s");
3697  break;
3698  case OBJECT_TYPE:
3699  msg = gettext_noop("must be owner of type %s");
3700  break;
3701  case OBJECT_VIEW:
3702  msg = gettext_noop("must be owner of view %s");
3703  break;
3704  case OBJECT_SCHEMA:
3705  msg = gettext_noop("must be owner of schema %s");
3706  break;
3707  case OBJECT_STATISTIC_EXT:
3708  msg = gettext_noop("must be owner of statistics object %s");
3709  break;
3710  case OBJECT_TABLESPACE:
3711  msg = gettext_noop("must be owner of tablespace %s");
3712  break;
3714  msg = gettext_noop("must be owner of text search configuration %s");
3715  break;
3716  case OBJECT_TSDICTIONARY:
3717  msg = gettext_noop("must be owner of text search dictionary %s");
3718  break;
3719 
3720  /*
3721  * Special cases: For these, the error message talks
3722  * about "relation", because that's where the
3723  * ownership is attached. See also
3724  * check_object_ownership().
3725  */
3726  case OBJECT_COLUMN:
3727  case OBJECT_POLICY:
3728  case OBJECT_RULE:
3729  case OBJECT_TABCONSTRAINT:
3730  case OBJECT_TRIGGER:
3731  msg = gettext_noop("must be owner of relation %s");
3732  break;
3733  /* these currently aren't used */
3734  case OBJECT_ACCESS_METHOD:
3735  case OBJECT_AMOP:
3736  case OBJECT_AMPROC:
3737  case OBJECT_ATTRIBUTE:
3738  case OBJECT_CAST:
3739  case OBJECT_DEFAULT:
3740  case OBJECT_DEFACL:
3741  case OBJECT_DOMCONSTRAINT:
3742  case OBJECT_PARAMETER_ACL:
3745  case OBJECT_ROLE:
3746  case OBJECT_TRANSFORM:
3747  case OBJECT_TSPARSER:
3748  case OBJECT_TSTEMPLATE:
3749  case OBJECT_USER_MAPPING:
3750  elog(ERROR, "unsupported object type: %d", objtype);
3751  }
3752 
3753  ereport(ERROR,
3754  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
3755  errmsg(msg, objectname)));
3756  break;
3757  }
3758  default:
3759  elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
3760  break;
3761  }
3762 }
@ ACLCHECK_NO_PRIV
Definition: acl.h:183
@ ACLCHECK_OK
Definition: acl.h:182
@ ACLCHECK_NOT_OWNER
Definition: acl.h:184
#define gettext_noop(x)
Definition: c.h:1135
int errcode(int sqlerrcode)
Definition: elog.c:695
int errmsg(const char *fmt,...)
Definition: elog.c:906
#define ERROR
Definition: elog.h:35
#define ereport(elevel,...)
Definition: elog.h:145
@ OBJECT_EVENT_TRIGGER
Definition: parsenodes.h:1874
@ OBJECT_FDW
Definition: parsenodes.h:1876
@ OBJECT_TSPARSER
Definition: parsenodes.h:1907
@ OBJECT_COLLATION
Definition: parsenodes.h:1867
@ OBJECT_USER_MAPPING
Definition: parsenodes.h:1910
@ OBJECT_ACCESS_METHOD
Definition: parsenodes.h:1860
@ OBJECT_OPCLASS
Definition: parsenodes.h:1884
@ OBJECT_DEFACL
Definition: parsenodes.h:1871
@ OBJECT_AGGREGATE
Definition: parsenodes.h:1861
@ OBJECT_MATVIEW
Definition: parsenodes.h:1883
@ OBJECT_SCHEMA
Definition: parsenodes.h:1896
@ OBJECT_POLICY
Definition: parsenodes.h:1888
@ OBJECT_OPERATOR
Definition: parsenodes.h:1885
@ OBJECT_FOREIGN_TABLE
Definition: parsenodes.h:1878
@ OBJECT_TSCONFIGURATION
Definition: parsenodes.h:1905
@ OBJECT_OPFAMILY
Definition: parsenodes.h:1886
@ OBJECT_DOMAIN
Definition: parsenodes.h:1872
@ OBJECT_COLUMN
Definition: parsenodes.h:1866
@ OBJECT_TABLESPACE
Definition: parsenodes.h:1902
@ OBJECT_ROLE
Definition: parsenodes.h:1893
@ OBJECT_ROUTINE
Definition: parsenodes.h:1894
@ OBJECT_LARGEOBJECT
Definition: parsenodes.h:1882
@ OBJECT_PUBLICATION_NAMESPACE
Definition: parsenodes.h:1891
@ OBJECT_PROCEDURE
Definition: parsenodes.h:1889
@ OBJECT_EXTENSION
Definition: parsenodes.h:1875
@ OBJECT_INDEX
Definition: parsenodes.h:1880
@ OBJECT_DEFAULT
Definition: parsenodes.h:1870
@ OBJECT_DATABASE
Definition: parsenodes.h:1869
@ OBJECT_SEQUENCE
Definition: parsenodes.h:1897
@ OBJECT_TSTEMPLATE
Definition: parsenodes.h:1908
@ OBJECT_LANGUAGE
Definition: parsenodes.h:1881
@ OBJECT_AMOP
Definition: parsenodes.h:1862
@ OBJECT_PUBLICATION_REL
Definition: parsenodes.h:1892
@ OBJECT_FOREIGN_SERVER
Definition: parsenodes.h:1877
@ OBJECT_TSDICTIONARY
Definition: parsenodes.h:1906
@ OBJECT_ATTRIBUTE
Definition: parsenodes.h:1864
@ OBJECT_PUBLICATION
Definition: parsenodes.h:1890
@ OBJECT_RULE
Definition: parsenodes.h:1895
@ OBJECT_CONVERSION
Definition: parsenodes.h:1868
@ OBJECT_AMPROC
Definition: parsenodes.h:1863
@ OBJECT_TABLE
Definition: parsenodes.h:1901
@ OBJECT_VIEW
Definition: parsenodes.h:1911
@ OBJECT_PARAMETER_ACL
Definition: parsenodes.h:1887
@ OBJECT_TYPE
Definition: parsenodes.h:1909
@ OBJECT_FUNCTION
Definition: parsenodes.h:1879
@ OBJECT_TABCONSTRAINT
Definition: parsenodes.h:1900
@ OBJECT_DOMCONSTRAINT
Definition: parsenodes.h:1873
@ OBJECT_SUBSCRIPTION
Definition: parsenodes.h:1898
@ OBJECT_STATISTIC_EXT
Definition: parsenodes.h:1899
@ OBJECT_CAST
Definition: parsenodes.h:1865
@ OBJECT_TRIGGER
Definition: parsenodes.h:1904
@ OBJECT_TRANSFORM
Definition: parsenodes.h:1903

References ACLCHECK_NO_PRIV, ACLCHECK_NOT_OWNER, ACLCHECK_OK, elog(), ereport, errcode(), errmsg(), ERROR, gettext_noop, OBJECT_ACCESS_METHOD, OBJECT_AGGREGATE, OBJECT_AMOP, OBJECT_AMPROC, OBJECT_ATTRIBUTE, OBJECT_CAST, OBJECT_COLLATION, OBJECT_COLUMN, OBJECT_CONVERSION, OBJECT_DATABASE, OBJECT_DEFACL, OBJECT_DEFAULT, OBJECT_DOMAIN, OBJECT_DOMCONSTRAINT, OBJECT_EVENT_TRIGGER, OBJECT_EXTENSION, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FOREIGN_TABLE, OBJECT_FUNCTION, OBJECT_INDEX, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_MATVIEW, OBJECT_OPCLASS, OBJECT_OPERATOR, OBJECT_OPFAMILY, OBJECT_PARAMETER_ACL, OBJECT_POLICY, OBJECT_PROCEDURE, OBJECT_PUBLICATION, OBJECT_PUBLICATION_NAMESPACE, OBJECT_PUBLICATION_REL, OBJECT_ROLE, OBJECT_ROUTINE, OBJECT_RULE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_STATISTIC_EXT, OBJECT_SUBSCRIPTION, OBJECT_TABCONSTRAINT, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TRANSFORM, OBJECT_TRIGGER, OBJECT_TSCONFIGURATION, OBJECT_TSDICTIONARY, OBJECT_TSPARSER, OBJECT_TSTEMPLATE, OBJECT_TYPE, OBJECT_USER_MAPPING, and OBJECT_VIEW.

Referenced by aclcheck_error_col(), aclcheck_error_type(), AlterCollation(), AlterDatabase(), AlterDatabaseOwner(), AlterDatabaseRefreshColl(), AlterDatabaseSet(), AlterEventTrigger(), AlterEventTriggerOwner_internal(), AlterExtensionNamespace(), AlterForeignServer(), AlterForeignServerOwner_internal(), AlterFunction(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), AlterOperator(), AlterOpFamilyAdd(), AlterPublication(), AlterPublicationOwner_internal(), AlterRoleSet(), AlterSchemaOwner_internal(), AlterStatistics(), AlterSubscription(), AlterSubscriptionOwner_internal(), AlterTableMoveAll(), AlterTableSpaceOptions(), AlterTSConfiguration(), AlterTSDictionary(), AlterTypeOwner(), ATExecChangeOwner(), ATPrepSetTableSpace(), ATSimplePermissions(), brin_desummarize_range(), brin_summarize_range(), calculate_database_size(), calculate_tablespace_size(), call_pltcl_start_proc(), check_object_ownership(), check_temp_tablespaces(), checkFkeyPermissions(), CheckFunctionValidatorAccess(), compute_return_type(), CreateConversionCommand(), createdb(), CreateForeignServer(), CreateForeignTable(), CreateFunction(), CreateProceduralLanguage(), CreatePublication(), CreateSchemaCommand(), CreateStatistics(), CreateTransform(), CreateTriggerFiringOn(), currtid_internal(), DefineAggregate(), DefineCollation(), DefineDomain(), DefineEnum(), DefineIndex(), DefineOpClass(), DefineOperator(), DefineOpFamily(), DefineQueryRewrite(), DefineRange(), DefineRelation(), DefineTSConfiguration(), DefineTSDictionary(), DefineType(), dropdb(), DropSubscription(), DropTableSpace(), EnableDisableRule(), ExecAlterExtensionContentsStmt(), ExecAlterExtensionStmt(), ExecBuildGroupingEqual(), ExecBuildParamSetEqual(), ExecCheckRTPerms(), ExecInitAgg(), ExecInitExprRec(), ExecInitFunc(), ExecInitWindowAgg(), ExecReindex(), ExecuteCallStmt(), ExecuteDoStmt(), ExecuteTruncateGuts(), findRangeCanonicalFunction(), findRangeSubtypeDiffFunction(), get_connect_string(), get_other_operator(), get_rel_from_relname(), gin_clean_pending_list(), HandleFunctionRequest(), heap_force_common(), ImportForeignSchema(), init_sexpr(), initialize_peragg(), LockViewRecurse_walker(), LogicalRepSyncTableStart(), lookup_agg_function(), LookupCreationNamespace(), LookupExplicitNamespace(), MergeAttributes(), movedb(), OperatorCreate(), pg_prewarm(), pgrowlocks(), ProcedureCreate(), PublicationAddTables(), RangeVarCallbackForAlterRelation(), RangeVarCallbackForDropRelation(), RangeVarCallbackForLockTable(), RangeVarCallbackForPolicy(), RangeVarCallbackForReindexIndex(), RangeVarCallbackForRenameRule(), RangeVarCallbackForRenameTrigger(), RangeVarCallbackOwnsRelation(), RangeVarCallbackOwnsTable(), RangeVarGetAndCheckCreationNamespace(), ReindexMultipleInternal(), ReindexMultipleTables(), renameatt_check(), RenameDatabase(), RenameSchema(), RenameTableSpace(), restrict_and_check_grant(), TargetPrivilegesCheck(), transformTableLikeClause(), truncate_check_perms(), TypeCreate(), user_mapping_ddl_aclcheck(), ValidateJoinEstimator(), and ValidateRestrictionEstimator().

◆ aclcheck_error_col()

void aclcheck_error_col ( AclResult  aclerr,
ObjectType  objtype,
const char *  objectname,
const char *  colname 
)

Definition at line 3766 of file aclchk.c.

3768 {
3769  switch (aclerr)
3770  {
3771  case ACLCHECK_OK:
3772  /* no error, so return to caller */
3773  break;
3774  case ACLCHECK_NO_PRIV:
3775  ereport(ERROR,
3776  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
3777  errmsg("permission denied for column \"%s\" of relation \"%s\"",
3778  colname, objectname)));
3779  break;
3780  case ACLCHECK_NOT_OWNER:
3781  /* relation msg is OK since columns don't have separate owners */
3782  aclcheck_error(aclerr, objtype, objectname);
3783  break;
3784  default:
3785  elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
3786  break;
3787  }
3788 }
void aclcheck_error(AclResult aclerr, ObjectType objtype, const char *objectname)
Definition: aclchk.c:3477

References aclcheck_error(), ACLCHECK_NO_PRIV, ACLCHECK_NOT_OWNER, ACLCHECK_OK, elog(), ereport, errcode(), errmsg(), and ERROR.

Referenced by restrict_and_check_grant().

◆ aclcheck_error_type()

void aclcheck_error_type ( AclResult  aclerr,
Oid  typeOid 
)

◆ ExecAlterDefaultPrivilegesStmt()

void ExecAlterDefaultPrivilegesStmt ( ParseState pstate,
AlterDefaultPrivilegesStmt stmt 
)

Definition at line 970 of file aclchk.c.

971 {
972  GrantStmt *action = stmt->action;
973  InternalDefaultACL iacls;
974  ListCell *cell;
975  List *rolespecs = NIL;
976  List *nspnames = NIL;
977  DefElem *drolespecs = NULL;
978  DefElem *dnspnames = NULL;
979  AclMode all_privileges;
980  const char *errormsg;
981 
982  /* Deconstruct the "options" part of the statement */
983  foreach(cell, stmt->options)
984  {
985  DefElem *defel = (DefElem *) lfirst(cell);
986 
987  if (strcmp(defel->defname, "schemas") == 0)
988  {
989  if (dnspnames)
990  errorConflictingDefElem(defel, pstate);
991  dnspnames = defel;
992  }
993  else if (strcmp(defel->defname, "roles") == 0)
994  {
995  if (drolespecs)
996  errorConflictingDefElem(defel, pstate);
997  drolespecs = defel;
998  }
999  else
1000  elog(ERROR, "option \"%s\" not recognized", defel->defname);
1001  }
1002 
1003  if (dnspnames)
1004  nspnames = (List *) dnspnames->arg;
1005  if (drolespecs)
1006  rolespecs = (List *) drolespecs->arg;
1007 
1008  /* Prepare the InternalDefaultACL representation of the statement */
1009  /* roleid to be filled below */
1010  /* nspid to be filled in SetDefaultACLsInSchemas */
1011  iacls.is_grant = action->is_grant;
1012  iacls.objtype = action->objtype;
1013  /* all_privs to be filled below */
1014  /* privileges to be filled below */
1015  iacls.grantees = NIL; /* filled below */
1016  iacls.grant_option = action->grant_option;
1017  iacls.behavior = action->behavior;
1018 
1019  /*
1020  * Convert the RoleSpec list into an Oid list. Note that at this point we
1021  * insert an ACL_ID_PUBLIC into the list if appropriate, so downstream
1022  * there shouldn't be any additional work needed to support this case.
1023  */
1024  foreach(cell, action->grantees)
1025  {
1026  RoleSpec *grantee = (RoleSpec *) lfirst(cell);
1027  Oid grantee_uid;
1028 
1029  switch (grantee->roletype)
1030  {
1031  case ROLESPEC_PUBLIC:
1032  grantee_uid = ACL_ID_PUBLIC;
1033  break;
1034  default:
1035  grantee_uid = get_rolespec_oid(grantee, false);
1036  break;
1037  }
1038  iacls.grantees = lappend_oid(iacls.grantees, grantee_uid);
1039  }
1040 
1041  /*
1042  * Convert action->privileges, a list of privilege strings, into an
1043  * AclMode bitmask.
1044  */
1045  switch (action->objtype)
1046  {
1047  case OBJECT_TABLE:
1048  all_privileges = ACL_ALL_RIGHTS_RELATION;
1049  errormsg = gettext_noop("invalid privilege type %s for relation");
1050  break;
1051  case OBJECT_SEQUENCE:
1052  all_privileges = ACL_ALL_RIGHTS_SEQUENCE;
1053  errormsg = gettext_noop("invalid privilege type %s for sequence");
1054  break;
1055  case OBJECT_FUNCTION:
1056  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
1057  errormsg = gettext_noop("invalid privilege type %s for function");
1058  break;
1059  case OBJECT_PROCEDURE:
1060  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
1061  errormsg = gettext_noop("invalid privilege type %s for procedure");
1062  break;
1063  case OBJECT_ROUTINE:
1064  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
1065  errormsg = gettext_noop("invalid privilege type %s for routine");
1066  break;
1067  case OBJECT_TYPE:
1068  all_privileges = ACL_ALL_RIGHTS_TYPE;
1069  errormsg = gettext_noop("invalid privilege type %s for type");
1070  break;
1071  case OBJECT_SCHEMA:
1072  all_privileges = ACL_ALL_RIGHTS_SCHEMA;
1073  errormsg = gettext_noop("invalid privilege type %s for schema");
1074  break;
1075  default:
1076  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
1077  (int) action->objtype);
1078  /* keep compiler quiet */
1079  all_privileges = ACL_NO_RIGHTS;
1080  errormsg = NULL;
1081  }
1082 
1083  if (action->privileges == NIL)
1084  {
1085  iacls.all_privs = true;
1086 
1087  /*
1088  * will be turned into ACL_ALL_RIGHTS_* by the internal routines
1089  * depending on the object type
1090  */
1091  iacls.privileges = ACL_NO_RIGHTS;
1092  }
1093  else
1094  {
1095  iacls.all_privs = false;
1096  iacls.privileges = ACL_NO_RIGHTS;
1097 
1098  foreach(cell, action->privileges)
1099  {
1100  AccessPriv *privnode = (AccessPriv *) lfirst(cell);
1101  AclMode priv;
1102 
1103  if (privnode->cols)
1104  ereport(ERROR,
1105  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1106  errmsg("default privileges cannot be set for columns")));
1107 
1108  if (privnode->priv_name == NULL) /* parser mistake? */
1109  elog(ERROR, "AccessPriv node must specify privilege");
1110  priv = string_to_privilege(privnode->priv_name);
1111 
1112  if (priv & ~((AclMode) all_privileges))
1113  ereport(ERROR,
1114  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1115  errmsg(errormsg, privilege_to_string(priv))));
1116 
1117  iacls.privileges |= priv;
1118  }
1119  }
1120 
1121  if (rolespecs == NIL)
1122  {
1123  /* Set permissions for myself */
1124  iacls.roleid = GetUserId();
1125 
1126  SetDefaultACLsInSchemas(&iacls, nspnames);
1127  }
1128  else
1129  {
1130  /* Look up the role OIDs and do permissions checks */
1131  ListCell *rolecell;
1132 
1133  foreach(rolecell, rolespecs)
1134  {
1135  RoleSpec *rolespec = lfirst(rolecell);
1136 
1137  iacls.roleid = get_rolespec_oid(rolespec, false);
1138 
1139  if (!has_privs_of_role(GetUserId(), iacls.roleid))
1140  ereport(ERROR,
1141  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1142  errmsg("permission denied to change default privileges")));
1143 
1144  SetDefaultACLsInSchemas(&iacls, nspnames);
1145  }
1146  }
1147 }
bool has_privs_of_role(Oid member, Oid role)
Definition: acl.c:4933
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
Definition: acl.c:5253
#define ACL_ALL_RIGHTS_SCHEMA
Definition: acl.h:168
#define ACL_ALL_RIGHTS_SEQUENCE
Definition: acl.h:160
#define ACL_ALL_RIGHTS_FUNCTION
Definition: acl.h:164
#define ACL_ALL_RIGHTS_TYPE
Definition: acl.h:170
#define ACL_ALL_RIGHTS_RELATION
Definition: acl.h:159
#define ACL_ID_PUBLIC
Definition: acl.h:46
static AclMode string_to_privilege(const char *privname)
Definition: aclchk.c:3391
static void SetDefaultACLsInSchemas(InternalDefaultACL *iacls, List *nspnames)
Definition: aclchk.c:1155
static const char * privilege_to_string(AclMode privilege)
Definition: aclchk.c:3432
void errorConflictingDefElem(DefElem *defel, ParseState *pstate)
Definition: define.c:385
if(TABLE==NULL||TABLE_index==NULL)
Definition: isn.c:77
List * lappend_oid(List *list, Oid datum)
Definition: list.c:374
Oid GetUserId(void)
Definition: miscinit.c:497
@ ROLESPEC_PUBLIC
Definition: parsenodes.h:361
uint64 AclMode
Definition: parsenodes.h:81
#define ACL_NO_RIGHTS
Definition: parsenodes.h:98
#define lfirst(lc)
Definition: pg_list.h:170
#define NIL
Definition: pg_list.h:66
char * priv_name
Definition: parsenodes.h:2149
List * cols
Definition: parsenodes.h:2150
char * defname
Definition: parsenodes.h:775
Node * arg
Definition: parsenodes.h:776
bool grant_option
Definition: aclchk.c:96
AclMode privileges
Definition: aclchk.c:94
List * grantees
Definition: aclchk.c:95
DropBehavior behavior
Definition: aclchk.c:97
ObjectType objtype
Definition: aclchk.c:92
Definition: pg_list.h:52
RoleSpecType roletype
Definition: parsenodes.h:367

References ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TYPE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, generate_unaccent_rules::action, AlterDefaultPrivilegesStmt::action, InternalDefaultACL::all_privs, DefElem::arg, InternalDefaultACL::behavior, AccessPriv::cols, DefElem::defname, elog(), ereport, errcode(), errmsg(), ERROR, errorConflictingDefElem(), get_rolespec_oid(), gettext_noop, GetUserId(), InternalDefaultACL::grant_option, InternalDefaultACL::grantees, has_privs_of_role(), if(), InternalDefaultACL::is_grant, lappend_oid(), lfirst, NIL, OBJECT_FUNCTION, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TYPE, InternalDefaultACL::objtype, AlterDefaultPrivilegesStmt::options, AccessPriv::priv_name, privilege_to_string(), InternalDefaultACL::privileges, InternalDefaultACL::roleid, ROLESPEC_PUBLIC, RoleSpec::roletype, SetDefaultACLsInSchemas(), and string_to_privilege().

Referenced by ProcessUtilitySlow().

◆ ExecGrant_Attribute()

static void ExecGrant_Attribute ( InternalGrant istmt,
Oid  relOid,
const char *  relname,
AttrNumber  attnum,
Oid  ownerId,
AclMode  col_privileges,
Relation  attRelation,
const Acl old_rel_acl 
)
static

Definition at line 1662 of file aclchk.c.

1665 {
1666  HeapTuple attr_tuple;
1667  Form_pg_attribute pg_attribute_tuple;
1668  Acl *old_acl;
1669  Acl *new_acl;
1670  Acl *merged_acl;
1671  Datum aclDatum;
1672  bool isNull;
1673  Oid grantorId;
1674  AclMode avail_goptions;
1675  bool need_update;
1676  HeapTuple newtuple;
1677  Datum values[Natts_pg_attribute] = {0};
1678  bool nulls[Natts_pg_attribute] = {0};
1679  bool replaces[Natts_pg_attribute] = {0};
1680  int noldmembers;
1681  int nnewmembers;
1682  Oid *oldmembers;
1683  Oid *newmembers;
1684 
1685  attr_tuple = SearchSysCache2(ATTNUM,
1686  ObjectIdGetDatum(relOid),
1688  if (!HeapTupleIsValid(attr_tuple))
1689  elog(ERROR, "cache lookup failed for attribute %d of relation %u",
1690  attnum, relOid);
1691  pg_attribute_tuple = (Form_pg_attribute) GETSTRUCT(attr_tuple);
1692 
1693  /*
1694  * Get working copy of existing ACL. If there's no ACL, substitute the
1695  * proper default.
1696  */
1697  aclDatum = SysCacheGetAttr(ATTNUM, attr_tuple, Anum_pg_attribute_attacl,
1698  &isNull);
1699  if (isNull)
1700  {
1701  old_acl = acldefault(OBJECT_COLUMN, ownerId);
1702  /* There are no old member roles according to the catalogs */
1703  noldmembers = 0;
1704  oldmembers = NULL;
1705  }
1706  else
1707  {
1708  old_acl = DatumGetAclPCopy(aclDatum);
1709  /* Get the roles mentioned in the existing ACL */
1710  noldmembers = aclmembers(old_acl, &oldmembers);
1711  }
1712 
1713  /*
1714  * In select_best_grantor we should consider existing table-level ACL bits
1715  * as well as the per-column ACL. Build a new ACL that is their
1716  * concatenation. (This is a bit cheap and dirty compared to merging them
1717  * properly with no duplications, but it's all we need here.)
1718  */
1719  merged_acl = aclconcat(old_rel_acl, old_acl);
1720 
1721  /* Determine ID to do the grant as, and available grant options */
1722  select_best_grantor(GetUserId(), col_privileges,
1723  merged_acl, ownerId,
1724  &grantorId, &avail_goptions);
1725 
1726  pfree(merged_acl);
1727 
1728  /*
1729  * Restrict the privileges to what we can actually grant, and emit the
1730  * standards-mandated warning and error messages. Note: we don't track
1731  * whether the user actually used the ALL PRIVILEGES(columns) syntax for
1732  * each column; we just approximate it by whether all the possible
1733  * privileges are specified now. Since the all_privs flag only determines
1734  * whether a warning is issued, this seems close enough.
1735  */
1736  col_privileges =
1737  restrict_and_check_grant(istmt->is_grant, avail_goptions,
1738  (col_privileges == ACL_ALL_RIGHTS_COLUMN),
1739  col_privileges,
1740  relOid, grantorId, OBJECT_COLUMN,
1741  relname, attnum,
1742  NameStr(pg_attribute_tuple->attname));
1743 
1744  /*
1745  * Generate new ACL.
1746  */
1747  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
1748  istmt->grant_option,
1749  istmt->behavior, istmt->grantees,
1750  col_privileges, grantorId,
1751  ownerId);
1752 
1753  /*
1754  * We need the members of both old and new ACLs so we can correct the
1755  * shared dependency information.
1756  */
1757  nnewmembers = aclmembers(new_acl, &newmembers);
1758 
1759  /* finished building new ACL value, now insert it */
1760 
1761  /*
1762  * If the updated ACL is empty, we can set attacl to null, and maybe even
1763  * avoid an update of the pg_attribute row. This is worth testing because
1764  * we'll come through here multiple times for any relation-level REVOKE,
1765  * even if there were never any column GRANTs. Note we are assuming that
1766  * the "default" ACL state for columns is empty.
1767  */
1768  if (ACL_NUM(new_acl) > 0)
1769  {
1770  values[Anum_pg_attribute_attacl - 1] = PointerGetDatum(new_acl);
1771  need_update = true;
1772  }
1773  else
1774  {
1775  nulls[Anum_pg_attribute_attacl - 1] = true;
1776  need_update = !isNull;
1777  }
1778  replaces[Anum_pg_attribute_attacl - 1] = true;
1779 
1780  if (need_update)
1781  {
1782  newtuple = heap_modify_tuple(attr_tuple, RelationGetDescr(attRelation),
1783  values, nulls, replaces);
1784 
1785  CatalogTupleUpdate(attRelation, &newtuple->t_self, newtuple);
1786 
1787  /* Update initial privileges for extensions */
1788  recordExtensionInitPriv(relOid, RelationRelationId, attnum,
1789  ACL_NUM(new_acl) > 0 ? new_acl : NULL);
1790 
1791  /* Update the shared dependency ACL info */
1792  updateAclDependencies(RelationRelationId, relOid, attnum,
1793  ownerId,
1794  noldmembers, oldmembers,
1795  nnewmembers, newmembers);
1796  }
1797 
1798  pfree(new_acl);
1799 
1800  ReleaseSysCache(attr_tuple);
1801 }
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
Definition: acl.c:5143
int aclmembers(const Acl *acl, Oid **roleids)
Definition: acl.c:1480
Acl * aclconcat(const Acl *left_acl, const Acl *right_acl)
Definition: acl.c:428
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:749
#define ACL_ALL_RIGHTS_COLUMN
Definition: acl.h:158
#define ACL_NUM(ACL)
Definition: acl.h:108
#define DatumGetAclPCopy(X)
Definition: acl.h:121
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
Definition: aclchk.c:5417
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
Definition: aclchk.c:176
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
Definition: aclchk.c:235
static Datum values[MAXATTR]
Definition: bootstrap.c:156
#define NameStr(name)
Definition: c.h:682
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
Definition: heaptuple.c:1113
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
#define GETSTRUCT(TUP)
Definition: htup_details.h:649
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:301
void pfree(void *pointer)
Definition: mcxt.c:1306
int16 attnum
Definition: pg_attribute.h:83
FormData_pg_attribute * Form_pg_attribute
Definition: pg_attribute.h:207
NameData relname
Definition: pg_class.h:38
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
Definition: pg_shdepend.c:482
static Datum PointerGetDatum(const void *X)
Definition: postgres.h:670
uintptr_t Datum
Definition: postgres.h:412
static Datum Int16GetDatum(int16 X)
Definition: postgres.h:520
static Datum ObjectIdGetDatum(Oid X)
Definition: postgres.h:600
#define RelationGetDescr(relation)
Definition: rel.h:527
ItemPointerData t_self
Definition: htup.h:65
DropBehavior behavior
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1221
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
Definition: syscache.c:1434
HeapTuple SearchSysCache2(int cacheId, Datum key1, Datum key2)
Definition: syscache.c:1184
@ ATTNUM
Definition: syscache.h:41

References ACL_ALL_RIGHTS_COLUMN, ACL_NUM, aclconcat(), acldefault(), aclmembers(), attnum, ATTNUM, InternalGrant::behavior, CatalogTupleUpdate(), DatumGetAclPCopy, elog(), ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, Int16GetDatum(), InternalGrant::is_grant, merge_acl_with_grant(), NameStr, OBJECT_COLUMN, ObjectIdGetDatum(), pfree(), PointerGetDatum(), recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), relname, restrict_and_check_grant(), SearchSysCache2(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, updateAclDependencies(), and values.

Referenced by ExecGrant_Relation().

◆ ExecGrant_Database()

static void ExecGrant_Database ( InternalGrant istmt)
static

Definition at line 2135 of file aclchk.c.

2136 {
2137  Relation relation;
2138  ListCell *cell;
2139 
2140  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2142 
2143  relation = table_open(DatabaseRelationId, RowExclusiveLock);
2144 
2145  foreach(cell, istmt->objects)
2146  {
2147  Oid datId = lfirst_oid(cell);
2148  Form_pg_database pg_database_tuple;
2149  Datum aclDatum;
2150  bool isNull;
2151  AclMode avail_goptions;
2152  AclMode this_privileges;
2153  Acl *old_acl;
2154  Acl *new_acl;
2155  Oid grantorId;
2156  Oid ownerId;
2157  HeapTuple newtuple;
2158  Datum values[Natts_pg_database] = {0};
2159  bool nulls[Natts_pg_database] = {0};
2160  bool replaces[Natts_pg_database] = {0};
2161  int noldmembers;
2162  int nnewmembers;
2163  Oid *oldmembers;
2164  Oid *newmembers;
2165  HeapTuple tuple;
2166 
2167  tuple = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(datId));
2168  if (!HeapTupleIsValid(tuple))
2169  elog(ERROR, "cache lookup failed for database %u", datId);
2170 
2171  pg_database_tuple = (Form_pg_database) GETSTRUCT(tuple);
2172 
2173  /*
2174  * Get owner ID and working copy of existing ACL. If there's no ACL,
2175  * substitute the proper default.
2176  */
2177  ownerId = pg_database_tuple->datdba;
2178  aclDatum = heap_getattr(tuple, Anum_pg_database_datacl,
2179  RelationGetDescr(relation), &isNull);
2180  if (isNull)
2181  {
2182  old_acl = acldefault(OBJECT_DATABASE, ownerId);
2183  /* There are no old member roles according to the catalogs */
2184  noldmembers = 0;
2185  oldmembers = NULL;
2186  }
2187  else
2188  {
2189  old_acl = DatumGetAclPCopy(aclDatum);
2190  /* Get the roles mentioned in the existing ACL */
2191  noldmembers = aclmembers(old_acl, &oldmembers);
2192  }
2193 
2194  /* Determine ID to do the grant as, and available grant options */
2196  old_acl, ownerId,
2197  &grantorId, &avail_goptions);
2198 
2199  /*
2200  * Restrict the privileges to what we can actually grant, and emit the
2201  * standards-mandated warning and error messages.
2202  */
2203  this_privileges =
2204  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2205  istmt->all_privs, istmt->privileges,
2206  datId, grantorId, OBJECT_DATABASE,
2207  NameStr(pg_database_tuple->datname),
2208  0, NULL);
2209 
2210  /*
2211  * Generate new ACL.
2212  */
2213  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2214  istmt->grant_option, istmt->behavior,
2215  istmt->grantees, this_privileges,
2216  grantorId, ownerId);
2217 
2218  /*
2219  * We need the members of both old and new ACLs so we can correct the
2220  * shared dependency information.
2221  */
2222  nnewmembers = aclmembers(new_acl, &newmembers);
2223 
2224  /* finished building new ACL value, now insert it */
2225  replaces[Anum_pg_database_datacl - 1] = true;
2226  values[Anum_pg_database_datacl - 1] = PointerGetDatum(new_acl);
2227 
2228  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
2229  nulls, replaces);
2230 
2231  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2232 
2233  /* Update the shared dependency ACL info */
2234  updateAclDependencies(DatabaseRelationId, pg_database_tuple->oid, 0,
2235  ownerId,
2236  noldmembers, oldmembers,
2237  nnewmembers, newmembers);
2238 
2239  ReleaseSysCache(tuple);
2240 
2241  pfree(new_acl);
2242 
2243  /* prevent error when processing duplicate objects */
2245  }
2246 
2247  table_close(relation, RowExclusiveLock);
2248 }
#define ACL_ALL_RIGHTS_DATABASE
Definition: acl.h:161
static Datum heap_getattr(HeapTuple tup, int attnum, TupleDesc tupleDesc, bool *isnull)
Definition: htup_details.h:788
#define RowExclusiveLock
Definition: lockdefs.h:38
FormData_pg_database * Form_pg_database
Definition: pg_database.h:87
#define lfirst_oid(lc)
Definition: pg_list.h:172
AclMode privileges
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:1173
@ DATABASEOID
Definition: syscache.h:55
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:126
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:40
void CommandCounterIncrement(void)
Definition: xact.c:1077

References ACL_ALL_RIGHTS_DATABASE, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DATABASEOID, DatumGetAclPCopy, elog(), ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_getattr(), heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), NameStr, OBJECT_DATABASE, ObjectIdGetDatum(), InternalGrant::objects, pfree(), PointerGetDatum(), InternalGrant::privileges, RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Fdw()

static void ExecGrant_Fdw ( InternalGrant istmt)
static

Definition at line 2251 of file aclchk.c.

2252 {
2253  Relation relation;
2254  ListCell *cell;
2255 
2256  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2257  istmt->privileges = ACL_ALL_RIGHTS_FDW;
2258 
2259  relation = table_open(ForeignDataWrapperRelationId, RowExclusiveLock);
2260 
2261  foreach(cell, istmt->objects)
2262  {
2263  Oid fdwid = lfirst_oid(cell);
2264  Form_pg_foreign_data_wrapper pg_fdw_tuple;
2265  Datum aclDatum;
2266  bool isNull;
2267  AclMode avail_goptions;
2268  AclMode this_privileges;
2269  Acl *old_acl;
2270  Acl *new_acl;
2271  Oid grantorId;
2272  Oid ownerId;
2273  HeapTuple tuple;
2274  HeapTuple newtuple;
2275  Datum values[Natts_pg_foreign_data_wrapper] = {0};
2276  bool nulls[Natts_pg_foreign_data_wrapper] = {0};
2277  bool replaces[Natts_pg_foreign_data_wrapper] = {0};
2278  int noldmembers;
2279  int nnewmembers;
2280  Oid *oldmembers;
2281  Oid *newmembers;
2282 
2284  ObjectIdGetDatum(fdwid));
2285  if (!HeapTupleIsValid(tuple))
2286  elog(ERROR, "cache lookup failed for foreign-data wrapper %u", fdwid);
2287 
2288  pg_fdw_tuple = (Form_pg_foreign_data_wrapper) GETSTRUCT(tuple);
2289 
2290  /*
2291  * Get owner ID and working copy of existing ACL. If there's no ACL,
2292  * substitute the proper default.
2293  */
2294  ownerId = pg_fdw_tuple->fdwowner;
2295  aclDatum = SysCacheGetAttr(FOREIGNDATAWRAPPEROID, tuple,
2296  Anum_pg_foreign_data_wrapper_fdwacl,
2297  &isNull);
2298  if (isNull)
2299  {
2300  old_acl = acldefault(OBJECT_FDW, ownerId);
2301  /* There are no old member roles according to the catalogs */
2302  noldmembers = 0;
2303  oldmembers = NULL;
2304  }
2305  else
2306  {
2307  old_acl = DatumGetAclPCopy(aclDatum);
2308  /* Get the roles mentioned in the existing ACL */
2309  noldmembers = aclmembers(old_acl, &oldmembers);
2310  }
2311 
2312  /* Determine ID to do the grant as, and available grant options */
2314  old_acl, ownerId,
2315  &grantorId, &avail_goptions);
2316 
2317  /*
2318  * Restrict the privileges to what we can actually grant, and emit the
2319  * standards-mandated warning and error messages.
2320  */
2321  this_privileges =
2322  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2323  istmt->all_privs, istmt->privileges,
2324  fdwid, grantorId, OBJECT_FDW,
2325  NameStr(pg_fdw_tuple->fdwname),
2326  0, NULL);
2327 
2328  /*
2329  * Generate new ACL.
2330  */
2331  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2332  istmt->grant_option, istmt->behavior,
2333  istmt->grantees, this_privileges,
2334  grantorId, ownerId);
2335 
2336  /*
2337  * We need the members of both old and new ACLs so we can correct the
2338  * shared dependency information.
2339  */
2340  nnewmembers = aclmembers(new_acl, &newmembers);
2341 
2342  /* finished building new ACL value, now insert it */
2343  replaces[Anum_pg_foreign_data_wrapper_fdwacl - 1] = true;
2344  values[Anum_pg_foreign_data_wrapper_fdwacl - 1] = PointerGetDatum(new_acl);
2345 
2346  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
2347  nulls, replaces);
2348 
2349  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2350 
2351  /* Update initial privileges for extensions */
2352  recordExtensionInitPriv(fdwid, ForeignDataWrapperRelationId, 0,
2353  new_acl);
2354 
2355  /* Update the shared dependency ACL info */
2356  updateAclDependencies(ForeignDataWrapperRelationId,
2357  pg_fdw_tuple->oid, 0,
2358  ownerId,
2359  noldmembers, oldmembers,
2360  nnewmembers, newmembers);
2361 
2362  ReleaseSysCache(tuple);
2363 
2364  pfree(new_acl);
2365 
2366  /* prevent error when processing duplicate objects */
2368  }
2369 
2370  table_close(relation, RowExclusiveLock);
2371 }
#define ACL_ALL_RIGHTS_FDW
Definition: acl.h:162
FormData_pg_foreign_data_wrapper * Form_pg_foreign_data_wrapper
@ FOREIGNDATAWRAPPEROID
Definition: syscache.h:62

References ACL_ALL_RIGHTS_FDW, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog(), ERROR, FOREIGNDATAWRAPPEROID, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), NameStr, OBJECT_FDW, ObjectIdGetDatum(), InternalGrant::objects, pfree(), PointerGetDatum(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_ForeignServer()

static void ExecGrant_ForeignServer ( InternalGrant istmt)
static

Definition at line 2374 of file aclchk.c.

2375 {
2376  Relation relation;
2377  ListCell *cell;
2378 
2379  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2381 
2382  relation = table_open(ForeignServerRelationId, RowExclusiveLock);
2383 
2384  foreach(cell, istmt->objects)
2385  {
2386  Oid srvid = lfirst_oid(cell);
2387  Form_pg_foreign_server pg_server_tuple;
2388  Datum aclDatum;
2389  bool isNull;
2390  AclMode avail_goptions;
2391  AclMode this_privileges;
2392  Acl *old_acl;
2393  Acl *new_acl;
2394  Oid grantorId;
2395  Oid ownerId;
2396  HeapTuple tuple;
2397  HeapTuple newtuple;
2398  Datum values[Natts_pg_foreign_server] = {0};
2399  bool nulls[Natts_pg_foreign_server] = {0};
2400  bool replaces[Natts_pg_foreign_server] = {0};
2401  int noldmembers;
2402  int nnewmembers;
2403  Oid *oldmembers;
2404  Oid *newmembers;
2405 
2407  if (!HeapTupleIsValid(tuple))
2408  elog(ERROR, "cache lookup failed for foreign server %u", srvid);
2409 
2410  pg_server_tuple = (Form_pg_foreign_server) GETSTRUCT(tuple);
2411 
2412  /*
2413  * Get owner ID and working copy of existing ACL. If there's no ACL,
2414  * substitute the proper default.
2415  */
2416  ownerId = pg_server_tuple->srvowner;
2417  aclDatum = SysCacheGetAttr(FOREIGNSERVEROID, tuple,
2418  Anum_pg_foreign_server_srvacl,
2419  &isNull);
2420  if (isNull)
2421  {
2422  old_acl = acldefault(OBJECT_FOREIGN_SERVER, ownerId);
2423  /* There are no old member roles according to the catalogs */
2424  noldmembers = 0;
2425  oldmembers = NULL;
2426  }
2427  else
2428  {
2429  old_acl = DatumGetAclPCopy(aclDatum);
2430  /* Get the roles mentioned in the existing ACL */
2431  noldmembers = aclmembers(old_acl, &oldmembers);
2432  }
2433 
2434  /* Determine ID to do the grant as, and available grant options */
2436  old_acl, ownerId,
2437  &grantorId, &avail_goptions);
2438 
2439  /*
2440  * Restrict the privileges to what we can actually grant, and emit the
2441  * standards-mandated warning and error messages.
2442  */
2443  this_privileges =
2444  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2445  istmt->all_privs, istmt->privileges,
2446  srvid, grantorId, OBJECT_FOREIGN_SERVER,
2447  NameStr(pg_server_tuple->srvname),
2448  0, NULL);
2449 
2450  /*
2451  * Generate new ACL.
2452  */
2453  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2454  istmt->grant_option, istmt->behavior,
2455  istmt->grantees, this_privileges,
2456  grantorId, ownerId);
2457 
2458  /*
2459  * We need the members of both old and new ACLs so we can correct the
2460  * shared dependency information.
2461  */
2462  nnewmembers = aclmembers(new_acl, &newmembers);
2463 
2464  /* finished building new ACL value, now insert it */
2465  replaces[Anum_pg_foreign_server_srvacl - 1] = true;
2466  values[Anum_pg_foreign_server_srvacl - 1] = PointerGetDatum(new_acl);
2467 
2468  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
2469  nulls, replaces);
2470 
2471  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2472 
2473  /* Update initial privileges for extensions */
2474  recordExtensionInitPriv(srvid, ForeignServerRelationId, 0, new_acl);
2475 
2476  /* Update the shared dependency ACL info */
2477  updateAclDependencies(ForeignServerRelationId,
2478  pg_server_tuple->oid, 0,
2479  ownerId,
2480  noldmembers, oldmembers,
2481  nnewmembers, newmembers);
2482 
2483  ReleaseSysCache(tuple);
2484 
2485  pfree(new_acl);
2486 
2487  /* prevent error when processing duplicate objects */
2489  }
2490 
2491  table_close(relation, RowExclusiveLock);
2492 }
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
Definition: acl.h:163
FormData_pg_foreign_server * Form_pg_foreign_server
@ FOREIGNSERVEROID
Definition: syscache.h:64

References ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog(), ERROR, FOREIGNSERVEROID, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), NameStr, OBJECT_FOREIGN_SERVER, ObjectIdGetDatum(), InternalGrant::objects, pfree(), PointerGetDatum(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Function()

static void ExecGrant_Function ( InternalGrant istmt)
static

Definition at line 2495 of file aclchk.c.

2496 {
2497  Relation relation;
2498  ListCell *cell;
2499 
2500  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2502 
2503  relation = table_open(ProcedureRelationId, RowExclusiveLock);
2504 
2505  foreach(cell, istmt->objects)
2506  {
2507  Oid funcId = lfirst_oid(cell);
2508  Form_pg_proc pg_proc_tuple;
2509  Datum aclDatum;
2510  bool isNull;
2511  AclMode avail_goptions;
2512  AclMode this_privileges;
2513  Acl *old_acl;
2514  Acl *new_acl;
2515  Oid grantorId;
2516  Oid ownerId;
2517  HeapTuple tuple;
2518  HeapTuple newtuple;
2519  Datum values[Natts_pg_proc] = {0};
2520  bool nulls[Natts_pg_proc] = {0};
2521  bool replaces[Natts_pg_proc] = {0};
2522  int noldmembers;
2523  int nnewmembers;
2524  Oid *oldmembers;
2525  Oid *newmembers;
2526 
2527  tuple = SearchSysCache1(PROCOID, ObjectIdGetDatum(funcId));
2528  if (!HeapTupleIsValid(tuple))
2529  elog(ERROR, "cache lookup failed for function %u", funcId);
2530 
2531  pg_proc_tuple = (Form_pg_proc) GETSTRUCT(tuple);
2532 
2533  /*
2534  * Get owner ID and working copy of existing ACL. If there's no ACL,
2535  * substitute the proper default.
2536  */
2537  ownerId = pg_proc_tuple->proowner;
2538  aclDatum = SysCacheGetAttr(PROCOID, tuple, Anum_pg_proc_proacl,
2539  &isNull);
2540  if (isNull)
2541  {
2542  old_acl = acldefault(OBJECT_FUNCTION, ownerId);
2543  /* There are no old member roles according to the catalogs */
2544  noldmembers = 0;
2545  oldmembers = NULL;
2546  }
2547  else
2548  {
2549  old_acl = DatumGetAclPCopy(aclDatum);
2550  /* Get the roles mentioned in the existing ACL */
2551  noldmembers = aclmembers(old_acl, &oldmembers);
2552  }
2553 
2554  /* Determine ID to do the grant as, and available grant options */
2556  old_acl, ownerId,
2557  &grantorId, &avail_goptions);
2558 
2559  /*
2560  * Restrict the privileges to what we can actually grant, and emit the
2561  * standards-mandated warning and error messages.
2562  */
2563  this_privileges =
2564  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2565  istmt->all_privs, istmt->privileges,
2566  funcId, grantorId, OBJECT_FUNCTION,
2567  NameStr(pg_proc_tuple->proname),
2568  0, NULL);
2569 
2570  /*
2571  * Generate new ACL.
2572  */
2573  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2574  istmt->grant_option, istmt->behavior,
2575  istmt->grantees, this_privileges,
2576  grantorId, ownerId);
2577 
2578  /*
2579  * We need the members of both old and new ACLs so we can correct the
2580  * shared dependency information.
2581  */
2582  nnewmembers = aclmembers(new_acl, &newmembers);
2583 
2584  /* finished building new ACL value, now insert it */
2585  replaces[Anum_pg_proc_proacl - 1] = true;
2586  values[Anum_pg_proc_proacl - 1] = PointerGetDatum(new_acl);
2587 
2588  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
2589  nulls, replaces);
2590 
2591  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2592 
2593  /* Update initial privileges for extensions */
2594  recordExtensionInitPriv(funcId, ProcedureRelationId, 0, new_acl);
2595 
2596  /* Update the shared dependency ACL info */
2597  updateAclDependencies(ProcedureRelationId, funcId, 0,
2598  ownerId,
2599  noldmembers, oldmembers,
2600  nnewmembers, newmembers);
2601 
2602  ReleaseSysCache(tuple);
2603 
2604  pfree(new_acl);
2605 
2606  /* prevent error when processing duplicate objects */
2608  }
2609 
2610  table_close(relation, RowExclusiveLock);
2611 }
FormData_pg_proc * Form_pg_proc
Definition: pg_proc.h:136
@ PROCOID
Definition: syscache.h:79

References ACL_ALL_RIGHTS_FUNCTION, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog(), ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), NameStr, OBJECT_FUNCTION, ObjectIdGetDatum(), InternalGrant::objects, pfree(), PointerGetDatum(), InternalGrant::privileges, PROCOID, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Language()

static void ExecGrant_Language ( InternalGrant istmt)
static

Definition at line 2614 of file aclchk.c.

2615 {
2616  Relation relation;
2617  ListCell *cell;
2618 
2619  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2621 
2622  relation = table_open(LanguageRelationId, RowExclusiveLock);
2623 
2624  foreach(cell, istmt->objects)
2625  {
2626  Oid langId = lfirst_oid(cell);
2627  Form_pg_language pg_language_tuple;
2628  Datum aclDatum;
2629  bool isNull;
2630  AclMode avail_goptions;
2631  AclMode this_privileges;
2632  Acl *old_acl;
2633  Acl *new_acl;
2634  Oid grantorId;
2635  Oid ownerId;
2636  HeapTuple tuple;
2637  HeapTuple newtuple;
2638  Datum values[Natts_pg_language] = {0};
2639  bool nulls[Natts_pg_language] = {0};
2640  bool replaces[Natts_pg_language] = {0};
2641  int noldmembers;
2642  int nnewmembers;
2643  Oid *oldmembers;
2644  Oid *newmembers;
2645 
2646  tuple = SearchSysCache1(LANGOID, ObjectIdGetDatum(langId));
2647  if (!HeapTupleIsValid(tuple))
2648  elog(ERROR, "cache lookup failed for language %u", langId);
2649 
2650  pg_language_tuple = (Form_pg_language) GETSTRUCT(tuple);
2651 
2652  if (!pg_language_tuple->lanpltrusted)
2653  ereport(ERROR,
2654  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2655  errmsg("language \"%s\" is not trusted",
2656  NameStr(pg_language_tuple->lanname)),
2657  errdetail("GRANT and REVOKE are not allowed on untrusted languages, "
2658  "because only superusers can use untrusted languages.")));
2659 
2660  /*
2661  * Get owner ID and working copy of existing ACL. If there's no ACL,
2662  * substitute the proper default.
2663  */
2664  ownerId = pg_language_tuple->lanowner;
2665  aclDatum = SysCacheGetAttr(LANGNAME, tuple, Anum_pg_language_lanacl,
2666  &isNull);
2667  if (isNull)
2668  {
2669  old_acl = acldefault(OBJECT_LANGUAGE, ownerId);
2670  /* There are no old member roles according to the catalogs */
2671  noldmembers = 0;
2672  oldmembers = NULL;
2673  }
2674  else
2675  {
2676  old_acl = DatumGetAclPCopy(aclDatum);
2677  /* Get the roles mentioned in the existing ACL */
2678  noldmembers = aclmembers(old_acl, &oldmembers);
2679  }
2680 
2681  /* Determine ID to do the grant as, and available grant options */
2683  old_acl, ownerId,
2684  &grantorId, &avail_goptions);
2685 
2686  /*
2687  * Restrict the privileges to what we can actually grant, and emit the
2688  * standards-mandated warning and error messages.
2689  */
2690  this_privileges =
2691  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2692  istmt->all_privs, istmt->privileges,
2693  langId, grantorId, OBJECT_LANGUAGE,
2694  NameStr(pg_language_tuple->lanname),
2695  0, NULL);
2696 
2697  /*
2698  * Generate new ACL.
2699  */
2700  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2701  istmt->grant_option, istmt->behavior,
2702  istmt->grantees, this_privileges,
2703  grantorId, ownerId);
2704 
2705  /*
2706  * We need the members of both old and new ACLs so we can correct the
2707  * shared dependency information.
2708  */
2709  nnewmembers = aclmembers(new_acl, &newmembers);
2710 
2711  /* finished building new ACL value, now insert it */
2712  replaces[Anum_pg_language_lanacl - 1] = true;
2713  values[Anum_pg_language_lanacl - 1] = PointerGetDatum(new_acl);
2714 
2715  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
2716  nulls, replaces);
2717 
2718  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2719 
2720  /* Update initial privileges for extensions */
2721  recordExtensionInitPriv(langId, LanguageRelationId, 0, new_acl);
2722 
2723  /* Update the shared dependency ACL info */
2724  updateAclDependencies(LanguageRelationId, pg_language_tuple->oid, 0,
2725  ownerId,
2726  noldmembers, oldmembers,
2727  nnewmembers, newmembers);
2728 
2729  ReleaseSysCache(tuple);
2730 
2731  pfree(new_acl);
2732 
2733  /* prevent error when processing duplicate objects */
2735  }
2736 
2737  table_close(relation, RowExclusiveLock);
2738 }
#define ACL_ALL_RIGHTS_LANGUAGE
Definition: acl.h:165
int errdetail(const char *fmt,...)
Definition: elog.c:1039
FormData_pg_language * Form_pg_language
Definition: pg_language.h:65
@ LANGNAME
Definition: syscache.h:67
@ LANGOID
Definition: syscache.h:68

References ACL_ALL_RIGHTS_LANGUAGE, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog(), ereport, errcode(), errdetail(), errmsg(), ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, LANGNAME, LANGOID, lfirst_oid, merge_acl_with_grant(), NameStr, OBJECT_LANGUAGE, ObjectIdGetDatum(), InternalGrant::objects, pfree(), PointerGetDatum(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Largeobject()

static void ExecGrant_Largeobject ( InternalGrant istmt)
static

Definition at line 2741 of file aclchk.c.

2742 {
2743  Relation relation;
2744  ListCell *cell;
2745 
2746  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2748 
2749  relation = table_open(LargeObjectMetadataRelationId,
2751 
2752  foreach(cell, istmt->objects)
2753  {
2754  Oid loid = lfirst_oid(cell);
2755  Form_pg_largeobject_metadata form_lo_meta;
2756  char loname[NAMEDATALEN];
2757  Datum aclDatum;
2758  bool isNull;
2759  AclMode avail_goptions;
2760  AclMode this_privileges;
2761  Acl *old_acl;
2762  Acl *new_acl;
2763  Oid grantorId;
2764  Oid ownerId;
2765  HeapTuple newtuple;
2766  Datum values[Natts_pg_largeobject_metadata] = {0};
2767  bool nulls[Natts_pg_largeobject_metadata] = {0};
2768  bool replaces[Natts_pg_largeobject_metadata] = {0};
2769  int noldmembers;
2770  int nnewmembers;
2771  Oid *oldmembers;
2772  Oid *newmembers;
2773  ScanKeyData entry[1];
2774  SysScanDesc scan;
2775  HeapTuple tuple;
2776 
2777  /* There's no syscache for pg_largeobject_metadata */
2778  ScanKeyInit(&entry[0],
2779  Anum_pg_largeobject_metadata_oid,
2780  BTEqualStrategyNumber, F_OIDEQ,
2781  ObjectIdGetDatum(loid));
2782 
2783  scan = systable_beginscan(relation,
2784  LargeObjectMetadataOidIndexId, true,
2785  NULL, 1, entry);
2786 
2787  tuple = systable_getnext(scan);
2788  if (!HeapTupleIsValid(tuple))
2789  elog(ERROR, "could not find tuple for large object %u", loid);
2790 
2791  form_lo_meta = (Form_pg_largeobject_metadata) GETSTRUCT(tuple);
2792 
2793  /*
2794  * Get owner ID and working copy of existing ACL. If there's no ACL,
2795  * substitute the proper default.
2796  */
2797  ownerId = form_lo_meta->lomowner;
2798  aclDatum = heap_getattr(tuple,
2799  Anum_pg_largeobject_metadata_lomacl,
2800  RelationGetDescr(relation), &isNull);
2801  if (isNull)
2802  {
2803  old_acl = acldefault(OBJECT_LARGEOBJECT, ownerId);
2804  /* There are no old member roles according to the catalogs */
2805  noldmembers = 0;
2806  oldmembers = NULL;
2807  }
2808  else
2809  {
2810  old_acl = DatumGetAclPCopy(aclDatum);
2811  /* Get the roles mentioned in the existing ACL */
2812  noldmembers = aclmembers(old_acl, &oldmembers);
2813  }
2814 
2815  /* Determine ID to do the grant as, and available grant options */
2817  old_acl, ownerId,
2818  &grantorId, &avail_goptions);
2819 
2820  /*
2821  * Restrict the privileges to what we can actually grant, and emit the
2822  * standards-mandated warning and error messages.
2823  */
2824  snprintf(loname, sizeof(loname), "large object %u", loid);
2825  this_privileges =
2826  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2827  istmt->all_privs, istmt->privileges,
2828  loid, grantorId, OBJECT_LARGEOBJECT,
2829  loname, 0, NULL);
2830 
2831  /*
2832  * Generate new ACL.
2833  */
2834  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2835  istmt->grant_option, istmt->behavior,
2836  istmt->grantees, this_privileges,
2837  grantorId, ownerId);
2838 
2839  /*
2840  * We need the members of both old and new ACLs so we can correct the
2841  * shared dependency information.
2842  */
2843  nnewmembers = aclmembers(new_acl, &newmembers);
2844 
2845  /* finished building new ACL value, now insert it */
2846  replaces[Anum_pg_largeobject_metadata_lomacl - 1] = true;
2847  values[Anum_pg_largeobject_metadata_lomacl - 1]
2848  = PointerGetDatum(new_acl);
2849 
2850  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
2851  values, nulls, replaces);
2852 
2853  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2854 
2855  /* Update initial privileges for extensions */
2856  recordExtensionInitPriv(loid, LargeObjectRelationId, 0, new_acl);
2857 
2858  /* Update the shared dependency ACL info */
2859  updateAclDependencies(LargeObjectRelationId,
2860  form_lo_meta->oid, 0,
2861  ownerId,
2862  noldmembers, oldmembers,
2863  nnewmembers, newmembers);
2864 
2865  systable_endscan(scan);
2866 
2867  pfree(new_acl);
2868 
2869  /* prevent error when processing duplicate objects */
2871  }
2872 
2873  table_close(relation, RowExclusiveLock);
2874 }
#define ACL_ALL_RIGHTS_LARGEOBJECT
Definition: acl.h:166
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:599
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:506
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:387
#define NAMEDATALEN
FormData_pg_largeobject_metadata * Form_pg_largeobject_metadata
#define snprintf
Definition: port.h:238
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
#define BTEqualStrategyNumber
Definition: stratnum.h:31

References ACL_ALL_RIGHTS_LARGEOBJECT, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, BTEqualStrategyNumber, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog(), ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_getattr(), heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), NAMEDATALEN, OBJECT_LARGEOBJECT, ObjectIdGetDatum(), InternalGrant::objects, pfree(), PointerGetDatum(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, restrict_and_check_grant(), RowExclusiveLock, ScanKeyInit(), select_best_grantor(), snprintf, systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Namespace()

static void ExecGrant_Namespace ( InternalGrant istmt)
static

Definition at line 2877 of file aclchk.c.

2878 {
2879  Relation relation;
2880  ListCell *cell;
2881 
2882  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2884 
2885  relation = table_open(NamespaceRelationId, RowExclusiveLock);
2886 
2887  foreach(cell, istmt->objects)
2888  {
2889  Oid nspid = lfirst_oid(cell);
2890  Form_pg_namespace pg_namespace_tuple;
2891  Datum aclDatum;
2892  bool isNull;
2893  AclMode avail_goptions;
2894  AclMode this_privileges;
2895  Acl *old_acl;
2896  Acl *new_acl;
2897  Oid grantorId;
2898  Oid ownerId;
2899  HeapTuple tuple;
2900  HeapTuple newtuple;
2901  Datum values[Natts_pg_namespace] = {0};
2902  bool nulls[Natts_pg_namespace] = {0};
2903  bool replaces[Natts_pg_namespace] = {0};
2904  int noldmembers;
2905  int nnewmembers;
2906  Oid *oldmembers;
2907  Oid *newmembers;
2908 
2910  if (!HeapTupleIsValid(tuple))
2911  elog(ERROR, "cache lookup failed for namespace %u", nspid);
2912 
2913  pg_namespace_tuple = (Form_pg_namespace) GETSTRUCT(tuple);
2914 
2915  /*
2916  * Get owner ID and working copy of existing ACL. If there's no ACL,
2917  * substitute the proper default.
2918  */
2919  ownerId = pg_namespace_tuple->nspowner;
2920  aclDatum = SysCacheGetAttr(NAMESPACENAME, tuple,
2921  Anum_pg_namespace_nspacl,
2922  &isNull);
2923  if (isNull)
2924  {
2925  old_acl = acldefault(OBJECT_SCHEMA, ownerId);
2926  /* There are no old member roles according to the catalogs */
2927  noldmembers = 0;
2928  oldmembers = NULL;
2929  }
2930  else
2931  {
2932  old_acl = DatumGetAclPCopy(aclDatum);
2933  /* Get the roles mentioned in the existing ACL */
2934  noldmembers = aclmembers(old_acl, &oldmembers);
2935  }
2936 
2937  /* Determine ID to do the grant as, and available grant options */
2939  old_acl, ownerId,
2940  &grantorId, &avail_goptions);
2941 
2942  /*
2943  * Restrict the privileges to what we can actually grant, and emit the
2944  * standards-mandated warning and error messages.
2945  */
2946  this_privileges =
2947  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2948  istmt->all_privs, istmt->privileges,
2949  nspid, grantorId, OBJECT_SCHEMA,
2950  NameStr(pg_namespace_tuple->nspname),
2951  0, NULL);
2952 
2953  /*
2954  * Generate new ACL.
2955  */
2956  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2957  istmt->grant_option, istmt->behavior,
2958  istmt->grantees, this_privileges,
2959  grantorId, ownerId);
2960 
2961  /*
2962  * We need the members of both old and new ACLs so we can correct the
2963  * shared dependency information.
2964  */
2965  nnewmembers = aclmembers(new_acl, &newmembers);
2966 
2967  /* finished building new ACL value, now insert it */
2968  replaces[Anum_pg_namespace_nspacl - 1] = true;
2969  values[Anum_pg_namespace_nspacl - 1] = PointerGetDatum(new_acl);
2970 
2971  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
2972  nulls, replaces);
2973 
2974  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2975 
2976  /* Update initial privileges for extensions */
2977  recordExtensionInitPriv(nspid, NamespaceRelationId, 0, new_acl);
2978 
2979  /* Update the shared dependency ACL info */
2980  updateAclDependencies(NamespaceRelationId, pg_namespace_tuple->oid, 0,
2981  ownerId,
2982  noldmembers, oldmembers,
2983  nnewmembers, newmembers);
2984 
2985  ReleaseSysCache(tuple);
2986 
2987  pfree(new_acl);
2988 
2989  /* prevent error when processing duplicate objects */
2991  }
2992 
2993  table_close(relation, RowExclusiveLock);
2994 }
FormData_pg_namespace * Form_pg_namespace
Definition: pg_namespace.h:52
@ NAMESPACEOID
Definition: syscache.h:70
@ NAMESPACENAME
Definition: syscache.h:69

References ACL_ALL_RIGHTS_SCHEMA, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog(), ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), NAMESPACENAME, NAMESPACEOID, NameStr, OBJECT_SCHEMA, ObjectIdGetDatum(), InternalGrant::objects, pfree(), PointerGetDatum(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Parameter()

static void ExecGrant_Parameter ( InternalGrant istmt)
static

Definition at line 3246 of file aclchk.c.

3247 {
3248  Relation relation;
3249  ListCell *cell;
3250 
3251  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
3253 
3254  relation = table_open(ParameterAclRelationId, RowExclusiveLock);
3255 
3256  foreach(cell, istmt->objects)
3257  {
3258  Oid parameterId = lfirst_oid(cell);
3259  Datum nameDatum;
3260  const char *parname;
3261  Datum aclDatum;
3262  bool isNull;
3263  AclMode avail_goptions;
3264  AclMode this_privileges;
3265  Acl *old_acl;
3266  Acl *new_acl;
3267  Oid grantorId;
3268  Oid ownerId;
3269  HeapTuple tuple;
3270  int noldmembers;
3271  int nnewmembers;
3272  Oid *oldmembers;
3273  Oid *newmembers;
3274 
3275  tuple = SearchSysCache1(PARAMETERACLOID, ObjectIdGetDatum(parameterId));
3276  if (!HeapTupleIsValid(tuple))
3277  elog(ERROR, "cache lookup failed for parameter ACL %u",
3278  parameterId);
3279 
3280  /* We'll need the GUC's name */
3281  nameDatum = SysCacheGetAttr(PARAMETERACLOID, tuple,
3282  Anum_pg_parameter_acl_parname,
3283  &isNull);
3284  Assert(!isNull);
3285  parname = TextDatumGetCString(nameDatum);
3286 
3287  /* Treat all parameters as belonging to the bootstrap superuser. */
3288  ownerId = BOOTSTRAP_SUPERUSERID;
3289 
3290  /*
3291  * Get working copy of existing ACL. If there's no ACL, substitute the
3292  * proper default.
3293  */
3294  aclDatum = SysCacheGetAttr(PARAMETERACLOID, tuple,
3295  Anum_pg_parameter_acl_paracl,
3296  &isNull);
3297 
3298  if (isNull)
3299  {
3300  old_acl = acldefault(istmt->objtype, ownerId);
3301  /* There are no old member roles according to the catalogs */
3302  noldmembers = 0;
3303  oldmembers = NULL;
3304  }
3305  else
3306  {
3307  old_acl = DatumGetAclPCopy(aclDatum);
3308  /* Get the roles mentioned in the existing ACL */
3309  noldmembers = aclmembers(old_acl, &oldmembers);
3310  }
3311 
3312  /* Determine ID to do the grant as, and available grant options */
3314  old_acl, ownerId,
3315  &grantorId, &avail_goptions);
3316 
3317  /*
3318  * Restrict the privileges to what we can actually grant, and emit the
3319  * standards-mandated warning and error messages.
3320  */
3321  this_privileges =
3322  restrict_and_check_grant(istmt->is_grant, avail_goptions,
3323  istmt->all_privs, istmt->privileges,
3324  parameterId, grantorId,
3326  parname,
3327  0, NULL);
3328 
3329  /*
3330  * Generate new ACL.
3331  */
3332  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
3333  istmt->grant_option, istmt->behavior,
3334  istmt->grantees, this_privileges,
3335  grantorId, ownerId);
3336 
3337  /*
3338  * We need the members of both old and new ACLs so we can correct the
3339  * shared dependency information.
3340  */
3341  nnewmembers = aclmembers(new_acl, &newmembers);
3342 
3343  /*
3344  * If the new ACL is equal to the default, we don't need the catalog
3345  * entry any longer. Delete it rather than updating it, to avoid
3346  * leaving a degenerate entry.
3347  */
3348  if (aclequal(new_acl, acldefault(istmt->objtype, ownerId)))
3349  {
3350  CatalogTupleDelete(relation, &tuple->t_self);
3351  }
3352  else
3353  {
3354  /* finished building new ACL value, now insert it */
3355  HeapTuple newtuple;
3356  Datum values[Natts_pg_parameter_acl] = {0};
3357  bool nulls[Natts_pg_parameter_acl] = {0};
3358  bool replaces[Natts_pg_parameter_acl] = {0};
3359 
3360  replaces[Anum_pg_parameter_acl_paracl - 1] = true;
3361  values[Anum_pg_parameter_acl_paracl - 1] = PointerGetDatum(new_acl);
3362 
3363  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
3364  values, nulls, replaces);
3365 
3366  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
3367  }
3368 
3369  /* Update initial privileges for extensions */
3370  recordExtensionInitPriv(parameterId, ParameterAclRelationId, 0,
3371  new_acl);
3372 
3373  /* Update the shared dependency ACL info */
3374  updateAclDependencies(ParameterAclRelationId, parameterId, 0,
3375  ownerId,
3376  noldmembers, oldmembers,
3377  nnewmembers, newmembers);
3378 
3379  ReleaseSysCache(tuple);
3380  pfree(new_acl);
3381 
3382  /* prevent error when processing duplicate objects */
3384  }
3385 
3386  table_close(relation, RowExclusiveLock);
3387 }
bool aclequal(const Acl *left_acl, const Acl *right_acl)
Definition: acl.c:510
#define ACL_ALL_RIGHTS_PARAMETER_ACL
Definition: acl.h:167
#define TextDatumGetCString(d)
Definition: builtins.h:86
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
Definition: indexing.c:350
Assert(fmt[strlen(fmt) - 1] !='\n')
ObjectType objtype
@ PARAMETERACLOID
Definition: syscache.h:76

References ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_NO_RIGHTS, acldefault(), aclequal(), aclmembers(), InternalGrant::all_privs, Assert(), InternalGrant::behavior, CatalogTupleDelete(), CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog(), ERROR, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), OBJECT_PARAMETER_ACL, ObjectIdGetDatum(), InternalGrant::objects, InternalGrant::objtype, PARAMETERACLOID, pfree(), PointerGetDatum(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, table_close(), table_open(), TextDatumGetCString, updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Relation()

static void ExecGrant_Relation ( InternalGrant istmt)
static

Definition at line 1807 of file aclchk.c.

1808 {
1809  Relation relation;
1810  Relation attRelation;
1811  ListCell *cell;
1812 
1813  relation = table_open(RelationRelationId, RowExclusiveLock);
1814  attRelation = table_open(AttributeRelationId, RowExclusiveLock);
1815 
1816  foreach(cell, istmt->objects)
1817  {
1818  Oid relOid = lfirst_oid(cell);
1819  Datum aclDatum;
1820  Form_pg_class pg_class_tuple;
1821  bool isNull;
1822  AclMode this_privileges;
1823  AclMode *col_privileges;
1824  int num_col_privileges;
1825  bool have_col_privileges;
1826  Acl *old_acl;
1827  Acl *old_rel_acl;
1828  int noldmembers;
1829  Oid *oldmembers;
1830  Oid ownerId;
1831  HeapTuple tuple;
1832  ListCell *cell_colprivs;
1833 
1834  tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(relOid));
1835  if (!HeapTupleIsValid(tuple))
1836  elog(ERROR, "cache lookup failed for relation %u", relOid);
1837  pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
1838 
1839  /* Not sensible to grant on an index */
1840  if (pg_class_tuple->relkind == RELKIND_INDEX ||
1841  pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX)
1842  ereport(ERROR,
1843  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1844  errmsg("\"%s\" is an index",
1845  NameStr(pg_class_tuple->relname))));
1846 
1847  /* Composite types aren't tables either */
1848  if (pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
1849  ereport(ERROR,
1850  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1851  errmsg("\"%s\" is a composite type",
1852  NameStr(pg_class_tuple->relname))));
1853 
1854  /* Used GRANT SEQUENCE on a non-sequence? */
1855  if (istmt->objtype == OBJECT_SEQUENCE &&
1856  pg_class_tuple->relkind != RELKIND_SEQUENCE)
1857  ereport(ERROR,
1858  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1859  errmsg("\"%s\" is not a sequence",
1860  NameStr(pg_class_tuple->relname))));
1861 
1862  /* Adjust the default permissions based on object type */
1863  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
1864  {
1865  if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1866  this_privileges = ACL_ALL_RIGHTS_SEQUENCE;
1867  else
1868  this_privileges = ACL_ALL_RIGHTS_RELATION;
1869  }
1870  else
1871  this_privileges = istmt->privileges;
1872 
1873  /*
1874  * The GRANT TABLE syntax can be used for sequences and non-sequences,
1875  * so we have to look at the relkind to determine the supported
1876  * permissions. The OR of table and sequence permissions were already
1877  * checked.
1878  */
1879  if (istmt->objtype == OBJECT_TABLE)
1880  {
1881  if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1882  {
1883  /*
1884  * For backward compatibility, just throw a warning for
1885  * invalid sequence permissions when using the non-sequence
1886  * GRANT syntax.
1887  */
1888  if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_SEQUENCE))
1889  {
1890  /*
1891  * Mention the object name because the user needs to know
1892  * which operations succeeded. This is required because
1893  * WARNING allows the command to continue.
1894  */
1895  ereport(WARNING,
1896  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1897  errmsg("sequence \"%s\" only supports USAGE, SELECT, and UPDATE privileges",
1898  NameStr(pg_class_tuple->relname))));
1899  this_privileges &= (AclMode) ACL_ALL_RIGHTS_SEQUENCE;
1900  }
1901  }
1902  else
1903  {
1904  if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_RELATION))
1905  {
1906  /*
1907  * USAGE is the only permission supported by sequences but
1908  * not by non-sequences. Don't mention the object name
1909  * because we didn't in the combined TABLE | SEQUENCE
1910  * check.
1911  */
1912  ereport(ERROR,
1913  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1914  errmsg("invalid privilege type %s for table",
1915  "USAGE")));
1916  }
1917  }
1918  }
1919 
1920  /*
1921  * Set up array in which we'll accumulate any column privilege bits
1922  * that need modification. The array is indexed such that entry [0]
1923  * corresponds to FirstLowInvalidHeapAttributeNumber.
1924  */
1925  num_col_privileges = pg_class_tuple->relnatts - FirstLowInvalidHeapAttributeNumber + 1;
1926  col_privileges = (AclMode *) palloc0(num_col_privileges * sizeof(AclMode));
1927  have_col_privileges = false;
1928 
1929  /*
1930  * If we are revoking relation privileges that are also column
1931  * privileges, we must implicitly revoke them from each column too,
1932  * per SQL spec. (We don't need to implicitly add column privileges
1933  * during GRANT because the permissions-checking code always checks
1934  * both relation and per-column privileges.)
1935  */
1936  if (!istmt->is_grant &&
1937  (this_privileges & ACL_ALL_RIGHTS_COLUMN) != 0)
1938  {
1939  expand_all_col_privileges(relOid, pg_class_tuple,
1940  this_privileges & ACL_ALL_RIGHTS_COLUMN,
1941  col_privileges,
1942  num_col_privileges);
1943  have_col_privileges = true;
1944  }
1945 
1946  /*
1947  * Get owner ID and working copy of existing ACL. If there's no ACL,
1948  * substitute the proper default.
1949  */
1950  ownerId = pg_class_tuple->relowner;
1951  aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
1952  &isNull);
1953  if (isNull)
1954  {
1955  switch (pg_class_tuple->relkind)
1956  {
1957  case RELKIND_SEQUENCE:
1958  old_acl = acldefault(OBJECT_SEQUENCE, ownerId);
1959  break;
1960  default:
1961  old_acl = acldefault(OBJECT_TABLE, ownerId);
1962  break;
1963  }
1964  /* There are no old member roles according to the catalogs */
1965  noldmembers = 0;
1966  oldmembers = NULL;
1967  }
1968  else
1969  {
1970  old_acl = DatumGetAclPCopy(aclDatum);
1971  /* Get the roles mentioned in the existing ACL */
1972  noldmembers = aclmembers(old_acl, &oldmembers);
1973  }
1974 
1975  /* Need an extra copy of original rel ACL for column handling */
1976  old_rel_acl = aclcopy(old_acl);
1977 
1978  /*
1979  * Handle relation-level privileges, if any were specified
1980  */
1981  if (this_privileges != ACL_NO_RIGHTS)
1982  {
1983  AclMode avail_goptions;
1984  Acl *new_acl;
1985  Oid grantorId;
1986  HeapTuple newtuple;
1987  Datum values[Natts_pg_class] = {0};
1988  bool nulls[Natts_pg_class] = {0};
1989  bool replaces[Natts_pg_class] = {0};
1990  int nnewmembers;
1991  Oid *newmembers;
1992  ObjectType objtype;
1993 
1994  /* Determine ID to do the grant as, and available grant options */
1995  select_best_grantor(GetUserId(), this_privileges,
1996  old_acl, ownerId,
1997  &grantorId, &avail_goptions);
1998 
1999  switch (pg_class_tuple->relkind)
2000  {
2001  case RELKIND_SEQUENCE:
2002  objtype = OBJECT_SEQUENCE;
2003  break;
2004  default:
2005  objtype = OBJECT_TABLE;
2006  break;
2007  }
2008 
2009  /*
2010  * Restrict the privileges to what we can actually grant, and emit
2011  * the standards-mandated warning and error messages.
2012  */
2013  this_privileges =
2014  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2015  istmt->all_privs, this_privileges,
2016  relOid, grantorId, objtype,
2017  NameStr(pg_class_tuple->relname),
2018  0, NULL);
2019 
2020  /*
2021  * Generate new ACL.
2022  */
2023  new_acl = merge_acl_with_grant(old_acl,
2024  istmt->is_grant,
2025  istmt->grant_option,
2026  istmt->behavior,
2027  istmt->grantees,
2028  this_privileges,
2029  grantorId,
2030  ownerId);
2031 
2032  /*
2033  * We need the members of both old and new ACLs so we can correct
2034  * the shared dependency information.
2035  */
2036  nnewmembers = aclmembers(new_acl, &newmembers);
2037 
2038  /* finished building new ACL value, now insert it */
2039  replaces[Anum_pg_class_relacl - 1] = true;
2040  values[Anum_pg_class_relacl - 1] = PointerGetDatum(new_acl);
2041 
2042  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
2043  values, nulls, replaces);
2044 
2045  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2046 
2047  /* Update initial privileges for extensions */
2048  recordExtensionInitPriv(relOid, RelationRelationId, 0, new_acl);
2049 
2050  /* Update the shared dependency ACL info */
2051  updateAclDependencies(RelationRelationId, relOid, 0,
2052  ownerId,
2053  noldmembers, oldmembers,
2054  nnewmembers, newmembers);
2055 
2056  pfree(new_acl);
2057  }
2058 
2059  /*
2060  * Handle column-level privileges, if any were specified or implied.
2061  * We first expand the user-specified column privileges into the
2062  * array, and then iterate over all nonempty array entries.
2063  */
2064  foreach(cell_colprivs, istmt->col_privs)
2065  {
2066  AccessPriv *col_privs = (AccessPriv *) lfirst(cell_colprivs);
2067 
2068  if (col_privs->priv_name == NULL)
2069  this_privileges = ACL_ALL_RIGHTS_COLUMN;
2070  else
2071  this_privileges = string_to_privilege(col_privs->priv_name);
2072 
2073  if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_COLUMN))
2074  ereport(ERROR,
2075  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2076  errmsg("invalid privilege type %s for column",
2077  privilege_to_string(this_privileges))));
2078 
2079  if (pg_class_tuple->relkind == RELKIND_SEQUENCE &&
2080  this_privileges & ~((AclMode) ACL_SELECT))
2081  {
2082  /*
2083  * The only column privilege allowed on sequences is SELECT.
2084  * This is a warning not error because we do it that way for
2085  * relation-level privileges.
2086  */
2087  ereport(WARNING,
2088  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2089  errmsg("sequence \"%s\" only supports SELECT column privileges",
2090  NameStr(pg_class_tuple->relname))));
2091 
2092  this_privileges &= (AclMode) ACL_SELECT;
2093  }
2094 
2095  expand_col_privileges(col_privs->cols, relOid,
2096  this_privileges,
2097  col_privileges,
2098  num_col_privileges);
2099  have_col_privileges = true;
2100  }
2101 
2102  if (have_col_privileges)
2103  {
2104  AttrNumber i;
2105 
2106  for (i = 0; i < num_col_privileges; i++)
2107  {
2108  if (col_privileges[i] == ACL_NO_RIGHTS)
2109  continue;
2110  ExecGrant_Attribute(istmt,
2111  relOid,
2112  NameStr(pg_class_tuple->relname),
2114  ownerId,
2115  col_privileges[i],
2116  attRelation,
2117  old_rel_acl);
2118  }
2119  }
2120 
2121  pfree(old_rel_acl);
2122  pfree(col_privileges);
2123 
2124  ReleaseSysCache(tuple);
2125 
2126  /* prevent error when processing duplicate objects */
2128  }
2129 
2130  table_close(attRelation, RowExclusiveLock);
2131  table_close(relation, RowExclusiveLock);
2132 }
Acl * aclcopy(const Acl *orig_acl)
Definition: acl.c:408
static void expand_all_col_privileges(Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
Definition: aclchk.c:1616
static void expand_col_privileges(List *colnames, Oid table_oid, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
Definition: aclchk.c:1583
static void ExecGrant_Attribute(InternalGrant *istmt, Oid relOid, const char *relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)
Definition: aclchk.c:1662
int16 AttrNumber
Definition: attnum.h:21
#define WARNING
Definition: elog.h:32
int i
Definition: isn.c:73
void * palloc0(Size size)
Definition: mcxt.c:1230
ObjectType
Definition: parsenodes.h:1859
#define ACL_SELECT
Definition: parsenodes.h:84
FormData_pg_class * Form_pg_class
Definition: pg_class.h:153
#define FirstLowInvalidHeapAttributeNumber
Definition: sysattr.h:27
@ RELOID
Definition: syscache.h:89

References ACL_ALL_RIGHTS_COLUMN, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SEQUENCE, ACL_NO_RIGHTS, ACL_SELECT, aclcopy(), acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), InternalGrant::col_privs, AccessPriv::cols, CommandCounterIncrement(), DatumGetAclPCopy, elog(), ereport, errcode(), errmsg(), ERROR, ExecGrant_Attribute(), expand_all_col_privileges(), expand_col_privileges(), FirstLowInvalidHeapAttributeNumber, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, i, InternalGrant::is_grant, lfirst, lfirst_oid, merge_acl_with_grant(), NameStr, OBJECT_SEQUENCE, OBJECT_TABLE, ObjectIdGetDatum(), InternalGrant::objects, InternalGrant::objtype, palloc0(), pfree(), PointerGetDatum(), AccessPriv::priv_name, privilege_to_string(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), RELOID, restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), string_to_privilege(), SysCacheGetAttr(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), values, and WARNING.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Tablespace()

static void ExecGrant_Tablespace ( InternalGrant istmt)
static

Definition at line 2997 of file aclchk.c.

2998 {
2999  Relation relation;
3000  ListCell *cell;
3001 
3002  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
3004 
3005  relation = table_open(TableSpaceRelationId, RowExclusiveLock);
3006 
3007  foreach(cell, istmt->objects)
3008  {
3009  Oid tblId = lfirst_oid(cell);
3010  Form_pg_tablespace pg_tablespace_tuple;
3011  Datum aclDatum;
3012  bool isNull;
3013  AclMode avail_goptions;
3014  AclMode this_privileges;
3015  Acl *old_acl;
3016  Acl *new_acl;
3017  Oid grantorId;
3018  Oid ownerId;
3019  HeapTuple newtuple;
3020  Datum values[Natts_pg_tablespace] = {0};
3021  bool nulls[Natts_pg_tablespace] = {0};
3022  bool replaces[Natts_pg_tablespace] = {0};
3023  int noldmembers;
3024  int nnewmembers;
3025  Oid *oldmembers;
3026  Oid *newmembers;
3027  HeapTuple tuple;
3028 
3029  /* Search syscache for pg_tablespace */
3031  if (!HeapTupleIsValid(tuple))
3032  elog(ERROR, "cache lookup failed for tablespace %u", tblId);
3033 
3034  pg_tablespace_tuple = (Form_pg_tablespace) GETSTRUCT(tuple);
3035 
3036  /*
3037  * Get owner ID and working copy of existing ACL. If there's no ACL,
3038  * substitute the proper default.
3039  */
3040  ownerId = pg_tablespace_tuple->spcowner;
3041  aclDatum = heap_getattr(tuple, Anum_pg_tablespace_spcacl,
3042  RelationGetDescr(relation), &isNull);
3043  if (isNull)
3044  {
3045  old_acl = acldefault(OBJECT_TABLESPACE, ownerId);
3046  /* There are no old member roles according to the catalogs */
3047  noldmembers = 0;
3048  oldmembers = NULL;
3049  }
3050  else
3051  {
3052  old_acl = DatumGetAclPCopy(aclDatum);
3053  /* Get the roles mentioned in the existing ACL */
3054  noldmembers = aclmembers(old_acl, &oldmembers);
3055  }
3056 
3057  /* Determine ID to do the grant as, and available grant options */
3059  old_acl, ownerId,
3060  &grantorId, &avail_goptions);
3061 
3062  /*
3063  * Restrict the privileges to what we can actually grant, and emit the
3064  * standards-mandated warning and error messages.
3065  */
3066  this_privileges =
3067  restrict_and_check_grant(istmt->is_grant, avail_goptions,
3068  istmt->all_privs, istmt->privileges,
3069  tblId, grantorId, OBJECT_TABLESPACE,
3070  NameStr(pg_tablespace_tuple->spcname),
3071  0, NULL);
3072 
3073  /*
3074  * Generate new ACL.
3075  */
3076  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
3077  istmt->grant_option, istmt->behavior,
3078  istmt->grantees, this_privileges,
3079  grantorId, ownerId);
3080 
3081  /*
3082  * We need the members of both old and new ACLs so we can correct the
3083  * shared dependency information.
3084  */
3085  nnewmembers = aclmembers(new_acl, &newmembers);
3086 
3087  /* finished building new ACL value, now insert it */
3088  replaces[Anum_pg_tablespace_spcacl - 1] = true;
3089  values[Anum_pg_tablespace_spcacl - 1] = PointerGetDatum(new_acl);
3090 
3091  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
3092  nulls, replaces);
3093 
3094  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
3095 
3096  /* Update the shared dependency ACL info */
3097  updateAclDependencies(TableSpaceRelationId, tblId, 0,
3098  ownerId,
3099  noldmembers, oldmembers,
3100  nnewmembers, newmembers);
3101 
3102  ReleaseSysCache(tuple);
3103  pfree(new_acl);
3104 
3105  /* prevent error when processing duplicate objects */
3107  }
3108 
3109  table_close(relation, RowExclusiveLock);
3110 }
#define ACL_ALL_RIGHTS_TABLESPACE
Definition: acl.h:169
FormData_pg_tablespace * Form_pg_tablespace
Definition: pg_tablespace.h:48
@ TABLESPACEOID
Definition: syscache.h:101

References ACL_ALL_RIGHTS_TABLESPACE, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog(), ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_getattr(), heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), NameStr, OBJECT_TABLESPACE, ObjectIdGetDatum(), InternalGrant::objects, pfree(), PointerGetDatum(), InternalGrant::privileges, RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), HeapTupleData::t_self, table_close(), table_open(), TABLESPACEOID, updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Type()

static void ExecGrant_Type ( InternalGrant istmt)
static

Definition at line 3113 of file aclchk.c.

3114 {
3115  Relation relation;
3116  ListCell *cell;
3117 
3118  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
3120 
3121  relation = table_open(TypeRelationId, RowExclusiveLock);
3122 
3123  foreach(cell, istmt->objects)
3124  {
3125  Oid typId = lfirst_oid(cell);
3126  Form_pg_type pg_type_tuple;
3127  Datum aclDatum;
3128  bool isNull;
3129  AclMode avail_goptions;
3130  AclMode this_privileges;
3131  Acl *old_acl;
3132  Acl *new_acl;
3133  Oid grantorId;
3134  Oid ownerId;
3135  HeapTuple newtuple;
3136  Datum values[Natts_pg_type] = {0};
3137  bool nulls[Natts_pg_type] = {0};
3138  bool replaces[Natts_pg_type] = {0};
3139  int noldmembers;
3140  int nnewmembers;
3141  Oid *oldmembers;
3142  Oid *newmembers;
3143  HeapTuple tuple;
3144 
3145  /* Search syscache for pg_type */
3146  tuple = SearchSysCache1(TYPEOID, ObjectIdGetDatum(typId));
3147  if (!HeapTupleIsValid(tuple))
3148  elog(ERROR, "cache lookup failed for type %u", typId);
3149 
3150  pg_type_tuple = (Form_pg_type) GETSTRUCT(tuple);
3151 
3152  if (IsTrueArrayType(pg_type_tuple))
3153  ereport(ERROR,
3154  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
3155  errmsg("cannot set privileges of array types"),
3156  errhint("Set the privileges of the element type instead.")));
3157 
3158  /* Used GRANT DOMAIN on a non-domain? */
3159  if (istmt->objtype == OBJECT_DOMAIN &&
3160  pg_type_tuple->typtype != TYPTYPE_DOMAIN)
3161  ereport(ERROR,
3162  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
3163  errmsg("\"%s\" is not a domain",
3164  NameStr(pg_type_tuple->typname))));
3165 
3166  /*
3167  * Get owner ID and working copy of existing ACL. If there's no ACL,
3168  * substitute the proper default.
3169  */
3170  ownerId = pg_type_tuple->typowner;
3171  aclDatum = heap_getattr(tuple, Anum_pg_type_typacl,
3172  RelationGetDescr(relation), &isNull);
3173  if (isNull)
3174  {
3175  old_acl = acldefault(istmt->objtype, ownerId);
3176  /* There are no old member roles according to the catalogs */
3177  noldmembers = 0;
3178  oldmembers = NULL;
3179  }
3180  else
3181  {
3182  old_acl = DatumGetAclPCopy(aclDatum);
3183  /* Get the roles mentioned in the existing ACL */
3184  noldmembers = aclmembers(old_acl, &oldmembers);
3185  }
3186 
3187  /* Determine ID to do the grant as, and available grant options */
3189  old_acl, ownerId,
3190  &grantorId, &avail_goptions);
3191 
3192  /*
3193  * Restrict the privileges to what we can actually grant, and emit the
3194  * standards-mandated warning and error messages.
3195  */
3196  this_privileges =
3197  restrict_and_check_grant(istmt->is_grant, avail_goptions,
3198  istmt->all_privs, istmt->privileges,
3199  typId, grantorId, OBJECT_TYPE,
3200  NameStr(pg_type_tuple->typname),
3201  0, NULL);
3202 
3203  /*
3204  * Generate new ACL.
3205  */
3206  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
3207  istmt->grant_option, istmt->behavior,
3208  istmt->grantees, this_privileges,
3209  grantorId, ownerId);
3210 
3211  /*
3212  * We need the members of both old and new ACLs so we can correct the
3213  * shared dependency information.
3214  */
3215  nnewmembers = aclmembers(new_acl, &newmembers);
3216 
3217  /* finished building new ACL value, now insert it */
3218  replaces[Anum_pg_type_typacl - 1] = true;
3219  values[Anum_pg_type_typacl - 1] = PointerGetDatum(new_acl);
3220 
3221  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
3222  nulls, replaces);
3223 
3224  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
3225 
3226  /* Update initial privileges for extensions */
3227  recordExtensionInitPriv(typId, TypeRelationId, 0, new_acl);
3228 
3229  /* Update the shared dependency ACL info */
3230  updateAclDependencies(TypeRelationId, typId, 0,
3231  ownerId,
3232  noldmembers, oldmembers,
3233  nnewmembers, newmembers);
3234 
3235  ReleaseSysCache(tuple);
3236  pfree(new_acl);
3237 
3238  /* prevent error when processing duplicate objects */
3240  }
3241 
3242  table_close(relation, RowExclusiveLock);
3243 }
int errhint(const char *fmt,...)
Definition: elog.c:1153
FormData_pg_type * Form_pg_type
Definition: pg_type.h:261
@ TYPEOID
Definition: syscache.h:114

References ACL_ALL_RIGHTS_TYPE, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog(), ereport, errcode(), errhint(), errmsg(), ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_getattr(), heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), NameStr, OBJECT_DOMAIN, OBJECT_TYPE, ObjectIdGetDatum(), InternalGrant::objects, InternalGrant::objtype, pfree(), PointerGetDatum(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), HeapTupleData::t_self, table_close(), table_open(), TYPEOID, updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

◆ ExecGrantStmt_oids()

static void ExecGrantStmt_oids ( InternalGrant istmt)
static

Definition at line 596 of file aclchk.c.

597 {
598  switch (istmt->objtype)
599  {
600  case OBJECT_TABLE:
601  case OBJECT_SEQUENCE:
602  ExecGrant_Relation(istmt);
603  break;
604  case OBJECT_DATABASE:
605  ExecGrant_Database(istmt);
606  break;
607  case OBJECT_DOMAIN:
608  case OBJECT_TYPE:
609  ExecGrant_Type(istmt);
610  break;
611  case OBJECT_FDW:
612  ExecGrant_Fdw(istmt);
613  break;
616  break;
617  case OBJECT_FUNCTION:
618  case OBJECT_PROCEDURE:
619  case OBJECT_ROUTINE:
620  ExecGrant_Function(istmt);
621  break;
622  case OBJECT_LANGUAGE:
623  ExecGrant_Language(istmt);
624  break;
625  case OBJECT_LARGEOBJECT:
626  ExecGrant_Largeobject(istmt);
627  break;
628  case OBJECT_SCHEMA:
629  ExecGrant_Namespace(istmt);
630  break;
631  case OBJECT_TABLESPACE:
632  ExecGrant_Tablespace(istmt);
633  break;
635  ExecGrant_Parameter(istmt);
636  break;
637  default:
638  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
639  (int) istmt->objtype);
640  }
641 
642  /*
643  * Pass the info to event triggers about the just-executed GRANT. Note
644  * that we prefer to do it after actually executing it, because that gives
645  * the functions a chance to adjust the istmt with privileges actually
646  * granted.
647  */
650 }
static void ExecGrant_Fdw(InternalGrant *istmt)
Definition: aclchk.c:2251
static void ExecGrant_ForeignServer(InternalGrant *istmt)
Definition: aclchk.c:2374
static void ExecGrant_Namespace(InternalGrant *istmt)
Definition: aclchk.c:2877
static void ExecGrant_Database(InternalGrant *istmt)
Definition: aclchk.c:2135
static void ExecGrant_Largeobject(InternalGrant *istmt)
Definition: aclchk.c:2741
static void ExecGrant_Type(InternalGrant *istmt)
Definition: aclchk.c:3113
static void ExecGrant_Language(InternalGrant *istmt)
Definition: aclchk.c:2614
static void ExecGrant_Function(InternalGrant *istmt)
Definition: aclchk.c:2495
static void ExecGrant_Tablespace(InternalGrant *istmt)
Definition: aclchk.c:2997
static void ExecGrant_Parameter(InternalGrant *istmt)
Definition: aclchk.c:3246
static void ExecGrant_Relation(InternalGrant *istmt)
Definition: aclchk.c:1807
bool EventTriggerSupportsObjectType(ObjectType obtype)
void EventTriggerCollectGrant(InternalGrant *istmt)

References elog(), ERROR, EventTriggerCollectGrant(), EventTriggerSupportsObjectType(), ExecGrant_Database(), ExecGrant_Fdw(), ExecGrant_ForeignServer(), ExecGrant_Function(), ExecGrant_Language(), ExecGrant_Largeobject(), ExecGrant_Namespace(), ExecGrant_Parameter(), ExecGrant_Relation(), ExecGrant_Tablespace(), ExecGrant_Type(), OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, and InternalGrant::objtype.

Referenced by ExecuteGrantStmt(), and RemoveRoleFromObjectACL().

◆ ExecuteGrantStmt()

void ExecuteGrantStmt ( GrantStmt stmt)

Definition at line 386 of file aclchk.c.

387 {
388  InternalGrant istmt;
389  ListCell *cell;
390  const char *errormsg;
391  AclMode all_privileges;
392 
393  if (stmt->grantor)
394  {
395  Oid grantor;
396 
397  grantor = get_rolespec_oid(stmt->grantor, false);
398 
399  /*
400  * Currently, this clause is only for SQL compatibility, not very
401  * interesting otherwise.
402  */
403  if (grantor != GetUserId())
404  ereport(ERROR,
405  (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
406  errmsg("grantor must be current user")));
407  }
408 
409  /*
410  * Turn the regular GrantStmt into the InternalGrant form.
411  */
412  istmt.is_grant = stmt->is_grant;
413  istmt.objtype = stmt->objtype;
414 
415  /* Collect the OIDs of the target objects */
416  switch (stmt->targtype)
417  {
418  case ACL_TARGET_OBJECT:
419  istmt.objects = objectNamesToOids(stmt->objtype, stmt->objects,
420  stmt->is_grant);
421  break;
423  istmt.objects = objectsInSchemaToOids(stmt->objtype, stmt->objects);
424  break;
425  /* ACL_TARGET_DEFAULTS should not be seen here */
426  default:
427  elog(ERROR, "unrecognized GrantStmt.targtype: %d",
428  (int) stmt->targtype);
429  }
430 
431  /* all_privs to be filled below */
432  /* privileges to be filled below */
433  istmt.col_privs = NIL; /* may get filled below */
434  istmt.grantees = NIL; /* filled below */
435  istmt.grant_option = stmt->grant_option;
436  istmt.behavior = stmt->behavior;
437 
438  /*
439  * Convert the RoleSpec list into an Oid list. Note that at this point we
440  * insert an ACL_ID_PUBLIC into the list if appropriate, so downstream
441  * there shouldn't be any additional work needed to support this case.
442  */
443  foreach(cell, stmt->grantees)
444  {
445  RoleSpec *grantee = (RoleSpec *) lfirst(cell);
446  Oid grantee_uid;
447 
448  switch (grantee->roletype)
449  {
450  case ROLESPEC_PUBLIC:
451  grantee_uid = ACL_ID_PUBLIC;
452  break;
453  default:
454  grantee_uid = get_rolespec_oid(grantee, false);
455  break;
456  }
457  istmt.grantees = lappend_oid(istmt.grantees, grantee_uid);
458  }
459 
460  /*
461  * Convert stmt->privileges, a list of AccessPriv nodes, into an AclMode
462  * bitmask. Note: objtype can't be OBJECT_COLUMN.
463  */
464  switch (stmt->objtype)
465  {
466  case OBJECT_TABLE:
467 
468  /*
469  * Because this might be a sequence, we test both relation and
470  * sequence bits, and later do a more limited test when we know
471  * the object type.
472  */
474  errormsg = gettext_noop("invalid privilege type %s for relation");
475  break;
476  case OBJECT_SEQUENCE:
477  all_privileges = ACL_ALL_RIGHTS_SEQUENCE;
478  errormsg = gettext_noop("invalid privilege type %s for sequence");
479  break;
480  case OBJECT_DATABASE:
481  all_privileges = ACL_ALL_RIGHTS_DATABASE;
482  errormsg = gettext_noop("invalid privilege type %s for database");
483  break;
484  case OBJECT_DOMAIN:
485  all_privileges = ACL_ALL_RIGHTS_TYPE;
486  errormsg = gettext_noop("invalid privilege type %s for domain");
487  break;
488  case OBJECT_FUNCTION:
489  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
490  errormsg = gettext_noop("invalid privilege type %s for function");
491  break;
492  case OBJECT_LANGUAGE:
493  all_privileges = ACL_ALL_RIGHTS_LANGUAGE;
494  errormsg = gettext_noop("invalid privilege type %s for language");
495  break;
496  case OBJECT_LARGEOBJECT:
497  all_privileges = ACL_ALL_RIGHTS_LARGEOBJECT;
498  errormsg = gettext_noop("invalid privilege type %s for large object");
499  break;
500  case OBJECT_SCHEMA:
501  all_privileges = ACL_ALL_RIGHTS_SCHEMA;
502  errormsg = gettext_noop("invalid privilege type %s for schema");
503  break;
504  case OBJECT_PROCEDURE:
505  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
506  errormsg = gettext_noop("invalid privilege type %s for procedure");
507  break;
508  case OBJECT_ROUTINE:
509  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
510  errormsg = gettext_noop("invalid privilege type %s for routine");
511  break;
512  case OBJECT_TABLESPACE:
513  all_privileges = ACL_ALL_RIGHTS_TABLESPACE;
514  errormsg = gettext_noop("invalid privilege type %s for tablespace");
515  break;
516  case OBJECT_TYPE:
517  all_privileges = ACL_ALL_RIGHTS_TYPE;
518  errormsg = gettext_noop("invalid privilege type %s for type");
519  break;
520  case OBJECT_FDW:
521  all_privileges = ACL_ALL_RIGHTS_FDW;
522  errormsg = gettext_noop("invalid privilege type %s for foreign-data wrapper");
523  break;
525  all_privileges = ACL_ALL_RIGHTS_FOREIGN_SERVER;
526  errormsg = gettext_noop("invalid privilege type %s for foreign server");
527  break;
529  all_privileges = ACL_ALL_RIGHTS_PARAMETER_ACL;
530  errormsg = gettext_noop("invalid privilege type %s for parameter");
531  break;
532  default:
533  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
534  (int) stmt->objtype);
535  /* keep compiler quiet */
536  all_privileges = ACL_NO_RIGHTS;
537  errormsg = NULL;
538  }
539 
540  if (stmt->privileges == NIL)
541  {
542  istmt.all_privs = true;
543 
544  /*
545  * will be turned into ACL_ALL_RIGHTS_* by the internal routines
546  * depending on the object type
547  */
548  istmt.privileges = ACL_NO_RIGHTS;
549  }
550  else
551  {
552  istmt.all_privs = false;
553  istmt.privileges = ACL_NO_RIGHTS;
554 
555  foreach(cell, stmt->privileges)
556  {
557  AccessPriv *privnode = (AccessPriv *) lfirst(cell);
558  AclMode priv;
559 
560  /*
561  * If it's a column-level specification, we just set it aside in
562  * col_privs for the moment; but insist it's for a relation.
563  */
564  if (privnode->cols)
565  {
566  if (stmt->objtype != OBJECT_TABLE)
567  ereport(ERROR,
568  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
569  errmsg("column privileges are only valid for relations")));
570  istmt.col_privs = lappend(istmt.col_privs, privnode);
571  continue;
572  }
573 
574  if (privnode->priv_name == NULL) /* parser mistake? */
575  elog(ERROR, "AccessPriv node must specify privilege or columns");
576  priv = string_to_privilege(privnode->priv_name);
577 
578  if (priv & ~((AclMode) all_privileges))
579  ereport(ERROR,
580  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
581  errmsg(errormsg, privilege_to_string(priv))));
582 
583  istmt.privileges |= priv;
584  }
585  }
586 
587  ExecGrantStmt_oids(&istmt);
588 }
static void ExecGrantStmt_oids(InternalGrant *istmt)
Definition: aclchk.c:596
static List * objectNamesToOids(ObjectType objtype, List *objnames, bool is_grant)
Definition: aclchk.c:663
static List * objectsInSchemaToOids(ObjectType objtype, List *nspnames)
Definition: aclchk.c:843
List * lappend(List *list, void *datum)
Definition: list.c:338
@ ACL_TARGET_OBJECT
Definition: parsenodes.h:2092
@ ACL_TARGET_ALL_IN_SCHEMA
Definition: parsenodes.h:2093
ObjectType objtype
Definition: parsenodes.h:2102
bool is_grant
Definition: parsenodes.h:2100
List * objects
Definition: parsenodes.h:2103
bool grant_option
Definition: parsenodes.h:2108
List * grantees
Definition: parsenodes.h:2107
List * privileges
Definition: parsenodes.h:2105
GrantTargetType targtype
Definition: parsenodes.h:2101
DropBehavior behavior
Definition: parsenodes.h:2110
RoleSpec * grantor
Definition: parsenodes.h:2109

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_LARGEOBJECT, ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, ACL_TARGET_ALL_IN_SCHEMA, ACL_TARGET_OBJECT, InternalGrant::all_privs, GrantStmt::behavior, InternalGrant::behavior, InternalGrant::col_privs, AccessPriv::cols, elog(), ereport, errcode(), errmsg(), ERROR, ExecGrantStmt_oids(), get_rolespec_oid(), gettext_noop, GetUserId(), GrantStmt::grant_option, InternalGrant::grant_option, GrantStmt::grantees, InternalGrant::grantees, GrantStmt::grantor, GrantStmt::is_grant, InternalGrant::is_grant, lappend(), lappend_oid(), lfirst, NIL, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, objectNamesToOids(), GrantStmt::objects, InternalGrant::objects, objectsInSchemaToOids(), GrantStmt::objtype, InternalGrant::objtype, AccessPriv::priv_name, privilege_to_string(), GrantStmt::privileges, InternalGrant::privileges, ROLESPEC_PUBLIC, RoleSpec::roletype, string_to_privilege(), and GrantStmt::targtype.

Referenced by ProcessUtilitySlow(), and standard_ProcessUtility().

◆ expand_all_col_privileges()

static void expand_all_col_privileges ( Oid  table_oid,
Form_pg_class  classForm,
AclMode  this_privileges,
AclMode col_privileges,
int  num_col_privileges 
)
static

Definition at line 1616 of file aclchk.c.

1620 {
1621  AttrNumber curr_att;
1622 
1623  Assert(classForm->relnatts - FirstLowInvalidHeapAttributeNumber < num_col_privileges);
1624  for (curr_att = FirstLowInvalidHeapAttributeNumber + 1;
1625  curr_att <= classForm->relnatts;
1626  curr_att++)
1627  {
1628  HeapTuple attTuple;
1629  bool isdropped;
1630 
1631  if (curr_att == InvalidAttrNumber)
1632  continue;
1633 
1634  /* Views don't have any system columns at all */
1635  if (classForm->relkind == RELKIND_VIEW && curr_att < 0)
1636  continue;
1637 
1638  attTuple = SearchSysCache2(ATTNUM,
1639  ObjectIdGetDatum(table_oid),
1640  Int16GetDatum(curr_att));
1641  if (!HeapTupleIsValid(attTuple))
1642  elog(ERROR, "cache lookup failed for attribute %d of relation %u",
1643  curr_att, table_oid);
1644 
1645  isdropped = ((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped;
1646 
1647  ReleaseSysCache(attTuple);
1648 
1649  /* ignore dropped columns */
1650  if (isdropped)
1651  continue;
1652 
1653  col_privileges[curr_att - FirstLowInvalidHeapAttributeNumber] |= this_privileges;
1654  }
1655 }
#define InvalidAttrNumber
Definition: attnum.h:23

References Assert(), ATTNUM, elog(), ERROR, FirstLowInvalidHeapAttributeNumber, GETSTRUCT, HeapTupleIsValid, Int16GetDatum(), InvalidAttrNumber, ObjectIdGetDatum(), ReleaseSysCache(), and SearchSysCache2().

Referenced by ExecGrant_Relation().

◆ expand_col_privileges()

static void expand_col_privileges ( List colnames,
Oid  table_oid,
AclMode  this_privileges,
AclMode col_privileges,
int  num_col_privileges 
)
static

Definition at line 1583 of file aclchk.c.

1587 {
1588  ListCell *cell;
1589 
1590  foreach(cell, colnames)
1591  {
1592  char *colname = strVal(lfirst(cell));
1594 
1595  attnum = get_attnum(table_oid, colname);
1596  if (attnum == InvalidAttrNumber)
1597  ereport(ERROR,
1598  (errcode(ERRCODE_UNDEFINED_COLUMN),
1599  errmsg("column \"%s\" of relation \"%s\" does not exist",
1600  colname, get_rel_name(table_oid))));
1602  if (attnum <= 0 || attnum >= num_col_privileges)
1603  elog(ERROR, "column number out of range"); /* safety check */
1604  col_privileges[attnum] |= this_privileges;
1605  }
1606 }
AttrNumber get_attnum(Oid relid, const char *attname)
Definition: lsyscache.c:857
char * get_rel_name(Oid relid)
Definition: lsyscache.c:1910
#define strVal(v)
Definition: value.h:82

References attnum, elog(), ereport, errcode(), errmsg(), ERROR, FirstLowInvalidHeapAttributeNumber, get_attnum(), get_rel_name(), InvalidAttrNumber, lfirst, and strVal.

Referenced by ExecGrant_Relation().

◆ get_default_acl_internal()

static Acl* get_default_acl_internal ( Oid  roleId,
Oid  nsp_oid,
char  objtype 
)
static

Definition at line 4895 of file aclchk.c.

4896 {
4897  Acl *result = NULL;
4898  HeapTuple tuple;
4899 
4901  ObjectIdGetDatum(roleId),
4902  ObjectIdGetDatum(nsp_oid),
4903  CharGetDatum(objtype));
4904 
4905  if (HeapTupleIsValid(tuple))
4906  {
4907  Datum aclDatum;
4908  bool isNull;
4909 
4910  aclDatum = SysCacheGetAttr(DEFACLROLENSPOBJ, tuple,
4911  Anum_pg_default_acl_defaclacl,
4912  &isNull);
4913  if (!isNull)
4914  result = DatumGetAclPCopy(aclDatum);
4915  ReleaseSysCache(tuple);
4916  }
4917 
4918  return result;
4919 }
static Datum CharGetDatum(char X)
Definition: postgres.h:470
HeapTuple SearchSysCache3(int cacheId, Datum key1, Datum key2, Datum key3)
Definition: syscache.c:1195
@ DEFACLROLENSPOBJ
Definition: syscache.h:56

References CharGetDatum(), DatumGetAclPCopy, DEFACLROLENSPOBJ, HeapTupleIsValid, ObjectIdGetDatum(), ReleaseSysCache(), SearchSysCache3(), and SysCacheGetAttr().

Referenced by get_user_default_acl().

◆ get_user_default_acl()

Acl* get_user_default_acl ( ObjectType  objtype,
Oid  ownerId,
Oid  nsp_oid 
)

Definition at line 4930 of file aclchk.c.

4931 {
4932  Acl *result;
4933  Acl *glob_acl;
4934  Acl *schema_acl;
4935  Acl *def_acl;
4936  char defaclobjtype;
4937 
4938  /*
4939  * Use NULL during bootstrap, since pg_default_acl probably isn't there
4940  * yet.
4941  */
4943  return NULL;
4944 
4945  /* Check if object type is supported in pg_default_acl */
4946  switch (objtype)
4947  {
4948  case OBJECT_TABLE:
4949  defaclobjtype = DEFACLOBJ_RELATION;
4950  break;
4951 
4952  case OBJECT_SEQUENCE:
4953  defaclobjtype = DEFACLOBJ_SEQUENCE;
4954  break;
4955 
4956  case OBJECT_FUNCTION:
4957  defaclobjtype = DEFACLOBJ_FUNCTION;
4958  break;
4959 
4960  case OBJECT_TYPE:
4961  defaclobjtype = DEFACLOBJ_TYPE;
4962  break;
4963 
4964  case OBJECT_SCHEMA:
4965  defaclobjtype = DEFACLOBJ_NAMESPACE;
4966  break;
4967 
4968  default:
4969  return NULL;
4970  }
4971 
4972  /* Look up the relevant pg_default_acl entries */
4973  glob_acl = get_default_acl_internal(ownerId, InvalidOid, defaclobjtype);
4974  schema_acl = get_default_acl_internal(ownerId, nsp_oid, defaclobjtype);
4975 
4976  /* Quick out if neither entry exists */
4977  if (glob_acl == NULL && schema_acl == NULL)
4978  return NULL;
4979 
4980  /* We need to know the hard-wired default value, too */
4981  def_acl = acldefault(objtype, ownerId);
4982 
4983  /* If there's no global entry, substitute the hard-wired default */
4984  if (glob_acl == NULL)
4985  glob_acl = def_acl;
4986 
4987  /* Merge in any per-schema privileges */
4988  result = aclmerge(glob_acl, schema_acl, ownerId);
4989 
4990  /*
4991  * For efficiency, we want to return NULL if the result equals default.
4992  * This requires sorting both arrays to get an accurate comparison.
4993  */
4994  aclitemsort(result);
4995  aclitemsort(def_acl);
4996  if (aclequal(result, def_acl))
4997  result = NULL;
4998 
4999  return result;
5000 }
void aclitemsort(Acl *acl)
Definition: acl.c:496
Acl * aclmerge(const Acl *left_acl, const Acl *right_acl, Oid ownerId)
Definition: acl.c:452
static Acl * get_default_acl_internal(Oid roleId, Oid nsp_oid, char objtype)
Definition: aclchk.c:4895
#define IsBootstrapProcessingMode()
Definition: miscadmin.h:402
#define InvalidOid
Definition: postgres_ext.h:36

References acldefault(), aclequal(), aclitemsort(), aclmerge(), get_default_acl_internal(), InvalidOid, IsBootstrapProcessingMode, OBJECT_FUNCTION, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, and OBJECT_TYPE.

Referenced by heap_create_with_catalog(), NamespaceCreate(), ProcedureCreate(), and TypeCreate().

◆ getRelationsInNamespace()

static List * getRelationsInNamespace ( Oid  namespaceId,
char  relkind 
)
static

Definition at line 932 of file aclchk.c.

933 {
934  List *relations = NIL;
935  ScanKeyData key[2];
936  Relation rel;
937  TableScanDesc scan;
938  HeapTuple tuple;
939 
940  ScanKeyInit(&key[0],
941  Anum_pg_class_relnamespace,
942  BTEqualStrategyNumber, F_OIDEQ,
943  ObjectIdGetDatum(namespaceId));
944  ScanKeyInit(&key[1],
945  Anum_pg_class_relkind,
946  BTEqualStrategyNumber, F_CHAREQ,
947  CharGetDatum(relkind));
948 
949  rel = table_open(RelationRelationId, AccessShareLock);
950  scan = table_beginscan_catalog(rel, 2, key);
951 
952  while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
953  {
954  Oid oid = ((Form_pg_class) GETSTRUCT(tuple))->oid;
955 
956  relations = lappend_oid(relations, oid);
957  }
958 
959  table_endscan(scan);
961 
962  return relations;
963 }
HeapTuple heap_getnext(TableScanDesc sscan, ScanDirection direction)
Definition: heapam.c:1299
#define AccessShareLock
Definition: lockdefs.h:36
@ ForwardScanDirection
Definition: sdir.h:26
TableScanDesc table_beginscan_catalog(Relation relation, int nkeys, struct ScanKeyData *key)
Definition: tableam.c:112
static void table_endscan(TableScanDesc scan)
Definition: tableam.h:993

References AccessShareLock, BTEqualStrategyNumber, CharGetDatum(), ForwardScanDirection, GETSTRUCT, heap_getnext(), sort-test::key, lappend_oid(), NIL, ObjectIdGetDatum(), ScanKeyInit(), table_beginscan_catalog(), table_close(), table_endscan(), and table_open().

Referenced by objectsInSchemaToOids().

◆ has_bypassrls_privilege()

bool has_bypassrls_privilege ( Oid  roleid)

Definition at line 4871 of file aclchk.c.

4872 {
4873  bool result = false;
4874  HeapTuple utup;
4875 
4876  /* Superusers bypass all permission checking. */
4877  if (superuser_arg(roleid))
4878  return true;
4879 
4880  utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
4881  if (HeapTupleIsValid(utup))
4882  {
4883  result = ((Form_pg_authid) GETSTRUCT(utup))->rolbypassrls;
4884  ReleaseSysCache(utup);
4885  }
4886  return result;
4887 }
FormData_pg_authid * Form_pg_authid
Definition: pg_authid.h:56
bool rolbypassrls
Definition: pg_authid.h:41
bool superuser_arg(Oid roleid)
Definition: superuser.c:56
@ AUTHOID
Definition: syscache.h:45

References AUTHOID, GETSTRUCT, HeapTupleIsValid, ObjectIdGetDatum(), ReleaseSysCache(), rolbypassrls, SearchSysCache1(), and superuser_arg().

Referenced by check_enable_rls(), and RI_Initial_Check().

◆ has_createrole_privilege()

bool has_createrole_privilege ( Oid  roleid)

Definition at line 4852 of file aclchk.c.

4853 {
4854  bool result = false;
4855  HeapTuple utup;
4856 
4857  /* Superusers bypass all permission checking. */
4858  if (superuser_arg(roleid))
4859  return true;
4860 
4861  utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
4862  if (HeapTupleIsValid(utup))
4863  {
4864  result = ((Form_pg_authid) GETSTRUCT(utup))->rolcreaterole;
4865  ReleaseSysCache(utup);
4866  }
4867  return result;
4868 }
bool rolcreaterole
Definition: pg_authid.h:37

References AUTHOID, GETSTRUCT, HeapTupleIsValid, ObjectIdGetDatum(), ReleaseSysCache(), rolcreaterole, SearchSysCache1(), and superuser_arg().

Referenced by check_object_ownership(), check_role_grantor(), and have_createrole_privilege().

◆ merge_acl_with_grant()

static Acl* merge_acl_with_grant ( Acl old_acl,
bool  is_grant,
bool  grant_option,
DropBehavior  behavior,
List grantees,
AclMode  privileges,
Oid  grantorId,
Oid  ownerId 
)
static

Definition at line 176 of file aclchk.c.

180 {
181  unsigned modechg;
182  ListCell *j;
183  Acl *new_acl;
184 
185  modechg = is_grant ? ACL_MODECHG_ADD : ACL_MODECHG_DEL;
186 
187  new_acl = old_acl;
188 
189  foreach(j, grantees)
190  {
191  AclItem aclitem;
192  Acl *newer_acl;
193 
194  aclitem.ai_grantee = lfirst_oid(j);
195 
196  /*
197  * Grant options can only be granted to individual roles, not PUBLIC.
198  * The reason is that if a user would re-grant a privilege that he
199  * held through PUBLIC, and later the user is removed, the situation
200  * is impossible to clean up.
201  */
202  if (is_grant && grant_option && aclitem.ai_grantee == ACL_ID_PUBLIC)
203  ereport(ERROR,
204  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
205  errmsg("grant options can only be granted to roles")));
206 
207  aclitem.ai_grantor = grantorId;
208 
209  /*
210  * The asymmetry in the conditions here comes from the spec. In
211  * GRANT, the grant_option flag signals WITH GRANT OPTION, which means
212  * to grant both the basic privilege and its grant option. But in
213  * REVOKE, plain revoke revokes both the basic privilege and its grant
214  * option, while REVOKE GRANT OPTION revokes only the option.
215  */
217  (is_grant || !grant_option) ? privileges : ACL_NO_RIGHTS,
218  (!is_grant || grant_option) ? privileges : ACL_NO_RIGHTS);
219 
220  newer_acl = aclupdate(new_acl, &aclitem, modechg, ownerId, behavior);
221 
222  /* avoid memory leak when there are many grantees */
223  pfree(new_acl);
224  new_acl = newer_acl;
225  }
226 
227  return new_acl;
228 }
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
Definition: acl.c:938
#define ACL_MODECHG_DEL
Definition: acl.h:130
#define ACL_MODECHG_ADD
Definition: acl.h:129
#define ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)
Definition: acl.h:82
int j
Definition: isn.c:74
Definition: acl.h:55
Oid ai_grantee
Definition: acl.h:56
Oid ai_grantor
Definition: acl.h:57

References ACL_ID_PUBLIC, ACL_MODECHG_ADD, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACLITEM_SET_PRIVS_GOPTIONS, aclupdate(), AclItem::ai_grantee, AclItem::ai_grantor, ereport, errcode(), errmsg(), ERROR, j, lfirst_oid, and pfree().

Referenced by ExecGrant_Attribute(), ExecGrant_Database(), ExecGrant_Fdw(), ExecGrant_ForeignServer(), ExecGrant_Function(), ExecGrant_Language(), ExecGrant_Largeobject(), ExecGrant_Namespace(), ExecGrant_Parameter(), ExecGrant_Relation(), ExecGrant_Tablespace(), ExecGrant_Type(), and SetDefaultACL().

◆ object_aclcheck()

AclResult object_aclcheck ( Oid  classid,
Oid  objectid,
Oid  roleid,
AclMode  mode 
)

Definition at line 4570 of file aclchk.c.

4571 {
4572  if (object_aclmask(classid, objectid, roleid, mode, ACLMASK_ANY) != 0)
4573  return ACLCHECK_OK;
4574  else
4575  return ACLCHECK_NO_PRIV;
4576 }
@ ACLMASK_ANY
Definition: acl.h:176
static AclMode object_aclmask(Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3873
static PgChecksumMode mode
Definition: pg_checksums.c:65

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, and object_aclmask().

Referenced by AggregateCreate(), AlterExtensionNamespace(), AlterForeignServerOwner_internal(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), AlterPublicationOwner_internal(), AlterSchemaOwner_internal(), AlterTableMoveAll(), AlterTypeOwner(), ATExecAddColumn(), ATExecChangeOwner(), ATPrepAlterColumnType(), ATPrepSetTableSpace(), BuildDescForRelation(), calculate_database_size(), calculate_tablespace_size(), call_pltcl_start_proc(), check_temp_tablespaces(), CheckFunctionValidatorAccess(), CheckMyDatabase(), compute_return_type(), CreateCast(), CreateConversionCommand(), createdb(), CreateForeignServer(), CreateForeignTable(), CreateFunction(), CreatePublication(), CreateSchemaCommand(), CreateTransform(), CreateTriggerFiringOn(), DefineAggregate(), DefineCollation(), DefineDomain(), DefineEnum(), DefineIndex(), DefineOpClass(), DefineOperator(), DefineOpFamily(), DefineRange(), DefineRelation(), DefineTSConfiguration(), DefineTSDictionary(), DefineType(), ExecBuildGroupingEqual(), ExecBuildParamSetEqual(), ExecInitAgg(), ExecInitExprRec(), ExecInitFunc(), ExecInitWindowAgg(), ExecReindex(), ExecuteCallStmt(), ExecuteDoStmt(), extension_is_trusted(), findRangeCanonicalFunction(), findRangeSubtypeDiffFunction(), get_connect_string(), get_other_operator(), HandleFunctionRequest(), has_database_privilege_id(), has_database_privilege_id_id(), has_database_privilege_id_name(), has_database_privilege_name(), has_database_privilege_name_id(), has_database_privilege_name_name(), has_foreign_data_wrapper_privilege_id(), has_foreign_data_wrapper_privilege_id_id(), has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), has_foreign_data_wrapper_privilege_name_id(), has_foreign_data_wrapper_privilege_name_name(), has_function_privilege_id(), has_function_privilege_id_id(), has_function_privilege_id_name(), has_function_privilege_name(), has_function_privilege_name_id(), has_function_privilege_name_name(), has_language_privilege_id(), has_language_privilege_id_id(), has_language_privilege_id_name(), has_language_privilege_name(), has_language_privilege_name_id(), has_language_privilege_name_name(), has_schema_privilege_id(), has_schema_privilege_id_id(), has_schema_privilege_id_name(), has_schema_privilege_name(), has_schema_privilege_name_id(), has_schema_privilege_name_name(), has_server_privilege_id(), has_server_privilege_id_id(), has_server_privilege_id_name(), has_server_privilege_name(), has_server_privilege_name_id(), has_server_privilege_name_name(), has_tablespace_privilege_id(), has_tablespace_privilege_id_id(), has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), has_tablespace_privilege_name_id(), has_tablespace_privilege_name_name(), has_type_privilege_id(), has_type_privilege_id_id(), has_type_privilege_id_name(), has_type_privilege_name(), has_type_privilege_name_id(), has_type_privilege_name_name(), ImportForeignSchema(), init_sexpr(), initialize_peragg(), InitTempTableNamespace(), inline_function(), inline_set_returning_function(), interpret_function_parameter_list(), lookup_agg_function(), LookupCreationNamespace(), LookupExplicitNamespace(), movedb(), pg_namespace_aclmask(), PrepareTempTablespaces(), RangeVarCallbackForAlterRelation(), RangeVarGetAndCheckCreationNamespace(), recomputeNamespacePath(), ReindexMultipleInternal(), RenameSchema(), transformTableLikeClause(), user_mapping_ddl_aclcheck(), ValidateJoinEstimator(), and ValidateRestrictionEstimator().

◆ object_aclmask()

static AclMode object_aclmask ( Oid  classid,
Oid  objectid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 3873 of file aclchk.c.

3875 {
3876  int cacheid;
3877  AclMode result;
3878  HeapTuple tuple;
3879  Datum aclDatum;
3880  bool isNull;
3881  Acl *acl;
3882  Oid ownerId;
3883 
3884  /* Special cases */
3885  switch (classid)
3886  {
3887  case NamespaceRelationId:
3888  return pg_namespace_aclmask(objectid, roleid, mask, how);
3889  case TypeRelationId:
3890  return pg_type_aclmask(objectid, roleid, mask, how);
3891  }
3892 
3893  /* Even more special cases */
3894  Assert(classid != RelationRelationId); /* should use pg_class_acl* */
3895  Assert(classid != LargeObjectMetadataRelationId); /* should use
3896  * pg_largeobject_acl* */
3897 
3898  /* Superusers bypass all permission checking. */
3899  if (superuser_arg(roleid))
3900  return mask;
3901 
3902  /*
3903  * Get the objects's ACL from its catalog
3904  */
3905 
3906  cacheid = get_object_catcache_oid(classid);
3907 
3908  tuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objectid));
3909  if (!HeapTupleIsValid(tuple))
3910  ereport(ERROR,
3911  (errcode(ERRCODE_UNDEFINED_DATABASE),
3912  errmsg("%s with OID %u does not exist", get_object_class_descr(classid), objectid)));
3913 
3914  ownerId = DatumGetObjectId(SysCacheGetAttr(cacheid,
3915  tuple,
3916  get_object_attnum_owner(classid),
3917  &isNull));
3918  Assert(!isNull);
3919 
3920  aclDatum = SysCacheGetAttr(cacheid, tuple, get_object_attnum_acl(classid),
3921  &isNull);
3922  if (isNull)
3923  {
3924  /* No ACL, so build default ACL */
3925  acl = acldefault(get_object_type(classid, objectid), ownerId);
3926  aclDatum = (Datum) 0;
3927  }
3928  else
3929  {
3930  /* detoast ACL if necessary */
3931  acl = DatumGetAclP(aclDatum);
3932  }
3933 
3934  result = aclmask(acl, roleid, ownerId, mask, how);
3935 
3936  /* if we have a detoasted copy, free it */
3937  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3938  pfree(acl);
3939 
3940  ReleaseSysCache(tuple);
3941 
3942  return result;
3943 }
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Definition: acl.c:1328
#define DatumGetAclP(X)
Definition: acl.h:120
static AclMode pg_type_aclmask(Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:4493
static AclMode pg_namespace_aclmask(Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:4401
char * Pointer
Definition: c.h:419
AttrNumber get_object_attnum_owner(Oid class_id)
AttrNumber get_object_attnum_acl(Oid class_id)
int get_object_catcache_oid(Oid class_id)
ObjectType get_object_type(Oid class_id, Oid object_id)
const char * get_object_class_descr(Oid class_id)
static Oid DatumGetObjectId(Datum X)
Definition: postgres.h:590
static Pointer DatumGetPointer(Datum X)
Definition: postgres.h:660

References acldefault(), aclmask(), Assert(), DatumGetAclP, DatumGetObjectId(), DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, get_object_attnum_acl(), get_object_attnum_owner(), get_object_catcache_oid(), get_object_class_descr(), get_object_type(), HeapTupleIsValid, ObjectIdGetDatum(), pfree(), pg_namespace_aclmask(), pg_type_aclmask(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by object_aclcheck(), and pg_aclmask().

◆ object_ownercheck()

bool object_ownercheck ( Oid  classid,
Oid  objectid,
Oid  roleid 
)

Definition at line 4771 of file aclchk.c.

4772 {
4773  int cacheid;
4774  Oid ownerId;
4775 
4776  /* Superusers bypass all permission checking. */
4777  if (superuser_arg(roleid))
4778  return true;
4779 
4780  cacheid = get_object_catcache_oid(classid);
4781  if (cacheid != -1)
4782  {
4783  HeapTuple tuple;
4784  bool isnull;
4785 
4786  tuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objectid));
4787  if (!HeapTupleIsValid(tuple))
4788  ereport(ERROR,
4789  (errcode(ERRCODE_UNDEFINED_OBJECT),
4790  errmsg("%s with OID %u does not exist", get_object_class_descr(classid), objectid)));
4791 
4792  ownerId = DatumGetObjectId(SysCacheGetAttr(cacheid,
4793  tuple,
4794  get_object_attnum_owner(classid),
4795  &isnull));
4796  Assert(!isnull);
4797 
4798  ReleaseSysCache(tuple);
4799  }
4800  else
4801  {
4802  /* for catalogs without an appropriate syscache */
4803 
4804  Relation rel;
4805  ScanKeyData entry[1];
4806  SysScanDesc scan;
4807  HeapTuple tuple;
4808  bool isnull;
4809 
4810  rel = table_open(classid, AccessShareLock);
4811 
4812  ScanKeyInit(&entry[0],
4813  get_object_attnum_oid(classid),
4814  BTEqualStrategyNumber, F_OIDEQ,
4815  ObjectIdGetDatum(objectid));
4816 
4817  scan = systable_beginscan(rel,
4818  get_object_oid_index(classid), true,
4819  NULL, 1, entry);
4820 
4821  tuple = systable_getnext(scan);
4822  if (!HeapTupleIsValid(tuple))
4823  ereport(ERROR,
4824  (errcode(ERRCODE_UNDEFINED_OBJECT),
4825  errmsg("%s with OID %u does not exist", get_object_class_descr(classid), objectid)));
4826 
4827  ownerId = DatumGetObjectId(heap_getattr(tuple,
4828  get_object_attnum_owner(classid),
4829  RelationGetDescr(rel),
4830  &isnull));
4831  Assert(!isnull);
4832 
4833  systable_endscan(scan);
4835  }
4836 
4837  return has_privs_of_role(roleid, ownerId);
4838 }
AttrNumber get_object_attnum_oid(Oid class_id)
Oid get_object_oid_index(Oid class_id)

References AccessShareLock, Assert(), BTEqualStrategyNumber, DatumGetObjectId(), ereport, errcode(), errmsg(), ERROR, get_object_attnum_oid(), get_object_attnum_owner(), get_object_catcache_oid(), get_object_class_descr(), get_object_oid_index(), has_privs_of_role(), heap_getattr(), HeapTupleIsValid, ObjectIdGetDatum(), RelationGetDescr, ReleaseSysCache(), ScanKeyInit(), SearchSysCache1(), superuser_arg(), SysCacheGetAttr(), systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by AlterCollation(), AlterDatabase(), AlterDatabaseOwner(), AlterDatabaseRefreshColl(), AlterDatabaseSet(), AlterEventTrigger(), AlterEventTriggerOwner_internal(), AlterExtensionNamespace(), AlterForeignServer(), AlterForeignServerOwner_internal(), AlterFunction(), AlterOperator(), AlterOpFamilyAdd(), AlterPublication(), AlterPublicationOwner_internal(), AlterRoleSet(), AlterSchemaOwner_internal(), AlterStatistics(), AlterSubscription(), AlterSubscriptionOwner_internal(), AlterTableMoveAll(), AlterTableSpaceOptions(), AlterTSConfiguration(), AlterTSDictionary(), AlterType(), AlterTypeNamespace_oid(), AlterTypeOwner(), ATExecChangeOwner(), ATSimplePermissions(), be_lo_unlink(), brin_desummarize_range(), brin_summarize_range(), check_enable_rls(), check_object_ownership(), checkDomainOwner(), checkEnumOwner(), cluster_rel(), CreateCast(), createdb(), CreateProceduralLanguage(), CreateStatistics(), CreateTransform(), DefineOpClass(), DefineQueryRewrite(), DefineType(), dropdb(), DropSubscription(), DropTableSpace(), EnableDisableRule(), ExecAlterExtensionContentsStmt(), ExecAlterExtensionStmt(), ExecuteTruncateGuts(), get_tables_to_cluster(), get_tables_to_cluster_partitioned(), gin_clean_pending_list(), heap_force_common(), MergeAttributes(), movedb(), OperatorCreate(), ProcedureCreate(), PublicationAddTables(), RangeVarCallbackForAlterRelation(), RangeVarCallbackForDropRelation(), RangeVarCallbackForPolicy(), RangeVarCallbackForReindexIndex(), RangeVarCallbackForRenameRule(), RangeVarCallbackForRenameTrigger(), RangeVarCallbackOwnsRelation(), RangeVarCallbackOwnsTable(), RangeVarGetAndCheckCreationNamespace(), ReindexMultipleTables(), RemoveObjects(), renameatt_check(), RenameDatabase(), RenameSchema(), RenameTableSpace(), RenameType(), RI_Initial_Check(), user_mapping_ddl_aclcheck(), and vacuum_is_relation_owner().

◆ objectNamesToOids()

static List * objectNamesToOids ( ObjectType  objtype,
List objnames,
bool  is_grant 
)
static

Definition at line 663 of file aclchk.c.

664 {
665  List *objects = NIL;
666  ListCell *cell;
667 
668  Assert(objnames != NIL);
669 
670  switch (objtype)
671  {
672  case OBJECT_TABLE:
673  case OBJECT_SEQUENCE:
674  foreach(cell, objnames)
675  {
676  RangeVar *relvar = (RangeVar *) lfirst(cell);
677  Oid relOid;
678 
679  relOid = RangeVarGetRelid(relvar, NoLock, false);
680  objects = lappend_oid(objects, relOid);
681  }
682  break;
683  case OBJECT_DATABASE:
684  foreach(cell, objnames)
685  {
686  char *dbname = strVal(lfirst(cell));
687  Oid dbid;
688 
689  dbid = get_database_oid(dbname, false);
690  objects = lappend_oid(objects, dbid);
691  }
692  break;
693  case OBJECT_DOMAIN:
694  case OBJECT_TYPE:
695  foreach(cell, objnames)
696  {
697  List *typname = (List *) lfirst(cell);
698  Oid oid;
699 
701  objects = lappend_oid(objects, oid);
702  }
703  break;
704  case OBJECT_FUNCTION:
705  foreach(cell, objnames)
706  {
707  ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
708  Oid funcid;
709 
710  funcid = LookupFuncWithArgs(OBJECT_FUNCTION, func, false);
711  objects = lappend_oid(objects, funcid);
712  }
713  break;
714  case OBJECT_LANGUAGE:
715  foreach(cell, objnames)
716  {
717  char *langname = strVal(lfirst(cell));
718  Oid oid;
719 
720  oid = get_language_oid(langname, false);
721  objects = lappend_oid(objects, oid);
722  }
723  break;
724  case OBJECT_LARGEOBJECT:
725  foreach(cell, objnames)
726  {
727  Oid lobjOid = oidparse(lfirst(cell));
728 
729  if (!LargeObjectExists(lobjOid))
730  ereport(ERROR,
731  (errcode(ERRCODE_UNDEFINED_OBJECT),
732  errmsg("large object %u does not exist",
733  lobjOid)));
734 
735  objects = lappend_oid(objects, lobjOid);
736  }
737  break;
738  case OBJECT_SCHEMA:
739  foreach(cell, objnames)
740  {
741  char *nspname = strVal(lfirst(cell));
742  Oid oid;
743 
744  oid = get_namespace_oid(nspname, false);
745  objects = lappend_oid(objects, oid);
746  }
747  break;
748  case OBJECT_PROCEDURE:
749  foreach(cell, objnames)
750  {
751  ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
752  Oid procid;
753 
754  procid = LookupFuncWithArgs(OBJECT_PROCEDURE, func, false);
755  objects = lappend_oid(objects, procid);
756  }
757  break;
758  case OBJECT_ROUTINE:
759  foreach(cell, objnames)
760  {
761  ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
762  Oid routid;
763 
764  routid = LookupFuncWithArgs(OBJECT_ROUTINE, func, false);
765  objects = lappend_oid(objects, routid);
766  }
767  break;
768  case OBJECT_TABLESPACE:
769  foreach(cell, objnames)
770  {
771  char *spcname = strVal(lfirst(cell));
772  Oid spcoid;
773 
774  spcoid = get_tablespace_oid(spcname, false);
775  objects = lappend_oid(objects, spcoid);
776  }
777  break;
778  case OBJECT_FDW:
779  foreach(cell, objnames)
780  {
781  char *fdwname = strVal(lfirst(cell));
782  Oid fdwid = get_foreign_data_wrapper_oid(fdwname, false);
783 
784  objects = lappend_oid(objects, fdwid);
785  }
786  break;
788  foreach(cell, objnames)
789  {
790  char *srvname = strVal(lfirst(cell));
791  Oid srvid = get_foreign_server_oid(srvname, false);
792 
793  objects = lappend_oid(objects, srvid);
794  }
795  break;
797  foreach(cell, objnames)
798  {
799  /*
800  * In this code we represent a GUC by the OID of its entry in
801  * pg_parameter_acl, which we have to manufacture here if it
802  * doesn't exist yet. (That's a hack for sure, but it avoids
803  * messing with all the GRANT/REVOKE infrastructure that
804  * expects to use OIDs for object identities.) However, if
805  * this is a REVOKE, we can instead just ignore any GUCs that
806  * don't have such an entry, as they must not have any
807  * privileges needing removal.
808  */
809  char *parameter = strVal(lfirst(cell));
810  Oid parameterId = ParameterAclLookup(parameter, true);
811 
812  if (!OidIsValid(parameterId) && is_grant)
813  {
814  parameterId = ParameterAclCreate(parameter);
815 
816  /*
817  * Prevent error when processing duplicate objects, and
818  * make this new entry visible so that ExecGrant_Parameter
819  * can update it.
820  */
822  }
823  if (OidIsValid(parameterId))
824  objects = lappend_oid(objects, parameterId);
825  }
826  break;
827  default:
828  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
829  (int) objtype);
830  }
831 
832  return objects;
833 }
Oid get_tablespace_oid(const char *tablespacename, bool missing_ok)
Definition: tablespace.c:1432
#define OidIsValid(objectId)
Definition: c.h:711
Oid get_database_oid(const char *dbname, bool missing_ok)
Definition: dbcommands.c:2934
Oid get_foreign_server_oid(const char *servername, bool missing_ok)
Definition: foreign.c:690
Oid get_foreign_data_wrapper_oid(const char *fdwname, bool missing_ok)
Definition: foreign.c:667
#define NoLock
Definition: lockdefs.h:34
TypeName * makeTypeNameFromNameList(List *names)
Definition: makefuncs.c:456
Oid get_namespace_oid(const char *nspname, bool missing_ok)
Definition: namespace.c:3086
#define RangeVarGetRelid(relation, lockmode, missing_ok)
Definition: namespace.h:79
Oid oidparse(Node *node)
Definition: oid.c:314
Oid LookupFuncWithArgs(ObjectType objtype, ObjectWithArgs *func, bool missing_ok)
Definition: parse_func.c:2208
Oid typenameTypeId(ParseState *pstate, const TypeName *typeName)
Definition: parse_type.c:291
bool LargeObjectExists(Oid loid)
Oid ParameterAclLookup(const char *parameter, bool missing_ok)
Oid ParameterAclCreate(const char *parameter)
NameData typname
Definition: pg_type.h:41
Oid get_language_oid(const char *langname, bool missing_ok)
Definition: proclang.c:228
char * dbname
Definition: streamutil.c:51

References Assert(), CommandCounterIncrement(), dbname, elog(), ereport, errcode(), errmsg(), ERROR, get_database_oid(), get_foreign_data_wrapper_oid(), get_foreign_server_oid(), get_language_oid(), get_namespace_oid(), get_tablespace_oid(), lappend_oid(), LargeObjectExists(), lfirst, LookupFuncWithArgs(), makeTypeNameFromNameList(), NIL, NoLock, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, OidIsValid, oidparse(), ParameterAclCreate(), ParameterAclLookup(), RangeVarGetRelid, strVal, typenameTypeId(), and typname.

Referenced by ExecuteGrantStmt().

◆ objectsInSchemaToOids()

static List * objectsInSchemaToOids ( ObjectType  objtype,
List nspnames 
)
static

Definition at line 843 of file aclchk.c.

844 {
845  List *objects = NIL;
846  ListCell *cell;
847 
848  foreach(cell, nspnames)
849  {
850  char *nspname = strVal(lfirst(cell));
851  Oid namespaceId;
852  List *objs;
853 
854  namespaceId = LookupExplicitNamespace(nspname, false);
855 
856  switch (objtype)
857  {
858  case OBJECT_TABLE:
859  objs = getRelationsInNamespace(namespaceId, RELKIND_RELATION);
860  objects = list_concat(objects, objs);
861  objs = getRelationsInNamespace(namespaceId, RELKIND_VIEW);
862  objects = list_concat(objects, objs);
863  objs = getRelationsInNamespace(namespaceId, RELKIND_MATVIEW);
864  objects = list_concat(objects, objs);
865  objs = getRelationsInNamespace(namespaceId, RELKIND_FOREIGN_TABLE);
866  objects = list_concat(objects, objs);
867  objs = getRelationsInNamespace(namespaceId, RELKIND_PARTITIONED_TABLE);
868  objects = list_concat(objects, objs);
869  break;
870  case OBJECT_SEQUENCE:
871  objs = getRelationsInNamespace(namespaceId, RELKIND_SEQUENCE);
872  objects = list_concat(objects, objs);
873  break;
874  case OBJECT_FUNCTION:
875  case OBJECT_PROCEDURE:
876  case OBJECT_ROUTINE:
877  {
878  ScanKeyData key[2];
879  int keycount;
880  Relation rel;
881  TableScanDesc scan;
882  HeapTuple tuple;
883 
884  keycount = 0;
885  ScanKeyInit(&key[keycount++],
886  Anum_pg_proc_pronamespace,
887  BTEqualStrategyNumber, F_OIDEQ,
888  ObjectIdGetDatum(namespaceId));
889 
890  if (objtype == OBJECT_FUNCTION)
891  /* includes aggregates and window functions */
892  ScanKeyInit(&key[keycount++],
893  Anum_pg_proc_prokind,
894  BTEqualStrategyNumber, F_CHARNE,
895  CharGetDatum(PROKIND_PROCEDURE));
896  else if (objtype == OBJECT_PROCEDURE)
897  ScanKeyInit(&key[keycount++],
898  Anum_pg_proc_prokind,
899  BTEqualStrategyNumber, F_CHAREQ,
900  CharGetDatum(PROKIND_PROCEDURE));
901 
902  rel = table_open(ProcedureRelationId, AccessShareLock);
903  scan = table_beginscan_catalog(rel, keycount, key);
904 
905  while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
906  {
907  Oid oid = ((Form_pg_proc) GETSTRUCT(tuple))->oid;
908 
909  objects = lappend_oid(objects, oid);
910  }
911 
912  table_endscan(scan);
914  }
915  break;
916  default:
917  /* should not happen */
918  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
919  (int) objtype);
920  }
921  }
922 
923  return objects;
924 }
static List * getRelationsInNamespace(Oid namespaceId, char relkind)
Definition: aclchk.c:932
List * list_concat(List *list1, const List *list2)
Definition: list.c:560
Oid LookupExplicitNamespace(const char *nspname, bool missing_ok)
Definition: namespace.c:2936

References AccessShareLock, BTEqualStrategyNumber, CharGetDatum(), elog(), ERROR, ForwardScanDirection, getRelationsInNamespace(), GETSTRUCT, heap_getnext(), sort-test::key, lappend_oid(), lfirst, list_concat(), LookupExplicitNamespace(), NIL, OBJECT_FUNCTION, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SEQUENCE, OBJECT_TABLE, ObjectIdGetDatum(), ScanKeyInit(), strVal, table_beginscan_catalog(), table_close(), table_endscan(), and table_open().

Referenced by ExecuteGrantStmt().

◆ pg_aclmask()

static AclMode pg_aclmask ( ObjectType  objtype,
Oid  object_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 3808 of file aclchk.c.

3810 {
3811  switch (objtype)
3812  {
3813  case OBJECT_COLUMN:
3814  return
3815  pg_class_aclmask(object_oid, roleid, mask, how) |
3816  pg_attribute_aclmask(object_oid, attnum, roleid, mask, how);
3817  case OBJECT_TABLE:
3818  case OBJECT_SEQUENCE:
3819  return pg_class_aclmask(object_oid, roleid, mask, how);
3820  case OBJECT_DATABASE:
3821  return object_aclmask(DatabaseRelationId, object_oid, roleid, mask, how);
3822  case OBJECT_FUNCTION:
3823  return object_aclmask(ProcedureRelationId, object_oid, roleid, mask, how);
3824  case OBJECT_LANGUAGE:
3825  return object_aclmask(LanguageRelationId, object_oid, roleid, mask, how);
3826  case OBJECT_LARGEOBJECT:
3827  return pg_largeobject_aclmask_snapshot(object_oid, roleid,
3828  mask, how, NULL);
3829  case OBJECT_PARAMETER_ACL:
3830  return pg_parameter_acl_aclmask(object_oid, roleid, mask, how);
3831  case OBJECT_SCHEMA:
3832  return object_aclmask(NamespaceRelationId, object_oid, roleid, mask, how);
3833  case OBJECT_STATISTIC_EXT:
3834  elog(ERROR, "grantable rights not supported for statistics objects");
3835  /* not reached, but keep compiler quiet */
3836  return ACL_NO_RIGHTS;
3837  case OBJECT_TABLESPACE:
3838  return object_aclmask(TableSpaceRelationId, object_oid, roleid, mask, how);
3839  case OBJECT_FDW:
3840  return object_aclmask(ForeignDataWrapperRelationId, object_oid, roleid, mask, how);
3841  case OBJECT_FOREIGN_SERVER:
3842  return object_aclmask(ForeignServerRelationId, object_oid, roleid, mask, how);
3843  case OBJECT_EVENT_TRIGGER:
3844  elog(ERROR, "grantable rights not supported for event triggers");
3845  /* not reached, but keep compiler quiet */
3846  return ACL_NO_RIGHTS;
3847  case OBJECT_TYPE:
3848  return object_aclmask(TypeRelationId, object_oid, roleid, mask, how);
3849  default:
3850  elog(ERROR, "unrecognized object type: %d",
3851  (int) objtype);
3852  /* not reached, but keep compiler quiet */
3853  return ACL_NO_RIGHTS;
3854  }
3855 }
static AclMode pg_largeobject_aclmask_snapshot(Oid lobj_oid, Oid roleid, AclMode mask, AclMaskHow how, Snapshot snapshot)
Definition: aclchk.c:4328
static AclMode pg_attribute_aclmask(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3954
static AclMode pg_parameter_acl_aclmask(Oid acl_oid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:4269
AclMode pg_class_aclmask(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:4073

References ACL_NO_RIGHTS, attnum, elog(), ERROR, object_aclmask(), OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_EVENT_TRIGGER, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_STATISTIC_EXT, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, pg_attribute_aclmask(), pg_class_aclmask(), pg_largeobject_aclmask_snapshot(), and pg_parameter_acl_aclmask().

Referenced by restrict_and_check_grant().

◆ pg_attribute_aclcheck()

AclResult pg_attribute_aclcheck ( Oid  table_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mode 
)

Definition at line 4589 of file aclchk.c.

4591 {
4592  return pg_attribute_aclcheck_ext(table_oid, attnum, roleid, mode, NULL);
4593 }
AclResult pg_attribute_aclcheck_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
Definition: aclchk.c:4603

References attnum, mode, and pg_attribute_aclcheck_ext().

Referenced by BuildIndexValueDescription(), checkFkeyPermissions(), examine_simple_variable(), ExecBuildSlotPartitionKeyDescription(), ExecBuildSlotValueDescription(), ExecCheckRTEPerms(), ExecCheckRTEPermsModified(), ri_ReportViolation(), and statext_is_compatible_clause().

◆ pg_attribute_aclcheck_all()

AclResult pg_attribute_aclcheck_all ( Oid  table_oid,
Oid  roleid,
AclMode  mode,
AclMaskHow  how 
)

Definition at line 4633 of file aclchk.c.

4635 {
4636  AclResult result;
4637  HeapTuple classTuple;
4638  Form_pg_class classForm;
4639  AttrNumber nattrs;
4640  AttrNumber curr_att;
4641 
4642  /*
4643  * Must fetch pg_class row to check number of attributes. As in
4644  * pg_attribute_aclmask, we prefer to return "no privileges" instead of
4645  * throwing an error if we get any unexpected lookup errors.
4646  */
4647  classTuple = SearchSysCache1(RELOID, ObjectIdGetDatum(table_oid));
4648  if (!HeapTupleIsValid(classTuple))
4649  return ACLCHECK_NO_PRIV;
4650  classForm = (Form_pg_class) GETSTRUCT(classTuple);
4651 
4652  nattrs = classForm->relnatts;
4653 
4654  ReleaseSysCache(classTuple);
4655 
4656  /*
4657  * Initialize result in case there are no non-dropped columns. We want to
4658  * report failure in such cases for either value of 'how'.
4659  */
4660  result = ACLCHECK_NO_PRIV;
4661 
4662  for (curr_att = 1; curr_att <= nattrs; curr_att++)
4663  {
4664  HeapTuple attTuple;
4665  AclMode attmask;
4666 
4667  attTuple = SearchSysCache2(ATTNUM,
4668  ObjectIdGetDatum(table_oid),
4669  Int16GetDatum(curr_att));
4670  if (!HeapTupleIsValid(attTuple))
4671  continue;
4672 
4673  /* ignore dropped columns */
4674  if (((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped)
4675  {
4676  ReleaseSysCache(attTuple);
4677  continue;
4678  }
4679 
4680  /*
4681  * Here we hard-wire knowledge that the default ACL for a column
4682  * grants no privileges, so that we can fall out quickly in the very
4683  * common case where attacl is null.
4684  */
4685  if (heap_attisnull(attTuple, Anum_pg_attribute_attacl, NULL))
4686  attmask = 0;
4687  else
4688  attmask = pg_attribute_aclmask(table_oid, curr_att, roleid,
4689  mode, ACLMASK_ANY);
4690 
4691  ReleaseSysCache(attTuple);
4692 
4693  if (attmask != 0)
4694  {
4695  result = ACLCHECK_OK;
4696  if (how == ACLMASK_ANY)
4697  break; /* succeed on any success */
4698  }
4699  else
4700  {
4701  result = ACLCHECK_NO_PRIV;
4702  if (how == ACLMASK_ALL)
4703  break; /* fail on any failure */
4704  }
4705  }
4706 
4707  return result;
4708 }
AclResult
Definition: acl.h:181
@ ACLMASK_ALL
Definition: acl.h:175
bool heap_attisnull(HeapTuple tup, int attnum, TupleDesc tupleDesc)
Definition: heaptuple.c:359

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ALL, ACLMASK_ANY, ATTNUM, GETSTRUCT, heap_attisnull(), HeapTupleIsValid, Int16GetDatum(), mode, ObjectIdGetDatum(), pg_attribute_aclmask(), ReleaseSysCache(), RELOID, SearchSysCache1(), and SearchSysCache2().

Referenced by ExecCheckRTEPerms(), ExecCheckRTEPermsModified(), has_any_column_privilege_id(), has_any_column_privilege_id_id(), has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_id(), has_any_column_privilege_name_name(), and statext_is_compatible_clause().

◆ pg_attribute_aclcheck_ext()

AclResult pg_attribute_aclcheck_ext ( Oid  table_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mode,
bool is_missing 
)

Definition at line 4603 of file aclchk.c.

4605 {
4606  if (pg_attribute_aclmask_ext(table_oid, attnum, roleid, mode,
4607  ACLMASK_ANY, is_missing) != 0)
4608  return ACLCHECK_OK;
4609  else
4610  return ACLCHECK_NO_PRIV;
4611 }
static AclMode pg_attribute_aclmask_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:3968

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, attnum, mode, and pg_attribute_aclmask_ext().

Referenced by column_privilege_check(), and pg_attribute_aclcheck().

◆ pg_attribute_aclmask()

static AclMode pg_attribute_aclmask ( Oid  table_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 3954 of file aclchk.c.

3956 {
3957  return pg_attribute_aclmask_ext(table_oid, attnum, roleid,
3958  mask, how, NULL);
3959 }

References attnum, and pg_attribute_aclmask_ext().

Referenced by pg_aclmask(), and pg_attribute_aclcheck_all().

◆ pg_attribute_aclmask_ext()

static AclMode pg_attribute_aclmask_ext ( Oid  table_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
bool is_missing 
)
static

Definition at line 3968 of file aclchk.c.

3970 {
3971  AclMode result;
3972  HeapTuple classTuple;
3973  HeapTuple attTuple;
3974  Form_pg_class classForm;
3975  Form_pg_attribute attributeForm;
3976  Datum aclDatum;
3977  bool isNull;
3978  Acl *acl;
3979  Oid ownerId;
3980 
3981  /*
3982  * First, get the column's ACL from its pg_attribute entry
3983  */
3984  attTuple = SearchSysCache2(ATTNUM,
3985  ObjectIdGetDatum(table_oid),
3987  if (!HeapTupleIsValid(attTuple))
3988  {
3989  if (is_missing != NULL)
3990  {
3991  /* return "no privileges" instead of throwing an error */
3992  *is_missing = true;
3993  return 0;
3994  }
3995  else
3996  ereport(ERROR,
3997  (errcode(ERRCODE_UNDEFINED_COLUMN),
3998  errmsg("attribute %d of relation with OID %u does not exist",
3999  attnum, table_oid)));
4000  }
4001 
4002  attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
4003 
4004  /* Check dropped columns, too */
4005  if (attributeForm->attisdropped)
4006  {
4007  if (is_missing != NULL)
4008  {
4009  /* return "no privileges" instead of throwing an error */
4010  *is_missing = true;
4011  ReleaseSysCache(attTuple);
4012  return 0;
4013  }
4014  else
4015  ereport(ERROR,
4016  (errcode(ERRCODE_UNDEFINED_COLUMN),
4017  errmsg("attribute %d of relation with OID %u does not exist",
4018  attnum, table_oid)));
4019  }
4020 
4021  aclDatum = SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
4022  &isNull);
4023 
4024  /*
4025  * Here we hard-wire knowledge that the default ACL for a column grants no
4026  * privileges, so that we can fall out quickly in the very common case
4027  * where attacl is null.
4028  */
4029  if (isNull)
4030  {
4031  ReleaseSysCache(attTuple);
4032  return 0;
4033  }
4034 
4035  /*
4036  * Must get the relation's ownerId from pg_class. Since we already found
4037  * a pg_attribute entry, the only likely reason for this to fail is that a
4038  * concurrent DROP of the relation committed since then (which could only
4039  * happen if we don't have lock on the relation). We prefer to report "no
4040  * privileges" rather than failing in such a case, so as to avoid unwanted
4041  * failures in has_column_privilege() tests.
4042  */
4043  classTuple = SearchSysCache1(RELOID, ObjectIdGetDatum(table_oid));
4044  if (!HeapTupleIsValid(classTuple))
4045  {
4046  ReleaseSysCache(attTuple);
4047  return 0;
4048  }
4049  classForm = (Form_pg_class) GETSTRUCT(classTuple);
4050 
4051  ownerId = classForm->relowner;
4052 
4053  ReleaseSysCache(classTuple);
4054 
4055  /* detoast column's ACL if necessary */
4056  acl = DatumGetAclP(aclDatum);
4057 
4058  result = aclmask(acl, roleid, ownerId, mask, how);
4059 
4060  /* if we have a detoasted copy, free it */
4061  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
4062  pfree(acl);
4063 
4064  ReleaseSysCache(attTuple);
4065 
4066  return result;
4067 }

References aclmask(), attnum, ATTNUM, DatumGetAclP, DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, GETSTRUCT, HeapTupleIsValid, Int16GetDatum(), ObjectIdGetDatum(), pfree(), ReleaseSysCache(), RELOID, SearchSysCache1(), SearchSysCache2(), and SysCacheGetAttr().

Referenced by pg_attribute_aclcheck_ext(), and pg_attribute_aclmask().

◆ pg_class_aclcheck()

AclResult pg_class_aclcheck ( Oid  table_oid,
Oid  roleid,
AclMode  mode 
)

◆ pg_class_aclcheck_ext()

AclResult pg_class_aclcheck_ext ( Oid  table_oid,
Oid  roleid,
AclMode  mode,
bool is_missing 
)

Definition at line 4730 of file aclchk.c.

4732 {
4733  if (pg_class_aclmask_ext(table_oid, roleid, mode,
4734  ACLMASK_ANY, is_missing) != 0)
4735  return ACLCHECK_OK;
4736  else
4737  return ACLCHECK_NO_PRIV;
4738 }
static AclMode pg_class_aclmask_ext(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:4086

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, and pg_class_aclmask_ext().

Referenced by column_privilege_check(), and pg_class_aclcheck().

◆ pg_class_aclmask()

AclMode pg_class_aclmask ( Oid  table_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)

Definition at line 4073 of file aclchk.c.

4075 {
4076  return pg_class_aclmask_ext(table_oid, roleid, mask, how, NULL);
4077 }

References pg_class_aclmask_ext().

Referenced by ExecCheckRTEPerms(), and pg_aclmask().

◆ pg_class_aclmask_ext()

static AclMode pg_class_aclmask_ext ( Oid  table_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
bool is_missing 
)
static

Definition at line 4086 of file aclchk.c.

4088 {
4089  AclMode result;
4090  HeapTuple tuple;
4091  Form_pg_class classForm;
4092  Datum aclDatum;
4093  bool isNull;
4094  Acl *acl;
4095  Oid ownerId;
4096 
4097  /*
4098  * Must get the relation's tuple from pg_class
4099  */
4100  tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(table_oid));
4101  if (!HeapTupleIsValid(tuple))
4102  {
4103  if (is_missing != NULL)
4104  {
4105  /* return "no privileges" instead of throwing an error */
4106  *is_missing = true;
4107  return 0;
4108  }
4109  else
4110  ereport(ERROR,
4112  errmsg("relation with OID %u does not exist",
4113  table_oid)));
4114  }
4115 
4116  classForm = (Form_pg_class) GETSTRUCT(tuple);
4117 
4118  /*
4119  * Deny anyone permission to update a system catalog unless
4120  * pg_authid.rolsuper is set.
4121  *
4122  * As of 7.4 we have some updatable system views; those shouldn't be
4123  * protected in this way. Assume the view rules can take care of
4124  * themselves. ACL_USAGE is if we ever have system sequences.
4125  */
4126  if ((mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE | ACL_USAGE)) &&
4127  IsSystemClass(table_oid, classForm) &&
4128  classForm->relkind != RELKIND_VIEW &&
4129  !superuser_arg(roleid))
4131 
4132  /*
4133  * Otherwise, superusers bypass all permission-checking.
4134  */
4135  if (superuser_arg(roleid))
4136  {
4137  ReleaseSysCache(tuple);
4138  return mask;
4139  }
4140 
4141  /*
4142  * Normal case: get the relation's ACL from pg_class
4143  */
4144  ownerId = classForm->relowner;
4145 
4146  aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
4147  &isNull);
4148  if (isNull)
4149  {
4150  /* No ACL, so build default ACL */
4151  switch (classForm->relkind)
4152  {
4153  case RELKIND_SEQUENCE:
4154  acl = acldefault(OBJECT_SEQUENCE, ownerId);
4155  break;
4156  default:
4157  acl = acldefault(OBJECT_TABLE, ownerId);
4158  break;
4159  }
4160  aclDatum = (Datum) 0;
4161  }
4162  else
4163  {
4164  /* detoast rel's ACL if necessary */
4165  acl = DatumGetAclP(aclDatum);
4166  }
4167 
4168  result = aclmask(acl, roleid, ownerId, mask, how);
4169 
4170  /* if we have a detoasted copy, free it */
4171  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
4172  pfree(acl);
4173 
4174  ReleaseSysCache(tuple);
4175 
4176  /*
4177  * Check if ACL_SELECT is being checked and, if so, and not set already as
4178  * part of the result, then check if the user is a member of the
4179  * pg_read_all_data role, which allows read access to all relations.
4180  */
4181  if (mask & ACL_SELECT && !(result & ACL_SELECT) &&
4182  has_privs_of_role(roleid, ROLE_PG_READ_ALL_DATA))
4183  result |= ACL_SELECT;
4184 
4185  /*
4186  * Check if ACL_INSERT, ACL_UPDATE, or ACL_DELETE is being checked and, if
4187  * so, and not set already as part of the result, then check if the user
4188  * is a member of the pg_write_all_data role, which allows
4189  * INSERT/UPDATE/DELETE access to all relations (except system catalogs,
4190  * which requires superuser, see above).
4191  */
4192  if (mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE) &&
4193  !(result & (ACL_INSERT | ACL_UPDATE | ACL_DELETE)) &&
4194  has_privs_of_role(roleid, ROLE_PG_WRITE_ALL_DATA))
4195  result |= (mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE));
4196 
4197  return result;
4198 }
bool IsSystemClass(Oid relid, Form_pg_class reltuple)
Definition: catalog.c:87
#define ACL_DELETE
Definition: parsenodes.h:86
#define ACL_USAGE
Definition: parsenodes.h:91
#define ACL_INSERT
Definition: parsenodes.h:83
#define ACL_UPDATE
Definition: parsenodes.h:85
#define ACL_TRUNCATE
Definition: parsenodes.h:87
#define ERRCODE_UNDEFINED_TABLE
Definition: pgbench.c:77

References ACL_DELETE, ACL_INSERT, ACL_SELECT, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, acldefault(), aclmask(), DatumGetAclP, DatumGetPointer(), ereport, errcode(), ERRCODE_UNDEFINED_TABLE, errmsg(), ERROR, GETSTRUCT, has_privs_of_role(), HeapTupleIsValid, IsSystemClass(), OBJECT_SEQUENCE, OBJECT_TABLE, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), RELOID, SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by pg_class_aclcheck_ext(), and pg_class_aclmask().

◆ pg_largeobject_aclcheck_snapshot()

AclResult pg_largeobject_aclcheck_snapshot ( Oid  lobj_oid,
Oid  roleid,
AclMode  mode,
Snapshot  snapshot 
)

Definition at line 4757 of file aclchk.c.

4759 {
4760  if (pg_largeobject_aclmask_snapshot(lobj_oid, roleid, mode,
4761  ACLMASK_ANY, snapshot) != 0)
4762  return ACLCHECK_OK;
4763  else
4764  return ACLCHECK_NO_PRIV;
4765 }

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, and pg_largeobject_aclmask_snapshot().

Referenced by be_lo_put(), and inv_open().

◆ pg_largeobject_aclmask_snapshot()

static AclMode pg_largeobject_aclmask_snapshot ( Oid  lobj_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
Snapshot  snapshot 
)
static

Definition at line 4328 of file aclchk.c.

4331 {
4332  AclMode result;
4333  Relation pg_lo_meta;
4334  ScanKeyData entry[1];
4335  SysScanDesc scan;
4336  HeapTuple tuple;
4337  Datum aclDatum;
4338  bool isNull;
4339  Acl *acl;
4340  Oid ownerId;
4341 
4342  /* Superusers bypass all permission checking. */
4343  if (superuser_arg(roleid))
4344  return mask;
4345 
4346  /*
4347  * Get the largeobject's ACL from pg_largeobject_metadata
4348  */
4349  pg_lo_meta = table_open(LargeObjectMetadataRelationId,
4350  AccessShareLock);
4351 
4352  ScanKeyInit(&entry[0],
4353  Anum_pg_largeobject_metadata_oid,
4354  BTEqualStrategyNumber, F_OIDEQ,
4355  ObjectIdGetDatum(lobj_oid));
4356 
4357  scan = systable_beginscan(pg_lo_meta,
4358  LargeObjectMetadataOidIndexId, true,
4359  snapshot, 1, entry);
4360 
4361  tuple = systable_getnext(scan);
4362  if (!HeapTupleIsValid(tuple))
4363  ereport(ERROR,
4364  (errcode(ERRCODE_UNDEFINED_OBJECT),
4365  errmsg("large object %u does not exist", lobj_oid)));
4366 
4367  ownerId = ((Form_pg_largeobject_metadata) GETSTRUCT(tuple))->lomowner;
4368 
4369  aclDatum = heap_getattr(tuple, Anum_pg_largeobject_metadata_lomacl,
4370  RelationGetDescr(pg_lo_meta), &isNull);
4371 
4372  if (isNull)
4373  {
4374  /* No ACL, so build default ACL */
4375  acl = acldefault(OBJECT_LARGEOBJECT, ownerId);
4376  aclDatum = (Datum) 0;
4377  }
4378  else
4379  {
4380  /* detoast ACL if necessary */
4381  acl = DatumGetAclP(aclDatum);
4382  }
4383 
4384  result = aclmask(acl, roleid, ownerId, mask, how);
4385 
4386  /* if we have a detoasted copy, free it */
4387  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
4388  pfree(acl);
4389 
4390  systable_endscan(scan);
4391 
4392  table_close(pg_lo_meta, AccessShareLock);
4393 
4394  return result;
4395 }

References AccessShareLock, acldefault(), aclmask(), BTEqualStrategyNumber, DatumGetAclP, DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, GETSTRUCT, heap_getattr(), HeapTupleIsValid, OBJECT_LARGEOBJECT, ObjectIdGetDatum(), pfree(), RelationGetDescr, ScanKeyInit(), superuser_arg(), systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by pg_aclmask(), and pg_largeobject_aclcheck_snapshot().

◆ pg_namespace_aclmask()

static AclMode pg_namespace_aclmask ( Oid  nsp_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 4401 of file aclchk.c.

4403 {
4404  AclMode result;
4405  HeapTuple tuple;
4406  Datum aclDatum;
4407  bool isNull;
4408  Acl *acl;
4409  Oid ownerId;
4410 
4411  /* Superusers bypass all permission checking. */
4412  if (superuser_arg(roleid))
4413  return mask;
4414 
4415  /*
4416  * If we have been assigned this namespace as a temp namespace, check to
4417  * make sure we have CREATE TEMP permission on the database, and if so act
4418  * as though we have all standard (but not GRANT OPTION) permissions on
4419  * the namespace. If we don't have CREATE TEMP, act as though we have
4420  * only USAGE (and not CREATE) rights.
4421  *
4422  * This may seem redundant given the check in InitTempTableNamespace, but
4423  * it really isn't since current user ID may have changed since then. The
4424  * upshot of this behavior is that a SECURITY DEFINER function can create
4425  * temp tables that can then be accessed (if permission is granted) by
4426  * code in the same session that doesn't have permissions to create temp
4427  * tables.
4428  *
4429  * XXX Would it be safe to ereport a special error message as
4430  * InitTempTableNamespace does? Returning zero here means we'll get a
4431  * generic "permission denied for schema pg_temp_N" message, which is not
4432  * remarkably user-friendly.
4433  */
4434  if (isTempNamespace(nsp_oid))
4435  {
4436  if (object_aclcheck(DatabaseRelationId, MyDatabaseId, roleid,
4438  return mask & ACL_ALL_RIGHTS_SCHEMA;
4439  else
4440  return mask & ACL_USAGE;
4441  }
4442 
4443  /*
4444  * Get the schema's ACL from pg_namespace
4445  */
4446  tuple = SearchSysCache1(NAMESPACEOID, ObjectIdGetDatum(nsp_oid));
4447  if (!HeapTupleIsValid(tuple))
4448  ereport(ERROR,
4449  (errcode(ERRCODE_UNDEFINED_SCHEMA),
4450  errmsg("schema with OID %u does not exist", nsp_oid)));
4451 
4452  ownerId = ((Form_pg_namespace) GETSTRUCT(tuple))->nspowner;
4453 
4454  aclDatum = SysCacheGetAttr(NAMESPACEOID, tuple, Anum_pg_namespace_nspacl,
4455  &isNull);
4456  if (isNull)
4457  {
4458  /* No ACL, so build default ACL */
4459  acl = acldefault(OBJECT_SCHEMA, ownerId);
4460  aclDatum = (Datum) 0;
4461  }
4462  else
4463  {
4464  /* detoast ACL if necessary */
4465  acl = DatumGetAclP(aclDatum);
4466  }
4467 
4468  result = aclmask(acl, roleid, ownerId, mask, how);
4469 
4470  /* if we have a detoasted copy, free it */
4471  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
4472  pfree(acl);
4473 
4474  ReleaseSysCache(tuple);
4475 
4476  /*
4477  * Check if ACL_USAGE is being checked and, if so, and not set already as
4478  * part of the result, then check if the user is a member of the
4479  * pg_read_all_data or pg_write_all_data roles, which allow usage access
4480  * to all schemas.
4481  */
4482  if (mask & ACL_USAGE && !(result & ACL_USAGE) &&
4483  (has_privs_of_role(roleid, ROLE_PG_READ_ALL_DATA) ||
4484  has_privs_of_role(roleid, ROLE_PG_WRITE_ALL_DATA)))
4485  result |= ACL_USAGE;
4486  return result;
4487 }
AclResult object_aclcheck(Oid classid, Oid objectid, Oid roleid, AclMode mode)
Definition: aclchk.c:4570
Oid MyDatabaseId
Definition: globals.c:89
bool isTempNamespace(Oid namespaceId)
Definition: namespace.c:3200
#define ACL_CREATE_TEMP
Definition: parsenodes.h:93

References ACL_ALL_RIGHTS_SCHEMA, ACL_CREATE_TEMP, ACL_USAGE, ACLCHECK_OK, acldefault(), aclmask(), DatumGetAclP, DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, GETSTRUCT, has_privs_of_role(), HeapTupleIsValid, isTempNamespace(), MyDatabaseId, NAMESPACEOID, object_aclcheck(), OBJECT_SCHEMA, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by object_aclmask().

◆ pg_parameter_acl_aclmask()

static AclMode pg_parameter_acl_aclmask ( Oid  acl_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 4269 of file aclchk.c.

4270 {
4271  AclMode result;
4272  HeapTuple tuple;
4273  Datum aclDatum;
4274  bool isNull;
4275  Acl *acl;
4276 
4277  /* Superusers bypass all permission checking. */
4278  if (superuser_arg(roleid))
4279  return mask;
4280 
4281  /* Get the ACL from pg_parameter_acl */
4283