44 #include "utils/fmgroids.h"
79 relkind = classform->relkind;
88 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
89 errmsg(
"permission denied: \"%s\" is a system catalog",
93 if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
95 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
116 elog(
ERROR,
"unrecognized policy command");
118 if (strcmp(cmd_name,
"all") == 0)
120 else if (strcmp(cmd_name,
"select") == 0)
122 else if (strcmp(cmd_name,
"insert") == 0)
124 else if (strcmp(cmd_name,
"update") == 0)
126 else if (strcmp(cmd_name,
"delete") == 0)
129 elog(
ERROR,
"unrecognized policy command");
171 (
errcode(ERRCODE_INVALID_PARAMETER_VALUE),
172 errmsg(
"ignoring specified roles other than PUBLIC"),
173 errhint(
"All roles are members of the PUBLIC role.")));
213 "row security descriptor",
219 rsdesc->
rscxt = rscxt;
230 Anum_pg_policy_polrelid,
254 policy->
polcmd = policy_form->polcmd;
257 policy->
permissive = policy_form->polpermissive;
268 elog(
ERROR,
"unexpected null value in pg_policy.polroles");
288 datum =
heap_getattr(tuple, Anum_pg_policy_polwithcheck,
361 elog(
ERROR,
"could not find tuple for policy %u", policy_id);
372 if (rel->
rd_rel->relkind != RELKIND_RELATION &&
373 rel->
rd_rel->relkind != RELKIND_PARTITIONED_TABLE)
375 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
376 errmsg(
"\"%s\" is not a table",
381 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
382 errmsg(
"permission denied: \"%s\" is a system catalog",
432 bool keep_policy =
true;
436 Assert(classid == PolicyRelationId);
455 elog(
ERROR,
"could not find tuple for policy %u", policy_id);
462 Anum_pg_policy_polroles,
470 num_roles =
ARR_DIMS(policy_roles)[0];
478 for (
i = 0,
j = 0;
i < num_roles;
i++)
480 if (roles[
i] != roleid)
490 bool isnull[Natts_pg_policy];
491 bool replaces[Natts_pg_policy];
499 memset(replaces, 0,
sizeof(replaces));
500 memset(isnull, 0,
sizeof(isnull));
505 replaces[Anum_pg_policy_polroles - 1] =
true;
510 values, isnull, replaces);
517 myself.
classId = PolicyRelationId;
521 target.
classId = AuthIdRelationId;
523 for (
i = 0;
i < num_roles;
i++)
586 Node *with_check_qual;
591 bool isnull[Natts_pg_policy];
603 &&
stmt->with_check != NULL)
605 (
errcode(ERRCODE_SYNTAX_ERROR),
606 errmsg(
"WITH CHECK cannot be applied to SELECT or DELETE")));
614 (
errcode(ERRCODE_SYNTAX_ERROR),
615 errmsg(
"only WITH CHECK expression allowed for INSERT")));
627 memset(isnull, 0,
sizeof(isnull));
669 Anum_pg_policy_polrelid,
675 Anum_pg_policy_polname,
680 PolicyPolrelidPolnameIndexId,
true, NULL, 2,
689 errmsg(
"policy \"%s\" for table \"%s\" already exists",
706 isnull[Anum_pg_policy_polqual - 1] =
true;
712 isnull[Anum_pg_policy_polwithcheck - 1] =
true;
720 target.
classId = RelationRelationId;
724 myself.
classId = PolicyRelationId;
737 target.
classId = AuthIdRelationId;
777 Datum *role_oids = NULL;
781 List *with_check_parse_rtable =
NIL;
783 Node *with_check_qual = NULL;
789 bool isnull[Natts_pg_policy];
790 bool replaces[Natts_pg_policy];
799 if (
stmt->roles != NULL)
832 qual_parse_rtable = qual_pstate->
p_rtable;
837 if (
stmt->with_check)
856 with_check_parse_rtable = with_check_pstate->
p_rtable;
862 memset(replaces, 0,
sizeof(replaces));
863 memset(isnull, 0,
sizeof(isnull));
870 Anum_pg_policy_polrelid,
876 Anum_pg_policy_polname,
881 PolicyPolrelidPolnameIndexId,
true, NULL, 2,
889 (
errcode(ERRCODE_UNDEFINED_OBJECT),
890 errmsg(
"policy \"%s\" for table \"%s\" does not exist",
895 polcmd_datum =
heap_getattr(policy_tuple, Anum_pg_policy_polcmd,
905 &&
stmt->with_check != NULL)
907 (
errcode(ERRCODE_SYNTAX_ERROR),
908 errmsg(
"only USING expression allowed for SELECT, DELETE")));
915 &&
stmt->qual != NULL)
917 (
errcode(ERRCODE_SYNTAX_ERROR),
918 errmsg(
"only WITH CHECK expression allowed for INSERT")));
922 if (role_ids != NULL)
924 replaces[Anum_pg_policy_polroles - 1] =
true;
940 roles_datum =
heap_getattr(policy_tuple, Anum_pg_policy_polroles,
959 replaces[Anum_pg_policy_polqual - 1] =
true;
960 values[Anum_pg_policy_polqual - 1]
975 value_datum =
heap_getattr(policy_tuple, Anum_pg_policy_polqual,
994 qual_parse_rtable = qual_pstate->
p_rtable;
999 if (with_check_qual != NULL)
1001 replaces[Anum_pg_policy_polwithcheck - 1] =
true;
1002 values[Anum_pg_policy_polwithcheck - 1]
1017 value_datum =
heap_getattr(policy_tuple, Anum_pg_policy_polwithcheck,
1022 char *with_check_value;
1035 NULL,
false,
false);
1037 with_check_parse_rtable = with_check_pstate->
p_rtable;
1044 values, isnull, replaces);
1051 target.
classId = RelationRelationId;
1055 myself.
classId = PolicyRelationId;
1068 target.
classId = AuthIdRelationId;
1124 Anum_pg_policy_polrelid,
1130 Anum_pg_policy_polname,
1135 PolicyPolrelidPolnameIndexId,
true, NULL, 2,
1141 errmsg(
"policy \"%s\" for table \"%s\" already exists",
1149 Anum_pg_policy_polrelid,
1155 Anum_pg_policy_polname,
1160 PolicyPolrelidPolnameIndexId,
true, NULL, 2,
1168 (
errcode(ERRCODE_UNDEFINED_OBJECT),
1169 errmsg(
"policy \"%s\" for table \"%s\" does not exist",
1219 Anum_pg_policy_polrelid,
1225 Anum_pg_policy_polname,
1230 PolicyPolrelidPolnameIndexId,
true, NULL, 2,
1239 (
errcode(ERRCODE_UNDEFINED_OBJECT),
1240 errmsg(
"policy \"%s\" for table \"%s\" does not exist",
1269 Anum_pg_policy_polrelid,
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
void aclcheck_error(AclResult aclerr, ObjectType objtype, const char *objectname)
bool object_ownercheck(Oid classid, Oid objectid, Oid roleid)
#define DatumGetArrayTypePCopy(X)
ArrayType * construct_array_builtin(Datum *elems, int nelems, Oid elmtype)
static Datum values[MAXATTR]
#define CStringGetTextDatum(s)
#define TextDatumGetCString(d)
bool IsSystemRelation(Relation relation)
Oid GetNewOidWithIndex(Relation relation, Oid indexId, AttrNumber oidcolumn)
bool IsSystemClass(Oid relid, Form_pg_class reltuple)
elog(ERROR, "%s: %s", p2, msg)
void recordDependencyOnExpr(const ObjectAddress *depender, Node *expr, List *rtable, DependencyType behavior)
@ SHARED_DEPENDENCY_POLICY
int errhint(const char *fmt,...)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
#define DirectFunctionCall1(func, arg1)
void systable_endscan(SysScanDesc sysscan)
HeapTuple systable_getnext(SysScanDesc sysscan)
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
bool allowSystemTableMods
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, Datum *values, bool *isnull)
HeapTuple heap_copytuple(HeapTuple tuple)
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
void heap_freetuple(HeapTuple htup)
#define HeapTupleIsValid(tuple)
static Datum heap_getattr(HeapTuple tup, int attnum, TupleDesc tupleDesc, bool *isnull)
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
void CacheInvalidateRelcache(Relation relation)
void CacheInvalidateRelcacheByTuple(HeapTuple classTuple)
Assert(fmt[strlen(fmt) - 1] !='\n')
List * lcons(void *datum, List *list)
#define AccessExclusiveLock
char get_rel_relkind(Oid relid)
char * get_rel_name(Oid relid)
void MemoryContextSetParent(MemoryContext context, MemoryContext new_parent)
void pfree(void *pointer)
void * MemoryContextAllocZero(MemoryContext context, Size size)
MemoryContext CurrentMemoryContext
char * MemoryContextStrdup(MemoryContext context, const char *string)
MemoryContext CacheMemoryContext
#define AllocSetContextCreate
#define ALLOCSET_SMALL_SIZES
#define MemoryContextCopyAndSetIdentifier(cxt, id)
void namestrcpy(Name name, const char *str)
Datum namein(PG_FUNCTION_ARGS)
Oid RangeVarGetRelidExtended(const RangeVar *relation, LOCKMODE lockmode, uint32 flags, RangeVarGetRelidCallback callback, void *callback_arg)
#define InvokeObjectPostCreateHook(classId, objectId, subId)
#define InvokeObjectPostAlterHook(classId, objectId, subId)
ObjectType get_relkind_objtype(char relkind)
#define ObjectAddressSet(addr, class_id, object_id)
char * nodeToString(const void *obj)
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Node * transformWhereClause(ParseState *pstate, Node *clause, ParseExprKind exprKind, const char *constructName)
void assign_expr_collations(ParseState *pstate, Node *expr)
void free_parsestate(ParseState *pstate)
ParseState * make_parsestate(ParseState *parentParseState)
ParseNamespaceItem * addRangeTableEntryForRelation(ParseState *pstate, Relation rel, int lockmode, Alias *alias, bool inh, bool inFromCl)
void addNSItemToQuery(ParseState *pstate, ParseNamespaceItem *nsitem, bool addToJoinList, bool addToRelNameSpace, bool addToVarNameSpace)
FormData_pg_class * Form_pg_class
void recordDependencyOn(const ObjectAddress *depender, const ObjectAddress *referenced, DependencyType behavior)
long deleteDependencyRecordsFor(Oid classId, Oid objectId, bool skipExtensionDeps)
static int list_length(const List *l)
FormData_pg_policy * Form_pg_policy
void deleteSharedDependencyRecordsFor(Oid classId, Oid objectId, int32 objectSubId)
void recordSharedDependencyOn(ObjectAddress *depender, ObjectAddress *referenced, SharedDependencyType deptype)
bool RemoveRoleFromObjectPolicy(Oid roleid, Oid classid, Oid policy_id)
static void RangeVarCallbackForPolicy(const RangeVar *rv, Oid relid, Oid oldrelid, void *arg)
ObjectAddress CreatePolicy(CreatePolicyStmt *stmt)
static Datum * policy_role_list_to_array(List *roles, int *num_roles)
ObjectAddress AlterPolicy(AlterPolicyStmt *stmt)
void RelationBuildRowSecurity(Relation relation)
static char parse_policy_command(const char *cmd_name)
bool relation_has_policies(Relation rel)
Oid get_relation_policy_oid(Oid relid, const char *policy_name, bool missing_ok)
ObjectAddress rename_policy(RenameStmt *stmt)
void RemovePolicyById(Oid policy_id)
static Datum PointerGetDatum(const void *X)
static Oid DatumGetObjectId(Datum X)
static Datum BoolGetDatum(bool X)
static Datum ObjectIdGetDatum(Oid X)
static char DatumGetChar(Datum X)
static Datum CStringGetDatum(const char *X)
static Datum CharGetDatum(char X)
void * stringToNode(const char *str)
#define RelationGetRelid(relation)
#define RelationGetDescr(relation)
#define RelationGetRelationName(relation)
bool checkExprHasSubLink(Node *node)
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
void relation_close(Relation relation, LOCKMODE lockmode)
Relation relation_open(Oid relationId, LOCKMODE lockmode)
#define BTEqualStrategyNumber
#define ERRCODE_DUPLICATE_OBJECT
struct RowSecurityDesc * rd_rsdesc
void ReleaseSysCache(HeapTuple tuple)
HeapTuple SearchSysCache1(int cacheId, Datum key1)
void table_close(Relation relation, LOCKMODE lockmode)
Relation table_open(Oid relationId, LOCKMODE lockmode)
void CommandCounterIncrement(void)