LCOV - code coverage report
Current view: top level - src/backend/commands - lockcmds.c (source / functions) Hit Total Coverage
Test: PostgreSQL 16beta1 Lines: 84 96 87.5 %
Date: 2023-05-30 18:12:27 Functions: 6 6 100.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*-------------------------------------------------------------------------
       2             :  *
       3             :  * lockcmds.c
       4             :  *    LOCK command support code
       5             :  *
       6             :  * Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group
       7             :  * Portions Copyright (c) 1994, Regents of the University of California
       8             :  *
       9             :  *
      10             :  * IDENTIFICATION
      11             :  *    src/backend/commands/lockcmds.c
      12             :  *
      13             :  *-------------------------------------------------------------------------
      14             :  */
      15             : #include "postgres.h"
      16             : 
      17             : #include "access/table.h"
      18             : #include "access/xact.h"
      19             : #include "catalog/namespace.h"
      20             : #include "catalog/pg_inherits.h"
      21             : #include "commands/lockcmds.h"
      22             : #include "commands/tablecmds.h"
      23             : #include "miscadmin.h"
      24             : #include "nodes/nodeFuncs.h"
      25             : #include "parser/parse_clause.h"
      26             : #include "rewrite/rewriteHandler.h"
      27             : #include "storage/lmgr.h"
      28             : #include "utils/acl.h"
      29             : #include "utils/lsyscache.h"
      30             : #include "utils/syscache.h"
      31             : 
      32             : static void LockTableRecurse(Oid reloid, LOCKMODE lockmode, bool nowait);
      33             : static AclResult LockTableAclCheck(Oid reloid, LOCKMODE lockmode, Oid userid);
      34             : static void RangeVarCallbackForLockTable(const RangeVar *rv, Oid relid,
      35             :                                          Oid oldrelid, void *arg);
      36             : static void LockViewRecurse(Oid reloid, LOCKMODE lockmode, bool nowait,
      37             :                             List *ancestor_views);
      38             : 
      39             : /*
      40             :  * LOCK TABLE
      41             :  */
      42             : void
      43         996 : LockTableCommand(LockStmt *lockstmt)
      44             : {
      45             :     ListCell   *p;
      46             : 
      47             :     /*
      48             :      * Iterate over the list and process the named relations one at a time
      49             :      */
      50       10084 :     foreach(p, lockstmt->relations)
      51             :     {
      52        9164 :         RangeVar   *rv = (RangeVar *) lfirst(p);
      53        9164 :         bool        recurse = rv->inh;
      54             :         Oid         reloid;
      55             : 
      56        9164 :         reloid = RangeVarGetRelidExtended(rv, lockstmt->mode,
      57        9164 :                                           lockstmt->nowait ? RVR_NOWAIT : 0,
      58             :                                           RangeVarCallbackForLockTable,
      59        9164 :                                           (void *) &lockstmt->mode);
      60             : 
      61        9094 :         if (get_rel_relkind(reloid) == RELKIND_VIEW)
      62          66 :             LockViewRecurse(reloid, lockstmt->mode, lockstmt->nowait, NIL);
      63        9028 :         else if (recurse)
      64        9022 :             LockTableRecurse(reloid, lockstmt->mode, lockstmt->nowait);
      65             :     }
      66         920 : }
      67             : 
      68             : /*
      69             :  * Before acquiring a table lock on the named table, check whether we have
      70             :  * permission to do so.
      71             :  */
      72             : static void
      73        9192 : RangeVarCallbackForLockTable(const RangeVar *rv, Oid relid, Oid oldrelid,
      74             :                              void *arg)
      75             : {
      76        9192 :     LOCKMODE    lockmode = *(LOCKMODE *) arg;
      77             :     char        relkind;
      78             :     char        relpersistence;
      79             :     AclResult   aclresult;
      80             : 
      81        9192 :     if (!OidIsValid(relid))
      82           0 :         return;                 /* doesn't exist, so no permissions check */
      83        9192 :     relkind = get_rel_relkind(relid);
      84        9192 :     if (!relkind)
      85           0 :         return;                 /* woops, concurrently dropped; no permissions
      86             :                                  * check */
      87             : 
      88             :     /* Currently, we only allow plain tables or views to be locked */
      89        9192 :     if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE &&
      90             :         relkind != RELKIND_VIEW)
      91           0 :         ereport(ERROR,
      92             :                 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
      93             :                  errmsg("cannot lock relation \"%s\"",
      94             :                         rv->relname),
      95             :                  errdetail_relkind_not_supported(relkind)));
      96             : 
      97             :     /*
      98             :      * Make note if a temporary relation has been accessed in this
      99             :      * transaction.
     100             :      */
     101        9192 :     relpersistence = get_rel_persistence(relid);
     102        9192 :     if (relpersistence == RELPERSISTENCE_TEMP)
     103           6 :         MyXactFlags |= XACT_FLAGS_ACCESSEDTEMPNAMESPACE;
     104             : 
     105             :     /* Check permissions. */
     106        9192 :     aclresult = LockTableAclCheck(relid, lockmode, GetUserId());
     107        9192 :     if (aclresult != ACLCHECK_OK)
     108          48 :         aclcheck_error(aclresult, get_relkind_objtype(get_rel_relkind(relid)), rv->relname);
     109             : }
     110             : 
     111             : /*
     112             :  * Apply LOCK TABLE recursively over an inheritance tree
     113             :  *
     114             :  * This doesn't check permission to perform LOCK TABLE on the child tables,
     115             :  * because getting here means that the user has permission to lock the
     116             :  * parent which is enough.
     117             :  */
     118             : static void
     119        9094 : LockTableRecurse(Oid reloid, LOCKMODE lockmode, bool nowait)
     120             : {
     121             :     List       *children;
     122             :     ListCell   *lc;
     123             : 
     124        9094 :     children = find_all_inheritors(reloid, NoLock, NULL);
     125             : 
     126       21838 :     foreach(lc, children)
     127             :     {
     128       12744 :         Oid         childreloid = lfirst_oid(lc);
     129             : 
     130             :         /* Parent already locked. */
     131       12744 :         if (childreloid == reloid)
     132        9094 :             continue;
     133             : 
     134        3650 :         if (!nowait)
     135        3632 :             LockRelationOid(childreloid, lockmode);
     136          18 :         else if (!ConditionalLockRelationOid(childreloid, lockmode))
     137             :         {
     138             :             /* try to throw error by name; relation could be deleted... */
     139           0 :             char       *relname = get_rel_name(childreloid);
     140             : 
     141           0 :             if (!relname)
     142           0 :                 continue;       /* child concurrently dropped, just skip it */
     143           0 :             ereport(ERROR,
     144             :                     (errcode(ERRCODE_LOCK_NOT_AVAILABLE),
     145             :                      errmsg("could not obtain lock on relation \"%s\"",
     146             :                             relname)));
     147             :         }
     148             : 
     149             :         /*
     150             :          * Even if we got the lock, child might have been concurrently
     151             :          * dropped. If so, we can skip it.
     152             :          */
     153        3650 :         if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(childreloid)))
     154             :         {
     155             :             /* Release useless lock */
     156           0 :             UnlockRelationOid(childreloid, lockmode);
     157           0 :             continue;
     158             :         }
     159             :     }
     160        9094 : }
     161             : 
     162             : /*
     163             :  * Apply LOCK TABLE recursively over a view
     164             :  *
     165             :  * All tables and views appearing in the view definition query are locked
     166             :  * recursively with the same lock mode.
     167             :  */
     168             : 
     169             : typedef struct
     170             : {
     171             :     LOCKMODE    lockmode;       /* lock mode to use */
     172             :     bool        nowait;         /* no wait mode */
     173             :     Oid         check_as_user;  /* user for checking the privilege */
     174             :     Oid         viewoid;        /* OID of the view to be locked */
     175             :     List       *ancestor_views; /* OIDs of ancestor views */
     176             : } LockViewRecurse_context;
     177             : 
     178             : static bool
     179        1998 : LockViewRecurse_walker(Node *node, LockViewRecurse_context *context)
     180             : {
     181        1998 :     if (node == NULL)
     182        1236 :         return false;
     183             : 
     184         762 :     if (IsA(node, Query))
     185             :     {
     186         108 :         Query      *query = (Query *) node;
     187             :         ListCell   *rtable;
     188             : 
     189         222 :         foreach(rtable, query->rtable)
     190             :         {
     191         120 :             RangeTblEntry *rte = lfirst(rtable);
     192             :             AclResult   aclresult;
     193             : 
     194         120 :             Oid         relid = rte->relid;
     195         120 :             char        relkind = rte->relkind;
     196         120 :             char       *relname = get_rel_name(relid);
     197             : 
     198             :             /* Currently, we only allow plain tables or views to be locked. */
     199         120 :             if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE &&
     200             :                 relkind != RELKIND_VIEW)
     201           6 :                 continue;
     202             : 
     203             :             /*
     204             :              * We might be dealing with a self-referential view.  If so, we
     205             :              * can just stop recursing, since we already locked it.
     206             :              */
     207         114 :             if (list_member_oid(context->ancestor_views, relid))
     208          12 :                 continue;
     209             : 
     210             :             /*
     211             :              * Check permissions as the specified user.  This will either be
     212             :              * the view owner or the current user.
     213             :              */
     214         102 :             aclresult = LockTableAclCheck(relid, context->lockmode,
     215             :                                           context->check_as_user);
     216         102 :             if (aclresult != ACLCHECK_OK)
     217           6 :                 aclcheck_error(aclresult, get_relkind_objtype(relkind), relname);
     218             : 
     219             :             /* We have enough rights to lock the relation; do so. */
     220          96 :             if (!context->nowait)
     221          96 :                 LockRelationOid(relid, context->lockmode);
     222           0 :             else if (!ConditionalLockRelationOid(relid, context->lockmode))
     223           0 :                 ereport(ERROR,
     224             :                         (errcode(ERRCODE_LOCK_NOT_AVAILABLE),
     225             :                          errmsg("could not obtain lock on relation \"%s\"",
     226             :                                 relname)));
     227             : 
     228          96 :             if (relkind == RELKIND_VIEW)
     229          24 :                 LockViewRecurse(relid, context->lockmode, context->nowait,
     230             :                                 context->ancestor_views);
     231          72 :             else if (rte->inh)
     232          72 :                 LockTableRecurse(relid, context->lockmode, context->nowait);
     233             :         }
     234             : 
     235         102 :         return query_tree_walker(query,
     236             :                                  LockViewRecurse_walker,
     237             :                                  context,
     238             :                                  QTW_IGNORE_JOINALIASES);
     239             :     }
     240             : 
     241         654 :     return expression_tree_walker(node,
     242             :                                   LockViewRecurse_walker,
     243             :                                   context);
     244             : }
     245             : 
     246             : static void
     247          90 : LockViewRecurse(Oid reloid, LOCKMODE lockmode, bool nowait,
     248             :                 List *ancestor_views)
     249             : {
     250             :     LockViewRecurse_context context;
     251             :     Relation    view;
     252             :     Query      *viewquery;
     253             : 
     254             :     /* caller has already locked the view */
     255          90 :     view = table_open(reloid, NoLock);
     256          90 :     viewquery = get_view_query(view);
     257             : 
     258             :     /*
     259             :      * If the view has the security_invoker property set, check permissions as
     260             :      * the current user.  Otherwise, check permissions as the view owner.
     261             :      */
     262          90 :     context.lockmode = lockmode;
     263          90 :     context.nowait = nowait;
     264          90 :     if (RelationHasSecurityInvoker(view))
     265          12 :         context.check_as_user = GetUserId();
     266             :     else
     267          78 :         context.check_as_user = view->rd_rel->relowner;
     268          90 :     context.viewoid = reloid;
     269          90 :     context.ancestor_views = lappend_oid(ancestor_views, reloid);
     270             : 
     271          90 :     LockViewRecurse_walker((Node *) viewquery, &context);
     272             : 
     273          84 :     context.ancestor_views = list_delete_last(context.ancestor_views);
     274             : 
     275          84 :     table_close(view, NoLock);
     276          84 : }
     277             : 
     278             : /*
     279             :  * Check whether the current user is permitted to lock this relation.
     280             :  */
     281             : static AclResult
     282        9294 : LockTableAclCheck(Oid reloid, LOCKMODE lockmode, Oid userid)
     283             : {
     284             :     AclResult   aclresult;
     285             :     AclMode     aclmask;
     286             : 
     287             :     /* any of these privileges permit any lock mode */
     288        9294 :     aclmask = ACL_MAINTAIN | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE;
     289             : 
     290             :     /* SELECT privileges also permit ACCESS SHARE and below */
     291        9294 :     if (lockmode <= AccessShareLock)
     292        8586 :         aclmask |= ACL_SELECT;
     293             : 
     294             :     /* INSERT privileges also permit ROW EXCLUSIVE and below */
     295        9294 :     if (lockmode <= RowExclusiveLock)
     296        8692 :         aclmask |= ACL_INSERT;
     297             : 
     298        9294 :     aclresult = pg_class_aclcheck(reloid, userid, aclmask);
     299             : 
     300             :     /*
     301             :      * If this is a partition, check permissions of its ancestors if needed.
     302             :      */
     303        9348 :     if (aclresult != ACLCHECK_OK &&
     304          54 :         has_partition_ancestor_privs(reloid, userid, ACL_MAINTAIN))
     305           0 :         aclresult = ACLCHECK_OK;
     306             : 
     307        9294 :     return aclresult;
     308             : }

Generated by: LCOV version 1.14