PostgreSQL Source Code  git master
aclchk.c File Reference
#include "postgres.h"
#include "access/genam.h"
#include "access/heapam.h"
#include "access/htup_details.h"
#include "access/sysattr.h"
#include "access/tableam.h"
#include "access/xact.h"
#include "catalog/binary_upgrade.h"
#include "catalog/catalog.h"
#include "catalog/dependency.h"
#include "catalog/indexing.h"
#include "catalog/objectaccess.h"
#include "catalog/pg_aggregate.h"
#include "catalog/pg_am.h"
#include "catalog/pg_authid.h"
#include "catalog/pg_cast.h"
#include "catalog/pg_collation.h"
#include "catalog/pg_conversion.h"
#include "catalog/pg_database.h"
#include "catalog/pg_default_acl.h"
#include "catalog/pg_event_trigger.h"
#include "catalog/pg_extension.h"
#include "catalog/pg_foreign_data_wrapper.h"
#include "catalog/pg_foreign_server.h"
#include "catalog/pg_init_privs.h"
#include "catalog/pg_language.h"
#include "catalog/pg_largeobject.h"
#include "catalog/pg_largeobject_metadata.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_opclass.h"
#include "catalog/pg_operator.h"
#include "catalog/pg_opfamily.h"
#include "catalog/pg_proc.h"
#include "catalog/pg_statistic_ext.h"
#include "catalog/pg_subscription.h"
#include "catalog/pg_tablespace.h"
#include "catalog/pg_transform.h"
#include "catalog/pg_ts_config.h"
#include "catalog/pg_ts_dict.h"
#include "catalog/pg_ts_parser.h"
#include "catalog/pg_ts_template.h"
#include "catalog/pg_type.h"
#include "commands/dbcommands.h"
#include "commands/event_trigger.h"
#include "commands/extension.h"
#include "commands/proclang.h"
#include "commands/tablespace.h"
#include "foreign/foreign.h"
#include "miscadmin.h"
#include "nodes/makefuncs.h"
#include "parser/parse_func.h"
#include "parser/parse_type.h"
#include "utils/acl.h"
#include "utils/aclchk_internal.h"
#include "utils/builtins.h"
#include "utils/fmgroids.h"
#include "utils/lsyscache.h"
#include "utils/rel.h"
#include "utils/syscache.h"
Include dependency graph for aclchk.c:

Go to the source code of this file.

Data Structures

struct  InternalDefaultACL
 

Functions

static void ExecGrantStmt_oids (InternalGrant *istmt)
 
static void ExecGrant_Relation (InternalGrant *grantStmt)
 
static void ExecGrant_Database (InternalGrant *grantStmt)
 
static void ExecGrant_Fdw (InternalGrant *grantStmt)
 
static void ExecGrant_ForeignServer (InternalGrant *grantStmt)
 
static void ExecGrant_Function (InternalGrant *grantStmt)
 
static void ExecGrant_Language (InternalGrant *grantStmt)
 
static void ExecGrant_Largeobject (InternalGrant *grantStmt)
 
static void ExecGrant_Namespace (InternalGrant *grantStmt)
 
static void ExecGrant_Tablespace (InternalGrant *grantStmt)
 
static void ExecGrant_Type (InternalGrant *grantStmt)
 
static void SetDefaultACLsInSchemas (InternalDefaultACL *iacls, List *nspnames)
 
static void SetDefaultACL (InternalDefaultACL *iacls)
 
static ListobjectNamesToOids (ObjectType objtype, List *objnames)
 
static ListobjectsInSchemaToOids (ObjectType objtype, List *nspnames)
 
static ListgetRelationsInNamespace (Oid namespaceId, char relkind)
 
static void expand_col_privileges (List *colnames, Oid table_oid, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
 
static void expand_all_col_privileges (Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
 
static AclMode string_to_privilege (const char *privname)
 
static const char * privilege_to_string (AclMode privilege)
 
static AclMode restrict_and_check_grant (bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
 
static AclMode pg_aclmask (ObjectType objtype, Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
 
static void recordExtensionInitPriv (Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
 
static void recordExtensionInitPrivWorker (Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
 
static Aclmerge_acl_with_grant (Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
 
void ExecuteGrantStmt (GrantStmt *stmt)
 
void ExecAlterDefaultPrivilegesStmt (ParseState *pstate, AlterDefaultPrivilegesStmt *stmt)
 
void RemoveRoleFromObjectACL (Oid roleid, Oid classid, Oid objid)
 
static void ExecGrant_Attribute (InternalGrant *istmt, Oid relOid, const char *relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)
 
void aclcheck_error (AclResult aclerr, ObjectType objtype, const char *objectname)
 
void aclcheck_error_col (AclResult aclerr, ObjectType objtype, const char *objectname, const char *colname)
 
void aclcheck_error_type (AclResult aclerr, Oid typeOid)
 
AclMode pg_attribute_aclmask (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
 
AclMode pg_class_aclmask (Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)
 
AclMode pg_database_aclmask (Oid db_oid, Oid roleid, AclMode mask, AclMaskHow how)
 
AclMode pg_proc_aclmask (Oid proc_oid, Oid roleid, AclMode mask, AclMaskHow how)
 
AclMode pg_language_aclmask (Oid lang_oid, Oid roleid, AclMode mask, AclMaskHow how)
 
AclMode pg_largeobject_aclmask_snapshot (Oid lobj_oid, Oid roleid, AclMode mask, AclMaskHow how, Snapshot snapshot)
 
AclMode pg_namespace_aclmask (Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how)
 
AclMode pg_tablespace_aclmask (Oid spc_oid, Oid roleid, AclMode mask, AclMaskHow how)
 
AclMode pg_foreign_data_wrapper_aclmask (Oid fdw_oid, Oid roleid, AclMode mask, AclMaskHow how)
 
AclMode pg_foreign_server_aclmask (Oid srv_oid, Oid roleid, AclMode mask, AclMaskHow how)
 
AclMode pg_type_aclmask (Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how)
 
AclResult pg_attribute_aclcheck (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode)
 
AclResult pg_attribute_aclcheck_all (Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
 
AclResult pg_class_aclcheck (Oid table_oid, Oid roleid, AclMode mode)
 
AclResult pg_database_aclcheck (Oid db_oid, Oid roleid, AclMode mode)
 
AclResult pg_proc_aclcheck (Oid proc_oid, Oid roleid, AclMode mode)
 
AclResult pg_language_aclcheck (Oid lang_oid, Oid roleid, AclMode mode)
 
AclResult pg_largeobject_aclcheck_snapshot (Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)
 
AclResult pg_namespace_aclcheck (Oid nsp_oid, Oid roleid, AclMode mode)
 
AclResult pg_tablespace_aclcheck (Oid spc_oid, Oid roleid, AclMode mode)
 
AclResult pg_foreign_data_wrapper_aclcheck (Oid fdw_oid, Oid roleid, AclMode mode)
 
AclResult pg_foreign_server_aclcheck (Oid srv_oid, Oid roleid, AclMode mode)
 
AclResult pg_type_aclcheck (Oid type_oid, Oid roleid, AclMode mode)
 
bool pg_class_ownercheck (Oid class_oid, Oid roleid)
 
bool pg_type_ownercheck (Oid type_oid, Oid roleid)
 
bool pg_oper_ownercheck (Oid oper_oid, Oid roleid)
 
bool pg_proc_ownercheck (Oid proc_oid, Oid roleid)
 
bool pg_language_ownercheck (Oid lan_oid, Oid roleid)
 
bool pg_largeobject_ownercheck (Oid lobj_oid, Oid roleid)
 
bool pg_namespace_ownercheck (Oid nsp_oid, Oid roleid)
 
bool pg_tablespace_ownercheck (Oid spc_oid, Oid roleid)
 
bool pg_opclass_ownercheck (Oid opc_oid, Oid roleid)
 
bool pg_opfamily_ownercheck (Oid opf_oid, Oid roleid)
 
bool pg_ts_dict_ownercheck (Oid dict_oid, Oid roleid)
 
bool pg_ts_config_ownercheck (Oid cfg_oid, Oid roleid)
 
bool pg_foreign_data_wrapper_ownercheck (Oid srv_oid, Oid roleid)
 
bool pg_foreign_server_ownercheck (Oid srv_oid, Oid roleid)
 
bool pg_event_trigger_ownercheck (Oid et_oid, Oid roleid)
 
bool pg_database_ownercheck (Oid db_oid, Oid roleid)
 
bool pg_collation_ownercheck (Oid coll_oid, Oid roleid)
 
bool pg_conversion_ownercheck (Oid conv_oid, Oid roleid)
 
bool pg_extension_ownercheck (Oid ext_oid, Oid roleid)
 
bool pg_publication_ownercheck (Oid pub_oid, Oid roleid)
 
bool pg_subscription_ownercheck (Oid sub_oid, Oid roleid)
 
bool pg_statistics_object_ownercheck (Oid stat_oid, Oid roleid)
 
bool has_createrole_privilege (Oid roleid)
 
bool has_bypassrls_privilege (Oid roleid)
 
static Aclget_default_acl_internal (Oid roleId, Oid nsp_oid, char objtype)
 
Aclget_user_default_acl (ObjectType objtype, Oid ownerId, Oid nsp_oid)
 
void recordDependencyOnNewAcl (Oid classId, Oid objectId, int32 objsubId, Oid ownerId, Acl *acl)
 
void recordExtObjInitPriv (Oid objoid, Oid classoid)
 
void removeExtObjInitPriv (Oid objoid, Oid classoid)
 

Variables

bool binary_upgrade_record_init_privs = false
 

Function Documentation

◆ aclcheck_error()

void aclcheck_error ( AclResult  aclerr,
ObjectType  objtype,
const char *  objectname 
)

Definition at line 3294 of file aclchk.c.

References ACLCHECK_NO_PRIV, ACLCHECK_NOT_OWNER, ACLCHECK_OK, elog, ereport, errcode(), errmsg(), ERROR, gettext_noop, OBJECT_ACCESS_METHOD, OBJECT_AGGREGATE, OBJECT_AMOP, OBJECT_AMPROC, OBJECT_ATTRIBUTE, OBJECT_CAST, OBJECT_COLLATION, OBJECT_COLUMN, OBJECT_CONVERSION, OBJECT_DATABASE, OBJECT_DEFACL, OBJECT_DEFAULT, OBJECT_DOMAIN, OBJECT_DOMCONSTRAINT, OBJECT_EVENT_TRIGGER, OBJECT_EXTENSION, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FOREIGN_TABLE, OBJECT_FUNCTION, OBJECT_INDEX, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_MATVIEW, OBJECT_OPCLASS, OBJECT_OPERATOR, OBJECT_OPFAMILY, OBJECT_POLICY, OBJECT_PROCEDURE, OBJECT_PUBLICATION, OBJECT_PUBLICATION_REL, OBJECT_ROLE, OBJECT_ROUTINE, OBJECT_RULE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_STATISTIC_EXT, OBJECT_SUBSCRIPTION, OBJECT_TABCONSTRAINT, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TRANSFORM, OBJECT_TRIGGER, OBJECT_TSCONFIGURATION, OBJECT_TSDICTIONARY, OBJECT_TSPARSER, OBJECT_TSTEMPLATE, OBJECT_TYPE, OBJECT_USER_MAPPING, and OBJECT_VIEW.

Referenced by aclcheck_error_col(), aclcheck_error_type(), AlterCollation(), AlterDatabase(), AlterDatabaseOwner(), AlterDatabaseSet(), AlterEventTrigger(), AlterEventTriggerOwner_internal(), AlterExtensionNamespace(), AlterForeignServer(), AlterForeignServerOwner_internal(), AlterFunction(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), AlterOperator(), AlterOpFamilyAdd(), AlterPublication(), AlterPublicationOwner_internal(), AlterRoleSet(), AlterSchemaOwner_internal(), AlterStatistics(), AlterSubscription(), AlterSubscriptionOwner_internal(), AlterTableMoveAll(), AlterTableSpaceOptions(), AlterTSConfiguration(), AlterTSDictionary(), AlterTypeOwner(), ATExecChangeOwner(), ATPrepSetTableSpace(), ATSimplePermissions(), brin_desummarize_range(), brin_summarize_range(), calculate_database_size(), calculate_tablespace_size(), call_pltcl_start_proc(), check_object_ownership(), check_temp_tablespaces(), checkFkeyPermissions(), CheckFunctionValidatorAccess(), compute_return_type(), CreateConversionCommand(), createdb(), CreateForeignServer(), CreateForeignTable(), CreateFunction(), CreateProceduralLanguage(), CreatePublication(), CreateSchemaCommand(), CreateStatistics(), CreateTransform(), CreateTrigger(), currtid_byrelname(), currtid_byreloid(), DefineAggregate(), DefineCollation(), DefineDomain(), DefineEnum(), DefineIndex(), DefineOpClass(), DefineOperator(), DefineOpFamily(), DefineQueryRewrite(), DefineRange(), DefineRelation(), DefineTSConfiguration(), DefineTSDictionary(), DefineType(), dropdb(), DropSubscription(), DropTableSpace(), EnableDisableRule(), ExecAlterExtensionContentsStmt(), ExecAlterExtensionStmt(), ExecBuildGroupingEqual(), ExecCheckRTPerms(), ExecInitAgg(), ExecInitExprRec(), ExecInitFunc(), ExecInitWindowAgg(), ExecuteCallStmt(), ExecuteDoStmt(), ExecuteTruncateGuts(), findRangeCanonicalFunction(), findRangeSubtypeDiffFunction(), get_connect_string(), get_other_operator(), get_rel_from_relname(), gin_clean_pending_list(), HandleFunctionRequest(), ImportForeignSchema(), init_sexpr(), initialize_peragg(), LockViewRecurse_walker(), lookup_agg_function(), LookupCreationNamespace(), LookupExplicitNamespace(), MergeAttributes(), movedb(), OperatorCreate(), pg_prewarm(), pgrowlocks(), ProcedureCreate(), PublicationAddTables(), RangeVarCallbackForAlterRelation(), RangeVarCallbackForDropRelation(), RangeVarCallbackForLockTable(), RangeVarCallbackForPolicy(), RangeVarCallbackForReindexIndex(), RangeVarCallbackForRenameRule(), RangeVarCallbackForRenameTrigger(), RangeVarCallbackOwnsRelation(), RangeVarCallbackOwnsTable(), RangeVarGetAndCheckCreationNamespace(), ReindexMultipleTables(), renameatt_check(), RenameDatabase(), RenameSchema(), RenameTableSpace(), restrict_and_check_grant(), sanity_check_relation(), transformTableLikeClause(), truncate_check_perms(), TypeCreate(), user_mapping_ddl_aclcheck(), ValidateJoinEstimator(), and ValidateRestrictionEstimator().

3296 {
3297  switch (aclerr)
3298  {
3299  case ACLCHECK_OK:
3300  /* no error, so return to caller */
3301  break;
3302  case ACLCHECK_NO_PRIV:
3303  {
3304  const char *msg = "???";
3305 
3306  switch (objtype)
3307  {
3308  case OBJECT_AGGREGATE:
3309  msg = gettext_noop("permission denied for aggregate %s");
3310  break;
3311  case OBJECT_COLLATION:
3312  msg = gettext_noop("permission denied for collation %s");
3313  break;
3314  case OBJECT_COLUMN:
3315  msg = gettext_noop("permission denied for column %s");
3316  break;
3317  case OBJECT_CONVERSION:
3318  msg = gettext_noop("permission denied for conversion %s");
3319  break;
3320  case OBJECT_DATABASE:
3321  msg = gettext_noop("permission denied for database %s");
3322  break;
3323  case OBJECT_DOMAIN:
3324  msg = gettext_noop("permission denied for domain %s");
3325  break;
3326  case OBJECT_EVENT_TRIGGER:
3327  msg = gettext_noop("permission denied for event trigger %s");
3328  break;
3329  case OBJECT_EXTENSION:
3330  msg = gettext_noop("permission denied for extension %s");
3331  break;
3332  case OBJECT_FDW:
3333  msg = gettext_noop("permission denied for foreign-data wrapper %s");
3334  break;
3335  case OBJECT_FOREIGN_SERVER:
3336  msg = gettext_noop("permission denied for foreign server %s");
3337  break;
3338  case OBJECT_FOREIGN_TABLE:
3339  msg = gettext_noop("permission denied for foreign table %s");
3340  break;
3341  case OBJECT_FUNCTION:
3342  msg = gettext_noop("permission denied for function %s");
3343  break;
3344  case OBJECT_INDEX:
3345  msg = gettext_noop("permission denied for index %s");
3346  break;
3347  case OBJECT_LANGUAGE:
3348  msg = gettext_noop("permission denied for language %s");
3349  break;
3350  case OBJECT_LARGEOBJECT:
3351  msg = gettext_noop("permission denied for large object %s");
3352  break;
3353  case OBJECT_MATVIEW:
3354  msg = gettext_noop("permission denied for materialized view %s");
3355  break;
3356  case OBJECT_OPCLASS:
3357  msg = gettext_noop("permission denied for operator class %s");
3358  break;
3359  case OBJECT_OPERATOR:
3360  msg = gettext_noop("permission denied for operator %s");
3361  break;
3362  case OBJECT_OPFAMILY:
3363  msg = gettext_noop("permission denied for operator family %s");
3364  break;
3365  case OBJECT_POLICY:
3366  msg = gettext_noop("permission denied for policy %s");
3367  break;
3368  case OBJECT_PROCEDURE:
3369  msg = gettext_noop("permission denied for procedure %s");
3370  break;
3371  case OBJECT_PUBLICATION:
3372  msg = gettext_noop("permission denied for publication %s");
3373  break;
3374  case OBJECT_ROUTINE:
3375  msg = gettext_noop("permission denied for routine %s");
3376  break;
3377  case OBJECT_SCHEMA:
3378  msg = gettext_noop("permission denied for schema %s");
3379  break;
3380  case OBJECT_SEQUENCE:
3381  msg = gettext_noop("permission denied for sequence %s");
3382  break;
3383  case OBJECT_STATISTIC_EXT:
3384  msg = gettext_noop("permission denied for statistics object %s");
3385  break;
3386  case OBJECT_SUBSCRIPTION:
3387  msg = gettext_noop("permission denied for subscription %s");
3388  break;
3389  case OBJECT_TABLE:
3390  msg = gettext_noop("permission denied for table %s");
3391  break;
3392  case OBJECT_TABLESPACE:
3393  msg = gettext_noop("permission denied for tablespace %s");
3394  break;
3396  msg = gettext_noop("permission denied for text search configuration %s");
3397  break;
3398  case OBJECT_TSDICTIONARY:
3399  msg = gettext_noop("permission denied for text search dictionary %s");
3400  break;
3401  case OBJECT_TYPE:
3402  msg = gettext_noop("permission denied for type %s");
3403  break;
3404  case OBJECT_VIEW:
3405  msg = gettext_noop("permission denied for view %s");
3406  break;
3407  /* these currently aren't used */
3408  case OBJECT_ACCESS_METHOD:
3409  case OBJECT_AMOP:
3410  case OBJECT_AMPROC:
3411  case OBJECT_ATTRIBUTE:
3412  case OBJECT_CAST:
3413  case OBJECT_DEFAULT:
3414  case OBJECT_DEFACL:
3415  case OBJECT_DOMCONSTRAINT:
3417  case OBJECT_ROLE:
3418  case OBJECT_RULE:
3419  case OBJECT_TABCONSTRAINT:
3420  case OBJECT_TRANSFORM:
3421  case OBJECT_TRIGGER:
3422  case OBJECT_TSPARSER:
3423  case OBJECT_TSTEMPLATE:
3424  case OBJECT_USER_MAPPING:
3425  elog(ERROR, "unsupported object type %d", objtype);
3426  }
3427 
3428  ereport(ERROR,
3429  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
3430  errmsg(msg, objectname)));
3431  break;
3432  }
3433  case ACLCHECK_NOT_OWNER:
3434  {
3435  const char *msg = "???";
3436 
3437  switch (objtype)
3438  {
3439  case OBJECT_AGGREGATE:
3440  msg = gettext_noop("must be owner of aggregate %s");
3441  break;
3442  case OBJECT_COLLATION:
3443  msg = gettext_noop("must be owner of collation %s");
3444  break;
3445  case OBJECT_CONVERSION:
3446  msg = gettext_noop("must be owner of conversion %s");
3447  break;
3448  case OBJECT_DATABASE:
3449  msg = gettext_noop("must be owner of database %s");
3450  break;
3451  case OBJECT_DOMAIN:
3452  msg = gettext_noop("must be owner of domain %s");
3453  break;
3454  case OBJECT_EVENT_TRIGGER:
3455  msg = gettext_noop("must be owner of event trigger %s");
3456  break;
3457  case OBJECT_EXTENSION:
3458  msg = gettext_noop("must be owner of extension %s");
3459  break;
3460  case OBJECT_FDW:
3461  msg = gettext_noop("must be owner of foreign-data wrapper %s");
3462  break;
3463  case OBJECT_FOREIGN_SERVER:
3464  msg = gettext_noop("must be owner of foreign server %s");
3465  break;
3466  case OBJECT_FOREIGN_TABLE:
3467  msg = gettext_noop("must be owner of foreign table %s");
3468  break;
3469  case OBJECT_FUNCTION:
3470  msg = gettext_noop("must be owner of function %s");
3471  break;
3472  case OBJECT_INDEX:
3473  msg = gettext_noop("must be owner of index %s");
3474  break;
3475  case OBJECT_LANGUAGE:
3476  msg = gettext_noop("must be owner of language %s");
3477  break;
3478  case OBJECT_LARGEOBJECT:
3479  msg = gettext_noop("must be owner of large object %s");
3480  break;
3481  case OBJECT_MATVIEW:
3482  msg = gettext_noop("must be owner of materialized view %s");
3483  break;
3484  case OBJECT_OPCLASS:
3485  msg = gettext_noop("must be owner of operator class %s");
3486  break;
3487  case OBJECT_OPERATOR:
3488  msg = gettext_noop("must be owner of operator %s");
3489  break;
3490  case OBJECT_OPFAMILY:
3491  msg = gettext_noop("must be owner of operator family %s");
3492  break;
3493  case OBJECT_PROCEDURE:
3494  msg = gettext_noop("must be owner of procedure %s");
3495  break;
3496  case OBJECT_PUBLICATION:
3497  msg = gettext_noop("must be owner of publication %s");
3498  break;
3499  case OBJECT_ROUTINE:
3500  msg = gettext_noop("must be owner of routine %s");
3501  break;
3502  case OBJECT_SEQUENCE:
3503  msg = gettext_noop("must be owner of sequence %s");
3504  break;
3505  case OBJECT_SUBSCRIPTION:
3506  msg = gettext_noop("must be owner of subscription %s");
3507  break;
3508  case OBJECT_TABLE:
3509  msg = gettext_noop("must be owner of table %s");
3510  break;
3511  case OBJECT_TYPE:
3512  msg = gettext_noop("must be owner of type %s");
3513  break;
3514  case OBJECT_VIEW:
3515  msg = gettext_noop("must be owner of view %s");
3516  break;
3517  case OBJECT_SCHEMA:
3518  msg = gettext_noop("must be owner of schema %s");
3519  break;
3520  case OBJECT_STATISTIC_EXT:
3521  msg = gettext_noop("must be owner of statistics object %s");
3522  break;
3523  case OBJECT_TABLESPACE:
3524  msg = gettext_noop("must be owner of tablespace %s");
3525  break;
3527  msg = gettext_noop("must be owner of text search configuration %s");
3528  break;
3529  case OBJECT_TSDICTIONARY:
3530  msg = gettext_noop("must be owner of text search dictionary %s");
3531  break;
3532 
3533  /*
3534  * Special cases: For these, the error message talks
3535  * about "relation", because that's where the
3536  * ownership is attached. See also
3537  * check_object_ownership().
3538  */
3539  case OBJECT_COLUMN:
3540  case OBJECT_POLICY:
3541  case OBJECT_RULE:
3542  case OBJECT_TABCONSTRAINT:
3543  case OBJECT_TRIGGER:
3544  msg = gettext_noop("must be owner of relation %s");
3545  break;
3546  /* these currently aren't used */
3547  case OBJECT_ACCESS_METHOD:
3548  case OBJECT_AMOP:
3549  case OBJECT_AMPROC:
3550  case OBJECT_ATTRIBUTE:
3551  case OBJECT_CAST:
3552  case OBJECT_DEFAULT:
3553  case OBJECT_DEFACL:
3554  case OBJECT_DOMCONSTRAINT:
3556  case OBJECT_ROLE:
3557  case OBJECT_TRANSFORM:
3558  case OBJECT_TSPARSER:
3559  case OBJECT_TSTEMPLATE:
3560  case OBJECT_USER_MAPPING:
3561  elog(ERROR, "unsupported object type %d", objtype);
3562  }
3563 
3564  ereport(ERROR,
3565  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
3566  errmsg(msg, objectname)));
3567  break;
3568  }
3569  default:
3570  elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
3571  break;
3572  }
3573 }
#define gettext_noop(x)
Definition: c.h:1137
int errcode(int sqlerrcode)
Definition: elog.c:610
#define ERROR
Definition: elog.h:43
#define ereport(elevel,...)
Definition: elog.h:144
int errmsg(const char *fmt,...)
Definition: elog.c:824
#define elog(elevel,...)
Definition: elog.h:214

◆ aclcheck_error_col()

void aclcheck_error_col ( AclResult  aclerr,
ObjectType  objtype,
const char *  objectname,
const char *  colname 
)

Definition at line 3577 of file aclchk.c.

References aclcheck_error(), ACLCHECK_NO_PRIV, ACLCHECK_NOT_OWNER, ACLCHECK_OK, elog, ereport, errcode(), errmsg(), and ERROR.

Referenced by restrict_and_check_grant().

3579 {
3580  switch (aclerr)
3581  {
3582  case ACLCHECK_OK:
3583  /* no error, so return to caller */
3584  break;
3585  case ACLCHECK_NO_PRIV:
3586  ereport(ERROR,
3587  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
3588  errmsg("permission denied for column \"%s\" of relation \"%s\"",
3589  colname, objectname)));
3590  break;
3591  case ACLCHECK_NOT_OWNER:
3592  /* relation msg is OK since columns don't have separate owners */
3593  aclcheck_error(aclerr, objtype, objectname);
3594  break;
3595  default:
3596  elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
3597  break;
3598  }
3599 }
int errcode(int sqlerrcode)
Definition: elog.c:610
void aclcheck_error(AclResult aclerr, ObjectType objtype, const char *objectname)
Definition: aclchk.c:3294
#define ERROR
Definition: elog.h:43
#define ereport(elevel,...)
Definition: elog.h:144
int errmsg(const char *fmt,...)
Definition: elog.c:824
#define elog(elevel,...)
Definition: elog.h:214

◆ aclcheck_error_type()

void aclcheck_error_type ( AclResult  aclerr,
Oid  typeOid 
)

Definition at line 3607 of file aclchk.c.

References aclcheck_error(), format_type_be(), get_element_type(), and OBJECT_TYPE.

Referenced by AggregateCreate(), AlterType(), AlterTypeNamespace_oid(), AlterTypeOwner(), ATExecAddColumn(), ATPrepAlterColumnType(), BuildDescForRelation(), check_object_ownership(), checkDomainOwner(), checkEnumOwner(), compute_return_type(), CreateCast(), CreateTransform(), DefineDomain(), DefineOpClass(), DefineOperator(), DefineRelation(), interpret_function_parameter_list(), and RenameType().

3608 {
3609  Oid element_type = get_element_type(typeOid);
3610 
3611  aclcheck_error(aclerr, OBJECT_TYPE, format_type_be(element_type ? element_type : typeOid));
3612 }
Oid get_element_type(Oid typid)
Definition: lsyscache.c:2636
char * format_type_be(Oid type_oid)
Definition: format_type.c:339
unsigned int Oid
Definition: postgres_ext.h:31
void aclcheck_error(AclResult aclerr, ObjectType objtype, const char *objectname)
Definition: aclchk.c:3294

◆ ExecAlterDefaultPrivilegesStmt()

void ExecAlterDefaultPrivilegesStmt ( ParseState pstate,
AlterDefaultPrivilegesStmt stmt 
)

Definition at line 888 of file aclchk.c.

References ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TYPE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, generate_unaccent_rules::action, AlterDefaultPrivilegesStmt::action, InternalDefaultACL::all_privs, DefElem::arg, InternalDefaultACL::behavior, GrantStmt::behavior, check_is_member_of_role(), AccessPriv::cols, DefElem::defname, elog, ereport, errcode(), errmsg(), ERROR, get_rolespec_oid(), gettext_noop, GetUserId(), InternalDefaultACL::grant_option, GrantStmt::grant_option, InternalDefaultACL::grantees, GrantStmt::grantees, InternalDefaultACL::is_grant, GrantStmt::is_grant, lappend_oid(), lfirst, DefElem::location, NIL, OBJECT_FUNCTION, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TYPE, InternalDefaultACL::objtype, GrantStmt::objtype, AlterDefaultPrivilegesStmt::options, parser_errposition(), AccessPriv::priv_name, privilege_to_string(), InternalDefaultACL::privileges, GrantStmt::privileges, InternalDefaultACL::roleid, ROLESPEC_PUBLIC, RoleSpec::roletype, SetDefaultACLsInSchemas(), and string_to_privilege().

Referenced by ProcessUtilitySlow().

889 {
890  GrantStmt *action = stmt->action;
891  InternalDefaultACL iacls;
892  ListCell *cell;
893  List *rolespecs = NIL;
894  List *nspnames = NIL;
895  DefElem *drolespecs = NULL;
896  DefElem *dnspnames = NULL;
897  AclMode all_privileges;
898  const char *errormsg;
899 
900  /* Deconstruct the "options" part of the statement */
901  foreach(cell, stmt->options)
902  {
903  DefElem *defel = (DefElem *) lfirst(cell);
904 
905  if (strcmp(defel->defname, "schemas") == 0)
906  {
907  if (dnspnames)
908  ereport(ERROR,
909  (errcode(ERRCODE_SYNTAX_ERROR),
910  errmsg("conflicting or redundant options"),
911  parser_errposition(pstate, defel->location)));
912  dnspnames = defel;
913  }
914  else if (strcmp(defel->defname, "roles") == 0)
915  {
916  if (drolespecs)
917  ereport(ERROR,
918  (errcode(ERRCODE_SYNTAX_ERROR),
919  errmsg("conflicting or redundant options"),
920  parser_errposition(pstate, defel->location)));
921  drolespecs = defel;
922  }
923  else
924  elog(ERROR, "option \"%s\" not recognized", defel->defname);
925  }
926 
927  if (dnspnames)
928  nspnames = (List *) dnspnames->arg;
929  if (drolespecs)
930  rolespecs = (List *) drolespecs->arg;
931 
932  /* Prepare the InternalDefaultACL representation of the statement */
933  /* roleid to be filled below */
934  /* nspid to be filled in SetDefaultACLsInSchemas */
935  iacls.is_grant = action->is_grant;
936  iacls.objtype = action->objtype;
937  /* all_privs to be filled below */
938  /* privileges to be filled below */
939  iacls.grantees = NIL; /* filled below */
940  iacls.grant_option = action->grant_option;
941  iacls.behavior = action->behavior;
942 
943  /*
944  * Convert the RoleSpec list into an Oid list. Note that at this point we
945  * insert an ACL_ID_PUBLIC into the list if appropriate, so downstream
946  * there shouldn't be any additional work needed to support this case.
947  */
948  foreach(cell, action->grantees)
949  {
950  RoleSpec *grantee = (RoleSpec *) lfirst(cell);
951  Oid grantee_uid;
952 
953  switch (grantee->roletype)
954  {
955  case ROLESPEC_PUBLIC:
956  grantee_uid = ACL_ID_PUBLIC;
957  break;
958  default:
959  grantee_uid = get_rolespec_oid(grantee, false);
960  break;
961  }
962  iacls.grantees = lappend_oid(iacls.grantees, grantee_uid);
963  }
964 
965  /*
966  * Convert action->privileges, a list of privilege strings, into an
967  * AclMode bitmask.
968  */
969  switch (action->objtype)
970  {
971  case OBJECT_TABLE:
972  all_privileges = ACL_ALL_RIGHTS_RELATION;
973  errormsg = gettext_noop("invalid privilege type %s for relation");
974  break;
975  case OBJECT_SEQUENCE:
976  all_privileges = ACL_ALL_RIGHTS_SEQUENCE;
977  errormsg = gettext_noop("invalid privilege type %s for sequence");
978  break;
979  case OBJECT_FUNCTION:
980  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
981  errormsg = gettext_noop("invalid privilege type %s for function");
982  break;
983  case OBJECT_PROCEDURE:
984  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
985  errormsg = gettext_noop("invalid privilege type %s for procedure");
986  break;
987  case OBJECT_ROUTINE:
988  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
989  errormsg = gettext_noop("invalid privilege type %s for routine");
990  break;
991  case OBJECT_TYPE:
992  all_privileges = ACL_ALL_RIGHTS_TYPE;
993  errormsg = gettext_noop("invalid privilege type %s for type");
994  break;
995  case OBJECT_SCHEMA:
996  all_privileges = ACL_ALL_RIGHTS_SCHEMA;
997  errormsg = gettext_noop("invalid privilege type %s for schema");
998  break;
999  default:
1000  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
1001  (int) action->objtype);
1002  /* keep compiler quiet */
1003  all_privileges = ACL_NO_RIGHTS;
1004  errormsg = NULL;
1005  }
1006 
1007  if (action->privileges == NIL)
1008  {
1009  iacls.all_privs = true;
1010 
1011  /*
1012  * will be turned into ACL_ALL_RIGHTS_* by the internal routines
1013  * depending on the object type
1014  */
1015  iacls.privileges = ACL_NO_RIGHTS;
1016  }
1017  else
1018  {
1019  iacls.all_privs = false;
1020  iacls.privileges = ACL_NO_RIGHTS;
1021 
1022  foreach(cell, action->privileges)
1023  {
1024  AccessPriv *privnode = (AccessPriv *) lfirst(cell);
1025  AclMode priv;
1026 
1027  if (privnode->cols)
1028  ereport(ERROR,
1029  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1030  errmsg("default privileges cannot be set for columns")));
1031 
1032  if (privnode->priv_name == NULL) /* parser mistake? */
1033  elog(ERROR, "AccessPriv node must specify privilege");
1034  priv = string_to_privilege(privnode->priv_name);
1035 
1036  if (priv & ~((AclMode) all_privileges))
1037  ereport(ERROR,
1038  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1039  errmsg(errormsg, privilege_to_string(priv))));
1040 
1041  iacls.privileges |= priv;
1042  }
1043  }
1044 
1045  if (rolespecs == NIL)
1046  {
1047  /* Set permissions for myself */
1048  iacls.roleid = GetUserId();
1049 
1050  SetDefaultACLsInSchemas(&iacls, nspnames);
1051  }
1052  else
1053  {
1054  /* Look up the role OIDs and do permissions checks */
1055  ListCell *rolecell;
1056 
1057  foreach(rolecell, rolespecs)
1058  {
1059  RoleSpec *rolespec = lfirst(rolecell);
1060 
1061  iacls.roleid = get_rolespec_oid(rolespec, false);
1062 
1063  /*
1064  * We insist that calling user be a member of each target role. If
1065  * he has that, he could become that role anyway via SET ROLE, so
1066  * FOR ROLE is just a syntactic convenience and doesn't give any
1067  * special privileges.
1068  */
1070 
1071  SetDefaultACLsInSchemas(&iacls, nspnames);
1072  }
1073  }
1074 }
#define NIL
Definition: pg_list.h:65
#define ACL_ALL_RIGHTS_FUNCTION
Definition: acl.h:162
bool grant_option
Definition: aclchk.c:92
Oid GetUserId(void)
Definition: miscinit.c:476
static AclMode string_to_privilege(const char *privname)
Definition: aclchk.c:3216
bool grant_option
Definition: parsenodes.h:1937
#define gettext_noop(x)
Definition: c.h:1137
int errcode(int sqlerrcode)
Definition: elog.c:610
List * cols
Definition: parsenodes.h:1967
unsigned int Oid
Definition: postgres_ext.h:31
List * grantees
Definition: aclchk.c:91
List * lappend_oid(List *list, Oid datum)
Definition: list.c:357
uint32 AclMode
Definition: parsenodes.h:72
#define ERROR
Definition: elog.h:43
#define ACL_NO_RIGHTS
Definition: parsenodes.h:88
#define ACL_ALL_RIGHTS_SCHEMA
Definition: acl.h:165
int location
Definition: parsenodes.h:736
#define ACL_ALL_RIGHTS_TYPE
Definition: acl.h:167
void check_is_member_of_role(Oid member, Oid role)
Definition: acl.c:4938
Node * arg
Definition: parsenodes.h:734
bool is_grant
Definition: parsenodes.h:1929
RoleSpecType roletype
Definition: parsenodes.h:330
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
Definition: acl.c:5209
#define ACL_ALL_RIGHTS_SEQUENCE
Definition: acl.h:158
DropBehavior behavior
Definition: aclchk.c:93
List * privileges
Definition: parsenodes.h:1934
#define ereport(elevel,...)
Definition: elog.h:144
DropBehavior behavior
Definition: parsenodes.h:1938
#define lfirst(lc)
Definition: pg_list.h:169
int parser_errposition(ParseState *pstate, int location)
Definition: parse_node.c:110
static void SetDefaultACLsInSchemas(InternalDefaultACL *iacls, List *nspnames)
Definition: aclchk.c:1082
int errmsg(const char *fmt,...)
Definition: elog.c:824
#define elog(elevel,...)
Definition: elog.h:214
#define ACL_ALL_RIGHTS_RELATION
Definition: acl.h:157
ObjectType objtype
Definition: parsenodes.h:1931
#define ACL_ID_PUBLIC
Definition: acl.h:46
char * defname
Definition: parsenodes.h:733
static const char * privilege_to_string(AclMode privilege)
Definition: aclchk.c:3253
List * grantees
Definition: parsenodes.h:1936
AclMode privileges
Definition: aclchk.c:90
Definition: pg_list.h:50
ObjectType objtype
Definition: aclchk.c:88
char * priv_name
Definition: parsenodes.h:1966

◆ ExecGrant_Attribute()

static void ExecGrant_Attribute ( InternalGrant istmt,
Oid  relOid,
const char *  relname,
AttrNumber  attnum,
Oid  ownerId,
AclMode  col_privileges,
Relation  attRelation,
const Acl old_rel_acl 
)
static

Definition at line 1588 of file aclchk.c.

References ACL_ALL_RIGHTS_COLUMN, ACL_NUM, aclconcat(), acldefault(), aclmembers(), ATTNUM, InternalGrant::behavior, CatalogTupleUpdate(), DatumGetAclPCopy, elog, ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, Int16GetDatum, InternalGrant::is_grant, MemSet, merge_acl_with_grant(), NameStr, OBJECT_COLUMN, ObjectIdGetDatum, pfree(), PointerGetDatum, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), SearchSysCache2(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, updateAclDependencies(), and values.

Referenced by ExecGrant_Relation().

1591 {
1592  HeapTuple attr_tuple;
1593  Form_pg_attribute pg_attribute_tuple;
1594  Acl *old_acl;
1595  Acl *new_acl;
1596  Acl *merged_acl;
1597  Datum aclDatum;
1598  bool isNull;
1599  Oid grantorId;
1600  AclMode avail_goptions;
1601  bool need_update;
1602  HeapTuple newtuple;
1603  Datum values[Natts_pg_attribute];
1604  bool nulls[Natts_pg_attribute];
1605  bool replaces[Natts_pg_attribute];
1606  int noldmembers;
1607  int nnewmembers;
1608  Oid *oldmembers;
1609  Oid *newmembers;
1610 
1611  attr_tuple = SearchSysCache2(ATTNUM,
1612  ObjectIdGetDatum(relOid),
1614  if (!HeapTupleIsValid(attr_tuple))
1615  elog(ERROR, "cache lookup failed for attribute %d of relation %u",
1616  attnum, relOid);
1617  pg_attribute_tuple = (Form_pg_attribute) GETSTRUCT(attr_tuple);
1618 
1619  /*
1620  * Get working copy of existing ACL. If there's no ACL, substitute the
1621  * proper default.
1622  */
1623  aclDatum = SysCacheGetAttr(ATTNUM, attr_tuple, Anum_pg_attribute_attacl,
1624  &isNull);
1625  if (isNull)
1626  {
1627  old_acl = acldefault(OBJECT_COLUMN, ownerId);
1628  /* There are no old member roles according to the catalogs */
1629  noldmembers = 0;
1630  oldmembers = NULL;
1631  }
1632  else
1633  {
1634  old_acl = DatumGetAclPCopy(aclDatum);
1635  /* Get the roles mentioned in the existing ACL */
1636  noldmembers = aclmembers(old_acl, &oldmembers);
1637  }
1638 
1639  /*
1640  * In select_best_grantor we should consider existing table-level ACL bits
1641  * as well as the per-column ACL. Build a new ACL that is their
1642  * concatenation. (This is a bit cheap and dirty compared to merging them
1643  * properly with no duplications, but it's all we need here.)
1644  */
1645  merged_acl = aclconcat(old_rel_acl, old_acl);
1646 
1647  /* Determine ID to do the grant as, and available grant options */
1648  select_best_grantor(GetUserId(), col_privileges,
1649  merged_acl, ownerId,
1650  &grantorId, &avail_goptions);
1651 
1652  pfree(merged_acl);
1653 
1654  /*
1655  * Restrict the privileges to what we can actually grant, and emit the
1656  * standards-mandated warning and error messages. Note: we don't track
1657  * whether the user actually used the ALL PRIVILEGES(columns) syntax for
1658  * each column; we just approximate it by whether all the possible
1659  * privileges are specified now. Since the all_privs flag only determines
1660  * whether a warning is issued, this seems close enough.
1661  */
1662  col_privileges =
1663  restrict_and_check_grant(istmt->is_grant, avail_goptions,
1664  (col_privileges == ACL_ALL_RIGHTS_COLUMN),
1665  col_privileges,
1666  relOid, grantorId, OBJECT_COLUMN,
1667  relname, attnum,
1668  NameStr(pg_attribute_tuple->attname));
1669 
1670  /*
1671  * Generate new ACL.
1672  */
1673  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
1674  istmt->grant_option,
1675  istmt->behavior, istmt->grantees,
1676  col_privileges, grantorId,
1677  ownerId);
1678 
1679  /*
1680  * We need the members of both old and new ACLs so we can correct the
1681  * shared dependency information.
1682  */
1683  nnewmembers = aclmembers(new_acl, &newmembers);
1684 
1685  /* finished building new ACL value, now insert it */
1686  MemSet(values, 0, sizeof(values));
1687  MemSet(nulls, false, sizeof(nulls));
1688  MemSet(replaces, false, sizeof(replaces));
1689 
1690  /*
1691  * If the updated ACL is empty, we can set attacl to null, and maybe even
1692  * avoid an update of the pg_attribute row. This is worth testing because
1693  * we'll come through here multiple times for any relation-level REVOKE,
1694  * even if there were never any column GRANTs. Note we are assuming that
1695  * the "default" ACL state for columns is empty.
1696  */
1697  if (ACL_NUM(new_acl) > 0)
1698  {
1699  values[Anum_pg_attribute_attacl - 1] = PointerGetDatum(new_acl);
1700  need_update = true;
1701  }
1702  else
1703  {
1704  nulls[Anum_pg_attribute_attacl - 1] = true;
1705  need_update = !isNull;
1706  }
1707  replaces[Anum_pg_attribute_attacl - 1] = true;
1708 
1709  if (need_update)
1710  {
1711  newtuple = heap_modify_tuple(attr_tuple, RelationGetDescr(attRelation),
1712  values, nulls, replaces);
1713 
1714  CatalogTupleUpdate(attRelation, &newtuple->t_self, newtuple);
1715 
1716  /* Update initial privileges for extensions */
1717  recordExtensionInitPriv(relOid, RelationRelationId, attnum,
1718  ACL_NUM(new_acl) > 0 ? new_acl : NULL);
1719 
1720  /* Update the shared dependency ACL info */
1721  updateAclDependencies(RelationRelationId, relOid, attnum,
1722  ownerId,
1723  noldmembers, oldmembers,
1724  nnewmembers, newmembers);
1725  }
1726 
1727  pfree(new_acl);
1728 
1729  ReleaseSysCache(attr_tuple);
1730 }
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
Definition: pg_shdepend.c:426
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
#define ACL_ALL_RIGHTS_COLUMN
Definition: acl.h:156
#define RelationGetDescr(relation)
Definition: rel.h:482
Oid GetUserId(void)
Definition: miscinit.c:476
#define PointerGetDatum(X)
Definition: postgres.h:556
#define Int16GetDatum(X)
Definition: postgres.h:451
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:741
#define MemSet(start, val, len)
Definition: c.h:949
NameData relname
Definition: pg_class.h:38
unsigned int Oid
Definition: postgres_ext.h:31
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
Definition: aclchk.c:152
uint32 AclMode
Definition: parsenodes.h:72
void pfree(void *pointer)
Definition: mcxt.c:1057
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
#define ACL_NUM(ACL)
Definition: acl.h:108
ItemPointerData t_self
Definition: htup.h:65
FormData_pg_attribute * Form_pg_attribute
Definition: pg_attribute.h:193
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
Definition: aclchk.c:5877
Acl * aclconcat(const Acl *left_acl, const Acl *right_acl)
Definition: acl.c:420
uintptr_t Datum
Definition: postgres.h:367
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1164
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
Definition: syscache.c:1377
int16 attnum
Definition: pg_attribute.h:79
DropBehavior behavior
int aclmembers(const Acl *acl, Oid **roleids)
Definition: acl.c:1465
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:301
HeapTuple SearchSysCache2(int cacheId, Datum key1, Datum key2)
Definition: syscache.c:1127
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
Definition: acl.c:5100
static Datum values[MAXATTR]
Definition: bootstrap.c:165
#define elog(elevel,...)
Definition: elog.h:214
#define NameStr(name)
Definition: c.h:622
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
Definition: heaptuple.c:1113
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
Definition: aclchk.c:211
#define DatumGetAclPCopy(X)
Definition: acl.h:121

◆ ExecGrant_Database()

static void ExecGrant_Database ( InternalGrant grantStmt)
static

Definition at line 2068 of file aclchk.c.

References ACL_ALL_RIGHTS_DATABASE, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DATABASEOID, DatumGetAclPCopy, elog, ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_getattr, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, MemSet, merge_acl_with_grant(), NameStr, OBJECT_DATABASE, ObjectIdGetDatum, InternalGrant::objects, pfree(), PointerGetDatum, InternalGrant::privileges, RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

2069 {
2070  Relation relation;
2071  ListCell *cell;
2072 
2073  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2074  istmt->privileges = ACL_ALL_RIGHTS_DATABASE;
2075 
2076  relation = table_open(DatabaseRelationId, RowExclusiveLock);
2077 
2078  foreach(cell, istmt->objects)
2079  {
2080  Oid datId = lfirst_oid(cell);
2081  Form_pg_database pg_database_tuple;
2082  Datum aclDatum;
2083  bool isNull;
2084  AclMode avail_goptions;
2085  AclMode this_privileges;
2086  Acl *old_acl;
2087  Acl *new_acl;
2088  Oid grantorId;
2089  Oid ownerId;
2090  HeapTuple newtuple;
2091  Datum values[Natts_pg_database];
2092  bool nulls[Natts_pg_database];
2093  bool replaces[Natts_pg_database];
2094  int noldmembers;
2095  int nnewmembers;
2096  Oid *oldmembers;
2097  Oid *newmembers;
2098  HeapTuple tuple;
2099 
2100  tuple = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(datId));
2101  if (!HeapTupleIsValid(tuple))
2102  elog(ERROR, "cache lookup failed for database %u", datId);
2103 
2104  pg_database_tuple = (Form_pg_database) GETSTRUCT(tuple);
2105 
2106  /*
2107  * Get owner ID and working copy of existing ACL. If there's no ACL,
2108  * substitute the proper default.
2109  */
2110  ownerId = pg_database_tuple->datdba;
2111  aclDatum = heap_getattr(tuple, Anum_pg_database_datacl,
2112  RelationGetDescr(relation), &isNull);
2113  if (isNull)
2114  {
2115  old_acl = acldefault(OBJECT_DATABASE, ownerId);
2116  /* There are no old member roles according to the catalogs */
2117  noldmembers = 0;
2118  oldmembers = NULL;
2119  }
2120  else
2121  {
2122  old_acl = DatumGetAclPCopy(aclDatum);
2123  /* Get the roles mentioned in the existing ACL */
2124  noldmembers = aclmembers(old_acl, &oldmembers);
2125  }
2126 
2127  /* Determine ID to do the grant as, and available grant options */
2128  select_best_grantor(GetUserId(), istmt->privileges,
2129  old_acl, ownerId,
2130  &grantorId, &avail_goptions);
2131 
2132  /*
2133  * Restrict the privileges to what we can actually grant, and emit the
2134  * standards-mandated warning and error messages.
2135  */
2136  this_privileges =
2137  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2138  istmt->all_privs, istmt->privileges,
2139  datId, grantorId, OBJECT_DATABASE,
2140  NameStr(pg_database_tuple->datname),
2141  0, NULL);
2142 
2143  /*
2144  * Generate new ACL.
2145  */
2146  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2147  istmt->grant_option, istmt->behavior,
2148  istmt->grantees, this_privileges,
2149  grantorId, ownerId);
2150 
2151  /*
2152  * We need the members of both old and new ACLs so we can correct the
2153  * shared dependency information.
2154  */
2155  nnewmembers = aclmembers(new_acl, &newmembers);
2156 
2157  /* finished building new ACL value, now insert it */
2158  MemSet(values, 0, sizeof(values));
2159  MemSet(nulls, false, sizeof(nulls));
2160  MemSet(replaces, false, sizeof(replaces));
2161 
2162  replaces[Anum_pg_database_datacl - 1] = true;
2163  values[Anum_pg_database_datacl - 1] = PointerGetDatum(new_acl);
2164 
2165  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
2166  nulls, replaces);
2167 
2168  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2169 
2170  /* Update the shared dependency ACL info */
2171  updateAclDependencies(DatabaseRelationId, pg_database_tuple->oid, 0,
2172  ownerId,
2173  noldmembers, oldmembers,
2174  nnewmembers, newmembers);
2175 
2176  ReleaseSysCache(tuple);
2177 
2178  pfree(new_acl);
2179 
2180  /* prevent error when processing duplicate objects */
2182  }
2183 
2184  table_close(relation, RowExclusiveLock);
2185 }
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
Definition: pg_shdepend.c:426
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
#define RelationGetDescr(relation)
Definition: rel.h:482
Oid GetUserId(void)
Definition: miscinit.c:476
FormData_pg_database * Form_pg_database
Definition: pg_database.h:81
#define PointerGetDatum(X)
Definition: postgres.h:556
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:741
#define MemSet(start, val, len)
Definition: c.h:949
unsigned int Oid
Definition: postgres_ext.h:31
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
Definition: aclchk.c:152
uint32 AclMode
Definition: parsenodes.h:72
void pfree(void *pointer)
Definition: mcxt.c:1057
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
#define ACL_NO_RIGHTS
Definition: parsenodes.h:88
ItemPointerData t_self
Definition: htup.h:65
#define RowExclusiveLock
Definition: lockdefs.h:38
#define heap_getattr(tup, attnum, tupleDesc, isnull)
Definition: htup_details.h:762
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:1116
uintptr_t Datum
Definition: postgres.h:367
void CommandCounterIncrement(void)
Definition: xact.c:1021
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1164
int aclmembers(const Acl *acl, Oid **roleids)
Definition: acl.c:1465
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:301
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
Definition: acl.c:5100
#define ACL_ALL_RIGHTS_DATABASE
Definition: acl.h:159
static Datum values[MAXATTR]
Definition: bootstrap.c:165
#define elog(elevel,...)
Definition: elog.h:214
#define NameStr(name)
Definition: c.h:622
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
Definition: heaptuple.c:1113
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
Definition: aclchk.c:211
#define lfirst_oid(lc)
Definition: pg_list.h:171
#define DatumGetAclPCopy(X)
Definition: acl.h:121

◆ ExecGrant_Fdw()

static void ExecGrant_Fdw ( InternalGrant grantStmt)
static

Definition at line 2188 of file aclchk.c.

References ACL_ALL_RIGHTS_FDW, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ERROR, FOREIGNDATAWRAPPEROID, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, MemSet, merge_acl_with_grant(), NameStr, OBJECT_FDW, ObjectIdGetDatum, InternalGrant::objects, pfree(), PointerGetDatum, InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

2189 {
2190  Relation relation;
2191  ListCell *cell;
2192 
2193  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2194  istmt->privileges = ACL_ALL_RIGHTS_FDW;
2195 
2196  relation = table_open(ForeignDataWrapperRelationId, RowExclusiveLock);
2197 
2198  foreach(cell, istmt->objects)
2199  {
2200  Oid fdwid = lfirst_oid(cell);
2201  Form_pg_foreign_data_wrapper pg_fdw_tuple;
2202  Datum aclDatum;
2203  bool isNull;
2204  AclMode avail_goptions;
2205  AclMode this_privileges;
2206  Acl *old_acl;
2207  Acl *new_acl;
2208  Oid grantorId;
2209  Oid ownerId;
2210  HeapTuple tuple;
2211  HeapTuple newtuple;
2212  Datum values[Natts_pg_foreign_data_wrapper];
2213  bool nulls[Natts_pg_foreign_data_wrapper];
2214  bool replaces[Natts_pg_foreign_data_wrapper];
2215  int noldmembers;
2216  int nnewmembers;
2217  Oid *oldmembers;
2218  Oid *newmembers;
2219 
2221  ObjectIdGetDatum(fdwid));
2222  if (!HeapTupleIsValid(tuple))
2223  elog(ERROR, "cache lookup failed for foreign-data wrapper %u", fdwid);
2224 
2225  pg_fdw_tuple = (Form_pg_foreign_data_wrapper) GETSTRUCT(tuple);
2226 
2227  /*
2228  * Get owner ID and working copy of existing ACL. If there's no ACL,
2229  * substitute the proper default.
2230  */
2231  ownerId = pg_fdw_tuple->fdwowner;
2232  aclDatum = SysCacheGetAttr(FOREIGNDATAWRAPPEROID, tuple,
2233  Anum_pg_foreign_data_wrapper_fdwacl,
2234  &isNull);
2235  if (isNull)
2236  {
2237  old_acl = acldefault(OBJECT_FDW, ownerId);
2238  /* There are no old member roles according to the catalogs */
2239  noldmembers = 0;
2240  oldmembers = NULL;
2241  }
2242  else
2243  {
2244  old_acl = DatumGetAclPCopy(aclDatum);
2245  /* Get the roles mentioned in the existing ACL */
2246  noldmembers = aclmembers(old_acl, &oldmembers);
2247  }
2248 
2249  /* Determine ID to do the grant as, and available grant options */
2250  select_best_grantor(GetUserId(), istmt->privileges,
2251  old_acl, ownerId,
2252  &grantorId, &avail_goptions);
2253 
2254  /*
2255  * Restrict the privileges to what we can actually grant, and emit the
2256  * standards-mandated warning and error messages.
2257  */
2258  this_privileges =
2259  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2260  istmt->all_privs, istmt->privileges,
2261  fdwid, grantorId, OBJECT_FDW,
2262  NameStr(pg_fdw_tuple->fdwname),
2263  0, NULL);
2264 
2265  /*
2266  * Generate new ACL.
2267  */
2268  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2269  istmt->grant_option, istmt->behavior,
2270  istmt->grantees, this_privileges,
2271  grantorId, ownerId);
2272 
2273  /*
2274  * We need the members of both old and new ACLs so we can correct the
2275  * shared dependency information.
2276  */
2277  nnewmembers = aclmembers(new_acl, &newmembers);
2278 
2279  /* finished building new ACL value, now insert it */
2280  MemSet(values, 0, sizeof(values));
2281  MemSet(nulls, false, sizeof(nulls));
2282  MemSet(replaces, false, sizeof(replaces));
2283 
2284  replaces[Anum_pg_foreign_data_wrapper_fdwacl - 1] = true;
2285  values[Anum_pg_foreign_data_wrapper_fdwacl - 1] = PointerGetDatum(new_acl);
2286 
2287  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
2288  nulls, replaces);
2289 
2290  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2291 
2292  /* Update initial privileges for extensions */
2293  recordExtensionInitPriv(fdwid, ForeignDataWrapperRelationId, 0,
2294  new_acl);
2295 
2296  /* Update the shared dependency ACL info */
2297  updateAclDependencies(ForeignDataWrapperRelationId,
2298  pg_fdw_tuple->oid, 0,
2299  ownerId,
2300  noldmembers, oldmembers,
2301  nnewmembers, newmembers);
2302 
2303  ReleaseSysCache(tuple);
2304 
2305  pfree(new_acl);
2306 
2307  /* prevent error when processing duplicate objects */
2309  }
2310 
2311  table_close(relation, RowExclusiveLock);
2312 }
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
Definition: pg_shdepend.c:426
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
#define RelationGetDescr(relation)
Definition: rel.h:482
Oid GetUserId(void)
Definition: miscinit.c:476
#define PointerGetDatum(X)
Definition: postgres.h:556
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:741
#define MemSet(start, val, len)
Definition: c.h:949
unsigned int Oid
Definition: postgres_ext.h:31
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
Definition: aclchk.c:152
uint32 AclMode
Definition: parsenodes.h:72
void pfree(void *pointer)
Definition: mcxt.c:1057
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
#define ACL_NO_RIGHTS
Definition: parsenodes.h:88
ItemPointerData t_self
Definition: htup.h:65
#define RowExclusiveLock
Definition: lockdefs.h:38
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
Definition: aclchk.c:5877
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:1116
uintptr_t Datum
Definition: postgres.h:367
void CommandCounterIncrement(void)
Definition: xact.c:1021
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1164
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
Definition: syscache.c:1377
int aclmembers(const Acl *acl, Oid **roleids)
Definition: acl.c:1465
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
FormData_pg_foreign_data_wrapper * Form_pg_foreign_data_wrapper
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:301
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
Definition: acl.c:5100
static Datum values[MAXATTR]
Definition: bootstrap.c:165
#define elog(elevel,...)
Definition: elog.h:214
#define NameStr(name)
Definition: c.h:622
#define ACL_ALL_RIGHTS_FDW
Definition: acl.h:160
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
Definition: heaptuple.c:1113
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
Definition: aclchk.c:211
#define lfirst_oid(lc)
Definition: pg_list.h:171
#define DatumGetAclPCopy(X)
Definition: acl.h:121

◆ ExecGrant_ForeignServer()

static void ExecGrant_ForeignServer ( InternalGrant grantStmt)
static

Definition at line 2315 of file aclchk.c.

References ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ERROR, FOREIGNSERVEROID, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, MemSet, merge_acl_with_grant(), NameStr, OBJECT_FOREIGN_SERVER, ObjectIdGetDatum, InternalGrant::objects, pfree(), PointerGetDatum, InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

2316 {
2317  Relation relation;
2318  ListCell *cell;
2319 
2320  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2321  istmt->privileges = ACL_ALL_RIGHTS_FOREIGN_SERVER;
2322 
2323  relation = table_open(ForeignServerRelationId, RowExclusiveLock);
2324 
2325  foreach(cell, istmt->objects)
2326  {
2327  Oid srvid = lfirst_oid(cell);
2328  Form_pg_foreign_server pg_server_tuple;
2329  Datum aclDatum;
2330  bool isNull;
2331  AclMode avail_goptions;
2332  AclMode this_privileges;
2333  Acl *old_acl;
2334  Acl *new_acl;
2335  Oid grantorId;
2336  Oid ownerId;
2337  HeapTuple tuple;
2338  HeapTuple newtuple;
2339  Datum values[Natts_pg_foreign_server];
2340  bool nulls[Natts_pg_foreign_server];
2341  bool replaces[Natts_pg_foreign_server];
2342  int noldmembers;
2343  int nnewmembers;
2344  Oid *oldmembers;
2345  Oid *newmembers;
2346 
2348  if (!HeapTupleIsValid(tuple))
2349  elog(ERROR, "cache lookup failed for foreign server %u", srvid);
2350 
2351  pg_server_tuple = (Form_pg_foreign_server) GETSTRUCT(tuple);
2352 
2353  /*
2354  * Get owner ID and working copy of existing ACL. If there's no ACL,
2355  * substitute the proper default.
2356  */
2357  ownerId = pg_server_tuple->srvowner;
2358  aclDatum = SysCacheGetAttr(FOREIGNSERVEROID, tuple,
2359  Anum_pg_foreign_server_srvacl,
2360  &isNull);
2361  if (isNull)
2362  {
2363  old_acl = acldefault(OBJECT_FOREIGN_SERVER, ownerId);
2364  /* There are no old member roles according to the catalogs */
2365  noldmembers = 0;
2366  oldmembers = NULL;
2367  }
2368  else
2369  {
2370  old_acl = DatumGetAclPCopy(aclDatum);
2371  /* Get the roles mentioned in the existing ACL */
2372  noldmembers = aclmembers(old_acl, &oldmembers);
2373  }
2374 
2375  /* Determine ID to do the grant as, and available grant options */
2376  select_best_grantor(GetUserId(), istmt->privileges,
2377  old_acl, ownerId,
2378  &grantorId, &avail_goptions);
2379 
2380  /*
2381  * Restrict the privileges to what we can actually grant, and emit the
2382  * standards-mandated warning and error messages.
2383  */
2384  this_privileges =
2385  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2386  istmt->all_privs, istmt->privileges,
2387  srvid, grantorId, OBJECT_FOREIGN_SERVER,
2388  NameStr(pg_server_tuple->srvname),
2389  0, NULL);
2390 
2391  /*
2392  * Generate new ACL.
2393  */
2394  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2395  istmt->grant_option, istmt->behavior,
2396  istmt->grantees, this_privileges,
2397  grantorId, ownerId);
2398 
2399  /*
2400  * We need the members of both old and new ACLs so we can correct the
2401  * shared dependency information.
2402  */
2403  nnewmembers = aclmembers(new_acl, &newmembers);
2404 
2405  /* finished building new ACL value, now insert it */
2406  MemSet(values, 0, sizeof(values));
2407  MemSet(nulls, false, sizeof(nulls));
2408  MemSet(replaces, false, sizeof(replaces));
2409 
2410  replaces[Anum_pg_foreign_server_srvacl - 1] = true;
2411  values[Anum_pg_foreign_server_srvacl - 1] = PointerGetDatum(new_acl);
2412 
2413  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
2414  nulls, replaces);
2415 
2416  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2417 
2418  /* Update initial privileges for extensions */
2419  recordExtensionInitPriv(srvid, ForeignServerRelationId, 0, new_acl);
2420 
2421  /* Update the shared dependency ACL info */
2422  updateAclDependencies(ForeignServerRelationId,
2423  pg_server_tuple->oid, 0,
2424  ownerId,
2425  noldmembers, oldmembers,
2426  nnewmembers, newmembers);
2427 
2428  ReleaseSysCache(tuple);
2429 
2430  pfree(new_acl);
2431 
2432  /* prevent error when processing duplicate objects */
2434  }
2435 
2436  table_close(relation, RowExclusiveLock);
2437 }
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
Definition: pg_shdepend.c:426
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
#define RelationGetDescr(relation)
Definition: rel.h:482
Oid GetUserId(void)
Definition: miscinit.c:476
#define PointerGetDatum(X)
Definition: postgres.h:556
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:741
#define MemSet(start, val, len)
Definition: c.h:949
unsigned int Oid
Definition: postgres_ext.h:31
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
Definition: aclchk.c:152
uint32 AclMode
Definition: parsenodes.h:72
void pfree(void *pointer)
Definition: mcxt.c:1057
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
#define ACL_NO_RIGHTS
Definition: parsenodes.h:88
ItemPointerData t_self
Definition: htup.h:65
#define RowExclusiveLock
Definition: lockdefs.h:38
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
Definition: aclchk.c:5877
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:1116
uintptr_t Datum
Definition: postgres.h:367
void CommandCounterIncrement(void)
Definition: xact.c:1021
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1164
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
Definition: syscache.c:1377
FormData_pg_foreign_server * Form_pg_foreign_server
int aclmembers(const Acl *acl, Oid **roleids)
Definition: acl.c:1465
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:301
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
Definition: acl.c:5100
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
Definition: acl.h:161
static Datum values[MAXATTR]
Definition: bootstrap.c:165
#define elog(elevel,...)
Definition: elog.h:214
#define NameStr(name)
Definition: c.h:622
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
Definition: heaptuple.c:1113
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
Definition: aclchk.c:211
#define lfirst_oid(lc)
Definition: pg_list.h:171
#define DatumGetAclPCopy(X)
Definition: acl.h:121

◆ ExecGrant_Function()

static void ExecGrant_Function ( InternalGrant grantStmt)
static

Definition at line 2440 of file aclchk.c.

References ACL_ALL_RIGHTS_FUNCTION, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, MemSet, merge_acl_with_grant(), NameStr, OBJECT_FUNCTION, ObjectIdGetDatum, InternalGrant::objects, pfree(), PointerGetDatum, InternalGrant::privileges, PROCOID, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

2441 {
2442  Relation relation;
2443  ListCell *cell;
2444 
2445  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2446  istmt->privileges = ACL_ALL_RIGHTS_FUNCTION;
2447 
2448  relation = table_open(ProcedureRelationId, RowExclusiveLock);
2449 
2450  foreach(cell, istmt->objects)
2451  {
2452  Oid funcId = lfirst_oid(cell);
2453  Form_pg_proc pg_proc_tuple;
2454  Datum aclDatum;
2455  bool isNull;
2456  AclMode avail_goptions;
2457  AclMode this_privileges;
2458  Acl *old_acl;
2459  Acl *new_acl;
2460  Oid grantorId;
2461  Oid ownerId;
2462  HeapTuple tuple;
2463  HeapTuple newtuple;
2464  Datum values[Natts_pg_proc];
2465  bool nulls[Natts_pg_proc];
2466  bool replaces[Natts_pg_proc];
2467  int noldmembers;
2468  int nnewmembers;
2469  Oid *oldmembers;
2470  Oid *newmembers;
2471 
2472  tuple = SearchSysCache1(PROCOID, ObjectIdGetDatum(funcId));
2473  if (!HeapTupleIsValid(tuple))
2474  elog(ERROR, "cache lookup failed for function %u", funcId);
2475 
2476  pg_proc_tuple = (Form_pg_proc) GETSTRUCT(tuple);
2477 
2478  /*
2479  * Get owner ID and working copy of existing ACL. If there's no ACL,
2480  * substitute the proper default.
2481  */
2482  ownerId = pg_proc_tuple->proowner;
2483  aclDatum = SysCacheGetAttr(PROCOID, tuple, Anum_pg_proc_proacl,
2484  &isNull);
2485  if (isNull)
2486  {
2487  old_acl = acldefault(OBJECT_FUNCTION, ownerId);
2488  /* There are no old member roles according to the catalogs */
2489  noldmembers = 0;
2490  oldmembers = NULL;
2491  }
2492  else
2493  {
2494  old_acl = DatumGetAclPCopy(aclDatum);
2495  /* Get the roles mentioned in the existing ACL */
2496  noldmembers = aclmembers(old_acl, &oldmembers);
2497  }
2498 
2499  /* Determine ID to do the grant as, and available grant options */
2500  select_best_grantor(GetUserId(), istmt->privileges,
2501  old_acl, ownerId,
2502  &grantorId, &avail_goptions);
2503 
2504  /*
2505  * Restrict the privileges to what we can actually grant, and emit the
2506  * standards-mandated warning and error messages.
2507  */
2508  this_privileges =
2509  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2510  istmt->all_privs, istmt->privileges,
2511  funcId, grantorId, OBJECT_FUNCTION,
2512  NameStr(pg_proc_tuple->proname),
2513  0, NULL);
2514 
2515  /*
2516  * Generate new ACL.
2517  */
2518  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2519  istmt->grant_option, istmt->behavior,
2520  istmt->grantees, this_privileges,
2521  grantorId, ownerId);
2522 
2523  /*
2524  * We need the members of both old and new ACLs so we can correct the
2525  * shared dependency information.
2526  */
2527  nnewmembers = aclmembers(new_acl, &newmembers);
2528 
2529  /* finished building new ACL value, now insert it */
2530  MemSet(values, 0, sizeof(values));
2531  MemSet(nulls, false, sizeof(nulls));
2532  MemSet(replaces, false, sizeof(replaces));
2533 
2534  replaces[Anum_pg_proc_proacl - 1] = true;
2535  values[Anum_pg_proc_proacl - 1] = PointerGetDatum(new_acl);
2536 
2537  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
2538  nulls, replaces);
2539 
2540  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2541 
2542  /* Update initial privileges for extensions */
2543  recordExtensionInitPriv(funcId, ProcedureRelationId, 0, new_acl);
2544 
2545  /* Update the shared dependency ACL info */
2546  updateAclDependencies(ProcedureRelationId, funcId, 0,
2547  ownerId,
2548  noldmembers, oldmembers,
2549  nnewmembers, newmembers);
2550 
2551  ReleaseSysCache(tuple);
2552 
2553  pfree(new_acl);
2554 
2555  /* prevent error when processing duplicate objects */
2557  }
2558 
2559  table_close(relation, RowExclusiveLock);
2560 }
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
Definition: pg_shdepend.c:426
#define ACL_ALL_RIGHTS_FUNCTION
Definition: acl.h:162
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
#define RelationGetDescr(relation)
Definition: rel.h:482
Oid GetUserId(void)
Definition: miscinit.c:476
#define PointerGetDatum(X)
Definition: postgres.h:556
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:741
#define MemSet(start, val, len)
Definition: c.h:949
unsigned int Oid
Definition: postgres_ext.h:31
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
Definition: aclchk.c:152
uint32 AclMode
Definition: parsenodes.h:72
void pfree(void *pointer)
Definition: mcxt.c:1057
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
#define ACL_NO_RIGHTS
Definition: parsenodes.h:88
ItemPointerData t_self
Definition: htup.h:65
#define RowExclusiveLock
Definition: lockdefs.h:38
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
Definition: aclchk.c:5877
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:1116
uintptr_t Datum
Definition: postgres.h:367
void CommandCounterIncrement(void)
Definition: xact.c:1021
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1164
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
Definition: syscache.c:1377
FormData_pg_proc * Form_pg_proc
Definition: pg_proc.h:133
int aclmembers(const Acl *acl, Oid **roleids)
Definition: acl.c:1465
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:301
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
Definition: acl.c:5100
static Datum values[MAXATTR]
Definition: bootstrap.c:165
#define elog(elevel,...)
Definition: elog.h:214
#define NameStr(name)
Definition: c.h:622
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
Definition: heaptuple.c:1113
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
Definition: aclchk.c:211
#define lfirst_oid(lc)
Definition: pg_list.h:171
#define DatumGetAclPCopy(X)
Definition: acl.h:121

◆ ExecGrant_Language()

static void ExecGrant_Language ( InternalGrant grantStmt)
static

Definition at line 2563 of file aclchk.c.

References ACL_ALL_RIGHTS_LANGUAGE, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ereport, errcode(), errdetail(), errmsg(), ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, LANGNAME, LANGOID, lfirst_oid, MemSet, merge_acl_with_grant(), NameStr, OBJECT_LANGUAGE, ObjectIdGetDatum, InternalGrant::objects, pfree(), PointerGetDatum, InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

2564 {
2565  Relation relation;
2566  ListCell *cell;
2567 
2568  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2569  istmt->privileges = ACL_ALL_RIGHTS_LANGUAGE;
2570 
2571  relation = table_open(LanguageRelationId, RowExclusiveLock);
2572 
2573  foreach(cell, istmt->objects)
2574  {
2575  Oid langId = lfirst_oid(cell);
2576  Form_pg_language pg_language_tuple;
2577  Datum aclDatum;
2578  bool isNull;
2579  AclMode avail_goptions;
2580  AclMode this_privileges;
2581  Acl *old_acl;
2582  Acl *new_acl;
2583  Oid grantorId;
2584  Oid ownerId;
2585  HeapTuple tuple;
2586  HeapTuple newtuple;
2587  Datum values[Natts_pg_language];
2588  bool nulls[Natts_pg_language];
2589  bool replaces[Natts_pg_language];
2590  int noldmembers;
2591  int nnewmembers;
2592  Oid *oldmembers;
2593  Oid *newmembers;
2594 
2595  tuple = SearchSysCache1(LANGOID, ObjectIdGetDatum(langId));
2596  if (!HeapTupleIsValid(tuple))
2597  elog(ERROR, "cache lookup failed for language %u", langId);
2598 
2599  pg_language_tuple = (Form_pg_language) GETSTRUCT(tuple);
2600 
2601  if (!pg_language_tuple->lanpltrusted)
2602  ereport(ERROR,
2603  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2604  errmsg("language \"%s\" is not trusted",
2605  NameStr(pg_language_tuple->lanname)),
2606  errdetail("GRANT and REVOKE are not allowed on untrusted languages, "
2607  "because only superusers can use untrusted languages.")));
2608 
2609  /*
2610  * Get owner ID and working copy of existing ACL. If there's no ACL,
2611  * substitute the proper default.
2612  */
2613  ownerId = pg_language_tuple->lanowner;
2614  aclDatum = SysCacheGetAttr(LANGNAME, tuple, Anum_pg_language_lanacl,
2615  &isNull);
2616  if (isNull)
2617  {
2618  old_acl = acldefault(OBJECT_LANGUAGE, ownerId);
2619  /* There are no old member roles according to the catalogs */
2620  noldmembers = 0;
2621  oldmembers = NULL;
2622  }
2623  else
2624  {
2625  old_acl = DatumGetAclPCopy(aclDatum);
2626  /* Get the roles mentioned in the existing ACL */
2627  noldmembers = aclmembers(old_acl, &oldmembers);
2628  }
2629 
2630  /* Determine ID to do the grant as, and available grant options */
2631  select_best_grantor(GetUserId(), istmt->privileges,
2632  old_acl, ownerId,
2633  &grantorId, &avail_goptions);
2634 
2635  /*
2636  * Restrict the privileges to what we can actually grant, and emit the
2637  * standards-mandated warning and error messages.
2638  */
2639  this_privileges =
2640  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2641  istmt->all_privs, istmt->privileges,
2642  langId, grantorId, OBJECT_LANGUAGE,
2643  NameStr(pg_language_tuple->lanname),
2644  0, NULL);
2645 
2646  /*
2647  * Generate new ACL.
2648  */
2649  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2650  istmt->grant_option, istmt->behavior,
2651  istmt->grantees, this_privileges,
2652  grantorId, ownerId);
2653 
2654  /*
2655  * We need the members of both old and new ACLs so we can correct the
2656  * shared dependency information.
2657  */
2658  nnewmembers = aclmembers(new_acl, &newmembers);
2659 
2660  /* finished building new ACL value, now insert it */
2661  MemSet(values, 0, sizeof(values));
2662  MemSet(nulls, false, sizeof(nulls));
2663  MemSet(replaces, false, sizeof(replaces));
2664 
2665  replaces[Anum_pg_language_lanacl - 1] = true;
2666  values[Anum_pg_language_lanacl - 1] = PointerGetDatum(new_acl);
2667 
2668  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
2669  nulls, replaces);
2670 
2671  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2672 
2673  /* Update initial privileges for extensions */
2674  recordExtensionInitPriv(langId, LanguageRelationId, 0, new_acl);
2675 
2676  /* Update the shared dependency ACL info */
2677  updateAclDependencies(LanguageRelationId, pg_language_tuple->oid, 0,
2678  ownerId,
2679  noldmembers, oldmembers,
2680  nnewmembers, newmembers);
2681 
2682  ReleaseSysCache(tuple);
2683 
2684  pfree(new_acl);
2685 
2686  /* prevent error when processing duplicate objects */
2688  }
2689 
2690  table_close(relation, RowExclusiveLock);
2691 }
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
Definition: pg_shdepend.c:426
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
#define RelationGetDescr(relation)
Definition: rel.h:482
Oid GetUserId(void)
Definition: miscinit.c:476
#define PointerGetDatum(X)
Definition: postgres.h:556
int errcode(int sqlerrcode)
Definition: elog.c:610
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:741
#define MemSet(start, val, len)
Definition: c.h:949
unsigned int Oid
Definition: postgres_ext.h:31
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
Definition: aclchk.c:152
#define ACL_ALL_RIGHTS_LANGUAGE
Definition: acl.h:163
uint32 AclMode
Definition: parsenodes.h:72
void pfree(void *pointer)
Definition: mcxt.c:1057
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
#define ACL_NO_RIGHTS
Definition: parsenodes.h:88
ItemPointerData t_self
Definition: htup.h:65
#define RowExclusiveLock
Definition: lockdefs.h:38
int errdetail(const char *fmt,...)
Definition: elog.c:957
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
Definition: aclchk.c:5877
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:1116
uintptr_t Datum
Definition: postgres.h:367
void CommandCounterIncrement(void)
Definition: xact.c:1021
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1164
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
Definition: syscache.c:1377
#define ereport(elevel,...)
Definition: elog.h:144
int aclmembers(const Acl *acl, Oid **roleids)
Definition: acl.c:1465
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:301
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
Definition: acl.c:5100
static Datum values[MAXATTR]
Definition: bootstrap.c:165
FormData_pg_language * Form_pg_language
Definition: pg_language.h:65
int errmsg(const char *fmt,...)
Definition: elog.c:824
#define elog(elevel,...)
Definition: elog.h:214
#define NameStr(name)
Definition: c.h:622
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
Definition: heaptuple.c:1113
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
Definition: aclchk.c:211
#define lfirst_oid(lc)
Definition: pg_list.h:171
#define DatumGetAclPCopy(X)
Definition: acl.h:121

◆ ExecGrant_Largeobject()

static void ExecGrant_Largeobject ( InternalGrant grantStmt)
static

Definition at line 2694 of file aclchk.c.

References ACL_ALL_RIGHTS_LARGEOBJECT, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, BTEqualStrategyNumber, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_getattr, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, LargeObjectMetadataOidIndexId, lfirst_oid, MemSet, merge_acl_with_grant(), NAMEDATALEN, OBJECT_LARGEOBJECT, ObjectIdGetDatum, InternalGrant::objects, pfree(), PointerGetDatum, InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, restrict_and_check_grant(), RowExclusiveLock, ScanKeyInit(), select_best_grantor(), snprintf, systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

2695 {
2696  Relation relation;
2697  ListCell *cell;
2698 
2699  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2700  istmt->privileges = ACL_ALL_RIGHTS_LARGEOBJECT;
2701 
2702  relation = table_open(LargeObjectMetadataRelationId,
2704 
2705  foreach(cell, istmt->objects)
2706  {
2707  Oid loid = lfirst_oid(cell);
2708  Form_pg_largeobject_metadata form_lo_meta;
2709  char loname[NAMEDATALEN];
2710  Datum aclDatum;
2711  bool isNull;
2712  AclMode avail_goptions;
2713  AclMode this_privileges;
2714  Acl *old_acl;
2715  Acl *new_acl;
2716  Oid grantorId;
2717  Oid ownerId;
2718  HeapTuple newtuple;
2719  Datum values[Natts_pg_largeobject_metadata];
2720  bool nulls[Natts_pg_largeobject_metadata];
2721  bool replaces[Natts_pg_largeobject_metadata];
2722  int noldmembers;
2723  int nnewmembers;
2724  Oid *oldmembers;
2725  Oid *newmembers;
2726  ScanKeyData entry[1];
2727  SysScanDesc scan;
2728  HeapTuple tuple;
2729 
2730  /* There's no syscache for pg_largeobject_metadata */
2731  ScanKeyInit(&entry[0],
2732  Anum_pg_largeobject_metadata_oid,
2733  BTEqualStrategyNumber, F_OIDEQ,
2734  ObjectIdGetDatum(loid));
2735 
2736  scan = systable_beginscan(relation,
2738  NULL, 1, entry);
2739 
2740  tuple = systable_getnext(scan);
2741  if (!HeapTupleIsValid(tuple))
2742  elog(ERROR, "could not find tuple for large object %u", loid);
2743 
2744  form_lo_meta = (Form_pg_largeobject_metadata) GETSTRUCT(tuple);
2745 
2746  /*
2747  * Get owner ID and working copy of existing ACL. If there's no ACL,
2748  * substitute the proper default.
2749  */
2750  ownerId = form_lo_meta->lomowner;
2751  aclDatum = heap_getattr(tuple,
2752  Anum_pg_largeobject_metadata_lomacl,
2753  RelationGetDescr(relation), &isNull);
2754  if (isNull)
2755  {
2756  old_acl = acldefault(OBJECT_LARGEOBJECT, ownerId);
2757  /* There are no old member roles according to the catalogs */
2758  noldmembers = 0;
2759  oldmembers = NULL;
2760  }
2761  else
2762  {
2763  old_acl = DatumGetAclPCopy(aclDatum);
2764  /* Get the roles mentioned in the existing ACL */
2765  noldmembers = aclmembers(old_acl, &oldmembers);
2766  }
2767 
2768  /* Determine ID to do the grant as, and available grant options */
2769  select_best_grantor(GetUserId(), istmt->privileges,
2770  old_acl, ownerId,
2771  &grantorId, &avail_goptions);
2772 
2773  /*
2774  * Restrict the privileges to what we can actually grant, and emit the
2775  * standards-mandated warning and error messages.
2776  */
2777  snprintf(loname, sizeof(loname), "large object %u", loid);
2778  this_privileges =
2779  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2780  istmt->all_privs, istmt->privileges,
2781  loid, grantorId, OBJECT_LARGEOBJECT,
2782  loname, 0, NULL);
2783 
2784  /*
2785  * Generate new ACL.
2786  */
2787  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2788  istmt->grant_option, istmt->behavior,
2789  istmt->grantees, this_privileges,
2790  grantorId, ownerId);
2791 
2792  /*
2793  * We need the members of both old and new ACLs so we can correct the
2794  * shared dependency information.
2795  */
2796  nnewmembers = aclmembers(new_acl, &newmembers);
2797 
2798  /* finished building new ACL value, now insert it */
2799  MemSet(values, 0, sizeof(values));
2800  MemSet(nulls, false, sizeof(nulls));
2801  MemSet(replaces, false, sizeof(replaces));
2802 
2803  replaces[Anum_pg_largeobject_metadata_lomacl - 1] = true;
2804  values[Anum_pg_largeobject_metadata_lomacl - 1]
2805  = PointerGetDatum(new_acl);
2806 
2807  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
2808  values, nulls, replaces);
2809 
2810  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2811 
2812  /* Update initial privileges for extensions */
2813  recordExtensionInitPriv(loid, LargeObjectRelationId, 0, new_acl);
2814 
2815  /* Update the shared dependency ACL info */
2816  updateAclDependencies(LargeObjectRelationId,
2817  form_lo_meta->oid, 0,
2818  ownerId,
2819  noldmembers, oldmembers,
2820  nnewmembers, newmembers);
2821 
2822  systable_endscan(scan);
2823 
2824  pfree(new_acl);
2825 
2826  /* prevent error when processing duplicate objects */
2828  }
2829 
2830  table_close(relation, RowExclusiveLock);
2831 }
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
Definition: pg_shdepend.c:426
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:569
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
#define RelationGetDescr(relation)
Definition: rel.h:482
Oid GetUserId(void)
Definition: miscinit.c:476
#define PointerGetDatum(X)
Definition: postgres.h:556
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:741
#define MemSet(start, val, len)
Definition: c.h:949
unsigned int Oid
Definition: postgres_ext.h:31
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
Definition: aclchk.c:152
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:357
#define NAMEDATALEN
uint32 AclMode
Definition: parsenodes.h:72
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:476
void pfree(void *pointer)
Definition: mcxt.c:1057
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
#define ACL_NO_RIGHTS
Definition: parsenodes.h:88
ItemPointerData t_self
Definition: htup.h:65
#define RowExclusiveLock
Definition: lockdefs.h:38
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
Definition: aclchk.c:5877
#define LargeObjectMetadataOidIndexId
Definition: indexing.h:198
#define heap_getattr(tup, attnum, tupleDesc, isnull)
Definition: htup_details.h:762
FormData_pg_largeobject_metadata * Form_pg_largeobject_metadata
uintptr_t Datum
Definition: postgres.h:367
void CommandCounterIncrement(void)
Definition: xact.c:1021
#define ACL_ALL_RIGHTS_LARGEOBJECT
Definition: acl.h:164
int aclmembers(const Acl *acl, Oid **roleids)
Definition: acl.c:1465
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:301
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
Definition: acl.c:5100
static Datum values[MAXATTR]
Definition: bootstrap.c:165
#define elog(elevel,...)
Definition: elog.h:214
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
Definition: heaptuple.c:1113
#define snprintf
Definition: port.h:193
#define BTEqualStrategyNumber
Definition: stratnum.h:31
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
Definition: aclchk.c:211
#define lfirst_oid(lc)
Definition: pg_list.h:171
#define DatumGetAclPCopy(X)
Definition: acl.h:121

◆ ExecGrant_Namespace()

static void ExecGrant_Namespace ( InternalGrant grantStmt)
static

Definition at line 2834 of file aclchk.c.

References ACL_ALL_RIGHTS_SCHEMA, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, MemSet, merge_acl_with_grant(), NAMESPACENAME, NAMESPACEOID, NameStr, OBJECT_SCHEMA, ObjectIdGetDatum, InternalGrant::objects, pfree(), PointerGetDatum, InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

2835 {
2836  Relation relation;
2837  ListCell *cell;
2838 
2839  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2840  istmt->privileges = ACL_ALL_RIGHTS_SCHEMA;
2841 
2842  relation = table_open(NamespaceRelationId, RowExclusiveLock);
2843 
2844  foreach(cell, istmt->objects)
2845  {
2846  Oid nspid = lfirst_oid(cell);
2847  Form_pg_namespace pg_namespace_tuple;
2848  Datum aclDatum;
2849  bool isNull;
2850  AclMode avail_goptions;
2851  AclMode this_privileges;
2852  Acl *old_acl;
2853  Acl *new_acl;
2854  Oid grantorId;
2855  Oid ownerId;
2856  HeapTuple tuple;
2857  HeapTuple newtuple;
2858  Datum values[Natts_pg_namespace];
2859  bool nulls[Natts_pg_namespace];
2860  bool replaces[Natts_pg_namespace];
2861  int noldmembers;
2862  int nnewmembers;
2863  Oid *oldmembers;
2864  Oid *newmembers;
2865 
2867  if (!HeapTupleIsValid(tuple))
2868  elog(ERROR, "cache lookup failed for namespace %u", nspid);
2869 
2870  pg_namespace_tuple = (Form_pg_namespace) GETSTRUCT(tuple);
2871 
2872  /*
2873  * Get owner ID and working copy of existing ACL. If there's no ACL,
2874  * substitute the proper default.
2875  */
2876  ownerId = pg_namespace_tuple->nspowner;
2877  aclDatum = SysCacheGetAttr(NAMESPACENAME, tuple,
2878  Anum_pg_namespace_nspacl,
2879  &isNull);
2880  if (isNull)
2881  {
2882  old_acl = acldefault(OBJECT_SCHEMA, ownerId);
2883  /* There are no old member roles according to the catalogs */
2884  noldmembers = 0;
2885  oldmembers = NULL;
2886  }
2887  else
2888  {
2889  old_acl = DatumGetAclPCopy(aclDatum);
2890  /* Get the roles mentioned in the existing ACL */
2891  noldmembers = aclmembers(old_acl, &oldmembers);
2892  }
2893 
2894  /* Determine ID to do the grant as, and available grant options */
2895  select_best_grantor(GetUserId(), istmt->privileges,
2896  old_acl, ownerId,
2897  &grantorId, &avail_goptions);
2898 
2899  /*
2900  * Restrict the privileges to what we can actually grant, and emit the
2901  * standards-mandated warning and error messages.
2902  */
2903  this_privileges =
2904  restrict_and_check_grant(istmt->is_grant, avail_goptions,
2905  istmt->all_privs, istmt->privileges,
2906  nspid, grantorId, OBJECT_SCHEMA,
2907  NameStr(pg_namespace_tuple->nspname),
2908  0, NULL);
2909 
2910  /*
2911  * Generate new ACL.
2912  */
2913  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
2914  istmt->grant_option, istmt->behavior,
2915  istmt->grantees, this_privileges,
2916  grantorId, ownerId);
2917 
2918  /*
2919  * We need the members of both old and new ACLs so we can correct the
2920  * shared dependency information.
2921  */
2922  nnewmembers = aclmembers(new_acl, &newmembers);
2923 
2924  /* finished building new ACL value, now insert it */
2925  MemSet(values, 0, sizeof(values));
2926  MemSet(nulls, false, sizeof(nulls));
2927  MemSet(replaces, false, sizeof(replaces));
2928 
2929  replaces[Anum_pg_namespace_nspacl - 1] = true;
2930  values[Anum_pg_namespace_nspacl - 1] = PointerGetDatum(new_acl);
2931 
2932  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
2933  nulls, replaces);
2934 
2935  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
2936 
2937  /* Update initial privileges for extensions */
2938  recordExtensionInitPriv(nspid, NamespaceRelationId, 0, new_acl);
2939 
2940  /* Update the shared dependency ACL info */
2941  updateAclDependencies(NamespaceRelationId, pg_namespace_tuple->oid, 0,
2942  ownerId,
2943  noldmembers, oldmembers,
2944  nnewmembers, newmembers);
2945 
2946  ReleaseSysCache(tuple);
2947 
2948  pfree(new_acl);
2949 
2950  /* prevent error when processing duplicate objects */
2952  }
2953 
2954  table_close(relation, RowExclusiveLock);
2955 }
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
Definition: pg_shdepend.c:426
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
FormData_pg_namespace * Form_pg_namespace
Definition: pg_namespace.h:52
#define RelationGetDescr(relation)
Definition: rel.h:482
Oid GetUserId(void)
Definition: miscinit.c:476
#define PointerGetDatum(X)
Definition: postgres.h:556
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:741
#define MemSet(start, val, len)
Definition: c.h:949
unsigned int Oid
Definition: postgres_ext.h:31
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
Definition: aclchk.c:152
uint32 AclMode
Definition: parsenodes.h:72
void pfree(void *pointer)
Definition: mcxt.c:1057
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
#define ACL_NO_RIGHTS
Definition: parsenodes.h:88
ItemPointerData t_self
Definition: htup.h:65
#define ACL_ALL_RIGHTS_SCHEMA
Definition: acl.h:165
#define RowExclusiveLock
Definition: lockdefs.h:38
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
Definition: aclchk.c:5877
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:1116
uintptr_t Datum
Definition: postgres.h:367
void CommandCounterIncrement(void)
Definition: xact.c:1021
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1164
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
Definition: syscache.c:1377
int aclmembers(const Acl *acl, Oid **roleids)
Definition: acl.c:1465
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:301
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
Definition: acl.c:5100
static Datum values[MAXATTR]
Definition: bootstrap.c:165
#define elog(elevel,...)
Definition: elog.h:214
#define NameStr(name)
Definition: c.h:622
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
Definition: heaptuple.c:1113
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
Definition: aclchk.c:211
#define lfirst_oid(lc)
Definition: pg_list.h:171
#define DatumGetAclPCopy(X)
Definition: acl.h:121

◆ ExecGrant_Relation()

static void ExecGrant_Relation ( InternalGrant grantStmt)
static

Definition at line 1736 of file aclchk.c.

References ACL_ALL_RIGHTS_COLUMN, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SEQUENCE, ACL_NO_RIGHTS, ACL_SELECT, aclcopy(), acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), InternalGrant::col_privs, AccessPriv::cols, CommandCounterIncrement(), DatumGetAclPCopy, elog, ereport, errcode(), errmsg(), ERROR, ExecGrant_Attribute(), expand_all_col_privileges(), expand_col_privileges(), FirstLowInvalidHeapAttributeNumber, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, i, InternalGrant::is_grant, lfirst, lfirst_oid, MemSet, merge_acl_with_grant(), NameStr, OBJECT_SEQUENCE, OBJECT_TABLE, ObjectIdGetDatum, InternalGrant::objects, InternalGrant::objtype, palloc0(), pfree(), PointerGetDatum, AccessPriv::priv_name, privilege_to_string(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), RELOID, restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), string_to_privilege(), SysCacheGetAttr(), HeapTupleData::t_self, table_close(), table_open(), updateAclDependencies(), values, and WARNING.

Referenced by ExecGrantStmt_oids().

1737 {
1738  Relation relation;
1739  Relation attRelation;
1740  ListCell *cell;
1741 
1742  relation = table_open(RelationRelationId, RowExclusiveLock);
1743  attRelation = table_open(AttributeRelationId, RowExclusiveLock);
1744 
1745  foreach(cell, istmt->objects)
1746  {
1747  Oid relOid = lfirst_oid(cell);
1748  Datum aclDatum;
1749  Form_pg_class pg_class_tuple;
1750  bool isNull;
1751  AclMode this_privileges;
1752  AclMode *col_privileges;
1753  int num_col_privileges;
1754  bool have_col_privileges;
1755  Acl *old_acl;
1756  Acl *old_rel_acl;
1757  int noldmembers;
1758  Oid *oldmembers;
1759  Oid ownerId;
1760  HeapTuple tuple;
1761  ListCell *cell_colprivs;
1762 
1763  tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(relOid));
1764  if (!HeapTupleIsValid(tuple))
1765  elog(ERROR, "cache lookup failed for relation %u", relOid);
1766  pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
1767 
1768  /* Not sensible to grant on an index */
1769  if (pg_class_tuple->relkind == RELKIND_INDEX ||
1770  pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX)
1771  ereport(ERROR,
1772  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1773  errmsg("\"%s\" is an index",
1774  NameStr(pg_class_tuple->relname))));
1775 
1776  /* Composite types aren't tables either */
1777  if (pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
1778  ereport(ERROR,
1779  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1780  errmsg("\"%s\" is a composite type",
1781  NameStr(pg_class_tuple->relname))));
1782 
1783  /* Used GRANT SEQUENCE on a non-sequence? */
1784  if (istmt->objtype == OBJECT_SEQUENCE &&
1785  pg_class_tuple->relkind != RELKIND_SEQUENCE)
1786  ereport(ERROR,
1787  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
1788  errmsg("\"%s\" is not a sequence",
1789  NameStr(pg_class_tuple->relname))));
1790 
1791  /* Adjust the default permissions based on object type */
1792  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
1793  {
1794  if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1795  this_privileges = ACL_ALL_RIGHTS_SEQUENCE;
1796  else
1797  this_privileges = ACL_ALL_RIGHTS_RELATION;
1798  }
1799  else
1800  this_privileges = istmt->privileges;
1801 
1802  /*
1803  * The GRANT TABLE syntax can be used for sequences and non-sequences,
1804  * so we have to look at the relkind to determine the supported
1805  * permissions. The OR of table and sequence permissions were already
1806  * checked.
1807  */
1808  if (istmt->objtype == OBJECT_TABLE)
1809  {
1810  if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1811  {
1812  /*
1813  * For backward compatibility, just throw a warning for
1814  * invalid sequence permissions when using the non-sequence
1815  * GRANT syntax.
1816  */
1817  if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_SEQUENCE))
1818  {
1819  /*
1820  * Mention the object name because the user needs to know
1821  * which operations succeeded. This is required because
1822  * WARNING allows the command to continue.
1823  */
1824  ereport(WARNING,
1825  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1826  errmsg("sequence \"%s\" only supports USAGE, SELECT, and UPDATE privileges",
1827  NameStr(pg_class_tuple->relname))));
1828  this_privileges &= (AclMode) ACL_ALL_RIGHTS_SEQUENCE;
1829  }
1830  }
1831  else
1832  {
1833  if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_RELATION))
1834  {
1835  /*
1836  * USAGE is the only permission supported by sequences but
1837  * not by non-sequences. Don't mention the object name
1838  * because we didn't in the combined TABLE | SEQUENCE
1839  * check.
1840  */
1841  ereport(ERROR,
1842  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1843  errmsg("invalid privilege type %s for table",
1844  "USAGE")));
1845  }
1846  }
1847  }
1848 
1849  /*
1850  * Set up array in which we'll accumulate any column privilege bits
1851  * that need modification. The array is indexed such that entry [0]
1852  * corresponds to FirstLowInvalidHeapAttributeNumber.
1853  */
1854  num_col_privileges = pg_class_tuple->relnatts - FirstLowInvalidHeapAttributeNumber + 1;
1855  col_privileges = (AclMode *) palloc0(num_col_privileges * sizeof(AclMode));
1856  have_col_privileges = false;
1857 
1858  /*
1859  * If we are revoking relation privileges that are also column
1860  * privileges, we must implicitly revoke them from each column too,
1861  * per SQL spec. (We don't need to implicitly add column privileges
1862  * during GRANT because the permissions-checking code always checks
1863  * both relation and per-column privileges.)
1864  */
1865  if (!istmt->is_grant &&
1866  (this_privileges & ACL_ALL_RIGHTS_COLUMN) != 0)
1867  {
1868  expand_all_col_privileges(relOid, pg_class_tuple,
1869  this_privileges & ACL_ALL_RIGHTS_COLUMN,
1870  col_privileges,
1871  num_col_privileges);
1872  have_col_privileges = true;
1873  }
1874 
1875  /*
1876  * Get owner ID and working copy of existing ACL. If there's no ACL,
1877  * substitute the proper default.
1878  */
1879  ownerId = pg_class_tuple->relowner;
1880  aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
1881  &isNull);
1882  if (isNull)
1883  {
1884  switch (pg_class_tuple->relkind)
1885  {
1886  case RELKIND_SEQUENCE:
1887  old_acl = acldefault(OBJECT_SEQUENCE, ownerId);
1888  break;
1889  default:
1890  old_acl = acldefault(OBJECT_TABLE, ownerId);
1891  break;
1892  }
1893  /* There are no old member roles according to the catalogs */
1894  noldmembers = 0;
1895  oldmembers = NULL;
1896  }
1897  else
1898  {
1899  old_acl = DatumGetAclPCopy(aclDatum);
1900  /* Get the roles mentioned in the existing ACL */
1901  noldmembers = aclmembers(old_acl, &oldmembers);
1902  }
1903 
1904  /* Need an extra copy of original rel ACL for column handling */
1905  old_rel_acl = aclcopy(old_acl);
1906 
1907  /*
1908  * Handle relation-level privileges, if any were specified
1909  */
1910  if (this_privileges != ACL_NO_RIGHTS)
1911  {
1912  AclMode avail_goptions;
1913  Acl *new_acl;
1914  Oid grantorId;
1915  HeapTuple newtuple;
1916  Datum values[Natts_pg_class];
1917  bool nulls[Natts_pg_class];
1918  bool replaces[Natts_pg_class];
1919  int nnewmembers;
1920  Oid *newmembers;
1921  ObjectType objtype;
1922 
1923  /* Determine ID to do the grant as, and available grant options */
1924  select_best_grantor(GetUserId(), this_privileges,
1925  old_acl, ownerId,
1926  &grantorId, &avail_goptions);
1927 
1928  switch (pg_class_tuple->relkind)
1929  {
1930  case RELKIND_SEQUENCE:
1931  objtype = OBJECT_SEQUENCE;
1932  break;
1933  default:
1934  objtype = OBJECT_TABLE;
1935  break;
1936  }
1937 
1938  /*
1939  * Restrict the privileges to what we can actually grant, and emit
1940  * the standards-mandated warning and error messages.
1941  */
1942  this_privileges =
1943  restrict_and_check_grant(istmt->is_grant, avail_goptions,
1944  istmt->all_privs, this_privileges,
1945  relOid, grantorId, objtype,
1946  NameStr(pg_class_tuple->relname),
1947  0, NULL);
1948 
1949  /*
1950  * Generate new ACL.
1951  */
1952  new_acl = merge_acl_with_grant(old_acl,
1953  istmt->is_grant,
1954  istmt->grant_option,
1955  istmt->behavior,
1956  istmt->grantees,
1957  this_privileges,
1958  grantorId,
1959  ownerId);
1960 
1961  /*
1962  * We need the members of both old and new ACLs so we can correct
1963  * the shared dependency information.
1964  */
1965  nnewmembers = aclmembers(new_acl, &newmembers);
1966 
1967  /* finished building new ACL value, now insert it */
1968  MemSet(values, 0, sizeof(values));
1969  MemSet(nulls, false, sizeof(nulls));
1970  MemSet(replaces, false, sizeof(replaces));
1971 
1972  replaces[Anum_pg_class_relacl - 1] = true;
1973  values[Anum_pg_class_relacl - 1] = PointerGetDatum(new_acl);
1974 
1975  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
1976  values, nulls, replaces);
1977 
1978  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
1979 
1980  /* Update initial privileges for extensions */
1981  recordExtensionInitPriv(relOid, RelationRelationId, 0, new_acl);
1982 
1983  /* Update the shared dependency ACL info */
1984  updateAclDependencies(RelationRelationId, relOid, 0,
1985  ownerId,
1986  noldmembers, oldmembers,
1987  nnewmembers, newmembers);
1988 
1989  pfree(new_acl);
1990  }
1991 
1992  /*
1993  * Handle column-level privileges, if any were specified or implied.
1994  * We first expand the user-specified column privileges into the
1995  * array, and then iterate over all nonempty array entries.
1996  */
1997  foreach(cell_colprivs, istmt->col_privs)
1998  {
1999  AccessPriv *col_privs = (AccessPriv *) lfirst(cell_colprivs);
2000 
2001  if (col_privs->priv_name == NULL)
2002  this_privileges = ACL_ALL_RIGHTS_COLUMN;
2003  else
2004  this_privileges = string_to_privilege(col_privs->priv_name);
2005 
2006  if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_COLUMN))
2007  ereport(ERROR,
2008  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2009  errmsg("invalid privilege type %s for column",
2010  privilege_to_string(this_privileges))));
2011 
2012  if (pg_class_tuple->relkind == RELKIND_SEQUENCE &&
2013  this_privileges & ~((AclMode) ACL_SELECT))
2014  {
2015  /*
2016  * The only column privilege allowed on sequences is SELECT.
2017  * This is a warning not error because we do it that way for
2018  * relation-level privileges.
2019  */
2020  ereport(WARNING,
2021  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
2022  errmsg("sequence \"%s\" only supports SELECT column privileges",
2023  NameStr(pg_class_tuple->relname))));
2024 
2025  this_privileges &= (AclMode) ACL_SELECT;
2026  }
2027 
2028  expand_col_privileges(col_privs->cols, relOid,
2029  this_privileges,
2030  col_privileges,
2031  num_col_privileges);
2032  have_col_privileges = true;
2033  }
2034 
2035  if (have_col_privileges)
2036  {
2037  AttrNumber i;
2038 
2039  for (i = 0; i < num_col_privileges; i++)
2040  {
2041  if (col_privileges[i] == ACL_NO_RIGHTS)
2042  continue;
2043  ExecGrant_Attribute(istmt,
2044  relOid,
2045  NameStr(pg_class_tuple->relname),
2047  ownerId,
2048  col_privileges[i],
2049  attRelation,
2050  old_rel_acl);
2051  }
2052  }
2053 
2054  pfree(old_rel_acl);
2055  pfree(col_privileges);
2056 
2057  ReleaseSysCache(tuple);
2058 
2059  /* prevent error when processing duplicate objects */
2061  }
2062 
2063  table_close(attRelation, RowExclusiveLock);
2064  table_close(relation, RowExclusiveLock);
2065 }
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
Definition: pg_shdepend.c:426
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
#define ACL_ALL_RIGHTS_COLUMN
Definition: acl.h:156
#define RelationGetDescr(relation)
Definition: rel.h:482
Oid GetUserId(void)
Definition: miscinit.c:476
#define PointerGetDatum(X)
Definition: postgres.h:556
static AclMode string_to_privilege(const char *privname)
Definition: aclchk.c:3216
int errcode(int sqlerrcode)
Definition: elog.c:610
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:741
#define MemSet(start, val, len)
Definition: c.h:949
#define FirstLowInvalidHeapAttributeNumber
Definition: sysattr.h:27
List * cols
Definition: parsenodes.h:1967
unsigned int Oid
Definition: postgres_ext.h:31
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
Definition: aclchk.c:152
uint32 AclMode
Definition: parsenodes.h:72
static void expand_col_privileges(List *colnames, Oid table_oid, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
Definition: aclchk.c:1509
void pfree(void *pointer)
Definition: mcxt.c:1057
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
#define ACL_NO_RIGHTS
Definition: parsenodes.h:88
ItemPointerData t_self
Definition: htup.h:65
#define RowExclusiveLock
Definition: lockdefs.h:38
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
Definition: aclchk.c:5877
static void expand_all_col_privileges(Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
Definition: aclchk.c:1542
static void ExecGrant_Attribute(InternalGrant *istmt, Oid relOid, const char *relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)
Definition: aclchk.c:1588
ObjectType
Definition: parsenodes.h:1694
#define WARNING
Definition: elog.h:40
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:1116
void * palloc0(Size size)
Definition: mcxt.c:981
uintptr_t Datum
Definition: postgres.h:367
void CommandCounterIncrement(void)
Definition: xact.c:1021
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1164
#define ACL_SELECT
Definition: parsenodes.h:75
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
Definition: syscache.c:1377
#define ACL_ALL_RIGHTS_SEQUENCE
Definition: acl.h:158
#define ereport(elevel,...)
Definition: elog.h:144
Acl * aclcopy(const Acl *orig_acl)
Definition: acl.c:400
int aclmembers(const Acl *acl, Oid **roleids)
Definition: acl.c:1465
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
#define lfirst(lc)
Definition: pg_list.h:169
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:301
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
Definition: acl.c:5100
static Datum values[MAXATTR]
Definition: bootstrap.c:165
FormData_pg_class * Form_pg_class
Definition: pg_class.h:153
int errmsg(const char *fmt,...)
Definition: elog.c:824
#define elog(elevel,...)
Definition: elog.h:214
int i
#define ACL_ALL_RIGHTS_RELATION
Definition: acl.h:157
#define NameStr(name)
Definition: c.h:622
static const char * privilege_to_string(AclMode privilege)
Definition: aclchk.c:3253
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
Definition: heaptuple.c:1113
int16 AttrNumber
Definition: attnum.h:21
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
Definition: aclchk.c:211
char * priv_name
Definition: parsenodes.h:1966
#define lfirst_oid(lc)
Definition: pg_list.h:171
#define DatumGetAclPCopy(X)
Definition: acl.h:121

◆ ExecGrant_Tablespace()

static void ExecGrant_Tablespace ( InternalGrant grantStmt)
static

Definition at line 2958 of file aclchk.c.

References ACL_ALL_RIGHTS_TABLESPACE, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_getattr, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, MemSet, merge_acl_with_grant(), NameStr, OBJECT_TABLESPACE, ObjectIdGetDatum, InternalGrant::objects, pfree(), PointerGetDatum, InternalGrant::privileges, RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), HeapTupleData::t_self, table_close(), table_open(), TABLESPACEOID, updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

2959 {
2960  Relation relation;
2961  ListCell *cell;
2962 
2963  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
2964  istmt->privileges = ACL_ALL_RIGHTS_TABLESPACE;
2965 
2966  relation = table_open(TableSpaceRelationId, RowExclusiveLock);
2967 
2968  foreach(cell, istmt->objects)
2969  {
2970  Oid tblId = lfirst_oid(cell);
2971  Form_pg_tablespace pg_tablespace_tuple;
2972  Datum aclDatum;
2973  bool isNull;
2974  AclMode avail_goptions;
2975  AclMode this_privileges;
2976  Acl *old_acl;
2977  Acl *new_acl;
2978  Oid grantorId;
2979  Oid ownerId;
2980  HeapTuple newtuple;
2981  Datum values[Natts_pg_tablespace];
2982  bool nulls[Natts_pg_tablespace];
2983  bool replaces[Natts_pg_tablespace];
2984  int noldmembers;
2985  int nnewmembers;
2986  Oid *oldmembers;
2987  Oid *newmembers;
2988  HeapTuple tuple;
2989 
2990  /* Search syscache for pg_tablespace */
2992  if (!HeapTupleIsValid(tuple))
2993  elog(ERROR, "cache lookup failed for tablespace %u", tblId);
2994 
2995  pg_tablespace_tuple = (Form_pg_tablespace) GETSTRUCT(tuple);
2996 
2997  /*
2998  * Get owner ID and working copy of existing ACL. If there's no ACL,
2999  * substitute the proper default.
3000  */
3001  ownerId = pg_tablespace_tuple->spcowner;
3002  aclDatum = heap_getattr(tuple, Anum_pg_tablespace_spcacl,
3003  RelationGetDescr(relation), &isNull);
3004  if (isNull)
3005  {
3006  old_acl = acldefault(OBJECT_TABLESPACE, ownerId);
3007  /* There are no old member roles according to the catalogs */
3008  noldmembers = 0;
3009  oldmembers = NULL;
3010  }
3011  else
3012  {
3013  old_acl = DatumGetAclPCopy(aclDatum);
3014  /* Get the roles mentioned in the existing ACL */
3015  noldmembers = aclmembers(old_acl, &oldmembers);
3016  }
3017 
3018  /* Determine ID to do the grant as, and available grant options */
3019  select_best_grantor(GetUserId(), istmt->privileges,
3020  old_acl, ownerId,
3021  &grantorId, &avail_goptions);
3022 
3023  /*
3024  * Restrict the privileges to what we can actually grant, and emit the
3025  * standards-mandated warning and error messages.
3026  */
3027  this_privileges =
3028  restrict_and_check_grant(istmt->is_grant, avail_goptions,
3029  istmt->all_privs, istmt->privileges,
3030  tblId, grantorId, OBJECT_TABLESPACE,
3031  NameStr(pg_tablespace_tuple->spcname),
3032  0, NULL);
3033 
3034  /*
3035  * Generate new ACL.
3036  */
3037  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
3038  istmt->grant_option, istmt->behavior,
3039  istmt->grantees, this_privileges,
3040  grantorId, ownerId);
3041 
3042  /*
3043  * We need the members of both old and new ACLs so we can correct the
3044  * shared dependency information.
3045  */
3046  nnewmembers = aclmembers(new_acl, &newmembers);
3047 
3048  /* finished building new ACL value, now insert it */
3049  MemSet(values, 0, sizeof(values));
3050  MemSet(nulls, false, sizeof(nulls));
3051  MemSet(replaces, false, sizeof(replaces));
3052 
3053  replaces[Anum_pg_tablespace_spcacl - 1] = true;
3054  values[Anum_pg_tablespace_spcacl - 1] = PointerGetDatum(new_acl);
3055 
3056  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
3057  nulls, replaces);
3058 
3059  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
3060 
3061  /* Update the shared dependency ACL info */
3062  updateAclDependencies(TableSpaceRelationId, tblId, 0,
3063  ownerId,
3064  noldmembers, oldmembers,
3065  nnewmembers, newmembers);
3066 
3067  ReleaseSysCache(tuple);
3068  pfree(new_acl);
3069 
3070  /* prevent error when processing duplicate objects */
3072  }
3073 
3074  table_close(relation, RowExclusiveLock);
3075 }
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
Definition: pg_shdepend.c:426
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
#define RelationGetDescr(relation)
Definition: rel.h:482
Oid GetUserId(void)
Definition: miscinit.c:476
#define PointerGetDatum(X)
Definition: postgres.h:556
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:741
#define MemSet(start, val, len)
Definition: c.h:949
#define ACL_ALL_RIGHTS_TABLESPACE
Definition: acl.h:166
unsigned int Oid
Definition: postgres_ext.h:31
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
Definition: aclchk.c:152
uint32 AclMode
Definition: parsenodes.h:72
void pfree(void *pointer)
Definition: mcxt.c:1057
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
#define ACL_NO_RIGHTS
Definition: parsenodes.h:88
ItemPointerData t_self
Definition: htup.h:65
#define RowExclusiveLock
Definition: lockdefs.h:38
FormData_pg_tablespace * Form_pg_tablespace
Definition: pg_tablespace.h:46
#define heap_getattr(tup, attnum, tupleDesc, isnull)
Definition: htup_details.h:762
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:1116
uintptr_t Datum
Definition: postgres.h:367
void CommandCounterIncrement(void)
Definition: xact.c:1021
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1164
int aclmembers(const Acl *acl, Oid **roleids)
Definition: acl.c:1465
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:301
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
Definition: acl.c:5100
static Datum values[MAXATTR]
Definition: bootstrap.c:165
#define elog(elevel,...)
Definition: elog.h:214
#define NameStr(name)
Definition: c.h:622
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
Definition: heaptuple.c:1113
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
Definition: aclchk.c:211
#define lfirst_oid(lc)
Definition: pg_list.h:171
#define DatumGetAclPCopy(X)
Definition: acl.h:121

◆ ExecGrant_Type()

static void ExecGrant_Type ( InternalGrant grantStmt)
static

Definition at line 3078 of file aclchk.c.

References ACL_ALL_RIGHTS_TYPE, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ereport, errcode(), errhint(), errmsg(), ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_getattr, heap_modify_tuple(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, MemSet, merge_acl_with_grant(), NameStr, OBJECT_DOMAIN, OBJECT_TYPE, ObjectIdGetDatum, InternalGrant::objects, InternalGrant::objtype, pfree(), PointerGetDatum, InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), HeapTupleData::t_self, table_close(), table_open(), TYPEOID, updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

3079 {
3080  Relation relation;
3081  ListCell *cell;
3082 
3083  if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
3084  istmt->privileges = ACL_ALL_RIGHTS_TYPE;
3085 
3086  relation = table_open(TypeRelationId, RowExclusiveLock);
3087 
3088  foreach(cell, istmt->objects)
3089  {
3090  Oid typId = lfirst_oid(cell);
3091  Form_pg_type pg_type_tuple;
3092  Datum aclDatum;
3093  bool isNull;
3094  AclMode avail_goptions;
3095  AclMode this_privileges;
3096  Acl *old_acl;
3097  Acl *new_acl;
3098  Oid grantorId;
3099  Oid ownerId;
3100  HeapTuple newtuple;
3101  Datum values[Natts_pg_type];
3102  bool nulls[Natts_pg_type];
3103  bool replaces[Natts_pg_type];
3104  int noldmembers;
3105  int nnewmembers;
3106  Oid *oldmembers;
3107  Oid *newmembers;
3108  HeapTuple tuple;
3109 
3110  /* Search syscache for pg_type */
3111  tuple = SearchSysCache1(TYPEOID, ObjectIdGetDatum(typId));
3112  if (!HeapTupleIsValid(tuple))
3113  elog(ERROR, "cache lookup failed for type %u", typId);
3114 
3115  pg_type_tuple = (Form_pg_type) GETSTRUCT(tuple);
3116 
3117  if (pg_type_tuple->typelem != 0 && pg_type_tuple->typlen == -1)
3118  ereport(ERROR,
3119  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
3120  errmsg("cannot set privileges of array types"),
3121  errhint("Set the privileges of the element type instead.")));
3122 
3123  /* Used GRANT DOMAIN on a non-domain? */
3124  if (istmt->objtype == OBJECT_DOMAIN &&
3125  pg_type_tuple->typtype != TYPTYPE_DOMAIN)
3126  ereport(ERROR,
3127  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
3128  errmsg("\"%s\" is not a domain",
3129  NameStr(pg_type_tuple->typname))));
3130 
3131  /*
3132  * Get owner ID and working copy of existing ACL. If there's no ACL,
3133  * substitute the proper default.
3134  */
3135  ownerId = pg_type_tuple->typowner;
3136  aclDatum = heap_getattr(tuple, Anum_pg_type_typacl,
3137  RelationGetDescr(relation), &isNull);
3138  if (isNull)
3139  {
3140  old_acl = acldefault(istmt->objtype, ownerId);
3141  /* There are no old member roles according to the catalogs */
3142  noldmembers = 0;
3143  oldmembers = NULL;
3144  }
3145  else
3146  {
3147  old_acl = DatumGetAclPCopy(aclDatum);
3148  /* Get the roles mentioned in the existing ACL */
3149  noldmembers = aclmembers(old_acl, &oldmembers);
3150  }
3151 
3152  /* Determine ID to do the grant as, and available grant options */
3153  select_best_grantor(GetUserId(), istmt->privileges,
3154  old_acl, ownerId,
3155  &grantorId, &avail_goptions);
3156 
3157  /*
3158  * Restrict the privileges to what we can actually grant, and emit the
3159  * standards-mandated warning and error messages.
3160  */
3161  this_privileges =
3162  restrict_and_check_grant(istmt->is_grant, avail_goptions,
3163  istmt->all_privs, istmt->privileges,
3164  typId, grantorId, OBJECT_TYPE,
3165  NameStr(pg_type_tuple->typname),
3166  0, NULL);
3167 
3168  /*
3169  * Generate new ACL.
3170  */
3171  new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
3172  istmt->grant_option, istmt->behavior,
3173  istmt->grantees, this_privileges,
3174  grantorId, ownerId);
3175 
3176  /*
3177  * We need the members of both old and new ACLs so we can correct the
3178  * shared dependency information.
3179  */
3180  nnewmembers = aclmembers(new_acl, &newmembers);
3181 
3182  /* finished building new ACL value, now insert it */
3183  MemSet(values, 0, sizeof(values));
3184  MemSet(nulls, false, sizeof(nulls));
3185  MemSet(replaces, false, sizeof(replaces));
3186 
3187  replaces[Anum_pg_type_typacl - 1] = true;
3188  values[Anum_pg_type_typacl - 1] = PointerGetDatum(new_acl);
3189 
3190  newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
3191  nulls, replaces);
3192 
3193  CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
3194 
3195  /* Update initial privileges for extensions */
3196  recordExtensionInitPriv(typId, TypeRelationId, 0, new_acl);
3197 
3198  /* Update the shared dependency ACL info */
3199  updateAclDependencies(TypeRelationId, typId, 0,
3200  ownerId,
3201  noldmembers, oldmembers,
3202  nnewmembers, newmembers);
3203 
3204  ReleaseSysCache(tuple);
3205  pfree(new_acl);
3206 
3207  /* prevent error when processing duplicate objects */
3209  }
3210 
3211  table_close(relation, RowExclusiveLock);
3212 }
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
Definition: pg_shdepend.c:426
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
int errhint(const char *fmt,...)
Definition: elog.c:1071
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
#define RelationGetDescr(relation)
Definition: rel.h:482
Oid GetUserId(void)
Definition: miscinit.c:476
#define PointerGetDatum(X)
Definition: postgres.h:556
int errcode(int sqlerrcode)
Definition: elog.c:610
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:741
#define MemSet(start, val, len)
Definition: c.h:949
unsigned int Oid
Definition: postgres_ext.h:31
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
Definition: aclchk.c:152
uint32 AclMode
Definition: parsenodes.h:72
void pfree(void *pointer)
Definition: mcxt.c:1057
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
#define ACL_NO_RIGHTS
Definition: parsenodes.h:88
ItemPointerData t_self
Definition: htup.h:65
#define RowExclusiveLock
Definition: lockdefs.h:38
#define ACL_ALL_RIGHTS_TYPE
Definition: acl.h:167
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
Definition: aclchk.c:5877
#define heap_getattr(tup, attnum, tupleDesc, isnull)
Definition: htup_details.h:762
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:1116
uintptr_t Datum
Definition: postgres.h:367
void CommandCounterIncrement(void)
Definition: xact.c:1021
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1164
#define ereport(elevel,...)
Definition: elog.h:144
int aclmembers(const Acl *acl, Oid **roleids)
Definition: acl.c:1465
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:301
FormData_pg_type * Form_pg_type
Definition: pg_type.h:255
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
Definition: acl.c:5100
static Datum values[MAXATTR]
Definition: bootstrap.c:165
int errmsg(const char *fmt,...)
Definition: elog.c:824
#define elog(elevel,...)
Definition: elog.h:214
#define NameStr(name)
Definition: c.h:622
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
Definition: heaptuple.c:1113
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
Definition: aclchk.c:211
#define lfirst_oid(lc)
Definition: pg_list.h:171
#define DatumGetAclPCopy(X)
Definition: acl.h:121

◆ ExecGrantStmt_oids()

static void ExecGrantStmt_oids ( InternalGrant istmt)
static

Definition at line 548 of file aclchk.c.

References elog, ERROR, EventTriggerCollectGrant(), EventTriggerSupportsObjectType(), ExecGrant_Database(), ExecGrant_Fdw(), ExecGrant_ForeignServer(), ExecGrant_Function(), ExecGrant_Language(), ExecGrant_Largeobject(), ExecGrant_Namespace(), ExecGrant_Relation(), ExecGrant_Tablespace(), ExecGrant_Type(), OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, and InternalGrant::objtype.

Referenced by ExecuteGrantStmt(), and RemoveRoleFromObjectACL().

549 {
550  switch (istmt->objtype)
551  {
552  case OBJECT_TABLE:
553  case OBJECT_SEQUENCE:
554  ExecGrant_Relation(istmt);
555  break;
556  case OBJECT_DATABASE:
557  ExecGrant_Database(istmt);
558  break;
559  case OBJECT_DOMAIN:
560  case OBJECT_TYPE:
561  ExecGrant_Type(istmt);
562  break;
563  case OBJECT_FDW:
564  ExecGrant_Fdw(istmt);
565  break;
568  break;
569  case OBJECT_FUNCTION:
570  case OBJECT_PROCEDURE:
571  case OBJECT_ROUTINE:
572  ExecGrant_Function(istmt);
573  break;
574  case OBJECT_LANGUAGE:
575  ExecGrant_Language(istmt);
576  break;
577  case OBJECT_LARGEOBJECT:
578  ExecGrant_Largeobject(istmt);
579  break;
580  case OBJECT_SCHEMA:
581  ExecGrant_Namespace(istmt);
582  break;
583  case OBJECT_TABLESPACE:
584  ExecGrant_Tablespace(istmt);
585  break;
586  default:
587  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
588  (int) istmt->objtype);
589  }
590 
591  /*
592  * Pass the info to event triggers about the just-executed GRANT. Note
593  * that we prefer to do it after actually executing it, because that gives
594  * the functions a chance to adjust the istmt with privileges actually
595  * granted.
596  */
599 }
static void ExecGrant_Language(InternalGrant *grantStmt)
Definition: aclchk.c:2563
static void ExecGrant_Function(InternalGrant *grantStmt)
Definition: aclchk.c:2440
static void ExecGrant_Tablespace(InternalGrant *grantStmt)
Definition: aclchk.c:2958
static void ExecGrant_Namespace(InternalGrant *grantStmt)
Definition: aclchk.c:2834
static void ExecGrant_Type(InternalGrant *grantStmt)
Definition: aclchk.c:3078
static void ExecGrant_Database(InternalGrant *grantStmt)
Definition: aclchk.c:2068
#define ERROR
Definition: elog.h:43
static void ExecGrant_Fdw(InternalGrant *grantStmt)
Definition: aclchk.c:2188
static void ExecGrant_Largeobject(InternalGrant *grantStmt)
Definition: aclchk.c:2694
static void ExecGrant_Relation(InternalGrant *grantStmt)
Definition: aclchk.c:1736
bool EventTriggerSupportsObjectType(ObjectType obtype)
ObjectType objtype
#define elog(elevel,...)
Definition: elog.h:214
void EventTriggerCollectGrant(InternalGrant *istmt)
static void ExecGrant_ForeignServer(InternalGrant *grantStmt)
Definition: aclchk.c:2315

◆ ExecuteGrantStmt()

void ExecuteGrantStmt ( GrantStmt stmt)

Definition at line 359 of file aclchk.c.

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_LARGEOBJECT, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, ACL_TARGET_ALL_IN_SCHEMA, ACL_TARGET_OBJECT, InternalGrant::all_privs, InternalGrant::behavior, GrantStmt::behavior, InternalGrant::col_privs, AccessPriv::cols, elog, ereport, errcode(), errmsg(), ERROR, ExecGrantStmt_oids(), get_rolespec_oid(), gettext_noop, InternalGrant::grant_option, GrantStmt::grant_option, InternalGrant::grantees, GrantStmt::grantees, InternalGrant::is_grant, GrantStmt::is_grant, lappend(), lappend_oid(), lfirst, NIL, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, objectNamesToOids(), InternalGrant::objects, GrantStmt::objects, objectsInSchemaToOids(), InternalGrant::objtype, GrantStmt::objtype, AccessPriv::priv_name, privilege_to_string(), InternalGrant::privileges, GrantStmt::privileges, ROLESPEC_PUBLIC, RoleSpec::roletype, string_to_privilege(), and GrantStmt::targtype.

Referenced by ProcessUtilitySlow(), and standard_ProcessUtility().

360 {
361  InternalGrant istmt;
362  ListCell *cell;
363  const char *errormsg;
364  AclMode all_privileges;
365 
366  /*
367  * Turn the regular GrantStmt into the InternalGrant form.
368  */
369  istmt.is_grant = stmt->is_grant;
370  istmt.objtype = stmt->objtype;
371 
372  /* Collect the OIDs of the target objects */
373  switch (stmt->targtype)
374  {
375  case ACL_TARGET_OBJECT:
376  istmt.objects = objectNamesToOids(stmt->objtype, stmt->objects);
377  break;
379  istmt.objects = objectsInSchemaToOids(stmt->objtype, stmt->objects);
380  break;
381  /* ACL_TARGET_DEFAULTS should not be seen here */
382  default:
383  elog(ERROR, "unrecognized GrantStmt.targtype: %d",
384  (int) stmt->targtype);
385  }
386 
387  /* all_privs to be filled below */
388  /* privileges to be filled below */
389  istmt.col_privs = NIL; /* may get filled below */
390  istmt.grantees = NIL; /* filled below */
391  istmt.grant_option = stmt->grant_option;
392  istmt.behavior = stmt->behavior;
393 
394  /*
395  * Convert the RoleSpec list into an Oid list. Note that at this point we
396  * insert an ACL_ID_PUBLIC into the list if appropriate, so downstream
397  * there shouldn't be any additional work needed to support this case.
398  */
399  foreach(cell, stmt->grantees)
400  {
401  RoleSpec *grantee = (RoleSpec *) lfirst(cell);
402  Oid grantee_uid;
403 
404  switch (grantee->roletype)
405  {
406  case ROLESPEC_PUBLIC:
407  grantee_uid = ACL_ID_PUBLIC;
408  break;
409  default:
410  grantee_uid = get_rolespec_oid(grantee, false);
411  break;
412  }
413  istmt.grantees = lappend_oid(istmt.grantees, grantee_uid);
414  }
415 
416  /*
417  * Convert stmt->privileges, a list of AccessPriv nodes, into an AclMode
418  * bitmask. Note: objtype can't be OBJECT_COLUMN.
419  */
420  switch (stmt->objtype)
421  {
422  case OBJECT_TABLE:
423 
424  /*
425  * Because this might be a sequence, we test both relation and
426  * sequence bits, and later do a more limited test when we know
427  * the object type.
428  */
430  errormsg = gettext_noop("invalid privilege type %s for relation");
431  break;
432  case OBJECT_SEQUENCE:
433  all_privileges = ACL_ALL_RIGHTS_SEQUENCE;
434  errormsg = gettext_noop("invalid privilege type %s for sequence");
435  break;
436  case OBJECT_DATABASE:
437  all_privileges = ACL_ALL_RIGHTS_DATABASE;
438  errormsg = gettext_noop("invalid privilege type %s for database");
439  break;
440  case OBJECT_DOMAIN:
441  all_privileges = ACL_ALL_RIGHTS_TYPE;
442  errormsg = gettext_noop("invalid privilege type %s for domain");
443  break;
444  case OBJECT_FUNCTION:
445  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
446  errormsg = gettext_noop("invalid privilege type %s for function");
447  break;
448  case OBJECT_LANGUAGE:
449  all_privileges = ACL_ALL_RIGHTS_LANGUAGE;
450  errormsg = gettext_noop("invalid privilege type %s for language");
451  break;
452  case OBJECT_LARGEOBJECT:
453  all_privileges = ACL_ALL_RIGHTS_LARGEOBJECT;
454  errormsg = gettext_noop("invalid privilege type %s for large object");
455  break;
456  case OBJECT_SCHEMA:
457  all_privileges = ACL_ALL_RIGHTS_SCHEMA;
458  errormsg = gettext_noop("invalid privilege type %s for schema");
459  break;
460  case OBJECT_PROCEDURE:
461  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
462  errormsg = gettext_noop("invalid privilege type %s for procedure");
463  break;
464  case OBJECT_ROUTINE:
465  all_privileges = ACL_ALL_RIGHTS_FUNCTION;
466  errormsg = gettext_noop("invalid privilege type %s for routine");
467  break;
468  case OBJECT_TABLESPACE:
469  all_privileges = ACL_ALL_RIGHTS_TABLESPACE;
470  errormsg = gettext_noop("invalid privilege type %s for tablespace");
471  break;
472  case OBJECT_TYPE:
473  all_privileges = ACL_ALL_RIGHTS_TYPE;
474  errormsg = gettext_noop("invalid privilege type %s for type");
475  break;
476  case OBJECT_FDW:
477  all_privileges = ACL_ALL_RIGHTS_FDW;
478  errormsg = gettext_noop("invalid privilege type %s for foreign-data wrapper");
479  break;
481  all_privileges = ACL_ALL_RIGHTS_FOREIGN_SERVER;
482  errormsg = gettext_noop("invalid privilege type %s for foreign server");
483  break;
484  default:
485  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
486  (int) stmt->objtype);
487  /* keep compiler quiet */
488  all_privileges = ACL_NO_RIGHTS;
489  errormsg = NULL;
490  }
491 
492  if (stmt->privileges == NIL)
493  {
494  istmt.all_privs = true;
495 
496  /*
497  * will be turned into ACL_ALL_RIGHTS_* by the internal routines
498  * depending on the object type
499  */
500  istmt.privileges = ACL_NO_RIGHTS;
501  }
502  else
503  {
504  istmt.all_privs = false;
505  istmt.privileges = ACL_NO_RIGHTS;
506 
507  foreach(cell, stmt->privileges)
508  {
509  AccessPriv *privnode = (AccessPriv *) lfirst(cell);
510  AclMode priv;
511 
512  /*
513  * If it's a column-level specification, we just set it aside in
514  * col_privs for the moment; but insist it's for a relation.
515  */
516  if (privnode->cols)
517  {
518  if (stmt->objtype != OBJECT_TABLE)
519  ereport(ERROR,
520  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
521  errmsg("column privileges are only valid for relations")));
522  istmt.col_privs = lappend(istmt.col_privs, privnode);
523  continue;
524  }
525 
526  if (privnode->priv_name == NULL) /* parser mistake? */
527  elog(ERROR, "AccessPriv node must specify privilege or columns");
528  priv = string_to_privilege(privnode->priv_name);
529 
530  if (priv & ~((AclMode) all_privileges))
531  ereport(ERROR,
532  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
533  errmsg(errormsg, privilege_to_string(priv))));
534 
535  istmt.privileges |= priv;
536  }
537  }
538 
539  ExecGrantStmt_oids(&istmt);
540 }
#define NIL
Definition: pg_list.h:65
#define ACL_ALL_RIGHTS_FUNCTION
Definition: acl.h:162
static AclMode string_to_privilege(const char *privname)
Definition: aclchk.c:3216
AclMode privileges
bool grant_option
Definition: parsenodes.h:1937
#define gettext_noop(x)
Definition: c.h:1137
int errcode(int sqlerrcode)
Definition: elog.c:610
#define ACL_ALL_RIGHTS_TABLESPACE
Definition: acl.h:166
List * cols
Definition: parsenodes.h:1967
unsigned int Oid
Definition: postgres_ext.h:31
List * lappend_oid(List *list, Oid datum)
Definition: list.c:357
#define ACL_ALL_RIGHTS_LANGUAGE
Definition: acl.h:163
uint32 AclMode
Definition: parsenodes.h:72
#define ERROR
Definition: elog.h:43
#define ACL_NO_RIGHTS
Definition: parsenodes.h:88
#define ACL_ALL_RIGHTS_SCHEMA
Definition: acl.h:165
#define ACL_ALL_RIGHTS_TYPE
Definition: acl.h:167
List * lappend(List *list, void *datum)
Definition: list.c:321
bool is_grant
Definition: parsenodes.h:1929
static void ExecGrantStmt_oids(InternalGrant *istmt)
Definition: aclchk.c:548
static List * objectNamesToOids(ObjectType objtype, List *objnames)
Definition: aclchk.c:612
RoleSpecType roletype
Definition: parsenodes.h:330
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
Definition: acl.c:5209
#define ACL_ALL_RIGHTS_SEQUENCE
Definition: acl.h:158
List * privileges
Definition: parsenodes.h:1934
static List * objectsInSchemaToOids(ObjectType objtype, List *nspnames)
Definition: aclchk.c:761
#define ereport(elevel,...)
Definition: elog.h:144
#define ACL_ALL_RIGHTS_LARGEOBJECT
Definition: acl.h:164
DropBehavior behavior
DropBehavior behavior
Definition: parsenodes.h:1938
#define lfirst(lc)
Definition: pg_list.h:169
List * objects
Definition: parsenodes.h:1932
ObjectType objtype
#define ACL_ALL_RIGHTS_DATABASE
Definition: acl.h:159
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
Definition: acl.h:161
int errmsg(const char *fmt,...)
Definition: elog.c:824
#define elog(elevel,...)
Definition: elog.h:214
#define ACL_ALL_RIGHTS_RELATION
Definition: acl.h:157
ObjectType objtype
Definition: parsenodes.h:1931
#define ACL_ID_PUBLIC
Definition: acl.h:46
#define ACL_ALL_RIGHTS_FDW
Definition: acl.h:160
static const char * privilege_to_string(AclMode privilege)
Definition: aclchk.c:3253
List * grantees
Definition: parsenodes.h:1936
GrantTargetType targtype
Definition: parsenodes.h:1930
char * priv_name
Definition: parsenodes.h:1966

◆ expand_all_col_privileges()

static void expand_all_col_privileges ( Oid  table_oid,
Form_pg_class  classForm,
AclMode  this_privileges,
AclMode col_privileges,
int  num_col_privileges 
)
static

Definition at line 1542 of file aclchk.c.

References Assert, ATTNUM, elog, ERROR, FirstLowInvalidHeapAttributeNumber, GETSTRUCT, HeapTupleIsValid, Int16GetDatum, InvalidAttrNumber, ObjectIdGetDatum, ReleaseSysCache(), and SearchSysCache2().

Referenced by ExecGrant_Relation().

1546 {
1547  AttrNumber curr_att;
1548 
1549  Assert(classForm->relnatts - FirstLowInvalidHeapAttributeNumber < num_col_privileges);
1550  for (curr_att = FirstLowInvalidHeapAttributeNumber + 1;
1551  curr_att <= classForm->relnatts;
1552  curr_att++)
1553  {
1554  HeapTuple attTuple;
1555  bool isdropped;
1556 
1557  if (curr_att == InvalidAttrNumber)
1558  continue;
1559 
1560  /* Views don't have any system columns at all */
1561  if (classForm->relkind == RELKIND_VIEW && curr_att < 0)
1562  continue;
1563 
1564  attTuple = SearchSysCache2(ATTNUM,
1565  ObjectIdGetDatum(table_oid),
1566  Int16GetDatum(curr_att));
1567  if (!HeapTupleIsValid(attTuple))
1568  elog(ERROR, "cache lookup failed for attribute %d of relation %u",
1569  curr_att, table_oid);
1570 
1571  isdropped = ((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped;
1572 
1573  ReleaseSysCache(attTuple);
1574 
1575  /* ignore dropped columns */
1576  if (isdropped)
1577  continue;
1578 
1579  col_privileges[curr_att - FirstLowInvalidHeapAttributeNumber] |= this_privileges;
1580  }
1581 }
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
#define Int16GetDatum(X)
Definition: postgres.h:451
#define FirstLowInvalidHeapAttributeNumber
Definition: sysattr.h:27
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
FormData_pg_attribute * Form_pg_attribute
Definition: pg_attribute.h:193
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1164
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
#define Assert(condition)
Definition: c.h:745
HeapTuple SearchSysCache2(int cacheId, Datum key1, Datum key2)
Definition: syscache.c:1127
#define InvalidAttrNumber
Definition: attnum.h:23
#define elog(elevel,...)
Definition: elog.h:214
int16 AttrNumber
Definition: attnum.h:21

◆ expand_col_privileges()

static void expand_col_privileges ( List colnames,
Oid  table_oid,
AclMode  this_privileges,
AclMode col_privileges,
int  num_col_privileges 
)
static

Definition at line 1509 of file aclchk.c.

References attnum, elog, ereport, errcode(), errmsg(), ERROR, FirstLowInvalidHeapAttributeNumber, get_attnum(), get_rel_name(), InvalidAttrNumber, lfirst, and strVal.

Referenced by ExecGrant_Relation().

1513 {
1514  ListCell *cell;
1515 
1516  foreach(cell, colnames)
1517  {
1518  char *colname = strVal(lfirst(cell));
1520 
1521  attnum = get_attnum(table_oid, colname);
1522  if (attnum == InvalidAttrNumber)
1523  ereport(ERROR,
1524  (errcode(ERRCODE_UNDEFINED_COLUMN),
1525  errmsg("column \"%s\" of relation \"%s\" does not exist",
1526  colname, get_rel_name(table_oid))));
1528  if (attnum <= 0 || attnum >= num_col_privileges)
1529  elog(ERROR, "column number out of range"); /* safety check */
1530  col_privileges[attnum] |= this_privileges;
1531  }
1532 }
#define strVal(v)
Definition: value.h:54
int errcode(int sqlerrcode)
Definition: elog.c:610
#define FirstLowInvalidHeapAttributeNumber
Definition: sysattr.h:27
#define ERROR
Definition: elog.h:43
AttrNumber get_attnum(Oid relid, const char *attname)
Definition: lsyscache.c:856
int16 attnum
Definition: pg_attribute.h:79
#define ereport(elevel,...)
Definition: elog.h:144
#define lfirst(lc)
Definition: pg_list.h:169
#define InvalidAttrNumber
Definition: attnum.h:23
int errmsg(const char *fmt,...)
Definition: elog.c:824
#define elog(elevel,...)
Definition: elog.h:214
char * get_rel_name(Oid relid)
Definition: lsyscache.c:1840
int16 AttrNumber
Definition: attnum.h:21

◆ get_default_acl_internal()

static Acl* get_default_acl_internal ( Oid  roleId,
Oid  nsp_oid,
char  objtype 
)
static

Definition at line 5355 of file aclchk.c.

References CharGetDatum, DatumGetAclPCopy, DEFACLROLENSPOBJ, HeapTupleIsValid, ObjectIdGetDatum, ReleaseSysCache(), SearchSysCache3(), and SysCacheGetAttr().

Referenced by get_user_default_acl().

5356 {
5357  Acl *result = NULL;
5358  HeapTuple tuple;
5359 
5361  ObjectIdGetDatum(roleId),
5362  ObjectIdGetDatum(nsp_oid),
5363  CharGetDatum(objtype));
5364 
5365  if (HeapTupleIsValid(tuple))
5366  {
5367  Datum aclDatum;
5368  bool isNull;
5369 
5370  aclDatum = SysCacheGetAttr(DEFACLROLENSPOBJ, tuple,
5371  Anum_pg_default_acl_defaclacl,
5372  &isNull);
5373  if (!isNull)
5374  result = DatumGetAclPCopy(aclDatum);
5375  ReleaseSysCache(tuple);
5376  }
5377 
5378  return result;
5379 }
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
HeapTuple SearchSysCache3(int cacheId, Datum key1, Datum key2, Datum key3)
Definition: syscache.c:1138
uintptr_t Datum
Definition: postgres.h:367
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1164
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
Definition: syscache.c:1377
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
#define CharGetDatum(X)
Definition: postgres.h:416
#define DatumGetAclPCopy(X)
Definition: acl.h:121

◆ get_user_default_acl()

Acl* get_user_default_acl ( ObjectType  objtype,
Oid  ownerId,
Oid  nsp_oid 
)

Definition at line 5390 of file aclchk.c.

References acldefault(), aclequal(), aclitemsort(), aclmerge(), get_default_acl_internal(), InvalidOid, IsBootstrapProcessingMode, OBJECT_FUNCTION, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, and OBJECT_TYPE.

Referenced by heap_create_with_catalog(), NamespaceCreate(), ProcedureCreate(), and TypeCreate().

5391 {
5392  Acl *result;
5393  Acl *glob_acl;
5394  Acl *schema_acl;
5395  Acl *def_acl;
5396  char defaclobjtype;
5397 
5398  /*
5399  * Use NULL during bootstrap, since pg_default_acl probably isn't there
5400  * yet.
5401  */
5403  return NULL;
5404 
5405  /* Check if object type is supported in pg_default_acl */
5406  switch (objtype)
5407  {
5408  case OBJECT_TABLE:
5409  defaclobjtype = DEFACLOBJ_RELATION;
5410  break;
5411 
5412  case OBJECT_SEQUENCE:
5413  defaclobjtype = DEFACLOBJ_SEQUENCE;
5414  break;
5415 
5416  case OBJECT_FUNCTION:
5417  defaclobjtype = DEFACLOBJ_FUNCTION;
5418  break;
5419 
5420  case OBJECT_TYPE:
5421  defaclobjtype = DEFACLOBJ_TYPE;
5422  break;
5423 
5424  case OBJECT_SCHEMA:
5425  defaclobjtype = DEFACLOBJ_NAMESPACE;
5426  break;
5427 
5428  default:
5429  return NULL;
5430  }
5431 
5432  /* Look up the relevant pg_default_acl entries */
5433  glob_acl = get_default_acl_internal(ownerId, InvalidOid, defaclobjtype);
5434  schema_acl = get_default_acl_internal(ownerId, nsp_oid, defaclobjtype);
5435 
5436  /* Quick out if neither entry exists */
5437  if (glob_acl == NULL && schema_acl == NULL)
5438  return NULL;
5439 
5440  /* We need to know the hard-wired default value, too */
5441  def_acl = acldefault(objtype, ownerId);
5442 
5443  /* If there's no global entry, substitute the hard-wired default */
5444  if (glob_acl == NULL)
5445  glob_acl = def_acl;
5446 
5447  /* Merge in any per-schema privileges */
5448  result = aclmerge(glob_acl, schema_acl, ownerId);
5449 
5450  /*
5451  * For efficiency, we want to return NULL if the result equals default.
5452  * This requires sorting both arrays to get an accurate comparison.
5453  */
5454  aclitemsort(result);
5455  aclitemsort(def_acl);
5456  if (aclequal(result, def_acl))
5457  result = NULL;
5458 
5459  return result;
5460 }
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:741
static Acl * get_default_acl_internal(Oid roleId, Oid nsp_oid, char objtype)
Definition: aclchk.c:5355
bool aclequal(const Acl *left_acl, const Acl *right_acl)
Definition: acl.c:502
#define InvalidOid
Definition: postgres_ext.h:36
Acl * aclmerge(const Acl *left_acl, const Acl *right_acl, Oid ownerId)
Definition: acl.c:444
void aclitemsort(Acl *acl)
Definition: acl.c:488
#define IsBootstrapProcessingMode()
Definition: miscadmin.h:393

◆ getRelationsInNamespace()

static List * getRelationsInNamespace ( Oid  namespaceId,
char  relkind 
)
static

Definition at line 850 of file aclchk.c.

References AccessShareLock, BTEqualStrategyNumber, CharGetDatum, ForwardScanDirection, GETSTRUCT, heap_getnext(), sort-test::key, lappend_oid(), NIL, ObjectIdGetDatum, ScanKeyInit(), table_beginscan_catalog(), table_close(), table_endscan(), and table_open().

Referenced by objectsInSchemaToOids().

851 {
852  List *relations = NIL;
853  ScanKeyData key[2];
854  Relation rel;
855  TableScanDesc scan;
856  HeapTuple tuple;
857 
858  ScanKeyInit(&key[0],
859  Anum_pg_class_relnamespace,
860  BTEqualStrategyNumber, F_OIDEQ,
861  ObjectIdGetDatum(namespaceId));
862  ScanKeyInit(&key[1],
863  Anum_pg_class_relkind,
864  BTEqualStrategyNumber, F_CHAREQ,
865  CharGetDatum(relkind));
866 
867  rel = table_open(RelationRelationId, AccessShareLock);
868  scan = table_beginscan_catalog(rel, 2, key);
869 
870  while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
871  {
872  Oid oid = ((Form_pg_class) GETSTRUCT(tuple))->oid;
873 
874  relations = lappend_oid(relations, oid);
875  }
876 
877  table_endscan(scan);
879 
880  return relations;
881 }
#define NIL
Definition: pg_list.h:65
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
TableScanDesc table_beginscan_catalog(Relation relation, int nkeys, struct ScanKeyData *key)
Definition: tableam.c:112
#define AccessShareLock
Definition: lockdefs.h:36
unsigned int Oid
Definition: postgres_ext.h:31
List * lappend_oid(List *list, Oid datum)
Definition: list.c:357
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
HeapTuple heap_getnext(TableScanDesc sscan, ScanDirection direction)
Definition: heapam.c:1286
#define CharGetDatum(X)
Definition: postgres.h:416
static void table_endscan(TableScanDesc scan)
Definition: tableam.h:863
FormData_pg_class * Form_pg_class
Definition: pg_class.h:153
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
Definition: pg_list.h:50
#define BTEqualStrategyNumber
Definition: stratnum.h:31

◆ has_bypassrls_privilege()

bool has_bypassrls_privilege ( Oid  roleid)

Definition at line 5331 of file aclchk.c.

References AUTHOID, GETSTRUCT, HeapTupleIsValid, ObjectIdGetDatum, ReleaseSysCache(), rolbypassrls, SearchSysCache1(), and superuser_arg().

Referenced by check_enable_rls(), and RI_Initial_Check().

5332 {
5333  bool result = false;
5334  HeapTuple utup;
5335 
5336  /* Superusers bypass all permission checking. */
5337  if (superuser_arg(roleid))
5338  return true;
5339 
5340  utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
5341  if (HeapTupleIsValid(utup))
5342  {
5343  result = ((Form_pg_authid) GETSTRUCT(utup))->rolbypassrls;
5344  ReleaseSysCache(utup);
5345  }
5346  return result;
5347 }
bool rolbypassrls
Definition: pg_authid.h:41
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
FormData_pg_authid * Form_pg_authid
Definition: pg_authid.h:56
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
bool superuser_arg(Oid roleid)
Definition: superuser.c:56
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:1116
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1164
#define HeapTupleIsValid(tuple)
Definition: htup.h:78

◆ has_createrole_privilege()

bool has_createrole_privilege ( Oid  roleid)

Definition at line 5312 of file aclchk.c.

References AUTHOID, GETSTRUCT, HeapTupleIsValid, ObjectIdGetDatum, ReleaseSysCache(), rolcreaterole, SearchSysCache1(), and superuser_arg().

Referenced by check_object_ownership(), and have_createrole_privilege().

5313 {
5314  bool result = false;
5315  HeapTuple utup;
5316 
5317  /* Superusers bypass all permission checking. */
5318  if (superuser_arg(roleid))
5319  return true;
5320 
5321  utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
5322  if (HeapTupleIsValid(utup))
5323  {
5324  result = ((Form_pg_authid) GETSTRUCT(utup))->rolcreaterole;
5325  ReleaseSysCache(utup);
5326  }
5327  return result;
5328 }
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
FormData_pg_authid * Form_pg_authid
Definition: pg_authid.h:56
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
bool rolcreaterole
Definition: pg_authid.h:37
bool superuser_arg(Oid roleid)
Definition: superuser.c:56
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:1116
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1164
#define HeapTupleIsValid(tuple)
Definition: htup.h:78

◆ merge_acl_with_grant()

static Acl* merge_acl_with_grant ( Acl old_acl,
bool  is_grant,
bool  grant_option,
DropBehavior  behavior,
List grantees,
AclMode  privileges,
Oid  grantorId,
Oid  ownerId 
)
static

Definition at line 152 of file aclchk.c.

References ACL_ID_PUBLIC, ACL_MODECHG_ADD, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACLITEM_SET_PRIVS_GOPTIONS, aclupdate(), AclItem::ai_grantee, AclItem::ai_grantor, ereport, errcode(), errmsg(), ERROR, lfirst_oid, and pfree().

Referenced by ExecGrant_Attribute(), ExecGrant_Database(), ExecGrant_Fdw(), ExecGrant_ForeignServer(), ExecGrant_Function(), ExecGrant_Language(), ExecGrant_Largeobject(), ExecGrant_Namespace(), ExecGrant_Relation(), ExecGrant_Tablespace(), ExecGrant_Type(), and SetDefaultACL().

156 {
157  unsigned modechg;
158  ListCell *j;
159  Acl *new_acl;
160 
161  modechg = is_grant ? ACL_MODECHG_ADD : ACL_MODECHG_DEL;
162 
163  new_acl = old_acl;
164 
165  foreach(j, grantees)
166  {
167  AclItem aclitem;
168  Acl *newer_acl;
169 
170  aclitem.ai_grantee = lfirst_oid(j);
171 
172  /*
173  * Grant options can only be granted to individual roles, not PUBLIC.
174  * The reason is that if a user would re-grant a privilege that he
175  * held through PUBLIC, and later the user is removed, the situation
176  * is impossible to clean up.
177  */
178  if (is_grant && grant_option && aclitem.ai_grantee == ACL_ID_PUBLIC)
179  ereport(ERROR,
180  (errcode(ERRCODE_INVALID_GRANT_OPERATION),
181  errmsg("grant options can only be granted to roles")));
182 
183  aclitem.ai_grantor = grantorId;
184 
185  /*
186  * The asymmetry in the conditions here comes from the spec. In
187  * GRANT, the grant_option flag signals WITH GRANT OPTION, which means
188  * to grant both the basic privilege and its grant option. But in
189  * REVOKE, plain revoke revokes both the basic privilege and its grant
190  * option, while REVOKE GRANT OPTION revokes only the option.
191  */
193  (is_grant || !grant_option) ? privileges : ACL_NO_RIGHTS,
194  (!is_grant || grant_option) ? privileges : ACL_NO_RIGHTS);
195 
196  newer_acl = aclupdate(new_acl, &aclitem, modechg, ownerId, behavior);
197 
198  /* avoid memory leak when there are many grantees */
199  pfree(new_acl);
200  new_acl = newer_acl;
201  }
202 
203  return new_acl;
204 }
Oid ai_grantee
Definition: acl.h:56
#define ACL_MODECHG_DEL
Definition: acl.h:130
int errcode(int sqlerrcode)
Definition: elog.c:610
Oid ai_grantor
Definition: acl.h:57
void pfree(void *pointer)
Definition: mcxt.c:1057
#define ERROR
Definition: elog.h:43
#define ACL_NO_RIGHTS
Definition: parsenodes.h:88
#define ACL_MODECHG_ADD
Definition: acl.h:129
#define ereport(elevel,...)
Definition: elog.h:144
Definition: acl.h:54
int errmsg(const char *fmt,...)
Definition: elog.c:824
#define ACL_ID_PUBLIC
Definition: acl.h:46
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
Definition: acl.c:923
#define ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)
Definition: acl.h:82
#define lfirst_oid(lc)
Definition: pg_list.h:171

◆ objectNamesToOids()

static List * objectNamesToOids ( ObjectType  objtype,
List objnames 
)
static

Definition at line 612 of file aclchk.c.

References Assert, dbname, elog, ereport, errcode(), errmsg(), ERROR, get_database_oid(), get_foreign_data_wrapper_oid(), get_foreign_server_oid(), get_language_oid(), get_namespace_oid(), get_tablespace_oid(), lappend_oid(), LargeObjectExists(), lfirst, LookupFuncWithArgs(), makeTypeNameFromNameList(), NIL, NoLock, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, oidparse(), RangeVarGetRelid, strVal, typenameTypeId(), and typname.

Referenced by ExecuteGrantStmt().

613 {
614  List *objects = NIL;
615  ListCell *cell;
616 
617  Assert(objnames != NIL);
618 
619  switch (objtype)
620  {
621  case OBJECT_TABLE:
622  case OBJECT_SEQUENCE:
623  foreach(cell, objnames)
624  {
625  RangeVar *relvar = (RangeVar *) lfirst(cell);
626  Oid relOid;
627 
628  relOid = RangeVarGetRelid(relvar, NoLock, false);
629  objects = lappend_oid(objects, relOid);
630  }
631  break;
632  case OBJECT_DATABASE:
633  foreach(cell, objnames)
634  {
635  char *dbname = strVal(lfirst(cell));
636  Oid dbid;
637 
638  dbid = get_database_oid(dbname, false);
639  objects = lappend_oid(objects, dbid);
640  }
641  break;
642  case OBJECT_DOMAIN:
643  case OBJECT_TYPE:
644  foreach(cell, objnames)
645  {
646  List *typname = (List *) lfirst(cell);
647  Oid oid;
648 
649  oid = typenameTypeId(NULL, makeTypeNameFromNameList(typname));
650  objects = lappend_oid(objects, oid);
651  }
652  break;
653  case OBJECT_FUNCTION:
654  foreach(cell, objnames)
655  {
656  ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
657  Oid funcid;
658 
659  funcid = LookupFuncWithArgs(OBJECT_FUNCTION, func, false);
660  objects = lappend_oid(objects, funcid);
661  }
662  break;
663  case OBJECT_LANGUAGE:
664  foreach(cell, objnames)
665  {
666  char *langname = strVal(lfirst(cell));
667  Oid oid;
668 
669  oid = get_language_oid(langname, false);
670  objects = lappend_oid(objects, oid);
671  }
672  break;
673  case OBJECT_LARGEOBJECT:
674  foreach(cell, objnames)
675  {
676  Oid lobjOid = oidparse(lfirst(cell));
677 
678  if (!LargeObjectExists(lobjOid))
679  ereport(ERROR,
680  (errcode(ERRCODE_UNDEFINED_OBJECT),
681  errmsg("large object %u does not exist",
682  lobjOid)));
683 
684  objects = lappend_oid(objects, lobjOid);
685  }
686  break;
687  case OBJECT_SCHEMA:
688  foreach(cell, objnames)
689  {
690  char *nspname = strVal(lfirst(cell));
691  Oid oid;
692 
693  oid = get_namespace_oid(nspname, false);
694  objects = lappend_oid(objects, oid);
695  }
696  break;
697  case OBJECT_PROCEDURE:
698  foreach(cell, objnames)
699  {
700  ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
701  Oid procid;
702 
703  procid = LookupFuncWithArgs(OBJECT_PROCEDURE, func, false);
704  objects = lappend_oid(objects, procid);
705  }
706  break;
707  case OBJECT_ROUTINE:
708  foreach(cell, objnames)
709  {
710  ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
711  Oid routid;
712 
713  routid = LookupFuncWithArgs(OBJECT_ROUTINE, func, false);
714  objects = lappend_oid(objects, routid);
715  }
716  break;
717  case OBJECT_TABLESPACE:
718  foreach(cell, objnames)
719  {
720  char *spcname = strVal(lfirst(cell));
721  Oid spcoid;
722 
723  spcoid = get_tablespace_oid(spcname, false);
724  objects = lappend_oid(objects, spcoid);
725  }
726  break;
727  case OBJECT_FDW:
728  foreach(cell, objnames)
729  {
730  char *fdwname = strVal(lfirst(cell));
731  Oid fdwid = get_foreign_data_wrapper_oid(fdwname, false);
732 
733  objects = lappend_oid(objects, fdwid);
734  }
735  break;
737  foreach(cell, objnames)
738  {
739  char *srvname = strVal(lfirst(cell));
740  Oid srvid = get_foreign_server_oid(srvname, false);
741 
742  objects = lappend_oid(objects, srvid);
743  }
744  break;
745  default:
746  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
747  (int) objtype);
748  }
749 
750  return objects;
751 }
#define NIL
Definition: pg_list.h:65
Oid get_tablespace_oid(const char *tablespacename, bool missing_ok)
Definition: tablespace.c:1421
Oid get_namespace_oid(const char *nspname, bool missing_ok)
Definition: namespace.c:3042
Oid oidparse(Node *node)
Definition: oid.c:314
#define RangeVarGetRelid(relation, lockmode, missing_ok)
Definition: namespace.h:78
Oid get_language_oid(const char *langname, bool missing_ok)
Definition: proclang.c:228
#define strVal(v)
Definition: value.h:54
int errcode(int sqlerrcode)
Definition: elog.c:610
unsigned int Oid
Definition: postgres_ext.h:31
List * lappend_oid(List *list, Oid datum)
Definition: list.c:357
Oid get_foreign_data_wrapper_oid(const char *fdwname, bool missing_ok)
Definition: foreign.c:691
#define ERROR
Definition: elog.h:43
#define NoLock
Definition: lockdefs.h:34
NameData typname
Definition: pg_type.h:41
Oid get_database_oid(const char *dbname, bool missing_ok)
Definition: dbcommands.c:2108
#define ereport(elevel,...)
Definition: elog.h:144
#define Assert(condition)
Definition: c.h:745
#define lfirst(lc)
Definition: pg_list.h:169
char * dbname
Definition: streamutil.c:51
bool LargeObjectExists(Oid loid)
int errmsg(const char *fmt,...)
Definition: elog.c:824
#define elog(elevel,...)
Definition: elog.h:214
Oid LookupFuncWithArgs(ObjectType objtype, ObjectWithArgs *func, bool missing_ok)
Definition: parse_func.c:2163
TypeName * makeTypeNameFromNameList(List *names)
Definition: makefuncs.c:456
Definition: pg_list.h:50
Oid get_foreign_server_oid(const char *servername, bool missing_ok)
Definition: foreign.c:714
Oid typenameTypeId(ParseState *pstate, const TypeName *typeName)
Definition: parse_type.c:291

◆ objectsInSchemaToOids()

static List * objectsInSchemaToOids ( ObjectType  objtype,
List nspnames 
)
static

Definition at line 761 of file aclchk.c.

References AccessShareLock, BTEqualStrategyNumber, CharGetDatum, elog, ERROR, ForwardScanDirection, getRelationsInNamespace(), GETSTRUCT, heap_getnext(), sort-test::key, lappend_oid(), lfirst, list_concat(), LookupExplicitNamespace(), NIL, OBJECT_FUNCTION, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SEQUENCE, OBJECT_TABLE, ObjectIdGetDatum, ScanKeyInit(), strVal, table_beginscan_catalog(), table_close(), table_endscan(), and table_open().

Referenced by ExecuteGrantStmt().

762 {
763  List *objects = NIL;
764  ListCell *cell;
765 
766  foreach(cell, nspnames)
767  {
768  char *nspname = strVal(lfirst(cell));
769  Oid namespaceId;
770  List *objs;
771 
772  namespaceId = LookupExplicitNamespace(nspname, false);
773 
774  switch (objtype)
775  {
776  case OBJECT_TABLE:
777  objs = getRelationsInNamespace(namespaceId, RELKIND_RELATION);
778  objects = list_concat(objects, objs);
779  objs = getRelationsInNamespace(namespaceId, RELKIND_VIEW);
780  objects = list_concat(objects, objs);
781  objs = getRelationsInNamespace(namespaceId, RELKIND_MATVIEW);
782  objects = list_concat(objects, objs);
783  objs = getRelationsInNamespace(namespaceId, RELKIND_FOREIGN_TABLE);
784  objects = list_concat(objects, objs);
785  objs = getRelationsInNamespace(namespaceId, RELKIND_PARTITIONED_TABLE);
786  objects = list_concat(objects, objs);
787  break;
788  case OBJECT_SEQUENCE:
789  objs = getRelationsInNamespace(namespaceId, RELKIND_SEQUENCE);
790  objects = list_concat(objects, objs);
791  break;
792  case OBJECT_FUNCTION:
793  case OBJECT_PROCEDURE:
794  case OBJECT_ROUTINE:
795  {
796  ScanKeyData key[2];
797  int keycount;
798  Relation rel;
799  TableScanDesc scan;
800  HeapTuple tuple;
801 
802  keycount = 0;
803  ScanKeyInit(&key[keycount++],
804  Anum_pg_proc_pronamespace,
805  BTEqualStrategyNumber, F_OIDEQ,
806  ObjectIdGetDatum(namespaceId));
807 
808  if (objtype == OBJECT_FUNCTION)
809  /* includes aggregates and window functions */
810  ScanKeyInit(&key[keycount++],
811  Anum_pg_proc_prokind,
812  BTEqualStrategyNumber, F_CHARNE,
813  CharGetDatum(PROKIND_PROCEDURE));
814  else if (objtype == OBJECT_PROCEDURE)
815  ScanKeyInit(&key[keycount++],
816  Anum_pg_proc_prokind,
817  BTEqualStrategyNumber, F_CHAREQ,
818  CharGetDatum(PROKIND_PROCEDURE));
819 
820  rel = table_open(ProcedureRelationId, AccessShareLock);
821  scan = table_beginscan_catalog(rel, keycount, key);
822 
823  while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
824  {
825  Oid oid = ((Form_pg_proc) GETSTRUCT(tuple))->oid;
826 
827  objects = lappend_oid(objects, oid);
828  }
829 
830  table_endscan(scan);
832  }
833  break;
834  default:
835  /* should not happen */
836  elog(ERROR, "unrecognized GrantStmt.objtype: %d",
837  (int) objtype);
838  }
839  }
840 
841  return objects;
842 }
#define NIL
Definition: pg_list.h:65
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
Oid LookupExplicitNamespace(const char *nspname, bool missing_ok)
Definition: namespace.c:2892
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
TableScanDesc table_beginscan_catalog(Relation relation, int nkeys, struct ScanKeyData *key)
Definition: tableam.c:112
#define AccessShareLock
Definition: lockdefs.h:36
#define strVal(v)
Definition: value.h:54
List * list_concat(List *list1, const List *list2)
Definition: list.c:515
unsigned int Oid
Definition: postgres_ext.h:31
List * lappend_oid(List *list, Oid datum)
Definition: list.c:357
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
HeapTuple heap_getnext(TableScanDesc sscan, ScanDirection direction)
Definition: heapam.c:1286
static List * getRelationsInNamespace(Oid namespaceId, char relkind)
Definition: aclchk.c:850
FormData_pg_proc * Form_pg_proc
Definition: pg_proc.h:133
#define lfirst(lc)
Definition: pg_list.h:169
#define CharGetDatum(X)
Definition: postgres.h:416
static void table_endscan(TableScanDesc scan)
Definition: tableam.h:863
#define elog(elevel,...)
Definition: elog.h:214
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
Definition: pg_list.h:50
#define BTEqualStrategyNumber
Definition: stratnum.h:31

◆ pg_aclmask()

static AclMode pg_aclmask ( ObjectType  objtype,
Oid  table_oid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 3619 of file aclchk.c.

References ACL_NO_RIGHTS, elog, ERROR, OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_EVENT_TRIGGER, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_STATISTIC_EXT, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, pg_attribute_aclmask(), pg_class_aclmask(), pg_database_aclmask(), pg_foreign_data_wrapper_aclmask(), pg_foreign_server_aclmask(), pg_language_aclmask(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask(), pg_proc_aclmask(), pg_tablespace_aclmask(), and pg_type_aclmask().

Referenced by restrict_and_check_grant().

3621 {
3622  switch (objtype)
3623  {
3624  case OBJECT_COLUMN:
3625  return
3626  pg_class_aclmask(table_oid, roleid, mask, how) |
3627  pg_attribute_aclmask(table_oid, attnum, roleid, mask, how);
3628  case OBJECT_TABLE:
3629  case OBJECT_SEQUENCE:
3630  return pg_class_aclmask(table_oid, roleid, mask, how);
3631  case OBJECT_DATABASE:
3632  return pg_database_aclmask(table_oid, roleid, mask, how);
3633  case OBJECT_FUNCTION:
3634  return pg_proc_aclmask(table_oid, roleid, mask, how);
3635  case OBJECT_LANGUAGE:
3636  return pg_language_aclmask(table_oid, roleid, mask, how);
3637  case OBJECT_LARGEOBJECT:
3638  return pg_largeobject_aclmask_snapshot(table_oid, roleid,
3639  mask, how, NULL);
3640  case OBJECT_SCHEMA:
3641  return pg_namespace_aclmask(table_oid, roleid, mask, how);
3642  case OBJECT_STATISTIC_EXT:
3643  elog(ERROR, "grantable rights not supported for statistics objects");
3644  /* not reached, but keep compiler quiet */
3645  return ACL_NO_RIGHTS;
3646  case OBJECT_TABLESPACE:
3647  return pg_tablespace_aclmask(table_oid, roleid, mask, how);
3648  case OBJECT_FDW:
3649  return pg_foreign_data_wrapper_aclmask(table_oid, roleid, mask, how);
3650  case OBJECT_FOREIGN_SERVER:
3651  return pg_foreign_server_aclmask(table_oid, roleid, mask, how);
3652  case OBJECT_EVENT_TRIGGER:
3653  elog(ERROR, "grantable rights not supported for event triggers");
3654  /* not reached, but keep compiler quiet */
3655  return ACL_NO_RIGHTS;
3656  case OBJECT_TYPE:
3657  return pg_type_aclmask(table_oid, roleid, mask, how);
3658  default:
3659  elog(ERROR, "unrecognized objtype: %d",
3660  (int) objtype);
3661  /* not reached, but keep compiler quiet */
3662  return ACL_NO_RIGHTS;
3663  }
3664 }
AclMode pg_foreign_server_aclmask(Oid srv_oid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:4304
AclMode pg_attribute_aclmask(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3687
AclMode pg_tablespace_aclmask(Oid spc_oid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:4185
AclMode pg_class_aclmask(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3772
AclMode pg_database_aclmask(Oid db_oid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3859
#define ERROR
Definition: elog.h:43
#define ACL_NO_RIGHTS
Definition: parsenodes.h:88
AclMode pg_namespace_aclmask(Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:4103
int16 attnum
Definition: pg_attribute.h:79
AclMode pg_type_aclmask(Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:4365
AclMode pg_language_aclmask(Oid lang_oid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3967
AclMode pg_proc_aclmask(Oid proc_oid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:3913
#define elog(elevel,...)
Definition: elog.h:214
AclMode pg_foreign_data_wrapper_aclmask(Oid fdw_oid, Oid roleid, AclMode mask, AclMaskHow how)
Definition: aclchk.c:4242