44 #include "utils/fmgroids.h"
79 relkind = classform->relkind;
88 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
89 errmsg(
"permission denied: \"%s\" is a system catalog",
93 if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
95 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
116 elog(
ERROR,
"unrecognized policy command");
118 if (strcmp(cmd_name,
"all") == 0)
120 else if (strcmp(cmd_name,
"select") == 0)
122 else if (strcmp(cmd_name,
"insert") == 0)
124 else if (strcmp(cmd_name,
"update") == 0)
126 else if (strcmp(cmd_name,
"delete") == 0)
129 elog(
ERROR,
"unrecognized policy command");
171 (
errcode(ERRCODE_INVALID_PARAMETER_VALUE),
172 errmsg(
"ignoring specified roles other than PUBLIC"),
173 errhint(
"All roles are members of the PUBLIC role.")));
213 "row security descriptor",
219 rsdesc->
rscxt = rscxt;
230 Anum_pg_policy_polrelid,
254 policy->
polcmd = policy_form->polcmd;
257 policy->
permissive = policy_form->polpermissive;
268 elog(
ERROR,
"unexpected null value in pg_policy.polroles");
288 datum =
heap_getattr(tuple, Anum_pg_policy_polwithcheck,
361 elog(
ERROR,
"could not find tuple for policy %u", policy_id);
372 if (rel->
rd_rel->relkind != RELKIND_RELATION &&
373 rel->
rd_rel->relkind != RELKIND_PARTITIONED_TABLE)
375 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
376 errmsg(
"\"%s\" is not a table",
381 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
382 errmsg(
"permission denied: \"%s\" is a system catalog",
432 bool keep_policy =
true;
436 Assert(classid == PolicyRelationId);
455 elog(
ERROR,
"could not find tuple for policy %u", policy_id);
462 Anum_pg_policy_polroles,
470 num_roles =
ARR_DIMS(policy_roles)[0];
478 for (
i = 0,
j = 0;
i < num_roles;
i++)
480 if (roles[
i] != roleid)
490 bool isnull[Natts_pg_policy];
491 bool replaces[Natts_pg_policy];
499 memset(replaces, 0,
sizeof(replaces));
500 memset(isnull, 0,
sizeof(isnull));
504 sizeof(
Oid),
true, TYPALIGN_INT);
506 replaces[Anum_pg_policy_polroles - 1] =
true;
511 values, isnull, replaces);
518 myself.
classId = PolicyRelationId;
522 target.
classId = AuthIdRelationId;
524 for (
i = 0;
i < num_roles;
i++)
587 Node *with_check_qual;
592 bool isnull[Natts_pg_policy];
606 (
errcode(ERRCODE_SYNTAX_ERROR),
607 errmsg(
"WITH CHECK cannot be applied to SELECT or DELETE")));
615 (
errcode(ERRCODE_SYNTAX_ERROR),
616 errmsg(
"only WITH CHECK expression allowed for INSERT")));
621 sizeof(
Oid),
true, TYPALIGN_INT);
629 memset(isnull, 0,
sizeof(isnull));
671 Anum_pg_policy_polrelid,
677 Anum_pg_policy_polname,
682 PolicyPolrelidPolnameIndexId,
true, NULL, 2,
691 errmsg(
"policy \"%s\" for table \"%s\" already exists",
708 isnull[Anum_pg_policy_polqual - 1] =
true;
714 isnull[Anum_pg_policy_polwithcheck - 1] =
true;
722 target.
classId = RelationRelationId;
726 myself.
classId = PolicyRelationId;
739 target.
classId = AuthIdRelationId;
741 for (
i = 0;
i < nitems;
i++)
779 Datum *role_oids = NULL;
783 List *with_check_parse_rtable =
NIL;
785 Node *with_check_qual = NULL;
791 bool isnull[Natts_pg_policy];
792 bool replaces[Natts_pg_policy];
801 if (stmt->
roles != NULL)
805 sizeof(
Oid),
true, TYPALIGN_INT);
835 qual_parse_rtable = qual_pstate->
p_rtable;
859 with_check_parse_rtable = with_check_pstate->
p_rtable;
865 memset(replaces, 0,
sizeof(replaces));
866 memset(isnull, 0,
sizeof(isnull));
873 Anum_pg_policy_polrelid,
879 Anum_pg_policy_polname,
884 PolicyPolrelidPolnameIndexId,
true, NULL, 2,
892 (
errcode(ERRCODE_UNDEFINED_OBJECT),
893 errmsg(
"policy \"%s\" for table \"%s\" does not exist",
898 polcmd_datum =
heap_getattr(policy_tuple, Anum_pg_policy_polcmd,
910 (
errcode(ERRCODE_SYNTAX_ERROR),
911 errmsg(
"only USING expression allowed for SELECT, DELETE")));
918 && stmt->
qual != NULL)
920 (
errcode(ERRCODE_SYNTAX_ERROR),
921 errmsg(
"only WITH CHECK expression allowed for INSERT")));
925 if (role_ids != NULL)
927 replaces[Anum_pg_policy_polroles - 1] =
true;
943 roles_datum =
heap_getattr(policy_tuple, Anum_pg_policy_polroles,
956 for (
i = 0;
i < nitems;
i++)
962 replaces[Anum_pg_policy_polqual - 1] =
true;
963 values[Anum_pg_policy_polqual - 1]
978 value_datum =
heap_getattr(policy_tuple, Anum_pg_policy_polqual,
997 qual_parse_rtable = qual_pstate->
p_rtable;
1002 if (with_check_qual != NULL)
1004 replaces[Anum_pg_policy_polwithcheck - 1] =
true;
1005 values[Anum_pg_policy_polwithcheck - 1]
1020 value_datum =
heap_getattr(policy_tuple, Anum_pg_policy_polwithcheck,
1025 char *with_check_value;
1038 NULL,
false,
false);
1040 with_check_parse_rtable = with_check_pstate->
p_rtable;
1047 values, isnull, replaces);
1054 target.
classId = RelationRelationId;
1058 myself.
classId = PolicyRelationId;
1071 target.
classId = AuthIdRelationId;
1073 for (
i = 0;
i < nitems;
i++)
1127 Anum_pg_policy_polrelid,
1133 Anum_pg_policy_polname,
1138 PolicyPolrelidPolnameIndexId,
true, NULL, 2,
1144 errmsg(
"policy \"%s\" for table \"%s\" already exists",
1152 Anum_pg_policy_polrelid,
1158 Anum_pg_policy_polname,
1163 PolicyPolrelidPolnameIndexId,
true, NULL, 2,
1171 (
errcode(ERRCODE_UNDEFINED_OBJECT),
1172 errmsg(
"policy \"%s\" for table \"%s\" does not exist",
1222 Anum_pg_policy_polrelid,
1228 Anum_pg_policy_polname,
1233 PolicyPolrelidPolnameIndexId,
true, NULL, 2,
1242 (
errcode(ERRCODE_UNDEFINED_OBJECT),
1243 errmsg(
"policy \"%s\" for table \"%s\" does not exist",
1272 Anum_pg_policy_polrelid,
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
bool pg_class_ownercheck(Oid class_oid, Oid roleid)
void aclcheck_error(AclResult aclerr, ObjectType objtype, const char *objectname)
#define DatumGetArrayTypePCopy(X)
ArrayType * construct_array(Datum *elems, int nelems, Oid elmtype, int elmlen, bool elmbyval, char elmalign)
static Datum values[MAXATTR]
#define CStringGetTextDatum(s)
#define TextDatumGetCString(d)
bool IsSystemRelation(Relation relation)
Oid GetNewOidWithIndex(Relation relation, Oid indexId, AttrNumber oidcolumn)
bool IsSystemClass(Oid relid, Form_pg_class reltuple)
void recordDependencyOnExpr(const ObjectAddress *depender, Node *expr, List *rtable, DependencyType behavior)
@ SHARED_DEPENDENCY_POLICY
int errhint(const char *fmt,...)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
#define DirectFunctionCall1(func, arg1)
void systable_endscan(SysScanDesc sysscan)
HeapTuple systable_getnext(SysScanDesc sysscan)
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
bool allowSystemTableMods
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, Datum *values, bool *isnull)
HeapTuple heap_copytuple(HeapTuple tuple)
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
void heap_freetuple(HeapTuple htup)
#define HeapTupleIsValid(tuple)
static Datum heap_getattr(HeapTuple tup, int attnum, TupleDesc tupleDesc, bool *isnull)
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
void CacheInvalidateRelcache(Relation relation)
void CacheInvalidateRelcacheByTuple(HeapTuple classTuple)
Assert(fmt[strlen(fmt) - 1] !='\n')
List * lcons(void *datum, List *list)
#define AccessExclusiveLock
char get_rel_relkind(Oid relid)
char * get_rel_name(Oid relid)
void MemoryContextSetParent(MemoryContext context, MemoryContext new_parent)
void pfree(void *pointer)
void * MemoryContextAllocZero(MemoryContext context, Size size)
MemoryContext CurrentMemoryContext
char * MemoryContextStrdup(MemoryContext context, const char *string)
MemoryContext CacheMemoryContext
#define AllocSetContextCreate
#define ALLOCSET_SMALL_SIZES
#define MemoryContextCopyAndSetIdentifier(cxt, id)
void namestrcpy(Name name, const char *str)
Datum namein(PG_FUNCTION_ARGS)
Oid RangeVarGetRelidExtended(const RangeVar *relation, LOCKMODE lockmode, uint32 flags, RangeVarGetRelidCallback callback, void *callback_arg)
#define InvokeObjectPostCreateHook(classId, objectId, subId)
#define InvokeObjectPostAlterHook(classId, objectId, subId)
ObjectType get_relkind_objtype(char relkind)
#define ObjectAddressSet(addr, class_id, object_id)
char * nodeToString(const void *obj)
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Node * transformWhereClause(ParseState *pstate, Node *clause, ParseExprKind exprKind, const char *constructName)
void assign_expr_collations(ParseState *pstate, Node *expr)
void free_parsestate(ParseState *pstate)
ParseState * make_parsestate(ParseState *parentParseState)
ParseNamespaceItem * addRangeTableEntryForRelation(ParseState *pstate, Relation rel, int lockmode, Alias *alias, bool inh, bool inFromCl)
void addNSItemToQuery(ParseState *pstate, ParseNamespaceItem *nsitem, bool addToJoinList, bool addToRelNameSpace, bool addToVarNameSpace)
FormData_pg_class * Form_pg_class
void recordDependencyOn(const ObjectAddress *depender, const ObjectAddress *referenced, DependencyType behavior)
long deleteDependencyRecordsFor(Oid classId, Oid objectId, bool skipExtensionDeps)
static int list_length(const List *l)
FormData_pg_policy * Form_pg_policy
void deleteSharedDependencyRecordsFor(Oid classId, Oid objectId, int32 objectSubId)
void recordSharedDependencyOn(ObjectAddress *depender, ObjectAddress *referenced, SharedDependencyType deptype)
bool RemoveRoleFromObjectPolicy(Oid roleid, Oid classid, Oid policy_id)
static void RangeVarCallbackForPolicy(const RangeVar *rv, Oid relid, Oid oldrelid, void *arg)
ObjectAddress CreatePolicy(CreatePolicyStmt *stmt)
static Datum * policy_role_list_to_array(List *roles, int *num_roles)
ObjectAddress AlterPolicy(AlterPolicyStmt *stmt)
void RelationBuildRowSecurity(Relation relation)
static char parse_policy_command(const char *cmd_name)
bool relation_has_policies(Relation rel)
Oid get_relation_policy_oid(Oid relid, const char *policy_name, bool missing_ok)
ObjectAddress rename_policy(RenameStmt *stmt)
void RemovePolicyById(Oid policy_id)
#define CStringGetDatum(X)
#define DatumGetObjectId(X)
#define ObjectIdGetDatum(X)
#define PointerGetDatum(X)
void * stringToNode(const char *str)
#define RelationGetRelid(relation)
#define RelationGetDescr(relation)
#define RelationGetRelationName(relation)
bool checkExprHasSubLink(Node *node)
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
void relation_close(Relation relation, LOCKMODE lockmode)
Relation relation_open(Oid relationId, LOCKMODE lockmode)
#define BTEqualStrategyNumber
#define ERRCODE_DUPLICATE_OBJECT
struct RowSecurityDesc * rd_rsdesc
void ReleaseSysCache(HeapTuple tuple)
HeapTuple SearchSysCache1(int cacheId, Datum key1)
void table_close(Relation relation, LOCKMODE lockmode)
Relation table_open(Oid relationId, LOCKMODE lockmode)
void CommandCounterIncrement(void)