PostgreSQL Source Code git master
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
user.h File Reference
#include "catalog/objectaddress.h"
#include "libpq/crypt.h"
#include "nodes/parsenodes.h"
#include "parser/parse_node.h"
#include "utils/guc.h"
Include dependency graph for user.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Typedefs

typedef void(* check_password_hook_type) (const char *username, const char *shadow_pass, PasswordType password_type, Datum validuntil_time, bool validuntil_null)
 

Functions

Oid CreateRole (ParseState *pstate, CreateRoleStmt *stmt)
 
Oid AlterRole (ParseState *pstate, AlterRoleStmt *stmt)
 
Oid AlterRoleSet (AlterRoleSetStmt *stmt)
 
void DropRole (DropRoleStmt *stmt)
 
void GrantRole (ParseState *pstate, GrantRoleStmt *stmt)
 
ObjectAddress RenameRole (const char *oldname, const char *newname)
 
void DropOwnedObjects (DropOwnedStmt *stmt)
 
void ReassignOwnedObjects (ReassignOwnedStmt *stmt)
 
ListroleSpecsToIds (List *memberNames)
 
bool check_createrole_self_grant (char **newval, void **extra, GucSource source)
 
void assign_createrole_self_grant (const char *newval, void *extra)
 

Variables

PGDLLIMPORT int Password_encryption
 
PGDLLIMPORT char * createrole_self_grant
 
PGDLLIMPORT check_password_hook_type check_password_hook
 

Typedef Documentation

◆ check_password_hook_type

typedef void(* check_password_hook_type) (const char *username, const char *shadow_pass, PasswordType password_type, Datum validuntil_time, bool validuntil_null)

Definition at line 25 of file user.h.

Function Documentation

◆ AlterRole()

Oid AlterRole ( ParseState pstate,
AlterRoleStmt stmt 
)

Definition at line 619 of file user.c.

620{
621 Datum new_record[Natts_pg_authid] = {0};
622 bool new_record_nulls[Natts_pg_authid] = {0};
623 bool new_record_repl[Natts_pg_authid] = {0};
624 Relation pg_authid_rel;
625 TupleDesc pg_authid_dsc;
626 HeapTuple tuple,
627 new_tuple;
628 Form_pg_authid authform;
630 char *rolename;
631 char *password = NULL; /* user password */
632 int connlimit = -1; /* maximum connections allowed */
633 char *validUntil = NULL; /* time the login is valid until */
634 Datum validUntil_datum; /* same, as timestamptz Datum */
635 bool validUntil_null;
636 DefElem *dpassword = NULL;
637 DefElem *dissuper = NULL;
638 DefElem *dinherit = NULL;
639 DefElem *dcreaterole = NULL;
640 DefElem *dcreatedb = NULL;
641 DefElem *dcanlogin = NULL;
642 DefElem *disreplication = NULL;
643 DefElem *dconnlimit = NULL;
644 DefElem *drolemembers = NULL;
645 DefElem *dvalidUntil = NULL;
646 DefElem *dbypassRLS = NULL;
647 Oid roleid;
648 Oid currentUserId = GetUserId();
649 GrantRoleOptions popt;
650
652 _("Cannot alter reserved roles."));
653
654 /* Extract options from the statement node tree */
655 foreach(option, stmt->options)
656 {
657 DefElem *defel = (DefElem *) lfirst(option);
658
659 if (strcmp(defel->defname, "password") == 0)
660 {
661 if (dpassword)
662 errorConflictingDefElem(defel, pstate);
663 dpassword = defel;
664 }
665 else if (strcmp(defel->defname, "superuser") == 0)
666 {
667 if (dissuper)
668 errorConflictingDefElem(defel, pstate);
669 dissuper = defel;
670 }
671 else if (strcmp(defel->defname, "inherit") == 0)
672 {
673 if (dinherit)
674 errorConflictingDefElem(defel, pstate);
675 dinherit = defel;
676 }
677 else if (strcmp(defel->defname, "createrole") == 0)
678 {
679 if (dcreaterole)
680 errorConflictingDefElem(defel, pstate);
681 dcreaterole = defel;
682 }
683 else if (strcmp(defel->defname, "createdb") == 0)
684 {
685 if (dcreatedb)
686 errorConflictingDefElem(defel, pstate);
687 dcreatedb = defel;
688 }
689 else if (strcmp(defel->defname, "canlogin") == 0)
690 {
691 if (dcanlogin)
692 errorConflictingDefElem(defel, pstate);
693 dcanlogin = defel;
694 }
695 else if (strcmp(defel->defname, "isreplication") == 0)
696 {
697 if (disreplication)
698 errorConflictingDefElem(defel, pstate);
699 disreplication = defel;
700 }
701 else if (strcmp(defel->defname, "connectionlimit") == 0)
702 {
703 if (dconnlimit)
704 errorConflictingDefElem(defel, pstate);
705 dconnlimit = defel;
706 }
707 else if (strcmp(defel->defname, "rolemembers") == 0 &&
708 stmt->action != 0)
709 {
710 if (drolemembers)
711 errorConflictingDefElem(defel, pstate);
712 drolemembers = defel;
713 }
714 else if (strcmp(defel->defname, "validUntil") == 0)
715 {
716 if (dvalidUntil)
717 errorConflictingDefElem(defel, pstate);
718 dvalidUntil = defel;
719 }
720 else if (strcmp(defel->defname, "bypassrls") == 0)
721 {
722 if (dbypassRLS)
723 errorConflictingDefElem(defel, pstate);
724 dbypassRLS = defel;
725 }
726 else
727 elog(ERROR, "option \"%s\" not recognized",
728 defel->defname);
729 }
730
731 if (dpassword && dpassword->arg)
732 password = strVal(dpassword->arg);
733 if (dconnlimit)
734 {
735 connlimit = intVal(dconnlimit->arg);
736 if (connlimit < -1)
738 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
739 errmsg("invalid connection limit: %d", connlimit)));
740 }
741 if (dvalidUntil)
742 validUntil = strVal(dvalidUntil->arg);
743
744 /*
745 * Scan the pg_authid relation to be certain the user exists.
746 */
747 pg_authid_rel = table_open(AuthIdRelationId, RowExclusiveLock);
748 pg_authid_dsc = RelationGetDescr(pg_authid_rel);
749
750 tuple = get_rolespec_tuple(stmt->role);
751 authform = (Form_pg_authid) GETSTRUCT(tuple);
752 rolename = pstrdup(NameStr(authform->rolname));
753 roleid = authform->oid;
754
755 /* To mess with a superuser in any way you gotta be superuser. */
756 if (!superuser() && authform->rolsuper)
758 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
759 errmsg("permission denied to alter role"),
760 errdetail("Only roles with the %s attribute may alter roles with the %s attribute.",
761 "SUPERUSER", "SUPERUSER")));
762 if (!superuser() && dissuper)
764 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
765 errmsg("permission denied to alter role"),
766 errdetail("Only roles with the %s attribute may change the %s attribute.",
767 "SUPERUSER", "SUPERUSER")));
768
769 /*
770 * Most changes to a role require that you both have CREATEROLE privileges
771 * and also ADMIN OPTION on the role.
772 */
774 !is_admin_of_role(GetUserId(), roleid))
775 {
776 /* things an unprivileged user certainly can't do */
777 if (dinherit || dcreaterole || dcreatedb || dcanlogin || dconnlimit ||
778 dvalidUntil || disreplication || dbypassRLS)
780 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
781 errmsg("permission denied to alter role"),
782 errdetail("Only roles with the %s attribute and the %s option on role \"%s\" may alter this role.",
783 "CREATEROLE", "ADMIN", rolename)));
784
785 /* an unprivileged user can change their own password */
786 if (dpassword && roleid != currentUserId)
788 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
789 errmsg("permission denied to alter role"),
790 errdetail("To change another role's password, the current user must have the %s attribute and the %s option on the role.",
791 "CREATEROLE", "ADMIN")));
792 }
793 else if (!superuser())
794 {
795 /*
796 * Even if you have both CREATEROLE and ADMIN OPTION on a role, you
797 * can only change the CREATEDB, REPLICATION, or BYPASSRLS attributes
798 * if they are set for your own role (or you are the superuser).
799 */
800 if (dcreatedb && !have_createdb_privilege())
802 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
803 errmsg("permission denied to alter role"),
804 errdetail("Only roles with the %s attribute may change the %s attribute.",
805 "CREATEDB", "CREATEDB")));
806 if (disreplication && !has_rolreplication(currentUserId))
808 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
809 errmsg("permission denied to alter role"),
810 errdetail("Only roles with the %s attribute may change the %s attribute.",
811 "REPLICATION", "REPLICATION")));
812 if (dbypassRLS && !has_bypassrls_privilege(currentUserId))
814 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
815 errmsg("permission denied to alter role"),
816 errdetail("Only roles with the %s attribute may change the %s attribute.",
817 "BYPASSRLS", "BYPASSRLS")));
818 }
819
820 /* To add or drop members, you need ADMIN OPTION. */
821 if (drolemembers && !is_admin_of_role(currentUserId, roleid))
823 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
824 errmsg("permission denied to alter role"),
825 errdetail("Only roles with the %s option on role \"%s\" may add or drop members.",
826 "ADMIN", rolename)));
827
828 /* Convert validuntil to internal form */
829 if (dvalidUntil)
830 {
831 validUntil_datum = DirectFunctionCall3(timestamptz_in,
832 CStringGetDatum(validUntil),
834 Int32GetDatum(-1));
835 validUntil_null = false;
836 }
837 else
838 {
839 /* fetch existing setting in case hook needs it */
840 validUntil_datum = SysCacheGetAttr(AUTHNAME, tuple,
841 Anum_pg_authid_rolvaliduntil,
842 &validUntil_null);
843 }
844
845 /*
846 * Call the password checking hook if there is one defined
847 */
849 (*check_password_hook) (rolename,
850 password,
852 validUntil_datum,
853 validUntil_null);
854
855 /*
856 * Build an updated tuple, perusing the information just obtained
857 */
858
859 /*
860 * issuper/createrole/etc
861 */
862 if (dissuper)
863 {
864 bool should_be_super = boolVal(dissuper->arg);
865
866 if (!should_be_super && roleid == BOOTSTRAP_SUPERUSERID)
868 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
869 errmsg("permission denied to alter role"),
870 errdetail("The bootstrap superuser must have the %s attribute.",
871 "SUPERUSER")));
872
873 new_record[Anum_pg_authid_rolsuper - 1] = BoolGetDatum(should_be_super);
874 new_record_repl[Anum_pg_authid_rolsuper - 1] = true;
875 }
876
877 if (dinherit)
878 {
879 new_record[Anum_pg_authid_rolinherit - 1] = BoolGetDatum(boolVal(dinherit->arg));
880 new_record_repl[Anum_pg_authid_rolinherit - 1] = true;
881 }
882
883 if (dcreaterole)
884 {
885 new_record[Anum_pg_authid_rolcreaterole - 1] = BoolGetDatum(boolVal(dcreaterole->arg));
886 new_record_repl[Anum_pg_authid_rolcreaterole - 1] = true;
887 }
888
889 if (dcreatedb)
890 {
891 new_record[Anum_pg_authid_rolcreatedb - 1] = BoolGetDatum(boolVal(dcreatedb->arg));
892 new_record_repl[Anum_pg_authid_rolcreatedb - 1] = true;
893 }
894
895 if (dcanlogin)
896 {
897 new_record[Anum_pg_authid_rolcanlogin - 1] = BoolGetDatum(boolVal(dcanlogin->arg));
898 new_record_repl[Anum_pg_authid_rolcanlogin - 1] = true;
899 }
900
901 if (disreplication)
902 {
903 new_record[Anum_pg_authid_rolreplication - 1] = BoolGetDatum(boolVal(disreplication->arg));
904 new_record_repl[Anum_pg_authid_rolreplication - 1] = true;
905 }
906
907 if (dconnlimit)
908 {
909 new_record[Anum_pg_authid_rolconnlimit - 1] = Int32GetDatum(connlimit);
910 new_record_repl[Anum_pg_authid_rolconnlimit - 1] = true;
911 }
912
913 /* password */
914 if (password)
915 {
916 char *shadow_pass;
917 const char *logdetail = NULL;
918
919 /* Like in CREATE USER, don't allow an empty password. */
920 if (password[0] == '\0' ||
921 plain_crypt_verify(rolename, password, "", &logdetail) == STATUS_OK)
922 {
924 (errmsg("empty string is not a valid password, clearing password")));
925 new_record_nulls[Anum_pg_authid_rolpassword - 1] = true;
926 }
927 else
928 {
929 /* Encrypt the password to the requested format. */
930 shadow_pass = encrypt_password(Password_encryption, rolename,
931 password);
932 new_record[Anum_pg_authid_rolpassword - 1] =
933 CStringGetTextDatum(shadow_pass);
934 }
935 new_record_repl[Anum_pg_authid_rolpassword - 1] = true;
936 }
937
938 /* unset password */
939 if (dpassword && dpassword->arg == NULL)
940 {
941 new_record_repl[Anum_pg_authid_rolpassword - 1] = true;
942 new_record_nulls[Anum_pg_authid_rolpassword - 1] = true;
943 }
944
945 /* valid until */
946 new_record[Anum_pg_authid_rolvaliduntil - 1] = validUntil_datum;
947 new_record_nulls[Anum_pg_authid_rolvaliduntil - 1] = validUntil_null;
948 new_record_repl[Anum_pg_authid_rolvaliduntil - 1] = true;
949
950 if (dbypassRLS)
951 {
952 new_record[Anum_pg_authid_rolbypassrls - 1] = BoolGetDatum(boolVal(dbypassRLS->arg));
953 new_record_repl[Anum_pg_authid_rolbypassrls - 1] = true;
954 }
955
956 new_tuple = heap_modify_tuple(tuple, pg_authid_dsc, new_record,
957 new_record_nulls, new_record_repl);
958 CatalogTupleUpdate(pg_authid_rel, &tuple->t_self, new_tuple);
959
960 InvokeObjectPostAlterHook(AuthIdRelationId, roleid, 0);
961
962 ReleaseSysCache(tuple);
963 heap_freetuple(new_tuple);
964
966
967 /*
968 * Advance command counter so we can see new record; else tests in
969 * AddRoleMems may fail.
970 */
971 if (drolemembers)
972 {
973 List *rolemembers = (List *) drolemembers->arg;
974
976
977 if (stmt->action == +1) /* add members to role */
978 AddRoleMems(currentUserId, rolename, roleid,
979 rolemembers, roleSpecsToIds(rolemembers),
980 InvalidOid, &popt);
981 else if (stmt->action == -1) /* drop members from role */
982 DelRoleMems(currentUserId, rolename, roleid,
983 rolemembers, roleSpecsToIds(rolemembers),
984 InvalidOid, &popt, DROP_RESTRICT);
985 }
986
987 /*
988 * Close pg_authid, but keep lock till commit.
989 */
990 table_close(pg_authid_rel, NoLock);
991
992 return roleid;
993}
bool is_admin_of_role(Oid member, Oid role)
Definition: acl.c:5398
void check_rolespec_name(const RoleSpec *role, const char *detail_msg)
Definition: acl.c:5695
HeapTuple get_rolespec_tuple(const RoleSpec *role)
Definition: acl.c:5627
bool has_bypassrls_privilege(Oid roleid)
Definition: aclchk.c:4156
Datum timestamptz_in(PG_FUNCTION_ARGS)
Definition: timestamp.c:417
#define CStringGetTextDatum(s)
Definition: builtins.h:97
#define NameStr(name)
Definition: c.h:703
#define STATUS_OK
Definition: c.h:1126
int plain_crypt_verify(const char *role, const char *shadow_pass, const char *client_pass, const char **logdetail)
Definition: crypt.c:256
PasswordType get_password_type(const char *shadow_pass)
Definition: crypt.c:90
char * encrypt_password(PasswordType target_type, const char *role, const char *password)
Definition: crypt.c:117
bool have_createdb_privilege(void)
Definition: dbcommands.c:2952
void errorConflictingDefElem(DefElem *defel, ParseState *pstate)
Definition: define.c:371
int errdetail(const char *fmt,...)
Definition: elog.c:1203
int errcode(int sqlerrcode)
Definition: elog.c:853
int errmsg(const char *fmt,...)
Definition: elog.c:1070
#define _(x)
Definition: elog.c:90
#define ERROR
Definition: elog.h:39
#define elog(elevel,...)
Definition: elog.h:225
#define NOTICE
Definition: elog.h:35
#define ereport(elevel,...)
Definition: elog.h:149
#define DirectFunctionCall3(func, arg1, arg2, arg3)
Definition: fmgr.h:645
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, const Datum *replValues, const bool *replIsnull, const bool *doReplace)
Definition: heaptuple.c:1210
void heap_freetuple(HeapTuple htup)
Definition: heaptuple.c:1435
#define GETSTRUCT(TUP)
Definition: htup_details.h:653
#define stmt
Definition: indent_codes.h:59
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
Definition: indexing.c:313
#define NoLock
Definition: lockdefs.h:34
#define RowExclusiveLock
Definition: lockdefs.h:38
char * pstrdup(const char *in)
Definition: mcxt.c:1696
Oid GetUserId(void)
Definition: miscinit.c:517
bool has_rolreplication(Oid roleid)
Definition: miscinit.c:736
#define InvokeObjectPostAlterHook(classId, objectId, subId)
Definition: objectaccess.h:197
@ DROP_RESTRICT
Definition: parsenodes.h:2385
FormData_pg_authid * Form_pg_authid
Definition: pg_authid.h:56
#define lfirst(lc)
Definition: pg_list.h:172
uintptr_t Datum
Definition: postgres.h:69
static Datum BoolGetDatum(bool X)
Definition: postgres.h:107
static Datum ObjectIdGetDatum(Oid X)
Definition: postgres.h:257
static Datum CStringGetDatum(const char *X)
Definition: postgres.h:355
static Datum Int32GetDatum(int32 X)
Definition: postgres.h:217
#define InvalidOid
Definition: postgres_ext.h:37
unsigned int Oid
Definition: postgres_ext.h:32
#define RelationGetDescr(relation)
Definition: rel.h:531
static char * password
Definition: streamutil.c:52
char * defname
Definition: parsenodes.h:826
Node * arg
Definition: parsenodes.h:827
ItemPointerData t_self
Definition: htup.h:65
Definition: pg_list.h:54
bool superuser(void)
Definition: superuser.c:46
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:269
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
Definition: syscache.c:600
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:126
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:40
static bool have_createrole_privilege(void)
Definition: user.c:122
static void InitGrantRoleOptions(GrantRoleOptions *popt)
Definition: user.c:2505
static void AddRoleMems(Oid currentUserId, const char *rolename, Oid roleid, List *memberSpecs, List *memberIds, Oid grantorId, GrantRoleOptions *popt)
Definition: user.c:1681
int Password_encryption
Definition: user.c:85
List * roleSpecsToIds(List *memberNames)
Definition: user.c:1652
check_password_hook_type check_password_hook
Definition: user.c:91
static void DelRoleMems(Oid currentUserId, const char *rolename, Oid roleid, List *memberSpecs, List *memberIds, Oid grantorId, GrantRoleOptions *popt, DropBehavior behavior)
Definition: user.c:1979
#define boolVal(v)
Definition: value.h:81
#define intVal(v)
Definition: value.h:79
#define strVal(v)
Definition: value.h:82
void CommandCounterIncrement(void)
Definition: xact.c:1099

References _, AddRoleMems(), DefElem::arg, BoolGetDatum(), boolVal, CatalogTupleUpdate(), check_password_hook, check_rolespec_name(), CommandCounterIncrement(), CStringGetDatum(), CStringGetTextDatum, DefElem::defname, DelRoleMems(), DirectFunctionCall3, DROP_RESTRICT, elog, encrypt_password(), ereport, errcode(), errdetail(), errmsg(), ERROR, errorConflictingDefElem(), get_password_type(), get_rolespec_tuple(), GETSTRUCT, GetUserId(), has_bypassrls_privilege(), has_rolreplication(), have_createdb_privilege(), have_createrole_privilege(), heap_freetuple(), heap_modify_tuple(), InitGrantRoleOptions(), Int32GetDatum(), intVal, InvalidOid, InvokeObjectPostAlterHook, is_admin_of_role(), lfirst, NameStr, NoLock, NOTICE, ObjectIdGetDatum(), password, Password_encryption, plain_crypt_verify(), pstrdup(), RelationGetDescr, ReleaseSysCache(), roleSpecsToIds(), RowExclusiveLock, STATUS_OK, stmt, strVal, superuser(), SysCacheGetAttr(), HeapTupleData::t_self, table_close(), table_open(), and timestamptz_in().

Referenced by standard_ProcessUtility().

◆ AlterRoleSet()

Oid AlterRoleSet ( AlterRoleSetStmt stmt)

Definition at line 1000 of file user.c.

1001{
1002 HeapTuple roletuple;
1003 Form_pg_authid roleform;
1004 Oid databaseid = InvalidOid;
1005 Oid roleid = InvalidOid;
1006
1007 if (stmt->role)
1008 {
1010 _("Cannot alter reserved roles."));
1011
1012 roletuple = get_rolespec_tuple(stmt->role);
1013 roleform = (Form_pg_authid) GETSTRUCT(roletuple);
1014 roleid = roleform->oid;
1015
1016 /*
1017 * Obtain a lock on the role and make sure it didn't go away in the
1018 * meantime.
1019 */
1020 shdepLockAndCheckObject(AuthIdRelationId, roleid);
1021
1022 /*
1023 * To mess with a superuser you gotta be superuser; otherwise you need
1024 * CREATEROLE plus admin option on the target role; unless you're just
1025 * trying to change your own settings
1026 */
1027 if (roleform->rolsuper)
1028 {
1029 if (!superuser())
1030 ereport(ERROR,
1031 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1032 errmsg("permission denied to alter role"),
1033 errdetail("Only roles with the %s attribute may alter roles with the %s attribute.",
1034 "SUPERUSER", "SUPERUSER")));
1035 }
1036 else
1037 {
1038 if ((!have_createrole_privilege() ||
1039 !is_admin_of_role(GetUserId(), roleid))
1040 && roleid != GetUserId())
1041 ereport(ERROR,
1042 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1043 errmsg("permission denied to alter role"),
1044 errdetail("Only roles with the %s attribute and the %s option on role \"%s\" may alter this role.",
1045 "CREATEROLE", "ADMIN", NameStr(roleform->rolname))));
1046 }
1047
1048 ReleaseSysCache(roletuple);
1049 }
1050
1051 /* look up and lock the database, if specified */
1052 if (stmt->database != NULL)
1053 {
1054 databaseid = get_database_oid(stmt->database, false);
1055 shdepLockAndCheckObject(DatabaseRelationId, databaseid);
1056
1057 if (!stmt->role)
1058 {
1059 /*
1060 * If no role is specified, then this is effectively the same as
1061 * ALTER DATABASE ... SET, so use the same permission check.
1062 */
1063 if (!object_ownercheck(DatabaseRelationId, databaseid, GetUserId()))
1065 stmt->database);
1066 }
1067 }
1068
1069 if (!stmt->role && !stmt->database)
1070 {
1071 /* Must be superuser to alter settings globally. */
1072 if (!superuser())
1073 ereport(ERROR,
1074 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1075 errmsg("permission denied to alter setting"),
1076 errdetail("Only roles with the %s attribute may alter settings globally.",
1077 "SUPERUSER")));
1078 }
1079
1080 AlterSetting(databaseid, roleid, stmt->setstmt);
1081
1082 return roleid;
1083}
@ ACLCHECK_NOT_OWNER
Definition: acl.h:185
void aclcheck_error(AclResult aclerr, ObjectType objtype, const char *objectname)
Definition: aclchk.c:2622
bool object_ownercheck(Oid classid, Oid objectid, Oid roleid)
Definition: aclchk.c:4058
Oid get_database_oid(const char *dbname, bool missing_ok)
Definition: dbcommands.c:3140
@ OBJECT_DATABASE
Definition: parsenodes.h:2321
void AlterSetting(Oid databaseid, Oid roleid, VariableSetStmt *setstmt)
void shdepLockAndCheckObject(Oid classId, Oid objectId)
Definition: pg_shdepend.c:1211

References _, aclcheck_error(), ACLCHECK_NOT_OWNER, AlterSetting(), check_rolespec_name(), ereport, errcode(), errdetail(), errmsg(), ERROR, get_database_oid(), get_rolespec_tuple(), GETSTRUCT, GetUserId(), have_createrole_privilege(), InvalidOid, is_admin_of_role(), NameStr, OBJECT_DATABASE, object_ownercheck(), ReleaseSysCache(), shdepLockAndCheckObject(), stmt, and superuser().

Referenced by standard_ProcessUtility().

◆ assign_createrole_self_grant()

void assign_createrole_self_grant ( const char *  newval,
void *  extra 
)

Definition at line 2568 of file user.c.

2569{
2570 unsigned options = *(unsigned *) extra;
2571
2581}
unsigned specified
Definition: user.c:74
bool admin
Definition: user.c:75
bool set
Definition: user.c:77
bool inherit
Definition: user.c:76
#define GRANT_ROLE_SPECIFIED_ADMIN
Definition: user.c:80
static GrantRoleOptions createrole_self_grant_options
Definition: user.c:88
static bool createrole_self_grant_enabled
Definition: user.c:87
#define GRANT_ROLE_SPECIFIED_SET
Definition: user.c:82
#define GRANT_ROLE_SPECIFIED_INHERIT
Definition: user.c:81

References GrantRoleOptions::admin, createrole_self_grant_enabled, createrole_self_grant_options, GRANT_ROLE_SPECIFIED_ADMIN, GRANT_ROLE_SPECIFIED_INHERIT, GRANT_ROLE_SPECIFIED_SET, GrantRoleOptions::inherit, GrantRoleOptions::set, and GrantRoleOptions::specified.

◆ check_createrole_self_grant()

bool check_createrole_self_grant ( char **  newval,
void **  extra,
GucSource  source 
)

Definition at line 2517 of file user.c.

2518{
2519 char *rawstring;
2520 List *elemlist;
2521 ListCell *l;
2522 unsigned options = 0;
2523 unsigned *result;
2524
2525 /* Need a modifiable copy of string */
2526 rawstring = pstrdup(*newval);
2527
2528 if (!SplitIdentifierString(rawstring, ',', &elemlist))
2529 {
2530 /* syntax error in list */
2531 GUC_check_errdetail("List syntax is invalid.");
2532 pfree(rawstring);
2533 list_free(elemlist);
2534 return false;
2535 }
2536
2537 foreach(l, elemlist)
2538 {
2539 char *tok = (char *) lfirst(l);
2540
2541 if (pg_strcasecmp(tok, "SET") == 0)
2543 else if (pg_strcasecmp(tok, "INHERIT") == 0)
2545 else
2546 {
2547 GUC_check_errdetail("Unrecognized key word: \"%s\".", tok);
2548 pfree(rawstring);
2549 list_free(elemlist);
2550 return false;
2551 }
2552 }
2553
2554 pfree(rawstring);
2555 list_free(elemlist);
2556
2557 result = (unsigned *) guc_malloc(LOG, sizeof(unsigned));
2558 *result = options;
2559 *extra = result;
2560
2561 return true;
2562}
#define LOG
Definition: elog.h:31
void * guc_malloc(int elevel, size_t size)
Definition: guc.c:638
#define newval
#define GUC_check_errdetail
Definition: guc.h:476
void list_free(List *list)
Definition: list.c:1546
void pfree(void *pointer)
Definition: mcxt.c:1521
static char ** options
int pg_strcasecmp(const char *s1, const char *s2)
Definition: pgstrcasecmp.c:36
bool SplitIdentifierString(char *rawstring, char separator, List **namelist)
Definition: varlena.c:3432

References GRANT_ROLE_SPECIFIED_INHERIT, GRANT_ROLE_SPECIFIED_SET, GUC_check_errdetail, guc_malloc(), lfirst, list_free(), LOG, newval, options, pfree(), pg_strcasecmp(), pstrdup(), and SplitIdentifierString().

◆ CreateRole()

Oid CreateRole ( ParseState pstate,
CreateRoleStmt stmt 
)

Definition at line 132 of file user.c.

133{
134 Relation pg_authid_rel;
135 TupleDesc pg_authid_dsc;
136 HeapTuple tuple;
137 Datum new_record[Natts_pg_authid] = {0};
138 bool new_record_nulls[Natts_pg_authid] = {0};
139 Oid currentUserId = GetUserId();
140 Oid roleid;
141 ListCell *item;
143 char *password = NULL; /* user password */
144 bool issuper = false; /* Make the user a superuser? */
145 bool inherit = true; /* Auto inherit privileges? */
146 bool createrole = false; /* Can this user create roles? */
147 bool createdb = false; /* Can the user create databases? */
148 bool canlogin = false; /* Can this user login? */
149 bool isreplication = false; /* Is this a replication role? */
150 bool bypassrls = false; /* Is this a row security enabled role? */
151 int connlimit = -1; /* maximum connections allowed */
152 List *addroleto = NIL; /* roles to make this a member of */
153 List *rolemembers = NIL; /* roles to be members of this role */
154 List *adminmembers = NIL; /* roles to be admins of this role */
155 char *validUntil = NULL; /* time the login is valid until */
156 Datum validUntil_datum; /* same, as timestamptz Datum */
157 bool validUntil_null;
158 DefElem *dpassword = NULL;
159 DefElem *dissuper = NULL;
160 DefElem *dinherit = NULL;
161 DefElem *dcreaterole = NULL;
162 DefElem *dcreatedb = NULL;
163 DefElem *dcanlogin = NULL;
164 DefElem *disreplication = NULL;
165 DefElem *dconnlimit = NULL;
166 DefElem *daddroleto = NULL;
167 DefElem *drolemembers = NULL;
168 DefElem *dadminmembers = NULL;
169 DefElem *dvalidUntil = NULL;
170 DefElem *dbypassRLS = NULL;
171 GrantRoleOptions popt;
172
173 /* The defaults can vary depending on the original statement type */
174 switch (stmt->stmt_type)
175 {
176 case ROLESTMT_ROLE:
177 break;
178 case ROLESTMT_USER:
179 canlogin = true;
180 /* may eventually want inherit to default to false here */
181 break;
182 case ROLESTMT_GROUP:
183 break;
184 }
185
186 /* Extract options from the statement node tree */
187 foreach(option, stmt->options)
188 {
189 DefElem *defel = (DefElem *) lfirst(option);
190
191 if (strcmp(defel->defname, "password") == 0)
192 {
193 if (dpassword)
194 errorConflictingDefElem(defel, pstate);
195 dpassword = defel;
196 }
197 else if (strcmp(defel->defname, "sysid") == 0)
198 {
200 (errmsg("SYSID can no longer be specified")));
201 }
202 else if (strcmp(defel->defname, "superuser") == 0)
203 {
204 if (dissuper)
205 errorConflictingDefElem(defel, pstate);
206 dissuper = defel;
207 }
208 else if (strcmp(defel->defname, "inherit") == 0)
209 {
210 if (dinherit)
211 errorConflictingDefElem(defel, pstate);
212 dinherit = defel;
213 }
214 else if (strcmp(defel->defname, "createrole") == 0)
215 {
216 if (dcreaterole)
217 errorConflictingDefElem(defel, pstate);
218 dcreaterole = defel;
219 }
220 else if (strcmp(defel->defname, "createdb") == 0)
221 {
222 if (dcreatedb)
223 errorConflictingDefElem(defel, pstate);
224 dcreatedb = defel;
225 }
226 else if (strcmp(defel->defname, "canlogin") == 0)
227 {
228 if (dcanlogin)
229 errorConflictingDefElem(defel, pstate);
230 dcanlogin = defel;
231 }
232 else if (strcmp(defel->defname, "isreplication") == 0)
233 {
234 if (disreplication)
235 errorConflictingDefElem(defel, pstate);
236 disreplication = defel;
237 }
238 else if (strcmp(defel->defname, "connectionlimit") == 0)
239 {
240 if (dconnlimit)
241 errorConflictingDefElem(defel, pstate);
242 dconnlimit = defel;
243 }
244 else if (strcmp(defel->defname, "addroleto") == 0)
245 {
246 if (daddroleto)
247 errorConflictingDefElem(defel, pstate);
248 daddroleto = defel;
249 }
250 else if (strcmp(defel->defname, "rolemembers") == 0)
251 {
252 if (drolemembers)
253 errorConflictingDefElem(defel, pstate);
254 drolemembers = defel;
255 }
256 else if (strcmp(defel->defname, "adminmembers") == 0)
257 {
258 if (dadminmembers)
259 errorConflictingDefElem(defel, pstate);
260 dadminmembers = defel;
261 }
262 else if (strcmp(defel->defname, "validUntil") == 0)
263 {
264 if (dvalidUntil)
265 errorConflictingDefElem(defel, pstate);
266 dvalidUntil = defel;
267 }
268 else if (strcmp(defel->defname, "bypassrls") == 0)
269 {
270 if (dbypassRLS)
271 errorConflictingDefElem(defel, pstate);
272 dbypassRLS = defel;
273 }
274 else
275 elog(ERROR, "option \"%s\" not recognized",
276 defel->defname);
277 }
278
279 if (dpassword && dpassword->arg)
280 password = strVal(dpassword->arg);
281 if (dissuper)
282 issuper = boolVal(dissuper->arg);
283 if (dinherit)
284 inherit = boolVal(dinherit->arg);
285 if (dcreaterole)
286 createrole = boolVal(dcreaterole->arg);
287 if (dcreatedb)
288 createdb = boolVal(dcreatedb->arg);
289 if (dcanlogin)
290 canlogin = boolVal(dcanlogin->arg);
291 if (disreplication)
292 isreplication = boolVal(disreplication->arg);
293 if (dconnlimit)
294 {
295 connlimit = intVal(dconnlimit->arg);
296 if (connlimit < -1)
298 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
299 errmsg("invalid connection limit: %d", connlimit)));
300 }
301 if (daddroleto)
302 addroleto = (List *) daddroleto->arg;
303 if (drolemembers)
304 rolemembers = (List *) drolemembers->arg;
305 if (dadminmembers)
306 adminmembers = (List *) dadminmembers->arg;
307 if (dvalidUntil)
308 validUntil = strVal(dvalidUntil->arg);
309 if (dbypassRLS)
310 bypassrls = boolVal(dbypassRLS->arg);
311
312 /* Check some permissions first */
313 if (!superuser_arg(currentUserId))
314 {
315 if (!has_createrole_privilege(currentUserId))
317 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
318 errmsg("permission denied to create role"),
319 errdetail("Only roles with the %s attribute may create roles.",
320 "CREATEROLE")));
321 if (issuper)
323 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
324 errmsg("permission denied to create role"),
325 errdetail("Only roles with the %s attribute may create roles with the %s attribute.",
326 "SUPERUSER", "SUPERUSER")));
329 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
330 errmsg("permission denied to create role"),
331 errdetail("Only roles with the %s attribute may create roles with the %s attribute.",
332 "CREATEDB", "CREATEDB")));
333 if (isreplication && !has_rolreplication(currentUserId))
335 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
336 errmsg("permission denied to create role"),
337 errdetail("Only roles with the %s attribute may create roles with the %s attribute.",
338 "REPLICATION", "REPLICATION")));
339 if (bypassrls && !has_bypassrls_privilege(currentUserId))
341 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
342 errmsg("permission denied to create role"),
343 errdetail("Only roles with the %s attribute may create roles with the %s attribute.",
344 "BYPASSRLS", "BYPASSRLS")));
345 }
346
347 /*
348 * Check that the user is not trying to create a role in the reserved
349 * "pg_" namespace.
350 */
351 if (IsReservedName(stmt->role))
353 (errcode(ERRCODE_RESERVED_NAME),
354 errmsg("role name \"%s\" is reserved",
355 stmt->role),
356 errdetail("Role names starting with \"pg_\" are reserved.")));
357
358 /*
359 * If built with appropriate switch, whine when regression-testing
360 * conventions for role names are violated.
361 */
362#ifdef ENFORCE_REGRESSION_TEST_NAME_RESTRICTIONS
363 if (strncmp(stmt->role, "regress_", 8) != 0)
364 elog(WARNING, "roles created by regression test cases should have names starting with \"regress_\"");
365#endif
366
367 /*
368 * Check the pg_authid relation to be certain the role doesn't already
369 * exist.
370 */
371 pg_authid_rel = table_open(AuthIdRelationId, RowExclusiveLock);
372 pg_authid_dsc = RelationGetDescr(pg_authid_rel);
373
374 if (OidIsValid(get_role_oid(stmt->role, true)))
377 errmsg("role \"%s\" already exists",
378 stmt->role)));
379
380 /* Convert validuntil to internal form */
381 if (validUntil)
382 {
383 validUntil_datum = DirectFunctionCall3(timestamptz_in,
384 CStringGetDatum(validUntil),
386 Int32GetDatum(-1));
387 validUntil_null = false;
388 }
389 else
390 {
391 validUntil_datum = (Datum) 0;
392 validUntil_null = true;
393 }
394
395 /*
396 * Call the password checking hook if there is one defined
397 */
399 (*check_password_hook) (stmt->role,
400 password,
402 validUntil_datum,
403 validUntil_null);
404
405 /*
406 * Build a tuple to insert
407 */
408 new_record[Anum_pg_authid_rolname - 1] =
410 new_record[Anum_pg_authid_rolsuper - 1] = BoolGetDatum(issuper);
411 new_record[Anum_pg_authid_rolinherit - 1] = BoolGetDatum(inherit);
412 new_record[Anum_pg_authid_rolcreaterole - 1] = BoolGetDatum(createrole);
413 new_record[Anum_pg_authid_rolcreatedb - 1] = BoolGetDatum(createdb);
414 new_record[Anum_pg_authid_rolcanlogin - 1] = BoolGetDatum(canlogin);
415 new_record[Anum_pg_authid_rolreplication - 1] = BoolGetDatum(isreplication);
416 new_record[Anum_pg_authid_rolconnlimit - 1] = Int32GetDatum(connlimit);
417
418 if (password)
419 {
420 char *shadow_pass;
421 const char *logdetail = NULL;
422
423 /*
424 * Don't allow an empty password. Libpq treats an empty password the
425 * same as no password at all, and won't even try to authenticate. But
426 * other clients might, so allowing it would be confusing. By clearing
427 * the password when an empty string is specified, the account is
428 * consistently locked for all clients.
429 *
430 * Note that this only covers passwords stored in the database itself.
431 * There are also checks in the authentication code, to forbid an
432 * empty password from being used with authentication methods that
433 * fetch the password from an external system, like LDAP or PAM.
434 */
435 if (password[0] == '\0' ||
436 plain_crypt_verify(stmt->role, password, "", &logdetail) == STATUS_OK)
437 {
439 (errmsg("empty string is not a valid password, clearing password")));
440 new_record_nulls[Anum_pg_authid_rolpassword - 1] = true;
441 }
442 else
443 {
444 /* Encrypt the password to the requested format. */
445 shadow_pass = encrypt_password(Password_encryption, stmt->role,
446 password);
447 new_record[Anum_pg_authid_rolpassword - 1] =
448 CStringGetTextDatum(shadow_pass);
449 }
450 }
451 else
452 new_record_nulls[Anum_pg_authid_rolpassword - 1] = true;
453
454 new_record[Anum_pg_authid_rolvaliduntil - 1] = validUntil_datum;
455 new_record_nulls[Anum_pg_authid_rolvaliduntil - 1] = validUntil_null;
456
457 new_record[Anum_pg_authid_rolbypassrls - 1] = BoolGetDatum(bypassrls);
458
459 /*
460 * pg_largeobject_metadata contains pg_authid.oid's, so we use the
461 * binary-upgrade override.
462 */
463 if (IsBinaryUpgrade)
464 {
467 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
468 errmsg("pg_authid OID value not set when in binary upgrade mode")));
469
472 }
473 else
474 {
475 roleid = GetNewOidWithIndex(pg_authid_rel, AuthIdOidIndexId,
476 Anum_pg_authid_oid);
477 }
478
479 new_record[Anum_pg_authid_oid - 1] = ObjectIdGetDatum(roleid);
480
481 tuple = heap_form_tuple(pg_authid_dsc, new_record, new_record_nulls);
482
483 /*
484 * Insert new record in the pg_authid table
485 */
486 CatalogTupleInsert(pg_authid_rel, tuple);
487
488 /*
489 * Advance command counter so we can see new record; else tests in
490 * AddRoleMems may fail.
491 */
492 if (addroleto || adminmembers || rolemembers)
494
495 /* Default grant. */
497
498 /*
499 * Add the new role to the specified existing roles.
500 */
501 if (addroleto)
502 {
503 RoleSpec *thisrole = makeNode(RoleSpec);
504 List *thisrole_list = list_make1(thisrole);
505 List *thisrole_oidlist = list_make1_oid(roleid);
506
507 thisrole->roletype = ROLESPEC_CSTRING;
508 thisrole->rolename = stmt->role;
509 thisrole->location = -1;
510
511 foreach(item, addroleto)
512 {
513 RoleSpec *oldrole = lfirst(item);
514 HeapTuple oldroletup = get_rolespec_tuple(oldrole);
515 Form_pg_authid oldroleform = (Form_pg_authid) GETSTRUCT(oldroletup);
516 Oid oldroleid = oldroleform->oid;
517 char *oldrolename = NameStr(oldroleform->rolname);
518
519 /* can only add this role to roles for which you have rights */
520 check_role_membership_authorization(currentUserId, oldroleid, true);
521 AddRoleMems(currentUserId, oldrolename, oldroleid,
522 thisrole_list,
523 thisrole_oidlist,
524 InvalidOid, &popt);
525
526 ReleaseSysCache(oldroletup);
527 }
528 }
529
530 /*
531 * If the current user isn't a superuser, make them an admin of the new
532 * role so that they can administer the new object they just created.
533 * Superusers will be able to do that anyway.
534 *
535 * The grantor of record for this implicit grant is the bootstrap
536 * superuser, which means that the CREATEROLE user cannot revoke the
537 * grant. They can however grant the created role back to themselves with
538 * different options, since they enjoy ADMIN OPTION on it.
539 */
540 if (!superuser())
541 {
542 RoleSpec *current_role = makeNode(RoleSpec);
543 GrantRoleOptions poptself;
544 List *memberSpecs;
545 List *memberIds = list_make1_oid(currentUserId);
546
547 current_role->roletype = ROLESPEC_CURRENT_ROLE;
548 current_role->location = -1;
549 memberSpecs = list_make1(current_role);
550
554 poptself.admin = true;
555 poptself.inherit = false;
556 poptself.set = false;
557
558 AddRoleMems(BOOTSTRAP_SUPERUSERID, stmt->role, roleid,
559 memberSpecs, memberIds,
560 BOOTSTRAP_SUPERUSERID, &poptself);
561
562 /*
563 * We must make the implicit grant visible to the code below, else the
564 * additional grants will fail.
565 */
567
568 /*
569 * Because of the implicit grant above, a CREATEROLE user who creates
570 * a role has the ability to grant that role back to themselves with
571 * the INHERIT or SET options, if they wish to inherit the role's
572 * privileges or be able to SET ROLE to it. The createrole_self_grant
573 * GUC can be used to make this happen automatically. This has no
574 * security implications since the same user is able to make the same
575 * grant using an explicit GRANT statement; it's just convenient.
576 */
578 AddRoleMems(currentUserId, stmt->role, roleid,
579 memberSpecs, memberIds,
580 currentUserId, &createrole_self_grant_options);
581 }
582
583 /*
584 * Add the specified members to this new role. adminmembers get the admin
585 * option, rolemembers don't.
586 *
587 * NB: No permissions check is required here. If you have enough rights to
588 * create a role, you can add any members you like.
589 */
590 AddRoleMems(currentUserId, stmt->role, roleid,
591 rolemembers, roleSpecsToIds(rolemembers),
592 InvalidOid, &popt);
594 popt.admin = true;
595 AddRoleMems(currentUserId, stmt->role, roleid,
596 adminmembers, roleSpecsToIds(adminmembers),
597 InvalidOid, &popt);
598
599 /* Post creation hook for new role */
600 InvokeObjectPostCreateHook(AuthIdRelationId, roleid, 0);
601
602 /*
603 * Close pg_authid, but keep lock till commit.
604 */
605 table_close(pg_authid_rel, NoLock);
606
607 return roleid;
608}
Oid get_role_oid(const char *rolname, bool missing_ok)
Definition: acl.c:5554
bool has_createrole_privilege(Oid roleid)
Definition: aclchk.c:4137
#define OidIsValid(objectId)
Definition: c.h:732
Oid GetNewOidWithIndex(Relation relation, Oid indexId, AttrNumber oidcolumn)
Definition: catalog.c:419
bool IsReservedName(const char *name)
Definition: catalog.c:247
Oid createdb(ParseState *pstate, const CreatedbStmt *stmt)
Definition: dbcommands.c:683
#define WARNING
Definition: elog.h:36
#define DirectFunctionCall1(func, arg1)
Definition: fmgr.h:641
bool IsBinaryUpgrade
Definition: globals.c:120
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
Definition: heaptuple.c:1117
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
Definition: indexing.c:233
if(TABLE==NULL||TABLE_index==NULL)
Definition: isn.c:76
Datum namein(PG_FUNCTION_ARGS)
Definition: name.c:48
#define makeNode(_type_)
Definition: nodes.h:155
#define InvokeObjectPostCreateHook(classId, objectId, subId)
Definition: objectaccess.h:173
@ ROLESPEC_CSTRING
Definition: parsenodes.h:405
@ ROLESPEC_CURRENT_ROLE
Definition: parsenodes.h:406
@ ROLESTMT_ROLE
Definition: parsenodes.h:3149
@ ROLESTMT_USER
Definition: parsenodes.h:3150
@ ROLESTMT_GROUP
Definition: parsenodes.h:3151
#define NIL
Definition: pg_list.h:68
#define list_make1_oid(x1)
Definition: pg_list.h:242
#define list_make1(x1)
Definition: pg_list.h:212
#define ERRCODE_DUPLICATE_OBJECT
Definition: streamutil.c:30
ParseLoc location
Definition: parsenodes.h:417
RoleSpecType roletype
Definition: parsenodes.h:415
char * rolename
Definition: parsenodes.h:416
bool superuser_arg(Oid roleid)
Definition: superuser.c:56
static void check_role_membership_authorization(Oid currentUserId, Oid roleid, bool is_grant)
Definition: user.c:2111
Oid binary_upgrade_next_pg_authid_oid
Definition: user.c:70

References AddRoleMems(), GrantRoleOptions::admin, DefElem::arg, binary_upgrade_next_pg_authid_oid, BoolGetDatum(), boolVal, CatalogTupleInsert(), check_password_hook, check_role_membership_authorization(), CommandCounterIncrement(), createdb(), createrole_self_grant_enabled, createrole_self_grant_options, CStringGetDatum(), CStringGetTextDatum, DefElem::defname, DirectFunctionCall1, DirectFunctionCall3, elog, encrypt_password(), ereport, errcode(), ERRCODE_DUPLICATE_OBJECT, errdetail(), errmsg(), ERROR, errorConflictingDefElem(), get_password_type(), get_role_oid(), get_rolespec_tuple(), GetNewOidWithIndex(), GETSTRUCT, GetUserId(), GRANT_ROLE_SPECIFIED_ADMIN, GRANT_ROLE_SPECIFIED_INHERIT, GRANT_ROLE_SPECIFIED_SET, has_bypassrls_privilege(), has_createrole_privilege(), has_rolreplication(), have_createdb_privilege(), heap_form_tuple(), if(), GrantRoleOptions::inherit, InitGrantRoleOptions(), Int32GetDatum(), intVal, InvalidOid, InvokeObjectPostCreateHook, IsBinaryUpgrade, IsReservedName(), lfirst, list_make1, list_make1_oid, RoleSpec::location, makeNode, namein(), NameStr, NIL, NoLock, NOTICE, ObjectIdGetDatum(), OidIsValid, password, Password_encryption, plain_crypt_verify(), RelationGetDescr, ReleaseSysCache(), RoleSpec::rolename, ROLESPEC_CSTRING, ROLESPEC_CURRENT_ROLE, roleSpecsToIds(), ROLESTMT_GROUP, ROLESTMT_ROLE, ROLESTMT_USER, RoleSpec::roletype, RowExclusiveLock, GrantRoleOptions::set, GrantRoleOptions::specified, STATUS_OK, stmt, strVal, superuser(), superuser_arg(), table_close(), table_open(), timestamptz_in(), and WARNING.

Referenced by standard_ProcessUtility().

◆ DropOwnedObjects()

void DropOwnedObjects ( DropOwnedStmt stmt)

Definition at line 1583 of file user.c.

1584{
1585 List *role_ids = roleSpecsToIds(stmt->roles);
1586 ListCell *cell;
1587
1588 /* Check privileges */
1589 foreach(cell, role_ids)
1590 {
1591 Oid roleid = lfirst_oid(cell);
1592
1593 if (!has_privs_of_role(GetUserId(), roleid))
1594 ereport(ERROR,
1595 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1596 errmsg("permission denied to drop objects"),
1597 errdetail("Only roles with privileges of role \"%s\" may drop objects owned by it.",
1598 GetUserNameFromId(roleid, false))));
1599 }
1600
1601 /* Ok, do it */
1602 shdepDropOwned(role_ids, stmt->behavior);
1603}
bool has_privs_of_role(Oid member, Oid role)
Definition: acl.c:5268
char * GetUserNameFromId(Oid roleid, bool noerr)
Definition: miscinit.c:1036
#define lfirst_oid(lc)
Definition: pg_list.h:174
void shdepDropOwned(List *roleids, DropBehavior behavior)
Definition: pg_shdepend.c:1342

References ereport, errcode(), errdetail(), errmsg(), ERROR, GetUserId(), GetUserNameFromId(), has_privs_of_role(), lfirst_oid, roleSpecsToIds(), shdepDropOwned(), and stmt.

Referenced by ProcessUtilitySlow().

◆ DropRole()

void DropRole ( DropRoleStmt stmt)

Definition at line 1090 of file user.c.

1091{
1092 Relation pg_authid_rel,
1093 pg_auth_members_rel;
1094 ListCell *item;
1095 List *role_oids = NIL;
1096
1098 ereport(ERROR,
1099 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1100 errmsg("permission denied to drop role"),
1101 errdetail("Only roles with the %s attribute and the %s option on the target roles may drop roles.",
1102 "CREATEROLE", "ADMIN")));
1103
1104 /*
1105 * Scan the pg_authid relation to find the Oid of the role(s) to be
1106 * deleted and perform preliminary permissions and sanity checks.
1107 */
1108 pg_authid_rel = table_open(AuthIdRelationId, RowExclusiveLock);
1109 pg_auth_members_rel = table_open(AuthMemRelationId, RowExclusiveLock);
1110
1111 foreach(item, stmt->roles)
1112 {
1113 RoleSpec *rolspec = lfirst(item);
1114 char *role;
1115 HeapTuple tuple,
1116 tmp_tuple;
1117 Form_pg_authid roleform;
1118 ScanKeyData scankey;
1119 SysScanDesc sscan;
1120 Oid roleid;
1121
1122 if (rolspec->roletype != ROLESPEC_CSTRING)
1123 ereport(ERROR,
1124 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1125 errmsg("cannot use special role specifier in DROP ROLE")));
1126 role = rolspec->rolename;
1127
1128 tuple = SearchSysCache1(AUTHNAME, PointerGetDatum(role));
1129 if (!HeapTupleIsValid(tuple))
1130 {
1131 if (!stmt->missing_ok)
1132 {
1133 ereport(ERROR,
1134 (errcode(ERRCODE_UNDEFINED_OBJECT),
1135 errmsg("role \"%s\" does not exist", role)));
1136 }
1137 else
1138 {
1140 (errmsg("role \"%s\" does not exist, skipping",
1141 role)));
1142 }
1143
1144 continue;
1145 }
1146
1147 roleform = (Form_pg_authid) GETSTRUCT(tuple);
1148 roleid = roleform->oid;
1149
1150 if (roleid == GetUserId())
1151 ereport(ERROR,
1152 (errcode(ERRCODE_OBJECT_IN_USE),
1153 errmsg("current user cannot be dropped")));
1154 if (roleid == GetOuterUserId())
1155 ereport(ERROR,
1156 (errcode(ERRCODE_OBJECT_IN_USE),
1157 errmsg("current user cannot be dropped")));
1158 if (roleid == GetSessionUserId())
1159 ereport(ERROR,
1160 (errcode(ERRCODE_OBJECT_IN_USE),
1161 errmsg("session user cannot be dropped")));
1162
1163 /*
1164 * For safety's sake, we allow createrole holders to drop ordinary
1165 * roles but not superuser roles, and only if they also have ADMIN
1166 * OPTION.
1167 */
1168 if (roleform->rolsuper && !superuser())
1169 ereport(ERROR,
1170 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1171 errmsg("permission denied to drop role"),
1172 errdetail("Only roles with the %s attribute may drop roles with the %s attribute.",
1173 "SUPERUSER", "SUPERUSER")));
1174 if (!is_admin_of_role(GetUserId(), roleid))
1175 ereport(ERROR,
1176 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1177 errmsg("permission denied to drop role"),
1178 errdetail("Only roles with the %s attribute and the %s option on role \"%s\" may drop this role.",
1179 "CREATEROLE", "ADMIN", NameStr(roleform->rolname))));
1180
1181 /* DROP hook for the role being removed */
1182 InvokeObjectDropHook(AuthIdRelationId, roleid, 0);
1183
1184 /* Don't leak the syscache tuple */
1185 ReleaseSysCache(tuple);
1186
1187 /*
1188 * Lock the role, so nobody can add dependencies to her while we drop
1189 * her. We keep the lock until the end of transaction.
1190 */
1191 LockSharedObject(AuthIdRelationId, roleid, 0, AccessExclusiveLock);
1192
1193 /*
1194 * If there is a pg_auth_members entry that has one of the roles to be
1195 * dropped as the roleid or member, it should be silently removed, but
1196 * if there is a pg_auth_members entry that has one of the roles to be
1197 * dropped as the grantor, the operation should fail.
1198 *
1199 * It's possible, however, that a single pg_auth_members entry could
1200 * fall into multiple categories - e.g. the user could do "GRANT foo
1201 * TO bar GRANTED BY baz" and then "DROP ROLE baz, bar". We want such
1202 * an operation to succeed regardless of the order in which the
1203 * to-be-dropped roles are passed to DROP ROLE.
1204 *
1205 * To make that work, we remove all pg_auth_members entries that can
1206 * be silently removed in this loop, and then below we'll make a
1207 * second pass over the list of roles to be removed and check for any
1208 * remaining dependencies.
1209 */
1210 ScanKeyInit(&scankey,
1211 Anum_pg_auth_members_roleid,
1212 BTEqualStrategyNumber, F_OIDEQ,
1213 ObjectIdGetDatum(roleid));
1214
1215 sscan = systable_beginscan(pg_auth_members_rel, AuthMemRoleMemIndexId,
1216 true, NULL, 1, &scankey);
1217
1218 while (HeapTupleIsValid(tmp_tuple = systable_getnext(sscan)))
1219 {
1220 Form_pg_auth_members authmem_form;
1221
1222 authmem_form = (Form_pg_auth_members) GETSTRUCT(tmp_tuple);
1223 deleteSharedDependencyRecordsFor(AuthMemRelationId,
1224 authmem_form->oid, 0);
1225 CatalogTupleDelete(pg_auth_members_rel, &tmp_tuple->t_self);
1226 }
1227
1228 systable_endscan(sscan);
1229
1230 ScanKeyInit(&scankey,
1231 Anum_pg_auth_members_member,
1232 BTEqualStrategyNumber, F_OIDEQ,
1233 ObjectIdGetDatum(roleid));
1234
1235 sscan = systable_beginscan(pg_auth_members_rel, AuthMemMemRoleIndexId,
1236 true, NULL, 1, &scankey);
1237
1238 while (HeapTupleIsValid(tmp_tuple = systable_getnext(sscan)))
1239 {
1240 Form_pg_auth_members authmem_form;
1241
1242 authmem_form = (Form_pg_auth_members) GETSTRUCT(tmp_tuple);
1243 deleteSharedDependencyRecordsFor(AuthMemRelationId,
1244 authmem_form->oid, 0);
1245 CatalogTupleDelete(pg_auth_members_rel, &tmp_tuple->t_self);
1246 }
1247
1248 systable_endscan(sscan);
1249
1250 /*
1251 * Advance command counter so that later iterations of this loop will
1252 * see the changes already made. This is essential if, for example,
1253 * we are trying to drop both a role and one of its direct members ---
1254 * we'll get an error if we try to delete the linking pg_auth_members
1255 * tuple twice. (We do not need a CCI between the two delete loops
1256 * above, because it's not allowed for a role to directly contain
1257 * itself.)
1258 */
1260
1261 /* Looks tentatively OK, add it to the list if not there yet. */
1262 role_oids = list_append_unique_oid(role_oids, roleid);
1263 }
1264
1265 /*
1266 * Second pass over the roles to be removed.
1267 */
1268 foreach(item, role_oids)
1269 {
1270 Oid roleid = lfirst_oid(item);
1271 HeapTuple tuple;
1272 Form_pg_authid roleform;
1273 char *detail;
1274 char *detail_log;
1275
1276 /*
1277 * Re-find the pg_authid tuple.
1278 *
1279 * Since we've taken a lock on the role OID, it shouldn't be possible
1280 * for the tuple to have been deleted -- or for that matter updated --
1281 * unless the user is manually modifying the system catalogs.
1282 */
1283 tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
1284 if (!HeapTupleIsValid(tuple))
1285 elog(ERROR, "could not find tuple for role %u", roleid);
1286 roleform = (Form_pg_authid) GETSTRUCT(tuple);
1287
1288 /*
1289 * Check for pg_shdepend entries depending on this role.
1290 *
1291 * This needs to happen after we've completed removing any
1292 * pg_auth_members entries that can be removed silently, in order to
1293 * avoid spurious failures. See notes above for more details.
1294 */
1295 if (checkSharedDependencies(AuthIdRelationId, roleid,
1296 &detail, &detail_log))
1297 ereport(ERROR,
1298 (errcode(ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST),
1299 errmsg("role \"%s\" cannot be dropped because some objects depend on it",
1300 NameStr(roleform->rolname)),
1301 errdetail_internal("%s", detail),
1302 errdetail_log("%s", detail_log)));
1303
1304 /*
1305 * Remove the role from the pg_authid table
1306 */
1307 CatalogTupleDelete(pg_authid_rel, &tuple->t_self);
1308
1309 ReleaseSysCache(tuple);
1310
1311 /*
1312 * Remove any comments or security labels on this role.
1313 */
1314 DeleteSharedComments(roleid, AuthIdRelationId);
1315 DeleteSharedSecurityLabel(roleid, AuthIdRelationId);
1316
1317 /*
1318 * Remove settings for this role.
1319 */
1320 DropSetting(InvalidOid, roleid);
1321 }
1322
1323 /*
1324 * Now we can clean up; but keep locks until commit.
1325 */
1326 table_close(pg_auth_members_rel, NoLock);
1327 table_close(pg_authid_rel, NoLock);
1328}
void DeleteSharedComments(Oid oid, Oid classoid)
Definition: comment.c:374
int errdetail_internal(const char *fmt,...)
Definition: elog.c:1230
int errdetail_log(const char *fmt,...)
Definition: elog.c:1251
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:606
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:513
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:387
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
Definition: indexing.c:365
List * list_append_unique_oid(List *list, Oid datum)
Definition: list.c:1380
void LockSharedObject(Oid classid, Oid objid, uint16 objsubid, LOCKMODE lockmode)
Definition: lmgr.c:1072
#define AccessExclusiveLock
Definition: lockdefs.h:43
Oid GetOuterUserId(void)
Definition: miscinit.c:528
Oid GetSessionUserId(void)
Definition: miscinit.c:556
#define InvokeObjectDropHook(classId, objectId, subId)
Definition: objectaccess.h:182
FormData_pg_auth_members * Form_pg_auth_members
void DropSetting(Oid databaseid, Oid roleid)
void deleteSharedDependencyRecordsFor(Oid classId, Oid objectId, int32 objectSubId)
Definition: pg_shdepend.c:1047
bool checkSharedDependencies(Oid classId, Oid objectId, char **detail_msg, char **detail_log_msg)
Definition: pg_shdepend.c:676
static Datum PointerGetDatum(const void *X)
Definition: postgres.h:327
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
void DeleteSharedSecurityLabel(Oid objectId, Oid classId)
Definition: seclabel.c:491
#define BTEqualStrategyNumber
Definition: stratnum.h:31
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:221

References AccessExclusiveLock, BTEqualStrategyNumber, CatalogTupleDelete(), checkSharedDependencies(), CommandCounterIncrement(), DeleteSharedComments(), deleteSharedDependencyRecordsFor(), DeleteSharedSecurityLabel(), DropSetting(), elog, ereport, errcode(), errdetail(), errdetail_internal(), errdetail_log(), errmsg(), ERROR, GetOuterUserId(), GetSessionUserId(), GETSTRUCT, GetUserId(), have_createrole_privilege(), HeapTupleIsValid, InvalidOid, InvokeObjectDropHook, is_admin_of_role(), lfirst, lfirst_oid, list_append_unique_oid(), LockSharedObject(), NameStr, NIL, NoLock, NOTICE, ObjectIdGetDatum(), PointerGetDatum(), ReleaseSysCache(), RoleSpec::rolename, ROLESPEC_CSTRING, RoleSpec::roletype, RowExclusiveLock, ScanKeyInit(), SearchSysCache1(), stmt, superuser(), systable_beginscan(), systable_endscan(), systable_getnext(), HeapTupleData::t_self, table_close(), and table_open().

Referenced by standard_ProcessUtility().

◆ GrantRole()

void GrantRole ( ParseState pstate,
GrantRoleStmt stmt 
)

Definition at line 1480 of file user.c.

1481{
1482 Relation pg_authid_rel;
1483 Oid grantor;
1484 List *grantee_ids;
1485 ListCell *item;
1486 GrantRoleOptions popt;
1487 Oid currentUserId = GetUserId();
1488
1489 /* Parse options list. */
1490 InitGrantRoleOptions(&popt);
1491 foreach(item, stmt->opt)
1492 {
1493 DefElem *opt = (DefElem *) lfirst(item);
1494 char *optval = defGetString(opt);
1495
1496 if (strcmp(opt->defname, "admin") == 0)
1497 {
1499
1500 if (parse_bool(optval, &popt.admin))
1501 continue;
1502 }
1503 else if (strcmp(opt->defname, "inherit") == 0)
1504 {
1506 if (parse_bool(optval, &popt.inherit))
1507 continue;
1508 }
1509 else if (strcmp(opt->defname, "set") == 0)
1510 {
1512 if (parse_bool(optval, &popt.set))
1513 continue;
1514 }
1515 else
1516 ereport(ERROR,
1517 errcode(ERRCODE_SYNTAX_ERROR),
1518 errmsg("unrecognized role option \"%s\"", opt->defname),
1519 parser_errposition(pstate, opt->location));
1520
1521 ereport(ERROR,
1522 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1523 errmsg("unrecognized value for role option \"%s\": \"%s\"",
1524 opt->defname, optval),
1525 parser_errposition(pstate, opt->location)));
1526 }
1527
1528 /* Lookup OID of grantor, if specified. */
1529 if (stmt->grantor)
1530 grantor = get_rolespec_oid(stmt->grantor, false);
1531 else
1532 grantor = InvalidOid;
1533
1534 grantee_ids = roleSpecsToIds(stmt->grantee_roles);
1535
1536 /* AccessShareLock is enough since we aren't modifying pg_authid */
1537 pg_authid_rel = table_open(AuthIdRelationId, AccessShareLock);
1538
1539 /*
1540 * Step through all of the granted roles and add, update, or remove
1541 * entries in pg_auth_members as appropriate. If stmt->is_grant is true,
1542 * we are adding new grants or, if they already exist, updating options on
1543 * those grants. If stmt->is_grant is false, we are revoking grants or
1544 * removing options from them.
1545 */
1546 foreach(item, stmt->granted_roles)
1547 {
1548 AccessPriv *priv = (AccessPriv *) lfirst(item);
1549 char *rolename = priv->priv_name;
1550 Oid roleid;
1551
1552 /* Must reject priv(columns) and ALL PRIVILEGES(columns) */
1553 if (rolename == NULL || priv->cols != NIL)
1554 ereport(ERROR,
1555 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1556 errmsg("column names cannot be included in GRANT/REVOKE ROLE")));
1557
1558 roleid = get_role_oid(rolename, false);
1560 roleid, stmt->is_grant);
1561 if (stmt->is_grant)
1562 AddRoleMems(currentUserId, rolename, roleid,
1563 stmt->grantee_roles, grantee_ids,
1564 grantor, &popt);
1565 else
1566 DelRoleMems(currentUserId, rolename, roleid,
1567 stmt->grantee_roles, grantee_ids,
1568 grantor, &popt, stmt->behavior);
1569 }
1570
1571 /*
1572 * Close pg_authid, but keep lock till commit.
1573 */
1574 table_close(pg_authid_rel, NoLock);
1575}
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
Definition: acl.c:5588
bool parse_bool(const char *value, bool *result)
Definition: bool.c:31
char * defGetString(DefElem *def)
Definition: define.c:35
#define AccessShareLock
Definition: lockdefs.h:36
int parser_errposition(ParseState *pstate, int location)
Definition: parse_node.c:106
char * priv_name
Definition: parsenodes.h:2596
List * cols
Definition: parsenodes.h:2597
ParseLoc location
Definition: parsenodes.h:830

References AccessShareLock, AddRoleMems(), GrantRoleOptions::admin, check_role_membership_authorization(), AccessPriv::cols, defGetString(), DefElem::defname, DelRoleMems(), ereport, errcode(), errmsg(), ERROR, get_role_oid(), get_rolespec_oid(), GetUserId(), GRANT_ROLE_SPECIFIED_ADMIN, GRANT_ROLE_SPECIFIED_INHERIT, GRANT_ROLE_SPECIFIED_SET, GrantRoleOptions::inherit, InitGrantRoleOptions(), InvalidOid, lfirst, DefElem::location, NIL, NoLock, parse_bool(), parser_errposition(), AccessPriv::priv_name, roleSpecsToIds(), GrantRoleOptions::set, GrantRoleOptions::specified, stmt, table_close(), and table_open().

Referenced by standard_ProcessUtility().

◆ ReassignOwnedObjects()

void ReassignOwnedObjects ( ReassignOwnedStmt stmt)

Definition at line 1611 of file user.c.

1612{
1613 List *role_ids = roleSpecsToIds(stmt->roles);
1614 ListCell *cell;
1615 Oid newrole;
1616
1617 /* Check privileges */
1618 foreach(cell, role_ids)
1619 {
1620 Oid roleid = lfirst_oid(cell);
1621
1622 if (!has_privs_of_role(GetUserId(), roleid))
1623 ereport(ERROR,
1624 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1625 errmsg("permission denied to reassign objects"),
1626 errdetail("Only roles with privileges of role \"%s\" may reassign objects owned by it.",
1627 GetUserNameFromId(roleid, false))));
1628 }
1629
1630 /* Must have privileges on the receiving side too */
1631 newrole = get_rolespec_oid(stmt->newrole, false);
1632
1633 if (!has_privs_of_role(GetUserId(), newrole))
1634 ereport(ERROR,
1635 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1636 errmsg("permission denied to reassign objects"),
1637 errdetail("Only roles with privileges of role \"%s\" may reassign objects to it.",
1638 GetUserNameFromId(newrole, false))));
1639
1640 /* Ok, do it */
1641 shdepReassignOwned(role_ids, newrole);
1642}
void shdepReassignOwned(List *roleids, Oid newrole)
Definition: pg_shdepend.c:1530

References ereport, errcode(), errdetail(), errmsg(), ERROR, get_rolespec_oid(), GetUserId(), GetUserNameFromId(), has_privs_of_role(), lfirst_oid, roleSpecsToIds(), shdepReassignOwned(), and stmt.

Referenced by standard_ProcessUtility().

◆ RenameRole()

ObjectAddress RenameRole ( const char *  oldname,
const char *  newname 
)

Definition at line 1334 of file user.c.

1335{
1336 HeapTuple oldtuple,
1337 newtuple;
1338 TupleDesc dsc;
1339 Relation rel;
1340 Datum datum;
1341 bool isnull;
1342 Datum repl_val[Natts_pg_authid];
1343 bool repl_null[Natts_pg_authid];
1344 bool repl_repl[Natts_pg_authid];
1345 int i;
1346 Oid roleid;
1347 ObjectAddress address;
1348 Form_pg_authid authform;
1349
1350 rel = table_open(AuthIdRelationId, RowExclusiveLock);
1351 dsc = RelationGetDescr(rel);
1352
1353 oldtuple = SearchSysCache1(AUTHNAME, CStringGetDatum(oldname));
1354 if (!HeapTupleIsValid(oldtuple))
1355 ereport(ERROR,
1356 (errcode(ERRCODE_UNDEFINED_OBJECT),
1357 errmsg("role \"%s\" does not exist", oldname)));
1358
1359 /*
1360 * XXX Client applications probably store the session user somewhere, so
1361 * renaming it could cause confusion. On the other hand, there may not be
1362 * an actual problem besides a little confusion, so think about this and
1363 * decide. Same for SET ROLE ... we don't restrict renaming the current
1364 * effective userid, though.
1365 */
1366
1367 authform = (Form_pg_authid) GETSTRUCT(oldtuple);
1368 roleid = authform->oid;
1369
1370 if (roleid == GetSessionUserId())
1371 ereport(ERROR,
1372 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1373 errmsg("session user cannot be renamed")));
1374 if (roleid == GetOuterUserId())
1375 ereport(ERROR,
1376 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1377 errmsg("current user cannot be renamed")));
1378
1379 /*
1380 * Check that the user is not trying to rename a system role and not
1381 * trying to rename a role into the reserved "pg_" namespace.
1382 */
1383 if (IsReservedName(NameStr(authform->rolname)))
1384 ereport(ERROR,
1385 (errcode(ERRCODE_RESERVED_NAME),
1386 errmsg("role name \"%s\" is reserved",
1387 NameStr(authform->rolname)),
1388 errdetail("Role names starting with \"pg_\" are reserved.")));
1389
1390 if (IsReservedName(newname))
1391 ereport(ERROR,
1392 (errcode(ERRCODE_RESERVED_NAME),
1393 errmsg("role name \"%s\" is reserved",
1394 newname),
1395 errdetail("Role names starting with \"pg_\" are reserved.")));
1396
1397 /*
1398 * If built with appropriate switch, whine when regression-testing
1399 * conventions for role names are violated.
1400 */
1401#ifdef ENFORCE_REGRESSION_TEST_NAME_RESTRICTIONS
1402 if (strncmp(newname, "regress_", 8) != 0)
1403 elog(WARNING, "roles created by regression test cases should have names starting with \"regress_\"");
1404#endif
1405
1406 /* make sure the new name doesn't exist */
1407 if (SearchSysCacheExists1(AUTHNAME, CStringGetDatum(newname)))
1408 ereport(ERROR,
1410 errmsg("role \"%s\" already exists", newname)));
1411
1412 /*
1413 * Only superusers can mess with superusers. Otherwise, a user with
1414 * CREATEROLE can rename a role for which they have ADMIN OPTION.
1415 */
1416 if (authform->rolsuper)
1417 {
1418 if (!superuser())
1419 ereport(ERROR,
1420 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1421 errmsg("permission denied to rename role"),
1422 errdetail("Only roles with the %s attribute may rename roles with the %s attribute.",
1423 "SUPERUSER", "SUPERUSER")));
1424 }
1425 else
1426 {
1428 !is_admin_of_role(GetUserId(), roleid))
1429 ereport(ERROR,
1430 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1431 errmsg("permission denied to rename role"),
1432 errdetail("Only roles with the %s attribute and the %s option on role \"%s\" may rename this role.",
1433 "CREATEROLE", "ADMIN", NameStr(authform->rolname))));
1434 }
1435
1436 /* OK, construct the modified tuple */
1437 for (i = 0; i < Natts_pg_authid; i++)
1438 repl_repl[i] = false;
1439
1440 repl_repl[Anum_pg_authid_rolname - 1] = true;
1441 repl_val[Anum_pg_authid_rolname - 1] = DirectFunctionCall1(namein,
1442 CStringGetDatum(newname));
1443 repl_null[Anum_pg_authid_rolname - 1] = false;
1444
1445 datum = heap_getattr(oldtuple, Anum_pg_authid_rolpassword, dsc, &isnull);
1446
1448 {
1449 /* MD5 uses the username as salt, so just clear it on a rename */
1450 repl_repl[Anum_pg_authid_rolpassword - 1] = true;
1451 repl_null[Anum_pg_authid_rolpassword - 1] = true;
1452
1454 (errmsg("MD5 password cleared because of role rename")));
1455 }
1456
1457 newtuple = heap_modify_tuple(oldtuple, dsc, repl_val, repl_null, repl_repl);
1458 CatalogTupleUpdate(rel, &oldtuple->t_self, newtuple);
1459
1460 InvokeObjectPostAlterHook(AuthIdRelationId, roleid, 0);
1461
1462 ObjectAddressSet(address, AuthIdRelationId, roleid);
1463
1464 ReleaseSysCache(oldtuple);
1465
1466 /*
1467 * Close pg_authid, but keep lock till commit.
1468 */
1469 table_close(rel, NoLock);
1470
1471 return address;
1472}
#define TextDatumGetCString(d)
Definition: builtins.h:98
@ PASSWORD_TYPE_MD5
Definition: crypt.h:43
static Datum heap_getattr(HeapTuple tup, int attnum, TupleDesc tupleDesc, bool *isnull)
Definition: htup_details.h:792
int i
Definition: isn.c:72
#define ObjectAddressSet(addr, class_id, object_id)
Definition: objectaddress.h:40
#define SearchSysCacheExists1(cacheId, key1)
Definition: syscache.h:100

References CatalogTupleUpdate(), CStringGetDatum(), DirectFunctionCall1, elog, ereport, errcode(), ERRCODE_DUPLICATE_OBJECT, errdetail(), errmsg(), ERROR, get_password_type(), GetOuterUserId(), GetSessionUserId(), GETSTRUCT, GetUserId(), have_createrole_privilege(), heap_getattr(), heap_modify_tuple(), HeapTupleIsValid, i, InvokeObjectPostAlterHook, is_admin_of_role(), IsReservedName(), namein(), NameStr, NoLock, NOTICE, ObjectAddressSet, PASSWORD_TYPE_MD5, RelationGetDescr, ReleaseSysCache(), RowExclusiveLock, SearchSysCache1(), SearchSysCacheExists1, superuser(), HeapTupleData::t_self, table_close(), table_open(), TextDatumGetCString, and WARNING.

Referenced by ExecRenameStmt().

◆ roleSpecsToIds()

List * roleSpecsToIds ( List memberNames)

Definition at line 1652 of file user.c.

1653{
1654 List *result = NIL;
1655 ListCell *l;
1656
1657 foreach(l, memberNames)
1658 {
1659 RoleSpec *rolespec = lfirst_node(RoleSpec, l);
1660 Oid roleid;
1661
1662 roleid = get_rolespec_oid(rolespec, false);
1663 result = lappend_oid(result, roleid);
1664 }
1665 return result;
1666}
List * lappend_oid(List *list, Oid datum)
Definition: list.c:375
#define lfirst_node(type, lc)
Definition: pg_list.h:176

References get_rolespec_oid(), lappend_oid(), lfirst_node, and NIL.

Referenced by AlterRole(), AlterTableMoveAll(), CreateRole(), DropOwnedObjects(), GrantRole(), and ReassignOwnedObjects().

Variable Documentation

◆ check_password_hook

PGDLLIMPORT check_password_hook_type check_password_hook
extern

Definition at line 91 of file user.c.

Referenced by _PG_init(), AlterRole(), and CreateRole().

◆ createrole_self_grant

PGDLLIMPORT char* createrole_self_grant
extern

Definition at line 86 of file user.c.

◆ Password_encryption

PGDLLIMPORT int Password_encryption
extern

Definition at line 85 of file user.c.

Referenced by AlterRole(), CheckPWChallengeAuth(), and CreateRole().