PostgreSQL Source Code  git master
aclchk.c File Reference
#include "postgres.h"
#include "access/genam.h"
#include "access/heapam.h"
#include "access/htup_details.h"
#include "access/sysattr.h"
#include "access/tableam.h"
#include "access/xact.h"
#include "catalog/binary_upgrade.h"
#include "catalog/catalog.h"
#include "catalog/dependency.h"
#include "catalog/indexing.h"
#include "catalog/objectaccess.h"
#include "catalog/pg_aggregate.h"
#include "catalog/pg_am.h"
#include "catalog/pg_authid.h"
#include "catalog/pg_cast.h"
#include "catalog/pg_class.h"
#include "catalog/pg_collation.h"
#include "catalog/pg_conversion.h"
#include "catalog/pg_database.h"
#include "catalog/pg_default_acl.h"
#include "catalog/pg_event_trigger.h"
#include "catalog/pg_extension.h"
#include "catalog/pg_foreign_data_wrapper.h"
#include "catalog/pg_foreign_server.h"
#include "catalog/pg_init_privs.h"
#include "catalog/pg_language.h"
#include "catalog/pg_largeobject.h"
#include "catalog/pg_largeobject_metadata.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_opclass.h"
#include "catalog/pg_operator.h"
#include "catalog/pg_opfamily.h"
#include "catalog/pg_parameter_acl.h"
#include "catalog/pg_proc.h"
#include "catalog/pg_statistic_ext.h"
#include "catalog/pg_subscription.h"
#include "catalog/pg_tablespace.h"
#include "catalog/pg_transform.h"
#include "catalog/pg_ts_config.h"
#include "catalog/pg_ts_dict.h"
#include "catalog/pg_ts_parser.h"
#include "catalog/pg_ts_template.h"
#include "catalog/pg_type.h"
#include "commands/dbcommands.h"
#include "commands/defrem.h"
#include "commands/event_trigger.h"
#include "commands/extension.h"
#include "commands/proclang.h"
#include "commands/tablespace.h"
#include "foreign/foreign.h"
#include "miscadmin.h"
#include "nodes/makefuncs.h"
#include "parser/parse_func.h"
#include "parser/parse_type.h"
#include "utils/acl.h"
#include "utils/aclchk_internal.h"
#include "utils/builtins.h"
#include "utils/fmgroids.h"
#include "utils/guc.h"
#include "utils/lsyscache.h"
#include "utils/rel.h"
#include "utils/syscache.h"
Include dependency graph for aclchk.c:

Go to the source code of this file.

Data Structures

struct  InternalDefaultACL
 

Functions

static void ExecGrantStmt_oids (InternalGrant *istmt)
 
static void ExecGrant_Relation (InternalGrant *istmt)
 
static void ExecGrant_common (InternalGrant *istmt, Oid classid, AclMode default_privs, void(*object_check)(InternalGrant *istmt, HeapTuple tuple))
 
static void ExecGrant_Language_check (InternalGrant *istmt, HeapTuple tuple)
 
static void ExecGrant_Largeobject (InternalGrant *istmt)
 
static void ExecGrant_Type_check (InternalGrant *istmt, HeapTuple tuple)
 
static void ExecGrant_Parameter (InternalGrant *istmt)
 
static void SetDefaultACLsInSchemas (InternalDefaultACL *iacls, List *nspnames)
 
static void SetDefaultACL (InternalDefaultACL *iacls)
 
static ListobjectNamesToOids (ObjectType objtype, List *objnames, bool is_grant)
 
static ListobjectsInSchemaToOids (ObjectType objtype, List *nspnames)
 
static ListgetRelationsInNamespace (Oid namespaceId, char relkind)
 
static void expand_col_privileges (List *colnames, Oid table_oid, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
 
static void expand_all_col_privileges (Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
 
static AclMode string_to_privilege (const char *privname)
 
static const char * privilege_to_string (AclMode privilege)
 
static AclMode restrict_and_check_grant (bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
 
static AclMode pg_aclmask (ObjectType objtype, Oid object_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode object_aclmask (Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode object_aclmask_ext (Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
 
static AclMode pg_attribute_aclmask (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode pg_attribute_aclmask_ext (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
 
static AclMode pg_class_aclmask_ext (Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
 
static AclMode pg_parameter_acl_aclmask (Oid acl_oid, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode pg_largeobject_aclmask_snapshot (Oid lobj_oid, Oid roleid, AclMode mask, AclMaskHow how, Snapshot snapshot)
 
static AclMode pg_namespace_aclmask_ext (Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
 
static AclMode pg_type_aclmask_ext (Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
 
static void recordExtensionInitPriv (Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
 
static void recordExtensionInitPrivWorker (Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
 
static Aclmerge_acl_with_grant (Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
 
void ExecuteGrantStmt (GrantStmt *stmt)
 
void ExecAlterDefaultPrivilegesStmt (ParseState *pstate, AlterDefaultPrivilegesStmt *stmt)
 
void RemoveRoleFromObjectACL (Oid roleid, Oid classid, Oid objid)
 
static void ExecGrant_Attribute (InternalGrant *istmt, Oid relOid, const char *relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)
 
void aclcheck_error (AclResult aclerr, ObjectType objtype, const char *objectname)
 
void aclcheck_error_col (AclResult aclerr, ObjectType objtype, const char *objectname, const char *colname)
 
void aclcheck_error_type (AclResult aclerr, Oid typeOid)
 
AclMode pg_class_aclmask (Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)
 
static AclMode pg_parameter_aclmask (const char *name, Oid roleid, AclMode mask, AclMaskHow how)
 
AclResult object_aclcheck (Oid classid, Oid objectid, Oid roleid, AclMode mode)
 
AclResult object_aclcheck_ext (Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)
 
AclResult pg_attribute_aclcheck (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode)
 
AclResult pg_attribute_aclcheck_ext (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
 
AclResult pg_attribute_aclcheck_all (Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
 
AclResult pg_attribute_aclcheck_all_ext (Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)
 
AclResult pg_class_aclcheck (Oid table_oid, Oid roleid, AclMode mode)
 
AclResult pg_class_aclcheck_ext (Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)
 
AclResult pg_parameter_aclcheck (const char *name, Oid roleid, AclMode mode)
 
AclResult pg_largeobject_aclcheck_snapshot (Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)
 
bool object_ownercheck (Oid classid, Oid objectid, Oid roleid)
 
bool has_createrole_privilege (Oid roleid)
 
bool has_bypassrls_privilege (Oid roleid)
 
static Aclget_default_acl_internal (Oid roleId, Oid nsp_oid, char objtype)
 
Aclget_user_default_acl (ObjectType objtype, Oid ownerId, Oid nsp_oid)
 
void recordDependencyOnNewAcl (Oid classId, Oid objectId, int32 objsubId, Oid ownerId, Acl *acl)
 
void recordExtObjInitPriv (Oid objoid, Oid classoid)
 
void removeExtObjInitPriv (Oid objoid, Oid classoid)
 

Variables

bool binary_upgrade_record_init_privs = false
 

Function Documentation

◆ aclcheck_error()

void aclcheck_error ( AclResult  aclerr,
ObjectType  objtype,
const char *  objectname 
)

Definition at line 2701 of file aclchk.c.

2703 {
2704  switch (aclerr)
2705  {
2706  case ACLCHECK_OK:
2707  /* no error, so return to caller */
2708  break;
2709  case ACLCHECK_NO_PRIV:
2710  {
2711  const char *msg = "???";
2712 
2713  switch (objtype)
2714  {
2715  case OBJECT_AGGREGATE:
2716  msg = gettext_noop("permission denied for aggregate %s");
2717  break;
2718  case OBJECT_COLLATION:
2719  msg = gettext_noop("permission denied for collation %s");
2720  break;
2721  case OBJECT_COLUMN:
2722  msg = gettext_noop("permission denied for column %s");
2723  break;
2724  case OBJECT_CONVERSION:
2725  msg = gettext_noop("permission denied for conversion %s");
2726  break;
2727  case OBJECT_DATABASE:
2728  msg = gettext_noop("permission denied for database %s");
2729  break;
2730  case OBJECT_DOMAIN:
2731  msg = gettext_noop("permission denied for domain %s");
2732  break;
2733  case OBJECT_EVENT_TRIGGER:
2734  msg = gettext_noop("permission denied for event trigger %s");
2735  break;
2736  case OBJECT_EXTENSION:
2737  msg = gettext_noop("permission denied for extension %s");
2738  break;
2739  case OBJECT_FDW:
2740  msg = gettext_noop("permission denied for foreign-data wrapper %s");
2741  break;
2742  case OBJECT_FOREIGN_SERVER:
2743  msg = gettext_noop("permission denied for foreign server %s");
2744  break;
2745  case OBJECT_FOREIGN_TABLE:
2746  msg = gettext_noop("permission denied for foreign table %s");
2747  break;
2748  case OBJECT_FUNCTION:
2749  msg = gettext_noop("permission denied for function %s");
2750  break;
2751  case OBJECT_INDEX:
2752  msg = gettext_noop("permission denied for index %s");
2753  break;
2754  case OBJECT_LANGUAGE:
2755  msg = gettext_noop("permission denied for language %s");
2756  break;
2757  case OBJECT_LARGEOBJECT:
2758  msg = gettext_noop("permission denied for large object %s");
2759  break;
2760  case OBJECT_MATVIEW:
2761  msg = gettext_noop("permission denied for materialized view %s");
2762  break;
2763  case OBJECT_OPCLASS:
2764  msg = gettext_noop("permission denied for operator class %s");
2765  break;
2766  case OBJECT_OPERATOR:
2767  msg = gettext_noop("permission denied for operator %s");
2768  break;
2769  case OBJECT_OPFAMILY:
2770  msg = gettext_noop("permission denied for operator family %s");
2771  break;
2772  case OBJECT_PARAMETER_ACL:
2773  msg = gettext_noop("permission denied for parameter %s");
2774  break;
2775  case OBJECT_POLICY:
2776  msg = gettext_noop("permission denied for policy %s");
2777  break;
2778  case OBJECT_PROCEDURE:
2779  msg = gettext_noop("permission denied for procedure %s");
2780  break;
2781  case OBJECT_PUBLICATION:
2782  msg = gettext_noop("permission denied for publication %s");
2783  break;
2784  case OBJECT_ROUTINE:
2785  msg = gettext_noop("permission denied for routine %s");
2786  break;
2787  case OBJECT_SCHEMA:
2788  msg = gettext_noop("permission denied for schema %s");
2789  break;
2790  case OBJECT_SEQUENCE:
2791  msg = gettext_noop("permission denied for sequence %s");
2792  break;
2793  case OBJECT_STATISTIC_EXT:
2794  msg = gettext_noop("permission denied for statistics object %s");
2795  break;
2796  case OBJECT_SUBSCRIPTION:
2797  msg = gettext_noop("permission denied for subscription %s");
2798  break;
2799  case OBJECT_TABLE:
2800  msg = gettext_noop("permission denied for table %s");
2801  break;
2802  case OBJECT_TABLESPACE:
2803  msg = gettext_noop("permission denied for tablespace %s");
2804  break;
2806  msg = gettext_noop("permission denied for text search configuration %s");
2807  break;
2808  case OBJECT_TSDICTIONARY:
2809  msg = gettext_noop("permission denied for text search dictionary %s");
2810  break;
2811  case OBJECT_TYPE:
2812  msg = gettext_noop("permission denied for type %s");
2813  break;
2814  case OBJECT_VIEW:
2815  msg = gettext_noop("permission denied for view %s");
2816  break;
2817  /* these currently aren't used */
2818  case OBJECT_ACCESS_METHOD:
2819  case OBJECT_AMOP:
2820  case OBJECT_AMPROC:
2821  case OBJECT_ATTRIBUTE:
2822  case OBJECT_CAST:
2823  case OBJECT_DEFAULT:
2824  case OBJECT_DEFACL:
2825  case OBJECT_DOMCONSTRAINT:
2828  case OBJECT_ROLE:
2829  case OBJECT_RULE:
2830  case OBJECT_TABCONSTRAINT:
2831  case OBJECT_TRANSFORM:
2832  case OBJECT_TRIGGER:
2833  case OBJECT_TSPARSER:
2834  case OBJECT_TSTEMPLATE:
2835  case OBJECT_USER_MAPPING:
2836  elog(ERROR, "unsupported object type: %d", objtype);
2837  }
2838 
2839  ereport(ERROR,
2840  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2841  errmsg(msg, objectname)));
2842  break;
2843  }
2844  case ACLCHECK_NOT_OWNER:
2845  {
2846  const char *msg = "???";
2847 
2848  switch (objtype)
2849  {
2850  case OBJECT_AGGREGATE:
2851  msg = gettext_noop("must be owner of aggregate %s");
2852  break;
2853  case OBJECT_COLLATION:
2854  msg = gettext_noop("must be owner of collation %s");
2855  break;
2856  case OBJECT_CONVERSION:
2857  msg = gettext_noop("must be owner of conversion %s");
2858  break;
2859  case OBJECT_DATABASE:
2860  msg = gettext_noop("must be owner of database %s");
2861  break;
2862  case OBJECT_DOMAIN:
2863  msg = gettext_noop("must be owner of domain %s");
2864  break;
2865  case OBJECT_EVENT_TRIGGER:
2866  msg = gettext_noop("must be owner of event trigger %s");
2867  break;
2868  case OBJECT_EXTENSION:
2869  msg = gettext_noop("must be owner of extension %s");
2870  break;
2871  case OBJECT_FDW:
2872  msg = gettext_noop("must be owner of foreign-data wrapper %s");
2873  break;
2874  case OBJECT_FOREIGN_SERVER:
2875  msg = gettext_noop("must be owner of foreign server %s");
2876  break;
2877  case OBJECT_FOREIGN_TABLE:
2878  msg = gettext_noop("must be owner of foreign table %s");
2879  break;
2880  case OBJECT_FUNCTION:
2881  msg = gettext_noop("must be owner of function %s");
2882  break;
2883  case OBJECT_INDEX:
2884  msg = gettext_noop("must be owner of index %s");
2885  break;
2886  case OBJECT_LANGUAGE:
2887  msg = gettext_noop("must be owner of language %s");
2888  break;
2889  case OBJECT_LARGEOBJECT:
2890  msg = gettext_noop("must be owner of large object %s");
2891  break;
2892  case OBJECT_MATVIEW:
2893  msg = gettext_noop("must be owner of materialized view %s");
2894  break;
2895  case OBJECT_OPCLASS:
2896  msg = gettext_noop("must be owner of operator class %s");
2897  break;
2898  case OBJECT_OPERATOR:
2899  msg = gettext_noop("must be owner of operator %s");
2900  break;
2901  case OBJECT_OPFAMILY:
2902  msg = gettext_noop("must be owner of operator family %s");
2903  break;
2904  case OBJECT_PROCEDURE:
2905  msg = gettext_noop("must be owner of procedure %s");
2906  break;
2907  case OBJECT_PUBLICATION:
2908  msg = gettext_noop("must be owner of publication %s");
2909  break;
2910  case OBJECT_ROUTINE:
2911  msg = gettext_noop("must be owner of routine %s");
2912  break;
2913  case OBJECT_SEQUENCE:
2914  msg = gettext_noop("must be owner of sequence %s");
2915  break;
2916  case OBJECT_SUBSCRIPTION:
2917  msg = gettext_noop("must be owner of subscription %s");
2918  break;
2919  case OBJECT_TABLE:
2920  msg = gettext_noop("must be owner of table %s");
2921  break;
2922  case OBJECT_TYPE:
2923  msg = gettext_noop("must be owner of type %s");
2924  break;
2925  case OBJECT_VIEW:
2926  msg = gettext_noop("must be owner of view %s");
2927  break;
2928  case OBJECT_SCHEMA:
2929  msg = gettext_noop("must be owner of schema %s");
2930  break;
2931  case OBJECT_STATISTIC_EXT:
2932  msg = gettext_noop("must be owner of statistics object %s");
2933  break;
2934  case OBJECT_TABLESPACE:
2935  msg = gettext_noop("must be owner of tablespace %s");
2936  break;
2938  msg = gettext_noop("must be owner of text search configuration %s");
2939  break;
2940  case OBJECT_TSDICTIONARY:
2941  msg = gettext_noop("must be owner of text search dictionary %s");
2942  break;
2943 
2944  /*
2945  * Special cases: For these, the error message talks
2946  * about "relation", because that's where the
2947  * ownership is attached. See also
2948  * check_object_ownership().
2949  */
2950  case OBJECT_COLUMN:
2951  case OBJECT_POLICY:
2952  case OBJECT_RULE:
2953  case OBJECT_TABCONSTRAINT:
2954  case OBJECT_TRIGGER:
2955  msg = gettext_noop("must be owner of relation %s");
2956  break;
2957  /* these currently aren't used */
2958  case OBJECT_ACCESS_METHOD:
2959  case OBJECT_AMOP:
2960  case OBJECT_AMPROC:
2961  case OBJECT_ATTRIBUTE:
2962  case OBJECT_CAST:
2963  case OBJECT_DEFAULT:
2964  case OBJECT_DEFACL:
2965  case OBJECT_DOMCONSTRAINT:
2966  case OBJECT_PARAMETER_ACL:
2969  case OBJECT_ROLE:
2970  case OBJECT_TRANSFORM:
2971  case OBJECT_TSPARSER:
2972  case OBJECT_TSTEMPLATE:
2973  case OBJECT_USER_MAPPING:
2974  elog(ERROR, "unsupported object type: %d", objtype);
2975  }
2976 
2977  ereport(ERROR,
2978  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2979  errmsg(msg, objectname)));
2980  break;
2981  }
2982  default:
2983  elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
2984  break;
2985  }
2986 }
@ ACLCHECK_NO_PRIV
Definition: acl.h:183
@ ACLCHECK_OK
Definition: acl.h:182
@ ACLCHECK_NOT_OWNER
Definition: acl.h:184
#define gettext_noop(x)
Definition: c.h:1185
int errcode(int sqlerrcode)
Definition: elog.c:860
int errmsg(const char *fmt,...)
Definition: elog.c:1075
#define ERROR
Definition: elog.h:39
#define ereport(elevel,...)
Definition: elog.h:149
@ OBJECT_EVENT_TRIGGER
Definition: parsenodes.h:2110
@ OBJECT_FDW
Definition: parsenodes.h:2112
@ OBJECT_TSPARSER
Definition: parsenodes.h:2143
@ OBJECT_COLLATION
Definition: parsenodes.h:2103
@ OBJECT_USER_MAPPING
Definition: parsenodes.h:2146
@ OBJECT_ACCESS_METHOD
Definition: parsenodes.h:2096
@ OBJECT_OPCLASS
Definition: parsenodes.h:2120
@ OBJECT_DEFACL
Definition: parsenodes.h:2107
@ OBJECT_AGGREGATE
Definition: parsenodes.h:2097
@ OBJECT_MATVIEW
Definition: parsenodes.h:2119
@ OBJECT_SCHEMA
Definition: parsenodes.h:2132
@ OBJECT_POLICY
Definition: parsenodes.h:2124
@ OBJECT_OPERATOR
Definition: parsenodes.h:2121
@ OBJECT_FOREIGN_TABLE
Definition: parsenodes.h:2114
@ OBJECT_TSCONFIGURATION
Definition: parsenodes.h:2141
@ OBJECT_OPFAMILY
Definition: parsenodes.h:2122
@ OBJECT_DOMAIN
Definition: parsenodes.h:2108
@ OBJECT_COLUMN
Definition: parsenodes.h:2102
@ OBJECT_TABLESPACE
Definition: parsenodes.h:2138
@ OBJECT_ROLE
Definition: parsenodes.h:2129
@ OBJECT_ROUTINE
Definition: parsenodes.h:2130
@ OBJECT_LARGEOBJECT
Definition: parsenodes.h:2118
@ OBJECT_PUBLICATION_NAMESPACE
Definition: parsenodes.h:2127
@ OBJECT_PROCEDURE
Definition: parsenodes.h:2125
@ OBJECT_EXTENSION
Definition: parsenodes.h:2111
@ OBJECT_INDEX
Definition: parsenodes.h:2116
@ OBJECT_DEFAULT
Definition: parsenodes.h:2106
@ OBJECT_DATABASE
Definition: parsenodes.h:2105
@ OBJECT_SEQUENCE
Definition: parsenodes.h:2133
@ OBJECT_TSTEMPLATE
Definition: parsenodes.h:2144
@ OBJECT_LANGUAGE
Definition: parsenodes.h:2117
@ OBJECT_AMOP
Definition: parsenodes.h:2098
@ OBJECT_PUBLICATION_REL
Definition: parsenodes.h:2128
@ OBJECT_FOREIGN_SERVER
Definition: parsenodes.h:2113
@ OBJECT_TSDICTIONARY
Definition: parsenodes.h:2142
@ OBJECT_ATTRIBUTE
Definition: parsenodes.h:2100
@ OBJECT_PUBLICATION
Definition: parsenodes.h:2126
@ OBJECT_RULE
Definition: parsenodes.h:2131
@ OBJECT_CONVERSION
Definition: parsenodes.h:2104
@ OBJECT_AMPROC
Definition: parsenodes.h:2099
@ OBJECT_TABLE
Definition: parsenodes.h:2137
@ OBJECT_VIEW
Definition: parsenodes.h:2147
@ OBJECT_PARAMETER_ACL
Definition: parsenodes.h:2123
@ OBJECT_TYPE
Definition: parsenodes.h:2145
@ OBJECT_FUNCTION
Definition: parsenodes.h:2115
@ OBJECT_TABCONSTRAINT
Definition: parsenodes.h:2136
@ OBJECT_DOMCONSTRAINT
Definition: parsenodes.h:2109
@ OBJECT_SUBSCRIPTION
Definition: parsenodes.h:2134
@ OBJECT_STATISTIC_EXT
Definition: parsenodes.h:2135
@ OBJECT_CAST
Definition: parsenodes.h:2101
@ OBJECT_TRIGGER
Definition: parsenodes.h:2140
@ OBJECT_TRANSFORM
Definition: parsenodes.h:2139

References ACLCHECK_NO_PRIV, ACLCHECK_NOT_OWNER, ACLCHECK_OK, elog(), ereport, errcode(), errmsg(), ERROR, gettext_noop, OBJECT_ACCESS_METHOD, OBJECT_AGGREGATE, OBJECT_AMOP, OBJECT_AMPROC, OBJECT_ATTRIBUTE, OBJECT_CAST, OBJECT_COLLATION, OBJECT_COLUMN, OBJECT_CONVERSION, OBJECT_DATABASE, OBJECT_DEFACL, OBJECT_DEFAULT, OBJECT_DOMAIN, OBJECT_DOMCONSTRAINT, OBJECT_EVENT_TRIGGER, OBJECT_EXTENSION, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FOREIGN_TABLE, OBJECT_FUNCTION, OBJECT_INDEX, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_MATVIEW, OBJECT_OPCLASS, OBJECT_OPERATOR, OBJECT_OPFAMILY, OBJECT_PARAMETER_ACL, OBJECT_POLICY, OBJECT_PROCEDURE, OBJECT_PUBLICATION, OBJECT_PUBLICATION_NAMESPACE, OBJECT_PUBLICATION_REL, OBJECT_ROLE, OBJECT_ROUTINE, OBJECT_RULE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_STATISTIC_EXT, OBJECT_SUBSCRIPTION, OBJECT_TABCONSTRAINT, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TRANSFORM, OBJECT_TRIGGER, OBJECT_TSCONFIGURATION, OBJECT_TSDICTIONARY, OBJECT_TSPARSER, OBJECT_TSTEMPLATE, OBJECT_TYPE, OBJECT_USER_MAPPING, and OBJECT_VIEW.

Referenced by aclcheck_error_col(), aclcheck_error_type(), AlterCollation(), AlterDatabase(), AlterDatabaseOwner(), AlterDatabaseRefreshColl(), AlterDatabaseSet(), AlterEventTrigger(), AlterEventTriggerOwner_internal(), AlterExtensionNamespace(), AlterForeignServer(), AlterForeignServerOwner_internal(), AlterFunction(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), AlterOperator(), AlterOpFamilyAdd(), AlterPublication(), AlterPublicationOwner_internal(), AlterRoleSet(), AlterSchemaOwner_internal(), AlterStatistics(), AlterSubscription(), AlterSubscriptionOwner_internal(), AlterTableMoveAll(), AlterTableSpaceOptions(), AlterTSConfiguration(), AlterTSDictionary(), AlterTypeOwner(), ATExecChangeOwner(), ATPrepSetTableSpace(), ATSimplePermissions(), brin_desummarize_range(), brin_summarize_range(), calculate_database_size(), calculate_tablespace_size(), call_pltcl_start_proc(), check_object_ownership(), check_temp_tablespaces(), checkFkeyPermissions(), CheckFunctionValidatorAccess(), compute_return_type(), CreateConversionCommand(), createdb(), CreateForeignServer(), CreateForeignTable(), CreateFunction(), CreateProceduralLanguage(), CreatePublication(), CreateSchemaCommand(), CreateStatistics(), CreateSubscription(), CreateTransform(), CreateTriggerFiringOn(), currtid_internal(), DefineAggregate(), DefineCollation(), DefineDomain(), DefineEnum(), DefineIndex(), DefineOpClass(), DefineOperator(), DefineOpFamily(), DefineQueryRewrite(), DefineRange(), DefineRelation(), DefineTSConfiguration(), DefineTSDictionary(), DefineType(), dropdb(), DropSubscription(), DropTableSpace(), EnableDisableRule(), ExecAlterExtensionContentsStmt(), ExecAlterExtensionStmt(), ExecBuildGroupingEqual(), ExecBuildParamSetEqual(), ExecCheckPermissions(), ExecInitAgg(), ExecInitExprRec(), ExecInitFunc(), ExecInitWindowAgg(), ExecReindex(), ExecuteCallStmt(), ExecuteDoStmt(), ExecuteTruncateGuts(), findRangeCanonicalFunction(), findRangeSubtypeDiffFunction(), get_connect_string(), get_other_operator(), get_rel_from_relname(), gin_clean_pending_list(), HandleFunctionRequest(), heap_force_common(), ImportForeignSchema(), init_sexpr(), initialize_peragg(), LockViewRecurse_walker(), LogicalRepSyncTableStart(), lookup_agg_function(), LookupCreationNamespace(), LookupExplicitNamespace(), MergeAttributes(), movedb(), OperatorCreate(), pg_prewarm(), pgrowlocks(), ProcedureCreate(), PublicationAddTables(), RangeVarCallbackForAlterRelation(), RangeVarCallbackForDropRelation(), RangeVarCallbackForLockTable(), RangeVarCallbackForPolicy(), RangeVarCallbackForReindexIndex(), RangeVarCallbackForRenameRule(), RangeVarCallbackForRenameTrigger(), RangeVarCallbackOwnsRelation(), RangeVarCallbackOwnsTable(), RangeVarGetAndCheckCreationNamespace(), ReindexMultipleInternal(), ReindexMultipleTables(), renameatt_check(), RenameDatabase(), RenameSchema(), RenameTableSpace(), restrict_and_check_grant(), TargetPrivilegesCheck(), transformTableLikeClause(), truncate_check_perms(), TypeCreate(), user_mapping_ddl_aclcheck(), ValidateJoinEstimator(), ValidateOperatorReference(), and ValidateRestrictionEstimator().

◆ aclcheck_error_col()

void aclcheck_error_col ( AclResult  aclerr,
ObjectType  objtype,
const char *  objectname,
const char *  colname 
)

Definition at line 2990 of file aclchk.c.

2992 {
2993  switch (aclerr)
2994  {
2995  case ACLCHECK_OK:
2996  /* no error, so return to caller */
2997  break;
2998  case ACLCHECK_NO_PRIV:
2999  ereport(ERROR,
3000  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
3001  errmsg("permission denied for column \"%s\" of relation \"%s\"",
3002  colname, objectname)));
3003  break;
3004  case ACLCHECK_NOT_OWNER:
3005  /* relation msg is OK since columns don't have separate owners */
3006  aclcheck_error(aclerr, objtype, objectname);
3007  break;
3008  default:
3009  elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
3010  break;
3011  }
3012 }
void aclcheck_error(AclResult aclerr, ObjectType objtype, const char *objectname)
Definition: aclchk.c:2701

References aclcheck_error(), ACLCHECK_NO_PRIV, ACLCHECK_NOT_OWNER, ACLCHECK_OK, elog(), ereport, errcode(), errmsg(), and ERROR.

Referenced by restrict_and_check_grant().

◆ aclcheck_error_type()

void aclcheck_error_type ( AclResult  aclerr,
Oid  typeOid 
)

◆ ExecAlterDefaultPrivilegesStmt()

void ExecAlterDefaultPrivilegesStmt ( ParseState pstate,
AlterDefaultPrivilegesStmt stmt 
)

Definition at line 992 of file aclchk.c.

993 {
994  GrantStmt *action = stmt->action;
995  InternalDefaultACL iacls;
996  ListCell *cell;
997  List *rolespecs = NIL;
998  List *nspnames = NIL;
999  DefElem *drolespecs = NULL;
1000  DefElem *dnspnames = NULL;
1001  AclMode all_privileges;
1002  const char *errormsg;
1003 
1004  /* Deconstruct the "options" part of the statement */
1005  foreach(cell, stmt->options)
1006  {
1007  DefElem *defel = (DefElem *) lfirst(cell);
1008 
1009  if (strcmp(defel->defname, "schemas") == 0)
1010  {
1011  if (dnspnames)
1012  errorConflictingDefElem(defel, pstate);
1013  dnspnames = defel;
1014  }
1015  else if (strcmp(defel->defname, "roles") == 0)
1016  {
1017  if (drolespecs)
1018  errorConflictingDefElem(defel, pstate);
1019  drolespecs = defel;
1020  }
1021  else
1022  elog(ERROR, "option \"%s\" not recognized", defel->defname);
1023  }
1024 
1025  if (dnspnames)
1026  nspnames = (List *) dnspnames->arg;
1027  if (drolespecs)
1028  rolespecs = (List *) drolespecs->arg;
1029 
1030  /* Prepare the InternalDefaultACL representation of the statement */
1031  /* roleid to be filled below */
1032  /* nspid to be filled in SetDefaultACLsInSchemas */
1033  iacls.is_grant = action->is_grant;
1034  iacls.objtype = action->objtype;
1035  /* all_privs to be filled below */
1036  /* privileges to be filled below */
1037  iacls.grantees = NIL; /* filled below */
1038  iacls.grant_option = action->grant_option;
1039  iacls.behavior = action->behavior;
1040 
1041  /*
1042  * Convert the RoleSpec list into an Oid list. Note that at this point we
1043  * insert an ACL_ID_PUBLIC into the list if appropriate, so downstream
1044  * there shouldn't be any additional work needed to support this case.
1045  */
1046  foreach(cell, action->grantees)
1047  {
1048  RoleSpec *grantee = (RoleSpec *) lfirst(cell);
1049  Oid grantee_uid;
1050 
1051  switch (grantee->roletype)
1052  {
1053  case ROLESPEC_PUBLIC:
1054  grantee_uid = ACL_ID_PUBLIC;
1055  break;
1056  default:
1057  grantee_uid = get_rolespec_oid(grantee, false);
1058  break;
1059  }
1060  iacls.grantees = lappend_oid(iacls.grantees, grantee_uid);
1061  }
1062 
1063  /*
1064  * Convert action->privileges, a list of privilege strings, into an
1065  * AclMode bitmask.
1066  */
1067  switch (action->objtype)
1068  {
1069  case OBJECT_TABLE:
1070  all_privileges = ACL_ALL_RIGHTS_RELATION;
1071  errormsg = gettext_noop("invalid privilege type %s for relation");
1072  break;
1073  case OBJECT_SEQUENCE:
1074  all_privileges = ACL_ALL_RIGHTS_SEQUENCE;
1075  errormsg = gettext_noop("invalid privilege type %s for sequence");
1076  break;
1077  case OBJECT_FUNCTION:
1078  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
1079  errormsg = gettext_noop("invalid privilege type %s for function");
1080  break;
1081  case OBJECT_PROCEDURE:
1082  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
1083  errormsg = gettext_noop("invalid privilege type %s for procedure");
1084  break;
1085  case OBJECT_ROUTINE:
1086  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
1087  errormsg = gettext_noop("invalid privilege type %s for routine");
1088  break;
1089  case OBJECT_TYPE:
1090  all_privileges = ACL_ALL_RIGHTS_TYPE;
1091  errormsg = gettext_noop("invalid privilege type %s for type");
1092  break;
1093  case OBJECT_SCHEMA:
1094  all_privileges = ACL_ALL_RIGHTS_SCHEMA;
1095  errormsg = gettext_noop("invalid privilege type %s for schema");
1096  break;
1097  default:
1098  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
1099  (int) action->objtype);
1100  /* keep compiler quiet */
1101  all_privileges = ACL_NO_RIGHTS;
1102  errormsg = NULL;
1103  }
1104 
1105  if (action->privileges == NIL)
1106  {
1107  iacls.all_privs = true;
1108 
1109  /*
1110  * will be turned into ACL_ALL_RIGHTS_* by the internal routines
1111  * depending on the object type
1112  */
1113  iacls.privileges = ACL_NO_RIGHTS;
1114  }
1115  else
1116  {
1117  iacls.all_privs = false;
1118  iacls.privileges = ACL_NO_RIGHTS;
1119 
1120  foreach(cell, action->privileges)
1121  {
1122  AccessPriv *privnode = (AccessPriv *) lfirst(cell);
1123  AclMode priv;
1124 
1125  if (privnode->cols)
1126  ereport(ERROR,
1127  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1128  errmsg("default privileges cannot be set for columns")));
1129 
1130  if (privnode->priv_name == NULL) /* parser mistake? */
1131  elog(ERROR, "AccessPriv node must specify privilege");
1132  priv = string_to_privilege(privnode->priv_name);
1133 
1134  if (priv & ~((AclMode) all_privileges))
1135  ereport(ERROR,
1136  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1137  errmsg(errormsg, privilege_to_string(priv))));
1138 
1139  iacls.privileges |= priv;
1140  }
1141  }
1142 
1143  if (rolespecs == NIL)
1144  {
1145  /* Set permissions for myself */
1146  iacls.roleid = GetUserId();
1147 
1148  SetDefaultACLsInSchemas(&iacls, nspnames);
1149  }
1150  else
1151  {
1152  /* Look up the role OIDs and do permissions checks */
1153  ListCell *rolecell;
1154 
1155  foreach(rolecell, rolespecs)
1156  {
1157  RoleSpec *rolespec = lfirst(rolecell);
1158 
1159  iacls.roleid = get_rolespec_oid(rolespec, false);
1160 
1161  if (!has_privs_of_role(GetUserId(), iacls.roleid))
1162  ereport(ERROR,
1163  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1164  errmsg("permission denied to change default privileges")));
1165 
1166  SetDefaultACLsInSchemas(&iacls, nspnames);
1167  }
1168  }
1169 }
bool has_privs_of_role(Oid member, Oid role)
Definition: acl.c:5060
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
Definition: acl.c:5380
#define ACL_ALL_RIGHTS_SCHEMA
Definition: acl.h:168
#define ACL_ALL_RIGHTS_SEQUENCE
Definition: acl.h:160
#define ACL_ALL_RIGHTS_FUNCTION
Definition: acl.h:164
#define ACL_ALL_RIGHTS_TYPE
Definition: acl.h:170
#define ACL_ALL_RIGHTS_RELATION
Definition: acl.h:159
#define ACL_ID_PUBLIC
Definition: acl.h:46
static AclMode string_to_privilege(const char *privname)
Definition: aclchk.c:2615
static void SetDefaultACLsInSchemas(InternalDefaultACL *iacls, List *nspnames)
Definition: aclchk.c:1177
static const char * privilege_to_string(AclMode privilege)
Definition: aclchk.c:2656
void errorConflictingDefElem(DefElem *defel, ParseState *pstate)
Definition: define.c:385
#define stmt
Definition: indent_codes.h:59
if(TABLE==NULL||TABLE_index==NULL)
Definition: isn.c:77
List * lappend_oid(List *list, Oid datum)
Definition: list.c:375
Oid GetUserId(void)
Definition: miscinit.c:511
@ ROLESPEC_PUBLIC
Definition: parsenodes.h:388
uint64 AclMode
Definition: parsenodes.h:74
#define ACL_NO_RIGHTS
Definition: parsenodes.h:91
#define lfirst(lc)
Definition: pg_list.h:172
#define NIL
Definition: pg_list.h:68
char * priv_name
Definition: parsenodes.h:2381
List * cols
Definition: parsenodes.h:2382
char * defname
Definition: parsenodes.h:802
Node * arg
Definition: parsenodes.h:803
AclMode privileges
Definition: aclchk.c:115
List * grantees
Definition: aclchk.c:116
DropBehavior behavior
Definition: aclchk.c:118
ObjectType objtype
Definition: aclchk.c:113
Definition: pg_list.h:54
RoleSpecType roletype
Definition: parsenodes.h:394

References ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TYPE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, generate_unaccent_rules::action, InternalDefaultACL::all_privs, DefElem::arg, InternalDefaultACL::behavior, AccessPriv::cols, DefElem::defname, elog(), ereport, errcode(), errmsg(), ERROR, errorConflictingDefElem(), get_rolespec_oid(), gettext_noop, GetUserId(), InternalDefaultACL::grant_option, InternalDefaultACL::grantees, has_privs_of_role(), if(), InternalDefaultACL::is_grant, lappend_oid(), lfirst, NIL, OBJECT_FUNCTION, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TYPE, InternalDefaultACL::objtype, AccessPriv::priv_name, privilege_to_string(), InternalDefaultACL::privileges, InternalDefaultACL::roleid, ROLESPEC_PUBLIC, RoleSpec::roletype, SetDefaultACLsInSchemas(), stmt, and string_to_privilege().

Referenced by ProcessUtilitySlow().

◆ ExecGrant_Attribute()

static void ExecGrant_Attribute ( InternalGrant istmt,
Oid  relOid,
const char *  relname,
AttrNumber  attnum,
Oid  ownerId,
AclMode  col_privileges,
Relation  attRelation,
const Acl old_rel_acl 
)
static

Definition at line 1684 of file aclchk.c.

1687 {
1688  HeapTuple attr_tuple;
1689  Form_pg_attribute pg_attribute_tuple;
1690  Acl *old_acl;
1691  Acl *new_acl;
1692  Acl *merged_acl;
1693  Datum aclDatum;
1694  bool isNull;
1695  Oid grantorId;
1696  AclMode avail_goptions;
1697  bool need_update;
1698  HeapTuple newtuple;
1699  Datum values[Natts_pg_attribute] = {0};
1700  bool nulls[Natts_pg_attribute] = {0};
1701  bool replaces[Natts_pg_attribute] = {0};
1702  int noldmembers;
1703  int nnewmembers;
1704  Oid *oldmembers;
1705  Oid *newmembers;
1706 
1707  attr_tuple = SearchSysCache2(ATTNUM,
1708  ObjectIdGetDatum(relOid),
1710  if (!HeapTupleIsValid(attr_tuple))
1711  elog(ERROR, "cache lookup failed for attribute %d of relation %u",
1712  attnum, relOid);
1713  pg_attribute_tuple = (Form_pg_attribute) GETSTRUCT(attr_tuple);
1714 
1715  /*
1716  * Get working copy of existing ACL. If there's no ACL, substitute the
1717  * proper default.
1718  */
1719  aclDatum = SysCacheGetAttr(ATTNUM, attr_tuple, Anum_pg_attribute_attacl,
1720  &isNull);
1721  if (isNull)
1722  {
1723  old_acl = acldefault(OBJECT_COLUMN, ownerId);
1724  /* There are no old member roles according to the catalogs */
1725  noldmembers = 0;
1726  oldmembers = NULL;
1727  }
1728  else
1729  {
1730  old_acl = DatumGetAclPCopy(aclDatum);
1731  /* Get the roles mentioned in the existing ACL */
1732  noldmembers = aclmembers(old_acl, &oldmembers);
1733  }
1734 
1735  /*
1736  * In select_best_grantor we should consider existing table-level ACL bits
1737  * as well as the per-column ACL. Build a new ACL that is their
1738  * concatenation. (This is a bit cheap and dirty compared to merging them
1739  * properly with no duplications, but it's all we need here.)
1740  */
1741  merged_acl = aclconcat(old_rel_acl, old_acl);
1742 
1743  /* Determine ID to do the grant as, and available grant options */
1744  select_best_grantor(GetUserId(), col_privileges,
1745  merged_acl, ownerId,
1746  &grantorId, &avail_goptions);
1747 
1748  pfree(merged_acl);
1749 
1750  /*
1751  * Restrict the privileges to what we can actually grant, and emit the
1752  * standards-mandated warning and error messages. Note: we don't track
1753  * whether the user actually used the ALL PRIVILEGES(columns) syntax for
1754  * each column; we just approximate it by whether all the possible
1755  * privileges are specified now. Since the all_privs flag only determines
1756  * whether a warning is issued, this seems close enough.
1757  */
1758  col_privileges =
1759  restrict_and_check_grant(istmt->is_grant, avail_goptions,
1760  (col_privileges == ACL_ALL_RIGHTS_COLUMN),
1761  col_privileges,
1762  relOid, grantorId, OBJECT_COLUMN,
1763  relname, attnum,
1764  NameStr(pg_attribute_tuple->attname));
1765 
1766  /*
1767  * Generate new ACL.
1768  */
1769  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
1770  istmt->grant_option,
1771  istmt->behavior, istmt->grantees,
1772  col_privileges, grantorId,
1773  ownerId);
1774 
1775  /*
1776  * We need the members of both old and new ACLs so we can correct the
1777  * shared dependency information.
1778  */
1779  nnewmembers = aclmembers(new_acl, &newmembers);
1780 
1781  /* finished building new ACL value, now insert it */
1782 
1783  /*
1784  * If the updated ACL is empty, we can set attacl to null, and maybe even
1785  * avoid an update of the pg_attribute row. This is worth testing because
1786  * we'll come through here multiple times for any relation-level REVOKE,
1787  * even if there were never any column GRANTs. Note we are assuming that
1788  * the "default" ACL state for columns is empty.
1789  */
1790  if (ACL_NUM(new_acl) > 0)
1791  {
1792  values[Anum_pg_attribute_attacl - 1] = PointerGetDatum(new_acl);
1793  need_update = true;
1794  }
1795  else
1796  {
1797  nulls[Anum_pg_attribute_attacl - 1] = true;
1798  need_update = !isNull;
1799  }
1800  replaces[Anum_pg_attribute_attacl - 1] = true;
1801 
1802  if (need_update)
1803  {
1804  newtuple = heap_modify_tuple(attr_tuple, RelationGetDescr(attRelation),
1805  values, nulls, replaces);
1806 
1807  CatalogTupleUpdate(attRelation, &newtuple->t_self, newtuple);
1808 
1809  /* Update initial privileges for extensions */
1810  recordExtensionInitPriv(relOid, RelationRelationId, attnum,
1811  ACL_NUM(new_acl) > 0 ? new_acl : NULL);
1812 
1813  /* Update the shared dependency ACL info */
1814  updateAclDependencies(RelationRelationId, relOid, attnum,
1815  ownerId,
1816  noldmembers, oldmembers,
1817  nnewmembers, newmembers);
1818  }
1819 
1820  pfree(new_acl);
1821 
1822  ReleaseSysCache(attr_tuple);
1823 }
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
Definition: acl.c:5270
int aclmembers(const Acl *acl, Oid **roleids)
Definition: acl.c:1508
Acl * aclconcat(const Acl *left_acl, const Acl *right_acl)
Definition: acl.c:451
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:777
#define ACL_ALL_RIGHTS_COLUMN
Definition: acl.h:158
#define ACL_NUM(ACL)
Definition: acl.h:108
#define DatumGetAclPCopy(X)
Definition: acl.h:121
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
Definition: aclchk.c:4640
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
Definition: aclchk.c:198
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
Definition: aclchk.c:257
static Datum values[MAXATTR]
Definition: bootstrap.c:156
#define NameStr(name)
Definition: c.h:735
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, const Datum *replValues, const bool *replIsnull, const bool *doReplace)
Definition: heaptuple.c:1210
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
#define GETSTRUCT(TUP)
Definition: htup_details.h:653
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:313
void pfree(void *pointer)
Definition: mcxt.c:1431
int16 attnum
Definition: pg_attribute.h:74
FormData_pg_attribute * Form_pg_attribute
Definition: pg_attribute.h:209
NameData relname
Definition: pg_class.h:38
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
Definition: pg_shdepend.c:482
static Datum PointerGetDatum(const void *X)
Definition: postgres.h:322
uintptr_t Datum
Definition: postgres.h:64
static Datum Int16GetDatum(int16 X)
Definition: postgres.h:172
static Datum ObjectIdGetDatum(Oid X)
Definition: postgres.h:252
#define RelationGetDescr(relation)
Definition: rel.h:530
ItemPointerData t_self
Definition: htup.h:65
DropBehavior behavior
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:267
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
Definition: syscache.c:480
HeapTuple SearchSysCache2(int cacheId, Datum key1, Datum key2)
Definition: syscache.c:230

References ACL_ALL_RIGHTS_COLUMN, ACL_NUM, aclconcat(), acldefault(), aclmembers(), attnum, InternalGrant::behavior, CatalogTupleUpdate(), DatumGetAclPCopy, elog(), ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, Int16GetDatum(), InternalGrant::is_grant, merge_acl_with_grant(), NameStr, OBJECT_COLUMN, ObjectIdGetDatum(), pfree(), PointerGetDatum(), recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), relname, restrict_and_check_grant(), SearchSysCache2(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, updateAclDependencies(), and values.

Referenced by ExecGrant_Relation().

◆ ExecGrant_common()

static void ExecGrant_common ( InternalGrant istmt,
Oid  classid,
AclMode  default_privs,
void(*)(InternalGrant *istmt, HeapTuple tuple)  object_check 
)
static

Definition at line 2157 of file aclchk.c.

2159 {
2160  int cacheid;
2161  Relation relation;
2162  ListCell *cell;
2163 
2164  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2165  istmt->privileges = default_privs;
2166 
2167  cacheid = get_object_catcache_oid(classid);
2168 
2169  relation = table_open(classid, RowExclusiveLock);
2170 
2171  foreach(cell, istmt->objects)
2172  {
2173  Oid objectid = lfirst_oid(cell);
2174  Datum aclDatum;
2175  Datum nameDatum;
2176  bool isNull;
2177  AclMode avail_goptions;
2178  AclMode this_privileges;
2179  Acl *old_acl;
2180  Acl *new_acl;
2181  Oid grantorId;
2182  Oid ownerId;
2183  HeapTuple tuple;
2184  HeapTuple newtuple;
2185  Datum *values = palloc0_array(Datum, RelationGetDescr(relation)->natts);
2186  bool *nulls = palloc0_array(bool, RelationGetDescr(relation)->natts);
2187  bool *replaces = palloc0_array(bool, RelationGetDescr(relation)->natts);
2188  int noldmembers;
2189  int nnewmembers;
2190  Oid *oldmembers;
2191  Oid *newmembers;
2192 
2193  tuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objectid));
2194  if (!HeapTupleIsValid(tuple))
2195  elog(ERROR, "cache lookup failed for %s %u", get_object_class_descr(classid), objectid);
2196 
2197  /*
2198  * Additional object-type-specific checks
2199  */
2200  if (object_check)
2201  object_check(istmt, tuple);
2202 
2203  /*
2204  * Get owner ID and working copy of existing ACL. If there's no ACL,
2205  * substitute the proper default.
2206  */
2207  ownerId = DatumGetObjectId(SysCacheGetAttrNotNull(cacheid,
2208  tuple,
2209  get_object_attnum_owner(classid)));
2210  aclDatum = SysCacheGetAttr(cacheid,
2211  tuple,
2212  get_object_attnum_acl(classid),
2213  &isNull);
2214  if (isNull)
2215  {
2216  old_acl = acldefault(get_object_type(classid, objectid), ownerId);
2217  /* There are no old member roles according to the catalogs */
2218  noldmembers = 0;
2219  oldmembers = NULL;
2220  }
2221  else
2222  {
2223  old_acl = DatumGetAclPCopy(aclDatum);
2224  /* Get the roles mentioned in the existing ACL */
2225  noldmembers = aclmembers(old_acl, &oldmembers);
2226  }
2227 
2228  /* Determine ID to do the grant as, and available grant options */
2230  old_acl, ownerId,
2231  &grantorId, &avail_goptions);
2232 
2233  nameDatum = SysCacheGetAttrNotNull(cacheid, tuple,
2234  get_object_attnum_name(classid));
2235 
2236  /*
2237  * Restrict the privileges to what we can actually grant, and emit the
2238  * standards-mandated warning and error messages.
2239  */
2240  this_privileges =
2241  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2242  istmt->all_privs, istmt->privileges,
2243  objectid, grantorId, get_object_type(classid, objectid),
2244  NameStr(*DatumGetName(nameDatum)),
2245  0, NULL);
2246 
2247  /*
2248  * Generate new ACL.
2249  */
2250  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2251  istmt->grant_option, istmt->behavior,
2252  istmt->grantees, this_privileges,
2253  grantorId, ownerId);
2254 
2255  /*
2256  * We need the members of both old and new ACLs so we can correct the
2257  * shared dependency information.
2258  */
2259  nnewmembers = aclmembers(new_acl, &newmembers);
2260 
2261  /* finished building new ACL value, now insert it */
2262  replaces[get_object_attnum_acl(classid) - 1] = true;
2263  values[get_object_attnum_acl(classid) - 1] = PointerGetDatum(new_acl);
2264 
2265  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
2266  nulls, replaces);
2267 
2268  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2269 
2270  /* Update initial privileges for extensions */
2271  recordExtensionInitPriv(objectid, classid, 0, new_acl);
2272 
2273  /* Update the shared dependency ACL info */
2274  updateAclDependencies(classid,
2275  objectid, 0,
2276  ownerId,
2277  noldmembers, oldmembers,
2278  nnewmembers, newmembers);
2279 
2280  ReleaseSysCache(tuple);
2281 
2282  pfree(new_acl);
2283 
2284  /* prevent error when processing duplicate objects */
2286  }
2287 
2288  table_close(relation, RowExclusiveLock);
2289 }
#define palloc0_array(type, count)
Definition: fe_memutils.h:65
#define RowExclusiveLock
Definition: lockdefs.h:38
AttrNumber get_object_attnum_owner(Oid class_id)
AttrNumber get_object_attnum_name(Oid class_id)
AttrNumber get_object_attnum_acl(Oid class_id)
int get_object_catcache_oid(Oid class_id)
ObjectType get_object_type(Oid class_id, Oid object_id)
const char * get_object_class_descr(Oid class_id)
#define lfirst_oid(lc)
Definition: pg_list.h:174
static Name DatumGetName(Datum X)
Definition: postgres.h:360
static Oid DatumGetObjectId(Datum X)
Definition: postgres.h:242
AclMode privileges
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:219
Datum SysCacheGetAttrNotNull(int cacheId, HeapTuple tup, AttrNumber attributeNumber)
Definition: syscache.c:511
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:126
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:40
void CommandCounterIncrement(void)
Definition: xact.c:1078

References ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, DatumGetName(), DatumGetObjectId(), elog(), ERROR, get_object_attnum_acl(), get_object_attnum_name(), get_object_attnum_owner(), get_object_catcache_oid(), get_object_class_descr(), get_object_type(), GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), NameStr, ObjectIdGetDatum(), InternalGrant::objects, palloc0_array, pfree(), PointerGetDatum(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), SysCacheGetAttrNotNull(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Language_check()

static void ExecGrant_Language_check ( InternalGrant istmt,
HeapTuple  tuple 
)
static

Definition at line 2292 of file aclchk.c.

2293 {
2294  Form_pg_language pg_language_tuple;
2295 
2296  pg_language_tuple = (Form_pg_language) GETSTRUCT(tuple);
2297 
2298  if (!pg_language_tuple->lanpltrusted)
2299  ereport(ERROR,
2300  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2301  errmsg("language \"%s\" is not trusted",
2302  NameStr(pg_language_tuple->lanname)),
2303  errdetail("GRANT and REVOKE are not allowed on untrusted languages, "
2304  "because only superusers can use untrusted languages.")));
2305 }
int errdetail(const char *fmt,...)
Definition: elog.c:1208
FormData_pg_language * Form_pg_language
Definition: pg_language.h:65

References ereport, errcode(), errdetail(), errmsg(), ERROR, GETSTRUCT, and NameStr.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Largeobject()

static void ExecGrant_Largeobject ( InternalGrant istmt)
static

Definition at line 2308 of file aclchk.c.

2309 {
2310  Relation relation;
2311  ListCell *cell;
2312 
2313  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2315 
2316  relation = table_open(LargeObjectMetadataRelationId,
2318 
2319  foreach(cell, istmt->objects)
2320  {
2321  Oid loid = lfirst_oid(cell);
2322  Form_pg_largeobject_metadata form_lo_meta;
2323  char loname[NAMEDATALEN];
2324  Datum aclDatum;
2325  bool isNull;
2326  AclMode avail_goptions;
2327  AclMode this_privileges;
2328  Acl *old_acl;
2329  Acl *new_acl;
2330  Oid grantorId;
2331  Oid ownerId;
2332  HeapTuple newtuple;
2333  Datum values[Natts_pg_largeobject_metadata] = {0};
2334  bool nulls[Natts_pg_largeobject_metadata] = {0};
2335  bool replaces[Natts_pg_largeobject_metadata] = {0};
2336  int noldmembers;
2337  int nnewmembers;
2338  Oid *oldmembers;
2339  Oid *newmembers;
2340  ScanKeyData entry[1];
2341  SysScanDesc scan;
2342  HeapTuple tuple;
2343 
2344  /* There's no syscache for pg_largeobject_metadata */
2345  ScanKeyInit(&entry[0],
2346  Anum_pg_largeobject_metadata_oid,
2347  BTEqualStrategyNumber, F_OIDEQ,
2348  ObjectIdGetDatum(loid));
2349 
2350  scan = systable_beginscan(relation,
2351  LargeObjectMetadataOidIndexId, true,
2352  NULL, 1, entry);
2353 
2354  tuple = systable_getnext(scan);
2355  if (!HeapTupleIsValid(tuple))
2356  elog(ERROR, "could not find tuple for large object %u", loid);
2357 
2358  form_lo_meta = (Form_pg_largeobject_metadata) GETSTRUCT(tuple);
2359 
2360  /*
2361  * Get owner ID and working copy of existing ACL. If there's no ACL,
2362  * substitute the proper default.
2363  */
2364  ownerId = form_lo_meta->lomowner;
2365  aclDatum = heap_getattr(tuple,
2366  Anum_pg_largeobject_metadata_lomacl,
2367  RelationGetDescr(relation), &isNull);
2368  if (isNull)
2369  {
2370  old_acl = acldefault(OBJECT_LARGEOBJECT, ownerId);
2371  /* There are no old member roles according to the catalogs */
2372  noldmembers = 0;
2373  oldmembers = NULL;
2374  }
2375  else
2376  {
2377  old_acl = DatumGetAclPCopy(aclDatum);
2378  /* Get the roles mentioned in the existing ACL */
2379  noldmembers = aclmembers(old_acl, &oldmembers);
2380  }
2381 
2382  /* Determine ID to do the grant as, and available grant options */
2384  old_acl, ownerId,
2385  &grantorId, &avail_goptions);
2386 
2387  /*
2388  * Restrict the privileges to what we can actually grant, and emit the
2389  * standards-mandated warning and error messages.
2390  */
2391  snprintf(loname, sizeof(loname), "large object %u", loid);
2392  this_privileges =
2393  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2394  istmt->all_privs, istmt->privileges,
2395  loid, grantorId, OBJECT_LARGEOBJECT,
2396  loname, 0, NULL);
2397 
2398  /*
2399  * Generate new ACL.
2400  */
2401  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2402  istmt->grant_option, istmt->behavior,
2403  istmt->grantees, this_privileges,
2404  grantorId, ownerId);
2405 
2406  /*
2407  * We need the members of both old and new ACLs so we can correct the
2408  * shared dependency information.
2409  */
2410  nnewmembers = aclmembers(new_acl, &newmembers);
2411 
2412  /* finished building new ACL value, now insert it */
2413  replaces[Anum_pg_largeobject_metadata_lomacl - 1] = true;
2414  values[Anum_pg_largeobject_metadata_lomacl - 1]
2415  = PointerGetDatum(new_acl);
2416 
2417  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
2418  values, nulls, replaces);
2419 
2420  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2421 
2422  /* Update initial privileges for extensions */
2423  recordExtensionInitPriv(loid, LargeObjectRelationId, 0, new_acl);
2424 
2425  /* Update the shared dependency ACL info */
2426  updateAclDependencies(LargeObjectRelationId,
2427  form_lo_meta->oid, 0,
2428  ownerId,
2429  noldmembers, oldmembers,
2430  nnewmembers, newmembers);
2431 
2432  systable_endscan(scan);
2433 
2434  pfree(new_acl);
2435 
2436  /* prevent error when processing duplicate objects */
2438  }
2439 
2440  table_close(relation, RowExclusiveLock);
2441 }
#define ACL_ALL_RIGHTS_LARGEOBJECT
Definition: acl.h:166
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:599
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:506
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:387
static Datum heap_getattr(HeapTuple tup, int attnum, TupleDesc tupleDesc, bool *isnull)
Definition: htup_details.h:792
#define NAMEDATALEN
FormData_pg_largeobject_metadata * Form_pg_largeobject_metadata
#define snprintf
Definition: port.h:238
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
#define BTEqualStrategyNumber
Definition: stratnum.h:31

References ACL_ALL_RIGHTS_LARGEOBJECT, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, BTEqualStrategyNumber, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog(), ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_getattr(), heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), NAMEDATALEN, OBJECT_LARGEOBJECT, ObjectIdGetDatum(), InternalGrant::objects, pfree(), PointerGetDatum(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, restrict_and_check_grant(), RowExclusiveLock, ScanKeyInit(), select_best_grantor(), snprintf, systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Parameter()

static void ExecGrant_Parameter ( InternalGrant istmt)
static

Definition at line 2472 of file aclchk.c.

2473 {
2474  Relation relation;
2475  ListCell *cell;
2476 
2477  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2479 
2480  relation = table_open(ParameterAclRelationId, RowExclusiveLock);
2481 
2482  foreach(cell, istmt->objects)
2483  {
2484  Oid parameterId = lfirst_oid(cell);
2485  Datum nameDatum;
2486  const char *parname;
2487  Datum aclDatum;
2488  bool isNull;
2489  AclMode avail_goptions;
2490  AclMode this_privileges;
2491  Acl *old_acl;
2492  Acl *new_acl;
2493  Oid grantorId;
2494  Oid ownerId;
2495  HeapTuple tuple;
2496  int noldmembers;
2497  int nnewmembers;
2498  Oid *oldmembers;
2499  Oid *newmembers;
2500 
2501  tuple = SearchSysCache1(PARAMETERACLOID, ObjectIdGetDatum(parameterId));
2502  if (!HeapTupleIsValid(tuple))
2503  elog(ERROR, "cache lookup failed for parameter ACL %u",
2504  parameterId);
2505 
2506  /* We'll need the GUC's name */
2507  nameDatum = SysCacheGetAttrNotNull(PARAMETERACLOID, tuple,
2508  Anum_pg_parameter_acl_parname);
2509  parname = TextDatumGetCString(nameDatum);
2510 
2511  /* Treat all parameters as belonging to the bootstrap superuser. */
2512  ownerId = BOOTSTRAP_SUPERUSERID;
2513 
2514  /*
2515  * Get working copy of existing ACL. If there's no ACL, substitute the
2516  * proper default.
2517  */
2518  aclDatum = SysCacheGetAttr(PARAMETERACLOID, tuple,
2519  Anum_pg_parameter_acl_paracl,
2520  &isNull);
2521 
2522  if (isNull)
2523  {
2524  old_acl = acldefault(istmt->objtype, ownerId);
2525  /* There are no old member roles according to the catalogs */
2526  noldmembers = 0;
2527  oldmembers = NULL;
2528  }
2529  else
2530  {
2531  old_acl = DatumGetAclPCopy(aclDatum);
2532  /* Get the roles mentioned in the existing ACL */
2533  noldmembers = aclmembers(old_acl, &oldmembers);
2534  }
2535 
2536  /* Determine ID to do the grant as, and available grant options */
2538  old_acl, ownerId,
2539  &grantorId, &avail_goptions);
2540 
2541  /*
2542  * Restrict the privileges to what we can actually grant, and emit the
2543  * standards-mandated warning and error messages.
2544  */
2545  this_privileges =
2546  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2547  istmt->all_privs, istmt->privileges,
2548  parameterId, grantorId,
2550  parname,
2551  0, NULL);
2552 
2553  /*
2554  * Generate new ACL.
2555  */
2556  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2557  istmt->grant_option, istmt->behavior,
2558  istmt->grantees, this_privileges,
2559  grantorId, ownerId);
2560 
2561  /*
2562  * We need the members of both old and new ACLs so we can correct the
2563  * shared dependency information.
2564  */
2565  nnewmembers = aclmembers(new_acl, &newmembers);
2566 
2567  /*
2568  * If the new ACL is equal to the default, we don't need the catalog
2569  * entry any longer. Delete it rather than updating it, to avoid
2570  * leaving a degenerate entry.
2571  */
2572  if (aclequal(new_acl, acldefault(istmt->objtype, ownerId)))
2573  {
2574  CatalogTupleDelete(relation, &tuple->t_self);
2575  }
2576  else
2577  {
2578  /* finished building new ACL value, now insert it */
2579  HeapTuple newtuple;
2580  Datum values[Natts_pg_parameter_acl] = {0};
2581  bool nulls[Natts_pg_parameter_acl] = {0};
2582  bool replaces[Natts_pg_parameter_acl] = {0};
2583 
2584  replaces[Anum_pg_parameter_acl_paracl - 1] = true;
2585  values[Anum_pg_parameter_acl_paracl - 1] = PointerGetDatum(new_acl);
2586 
2587  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
2588  values, nulls, replaces);
2589 
2590  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2591  }
2592 
2593  /* Update initial privileges for extensions */
2594  recordExtensionInitPriv(parameterId, ParameterAclRelationId, 0,
2595  new_acl);
2596 
2597  /* Update the shared dependency ACL info */
2598  updateAclDependencies(ParameterAclRelationId, parameterId, 0,
2599  ownerId,
2600  noldmembers, oldmembers,
2601  nnewmembers, newmembers);
2602 
2603  ReleaseSysCache(tuple);
2604  pfree(new_acl);
2605 
2606  /* prevent error when processing duplicate objects */
2608  }
2609 
2610  table_close(relation, RowExclusiveLock);
2611 }
bool aclequal(const Acl *left_acl, const Acl *right_acl)
Definition: acl.c:533
#define ACL_ALL_RIGHTS_PARAMETER_ACL
Definition: acl.h:167
#define TextDatumGetCString(d)
Definition: builtins.h:98
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
Definition: indexing.c:365
ObjectType objtype

References ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_NO_RIGHTS, acldefault(), aclequal(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleDelete(), CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog(), ERROR, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, merge_acl_with_grant(), OBJECT_PARAMETER_ACL, ObjectIdGetDatum(), InternalGrant::objects, InternalGrant::objtype, pfree(), PointerGetDatum(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), SysCacheGetAttrNotNull(), HeapTupleData::t_self, table_close(), table_open(), TextDatumGetCString, updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Relation()

static void ExecGrant_Relation ( InternalGrant istmt)
static

Definition at line 1829 of file aclchk.c.

1830 {
1831  Relation relation;
1832  Relation attRelation;
1833  ListCell *cell;
1834 
1835  relation = table_open(RelationRelationId, RowExclusiveLock);
1836  attRelation = table_open(AttributeRelationId, RowExclusiveLock);
1837 
1838  foreach(cell, istmt->objects)
1839  {
1840  Oid relOid = lfirst_oid(cell);
1841  Datum aclDatum;
1842  Form_pg_class pg_class_tuple;
1843  bool isNull;
1844  AclMode this_privileges;
1845  AclMode *col_privileges;
1846  int num_col_privileges;
1847  bool have_col_privileges;
1848  Acl *old_acl;
1849  Acl *old_rel_acl;
1850  int noldmembers;
1851  Oid *oldmembers;
1852  Oid ownerId;
1853  HeapTuple tuple;
1854  ListCell *cell_colprivs;
1855 
1856  tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(relOid));
1857  if (!HeapTupleIsValid(tuple))
1858  elog(ERROR, "cache lookup failed for relation %u", relOid);
1859  pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
1860 
1861  /* Not sensible to grant on an index */
1862  if (pg_class_tuple->relkind == RELKIND_INDEX ||
1863  pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX)
1864  ereport(ERROR,
1865  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1866  errmsg("\"%s\" is an index",
1867  NameStr(pg_class_tuple->relname))));
1868 
1869  /* Composite types aren't tables either */
1870  if (pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
1871  ereport(ERROR,
1872  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1873  errmsg("\"%s\" is a composite type",
1874  NameStr(pg_class_tuple->relname))));
1875 
1876  /* Used GRANT SEQUENCE on a non-sequence? */
1877  if (istmt->objtype == OBJECT_SEQUENCE &&
1878  pg_class_tuple->relkind != RELKIND_SEQUENCE)
1879  ereport(ERROR,
1880  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1881  errmsg("\"%s\" is not a sequence",
1882  NameStr(pg_class_tuple->relname))));
1883 
1884  /* Adjust the default permissions based on object type */
1885  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
1886  {
1887  if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1888  this_privileges = ACL_ALL_RIGHTS_SEQUENCE;
1889  else
1890  this_privileges = ACL_ALL_RIGHTS_RELATION;
1891  }
1892  else
1893  this_privileges = istmt->privileges;
1894 
1895  /*
1896  * The GRANT TABLE syntax can be used for sequences and non-sequences,
1897  * so we have to look at the relkind to determine the supported
1898  * permissions. The OR of table and sequence permissions were already
1899  * checked.
1900  */
1901  if (istmt->objtype == OBJECT_TABLE)
1902  {
1903  if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1904  {
1905  /*
1906  * For backward compatibility, just throw a warning for
1907  * invalid sequence permissions when using the non-sequence
1908  * GRANT syntax.
1909  */
1910  if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_SEQUENCE))
1911  {
1912  /*
1913  * Mention the object name because the user needs to know
1914  * which operations succeeded. This is required because
1915  * WARNING allows the command to continue.
1916  */
1917  ereport(WARNING,
1918  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1919  errmsg("sequence \"%s\" only supports USAGE, SELECT, and UPDATE privileges",
1920  NameStr(pg_class_tuple->relname))));
1921  this_privileges &= (AclMode) ACL_ALL_RIGHTS_SEQUENCE;
1922  }
1923  }
1924  else
1925  {
1926  if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_RELATION))
1927  {
1928  /*
1929  * USAGE is the only permission supported by sequences but
1930  * not by non-sequences. Don't mention the object name
1931  * because we didn't in the combined TABLE | SEQUENCE
1932  * check.
1933  */
1934  ereport(ERROR,
1935  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1936  errmsg("invalid privilege type %s for table",
1937  "USAGE")));
1938  }
1939  }
1940  }
1941 
1942  /*
1943  * Set up array in which we'll accumulate any column privilege bits
1944  * that need modification. The array is indexed such that entry [0]
1945  * corresponds to FirstLowInvalidHeapAttributeNumber.
1946  */
1947  num_col_privileges = pg_class_tuple->relnatts - FirstLowInvalidHeapAttributeNumber + 1;
1948  col_privileges = (AclMode *) palloc0(num_col_privileges * sizeof(AclMode));
1949  have_col_privileges = false;
1950 
1951  /*
1952  * If we are revoking relation privileges that are also column
1953  * privileges, we must implicitly revoke them from each column too,
1954  * per SQL spec. (We don't need to implicitly add column privileges
1955  * during GRANT because the permissions-checking code always checks
1956  * both relation and per-column privileges.)
1957  */
1958  if (!istmt->is_grant &&
1959  (this_privileges & ACL_ALL_RIGHTS_COLUMN) != 0)
1960  {
1961  expand_all_col_privileges(relOid, pg_class_tuple,
1962  this_privileges & ACL_ALL_RIGHTS_COLUMN,
1963  col_privileges,
1964  num_col_privileges);
1965  have_col_privileges = true;
1966  }
1967 
1968  /*
1969  * Get owner ID and working copy of existing ACL. If there's no ACL,
1970  * substitute the proper default.
1971  */
1972  ownerId = pg_class_tuple->relowner;
1973  aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
1974  &isNull);
1975  if (isNull)
1976  {
1977  switch (pg_class_tuple->relkind)
1978  {
1979  case RELKIND_SEQUENCE:
1980  old_acl = acldefault(OBJECT_SEQUENCE, ownerId);
1981  break;
1982  default:
1983  old_acl = acldefault(OBJECT_TABLE, ownerId);
1984  break;
1985  }
1986  /* There are no old member roles according to the catalogs */
1987  noldmembers = 0;
1988  oldmembers = NULL;
1989  }
1990  else
1991  {
1992  old_acl = DatumGetAclPCopy(aclDatum);
1993  /* Get the roles mentioned in the existing ACL */
1994  noldmembers = aclmembers(old_acl, &oldmembers);
1995  }
1996 
1997  /* Need an extra copy of original rel ACL for column handling */
1998  old_rel_acl = aclcopy(old_acl);
1999 
2000  /*
2001  * Handle relation-level privileges, if any were specified
2002  */
2003  if (this_privileges != ACL_NO_RIGHTS)
2004  {
2005  AclMode avail_goptions;
2006  Acl *new_acl;
2007  Oid grantorId;
2008  HeapTuple newtuple;
2009  Datum values[Natts_pg_class] = {0};
2010  bool nulls[Natts_pg_class] = {0};
2011  bool replaces[Natts_pg_class] = {0};
2012  int nnewmembers;
2013  Oid *newmembers;
2014  ObjectType objtype;
2015 
2016  /* Determine ID to do the grant as, and available grant options */
2017  select_best_grantor(GetUserId(), this_privileges,
2018  old_acl, ownerId,
2019  &grantorId, &avail_goptions);
2020 
2021  switch (pg_class_tuple->relkind)
2022  {
2023  case RELKIND_SEQUENCE:
2024  objtype = OBJECT_SEQUENCE;
2025  break;
2026  default:
2027  objtype = OBJECT_TABLE;
2028  break;
2029  }
2030 
2031  /*
2032  * Restrict the privileges to what we can actually grant, and emit
2033  * the standards-mandated warning and error messages.
2034  */
2035  this_privileges =
2036  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2037  istmt->all_privs, this_privileges,
2038  relOid, grantorId, objtype,
2039  NameStr(pg_class_tuple->relname),
2040  0, NULL);
2041 
2042  /*
2043  * Generate new ACL.
2044  */
2045  new_acl = merge_acl_with_grant(old_acl,
2046  istmt->is_grant,
2047  istmt->grant_option,
2048  istmt->behavior,
2049  istmt->grantees,
2050  this_privileges,
2051  grantorId,
2052  ownerId);
2053 
2054  /*
2055  * We need the members of both old and new ACLs so we can correct
2056  * the shared dependency information.
2057  */
2058  nnewmembers = aclmembers(new_acl, &newmembers);
2059 
2060  /* finished building new ACL value, now insert it */
2061  replaces[Anum_pg_class_relacl - 1] = true;
2062  values[Anum_pg_class_relacl - 1] = PointerGetDatum(new_acl);
2063 
2064  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
2065  values, nulls, replaces);
2066 
2067  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2068 
2069  /* Update initial privileges for extensions */
2070  recordExtensionInitPriv(relOid, RelationRelationId, 0, new_acl);
2071 
2072  /* Update the shared dependency ACL info */
2073  updateAclDependencies(RelationRelationId, relOid, 0,
2074  ownerId,
2075  noldmembers, oldmembers,
2076  nnewmembers, newmembers);
2077 
2078  pfree(new_acl);
2079  }
2080 
2081  /*
2082  * Handle column-level privileges, if any were specified or implied.
2083  * We first expand the user-specified column privileges into the
2084  * array, and then iterate over all nonempty array entries.
2085  */
2086  foreach(cell_colprivs, istmt->col_privs)
2087  {
2088  AccessPriv *col_privs = (AccessPriv *) lfirst(cell_colprivs);
2089 
2090  if (col_privs->priv_name == NULL)
2091  this_privileges = ACL_ALL_RIGHTS_COLUMN;
2092  else
2093  this_privileges = string_to_privilege(col_privs->priv_name);
2094 
2095  if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_COLUMN))
2096  ereport(ERROR,
2097  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2098  errmsg("invalid privilege type %s for column",
2099  privilege_to_string(this_privileges))));
2100 
2101  if (pg_class_tuple->relkind == RELKIND_SEQUENCE &&
2102  this_privileges & ~((AclMode) ACL_SELECT))
2103  {
2104  /*
2105  * The only column privilege allowed on sequences is SELECT.
2106  * This is a warning not error because we do it that way for
2107  * relation-level privileges.
2108  */
2109  ereport(WARNING,
2110  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2111  errmsg("sequence \"%s\" only supports SELECT column privileges",
2112  NameStr(pg_class_tuple->relname))));
2113 
2114  this_privileges &= (AclMode) ACL_SELECT;
2115  }
2116 
2117  expand_col_privileges(col_privs->cols, relOid,
2118  this_privileges,
2119  col_privileges,
2120  num_col_privileges);
2121  have_col_privileges = true;
2122  }
2123 
2124  if (have_col_privileges)
2125  {
2126  AttrNumber i;
2127 
2128  for (i = 0; i < num_col_privileges; i++)
2129  {
2130  if (col_privileges[i] == ACL_NO_RIGHTS)
2131  continue;
2132  ExecGrant_Attribute(istmt,
2133  relOid,
2134  NameStr(pg_class_tuple->relname),
2136  ownerId,
2137  col_privileges[i],
2138  attRelation,
2139  old_rel_acl);
2140  }
2141  }
2142 
2143  pfree(old_rel_acl);
2144  pfree(col_privileges);
2145 
2146  ReleaseSysCache(tuple);
2147 
2148  /* prevent error when processing duplicate objects */
2150  }
2151 
2152  table_close(attRelation, RowExclusiveLock);
2153  table_close(relation, RowExclusiveLock);
2154 }
Acl * aclcopy(const Acl *orig_acl)
Definition: acl.c:431
static void expand_all_col_privileges(Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
Definition: aclchk.c:1638
static void expand_col_privileges(List *colnames, Oid table_oid, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
Definition: aclchk.c:1605
static void ExecGrant_Attribute(InternalGrant *istmt, Oid relOid, const char *relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)
Definition: aclchk.c:1684
int16 AttrNumber
Definition: attnum.h:21
#define WARNING
Definition: elog.h:36
int i
Definition: isn.c:73
void * palloc0(Size size)
Definition: mcxt.c:1232
ObjectType
Definition: parsenodes.h:2095
#define ACL_SELECT
Definition: parsenodes.h:77
FormData_pg_class * Form_pg_class
Definition: pg_class.h:153
#define FirstLowInvalidHeapAttributeNumber
Definition: sysattr.h:27

References ACL_ALL_RIGHTS_COLUMN, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SEQUENCE, ACL_NO_RIGHTS, ACL_SELECT, aclcopy(), acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), InternalGrant::col_privs, AccessPriv::cols, CommandCounterIncrement(), DatumGetAclPCopy, elog(), ereport, errcode(), errmsg(), ERROR, ExecGrant_Attribute(), expand_all_col_privileges(), expand_col_privileges(), FirstLowInvalidHeapAttributeNumber, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, i, InternalGrant::is_grant, lfirst, lfirst_oid, merge_acl_with_grant(), NameStr, OBJECT_SEQUENCE, OBJECT_TABLE, ObjectIdGetDatum(), InternalGrant::objects, InternalGrant::objtype, palloc0(), pfree(), PointerGetDatum(), AccessPriv::priv_name, privilege_to_string(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), string_to_privilege(), SysCacheGetAttr(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), values, and WARNING.

Referenced by ExecGrantStmt_oids().

◆ ExecGrant_Type_check()

static void ExecGrant_Type_check ( InternalGrant istmt,
HeapTuple  tuple 
)
static

Definition at line 2444 of file aclchk.c.

2445 {
2446  Form_pg_type pg_type_tuple;
2447 
2448  pg_type_tuple = (Form_pg_type) GETSTRUCT(tuple);
2449 
2450  /* Disallow GRANT on dependent types */
2451  if (IsTrueArrayType(pg_type_tuple))
2452  ereport(ERROR,
2453  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2454  errmsg("cannot set privileges of array types"),
2455  errhint("Set the privileges of the element type instead.")));
2456  if (pg_type_tuple->typtype == TYPTYPE_MULTIRANGE)
2457  ereport(ERROR,
2458  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2459  errmsg("cannot set privileges of multirange types"),
2460  errhint("Set the privileges of the range type instead.")));
2461 
2462  /* Used GRANT DOMAIN on a non-domain? */
2463  if (istmt->objtype == OBJECT_DOMAIN &&
2464  pg_type_tuple->typtype != TYPTYPE_DOMAIN)
2465  ereport(ERROR,
2466  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2467  errmsg("\"%s\" is not a domain",
2468  NameStr(pg_type_tuple->typname))));
2469 }
int errhint(const char *fmt,...)
Definition: elog.c:1322
FormData_pg_type * Form_pg_type
Definition: pg_type.h:261

References ereport, errcode(), errhint(), errmsg(), ERROR, GETSTRUCT, NameStr, OBJECT_DOMAIN, and InternalGrant::objtype.

Referenced by ExecGrantStmt_oids().

◆ ExecGrantStmt_oids()

static void ExecGrantStmt_oids ( InternalGrant istmt)
static

Definition at line 618 of file aclchk.c.

619 {
620  switch (istmt->objtype)
621  {
622  case OBJECT_TABLE:
623  case OBJECT_SEQUENCE:
624  ExecGrant_Relation(istmt);
625  break;
626  case OBJECT_DATABASE:
627  ExecGrant_common(istmt, DatabaseRelationId, ACL_ALL_RIGHTS_DATABASE, NULL);
628  break;
629  case OBJECT_DOMAIN:
630  case OBJECT_TYPE:
632  break;
633  case OBJECT_FDW:
634  ExecGrant_common(istmt, ForeignDataWrapperRelationId, ACL_ALL_RIGHTS_FDW, NULL);
635  break;
637  ExecGrant_common(istmt, ForeignServerRelationId, ACL_ALL_RIGHTS_FOREIGN_SERVER, NULL);
638  break;
639  case OBJECT_FUNCTION:
640  case OBJECT_PROCEDURE:
641  case OBJECT_ROUTINE:
642  ExecGrant_common(istmt, ProcedureRelationId, ACL_ALL_RIGHTS_FUNCTION, NULL);
643  break;
644  case OBJECT_LANGUAGE:
646  break;
647  case OBJECT_LARGEOBJECT:
648  ExecGrant_Largeobject(istmt);
649  break;
650  case OBJECT_SCHEMA:
651  ExecGrant_common(istmt, NamespaceRelationId, ACL_ALL_RIGHTS_SCHEMA, NULL);
652  break;
653  case OBJECT_TABLESPACE:
654  ExecGrant_common(istmt, TableSpaceRelationId, ACL_ALL_RIGHTS_TABLESPACE, NULL);
655  break;
657  ExecGrant_Parameter(istmt);
658  break;
659  default:
660  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
661  (int) istmt->objtype);
662  }
663 
664  /*
665  * Pass the info to event triggers about the just-executed GRANT. Note
666  * that we prefer to do it after actually executing it, because that gives
667  * the functions a chance to adjust the istmt with privileges actually
668  * granted.
669  */
672 }
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
Definition: acl.h:163
#define ACL_ALL_RIGHTS_TABLESPACE
Definition: acl.h:169
#define ACL_ALL_RIGHTS_DATABASE
Definition: acl.h:161
#define ACL_ALL_RIGHTS_LANGUAGE
Definition: acl.h:165
#define ACL_ALL_RIGHTS_FDW
Definition: acl.h:162
static void ExecGrant_Type_check(InternalGrant *istmt, HeapTuple tuple)
Definition: aclchk.c:2444
static void ExecGrant_common(InternalGrant *istmt, Oid classid, AclMode default_privs, void(*object_check)(InternalGrant *istmt, HeapTuple tuple))
Definition: aclchk.c:2157
static void ExecGrant_Largeobject(InternalGrant *istmt)
Definition: aclchk.c:2308
static void ExecGrant_Parameter(InternalGrant *istmt)
Definition: aclchk.c:2472
static void ExecGrant_Relation(InternalGrant *istmt)
Definition: aclchk.c:1829
static void ExecGrant_Language_check(InternalGrant *istmt, HeapTuple tuple)
Definition: aclchk.c:2292
bool EventTriggerSupportsObjectType(ObjectType obtype)
void EventTriggerCollectGrant(InternalGrant *istmt)

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, elog(), ERROR, EventTriggerCollectGrant(), EventTriggerSupportsObjectType(), ExecGrant_common(), ExecGrant_Language_check(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), ExecGrant_Type_check(), OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, and InternalGrant::objtype.

Referenced by ExecuteGrantStmt(), and RemoveRoleFromObjectACL().

◆ ExecuteGrantStmt()

void ExecuteGrantStmt ( GrantStmt stmt)

Definition at line 408 of file aclchk.c.

409 {
410  InternalGrant istmt;
411  ListCell *cell;
412  const char *errormsg;
413  AclMode all_privileges;
414 
415  if (stmt->grantor)
416  {
417  Oid grantor;
418 
419  grantor = get_rolespec_oid(stmt->grantor, false);
420 
421  /*
422  * Currently, this clause is only for SQL compatibility, not very
423  * interesting otherwise.
424  */
425  if (grantor != GetUserId())
426  ereport(ERROR,
427  (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
428  errmsg("grantor must be current user")));
429  }
430 
431  /*
432  * Turn the regular GrantStmt into the InternalGrant form.
433  */
434  istmt.is_grant = stmt->is_grant;
435  istmt.objtype = stmt->objtype;
436 
437  /* Collect the OIDs of the target objects */
438  switch (stmt->targtype)
439  {
440  case ACL_TARGET_OBJECT:
441  istmt.objects = objectNamesToOids(stmt->objtype, stmt->objects,
442  stmt->is_grant);
443  break;
445  istmt.objects = objectsInSchemaToOids(stmt->objtype, stmt->objects);
446  break;
447  /* ACL_TARGET_DEFAULTS should not be seen here */
448  default:
449  elog(ERROR, "unrecognized GrantStmt.targtype: %d",
450  (int) stmt->targtype);
451  }
452 
453  /* all_privs to be filled below */
454  /* privileges to be filled below */
455  istmt.col_privs = NIL; /* may get filled below */
456  istmt.grantees = NIL; /* filled below */
457  istmt.grant_option = stmt->grant_option;
458  istmt.behavior = stmt->behavior;
459 
460  /*
461  * Convert the RoleSpec list into an Oid list. Note that at this point we
462  * insert an ACL_ID_PUBLIC into the list if appropriate, so downstream
463  * there shouldn't be any additional work needed to support this case.
464  */
465  foreach(cell, stmt->grantees)
466  {
467  RoleSpec *grantee = (RoleSpec *) lfirst(cell);
468  Oid grantee_uid;
469 
470  switch (grantee->roletype)
471  {
472  case ROLESPEC_PUBLIC:
473  grantee_uid = ACL_ID_PUBLIC;
474  break;
475  default:
476  grantee_uid = get_rolespec_oid(grantee, false);
477  break;
478  }
479  istmt.grantees = lappend_oid(istmt.grantees, grantee_uid);
480  }
481 
482  /*
483  * Convert stmt->privileges, a list of AccessPriv nodes, into an AclMode
484  * bitmask. Note: objtype can't be OBJECT_COLUMN.
485  */
486  switch (stmt->objtype)
487  {
488  case OBJECT_TABLE:
489 
490  /*
491  * Because this might be a sequence, we test both relation and
492  * sequence bits, and later do a more limited test when we know
493  * the object type.
494  */
496  errormsg = gettext_noop("invalid privilege type %s for relation");
497  break;
498  case OBJECT_SEQUENCE:
499  all_privileges = ACL_ALL_RIGHTS_SEQUENCE;
500  errormsg = gettext_noop("invalid privilege type %s for sequence");
501  break;
502  case OBJECT_DATABASE:
503  all_privileges = ACL_ALL_RIGHTS_DATABASE;
504  errormsg = gettext_noop("invalid privilege type %s for database");
505  break;
506  case OBJECT_DOMAIN:
507  all_privileges = ACL_ALL_RIGHTS_TYPE;
508  errormsg = gettext_noop("invalid privilege type %s for domain");
509  break;
510  case OBJECT_FUNCTION:
511  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
512  errormsg = gettext_noop("invalid privilege type %s for function");
513  break;
514  case OBJECT_LANGUAGE:
515  all_privileges = ACL_ALL_RIGHTS_LANGUAGE;
516  errormsg = gettext_noop("invalid privilege type %s for language");
517  break;
518  case OBJECT_LARGEOBJECT:
519  all_privileges = ACL_ALL_RIGHTS_LARGEOBJECT;
520  errormsg = gettext_noop("invalid privilege type %s for large object");
521  break;
522  case OBJECT_SCHEMA:
523  all_privileges = ACL_ALL_RIGHTS_SCHEMA;
524  errormsg = gettext_noop("invalid privilege type %s for schema");
525  break;
526  case OBJECT_PROCEDURE:
527  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
528  errormsg = gettext_noop("invalid privilege type %s for procedure");
529  break;
530  case OBJECT_ROUTINE:
531  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
532  errormsg = gettext_noop("invalid privilege type %s for routine");
533  break;
534  case OBJECT_TABLESPACE:
535  all_privileges = ACL_ALL_RIGHTS_TABLESPACE;
536  errormsg = gettext_noop("invalid privilege type %s for tablespace");
537  break;
538  case OBJECT_TYPE:
539  all_privileges = ACL_ALL_RIGHTS_TYPE;
540  errormsg = gettext_noop("invalid privilege type %s for type");
541  break;
542  case OBJECT_FDW:
543  all_privileges = ACL_ALL_RIGHTS_FDW;
544  errormsg = gettext_noop("invalid privilege type %s for foreign-data wrapper");
545  break;
547  all_privileges = ACL_ALL_RIGHTS_FOREIGN_SERVER;
548  errormsg = gettext_noop("invalid privilege type %s for foreign server");
549  break;
551  all_privileges = ACL_ALL_RIGHTS_PARAMETER_ACL;
552  errormsg = gettext_noop("invalid privilege type %s for parameter");
553  break;
554  default:
555  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
556  (int) stmt->objtype);
557  /* keep compiler quiet */
558  all_privileges = ACL_NO_RIGHTS;
559  errormsg = NULL;
560  }
561 
562  if (stmt->privileges == NIL)
563  {
564  istmt.all_privs = true;
565 
566  /*
567  * will be turned into ACL_ALL_RIGHTS_* by the internal routines
568  * depending on the object type
569  */
570  istmt.privileges = ACL_NO_RIGHTS;
571  }
572  else
573  {
574  istmt.all_privs = false;
575  istmt.privileges = ACL_NO_RIGHTS;
576 
577  foreach(cell, stmt->privileges)
578  {
579  AccessPriv *privnode = (AccessPriv *) lfirst(cell);
580  AclMode priv;
581 
582  /*
583  * If it's a column-level specification, we just set it aside in
584  * col_privs for the moment; but insist it's for a relation.
585  */
586  if (privnode->cols)
587  {
588  if (stmt->objtype != OBJECT_TABLE)
589  ereport(ERROR,
590  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
591  errmsg("column privileges are only valid for relations")));
592  istmt.col_privs = lappend(istmt.col_privs, privnode);
593  continue;
594  }
595 
596  if (privnode->priv_name == NULL) /* parser mistake? */
597  elog(ERROR, "AccessPriv node must specify privilege or columns");
598  priv = string_to_privilege(privnode->priv_name);
599 
600  if (priv & ~((AclMode) all_privileges))
601  ereport(ERROR,
602  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
603  errmsg(errormsg, privilege_to_string(priv))));
604 
605  istmt.privileges |= priv;
606  }
607  }
608 
609  ExecGrantStmt_oids(&istmt);
610 }
static void ExecGrantStmt_oids(InternalGrant *istmt)
Definition: aclchk.c:618
static List * objectNamesToOids(ObjectType objtype, List *objnames, bool is_grant)
Definition: aclchk.c:685
static List * objectsInSchemaToOids(ObjectType objtype, List *nspnames)
Definition: aclchk.c:865
List * lappend(List *list, void *datum)
Definition: list.c:339
@ ACL_TARGET_OBJECT
Definition: parsenodes.h:2324
@ ACL_TARGET_ALL_IN_SCHEMA
Definition: parsenodes.h:2325

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_LARGEOBJECT, ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, ACL_TARGET_ALL_IN_SCHEMA, ACL_TARGET_OBJECT, InternalGrant::all_privs, InternalGrant::behavior, InternalGrant::col_privs, AccessPriv::cols, elog(), ereport, errcode(), errmsg(), ERROR, ExecGrantStmt_oids(), get_rolespec_oid(), gettext_noop, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, InternalGrant::is_grant, lappend(), lappend_oid(), lfirst, NIL, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, objectNamesToOids(), InternalGrant::objects, objectsInSchemaToOids(), InternalGrant::objtype, AccessPriv::priv_name, privilege_to_string(), InternalGrant::privileges, ROLESPEC_PUBLIC, RoleSpec::roletype, stmt, and string_to_privilege().

Referenced by ProcessUtilitySlow(), and standard_ProcessUtility().

◆ expand_all_col_privileges()

static void expand_all_col_privileges ( Oid  table_oid,
Form_pg_class  classForm,
AclMode  this_privileges,
AclMode col_privileges,
int  num_col_privileges 
)
static

Definition at line 1638 of file aclchk.c.

1642 {
1643  AttrNumber curr_att;
1644 
1645  Assert(classForm->relnatts - FirstLowInvalidHeapAttributeNumber < num_col_privileges);
1646  for (curr_att = FirstLowInvalidHeapAttributeNumber + 1;
1647  curr_att <= classForm->relnatts;
1648  curr_att++)
1649  {
1650  HeapTuple attTuple;
1651  bool isdropped;
1652 
1653  if (curr_att == InvalidAttrNumber)
1654  continue;
1655 
1656  /* Views don't have any system columns at all */
1657  if (classForm->relkind == RELKIND_VIEW && curr_att < 0)
1658  continue;
1659 
1660  attTuple = SearchSysCache2(ATTNUM,
1661  ObjectIdGetDatum(table_oid),
1662  Int16GetDatum(curr_att));
1663  if (!HeapTupleIsValid(attTuple))
1664  elog(ERROR, "cache lookup failed for attribute %d of relation %u",
1665  curr_att, table_oid);
1666 
1667  isdropped = ((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped;
1668 
1669  ReleaseSysCache(attTuple);
1670 
1671  /* ignore dropped columns */
1672  if (isdropped)
1673  continue;
1674 
1675  col_privileges[curr_att - FirstLowInvalidHeapAttributeNumber] |= this_privileges;
1676  }
1677 }
#define InvalidAttrNumber
Definition: attnum.h:23
Assert(fmt[strlen(fmt) - 1] !='\n')

References Assert(), elog(), ERROR, FirstLowInvalidHeapAttributeNumber, GETSTRUCT, HeapTupleIsValid, Int16GetDatum(), InvalidAttrNumber, ObjectIdGetDatum(), ReleaseSysCache(), and SearchSysCache2().

Referenced by ExecGrant_Relation().

◆ expand_col_privileges()

static void expand_col_privileges ( List colnames,
Oid  table_oid,
AclMode  this_privileges,
AclMode col_privileges,
int  num_col_privileges 
)
static

Definition at line 1605 of file aclchk.c.

1609 {
1610  ListCell *cell;
1611 
1612  foreach(cell, colnames)
1613  {
1614  char *colname = strVal(lfirst(cell));
1616 
1617  attnum = get_attnum(table_oid, colname);
1618  if (attnum == InvalidAttrNumber)
1619  ereport(ERROR,
1620  (errcode(ERRCODE_UNDEFINED_COLUMN),
1621  errmsg("column \"%s\" of relation \"%s\" does not exist",
1622  colname, get_rel_name(table_oid))));
1624  if (attnum <= 0 || attnum >= num_col_privileges)
1625  elog(ERROR, "column number out of range"); /* safety check */
1626  col_privileges[attnum] |= this_privileges;
1627  }
1628 }
AttrNumber get_attnum(Oid relid, const char *attname)
Definition: lsyscache.c:857
char * get_rel_name(Oid relid)
Definition: lsyscache.c:1905
#define strVal(v)
Definition: value.h:82

References attnum, elog(), ereport, errcode(), errmsg(), ERROR, FirstLowInvalidHeapAttributeNumber, get_attnum(), get_rel_name(), InvalidAttrNumber, lfirst, and strVal.

Referenced by ExecGrant_Relation().

◆ get_default_acl_internal()

static Acl* get_default_acl_internal ( Oid  roleId,
Oid  nsp_oid,
char  objtype 
)
static

Definition at line 4256 of file aclchk.c.

4257 {
4258  Acl *result = NULL;
4259  HeapTuple tuple;
4260 
4261  tuple = SearchSysCache3(DEFACLROLENSPOBJ,
4262  ObjectIdGetDatum(roleId),
4263  ObjectIdGetDatum(nsp_oid),
4264  CharGetDatum(objtype));
4265 
4266  if (HeapTupleIsValid(tuple))
4267  {
4268  Datum aclDatum;
4269  bool isNull;
4270 
4271  aclDatum = SysCacheGetAttr(DEFACLROLENSPOBJ, tuple,
4272  Anum_pg_default_acl_defaclacl,
4273  &isNull);
4274  if (!isNull)
4275  result = DatumGetAclPCopy(aclDatum);
4276  ReleaseSysCache(tuple);
4277  }
4278 
4279  return result;
4280 }
static Datum CharGetDatum(char X)
Definition: postgres.h:122
HeapTuple SearchSysCache3(int cacheId, Datum key1, Datum key2, Datum key3)
Definition: syscache.c:241

References CharGetDatum(), DatumGetAclPCopy, HeapTupleIsValid, ObjectIdGetDatum(), ReleaseSysCache(), SearchSysCache3(), and SysCacheGetAttr().

Referenced by get_user_default_acl().

◆ get_user_default_acl()

Acl* get_user_default_acl ( ObjectType  objtype,
Oid  ownerId,
Oid  nsp_oid 
)

Definition at line 4291 of file aclchk.c.

4292 {
4293  Acl *result;
4294  Acl *glob_acl;
4295  Acl *schema_acl;
4296  Acl *def_acl;
4297  char defaclobjtype;
4298 
4299  /*
4300  * Use NULL during bootstrap, since pg_default_acl probably isn't there
4301  * yet.
4302  */
4304  return NULL;
4305 
4306  /* Check if object type is supported in pg_default_acl */
4307  switch (objtype)
4308  {
4309  case OBJECT_TABLE:
4310  defaclobjtype = DEFACLOBJ_RELATION;
4311  break;
4312 
4313  case OBJECT_SEQUENCE:
4314  defaclobjtype = DEFACLOBJ_SEQUENCE;
4315  break;
4316 
4317  case OBJECT_FUNCTION:
4318  defaclobjtype = DEFACLOBJ_FUNCTION;
4319  break;
4320 
4321  case OBJECT_TYPE:
4322  defaclobjtype = DEFACLOBJ_TYPE;
4323  break;
4324 
4325  case OBJECT_SCHEMA:
4326  defaclobjtype = DEFACLOBJ_NAMESPACE;
4327  break;
4328 
4329  default:
4330  return NULL;
4331  }
4332 
4333  /* Look up the relevant pg_default_acl entries */
4334  glob_acl = get_default_acl_internal(ownerId, InvalidOid, defaclobjtype);
4335  schema_acl = get_default_acl_internal(ownerId, nsp_oid, defaclobjtype);
4336 
4337  /* Quick out if neither entry exists */
4338  if (glob_acl == NULL && schema_acl == NULL)
4339  return NULL;
4340 
4341  /* We need to know the hard-wired default value, too */
4342  def_acl = acldefault(objtype, ownerId);
4343 
4344  /* If there's no global entry, substitute the hard-wired default */
4345  if (glob_acl == NULL)
4346  glob_acl = def_acl;
4347 
4348  /* Merge in any per-schema privileges */
4349  result = aclmerge(glob_acl, schema_acl, ownerId);
4350 
4351  /*
4352  * For efficiency, we want to return NULL if the result equals default.
4353  * This requires sorting both arrays to get an accurate comparison.
4354  */
4355  aclitemsort(result);
4356  aclitemsort(def_acl);
4357  if (aclequal(result, def_acl))
4358  result = NULL;
4359 
4360  return result;
4361 }
void aclitemsort(Acl *acl)
Definition: acl.c:519
Acl * aclmerge(const Acl *left_acl, const Acl *right_acl, Oid ownerId)
Definition: acl.c:475
static Acl * get_default_acl_internal(Oid roleId, Oid nsp_oid, char objtype)
Definition: aclchk.c:4256
#define IsBootstrapProcessingMode()
Definition: miscadmin.h:415
#define InvalidOid
Definition: postgres_ext.h:36

References acldefault(), aclequal(), aclitemsort(), aclmerge(), get_default_acl_internal(), InvalidOid, IsBootstrapProcessingMode, OBJECT_FUNCTION, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, and OBJECT_TYPE.

Referenced by heap_create_with_catalog(), NamespaceCreate(), ProcedureCreate(), and TypeCreate().

◆ getRelationsInNamespace()

static List * getRelationsInNamespace ( Oid  namespaceId,
char  relkind 
)
static

Definition at line 954 of file aclchk.c.

955 {
956  List *relations = NIL;
957  ScanKeyData key[2];
958  Relation rel;
959  TableScanDesc scan;
960  HeapTuple tuple;
961 
962  ScanKeyInit(&key[0],
963  Anum_pg_class_relnamespace,
964  BTEqualStrategyNumber, F_OIDEQ,
965  ObjectIdGetDatum(namespaceId));
966  ScanKeyInit(&key[1],
967  Anum_pg_class_relkind,
968  BTEqualStrategyNumber, F_CHAREQ,
969  CharGetDatum(relkind));
970 
971  rel = table_open(RelationRelationId, AccessShareLock);
972  scan = table_beginscan_catalog(rel, 2, key);
973 
974  while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
975  {
976  Oid oid = ((Form_pg_class) GETSTRUCT(tuple))->oid;
977 
978  relations = lappend_oid(relations, oid);
979  }
980 
981  table_endscan(scan);
983 
984  return relations;
985 }
HeapTuple heap_getnext(TableScanDesc sscan, ScanDirection direction)
Definition: heapam.c:1086
#define AccessShareLock
Definition: lockdefs.h:36
@ ForwardScanDirection
Definition: sdir.h:28
TableScanDesc table_beginscan_catalog(Relation relation, int nkeys, struct ScanKeyData *key)
Definition: tableam.c:112
static void table_endscan(TableScanDesc scan)
Definition: tableam.h:1009

References AccessShareLock, BTEqualStrategyNumber, CharGetDatum(), ForwardScanDirection, GETSTRUCT, heap_getnext(), sort-test::key, lappend_oid(), NIL, ObjectIdGetDatum(), ScanKeyInit(), table_beginscan_catalog(), table_close(), table_endscan(), and table_open().

Referenced by objectsInSchemaToOids().

◆ has_bypassrls_privilege()

bool has_bypassrls_privilege ( Oid  roleid)

Definition at line 4232 of file aclchk.c.

4233 {
4234  bool result = false;
4235  HeapTuple utup;
4236 
4237  /* Superusers bypass all permission checking. */
4238  if (superuser_arg(roleid))
4239  return true;
4240 
4241  utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
4242  if (HeapTupleIsValid(utup))
4243  {
4244  result = ((Form_pg_authid) GETSTRUCT(utup))->rolbypassrls;
4245  ReleaseSysCache(utup);
4246  }
4247  return result;
4248 }
FormData_pg_authid * Form_pg_authid
Definition: pg_authid.h:56
bool rolbypassrls
Definition: pg_authid.h:41
bool superuser_arg(Oid roleid)
Definition: superuser.c:56

References GETSTRUCT, HeapTupleIsValid, ObjectIdGetDatum(), ReleaseSysCache(), rolbypassrls, SearchSysCache1(), and superuser_arg().

Referenced by AlterRole(), check_enable_rls(), CreateRole(), and RI_Initial_Check().

◆ has_createrole_privilege()

bool has_createrole_privilege ( Oid  roleid)

Definition at line 4213 of file aclchk.c.

4214 {
4215  bool result = false;
4216  HeapTuple utup;
4217 
4218  /* Superusers bypass all permission checking. */
4219  if (superuser_arg(roleid))
4220  return true;
4221 
4222  utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
4223  if (HeapTupleIsValid(utup))
4224  {
4225  result = ((Form_pg_authid) GETSTRUCT(utup))->rolcreaterole;
4226  ReleaseSysCache(utup);
4227  }
4228  return result;
4229 }
bool rolcreaterole
Definition: pg_authid.h:37

References GETSTRUCT, HeapTupleIsValid, ObjectIdGetDatum(), ReleaseSysCache(), rolcreaterole, SearchSysCache1(), and superuser_arg().

Referenced by check_object_ownership(), CreateRole(), and have_createrole_privilege().

◆ merge_acl_with_grant()

static Acl* merge_acl_with_grant ( Acl old_acl,
bool  is_grant,
bool  grant_option,
DropBehavior  behavior,
List grantees,
AclMode  privileges,
Oid  grantorId,
Oid  ownerId 
)
static

Definition at line 198 of file aclchk.c.

202 {
203  unsigned modechg;
204  ListCell *j;
205  Acl *new_acl;
206 
207  modechg = is_grant ? ACL_MODECHG_ADD : ACL_MODECHG_DEL;
208 
209  new_acl = old_acl;
210 
211  foreach(j, grantees)
212  {
213  AclItem aclitem;
214  Acl *newer_acl;
215 
216  aclitem.ai_grantee = lfirst_oid(j);
217 
218  /*
219  * Grant options can only be granted to individual roles, not PUBLIC.
220  * The reason is that if a user would re-grant a privilege that he
221  * held through PUBLIC, and later the user is removed, the situation
222  * is impossible to clean up.
223  */
224  if (is_grant && grant_option && aclitem.ai_grantee == ACL_ID_PUBLIC)
225  ereport(ERROR,
226  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
227  errmsg("grant options can only be granted to roles")));
228 
229  aclitem.ai_grantor = grantorId;
230 
231  /*
232  * The asymmetry in the conditions here comes from the spec. In
233  * GRANT, the grant_option flag signals WITH GRANT OPTION, which means
234  * to grant both the basic privilege and its grant option. But in
235  * REVOKE, plain revoke revokes both the basic privilege and its grant
236  * option, while REVOKE GRANT OPTION revokes only the option.
237  */
239  (is_grant || !grant_option) ? privileges : ACL_NO_RIGHTS,
240  (!is_grant || grant_option) ? privileges : ACL_NO_RIGHTS);
241 
242  newer_acl = aclupdate(new_acl, &aclitem, modechg, ownerId, behavior);
243 
244  /* avoid memory leak when there are many grantees */
245  pfree(new_acl);
246  new_acl = newer_acl;
247  }
248 
249  return new_acl;
250 }
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
Definition: acl.c:966
#define ACL_MODECHG_DEL
Definition: acl.h:130
#define ACL_MODECHG_ADD
Definition: acl.h:129
#define ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)
Definition: acl.h:82
int j
Definition: isn.c:74
Definition: acl.h:55
Oid ai_grantee
Definition: acl.h:56
Oid ai_grantor
Definition: acl.h:57

References ACL_ID_PUBLIC, ACL_MODECHG_ADD, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACLITEM_SET_PRIVS_GOPTIONS, aclupdate(), AclItem::ai_grantee, AclItem::ai_grantor, ereport, errcode(), errmsg(), ERROR, j, lfirst_oid, and pfree().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), and SetDefaultACL().

◆ object_aclcheck()

AclResult object_aclcheck ( Oid  classid,
Oid  objectid,
Oid  roleid,
AclMode  mode 
)

Definition at line 3878 of file aclchk.c.

3879 {
3880  return object_aclcheck_ext(classid, objectid, roleid, mode, NULL);
3881 }
AclResult object_aclcheck_ext(Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)
Definition: aclchk.c:3888
static PgChecksumMode mode
Definition: pg_checksums.c:56

References mode, and object_aclcheck_ext().

Referenced by AggregateCreate(), AlterExtensionNamespace(), AlterForeignServerOwner_internal(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), AlterPublicationOwner_internal(), AlterSchemaOwner_internal(), AlterSubscriptionOwner_internal(), AlterTableMoveAll(), AlterTypeOwner(), ATExecChangeOwner(), ATPrepAlterColumnType(), ATPrepSetTableSpace(), BuildDescForRelation(), calculate_database_size(), calculate_tablespace_size(), call_pltcl_start_proc(), check_temp_tablespaces(), CheckFunctionValidatorAccess(), CheckMyDatabase(), compute_return_type(), CreateCast(), CreateConversionCommand(), createdb(), CreateForeignServer(), CreateForeignTable(), CreateFunction(), CreatePublication(), CreateSchemaCommand(), CreateSubscription(), CreateTransform(), CreateTriggerFiringOn(), DefineAggregate(), DefineCollation(), DefineDomain(), DefineEnum(), DefineIndex(), DefineOpClass(), DefineOperator(), DefineOpFamily(), DefineRange(), DefineRelation(), DefineTSConfiguration(), DefineTSDictionary(), DefineType(), ExecBuildGroupingEqual(), ExecBuildParamSetEqual(), ExecInitAgg(), ExecInitExprRec(), ExecInitFunc(), ExecInitWindowAgg(), ExecReindex(), ExecuteCallStmt(), ExecuteDoStmt(), extension_is_trusted(), findRangeCanonicalFunction(), findRangeSubtypeDiffFunction(), get_connect_string(), get_other_operator(), HandleFunctionRequest(), has_database_privilege_id_name(), has_database_privilege_name(), has_database_privilege_name_name(), has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), has_foreign_data_wrapper_privilege_name_name(), has_function_privilege_id_name(), has_function_privilege_name(), has_function_privilege_name_name(), has_language_privilege_id_name(), has_language_privilege_name(), has_language_privilege_name_name(), has_schema_privilege_id_name(), has_schema_privilege_name(), has_schema_privilege_name_name(), has_server_privilege_id_name(), has_server_privilege_name(), has_server_privilege_name_name(), has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), has_tablespace_privilege_name_name(), has_type_privilege_id_name(), has_type_privilege_name(), has_type_privilege_name_name(), ImportForeignSchema(), init_sexpr(), initialize_peragg(), InitTempTableNamespace(), inline_function(), inline_set_returning_function(), interpret_function_parameter_list(), lookup_agg_function(), LookupCreationNamespace(), LookupExplicitNamespace(), movedb(), PrepareTempTablespaces(), preprocessNamespacePath(), RangeVarCallbackForAlterRelation(), RangeVarGetAndCheckCreationNamespace(), ReindexMultipleInternal(), RenameSchema(), transformTableLikeClause(), user_mapping_ddl_aclcheck(), ValidateJoinEstimator(), and ValidateRestrictionEstimator().

◆ object_aclcheck_ext()

◆ object_aclmask()

static AclMode object_aclmask ( Oid  classid,
Oid  objectid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 3097 of file aclchk.c.

3099 {
3100  return object_aclmask_ext(classid, objectid, roleid, mask, how, NULL);
3101 }

References object_aclmask_ext().

Referenced by pg_aclmask().

◆ object_aclmask_ext()

static AclMode object_aclmask_ext ( Oid  classid,
Oid  objectid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
bool is_missing 
)
static

Definition at line 3108 of file aclchk.c.

3111 {
3112  int cacheid;
3113  AclMode result;
3114  HeapTuple tuple;
3115  Datum aclDatum;
3116  bool isNull;
3117  Acl *acl;
3118  Oid ownerId;
3119 
3120  /* Special cases */
3121  switch (classid)
3122  {
3123  case NamespaceRelationId:
3124  return pg_namespace_aclmask_ext(objectid, roleid, mask, how,
3125  is_missing);
3126  case TypeRelationId:
3127  return pg_type_aclmask_ext(objectid, roleid, mask, how,
3128  is_missing);
3129  }
3130 
3131  /* Even more special cases */
3132  Assert(classid != RelationRelationId); /* should use pg_class_acl* */
3133  Assert(classid != LargeObjectMetadataRelationId); /* should use
3134  * pg_largeobject_acl* */
3135 
3136  /* Superusers bypass all permission checking. */
3137  if (superuser_arg(roleid))
3138  return mask;
3139 
3140  /*
3141  * Get the object's ACL from its catalog
3142  */
3143 
3144  cacheid = get_object_catcache_oid(classid);
3145 
3146  tuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objectid));
3147  if (!HeapTupleIsValid(tuple))
3148  {
3149  if (is_missing != NULL)
3150  {
3151  /* return "no privileges" instead of throwing an error */
3152  *is_missing = true;
3153  return 0;
3154  }
3155  else
3156  ereport(ERROR,
3157  (errcode(ERRCODE_UNDEFINED_OBJECT),
3158  errmsg("%s with OID %u does not exist",
3159  get_object_class_descr(classid), objectid)));
3160  }
3161 
3162  ownerId = DatumGetObjectId(SysCacheGetAttrNotNull(cacheid,
3163  tuple,
3164  get_object_attnum_owner(classid)));
3165 
3166  aclDatum = SysCacheGetAttr(cacheid, tuple, get_object_attnum_acl(classid),
3167  &isNull);
3168  if (isNull)
3169  {
3170  /* No ACL, so build default ACL */
3171  acl = acldefault(get_object_type(classid, objectid), ownerId);
3172  aclDatum = (Datum) 0;
3173  }
3174  else
3175  {
3176  /* detoast ACL if necessary */
3177  acl = DatumGetAclP(aclDatum);
3178  }
3179 
3180  result = aclmask(acl, roleid, ownerId, mask, how);
3181 
3182  /* if we have a detoasted copy, free it */
3183  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3184  pfree(acl);
3185 
3186  ReleaseSysCache(tuple);
3187 
3188  return result;
3189 }
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Definition: acl.c:1356
#define DatumGetAclP(X)
Definition: acl.h:120
static AclMode pg_namespace_aclmask_ext(Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:3650
static AclMode pg_type_aclmask_ext(Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:3752
char * Pointer
Definition: c.h:472
static Pointer DatumGetPointer(Datum X)
Definition: postgres.h:312

References acldefault(), aclmask(), Assert(), DatumGetAclP, DatumGetObjectId(), DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, get_object_attnum_acl(), get_object_attnum_owner(), get_object_catcache_oid(), get_object_class_descr(), get_object_type(), HeapTupleIsValid, ObjectIdGetDatum(), pfree(), pg_namespace_aclmask_ext(), pg_type_aclmask_ext(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), SysCacheGetAttr(), and SysCacheGetAttrNotNull().

Referenced by object_aclcheck_ext(), and object_aclmask().

◆ object_ownercheck()

bool object_ownercheck ( Oid  classid,
Oid  objectid,
Oid  roleid 
)

Definition at line 4132 of file aclchk.c.

4133 {
4134  int cacheid;
4135  Oid ownerId;
4136 
4137  /* Superusers bypass all permission checking. */
4138  if (superuser_arg(roleid))
4139  return true;
4140 
4141  /* For large objects, the catalog to consult is pg_largeobject_metadata */
4142  if (classid == LargeObjectRelationId)
4143  classid = LargeObjectMetadataRelationId;
4144 
4145  cacheid = get_object_catcache_oid(classid);
4146  if (cacheid != -1)
4147  {
4148  /* we can get the object's tuple from the syscache */
4149  HeapTuple tuple;
4150 
4151  tuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objectid));
4152  if (!HeapTupleIsValid(tuple))
4153  ereport(ERROR,
4154  (errcode(ERRCODE_UNDEFINED_OBJECT),
4155  errmsg("%s with OID %u does not exist", get_object_class_descr(classid), objectid)));
4156 
4157  ownerId = DatumGetObjectId(SysCacheGetAttrNotNull(cacheid,
4158  tuple,
4159  get_object_attnum_owner(classid)));
4160  ReleaseSysCache(tuple);
4161  }
4162  else
4163  {
4164  /* for catalogs without an appropriate syscache */
4165  Relation rel;
4166  ScanKeyData entry[1];
4167  SysScanDesc scan;
4168  HeapTuple tuple;
4169  bool isnull;
4170 
4171  rel = table_open(classid, AccessShareLock);
4172 
4173  ScanKeyInit(&entry[0],
4174  get_object_attnum_oid(classid),
4175  BTEqualStrategyNumber, F_OIDEQ,
4176  ObjectIdGetDatum(objectid));
4177 
4178  scan = systable_beginscan(rel,
4179  get_object_oid_index(classid), true,
4180  NULL, 1, entry);
4181 
4182  tuple = systable_getnext(scan);
4183  if (!HeapTupleIsValid(tuple))
4184  ereport(ERROR,
4185  (errcode(ERRCODE_UNDEFINED_OBJECT),
4186  errmsg("%s with OID %u does not exist", get_object_class_descr(classid), objectid)));
4187 
4188  ownerId = DatumGetObjectId(heap_getattr(tuple,
4189  get_object_attnum_owner(classid),
4190  RelationGetDescr(rel),
4191  &isnull));
4192  Assert(!isnull);
4193 
4194  systable_endscan(scan);
4196  }
4197 
4198  return has_privs_of_role(roleid, ownerId);
4199 }
AttrNumber get_object_attnum_oid(Oid class_id)
Oid get_object_oid_index(Oid class_id)

References AccessShareLock, Assert(), BTEqualStrategyNumber, DatumGetObjectId(), ereport, errcode(), errmsg(), ERROR, get_object_attnum_oid(), get_object_attnum_owner(), get_object_catcache_oid(), get_object_class_descr(), get_object_oid_index(), has_privs_of_role(), heap_getattr(), HeapTupleIsValid, ObjectIdGetDatum(), RelationGetDescr, ReleaseSysCache(), ScanKeyInit(), SearchSysCache1(), superuser_arg(), SysCacheGetAttrNotNull(), systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by AlterCollation(), AlterDatabase(), AlterDatabaseOwner(), AlterDatabaseRefreshColl(), AlterDatabaseSet(), AlterEventTrigger(), AlterEventTriggerOwner_internal(), AlterExtensionNamespace(), AlterForeignServer(), AlterForeignServerOwner_internal(), AlterFunction(), AlterOperator(), AlterOpFamilyAdd(), AlterPublication(), AlterPublicationOwner_internal(), AlterRoleSet(), AlterSchemaOwner_internal(), AlterStatistics(), AlterSubscription(), AlterSubscriptionOwner_internal(), AlterTableMoveAll(), AlterTableSpaceOptions(), AlterTSConfiguration(), AlterTSDictionary(), AlterType(), AlterTypeNamespace_oid(), AlterTypeOwner(), ATExecChangeOwner(), ATSimplePermissions(), be_lo_unlink(), brin_desummarize_range(), brin_summarize_range(), check_enable_rls(), check_object_ownership(), checkDomainOwner(), checkEnumOwner(), cluster_rel(), CreateCast(), createdb(), CreateProceduralLanguage(), CreateStatistics(), CreateTransform(), DefineOpClass(), DefineQueryRewrite(), DefineType(), dropdb(), DropSubscription(), DropTableSpace(), EnableDisableRule(), ExecAlterExtensionContentsStmt(), ExecAlterExtensionStmt(), ExecuteTruncateGuts(), get_tables_to_cluster(), get_tables_to_cluster_partitioned(), gin_clean_pending_list(), heap_force_common(), MergeAttributes(), movedb(), OperatorCreate(), ProcedureCreate(), PublicationAddTables(), RangeVarCallbackForAlterRelation(), RangeVarCallbackForDropRelation(), RangeVarCallbackForPolicy(), RangeVarCallbackForReindexIndex(), RangeVarCallbackForRenameRule(), RangeVarCallbackForRenameTrigger(), RangeVarCallbackOwnsRelation(), RangeVarCallbackOwnsTable(), RangeVarGetAndCheckCreationNamespace(), ReindexMultipleTables(), RemoveObjects(), renameatt_check(), RenameDatabase(), RenameSchema(), RenameTableSpace(), RenameType(), RI_Initial_Check(), user_mapping_ddl_aclcheck(), vacuum_is_relation_owner(), and ValidateOperatorReference().

◆ objectNamesToOids()

static List * objectNamesToOids ( ObjectType  objtype,
List objnames,
bool  is_grant 
)
static

Definition at line 685 of file aclchk.c.

686 {
687  List *objects = NIL;
688  ListCell *cell;
689 
690  Assert(objnames != NIL);
691 
692  switch (objtype)
693  {
694  case OBJECT_TABLE:
695  case OBJECT_SEQUENCE:
696  foreach(cell, objnames)
697  {
698  RangeVar *relvar = (RangeVar *) lfirst(cell);
699  Oid relOid;
700 
701  relOid = RangeVarGetRelid(relvar, NoLock, false);
702  objects = lappend_oid(objects, relOid);
703  }
704  break;
705  case OBJECT_DATABASE:
706  foreach(cell, objnames)
707  {
708  char *dbname = strVal(lfirst(cell));
709  Oid dbid;
710 
711  dbid = get_database_oid(dbname, false);
712  objects = lappend_oid(objects, dbid);
713  }
714  break;
715  case OBJECT_DOMAIN:
716  case OBJECT_TYPE:
717  foreach(cell, objnames)
718  {
719  List *typname = (List *) lfirst(cell);
720  Oid oid;
721 
723  objects = lappend_oid(objects, oid);
724  }
725  break;
726  case OBJECT_FUNCTION:
727  foreach(cell, objnames)
728  {
729  ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
730  Oid funcid;
731 
732  funcid = LookupFuncWithArgs(OBJECT_FUNCTION, func, false);
733  objects = lappend_oid(objects, funcid);
734  }
735  break;
736  case OBJECT_LANGUAGE:
737  foreach(cell, objnames)
738  {
739  char *langname = strVal(lfirst(cell));
740  Oid oid;
741 
742  oid = get_language_oid(langname, false);
743  objects = lappend_oid(objects, oid);
744  }
745  break;
746  case OBJECT_LARGEOBJECT:
747  foreach(cell, objnames)
748  {
749  Oid lobjOid = oidparse(lfirst(cell));
750 
751  if (!LargeObjectExists(lobjOid))
752  ereport(ERROR,
753  (errcode(ERRCODE_UNDEFINED_OBJECT),
754  errmsg("large object %u does not exist",
755  lobjOid)));
756 
757  objects = lappend_oid(objects, lobjOid);
758  }
759  break;
760  case OBJECT_SCHEMA:
761  foreach(cell, objnames)
762  {
763  char *nspname = strVal(lfirst(cell));
764  Oid oid;
765 
766  oid = get_namespace_oid(nspname, false);
767  objects = lappend_oid(objects, oid);
768  }
769  break;
770  case OBJECT_PROCEDURE:
771  foreach(cell, objnames)
772  {
773  ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
774  Oid procid;
775 
776  procid = LookupFuncWithArgs(OBJECT_PROCEDURE, func, false);
777  objects = lappend_oid(objects, procid);
778  }
779  break;
780  case OBJECT_ROUTINE:
781  foreach(cell, objnames)
782  {
783  ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
784  Oid routid;
785 
786  routid = LookupFuncWithArgs(OBJECT_ROUTINE, func, false);
787  objects = lappend_oid(objects, routid);
788  }
789  break;
790  case OBJECT_TABLESPACE:
791  foreach(cell, objnames)
792  {
793  char *spcname = strVal(lfirst(cell));
794  Oid spcoid;
795 
796  spcoid = get_tablespace_oid(spcname, false);
797  objects = lappend_oid(objects, spcoid);
798  }
799  break;
800  case OBJECT_FDW:
801  foreach(cell, objnames)
802  {
803  char *fdwname = strVal(lfirst(cell));
804  Oid fdwid = get_foreign_data_wrapper_oid(fdwname, false);
805 
806  objects = lappend_oid(objects, fdwid);
807  }
808  break;
810  foreach(cell, objnames)
811  {
812  char *srvname = strVal(lfirst(cell));
813  Oid srvid = get_foreign_server_oid(srvname, false);
814 
815  objects = lappend_oid(objects, srvid);
816  }
817  break;
819  foreach(cell, objnames)
820  {
821  /*
822  * In this code we represent a GUC by the OID of its entry in
823  * pg_parameter_acl, which we have to manufacture here if it
824  * doesn't exist yet. (That's a hack for sure, but it avoids
825  * messing with all the GRANT/REVOKE infrastructure that
826  * expects to use OIDs for object identities.) However, if
827  * this is a REVOKE, we can instead just ignore any GUCs that
828  * don't have such an entry, as they must not have any
829  * privileges needing removal.
830  */
831  char *parameter = strVal(lfirst(cell));
832  Oid parameterId = ParameterAclLookup(parameter, true);
833 
834  if (!OidIsValid(parameterId) && is_grant)
835  {
836  parameterId = ParameterAclCreate(parameter);
837 
838  /*
839  * Prevent error when processing duplicate objects, and
840  * make this new entry visible so that ExecGrant_Parameter
841  * can update it.
842  */
844  }
845  if (OidIsValid(parameterId))
846  objects = lappend_oid(objects, parameterId);
847  }
848  break;
849  default:
850  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
851  (int) objtype);
852  }
853 
854  return objects;
855 }
Oid get_tablespace_oid(const char *tablespacename, bool missing_ok)
Definition: tablespace.c:1432
#define OidIsValid(objectId)
Definition: c.h:764
Oid get_database_oid(const char *dbname, bool missing_ok)
Definition: dbcommands.c:3042
Oid get_foreign_server_oid(const char *servername, bool missing_ok)
Definition: foreign.c:695
Oid get_foreign_data_wrapper_oid(const char *fdwname, bool missing_ok)
Definition: foreign.c:672
#define NoLock
Definition: lockdefs.h:34
TypeName * makeTypeNameFromNameList(List *names)
Definition: makefuncs.c:459
Oid get_namespace_oid(const char *nspname, bool missing_ok)
Definition: namespace.c:3520
#define RangeVarGetRelid(relation, lockmode, missing_ok)
Definition: namespace.h:79
Oid oidparse(Node *node)
Definition: oid.c:235
Oid LookupFuncWithArgs(ObjectType objtype, ObjectWithArgs *func, bool missing_ok)
Definition: parse_func.c:2205
Oid typenameTypeId(ParseState *pstate, const TypeName *typeName)
Definition: parse_type.c:291
bool LargeObjectExists(Oid loid)
Oid ParameterAclLookup(const char *parameter, bool missing_ok)
Oid ParameterAclCreate(const char *parameter)
NameData typname
Definition: pg_type.h:41
Oid get_language_oid(const char *langname, bool missing_ok)
Definition: proclang.c:228
char * dbname
Definition: streamutil.c:51

References Assert(), CommandCounterIncrement(), dbname, elog(), ereport, errcode(), errmsg(), ERROR, get_database_oid(), get_foreign_data_wrapper_oid(), get_foreign_server_oid(), get_language_oid(), get_namespace_oid(), get_tablespace_oid(), lappend_oid(), LargeObjectExists(), lfirst, LookupFuncWithArgs(), makeTypeNameFromNameList(), NIL, NoLock, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, OidIsValid, oidparse(), ParameterAclCreate(), ParameterAclLookup(), RangeVarGetRelid, strVal, typenameTypeId(), and typname.

Referenced by ExecuteGrantStmt().

◆ objectsInSchemaToOids()

static List * objectsInSchemaToOids ( ObjectType  objtype,
List nspnames 
)
static

Definition at line 865 of file aclchk.c.

866 {
867  List *objects = NIL;
868  ListCell *cell;
869 
870  foreach(cell, nspnames)
871  {
872  char *nspname = strVal(lfirst(cell));
873  Oid namespaceId;
874  List *objs;
875 
876  namespaceId = LookupExplicitNamespace(nspname, false);
877 
878  switch (objtype)
879  {
880  case OBJECT_TABLE:
881  objs = getRelationsInNamespace(namespaceId, RELKIND_RELATION);
882  objects = list_concat(objects, objs);
883  objs = getRelationsInNamespace(namespaceId, RELKIND_VIEW);
884  objects = list_concat(objects, objs);
885  objs = getRelationsInNamespace(namespaceId, RELKIND_MATVIEW);
886  objects = list_concat(objects, objs);
887  objs = getRelationsInNamespace(namespaceId, RELKIND_FOREIGN_TABLE);
888  objects = list_concat(objects, objs);
889  objs = getRelationsInNamespace(namespaceId, RELKIND_PARTITIONED_TABLE);
890  objects = list_concat(objects, objs);
891  break;
892  case OBJECT_SEQUENCE:
893  objs = getRelationsInNamespace(namespaceId, RELKIND_SEQUENCE);
894  objects = list_concat(objects, objs);
895  break;
896  case OBJECT_FUNCTION:
897  case OBJECT_PROCEDURE:
898  case OBJECT_ROUTINE:
899  {
900  ScanKeyData key[2];
901  int keycount;
902  Relation rel;
903  TableScanDesc scan;
904  HeapTuple tuple;
905 
906  keycount = 0;
907  ScanKeyInit(&key[keycount++],
908  Anum_pg_proc_pronamespace,
909  BTEqualStrategyNumber, F_OIDEQ,
910  ObjectIdGetDatum(namespaceId));
911 
912  if (objtype == OBJECT_FUNCTION)
913  /* includes aggregates and window functions */
914  ScanKeyInit(&key[keycount++],
915  Anum_pg_proc_prokind,
916  BTEqualStrategyNumber, F_CHARNE,
917  CharGetDatum(PROKIND_PROCEDURE));
918  else if (objtype == OBJECT_PROCEDURE)
919  ScanKeyInit(&key[keycount++],
920  Anum_pg_proc_prokind,
921  BTEqualStrategyNumber, F_CHAREQ,
922  CharGetDatum(PROKIND_PROCEDURE));
923 
924  rel = table_open(ProcedureRelationId, AccessShareLock);
925  scan = table_beginscan_catalog(rel, keycount, key);
926 
927  while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
928  {
929  Oid oid = ((Form_pg_proc) GETSTRUCT(tuple))->oid;
930 
931  objects = lappend_oid(objects, oid);
932  }
933 
934  table_endscan(scan);
936  }
937  break;
938  default:
939  /* should not happen */
940  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
941  (int) objtype);
942  }
943  }
944 
945  return objects;
946 }
static List * getRelationsInNamespace(Oid namespaceId, char relkind)
Definition: aclchk.c:954
List * list_concat(List *list1, const List *list2)
Definition: list.c:561
Oid LookupExplicitNamespace(const char *nspname, bool missing_ok)
Definition: namespace.c:3370
FormData_pg_proc * Form_pg_proc
Definition: pg_proc.h:136

References AccessShareLock, BTEqualStrategyNumber, CharGetDatum(), elog(), ERROR, ForwardScanDirection, getRelationsInNamespace(), GETSTRUCT, heap_getnext(), sort-test::key, lappend_oid(), lfirst, list_concat(), LookupExplicitNamespace(), NIL, OBJECT_FUNCTION, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SEQUENCE, OBJECT_TABLE, ObjectIdGetDatum(), ScanKeyInit(), strVal, table_beginscan_catalog(), table_close(), table_endscan(), and table_open().

Referenced by ExecuteGrantStmt().

◆ pg_aclmask()

static AclMode pg_aclmask ( ObjectType  objtype,
Oid  object_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 3032 of file aclchk.c.

3034 {
3035  switch (objtype)
3036  {
3037  case OBJECT_COLUMN:
3038  return
3039  pg_class_aclmask(object_oid, roleid, mask, how) |
3040  pg_attribute_aclmask(object_oid, attnum, roleid, mask, how);
3041  case OBJECT_TABLE:
3042  case OBJECT_SEQUENCE:
3043  return pg_class_aclmask(object_oid, roleid, mask, how);
3044  case OBJECT_DATABASE:
3045  return object_aclmask(DatabaseRelationId, object_oid, roleid, mask, how);
3046  case OBJECT_FUNCTION:
3047  return object_aclmask(ProcedureRelationId, object_oid, roleid, mask, how);
3048  case OBJECT_LANGUAGE:
3049  return object_aclmask(LanguageRelationId, object_oid, roleid, mask, how);
3050  case OBJECT_LARGEOBJECT:
3051  return pg_largeobject_aclmask_snapshot(object_oid, roleid,
3052  mask, how, NULL);
3053  case OBJECT_PARAMETER_ACL:
3054  return pg_parameter_acl_aclmask(object_oid, roleid, mask, how);
3055  case OBJECT_SCHEMA:
3056  return object_aclmask(NamespaceRelationId, object_oid, roleid, mask, how);
3057  case OBJECT_STATISTIC_EXT:
3058  elog(ERROR, "grantable rights not supported for statistics objects");
3059  /* not reached, but keep compiler quiet */
3060  return ACL_NO_RIGHTS;
3061  case OBJECT_TABLESPACE:
3062  return object_aclmask(TableSpaceRelationId, object_oid, roleid, mask, how);
3063  case OBJECT_FDW:
3064  return object_aclmask(ForeignDataWrapperRelationId, object_oid, roleid, mask, how);
3065  case OBJECT_FOREIGN_SERVER:
3066  return object_aclmask(ForeignServerRelationId, object_oid, roleid, mask, how);
3067  case OBJECT_EVENT_TRIGGER:
3068  elog(ERROR, "grantable rights not supported for event triggers");
3069  /* not reached, but keep compiler quiet */
3070  return ACL_NO_RIGHTS;
3071  case OBJECT_TYPE:
3072  return object_aclmask(TypeRelationId, object_oid, roleid, mask, how);
3073  default:
3074  elog(ERROR, "unrecognized object type: %d",
3075  (int) objtype);
3076  /* not reached, but keep compiler quiet */
3077  return ACL_NO_RIGHTS;
3078  }
3079 }
static AclMode pg_largeobject_aclmask_snapshot(Oid lobj_oid, Oid roleid, AclMode mask, AclMaskHow how, Snapshot snapshot)
Definition: aclchk.c:3577
static AclMode pg_attribute_aclmask(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3200
static AclMode pg_parameter_acl_aclmask(Oid acl_oid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3518
static AclMode object_aclmask(Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3097
AclMode pg_class_aclmask(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3325

References ACL_NO_RIGHTS, attnum, elog(), ERROR, object_aclmask(), OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_EVENT_TRIGGER, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_STATISTIC_EXT, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, pg_attribute_aclmask(), pg_class_aclmask(), pg_largeobject_aclmask_snapshot(), and pg_parameter_acl_aclmask().

Referenced by restrict_and_check_grant().

◆ pg_attribute_aclcheck()

AclResult pg_attribute_aclcheck ( Oid  table_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mode 
)

Definition at line 3910 of file aclchk.c.

3912 {
3913  return pg_attribute_aclcheck_ext(table_oid, attnum, roleid, mode, NULL);
3914 }
AclResult pg_attribute_aclcheck_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
Definition: aclchk.c:3922

References attnum, mode, and pg_attribute_aclcheck_ext().

Referenced by BuildIndexValueDescription(), checkFkeyPermissions(), examine_simple_variable(), ExecBuildSlotPartitionKeyDescription(), ExecBuildSlotValueDescription(), ExecCheckOneRelPerms(), ExecCheckPermissionsModified(), ri_ReportViolation(), and statext_is_compatible_clause().

◆ pg_attribute_aclcheck_all()

AclResult pg_attribute_aclcheck_all ( Oid  table_oid,
Oid  roleid,
AclMode  mode,
AclMaskHow  how 
)

Definition at line 3952 of file aclchk.c.

3954 {
3955  return pg_attribute_aclcheck_all_ext(table_oid, roleid, mode, how, NULL);
3956 }
AclResult pg_attribute_aclcheck_all_ext(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:3963

References mode, and pg_attribute_aclcheck_all_ext().

Referenced by ExecCheckOneRelPerms(), ExecCheckPermissionsModified(), has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_name(), and statext_is_compatible_clause().

◆ pg_attribute_aclcheck_all_ext()

AclResult pg_attribute_aclcheck_all_ext ( Oid  table_oid,
Oid  roleid,
AclMode  mode,
AclMaskHow  how,
bool is_missing 
)

Definition at line 3963 of file aclchk.c.

3966 {
3967  AclResult result;
3968  HeapTuple classTuple;
3969  Form_pg_class classForm;
3970  Oid ownerId;
3971  AttrNumber nattrs;
3972  AttrNumber curr_att;
3973 
3974  /*
3975  * Must fetch pg_class row to get owner ID and number of attributes.
3976  */
3977  classTuple = SearchSysCache1(RELOID, ObjectIdGetDatum(table_oid));
3978  if (!HeapTupleIsValid(classTuple))
3979  {
3980  if (is_missing != NULL)
3981  {
3982  /* return "no privileges" instead of throwing an error */
3983  *is_missing = true;
3984  return ACLCHECK_NO_PRIV;
3985  }
3986  else
3987  ereport(ERROR,
3989  errmsg("relation with OID %u does not exist",
3990  table_oid)));
3991  }
3992  classForm = (Form_pg_class) GETSTRUCT(classTuple);
3993 
3994  ownerId = classForm->relowner;
3995  nattrs = classForm->relnatts;
3996 
3997  ReleaseSysCache(classTuple);
3998 
3999  /*
4000  * Initialize result in case there are no non-dropped columns. We want to
4001  * report failure in such cases for either value of 'how'.
4002  */
4003  result = ACLCHECK_NO_PRIV;
4004 
4005  for (curr_att = 1; curr_att <= nattrs; curr_att++)
4006  {
4007  HeapTuple attTuple;
4008  Datum aclDatum;
4009  bool isNull;
4010  Acl *acl;
4011  AclMode attmask;
4012 
4013  attTuple = SearchSysCache2(ATTNUM,
4014  ObjectIdGetDatum(table_oid),
4015  Int16GetDatum(curr_att));
4016 
4017  /*
4018  * Lookup failure probably indicates that the table was just dropped,
4019  * but we'll treat it the same as a dropped column rather than
4020  * throwing error.
4021  */
4022  if (!HeapTupleIsValid(attTuple))
4023  continue;
4024 
4025  /* ignore dropped columns */
4026  if (((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped)
4027  {
4028  ReleaseSysCache(attTuple);
4029  continue;
4030  }
4031 
4032  aclDatum = SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
4033  &isNull);
4034 
4035  /*
4036  * Here we hard-wire knowledge that the default ACL for a column
4037  * grants no privileges, so that we can fall out quickly in the very
4038  * common case where attacl is null.
4039  */
4040  if (isNull)
4041  attmask = 0;
4042  else
4043  {
4044  /* detoast column's ACL if necessary */
4045  acl = DatumGetAclP(aclDatum);
4046 
4047  attmask = aclmask(acl, roleid, ownerId, mode, ACLMASK_ANY);
4048 
4049  /* if we have a detoasted copy, free it */
4050  if ((Pointer) acl != DatumGetPointer(aclDatum))
4051  pfree(acl);
4052  }
4053 
4054  ReleaseSysCache(attTuple);
4055 
4056  if (attmask != 0)
4057  {
4058  result = ACLCHECK_OK;
4059  if (how == ACLMASK_ANY)
4060  break; /* succeed on any success */
4061  }
4062  else
4063  {
4064  result = ACLCHECK_NO_PRIV;
4065  if (how == ACLMASK_ALL)
4066  break; /* fail on any failure */
4067  }
4068  }
4069 
4070  return result;
4071 }
AclResult
Definition: acl.h:181
@ ACLMASK_ALL
Definition: acl.h:175
#define ERRCODE_UNDEFINED_TABLE
Definition: pgbench.c:78

References ACLCHECK_NO_PRIV, ACLCHECK_OK, aclmask(), ACLMASK_ALL, ACLMASK_ANY, DatumGetAclP, DatumGetPointer(), ereport, errcode(), ERRCODE_UNDEFINED_TABLE, errmsg(), ERROR, GETSTRUCT, HeapTupleIsValid, Int16GetDatum(), mode, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), SearchSysCache2(), and SysCacheGetAttr().

Referenced by has_any_column_privilege_id(), has_any_column_privilege_id_id(), has_any_column_privilege_name_id(), and pg_attribute_aclcheck_all().

◆ pg_attribute_aclcheck_ext()

AclResult pg_attribute_aclcheck_ext ( Oid  table_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mode,
bool is_missing 
)

Definition at line 3922 of file aclchk.c.

3924 {
3925  if (pg_attribute_aclmask_ext(table_oid, attnum, roleid, mode,
3926  ACLMASK_ANY, is_missing) != 0)
3927  return ACLCHECK_OK;
3928  else
3929  return ACLCHECK_NO_PRIV;
3930 }
static AclMode pg_attribute_aclmask_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:3211

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, attnum, mode, and pg_attribute_aclmask_ext().

Referenced by column_privilege_check(), and pg_attribute_aclcheck().

◆ pg_attribute_aclmask()

static AclMode pg_attribute_aclmask ( Oid  table_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 3200 of file aclchk.c.

3202 {
3203  return pg_attribute_aclmask_ext(table_oid, attnum, roleid,
3204  mask, how, NULL);
3205 }

References attnum, and pg_attribute_aclmask_ext().

Referenced by pg_aclmask().

◆ pg_attribute_aclmask_ext()

static AclMode pg_attribute_aclmask_ext ( Oid  table_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
bool is_missing 
)
static

Definition at line 3211 of file aclchk.c.

3213 {
3214  AclMode result;
3215  HeapTuple classTuple;
3216  HeapTuple attTuple;
3217  Form_pg_class classForm;
3218  Form_pg_attribute attributeForm;
3219  Datum aclDatum;
3220  bool isNull;
3221  Acl *acl;
3222  Oid ownerId;
3223 
3224  /*
3225  * First, get the column's ACL from its pg_attribute entry
3226  */
3227  attTuple = SearchSysCache2(ATTNUM,
3228  ObjectIdGetDatum(table_oid),
3230  if (!HeapTupleIsValid(attTuple))
3231  {
3232  if (is_missing != NULL)
3233  {
3234  /* return "no privileges" instead of throwing an error */
3235  *is_missing = true;
3236  return 0;
3237  }
3238  else
3239  ereport(ERROR,
3240  (errcode(ERRCODE_UNDEFINED_COLUMN),
3241  errmsg("attribute %d of relation with OID %u does not exist",
3242  attnum, table_oid)));
3243  }
3244 
3245  attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
3246 
3247  /* Check dropped columns, too */
3248  if (attributeForm->attisdropped)
3249  {
3250  if (is_missing != NULL)
3251  {
3252  /* return "no privileges" instead of throwing an error */
3253  *is_missing = true;
3254  ReleaseSysCache(attTuple);
3255  return 0;
3256  }
3257  else
3258  ereport(ERROR,
3259  (errcode(ERRCODE_UNDEFINED_COLUMN),
3260  errmsg("attribute %d of relation with OID %u does not exist",
3261  attnum, table_oid)));
3262  }
3263 
3264  aclDatum = SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
3265  &isNull);
3266 
3267  /*
3268  * Here we hard-wire knowledge that the default ACL for a column grants no
3269  * privileges, so that we can fall out quickly in the very common case
3270  * where attacl is null.
3271  */
3272  if (isNull)
3273  {
3274  ReleaseSysCache(attTuple);
3275  return 0;
3276  }
3277 
3278  /*
3279  * Must get the relation's ownerId from pg_class. Since we already found
3280  * a pg_attribute entry, the only likely reason for this to fail is that a
3281  * concurrent DROP of the relation committed since then (which could only
3282  * happen if we don't have lock on the relation). Treat that similarly to
3283  * not finding the attribute entry.
3284  */
3285  classTuple = SearchSysCache1(RELOID, ObjectIdGetDatum(table_oid));
3286  if (!HeapTupleIsValid(classTuple))
3287  {
3288  ReleaseSysCache(attTuple);
3289  if (is_missing != NULL)
3290  {
3291  /* return "no privileges" instead of throwing an error */
3292  *is_missing = true;
3293  return 0;
3294  }
3295  else
3296  ereport(ERROR,
3298  errmsg("relation with OID %u does not exist",
3299  table_oid)));
3300  }
3301  classForm = (Form_pg_class) GETSTRUCT(classTuple);
3302 
3303  ownerId = classForm->relowner;
3304 
3305  ReleaseSysCache(classTuple);
3306 
3307  /* detoast column's ACL if necessary */
3308  acl = DatumGetAclP(aclDatum);
3309 
3310  result = aclmask(acl, roleid, ownerId, mask, how);
3311 
3312  /* if we have a detoasted copy, free it */
3313  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3314  pfree(acl);
3315 
3316  ReleaseSysCache(attTuple);
3317 
3318  return result;
3319 }

References aclmask(), attnum, DatumGetAclP, DatumGetPointer(), ereport, errcode(), ERRCODE_UNDEFINED_TABLE, errmsg(), ERROR, GETSTRUCT, HeapTupleIsValid, Int16GetDatum(), ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), SearchSysCache2(), and SysCacheGetAttr().

Referenced by pg_attribute_aclcheck_ext(), and pg_attribute_aclmask().

◆ pg_class_aclcheck()

◆ pg_class_aclcheck_ext()

AclResult pg_class_aclcheck_ext ( Oid  table_oid,
Oid  roleid,
AclMode  mode,
bool is_missing 
)

Definition at line 4091 of file aclchk.c.

4093 {
4094  if (pg_class_aclmask_ext(table_oid, roleid, mode,
4095  ACLMASK_ANY, is_missing) != 0)
4096  return ACLCHECK_OK;
4097  else
4098  return ACLCHECK_NO_PRIV;
4099 }
static AclMode pg_class_aclmask_ext(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:3335

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, and pg_class_aclmask_ext().

Referenced by column_privilege_check(), has_any_column_privilege_id(), has_any_column_privilege_id_id(), has_any_column_privilege_name_id(), has_sequence_privilege_id(), has_sequence_privilege_id_id(), has_sequence_privilege_name_id(), has_table_privilege_id(), has_table_privilege_id_id(), has_table_privilege_name_id(), and pg_class_aclcheck().

◆ pg_class_aclmask()

AclMode pg_class_aclmask ( Oid  table_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)

Definition at line 3325 of file aclchk.c.

3327 {
3328  return pg_class_aclmask_ext(table_oid, roleid, mask, how, NULL);
3329 }

References pg_class_aclmask_ext().

Referenced by ExecCheckOneRelPerms(), and pg_aclmask().

◆ pg_class_aclmask_ext()

static AclMode pg_class_aclmask_ext ( Oid  table_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
bool is_missing 
)
static

Definition at line 3335 of file aclchk.c.

3337 {
3338  AclMode result;
3339  HeapTuple tuple;
3340  Form_pg_class classForm;
3341  Datum aclDatum;
3342  bool isNull;
3343  Acl *acl;
3344  Oid ownerId;
3345 
3346  /*
3347  * Must get the relation's tuple from pg_class
3348  */
3349  tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(table_oid));
3350  if (!HeapTupleIsValid(tuple))
3351  {
3352  if (is_missing != NULL)
3353  {
3354  /* return "no privileges" instead of throwing an error */
3355  *is_missing = true;
3356  return 0;
3357  }
3358  else
3359  ereport(ERROR,
3361  errmsg("relation with OID %u does not exist",
3362  table_oid)));
3363  }
3364 
3365  classForm = (Form_pg_class) GETSTRUCT(tuple);
3366 
3367  /*
3368  * Deny anyone permission to update a system catalog unless
3369  * pg_authid.rolsuper is set.
3370  *
3371  * As of 7.4 we have some updatable system views; those shouldn't be
3372  * protected in this way. Assume the view rules can take care of
3373  * themselves. ACL_USAGE is if we ever have system sequences.
3374  */
3375  if ((mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE | ACL_USAGE)) &&
3376  IsSystemClass(table_oid, classForm) &&
3377  classForm->relkind != RELKIND_VIEW &&
3378  !superuser_arg(roleid))
3380 
3381  /*
3382  * Otherwise, superusers bypass all permission-checking.
3383  */
3384  if (superuser_arg(roleid))
3385  {
3386  ReleaseSysCache(tuple);
3387  return mask;
3388  }
3389 
3390  /*
3391  * Normal case: get the relation's ACL from pg_class
3392  */
3393  ownerId = classForm->relowner;
3394 
3395  aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
3396  &isNull);
3397  if (isNull)
3398  {
3399  /* No ACL, so build default ACL */
3400  switch (classForm->relkind)
3401  {
3402  case RELKIND_SEQUENCE:
3403  acl = acldefault(OBJECT_SEQUENCE, ownerId);
3404  break;
3405  default:
3406  acl = acldefault(OBJECT_TABLE, ownerId);
3407  break;
3408  }
3409  aclDatum = (Datum) 0;
3410  }
3411  else
3412  {
3413  /* detoast rel's ACL if necessary */
3414  acl = DatumGetAclP(aclDatum);
3415  }
3416 
3417  result = aclmask(acl, roleid, ownerId, mask, how);
3418 
3419  /* if we have a detoasted copy, free it */
3420  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3421  pfree(acl);
3422 
3423  ReleaseSysCache(tuple);
3424 
3425  /*
3426  * Check if ACL_SELECT is being checked and, if so, and not set already as
3427  * part of the result, then check if the user is a member of the
3428  * pg_read_all_data role, which allows read access to all relations.
3429  */
3430  if (mask & ACL_SELECT && !(result & ACL_SELECT) &&
3431  has_privs_of_role(roleid, ROLE_PG_READ_ALL_DATA))
3432  result |= ACL_SELECT;
3433 
3434  /*
3435  * Check if ACL_INSERT, ACL_UPDATE, or ACL_DELETE is being checked and, if
3436  * so, and not set already as part of the result, then check if the user
3437  * is a member of the pg_write_all_data role, which allows
3438  * INSERT/UPDATE/DELETE access to all relations (except system catalogs,
3439  * which requires superuser, see above).
3440  */
3441  if (mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE) &&
3442  !(result & (ACL_INSERT | ACL_UPDATE | ACL_DELETE)) &&
3443  has_privs_of_role(roleid, ROLE_PG_WRITE_ALL_DATA))
3444  result |= (mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE));
3445 
3446  return result;
3447 }
bool IsSystemClass(Oid relid, Form_pg_class reltuple)
Definition: catalog.c:87
#define ACL_DELETE
Definition: parsenodes.h:79
#define ACL_USAGE
Definition: parsenodes.h:84
#define ACL_INSERT
Definition: parsenodes.h:76
#define ACL_UPDATE
Definition: parsenodes.h:78
#define ACL_TRUNCATE
Definition: parsenodes.h:80

References ACL_DELETE, ACL_INSERT, ACL_SELECT, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, acldefault(), aclmask(), DatumGetAclP, DatumGetPointer(), ereport, errcode(), ERRCODE_UNDEFINED_TABLE, errmsg(), ERROR, GETSTRUCT, has_privs_of_role(), HeapTupleIsValid, IsSystemClass(), OBJECT_SEQUENCE, OBJECT_TABLE, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by pg_class_aclcheck_ext(), and pg_class_aclmask().

◆ pg_largeobject_aclcheck_snapshot()

AclResult pg_largeobject_aclcheck_snapshot ( Oid  lobj_oid,
Oid  roleid,
AclMode  mode,
Snapshot  snapshot 
)

Definition at line 4118 of file aclchk.c.

4120 {
4121  if (pg_largeobject_aclmask_snapshot(lobj_oid, roleid, mode,
4122  ACLMASK_ANY, snapshot) != 0)
4123  return ACLCHECK_OK;
4124  else
4125  return ACLCHECK_NO_PRIV;
4126 }

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, and pg_largeobject_aclmask_snapshot().

Referenced by be_lo_put(), and inv_open().

◆ pg_largeobject_aclmask_snapshot()

static AclMode pg_largeobject_aclmask_snapshot ( Oid  lobj_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
Snapshot  snapshot 
)
static

Definition at line 3577 of file aclchk.c.

3580 {
3581  AclMode result;
3582  Relation pg_lo_meta;
3583  ScanKeyData entry[1];
3584  SysScanDesc scan;
3585  HeapTuple tuple;
3586  Datum aclDatum;
3587  bool isNull;
3588  Acl *acl;
3589  Oid ownerId;
3590 
3591  /* Superusers bypass all permission checking. */
3592  if (superuser_arg(roleid))
3593  return mask;
3594 
3595  /*
3596  * Get the largeobject's ACL from pg_largeobject_metadata
3597  */
3598  pg_lo_meta = table_open(LargeObjectMetadataRelationId,
3599  AccessShareLock);
3600 
3601  ScanKeyInit(&entry[0],
3602  Anum_pg_largeobject_metadata_oid,
3603  BTEqualStrategyNumber, F_OIDEQ,
3604  ObjectIdGetDatum(lobj_oid));
3605 
3606  scan = systable_beginscan(pg_lo_meta,
3607  LargeObjectMetadataOidIndexId, true,
3608  snapshot, 1, entry);
3609 
3610  tuple = systable_getnext(scan);
3611  if (!HeapTupleIsValid(tuple))
3612  ereport(ERROR,
3613  (errcode(ERRCODE_UNDEFINED_OBJECT),
3614  errmsg("large object %u does not exist", lobj_oid)));
3615 
3616  ownerId = ((Form_pg_largeobject_metadata) GETSTRUCT(tuple))->lomowner;
3617 
3618  aclDatum = heap_getattr(tuple, Anum_pg_largeobject_metadata_lomacl,
3619  RelationGetDescr(pg_lo_meta), &isNull);
3620 
3621  if (isNull)
3622  {
3623  /* No ACL, so build default ACL */
3624  acl = acldefault(OBJECT_LARGEOBJECT, ownerId);
3625  aclDatum = (Datum) 0;
3626  }
3627  else
3628  {
3629  /* detoast ACL if necessary */
3630  acl = DatumGetAclP(aclDatum);
3631  }
3632 
3633  result = aclmask(acl, roleid, ownerId, mask, how);
3634 
3635  /* if we have a detoasted copy, free it */
3636  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3637  pfree(acl);
3638 
3639  systable_endscan(scan);
3640 
3641  table_close(pg_lo_meta, AccessShareLock);
3642 
3643  return result;
3644 }

References AccessShareLock, acldefault(), aclmask(), BTEqualStrategyNumber, DatumGetAclP, DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, GETSTRUCT, heap_getattr(), HeapTupleIsValid, OBJECT_LARGEOBJECT, ObjectIdGetDatum(), pfree(), RelationGetDescr, ScanKeyInit(), superuser_arg(), systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by pg_aclmask(), and pg_largeobject_aclcheck_snapshot().

◆ pg_namespace_aclmask_ext()

static AclMode pg_namespace_aclmask_ext ( Oid  nsp_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
bool is_missing 
)
static

Definition at line 3650 of file aclchk.c.

3653 {
3654  AclMode result;
3655  HeapTuple tuple;
3656  Datum aclDatum;
3657  bool isNull;
3658  Acl *acl;
3659  Oid ownerId;
3660 
3661  /* Superusers bypass all permission checking. */
3662  if (superuser_arg(roleid))
3663  return mask;
3664 
3665  /*
3666  * If we have been assigned this namespace as a temp namespace, check to
3667  * make sure we have CREATE TEMP permission on the database, and if so act
3668  * as though we have all standard (but not GRANT OPTION) permissions on
3669  * the namespace. If we don't have CREATE TEMP, act as though we have
3670  * only USAGE (and not CREATE) rights.
3671  *
3672  * This may seem redundant given the check in InitTempTableNamespace, but
3673  * it really isn't since current user ID may have changed since then. The
3674  * upshot of this behavior is that a SECURITY DEFINER function can create
3675  * temp tables that can then be accessed (if permission is granted) by
3676  * code in the same session that doesn't have permissions to create temp
3677  * tables.
3678  *
3679  * XXX Would it be safe to ereport a special error message as
3680  * InitTempTableNamespace does? Returning zero here means we'll get a
3681  * generic "permission denied for schema pg_temp_N" message, which is not
3682  * remarkably user-friendly.
3683  */
3684  if (isTempNamespace(nsp_oid))
3685  {
3686  if (object_aclcheck_ext(DatabaseRelationId, MyDatabaseId, roleid,
3687  ACL_CREATE_TEMP, is_missing) == ACLCHECK_OK)
3688  return mask & ACL_ALL_RIGHTS_SCHEMA;
3689  else
3690  return mask & ACL_USAGE;
3691  }
3692 
3693  /*
3694  * Get the schema's ACL from pg_namespace
3695  */
3696  tuple = SearchSysCache1(NAMESPACEOID, ObjectIdGetDatum(nsp_oid));
3697  if (!HeapTupleIsValid(tuple))
3698  {
3699  if (is_missing != NULL)
3700  {
3701  /* return "no privileges" instead of throwing an error */
3702  *is_missing = true;
3703  return 0;
3704  }
3705  else
3706  ereport(ERROR,
3707  (errcode(ERRCODE_UNDEFINED_SCHEMA),
3708  errmsg("schema with OID %u does not exist", nsp_oid)));
3709  }
3710 
3711  ownerId = ((Form_pg_namespace) GETSTRUCT(tuple))->nspowner;
3712 
3713  aclDatum = SysCacheGetAttr(NAMESPACEOID, tuple, Anum_pg_namespace_nspacl,
3714  &isNull);
3715  if (isNull)
3716  {
3717  /* No ACL, so build default ACL */
3718  acl = acldefault(OBJECT_SCHEMA, ownerId);
3719  aclDatum = (Datum) 0;
3720  }
3721  else
3722  {
3723  /* detoast ACL if necessary */
3724  acl = DatumGetAclP(aclDatum);
3725  }
3726 
3727  result = aclmask(acl, roleid, ownerId, mask, how);
3728 
3729  /* if we have a detoasted copy, free it */
3730  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3731  pfree(acl);
3732 
3733  ReleaseSysCache(tuple);
3734 
3735  /*
3736  * Check if ACL_USAGE is being checked and, if so, and not set already as
3737  * part of the result, then check if the user is a member of the
3738  * pg_read_all_data or pg_write_all_data roles, which allow usage access
3739  * to all schemas.
3740  */
3741  if (mask & ACL_USAGE && !(result & ACL_USAGE) &&
3742  (has_privs_of_role(roleid, ROLE_PG_READ_ALL_DATA) ||
3743  has_privs_of_role(roleid, ROLE_PG_WRITE_ALL_DATA)))
3744  result |= ACL_USAGE;
3745  return result;
3746 }
Oid MyDatabaseId
Definition: globals.c:90
bool isTempNamespace(Oid namespaceId)
Definition: namespace.c:3634
#define ACL_CREATE_TEMP
Definition: parsenodes.h:86
FormData_pg_namespace * Form_pg_namespace
Definition: pg_namespace.h:52

References ACL_ALL_RIGHTS_SCHEMA, ACL_CREATE_TEMP, ACL_USAGE, ACLCHECK_OK, acldefault(), aclmask(), DatumGetAclP, DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, GETSTRUCT, has_privs_of_role(), HeapTupleIsValid, isTempNamespace(), MyDatabaseId, object_aclcheck_ext(), OBJECT_SCHEMA, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by object_aclmask_ext().

◆ pg_parameter_acl_aclmask()

static AclMode pg_parameter_acl_aclmask ( Oid  acl_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 3518 of file aclchk.c.

3519 {
3520  AclMode result;
3521  HeapTuple tuple;
3522  Datum aclDatum;
3523  bool isNull;
3524  Acl *acl;
3525 
3526  /* Superusers bypass all permission checking. */
3527  if (superuser_arg(roleid))
3528  return mask;
3529 
3530  /* Get the ACL from pg_parameter_acl */
3531  tuple = SearchSysCache1(PARAMETERACLOID, ObjectIdGetDatum(acl_oid));
3532  if (!HeapTupleIsValid(tuple))
3533  ereport(ERROR,
3534  (errcode(ERRCODE_UNDEFINED_OBJECT),
3535  errmsg("parameter ACL with OID %u does not exist",
3536  acl_oid)));
3537 
3538  aclDatum = SysCacheGetAttr(PARAMETERACLOID, tuple,
3539  Anum_pg_parameter_acl_paracl,
3540  &isNull);
3541  if (isNull)
3542  {
3543  /* No ACL, so build default ACL */
3544  acl = acldefault(OBJECT_PARAMETER_ACL, BOOTSTRAP_SUPERUSERID);
3545  aclDatum = (Datum) 0;
3546  }
3547  else
3548  {
3549  /* detoast ACL if necessary */
3550  acl = DatumGetAclP(aclDatum);
3551  }
3552 
3553  result = aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3554 
3555  /* if we have a detoasted copy, free it */
3556  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3557  pfree(acl);
3558 
3559  ReleaseSysCache(tuple);
3560 
3561  return result;
3562 }

References acldefault(), aclmask(), DatumGetAclP, DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, HeapTupleIsValid, OBJECT_PARAMETER_ACL, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by pg_aclmask().

◆ pg_parameter_aclcheck()

AclResult pg_parameter_aclcheck ( const char *  name,
Oid  roleid,
AclMode  mode 
)

Definition at line 4106 of file aclchk.c.

4107 {
4108  if (pg_parameter_aclmask(name, roleid, mode, ACLMASK_ANY) != 0)
4109  return ACLCHECK_OK;
4110  else
4111  return ACLCHECK_NO_PRIV;
4112 }
static AclMode pg_parameter_aclmask(const char *name, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3454
const char * name

References ACLCHECK_NO_PRIV, ACLCHECK_OK, ACLMASK_ANY, mode, name, and pg_parameter_aclmask().

Referenced by AlterSystemSetConfigFile(), has_param_priv_byname(), set_config_with_handle(), and validate_option_array_item().

◆ pg_parameter_aclmask()

static AclMode pg_parameter_aclmask ( const char *  name,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 3454 of file aclchk.c.

3455 {
3456  AclMode result;
3457  char *parname;
3458  text *partext;
3459  HeapTuple tuple;
3460 
3461  /* Superusers bypass all permission checking. */
3462  if (superuser_arg(roleid))
3463  return mask;
3464 
3465  /* Convert name to the form it should have in pg_parameter_acl... */
3467  partext = cstring_to_text(parname);
3468 
3469  /* ... and look it up */
3470  tuple = SearchSysCache1(PARAMETERACLNAME, PointerGetDatum(partext));
3471 
3472  if (!HeapTupleIsValid(tuple))
3473  {
3474  /* If no entry, GUC has no permissions for non-superusers */
3475  result = ACL_NO_RIGHTS;
3476  }
3477  else
3478  {
3479  Datum aclDatum;
3480  bool isNull;
3481  Acl *acl;
3482 
3483  aclDatum = SysCacheGetAttr(PARAMETERACLNAME, tuple,
3484  Anum_pg_parameter_acl_paracl,
3485  &isNull);
3486  if (isNull)
3487  {
3488  /* No ACL, so build default ACL */
3489  acl = acldefault(OBJECT_PARAMETER_ACL, BOOTSTRAP_SUPERUSERID);
3490  aclDatum = (Datum) 0;
3491  }
3492  else
3493  {
3494  /* detoast ACL if necessary */
3495  acl = DatumGetAclP(aclDatum);
3496  }
3497 
3498  result = aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3499 
3500  /* if we have a detoasted copy, free it */
3501  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3502  pfree(acl);
3503 
3504  ReleaseSysCache(tuple);
3505  }
3506 
3507  pfree(parname);
3508  pfree(partext);
3509 
3510  return result;
3511 }
char * convert_GUC_name_for_parameter_acl(const char *name)
Definition: guc.c:1369
Definition: c.h:676
text * cstring_to_text(const char *s)
Definition: varlena.c:184

References ACL_NO_RIGHTS, acldefault(), aclmask(), convert_GUC_name_for_parameter_acl(), cstring_to_text(), DatumGetAclP, DatumGetPointer(), HeapTupleIsValid, name, OBJECT_PARAMETER_ACL, pfree(), PointerGetDatum(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by pg_parameter_aclcheck().

◆ pg_type_aclmask_ext()

static AclMode pg_type_aclmask_ext ( Oid  type_oid,
Oid  roleid,
AclMode  mask,
AclMaskHow  how,
bool is_missing 
)
static

Definition at line 3752 of file aclchk.c.

3754 {
3755  AclMode result;
3756  HeapTuple tuple;
3757  Form_pg_type typeForm;
3758  Datum aclDatum;
3759  bool isNull;
3760  Acl *acl;
3761  Oid ownerId;
3762 
3763  /* Bypass permission checks for superusers */
3764  if (superuser_arg(roleid))
3765  return mask;
3766 
3767  /*
3768  * Must get the type's tuple from pg_type
3769  */
3770  tuple = SearchSysCache1(TYPEOID, ObjectIdGetDatum(type_oid));
3771  if (!HeapTupleIsValid(tuple))
3772  {
3773  if (is_missing != NULL)
3774  {
3775  /* return "no privileges" instead of throwing an error */
3776  *is_missing = true;
3777  return 0;
3778  }
3779  else
3780  ereport(ERROR,
3781  (errcode(ERRCODE_UNDEFINED_OBJECT),
3782  errmsg("type with OID %u does not exist",
3783  type_oid)));
3784  }
3785  typeForm = (Form_pg_type) GETSTRUCT(tuple);
3786 
3787  /*
3788  * "True" array types don't manage permissions of their own; consult the
3789  * element type instead.
3790  */
3791  if (IsTrueArrayType(typeForm))
3792  {
3793  Oid elttype_oid = typeForm->typelem;
3794 
3795  ReleaseSysCache(tuple);
3796 
3797  tuple = SearchSysCache1(TYPEOID, ObjectIdGetDatum(elttype_oid));
3798  if (!HeapTupleIsValid(tuple))
3799  {
3800  if (is_missing != NULL)
3801  {
3802  /* return "no privileges" instead of throwing an error */
3803  *is_missing = true;
3804  return 0;
3805  }
3806  else
3807  ereport(ERROR,
3808  (errcode(ERRCODE_UNDEFINED_OBJECT),
3809  errmsg("type with OID %u does not exist",
3810  elttype_oid)));
3811  }
3812  typeForm = (Form_pg_type) GETSTRUCT(tuple);
3813  }
3814 
3815  /*
3816  * Likewise, multirange types don't manage their own permissions; consult
3817  * the associated range type. (Note we must do this after the array step
3818  * to get the right answer for arrays of multiranges.)
3819  */
3820  if (typeForm->typtype == TYPTYPE_MULTIRANGE)
3821  {
3822  Oid rangetype = get_multirange_range(typeForm->oid);
3823 
3824  ReleaseSysCache(tuple);
3825 
3826  tuple = SearchSysCache1(TYPEOID, ObjectIdGetDatum(rangetype));
3827  if (!HeapTupleIsValid(tuple))
3828  {
3829  if (is_missing != NULL)
3830  {
3831  /* return "no privileges" instead of throwing an error */
3832  *is_missing = true;
3833  return 0;
3834  }
3835  else
3836  ereport(ERROR,
3837  (errcode(ERRCODE_UNDEFINED_OBJECT),
3838  errmsg("type with OID %u does not exist",
3839  rangetype)));
3840  }
3841  typeForm = (Form_pg_type) GETSTRUCT(tuple);
3842  }
3843 
3844  /*
3845  * Now get the type's owner and ACL from the tuple
3846  */
3847  ownerId = typeForm->typowner;
3848 
3849  aclDatum = SysCacheGetAttr(TYPEOID, tuple,
3850  Anum_pg_type_typacl, &isNull);
3851  if (isNull)
3852  {
3853  /* No ACL, so build default ACL */
3854  acl = acldefault(OBJECT_TYPE, ownerId);
3855  aclDatum = (Datum) 0;
3856  }
3857  else
3858  {
3859  /* detoast rel's ACL if necessary */
3860  acl = DatumGetAclP(aclDatum);
3861  }
3862 
3863  result = aclmask(acl, roleid, ownerId, mask, how);
3864 
3865  /* if we have a detoasted copy, free it */
3866  if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
3867  pfree(acl);
3868 
3869  ReleaseSysCache(tuple);
3870 
3871  return result;
3872 }
Oid get_multirange_range(Oid multirangeOid)
Definition: lsyscache.c:3438

References acldefault(), aclmask(), DatumGetAclP, DatumGetPointer(), ereport, errcode(), errmsg(), ERROR, get_multirange_range(), GETSTRUCT, HeapTupleIsValid, OBJECT_TYPE, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache1(), superuser_arg(), and SysCacheGetAttr().

Referenced by object_aclmask_ext().

◆ privilege_to_string()

static const char * privilege_to_string ( AclMode  privilege)
static

Definition at line 2656 of file aclchk.c.

2657 {
2658  switch (privilege)
2659  {
2660  case ACL_INSERT:
2661  return "INSERT";
2662  case ACL_SELECT:
2663  return "SELECT";
2664  case ACL_UPDATE:
2665  return "UPDATE";
2666  case ACL_DELETE:
2667  return "DELETE";
2668  case ACL_TRUNCATE:
2669  return "TRUNCATE";
2670  case ACL_REFERENCES:
2671  return "REFERENCES";
2672  case ACL_TRIGGER:
2673  return "TRIGGER";
2674  case ACL_EXECUTE:
2675  return "EXECUTE";
2676  case ACL_USAGE:
2677  return "USAGE";
2678  case ACL_CREATE:
2679  return "CREATE";
2680  case ACL_CREATE_TEMP:
2681  return "TEMP";
2682  case ACL_CONNECT:
2683  return "CONNECT";
2684  case ACL_SET:
2685  return "SET";
2686  case ACL_ALTER_SYSTEM:
2687  return "ALTER SYSTEM";
2688  default:
2689  elog(ERROR, "unrecognized privilege: %d", (int) privilege);
2690  }
2691  return NULL; /* appease compiler */
2692 }
#define ACL_SET
Definition: parsenodes.h:88
#define ACL_CONNECT
Definition: parsenodes.h:87
#define ACL_ALTER_SYSTEM
Definition: parsenodes.h:89
#define ACL_REFERENCES
Definition: parsenodes.h:81
#define ACL_EXECUTE
Definition: parsenodes.h:83
#define ACL_CREATE
Definition: parsenodes.h:85
#define ACL_TRIGGER
Definition: parsenodes.h:82

References ACL_ALTER_SYSTEM, ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_REFERENCES, ACL_SELECT, ACL_SET, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, elog(), and ERROR.

Referenced by ExecAlterDefaultPrivilegesStmt(), ExecGrant_Relation(), and ExecuteGrantStmt().

◆ recordDependencyOnNewAcl()

void recordDependencyOnNewAcl ( Oid  classId,
Oid  objectId,
int32  objsubId,
Oid  ownerId,
Acl acl 
)

Definition at line 4367 of file aclchk.c.

4369 {
4370  int nmembers;
4371  Oid *members;
4372 
4373  /* Nothing to do if ACL is defaulted */
4374  if (acl == NULL)
4375  return;
4376 
4377  /* Extract roles mentioned in ACL */
4378  nmembers = aclmembers(acl, &members);
4379 
4380  /* Update the shared dependency ACL info */
4381  updateAclDependencies(classId, objectId, objsubId,
4382  ownerId,
4383  0, NULL,
4384  nmembers, members);
4385 }

References aclmembers(), and updateAclDependencies().

Referenced by GenerateTypeDependencies(), heap_create_with_catalog(), NamespaceCreate(), and ProcedureCreate().

◆ recordExtensionInitPriv()

static void recordExtensionInitPriv ( Oid  objoid,
Oid  classoid,
int  objsubid,
Acl new_acl 
)
static

Definition at line 4640 of file aclchk.c.

4641 {
4642  /*
4643  * Generally, we only record the initial privileges when an extension is
4644  * being created, but because we don't actually use CREATE EXTENSION
4645  * during binary upgrades with pg_upgrade, there is a variable to let us
4646  * know that the GRANT and REVOKE statements being issued, while this
4647  * variable is true, are for the initial privileges of the extension
4648  * object and therefore we need to record them.
4649  */
4651  return;
4652 
4653  recordExtensionInitPrivWorker(objoid, classoid, objsubid, new_acl);
4654 }
static void recordExtensionInitPrivWorker(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
Definition: aclchk.c:4669
bool binary_upgrade_record_init_privs
Definition: aclchk.c:126
bool creating_extension
Definition: extension.c:73

References binary_upgrade_record_init_privs, creating_extension, and recordExtensionInitPrivWorker().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), and ExecGrant_Relation().

◆ recordExtensionInitPrivWorker()

static void recordExtensionInitPrivWorker ( Oid  objoid,
Oid  classoid,
int  objsubid,
Acl new_acl 
)
static

Definition at line 4669 of file aclchk.c.

4670 {
4671  Relation relation;
4672  ScanKeyData key[3];
4673  SysScanDesc scan;
4674  HeapTuple tuple;
4675  HeapTuple oldtuple;
4676 
4677  relation = table_open(InitPrivsRelationId, RowExclusiveLock);
4678 
4679  ScanKeyInit(&key[0],
4680  Anum_pg_init_privs_objoid,
4681  BTEqualStrategyNumber, F_OIDEQ,
4682  ObjectIdGetDatum(objoid));
4683  ScanKeyInit(&key[1],
4684  Anum_pg_init_privs_classoid,
4685  BTEqualStrategyNumber, F_OIDEQ,
4686  ObjectIdGetDatum(classoid));
4687  ScanKeyInit(&key[2],
4688  Anum_pg_init_privs_objsubid,
4689  BTEqualStrategyNumber, F_INT4EQ,
4690  Int32GetDatum(objsubid));
4691 
4692  scan = systable_beginscan(relation, InitPrivsObjIndexId, true,
4693  NULL, 3, key);
4694 
4695  /* There should exist only one entry or none. */
4696  oldtuple = systable_getnext(scan);
4697 
4698  /* If we find an entry, update it with the latest ACL. */
4699  if (HeapTupleIsValid(oldtuple))
4700  {
4701  Datum values[Natts_pg_init_privs] = {0};
4702  bool nulls[Natts_pg_init_privs] = {0};
4703  bool replace[Natts_pg_init_privs] = {0};
4704 
4705  /* If we have a new ACL to set, then update the row with it. */
4706  if (new_acl)
4707  {
4708  values[Anum_pg_init_privs_initprivs - 1] = PointerGetDatum(new_acl);
4709  replace[Anum_pg_init_privs_initprivs - 1] = true;
4710 
4711  oldtuple = heap_modify_tuple(oldtuple, RelationGetDescr(relation),
4712  values, nulls, replace);
4713 
4714  CatalogTupleUpdate(relation, &oldtuple->t_self, oldtuple);
4715  }
4716  else
4717  {
4718  /* new_acl is NULL, so delete the entry we found. */
4719  CatalogTupleDelete(relation, &oldtuple->t_self);
4720  }
4721  }
4722  else
4723  {
4724  Datum values[Natts_pg_init_privs] = {0};
4725  bool nulls[Natts_pg_init_privs] = {0};
4726 
4727  /*
4728  * Only add a new entry if the new ACL is non-NULL.
4729  *
4730  * If we are passed in a NULL ACL and no entry exists, we can just
4731  * fall through and do nothing.
4732  */
4733  if (new_acl)
4734  {
4735  /* No entry found, so add it. */
4736  values[Anum_pg_init_privs_objoid - 1] = ObjectIdGetDatum(objoid);
4737  values[Anum_pg_init_privs_classoid - 1] = ObjectIdGetDatum(classoid);
4738  values[Anum_pg_init_privs_objsubid - 1] = Int32GetDatum(objsubid);
4739 
4740  /* This function only handles initial privileges of extensions */
4741  values[Anum_pg_init_privs_privtype - 1] =
4743 
4744  values[Anum_pg_init_privs_initprivs - 1] = PointerGetDatum(new_acl);
4745 
4746  tuple = heap_form_tuple(RelationGetDescr(relation), values, nulls);
4747 
4748  CatalogTupleInsert(relation, tuple);
4749  }
4750  }
4751 
4752  systable_endscan(scan);
4753 
4754  /* prevent error when processing objects multiple times */
4756 
4757  table_close(relation, RowExclusiveLock);
4758 }
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
Definition: heaptuple.c:1117
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
Definition: indexing.c:233
@ INITPRIVS_EXTENSION
Definition: pg_init_privs.h:80
static Datum Int32GetDatum(int32 X)
Definition: postgres.h:212

References BTEqualStrategyNumber, CatalogTupleDelete(), CatalogTupleInsert(), CatalogTupleUpdate(), CharGetDatum(), CommandCounterIncrement(), heap_form_tuple(), heap_modify_tuple(), HeapTupleIsValid, INITPRIVS_EXTENSION, Int32GetDatum(), sort-test::key, ObjectIdGetDatum(), PointerGetDatum(), RelationGetDescr, RowExclusiveLock, ScanKeyInit(), systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), table_open(), and values.

Referenced by recordExtensionInitPriv(), recordExtObjInitPriv(), and removeExtObjInitPriv().

◆ recordExtObjInitPriv()

void recordExtObjInitPriv ( Oid  objoid,
Oid  classoid 
)

Definition at line 4394 of file aclchk.c.

4395 {
4396  /*
4397  * pg_class / pg_attribute
4398  *
4399  * If this is a relation then we need to see if there are any sub-objects
4400  * (eg: columns) for it and, if so, be sure to call
4401  * recordExtensionInitPrivWorker() for each one.
4402  */
4403  if (classoid == RelationRelationId)
4404  {
4405  Form_pg_class pg_class_tuple;
4406  Datum aclDatum;
4407  bool isNull;
4408  HeapTuple tuple;
4409 
4410  tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(objoid));
4411  if (!HeapTupleIsValid(tuple))
4412  elog(ERROR, "cache lookup failed for relation %u", objoid);
4413  pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
4414 
4415  /*
4416  * Indexes don't have permissions, neither do the pg_class rows for
4417  * composite types. (These cases are unreachable given the
4418  * restrictions in ALTER EXTENSION ADD, but let's check anyway.)
4419  */
4420  if (pg_class_tuple->relkind == RELKIND_INDEX ||
4421  pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4422  pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4423  {
4424  ReleaseSysCache(tuple);
4425  return;
4426  }
4427 
4428  /*
4429  * If this isn't a sequence then it's possibly going to have
4430  * column-level ACLs associated with it.
4431  */
4432  if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4433  {
4434  AttrNumber curr_att;
4435  AttrNumber nattrs = pg_class_tuple->relnatts;
4436 
4437  for (curr_att = 1; curr_att <= nattrs; curr_att++)
4438  {
4439  HeapTuple attTuple;
4440  Datum attaclDatum;
4441 
4442  attTuple = SearchSysCache2(ATTNUM,
4443  ObjectIdGetDatum(objoid),
4444  Int16GetDatum(curr_att));
4445 
4446  if (!HeapTupleIsValid(attTuple))
4447  continue;
4448 
4449  /* ignore dropped columns */
4450  if (((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped)
4451  {
4452  ReleaseSysCache(attTuple);
4453  continue;
4454  }
4455 
4456  attaclDatum = SysCacheGetAttr(ATTNUM, attTuple,
4457  Anum_pg_attribute_attacl,
4458  &isNull);
4459 
4460  /* no need to do anything for a NULL ACL */
4461  if (isNull)
4462  {
4463  ReleaseSysCache(attTuple);
4464  continue;
4465  }
4466 
4467  recordExtensionInitPrivWorker(objoid, classoid, curr_att,
4468  DatumGetAclP(attaclDatum));
4469 
4470  ReleaseSysCache(attTuple);
4471  }
4472  }
4473 
4474  aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
4475  &isNull);
4476 
4477  /* Add the record, if any, for the top-level object */
4478  if (!isNull)
4479  recordExtensionInitPrivWorker(objoid, classoid, 0,
4480  DatumGetAclP(aclDatum));
4481 
4482  ReleaseSysCache(tuple);
4483  }
4484  else if (classoid == LargeObjectRelationId)
4485  {
4486  /* For large objects, we must consult pg_largeobject_metadata */
4487  Datum aclDatum;
4488  bool isNull;
4489  HeapTuple tuple;
4490  ScanKeyData entry[1];
4491  SysScanDesc scan;
4492  Relation relation;
4493 
4494  /*
4495  * Note: this is dead code, given that we don't allow large objects to
4496  * be made extension members. But it seems worth carrying in case
4497  * some future caller of this function has need for it.
4498  */
4499  relation = table_open(LargeObjectMetadataRelationId, RowExclusiveLock);
4500 
4501  /* There's no syscache for pg_largeobject_metadata */
4502  ScanKeyInit(&entry[0],
4503  Anum_pg_largeobject_metadata_oid,
4504  BTEqualStrategyNumber, F_OIDEQ,
4505  ObjectIdGetDatum(objoid));
4506 
4507  scan = systable_beginscan(relation,
4508  LargeObjectMetadataOidIndexId, true,
4509  NULL, 1, entry);
4510 
4511  tuple = systable_getnext(scan);
4512  if (!HeapTupleIsValid(tuple))
4513  elog(ERROR, "could not find tuple for large object %u", objoid);
4514 
4515  aclDatum = heap_getattr(tuple,
4516  Anum_pg_largeobject_metadata_lomacl,
4517  RelationGetDescr(relation), &isNull);
4518 
4519  /* Add the record, if any, for the top-level object */
4520  if (!isNull)
4521  recordExtensionInitPrivWorker(objoid, classoid, 0,
4522  DatumGetAclP(aclDatum));
4523 
4524  systable_endscan(scan);
4525  }
4526  /* This will error on unsupported classoid. */
4527  else if (get_object_attnum_acl(classoid) != InvalidAttrNumber)
4528  {
4529  Datum aclDatum;
4530  bool isNull;
4531  HeapTuple tuple;
4532 
4533  tuple = SearchSysCache1(get_object_catcache_oid(classoid),
4534  ObjectIdGetDatum(objoid));
4535  if (!HeapTupleIsValid(tuple))
4536  elog(ERROR, "cache lookup failed for %s %u",
4537  get_object_class_descr(classoid), objoid);
4538 
4539  aclDatum = SysCacheGetAttr(get_object_catcache_oid(classoid), tuple,
4540  get_object_attnum_acl(classoid),
4541  &isNull);
4542 
4543  /* Add the record, if any, for the top-level object */
4544  if (!isNull)
4545  recordExtensionInitPrivWorker(objoid, classoid, 0,
4546  DatumGetAclP(aclDatum));
4547 
4548  ReleaseSysCache(tuple);
4549  }
4550 }

References BTEqualStrategyNumber, DatumGetAclP, elog(), ERROR, get_object_attnum_acl(), get_object_catcache_oid(), get_object_class_descr(), GETSTRUCT, heap_getattr(), HeapTupleIsValid, Int16GetDatum(), InvalidAttrNumber, ObjectIdGetDatum(), recordExtensionInitPrivWorker(), RelationGetDescr, ReleaseSysCache(), RowExclusiveLock, ScanKeyInit(), SearchSysCache1(), SearchSysCache2(), SysCacheGetAttr(), systable_beginscan(), systable_endscan(), systable_getnext(), and table_open().

Referenced by ExecAlterExtensionContentsStmt().

◆ removeExtObjInitPriv()

void removeExtObjInitPriv ( Oid  objoid,
Oid  classoid 
)

Definition at line 4557 of file aclchk.c.

4558 {
4559  /*
4560  * If this is a relation then we need to see if there are any sub-objects
4561  * (eg: columns) for it and, if so, be sure to call
4562  * recordExtensionInitPrivWorker() for each one.
4563  */
4564  if (classoid == RelationRelationId)
4565  {
4566  Form_pg_class pg_class_tuple;
4567  HeapTuple tuple;
4568 
4569  tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(objoid));
4570  if (!HeapTupleIsValid(tuple))
4571  elog(ERROR, "cache lookup failed for relation %u", objoid);
4572  pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
4573 
4574  /*
4575  * Indexes don't have permissions, neither do the pg_class rows for
4576  * composite types. (These cases are unreachable given the
4577  * restrictions in ALTER EXTENSION DROP, but let's check anyway.)
4578  */
4579  if (pg_class_tuple->relkind == RELKIND_INDEX ||
4580  pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4581  pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4582  {
4583  ReleaseSysCache(tuple);
4584  return;
4585  }
4586 
4587  /*
4588  * If this isn't a sequence then it's possibly going to have
4589  * column-level ACLs associated with it.
4590  */
4591  if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4592  {
4593  AttrNumber curr_att;
4594  AttrNumber nattrs = pg_class_tuple->relnatts;
4595 
4596  for (curr_att = 1; curr_att <= nattrs; curr_att++)
4597  {
4598  HeapTuple attTuple;
4599 
4600  attTuple = SearchSysCache2(ATTNUM,
4601  ObjectIdGetDatum(objoid),
4602  Int16GetDatum(curr_att));
4603 
4604  if (!HeapTupleIsValid(attTuple))
4605  continue;
4606 
4607  /* when removing, remove all entries, even dropped columns */
4608 
4609  recordExtensionInitPrivWorker(objoid, classoid, curr_att, NULL);
4610 
4611  ReleaseSysCache(attTuple);
4612  }
4613  }
4614 
4615  ReleaseSysCache(tuple);
4616  }
4617 
4618  /* Remove the record, if any, for the top-level object */
4619  recordExtensionInitPrivWorker(objoid, classoid, 0, NULL);
4620 }

References elog(), ERROR, GETSTRUCT, HeapTupleIsValid, Int16GetDatum(), ObjectIdGetDatum(), recordExtensionInitPrivWorker(), ReleaseSysCache(), SearchSysCache1(), and SearchSysCache2().

Referenced by ExecAlterExtensionContentsStmt().

◆ RemoveRoleFromObjectACL()

void RemoveRoleFromObjectACL ( Oid  roleid,
Oid  classid,
Oid  objid 
)

Definition at line 1470 of file aclchk.c.

1471 {
1472  if (classid == DefaultAclRelationId)
1473  {
1474  InternalDefaultACL iacls;
1475  Form_pg_default_acl pg_default_acl_tuple;
1476  Relation rel;
1477  ScanKeyData skey[1];
1478  SysScanDesc scan;
1479  HeapTuple tuple;
1480 
1481  /* first fetch info needed by SetDefaultACL */
1482  rel = table_open(DefaultAclRelationId, AccessShareLock);
1483 
1484  ScanKeyInit(&skey[0],
1485  Anum_pg_default_acl_oid,
1486  BTEqualStrategyNumber, F_OIDEQ,
1487  ObjectIdGetDatum(objid));
1488 
1489  scan = systable_beginscan(rel, DefaultAclOidIndexId, true,
1490  NULL, 1, skey);
1491 
1492  tuple = systable_getnext(scan);
1493 
1494  if (!HeapTupleIsValid(tuple))
1495  elog(ERROR, "could not find tuple for default ACL %u", objid);
1496 
1497  pg_default_acl_tuple = (Form_pg_default_acl) GETSTRUCT(tuple);
1498 
1499  iacls.roleid = pg_default_acl_tuple->defaclrole;
1500  iacls.nspid = pg_default_acl_tuple->defaclnamespace;
1501 
1502  switch (pg_default_acl_tuple->defaclobjtype)
1503  {
1504  case DEFACLOBJ_RELATION:
1505  iacls.objtype = OBJECT_TABLE;
1506  break;
1507  case DEFACLOBJ_SEQUENCE:
1508  iacls.objtype = OBJECT_SEQUENCE;
1509  break;
1510  case DEFACLOBJ_FUNCTION:
1511  iacls.objtype = OBJECT_FUNCTION;
1512  break;
1513  case DEFACLOBJ_TYPE:
1514  iacls.objtype = OBJECT_TYPE;
1515  break;
1516  case DEFACLOBJ_NAMESPACE:
1517  iacls.objtype = OBJECT_SCHEMA;
1518  break;
1519  default:
1520  /* Shouldn't get here */
1521  elog(ERROR, "unexpected default ACL type: %d",
1522  (int) pg_default_acl_tuple->defaclobjtype);
1523  break;
1524  }
1525 
1526  systable_endscan(scan);
1528 
1529  iacls.is_grant = false;
1530  iacls.all_privs = true;
1531  iacls.privileges = ACL_NO_RIGHTS;
1532  iacls.grantees = list_make1_oid(roleid);
1533  iacls.grant_option = false;
1534  iacls.behavior = DROP_CASCADE;
1535 
1536  /* Do it */
1537  SetDefaultACL(&iacls);
1538  }
1539  else
1540  {
1541  InternalGrant istmt;
1542 
1543  switch (classid)
1544  {
1545  case RelationRelationId:
1546  /* it's OK to use TABLE for a sequence */
1547  istmt.objtype = OBJECT_TABLE;
1548  break;
1549  case DatabaseRelationId:
1550  istmt.objtype = OBJECT_DATABASE;
1551  break;
1552  case TypeRelationId:
1553  istmt.objtype = OBJECT_TYPE;
1554  break;
1555  case ProcedureRelationId:
1556  istmt.objtype = OBJECT_ROUTINE;
1557  break;
1558  case LanguageRelationId:
1559  istmt.objtype = OBJECT_LANGUAGE;
1560  break;
1561  case LargeObjectRelationId:
1562  istmt.objtype = OBJECT_LARGEOBJECT;
1563  break;
1564  case NamespaceRelationId:
1565  istmt.objtype = OBJECT_SCHEMA;
1566  break;
1567  case TableSpaceRelationId:
1568  istmt.objtype = OBJECT_TABLESPACE;
1569  break;
1570  case ForeignServerRelationId:
1572  break;
1573  case ForeignDataWrapperRelationId:
1574  istmt.objtype = OBJECT_FDW;
1575  break;
1576  case ParameterAclRelationId:
1577  istmt.objtype = OBJECT_PARAMETER_ACL;
1578  break;
1579  default:
1580  elog(ERROR, "unexpected object class %u", classid);
1581  break;
1582  }
1583  istmt.is_grant = false;
1584  istmt.objects = list_make1_oid(objid);
1585  istmt.all_privs = true;
1586  istmt.privileges = ACL_NO_RIGHTS;
1587  istmt.col_privs = NIL;
1588  istmt.grantees = list_make1_oid(roleid);
1589  istmt.grant_option = false;
1590  istmt.behavior = DROP_CASCADE;
1591 
1592  ExecGrantStmt_oids(&istmt);
1593  }