#include "postgres.h"
#include "access/genam.h"
#include "access/heapam.h"
#include "access/htup_details.h"
#include "access/sysattr.h"
#include "access/xact.h"
#include "catalog/binary_upgrade.h"
#include "catalog/catalog.h"
#include "catalog/dependency.h"
#include "catalog/indexing.h"
#include "catalog/objectaccess.h"
#include "catalog/pg_aggregate.h"
#include "catalog/pg_am.h"
#include "catalog/pg_authid.h"
#include "catalog/pg_cast.h"
#include "catalog/pg_collation.h"
#include "catalog/pg_conversion.h"
#include "catalog/pg_database.h"
#include "catalog/pg_default_acl.h"
#include "catalog/pg_event_trigger.h"
#include "catalog/pg_extension.h"
#include "catalog/pg_foreign_data_wrapper.h"
#include "catalog/pg_foreign_server.h"
#include "catalog/pg_init_privs.h"
#include "catalog/pg_language.h"
#include "catalog/pg_largeobject.h"
#include "catalog/pg_largeobject_metadata.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_opclass.h"
#include "catalog/pg_operator.h"
#include "catalog/pg_opfamily.h"
#include "catalog/pg_proc.h"
#include "catalog/pg_statistic_ext.h"
#include "catalog/pg_subscription.h"
#include "catalog/pg_tablespace.h"
#include "catalog/pg_type.h"
#include "catalog/pg_ts_config.h"
#include "catalog/pg_ts_dict.h"
#include "catalog/pg_ts_parser.h"
#include "catalog/pg_ts_template.h"
#include "catalog/pg_transform.h"
#include "commands/dbcommands.h"
#include "commands/event_trigger.h"
#include "commands/extension.h"
#include "commands/proclang.h"
#include "commands/tablespace.h"
#include "foreign/foreign.h"
#include "miscadmin.h"
#include "nodes/makefuncs.h"
#include "parser/parse_func.h"
#include "parser/parse_type.h"
#include "utils/acl.h"
#include "utils/aclchk_internal.h"
#include "utils/builtins.h"
#include "utils/fmgroids.h"
#include "utils/lsyscache.h"
#include "utils/rel.h"
#include "utils/syscache.h"
#include "utils/tqual.h"

Include dependency graph for aclchk.c:

Data Structures
struct	InternalDefaultACL

Functions
static void	ExecGrantStmt_oids (InternalGrant *istmt)

static void	ExecGrant_Relation (InternalGrant *grantStmt)

static void	ExecGrant_Database (InternalGrant *grantStmt)

static void	ExecGrant_Fdw (InternalGrant *grantStmt)

static void	ExecGrant_ForeignServer (InternalGrant *grantStmt)

static void	ExecGrant_Function (InternalGrant *grantStmt)

static void	ExecGrant_Language (InternalGrant *grantStmt)

static void	ExecGrant_Largeobject (InternalGrant *grantStmt)

static void	ExecGrant_Namespace (InternalGrant *grantStmt)

static void	ExecGrant_Tablespace (InternalGrant *grantStmt)

static void	ExecGrant_Type (InternalGrant *grantStmt)

static void	SetDefaultACLsInSchemas (InternalDefaultACL iacls, List nspnames)

static void	SetDefaultACL (InternalDefaultACL *iacls)

static List *	objectNamesToOids (ObjectType objtype, List *objnames)

static List *	objectsInSchemaToOids (ObjectType objtype, List *nspnames)

static List *	getRelationsInNamespace (Oid namespaceId, char relkind)

static void	expand_col_privileges (List colnames, Oid table_oid, AclMode this_privileges, AclMode col_privileges, int num_col_privileges)

static void	expand_all_col_privileges (Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)

static AclMode	string_to_privilege (const char *privname)

static const char *	privilege_to_string (AclMode privilege)

static AclMode	restrict_and_check_grant (bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char objname, AttrNumber att_number, const char colname)

static AclMode	pg_aclmask (ObjectType objtype, Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)

static void	recordExtensionInitPriv (Oid objoid, Oid classoid, int objsubid, Acl *new_acl)

static void	recordExtensionInitPrivWorker (Oid objoid, Oid classoid, int objsubid, Acl *new_acl)

static Acl *	merge_acl_with_grant (Acl old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List grantees, AclMode privileges, Oid grantorId, Oid ownerId)

void	ExecuteGrantStmt (GrantStmt *stmt)

void	ExecAlterDefaultPrivilegesStmt (ParseState pstate, AlterDefaultPrivilegesStmt stmt)

void	RemoveRoleFromObjectACL (Oid roleid, Oid classid, Oid objid)

void	RemoveDefaultACLById (Oid defaclOid)

static void	ExecGrant_Attribute (InternalGrant istmt, Oid relOid, const char relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)

void	aclcheck_error (AclResult aclerr, ObjectType objtype, const char *objectname)

void	aclcheck_error_col (AclResult aclerr, ObjectType objtype, const char objectname, const char colname)

void	aclcheck_error_type (AclResult aclerr, Oid typeOid)

AclMode	pg_attribute_aclmask (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)

AclMode	pg_class_aclmask (Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)

AclMode	pg_database_aclmask (Oid db_oid, Oid roleid, AclMode mask, AclMaskHow how)

AclMode	pg_proc_aclmask (Oid proc_oid, Oid roleid, AclMode mask, AclMaskHow how)

AclMode	pg_language_aclmask (Oid lang_oid, Oid roleid, AclMode mask, AclMaskHow how)

AclMode	pg_largeobject_aclmask_snapshot (Oid lobj_oid, Oid roleid, AclMode mask, AclMaskHow how, Snapshot snapshot)

AclMode	pg_namespace_aclmask (Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how)

AclMode	pg_tablespace_aclmask (Oid spc_oid, Oid roleid, AclMode mask, AclMaskHow how)

AclMode	pg_foreign_data_wrapper_aclmask (Oid fdw_oid, Oid roleid, AclMode mask, AclMaskHow how)

AclMode	pg_foreign_server_aclmask (Oid srv_oid, Oid roleid, AclMode mask, AclMaskHow how)

AclMode	pg_type_aclmask (Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how)

AclResult	pg_attribute_aclcheck (Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode)

AclResult	pg_attribute_aclcheck_all (Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)

AclResult	pg_class_aclcheck (Oid table_oid, Oid roleid, AclMode mode)

AclResult	pg_database_aclcheck (Oid db_oid, Oid roleid, AclMode mode)

AclResult	pg_proc_aclcheck (Oid proc_oid, Oid roleid, AclMode mode)

AclResult	pg_language_aclcheck (Oid lang_oid, Oid roleid, AclMode mode)

AclResult	pg_largeobject_aclcheck_snapshot (Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)

AclResult	pg_namespace_aclcheck (Oid nsp_oid, Oid roleid, AclMode mode)

AclResult	pg_tablespace_aclcheck (Oid spc_oid, Oid roleid, AclMode mode)

AclResult	pg_foreign_data_wrapper_aclcheck (Oid fdw_oid, Oid roleid, AclMode mode)

AclResult	pg_foreign_server_aclcheck (Oid srv_oid, Oid roleid, AclMode mode)

AclResult	pg_type_aclcheck (Oid type_oid, Oid roleid, AclMode mode)

bool	pg_class_ownercheck (Oid class_oid, Oid roleid)

bool	pg_type_ownercheck (Oid type_oid, Oid roleid)

bool	pg_oper_ownercheck (Oid oper_oid, Oid roleid)

bool	pg_proc_ownercheck (Oid proc_oid, Oid roleid)

bool	pg_language_ownercheck (Oid lan_oid, Oid roleid)

bool	pg_largeobject_ownercheck (Oid lobj_oid, Oid roleid)

bool	pg_namespace_ownercheck (Oid nsp_oid, Oid roleid)

bool	pg_tablespace_ownercheck (Oid spc_oid, Oid roleid)

bool	pg_opclass_ownercheck (Oid opc_oid, Oid roleid)

bool	pg_opfamily_ownercheck (Oid opf_oid, Oid roleid)

bool	pg_ts_dict_ownercheck (Oid dict_oid, Oid roleid)

bool	pg_ts_config_ownercheck (Oid cfg_oid, Oid roleid)

bool	pg_foreign_data_wrapper_ownercheck (Oid srv_oid, Oid roleid)

bool	pg_foreign_server_ownercheck (Oid srv_oid, Oid roleid)

bool	pg_event_trigger_ownercheck (Oid et_oid, Oid roleid)

bool	pg_database_ownercheck (Oid db_oid, Oid roleid)

bool	pg_collation_ownercheck (Oid coll_oid, Oid roleid)

bool	pg_conversion_ownercheck (Oid conv_oid, Oid roleid)

bool	pg_extension_ownercheck (Oid ext_oid, Oid roleid)

bool	pg_publication_ownercheck (Oid pub_oid, Oid roleid)

bool	pg_subscription_ownercheck (Oid sub_oid, Oid roleid)

bool	pg_statistics_object_ownercheck (Oid stat_oid, Oid roleid)

bool	has_createrole_privilege (Oid roleid)

bool	has_bypassrls_privilege (Oid roleid)

static Acl *	get_default_acl_internal (Oid roleId, Oid nsp_oid, char objtype)

Acl *	get_user_default_acl (ObjectType objtype, Oid ownerId, Oid nsp_oid)

void	recordExtObjInitPriv (Oid objoid, Oid classoid)

void	removeExtObjInitPriv (Oid objoid, Oid classoid)

Variables
bool	binary_upgrade_record_init_privs = false

Function Documentation

◆ aclcheck_error()

void aclcheck_error	(	AclResult	aclerr,
		ObjectType	objtype,
		const char *	objectname
	)

Definition at line 3348 of file aclchk.c.

References ACLCHECK_NO_PRIV, ACLCHECK_NOT_OWNER, ACLCHECK_OK, elog, ereport, errcode(), errmsg(), ERROR, gettext_noop, OBJECT_ACCESS_METHOD, OBJECT_AGGREGATE, OBJECT_AMOP, OBJECT_AMPROC, OBJECT_ATTRIBUTE, OBJECT_CAST, OBJECT_COLLATION, OBJECT_COLUMN, OBJECT_CONVERSION, OBJECT_DATABASE, OBJECT_DEFACL, OBJECT_DEFAULT, OBJECT_DOMAIN, OBJECT_DOMCONSTRAINT, OBJECT_EVENT_TRIGGER, OBJECT_EXTENSION, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FOREIGN_TABLE, OBJECT_FUNCTION, OBJECT_INDEX, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_MATVIEW, OBJECT_OPCLASS, OBJECT_OPERATOR, OBJECT_OPFAMILY, OBJECT_POLICY, OBJECT_PROCEDURE, OBJECT_PUBLICATION, OBJECT_PUBLICATION_REL, OBJECT_ROLE, OBJECT_ROUTINE, OBJECT_RULE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_STATISTIC_EXT, OBJECT_SUBSCRIPTION, OBJECT_TABCONSTRAINT, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TRANSFORM, OBJECT_TRIGGER, OBJECT_TSCONFIGURATION, OBJECT_TSDICTIONARY, OBJECT_TSPARSER, OBJECT_TSTEMPLATE, OBJECT_TYPE, OBJECT_USER_MAPPING, and OBJECT_VIEW.

Referenced by aclcheck_error_col(), aclcheck_error_type(), AlterCollation(), AlterDatabase(), AlterDatabaseOwner(), AlterDatabaseSet(), AlterEventTrigger(), AlterEventTriggerOwner_internal(), AlterExtensionNamespace(), AlterForeignServer(), AlterForeignServerOwner_internal(), AlterFunction(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), AlterOperator(), AlterOpFamilyAdd(), AlterPublication(), AlterPublicationOwner_internal(), AlterRoleSet(), AlterSchemaOwner_internal(), AlterSubscription(), AlterSubscriptionOwner_internal(), AlterTableMoveAll(), AlterTableSpaceOptions(), AlterTSConfiguration(), AlterTSDictionary(), AlterTypeOwner(), ATExecChangeOwner(), ATPrepSetStatistics(), ATPrepSetTableSpace(), ATSimplePermissions(), brin_desummarize_range(), brin_summarize_range(), calculate_database_size(), calculate_tablespace_size(), call_pltcl_start_proc(), check_object_ownership(), check_temp_tablespaces(), checkFkeyPermissions(), CheckFunctionValidatorAccess(), compute_return_type(), create_proc_lang(), CreateConversionCommand(), createdb(), CreateForeignServer(), CreateForeignTable(), CreateFunction(), CreateProceduralLanguage(), CreatePublication(), CreateSchemaCommand(), CreateStatistics(), CreateTransform(), CreateTrigger(), currtid_byrelname(), currtid_byreloid(), DefineAggregate(), DefineCollation(), DefineDomain(), DefineEnum(), DefineIndex(), DefineOpClass(), DefineOperator(), DefineOpFamily(), DefineQueryRewrite(), DefineRange(), DefineRelation(), DefineTSConfiguration(), DefineTSDictionary(), DefineType(), dropdb(), DropSubscription(), DropTableSpace(), EnableDisableRule(), ExecAlterExtensionContentsStmt(), ExecAlterExtensionStmt(), ExecBuildGroupingEqual(), ExecCheckRTPerms(), ExecInitAgg(), ExecInitExprRec(), ExecInitFunc(), ExecInitWindowAgg(), ExecuteCallStmt(), ExecuteDoStmt(), ExecuteTruncateGuts(), findRangeCanonicalFunction(), findRangeSubtypeDiffFunction(), get_connect_string(), get_other_operator(), get_rel_from_relname(), gin_clean_pending_list(), HandleFunctionRequest(), ImportForeignSchema(), init_sexpr(), initialize_peragg(), LockTableRecurse(), LockViewRecurse_walker(), lookup_agg_function(), LookupCreationNamespace(), LookupExplicitNamespace(), MergeAttributes(), movedb(), OperatorCreate(), pg_prewarm(), pgrowlocks(), ProcedureCreate(), PublicationAddTables(), RangeVarCallbackForAlterRelation(), RangeVarCallbackForDropRelation(), RangeVarCallbackForLockTable(), RangeVarCallbackForPolicy(), RangeVarCallbackForReindexIndex(), RangeVarCallbackForRenameRule(), RangeVarCallbackForRenameTrigger(), RangeVarCallbackOwnsRelation(), RangeVarCallbackOwnsTable(), RangeVarGetAndCheckCreationNamespace(), ReindexMultipleTables(), renameatt_check(), RenameDatabase(), RenameSchema(), RenameTableSpace(), restrict_and_check_grant(), transformTableLikeClause(), truncate_check_rel(), TypeCreate(), user_mapping_ddl_aclcheck(), ValidateJoinEstimator(), and ValidateRestrictionEstimator().

 {
     switch (aclerr)
     {
         case ACLCHECK_OK:
             /* no error, so return to caller */
             break;
         case ACLCHECK_NO_PRIV:
             {
                 const char *msg = "???";
 
                 switch (objtype)
                 {
                     case OBJECT_AGGREGATE:
                         msg = gettext_noop("permission denied for aggregate %s");
                         break;
                     case OBJECT_COLLATION:
                         msg = gettext_noop("permission denied for collation %s");
                         break;
                     case OBJECT_COLUMN:
                         msg = gettext_noop("permission denied for column %s");
                         break;
                     case OBJECT_CONVERSION:
                         msg = gettext_noop("permission denied for conversion %s");
                         break;
                     case OBJECT_DATABASE:
                         msg = gettext_noop("permission denied for database %s");
                         break;
                     case OBJECT_DOMAIN:
                         msg = gettext_noop("permission denied for domain %s");
                         break;
                     case OBJECT_EVENT_TRIGGER:
                         msg = gettext_noop("permission denied for event trigger %s");
                         break;
                     case OBJECT_EXTENSION:
                         msg = gettext_noop("permission denied for extension %s");
                         break;
                     case OBJECT_FDW:
                         msg = gettext_noop("permission denied for foreign-data wrapper %s");
                         break;
                     case OBJECT_FOREIGN_SERVER:
                         msg = gettext_noop("permission denied for foreign server %s");
                         break;
                     case OBJECT_FOREIGN_TABLE:
                         msg = gettext_noop("permission denied for foreign table %s");
                         break;
                     case OBJECT_FUNCTION:
                         msg = gettext_noop("permission denied for function %s");
                         break;
                     case OBJECT_INDEX:
                         msg = gettext_noop("permission denied for index %s");
                         break;
                     case OBJECT_LANGUAGE:
                         msg = gettext_noop("permission denied for language %s");
                         break;
                     case OBJECT_LARGEOBJECT:
                         msg = gettext_noop("permission denied for large object %s");
                         break;
                     case OBJECT_MATVIEW:
                         msg = gettext_noop("permission denied for materialized view %s");
                         break;
                     case OBJECT_OPCLASS:
                         msg = gettext_noop("permission denied for operator class %s");
                         break;
                     case OBJECT_OPERATOR:
                         msg = gettext_noop("permission denied for operator %s");
                         break;
                     case OBJECT_OPFAMILY:
                         msg = gettext_noop("permission denied for operator family %s");
                         break;
                     case OBJECT_POLICY:
                         msg = gettext_noop("permission denied for policy %s");
                         break;
                     case OBJECT_PROCEDURE:
                         msg = gettext_noop("permission denied for procedure %s");
                         break;
                     case OBJECT_PUBLICATION:
                         msg = gettext_noop("permission denied for publication %s");
                         break;
                     case OBJECT_ROUTINE:
                         msg = gettext_noop("permission denied for routine %s");
                         break;
                     case OBJECT_SCHEMA:
                         msg = gettext_noop("permission denied for schema %s");
                         break;
                     case OBJECT_SEQUENCE:
                         msg = gettext_noop("permission denied for sequence %s");
                         break;
                     case OBJECT_STATISTIC_EXT:
                         msg = gettext_noop("permission denied for statistics object %s");
                         break;
                     case OBJECT_SUBSCRIPTION:
                         msg = gettext_noop("permission denied for subscription %s");
                         break;
                     case OBJECT_TABLE:
                         msg = gettext_noop("permission denied for table %s");
                         break;
                     case OBJECT_TABLESPACE:
                         msg = gettext_noop("permission denied for tablespace %s");
                         break;
                     case OBJECT_TSCONFIGURATION:
                         msg = gettext_noop("permission denied for text search configuration %s");
                         break;
                     case OBJECT_TSDICTIONARY:
                         msg = gettext_noop("permission denied for text search dictionary %s");
                         break;
                     case OBJECT_TYPE:
                         msg = gettext_noop("permission denied for type %s");
                         break;
                     case OBJECT_VIEW:
                         msg = gettext_noop("permission denied for view %s");
                         break;
                     /* these currently aren't used */
                     case OBJECT_ACCESS_METHOD:
                     case OBJECT_AMOP:
                     case OBJECT_AMPROC:
                     case OBJECT_ATTRIBUTE:
                     case OBJECT_CAST:
                     case OBJECT_DEFAULT:
                     case OBJECT_DEFACL:
                     case OBJECT_DOMCONSTRAINT:
                     case OBJECT_PUBLICATION_REL:
                     case OBJECT_ROLE:
                     case OBJECT_RULE:
                     case OBJECT_TABCONSTRAINT:
                     case OBJECT_TRANSFORM:
                     case OBJECT_TRIGGER:
                     case OBJECT_TSPARSER:
                     case OBJECT_TSTEMPLATE:
                     case OBJECT_USER_MAPPING:
                         elog(ERROR, "unsupported object type %d", objtype);
                 }
 
                 ereport(ERROR,
                         (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                          errmsg(msg, objectname)));
                 break;
             }
         case ACLCHECK_NOT_OWNER:
             {
                 const char *msg = "???";
 
                 switch (objtype)
                 {
                     case OBJECT_AGGREGATE:
                         msg = gettext_noop("must be owner of aggregate %s");
                         break;
                     case OBJECT_COLLATION:
                         msg = gettext_noop("must be owner of collation %s");
                         break;
                     case OBJECT_CONVERSION:
                         msg = gettext_noop("must be owner of conversion %s");
                         break;
                     case OBJECT_DATABASE:
                         msg = gettext_noop("must be owner of database %s");
                         break;
                     case OBJECT_DOMAIN:
                         msg = gettext_noop("must be owner of domain %s");
                         break;
                     case OBJECT_EVENT_TRIGGER:
                         msg = gettext_noop("must be owner of event trigger %s");
                         break;
                     case OBJECT_EXTENSION:
                         msg = gettext_noop("must be owner of extension %s");
                         break;
                     case OBJECT_FDW:
                         msg = gettext_noop("must be owner of foreign-data wrapper %s");
                         break;
                     case OBJECT_FOREIGN_SERVER:
                         msg = gettext_noop("must be owner of foreign server %s");
                         break;
                     case OBJECT_FOREIGN_TABLE:
                         msg = gettext_noop("must be owner of foreign table %s");
                         break;
                     case OBJECT_FUNCTION:
                         msg = gettext_noop("must be owner of function %s");
                         break;
                     case OBJECT_INDEX:
                         msg = gettext_noop("must be owner of index %s");
                         break;
                     case OBJECT_LANGUAGE:
                         msg = gettext_noop("must be owner of language %s");
                         break;
                     case OBJECT_LARGEOBJECT:
                         msg = gettext_noop("must be owner of large object %s");
                         break;
                     case OBJECT_MATVIEW:
                         msg = gettext_noop("must be owner of materialized view %s");
                         break;
                     case OBJECT_OPCLASS:
                         msg = gettext_noop("must be owner of operator class %s");
                         break;
                     case OBJECT_OPERATOR:
                         msg = gettext_noop("must be owner of operator %s");
                         break;
                     case OBJECT_OPFAMILY:
                         msg = gettext_noop("must be owner of operator family %s");
                         break;
                     case OBJECT_PROCEDURE:
                         msg = gettext_noop("must be owner of procedure %s");
                         break;
                     case OBJECT_PUBLICATION:
                         msg = gettext_noop("must be owner of publication %s");
                         break;
                     case OBJECT_ROUTINE:
                         msg = gettext_noop("must be owner of routine %s");
                         break;
                     case OBJECT_SEQUENCE:
                         msg = gettext_noop("must be owner of sequence %s");
                         break;
                     case OBJECT_SUBSCRIPTION:
                         msg = gettext_noop("must be owner of subscription %s");
                         break;
                     case OBJECT_TABLE:
                         msg = gettext_noop("must be owner of table %s");
                         break;
                     case OBJECT_TYPE:
                         msg = gettext_noop("must be owner of type %s");
                         break;
                     case OBJECT_VIEW:
                         msg = gettext_noop("must be owner of view %s");
                         break;
                     case OBJECT_SCHEMA:
                         msg = gettext_noop("must be owner of schema %s");
                         break;
                     case OBJECT_STATISTIC_EXT:
                         msg = gettext_noop("must be owner of statistics object %s");
                         break;
                     case OBJECT_TABLESPACE:
                         msg = gettext_noop("must be owner of tablespace %s");
                         break;
                     case OBJECT_TSCONFIGURATION:
                         msg = gettext_noop("must be owner of text search configuration %s");
                         break;
                     case OBJECT_TSDICTIONARY:
                         msg = gettext_noop("must be owner of text search dictionary %s");
                         break;
                     /*
                      * Special cases: For these, the error message talks about
                      * "relation", because that's where the ownership is
                      * attached.  See also check_object_ownership().
                      */
                     case OBJECT_COLUMN:
                     case OBJECT_POLICY:
                     case OBJECT_RULE:
                     case OBJECT_TABCONSTRAINT:
                     case OBJECT_TRIGGER:
                         msg = gettext_noop("must be owner of relation %s");
                         break;
                     /* these currently aren't used */
                     case OBJECT_ACCESS_METHOD:
                     case OBJECT_AMOP:
                     case OBJECT_AMPROC:
                     case OBJECT_ATTRIBUTE:
                     case OBJECT_CAST:
                     case OBJECT_DEFAULT:
                     case OBJECT_DEFACL:
                     case OBJECT_DOMCONSTRAINT:
                     case OBJECT_PUBLICATION_REL:
                     case OBJECT_ROLE:
                     case OBJECT_TRANSFORM:
                     case OBJECT_TSPARSER:
                     case OBJECT_TSTEMPLATE:
                     case OBJECT_USER_MAPPING:
                         elog(ERROR, "unsupported object type %d", objtype);
                 }
 
                 ereport(ERROR,
                         (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                          errmsg(msg, objectname)));
                 break;
             }
         default:
             elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
             break;
     }
 }

◆ aclcheck_error_col()

void aclcheck_error_col	(	AclResult	aclerr,
		ObjectType	objtype,
		const char *	objectname,
		const char *	colname
	)

Definition at line 3629 of file aclchk.c.

References aclcheck_error(), ACLCHECK_NO_PRIV, ACLCHECK_NOT_OWNER, ACLCHECK_OK, elog, ereport, errcode(), errmsg(), and ERROR.

Referenced by restrict_and_check_grant().

 {
     switch (aclerr)
     {
         case ACLCHECK_OK:
             /* no error, so return to caller */
             break;
         case ACLCHECK_NO_PRIV:
             ereport(ERROR,
                     (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                      errmsg("permission denied for column \"%s\" of relation \"%s\"",
                             colname, objectname)));
             break;
         case ACLCHECK_NOT_OWNER:
             /* relation msg is OK since columns don't have separate owners */
             aclcheck_error(aclerr, objtype, objectname);
             break;
         default:
             elog(ERROR, "unrecognized AclResult: %d", (int) aclerr);
             break;
     }
 }

◆ aclcheck_error_type()

void aclcheck_error_type	(	AclResult	aclerr,
		Oid	typeOid
	)

Definition at line 3659 of file aclchk.c.

References aclcheck_error(), format_type_be(), get_element_type(), and OBJECT_TYPE.

Referenced by AggregateCreate(), AlterTypeNamespace_oid(), AlterTypeOwner(), ATExecAddColumn(), ATPrepAlterColumnType(), BuildDescForRelation(), check_object_ownership(), checkDomainOwner(), checkEnumOwner(), compute_return_type(), CreateCast(), CreateTransform(), DefineDomain(), DefineOpClass(), DefineOperator(), DefineRelation(), interpret_function_parameter_list(), and RenameType().

 {
     Oid         element_type = get_element_type(typeOid);
 
     aclcheck_error(aclerr, OBJECT_TYPE, format_type_be(element_type ? element_type : typeOid));
 }

◆ ExecAlterDefaultPrivilegesStmt()

void ExecAlterDefaultPrivilegesStmt	(	ParseState *	pstate,
		AlterDefaultPrivilegesStmt *	stmt
	)

Definition at line 909 of file aclchk.c.

Referenced by ProcessUtilitySlow().

 {
     GrantStmt  *action = stmt->action;
     InternalDefaultACL iacls;
     ListCell   *cell;
     List       *rolespecs = NIL;
     List       *nspnames = NIL;
     DefElem    *drolespecs = NULL;
     DefElem    *dnspnames = NULL;
     AclMode     all_privileges;
     const char *errormsg;
 
     /* Deconstruct the "options" part of the statement */
     foreach(cell, stmt->options)
     {
         DefElem    *defel = (DefElem *) lfirst(cell);
 
         if (strcmp(defel->defname, "schemas") == 0)
         {
             if (dnspnames)
                 ereport(ERROR,
                         (errcode(ERRCODE_SYNTAX_ERROR),
                          errmsg("conflicting or redundant options"),
                          parser_errposition(pstate, defel->location)));
             dnspnames = defel;
         }
         else if (strcmp(defel->defname, "roles") == 0)
         {
             if (drolespecs)
                 ereport(ERROR,
                         (errcode(ERRCODE_SYNTAX_ERROR),
                          errmsg("conflicting or redundant options"),
                          parser_errposition(pstate, defel->location)));
             drolespecs = defel;
         }
         else
             elog(ERROR, "option \"%s\" not recognized", defel->defname);
     }
 
     if (dnspnames)
         nspnames = (List *) dnspnames->arg;
     if (drolespecs)
         rolespecs = (List *) drolespecs->arg;
 
     /* Prepare the InternalDefaultACL representation of the statement */
     /* roleid to be filled below */
     /* nspid to be filled in SetDefaultACLsInSchemas */
     iacls.is_grant = action->is_grant;
     iacls.objtype = action->objtype;
     /* all_privs to be filled below */
     /* privileges to be filled below */
     iacls.grantees = NIL;       /* filled below */
     iacls.grant_option = action->grant_option;
     iacls.behavior = action->behavior;
 
     /*
      * Convert the RoleSpec list into an Oid list.  Note that at this point we
      * insert an ACL_ID_PUBLIC into the list if appropriate, so downstream
      * there shouldn't be any additional work needed to support this case.
      */
     foreach(cell, action->grantees)
     {
         RoleSpec   *grantee = (RoleSpec *) lfirst(cell);
         Oid         grantee_uid;
 
         switch (grantee->roletype)
         {
             case ROLESPEC_PUBLIC:
                 grantee_uid = ACL_ID_PUBLIC;
                 break;
             default:
                 grantee_uid = get_rolespec_oid(grantee, false);
                 break;
         }
         iacls.grantees = lappend_oid(iacls.grantees, grantee_uid);
     }
 
     /*
      * Convert action->privileges, a list of privilege strings, into an
      * AclMode bitmask.
      */
     switch (action->objtype)
     {
         case OBJECT_TABLE:
             all_privileges = ACL_ALL_RIGHTS_RELATION;
             errormsg = gettext_noop("invalid privilege type %s for relation");
             break;
         case OBJECT_SEQUENCE:
             all_privileges = ACL_ALL_RIGHTS_SEQUENCE;
             errormsg = gettext_noop("invalid privilege type %s for sequence");
             break;
         case OBJECT_FUNCTION:
             all_privileges = ACL_ALL_RIGHTS_FUNCTION;
             errormsg = gettext_noop("invalid privilege type %s for function");
             break;
         case OBJECT_PROCEDURE:
             all_privileges = ACL_ALL_RIGHTS_FUNCTION;
             errormsg = gettext_noop("invalid privilege type %s for procedure");
             break;
         case OBJECT_ROUTINE:
             all_privileges = ACL_ALL_RIGHTS_FUNCTION;
             errormsg = gettext_noop("invalid privilege type %s for routine");
             break;
         case OBJECT_TYPE:
             all_privileges = ACL_ALL_RIGHTS_TYPE;
             errormsg = gettext_noop("invalid privilege type %s for type");
             break;
         case OBJECT_SCHEMA:
             all_privileges = ACL_ALL_RIGHTS_SCHEMA;
             errormsg = gettext_noop("invalid privilege type %s for schema");
             break;
         default:
             elog(ERROR, "unrecognized GrantStmt.objtype: %d",
                  (int) action->objtype);
             /* keep compiler quiet */
             all_privileges = ACL_NO_RIGHTS;
             errormsg = NULL;
     }
 
     if (action->privileges == NIL)
     {
         iacls.all_privs = true;
 
         /*
          * will be turned into ACL_ALL_RIGHTS_* by the internal routines
          * depending on the object type
          */
         iacls.privileges = ACL_NO_RIGHTS;
     }
     else
     {
         iacls.all_privs = false;
         iacls.privileges = ACL_NO_RIGHTS;
 
         foreach(cell, action->privileges)
         {
             AccessPriv *privnode = (AccessPriv *) lfirst(cell);
             AclMode     priv;
 
             if (privnode->cols)
                 ereport(ERROR,
                         (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                          errmsg("default privileges cannot be set for columns")));
 
             if (privnode->priv_name == NULL)    /* parser mistake? */
                 elog(ERROR, "AccessPriv node must specify privilege");
             priv = string_to_privilege(privnode->priv_name);
 
             if (priv & ~((AclMode) all_privileges))
                 ereport(ERROR,
                         (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                          errmsg(errormsg, privilege_to_string(priv))));
 
             iacls.privileges |= priv;
         }
     }
 
     if (rolespecs == NIL)
     {
         /* Set permissions for myself */
         iacls.roleid = GetUserId();
 
         SetDefaultACLsInSchemas(&iacls, nspnames);
     }
     else
     {
         /* Look up the role OIDs and do permissions checks */
         ListCell   *rolecell;
 
         foreach(rolecell, rolespecs)
         {
             RoleSpec   *rolespec = lfirst(rolecell);
 
             iacls.roleid = get_rolespec_oid(rolespec, false);
 
             /*
              * We insist that calling user be a member of each target role. If
              * he has that, he could become that role anyway via SET ROLE, so
              * FOR ROLE is just a syntactic convenience and doesn't give any
              * special privileges.
              */
             check_is_member_of_role(GetUserId(), iacls.roleid);
 
             SetDefaultACLsInSchemas(&iacls, nspnames);
         }
     }
 }

◆ ExecGrant_Attribute()

static void ExecGrant_Attribute	(	InternalGrant *	istmt,
		Oid	relOid,
		const char *	relname,
		AttrNumber	attnum,
		Oid	ownerId,
		AclMode	col_privileges,
		Relation	attRelation,
		const Acl *	old_rel_acl
	)

static

Definition at line 1642 of file aclchk.c.

References ACL_ALL_RIGHTS_COLUMN, ACL_NUM, aclconcat(), acldefault(), aclmembers(), ATTNUM, InternalGrant::behavior, CatalogTupleUpdate(), DatumGetAclPCopy, elog, ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_modify_tuple(), HeapTupleIsValid, Int16GetDatum, InternalGrant::is_grant, MemSet, merge_acl_with_grant(), NameStr, OBJECT_COLUMN, ObjectIdGetDatum, pfree(), PointerGetDatum, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), SearchSysCache2(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, updateAclDependencies(), and values.

Referenced by ExecGrant_Relation().

 {
     HeapTuple   attr_tuple;
     Form_pg_attribute pg_attribute_tuple;
     Acl        *old_acl;
     Acl        *new_acl;
     Acl        *merged_acl;
     Datum       aclDatum;
     bool        isNull;
     Oid         grantorId;
     AclMode     avail_goptions;
     bool        need_update;
     HeapTuple   newtuple;
     Datum       values[Natts_pg_attribute];
     bool        nulls[Natts_pg_attribute];
     bool        replaces[Natts_pg_attribute];
     int         noldmembers;
     int         nnewmembers;
     Oid        *oldmembers;
     Oid        *newmembers;
 
     attr_tuple = SearchSysCache2(ATTNUM,
                                  ObjectIdGetDatum(relOid),
                                  Int16GetDatum(attnum));
     if (!HeapTupleIsValid(attr_tuple))
         elog(ERROR, "cache lookup failed for attribute %d of relation %u",
              attnum, relOid);
     pg_attribute_tuple = (Form_pg_attribute) GETSTRUCT(attr_tuple);
 
     /*
      * Get working copy of existing ACL. If there's no ACL, substitute the
      * proper default.
      */
     aclDatum = SysCacheGetAttr(ATTNUM, attr_tuple, Anum_pg_attribute_attacl,
                                &isNull);
     if (isNull)
     {
         old_acl = acldefault(OBJECT_COLUMN, ownerId);
         /* There are no old member roles according to the catalogs */
         noldmembers = 0;
         oldmembers = NULL;
     }
     else
     {
         old_acl = DatumGetAclPCopy(aclDatum);
         /* Get the roles mentioned in the existing ACL */
         noldmembers = aclmembers(old_acl, &oldmembers);
     }
 
     /*
      * In select_best_grantor we should consider existing table-level ACL bits
      * as well as the per-column ACL.  Build a new ACL that is their
      * concatenation.  (This is a bit cheap and dirty compared to merging them
      * properly with no duplications, but it's all we need here.)
      */
     merged_acl = aclconcat(old_rel_acl, old_acl);
 
     /* Determine ID to do the grant as, and available grant options */
     select_best_grantor(GetUserId(), col_privileges,
                         merged_acl, ownerId,
                         &grantorId, &avail_goptions);
 
     pfree(merged_acl);
 
     /*
      * Restrict the privileges to what we can actually grant, and emit the
      * standards-mandated warning and error messages.  Note: we don't track
      * whether the user actually used the ALL PRIVILEGES(columns) syntax for
      * each column; we just approximate it by whether all the possible
      * privileges are specified now.  Since the all_privs flag only determines
      * whether a warning is issued, this seems close enough.
      */
     col_privileges =
         restrict_and_check_grant(istmt->is_grant, avail_goptions,
                                  (col_privileges == ACL_ALL_RIGHTS_COLUMN),
                                  col_privileges,
                                  relOid, grantorId, OBJECT_COLUMN,
                                  relname, attnum,
                                  NameStr(pg_attribute_tuple->attname));
 
     /*
      * Generate new ACL.
      */
     new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
                                    istmt->grant_option,
                                    istmt->behavior, istmt->grantees,
                                    col_privileges, grantorId,
                                    ownerId);
 
     /*
      * We need the members of both old and new ACLs so we can correct the
      * shared dependency information.
      */
     nnewmembers = aclmembers(new_acl, &newmembers);
 
     /* finished building new ACL value, now insert it */
     MemSet(values, 0, sizeof(values));
     MemSet(nulls, false, sizeof(nulls));
     MemSet(replaces, false, sizeof(replaces));
 
     /*
      * If the updated ACL is empty, we can set attacl to null, and maybe even
      * avoid an update of the pg_attribute row.  This is worth testing because
      * we'll come through here multiple times for any relation-level REVOKE,
      * even if there were never any column GRANTs.  Note we are assuming that
      * the "default" ACL state for columns is empty.
      */
     if (ACL_NUM(new_acl) > 0)
     {
         values[Anum_pg_attribute_attacl - 1] = PointerGetDatum(new_acl);
         need_update = true;
     }
     else
     {
         nulls[Anum_pg_attribute_attacl - 1] = true;
         need_update = !isNull;
     }
     replaces[Anum_pg_attribute_attacl - 1] = true;
 
     if (need_update)
     {
         newtuple = heap_modify_tuple(attr_tuple, RelationGetDescr(attRelation),
                                      values, nulls, replaces);
 
         CatalogTupleUpdate(attRelation, &newtuple->t_self, newtuple);
 
         /* Update initial privileges for extensions */
         recordExtensionInitPriv(relOid, RelationRelationId, attnum,
                                 ACL_NUM(new_acl) > 0 ? new_acl : NULL);
 
         /* Update the shared dependency ACL info */
         updateAclDependencies(RelationRelationId, relOid, attnum,
                               ownerId,
                               noldmembers, oldmembers,
                               nnewmembers, newmembers);
     }
 
     pfree(new_acl);
 
     ReleaseSysCache(attr_tuple);
 }

◆ ExecGrant_Database()

static void ExecGrant_Database ( InternalGrant * grantStmt )

static

Definition at line 2122 of file aclchk.c.

References ACL_ALL_RIGHTS_DATABASE, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DATABASEOID, DatumGetAclPCopy, elog, ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_close, heap_getattr, heap_modify_tuple(), heap_open(), HeapTupleGetOid, HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, MemSet, merge_acl_with_grant(), NameStr, OBJECT_DATABASE, ObjectIdGetDatum, InternalGrant::objects, pfree(), PointerGetDatum, InternalGrant::privileges, RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), HeapTupleData::t_self, updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

 {
     Relation    relation;
     ListCell   *cell;
 
     if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
         istmt->privileges = ACL_ALL_RIGHTS_DATABASE;
 
     relation = heap_open(DatabaseRelationId, RowExclusiveLock);
 
     foreach(cell, istmt->objects)
     {
         Oid         datId = lfirst_oid(cell);
         Form_pg_database pg_database_tuple;
         Datum       aclDatum;
         bool        isNull;
         AclMode     avail_goptions;
         AclMode     this_privileges;
         Acl        *old_acl;
         Acl        *new_acl;
         Oid         grantorId;
         Oid         ownerId;
         HeapTuple   newtuple;
         Datum       values[Natts_pg_database];
         bool        nulls[Natts_pg_database];
         bool        replaces[Natts_pg_database];
         int         noldmembers;
         int         nnewmembers;
         Oid        *oldmembers;
         Oid        *newmembers;
         HeapTuple   tuple;
 
         tuple = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(datId));
         if (!HeapTupleIsValid(tuple))
             elog(ERROR, "cache lookup failed for database %u", datId);
 
         pg_database_tuple = (Form_pg_database) GETSTRUCT(tuple);
 
         /*
          * Get owner ID and working copy of existing ACL. If there's no ACL,
          * substitute the proper default.
          */
         ownerId = pg_database_tuple->datdba;
         aclDatum = heap_getattr(tuple, Anum_pg_database_datacl,
                                 RelationGetDescr(relation), &isNull);
         if (isNull)
         {
             old_acl = acldefault(OBJECT_DATABASE, ownerId);
             /* There are no old member roles according to the catalogs */
             noldmembers = 0;
             oldmembers = NULL;
         }
         else
         {
             old_acl = DatumGetAclPCopy(aclDatum);
             /* Get the roles mentioned in the existing ACL */
             noldmembers = aclmembers(old_acl, &oldmembers);
         }
 
         /* Determine ID to do the grant as, and available grant options */
         select_best_grantor(GetUserId(), istmt->privileges,
                             old_acl, ownerId,
                             &grantorId, &avail_goptions);
 
         /*
          * Restrict the privileges to what we can actually grant, and emit the
          * standards-mandated warning and error messages.
          */
         this_privileges =
             restrict_and_check_grant(istmt->is_grant, avail_goptions,
                                      istmt->all_privs, istmt->privileges,
                                      datId, grantorId, OBJECT_DATABASE,
                                      NameStr(pg_database_tuple->datname),
                                      0, NULL);
 
         /*
          * Generate new ACL.
          */
         new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
                                        istmt->grant_option, istmt->behavior,
                                        istmt->grantees, this_privileges,
                                        grantorId, ownerId);
 
         /*
          * We need the members of both old and new ACLs so we can correct the
          * shared dependency information.
          */
         nnewmembers = aclmembers(new_acl, &newmembers);
 
         /* finished building new ACL value, now insert it */
         MemSet(values, 0, sizeof(values));
         MemSet(nulls, false, sizeof(nulls));
         MemSet(replaces, false, sizeof(replaces));
 
         replaces[Anum_pg_database_datacl - 1] = true;
         values[Anum_pg_database_datacl - 1] = PointerGetDatum(new_acl);
 
         newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
                                      nulls, replaces);
 
         CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
 
         /* Update the shared dependency ACL info */
         updateAclDependencies(DatabaseRelationId, HeapTupleGetOid(tuple), 0,
                               ownerId,
                               noldmembers, oldmembers,
                               nnewmembers, newmembers);
 
         ReleaseSysCache(tuple);
 
         pfree(new_acl);
 
         /* prevent error when processing duplicate objects */
         CommandCounterIncrement();
     }
 
     heap_close(relation, RowExclusiveLock);
 }

◆ ExecGrant_Fdw()

static void ExecGrant_Fdw ( InternalGrant * grantStmt )

static

Definition at line 2242 of file aclchk.c.

References ACL_ALL_RIGHTS_FDW, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ERROR, FOREIGNDATAWRAPPEROID, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_close, heap_modify_tuple(), heap_open(), HeapTupleGetOid, HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, MemSet, merge_acl_with_grant(), NameStr, OBJECT_FDW, ObjectIdGetDatum, InternalGrant::objects, pfree(), PointerGetDatum, InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

 {
     Relation    relation;
     ListCell   *cell;
 
     if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
         istmt->privileges = ACL_ALL_RIGHTS_FDW;
 
     relation = heap_open(ForeignDataWrapperRelationId, RowExclusiveLock);
 
     foreach(cell, istmt->objects)
     {
         Oid         fdwid = lfirst_oid(cell);
         Form_pg_foreign_data_wrapper pg_fdw_tuple;
         Datum       aclDatum;
         bool        isNull;
         AclMode     avail_goptions;
         AclMode     this_privileges;
         Acl        *old_acl;
         Acl        *new_acl;
         Oid         grantorId;
         Oid         ownerId;
         HeapTuple   tuple;
         HeapTuple   newtuple;
         Datum       values[Natts_pg_foreign_data_wrapper];
         bool        nulls[Natts_pg_foreign_data_wrapper];
         bool        replaces[Natts_pg_foreign_data_wrapper];
         int         noldmembers;
         int         nnewmembers;
         Oid        *oldmembers;
         Oid        *newmembers;
 
         tuple = SearchSysCache1(FOREIGNDATAWRAPPEROID,
                                 ObjectIdGetDatum(fdwid));
         if (!HeapTupleIsValid(tuple))
             elog(ERROR, "cache lookup failed for foreign-data wrapper %u", fdwid);
 
         pg_fdw_tuple = (Form_pg_foreign_data_wrapper) GETSTRUCT(tuple);
 
         /*
          * Get owner ID and working copy of existing ACL. If there's no ACL,
          * substitute the proper default.
          */
         ownerId = pg_fdw_tuple->fdwowner;
         aclDatum = SysCacheGetAttr(FOREIGNDATAWRAPPEROID, tuple,
                                    Anum_pg_foreign_data_wrapper_fdwacl,
                                    &isNull);
         if (isNull)
         {
             old_acl = acldefault(OBJECT_FDW, ownerId);
             /* There are no old member roles according to the catalogs */
             noldmembers = 0;
             oldmembers = NULL;
         }
         else
         {
             old_acl = DatumGetAclPCopy(aclDatum);
             /* Get the roles mentioned in the existing ACL */
             noldmembers = aclmembers(old_acl, &oldmembers);
         }
 
         /* Determine ID to do the grant as, and available grant options */
         select_best_grantor(GetUserId(), istmt->privileges,
                             old_acl, ownerId,
                             &grantorId, &avail_goptions);
 
         /*
          * Restrict the privileges to what we can actually grant, and emit the
          * standards-mandated warning and error messages.
          */
         this_privileges =
             restrict_and_check_grant(istmt->is_grant, avail_goptions,
                                      istmt->all_privs, istmt->privileges,
                                      fdwid, grantorId, OBJECT_FDW,
                                      NameStr(pg_fdw_tuple->fdwname),
                                      0, NULL);
 
         /*
          * Generate new ACL.
          */
         new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
                                        istmt->grant_option, istmt->behavior,
                                        istmt->grantees, this_privileges,
                                        grantorId, ownerId);
 
         /*
          * We need the members of both old and new ACLs so we can correct the
          * shared dependency information.
          */
         nnewmembers = aclmembers(new_acl, &newmembers);
 
         /* finished building new ACL value, now insert it */
         MemSet(values, 0, sizeof(values));
         MemSet(nulls, false, sizeof(nulls));
         MemSet(replaces, false, sizeof(replaces));
 
         replaces[Anum_pg_foreign_data_wrapper_fdwacl - 1] = true;
         values[Anum_pg_foreign_data_wrapper_fdwacl - 1] = PointerGetDatum(new_acl);
 
         newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
                                      nulls, replaces);
 
         CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
 
         /* Update initial privileges for extensions */
         recordExtensionInitPriv(fdwid, ForeignDataWrapperRelationId, 0,
                                 new_acl);
 
         /* Update the shared dependency ACL info */
         updateAclDependencies(ForeignDataWrapperRelationId,
                               HeapTupleGetOid(tuple), 0,
                               ownerId,
                               noldmembers, oldmembers,
                               nnewmembers, newmembers);
 
         ReleaseSysCache(tuple);
 
         pfree(new_acl);
 
         /* prevent error when processing duplicate objects */
         CommandCounterIncrement();
     }
 
     heap_close(relation, RowExclusiveLock);
 }

◆ ExecGrant_ForeignServer()

static void ExecGrant_ForeignServer ( InternalGrant * grantStmt )

static

Definition at line 2369 of file aclchk.c.

References ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ERROR, FOREIGNSERVEROID, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_close, heap_modify_tuple(), heap_open(), HeapTupleGetOid, HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, MemSet, merge_acl_with_grant(), NameStr, OBJECT_FOREIGN_SERVER, ObjectIdGetDatum, InternalGrant::objects, pfree(), PointerGetDatum, InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

 {
     Relation    relation;
     ListCell   *cell;
 
     if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
         istmt->privileges = ACL_ALL_RIGHTS_FOREIGN_SERVER;
 
     relation = heap_open(ForeignServerRelationId, RowExclusiveLock);
 
     foreach(cell, istmt->objects)
     {
         Oid         srvid = lfirst_oid(cell);
         Form_pg_foreign_server pg_server_tuple;
         Datum       aclDatum;
         bool        isNull;
         AclMode     avail_goptions;
         AclMode     this_privileges;
         Acl        *old_acl;
         Acl        *new_acl;
         Oid         grantorId;
         Oid         ownerId;
         HeapTuple   tuple;
         HeapTuple   newtuple;
         Datum       values[Natts_pg_foreign_server];
         bool        nulls[Natts_pg_foreign_server];
         bool        replaces[Natts_pg_foreign_server];
         int         noldmembers;
         int         nnewmembers;
         Oid        *oldmembers;
         Oid        *newmembers;
 
         tuple = SearchSysCache1(FOREIGNSERVEROID, ObjectIdGetDatum(srvid));
         if (!HeapTupleIsValid(tuple))
             elog(ERROR, "cache lookup failed for foreign server %u", srvid);
 
         pg_server_tuple = (Form_pg_foreign_server) GETSTRUCT(tuple);
 
         /*
          * Get owner ID and working copy of existing ACL. If there's no ACL,
          * substitute the proper default.
          */
         ownerId = pg_server_tuple->srvowner;
         aclDatum = SysCacheGetAttr(FOREIGNSERVEROID, tuple,
                                    Anum_pg_foreign_server_srvacl,
                                    &isNull);
         if (isNull)
         {
             old_acl = acldefault(OBJECT_FOREIGN_SERVER, ownerId);
             /* There are no old member roles according to the catalogs */
             noldmembers = 0;
             oldmembers = NULL;
         }
         else
         {
             old_acl = DatumGetAclPCopy(aclDatum);
             /* Get the roles mentioned in the existing ACL */
             noldmembers = aclmembers(old_acl, &oldmembers);
         }
 
         /* Determine ID to do the grant as, and available grant options */
         select_best_grantor(GetUserId(), istmt->privileges,
                             old_acl, ownerId,
                             &grantorId, &avail_goptions);
 
         /*
          * Restrict the privileges to what we can actually grant, and emit the
          * standards-mandated warning and error messages.
          */
         this_privileges =
             restrict_and_check_grant(istmt->is_grant, avail_goptions,
                                      istmt->all_privs, istmt->privileges,
                                      srvid, grantorId, OBJECT_FOREIGN_SERVER,
                                      NameStr(pg_server_tuple->srvname),
                                      0, NULL);
 
         /*
          * Generate new ACL.
          */
         new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
                                        istmt->grant_option, istmt->behavior,
                                        istmt->grantees, this_privileges,
                                        grantorId, ownerId);
 
         /*
          * We need the members of both old and new ACLs so we can correct the
          * shared dependency information.
          */
         nnewmembers = aclmembers(new_acl, &newmembers);
 
         /* finished building new ACL value, now insert it */
         MemSet(values, 0, sizeof(values));
         MemSet(nulls, false, sizeof(nulls));
         MemSet(replaces, false, sizeof(replaces));
 
         replaces[Anum_pg_foreign_server_srvacl - 1] = true;
         values[Anum_pg_foreign_server_srvacl - 1] = PointerGetDatum(new_acl);
 
         newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
                                      nulls, replaces);
 
         CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
 
         /* Update initial privileges for extensions */
         recordExtensionInitPriv(srvid, ForeignServerRelationId, 0, new_acl);
 
         /* Update the shared dependency ACL info */
         updateAclDependencies(ForeignServerRelationId,
                               HeapTupleGetOid(tuple), 0,
                               ownerId,
                               noldmembers, oldmembers,
                               nnewmembers, newmembers);
 
         ReleaseSysCache(tuple);
 
         pfree(new_acl);
 
         /* prevent error when processing duplicate objects */
         CommandCounterIncrement();
     }
 
     heap_close(relation, RowExclusiveLock);
 }

◆ ExecGrant_Function()

static void ExecGrant_Function ( InternalGrant * grantStmt )

static

Definition at line 2494 of file aclchk.c.

References ACL_ALL_RIGHTS_FUNCTION, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_close, heap_modify_tuple(), heap_open(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, MemSet, merge_acl_with_grant(), NameStr, OBJECT_FUNCTION, ObjectIdGetDatum, InternalGrant::objects, pfree(), PointerGetDatum, InternalGrant::privileges, PROCOID, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

 {
     Relation    relation;
     ListCell   *cell;
 
     if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
         istmt->privileges = ACL_ALL_RIGHTS_FUNCTION;
 
     relation = heap_open(ProcedureRelationId, RowExclusiveLock);
 
     foreach(cell, istmt->objects)
     {
         Oid         funcId = lfirst_oid(cell);
         Form_pg_proc pg_proc_tuple;
         Datum       aclDatum;
         bool        isNull;
         AclMode     avail_goptions;
         AclMode     this_privileges;
         Acl        *old_acl;
         Acl        *new_acl;
         Oid         grantorId;
         Oid         ownerId;
         HeapTuple   tuple;
         HeapTuple   newtuple;
         Datum       values[Natts_pg_proc];
         bool        nulls[Natts_pg_proc];
         bool        replaces[Natts_pg_proc];
         int         noldmembers;
         int         nnewmembers;
         Oid        *oldmembers;
         Oid        *newmembers;
 
         tuple = SearchSysCache1(PROCOID, ObjectIdGetDatum(funcId));
         if (!HeapTupleIsValid(tuple))
             elog(ERROR, "cache lookup failed for function %u", funcId);
 
         pg_proc_tuple = (Form_pg_proc) GETSTRUCT(tuple);
 
         /*
          * Get owner ID and working copy of existing ACL. If there's no ACL,
          * substitute the proper default.
          */
         ownerId = pg_proc_tuple->proowner;
         aclDatum = SysCacheGetAttr(PROCOID, tuple, Anum_pg_proc_proacl,
                                    &isNull);
         if (isNull)
         {
             old_acl = acldefault(OBJECT_FUNCTION, ownerId);
             /* There are no old member roles according to the catalogs */
             noldmembers = 0;
             oldmembers = NULL;
         }
         else
         {
             old_acl = DatumGetAclPCopy(aclDatum);
             /* Get the roles mentioned in the existing ACL */
             noldmembers = aclmembers(old_acl, &oldmembers);
         }
 
         /* Determine ID to do the grant as, and available grant options */
         select_best_grantor(GetUserId(), istmt->privileges,
                             old_acl, ownerId,
                             &grantorId, &avail_goptions);
 
         /*
          * Restrict the privileges to what we can actually grant, and emit the
          * standards-mandated warning and error messages.
          */
         this_privileges =
             restrict_and_check_grant(istmt->is_grant, avail_goptions,
                                      istmt->all_privs, istmt->privileges,
                                      funcId, grantorId, OBJECT_FUNCTION,
                                      NameStr(pg_proc_tuple->proname),
                                      0, NULL);
 
         /*
          * Generate new ACL.
          */
         new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
                                        istmt->grant_option, istmt->behavior,
                                        istmt->grantees, this_privileges,
                                        grantorId, ownerId);
 
         /*
          * We need the members of both old and new ACLs so we can correct the
          * shared dependency information.
          */
         nnewmembers = aclmembers(new_acl, &newmembers);
 
         /* finished building new ACL value, now insert it */
         MemSet(values, 0, sizeof(values));
         MemSet(nulls, false, sizeof(nulls));
         MemSet(replaces, false, sizeof(replaces));
 
         replaces[Anum_pg_proc_proacl - 1] = true;
         values[Anum_pg_proc_proacl - 1] = PointerGetDatum(new_acl);
 
         newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
                                      nulls, replaces);
 
         CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
 
         /* Update initial privileges for extensions */
         recordExtensionInitPriv(funcId, ProcedureRelationId, 0, new_acl);
 
         /* Update the shared dependency ACL info */
         updateAclDependencies(ProcedureRelationId, funcId, 0,
                               ownerId,
                               noldmembers, oldmembers,
                               nnewmembers, newmembers);
 
         ReleaseSysCache(tuple);
 
         pfree(new_acl);
 
         /* prevent error when processing duplicate objects */
         CommandCounterIncrement();
     }
 
     heap_close(relation, RowExclusiveLock);
 }

◆ ExecGrant_Language()

static void ExecGrant_Language ( InternalGrant * grantStmt )

static

Definition at line 2617 of file aclchk.c.

References ACL_ALL_RIGHTS_LANGUAGE, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ereport, errcode(), errdetail(), errmsg(), ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_close, heap_modify_tuple(), heap_open(), HeapTupleGetOid, HeapTupleIsValid, InternalGrant::is_grant, LANGNAME, LANGOID, lfirst_oid, MemSet, merge_acl_with_grant(), NameStr, OBJECT_LANGUAGE, ObjectIdGetDatum, InternalGrant::objects, pfree(), PointerGetDatum, InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

 {
     Relation    relation;
     ListCell   *cell;
 
     if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
         istmt->privileges = ACL_ALL_RIGHTS_LANGUAGE;
 
     relation = heap_open(LanguageRelationId, RowExclusiveLock);
 
     foreach(cell, istmt->objects)
     {
         Oid         langId = lfirst_oid(cell);
         Form_pg_language pg_language_tuple;
         Datum       aclDatum;
         bool        isNull;
         AclMode     avail_goptions;
         AclMode     this_privileges;
         Acl        *old_acl;
         Acl        *new_acl;
         Oid         grantorId;
         Oid         ownerId;
         HeapTuple   tuple;
         HeapTuple   newtuple;
         Datum       values[Natts_pg_language];
         bool        nulls[Natts_pg_language];
         bool        replaces[Natts_pg_language];
         int         noldmembers;
         int         nnewmembers;
         Oid        *oldmembers;
         Oid        *newmembers;
 
         tuple = SearchSysCache1(LANGOID, ObjectIdGetDatum(langId));
         if (!HeapTupleIsValid(tuple))
             elog(ERROR, "cache lookup failed for language %u", langId);
 
         pg_language_tuple = (Form_pg_language) GETSTRUCT(tuple);
 
         if (!pg_language_tuple->lanpltrusted)
             ereport(ERROR,
                     (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                      errmsg("language \"%s\" is not trusted",
                             NameStr(pg_language_tuple->lanname)),
                      errdetail("GRANT and REVOKE are not allowed on untrusted languages, "
                                "because only superusers can use untrusted languages.")));
 
         /*
          * Get owner ID and working copy of existing ACL. If there's no ACL,
          * substitute the proper default.
          */
         ownerId = pg_language_tuple->lanowner;
         aclDatum = SysCacheGetAttr(LANGNAME, tuple, Anum_pg_language_lanacl,
                                    &isNull);
         if (isNull)
         {
             old_acl = acldefault(OBJECT_LANGUAGE, ownerId);
             /* There are no old member roles according to the catalogs */
             noldmembers = 0;
             oldmembers = NULL;
         }
         else
         {
             old_acl = DatumGetAclPCopy(aclDatum);
             /* Get the roles mentioned in the existing ACL */
             noldmembers = aclmembers(old_acl, &oldmembers);
         }
 
         /* Determine ID to do the grant as, and available grant options */
         select_best_grantor(GetUserId(), istmt->privileges,
                             old_acl, ownerId,
                             &grantorId, &avail_goptions);
 
         /*
          * Restrict the privileges to what we can actually grant, and emit the
          * standards-mandated warning and error messages.
          */
         this_privileges =
             restrict_and_check_grant(istmt->is_grant, avail_goptions,
                                      istmt->all_privs, istmt->privileges,
                                      langId, grantorId, OBJECT_LANGUAGE,
                                      NameStr(pg_language_tuple->lanname),
                                      0, NULL);
 
         /*
          * Generate new ACL.
          */
         new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
                                        istmt->grant_option, istmt->behavior,
                                        istmt->grantees, this_privileges,
                                        grantorId, ownerId);
 
         /*
          * We need the members of both old and new ACLs so we can correct the
          * shared dependency information.
          */
         nnewmembers = aclmembers(new_acl, &newmembers);
 
         /* finished building new ACL value, now insert it */
         MemSet(values, 0, sizeof(values));
         MemSet(nulls, false, sizeof(nulls));
         MemSet(replaces, false, sizeof(replaces));
 
         replaces[Anum_pg_language_lanacl - 1] = true;
         values[Anum_pg_language_lanacl - 1] = PointerGetDatum(new_acl);
 
         newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
                                      nulls, replaces);
 
         CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
 
         /* Update initial privileges for extensions */
         recordExtensionInitPriv(langId, LanguageRelationId, 0, new_acl);
 
         /* Update the shared dependency ACL info */
         updateAclDependencies(LanguageRelationId, HeapTupleGetOid(tuple), 0,
                               ownerId,
                               noldmembers, oldmembers,
                               nnewmembers, newmembers);
 
         ReleaseSysCache(tuple);
 
         pfree(new_acl);
 
         /* prevent error when processing duplicate objects */
         CommandCounterIncrement();
     }
 
     heap_close(relation, RowExclusiveLock);
 }

◆ ExecGrant_Largeobject()

static void ExecGrant_Largeobject ( InternalGrant * grantStmt )

static

Definition at line 2748 of file aclchk.c.

References ACL_ALL_RIGHTS_LARGEOBJECT, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, BTEqualStrategyNumber, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_close, heap_getattr, heap_modify_tuple(), heap_open(), HeapTupleGetOid, HeapTupleIsValid, InternalGrant::is_grant, LargeObjectMetadataOidIndexId, lfirst_oid, MemSet, merge_acl_with_grant(), NAMEDATALEN, OBJECT_LARGEOBJECT, ObjectIdAttributeNumber, ObjectIdGetDatum, InternalGrant::objects, pfree(), PointerGetDatum, InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, restrict_and_check_grant(), RowExclusiveLock, ScanKeyInit(), select_best_grantor(), snprintf(), systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

 {
     Relation    relation;
     ListCell   *cell;
 
     if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
         istmt->privileges = ACL_ALL_RIGHTS_LARGEOBJECT;
 
     relation = heap_open(LargeObjectMetadataRelationId,
                          RowExclusiveLock);
 
     foreach(cell, istmt->objects)
     {
         Oid         loid = lfirst_oid(cell);
         Form_pg_largeobject_metadata form_lo_meta;
         char        loname[NAMEDATALEN];
         Datum       aclDatum;
         bool        isNull;
         AclMode     avail_goptions;
         AclMode     this_privileges;
         Acl        *old_acl;
         Acl        *new_acl;
         Oid         grantorId;
         Oid         ownerId;
         HeapTuple   newtuple;
         Datum       values[Natts_pg_largeobject_metadata];
         bool        nulls[Natts_pg_largeobject_metadata];
         bool        replaces[Natts_pg_largeobject_metadata];
         int         noldmembers;
         int         nnewmembers;
         Oid        *oldmembers;
         Oid        *newmembers;
         ScanKeyData entry[1];
         SysScanDesc scan;
         HeapTuple   tuple;
 
         /* There's no syscache for pg_largeobject_metadata */
         ScanKeyInit(&entry[0],
                     ObjectIdAttributeNumber,
                     BTEqualStrategyNumber, F_OIDEQ,
                     ObjectIdGetDatum(loid));
 
         scan = systable_beginscan(relation,
                                   LargeObjectMetadataOidIndexId, true,
                                   NULL, 1, entry);
 
         tuple = systable_getnext(scan);
         if (!HeapTupleIsValid(tuple))
             elog(ERROR, "could not find tuple for large object %u", loid);
 
         form_lo_meta = (Form_pg_largeobject_metadata) GETSTRUCT(tuple);
 
         /*
          * Get owner ID and working copy of existing ACL. If there's no ACL,
          * substitute the proper default.
          */
         ownerId = form_lo_meta->lomowner;
         aclDatum = heap_getattr(tuple,
                                 Anum_pg_largeobject_metadata_lomacl,
                                 RelationGetDescr(relation), &isNull);
         if (isNull)
         {
             old_acl = acldefault(OBJECT_LARGEOBJECT, ownerId);
             /* There are no old member roles according to the catalogs */
             noldmembers = 0;
             oldmembers = NULL;
         }
         else
         {
             old_acl = DatumGetAclPCopy(aclDatum);
             /* Get the roles mentioned in the existing ACL */
             noldmembers = aclmembers(old_acl, &oldmembers);
         }
 
         /* Determine ID to do the grant as, and available grant options */
         select_best_grantor(GetUserId(), istmt->privileges,
                             old_acl, ownerId,
                             &grantorId, &avail_goptions);
 
         /*
          * Restrict the privileges to what we can actually grant, and emit the
          * standards-mandated warning and error messages.
          */
         snprintf(loname, sizeof(loname), "large object %u", loid);
         this_privileges =
             restrict_and_check_grant(istmt->is_grant, avail_goptions,
                                      istmt->all_privs, istmt->privileges,
                                      loid, grantorId, OBJECT_LARGEOBJECT,
                                      loname, 0, NULL);
 
         /*
          * Generate new ACL.
          */
         new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
                                        istmt->grant_option, istmt->behavior,
                                        istmt->grantees, this_privileges,
                                        grantorId, ownerId);
 
         /*
          * We need the members of both old and new ACLs so we can correct the
          * shared dependency information.
          */
         nnewmembers = aclmembers(new_acl, &newmembers);
 
         /* finished building new ACL value, now insert it */
         MemSet(values, 0, sizeof(values));
         MemSet(nulls, false, sizeof(nulls));
         MemSet(replaces, false, sizeof(replaces));
 
         replaces[Anum_pg_largeobject_metadata_lomacl - 1] = true;
         values[Anum_pg_largeobject_metadata_lomacl - 1]
             = PointerGetDatum(new_acl);
 
         newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
                                      values, nulls, replaces);
 
         CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
 
         /* Update initial privileges for extensions */
         recordExtensionInitPriv(loid, LargeObjectRelationId, 0, new_acl);
 
         /* Update the shared dependency ACL info */
         updateAclDependencies(LargeObjectRelationId,
                               HeapTupleGetOid(tuple), 0,
                               ownerId,
                               noldmembers, oldmembers,
                               nnewmembers, newmembers);
 
         systable_endscan(scan);
 
         pfree(new_acl);
 
         /* prevent error when processing duplicate objects */
         CommandCounterIncrement();
     }
 
     heap_close(relation, RowExclusiveLock);
 }

◆ ExecGrant_Namespace()

static void ExecGrant_Namespace ( InternalGrant * grantStmt )

static

Definition at line 2888 of file aclchk.c.

References ACL_ALL_RIGHTS_SCHEMA, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_close, heap_modify_tuple(), heap_open(), HeapTupleGetOid, HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, MemSet, merge_acl_with_grant(), NAMESPACENAME, NAMESPACEOID, NameStr, OBJECT_SCHEMA, ObjectIdGetDatum, InternalGrant::objects, pfree(), PointerGetDatum, InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), SysCacheGetAttr(), HeapTupleData::t_self, updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

 {
     Relation    relation;
     ListCell   *cell;
 
     if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
         istmt->privileges = ACL_ALL_RIGHTS_SCHEMA;
 
     relation = heap_open(NamespaceRelationId, RowExclusiveLock);
 
     foreach(cell, istmt->objects)
     {
         Oid         nspid = lfirst_oid(cell);
         Form_pg_namespace pg_namespace_tuple;
         Datum       aclDatum;
         bool        isNull;
         AclMode     avail_goptions;
         AclMode     this_privileges;
         Acl        *old_acl;
         Acl        *new_acl;
         Oid         grantorId;
         Oid         ownerId;
         HeapTuple   tuple;
         HeapTuple   newtuple;
         Datum       values[Natts_pg_namespace];
         bool        nulls[Natts_pg_namespace];
         bool        replaces[Natts_pg_namespace];
         int         noldmembers;
         int         nnewmembers;
         Oid        *oldmembers;
         Oid        *newmembers;
 
         tuple = SearchSysCache1(NAMESPACEOID, ObjectIdGetDatum(nspid));
         if (!HeapTupleIsValid(tuple))
             elog(ERROR, "cache lookup failed for namespace %u", nspid);
 
         pg_namespace_tuple = (Form_pg_namespace) GETSTRUCT(tuple);
 
         /*
          * Get owner ID and working copy of existing ACL. If there's no ACL,
          * substitute the proper default.
          */
         ownerId = pg_namespace_tuple->nspowner;
         aclDatum = SysCacheGetAttr(NAMESPACENAME, tuple,
                                    Anum_pg_namespace_nspacl,
                                    &isNull);
         if (isNull)
         {
             old_acl = acldefault(OBJECT_SCHEMA, ownerId);
             /* There are no old member roles according to the catalogs */
             noldmembers = 0;
             oldmembers = NULL;
         }
         else
         {
             old_acl = DatumGetAclPCopy(aclDatum);
             /* Get the roles mentioned in the existing ACL */
             noldmembers = aclmembers(old_acl, &oldmembers);
         }
 
         /* Determine ID to do the grant as, and available grant options */
         select_best_grantor(GetUserId(), istmt->privileges,
                             old_acl, ownerId,
                             &grantorId, &avail_goptions);
 
         /*
          * Restrict the privileges to what we can actually grant, and emit the
          * standards-mandated warning and error messages.
          */
         this_privileges =
             restrict_and_check_grant(istmt->is_grant, avail_goptions,
                                      istmt->all_privs, istmt->privileges,
                                      nspid, grantorId, OBJECT_SCHEMA,
                                      NameStr(pg_namespace_tuple->nspname),
                                      0, NULL);
 
         /*
          * Generate new ACL.
          */
         new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
                                        istmt->grant_option, istmt->behavior,
                                        istmt->grantees, this_privileges,
                                        grantorId, ownerId);
 
         /*
          * We need the members of both old and new ACLs so we can correct the
          * shared dependency information.
          */
         nnewmembers = aclmembers(new_acl, &newmembers);
 
         /* finished building new ACL value, now insert it */
         MemSet(values, 0, sizeof(values));
         MemSet(nulls, false, sizeof(nulls));
         MemSet(replaces, false, sizeof(replaces));
 
         replaces[Anum_pg_namespace_nspacl - 1] = true;
         values[Anum_pg_namespace_nspacl - 1] = PointerGetDatum(new_acl);
 
         newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
                                      nulls, replaces);
 
         CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
 
         /* Update initial privileges for extensions */
         recordExtensionInitPriv(nspid, NamespaceRelationId, 0, new_acl);
 
         /* Update the shared dependency ACL info */
         updateAclDependencies(NamespaceRelationId, HeapTupleGetOid(tuple), 0,
                               ownerId,
                               noldmembers, oldmembers,
                               nnewmembers, newmembers);
 
         ReleaseSysCache(tuple);
 
         pfree(new_acl);
 
         /* prevent error when processing duplicate objects */
         CommandCounterIncrement();
     }
 
     heap_close(relation, RowExclusiveLock);
 }

◆ ExecGrant_Relation()

static void ExecGrant_Relation ( InternalGrant * grantStmt )

static

Definition at line 1790 of file aclchk.c.

References ACL_ALL_RIGHTS_COLUMN, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SEQUENCE, ACL_NO_RIGHTS, ACL_SELECT, aclcopy(), acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), InternalGrant::col_privs, AccessPriv::cols, CommandCounterIncrement(), DatumGetAclPCopy, elog, ereport, errcode(), errmsg(), ERROR, ExecGrant_Attribute(), expand_all_col_privileges(), expand_col_privileges(), FirstLowInvalidHeapAttributeNumber, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_close, heap_modify_tuple(), heap_open(), HeapTupleIsValid, i, InternalGrant::is_grant, lfirst, lfirst_oid, MemSet, merge_acl_with_grant(), NameStr, OBJECT_SEQUENCE, OBJECT_TABLE, ObjectIdGetDatum, InternalGrant::objects, InternalGrant::objtype, palloc0(), pfree(), PointerGetDatum, AccessPriv::priv_name, privilege_to_string(), InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), RELOID, restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), string_to_privilege(), SysCacheGetAttr(), HeapTupleData::t_self, updateAclDependencies(), values, and WARNING.

Referenced by ExecGrantStmt_oids().

 {
     Relation    relation;
     Relation    attRelation;
     ListCell   *cell;
 
     relation = heap_open(RelationRelationId, RowExclusiveLock);
     attRelation = heap_open(AttributeRelationId, RowExclusiveLock);
 
     foreach(cell, istmt->objects)
     {
         Oid         relOid = lfirst_oid(cell);
         Datum       aclDatum;
         Form_pg_class pg_class_tuple;
         bool        isNull;
         AclMode     this_privileges;
         AclMode    *col_privileges;
         int         num_col_privileges;
         bool        have_col_privileges;
         Acl        *old_acl;
         Acl        *old_rel_acl;
         int         noldmembers;
         Oid        *oldmembers;
         Oid         ownerId;
         HeapTuple   tuple;
         ListCell   *cell_colprivs;
 
         tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(relOid));
         if (!HeapTupleIsValid(tuple))
             elog(ERROR, "cache lookup failed for relation %u", relOid);
         pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
 
         /* Not sensible to grant on an index */
         if (pg_class_tuple->relkind == RELKIND_INDEX ||
             pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX)
             ereport(ERROR,
                     (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                      errmsg("\"%s\" is an index",
                             NameStr(pg_class_tuple->relname))));
 
         /* Composite types aren't tables either */
         if (pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
             ereport(ERROR,
                     (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                      errmsg("\"%s\" is a composite type",
                             NameStr(pg_class_tuple->relname))));
 
         /* Used GRANT SEQUENCE on a non-sequence? */
         if (istmt->objtype == OBJECT_SEQUENCE &&
             pg_class_tuple->relkind != RELKIND_SEQUENCE)
             ereport(ERROR,
                     (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                      errmsg("\"%s\" is not a sequence",
                             NameStr(pg_class_tuple->relname))));
 
         /* Adjust the default permissions based on object type */
         if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
         {
             if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
                 this_privileges = ACL_ALL_RIGHTS_SEQUENCE;
             else
                 this_privileges = ACL_ALL_RIGHTS_RELATION;
         }
         else
             this_privileges = istmt->privileges;
 
         /*
          * The GRANT TABLE syntax can be used for sequences and non-sequences,
          * so we have to look at the relkind to determine the supported
          * permissions.  The OR of table and sequence permissions were already
          * checked.
          */
         if (istmt->objtype == OBJECT_TABLE)
         {
             if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
             {
                 /*
                  * For backward compatibility, just throw a warning for
                  * invalid sequence permissions when using the non-sequence
                  * GRANT syntax.
                  */
                 if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_SEQUENCE))
                 {
                     /*
                      * Mention the object name because the user needs to know
                      * which operations succeeded.  This is required because
                      * WARNING allows the command to continue.
                      */
                     ereport(WARNING,
                             (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                              errmsg("sequence \"%s\" only supports USAGE, SELECT, and UPDATE privileges",
                                     NameStr(pg_class_tuple->relname))));
                     this_privileges &= (AclMode) ACL_ALL_RIGHTS_SEQUENCE;
                 }
             }
             else
             {
                 if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_RELATION))
                 {
                     /*
                      * USAGE is the only permission supported by sequences but
                      * not by non-sequences.  Don't mention the object name
                      * because we didn't in the combined TABLE | SEQUENCE
                      * check.
                      */
                     ereport(ERROR,
                             (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                              errmsg("invalid privilege type %s for table",
                                     "USAGE")));
                 }
             }
         }
 
         /*
          * Set up array in which we'll accumulate any column privilege bits
          * that need modification.  The array is indexed such that entry [0]
          * corresponds to FirstLowInvalidHeapAttributeNumber.
          */
         num_col_privileges = pg_class_tuple->relnatts - FirstLowInvalidHeapAttributeNumber + 1;
         col_privileges = (AclMode *) palloc0(num_col_privileges * sizeof(AclMode));
         have_col_privileges = false;
 
         /*
          * If we are revoking relation privileges that are also column
          * privileges, we must implicitly revoke them from each column too,
          * per SQL spec.  (We don't need to implicitly add column privileges
          * during GRANT because the permissions-checking code always checks
          * both relation and per-column privileges.)
          */
         if (!istmt->is_grant &&
             (this_privileges & ACL_ALL_RIGHTS_COLUMN) != 0)
         {
             expand_all_col_privileges(relOid, pg_class_tuple,
                                       this_privileges & ACL_ALL_RIGHTS_COLUMN,
                                       col_privileges,
                                       num_col_privileges);
             have_col_privileges = true;
         }
 
         /*
          * Get owner ID and working copy of existing ACL. If there's no ACL,
          * substitute the proper default.
          */
         ownerId = pg_class_tuple->relowner;
         aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
                                    &isNull);
         if (isNull)
         {
             switch (pg_class_tuple->relkind)
             {
                 case RELKIND_SEQUENCE:
                     old_acl = acldefault(OBJECT_SEQUENCE, ownerId);
                     break;
                 default:
                     old_acl = acldefault(OBJECT_TABLE, ownerId);
                     break;
             }
             /* There are no old member roles according to the catalogs */
             noldmembers = 0;
             oldmembers = NULL;
         }
         else
         {
             old_acl = DatumGetAclPCopy(aclDatum);
             /* Get the roles mentioned in the existing ACL */
             noldmembers = aclmembers(old_acl, &oldmembers);
         }
 
         /* Need an extra copy of original rel ACL for column handling */
         old_rel_acl = aclcopy(old_acl);
 
         /*
          * Handle relation-level privileges, if any were specified
          */
         if (this_privileges != ACL_NO_RIGHTS)
         {
             AclMode     avail_goptions;
             Acl        *new_acl;
             Oid         grantorId;
             HeapTuple   newtuple;
             Datum       values[Natts_pg_class];
             bool        nulls[Natts_pg_class];
             bool        replaces[Natts_pg_class];
             int         nnewmembers;
             Oid        *newmembers;
             ObjectType  objtype;
 
             /* Determine ID to do the grant as, and available grant options */
             select_best_grantor(GetUserId(), this_privileges,
                                 old_acl, ownerId,
                                 &grantorId, &avail_goptions);
 
             switch (pg_class_tuple->relkind)
             {
                 case RELKIND_SEQUENCE:
                     objtype = OBJECT_SEQUENCE;
                     break;
                 default:
                     objtype = OBJECT_TABLE;
                     break;
             }
 
             /*
              * Restrict the privileges to what we can actually grant, and emit
              * the standards-mandated warning and error messages.
              */
             this_privileges =
                 restrict_and_check_grant(istmt->is_grant, avail_goptions,
                                          istmt->all_privs, this_privileges,
                                          relOid, grantorId, objtype,
                                          NameStr(pg_class_tuple->relname),
                                          0, NULL);
 
             /*
              * Generate new ACL.
              */
             new_acl = merge_acl_with_grant(old_acl,
                                            istmt->is_grant,
                                            istmt->grant_option,
                                            istmt->behavior,
                                            istmt->grantees,
                                            this_privileges,
                                            grantorId,
                                            ownerId);
 
             /*
              * We need the members of both old and new ACLs so we can correct
              * the shared dependency information.
              */
             nnewmembers = aclmembers(new_acl, &newmembers);
 
             /* finished building new ACL value, now insert it */
             MemSet(values, 0, sizeof(values));
             MemSet(nulls, false, sizeof(nulls));
             MemSet(replaces, false, sizeof(replaces));
 
             replaces[Anum_pg_class_relacl - 1] = true;
             values[Anum_pg_class_relacl - 1] = PointerGetDatum(new_acl);
 
             newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
                                          values, nulls, replaces);
 
             CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
 
             /* Update initial privileges for extensions */
             recordExtensionInitPriv(relOid, RelationRelationId, 0, new_acl);
 
             /* Update the shared dependency ACL info */
             updateAclDependencies(RelationRelationId, relOid, 0,
                                   ownerId,
                                   noldmembers, oldmembers,
                                   nnewmembers, newmembers);
 
             pfree(new_acl);
         }
 
         /*
          * Handle column-level privileges, if any were specified or implied.
          * We first expand the user-specified column privileges into the
          * array, and then iterate over all nonempty array entries.
          */
         foreach(cell_colprivs, istmt->col_privs)
         {
             AccessPriv *col_privs = (AccessPriv *) lfirst(cell_colprivs);
 
             if (col_privs->priv_name == NULL)
                 this_privileges = ACL_ALL_RIGHTS_COLUMN;
             else
                 this_privileges = string_to_privilege(col_privs->priv_name);
 
             if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_COLUMN))
                 ereport(ERROR,
                         (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                          errmsg("invalid privilege type %s for column",
                                 privilege_to_string(this_privileges))));
 
             if (pg_class_tuple->relkind == RELKIND_SEQUENCE &&
                 this_privileges & ~((AclMode) ACL_SELECT))
             {
                 /*
                  * The only column privilege allowed on sequences is SELECT.
                  * This is a warning not error because we do it that way for
                  * relation-level privileges.
                  */
                 ereport(WARNING,
                         (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                          errmsg("sequence \"%s\" only supports SELECT column privileges",
                                 NameStr(pg_class_tuple->relname))));
 
                 this_privileges &= (AclMode) ACL_SELECT;
             }
 
             expand_col_privileges(col_privs->cols, relOid,
                                   this_privileges,
                                   col_privileges,
                                   num_col_privileges);
             have_col_privileges = true;
         }
 
         if (have_col_privileges)
         {
             AttrNumber  i;
 
             for (i = 0; i < num_col_privileges; i++)
             {
                 if (col_privileges[i] == ACL_NO_RIGHTS)
                     continue;
                 ExecGrant_Attribute(istmt,
                                     relOid,
                                     NameStr(pg_class_tuple->relname),
                                     i + FirstLowInvalidHeapAttributeNumber,
                                     ownerId,
                                     col_privileges[i],
                                     attRelation,
                                     old_rel_acl);
             }
         }
 
         pfree(old_rel_acl);
         pfree(col_privileges);
 
         ReleaseSysCache(tuple);
 
         /* prevent error when processing duplicate objects */
         CommandCounterIncrement();
     }
 
     heap_close(attRelation, RowExclusiveLock);
     heap_close(relation, RowExclusiveLock);
 }

◆ ExecGrant_Tablespace()

static void ExecGrant_Tablespace ( InternalGrant * grantStmt )

static

Definition at line 3012 of file aclchk.c.

References ACL_ALL_RIGHTS_TABLESPACE, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_close, heap_getattr, heap_modify_tuple(), heap_open(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, MemSet, merge_acl_with_grant(), NameStr, OBJECT_TABLESPACE, ObjectIdGetDatum, InternalGrant::objects, pfree(), PointerGetDatum, InternalGrant::privileges, RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), HeapTupleData::t_self, TABLESPACEOID, updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

 {
     Relation    relation;
     ListCell   *cell;
 
     if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
         istmt->privileges = ACL_ALL_RIGHTS_TABLESPACE;
 
     relation = heap_open(TableSpaceRelationId, RowExclusiveLock);
 
     foreach(cell, istmt->objects)
     {
         Oid         tblId = lfirst_oid(cell);
         Form_pg_tablespace pg_tablespace_tuple;
         Datum       aclDatum;
         bool        isNull;
         AclMode     avail_goptions;
         AclMode     this_privileges;
         Acl        *old_acl;
         Acl        *new_acl;
         Oid         grantorId;
         Oid         ownerId;
         HeapTuple   newtuple;
         Datum       values[Natts_pg_tablespace];
         bool        nulls[Natts_pg_tablespace];
         bool        replaces[Natts_pg_tablespace];
         int         noldmembers;
         int         nnewmembers;
         Oid        *oldmembers;
         Oid        *newmembers;
         HeapTuple   tuple;
 
         /* Search syscache for pg_tablespace */
         tuple = SearchSysCache1(TABLESPACEOID, ObjectIdGetDatum(tblId));
         if (!HeapTupleIsValid(tuple))
             elog(ERROR, "cache lookup failed for tablespace %u", tblId);
 
         pg_tablespace_tuple = (Form_pg_tablespace) GETSTRUCT(tuple);
 
         /*
          * Get owner ID and working copy of existing ACL. If there's no ACL,
          * substitute the proper default.
          */
         ownerId = pg_tablespace_tuple->spcowner;
         aclDatum = heap_getattr(tuple, Anum_pg_tablespace_spcacl,
                                 RelationGetDescr(relation), &isNull);
         if (isNull)
         {
             old_acl = acldefault(OBJECT_TABLESPACE, ownerId);
             /* There are no old member roles according to the catalogs */
             noldmembers = 0;
             oldmembers = NULL;
         }
         else
         {
             old_acl = DatumGetAclPCopy(aclDatum);
             /* Get the roles mentioned in the existing ACL */
             noldmembers = aclmembers(old_acl, &oldmembers);
         }
 
         /* Determine ID to do the grant as, and available grant options */
         select_best_grantor(GetUserId(), istmt->privileges,
                             old_acl, ownerId,
                             &grantorId, &avail_goptions);
 
         /*
          * Restrict the privileges to what we can actually grant, and emit the
          * standards-mandated warning and error messages.
          */
         this_privileges =
             restrict_and_check_grant(istmt->is_grant, avail_goptions,
                                      istmt->all_privs, istmt->privileges,
                                      tblId, grantorId, OBJECT_TABLESPACE,
                                      NameStr(pg_tablespace_tuple->spcname),
                                      0, NULL);
 
         /*
          * Generate new ACL.
          */
         new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
                                        istmt->grant_option, istmt->behavior,
                                        istmt->grantees, this_privileges,
                                        grantorId, ownerId);
 
         /*
          * We need the members of both old and new ACLs so we can correct the
          * shared dependency information.
          */
         nnewmembers = aclmembers(new_acl, &newmembers);
 
         /* finished building new ACL value, now insert it */
         MemSet(values, 0, sizeof(values));
         MemSet(nulls, false, sizeof(nulls));
         MemSet(replaces, false, sizeof(replaces));
 
         replaces[Anum_pg_tablespace_spcacl - 1] = true;
         values[Anum_pg_tablespace_spcacl - 1] = PointerGetDatum(new_acl);
 
         newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
                                      nulls, replaces);
 
         CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
 
         /* Update the shared dependency ACL info */
         updateAclDependencies(TableSpaceRelationId, tblId, 0,
                               ownerId,
                               noldmembers, oldmembers,
                               nnewmembers, newmembers);
 
         ReleaseSysCache(tuple);
         pfree(new_acl);
 
         /* prevent error when processing duplicate objects */
         CommandCounterIncrement();
     }
 
     heap_close(relation, RowExclusiveLock);
 }

◆ ExecGrant_Type()

static void ExecGrant_Type ( InternalGrant * grantStmt )

static

Definition at line 3132 of file aclchk.c.

References ACL_ALL_RIGHTS_TYPE, ACL_NO_RIGHTS, acldefault(), aclmembers(), InternalGrant::all_privs, InternalGrant::behavior, CatalogTupleUpdate(), CommandCounterIncrement(), DatumGetAclPCopy, elog, ereport, errcode(), errhint(), errmsg(), ERROR, GETSTRUCT, GetUserId(), InternalGrant::grant_option, InternalGrant::grantees, heap_close, heap_getattr, heap_modify_tuple(), heap_open(), HeapTupleIsValid, InternalGrant::is_grant, lfirst_oid, MemSet, merge_acl_with_grant(), NameStr, OBJECT_DOMAIN, OBJECT_TYPE, ObjectIdGetDatum, InternalGrant::objects, InternalGrant::objtype, pfree(), PointerGetDatum, InternalGrant::privileges, recordExtensionInitPriv(), RelationGetDescr, ReleaseSysCache(), restrict_and_check_grant(), RowExclusiveLock, SearchSysCache1(), select_best_grantor(), HeapTupleData::t_self, TYPEOID, updateAclDependencies(), and values.

Referenced by ExecGrantStmt_oids().

 {
     Relation    relation;
     ListCell   *cell;
 
     if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
         istmt->privileges = ACL_ALL_RIGHTS_TYPE;
 
     relation = heap_open(TypeRelationId, RowExclusiveLock);
 
     foreach(cell, istmt->objects)
     {
         Oid         typId = lfirst_oid(cell);
         Form_pg_type pg_type_tuple;
         Datum       aclDatum;
         bool        isNull;
         AclMode     avail_goptions;
         AclMode     this_privileges;
         Acl        *old_acl;
         Acl        *new_acl;
         Oid         grantorId;
         Oid         ownerId;
         HeapTuple   newtuple;
         Datum       values[Natts_pg_type];
         bool        nulls[Natts_pg_type];
         bool        replaces[Natts_pg_type];
         int         noldmembers;
         int         nnewmembers;
         Oid        *oldmembers;
         Oid        *newmembers;
         HeapTuple   tuple;
 
         /* Search syscache for pg_type */
         tuple = SearchSysCache1(TYPEOID, ObjectIdGetDatum(typId));
         if (!HeapTupleIsValid(tuple))
             elog(ERROR, "cache lookup failed for type %u", typId);
 
         pg_type_tuple = (Form_pg_type) GETSTRUCT(tuple);
 
         if (pg_type_tuple->typelem != 0 && pg_type_tuple->typlen == -1)
             ereport(ERROR,
                     (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                      errmsg("cannot set privileges of array types"),
                      errhint("Set the privileges of the element type instead.")));
 
         /* Used GRANT DOMAIN on a non-domain? */
         if (istmt->objtype == OBJECT_DOMAIN &&
             pg_type_tuple->typtype != TYPTYPE_DOMAIN)
             ereport(ERROR,
                     (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                      errmsg("\"%s\" is not a domain",
                             NameStr(pg_type_tuple->typname))));
 
         /*
          * Get owner ID and working copy of existing ACL. If there's no ACL,
          * substitute the proper default.
          */
         ownerId = pg_type_tuple->typowner;
         aclDatum = heap_getattr(tuple, Anum_pg_type_typacl,
                                 RelationGetDescr(relation), &isNull);
         if (isNull)
         {
             old_acl = acldefault(istmt->objtype, ownerId);
             /* There are no old member roles according to the catalogs */
             noldmembers = 0;
             oldmembers = NULL;
         }
         else
         {
             old_acl = DatumGetAclPCopy(aclDatum);
             /* Get the roles mentioned in the existing ACL */
             noldmembers = aclmembers(old_acl, &oldmembers);
         }
 
         /* Determine ID to do the grant as, and available grant options */
         select_best_grantor(GetUserId(), istmt->privileges,
                             old_acl, ownerId,
                             &grantorId, &avail_goptions);
 
         /*
          * Restrict the privileges to what we can actually grant, and emit the
          * standards-mandated warning and error messages.
          */
         this_privileges =
             restrict_and_check_grant(istmt->is_grant, avail_goptions,
                                      istmt->all_privs, istmt->privileges,
                                      typId, grantorId, OBJECT_TYPE,
                                      NameStr(pg_type_tuple->typname),
                                      0, NULL);
 
         /*
          * Generate new ACL.
          */
         new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
                                        istmt->grant_option, istmt->behavior,
                                        istmt->grantees, this_privileges,
                                        grantorId, ownerId);
 
         /*
          * We need the members of both old and new ACLs so we can correct the
          * shared dependency information.
          */
         nnewmembers = aclmembers(new_acl, &newmembers);
 
         /* finished building new ACL value, now insert it */
         MemSet(values, 0, sizeof(values));
         MemSet(nulls, false, sizeof(nulls));
         MemSet(replaces, false, sizeof(replaces));
 
         replaces[Anum_pg_type_typacl - 1] = true;
         values[Anum_pg_type_typacl - 1] = PointerGetDatum(new_acl);
 
         newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation), values,
                                      nulls, replaces);
 
         CatalogTupleUpdate(relation, &newtuple->t_self, newtuple);
 
         /* Update initial privileges for extensions */
         recordExtensionInitPriv(typId, TypeRelationId, 0, new_acl);
 
         /* Update the shared dependency ACL info */
         updateAclDependencies(TypeRelationId, typId, 0,
                               ownerId,
                               noldmembers, oldmembers,
                               nnewmembers, newmembers);
 
         ReleaseSysCache(tuple);
         pfree(new_acl);
 
         /* prevent error when processing duplicate objects */
         CommandCounterIncrement();
     }
 
     heap_close(relation, RowExclusiveLock);
 }

◆ ExecGrantStmt_oids()

static void ExecGrantStmt_oids ( InternalGrant * istmt )

static

Definition at line 573 of file aclchk.c.

References elog, ERROR, EventTriggerCollectGrant(), EventTriggerSupportsObjectType(), ExecGrant_Database(), ExecGrant_Fdw(), ExecGrant_ForeignServer(), ExecGrant_Function(), ExecGrant_Language(), ExecGrant_Largeobject(), ExecGrant_Namespace(), ExecGrant_Relation(), ExecGrant_Tablespace(), ExecGrant_Type(), OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, and InternalGrant::objtype.

Referenced by ExecuteGrantStmt(), and RemoveRoleFromObjectACL().

 {
     switch (istmt->objtype)
     {
         case OBJECT_TABLE:
         case OBJECT_SEQUENCE:
             ExecGrant_Relation(istmt);
             break;
         case OBJECT_DATABASE:
             ExecGrant_Database(istmt);
             break;
         case OBJECT_DOMAIN:
         case OBJECT_TYPE:
             ExecGrant_Type(istmt);
             break;
         case OBJECT_FDW:
             ExecGrant_Fdw(istmt);
             break;
         case OBJECT_FOREIGN_SERVER:
             ExecGrant_ForeignServer(istmt);
             break;
         case OBJECT_FUNCTION:
         case OBJECT_PROCEDURE:
         case OBJECT_ROUTINE:
             ExecGrant_Function(istmt);
             break;
         case OBJECT_LANGUAGE:
             ExecGrant_Language(istmt);
             break;
         case OBJECT_LARGEOBJECT:
             ExecGrant_Largeobject(istmt);
             break;
         case OBJECT_SCHEMA:
             ExecGrant_Namespace(istmt);
             break;
         case OBJECT_TABLESPACE:
             ExecGrant_Tablespace(istmt);
             break;
         default:
             elog(ERROR, "unrecognized GrantStmt.objtype: %d",
                  (int) istmt->objtype);
     }
 
     /*
      * Pass the info to event triggers about the just-executed GRANT.  Note
      * that we prefer to do it after actually executing it, because that gives
      * the functions a chance to adjust the istmt with privileges actually
      * granted.
      */
     if (EventTriggerSupportsObjectType(istmt->objtype))
         EventTriggerCollectGrant(istmt);
 }

◆ ExecuteGrantStmt()

void ExecuteGrantStmt ( GrantStmt * stmt )

Definition at line 385 of file aclchk.c.

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_LARGEOBJECT, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, ACL_TARGET_ALL_IN_SCHEMA, ACL_TARGET_OBJECT, InternalGrant::all_privs, InternalGrant::behavior, GrantStmt::behavior, InternalGrant::col_privs, AccessPriv::cols, elog, ereport, errcode(), errmsg(), ERROR, ExecGrantStmt_oids(), get_rolespec_oid(), gettext_noop, InternalGrant::grant_option, GrantStmt::grant_option, InternalGrant::grantees, GrantStmt::grantees, InternalGrant::is_grant, GrantStmt::is_grant, lappend(), lappend_oid(), lfirst, NIL, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, objectNamesToOids(), InternalGrant::objects, GrantStmt::objects, objectsInSchemaToOids(), InternalGrant::objtype, GrantStmt::objtype, AccessPriv::priv_name, privilege_to_string(), InternalGrant::privileges, GrantStmt::privileges, ROLESPEC_PUBLIC, RoleSpec::roletype, string_to_privilege(), and GrantStmt::targtype.

Referenced by ProcessUtilitySlow(), and standard_ProcessUtility().

 {
     InternalGrant istmt;
     ListCell   *cell;
     const char *errormsg;
     AclMode     all_privileges;
 
     /*
      * Turn the regular GrantStmt into the InternalGrant form.
      */
     istmt.is_grant = stmt->is_grant;
     istmt.objtype = stmt->objtype;
 
     /* Collect the OIDs of the target objects */
     switch (stmt->targtype)
     {
         case ACL_TARGET_OBJECT:
             istmt.objects = objectNamesToOids(stmt->objtype, stmt->objects);
             break;
         case ACL_TARGET_ALL_IN_SCHEMA:
             istmt.objects = objectsInSchemaToOids(stmt->objtype, stmt->objects);
             break;
             /* ACL_TARGET_DEFAULTS should not be seen here */
         default:
             elog(ERROR, "unrecognized GrantStmt.targtype: %d",
                  (int) stmt->targtype);
     }
 
     /* all_privs to be filled below */
     /* privileges to be filled below */
     istmt.col_privs = NIL;      /* may get filled below */
     istmt.grantees = NIL;       /* filled below */
     istmt.grant_option = stmt->grant_option;
     istmt.behavior = stmt->behavior;
 
     /*
      * Convert the RoleSpec list into an Oid list.  Note that at this point we
      * insert an ACL_ID_PUBLIC into the list if appropriate, so downstream
      * there shouldn't be any additional work needed to support this case.
      */
     foreach(cell, stmt->grantees)
     {
         RoleSpec   *grantee = (RoleSpec *) lfirst(cell);
         Oid         grantee_uid;
 
         switch (grantee->roletype)
         {
             case ROLESPEC_PUBLIC:
                 grantee_uid = ACL_ID_PUBLIC;
                 break;
             default:
                 grantee_uid = get_rolespec_oid(grantee, false);
                 break;
         }
         istmt.grantees = lappend_oid(istmt.grantees, grantee_uid);
     }
 
     /*
      * Convert stmt->privileges, a list of AccessPriv nodes, into an AclMode
      * bitmask.  Note: objtype can't be OBJECT_COLUMN.
      */
     switch (stmt->objtype)
     {
         case OBJECT_TABLE:
             /*
              * Because this might be a sequence, we test both relation and
              * sequence bits, and later do a more limited test when we know
              * the object type.
              */
             all_privileges = ACL_ALL_RIGHTS_RELATION | ACL_ALL_RIGHTS_SEQUENCE;
             errormsg = gettext_noop("invalid privilege type %s for relation");
             break;
         case OBJECT_SEQUENCE:
             all_privileges = ACL_ALL_RIGHTS_SEQUENCE;
             errormsg = gettext_noop("invalid privilege type %s for sequence");
             break;
         case OBJECT_DATABASE:
             all_privileges = ACL_ALL_RIGHTS_DATABASE;
             errormsg = gettext_noop("invalid privilege type %s for database");
             break;
         case OBJECT_DOMAIN:
             all_privileges = ACL_ALL_RIGHTS_TYPE;
             errormsg = gettext_noop("invalid privilege type %s for domain");
             break;
         case OBJECT_FUNCTION:
             all_privileges = ACL_ALL_RIGHTS_FUNCTION;
             errormsg = gettext_noop("invalid privilege type %s for function");
             break;
         case OBJECT_LANGUAGE:
             all_privileges = ACL_ALL_RIGHTS_LANGUAGE;
             errormsg = gettext_noop("invalid privilege type %s for language");
             break;
         case OBJECT_LARGEOBJECT:
             all_privileges = ACL_ALL_RIGHTS_LARGEOBJECT;
             errormsg = gettext_noop("invalid privilege type %s for large object");
             break;
         case OBJECT_SCHEMA:
             all_privileges = ACL_ALL_RIGHTS_SCHEMA;
             errormsg = gettext_noop("invalid privilege type %s for schema");
             break;
         case OBJECT_PROCEDURE:
             all_privileges = ACL_ALL_RIGHTS_FUNCTION;
             errormsg = gettext_noop("invalid privilege type %s for procedure");
             break;
         case OBJECT_ROUTINE:
             all_privileges = ACL_ALL_RIGHTS_FUNCTION;
             errormsg = gettext_noop("invalid privilege type %s for routine");
             break;
         case OBJECT_TABLESPACE:
             all_privileges = ACL_ALL_RIGHTS_TABLESPACE;
             errormsg = gettext_noop("invalid privilege type %s for tablespace");
             break;
         case OBJECT_TYPE:
             all_privileges = ACL_ALL_RIGHTS_TYPE;
             errormsg = gettext_noop("invalid privilege type %s for type");
             break;
         case OBJECT_FDW:
             all_privileges = ACL_ALL_RIGHTS_FDW;
             errormsg = gettext_noop("invalid privilege type %s for foreign-data wrapper");
             break;
         case OBJECT_FOREIGN_SERVER:
             all_privileges = ACL_ALL_RIGHTS_FOREIGN_SERVER;
             errormsg = gettext_noop("invalid privilege type %s for foreign server");
             break;
         default:
             elog(ERROR, "unrecognized GrantStmt.objtype: %d",
                  (int) stmt->objtype);
             /* keep compiler quiet */
             all_privileges = ACL_NO_RIGHTS;
             errormsg = NULL;
     }
 
     if (stmt->privileges == NIL)
     {
         istmt.all_privs = true;
 
         /*
          * will be turned into ACL_ALL_RIGHTS_* by the internal routines
          * depending on the object type
          */
         istmt.privileges = ACL_NO_RIGHTS;
     }
     else
     {
         istmt.all_privs = false;
         istmt.privileges = ACL_NO_RIGHTS;
 
         foreach(cell, stmt->privileges)
         {
             AccessPriv *privnode = (AccessPriv *) lfirst(cell);
             AclMode     priv;
 
             /*
              * If it's a column-level specification, we just set it aside in
              * col_privs for the moment; but insist it's for a relation.
              */
             if (privnode->cols)
             {
                 if (stmt->objtype != OBJECT_TABLE)
                     ereport(ERROR,
                             (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                              errmsg("column privileges are only valid for relations")));
                 istmt.col_privs = lappend(istmt.col_privs, privnode);
                 continue;
             }
 
             if (privnode->priv_name == NULL)    /* parser mistake? */
                 elog(ERROR, "AccessPriv node must specify privilege or columns");
             priv = string_to_privilege(privnode->priv_name);
 
             if (priv & ~((AclMode) all_privileges))
                 ereport(ERROR,
                         (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                          errmsg(errormsg, privilege_to_string(priv))));
 
             istmt.privileges |= priv;
         }
     }
 
     ExecGrantStmt_oids(&istmt);
 }

◆ expand_all_col_privileges()

static void expand_all_col_privileges	(	Oid	table_oid,
		Form_pg_class	classForm,
		AclMode	this_privileges,
		AclMode *	col_privileges,
		int	num_col_privileges
	)

static

Definition at line 1592 of file aclchk.c.

References Assert, ATTNUM, elog, ERROR, FirstLowInvalidHeapAttributeNumber, GETSTRUCT, HeapTupleIsValid, Int16GetDatum, InvalidAttrNumber, ObjectIdAttributeNumber, ObjectIdGetDatum, ReleaseSysCache(), and SearchSysCache2().

Referenced by ExecGrant_Relation().

 {
     AttrNumber  curr_att;
 
     Assert(classForm->relnatts - FirstLowInvalidHeapAttributeNumber < num_col_privileges);
     for (curr_att = FirstLowInvalidHeapAttributeNumber + 1;
          curr_att <= classForm->relnatts;
          curr_att++)
     {
         HeapTuple   attTuple;
         bool        isdropped;
 
         if (curr_att == InvalidAttrNumber)
             continue;
 
         /* Skip OID column if it doesn't exist */
         if (curr_att == ObjectIdAttributeNumber && !classForm->relhasoids)
             continue;
 
         /* Views don't have any system columns at all */
         if (classForm->relkind == RELKIND_VIEW && curr_att < 0)
             continue;
 
         attTuple = SearchSysCache2(ATTNUM,
                                    ObjectIdGetDatum(table_oid),
                                    Int16GetDatum(curr_att));
         if (!HeapTupleIsValid(attTuple))
             elog(ERROR, "cache lookup failed for attribute %d of relation %u",
                  curr_att, table_oid);
 
         isdropped = ((Form_pg_attribute) GETSTRUCT(attTuple))->attisdropped;
 
         ReleaseSysCache(attTuple);
 
         /* ignore dropped columns */
         if (isdropped)
             continue;
 
         col_privileges[curr_att - FirstLowInvalidHeapAttributeNumber] |= this_privileges;
     }
 }

◆ expand_col_privileges()

static void expand_col_privileges	(	List *	colnames,
		Oid	table_oid,
		AclMode	this_privileges,
		AclMode *	col_privileges,
		int	num_col_privileges
	)

static

Definition at line 1559 of file aclchk.c.

References attnum, elog, ereport, errcode(), errmsg(), ERROR, FirstLowInvalidHeapAttributeNumber, get_attnum(), get_rel_name(), InvalidAttrNumber, lfirst, and strVal.

Referenced by ExecGrant_Relation().

 {
     ListCell   *cell;
 
     foreach(cell, colnames)
     {
         char       *colname = strVal(lfirst(cell));
         AttrNumber  attnum;
 
         attnum = get_attnum(table_oid, colname);
         if (attnum == InvalidAttrNumber)
             ereport(ERROR,
                     (errcode(ERRCODE_UNDEFINED_COLUMN),
                      errmsg("column \"%s\" of relation \"%s\" does not exist",
                             colname, get_rel_name(table_oid))));
         attnum -= FirstLowInvalidHeapAttributeNumber;
         if (attnum <= 0 || attnum >= num_col_privileges)
             elog(ERROR, "column number out of range");  /* safety check */
         col_privileges[attnum] |= this_privileges;
     }
 }

◆ get_default_acl_internal()

static Acl* get_default_acl_internal	(	Oid	roleId,
		Oid	nsp_oid,
		char	objtype
	)

static

Definition at line 5416 of file aclchk.c.

References CharGetDatum, DatumGetAclPCopy, DEFACLROLENSPOBJ, HeapTupleIsValid, ObjectIdGetDatum, ReleaseSysCache(), SearchSysCache3(), and SysCacheGetAttr().

Referenced by get_user_default_acl().

 {
     Acl        *result = NULL;
     HeapTuple   tuple;
 
     tuple = SearchSysCache3(DEFACLROLENSPOBJ,
                             ObjectIdGetDatum(roleId),
                             ObjectIdGetDatum(nsp_oid),
                             CharGetDatum(objtype));
 
     if (HeapTupleIsValid(tuple))
     {
         Datum       aclDatum;
         bool        isNull;
 
         aclDatum = SysCacheGetAttr(DEFACLROLENSPOBJ, tuple,
                                    Anum_pg_default_acl_defaclacl,
                                    &isNull);
         if (!isNull)
             result = DatumGetAclPCopy(aclDatum);
         ReleaseSysCache(tuple);
     }
 
     return result;
 }

◆ get_user_default_acl()

Acl* get_user_default_acl	(	ObjectType	objtype,
		Oid	ownerId,
		Oid	nsp_oid
	)

Definition at line 5448 of file aclchk.c.

References acldefault(), aclequal(), aclitemsort(), aclmerge(), get_default_acl_internal(), InvalidOid, IsBootstrapProcessingMode, OBJECT_FUNCTION, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, and OBJECT_TYPE.

Referenced by heap_create_with_catalog(), NamespaceCreate(), ProcedureCreate(), and TypeCreate().

 {
     Acl        *result;
     Acl        *glob_acl;
     Acl        *schema_acl;
     Acl        *def_acl;
     char        defaclobjtype;
 
     /*
      * Use NULL during bootstrap, since pg_default_acl probably isn't there
      * yet.
      */
     if (IsBootstrapProcessingMode())
         return NULL;
 
     /* Check if object type is supported in pg_default_acl */
     switch (objtype)
     {
         case OBJECT_TABLE:
             defaclobjtype = DEFACLOBJ_RELATION;
             break;
 
         case OBJECT_SEQUENCE:
             defaclobjtype = DEFACLOBJ_SEQUENCE;
             break;
 
         case OBJECT_FUNCTION:
             defaclobjtype = DEFACLOBJ_FUNCTION;
             break;
 
         case OBJECT_TYPE:
             defaclobjtype = DEFACLOBJ_TYPE;
             break;
 
         case OBJECT_SCHEMA:
             defaclobjtype = DEFACLOBJ_NAMESPACE;
             break;
 
         default:
             return NULL;
     }
 
     /* Look up the relevant pg_default_acl entries */
     glob_acl = get_default_acl_internal(ownerId, InvalidOid, defaclobjtype);
     schema_acl = get_default_acl_internal(ownerId, nsp_oid, defaclobjtype);
 
     /* Quick out if neither entry exists */
     if (glob_acl == NULL && schema_acl == NULL)
         return NULL;
 
     /* We need to know the hard-wired default value, too */
     def_acl = acldefault(objtype, ownerId);
 
     /* If there's no global entry, substitute the hard-wired default */
     if (glob_acl == NULL)
         glob_acl = def_acl;
 
     /* Merge in any per-schema privileges */
     result = aclmerge(glob_acl, schema_acl, ownerId);
 
     /*
      * For efficiency, we want to return NULL if the result equals default.
      * This requires sorting both arrays to get an accurate comparison.
      */
     aclitemsort(result);
     aclitemsort(def_acl);
     if (aclequal(result, def_acl))
         result = NULL;
 
     return result;
 }

◆ getRelationsInNamespace()

static List * getRelationsInNamespace	(	Oid	namespaceId,
		char	relkind
	)

static

Definition at line 873 of file aclchk.c.

References AccessShareLock, BTEqualStrategyNumber, CharGetDatum, ForwardScanDirection, heap_beginscan_catalog(), heap_close, heap_endscan(), heap_getnext(), heap_open(), HeapTupleGetOid, lappend_oid(), NIL, ObjectIdGetDatum, and ScanKeyInit().

Referenced by objectsInSchemaToOids().

 {
     List       *relations = NIL;
     ScanKeyData key[2];
     Relation    rel;
     HeapScanDesc scan;
     HeapTuple   tuple;
 
     ScanKeyInit(&key[0],
                 Anum_pg_class_relnamespace,
                 BTEqualStrategyNumber, F_OIDEQ,
                 ObjectIdGetDatum(namespaceId));
     ScanKeyInit(&key[1],
                 Anum_pg_class_relkind,
                 BTEqualStrategyNumber, F_CHAREQ,
                 CharGetDatum(relkind));
 
     rel = heap_open(RelationRelationId, AccessShareLock);
     scan = heap_beginscan_catalog(rel, 2, key);
 
     while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
     {
         relations = lappend_oid(relations, HeapTupleGetOid(tuple));
     }
 
     heap_endscan(scan);
     heap_close(rel, AccessShareLock);
 
     return relations;
 }

◆ has_bypassrls_privilege()

bool has_bypassrls_privilege ( Oid roleid )

Definition at line 5392 of file aclchk.c.

References AUTHOID, GETSTRUCT, HeapTupleIsValid, ObjectIdGetDatum, ReleaseSysCache(), rolbypassrls, SearchSysCache1(), and superuser_arg().

Referenced by check_enable_rls(), and RI_Initial_Check().

 {
     bool        result = false;
     HeapTuple   utup;
 
     /* Superusers bypass all permission checking. */
     if (superuser_arg(roleid))
         return true;
 
     utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
     if (HeapTupleIsValid(utup))
     {
         result = ((Form_pg_authid) GETSTRUCT(utup))->rolbypassrls;
         ReleaseSysCache(utup);
     }
     return result;
 }

◆ has_createrole_privilege()

bool has_createrole_privilege ( Oid roleid )

Definition at line 5373 of file aclchk.c.

References AUTHOID, GETSTRUCT, HeapTupleIsValid, ObjectIdGetDatum, ReleaseSysCache(), rolcreaterole, SearchSysCache1(), and superuser_arg().

Referenced by check_object_ownership(), and have_createrole_privilege().

 {
     bool        result = false;
     HeapTuple   utup;
 
     /* Superusers bypass all permission checking. */
     if (superuser_arg(roleid))
         return true;
 
     utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
     if (HeapTupleIsValid(utup))
     {
         result = ((Form_pg_authid) GETSTRUCT(utup))->rolcreaterole;
         ReleaseSysCache(utup);
     }
     return result;
 }

◆ merge_acl_with_grant()

static Acl* merge_acl_with_grant	(	Acl *	old_acl,
		bool	is_grant,
		bool	grant_option,
		DropBehavior	behavior,
		List *	grantees,
		AclMode	privileges,
		Oid	grantorId,
		Oid	ownerId
	)

static

Definition at line 171 of file aclchk.c.

References ACL_ID_PUBLIC, ACL_MODECHG_ADD, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACLITEM_SET_PRIVS_GOPTIONS, aclupdate(), AclItem::ai_grantee, AclItem::ai_grantor, ereport, errcode(), errmsg(), ERROR, lfirst_oid, and pfree().

Referenced by ExecGrant_Attribute(), ExecGrant_Database(), ExecGrant_Fdw(), ExecGrant_ForeignServer(), ExecGrant_Function(), ExecGrant_Language(), ExecGrant_Largeobject(), ExecGrant_Namespace(), ExecGrant_Relation(), ExecGrant_Tablespace(), ExecGrant_Type(), and SetDefaultACL().

 {
     unsigned    modechg;
     ListCell   *j;
     Acl        *new_acl;
 
     modechg = is_grant ? ACL_MODECHG_ADD : ACL_MODECHG_DEL;
 
 #ifdef ACLDEBUG
     dumpacl(old_acl);
 #endif
     new_acl = old_acl;
 
     foreach(j, grantees)
     {
         AclItem     aclitem;
         Acl        *newer_acl;
 
         aclitem.ai_grantee = lfirst_oid(j);
 
         /*
          * Grant options can only be granted to individual roles, not PUBLIC.
          * The reason is that if a user would re-grant a privilege that he
          * held through PUBLIC, and later the user is removed, the situation
          * is impossible to clean up.
          */
         if (is_grant && grant_option && aclitem.ai_grantee == ACL_ID_PUBLIC)
             ereport(ERROR,
                     (errcode(ERRCODE_INVALID_GRANT_OPERATION),
                      errmsg("grant options can only be granted to roles")));
 
         aclitem.ai_grantor = grantorId;
 
         /*
          * The asymmetry in the conditions here comes from the spec.  In
          * GRANT, the grant_option flag signals WITH GRANT OPTION, which means
          * to grant both the basic privilege and its grant option. But in
          * REVOKE, plain revoke revokes both the basic privilege and its grant
          * option, while REVOKE GRANT OPTION revokes only the option.
          */
         ACLITEM_SET_PRIVS_GOPTIONS(aclitem,
                                    (is_grant || !grant_option) ? privileges : ACL_NO_RIGHTS,
                                    (!is_grant || grant_option) ? privileges : ACL_NO_RIGHTS);
 
         newer_acl = aclupdate(new_acl, &aclitem, modechg, ownerId, behavior);
 
         /* avoid memory leak when there are many grantees */
         pfree(new_acl);
         new_acl = newer_acl;
 
 #ifdef ACLDEBUG
         dumpacl(new_acl);
 #endif
     }
 
     return new_acl;
 }

◆ objectNamesToOids()

static List * objectNamesToOids	(	ObjectType	objtype,
		List *	objnames
	)

static

Definition at line 637 of file aclchk.c.

References Assert, dbname, elog, ereport, errcode(), errmsg(), ERROR, get_database_oid(), get_foreign_data_wrapper_oid(), get_foreign_server_oid(), get_language_oid(), get_namespace_oid(), get_tablespace_oid(), lappend_oid(), LargeObjectExists(), lfirst, LookupFuncWithArgs(), makeTypeNameFromNameList(), NIL, NoLock, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, oidparse(), RangeVarGetRelid, strVal, and typenameTypeId().

Referenced by ExecuteGrantStmt().

 {
     List       *objects = NIL;
     ListCell   *cell;
 
     Assert(objnames != NIL);
 
     switch (objtype)
     {
         case OBJECT_TABLE:
         case OBJECT_SEQUENCE:
             foreach(cell, objnames)
             {
                 RangeVar   *relvar = (RangeVar *) lfirst(cell);
                 Oid         relOid;
 
                 relOid = RangeVarGetRelid(relvar, NoLock, false);
                 objects = lappend_oid(objects, relOid);
             }
             break;
         case OBJECT_DATABASE:
             foreach(cell, objnames)
             {
                 char       *dbname = strVal(lfirst(cell));
                 Oid         dbid;
 
                 dbid = get_database_oid(dbname, false);
                 objects = lappend_oid(objects, dbid);
             }
             break;
         case OBJECT_DOMAIN:
         case OBJECT_TYPE:
             foreach(cell, objnames)
             {
                 List       *typname = (List *) lfirst(cell);
                 Oid         oid;
 
                 oid = typenameTypeId(NULL, makeTypeNameFromNameList(typname));
                 objects = lappend_oid(objects, oid);
             }
             break;
         case OBJECT_FUNCTION:
             foreach(cell, objnames)
             {
                 ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
                 Oid         funcid;
 
                 funcid = LookupFuncWithArgs(OBJECT_FUNCTION, func, false);
                 objects = lappend_oid(objects, funcid);
             }
             break;
         case OBJECT_LANGUAGE:
             foreach(cell, objnames)
             {
                 char       *langname = strVal(lfirst(cell));
                 Oid         oid;
 
                 oid = get_language_oid(langname, false);
                 objects = lappend_oid(objects, oid);
             }
             break;
         case OBJECT_LARGEOBJECT:
             foreach(cell, objnames)
             {
                 Oid         lobjOid = oidparse(lfirst(cell));
 
                 if (!LargeObjectExists(lobjOid))
                     ereport(ERROR,
                             (errcode(ERRCODE_UNDEFINED_OBJECT),
                              errmsg("large object %u does not exist",
                                     lobjOid)));
 
                 objects = lappend_oid(objects, lobjOid);
             }
             break;
         case OBJECT_SCHEMA:
             foreach(cell, objnames)
             {
                 char       *nspname = strVal(lfirst(cell));
                 Oid         oid;
 
                 oid = get_namespace_oid(nspname, false);
                 objects = lappend_oid(objects, oid);
             }
             break;
         case OBJECT_PROCEDURE:
             foreach(cell, objnames)
             {
                 ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
                 Oid         procid;
 
                 procid = LookupFuncWithArgs(OBJECT_PROCEDURE, func, false);
                 objects = lappend_oid(objects, procid);
             }
             break;
         case OBJECT_ROUTINE:
             foreach(cell, objnames)
             {
                 ObjectWithArgs *func = (ObjectWithArgs *) lfirst(cell);
                 Oid         routid;
 
                 routid = LookupFuncWithArgs(OBJECT_ROUTINE, func, false);
                 objects = lappend_oid(objects, routid);
             }
             break;
         case OBJECT_TABLESPACE:
             foreach(cell, objnames)
             {
                 char       *spcname = strVal(lfirst(cell));
                 Oid         spcoid;
 
                 spcoid = get_tablespace_oid(spcname, false);
                 objects = lappend_oid(objects, spcoid);
             }
             break;
         case OBJECT_FDW:
             foreach(cell, objnames)
             {
                 char       *fdwname = strVal(lfirst(cell));
                 Oid         fdwid = get_foreign_data_wrapper_oid(fdwname, false);
 
                 objects = lappend_oid(objects, fdwid);
             }
             break;
         case OBJECT_FOREIGN_SERVER:
             foreach(cell, objnames)
             {
                 char       *srvname = strVal(lfirst(cell));
                 Oid         srvid = get_foreign_server_oid(srvname, false);
 
                 objects = lappend_oid(objects, srvid);
             }
             break;
         default:
             elog(ERROR, "unrecognized GrantStmt.objtype: %d",
                  (int) objtype);
     }
 
     return objects;
 }

◆ objectsInSchemaToOids()

static List * objectsInSchemaToOids	(	ObjectType	objtype,
		List *	nspnames
	)

static

Definition at line 786 of file aclchk.c.

References AccessShareLock, BTEqualStrategyNumber, CharGetDatum, elog, ERROR, ForwardScanDirection, getRelationsInNamespace(), heap_beginscan_catalog(), heap_close, heap_endscan(), heap_getnext(), heap_open(), HeapTupleGetOid, lappend_oid(), lfirst, list_concat(), LookupExplicitNamespace(), NIL, OBJECT_FUNCTION, OBJECT_PROCEDURE, OBJECT_ROUTINE, OBJECT_SEQUENCE, OBJECT_TABLE, ObjectIdGetDatum, ScanKeyInit(), and strVal.

Referenced by ExecuteGrantStmt().

 {
     List       *objects = NIL;
     ListCell   *cell;
 
     foreach(cell, nspnames)
     {
         char       *nspname = strVal(lfirst(cell));
         Oid         namespaceId;
         List       *objs;
 
         namespaceId = LookupExplicitNamespace(nspname, false);
 
         switch (objtype)
         {
             case OBJECT_TABLE:
                 objs = getRelationsInNamespace(namespaceId, RELKIND_RELATION);
                 objects = list_concat(objects, objs);
                 objs = getRelationsInNamespace(namespaceId, RELKIND_VIEW);
                 objects = list_concat(objects, objs);
                 objs = getRelationsInNamespace(namespaceId, RELKIND_MATVIEW);
                 objects = list_concat(objects, objs);
                 objs = getRelationsInNamespace(namespaceId, RELKIND_FOREIGN_TABLE);
                 objects = list_concat(objects, objs);
                 objs = getRelationsInNamespace(namespaceId, RELKIND_PARTITIONED_TABLE);
                 objects = list_concat(objects, objs);
                 break;
             case OBJECT_SEQUENCE:
                 objs = getRelationsInNamespace(namespaceId, RELKIND_SEQUENCE);
                 objects = list_concat(objects, objs);
                 break;
             case OBJECT_FUNCTION:
             case OBJECT_PROCEDURE:
             case OBJECT_ROUTINE:
                 {
                     ScanKeyData key[2];
                     int         keycount;
                     Relation    rel;
                     HeapScanDesc scan;
                     HeapTuple   tuple;
 
                     keycount = 0;
                     ScanKeyInit(&key[keycount++],
                                 Anum_pg_proc_pronamespace,
                                 BTEqualStrategyNumber, F_OIDEQ,
                                 ObjectIdGetDatum(namespaceId));
 
                     if (objtype == OBJECT_FUNCTION)
                         /* includes aggregates and window functions */
                         ScanKeyInit(&key[keycount++],
                                     Anum_pg_proc_prokind,
                                     BTEqualStrategyNumber, F_CHARNE,
                                     CharGetDatum(PROKIND_PROCEDURE));
                     else if (objtype == OBJECT_PROCEDURE)
                         ScanKeyInit(&key[keycount++],
                                     Anum_pg_proc_prokind,
                                     BTEqualStrategyNumber, F_CHAREQ,
                                     CharGetDatum(PROKIND_PROCEDURE));
 
                     rel = heap_open(ProcedureRelationId, AccessShareLock);
                     scan = heap_beginscan_catalog(rel, keycount, key);
 
                     while ((tuple = heap_getnext(scan, ForwardScanDirection)) != NULL)
                     {
                         objects = lappend_oid(objects, HeapTupleGetOid(tuple));
                     }
 
                     heap_endscan(scan);
                     heap_close(rel, AccessShareLock);
                 }
                 break;
             default:
                 /* should not happen */
                 elog(ERROR, "unrecognized GrantStmt.objtype: %d",
                      (int) objtype);
         }
     }
 
     return objects;
 }

◆ pg_aclmask()

static AclMode pg_aclmask	(	ObjectType	objtype,
		Oid	table_oid,
		AttrNumber	attnum,
		Oid	roleid,
		AclMode	mask,
		AclMaskHow	how
	)

static

Definition at line 3671 of file aclchk.c.

References ACL_NO_RIGHTS, elog, ERROR, OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_EVENT_TRIGGER, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_STATISTIC_EXT, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, pg_attribute_aclmask(), pg_class_aclmask(), pg_database_aclmask(), pg_foreign_data_wrapper_aclmask(), pg_foreign_server_aclmask(), pg_language_aclmask(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask(), pg_proc_aclmask(), pg_tablespace_aclmask(), and pg_type_aclmask().

Referenced by restrict_and_check_grant().

 {
     switch (objtype)
     {
         case OBJECT_COLUMN:
             return
                 pg_class_aclmask(table_oid, roleid, mask, how) |
                 pg_attribute_aclmask(table_oid, attnum, roleid, mask, how);
         case OBJECT_TABLE:
         case OBJECT_SEQUENCE:
             return pg_class_aclmask(table_oid, roleid, mask, how);
         case OBJECT_DATABASE:
             return pg_database_aclmask(table_oid, roleid, mask, how);
         case OBJECT_FUNCTION:
             return pg_proc_aclmask(table_oid, roleid, mask, how);
         case OBJECT_LANGUAGE:
             return pg_language_aclmask(table_oid, roleid, mask, how);
         case OBJECT_LARGEOBJECT:
             return pg_largeobject_aclmask_snapshot(table_oid, roleid,
                                                    mask, how, NULL);
         case OBJECT_SCHEMA:
             return pg_namespace_aclmask(table_oid, roleid, mask, how);
         case OBJECT_STATISTIC_EXT:
             elog(ERROR, "grantable rights not supported for statistics objects");
             /* not reached, but keep compiler quiet */
             return ACL_NO_RIGHTS;
         case OBJECT_TABLESPACE:
             return pg_tablespace_aclmask(table_oid, roleid, mask, how);
         case OBJECT_FDW:
             return pg_foreign_data_wrapper_aclmask(table_oid, roleid, mask, how);
         case OBJECT_FOREIGN_SERVER:
             return pg_foreign_server_aclmask(table_oid, roleid, mask, how);
         case OBJECT_EVENT_TRIGGER:
             elog(ERROR, "grantable rights not supported for event triggers");
             /* not reached, but keep compiler quiet */
             return ACL_NO_RIGHTS;
         case OBJECT_TYPE:
             return pg_type_aclmask(table_oid, roleid, mask, how);
         default:
             elog(ERROR, "unrecognized objtype: %d",
                  (int) objtype);
             /* not reached, but keep compiler quiet */
             return ACL_NO_RIGHTS;
     }
 }

Data Structures

Functions

Variables

Function Documentation

◆ aclcheck_error()

◆ aclcheck_error_col()

◆ aclcheck_error_type()

◆ ExecAlterDefaultPrivilegesStmt()

◆ ExecGrant_Attribute()

◆ ExecGrant_Database()

◆ ExecGrant_Fdw()

◆ ExecGrant_ForeignServer()

◆ ExecGrant_Function()

◆ ExecGrant_Language()

◆ ExecGrant_Largeobject()

◆ ExecGrant_Namespace()

◆ ExecGrant_Relation()

◆ ExecGrant_Tablespace()

◆ ExecGrant_Type()

◆ ExecGrantStmt_oids()

◆ ExecuteGrantStmt()

◆ expand_all_col_privileges()

◆ expand_col_privileges()

◆ get_default_acl_internal()

◆ get_user_default_acl()

◆ getRelationsInNamespace()

◆ has_bypassrls_privilege()

◆ has_createrole_privilege()

◆ merge_acl_with_grant()

◆ objectNamesToOids()

◆ objectsInSchemaToOids()

◆ pg_aclmask()