Thanks to visit codestin.com
Credit goes to doxygen.postgresql.org

PostgreSQL Source Code git master
Data Structures | Macros | Enumerations | Functions | Variables
acl.c File Reference
#include "postgres.h"
#include <ctype.h>
#include "access/htup_details.h"
#include "catalog/catalog.h"
#include "catalog/namespace.h"
#include "catalog/pg_auth_members.h"
#include "catalog/pg_authid.h"
#include "catalog/pg_class.h"
#include "catalog/pg_database.h"
#include "catalog/pg_foreign_data_wrapper.h"
#include "catalog/pg_foreign_server.h"
#include "catalog/pg_language.h"
#include "catalog/pg_largeobject.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_proc.h"
#include "catalog/pg_tablespace.h"
#include "catalog/pg_type.h"
#include "commands/proclang.h"
#include "commands/tablespace.h"
#include "common/hashfn.h"
#include "foreign/foreign.h"
#include "funcapi.h"
#include "lib/bloomfilter.h"
#include "lib/qunique.h"
#include "miscadmin.h"
#include "storage/large_object.h"
#include "utils/acl.h"
#include "utils/array.h"
#include "utils/builtins.h"
#include "utils/catcache.h"
#include "utils/inval.h"
#include "utils/lsyscache.h"
#include "utils/memutils.h"
#include "utils/snapmgr.h"
#include "utils/syscache.h"
#include "utils/varlena.h"
Include dependency graph for acl.c:

Go to the source code of this file.

Data Structures

struct  priv_map
 

Macros

#define ROLES_LIST_BLOOM_THRESHOLD   1024
 

Enumerations

enum  RoleRecurseType { ROLERECURSE_MEMBERS = 0 , ROLERECURSE_PRIVS = 1 , ROLERECURSE_SETROLE = 2 }
 

Functions

static const char * getid (const char *s, char *n, Node *escontext)
 
static void putid (char *p, const char *s)
 
static Aclallocacl (int n)
 
static void check_acl (const Acl *acl)
 
static const char * aclparse (const char *s, AclItem *aip, Node *escontext)
 
static bool aclitem_match (const AclItem *a1, const AclItem *a2)
 
static int aclitemComparator (const void *arg1, const void *arg2)
 
static void check_circularity (const Acl *old_acl, const AclItem *mod_aip, Oid ownerId)
 
static Aclrecursive_revoke (Acl *acl, Oid grantee, AclMode revoke_privs, Oid ownerId, DropBehavior behavior)
 
static AclMode convert_any_priv_string (text *priv_type_text, const priv_map *privileges)
 
static Oid convert_table_name (text *tablename)
 
static AclMode convert_table_priv_string (text *priv_type_text)
 
static AclMode convert_sequence_priv_string (text *priv_type_text)
 
static AttrNumber convert_column_name (Oid tableoid, text *column)
 
static AclMode convert_column_priv_string (text *priv_type_text)
 
static Oid convert_database_name (text *databasename)
 
static AclMode convert_database_priv_string (text *priv_type_text)
 
static Oid convert_foreign_data_wrapper_name (text *fdwname)
 
static AclMode convert_foreign_data_wrapper_priv_string (text *priv_type_text)
 
static Oid convert_function_name (text *functionname)
 
static AclMode convert_function_priv_string (text *priv_type_text)
 
static Oid convert_language_name (text *languagename)
 
static AclMode convert_language_priv_string (text *priv_type_text)
 
static Oid convert_schema_name (text *schemaname)
 
static AclMode convert_schema_priv_string (text *priv_type_text)
 
static Oid convert_server_name (text *servername)
 
static AclMode convert_server_priv_string (text *priv_type_text)
 
static Oid convert_tablespace_name (text *tablespacename)
 
static AclMode convert_tablespace_priv_string (text *priv_type_text)
 
static Oid convert_type_name (text *typename)
 
static AclMode convert_type_priv_string (text *priv_type_text)
 
static AclMode convert_parameter_priv_string (text *priv_text)
 
static AclMode convert_largeobject_priv_string (text *priv_type_text)
 
static AclMode convert_role_priv_string (text *priv_type_text)
 
static AclResult pg_role_aclcheck (Oid role_oid, Oid roleid, AclMode mode)
 
static void RoleMembershipCacheCallback (Datum arg, int cacheid, uint32 hashvalue)
 
static bool is_safe_acl_char (unsigned char c, bool is_getid)
 
Aclmake_empty_acl (void)
 
Aclaclcopy (const Acl *orig_acl)
 
Aclaclconcat (const Acl *left_acl, const Acl *right_acl)
 
Aclaclmerge (const Acl *left_acl, const Acl *right_acl, Oid ownerId)
 
void aclitemsort (Acl *acl)
 
bool aclequal (const Acl *left_acl, const Acl *right_acl)
 
Datum aclitemin (PG_FUNCTION_ARGS)
 
Datum aclitemout (PG_FUNCTION_ARGS)
 
Datum aclitem_eq (PG_FUNCTION_ARGS)
 
Datum hash_aclitem (PG_FUNCTION_ARGS)
 
Datum hash_aclitem_extended (PG_FUNCTION_ARGS)
 
Aclacldefault (ObjectType objtype, Oid ownerId)
 
Datum acldefault_sql (PG_FUNCTION_ARGS)
 
Aclaclupdate (const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
 
Aclaclnewowner (const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)
 
AclMode aclmask (const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
 
static AclMode aclmask_direct (const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
 
int aclmembers (const Acl *acl, Oid **roleids)
 
Datum aclinsert (PG_FUNCTION_ARGS)
 
Datum aclremove (PG_FUNCTION_ARGS)
 
Datum aclcontains (PG_FUNCTION_ARGS)
 
Datum makeaclitem (PG_FUNCTION_ARGS)
 
static const char * convert_aclright_to_string (int aclright)
 
Datum aclexplode (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_table_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_sequence_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_any_column_privilege_id_id (PG_FUNCTION_ARGS)
 
static int column_privilege_check (Oid tableoid, AttrNumber attnum, Oid roleid, AclMode mode)
 
Datum has_column_privilege_name_name_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_name_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_id_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_id_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_name_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_name_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_id_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_id_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_name_attnum (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_column_privilege_id_attnum (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_database_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_foreign_data_wrapper_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_function_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_language_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_schema_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_server_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_tablespace_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_id_name (PG_FUNCTION_ARGS)
 
Datum has_type_privilege_id_id (PG_FUNCTION_ARGS)
 
static bool has_param_priv_byname (Oid roleid, const text *parameter, AclMode priv)
 
Datum has_parameter_privilege_name_name (PG_FUNCTION_ARGS)
 
Datum has_parameter_privilege_name (PG_FUNCTION_ARGS)
 
Datum has_parameter_privilege_id_name (PG_FUNCTION_ARGS)
 
static bool has_lo_priv_byid (Oid roleid, Oid lobjId, AclMode priv, bool *is_missing)
 
Datum has_largeobject_privilege_name_id (PG_FUNCTION_ARGS)
 
Datum has_largeobject_privilege_id (PG_FUNCTION_ARGS)
 
Datum has_largeobject_privilege_id_id (PG_FUNCTION_ARGS)
 
Datum pg_has_role_name_name (PG_FUNCTION_ARGS)
 
Datum pg_has_role_name (PG_FUNCTION_ARGS)
 
Datum pg_has_role_name_id (PG_FUNCTION_ARGS)
 
Datum pg_has_role_id (PG_FUNCTION_ARGS)
 
Datum pg_has_role_id_name (PG_FUNCTION_ARGS)
 
Datum pg_has_role_id_id (PG_FUNCTION_ARGS)
 
void initialize_acl (void)
 
static Listroles_list_append (List *roles_list, bloom_filter **bf, Oid role)
 
static Listroles_is_member_of (Oid roleid, enum RoleRecurseType type, Oid admin_of, Oid *admin_role)
 
bool has_privs_of_role (Oid member, Oid role)
 
bool member_can_set_role (Oid member, Oid role)
 
void check_can_set_role (Oid member, Oid role)
 
bool is_member_of_role (Oid member, Oid role)
 
bool is_member_of_role_nosuper (Oid member, Oid role)
 
bool is_admin_of_role (Oid member, Oid role)
 
Oid select_best_admin (Oid member, Oid role)
 
void select_best_grantor (Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
 
Oid get_role_oid (const char *rolname, bool missing_ok)
 
Oid get_role_oid_or_public (const char *rolname)
 
Oid get_rolespec_oid (const RoleSpec *role, bool missing_ok)
 
HeapTuple get_rolespec_tuple (const RoleSpec *role)
 
char * get_rolespec_name (const RoleSpec *role)
 
void check_rolespec_name (const RoleSpec *role, const char *detail_msg)
 

Variables

static Oid cached_role [] = {InvalidOid, InvalidOid, InvalidOid}
 
static Listcached_roles [] = {NIL, NIL, NIL}
 
static uint32 cached_db_hash
 

Macro Definition Documentation

◆ ROLES_LIST_BLOOM_THRESHOLD

#define ROLES_LIST_BLOOM_THRESHOLD   1024

Definition at line 90 of file acl.c.

Enumeration Type Documentation

◆ RoleRecurseType

enum RoleRecurseType
Enumerator
ROLERECURSE_MEMBERS 
ROLERECURSE_PRIVS 
ROLERECURSE_SETROLE 

Definition at line 74 of file acl.c.

75{
76 ROLERECURSE_MEMBERS = 0, /* recurse unconditionally */
77 ROLERECURSE_PRIVS = 1, /* recurse through inheritable grants */
78 ROLERECURSE_SETROLE = 2 /* recurse through grants with set_option */
79};
ROLERECURSE_PRIVS
@ ROLERECURSE_PRIVS
Definition: acl.c:77
ROLERECURSE_MEMBERS
@ ROLERECURSE_MEMBERS
Definition: acl.c:76
ROLERECURSE_SETROLE
@ ROLERECURSE_SETROLE
Definition: acl.c:78

Function Documentation

◆ aclconcat()

Acl * aclconcat ( const Acl left_acl,
const Acl right_acl 
)

Definition at line 477 of file acl.c.

478{
479 Acl *result_acl;
480
481 result_acl = allocacl(ACL_NUM(left_acl) + ACL_NUM(right_acl));
482
483 memcpy(ACL_DAT(result_acl),
484 ACL_DAT(left_acl),
485 ACL_NUM(left_acl) * sizeof(AclItem));
486
487 memcpy(ACL_DAT(result_acl) + ACL_NUM(left_acl),
488 ACL_DAT(right_acl),
489 ACL_NUM(right_acl) * sizeof(AclItem));
490
491 return result_acl;
492}
allocacl
static Acl * allocacl(int n)
Definition: acl.c:426
ACL_DAT
#define ACL_DAT(ACL)
Definition: acl.h:109
ACL_NUM
#define ACL_NUM(ACL)
Definition: acl.h:108
AclItem
Definition: acl.h:55

References ACL_DAT, ACL_NUM, and allocacl().

Referenced by ExecGrant_Attribute().

◆ aclcontains()

Datum aclcontains ( PG_FUNCTION_ARGS  )

Definition at line 1612 of file acl.c.

1613{
1614 Acl *acl = PG_GETARG_ACL_P(0);
1615 AclItem *aip = PG_GETARG_ACLITEM_P(1);
1616 AclItem *aidat;
1617 int i,
1618 num;
1619
1620 check_acl(acl);
1621 num = ACL_NUM(acl);
1622 aidat = ACL_DAT(acl);
1623 for (i = 0; i < num; ++i)
1624 {
1625 if (aip->ai_grantee == aidat[i].ai_grantee &&
1626 aip->ai_grantor == aidat[i].ai_grantor &&
1627 (ACLITEM_GET_RIGHTS(*aip) & ACLITEM_GET_RIGHTS(aidat[i])) == ACLITEM_GET_RIGHTS(*aip))
1628 PG_RETURN_BOOL(true);
1629 }
1630 PG_RETURN_BOOL(false);
1631}
check_acl
static void check_acl(const Acl *acl)
Definition: acl.c:590
PG_GETARG_ACLITEM_P
#define PG_GETARG_ACLITEM_P(n)
Definition: acl.h:117
PG_GETARG_ACL_P
#define PG_GETARG_ACL_P(n)
Definition: acl.h:122
ACLITEM_GET_RIGHTS
#define ACLITEM_GET_RIGHTS(item)
Definition: acl.h:68
PG_RETURN_BOOL
#define PG_RETURN_BOOL(x)
Definition: fmgr.h:359
i
int i
Definition: isn.c:77
AclItem::ai_grantee
Oid ai_grantee
Definition: acl.h:56
AclItem::ai_grantor
Oid ai_grantor
Definition: acl.h:57

References ACL_DAT, ACL_NUM, ACLITEM_GET_RIGHTS, AclItem::ai_grantee, AclItem::ai_grantor, check_acl(), i, PG_GETARG_ACL_P, PG_GETARG_ACLITEM_P, and PG_RETURN_BOOL.

◆ aclcopy()

Acl * aclcopy ( const Acl orig_acl)

Definition at line 457 of file acl.c.

458{
459 Acl *result_acl;
460
461 result_acl = allocacl(ACL_NUM(orig_acl));
462
463 memcpy(ACL_DAT(result_acl),
464 ACL_DAT(orig_acl),
465 ACL_NUM(orig_acl) * sizeof(AclItem));
466
467 return result_acl;
468}

References ACL_DAT, ACL_NUM, and allocacl().

Referenced by aclmerge(), ExecGrant_Relation(), and SetDefaultACL().

◆ acldefault()

Acl * acldefault ( ObjectType  objtype,
Oid  ownerId 
)

Definition at line 803 of file acl.c.

804{
805 AclMode world_default;
806 AclMode owner_default;
807 int nacl;
808 Acl *acl;
809 AclItem *aip;
810
811 switch (objtype)
812 {
813 case OBJECT_COLUMN:
814 /* by default, columns have no extra privileges */
815 world_default = ACL_NO_RIGHTS;
816 owner_default = ACL_NO_RIGHTS;
817 break;
818 case OBJECT_TABLE:
819 world_default = ACL_NO_RIGHTS;
820 owner_default = ACL_ALL_RIGHTS_RELATION;
821 break;
822 case OBJECT_SEQUENCE:
823 world_default = ACL_NO_RIGHTS;
824 owner_default = ACL_ALL_RIGHTS_SEQUENCE;
825 break;
826 case OBJECT_DATABASE:
827 /* for backwards compatibility, grant some rights by default */
828 world_default = ACL_CREATE_TEMP | ACL_CONNECT;
829 owner_default = ACL_ALL_RIGHTS_DATABASE;
830 break;
831 case OBJECT_FUNCTION:
832 /* Grant EXECUTE by default, for now */
833 world_default = ACL_EXECUTE;
834 owner_default = ACL_ALL_RIGHTS_FUNCTION;
835 break;
836 case OBJECT_LANGUAGE:
837 /* Grant USAGE by default, for now */
838 world_default = ACL_USAGE;
839 owner_default = ACL_ALL_RIGHTS_LANGUAGE;
840 break;
841 case OBJECT_LARGEOBJECT:
842 world_default = ACL_NO_RIGHTS;
843 owner_default = ACL_ALL_RIGHTS_LARGEOBJECT;
844 break;
845 case OBJECT_SCHEMA:
846 world_default = ACL_NO_RIGHTS;
847 owner_default = ACL_ALL_RIGHTS_SCHEMA;
848 break;
849 case OBJECT_TABLESPACE:
850 world_default = ACL_NO_RIGHTS;
851 owner_default = ACL_ALL_RIGHTS_TABLESPACE;
852 break;
853 case OBJECT_FDW:
854 world_default = ACL_NO_RIGHTS;
855 owner_default = ACL_ALL_RIGHTS_FDW;
856 break;
857 case OBJECT_FOREIGN_SERVER:
858 world_default = ACL_NO_RIGHTS;
859 owner_default = ACL_ALL_RIGHTS_FOREIGN_SERVER;
860 break;
861 case OBJECT_DOMAIN:
862 case OBJECT_TYPE:
863 world_default = ACL_USAGE;
864 owner_default = ACL_ALL_RIGHTS_TYPE;
865 break;
866 case OBJECT_PARAMETER_ACL:
867 world_default = ACL_NO_RIGHTS;
868 owner_default = ACL_ALL_RIGHTS_PARAMETER_ACL;
869 break;
870 default:
871 elog(ERROR, "unrecognized object type: %d", (int) objtype);
872 world_default = ACL_NO_RIGHTS; /* keep compiler quiet */
873 owner_default = ACL_NO_RIGHTS;
874 break;
875 }
876
877 nacl = 0;
878 if (world_default != ACL_NO_RIGHTS)
879 nacl++;
880 if (owner_default != ACL_NO_RIGHTS)
881 nacl++;
882
883 acl = allocacl(nacl);
884 aip = ACL_DAT(acl);
885
886 if (world_default != ACL_NO_RIGHTS)
887 {
888 aip->ai_grantee = ACL_ID_PUBLIC;
889 aip->ai_grantor = ownerId;
890 ACLITEM_SET_PRIVS_GOPTIONS(*aip, world_default, ACL_NO_RIGHTS);
891 aip++;
892 }
893
894 /*
895 * Note that the owner's entry shows all ordinary privileges but no grant
896 * options. This is because his grant options come "from the system" and
897 * not from his own efforts. (The SQL spec says that the owner's rights
898 * come from a "_SYSTEM" authid.) However, we do consider that the
899 * owner's ordinary privileges are self-granted; this lets him revoke
900 * them. We implement the owner's grant options without any explicit
901 * "_SYSTEM"-like ACL entry, by internally special-casing the owner
902 * wherever we are testing grant options.
903 */
904 if (owner_default != ACL_NO_RIGHTS)
905 {
906 aip->ai_grantee = ownerId;
907 aip->ai_grantor = ownerId;
908 ACLITEM_SET_PRIVS_GOPTIONS(*aip, owner_default, ACL_NO_RIGHTS);
909 }
910
911 return acl;
912}
ACL_ALL_RIGHTS_FOREIGN_SERVER
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
Definition: acl.h:164
ACL_ALL_RIGHTS_TABLESPACE
#define ACL_ALL_RIGHTS_TABLESPACE
Definition: acl.h:170
ACL_ALL_RIGHTS_PARAMETER_ACL
#define ACL_ALL_RIGHTS_PARAMETER_ACL
Definition: acl.h:168
ACL_ALL_RIGHTS_SCHEMA
#define ACL_ALL_RIGHTS_SCHEMA
Definition: acl.h:169
ACL_ALL_RIGHTS_SEQUENCE
#define ACL_ALL_RIGHTS_SEQUENCE
Definition: acl.h:161
ACL_ALL_RIGHTS_DATABASE
#define ACL_ALL_RIGHTS_DATABASE
Definition: acl.h:162
ACL_ALL_RIGHTS_FUNCTION
#define ACL_ALL_RIGHTS_FUNCTION
Definition: acl.h:165
ACL_ALL_RIGHTS_LANGUAGE
#define ACL_ALL_RIGHTS_LANGUAGE
Definition: acl.h:166
ACL_ALL_RIGHTS_TYPE
#define ACL_ALL_RIGHTS_TYPE
Definition: acl.h:171
ACL_ALL_RIGHTS_FDW
#define ACL_ALL_RIGHTS_FDW
Definition: acl.h:163
ACLITEM_SET_PRIVS_GOPTIONS
#define ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)
Definition: acl.h:82
ACL_ALL_RIGHTS_RELATION
#define ACL_ALL_RIGHTS_RELATION
Definition: acl.h:160
ACL_ID_PUBLIC
#define ACL_ID_PUBLIC
Definition: acl.h:46
ACL_ALL_RIGHTS_LARGEOBJECT
#define ACL_ALL_RIGHTS_LARGEOBJECT
Definition: acl.h:167
ERROR
#define ERROR
Definition: elog.h:39
elog
#define elog(elevel,...)
Definition: elog.h:226
ACL_CREATE_TEMP
#define ACL_CREATE_TEMP
Definition: parsenodes.h:86
AclMode
uint64 AclMode
Definition: parsenodes.h:74
ACL_USAGE
#define ACL_USAGE
Definition: parsenodes.h:84
ACL_NO_RIGHTS
#define ACL_NO_RIGHTS
Definition: parsenodes.h:92
OBJECT_FDW
@ OBJECT_FDW
Definition: parsenodes.h:2340
OBJECT_SCHEMA
@ OBJECT_SCHEMA
Definition: parsenodes.h:2360
OBJECT_DOMAIN
@ OBJECT_DOMAIN
Definition: parsenodes.h:2336
OBJECT_COLUMN
@ OBJECT_COLUMN
Definition: parsenodes.h:2330
OBJECT_TABLESPACE
@ OBJECT_TABLESPACE
Definition: parsenodes.h:2366
OBJECT_LARGEOBJECT
@ OBJECT_LARGEOBJECT
Definition: parsenodes.h:2346
OBJECT_DATABASE
@ OBJECT_DATABASE
Definition: parsenodes.h:2333
OBJECT_SEQUENCE
@ OBJECT_SEQUENCE
Definition: parsenodes.h:2361
OBJECT_LANGUAGE
@ OBJECT_LANGUAGE
Definition: parsenodes.h:2345
OBJECT_FOREIGN_SERVER
@ OBJECT_FOREIGN_SERVER
Definition: parsenodes.h:2341
OBJECT_TABLE
@ OBJECT_TABLE
Definition: parsenodes.h:2365
OBJECT_PARAMETER_ACL
@ OBJECT_PARAMETER_ACL
Definition: parsenodes.h:2351
OBJECT_TYPE
@ OBJECT_TYPE
Definition: parsenodes.h:2373
OBJECT_FUNCTION
@ OBJECT_FUNCTION
Definition: parsenodes.h:2343
ACL_CONNECT
#define ACL_CONNECT
Definition: parsenodes.h:87
ACL_EXECUTE
#define ACL_EXECUTE
Definition: parsenodes.h:83

References ACL_ALL_RIGHTS_DATABASE, ACL_ALL_RIGHTS_FDW, ACL_ALL_RIGHTS_FOREIGN_SERVER, ACL_ALL_RIGHTS_FUNCTION, ACL_ALL_RIGHTS_LANGUAGE, ACL_ALL_RIGHTS_LARGEOBJECT, ACL_ALL_RIGHTS_PARAMETER_ACL, ACL_ALL_RIGHTS_RELATION, ACL_ALL_RIGHTS_SCHEMA, ACL_ALL_RIGHTS_SEQUENCE, ACL_ALL_RIGHTS_TABLESPACE, ACL_ALL_RIGHTS_TYPE, ACL_CONNECT, ACL_CREATE_TEMP, ACL_DAT, ACL_EXECUTE, ACL_ID_PUBLIC, ACL_NO_RIGHTS, ACL_USAGE, ACLITEM_SET_PRIVS_GOPTIONS, AclItem::ai_grantee, AclItem::ai_grantor, allocacl(), elog, ERROR, OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_DOMAIN, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, and OBJECT_TYPE.

Referenced by acldefault_sql(), buildDefaultACLCommands(), dumpACL(), dumpRoleGUCPrivs(), dumpTable(), dumpTablespaces(), ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), get_user_default_acl(), object_aclmask_ext(), pg_class_aclmask_ext(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask_ext(), pg_parameter_acl_aclmask(), pg_parameter_aclmask(), pg_type_aclmask_ext(), and SetDefaultACL().

◆ acldefault_sql()

Datum acldefault_sql ( PG_FUNCTION_ARGS  )

Definition at line 920 of file acl.c.

921{
922 char objtypec = PG_GETARG_CHAR(0);
923 Oid owner = PG_GETARG_OID(1);
924 ObjectType objtype = 0;
925
926 switch (objtypec)
927 {
928 case 'c':
929 objtype = OBJECT_COLUMN;
930 break;
931 case 'r':
932 objtype = OBJECT_TABLE;
933 break;
934 case 's':
935 objtype = OBJECT_SEQUENCE;
936 break;
937 case 'd':
938 objtype = OBJECT_DATABASE;
939 break;
940 case 'f':
941 objtype = OBJECT_FUNCTION;
942 break;
943 case 'l':
944 objtype = OBJECT_LANGUAGE;
945 break;
946 case 'L':
947 objtype = OBJECT_LARGEOBJECT;
948 break;
949 case 'n':
950 objtype = OBJECT_SCHEMA;
951 break;
952 case 'p':
953 objtype = OBJECT_PARAMETER_ACL;
954 break;
955 case 't':
956 objtype = OBJECT_TABLESPACE;
957 break;
958 case 'F':
959 objtype = OBJECT_FDW;
960 break;
961 case 'S':
962 objtype = OBJECT_FOREIGN_SERVER;
963 break;
964 case 'T':
965 objtype = OBJECT_TYPE;
966 break;
967 default:
968 elog(ERROR, "unrecognized object type abbreviation: %c", objtypec);
969 }
970
971 PG_RETURN_ACL_P(acldefault(objtype, owner));
972}
acldefault
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:803
PG_RETURN_ACL_P
#define PG_RETURN_ACL_P(x)
Definition: acl.h:124
PG_GETARG_OID
#define PG_GETARG_OID(n)
Definition: fmgr.h:275
PG_GETARG_CHAR
#define PG_GETARG_CHAR(n)
Definition: fmgr.h:273
ObjectType
ObjectType
Definition: parsenodes.h:2323
Oid
unsigned int Oid
Definition: postgres_ext.h:32

References acldefault(), elog, ERROR, OBJECT_COLUMN, OBJECT_DATABASE, OBJECT_FDW, OBJECT_FOREIGN_SERVER, OBJECT_FUNCTION, OBJECT_LANGUAGE, OBJECT_LARGEOBJECT, OBJECT_PARAMETER_ACL, OBJECT_SCHEMA, OBJECT_SEQUENCE, OBJECT_TABLE, OBJECT_TABLESPACE, OBJECT_TYPE, PG_GETARG_CHAR, PG_GETARG_OID, and PG_RETURN_ACL_P.

◆ aclequal()

bool aclequal ( const Acl left_acl,
const Acl right_acl 
)

Definition at line 559 of file acl.c.

560{
561 /* Check for cases where one or both are empty/null */
562 if (left_acl == NULL || ACL_NUM(left_acl) == 0)
563 {
564 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
565 return true;
566 else
567 return false;
568 }
569 else
570 {
571 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
572 return false;
573 }
574
575 if (ACL_NUM(left_acl) != ACL_NUM(right_acl))
576 return false;
577
578 if (memcmp(ACL_DAT(left_acl),
579 ACL_DAT(right_acl),
580 ACL_NUM(left_acl) * sizeof(AclItem)) == 0)
581 return true;
582
583 return false;
584}

References ACL_DAT, and ACL_NUM.

Referenced by ExecGrant_Parameter(), get_user_default_acl(), and SetDefaultACL().

◆ aclexplode()

Datum aclexplode ( PG_FUNCTION_ARGS  )

Definition at line 1790 of file acl.c.

1791{
1792 Acl *acl = PG_GETARG_ACL_P(0);
1793 FuncCallContext *funcctx;
1794 int *idx;
1795 AclItem *aidat;
1796
1797 if (SRF_IS_FIRSTCALL())
1798 {
1799 TupleDesc tupdesc;
1800 MemoryContext oldcontext;
1801
1802 check_acl(acl);
1803
1804 funcctx = SRF_FIRSTCALL_INIT();
1805 oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
1806
1807 /*
1808 * build tupdesc for result tuples (matches out parameters in pg_proc
1809 * entry)
1810 */
1811 tupdesc = CreateTemplateTupleDesc(4);
1812 TupleDescInitEntry(tupdesc, (AttrNumber) 1, "grantor",
1813 OIDOID, -1, 0);
1814 TupleDescInitEntry(tupdesc, (AttrNumber) 2, "grantee",
1815 OIDOID, -1, 0);
1816 TupleDescInitEntry(tupdesc, (AttrNumber) 3, "privilege_type",
1817 TEXTOID, -1, 0);
1818 TupleDescInitEntry(tupdesc, (AttrNumber) 4, "is_grantable",
1819 BOOLOID, -1, 0);
1820
1821 funcctx->tuple_desc = BlessTupleDesc(tupdesc);
1822
1823 /* allocate memory for user context */
1824 idx = (int *) palloc(sizeof(int[2]));
1825 idx[0] = 0; /* ACL array item index */
1826 idx[1] = -1; /* privilege type counter */
1827 funcctx->user_fctx = idx;
1828
1829 MemoryContextSwitchTo(oldcontext);
1830 }
1831
1832 funcctx = SRF_PERCALL_SETUP();
1833 idx = (int *) funcctx->user_fctx;
1834 aidat = ACL_DAT(acl);
1835
1836 /* need test here in case acl has no items */
1837 while (idx[0] < ACL_NUM(acl))
1838 {
1839 AclItem *aidata;
1840 AclMode priv_bit;
1841
1842 idx[1]++;
1843 if (idx[1] == N_ACL_RIGHTS)
1844 {
1845 idx[1] = 0;
1846 idx[0]++;
1847 if (idx[0] >= ACL_NUM(acl)) /* done */
1848 break;
1849 }
1850 aidata = &aidat[idx[0]];
1851 priv_bit = UINT64CONST(1) << idx[1];
1852
1853 if (ACLITEM_GET_PRIVS(*aidata) & priv_bit)
1854 {
1855 Datum result;
1856 Datum values[4];
1857 bool nulls[4] = {0};
1858 HeapTuple tuple;
1859
1860 values[0] = ObjectIdGetDatum(aidata->ai_grantor);
1861 values[1] = ObjectIdGetDatum(aidata->ai_grantee);
1862 values[2] = CStringGetTextDatum(convert_aclright_to_string(priv_bit));
1863 values[3] = BoolGetDatum((ACLITEM_GET_GOPTIONS(*aidata) & priv_bit) != 0);
1864
1865 tuple = heap_form_tuple(funcctx->tuple_desc, values, nulls);
1866 result = HeapTupleGetDatum(tuple);
1867
1868 SRF_RETURN_NEXT(funcctx, result);
1869 }
1870 }
1871
1872 SRF_RETURN_DONE(funcctx);
1873}
idx
Datum idx(PG_FUNCTION_ARGS)
Definition: _int_op.c:262
convert_aclright_to_string
static const char * convert_aclright_to_string(int aclright)
Definition: acl.c:1734
ACLITEM_GET_PRIVS
#define ACLITEM_GET_PRIVS(item)
Definition: acl.h:66
ACLITEM_GET_GOPTIONS
#define ACLITEM_GET_GOPTIONS(item)
Definition: acl.h:67
AttrNumber
int16 AttrNumber
Definition: attnum.h:21
values
static Datum values[MAXATTR]
Definition: bootstrap.c:153
CStringGetTextDatum
#define CStringGetTextDatum(s)
Definition: builtins.h:97
UINT64CONST
#define UINT64CONST(x)
Definition: c.h:554
BlessTupleDesc
TupleDesc BlessTupleDesc(TupleDesc tupdesc)
Definition: execTuples.c:2260
SRF_IS_FIRSTCALL
#define SRF_IS_FIRSTCALL()
Definition: funcapi.h:304
SRF_PERCALL_SETUP
#define SRF_PERCALL_SETUP()
Definition: funcapi.h:308
SRF_RETURN_NEXT
#define SRF_RETURN_NEXT(_funcctx, _result)
Definition: funcapi.h:310
SRF_FIRSTCALL_INIT
#define SRF_FIRSTCALL_INIT()
Definition: funcapi.h:306
HeapTupleGetDatum
static Datum HeapTupleGetDatum(const HeapTupleData *tuple)
Definition: funcapi.h:230
SRF_RETURN_DONE
#define SRF_RETURN_DONE(_funcctx)
Definition: funcapi.h:328
heap_form_tuple
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
Definition: heaptuple.c:1117
palloc
void * palloc(Size size)
Definition: mcxt.c:1365
MemoryContextSwitchTo
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:124
N_ACL_RIGHTS
#define N_ACL_RIGHTS
Definition: parsenodes.h:91
BoolGetDatum
static Datum BoolGetDatum(bool X)
Definition: postgres.h:112
ObjectIdGetDatum
static Datum ObjectIdGetDatum(Oid X)
Definition: postgres.h:262
Datum
uint64_t Datum
Definition: postgres.h:70
FuncCallContext::user_fctx
void * user_fctx
Definition: funcapi.h:82
FuncCallContext::multi_call_memory_ctx
MemoryContext multi_call_memory_ctx
Definition: funcapi.h:101
FuncCallContext::tuple_desc
TupleDesc tuple_desc
Definition: funcapi.h:112
CreateTemplateTupleDesc
TupleDesc CreateTemplateTupleDesc(int natts)
Definition: tupdesc.c:182
TupleDescInitEntry
void TupleDescInitEntry(TupleDesc desc, AttrNumber attributeNumber, const char *attributeName, Oid oidtypeid, int32 typmod, int attdim)
Definition: tupdesc.c:842

References ACL_DAT, ACL_NUM, ACLITEM_GET_GOPTIONS, ACLITEM_GET_PRIVS, AclItem::ai_grantee, AclItem::ai_grantor, BlessTupleDesc(), BoolGetDatum(), check_acl(), convert_aclright_to_string(), CreateTemplateTupleDesc(), CStringGetTextDatum, heap_form_tuple(), HeapTupleGetDatum(), idx(), MemoryContextSwitchTo(), FuncCallContext::multi_call_memory_ctx, N_ACL_RIGHTS, ObjectIdGetDatum(), palloc(), PG_GETARG_ACL_P, SRF_FIRSTCALL_INIT, SRF_IS_FIRSTCALL, SRF_PERCALL_SETUP, SRF_RETURN_DONE, SRF_RETURN_NEXT, FuncCallContext::tuple_desc, TupleDescInitEntry(), UINT64CONST, FuncCallContext::user_fctx, and values.

◆ aclinsert()

Datum aclinsert ( PG_FUNCTION_ARGS  )

Definition at line 1592 of file acl.c.

1593{
1594 ereport(ERROR,
1595 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1596 errmsg("aclinsert is no longer supported")));
1597
1598 PG_RETURN_NULL(); /* keep compiler quiet */
1599}
errcode
int errcode(int sqlerrcode)
Definition: elog.c:854
errmsg
int errmsg(const char *fmt,...)
Definition: elog.c:1071
ereport
#define ereport(elevel,...)
Definition: elog.h:150
PG_RETURN_NULL
#define PG_RETURN_NULL()
Definition: fmgr.h:345

References ereport, errcode(), errmsg(), ERROR, and PG_RETURN_NULL.

◆ aclitem_eq()

Datum aclitem_eq ( PG_FUNCTION_ARGS  )

Definition at line 748 of file acl.c.

749{
750 AclItem *a1 = PG_GETARG_ACLITEM_P(0);
751 AclItem *a2 = PG_GETARG_ACLITEM_P(1);
752 bool result;
753
754 result = a1->ai_privs == a2->ai_privs &&
755 a1->ai_grantee == a2->ai_grantee &&
756 a1->ai_grantor == a2->ai_grantor;
757 PG_RETURN_BOOL(result);
758}
a1
static const FormData_pg_attribute a1
Definition: heap.c:144
a2
static const FormData_pg_attribute a2
Definition: heap.c:157

References a1, a2, PG_GETARG_ACLITEM_P, and PG_RETURN_BOOL.

◆ aclitem_match()

static bool aclitem_match ( const AclItem a1,
const AclItem a2 
)
static

Definition at line 713 of file acl.c.

714{
715 return a1->ai_grantee == a2->ai_grantee &&
716 a1->ai_grantor == a2->ai_grantor;
717}

References a1, and a2.

Referenced by aclnewowner(), and aclupdate().

◆ aclitemComparator()

static int aclitemComparator ( const void *  arg1,
const void *  arg2 
)
static

Definition at line 724 of file acl.c.

725{
726 const AclItem *a1 = (const AclItem *) arg1;
727 const AclItem *a2 = (const AclItem *) arg2;
728
729 if (a1->ai_grantee > a2->ai_grantee)
730 return 1;
731 if (a1->ai_grantee < a2->ai_grantee)
732 return -1;
733 if (a1->ai_grantor > a2->ai_grantor)
734 return 1;
735 if (a1->ai_grantor < a2->ai_grantor)
736 return -1;
737 if (a1->ai_privs > a2->ai_privs)
738 return 1;
739 if (a1->ai_privs < a2->ai_privs)
740 return -1;
741 return 0;
742}

References a1, and a2.

Referenced by aclitemsort().

◆ aclitemin()

Datum aclitemin ( PG_FUNCTION_ARGS  )

Definition at line 615 of file acl.c.

616{
617 const char *s = PG_GETARG_CSTRING(0);
618 Node *escontext = fcinfo->context;
619 AclItem *aip;
620
621 aip = (AclItem *) palloc(sizeof(AclItem));
622
623 s = aclparse(s, aip, escontext);
624 if (s == NULL)
625 PG_RETURN_NULL();
626
627 while (isspace((unsigned char) *s))
628 ++s;
629 if (*s)
630 ereturn(escontext, (Datum) 0,
631 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
632 errmsg("extra garbage at the end of the ACL specification")));
633
634 PG_RETURN_ACLITEM_P(aip);
635}
aclparse
static const char * aclparse(const char *s, AclItem *aip, Node *escontext)
Definition: acl.c:273
PG_RETURN_ACLITEM_P
#define PG_RETURN_ACLITEM_P(x)
Definition: acl.h:118
ereturn
#define ereturn(context, dummy_value,...)
Definition: elog.h:278
PG_GETARG_CSTRING
#define PG_GETARG_CSTRING(n)
Definition: fmgr.h:277
Node
Definition: nodes.h:135

References aclparse(), ereturn, errcode(), errmsg(), palloc(), PG_GETARG_CSTRING, PG_RETURN_ACLITEM_P, and PG_RETURN_NULL.

◆ aclitemout()

Datum aclitemout ( PG_FUNCTION_ARGS  )

Definition at line 646 of file acl.c.

647{
648 AclItem *aip = PG_GETARG_ACLITEM_P(0);
649 char *p;
650 char *out;
651 HeapTuple htup;
652 unsigned i;
653
654 out = palloc(strlen("=/") +
655 2 * N_ACL_RIGHTS +
656 2 * (2 * NAMEDATALEN + 2) +
657 1);
658
659 p = out;
660 *p = '\0';
661
662 if (aip->ai_grantee != ACL_ID_PUBLIC)
663 {
664 htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantee));
665 if (HeapTupleIsValid(htup))
666 {
667 putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
668 ReleaseSysCache(htup);
669 }
670 else
671 {
672 /* Generate numeric OID if we don't find an entry */
673 sprintf(p, "%u", aip->ai_grantee);
674 }
675 }
676 while (*p)
677 ++p;
678
679 *p++ = '=';
680
681 for (i = 0; i < N_ACL_RIGHTS; ++i)
682 {
683 if (ACLITEM_GET_PRIVS(*aip) & (UINT64CONST(1) << i))
684 *p++ = ACL_ALL_RIGHTS_STR[i];
685 if (ACLITEM_GET_GOPTIONS(*aip) & (UINT64CONST(1) << i))
686 *p++ = '*';
687 }
688
689 *p++ = '/';
690 *p = '\0';
691
692 htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantor));
693 if (HeapTupleIsValid(htup))
694 {
695 putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
696 ReleaseSysCache(htup);
697 }
698 else
699 {
700 /* Generate numeric OID if we don't find an entry */
701 sprintf(p, "%u", aip->ai_grantor);
702 }
703
704 PG_RETURN_CSTRING(out);
705}
putid
static void putid(char *p, const char *s)
Definition: acl.c:221
ACL_ALL_RIGHTS_STR
#define ACL_ALL_RIGHTS_STR
Definition: acl.h:154
NameStr
#define NameStr(name)
Definition: c.h:752
PG_RETURN_CSTRING
#define PG_RETURN_CSTRING(x)
Definition: fmgr.h:362
HeapTupleIsValid
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
GETSTRUCT
static void * GETSTRUCT(const HeapTupleData *tuple)
Definition: htup_details.h:728
rolname
NameData rolname
Definition: pg_authid.h:34
Form_pg_authid
FormData_pg_authid * Form_pg_authid
Definition: pg_authid.h:56
NAMEDATALEN
#define NAMEDATALEN
Definition: pg_config_manual.h:29
sprintf
#define sprintf
Definition: port.h:241
ReleaseSysCache
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:264
SearchSysCache1
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:220

References ACL_ALL_RIGHTS_STR, ACL_ID_PUBLIC, ACLITEM_GET_GOPTIONS, ACLITEM_GET_PRIVS, AclItem::ai_grantee, AclItem::ai_grantor, GETSTRUCT(), HeapTupleIsValid, i, N_ACL_RIGHTS, NAMEDATALEN, NameStr, ObjectIdGetDatum(), palloc(), PG_GETARG_ACLITEM_P, PG_RETURN_CSTRING, putid(), ReleaseSysCache(), rolname, SearchSysCache1(), sprintf, and UINT64CONST.

◆ aclitemsort()

void aclitemsort ( Acl acl)

Definition at line 545 of file acl.c.

546{
547 if (acl != NULL && ACL_NUM(acl) > 1)
548 qsort(ACL_DAT(acl), ACL_NUM(acl), sizeof(AclItem), aclitemComparator);
549}
aclitemComparator
static int aclitemComparator(const void *arg1, const void *arg2)
Definition: acl.c:724
qsort
#define qsort(a, b, c, d)
Definition: port.h:479

References ACL_DAT, ACL_NUM, aclitemComparator(), and qsort.

Referenced by get_user_default_acl(), and SetDefaultACL().

◆ aclmask()

AclMode aclmask ( const Acl acl,
Oid  roleid,
Oid  ownerId,
AclMode  mask,
AclMaskHow  how 
)

Definition at line 1388 of file acl.c.

1390{
1391 AclMode result;
1392 AclMode remaining;
1393 AclItem *aidat;
1394 int i,
1395 num;
1396
1397 /*
1398 * Null ACL should not happen, since caller should have inserted
1399 * appropriate default
1400 */
1401 if (acl == NULL)
1402 elog(ERROR, "null ACL");
1403
1404 check_acl(acl);
1405
1406 /* Quick exit for mask == 0 */
1407 if (mask == 0)
1408 return 0;
1409
1410 result = 0;
1411
1412 /* Owner always implicitly has all grant options */
1413 if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1414 has_privs_of_role(roleid, ownerId))
1415 {
1416 result = mask & ACLITEM_ALL_GOPTION_BITS;
1417 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1418 return result;
1419 }
1420
1421 num = ACL_NUM(acl);
1422 aidat = ACL_DAT(acl);
1423
1424 /*
1425 * Check privileges granted directly to roleid or to public
1426 */
1427 for (i = 0; i < num; i++)
1428 {
1429 AclItem *aidata = &aidat[i];
1430
1431 if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1432 aidata->ai_grantee == roleid)
1433 {
1434 result |= aidata->ai_privs & mask;
1435 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1436 return result;
1437 }
1438 }
1439
1440 /*
1441 * Check privileges granted indirectly via role memberships. We do this in
1442 * a separate pass to minimize expensive indirect membership tests. In
1443 * particular, it's worth testing whether a given ACL entry grants any
1444 * privileges still of interest before we perform the has_privs_of_role
1445 * test.
1446 */
1447 remaining = mask & ~result;
1448 for (i = 0; i < num; i++)
1449 {
1450 AclItem *aidata = &aidat[i];
1451
1452 if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1453 aidata->ai_grantee == roleid)
1454 continue; /* already checked it */
1455
1456 if ((aidata->ai_privs & remaining) &&
1457 has_privs_of_role(roleid, aidata->ai_grantee))
1458 {
1459 result |= aidata->ai_privs & mask;
1460 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1461 return result;
1462 remaining = mask & ~result;
1463 }
1464 }
1465
1466 return result;
1467}
has_privs_of_role
bool has_privs_of_role(Oid member, Oid role)
Definition: acl.c:5284
ACLITEM_ALL_GOPTION_BITS
#define ACLITEM_ALL_GOPTION_BITS
Definition: acl.h:88
ACLMASK_ALL
@ ACLMASK_ALL
Definition: acl.h:176
remaining
int remaining
Definition: informix.c:692
AclItem::ai_privs
AclMode ai_privs
Definition: acl.h:58

References ACL_DAT, ACL_ID_PUBLIC, ACL_NUM, ACLITEM_ALL_GOPTION_BITS, ACLMASK_ALL, AclItem::ai_grantee, AclItem::ai_privs, check_acl(), elog, ERROR, has_privs_of_role(), i, and remaining.

Referenced by check_circularity(), LockTableAclCheck(), object_aclmask_ext(), pg_attribute_aclcheck_all_ext(), pg_attribute_aclmask_ext(), pg_class_aclmask_ext(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask_ext(), pg_parameter_acl_aclmask(), pg_parameter_aclmask(), pg_type_aclmask_ext(), and recursive_revoke().

◆ aclmask_direct()

static AclMode aclmask_direct ( const Acl acl,
Oid  roleid,
Oid  ownerId,
AclMode  mask,
AclMaskHow  how 
)
static

Definition at line 1477 of file acl.c.

1479{
1480 AclMode result;
1481 AclItem *aidat;
1482 int i,
1483 num;
1484
1485 /*
1486 * Null ACL should not happen, since caller should have inserted
1487 * appropriate default
1488 */
1489 if (acl == NULL)
1490 elog(ERROR, "null ACL");
1491
1492 check_acl(acl);
1493
1494 /* Quick exit for mask == 0 */
1495 if (mask == 0)
1496 return 0;
1497
1498 result = 0;
1499
1500 /* Owner always implicitly has all grant options */
1501 if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1502 roleid == ownerId)
1503 {
1504 result = mask & ACLITEM_ALL_GOPTION_BITS;
1505 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1506 return result;
1507 }
1508
1509 num = ACL_NUM(acl);
1510 aidat = ACL_DAT(acl);
1511
1512 /*
1513 * Check privileges granted directly to roleid (and not to public)
1514 */
1515 for (i = 0; i < num; i++)
1516 {
1517 AclItem *aidata = &aidat[i];
1518
1519 if (aidata->ai_grantee == roleid)
1520 {
1521 result |= aidata->ai_privs & mask;
1522 if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1523 return result;
1524 }
1525 }
1526
1527 return result;
1528}

References ACL_DAT, ACL_NUM, ACLITEM_ALL_GOPTION_BITS, ACLMASK_ALL, AclItem::ai_grantee, AclItem::ai_privs, check_acl(), elog, ERROR, and i.

Referenced by select_best_grantor().

◆ aclmembers()

int aclmembers ( const Acl acl,
Oid **  roleids 
)

Definition at line 1540 of file acl.c.

1541{
1542 Oid *list;
1543 const AclItem *acldat;
1544 int i,
1545 j;
1546
1547 if (acl == NULL || ACL_NUM(acl) == 0)
1548 {
1549 *roleids = NULL;
1550 return 0;
1551 }
1552
1553 check_acl(acl);
1554
1555 /* Allocate the worst-case space requirement */
1556 list = palloc(ACL_NUM(acl) * 2 * sizeof(Oid));
1557 acldat = ACL_DAT(acl);
1558
1559 /*
1560 * Walk the ACL collecting mentioned RoleIds.
1561 */
1562 j = 0;
1563 for (i = 0; i < ACL_NUM(acl); i++)
1564 {
1565 const AclItem *ai = &acldat[i];
1566
1567 if (ai->ai_grantee != ACL_ID_PUBLIC)
1568 list[j++] = ai->ai_grantee;
1569 /* grantor is currently never PUBLIC, but let's check anyway */
1570 if (ai->ai_grantor != ACL_ID_PUBLIC)
1571 list[j++] = ai->ai_grantor;
1572 }
1573
1574 /* Sort the array */
1575 qsort(list, j, sizeof(Oid), oid_cmp);
1576
1577 /*
1578 * We could repalloc the array down to minimum size, but it's hardly worth
1579 * it since it's only transient memory.
1580 */
1581 *roleids = list;
1582
1583 /* Remove duplicates from the array */
1584 return qunique(list, j, sizeof(Oid), oid_cmp);
1585}
j
int j
Definition: isn.c:78
oid_cmp
int oid_cmp(const void *p1, const void *p2)
Definition: oid.c:258
qunique
static size_t qunique(void *array, size_t elements, size_t width, int(*compare)(const void *, const void *))
Definition: qunique.h:21

References ACL_DAT, ACL_ID_PUBLIC, ACL_NUM, AclItem::ai_grantee, AclItem::ai_grantor, check_acl(), i, j, sort-test::list, oid_cmp(), palloc(), qsort, and qunique().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), ExecGrant_Relation(), recordDependencyOnNewAcl(), recordExtensionInitPrivWorker(), RemoveRoleFromInitPriv(), ReplaceRoleInInitPriv(), and SetDefaultACL().

◆ aclmerge()

Acl * aclmerge ( const Acl left_acl,
const Acl right_acl,
Oid  ownerId 
)

Definition at line 501 of file acl.c.

502{
503 Acl *result_acl;
504 AclItem *aip;
505 int i,
506 num;
507
508 /* Check for cases where one or both are empty/null */
509 if (left_acl == NULL || ACL_NUM(left_acl) == 0)
510 {
511 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
512 return NULL;
513 else
514 return aclcopy(right_acl);
515 }
516 else
517 {
518 if (right_acl == NULL || ACL_NUM(right_acl) == 0)
519 return aclcopy(left_acl);
520 }
521
522 /* Merge them the hard way, one item at a time */
523 result_acl = aclcopy(left_acl);
524
525 aip = ACL_DAT(right_acl);
526 num = ACL_NUM(right_acl);
527
528 for (i = 0; i < num; i++, aip++)
529 {
530 Acl *tmp_acl;
531
532 tmp_acl = aclupdate(result_acl, aip, ACL_MODECHG_ADD,
533 ownerId, DROP_RESTRICT);
534 pfree(result_acl);
535 result_acl = tmp_acl;
536 }
537
538 return result_acl;
539}
aclupdate
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
Definition: acl.c:992
aclcopy
Acl * aclcopy(const Acl *orig_acl)
Definition: acl.c:457
ACL_MODECHG_ADD
#define ACL_MODECHG_ADD
Definition: acl.h:129
pfree
void pfree(void *pointer)
Definition: mcxt.c:1594
DROP_RESTRICT
@ DROP_RESTRICT
Definition: parsenodes.h:2397

References ACL_DAT, ACL_MODECHG_ADD, ACL_NUM, aclcopy(), aclupdate(), DROP_RESTRICT, i, and pfree().

Referenced by get_user_default_acl().

◆ aclnewowner()

Acl * aclnewowner ( const Acl old_acl,
Oid  oldOwnerId,
Oid  newOwnerId 
)

Definition at line 1119 of file acl.c.

1120{
1121 Acl *new_acl;
1122 AclItem *new_aip;
1123 AclItem *old_aip;
1124 AclItem *dst_aip;
1125 AclItem *src_aip;
1126 AclItem *targ_aip;
1127 bool newpresent = false;
1128 int dst,
1129 src,
1130 targ,
1131 num;
1132
1133 check_acl(old_acl);
1134
1135 /*
1136 * Make a copy of the given ACL, substituting new owner ID for old
1137 * wherever it appears as either grantor or grantee. Also note if the new
1138 * owner ID is already present.
1139 */
1140 num = ACL_NUM(old_acl);
1141 old_aip = ACL_DAT(old_acl);
1142 new_acl = allocacl(num);
1143 new_aip = ACL_DAT(new_acl);
1144 memcpy(new_aip, old_aip, num * sizeof(AclItem));
1145 for (dst = 0, dst_aip = new_aip; dst < num; dst++, dst_aip++)
1146 {
1147 if (dst_aip->ai_grantor == oldOwnerId)
1148 dst_aip->ai_grantor = newOwnerId;
1149 else if (dst_aip->ai_grantor == newOwnerId)
1150 newpresent = true;
1151 if (dst_aip->ai_grantee == oldOwnerId)
1152 dst_aip->ai_grantee = newOwnerId;
1153 else if (dst_aip->ai_grantee == newOwnerId)
1154 newpresent = true;
1155 }
1156
1157 /*
1158 * If the old ACL contained any references to the new owner, then we may
1159 * now have generated an ACL containing duplicate entries. Find them and
1160 * merge them so that there are not duplicates. (This is relatively
1161 * expensive since we use a stupid O(N^2) algorithm, but it's unlikely to
1162 * be the normal case.)
1163 *
1164 * To simplify deletion of duplicate entries, we temporarily leave them in
1165 * the array but set their privilege masks to zero; when we reach such an
1166 * entry it's just skipped. (Thus, a side effect of this code will be to
1167 * remove privilege-free entries, should there be any in the input.) dst
1168 * is the next output slot, targ is the currently considered input slot
1169 * (always >= dst), and src scans entries to the right of targ looking for
1170 * duplicates. Once an entry has been emitted to dst it is known
1171 * duplicate-free and need not be considered anymore.
1172 */
1173 if (newpresent)
1174 {
1175 dst = 0;
1176 for (targ = 0, targ_aip = new_aip; targ < num; targ++, targ_aip++)
1177 {
1178 /* ignore if deleted in an earlier pass */
1179 if (ACLITEM_GET_RIGHTS(*targ_aip) == ACL_NO_RIGHTS)
1180 continue;
1181 /* find and merge any duplicates */
1182 for (src = targ + 1, src_aip = targ_aip + 1; src < num;
1183 src++, src_aip++)
1184 {
1185 if (ACLITEM_GET_RIGHTS(*src_aip) == ACL_NO_RIGHTS)
1186 continue;
1187 if (aclitem_match(targ_aip, src_aip))
1188 {
1189 ACLITEM_SET_RIGHTS(*targ_aip,
1190 ACLITEM_GET_RIGHTS(*targ_aip) |
1191 ACLITEM_GET_RIGHTS(*src_aip));
1192 /* mark the duplicate deleted */
1193 ACLITEM_SET_RIGHTS(*src_aip, ACL_NO_RIGHTS);
1194 }
1195 }
1196 /* and emit to output */
1197 new_aip[dst] = *targ_aip;
1198 dst++;
1199 }
1200 /* Adjust array size to be 'dst' items */
1201 ARR_DIMS(new_acl)[0] = dst;
1202 SET_VARSIZE(new_acl, ACL_N_SIZE(dst));
1203 }
1204
1205 return new_acl;
1206}
aclitem_match
static bool aclitem_match(const AclItem *a1, const AclItem *a2)
Definition: acl.c:713
ACL_N_SIZE
#define ACL_N_SIZE(N)
Definition: acl.h:110
ACLITEM_SET_RIGHTS
#define ACLITEM_SET_RIGHTS(item, rights)
Definition: acl.h:79
ARR_DIMS
#define ARR_DIMS(a)
Definition: array.h:294
SET_VARSIZE
static void SET_VARSIZE(void *PTR, Size len)
Definition: varatt.h:432

References ACL_DAT, ACL_N_SIZE, ACL_NO_RIGHTS, ACL_NUM, ACLITEM_GET_RIGHTS, aclitem_match(), ACLITEM_SET_RIGHTS, AclItem::ai_grantee, AclItem::ai_grantor, allocacl(), ARR_DIMS, check_acl(), and SET_VARSIZE().

Referenced by AlterDatabaseOwner(), AlterForeignDataWrapperOwner_internal(), AlterForeignServerOwner_internal(), AlterObjectOwner_internal(), AlterSchemaOwner_internal(), AlterTypeOwnerInternal(), ATExecChangeOwner(), change_owner_fix_column_acls(), and ReplaceRoleInInitPriv().

◆ aclparse()

static const char * aclparse ( const char *  s,
AclItem aip,
Node escontext 
)
static

Definition at line 273 of file acl.c.

274{
275 AclMode privs,
276 goption,
277 read;
278 char name[NAMEDATALEN];
279 char name2[NAMEDATALEN];
280
281 Assert(s && aip);
282
283 s = getid(s, name, escontext);
284 if (s == NULL)
285 return NULL;
286 if (*s != '=')
287 {
288 /* we just read a keyword, not a name */
289 if (strcmp(name, "group") != 0 && strcmp(name, "user") != 0)
290 ereturn(escontext, NULL,
291 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
292 errmsg("unrecognized key word: \"%s\"", name),
293 errhint("ACL key word must be \"group\" or \"user\".")));
294 /* move s to the name beyond the keyword */
295 s = getid(s, name, escontext);
296 if (s == NULL)
297 return NULL;
298 if (name[0] == '\0')
299 ereturn(escontext, NULL,
300 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
301 errmsg("missing name"),
302 errhint("A name must follow the \"group\" or \"user\" key word.")));
303 }
304
305 if (*s != '=')
306 ereturn(escontext, NULL,
307 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
308 errmsg("missing \"=\" sign")));
309
310 privs = goption = ACL_NO_RIGHTS;
311
312 for (++s, read = 0; isalpha((unsigned char) *s) || *s == '*'; s++)
313 {
314 switch (*s)
315 {
316 case '*':
317 goption |= read;
318 break;
319 case ACL_INSERT_CHR:
320 read = ACL_INSERT;
321 break;
322 case ACL_SELECT_CHR:
323 read = ACL_SELECT;
324 break;
325 case ACL_UPDATE_CHR:
326 read = ACL_UPDATE;
327 break;
328 case ACL_DELETE_CHR:
329 read = ACL_DELETE;
330 break;
331 case ACL_TRUNCATE_CHR:
332 read = ACL_TRUNCATE;
333 break;
334 case ACL_REFERENCES_CHR:
335 read = ACL_REFERENCES;
336 break;
337 case ACL_TRIGGER_CHR:
338 read = ACL_TRIGGER;
339 break;
340 case ACL_EXECUTE_CHR:
341 read = ACL_EXECUTE;
342 break;
343 case ACL_USAGE_CHR:
344 read = ACL_USAGE;
345 break;
346 case ACL_CREATE_CHR:
347 read = ACL_CREATE;
348 break;
349 case ACL_CREATE_TEMP_CHR:
350 read = ACL_CREATE_TEMP;
351 break;
352 case ACL_CONNECT_CHR:
353 read = ACL_CONNECT;
354 break;
355 case ACL_SET_CHR:
356 read = ACL_SET;
357 break;
358 case ACL_ALTER_SYSTEM_CHR:
359 read = ACL_ALTER_SYSTEM;
360 break;
361 case ACL_MAINTAIN_CHR:
362 read = ACL_MAINTAIN;
363 break;
364 default:
365 ereturn(escontext, NULL,
366 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
367 errmsg("invalid mode character: must be one of \"%s\"",
368 ACL_ALL_RIGHTS_STR)));
369 }
370
371 privs |= read;
372 }
373
374 if (name[0] == '\0')
375 aip->ai_grantee = ACL_ID_PUBLIC;
376 else
377 {
378 aip->ai_grantee = get_role_oid(name, true);
379 if (!OidIsValid(aip->ai_grantee))
380 ereturn(escontext, NULL,
381 (errcode(ERRCODE_UNDEFINED_OBJECT),
382 errmsg("role \"%s\" does not exist", name)));
383 }
384
385 /*
386 * XXX Allow a degree of backward compatibility by defaulting the grantor
387 * to the superuser.
388 */
389 if (*s == '/')
390 {
391 s = getid(s + 1, name2, escontext);
392 if (s == NULL)
393 return NULL;
394 if (name2[0] == '\0')
395 ereturn(escontext, NULL,
396 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
397 errmsg("a name must follow the \"/\" sign")));
398 aip->ai_grantor = get_role_oid(name2, true);
399 if (!OidIsValid(aip->ai_grantor))
400 ereturn(escontext, NULL,
401 (errcode(ERRCODE_UNDEFINED_OBJECT),
402 errmsg("role \"%s\" does not exist", name2)));
403 }
404 else
405 {
406 aip->ai_grantor = BOOTSTRAP_SUPERUSERID;
407 ereport(WARNING,
408 (errcode(ERRCODE_INVALID_GRANTOR),
409 errmsg("defaulting grantor to user ID %u",
410 BOOTSTRAP_SUPERUSERID)));
411 }
412
413 ACLITEM_SET_PRIVS_GOPTIONS(*aip, privs, goption);
414
415 return s;
416}
getid
static const char * getid(const char *s, char *n, Node *escontext)
Definition: acl.c:168
get_role_oid
Oid get_role_oid(const char *rolname, bool missing_ok)
Definition: acl.c:5552
ACL_CREATE_CHR
#define ACL_CREATE_CHR
Definition: acl.h:146
ACL_SET_CHR
#define ACL_SET_CHR
Definition: acl.h:149
ACL_REFERENCES_CHR
#define ACL_REFERENCES_CHR
Definition: acl.h:142
ACL_TRUNCATE_CHR
#define ACL_TRUNCATE_CHR
Definition: acl.h:141
ACL_SELECT_CHR
#define ACL_SELECT_CHR
Definition: acl.h:138
ACL_EXECUTE_CHR
#define ACL_EXECUTE_CHR
Definition: acl.h:144
ACL_DELETE_CHR
#define ACL_DELETE_CHR
Definition: acl.h:140
ACL_INSERT_CHR
#define ACL_INSERT_CHR
Definition: acl.h:137
ACL_UPDATE_CHR
#define ACL_UPDATE_CHR
Definition: acl.h:139
ACL_ALTER_SYSTEM_CHR
#define ACL_ALTER_SYSTEM_CHR
Definition: acl.h:150
ACL_USAGE_CHR
#define ACL_USAGE_CHR
Definition: acl.h:145
ACL_CONNECT_CHR
#define ACL_CONNECT_CHR
Definition: acl.h:148
ACL_TRIGGER_CHR
#define ACL_TRIGGER_CHR
Definition: acl.h:143
ACL_CREATE_TEMP_CHR
#define ACL_CREATE_TEMP_CHR
Definition: acl.h:147
ACL_MAINTAIN_CHR
#define ACL_MAINTAIN_CHR
Definition: acl.h:151
OidIsValid
#define OidIsValid(objectId)
Definition: c.h:775
errhint
int errhint(const char *fmt,...)
Definition: elog.c:1321
WARNING
#define WARNING
Definition: elog.h:36
Assert
Assert(PointerIsAligned(start, uint64))
read
#define read(a, b, c)
Definition: win32.h:13
ACL_SET
#define ACL_SET
Definition: parsenodes.h:88
ACL_DELETE
#define ACL_DELETE
Definition: parsenodes.h:79
ACL_MAINTAIN
#define ACL_MAINTAIN
Definition: parsenodes.h:90
ACL_INSERT
#define ACL_INSERT
Definition: parsenodes.h:76
ACL_UPDATE
#define ACL_UPDATE
Definition: parsenodes.h:78
ACL_ALTER_SYSTEM
#define ACL_ALTER_SYSTEM
Definition: parsenodes.h:89
ACL_REFERENCES
#define ACL_REFERENCES
Definition: parsenodes.h:81
ACL_SELECT
#define ACL_SELECT
Definition: parsenodes.h:77
ACL_TRUNCATE
#define ACL_TRUNCATE
Definition: parsenodes.h:80
ACL_CREATE
#define ACL_CREATE
Definition: parsenodes.h:85
ACL_TRIGGER
#define ACL_TRIGGER
Definition: parsenodes.h:82
name
const char * name
Definition: wait_event_funcs.c:28

References ACL_ALL_RIGHTS_STR, ACL_ALTER_SYSTEM, ACL_ALTER_SYSTEM_CHR, ACL_CONNECT, ACL_CONNECT_CHR, ACL_CREATE, ACL_CREATE_CHR, ACL_CREATE_TEMP, ACL_CREATE_TEMP_CHR, ACL_DELETE, ACL_DELETE_CHR, ACL_EXECUTE, ACL_EXECUTE_CHR, ACL_ID_PUBLIC, ACL_INSERT, ACL_INSERT_CHR, ACL_MAINTAIN, ACL_MAINTAIN_CHR, ACL_NO_RIGHTS, ACL_REFERENCES, ACL_REFERENCES_CHR, ACL_SELECT, ACL_SELECT_CHR, ACL_SET, ACL_SET_CHR, ACL_TRIGGER, ACL_TRIGGER_CHR, ACL_TRUNCATE, ACL_TRUNCATE_CHR, ACL_UPDATE, ACL_UPDATE_CHR, ACL_USAGE, ACL_USAGE_CHR, ACLITEM_SET_PRIVS_GOPTIONS, AclItem::ai_grantee, AclItem::ai_grantor, Assert(), ereport, ereturn, errcode(), errhint(), errmsg(), get_role_oid(), getid(), name, NAMEDATALEN, OidIsValid, read, and WARNING.

Referenced by aclitemin().

◆ aclremove()

Datum aclremove ( PG_FUNCTION_ARGS  )

Definition at line 1602 of file acl.c.

1603{
1604 ereport(ERROR,
1605 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1606 errmsg("aclremove is no longer supported")));
1607
1608 PG_RETURN_NULL(); /* keep compiler quiet */
1609}

References ereport, errcode(), errmsg(), ERROR, and PG_RETURN_NULL.

◆ aclupdate()

Acl * aclupdate ( const Acl old_acl,
const AclItem mod_aip,
int  modechg,
Oid  ownerId,
DropBehavior  behavior 
)

Definition at line 992 of file acl.c.

994{
995 Acl *new_acl = NULL;
996 AclItem *old_aip,
997 *new_aip = NULL;
998 AclMode old_rights,
999 old_goptions,
1000 new_rights,
1001 new_goptions;
1002 int dst,
1003 num;
1004
1005 /* Caller probably already checked old_acl, but be safe */
1006 check_acl(old_acl);
1007
1008 /* If granting grant options, check for circularity */
1009 if (modechg != ACL_MODECHG_DEL &&
1010 ACLITEM_GET_GOPTIONS(*mod_aip) != ACL_NO_RIGHTS)
1011 check_circularity(old_acl, mod_aip, ownerId);
1012
1013 num = ACL_NUM(old_acl);
1014 old_aip = ACL_DAT(old_acl);
1015
1016 /*
1017 * Search the ACL for an existing entry for this grantee and grantor. If
1018 * one exists, just modify the entry in-place (well, in the same position,
1019 * since we actually return a copy); otherwise, insert the new entry at
1020 * the end.
1021 */
1022
1023 for (dst = 0; dst < num; ++dst)
1024 {
1025 if (aclitem_match(mod_aip, old_aip + dst))
1026 {
1027 /* found a match, so modify existing item */
1028 new_acl = allocacl(num);
1029 new_aip = ACL_DAT(new_acl);
1030 memcpy(new_acl, old_acl, ACL_SIZE(old_acl));
1031 break;
1032 }
1033 }
1034
1035 if (dst == num)
1036 {
1037 /* need to append a new item */
1038 new_acl = allocacl(num + 1);
1039 new_aip = ACL_DAT(new_acl);
1040 memcpy(new_aip, old_aip, num * sizeof(AclItem));
1041
1042 /* initialize the new entry with no permissions */
1043 new_aip[dst].ai_grantee = mod_aip->ai_grantee;
1044 new_aip[dst].ai_grantor = mod_aip->ai_grantor;
1045 ACLITEM_SET_PRIVS_GOPTIONS(new_aip[dst],
1046 ACL_NO_RIGHTS, ACL_NO_RIGHTS);
1047 num++; /* set num to the size of new_acl */
1048 }
1049
1050 old_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
1051 old_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
1052
1053 /* apply the specified permissions change */
1054 switch (modechg)
1055 {
1056 case ACL_MODECHG_ADD:
1057 ACLITEM_SET_RIGHTS(new_aip[dst],
1058 old_rights | ACLITEM_GET_RIGHTS(*mod_aip));
1059 break;
1060 case ACL_MODECHG_DEL:
1061 ACLITEM_SET_RIGHTS(new_aip[dst],
1062 old_rights & ~ACLITEM_GET_RIGHTS(*mod_aip));
1063 break;
1064 case ACL_MODECHG_EQL:
1065 ACLITEM_SET_RIGHTS(new_aip[dst],
1066 ACLITEM_GET_RIGHTS(*mod_aip));
1067 break;
1068 }
1069
1070 new_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
1071 new_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
1072
1073 /*
1074 * If the adjusted entry has no permissions, delete it from the list.
1075 */
1076 if (new_rights == ACL_NO_RIGHTS)
1077 {
1078 memmove(new_aip + dst,
1079 new_aip + dst + 1,
1080 (num - dst - 1) * sizeof(AclItem));
1081 /* Adjust array size to be 'num - 1' items */
1082 ARR_DIMS(new_acl)[0] = num - 1;
1083 SET_VARSIZE(new_acl, ACL_N_SIZE(num - 1));
1084 }
1085
1086 /*
1087 * Remove abandoned privileges (cascading revoke). Currently we can only
1088 * handle this when the grantee is not PUBLIC.
1089 */
1090 if ((old_goptions & ~new_goptions) != 0)
1091 {
1092 Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1093 new_acl = recursive_revoke(new_acl, mod_aip->ai_grantee,
1094 (old_goptions & ~new_goptions),
1095 ownerId, behavior);
1096 }
1097
1098 return new_acl;
1099}
recursive_revoke
static Acl * recursive_revoke(Acl *acl, Oid grantee, AclMode revoke_privs, Oid ownerId, DropBehavior behavior)
Definition: acl.c:1302
check_circularity
static void check_circularity(const Acl *old_acl, const AclItem *mod_aip, Oid ownerId)
Definition: acl.c:1222
ACL_SIZE
#define ACL_SIZE(ACL)
Definition: acl.h:111
ACL_MODECHG_DEL
#define ACL_MODECHG_DEL
Definition: acl.h:130
ACL_MODECHG_EQL
#define ACL_MODECHG_EQL
Definition: acl.h:131

References ACL_DAT, ACL_ID_PUBLIC, ACL_MODECHG_ADD, ACL_MODECHG_DEL, ACL_MODECHG_EQL, ACL_N_SIZE, ACL_NO_RIGHTS, ACL_NUM, ACL_SIZE, ACLITEM_GET_GOPTIONS, ACLITEM_GET_RIGHTS, aclitem_match(), ACLITEM_SET_PRIVS_GOPTIONS, ACLITEM_SET_RIGHTS, AclItem::ai_grantee, AclItem::ai_grantor, allocacl(), ARR_DIMS, Assert(), check_acl(), check_circularity(), recursive_revoke(), and SET_VARSIZE().

Referenced by aclmerge(), check_circularity(), merge_acl_with_grant(), and recursive_revoke().

◆ allocacl()

static Acl * allocacl ( int  n)
static

Definition at line 426 of file acl.c.

427{
428 Acl *new_acl;
429 Size size;
430
431 if (n < 0)
432 elog(ERROR, "invalid size: %d", n);
433 size = ACL_N_SIZE(n);
434 new_acl = (Acl *) palloc0(size);
435 SET_VARSIZE(new_acl, size);
436 new_acl->ndim = 1;
437 new_acl->dataoffset = 0; /* we never put in any nulls */
438 new_acl->elemtype = ACLITEMOID;
439 ARR_LBOUND(new_acl)[0] = 1;
440 ARR_DIMS(new_acl)[0] = n;
441 return new_acl;
442}
ARR_LBOUND
#define ARR_LBOUND(a)
Definition: array.h:296
Size
size_t Size
Definition: c.h:611
palloc0
void * palloc0(Size size)
Definition: mcxt.c:1395
ArrayType::elemtype
Oid elemtype
Definition: array.h:97
ArrayType::ndim
int ndim
Definition: array.h:95
ArrayType::dataoffset
int32 dataoffset
Definition: array.h:96

References ACL_N_SIZE, ARR_DIMS, ARR_LBOUND, ArrayType::dataoffset, ArrayType::elemtype, elog, ERROR, ArrayType::ndim, palloc0(), and SET_VARSIZE().

Referenced by aclconcat(), aclcopy(), acldefault(), aclnewowner(), aclupdate(), check_circularity(), and make_empty_acl().

◆ check_acl()

static void check_acl ( const Acl acl)
static

Definition at line 590 of file acl.c.

591{
592 if (ARR_ELEMTYPE(acl) != ACLITEMOID)
593 ereport(ERROR,
594 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
595 errmsg("ACL array contains wrong data type")));
596 if (ARR_NDIM(acl) != 1)
597 ereport(ERROR,
598 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
599 errmsg("ACL arrays must be one-dimensional")));
600 if (ARR_HASNULL(acl))
601 ereport(ERROR,
602 (errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED),
603 errmsg("ACL arrays must not contain null values")));
604}
ARR_NDIM
#define ARR_NDIM(a)
Definition: array.h:290
ARR_ELEMTYPE
#define ARR_ELEMTYPE(a)
Definition: array.h:292
ARR_HASNULL
#define ARR_HASNULL(a)
Definition: array.h:291

References ARR_ELEMTYPE, ARR_HASNULL, ARR_NDIM, ereport, errcode(), errmsg(), and ERROR.

Referenced by aclcontains(), aclexplode(), aclmask(), aclmask_direct(), aclmembers(), aclnewowner(), aclupdate(), check_circularity(), and recursive_revoke().

◆ check_can_set_role()

void check_can_set_role ( Oid  member,
Oid  role 
)

Definition at line 5341 of file acl.c.

5342{
5343 if (!member_can_set_role(member, role))
5344 ereport(ERROR,
5345 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
5346 errmsg("must be able to SET ROLE \"%s\"",
5347 GetUserNameFromId(role, false))));
5348}
member_can_set_role
bool member_can_set_role(Oid member, Oid role)
Definition: acl.c:5318
GetUserNameFromId
char * GetUserNameFromId(Oid roleid, bool noerr)
Definition: miscinit.c:988

References ereport, errcode(), errmsg(), ERROR, GetUserNameFromId(), and member_can_set_role().

Referenced by AlterDatabaseOwner(), AlterForeignServerOwner_internal(), AlterObjectOwner_internal(), AlterPublicationOwner_internal(), AlterSchemaOwner_internal(), AlterSubscriptionOwner_internal(), AlterTypeOwner(), ATExecChangeOwner(), createdb(), and CreateSchemaCommand().

◆ check_circularity()

static void check_circularity ( const Acl old_acl,
const AclItem mod_aip,
Oid  ownerId 
)
static

Definition at line 1222 of file acl.c.

1224{
1225 Acl *acl;
1226 AclItem *aip;
1227 int i,
1228 num;
1229 AclMode own_privs;
1230
1231 check_acl(old_acl);
1232
1233 /*
1234 * For now, grant options can only be granted to roles, not PUBLIC.
1235 * Otherwise we'd have to work a bit harder here.
1236 */
1237 Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1238
1239 /* The owner always has grant options, no need to check */
1240 if (mod_aip->ai_grantor == ownerId)
1241 return;
1242
1243 /* Make a working copy */
1244 acl = allocacl(ACL_NUM(old_acl));
1245 memcpy(acl, old_acl, ACL_SIZE(old_acl));
1246
1247 /* Zap all grant options of target grantee, plus what depends on 'em */
1248cc_restart:
1249 num = ACL_NUM(acl);
1250 aip = ACL_DAT(acl);
1251 for (i = 0; i < num; i++)
1252 {
1253 if (aip[i].ai_grantee == mod_aip->ai_grantee &&
1254 ACLITEM_GET_GOPTIONS(aip[i]) != ACL_NO_RIGHTS)
1255 {
1256 Acl *new_acl;
1257
1258 /* We'll actually zap ordinary privs too, but no matter */
1259 new_acl = aclupdate(acl, &aip[i], ACL_MODECHG_DEL,
1260 ownerId, DROP_CASCADE);
1261
1262 pfree(acl);
1263 acl = new_acl;
1264
1265 goto cc_restart;
1266 }
1267 }
1268
1269 /* Now we can compute grantor's independently-derived privileges */
1270 own_privs = aclmask(acl,
1271 mod_aip->ai_grantor,
1272 ownerId,
1273 ACL_GRANT_OPTION_FOR(ACLITEM_GET_GOPTIONS(*mod_aip)),
1274 ACLMASK_ALL);
1275 own_privs = ACL_OPTION_TO_PRIVS(own_privs);
1276
1277 if ((ACLITEM_GET_GOPTIONS(*mod_aip) & ~own_privs) != 0)
1278 ereport(ERROR,
1279 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1280 errmsg("grant options cannot be granted back to your own grantor")));
1281
1282 pfree(acl);
1283}
aclmask
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Definition: acl.c:1388
ACL_OPTION_TO_PRIVS
#define ACL_OPTION_TO_PRIVS(privs)
Definition: acl.h:71
ACL_GRANT_OPTION_FOR
#define ACL_GRANT_OPTION_FOR(privs)
Definition: acl.h:70
DROP_CASCADE
@ DROP_CASCADE
Definition: parsenodes.h:2398

References ACL_DAT, ACL_GRANT_OPTION_FOR, ACL_ID_PUBLIC, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACL_NUM, ACL_OPTION_TO_PRIVS, ACL_SIZE, ACLITEM_GET_GOPTIONS, aclmask(), ACLMASK_ALL, aclupdate(), AclItem::ai_grantee, AclItem::ai_grantor, allocacl(), Assert(), check_acl(), DROP_CASCADE, ereport, errcode(), errmsg(), ERROR, i, and pfree().

Referenced by aclupdate().

◆ check_rolespec_name()

void check_rolespec_name ( const RoleSpec role,
const char *  detail_msg 
)

Definition at line 5693 of file acl.c.

5694{
5695 if (!role)
5696 return;
5697
5698 if (role->roletype != ROLESPEC_CSTRING)
5699 return;
5700
5701 if (IsReservedName(role->rolename))
5702 {
5703 if (detail_msg)
5704 ereport(ERROR,
5705 (errcode(ERRCODE_RESERVED_NAME),
5706 errmsg("role name \"%s\" is reserved",
5707 role->rolename),
5708 errdetail_internal("%s", detail_msg)));
5709 else
5710 ereport(ERROR,
5711 (errcode(ERRCODE_RESERVED_NAME),
5712 errmsg("role name \"%s\" is reserved",
5713 role->rolename)));
5714 }
5715}
IsReservedName
bool IsReservedName(const char *name)
Definition: catalog.c:278
errdetail_internal
int errdetail_internal(const char *fmt,...)
Definition: elog.c:1234
ROLESPEC_CSTRING
@ ROLESPEC_CSTRING
Definition: parsenodes.h:419
RoleSpec::roletype
RoleSpecType roletype
Definition: parsenodes.h:429
RoleSpec::rolename
char * rolename
Definition: parsenodes.h:430

References ereport, errcode(), errdetail_internal(), errmsg(), ERROR, IsReservedName(), RoleSpec::rolename, ROLESPEC_CSTRING, and RoleSpec::roletype.

Referenced by AlterRole(), and AlterRoleSet().

◆ column_privilege_check()

static int column_privilege_check ( Oid  tableoid,
AttrNumber  attnum,
Oid  roleid,
AclMode  mode 
)
static

Definition at line 2535 of file acl.c.

2537{
2538 AclResult aclresult;
2539 bool is_missing = false;
2540
2541 /*
2542 * If convert_column_name failed, we can just return -1 immediately.
2543 */
2544 if (attnum == InvalidAttrNumber)
2545 return -1;
2546
2547 /*
2548 * Check for column-level privileges first. This serves in part as a check
2549 * on whether the column even exists, so we need to do it before checking
2550 * table-level privilege.
2551 */
2552 aclresult = pg_attribute_aclcheck_ext(tableoid, attnum, roleid,
2553 mode, &is_missing);
2554 if (aclresult == ACLCHECK_OK)
2555 return 1;
2556 else if (is_missing)
2557 return -1;
2558
2559 /* Next check if we have the privilege at the table level */
2560 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2561 if (aclresult == ACLCHECK_OK)
2562 return 1;
2563 else if (is_missing)
2564 return -1;
2565 else
2566 return 0;
2567}
AclResult
AclResult
Definition: acl.h:182
ACLCHECK_OK
@ ACLCHECK_OK
Definition: acl.h:183
pg_class_aclcheck_ext
AclResult pg_class_aclcheck_ext(Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)
Definition: aclchk.c:4047
pg_attribute_aclcheck_ext
AclResult pg_attribute_aclcheck_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
Definition: aclchk.c:3878
InvalidAttrNumber
#define InvalidAttrNumber
Definition: attnum.h:23
attnum
int16 attnum
Definition: pg_attribute.h:74
mode
static PgChecksumMode mode
Definition: pg_checksums.c:55

References ACLCHECK_OK, attnum, InvalidAttrNumber, mode, pg_attribute_aclcheck_ext(), and pg_class_aclcheck_ext().

Referenced by has_column_privilege_id_attnum(), has_column_privilege_id_id_attnum(), has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), and has_column_privilege_name_name_name().

◆ convert_aclright_to_string()

static const char * convert_aclright_to_string ( int  aclright)
static

Definition at line 1734 of file acl.c.

1735{
1736 switch (aclright)
1737 {
1738 case ACL_INSERT:
1739 return "INSERT";
1740 case ACL_SELECT:
1741 return "SELECT";
1742 case ACL_UPDATE:
1743 return "UPDATE";
1744 case ACL_DELETE:
1745 return "DELETE";
1746 case ACL_TRUNCATE:
1747 return "TRUNCATE";
1748 case ACL_REFERENCES:
1749 return "REFERENCES";
1750 case ACL_TRIGGER:
1751 return "TRIGGER";
1752 case ACL_EXECUTE:
1753 return "EXECUTE";
1754 case ACL_USAGE:
1755 return "USAGE";
1756 case ACL_CREATE:
1757 return "CREATE";
1758 case ACL_CREATE_TEMP:
1759 return "TEMPORARY";
1760 case ACL_CONNECT:
1761 return "CONNECT";
1762 case ACL_SET:
1763 return "SET";
1764 case ACL_ALTER_SYSTEM:
1765 return "ALTER SYSTEM";
1766 case ACL_MAINTAIN:
1767 return "MAINTAIN";
1768 default:
1769 elog(ERROR, "unrecognized aclright: %d", aclright);
1770 return NULL;
1771 }
1772}

References ACL_ALTER_SYSTEM, ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_MAINTAIN, ACL_REFERENCES, ACL_SELECT, ACL_SET, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, elog, and ERROR.

Referenced by aclexplode().

◆ convert_any_priv_string()

static AclMode convert_any_priv_string ( text priv_type_text,
const priv_map privileges 
)
static

Definition at line 1686 of file acl.c.

1688{
1689 AclMode result = 0;
1690 char *priv_type = text_to_cstring(priv_type_text);
1691 char *chunk;
1692 char *next_chunk;
1693
1694 /* We rely on priv_type being a private, modifiable string */
1695 for (chunk = priv_type; chunk; chunk = next_chunk)
1696 {
1697 int chunk_len;
1698 const priv_map *this_priv;
1699
1700 /* Split string at commas */
1701 next_chunk = strchr(chunk, ',');
1702 if (next_chunk)
1703 *next_chunk++ = '\0';
1704
1705 /* Drop leading/trailing whitespace in this chunk */
1706 while (*chunk && isspace((unsigned char) *chunk))
1707 chunk++;
1708 chunk_len = strlen(chunk);
1709 while (chunk_len > 0 && isspace((unsigned char) chunk[chunk_len - 1]))
1710 chunk_len--;
1711 chunk[chunk_len] = '\0';
1712
1713 /* Match to the privileges list */
1714 for (this_priv = privileges; this_priv->name; this_priv++)
1715 {
1716 if (pg_strcasecmp(this_priv->name, chunk) == 0)
1717 {
1718 result |= this_priv->value;
1719 break;
1720 }
1721 }
1722 if (!this_priv->name)
1723 ereport(ERROR,
1724 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1725 errmsg("unrecognized privilege type: \"%s\"", chunk)));
1726 }
1727
1728 pfree(priv_type);
1729 return result;
1730}
pg_strcasecmp
int pg_strcasecmp(const char *s1, const char *s2)
Definition: pgstrcasecmp.c:36
priv_map
Definition: acl.c:55
priv_map::name
const char * name
Definition: acl.c:56
priv_map::value
AclMode value
Definition: acl.c:57
text_to_cstring
char * text_to_cstring(const text *t)
Definition: varlena.c:214

References ereport, errcode(), errmsg(), ERROR, priv_map::name, pfree(), pg_strcasecmp(), text_to_cstring(), and priv_map::value.

Referenced by convert_column_priv_string(), convert_database_priv_string(), convert_foreign_data_wrapper_priv_string(), convert_function_priv_string(), convert_language_priv_string(), convert_largeobject_priv_string(), convert_parameter_priv_string(), convert_role_priv_string(), convert_schema_priv_string(), convert_sequence_priv_string(), convert_server_priv_string(), convert_table_priv_string(), convert_tablespace_priv_string(), convert_type_priv_string(), and makeaclitem().

◆ convert_column_name()

static AttrNumber convert_column_name ( Oid  tableoid,
text column 
)
static

Definition at line 2895 of file acl.c.

2896{
2897 char *colname;
2898 HeapTuple attTuple;
2899 AttrNumber attnum;
2900
2901 colname = text_to_cstring(column);
2902
2903 /*
2904 * We don't use get_attnum() here because it will report that dropped
2905 * columns don't exist. We need to treat dropped columns differently from
2906 * nonexistent columns.
2907 */
2908 attTuple = SearchSysCache2(ATTNAME,
2909 ObjectIdGetDatum(tableoid),
2910 CStringGetDatum(colname));
2911 if (HeapTupleIsValid(attTuple))
2912 {
2913 Form_pg_attribute attributeForm;
2914
2915 attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
2916 /* We want to return NULL for dropped columns */
2917 if (attributeForm->attisdropped)
2918 attnum = InvalidAttrNumber;
2919 else
2920 attnum = attributeForm->attnum;
2921 ReleaseSysCache(attTuple);
2922 }
2923 else
2924 {
2925 char *tablename = get_rel_name(tableoid);
2926
2927 /*
2928 * If the table OID is bogus, or it's just been dropped, we'll get
2929 * NULL back. In such cases we want has_column_privilege to return
2930 * NULL too, so just return InvalidAttrNumber.
2931 */
2932 if (tablename != NULL)
2933 {
2934 /* tableoid exists, colname does not, so throw error */
2935 ereport(ERROR,
2936 (errcode(ERRCODE_UNDEFINED_COLUMN),
2937 errmsg("column \"%s\" of relation \"%s\" does not exist",
2938 colname, tablename)));
2939 }
2940 /* tableoid doesn't exist, so act like attisdropped case */
2941 attnum = InvalidAttrNumber;
2942 }
2943
2944 pfree(colname);
2945 return attnum;
2946}
get_rel_name
char * get_rel_name(Oid relid)
Definition: lsyscache.c:2095
Form_pg_attribute
FormData_pg_attribute * Form_pg_attribute
Definition: pg_attribute.h:202
CStringGetDatum
static Datum CStringGetDatum(const char *X)
Definition: postgres.h:360
SearchSysCache2
HeapTuple SearchSysCache2(int cacheId, Datum key1, Datum key2)
Definition: syscache.c:230

References attnum, CStringGetDatum(), ereport, errcode(), errmsg(), ERROR, get_rel_name(), GETSTRUCT(), HeapTupleIsValid, InvalidAttrNumber, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), SearchSysCache2(), and text_to_cstring().

Referenced by has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_name(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), and has_column_privilege_name_name_name().

◆ convert_column_priv_string()

static AclMode convert_column_priv_string ( text priv_type_text)
static

Definition at line 2953 of file acl.c.

2954{
2955 static const priv_map column_priv_map[] = {
2956 {"SELECT", ACL_SELECT},
2957 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2958 {"INSERT", ACL_INSERT},
2959 {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2960 {"UPDATE", ACL_UPDATE},
2961 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2962 {"REFERENCES", ACL_REFERENCES},
2963 {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2964 {NULL, 0}
2965 };
2966
2967 return convert_any_priv_string(priv_type_text, column_priv_map);
2968}
convert_any_priv_string
static AclMode convert_any_priv_string(text *priv_type_text, const priv_map *privileges)
Definition: acl.c:1686

References ACL_GRANT_OPTION_FOR, ACL_INSERT, ACL_REFERENCES, ACL_SELECT, ACL_UPDATE, and convert_any_priv_string().

Referenced by has_any_column_privilege_id(), has_any_column_privilege_id_id(), has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_id(), has_any_column_privilege_name_name(), has_column_privilege_id_attnum(), has_column_privilege_id_id_attnum(), has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), and has_column_privilege_name_name_name().

◆ convert_database_name()

static Oid convert_database_name ( text databasename)
static

Definition at line 3147 of file acl.c.

3148{
3149 char *dbname = text_to_cstring(databasename);
3150
3151 return get_database_oid(dbname, false);
3152}
get_database_oid
Oid get_database_oid(const char *dbname, bool missing_ok)
Definition: dbcommands.c:3167
dbname
char * dbname
Definition: streamutil.c:49

References dbname, get_database_oid(), and text_to_cstring().

Referenced by has_database_privilege_id_name(), has_database_privilege_name(), and has_database_privilege_name_name().

◆ convert_database_priv_string()

static AclMode convert_database_priv_string ( text priv_type_text)
static

Definition at line 3159 of file acl.c.

3160{
3161 static const priv_map database_priv_map[] = {
3162 {"CREATE", ACL_CREATE},
3163 {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
3164 {"TEMPORARY", ACL_CREATE_TEMP},
3165 {"TEMPORARY WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3166 {"TEMP", ACL_CREATE_TEMP},
3167 {"TEMP WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3168 {"CONNECT", ACL_CONNECT},
3169 {"CONNECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CONNECT)},
3170 {NULL, 0}
3171 };
3172
3173 return convert_any_priv_string(priv_type_text, database_priv_map);
3174}

References ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_GRANT_OPTION_FOR, and convert_any_priv_string().

Referenced by has_database_privilege_id(), has_database_privilege_id_id(), has_database_privilege_id_name(), has_database_privilege_name(), has_database_privilege_name_id(), and has_database_privilege_name_name().

◆ convert_foreign_data_wrapper_name()

static Oid convert_foreign_data_wrapper_name ( text fdwname)
static

Definition at line 3353 of file acl.c.

3354{
3355 char *fdwstr = text_to_cstring(fdwname);
3356
3357 return get_foreign_data_wrapper_oid(fdwstr, false);
3358}
get_foreign_data_wrapper_oid
Oid get_foreign_data_wrapper_oid(const char *fdwname, bool missing_ok)
Definition: foreign.c:682

References get_foreign_data_wrapper_oid(), and text_to_cstring().

Referenced by has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), and has_foreign_data_wrapper_privilege_name_name().

◆ convert_foreign_data_wrapper_priv_string()

static AclMode convert_foreign_data_wrapper_priv_string ( text priv_type_text)
static

Definition at line 3365 of file acl.c.

3366{
3367 static const priv_map foreign_data_wrapper_priv_map[] = {
3368 {"USAGE", ACL_USAGE},
3369 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3370 {NULL, 0}
3371 };
3372
3373 return convert_any_priv_string(priv_type_text, foreign_data_wrapper_priv_map);
3374}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_foreign_data_wrapper_privilege_id(), has_foreign_data_wrapper_privilege_id_id(), has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), has_foreign_data_wrapper_privilege_name_id(), and has_foreign_data_wrapper_privilege_name_name().

◆ convert_function_name()

static Oid convert_function_name ( text functionname)
static

Definition at line 3553 of file acl.c.

3554{
3555 char *funcname = text_to_cstring(functionname);
3556 Oid oid;
3557
3558 oid = DatumGetObjectId(DirectFunctionCall1(regprocedurein,
3559 CStringGetDatum(funcname)));
3560
3561 if (!OidIsValid(oid))
3562 ereport(ERROR,
3563 (errcode(ERRCODE_UNDEFINED_FUNCTION),
3564 errmsg("function \"%s\" does not exist", funcname)));
3565
3566 return oid;
3567}
DirectFunctionCall1
#define DirectFunctionCall1(func, arg1)
Definition: fmgr.h:682
funcname
#define funcname
Definition: indent_codes.h:69
DatumGetObjectId
static Oid DatumGetObjectId(Datum X)
Definition: postgres.h:252
regprocedurein
Datum regprocedurein(PG_FUNCTION_ARGS)
Definition: regproc.c:229

References CStringGetDatum(), DatumGetObjectId(), DirectFunctionCall1, ereport, errcode(), errmsg(), ERROR, funcname, OidIsValid, regprocedurein(), and text_to_cstring().

Referenced by has_function_privilege_id_name(), has_function_privilege_name(), and has_function_privilege_name_name().

◆ convert_function_priv_string()

static AclMode convert_function_priv_string ( text priv_type_text)
static

Definition at line 3574 of file acl.c.

3575{
3576 static const priv_map function_priv_map[] = {
3577 {"EXECUTE", ACL_EXECUTE},
3578 {"EXECUTE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_EXECUTE)},
3579 {NULL, 0}
3580 };
3581
3582 return convert_any_priv_string(priv_type_text, function_priv_map);
3583}

References ACL_EXECUTE, ACL_GRANT_OPTION_FOR, and convert_any_priv_string().

Referenced by has_function_privilege_id(), has_function_privilege_id_id(), has_function_privilege_id_name(), has_function_privilege_name(), has_function_privilege_name_id(), and has_function_privilege_name_name().

◆ convert_language_name()

static Oid convert_language_name ( text languagename)
static

Definition at line 3762 of file acl.c.

3763{
3764 char *langname = text_to_cstring(languagename);
3765
3766 return get_language_oid(langname, false);
3767}
get_language_oid
Oid get_language_oid(const char *langname, bool missing_ok)
Definition: proclang.c:226

References get_language_oid(), and text_to_cstring().

Referenced by has_language_privilege_id_name(), has_language_privilege_name(), and has_language_privilege_name_name().

◆ convert_language_priv_string()

static AclMode convert_language_priv_string ( text priv_type_text)
static

Definition at line 3774 of file acl.c.

3775{
3776 static const priv_map language_priv_map[] = {
3777 {"USAGE", ACL_USAGE},
3778 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3779 {NULL, 0}
3780 };
3781
3782 return convert_any_priv_string(priv_type_text, language_priv_map);
3783}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_language_privilege_id(), has_language_privilege_id_id(), has_language_privilege_id_name(), has_language_privilege_name(), has_language_privilege_name_id(), and has_language_privilege_name_name().

◆ convert_largeobject_priv_string()

static AclMode convert_largeobject_priv_string ( text priv_type_text)
static

Definition at line 4809 of file acl.c.

4810{
4811 static const priv_map largeobject_priv_map[] = {
4812 {"SELECT", ACL_SELECT},
4813 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
4814 {"UPDATE", ACL_UPDATE},
4815 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
4816 {NULL, 0}
4817 };
4818
4819 return convert_any_priv_string(priv_type_text, largeobject_priv_map);
4820}

References ACL_GRANT_OPTION_FOR, ACL_SELECT, ACL_UPDATE, and convert_any_priv_string().

Referenced by has_largeobject_privilege_id(), has_largeobject_privilege_id_id(), and has_largeobject_privilege_name_id().

◆ convert_parameter_priv_string()

static AclMode convert_parameter_priv_string ( text priv_text)
static

Definition at line 4673 of file acl.c.

4674{
4675 static const priv_map parameter_priv_map[] = {
4676 {"SET", ACL_SET},
4677 {"SET WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SET)},
4678 {"ALTER SYSTEM", ACL_ALTER_SYSTEM},
4679 {"ALTER SYSTEM WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_ALTER_SYSTEM)},
4680 {NULL, 0}
4681 };
4682
4683 return convert_any_priv_string(priv_text, parameter_priv_map);
4684}

References ACL_ALTER_SYSTEM, ACL_GRANT_OPTION_FOR, ACL_SET, and convert_any_priv_string().

Referenced by has_parameter_privilege_id_name(), has_parameter_privilege_name(), and has_parameter_privilege_name_name().

◆ convert_role_priv_string()

static AclMode convert_role_priv_string ( text priv_type_text)
static

Definition at line 4987 of file acl.c.

4988{
4989 static const priv_map role_priv_map[] = {
4990 {"USAGE", ACL_USAGE},
4991 {"MEMBER", ACL_CREATE},
4992 {"SET", ACL_SET},
4993 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4994 {"USAGE WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4995 {"MEMBER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4996 {"MEMBER WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4997 {"SET WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4998 {"SET WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4999 {NULL, 0}
5000 };
5001
5002 return convert_any_priv_string(priv_type_text, role_priv_map);
5003}

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_SET, ACL_USAGE, and convert_any_priv_string().

Referenced by pg_has_role_id(), pg_has_role_id_id(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), and pg_has_role_name_name().

◆ convert_schema_name()

static Oid convert_schema_name ( text schemaname)
static

Definition at line 3962 of file acl.c.

3963{
3964 char *nspname = text_to_cstring(schemaname);
3965
3966 return get_namespace_oid(nspname, false);
3967}
get_namespace_oid
Oid get_namespace_oid(const char *nspname, bool missing_ok)
Definition: namespace.c:3605

References get_namespace_oid(), and text_to_cstring().

Referenced by has_schema_privilege_id_name(), has_schema_privilege_name(), and has_schema_privilege_name_name().

◆ convert_schema_priv_string()

static AclMode convert_schema_priv_string ( text priv_type_text)
static

Definition at line 3974 of file acl.c.

3975{
3976 static const priv_map schema_priv_map[] = {
3977 {"CREATE", ACL_CREATE},
3978 {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
3979 {"USAGE", ACL_USAGE},
3980 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3981 {NULL, 0}
3982 };
3983
3984 return convert_any_priv_string(priv_type_text, schema_priv_map);
3985}

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_schema_privilege_id(), has_schema_privilege_id_id(), has_schema_privilege_id_name(), has_schema_privilege_name(), has_schema_privilege_name_id(), and has_schema_privilege_name_name().

◆ convert_sequence_priv_string()

static AclMode convert_sequence_priv_string ( text priv_type_text)
static

Definition at line 2298 of file acl.c.

2299{
2300 static const priv_map sequence_priv_map[] = {
2301 {"USAGE", ACL_USAGE},
2302 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
2303 {"SELECT", ACL_SELECT},
2304 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2305 {"UPDATE", ACL_UPDATE},
2306 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2307 {NULL, 0}
2308 };
2309
2310 return convert_any_priv_string(priv_type_text, sequence_priv_map);
2311}

References ACL_GRANT_OPTION_FOR, ACL_SELECT, ACL_UPDATE, ACL_USAGE, and convert_any_priv_string().

Referenced by has_sequence_privilege_id(), has_sequence_privilege_id_id(), has_sequence_privilege_id_name(), has_sequence_privilege_name(), has_sequence_privilege_name_id(), and has_sequence_privilege_name_name().

◆ convert_server_name()

static Oid convert_server_name ( text servername)
static

Definition at line 4164 of file acl.c.

4165{
4166 char *serverstr = text_to_cstring(servername);
4167
4168 return get_foreign_server_oid(serverstr, false);
4169}
get_foreign_server_oid
Oid get_foreign_server_oid(const char *servername, bool missing_ok)
Definition: foreign.c:705

References get_foreign_server_oid(), and text_to_cstring().

Referenced by has_server_privilege_id_name(), has_server_privilege_name(), and has_server_privilege_name_name().

◆ convert_server_priv_string()

static AclMode convert_server_priv_string ( text priv_type_text)
static

Definition at line 4176 of file acl.c.

4177{
4178 static const priv_map server_priv_map[] = {
4179 {"USAGE", ACL_USAGE},
4180 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
4181 {NULL, 0}
4182 };
4183
4184 return convert_any_priv_string(priv_type_text, server_priv_map);
4185}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_server_privilege_id(), has_server_privilege_id_id(), has_server_privilege_id_name(), has_server_privilege_name(), has_server_privilege_name_id(), and has_server_privilege_name_name().

◆ convert_table_name()

static Oid convert_table_name ( text tablename)
static

Definition at line 2048 of file acl.c.

2049{
2050 RangeVar *relrv;
2051
2052 relrv = makeRangeVarFromNameList(textToQualifiedNameList(tablename));
2053
2054 /* We might not even have permissions on this relation; don't lock it. */
2055 return RangeVarGetRelid(relrv, NoLock, false);
2056}
NoLock
#define NoLock
Definition: lockdefs.h:34
makeRangeVarFromNameList
RangeVar * makeRangeVarFromNameList(const List *names)
Definition: namespace.c:3624
RangeVarGetRelid
#define RangeVarGetRelid(relation, lockmode, missing_ok)
Definition: namespace.h:98
textToQualifiedNameList
List * textToQualifiedNameList(text *textval)
Definition: varlena.c:2686

References makeRangeVarFromNameList(), NoLock, RangeVarGetRelid, and textToQualifiedNameList().

Referenced by has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), has_column_privilege_name_name_name(), has_sequence_privilege_id_name(), has_sequence_privilege_name(), has_sequence_privilege_name_name(), has_table_privilege_id_name(), has_table_privilege_name(), and has_table_privilege_name_name().

◆ convert_table_priv_string()

static AclMode convert_table_priv_string ( text priv_type_text)
static

Definition at line 2063 of file acl.c.

2064{
2065 static const priv_map table_priv_map[] = {
2066 {"SELECT", ACL_SELECT},
2067 {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2068 {"INSERT", ACL_INSERT},
2069 {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2070 {"UPDATE", ACL_UPDATE},
2071 {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2072 {"DELETE", ACL_DELETE},
2073 {"DELETE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_DELETE)},
2074 {"TRUNCATE", ACL_TRUNCATE},
2075 {"TRUNCATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRUNCATE)},
2076 {"REFERENCES", ACL_REFERENCES},
2077 {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2078 {"TRIGGER", ACL_TRIGGER},
2079 {"TRIGGER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRIGGER)},
2080 {"MAINTAIN", ACL_MAINTAIN},
2081 {"MAINTAIN WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_MAINTAIN)},
2082 {NULL, 0}
2083 };
2084
2085 return convert_any_priv_string(priv_type_text, table_priv_map);
2086}

References ACL_DELETE, ACL_GRANT_OPTION_FOR, ACL_INSERT, ACL_MAINTAIN, ACL_REFERENCES, ACL_SELECT, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, and convert_any_priv_string().

Referenced by has_table_privilege_id(), has_table_privilege_id_id(), has_table_privilege_id_name(), has_table_privilege_name(), has_table_privilege_name_id(), and has_table_privilege_name_name().

◆ convert_tablespace_name()

static Oid convert_tablespace_name ( text tablespacename)
static

Definition at line 4364 of file acl.c.

4365{
4366 char *spcname = text_to_cstring(tablespacename);
4367
4368 return get_tablespace_oid(spcname, false);
4369}
get_tablespace_oid
Oid get_tablespace_oid(const char *tablespacename, bool missing_ok)
Definition: tablespace.c:1426

References get_tablespace_oid(), and text_to_cstring().

Referenced by has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), and has_tablespace_privilege_name_name().

◆ convert_tablespace_priv_string()

static AclMode convert_tablespace_priv_string ( text priv_type_text)
static

Definition at line 4376 of file acl.c.

4377{
4378 static const priv_map tablespace_priv_map[] = {
4379 {"CREATE", ACL_CREATE},
4380 {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4381 {NULL, 0}
4382 };
4383
4384 return convert_any_priv_string(priv_type_text, tablespace_priv_map);
4385}

References ACL_CREATE, ACL_GRANT_OPTION_FOR, and convert_any_priv_string().

Referenced by has_tablespace_privilege_id(), has_tablespace_privilege_id_id(), has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), has_tablespace_privilege_name_id(), and has_tablespace_privilege_name_name().

◆ convert_type_name()

static Oid convert_type_name ( text typename)
static

Definition at line 4563 of file acl.c.

4564{
4565 char *typname = text_to_cstring(typename);
4566 Oid oid;
4567
4568 oid = DatumGetObjectId(DirectFunctionCall1(regtypein,
4569 CStringGetDatum(typname)));
4570
4571 if (!OidIsValid(oid))
4572 ereport(ERROR,
4573 (errcode(ERRCODE_UNDEFINED_OBJECT),
4574 errmsg("type \"%s\" does not exist", typname)));
4575
4576 return oid;
4577}
typname
NameData typname
Definition: pg_type.h:41
regtypein
Datum regtypein(PG_FUNCTION_ARGS)
Definition: regproc.c:1184

References CStringGetDatum(), DatumGetObjectId(), DirectFunctionCall1, ereport, errcode(), errmsg(), ERROR, OidIsValid, regtypein(), text_to_cstring(), and typname.

Referenced by has_type_privilege_id_name(), has_type_privilege_name(), and has_type_privilege_name_name().

◆ convert_type_priv_string()

static AclMode convert_type_priv_string ( text priv_type_text)
static

Definition at line 4584 of file acl.c.

4585{
4586 static const priv_map type_priv_map[] = {
4587 {"USAGE", ACL_USAGE},
4588 {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
4589 {NULL, 0}
4590 };
4591
4592 return convert_any_priv_string(priv_type_text, type_priv_map);
4593}

References ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_type_privilege_id(), has_type_privilege_id_id(), has_type_privilege_id_name(), has_type_privilege_name(), has_type_privilege_name_id(), and has_type_privilege_name_name().

◆ get_role_oid()

Oid get_role_oid ( const char *  rolname,
bool  missing_ok 
)

Definition at line 5552 of file acl.c.

5553{
5554 Oid oid;
5555
5556 oid = GetSysCacheOid1(AUTHNAME, Anum_pg_authid_oid,
5557 CStringGetDatum(rolname));
5558 if (!OidIsValid(oid) && !missing_ok)
5559 ereport(ERROR,
5560 (errcode(ERRCODE_UNDEFINED_OBJECT),
5561 errmsg("role \"%s\" does not exist", rolname)));
5562 return oid;
5563}
GetSysCacheOid1
#define GetSysCacheOid1(cacheId, oidcol, key1)
Definition: syscache.h:109

References CStringGetDatum(), ereport, errcode(), errmsg(), ERROR, GetSysCacheOid1, OidIsValid, and rolname.

Referenced by aclparse(), check_hba(), check_ident_usermap(), createdb(), CreateRole(), get_object_address_unqualified(), get_role_oid_or_public(), get_rolespec_oid(), GrantRole(), is_member(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), pg_has_role_name_name(), regrolein(), shell_check_detail(), and worker_spi_launch().

◆ get_role_oid_or_public()

Oid get_role_oid_or_public ( const char *  rolname)

Definition at line 5570 of file acl.c.

5571{
5572 if (strcmp(rolname, "public") == 0)
5573 return ACL_ID_PUBLIC;
5574
5575 return get_role_oid(rolname, false);
5576}

References ACL_ID_PUBLIC, get_role_oid(), and rolname.

Referenced by has_any_column_privilege_name_id(), has_any_column_privilege_name_name(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name_attnum(), has_column_privilege_name_name_name(), has_database_privilege_name_id(), has_database_privilege_name_name(), has_foreign_data_wrapper_privilege_name_id(), has_foreign_data_wrapper_privilege_name_name(), has_function_privilege_name_id(), has_function_privilege_name_name(), has_language_privilege_name_id(), has_language_privilege_name_name(), has_largeobject_privilege_name_id(), has_parameter_privilege_name_name(), has_schema_privilege_name_id(), has_schema_privilege_name_name(), has_sequence_privilege_name_id(), has_sequence_privilege_name_name(), has_server_privilege_name_id(), has_server_privilege_name_name(), has_table_privilege_name_id(), has_table_privilege_name_name(), has_tablespace_privilege_name_id(), has_tablespace_privilege_name_name(), has_type_privilege_name_id(), and has_type_privilege_name_name().

◆ get_rolespec_name()

char * get_rolespec_name ( const RoleSpec role)

Definition at line 5671 of file acl.c.

5672{
5673 HeapTuple tp;
5674 Form_pg_authid authForm;
5675 char *rolename;
5676
5677 tp = get_rolespec_tuple(role);
5678 authForm = (Form_pg_authid) GETSTRUCT(tp);
5679 rolename = pstrdup(NameStr(authForm->rolname));
5680 ReleaseSysCache(tp);
5681
5682 return rolename;
5683}
get_rolespec_tuple
HeapTuple get_rolespec_tuple(const RoleSpec *role)
Definition: acl.c:5625
pstrdup
char * pstrdup(const char *in)
Definition: mcxt.c:1759

References get_rolespec_tuple(), GETSTRUCT(), NameStr, pstrdup(), and ReleaseSysCache().

Referenced by AddRoleMems(), and DelRoleMems().

◆ get_rolespec_oid()

Oid get_rolespec_oid ( const RoleSpec role,
bool  missing_ok 
)

Definition at line 5586 of file acl.c.

5587{
5588 Oid oid;
5589
5590 switch (role->roletype)
5591 {
5592 case ROLESPEC_CSTRING:
5593 Assert(role->rolename);
5594 oid = get_role_oid(role->rolename, missing_ok);
5595 break;
5596
5597 case ROLESPEC_CURRENT_ROLE:
5598 case ROLESPEC_CURRENT_USER:
5599 oid = GetUserId();
5600 break;
5601
5602 case ROLESPEC_SESSION_USER:
5603 oid = GetSessionUserId();
5604 break;
5605
5606 case ROLESPEC_PUBLIC:
5607 ereport(ERROR,
5608 (errcode(ERRCODE_UNDEFINED_OBJECT),
5609 errmsg("role \"%s\" does not exist", "public")));
5610 oid = InvalidOid; /* make compiler happy */
5611 break;
5612
5613 default:
5614 elog(ERROR, "unexpected role type %d", role->roletype);
5615 }
5616
5617 return oid;
5618}
GetUserId
Oid GetUserId(void)
Definition: miscinit.c:469
GetSessionUserId
Oid GetSessionUserId(void)
Definition: miscinit.c:508
ROLESPEC_CURRENT_USER
@ ROLESPEC_CURRENT_USER
Definition: parsenodes.h:421
ROLESPEC_SESSION_USER
@ ROLESPEC_SESSION_USER
Definition: parsenodes.h:422
ROLESPEC_CURRENT_ROLE
@ ROLESPEC_CURRENT_ROLE
Definition: parsenodes.h:420
ROLESPEC_PUBLIC
@ ROLESPEC_PUBLIC
Definition: parsenodes.h:423
InvalidOid
#define InvalidOid
Definition: postgres_ext.h:37

References Assert(), elog, ereport, errcode(), errmsg(), ERROR, get_role_oid(), GetSessionUserId(), GetUserId(), InvalidOid, RoleSpec::rolename, ROLESPEC_CSTRING, ROLESPEC_CURRENT_ROLE, ROLESPEC_CURRENT_USER, ROLESPEC_PUBLIC, ROLESPEC_SESSION_USER, and RoleSpec::roletype.

Referenced by AlterUserMapping(), ATExecCmd(), CreateSchemaCommand(), CreateTableSpace(), CreateUserMapping(), ExecAlterDefaultPrivilegesStmt(), ExecAlterOwnerStmt(), ExecuteGrantStmt(), GrantRole(), policy_role_list_to_array(), ReassignOwnedObjects(), RemoveUserMapping(), and roleSpecsToIds().

◆ get_rolespec_tuple()

HeapTuple get_rolespec_tuple ( const RoleSpec role)

Definition at line 5625 of file acl.c.

5626{
5627 HeapTuple tuple;
5628
5629 switch (role->roletype)
5630 {
5631 case ROLESPEC_CSTRING:
5632 Assert(role->rolename);
5633 tuple = SearchSysCache1(AUTHNAME, CStringGetDatum(role->rolename));
5634 if (!HeapTupleIsValid(tuple))
5635 ereport(ERROR,
5636 (errcode(ERRCODE_UNDEFINED_OBJECT),
5637 errmsg("role \"%s\" does not exist", role->rolename)));
5638 break;
5639
5640 case ROLESPEC_CURRENT_ROLE:
5641 case ROLESPEC_CURRENT_USER:
5642 tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(GetUserId()));
5643 if (!HeapTupleIsValid(tuple))
5644 elog(ERROR, "cache lookup failed for role %u", GetUserId());
5645 break;
5646
5647 case ROLESPEC_SESSION_USER:
5648 tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(GetSessionUserId()));
5649 if (!HeapTupleIsValid(tuple))
5650 elog(ERROR, "cache lookup failed for role %u", GetSessionUserId());
5651 break;
5652
5653 case ROLESPEC_PUBLIC:
5654 ereport(ERROR,
5655 (errcode(ERRCODE_UNDEFINED_OBJECT),
5656 errmsg("role \"%s\" does not exist", "public")));
5657 tuple = NULL; /* make compiler happy */
5658 break;
5659
5660 default:
5661 elog(ERROR, "unexpected role type %d", role->roletype);
5662 }
5663
5664 return tuple;
5665}

References Assert(), CStringGetDatum(), elog, ereport, errcode(), errmsg(), ERROR, GetSessionUserId(), GetUserId(), HeapTupleIsValid, ObjectIdGetDatum(), RoleSpec::rolename, ROLESPEC_CSTRING, ROLESPEC_CURRENT_ROLE, ROLESPEC_CURRENT_USER, ROLESPEC_PUBLIC, ROLESPEC_SESSION_USER, RoleSpec::roletype, and SearchSysCache1().

Referenced by AlterRole(), AlterRoleSet(), CreateRole(), and get_rolespec_name().

◆ getid()

static const char * getid ( const char *  s,
char *  n,
Node escontext 
)
static

Definition at line 168 of file acl.c.

169{
170 int len = 0;
171 bool in_quotes = false;
172
173 Assert(s && n);
174
175 while (isspace((unsigned char) *s))
176 s++;
177 for (;
178 *s != '\0' &&
179 (in_quotes || *s == '"' || is_safe_acl_char(*s, true));
180 s++)
181 {
182 if (*s == '"')
183 {
184 if (!in_quotes)
185 {
186 in_quotes = true;
187 continue;
188 }
189 /* safe to look at next char (could be '\0' though) */
190 if (*(s + 1) != '"')
191 {
192 in_quotes = false;
193 continue;
194 }
195 /* it's an escaped double quote; skip the escaping char */
196 s++;
197 }
198
199 /* Add the character to the string */
200 if (len >= NAMEDATALEN - 1)
201 ereturn(escontext, NULL,
202 (errcode(ERRCODE_NAME_TOO_LONG),
203 errmsg("identifier too long"),
204 errdetail("Identifier must be less than %d characters.",
205 NAMEDATALEN)));
206
207 n[len++] = *s;
208 }
209 n[len] = '\0';
210 while (isspace((unsigned char) *s))
211 s++;
212 return s;
213}
is_safe_acl_char
static bool is_safe_acl_char(unsigned char c, bool is_getid)
Definition: acl.c:145
errdetail
int errdetail(const char *fmt,...)
Definition: elog.c:1207
len
const void size_t len
Definition: pg_crc32c_sse42.c:28

References Assert(), ereturn, errcode(), errdetail(), errmsg(), is_safe_acl_char(), len, and NAMEDATALEN.

Referenced by aclparse().

◆ has_any_column_privilege_id()

Datum has_any_column_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 2424 of file acl.c.

2425{
2426 Oid tableoid = PG_GETARG_OID(0);
2427 text *priv_type_text = PG_GETARG_TEXT_PP(1);
2428 Oid roleid;
2429 AclMode mode;
2430 AclResult aclresult;
2431 bool is_missing = false;
2432
2433 roleid = GetUserId();
2434 mode = convert_column_priv_string(priv_type_text);
2435
2436 /* First check at table level, then examine each column if needed */
2437 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2438 if (aclresult != ACLCHECK_OK)
2439 {
2440 if (is_missing)
2441 PG_RETURN_NULL();
2442 aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
2443 ACLMASK_ANY, &is_missing);
2444 if (is_missing)
2445 PG_RETURN_NULL();
2446 }
2447
2448 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2449}
convert_column_priv_string
static AclMode convert_column_priv_string(text *priv_type_text)
Definition: acl.c:2953
ACLMASK_ANY
@ ACLMASK_ANY
Definition: acl.h:177
pg_attribute_aclcheck_all_ext
AclResult pg_attribute_aclcheck_all_ext(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)
Definition: aclchk.c:3919
PG_GETARG_TEXT_PP
#define PG_GETARG_TEXT_PP(n)
Definition: fmgr.h:309
varlena
Definition: c.h:693

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), GetUserId(), mode, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_any_column_privilege_id_id()

Datum has_any_column_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 2484 of file acl.c.

2485{
2486 Oid roleid = PG_GETARG_OID(0);
2487 Oid tableoid = PG_GETARG_OID(1);
2488 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2489 AclMode mode;
2490 AclResult aclresult;
2491 bool is_missing = false;
2492
2493 mode = convert_column_priv_string(priv_type_text);
2494
2495 /* First check at table level, then examine each column if needed */
2496 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2497 if (aclresult != ACLCHECK_OK)
2498 {
2499 if (is_missing)
2500 PG_RETURN_NULL();
2501 aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
2502 ACLMASK_ANY, &is_missing);
2503 if (is_missing)
2504 PG_RETURN_NULL();
2505 }
2506
2507 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2508}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), mode, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_any_column_privilege_id_name()

Datum has_any_column_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2457 of file acl.c.

2458{
2459 Oid roleid = PG_GETARG_OID(0);
2460 text *tablename = PG_GETARG_TEXT_PP(1);
2461 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2462 Oid tableoid;
2463 AclMode mode;
2464 AclResult aclresult;
2465
2466 tableoid = convert_table_name(tablename);
2467 mode = convert_column_priv_string(priv_type_text);
2468
2469 /* First check at table level, then examine each column if needed */
2470 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2471 if (aclresult != ACLCHECK_OK)
2472 aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2473 ACLMASK_ANY);
2474
2475 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2476}
convert_table_name
static Oid convert_table_name(text *tablename)
Definition: acl.c:2048
pg_attribute_aclcheck_all
AclResult pg_attribute_aclcheck_all(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
Definition: aclchk.c:3908
pg_class_aclcheck
AclResult pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode)
Definition: aclchk.c:4037

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), mode, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_any_column_privilege_name()

Datum has_any_column_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 2361 of file acl.c.

2362{
2363 text *tablename = PG_GETARG_TEXT_PP(0);
2364 text *priv_type_text = PG_GETARG_TEXT_PP(1);
2365 Oid roleid;
2366 Oid tableoid;
2367 AclMode mode;
2368 AclResult aclresult;
2369
2370 roleid = GetUserId();
2371 tableoid = convert_table_name(tablename);
2372 mode = convert_column_priv_string(priv_type_text);
2373
2374 /* First check at table level, then examine each column if needed */
2375 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2376 if (aclresult != ACLCHECK_OK)
2377 aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2378 ACLMASK_ANY);
2379
2380 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2381}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), GetUserId(), mode, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_any_column_privilege_name_id()

Datum has_any_column_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 2389 of file acl.c.

2390{
2391 Name username = PG_GETARG_NAME(0);
2392 Oid tableoid = PG_GETARG_OID(1);
2393 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2394 Oid roleid;
2395 AclMode mode;
2396 AclResult aclresult;
2397 bool is_missing = false;
2398
2399 roleid = get_role_oid_or_public(NameStr(*username));
2400 mode = convert_column_priv_string(priv_type_text);
2401
2402 /* First check at table level, then examine each column if needed */
2403 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2404 if (aclresult != ACLCHECK_OK)
2405 {
2406 if (is_missing)
2407 PG_RETURN_NULL();
2408 aclresult = pg_attribute_aclcheck_all_ext(tableoid, roleid, mode,
2409 ACLMASK_ANY, &is_missing);
2410 if (is_missing)
2411 PG_RETURN_NULL();
2412 }
2413
2414 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2415}
get_role_oid_or_public
Oid get_role_oid_or_public(const char *rolname)
Definition: acl.c:5570
PG_GETARG_NAME
#define PG_GETARG_NAME(n)
Definition: fmgr.h:278
username
static char * username
Definition: initdb.c:153
nameData
Definition: c.h:747

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), get_role_oid_or_public(), mode, NameStr, pg_attribute_aclcheck_all_ext(), pg_class_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_any_column_privilege_name_name()

Datum has_any_column_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2331 of file acl.c.

2332{
2333 Name rolename = PG_GETARG_NAME(0);
2334 text *tablename = PG_GETARG_TEXT_PP(1);
2335 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2336 Oid roleid;
2337 Oid tableoid;
2338 AclMode mode;
2339 AclResult aclresult;
2340
2341 roleid = get_role_oid_or_public(NameStr(*rolename));
2342 tableoid = convert_table_name(tablename);
2343 mode = convert_column_priv_string(priv_type_text);
2344
2345 /* First check at table level, then examine each column if needed */
2346 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2347 if (aclresult != ACLCHECK_OK)
2348 aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2349 ACLMASK_ANY);
2350
2351 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2352}

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), get_role_oid_or_public(), mode, NameStr, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_column_privilege_id_attnum()

Datum has_column_privilege_id_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2867 of file acl.c.

2868{
2869 Oid tableoid = PG_GETARG_OID(0);
2870 AttrNumber colattnum = PG_GETARG_INT16(1);
2871 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2872 Oid roleid;
2873 AclMode mode;
2874 int privresult;
2875
2876 roleid = GetUserId();
2877 mode = convert_column_priv_string(priv_type_text);
2878
2879 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2880 if (privresult < 0)
2881 PG_RETURN_NULL();
2882 PG_RETURN_BOOL(privresult);
2883}
column_privilege_check
static int column_privilege_check(Oid tableoid, AttrNumber attnum, Oid roleid, AclMode mode)
Definition: acl.c:2535
PG_GETARG_INT16
#define PG_GETARG_INT16(n)
Definition: fmgr.h:271

References column_privilege_check(), convert_column_priv_string(), GetUserId(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_id_attnum()

Datum has_column_privilege_id_id_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2760 of file acl.c.

2761{
2762 Oid roleid = PG_GETARG_OID(0);
2763 Oid tableoid = PG_GETARG_OID(1);
2764 AttrNumber colattnum = PG_GETARG_INT16(2);
2765 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2766 AclMode mode;
2767 int privresult;
2768
2769 mode = convert_column_priv_string(priv_type_text);
2770
2771 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2772 if (privresult < 0)
2773 PG_RETURN_NULL();
2774 PG_RETURN_BOOL(privresult);
2775}

References column_privilege_check(), convert_column_priv_string(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_id_name()

Datum has_column_privilege_id_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2735 of file acl.c.

2736{
2737 Oid roleid = PG_GETARG_OID(0);
2738 Oid tableoid = PG_GETARG_OID(1);
2739 text *column = PG_GETARG_TEXT_PP(2);
2740 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2741 AttrNumber colattnum;
2742 AclMode mode;
2743 int privresult;
2744
2745 colattnum = convert_column_name(tableoid, column);
2746 mode = convert_column_priv_string(priv_type_text);
2747
2748 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2749 if (privresult < 0)
2750 PG_RETURN_NULL();
2751 PG_RETURN_BOOL(privresult);
2752}
convert_column_name
static AttrNumber convert_column_name(Oid tableoid, text *column)
Definition: acl.c:2895

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name()

Datum has_column_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2840 of file acl.c.

2841{
2842 Oid tableoid = PG_GETARG_OID(0);
2843 text *column = PG_GETARG_TEXT_PP(1);
2844 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2845 Oid roleid;
2846 AttrNumber colattnum;
2847 AclMode mode;
2848 int privresult;
2849
2850 roleid = GetUserId();
2851 colattnum = convert_column_name(tableoid, column);
2852 mode = convert_column_priv_string(priv_type_text);
2853
2854 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2855 if (privresult < 0)
2856 PG_RETURN_NULL();
2857 PG_RETURN_BOOL(privresult);
2858}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), GetUserId(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name_attnum()

Datum has_column_privilege_id_name_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2710 of file acl.c.

2711{
2712 Oid roleid = PG_GETARG_OID(0);
2713 text *tablename = PG_GETARG_TEXT_PP(1);
2714 AttrNumber colattnum = PG_GETARG_INT16(2);
2715 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2716 Oid tableoid;
2717 AclMode mode;
2718 int privresult;
2719
2720 tableoid = convert_table_name(tablename);
2721 mode = convert_column_priv_string(priv_type_text);
2722
2723 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2724 if (privresult < 0)
2725 PG_RETURN_NULL();
2726 PG_RETURN_BOOL(privresult);
2727}

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), mode, PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_id_name_name()

Datum has_column_privilege_id_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2683 of file acl.c.

2684{
2685 Oid roleid = PG_GETARG_OID(0);
2686 text *tablename = PG_GETARG_TEXT_PP(1);
2687 text *column = PG_GETARG_TEXT_PP(2);
2688 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2689 Oid tableoid;
2690 AttrNumber colattnum;
2691 AclMode mode;
2692 int privresult;
2693
2694 tableoid = convert_table_name(tablename);
2695 colattnum = convert_column_name(tableoid, column);
2696 mode = convert_column_priv_string(priv_type_text);
2697
2698 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2699 if (privresult < 0)
2700 PG_RETURN_NULL();
2701 PG_RETURN_BOOL(privresult);
2702}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_attnum()

Datum has_column_privilege_name_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2813 of file acl.c.

2814{
2815 text *tablename = PG_GETARG_TEXT_PP(0);
2816 AttrNumber colattnum = PG_GETARG_INT16(1);
2817 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2818 Oid roleid;
2819 Oid tableoid;
2820 AclMode mode;
2821 int privresult;
2822
2823 roleid = GetUserId();
2824 tableoid = convert_table_name(tablename);
2825 mode = convert_column_priv_string(priv_type_text);
2826
2827 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2828 if (privresult < 0)
2829 PG_RETURN_NULL();
2830 PG_RETURN_BOOL(privresult);
2831}

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), GetUserId(), mode, PG_GETARG_INT16, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_id_attnum()

Datum has_column_privilege_name_id_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2658 of file acl.c.

2659{
2660 Name username = PG_GETARG_NAME(0);
2661 Oid tableoid = PG_GETARG_OID(1);
2662 AttrNumber colattnum = PG_GETARG_INT16(2);
2663 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2664 Oid roleid;
2665 AclMode mode;
2666 int privresult;
2667
2668 roleid = get_role_oid_or_public(NameStr(*username));
2669 mode = convert_column_priv_string(priv_type_text);
2670
2671 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2672 if (privresult < 0)
2673 PG_RETURN_NULL();
2674 PG_RETURN_BOOL(privresult);
2675}

References column_privilege_check(), convert_column_priv_string(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_INT16, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_column_privilege_name_id_name()

Datum has_column_privilege_name_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2631 of file acl.c.

2632{
2633 Name username = PG_GETARG_NAME(0);
2634 Oid tableoid = PG_GETARG_OID(1);
2635 text *column = PG_GETARG_TEXT_PP(2);
2636 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2637 Oid roleid;
2638 AttrNumber colattnum;
2639 AclMode mode;
2640 int privresult;
2641
2642 roleid = get_role_oid_or_public(NameStr(*username));
2643 colattnum = convert_column_name(tableoid, column);
2644 mode = convert_column_priv_string(priv_type_text);
2645
2646 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2647 if (privresult < 0)
2648 PG_RETURN_NULL();
2649 PG_RETURN_BOOL(privresult);
2650}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_column_privilege_name_name()

Datum has_column_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2784 of file acl.c.

2785{
2786 text *tablename = PG_GETARG_TEXT_PP(0);
2787 text *column = PG_GETARG_TEXT_PP(1);
2788 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2789 Oid roleid;
2790 Oid tableoid;
2791 AttrNumber colattnum;
2792 AclMode mode;
2793 int privresult;
2794
2795 roleid = GetUserId();
2796 tableoid = convert_table_name(tablename);
2797 colattnum = convert_column_name(tableoid, column);
2798 mode = convert_column_priv_string(priv_type_text);
2799
2800 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2801 if (privresult < 0)
2802 PG_RETURN_NULL();
2803 PG_RETURN_BOOL(privresult);
2804}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), GetUserId(), mode, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_name_attnum()

Datum has_column_privilege_name_name_attnum ( PG_FUNCTION_ARGS  )

Definition at line 2604 of file acl.c.

2605{
2606 Name rolename = PG_GETARG_NAME(0);
2607 text *tablename = PG_GETARG_TEXT_PP(1);
2608 AttrNumber colattnum = PG_GETARG_INT16(2);
2609 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2610 Oid roleid;
2611 Oid tableoid;
2612 AclMode mode;
2613 int privresult;
2614
2615 roleid = get_role_oid_or_public(NameStr(*rolename));
2616 tableoid = convert_table_name(tablename);
2617 mode = convert_column_priv_string(priv_type_text);
2618
2619 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2620 if (privresult < 0)
2621 PG_RETURN_NULL();
2622 PG_RETURN_BOOL(privresult);
2623}

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_INT16, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_column_privilege_name_name_name()

Datum has_column_privilege_name_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2575 of file acl.c.

2576{
2577 Name rolename = PG_GETARG_NAME(0);
2578 text *tablename = PG_GETARG_TEXT_PP(1);
2579 text *column = PG_GETARG_TEXT_PP(2);
2580 text *priv_type_text = PG_GETARG_TEXT_PP(3);
2581 Oid roleid;
2582 Oid tableoid;
2583 AttrNumber colattnum;
2584 AclMode mode;
2585 int privresult;
2586
2587 roleid = get_role_oid_or_public(NameStr(*rolename));
2588 tableoid = convert_table_name(tablename);
2589 colattnum = convert_column_name(tableoid, column);
2590 mode = convert_column_priv_string(priv_type_text);
2591
2592 privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2593 if (privresult < 0)
2594 PG_RETURN_NULL();
2595 PG_RETURN_BOOL(privresult);
2596}

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), get_role_oid_or_public(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id()

Datum has_database_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3067 of file acl.c.

3068{
3069 Oid databaseoid = PG_GETARG_OID(0);
3070 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3071 Oid roleid;
3072 AclMode mode;
3073 AclResult aclresult;
3074 bool is_missing = false;
3075
3076 roleid = GetUserId();
3077 mode = convert_database_priv_string(priv_type_text);
3078
3079 aclresult = object_aclcheck_ext(DatabaseRelationId, databaseoid,
3080 roleid, mode,
3081 &is_missing);
3082
3083 if (is_missing)
3084 PG_RETURN_NULL();
3085
3086 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3087}
convert_database_priv_string
static AclMode convert_database_priv_string(text *priv_type_text)
Definition: acl.c:3159
object_aclcheck_ext
AclResult object_aclcheck_ext(Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)
Definition: aclchk.c:3844

References ACLCHECK_OK, convert_database_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id_id()

Datum has_database_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3118 of file acl.c.

3119{
3120 Oid roleid = PG_GETARG_OID(0);
3121 Oid databaseoid = PG_GETARG_OID(1);
3122 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3123 AclMode mode;
3124 AclResult aclresult;
3125 bool is_missing = false;
3126
3127 mode = convert_database_priv_string(priv_type_text);
3128
3129 aclresult = object_aclcheck_ext(DatabaseRelationId, databaseoid,
3130 roleid, mode,
3131 &is_missing);
3132
3133 if (is_missing)
3134 PG_RETURN_NULL();
3135
3136 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3137}

References ACLCHECK_OK, convert_database_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_database_privilege_id_name()

Datum has_database_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3095 of file acl.c.

3096{
3097 Oid roleid = PG_GETARG_OID(0);
3098 text *databasename = PG_GETARG_TEXT_PP(1);
3099 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3100 Oid databaseoid;
3101 AclMode mode;
3102 AclResult aclresult;
3103
3104 databaseoid = convert_database_name(databasename);
3105 mode = convert_database_priv_string(priv_type_text);
3106
3107 aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
3108
3109 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3110}
convert_database_name
static Oid convert_database_name(text *databasename)
Definition: acl.c:3147
object_aclcheck
AclResult object_aclcheck(Oid classid, Oid objectid, Oid roleid, AclMode mode)
Definition: aclchk.c:3834

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_database_privilege_name()

Datum has_database_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3013 of file acl.c.

3014{
3015 text *databasename = PG_GETARG_TEXT_PP(0);
3016 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3017 Oid roleid;
3018 Oid databaseoid;
3019 AclMode mode;
3020 AclResult aclresult;
3021
3022 roleid = GetUserId();
3023 databaseoid = convert_database_name(databasename);
3024 mode = convert_database_priv_string(priv_type_text);
3025
3026 aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
3027
3028 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3029}

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_database_privilege_name_id()

Datum has_database_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3037 of file acl.c.

3038{
3039 Name username = PG_GETARG_NAME(0);
3040 Oid databaseoid = PG_GETARG_OID(1);
3041 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3042 Oid roleid;
3043 AclMode mode;
3044 AclResult aclresult;
3045 bool is_missing = false;
3046
3047 roleid = get_role_oid_or_public(NameStr(*username));
3048 mode = convert_database_priv_string(priv_type_text);
3049
3050 aclresult = object_aclcheck_ext(DatabaseRelationId, databaseoid,
3051 roleid, mode,
3052 &is_missing);
3053
3054 if (is_missing)
3055 PG_RETURN_NULL();
3056
3057 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3058}

References ACLCHECK_OK, convert_database_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_database_privilege_name_name()

Datum has_database_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2987 of file acl.c.

2988{
2989 Name username = PG_GETARG_NAME(0);
2990 text *databasename = PG_GETARG_TEXT_PP(1);
2991 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2992 Oid roleid;
2993 Oid databaseoid;
2994 AclMode mode;
2995 AclResult aclresult;
2996
2997 roleid = get_role_oid_or_public(NameStr(*username));
2998 databaseoid = convert_database_name(databasename);
2999 mode = convert_database_priv_string(priv_type_text);
3000
3001 aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
3002
3003 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3004}

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_foreign_data_wrapper_privilege_id()

Datum has_foreign_data_wrapper_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3273 of file acl.c.

3274{
3275 Oid fdwid = PG_GETARG_OID(0);
3276 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3277 Oid roleid;
3278 AclMode mode;
3279 AclResult aclresult;
3280 bool is_missing = false;
3281
3282 roleid = GetUserId();
3283 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3284
3285 aclresult = object_aclcheck_ext(ForeignDataWrapperRelationId, fdwid,
3286 roleid, mode,
3287 &is_missing);
3288
3289 if (is_missing)
3290 PG_RETURN_NULL();
3291
3292 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3293}
convert_foreign_data_wrapper_priv_string
static AclMode convert_foreign_data_wrapper_priv_string(text *priv_type_text)
Definition: acl.c:3365

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_foreign_data_wrapper_privilege_id_id()

Datum has_foreign_data_wrapper_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3324 of file acl.c.

3325{
3326 Oid roleid = PG_GETARG_OID(0);
3327 Oid fdwid = PG_GETARG_OID(1);
3328 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3329 AclMode mode;
3330 AclResult aclresult;
3331 bool is_missing = false;
3332
3333 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3334
3335 aclresult = object_aclcheck_ext(ForeignDataWrapperRelationId, fdwid,
3336 roleid, mode,
3337 &is_missing);
3338
3339 if (is_missing)
3340 PG_RETURN_NULL();
3341
3342 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3343}

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_foreign_data_wrapper_privilege_id_name()

Datum has_foreign_data_wrapper_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3301 of file acl.c.

3302{
3303 Oid roleid = PG_GETARG_OID(0);
3304 text *fdwname = PG_GETARG_TEXT_PP(1);
3305 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3306 Oid fdwid;
3307 AclMode mode;
3308 AclResult aclresult;
3309
3310 fdwid = convert_foreign_data_wrapper_name(fdwname);
3311 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3312
3313 aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
3314
3315 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3316}
convert_foreign_data_wrapper_name
static Oid convert_foreign_data_wrapper_name(text *fdwname)
Definition: acl.c:3353

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_foreign_data_wrapper_privilege_name()

Datum has_foreign_data_wrapper_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3219 of file acl.c.

3220{
3221 text *fdwname = PG_GETARG_TEXT_PP(0);
3222 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3223 Oid roleid;
3224 Oid fdwid;
3225 AclMode mode;
3226 AclResult aclresult;
3227
3228 roleid = GetUserId();
3229 fdwid = convert_foreign_data_wrapper_name(fdwname);
3230 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3231
3232 aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
3233
3234 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3235}

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_foreign_data_wrapper_privilege_name_id()

Datum has_foreign_data_wrapper_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3243 of file acl.c.

3244{
3245 Name username = PG_GETARG_NAME(0);
3246 Oid fdwid = PG_GETARG_OID(1);
3247 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3248 Oid roleid;
3249 AclMode mode;
3250 AclResult aclresult;
3251 bool is_missing = false;
3252
3253 roleid = get_role_oid_or_public(NameStr(*username));
3254 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3255
3256 aclresult = object_aclcheck_ext(ForeignDataWrapperRelationId, fdwid,
3257 roleid, mode,
3258 &is_missing);
3259
3260 if (is_missing)
3261 PG_RETURN_NULL();
3262
3263 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3264}

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_foreign_data_wrapper_privilege_name_name()

Datum has_foreign_data_wrapper_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3193 of file acl.c.

3194{
3195 Name username = PG_GETARG_NAME(0);
3196 text *fdwname = PG_GETARG_TEXT_PP(1);
3197 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3198 Oid roleid;
3199 Oid fdwid;
3200 AclMode mode;
3201 AclResult aclresult;
3202
3203 roleid = get_role_oid_or_public(NameStr(*username));
3204 fdwid = convert_foreign_data_wrapper_name(fdwname);
3205 mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3206
3207 aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
3208
3209 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3210}

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_function_privilege_id()

Datum has_function_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3473 of file acl.c.

3474{
3475 Oid functionoid = PG_GETARG_OID(0);
3476 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3477 Oid roleid;
3478 AclMode mode;
3479 AclResult aclresult;
3480 bool is_missing = false;
3481
3482 roleid = GetUserId();
3483 mode = convert_function_priv_string(priv_type_text);
3484
3485 aclresult = object_aclcheck_ext(ProcedureRelationId, functionoid,
3486 roleid, mode,
3487 &is_missing);
3488
3489 if (is_missing)
3490 PG_RETURN_NULL();
3491
3492 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3493}
convert_function_priv_string
static AclMode convert_function_priv_string(text *priv_type_text)
Definition: acl.c:3574

References ACLCHECK_OK, convert_function_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_function_privilege_id_id()

Datum has_function_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3524 of file acl.c.

3525{
3526 Oid roleid = PG_GETARG_OID(0);
3527 Oid functionoid = PG_GETARG_OID(1);
3528 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3529 AclMode mode;
3530 AclResult aclresult;
3531 bool is_missing = false;
3532
3533 mode = convert_function_priv_string(priv_type_text);
3534
3535 aclresult = object_aclcheck_ext(ProcedureRelationId, functionoid,
3536 roleid, mode,
3537 &is_missing);
3538
3539 if (is_missing)
3540 PG_RETURN_NULL();
3541
3542 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3543}

References ACLCHECK_OK, convert_function_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_function_privilege_id_name()

Datum has_function_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3501 of file acl.c.

3502{
3503 Oid roleid = PG_GETARG_OID(0);
3504 text *functionname = PG_GETARG_TEXT_PP(1);
3505 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3506 Oid functionoid;
3507 AclMode mode;
3508 AclResult aclresult;
3509
3510 functionoid = convert_function_name(functionname);
3511 mode = convert_function_priv_string(priv_type_text);
3512
3513 aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
3514
3515 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3516}
convert_function_name
static Oid convert_function_name(text *functionname)
Definition: acl.c:3553

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_function_privilege_name()

Datum has_function_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3419 of file acl.c.

3420{
3421 text *functionname = PG_GETARG_TEXT_PP(0);
3422 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3423 Oid roleid;
3424 Oid functionoid;
3425 AclMode mode;
3426 AclResult aclresult;
3427
3428 roleid = GetUserId();
3429 functionoid = convert_function_name(functionname);
3430 mode = convert_function_priv_string(priv_type_text);
3431
3432 aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
3433
3434 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3435}

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_function_privilege_name_id()

Datum has_function_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3443 of file acl.c.

3444{
3445 Name username = PG_GETARG_NAME(0);
3446 Oid functionoid = PG_GETARG_OID(1);
3447 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3448 Oid roleid;
3449 AclMode mode;
3450 AclResult aclresult;
3451 bool is_missing = false;
3452
3453 roleid = get_role_oid_or_public(NameStr(*username));
3454 mode = convert_function_priv_string(priv_type_text);
3455
3456 aclresult = object_aclcheck_ext(ProcedureRelationId, functionoid,
3457 roleid, mode,
3458 &is_missing);
3459
3460 if (is_missing)
3461 PG_RETURN_NULL();
3462
3463 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3464}

References ACLCHECK_OK, convert_function_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_function_privilege_name_name()

Datum has_function_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3393 of file acl.c.

3394{
3395 Name username = PG_GETARG_NAME(0);
3396 text *functionname = PG_GETARG_TEXT_PP(1);
3397 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3398 Oid roleid;
3399 Oid functionoid;
3400 AclMode mode;
3401 AclResult aclresult;
3402
3403 roleid = get_role_oid_or_public(NameStr(*username));
3404 functionoid = convert_function_name(functionname);
3405 mode = convert_function_priv_string(priv_type_text);
3406
3407 aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
3408
3409 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3410}

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_language_privilege_id()

Datum has_language_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3682 of file acl.c.

3683{
3684 Oid languageoid = PG_GETARG_OID(0);
3685 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3686 Oid roleid;
3687 AclMode mode;
3688 AclResult aclresult;
3689 bool is_missing = false;
3690
3691 roleid = GetUserId();
3692 mode = convert_language_priv_string(priv_type_text);
3693
3694 aclresult = object_aclcheck_ext(LanguageRelationId, languageoid,
3695 roleid, mode,
3696 &is_missing);
3697
3698 if (is_missing)
3699 PG_RETURN_NULL();
3700
3701 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3702}
convert_language_priv_string
static AclMode convert_language_priv_string(text *priv_type_text)
Definition: acl.c:3774

References ACLCHECK_OK, convert_language_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_language_privilege_id_id()

Datum has_language_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3733 of file acl.c.

3734{
3735 Oid roleid = PG_GETARG_OID(0);
3736 Oid languageoid = PG_GETARG_OID(1);
3737 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3738 AclMode mode;
3739 AclResult aclresult;
3740 bool is_missing = false;
3741
3742 mode = convert_language_priv_string(priv_type_text);
3743
3744 aclresult = object_aclcheck_ext(LanguageRelationId, languageoid,
3745 roleid, mode,
3746 &is_missing);
3747
3748 if (is_missing)
3749 PG_RETURN_NULL();
3750
3751 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3752}

References ACLCHECK_OK, convert_language_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_language_privilege_id_name()

Datum has_language_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3710 of file acl.c.

3711{
3712 Oid roleid = PG_GETARG_OID(0);
3713 text *languagename = PG_GETARG_TEXT_PP(1);
3714 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3715 Oid languageoid;
3716 AclMode mode;
3717 AclResult aclresult;
3718
3719 languageoid = convert_language_name(languagename);
3720 mode = convert_language_priv_string(priv_type_text);
3721
3722 aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
3723
3724 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3725}
convert_language_name
static Oid convert_language_name(text *languagename)
Definition: acl.c:3762

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_language_privilege_name()

Datum has_language_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3628 of file acl.c.

3629{
3630 text *languagename = PG_GETARG_TEXT_PP(0);
3631 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3632 Oid roleid;
3633 Oid languageoid;
3634 AclMode mode;
3635 AclResult aclresult;
3636
3637 roleid = GetUserId();
3638 languageoid = convert_language_name(languagename);
3639 mode = convert_language_priv_string(priv_type_text);
3640
3641 aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
3642
3643 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3644}

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_language_privilege_name_id()

Datum has_language_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3652 of file acl.c.

3653{
3654 Name username = PG_GETARG_NAME(0);
3655 Oid languageoid = PG_GETARG_OID(1);
3656 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3657 Oid roleid;
3658 AclMode mode;
3659 AclResult aclresult;
3660 bool is_missing = false;
3661
3662 roleid = get_role_oid_or_public(NameStr(*username));
3663 mode = convert_language_priv_string(priv_type_text);
3664
3665 aclresult = object_aclcheck_ext(LanguageRelationId, languageoid,
3666 roleid, mode,
3667 &is_missing);
3668
3669 if (is_missing)
3670 PG_RETURN_NULL();
3671
3672 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3673}

References ACLCHECK_OK, convert_language_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_language_privilege_name_name()

Datum has_language_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3602 of file acl.c.

3603{
3604 Name username = PG_GETARG_NAME(0);
3605 text *languagename = PG_GETARG_TEXT_PP(1);
3606 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3607 Oid roleid;
3608 Oid languageoid;
3609 AclMode mode;
3610 AclResult aclresult;
3611
3612 roleid = get_role_oid_or_public(NameStr(*username));
3613 languageoid = convert_language_name(languagename);
3614 mode = convert_language_priv_string(priv_type_text);
3615
3616 aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
3617
3618 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3619}

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_largeobject_privilege_id()

Datum has_largeobject_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4762 of file acl.c.

4763{
4764 Oid lobjId = PG_GETARG_OID(0);
4765 Oid roleid = GetUserId();
4766 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4767 AclMode mode;
4768 bool is_missing = false;
4769 bool result;
4770
4771 mode = convert_largeobject_priv_string(priv_type_text);
4772 result = has_lo_priv_byid(roleid, lobjId, mode, &is_missing);
4773
4774 if (is_missing)
4775 PG_RETURN_NULL();
4776
4777 PG_RETURN_BOOL(result);
4778}
convert_largeobject_priv_string
static AclMode convert_largeobject_priv_string(text *priv_type_text)
Definition: acl.c:4809
has_lo_priv_byid
static bool has_lo_priv_byid(Oid roleid, Oid lobjId, AclMode priv, bool *is_missing)
Definition: acl.c:4703

References convert_largeobject_priv_string(), GetUserId(), has_lo_priv_byid(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_largeobject_privilege_id_id()

Datum has_largeobject_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4786 of file acl.c.

4787{
4788 Oid roleid = PG_GETARG_OID(0);
4789 Oid lobjId = PG_GETARG_OID(1);
4790 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4791 AclMode mode;
4792 bool is_missing = false;
4793 bool result;
4794
4795 mode = convert_largeobject_priv_string(priv_type_text);
4796 result = has_lo_priv_byid(roleid, lobjId, mode, &is_missing);
4797
4798 if (is_missing)
4799 PG_RETURN_NULL();
4800
4801 PG_RETURN_BOOL(result);
4802}

References convert_largeobject_priv_string(), has_lo_priv_byid(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_largeobject_privilege_name_id()

Datum has_largeobject_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4736 of file acl.c.

4737{
4738 Name username = PG_GETARG_NAME(0);
4739 Oid roleid = get_role_oid_or_public(NameStr(*username));
4740 Oid lobjId = PG_GETARG_OID(1);
4741 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4742 AclMode mode;
4743 bool is_missing = false;
4744 bool result;
4745
4746 mode = convert_largeobject_priv_string(priv_type_text);
4747 result = has_lo_priv_byid(roleid, lobjId, mode, &is_missing);
4748
4749 if (is_missing)
4750 PG_RETURN_NULL();
4751
4752 PG_RETURN_BOOL(result);
4753}

References convert_largeobject_priv_string(), get_role_oid_or_public(), has_lo_priv_byid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_lo_priv_byid()

static bool has_lo_priv_byid ( Oid  roleid,
Oid  lobjId,
AclMode  priv,
bool *  is_missing 
)
static

Definition at line 4703 of file acl.c.

4704{
4705 Snapshot snapshot = NULL;
4706 AclResult aclresult;
4707
4708 if (priv & ACL_UPDATE)
4709 snapshot = NULL;
4710 else
4711 snapshot = GetActiveSnapshot();
4712
4713 if (!LargeObjectExistsWithSnapshot(lobjId, snapshot))
4714 {
4715 Assert(is_missing != NULL);
4716 *is_missing = true;
4717 return false;
4718 }
4719
4720 if (lo_compat_privileges)
4721 return true;
4722
4723 aclresult = pg_largeobject_aclcheck_snapshot(lobjId,
4724 roleid,
4725 priv,
4726 snapshot);
4727 return aclresult == ACLCHECK_OK;
4728}
pg_largeobject_aclcheck_snapshot
AclResult pg_largeobject_aclcheck_snapshot(Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)
Definition: aclchk.c:4074
lo_compat_privileges
bool lo_compat_privileges
Definition: inv_api.c:56
LargeObjectExistsWithSnapshot
bool LargeObjectExistsWithSnapshot(Oid loid, Snapshot snapshot)
Definition: pg_largeobject.c:176
GetActiveSnapshot
Snapshot GetActiveSnapshot(void)
Definition: snapmgr.c:798

References ACL_UPDATE, ACLCHECK_OK, Assert(), GetActiveSnapshot(), LargeObjectExistsWithSnapshot(), lo_compat_privileges, and pg_largeobject_aclcheck_snapshot().

Referenced by has_largeobject_privilege_id(), has_largeobject_privilege_id_id(), and has_largeobject_privilege_name_id().

◆ has_param_priv_byname()

static bool has_param_priv_byname ( Oid  roleid,
const text parameter,
AclMode  priv 
)
static

Definition at line 4612 of file acl.c.

4613{
4614 char *paramstr = text_to_cstring(parameter);
4615
4616 return pg_parameter_aclcheck(paramstr, roleid, priv) == ACLCHECK_OK;
4617}
pg_parameter_aclcheck
AclResult pg_parameter_aclcheck(const char *name, Oid roleid, AclMode mode)
Definition: aclchk.c:4062

References ACLCHECK_OK, pg_parameter_aclcheck(), and text_to_cstring().

Referenced by has_parameter_privilege_id_name(), has_parameter_privilege_name(), and has_parameter_privilege_name_name().

◆ has_parameter_privilege_id_name()

Datum has_parameter_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4655 of file acl.c.

4656{
4657 Oid roleid = PG_GETARG_OID(0);
4658 text *parameter = PG_GETARG_TEXT_PP(1);
4659 AclMode priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(2));
4660
4661 PG_RETURN_BOOL(has_param_priv_byname(roleid, parameter, priv));
4662}
has_param_priv_byname
static bool has_param_priv_byname(Oid roleid, const text *parameter, AclMode priv)
Definition: acl.c:4612
convert_parameter_priv_string
static AclMode convert_parameter_priv_string(text *priv_text)
Definition: acl.c:4673

References convert_parameter_priv_string(), has_param_priv_byname(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_parameter_privilege_name()

Datum has_parameter_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4641 of file acl.c.

4642{
4643 text *parameter = PG_GETARG_TEXT_PP(0);
4644 AclMode priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(1));
4645
4646 PG_RETURN_BOOL(has_param_priv_byname(GetUserId(), parameter, priv));
4647}

References convert_parameter_priv_string(), GetUserId(), has_param_priv_byname(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_parameter_privilege_name_name()

Datum has_parameter_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4625 of file acl.c.

4626{
4627 Name username = PG_GETARG_NAME(0);
4628 text *parameter = PG_GETARG_TEXT_PP(1);
4629 AclMode priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(2));
4630 Oid roleid = get_role_oid_or_public(NameStr(*username));
4631
4632 PG_RETURN_BOOL(has_param_priv_byname(roleid, parameter, priv));
4633}

References convert_parameter_priv_string(), get_role_oid_or_public(), has_param_priv_byname(), NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_privs_of_role()

bool has_privs_of_role ( Oid  member,
Oid  role 
)

Definition at line 5284 of file acl.c.

5285{
5286 /* Fast path for simple case */
5287 if (member == role)
5288 return true;
5289
5290 /* Superusers have every privilege, so are part of every role */
5291 if (superuser_arg(member))
5292 return true;
5293
5294 /*
5295 * Find all the roles that member has the privileges of, including
5296 * multi-level recursion, then see if target role is any one of them.
5297 */
5298 return list_member_oid(roles_is_member_of(member, ROLERECURSE_PRIVS,
5299 InvalidOid, NULL),
5300 role);
5301}
roles_is_member_of
static List * roles_is_member_of(Oid roleid, enum RoleRecurseType type, Oid admin_of, Oid *admin_role)
Definition: acl.c:5152
list_member_oid
bool list_member_oid(const List *list, Oid datum)
Definition: list.c:722
superuser_arg
bool superuser_arg(Oid roleid)
Definition: superuser.c:56

References InvalidOid, list_member_oid(), ROLERECURSE_PRIVS, roles_is_member_of(), and superuser_arg().

Referenced by aclmask(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), bbsink_server_new(), calculate_database_size(), calculate_tablespace_size(), check_role_for_policy(), check_role_grantor(), ConfigOptionIsVisible(), convert_and_check_filename(), CreateSubscription(), DoCopy(), DropOwnedObjects(), ExecAlterDefaultPrivilegesStmt(), ExecCheckpoint(), file_fdw_validator(), GetConfigOptionValues(), InitPostgres(), object_ownercheck(), pg_class_aclmask_ext(), pg_namespace_aclmask_ext(), pg_role_aclcheck(), pg_signal_backend(), pg_stat_get_wal_receiver(), pg_stat_get_wal_senders(), pg_stat_statements_internal(), pgrowlocks(), ReassignOwnedObjects(), ReindexMultipleTables(), shell_check_detail(), and TerminateOtherDBBackends().

◆ has_schema_privilege_id()

Datum has_schema_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 3882 of file acl.c.

3883{
3884 Oid schemaoid = PG_GETARG_OID(0);
3885 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3886 Oid roleid;
3887 AclMode mode;
3888 AclResult aclresult;
3889 bool is_missing = false;
3890
3891 roleid = GetUserId();
3892 mode = convert_schema_priv_string(priv_type_text);
3893
3894 aclresult = object_aclcheck_ext(NamespaceRelationId, schemaoid,
3895 roleid, mode,
3896 &is_missing);
3897
3898 if (is_missing)
3899 PG_RETURN_NULL();
3900
3901 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3902}
convert_schema_priv_string
static AclMode convert_schema_priv_string(text *priv_type_text)
Definition: acl.c:3974

References ACLCHECK_OK, convert_schema_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_schema_privilege_id_id()

Datum has_schema_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 3933 of file acl.c.

3934{
3935 Oid roleid = PG_GETARG_OID(0);
3936 Oid schemaoid = PG_GETARG_OID(1);
3937 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3938 AclMode mode;
3939 AclResult aclresult;
3940 bool is_missing = false;
3941
3942 mode = convert_schema_priv_string(priv_type_text);
3943
3944 aclresult = object_aclcheck_ext(NamespaceRelationId, schemaoid,
3945 roleid, mode,
3946 &is_missing);
3947
3948 if (is_missing)
3949 PG_RETURN_NULL();
3950
3951 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3952}

References ACLCHECK_OK, convert_schema_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_schema_privilege_id_name()

Datum has_schema_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 3910 of file acl.c.

3911{
3912 Oid roleid = PG_GETARG_OID(0);
3913 text *schemaname = PG_GETARG_TEXT_PP(1);
3914 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3915 Oid schemaoid;
3916 AclMode mode;
3917 AclResult aclresult;
3918
3919 schemaoid = convert_schema_name(schemaname);
3920 mode = convert_schema_priv_string(priv_type_text);
3921
3922 aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
3923
3924 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3925}
convert_schema_name
static Oid convert_schema_name(text *schemaname)
Definition: acl.c:3962

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_schema_privilege_name()

Datum has_schema_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 3828 of file acl.c.

3829{
3830 text *schemaname = PG_GETARG_TEXT_PP(0);
3831 text *priv_type_text = PG_GETARG_TEXT_PP(1);
3832 Oid roleid;
3833 Oid schemaoid;
3834 AclMode mode;
3835 AclResult aclresult;
3836
3837 roleid = GetUserId();
3838 schemaoid = convert_schema_name(schemaname);
3839 mode = convert_schema_priv_string(priv_type_text);
3840
3841 aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
3842
3843 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3844}

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_schema_privilege_name_id()

Datum has_schema_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 3852 of file acl.c.

3853{
3854 Name username = PG_GETARG_NAME(0);
3855 Oid schemaoid = PG_GETARG_OID(1);
3856 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3857 Oid roleid;
3858 AclMode mode;
3859 AclResult aclresult;
3860 bool is_missing = false;
3861
3862 roleid = get_role_oid_or_public(NameStr(*username));
3863 mode = convert_schema_priv_string(priv_type_text);
3864
3865 aclresult = object_aclcheck_ext(NamespaceRelationId, schemaoid,
3866 roleid, mode,
3867 &is_missing);
3868
3869 if (is_missing)
3870 PG_RETURN_NULL();
3871
3872 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3873}

References ACLCHECK_OK, convert_schema_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_schema_privilege_name_name()

Datum has_schema_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 3802 of file acl.c.

3803{
3804 Name username = PG_GETARG_NAME(0);
3805 text *schemaname = PG_GETARG_TEXT_PP(1);
3806 text *priv_type_text = PG_GETARG_TEXT_PP(2);
3807 Oid roleid;
3808 Oid schemaoid;
3809 AclMode mode;
3810 AclResult aclresult;
3811
3812 roleid = get_role_oid_or_public(NameStr(*username));
3813 schemaoid = convert_schema_name(schemaname);
3814 mode = convert_schema_priv_string(priv_type_text);
3815
3816 aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
3817
3818 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3819}

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_sequence_privilege_id()

Datum has_sequence_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 2202 of file acl.c.

2203{
2204 Oid sequenceoid = PG_GETARG_OID(0);
2205 text *priv_type_text = PG_GETARG_TEXT_PP(1);
2206 Oid roleid;
2207 AclMode mode;
2208 AclResult aclresult;
2209 char relkind;
2210 bool is_missing = false;
2211
2212 roleid = GetUserId();
2213 mode = convert_sequence_priv_string(priv_type_text);
2214 relkind = get_rel_relkind(sequenceoid);
2215 if (relkind == '\0')
2216 PG_RETURN_NULL();
2217 else if (relkind != RELKIND_SEQUENCE)
2218 ereport(ERROR,
2219 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2220 errmsg("\"%s\" is not a sequence",
2221 get_rel_name(sequenceoid))));
2222
2223 aclresult = pg_class_aclcheck_ext(sequenceoid, roleid, mode, &is_missing);
2224
2225 if (is_missing)
2226 PG_RETURN_NULL();
2227
2228 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2229}
convert_sequence_priv_string
static AclMode convert_sequence_priv_string(text *priv_type_text)
Definition: acl.c:2298
get_rel_relkind
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:2170

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg(), ERROR, get_rel_name(), get_rel_relkind(), GetUserId(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_sequence_privilege_id_id()

Datum has_sequence_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 2265 of file acl.c.

2266{
2267 Oid roleid = PG_GETARG_OID(0);
2268 Oid sequenceoid = PG_GETARG_OID(1);
2269 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2270 AclMode mode;
2271 AclResult aclresult;
2272 char relkind;
2273 bool is_missing = false;
2274
2275 mode = convert_sequence_priv_string(priv_type_text);
2276 relkind = get_rel_relkind(sequenceoid);
2277 if (relkind == '\0')
2278 PG_RETURN_NULL();
2279 else if (relkind != RELKIND_SEQUENCE)
2280 ereport(ERROR,
2281 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2282 errmsg("\"%s\" is not a sequence",
2283 get_rel_name(sequenceoid))));
2284
2285 aclresult = pg_class_aclcheck_ext(sequenceoid, roleid, mode, &is_missing);
2286
2287 if (is_missing)
2288 PG_RETURN_NULL();
2289
2290 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2291}

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg(), ERROR, get_rel_name(), get_rel_relkind(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_sequence_privilege_id_name()

Datum has_sequence_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 2237 of file acl.c.

2238{
2239 Oid roleid = PG_GETARG_OID(0);
2240 text *sequencename = PG_GETARG_TEXT_PP(1);
2241 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2242 Oid sequenceoid;
2243 AclMode mode;
2244 AclResult aclresult;
2245
2246 mode = convert_sequence_priv_string(priv_type_text);
2247 sequenceoid = convert_table_name(sequencename);
2248 if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2249 ereport(ERROR,
2250 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2251 errmsg("\"%s\" is not a sequence",
2252 text_to_cstring(sequencename))));
2253
2254 aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2255
2256 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2257}

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), mode, pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and text_to_cstring().

◆ has_sequence_privilege_name()

Datum has_sequence_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 2136 of file acl.c.

2137{
2138 text *sequencename = PG_GETARG_TEXT_PP(0);
2139 text *priv_type_text = PG_GETARG_TEXT_PP(1);
2140 Oid roleid;
2141 Oid sequenceoid;
2142 AclMode mode;
2143 AclResult aclresult;
2144
2145 roleid = GetUserId();
2146 mode = convert_sequence_priv_string(priv_type_text);
2147 sequenceoid = convert_table_name(sequencename);
2148 if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2149 ereport(ERROR,
2150 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2151 errmsg("\"%s\" is not a sequence",
2152 text_to_cstring(sequencename))));
2153
2154 aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2155
2156 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2157}

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), GetUserId(), mode, pg_class_aclcheck(), PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and text_to_cstring().

◆ has_sequence_privilege_name_id()

Datum has_sequence_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 2165 of file acl.c.

2166{
2167 Name username = PG_GETARG_NAME(0);
2168 Oid sequenceoid = PG_GETARG_OID(1);
2169 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2170 Oid roleid;
2171 AclMode mode;
2172 AclResult aclresult;
2173 char relkind;
2174 bool is_missing = false;
2175
2176 roleid = get_role_oid_or_public(NameStr(*username));
2177 mode = convert_sequence_priv_string(priv_type_text);
2178 relkind = get_rel_relkind(sequenceoid);
2179 if (relkind == '\0')
2180 PG_RETURN_NULL();
2181 else if (relkind != RELKIND_SEQUENCE)
2182 ereport(ERROR,
2183 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2184 errmsg("\"%s\" is not a sequence",
2185 get_rel_name(sequenceoid))));
2186
2187 aclresult = pg_class_aclcheck_ext(sequenceoid, roleid, mode, &is_missing);
2188
2189 if (is_missing)
2190 PG_RETURN_NULL();
2191
2192 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2193}

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg(), ERROR, get_rel_name(), get_rel_relkind(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_sequence_privilege_name_name()

Datum has_sequence_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 2105 of file acl.c.

2106{
2107 Name rolename = PG_GETARG_NAME(0);
2108 text *sequencename = PG_GETARG_TEXT_PP(1);
2109 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2110 Oid roleid;
2111 Oid sequenceoid;
2112 AclMode mode;
2113 AclResult aclresult;
2114
2115 roleid = get_role_oid_or_public(NameStr(*rolename));
2116 mode = convert_sequence_priv_string(priv_type_text);
2117 sequenceoid = convert_table_name(sequencename);
2118 if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2119 ereport(ERROR,
2120 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2121 errmsg("\"%s\" is not a sequence",
2122 text_to_cstring(sequencename))));
2123
2124 aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2125
2126 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2127}

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and text_to_cstring().

◆ has_server_privilege_id()

Datum has_server_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4084 of file acl.c.

4085{
4086 Oid serverid = PG_GETARG_OID(0);
4087 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4088 Oid roleid;
4089 AclMode mode;
4090 AclResult aclresult;
4091 bool is_missing = false;
4092
4093 roleid = GetUserId();
4094 mode = convert_server_priv_string(priv_type_text);
4095
4096 aclresult = object_aclcheck_ext(ForeignServerRelationId, serverid,
4097 roleid, mode,
4098 &is_missing);
4099
4100 if (is_missing)
4101 PG_RETURN_NULL();
4102
4103 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4104}
convert_server_priv_string
static AclMode convert_server_priv_string(text *priv_type_text)
Definition: acl.c:4176

References ACLCHECK_OK, convert_server_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_server_privilege_id_id()

Datum has_server_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4135 of file acl.c.

4136{
4137 Oid roleid = PG_GETARG_OID(0);
4138 Oid serverid = PG_GETARG_OID(1);
4139 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4140 AclMode mode;
4141 AclResult aclresult;
4142 bool is_missing = false;
4143
4144 mode = convert_server_priv_string(priv_type_text);
4145
4146 aclresult = object_aclcheck_ext(ForeignServerRelationId, serverid,
4147 roleid, mode,
4148 &is_missing);
4149
4150 if (is_missing)
4151 PG_RETURN_NULL();
4152
4153 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4154}

References ACLCHECK_OK, convert_server_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_server_privilege_id_name()

Datum has_server_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4112 of file acl.c.

4113{
4114 Oid roleid = PG_GETARG_OID(0);
4115 text *servername = PG_GETARG_TEXT_PP(1);
4116 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4117 Oid serverid;
4118 AclMode mode;
4119 AclResult aclresult;
4120
4121 serverid = convert_server_name(servername);
4122 mode = convert_server_priv_string(priv_type_text);
4123
4124 aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
4125
4126 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4127}
convert_server_name
static Oid convert_server_name(text *servername)
Definition: acl.c:4164

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_server_privilege_name()

Datum has_server_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4030 of file acl.c.

4031{
4032 text *servername = PG_GETARG_TEXT_PP(0);
4033 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4034 Oid roleid;
4035 Oid serverid;
4036 AclMode mode;
4037 AclResult aclresult;
4038
4039 roleid = GetUserId();
4040 serverid = convert_server_name(servername);
4041 mode = convert_server_priv_string(priv_type_text);
4042
4043 aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
4044
4045 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4046}

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_server_privilege_name_id()

Datum has_server_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4054 of file acl.c.

4055{
4056 Name username = PG_GETARG_NAME(0);
4057 Oid serverid = PG_GETARG_OID(1);
4058 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4059 Oid roleid;
4060 AclMode mode;
4061 AclResult aclresult;
4062 bool is_missing = false;
4063
4064 roleid = get_role_oid_or_public(NameStr(*username));
4065 mode = convert_server_priv_string(priv_type_text);
4066
4067 aclresult = object_aclcheck_ext(ForeignServerRelationId, serverid,
4068 roleid, mode,
4069 &is_missing);
4070
4071 if (is_missing)
4072 PG_RETURN_NULL();
4073
4074 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4075}

References ACLCHECK_OK, convert_server_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_server_privilege_name_name()

Datum has_server_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4004 of file acl.c.

4005{
4006 Name username = PG_GETARG_NAME(0);
4007 text *servername = PG_GETARG_TEXT_PP(1);
4008 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4009 Oid roleid;
4010 Oid serverid;
4011 AclMode mode;
4012 AclResult aclresult;
4013
4014 roleid = get_role_oid_or_public(NameStr(*username));
4015 serverid = convert_server_name(servername);
4016 mode = convert_server_priv_string(priv_type_text);
4017
4018 aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
4019
4020 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4021}

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_table_privilege_id()

Datum has_table_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 1972 of file acl.c.

1973{
1974 Oid tableoid = PG_GETARG_OID(0);
1975 text *priv_type_text = PG_GETARG_TEXT_PP(1);
1976 Oid roleid;
1977 AclMode mode;
1978 AclResult aclresult;
1979 bool is_missing = false;
1980
1981 roleid = GetUserId();
1982 mode = convert_table_priv_string(priv_type_text);
1983
1984 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
1985
1986 if (is_missing)
1987 PG_RETURN_NULL();
1988
1989 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1990}
convert_table_priv_string
static AclMode convert_table_priv_string(text *priv_type_text)
Definition: acl.c:2063

References ACLCHECK_OK, convert_table_priv_string(), GetUserId(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_table_privilege_id_id()

Datum has_table_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 2021 of file acl.c.

2022{
2023 Oid roleid = PG_GETARG_OID(0);
2024 Oid tableoid = PG_GETARG_OID(1);
2025 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2026 AclMode mode;
2027 AclResult aclresult;
2028 bool is_missing = false;
2029
2030 mode = convert_table_priv_string(priv_type_text);
2031
2032 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2033
2034 if (is_missing)
2035 PG_RETURN_NULL();
2036
2037 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2038}

References ACLCHECK_OK, convert_table_priv_string(), mode, pg_class_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_table_privilege_id_name()

Datum has_table_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 1998 of file acl.c.

1999{
2000 Oid roleid = PG_GETARG_OID(0);
2001 text *tablename = PG_GETARG_TEXT_PP(1);
2002 text *priv_type_text = PG_GETARG_TEXT_PP(2);
2003 Oid tableoid;
2004 AclMode mode;
2005 AclResult aclresult;
2006
2007 tableoid = convert_table_name(tablename);
2008 mode = convert_table_priv_string(priv_type_text);
2009
2010 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2011
2012 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2013}

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), mode, pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_table_privilege_name()

Datum has_table_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 1920 of file acl.c.

1921{
1922 text *tablename = PG_GETARG_TEXT_PP(0);
1923 text *priv_type_text = PG_GETARG_TEXT_PP(1);
1924 Oid roleid;
1925 Oid tableoid;
1926 AclMode mode;
1927 AclResult aclresult;
1928
1929 roleid = GetUserId();
1930 tableoid = convert_table_name(tablename);
1931 mode = convert_table_priv_string(priv_type_text);
1932
1933 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1934
1935 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1936}

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), GetUserId(), mode, pg_class_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_table_privilege_name_id()

Datum has_table_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 1944 of file acl.c.

1945{
1946 Name username = PG_GETARG_NAME(0);
1947 Oid tableoid = PG_GETARG_OID(1);
1948 text *priv_type_text = PG_GETARG_TEXT_PP(2);
1949 Oid roleid;
1950 AclMode mode;
1951 AclResult aclresult;
1952 bool is_missing = false;
1953
1954 roleid = get_role_oid_or_public(NameStr(*username));
1955 mode = convert_table_priv_string(priv_type_text);
1956
1957 aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
1958
1959 if (is_missing)
1960 PG_RETURN_NULL();
1961
1962 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1963}

References ACLCHECK_OK, convert_table_priv_string(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_table_privilege_name_name()

Datum has_table_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 1894 of file acl.c.

1895{
1896 Name rolename = PG_GETARG_NAME(0);
1897 text *tablename = PG_GETARG_TEXT_PP(1);
1898 text *priv_type_text = PG_GETARG_TEXT_PP(2);
1899 Oid roleid;
1900 Oid tableoid;
1901 AclMode mode;
1902 AclResult aclresult;
1903
1904 roleid = get_role_oid_or_public(NameStr(*rolename));
1905 tableoid = convert_table_name(tablename);
1906 mode = convert_table_priv_string(priv_type_text);
1907
1908 aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1909
1910 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1911}

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), get_role_oid_or_public(), mode, NameStr, pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_id()

Datum has_tablespace_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4284 of file acl.c.

4285{
4286 Oid tablespaceoid = PG_GETARG_OID(0);
4287 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4288 Oid roleid;
4289 AclMode mode;
4290 AclResult aclresult;
4291 bool is_missing = false;
4292
4293 roleid = GetUserId();
4294 mode = convert_tablespace_priv_string(priv_type_text);
4295
4296 aclresult = object_aclcheck_ext(TableSpaceRelationId, tablespaceoid,
4297 roleid, mode,
4298 &is_missing);
4299
4300 if (is_missing)
4301 PG_RETURN_NULL();
4302
4303 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4304}
convert_tablespace_priv_string
static AclMode convert_tablespace_priv_string(text *priv_type_text)
Definition: acl.c:4376

References ACLCHECK_OK, convert_tablespace_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_tablespace_privilege_id_id()

Datum has_tablespace_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4335 of file acl.c.

4336{
4337 Oid roleid = PG_GETARG_OID(0);
4338 Oid tablespaceoid = PG_GETARG_OID(1);
4339 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4340 AclMode mode;
4341 AclResult aclresult;
4342 bool is_missing = false;
4343
4344 mode = convert_tablespace_priv_string(priv_type_text);
4345
4346 aclresult = object_aclcheck_ext(TableSpaceRelationId, tablespaceoid,
4347 roleid, mode,
4348 &is_missing);
4349
4350 if (is_missing)
4351 PG_RETURN_NULL();
4352
4353 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4354}

References ACLCHECK_OK, convert_tablespace_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_tablespace_privilege_id_name()

Datum has_tablespace_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4312 of file acl.c.

4313{
4314 Oid roleid = PG_GETARG_OID(0);
4315 text *tablespacename = PG_GETARG_TEXT_PP(1);
4316 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4317 Oid tablespaceoid;
4318 AclMode mode;
4319 AclResult aclresult;
4320
4321 tablespaceoid = convert_tablespace_name(tablespacename);
4322 mode = convert_tablespace_priv_string(priv_type_text);
4323
4324 aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
4325
4326 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4327}
convert_tablespace_name
static Oid convert_tablespace_name(text *tablespacename)
Definition: acl.c:4364

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_name()

Datum has_tablespace_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4230 of file acl.c.

4231{
4232 text *tablespacename = PG_GETARG_TEXT_PP(0);
4233 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4234 Oid roleid;
4235 Oid tablespaceoid;
4236 AclMode mode;
4237 AclResult aclresult;
4238
4239 roleid = GetUserId();
4240 tablespaceoid = convert_tablespace_name(tablespacename);
4241 mode = convert_tablespace_priv_string(priv_type_text);
4242
4243 aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
4244
4245 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4246}

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_tablespace_privilege_name_id()

Datum has_tablespace_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4254 of file acl.c.

4255{
4256 Name username = PG_GETARG_NAME(0);
4257 Oid tablespaceoid = PG_GETARG_OID(1);
4258 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4259 Oid roleid;
4260 AclMode mode;
4261 AclResult aclresult;
4262 bool is_missing = false;
4263
4264 roleid = get_role_oid_or_public(NameStr(*username));
4265 mode = convert_tablespace_priv_string(priv_type_text);
4266
4267 aclresult = object_aclcheck_ext(TableSpaceRelationId, tablespaceoid,
4268 roleid, mode,
4269 &is_missing);
4270
4271 if (is_missing)
4272 PG_RETURN_NULL();
4273
4274 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4275}

References ACLCHECK_OK, convert_tablespace_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_tablespace_privilege_name_name()

Datum has_tablespace_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4204 of file acl.c.

4205{
4206 Name username = PG_GETARG_NAME(0);
4207 text *tablespacename = PG_GETARG_TEXT_PP(1);
4208 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4209 Oid roleid;
4210 Oid tablespaceoid;
4211 AclMode mode;
4212 AclResult aclresult;
4213
4214 roleid = get_role_oid_or_public(NameStr(*username));
4215 tablespaceoid = convert_tablespace_name(tablespacename);
4216 mode = convert_tablespace_priv_string(priv_type_text);
4217
4218 aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
4219
4220 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4221}

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ has_type_privilege_id()

Datum has_type_privilege_id ( PG_FUNCTION_ARGS  )

Definition at line 4483 of file acl.c.

4484{
4485 Oid typeoid = PG_GETARG_OID(0);
4486 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4487 Oid roleid;
4488 AclMode mode;
4489 AclResult aclresult;
4490 bool is_missing = false;
4491
4492 roleid = GetUserId();
4493 mode = convert_type_priv_string(priv_type_text);
4494
4495 aclresult = object_aclcheck_ext(TypeRelationId, typeoid,
4496 roleid, mode,
4497 &is_missing);
4498
4499 if (is_missing)
4500 PG_RETURN_NULL();
4501
4502 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4503}
convert_type_priv_string
static AclMode convert_type_priv_string(text *priv_type_text)
Definition: acl.c:4584

References ACLCHECK_OK, convert_type_priv_string(), GetUserId(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_type_privilege_id_id()

Datum has_type_privilege_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4534 of file acl.c.

4535{
4536 Oid roleid = PG_GETARG_OID(0);
4537 Oid typeoid = PG_GETARG_OID(1);
4538 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4539 AclMode mode;
4540 AclResult aclresult;
4541 bool is_missing = false;
4542
4543 mode = convert_type_priv_string(priv_type_text);
4544
4545 aclresult = object_aclcheck_ext(TypeRelationId, typeoid,
4546 roleid, mode,
4547 &is_missing);
4548
4549 if (is_missing)
4550 PG_RETURN_NULL();
4551
4552 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4553}

References ACLCHECK_OK, convert_type_priv_string(), mode, object_aclcheck_ext(), PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and PG_RETURN_NULL.

◆ has_type_privilege_id_name()

Datum has_type_privilege_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4511 of file acl.c.

4512{
4513 Oid roleid = PG_GETARG_OID(0);
4514 text *typename = PG_GETARG_TEXT_PP(1);
4515 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4516 Oid typeoid;
4517 AclMode mode;
4518 AclResult aclresult;
4519
4520 typeoid = convert_type_name(typename);
4521 mode = convert_type_priv_string(priv_type_text);
4522
4523 aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
4524
4525 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4526}
convert_type_name
static Oid convert_type_name(text *typename)
Definition: acl.c:4563

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), mode, object_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_type_privilege_name()

Datum has_type_privilege_name ( PG_FUNCTION_ARGS  )

Definition at line 4429 of file acl.c.

4430{
4431 text *typename = PG_GETARG_TEXT_PP(0);
4432 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4433 Oid roleid;
4434 Oid typeoid;
4435 AclMode mode;
4436 AclResult aclresult;
4437
4438 roleid = GetUserId();
4439 typeoid = convert_type_name(typename);
4440 mode = convert_type_priv_string(priv_type_text);
4441
4442 aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
4443
4444 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4445}

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), GetUserId(), mode, object_aclcheck(), PG_GETARG_TEXT_PP, and PG_RETURN_BOOL.

◆ has_type_privilege_name_id()

Datum has_type_privilege_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4453 of file acl.c.

4454{
4455 Name username = PG_GETARG_NAME(0);
4456 Oid typeoid = PG_GETARG_OID(1);
4457 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4458 Oid roleid;
4459 AclMode mode;
4460 AclResult aclresult;
4461 bool is_missing = false;
4462
4463 roleid = get_role_oid_or_public(NameStr(*username));
4464 mode = convert_type_priv_string(priv_type_text);
4465
4466 aclresult = object_aclcheck_ext(TypeRelationId, typeoid,
4467 roleid, mode,
4468 &is_missing);
4469
4470 if (is_missing)
4471 PG_RETURN_NULL();
4472
4473 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4474}

References ACLCHECK_OK, convert_type_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck_ext(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

◆ has_type_privilege_name_name()

Datum has_type_privilege_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4403 of file acl.c.

4404{
4405 Name username = PG_GETARG_NAME(0);
4406 text *typename = PG_GETARG_TEXT_PP(1);
4407 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4408 Oid roleid;
4409 Oid typeoid;
4410 AclMode mode;
4411 AclResult aclresult;
4412
4413 roleid = get_role_oid_or_public(NameStr(*username));
4414 typeoid = convert_type_name(typename);
4415 mode = convert_type_priv_string(priv_type_text);
4416
4417 aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
4418
4419 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4420}

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), get_role_oid_or_public(), mode, NameStr, object_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and username.

◆ hash_aclitem()

Datum hash_aclitem ( PG_FUNCTION_ARGS  )

Definition at line 768 of file acl.c.

769{
770 AclItem *a = PG_GETARG_ACLITEM_P(0);
771
772 /* not very bright, but avoids any issue of padding in struct */
773 PG_RETURN_UINT32((uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor));
774}
uint32
uint32_t uint32
Definition: c.h:539
PG_RETURN_UINT32
#define PG_RETURN_UINT32(x)
Definition: fmgr.h:355
a
int a
Definition: isn.c:73

References a, PG_GETARG_ACLITEM_P, and PG_RETURN_UINT32.

◆ hash_aclitem_extended()

Datum hash_aclitem_extended ( PG_FUNCTION_ARGS  )

Definition at line 782 of file acl.c.

783{
784 AclItem *a = PG_GETARG_ACLITEM_P(0);
785 uint64 seed = PG_GETARG_INT64(1);
786 uint32 sum = (uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor);
787
788 return (seed == 0) ? UInt64GetDatum(sum) : hash_uint32_extended(sum, seed);
789}
uint64
uint64_t uint64
Definition: c.h:540
PG_GETARG_INT64
#define PG_GETARG_INT64(n)
Definition: fmgr.h:283
hash_uint32_extended
static Datum hash_uint32_extended(uint32 k, uint64 seed)
Definition: hashfn.h:49
UInt64GetDatum
static Datum UInt64GetDatum(uint64 X)
Definition: postgres.h:423

References a, hash_uint32_extended(), PG_GETARG_ACLITEM_P, PG_GETARG_INT64, and UInt64GetDatum().

◆ initialize_acl()

void initialize_acl ( void  )

Definition at line 5040 of file acl.c.

5041{
5042 if (!IsBootstrapProcessingMode())
5043 {
5044 cached_db_hash =
5045 GetSysCacheHashValue1(DATABASEOID,
5046 ObjectIdGetDatum(MyDatabaseId));
5047
5048 /*
5049 * In normal mode, set a callback on any syscache invalidation of rows
5050 * of pg_auth_members (for roles_is_member_of()) pg_database (for
5051 * roles_is_member_of())
5052 */
5053 CacheRegisterSyscacheCallback(AUTHMEMROLEMEM,
5054 RoleMembershipCacheCallback,
5055 (Datum) 0);
5056 CacheRegisterSyscacheCallback(AUTHOID,
5057 RoleMembershipCacheCallback,
5058 (Datum) 0);
5059 CacheRegisterSyscacheCallback(DATABASEOID,
5060 RoleMembershipCacheCallback,
5061 (Datum) 0);
5062 }
5063}
cached_db_hash
static uint32 cached_db_hash
Definition: acl.c:82
RoleMembershipCacheCallback
static void RoleMembershipCacheCallback(Datum arg, int cacheid, uint32 hashvalue)
Definition: acl.c:5070
MyDatabaseId
Oid MyDatabaseId
Definition: globals.c:94
CacheRegisterSyscacheCallback
void CacheRegisterSyscacheCallback(int cacheid, SyscacheCallbackFunction func, Datum arg)
Definition: inval.c:1812
IsBootstrapProcessingMode
#define IsBootstrapProcessingMode()
Definition: miscadmin.h:476
GetSysCacheHashValue1
#define GetSysCacheHashValue1(cacheId, key1)
Definition: syscache.h:118

References cached_db_hash, CacheRegisterSyscacheCallback(), GetSysCacheHashValue1, IsBootstrapProcessingMode, MyDatabaseId, ObjectIdGetDatum(), and RoleMembershipCacheCallback().

Referenced by InitPostgres().

◆ is_admin_of_role()

bool is_admin_of_role ( Oid  member,
Oid  role 
)

Definition at line 5414 of file acl.c.

5415{
5416 Oid admin_role;
5417
5418 if (superuser_arg(member))
5419 return true;
5420
5421 /* By policy, a role cannot have WITH ADMIN OPTION on itself. */
5422 if (member == role)
5423 return false;
5424
5425 (void) roles_is_member_of(member, ROLERECURSE_MEMBERS, role, &admin_role);
5426 return OidIsValid(admin_role);
5427}

References OidIsValid, ROLERECURSE_MEMBERS, roles_is_member_of(), and superuser_arg().

Referenced by AlterRole(), AlterRoleSet(), check_object_ownership(), check_role_membership_authorization(), DropRole(), pg_role_aclcheck(), and RenameRole().

◆ is_member_of_role()

bool is_member_of_role ( Oid  member,
Oid  role 
)

Definition at line 5364 of file acl.c.

5365{
5366 /* Fast path for simple case */
5367 if (member == role)
5368 return true;
5369
5370 /* Superusers have every privilege, so are part of every role */
5371 if (superuser_arg(member))
5372 return true;
5373
5374 /*
5375 * Find all the roles that member is a member of, including multi-level
5376 * recursion, then see if target role is any one of them.
5377 */
5378 return list_member_oid(roles_is_member_of(member, ROLERECURSE_MEMBERS,
5379 InvalidOid, NULL),
5380 role);
5381}

References InvalidOid, list_member_oid(), ROLERECURSE_MEMBERS, roles_is_member_of(), and superuser_arg().

Referenced by pg_role_aclcheck().

◆ is_member_of_role_nosuper()

bool is_member_of_role_nosuper ( Oid  member,
Oid  role 
)

Definition at line 5392 of file acl.c.

5393{
5394 /* Fast path for simple case */
5395 if (member == role)
5396 return true;
5397
5398 /*
5399 * Find all the roles that member is a member of, including multi-level
5400 * recursion, then see if target role is any one of them.
5401 */
5402 return list_member_oid(roles_is_member_of(member, ROLERECURSE_MEMBERS,
5403 InvalidOid, NULL),
5404 role);
5405}

References InvalidOid, list_member_oid(), ROLERECURSE_MEMBERS, and roles_is_member_of().

Referenced by AddRoleMems(), and is_member().

◆ is_safe_acl_char()

static bool is_safe_acl_char ( unsigned char  c,
bool  is_getid 
)
inlinestatic

Definition at line 145 of file acl.c.

146{
147 if (IS_HIGHBIT_SET(c))
148 return is_getid;
149 return isalnum(c) || c == '_';
150}
IS_HIGHBIT_SET
#define IS_HIGHBIT_SET(ch)
Definition: c.h:1155
c
char * c
Definition: preproc-cursor.c:31

References IS_HIGHBIT_SET.

Referenced by getid(), and putid().

◆ make_empty_acl()

Acl * make_empty_acl ( void  )

Definition at line 448 of file acl.c.

449{
450 return allocacl(0);
451}

References allocacl().

Referenced by SetDefaultACL().

◆ makeaclitem()

Datum makeaclitem ( PG_FUNCTION_ARGS  )

Definition at line 1634 of file acl.c.

1635{
1636 Oid grantee = PG_GETARG_OID(0);
1637 Oid grantor = PG_GETARG_OID(1);
1638 text *privtext = PG_GETARG_TEXT_PP(2);
1639 bool goption = PG_GETARG_BOOL(3);
1640 AclItem *result;
1641 AclMode priv;
1642 static const priv_map any_priv_map[] = {
1643 {"SELECT", ACL_SELECT},
1644 {"INSERT", ACL_INSERT},
1645 {"UPDATE", ACL_UPDATE},
1646 {"DELETE", ACL_DELETE},
1647 {"TRUNCATE", ACL_TRUNCATE},
1648 {"REFERENCES", ACL_REFERENCES},
1649 {"TRIGGER", ACL_TRIGGER},
1650 {"EXECUTE", ACL_EXECUTE},
1651 {"USAGE", ACL_USAGE},
1652 {"CREATE", ACL_CREATE},
1653 {"TEMP", ACL_CREATE_TEMP},
1654 {"TEMPORARY", ACL_CREATE_TEMP},
1655 {"CONNECT", ACL_CONNECT},
1656 {"SET", ACL_SET},
1657 {"ALTER SYSTEM", ACL_ALTER_SYSTEM},
1658 {"MAINTAIN", ACL_MAINTAIN},
1659 {NULL, 0}
1660 };
1661
1662 priv = convert_any_priv_string(privtext, any_priv_map);
1663
1664 result = (AclItem *) palloc(sizeof(AclItem));
1665
1666 result->ai_grantee = grantee;
1667 result->ai_grantor = grantor;
1668
1669 ACLITEM_SET_PRIVS_GOPTIONS(*result, priv,
1670 (goption ? priv : ACL_NO_RIGHTS));
1671
1672 PG_RETURN_ACLITEM_P(result);
1673}
PG_GETARG_BOOL
#define PG_GETARG_BOOL(n)
Definition: fmgr.h:274

References ACL_ALTER_SYSTEM, ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_MAINTAIN, ACL_NO_RIGHTS, ACL_REFERENCES, ACL_SELECT, ACL_SET, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, ACLITEM_SET_PRIVS_GOPTIONS, AclItem::ai_grantee, AclItem::ai_grantor, convert_any_priv_string(), palloc(), PG_GETARG_BOOL, PG_GETARG_OID, PG_GETARG_TEXT_PP, and PG_RETURN_ACLITEM_P.

◆ member_can_set_role()

bool member_can_set_role ( Oid  member,
Oid  role 
)

Definition at line 5318 of file acl.c.

5319{
5320 /* Fast path for simple case */
5321 if (member == role)
5322 return true;
5323
5324 /* Superusers have every privilege, so can always SET ROLE */
5325 if (superuser_arg(member))
5326 return true;
5327
5328 /*
5329 * Find all the roles that member can access via SET ROLE, including
5330 * multi-level recursion, then see if target role is any one of them.
5331 */
5332 return list_member_oid(roles_is_member_of(member, ROLERECURSE_SETROLE,
5333 InvalidOid, NULL),
5334 role);
5335}

References InvalidOid, list_member_oid(), ROLERECURSE_SETROLE, roles_is_member_of(), and superuser_arg().

Referenced by check_can_set_role(), check_role(), pg_role_aclcheck(), and SwitchToUntrustedUser().

◆ pg_has_role_id()

Datum pg_has_role_id ( PG_FUNCTION_ARGS  )

Definition at line 4912 of file acl.c.

4913{
4914 Oid roleoid = PG_GETARG_OID(0);
4915 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4916 Oid roleid;
4917 AclMode mode;
4918 AclResult aclresult;
4919
4920 roleid = GetUserId();
4921 mode = convert_role_priv_string(priv_type_text);
4922
4923 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4924
4925 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4926}
convert_role_priv_string
static AclMode convert_role_priv_string(text *priv_type_text)
Definition: acl.c:4987
pg_role_aclcheck
static AclResult pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode)
Definition: acl.c:5010

References ACLCHECK_OK, convert_role_priv_string(), GetUserId(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_id_id()

Datum pg_has_role_id_id ( PG_FUNCTION_ARGS  )

Definition at line 4957 of file acl.c.

4958{
4959 Oid roleid = PG_GETARG_OID(0);
4960 Oid roleoid = PG_GETARG_OID(1);
4961 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4962 AclMode mode;
4963 AclResult aclresult;
4964
4965 mode = convert_role_priv_string(priv_type_text);
4966
4967 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4968
4969 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4970}

References ACLCHECK_OK, convert_role_priv_string(), mode, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_id_name()

Datum pg_has_role_id_name ( PG_FUNCTION_ARGS  )

Definition at line 4934 of file acl.c.

4935{
4936 Oid roleid = PG_GETARG_OID(0);
4937 Name rolename = PG_GETARG_NAME(1);
4938 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4939 Oid roleoid;
4940 AclMode mode;
4941 AclResult aclresult;
4942
4943 roleoid = get_role_oid(NameStr(*rolename), false);
4944 mode = convert_role_priv_string(priv_type_text);
4945
4946 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4947
4948 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4949}

References ACLCHECK_OK, convert_role_priv_string(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_name()

Datum pg_has_role_name ( PG_FUNCTION_ARGS  )

Definition at line 4864 of file acl.c.

4865{
4866 Name rolename = PG_GETARG_NAME(0);
4867 text *priv_type_text = PG_GETARG_TEXT_PP(1);
4868 Oid roleid;
4869 Oid roleoid;
4870 AclMode mode;
4871 AclResult aclresult;
4872
4873 roleid = GetUserId();
4874 roleoid = get_role_oid(NameStr(*rolename), false);
4875 mode = convert_role_priv_string(priv_type_text);
4876
4877 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4878
4879 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4880}

References ACLCHECK_OK, convert_role_priv_string(), get_role_oid(), GetUserId(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, and pg_role_aclcheck().

◆ pg_has_role_name_id()

Datum pg_has_role_name_id ( PG_FUNCTION_ARGS  )

Definition at line 4888 of file acl.c.

4889{
4890 Name username = PG_GETARG_NAME(0);
4891 Oid roleoid = PG_GETARG_OID(1);
4892 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4893 Oid roleid;
4894 AclMode mode;
4895 AclResult aclresult;
4896
4897 roleid = get_role_oid(NameStr(*username), false);
4898 mode = convert_role_priv_string(priv_type_text);
4899
4900 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4901
4902 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4903}

References ACLCHECK_OK, convert_role_priv_string(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, pg_role_aclcheck(), and username.

◆ pg_has_role_name_name()

Datum pg_has_role_name_name ( PG_FUNCTION_ARGS  )

Definition at line 4838 of file acl.c.

4839{
4840 Name username = PG_GETARG_NAME(0);
4841 Name rolename = PG_GETARG_NAME(1);
4842 text *priv_type_text = PG_GETARG_TEXT_PP(2);
4843 Oid roleid;
4844 Oid roleoid;
4845 AclMode mode;
4846 AclResult aclresult;
4847
4848 roleid = get_role_oid(NameStr(*username), false);
4849 roleoid = get_role_oid(NameStr(*rolename), false);
4850 mode = convert_role_priv_string(priv_type_text);
4851
4852 aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4853
4854 PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4855}

References ACLCHECK_OK, convert_role_priv_string(), get_role_oid(), mode, NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_PP, PG_RETURN_BOOL, pg_role_aclcheck(), and username.

◆ pg_role_aclcheck()

static AclResult pg_role_aclcheck ( Oid  role_oid,
Oid  roleid,
AclMode  mode 
)
static

Definition at line 5010 of file acl.c.

5011{
5012 if (mode & ACL_GRANT_OPTION_FOR(ACL_CREATE))
5013 {
5014 if (is_admin_of_role(roleid, role_oid))
5015 return ACLCHECK_OK;
5016 }
5017 if (mode & ACL_CREATE)
5018 {
5019 if (is_member_of_role(roleid, role_oid))
5020 return ACLCHECK_OK;
5021 }
5022 if (mode & ACL_USAGE)
5023 {
5024 if (has_privs_of_role(roleid, role_oid))
5025 return ACLCHECK_OK;
5026 }
5027 if (mode & ACL_SET)
5028 {
5029 if (member_can_set_role(roleid, role_oid))
5030 return ACLCHECK_OK;
5031 }
5032 return ACLCHECK_NO_PRIV;
5033}
is_admin_of_role
bool is_admin_of_role(Oid member, Oid role)
Definition: acl.c:5414
is_member_of_role
bool is_member_of_role(Oid member, Oid role)
Definition: acl.c:5364
ACLCHECK_NO_PRIV
@ ACLCHECK_NO_PRIV
Definition: acl.h:184

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_SET, ACL_USAGE, ACLCHECK_NO_PRIV, ACLCHECK_OK, has_privs_of_role(), is_admin_of_role(), is_member_of_role(), member_can_set_role(), and mode.

Referenced by pg_has_role_id(), pg_has_role_id_id(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), and pg_has_role_name_name().

◆ putid()

static void putid ( char *  p,
const char *  s 
)
static

Definition at line 221 of file acl.c.

222{
223 const char *src;
224 bool safe = true;
225
226 /* Detect whether we need to use double quotes */
227 for (src = s; *src; src++)
228 {
229 if (!is_safe_acl_char(*src, false))
230 {
231 safe = false;
232 break;
233 }
234 }
235 if (!safe)
236 *p++ = '"';
237 for (src = s; *src; src++)
238 {
239 /* A double quote character in a username is encoded as "" */
240 if (*src == '"')
241 *p++ = '"';
242 *p++ = *src;
243 }
244 if (!safe)
245 *p++ = '"';
246 *p = '\0';
247}

References is_safe_acl_char().

Referenced by aclitemout().

◆ recursive_revoke()

static Acl * recursive_revoke ( Acl acl,
Oid  grantee,
AclMode  revoke_privs,
Oid  ownerId,
DropBehavior  behavior 
)
static

Definition at line 1302 of file acl.c.

1307{
1308 AclMode still_has;
1309 AclItem *aip;
1310 int i,
1311 num;
1312
1313 check_acl(acl);
1314
1315 /* The owner can never truly lose grant options, so short-circuit */
1316 if (grantee == ownerId)
1317 return acl;
1318
1319 /* The grantee might still have some grant options via another grantor */
1320 still_has = aclmask(acl, grantee, ownerId,
1321 ACL_GRANT_OPTION_FOR(revoke_privs),
1322 ACLMASK_ALL);
1323 revoke_privs &= ~ACL_OPTION_TO_PRIVS(still_has);
1324 if (revoke_privs == ACL_NO_RIGHTS)
1325 return acl;
1326
1327restart:
1328 num = ACL_NUM(acl);
1329 aip = ACL_DAT(acl);
1330 for (i = 0; i < num; i++)
1331 {
1332 if (aip[i].ai_grantor == grantee
1333 && (ACLITEM_GET_PRIVS(aip[i]) & revoke_privs) != 0)
1334 {
1335 AclItem mod_acl;
1336 Acl *new_acl;
1337
1338 if (behavior == DROP_RESTRICT)
1339 ereport(ERROR,
1340 (errcode(ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST),
1341 errmsg("dependent privileges exist"),
1342 errhint("Use CASCADE to revoke them too.")));
1343
1344 mod_acl.ai_grantor = grantee;
1345 mod_acl.ai_grantee = aip[i].ai_grantee;
1346 ACLITEM_SET_PRIVS_GOPTIONS(mod_acl,
1347 revoke_privs,
1348 revoke_privs);
1349
1350 new_acl = aclupdate(acl, &mod_acl, ACL_MODECHG_DEL,
1351 ownerId, behavior);
1352
1353 pfree(acl);
1354 acl = new_acl;
1355
1356 goto restart;
1357 }
1358 }
1359
1360 return acl;
1361}

References ACL_DAT, ACL_GRANT_OPTION_FOR, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACL_NUM, ACLITEM_GET_PRIVS, ACLITEM_SET_PRIVS_GOPTIONS, aclmask(), ACLMASK_ALL, aclupdate(), AclItem::ai_grantee, AclItem::ai_grantor, check_acl(), DROP_RESTRICT, ereport, errcode(), errhint(), errmsg(), ERROR, i, and pfree().

Referenced by aclupdate().

◆ RoleMembershipCacheCallback()

static void RoleMembershipCacheCallback ( Datum  arg,
int  cacheid,
uint32  hashvalue 
)
static

Definition at line 5070 of file acl.c.

5071{
5072 if (cacheid == DATABASEOID &&
5073 hashvalue != cached_db_hash &&
5074 hashvalue != 0)
5075 {
5076 return; /* ignore pg_database changes for other DBs */
5077 }
5078
5079 /* Force membership caches to be recomputed on next use */
5080 cached_role[ROLERECURSE_MEMBERS] = InvalidOid;
5081 cached_role[ROLERECURSE_PRIVS] = InvalidOid;
5082 cached_role[ROLERECURSE_SETROLE] = InvalidOid;
5083}
cached_role
static Oid cached_role[]
Definition: acl.c:80

References cached_db_hash, cached_role, InvalidOid, ROLERECURSE_MEMBERS, ROLERECURSE_PRIVS, and ROLERECURSE_SETROLE.

Referenced by initialize_acl().

◆ roles_is_member_of()

static List * roles_is_member_of ( Oid  roleid,
enum RoleRecurseType  type,
Oid  admin_of,
Oid admin_role 
)
static

Definition at line 5152 of file acl.c.

5154{
5155 Oid dba;
5156 List *roles_list;
5157 ListCell *l;
5158 List *new_cached_roles;
5159 MemoryContext oldctx;
5160 bloom_filter *bf = NULL;
5161
5162 Assert(OidIsValid(admin_of) == (admin_role != NULL));
5163 if (admin_role != NULL)
5164 *admin_role = InvalidOid;
5165
5166 /* If cache is valid and ADMIN OPTION not sought, just return the list */
5167 if (cached_role[type] == roleid && !OidIsValid(admin_of) &&
5168 OidIsValid(cached_role[type]))
5169 return cached_roles[type];
5170
5171 /*
5172 * Role expansion happens in a non-database backend when guc.c checks
5173 * ROLE_PG_READ_ALL_SETTINGS for a physical walsender SHOW command. In
5174 * that case, no role gets pg_database_owner.
5175 */
5176 if (!OidIsValid(MyDatabaseId))
5177 dba = InvalidOid;
5178 else
5179 {
5180 HeapTuple dbtup;
5181
5182 dbtup = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(MyDatabaseId));
5183 if (!HeapTupleIsValid(dbtup))
5184 elog(ERROR, "cache lookup failed for database %u", MyDatabaseId);
5185 dba = ((Form_pg_database) GETSTRUCT(dbtup))->datdba;
5186 ReleaseSysCache(dbtup);
5187 }
5188
5189 /*
5190 * Find all the roles that roleid is a member of, including multi-level
5191 * recursion. The role itself will always be the first element of the
5192 * resulting list.
5193 *
5194 * Each element of the list is scanned to see if it adds any indirect
5195 * memberships. We can use a single list as both the record of
5196 * already-found memberships and the agenda of roles yet to be scanned.
5197 * This is a bit tricky but works because the foreach() macro doesn't
5198 * fetch the next list element until the bottom of the loop.
5199 */
5200 roles_list = list_make1_oid(roleid);
5201
5202 foreach(l, roles_list)
5203 {
5204 Oid memberid = lfirst_oid(l);
5205 CatCList *memlist;
5206 int i;
5207
5208 /* Find roles that memberid is directly a member of */
5209 memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
5210 ObjectIdGetDatum(memberid));
5211 for (i = 0; i < memlist->n_members; i++)
5212 {
5213 HeapTuple tup = &memlist->members[i]->tuple;
5214 Form_pg_auth_members form = (Form_pg_auth_members) GETSTRUCT(tup);
5215 Oid otherid = form->roleid;
5216
5217 /*
5218 * While otherid==InvalidOid shouldn't appear in the catalog, the
5219 * OidIsValid() avoids crashing if that arises.
5220 */
5221 if (otherid == admin_of && form->admin_option &&
5222 OidIsValid(admin_of) && !OidIsValid(*admin_role))
5223 *admin_role = memberid;
5224
5225 /* If we're supposed to ignore non-heritable grants, do so. */
5226 if (type == ROLERECURSE_PRIVS && !form->inherit_option)
5227 continue;
5228
5229 /* If we're supposed to ignore non-SET grants, do so. */
5230 if (type == ROLERECURSE_SETROLE && !form->set_option)
5231 continue;
5232
5233 /*
5234 * Even though there shouldn't be any loops in the membership
5235 * graph, we must test for having already seen this role. It is
5236 * legal for instance to have both A->B and A->C->B.
5237 */
5238 roles_list = roles_list_append(roles_list, &bf, otherid);
5239 }
5240 ReleaseSysCacheList(memlist);
5241
5242 /* implement pg_database_owner implicit membership */
5243 if (memberid == dba && OidIsValid(dba))
5244 roles_list = roles_list_append(roles_list, &bf,
5245 ROLE_PG_DATABASE_OWNER);
5246 }
5247
5248 /*
5249 * Free the Bloom filter created by roles_list_append(), if there is one.
5250 */
5251 if (bf)
5252 bloom_free(bf);
5253
5254 /*
5255 * Copy the completed list into TopMemoryContext so it will persist.
5256 */
5257 oldctx = MemoryContextSwitchTo(TopMemoryContext);
5258 new_cached_roles = list_copy(roles_list);
5259 MemoryContextSwitchTo(oldctx);
5260 list_free(roles_list);
5261
5262 /*
5263 * Now safe to assign to state variable
5264 */
5265 cached_role[type] = InvalidOid; /* just paranoia */
5266 list_free(cached_roles[type]);
5267 cached_roles[type] = new_cached_roles;
5268 cached_role[type] = roleid;
5269
5270 /* And now we can return the answer */
5271 return cached_roles[type];
5272}
roles_list_append
static List * roles_list_append(List *roles_list, bloom_filter **bf, Oid role)
Definition: acl.c:5092
cached_roles
static List * cached_roles[]
Definition: acl.c:81
bloom_free
void bloom_free(bloom_filter *filter)
Definition: bloomfilter.c:126
list_copy
List * list_copy(const List *oldlist)
Definition: list.c:1573
list_free
void list_free(List *list)
Definition: list.c:1546
TopMemoryContext
MemoryContext TopMemoryContext
Definition: mcxt.c:166
Form_pg_auth_members
FormData_pg_auth_members * Form_pg_auth_members
Definition: pg_auth_members.h:46
Form_pg_database
FormData_pg_database * Form_pg_database
Definition: pg_database.h:96
list_make1_oid
#define list_make1_oid(x1)
Definition: pg_list.h:242
lfirst_oid
#define lfirst_oid(lc)
Definition: pg_list.h:174
List
Definition: pg_list.h:54
bloom_filter
Definition: bloomfilter.c:45
catclist::members
CatCTup * members[FLEXIBLE_ARRAY_MEMBER]
Definition: catcache.h:185
catclist::n_members
int n_members
Definition: catcache.h:183
catctup::tuple
HeapTupleData tuple
Definition: catcache.h:124
ReleaseSysCacheList
#define ReleaseSysCacheList(x)
Definition: syscache.h:134
SearchSysCacheList1
#define SearchSysCacheList1(cacheId, key1)
Definition: syscache.h:127
type
const char * type
Definition: wait_event_funcs.c:27

References Assert(), bloom_free(), cached_role, cached_roles, elog, ERROR, GETSTRUCT(), HeapTupleIsValid, i, InvalidOid, lfirst_oid, list_copy(), list_free(), list_make1_oid, catclist::members, MemoryContextSwitchTo(), MyDatabaseId, catclist::n_members, ObjectIdGetDatum(), OidIsValid, ReleaseSysCache(), ReleaseSysCacheList, ROLERECURSE_PRIVS, ROLERECURSE_SETROLE, roles_list_append(), SearchSysCache1(), SearchSysCacheList1, TopMemoryContext, catctup::tuple, and type.

Referenced by has_privs_of_role(), is_admin_of_role(), is_member_of_role(), is_member_of_role_nosuper(), member_can_set_role(), select_best_admin(), and select_best_grantor().

◆ roles_list_append()

static List * roles_list_append ( List roles_list,
bloom_filter **  bf,
Oid  role 
)
inlinestatic

Definition at line 5092 of file acl.c.

5093{
5094 unsigned char *roleptr = (unsigned char *) &role;
5095
5096 /*
5097 * If there is a previously-created Bloom filter, use it to try to
5098 * determine whether the role is missing from the list. If it says yes,
5099 * that's a hard fact and we can go ahead and add the role. If it says
5100 * no, that's only probabilistic and we'd better search the list. Without
5101 * a filter, we must always do an ordinary linear search through the
5102 * existing list.
5103 */
5104 if ((*bf && bloom_lacks_element(*bf, roleptr, sizeof(Oid))) ||
5105 !list_member_oid(roles_list, role))
5106 {
5107 /*
5108 * If the list is large, we take on the overhead of creating and
5109 * populating a Bloom filter to speed up future calls to this
5110 * function.
5111 */
5112 if (*bf == NULL &&
5113 list_length(roles_list) > ROLES_LIST_BLOOM_THRESHOLD)
5114 {
5115 *bf = bloom_create(ROLES_LIST_BLOOM_THRESHOLD * 10, work_mem, 0);
5116 foreach_oid(roleid, roles_list)
5117 bloom_add_element(*bf, (unsigned char *) &roleid, sizeof(Oid));
5118 }
5119
5120 /*
5121 * Finally, add the role to the list and the Bloom filter, if it
5122 * exists.
5123 */
5124 roles_list = lappend_oid(roles_list, role);
5125 if (*bf)
5126 bloom_add_element(*bf, roleptr, sizeof(Oid));
5127 }
5128
5129 return roles_list;
5130}
ROLES_LIST_BLOOM_THRESHOLD
#define ROLES_LIST_BLOOM_THRESHOLD
Definition: acl.c:90
bloom_create
bloom_filter * bloom_create(int64 total_elems, int bloom_work_mem, uint64 seed)
Definition: bloomfilter.c:87
bloom_lacks_element
bool bloom_lacks_element(bloom_filter *filter, unsigned char *elem, size_t len)
Definition: bloomfilter.c:157
bloom_add_element
void bloom_add_element(bloom_filter *filter, unsigned char *elem, size_t len)
Definition: bloomfilter.c:135
work_mem
int work_mem
Definition: globals.c:131
lappend_oid
List * lappend_oid(List *list, Oid datum)
Definition: list.c:375
list_length
static int list_length(const List *l)
Definition: pg_list.h:152
foreach_oid
#define foreach_oid(var, lst)
Definition: pg_list.h:471

References bloom_add_element(), bloom_create(), bloom_lacks_element(), foreach_oid, lappend_oid(), list_length(), list_member_oid(), ROLES_LIST_BLOOM_THRESHOLD, and work_mem.

Referenced by roles_is_member_of().

◆ select_best_admin()

Oid select_best_admin ( Oid  member,
Oid  role 
)

Definition at line 5439 of file acl.c.

5440{
5441 Oid admin_role;
5442
5443 /* By policy, a role cannot have WITH ADMIN OPTION on itself. */
5444 if (member == role)
5445 return InvalidOid;
5446
5447 (void) roles_is_member_of(member, ROLERECURSE_PRIVS, role, &admin_role);
5448 return admin_role;
5449}

References InvalidOid, ROLERECURSE_PRIVS, and roles_is_member_of().

Referenced by check_role_grantor().

◆ select_best_grantor()

void select_best_grantor ( Oid  roleId,
AclMode  privileges,
const Acl acl,
Oid  ownerId,
Oid grantorId,
AclMode grantOptions 
)

Definition at line 5476 of file acl.c.

5479{
5480 AclMode needed_goptions = ACL_GRANT_OPTION_FOR(privileges);
5481 List *roles_list;
5482 int nrights;
5483 ListCell *l;
5484
5485 /*
5486 * The object owner is always treated as having all grant options, so if
5487 * roleId is the owner it's easy. Also, if roleId is a superuser it's
5488 * easy: superusers are implicitly members of every role, so they act as
5489 * the object owner.
5490 */
5491 if (roleId == ownerId || superuser_arg(roleId))
5492 {
5493 *grantorId = ownerId;
5494 *grantOptions = needed_goptions;
5495 return;
5496 }
5497
5498 /*
5499 * Otherwise we have to do a careful search to see if roleId has the
5500 * privileges of any suitable role. Note: we can hang onto the result of
5501 * roles_is_member_of() throughout this loop, because aclmask_direct()
5502 * doesn't query any role memberships.
5503 */
5504 roles_list = roles_is_member_of(roleId, ROLERECURSE_PRIVS,
5505 InvalidOid, NULL);
5506
5507 /* initialize candidate result as default */
5508 *grantorId = roleId;
5509 *grantOptions = ACL_NO_RIGHTS;
5510 nrights = 0;
5511
5512 foreach(l, roles_list)
5513 {
5514 Oid otherrole = lfirst_oid(l);
5515 AclMode otherprivs;
5516
5517 otherprivs = aclmask_direct(acl, otherrole, ownerId,
5518 needed_goptions, ACLMASK_ALL);
5519 if (otherprivs == needed_goptions)
5520 {
5521 /* Found a suitable grantor */
5522 *grantorId = otherrole;
5523 *grantOptions = otherprivs;
5524 return;
5525 }
5526
5527 /*
5528 * If it has just some of the needed privileges, remember best
5529 * candidate.
5530 */
5531 if (otherprivs != ACL_NO_RIGHTS)
5532 {
5533 int nnewrights = pg_popcount64(otherprivs);
5534
5535 if (nnewrights > nrights)
5536 {
5537 *grantorId = otherrole;
5538 *grantOptions = otherprivs;
5539 nrights = nnewrights;
5540 }
5541 }
5542 }
5543}
aclmask_direct
static AclMode aclmask_direct(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Definition: acl.c:1477
pg_popcount64
int pg_popcount64(uint64 word)
Definition: pg_bitutils.c:515

References ACL_GRANT_OPTION_FOR, ACL_NO_RIGHTS, ACLMASK_ALL, aclmask_direct(), InvalidOid, lfirst_oid, pg_popcount64(), ROLERECURSE_PRIVS, roles_is_member_of(), and superuser_arg().

Referenced by ExecGrant_Attribute(), ExecGrant_common(), ExecGrant_Largeobject(), ExecGrant_Parameter(), and ExecGrant_Relation().

Variable Documentation

◆ cached_db_hash

uint32 cached_db_hash
static

Definition at line 82 of file acl.c.

Referenced by initialize_acl(), and RoleMembershipCacheCallback().

◆ cached_role

Oid cached_role[] = {InvalidOid, InvalidOid, InvalidOid}
static

Definition at line 80 of file acl.c.

Referenced by RoleMembershipCacheCallback(), and roles_is_member_of().

◆ cached_roles

List* cached_roles[] = {NIL, NIL, NIL}
static

Definition at line 81 of file acl.c.

Referenced by roles_is_member_of().