Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * acl.c
4 : * Basic access control list data structures manipulation routines.
5 : *
6 : * Portions Copyright (c) 1996-2019, PostgreSQL Global Development Group
7 : * Portions Copyright (c) 1994, Regents of the University of California
8 : *
9 : *
10 : * IDENTIFICATION
11 : * src/backend/utils/adt/acl.c
12 : *
13 : *-------------------------------------------------------------------------
14 : */
15 : #include "postgres.h"
16 :
17 : #include <ctype.h>
18 :
19 : #include "access/htup_details.h"
20 : #include "catalog/catalog.h"
21 : #include "catalog/namespace.h"
22 : #include "catalog/pg_authid.h"
23 : #include "catalog/pg_auth_members.h"
24 : #include "catalog/pg_type.h"
25 : #include "catalog/pg_class.h"
26 : #include "commands/dbcommands.h"
27 : #include "commands/proclang.h"
28 : #include "commands/tablespace.h"
29 : #include "foreign/foreign.h"
30 : #include "funcapi.h"
31 : #include "miscadmin.h"
32 : #include "utils/acl.h"
33 : #include "utils/builtins.h"
34 : #include "utils/catcache.h"
35 : #include "utils/hashutils.h"
36 : #include "utils/inval.h"
37 : #include "utils/lsyscache.h"
38 : #include "utils/memutils.h"
39 : #include "utils/syscache.h"
40 : #include "utils/varlena.h"
41 :
42 :
43 : typedef struct
44 : {
45 : const char *name;
46 : AclMode value;
47 : } priv_map;
48 :
49 : /*
50 : * We frequently need to test whether a given role is a member of some other
51 : * role. In most of these tests the "given role" is the same, namely the
52 : * active current user. So we can optimize it by keeping a cached list of
53 : * all the roles the "given role" is a member of, directly or indirectly.
54 : * The cache is flushed whenever we detect a change in pg_auth_members.
55 : *
56 : * There are actually two caches, one computed under "has_privs" rules
57 : * (do not recurse where rolinherit isn't true) and one computed under
58 : * "is_member" rules (recurse regardless of rolinherit).
59 : *
60 : * Possibly this mechanism should be generalized to allow caching membership
61 : * info for multiple roles?
62 : *
63 : * The has_privs cache is:
64 : * cached_privs_role is the role OID the cache is for.
65 : * cached_privs_roles is an OID list of roles that cached_privs_role
66 : * has the privileges of (always including itself).
67 : * The cache is valid if cached_privs_role is not InvalidOid.
68 : *
69 : * The is_member cache is similarly:
70 : * cached_member_role is the role OID the cache is for.
71 : * cached_membership_roles is an OID list of roles that cached_member_role
72 : * is a member of (always including itself).
73 : * The cache is valid if cached_member_role is not InvalidOid.
74 : */
75 : static Oid cached_privs_role = InvalidOid;
76 : static List *cached_privs_roles = NIL;
77 : static Oid cached_member_role = InvalidOid;
78 : static List *cached_membership_roles = NIL;
79 :
80 :
81 : static const char *getid(const char *s, char *n);
82 : static void putid(char *p, const char *s);
83 : static Acl *allocacl(int n);
84 : static void check_acl(const Acl *acl);
85 : static const char *aclparse(const char *s, AclItem *aip);
86 : static bool aclitem_match(const AclItem *a1, const AclItem *a2);
87 : static int aclitemComparator(const void *arg1, const void *arg2);
88 : static void check_circularity(const Acl *old_acl, const AclItem *mod_aip,
89 : Oid ownerId);
90 : static Acl *recursive_revoke(Acl *acl, Oid grantee, AclMode revoke_privs,
91 : Oid ownerId, DropBehavior behavior);
92 :
93 : static AclMode convert_priv_string(text *priv_type_text);
94 : static AclMode convert_any_priv_string(text *priv_type_text,
95 : const priv_map *privileges);
96 :
97 : static Oid convert_table_name(text *tablename);
98 : static AclMode convert_table_priv_string(text *priv_type_text);
99 : static AclMode convert_sequence_priv_string(text *priv_type_text);
100 : static AttrNumber convert_column_name(Oid tableoid, text *column);
101 : static AclMode convert_column_priv_string(text *priv_type_text);
102 : static Oid convert_database_name(text *databasename);
103 : static AclMode convert_database_priv_string(text *priv_type_text);
104 : static Oid convert_foreign_data_wrapper_name(text *fdwname);
105 : static AclMode convert_foreign_data_wrapper_priv_string(text *priv_type_text);
106 : static Oid convert_function_name(text *functionname);
107 : static AclMode convert_function_priv_string(text *priv_type_text);
108 : static Oid convert_language_name(text *languagename);
109 : static AclMode convert_language_priv_string(text *priv_type_text);
110 : static Oid convert_schema_name(text *schemaname);
111 : static AclMode convert_schema_priv_string(text *priv_type_text);
112 : static Oid convert_server_name(text *servername);
113 : static AclMode convert_server_priv_string(text *priv_type_text);
114 : static Oid convert_tablespace_name(text *tablespacename);
115 : static AclMode convert_tablespace_priv_string(text *priv_type_text);
116 : static Oid convert_type_name(text *typename);
117 : static AclMode convert_type_priv_string(text *priv_type_text);
118 : static AclMode convert_role_priv_string(text *priv_type_text);
119 : static AclResult pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode);
120 :
121 : static void RoleMembershipCacheCallback(Datum arg, int cacheid, uint32 hashvalue);
122 :
123 :
124 : /*
125 : * getid
126 : * Consumes the first alphanumeric string (identifier) found in string
127 : * 's', ignoring any leading white space. If it finds a double quote
128 : * it returns the word inside the quotes.
129 : *
130 : * RETURNS:
131 : * the string position in 's' that points to the next non-space character
132 : * in 's', after any quotes. Also:
133 : * - loads the identifier into 'n'. (If no identifier is found, 'n'
134 : * contains an empty string.) 'n' must be NAMEDATALEN bytes.
135 : */
136 : static const char *
137 636 : getid(const char *s, char *n)
138 : {
139 636 : int len = 0;
140 636 : bool in_quotes = false;
141 :
142 : Assert(s && n);
143 :
144 1272 : while (isspace((unsigned char) *s))
145 0 : s++;
146 : /* This code had better match what putid() does, below */
147 4436 : for (;
148 7282 : *s != '\0' &&
149 4436 : (isalnum((unsigned char) *s) ||
150 1908 : *s == '_' ||
151 1272 : *s == '"' ||
152 : in_quotes);
153 3164 : s++)
154 : {
155 3164 : if (*s == '"')
156 : {
157 : /* safe to look at next char (could be '\0' though) */
158 636 : if (*(s + 1) != '"')
159 : {
160 636 : in_quotes = !in_quotes;
161 636 : continue;
162 : }
163 : /* it's an escaped double quote; skip the escaping char */
164 0 : s++;
165 : }
166 :
167 : /* Add the character to the string */
168 2528 : if (len >= NAMEDATALEN - 1)
169 0 : ereport(ERROR,
170 : (errcode(ERRCODE_NAME_TOO_LONG),
171 : errmsg("identifier too long"),
172 : errdetail("Identifier must be less than %d characters.",
173 : NAMEDATALEN)));
174 :
175 2528 : n[len++] = *s;
176 : }
177 636 : n[len] = '\0';
178 1272 : while (isspace((unsigned char) *s))
179 0 : s++;
180 636 : return s;
181 : }
182 :
183 : /*
184 : * Write a role name at *p, adding double quotes if needed.
185 : * There must be at least (2*NAMEDATALEN)+2 bytes available at *p.
186 : * This needs to be kept in sync with copyAclUserName in pg_dump/dumputils.c
187 : */
188 : static void
189 14754 : putid(char *p, const char *s)
190 : {
191 : const char *src;
192 14754 : bool safe = true;
193 :
194 158218 : for (src = s; *src; src++)
195 : {
196 : /* This test had better match what getid() does, above */
197 143464 : if (!isalnum((unsigned char) *src) && *src != '_')
198 : {
199 0 : safe = false;
200 0 : break;
201 : }
202 : }
203 14754 : if (!safe)
204 0 : *p++ = '"';
205 158218 : for (src = s; *src; src++)
206 : {
207 : /* A double quote character in a username is encoded as "" */
208 143464 : if (*src == '"')
209 0 : *p++ = '"';
210 143464 : *p++ = *src;
211 : }
212 14754 : if (!safe)
213 0 : *p++ = '"';
214 14754 : *p = '\0';
215 14754 : }
216 :
217 : /*
218 : * aclparse
219 : * Consumes and parses an ACL specification of the form:
220 : * [group|user] [A-Za-z0-9]*=[rwaR]*
221 : * from string 's', ignoring any leading white space or white space
222 : * between the optional id type keyword (group|user) and the actual
223 : * ACL specification.
224 : *
225 : * The group|user decoration is unnecessary in the roles world,
226 : * but we still accept it for backward compatibility.
227 : *
228 : * This routine is called by the parser as well as aclitemin(), hence
229 : * the added generality.
230 : *
231 : * RETURNS:
232 : * the string position in 's' immediately following the ACL
233 : * specification. Also:
234 : * - loads the structure pointed to by 'aip' with the appropriate
235 : * UID/GID, id type identifier and mode type values.
236 : */
237 : static const char *
238 318 : aclparse(const char *s, AclItem *aip)
239 : {
240 : AclMode privs,
241 : goption,
242 : read;
243 : char name[NAMEDATALEN];
244 : char name2[NAMEDATALEN];
245 :
246 : Assert(s && aip);
247 :
248 : #ifdef ACLDEBUG
249 : elog(LOG, "aclparse: input = \"%s\"", s);
250 : #endif
251 318 : s = getid(s, name);
252 318 : if (*s != '=')
253 : {
254 : /* we just read a keyword, not a name */
255 0 : if (strcmp(name, "group") != 0 && strcmp(name, "user") != 0)
256 0 : ereport(ERROR,
257 : (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
258 : errmsg("unrecognized key word: \"%s\"", name),
259 : errhint("ACL key word must be \"group\" or \"user\".")));
260 0 : s = getid(s, name); /* move s to the name beyond the keyword */
261 0 : if (name[0] == '\0')
262 0 : ereport(ERROR,
263 : (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
264 : errmsg("missing name"),
265 : errhint("A name must follow the \"group\" or \"user\" key word.")));
266 : }
267 :
268 318 : if (*s != '=')
269 0 : ereport(ERROR,
270 : (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
271 : errmsg("missing \"=\" sign")));
272 :
273 318 : privs = goption = ACL_NO_RIGHTS;
274 :
275 636 : for (++s, read = 0; isalpha((unsigned char) *s) || *s == '*'; s++)
276 : {
277 318 : switch (*s)
278 : {
279 : case '*':
280 0 : goption |= read;
281 0 : break;
282 : case ACL_INSERT_CHR:
283 0 : read = ACL_INSERT;
284 0 : break;
285 : case ACL_SELECT_CHR:
286 318 : read = ACL_SELECT;
287 318 : break;
288 : case ACL_UPDATE_CHR:
289 0 : read = ACL_UPDATE;
290 0 : break;
291 : case ACL_DELETE_CHR:
292 0 : read = ACL_DELETE;
293 0 : break;
294 : case ACL_TRUNCATE_CHR:
295 0 : read = ACL_TRUNCATE;
296 0 : break;
297 : case ACL_REFERENCES_CHR:
298 0 : read = ACL_REFERENCES;
299 0 : break;
300 : case ACL_TRIGGER_CHR:
301 0 : read = ACL_TRIGGER;
302 0 : break;
303 : case ACL_EXECUTE_CHR:
304 0 : read = ACL_EXECUTE;
305 0 : break;
306 : case ACL_USAGE_CHR:
307 0 : read = ACL_USAGE;
308 0 : break;
309 : case ACL_CREATE_CHR:
310 0 : read = ACL_CREATE;
311 0 : break;
312 : case ACL_CREATE_TEMP_CHR:
313 0 : read = ACL_CREATE_TEMP;
314 0 : break;
315 : case ACL_CONNECT_CHR:
316 0 : read = ACL_CONNECT;
317 0 : break;
318 : case 'R': /* ignore old RULE privileges */
319 0 : read = 0;
320 0 : break;
321 : default:
322 0 : ereport(ERROR,
323 : (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
324 : errmsg("invalid mode character: must be one of \"%s\"",
325 : ACL_ALL_RIGHTS_STR)));
326 : }
327 :
328 318 : privs |= read;
329 : }
330 :
331 318 : if (name[0] == '\0')
332 318 : aip->ai_grantee = ACL_ID_PUBLIC;
333 : else
334 0 : aip->ai_grantee = get_role_oid(name, false);
335 :
336 : /*
337 : * XXX Allow a degree of backward compatibility by defaulting the grantor
338 : * to the superuser.
339 : */
340 318 : if (*s == '/')
341 : {
342 318 : s = getid(s + 1, name2);
343 318 : if (name2[0] == '\0')
344 0 : ereport(ERROR,
345 : (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
346 : errmsg("a name must follow the \"/\" sign")));
347 318 : aip->ai_grantor = get_role_oid(name2, false);
348 : }
349 : else
350 : {
351 0 : aip->ai_grantor = BOOTSTRAP_SUPERUSERID;
352 0 : ereport(WARNING,
353 : (errcode(ERRCODE_INVALID_GRANTOR),
354 : errmsg("defaulting grantor to user ID %u",
355 : BOOTSTRAP_SUPERUSERID)));
356 : }
357 :
358 318 : ACLITEM_SET_PRIVS_GOPTIONS(*aip, privs, goption);
359 :
360 : #ifdef ACLDEBUG
361 : elog(LOG, "aclparse: correctly read [%u %x %x]",
362 : aip->ai_grantee, privs, goption);
363 : #endif
364 :
365 318 : return s;
366 : }
367 :
368 : /*
369 : * allocacl
370 : * Allocates storage for a new Acl with 'n' entries.
371 : *
372 : * RETURNS:
373 : * the new Acl
374 : */
375 : static Acl *
376 1523858 : allocacl(int n)
377 : {
378 : Acl *new_acl;
379 : Size size;
380 :
381 1523858 : if (n < 0)
382 0 : elog(ERROR, "invalid size: %d", n);
383 1523858 : size = ACL_N_SIZE(n);
384 1523858 : new_acl = (Acl *) palloc0(size);
385 1523858 : SET_VARSIZE(new_acl, size);
386 1523858 : new_acl->ndim = 1;
387 1523858 : new_acl->dataoffset = 0; /* we never put in any nulls */
388 1523858 : new_acl->elemtype = ACLITEMOID;
389 1523858 : ARR_LBOUND(new_acl)[0] = 1;
390 1523858 : ARR_DIMS(new_acl)[0] = n;
391 1523858 : return new_acl;
392 : }
393 :
394 : /*
395 : * Create a zero-entry ACL
396 : */
397 : Acl *
398 36 : make_empty_acl(void)
399 : {
400 36 : return allocacl(0);
401 : }
402 :
403 : /*
404 : * Copy an ACL
405 : */
406 : Acl *
407 24564 : aclcopy(const Acl *orig_acl)
408 : {
409 : Acl *result_acl;
410 :
411 24564 : result_acl = allocacl(ACL_NUM(orig_acl));
412 :
413 49128 : memcpy(ACL_DAT(result_acl),
414 24564 : ACL_DAT(orig_acl),
415 24564 : ACL_NUM(orig_acl) * sizeof(AclItem));
416 :
417 24564 : return result_acl;
418 : }
419 :
420 : /*
421 : * Concatenate two ACLs
422 : *
423 : * This is a bit cheesy, since we may produce an ACL with redundant entries.
424 : * Be careful what the result is used for!
425 : */
426 : Acl *
427 44986 : aclconcat(const Acl *left_acl, const Acl *right_acl)
428 : {
429 : Acl *result_acl;
430 :
431 44986 : result_acl = allocacl(ACL_NUM(left_acl) + ACL_NUM(right_acl));
432 :
433 89972 : memcpy(ACL_DAT(result_acl),
434 44986 : ACL_DAT(left_acl),
435 44986 : ACL_NUM(left_acl) * sizeof(AclItem));
436 :
437 89972 : memcpy(ACL_DAT(result_acl) + ACL_NUM(left_acl),
438 44986 : ACL_DAT(right_acl),
439 44986 : ACL_NUM(right_acl) * sizeof(AclItem));
440 :
441 44986 : return result_acl;
442 : }
443 :
444 : /*
445 : * Merge two ACLs
446 : *
447 : * This produces a properly merged ACL with no redundant entries.
448 : * Returns NULL on NULL input.
449 : */
450 : Acl *
451 92 : aclmerge(const Acl *left_acl, const Acl *right_acl, Oid ownerId)
452 : {
453 : Acl *result_acl;
454 : AclItem *aip;
455 : int i,
456 : num;
457 :
458 : /* Check for cases where one or both are empty/null */
459 92 : if (left_acl == NULL || ACL_NUM(left_acl) == 0)
460 : {
461 0 : if (right_acl == NULL || ACL_NUM(right_acl) == 0)
462 0 : return NULL;
463 : else
464 0 : return aclcopy(right_acl);
465 : }
466 : else
467 : {
468 92 : if (right_acl == NULL || ACL_NUM(right_acl) == 0)
469 56 : return aclcopy(left_acl);
470 : }
471 :
472 : /* Merge them the hard way, one item at a time */
473 36 : result_acl = aclcopy(left_acl);
474 :
475 36 : aip = ACL_DAT(right_acl);
476 36 : num = ACL_NUM(right_acl);
477 :
478 84 : for (i = 0; i < num; i++, aip++)
479 : {
480 : Acl *tmp_acl;
481 :
482 48 : tmp_acl = aclupdate(result_acl, aip, ACL_MODECHG_ADD,
483 : ownerId, DROP_RESTRICT);
484 48 : pfree(result_acl);
485 48 : result_acl = tmp_acl;
486 : }
487 :
488 36 : return result_acl;
489 : }
490 :
491 : /*
492 : * Sort the items in an ACL (into an arbitrary but consistent order)
493 : */
494 : void
495 336 : aclitemsort(Acl *acl)
496 : {
497 336 : if (acl != NULL && ACL_NUM(acl) > 1)
498 90 : qsort(ACL_DAT(acl), ACL_NUM(acl), sizeof(AclItem), aclitemComparator);
499 336 : }
500 :
501 : /*
502 : * Check if two ACLs are exactly equal
503 : *
504 : * This will not detect equality if the two arrays contain the same items
505 : * in different orders. To handle that case, sort both inputs first,
506 : * using aclitemsort().
507 : */
508 : bool
509 168 : aclequal(const Acl *left_acl, const Acl *right_acl)
510 : {
511 : /* Check for cases where one or both are empty/null */
512 168 : if (left_acl == NULL || ACL_NUM(left_acl) == 0)
513 : {
514 2 : if (right_acl == NULL || ACL_NUM(right_acl) == 0)
515 2 : return true;
516 : else
517 0 : return false;
518 : }
519 : else
520 : {
521 166 : if (right_acl == NULL || ACL_NUM(right_acl) == 0)
522 30 : return false;
523 : }
524 :
525 136 : if (ACL_NUM(left_acl) != ACL_NUM(right_acl))
526 54 : return false;
527 :
528 164 : if (memcmp(ACL_DAT(left_acl),
529 82 : ACL_DAT(right_acl),
530 82 : ACL_NUM(left_acl) * sizeof(AclItem)) == 0)
531 28 : return true;
532 :
533 54 : return false;
534 : }
535 :
536 : /*
537 : * Verify that an ACL array is acceptable (one-dimensional and has no nulls)
538 : */
539 : static void
540 166088 : check_acl(const Acl *acl)
541 : {
542 166088 : if (ARR_ELEMTYPE(acl) != ACLITEMOID)
543 0 : ereport(ERROR,
544 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
545 : errmsg("ACL array contains wrong data type")));
546 166088 : if (ARR_NDIM(acl) != 1)
547 0 : ereport(ERROR,
548 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
549 : errmsg("ACL arrays must be one-dimensional")));
550 166088 : if (ARR_HASNULL(acl))
551 0 : ereport(ERROR,
552 : (errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED),
553 : errmsg("ACL arrays must not contain null values")));
554 166088 : }
555 :
556 : /*
557 : * aclitemin
558 : * Allocates storage for, and fills in, a new AclItem given a string
559 : * 's' that contains an ACL specification. See aclparse for details.
560 : *
561 : * RETURNS:
562 : * the new AclItem
563 : */
564 : Datum
565 318 : aclitemin(PG_FUNCTION_ARGS)
566 : {
567 318 : const char *s = PG_GETARG_CSTRING(0);
568 : AclItem *aip;
569 :
570 318 : aip = (AclItem *) palloc(sizeof(AclItem));
571 318 : s = aclparse(s, aip);
572 636 : while (isspace((unsigned char) *s))
573 0 : ++s;
574 318 : if (*s)
575 0 : ereport(ERROR,
576 : (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
577 : errmsg("extra garbage at the end of the ACL specification")));
578 :
579 318 : PG_RETURN_ACLITEM_P(aip);
580 : }
581 :
582 : /*
583 : * aclitemout
584 : * Allocates storage for, and fills in, a new null-delimited string
585 : * containing a formatted ACL specification. See aclparse for details.
586 : *
587 : * RETURNS:
588 : * the new string
589 : */
590 : Datum
591 13326 : aclitemout(PG_FUNCTION_ARGS)
592 : {
593 13326 : AclItem *aip = PG_GETARG_ACLITEM_P(0);
594 : char *p;
595 : char *out;
596 : HeapTuple htup;
597 : unsigned i;
598 :
599 13326 : out = palloc(strlen("=/") +
600 : 2 * N_ACL_RIGHTS +
601 : 2 * (2 * NAMEDATALEN + 2) +
602 : 1);
603 :
604 13326 : p = out;
605 13326 : *p = '\0';
606 :
607 13326 : if (aip->ai_grantee != ACL_ID_PUBLIC)
608 : {
609 1428 : htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantee));
610 1428 : if (HeapTupleIsValid(htup))
611 : {
612 1428 : putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
613 1428 : ReleaseSysCache(htup);
614 : }
615 : else
616 : {
617 : /* Generate numeric OID if we don't find an entry */
618 0 : sprintf(p, "%u", aip->ai_grantee);
619 : }
620 : }
621 56080 : while (*p)
622 29428 : ++p;
623 :
624 13326 : *p++ = '=';
625 :
626 173238 : for (i = 0; i < N_ACL_RIGHTS; ++i)
627 : {
628 159912 : if (ACLITEM_GET_PRIVS(*aip) & (1 << i))
629 14744 : *p++ = ACL_ALL_RIGHTS_STR[i];
630 159912 : if (ACLITEM_GET_GOPTIONS(*aip) & (1 << i))
631 80 : *p++ = '*';
632 : }
633 :
634 13326 : *p++ = '/';
635 13326 : *p = '\0';
636 :
637 13326 : htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantor));
638 13326 : if (HeapTupleIsValid(htup))
639 : {
640 13326 : putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
641 13326 : ReleaseSysCache(htup);
642 : }
643 : else
644 : {
645 : /* Generate numeric OID if we don't find an entry */
646 0 : sprintf(p, "%u", aip->ai_grantor);
647 : }
648 :
649 13326 : PG_RETURN_CSTRING(out);
650 : }
651 :
652 : /*
653 : * aclitem_match
654 : * Two AclItems are considered to match iff they have the same
655 : * grantee and grantor; the privileges are ignored.
656 : */
657 : static bool
658 40926 : aclitem_match(const AclItem *a1, const AclItem *a2)
659 : {
660 54342 : return a1->ai_grantee == a2->ai_grantee &&
661 13416 : a1->ai_grantor == a2->ai_grantor;
662 : }
663 :
664 : /*
665 : * aclitemComparator
666 : * qsort comparison function for AclItems
667 : */
668 : static int
669 94 : aclitemComparator(const void *arg1, const void *arg2)
670 : {
671 94 : const AclItem *a1 = (const AclItem *) arg1;
672 94 : const AclItem *a2 = (const AclItem *) arg2;
673 :
674 94 : if (a1->ai_grantee > a2->ai_grantee)
675 28 : return 1;
676 66 : if (a1->ai_grantee < a2->ai_grantee)
677 66 : return -1;
678 0 : if (a1->ai_grantor > a2->ai_grantor)
679 0 : return 1;
680 0 : if (a1->ai_grantor < a2->ai_grantor)
681 0 : return -1;
682 0 : if (a1->ai_privs > a2->ai_privs)
683 0 : return 1;
684 0 : if (a1->ai_privs < a2->ai_privs)
685 0 : return -1;
686 0 : return 0;
687 : }
688 :
689 : /*
690 : * aclitem equality operator
691 : */
692 : Datum
693 756242 : aclitem_eq(PG_FUNCTION_ARGS)
694 : {
695 756242 : AclItem *a1 = PG_GETARG_ACLITEM_P(0);
696 756242 : AclItem *a2 = PG_GETARG_ACLITEM_P(1);
697 : bool result;
698 :
699 2251702 : result = a1->ai_privs == a2->ai_privs &&
700 1495428 : a1->ai_grantee == a2->ai_grantee &&
701 739186 : a1->ai_grantor == a2->ai_grantor;
702 756242 : PG_RETURN_BOOL(result);
703 : }
704 :
705 : /*
706 : * aclitem hash function
707 : *
708 : * We make aclitems hashable not so much because anyone is likely to hash
709 : * them, as because we want array equality to work on aclitem arrays, and
710 : * with the typcache mechanism we must have a hash or btree opclass.
711 : */
712 : Datum
713 1007006 : hash_aclitem(PG_FUNCTION_ARGS)
714 : {
715 1007006 : AclItem *a = PG_GETARG_ACLITEM_P(0);
716 :
717 : /* not very bright, but avoids any issue of padding in struct */
718 1007006 : PG_RETURN_UINT32((uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor));
719 : }
720 :
721 : /*
722 : * 64-bit hash function for aclitem.
723 : *
724 : * Similar to hash_aclitem, but accepts a seed and returns a uint64 value.
725 : */
726 : Datum
727 8 : hash_aclitem_extended(PG_FUNCTION_ARGS)
728 : {
729 8 : AclItem *a = PG_GETARG_ACLITEM_P(0);
730 8 : uint64 seed = PG_GETARG_INT64(1);
731 8 : uint32 sum = (uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor);
732 :
733 8 : return (seed == 0) ? UInt64GetDatum(sum) : hash_uint32_extended(sum, seed);
734 : }
735 :
736 : /*
737 : * acldefault() --- create an ACL describing default access permissions
738 : *
739 : * Change this routine if you want to alter the default access policy for
740 : * newly-created objects (or any object with a NULL acl entry). When
741 : * you make a change here, don't forget to update the GRANT man page,
742 : * which explains all the default permissions.
743 : *
744 : * Note that these are the hard-wired "defaults" that are used in the
745 : * absence of any pg_default_acl entry.
746 : */
747 : Acl *
748 1369434 : acldefault(ObjectType objtype, Oid ownerId)
749 : {
750 : AclMode world_default;
751 : AclMode owner_default;
752 : int nacl;
753 : Acl *acl;
754 : AclItem *aip;
755 :
756 1369434 : switch (objtype)
757 : {
758 : case OBJECT_COLUMN:
759 : /* by default, columns have no extra privileges */
760 894778 : world_default = ACL_NO_RIGHTS;
761 894778 : owner_default = ACL_NO_RIGHTS;
762 894778 : break;
763 : case OBJECT_TABLE:
764 106702 : world_default = ACL_NO_RIGHTS;
765 106702 : owner_default = ACL_ALL_RIGHTS_RELATION;
766 106702 : break;
767 : case OBJECT_SEQUENCE:
768 1862 : world_default = ACL_NO_RIGHTS;
769 1862 : owner_default = ACL_ALL_RIGHTS_SEQUENCE;
770 1862 : break;
771 : case OBJECT_DATABASE:
772 : /* for backwards compatibility, grant some rights by default */
773 1132 : world_default = ACL_CREATE_TEMP | ACL_CONNECT;
774 1132 : owner_default = ACL_ALL_RIGHTS_DATABASE;
775 1132 : break;
776 : case OBJECT_FUNCTION:
777 : /* Grant EXECUTE by default, for now */
778 41530 : world_default = ACL_EXECUTE;
779 41530 : owner_default = ACL_ALL_RIGHTS_FUNCTION;
780 41530 : break;
781 : case OBJECT_LANGUAGE:
782 : /* Grant USAGE by default, for now */
783 814 : world_default = ACL_USAGE;
784 814 : owner_default = ACL_ALL_RIGHTS_LANGUAGE;
785 814 : break;
786 : case OBJECT_LARGEOBJECT:
787 210 : world_default = ACL_NO_RIGHTS;
788 210 : owner_default = ACL_ALL_RIGHTS_LARGEOBJECT;
789 210 : break;
790 : case OBJECT_SCHEMA:
791 4476 : world_default = ACL_NO_RIGHTS;
792 4476 : owner_default = ACL_ALL_RIGHTS_SCHEMA;
793 4476 : break;
794 : case OBJECT_TABLESPACE:
795 4 : world_default = ACL_NO_RIGHTS;
796 4 : owner_default = ACL_ALL_RIGHTS_TABLESPACE;
797 4 : break;
798 : case OBJECT_FDW:
799 158 : world_default = ACL_NO_RIGHTS;
800 158 : owner_default = ACL_ALL_RIGHTS_FDW;
801 158 : break;
802 : case OBJECT_FOREIGN_SERVER:
803 234 : world_default = ACL_NO_RIGHTS;
804 234 : owner_default = ACL_ALL_RIGHTS_FOREIGN_SERVER;
805 234 : break;
806 : case OBJECT_DOMAIN:
807 : case OBJECT_TYPE:
808 317534 : world_default = ACL_USAGE;
809 317534 : owner_default = ACL_ALL_RIGHTS_TYPE;
810 317534 : break;
811 : default:
812 0 : elog(ERROR, "unrecognized objtype: %d", (int) objtype);
813 : world_default = ACL_NO_RIGHTS; /* keep compiler quiet */
814 : owner_default = ACL_NO_RIGHTS;
815 : break;
816 : }
817 :
818 1369434 : nacl = 0;
819 1369434 : if (world_default != ACL_NO_RIGHTS)
820 361010 : nacl++;
821 1369434 : if (owner_default != ACL_NO_RIGHTS)
822 474656 : nacl++;
823 :
824 1369434 : acl = allocacl(nacl);
825 1369434 : aip = ACL_DAT(acl);
826 :
827 1369434 : if (world_default != ACL_NO_RIGHTS)
828 : {
829 361010 : aip->ai_grantee = ACL_ID_PUBLIC;
830 361010 : aip->ai_grantor = ownerId;
831 361010 : ACLITEM_SET_PRIVS_GOPTIONS(*aip, world_default, ACL_NO_RIGHTS);
832 361010 : aip++;
833 : }
834 :
835 : /*
836 : * Note that the owner's entry shows all ordinary privileges but no grant
837 : * options. This is because his grant options come "from the system" and
838 : * not from his own efforts. (The SQL spec says that the owner's rights
839 : * come from a "_SYSTEM" authid.) However, we do consider that the
840 : * owner's ordinary privileges are self-granted; this lets him revoke
841 : * them. We implement the owner's grant options without any explicit
842 : * "_SYSTEM"-like ACL entry, by internally special-casing the owner
843 : * wherever we are testing grant options.
844 : */
845 1369434 : if (owner_default != ACL_NO_RIGHTS)
846 : {
847 474656 : aip->ai_grantee = ownerId;
848 474656 : aip->ai_grantor = ownerId;
849 474656 : ACLITEM_SET_PRIVS_GOPTIONS(*aip, owner_default, ACL_NO_RIGHTS);
850 : }
851 :
852 1369434 : return acl;
853 : }
854 :
855 :
856 : /*
857 : * SQL-accessible version of acldefault(). Hackish mapping from "char" type to
858 : * OBJECT_* values.
859 : */
860 : Datum
861 1271082 : acldefault_sql(PG_FUNCTION_ARGS)
862 : {
863 1271082 : char objtypec = PG_GETARG_CHAR(0);
864 1271082 : Oid owner = PG_GETARG_OID(1);
865 1271082 : ObjectType objtype = 0;
866 :
867 1271082 : switch (objtypec)
868 : {
869 : case 'c':
870 849892 : objtype = OBJECT_COLUMN;
871 849892 : break;
872 : case 'r':
873 81710 : objtype = OBJECT_TABLE;
874 81710 : break;
875 : case 's':
876 1784 : objtype = OBJECT_SEQUENCE;
877 1784 : break;
878 : case 'd':
879 280 : objtype = OBJECT_DATABASE;
880 280 : break;
881 : case 'f':
882 17264 : objtype = OBJECT_FUNCTION;
883 17264 : break;
884 : case 'l':
885 764 : objtype = OBJECT_LANGUAGE;
886 764 : break;
887 : case 'L':
888 160 : objtype = OBJECT_LARGEOBJECT;
889 160 : break;
890 : case 'n':
891 3320 : objtype = OBJECT_SCHEMA;
892 3320 : break;
893 : case 't':
894 0 : objtype = OBJECT_TABLESPACE;
895 0 : break;
896 : case 'F':
897 140 : objtype = OBJECT_FDW;
898 140 : break;
899 : case 'S':
900 140 : objtype = OBJECT_FOREIGN_SERVER;
901 140 : break;
902 : case 'T':
903 315628 : objtype = OBJECT_TYPE;
904 315628 : break;
905 : default:
906 0 : elog(ERROR, "unrecognized objtype abbreviation: %c", objtypec);
907 : }
908 :
909 1271082 : PG_RETURN_ACL_P(acldefault(objtype, owner));
910 : }
911 :
912 :
913 : /*
914 : * Update an ACL array to add or remove specified privileges.
915 : *
916 : * old_acl: the input ACL array
917 : * mod_aip: defines the privileges to be added, removed, or substituted
918 : * modechg: ACL_MODECHG_ADD, ACL_MODECHG_DEL, or ACL_MODECHG_EQL
919 : * ownerId: Oid of object owner
920 : * behavior: RESTRICT or CASCADE behavior for recursive removal
921 : *
922 : * ownerid and behavior are only relevant when the update operation specifies
923 : * deletion of grant options.
924 : *
925 : * The result is a modified copy; the input object is not changed.
926 : *
927 : * NB: caller is responsible for having detoasted the input ACL, if needed.
928 : */
929 : Acl *
930 84808 : aclupdate(const Acl *old_acl, const AclItem *mod_aip,
931 : int modechg, Oid ownerId, DropBehavior behavior)
932 : {
933 84808 : Acl *new_acl = NULL;
934 : AclItem *old_aip,
935 84808 : *new_aip = NULL;
936 : AclMode old_rights,
937 : old_goptions,
938 : new_rights,
939 : new_goptions;
940 : int dst,
941 : num;
942 :
943 : /* Caller probably already checked old_acl, but be safe */
944 84808 : check_acl(old_acl);
945 :
946 : /* If granting grant options, check for circularity */
947 110374 : if (modechg != ACL_MODECHG_DEL &&
948 25566 : ACLITEM_GET_GOPTIONS(*mod_aip) != ACL_NO_RIGHTS)
949 40 : check_circularity(old_acl, mod_aip, ownerId);
950 :
951 84808 : num = ACL_NUM(old_acl);
952 84808 : old_aip = ACL_DAT(old_acl);
953 :
954 : /*
955 : * Search the ACL for an existing entry for this grantee and grantor. If
956 : * one exists, just modify the entry in-place (well, in the same position,
957 : * since we actually return a copy); otherwise, insert the new entry at
958 : * the end.
959 : */
960 :
961 112334 : for (dst = 0; dst < num; ++dst)
962 : {
963 40920 : if (aclitem_match(mod_aip, old_aip + dst))
964 : {
965 : /* found a match, so modify existing item */
966 13394 : new_acl = allocacl(num);
967 13394 : new_aip = ACL_DAT(new_acl);
968 13394 : memcpy(new_acl, old_acl, ACL_SIZE(old_acl));
969 13394 : break;
970 : }
971 : }
972 :
973 84808 : if (dst == num)
974 : {
975 : /* need to append a new item */
976 71414 : new_acl = allocacl(num + 1);
977 71414 : new_aip = ACL_DAT(new_acl);
978 71414 : memcpy(new_aip, old_aip, num * sizeof(AclItem));
979 :
980 : /* initialize the new entry with no permissions */
981 71414 : new_aip[dst].ai_grantee = mod_aip->ai_grantee;
982 71414 : new_aip[dst].ai_grantor = mod_aip->ai_grantor;
983 71414 : ACLITEM_SET_PRIVS_GOPTIONS(new_aip[dst],
984 : ACL_NO_RIGHTS, ACL_NO_RIGHTS);
985 71414 : num++; /* set num to the size of new_acl */
986 : }
987 :
988 84808 : old_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
989 84808 : old_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
990 :
991 : /* apply the specified permissions change */
992 84808 : switch (modechg)
993 : {
994 : case ACL_MODECHG_ADD:
995 25566 : ACLITEM_SET_RIGHTS(new_aip[dst],
996 : old_rights | ACLITEM_GET_RIGHTS(*mod_aip));
997 25566 : break;
998 : case ACL_MODECHG_DEL:
999 59242 : ACLITEM_SET_RIGHTS(new_aip[dst],
1000 : old_rights & ~ACLITEM_GET_RIGHTS(*mod_aip));
1001 59242 : break;
1002 : case ACL_MODECHG_EQL:
1003 0 : ACLITEM_SET_RIGHTS(new_aip[dst],
1004 : ACLITEM_GET_RIGHTS(*mod_aip));
1005 0 : break;
1006 : }
1007 :
1008 84808 : new_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
1009 84808 : new_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
1010 :
1011 : /*
1012 : * If the adjusted entry has no permissions, delete it from the list.
1013 : */
1014 84808 : if (new_rights == ACL_NO_RIGHTS)
1015 : {
1016 175704 : memmove(new_aip + dst,
1017 117136 : new_aip + dst + 1,
1018 58568 : (num - dst - 1) * sizeof(AclItem));
1019 : /* Adjust array size to be 'num - 1' items */
1020 58568 : ARR_DIMS(new_acl)[0] = num - 1;
1021 58568 : SET_VARSIZE(new_acl, ACL_N_SIZE(num - 1));
1022 : }
1023 :
1024 : /*
1025 : * Remove abandoned privileges (cascading revoke). Currently we can only
1026 : * handle this when the grantee is not PUBLIC.
1027 : */
1028 84808 : if ((old_goptions & ~new_goptions) != 0)
1029 : {
1030 : Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1031 40 : new_acl = recursive_revoke(new_acl, mod_aip->ai_grantee,
1032 40 : (old_goptions & ~new_goptions),
1033 : ownerId, behavior);
1034 : }
1035 :
1036 84800 : return new_acl;
1037 : }
1038 :
1039 : /*
1040 : * Update an ACL array to reflect a change of owner to the parent object
1041 : *
1042 : * old_acl: the input ACL array (must not be NULL)
1043 : * oldOwnerId: Oid of the old object owner
1044 : * newOwnerId: Oid of the new object owner
1045 : *
1046 : * The result is a modified copy; the input object is not changed.
1047 : *
1048 : * NB: caller is responsible for having detoasted the input ACL, if needed.
1049 : */
1050 : Acl *
1051 22 : aclnewowner(const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)
1052 : {
1053 : Acl *new_acl;
1054 : AclItem *new_aip;
1055 : AclItem *old_aip;
1056 : AclItem *dst_aip;
1057 : AclItem *src_aip;
1058 : AclItem *targ_aip;
1059 22 : bool newpresent = false;
1060 : int dst,
1061 : src,
1062 : targ,
1063 : num;
1064 :
1065 22 : check_acl(old_acl);
1066 :
1067 : /*
1068 : * Make a copy of the given ACL, substituting new owner ID for old
1069 : * wherever it appears as either grantor or grantee. Also note if the new
1070 : * owner ID is already present.
1071 : */
1072 22 : num = ACL_NUM(old_acl);
1073 22 : old_aip = ACL_DAT(old_acl);
1074 22 : new_acl = allocacl(num);
1075 22 : new_aip = ACL_DAT(new_acl);
1076 22 : memcpy(new_aip, old_aip, num * sizeof(AclItem));
1077 58 : for (dst = 0, dst_aip = new_aip; dst < num; dst++, dst_aip++)
1078 : {
1079 36 : if (dst_aip->ai_grantor == oldOwnerId)
1080 36 : dst_aip->ai_grantor = newOwnerId;
1081 0 : else if (dst_aip->ai_grantor == newOwnerId)
1082 0 : newpresent = true;
1083 36 : if (dst_aip->ai_grantee == oldOwnerId)
1084 22 : dst_aip->ai_grantee = newOwnerId;
1085 14 : else if (dst_aip->ai_grantee == newOwnerId)
1086 6 : newpresent = true;
1087 : }
1088 :
1089 : /*
1090 : * If the old ACL contained any references to the new owner, then we may
1091 : * now have generated an ACL containing duplicate entries. Find them and
1092 : * merge them so that there are not duplicates. (This is relatively
1093 : * expensive since we use a stupid O(N^2) algorithm, but it's unlikely to
1094 : * be the normal case.)
1095 : *
1096 : * To simplify deletion of duplicate entries, we temporarily leave them in
1097 : * the array but set their privilege masks to zero; when we reach such an
1098 : * entry it's just skipped. (Thus, a side effect of this code will be to
1099 : * remove privilege-free entries, should there be any in the input.) dst
1100 : * is the next output slot, targ is the currently considered input slot
1101 : * (always >= dst), and src scans entries to the right of targ looking for
1102 : * duplicates. Once an entry has been emitted to dst it is known
1103 : * duplicate-free and need not be considered anymore.
1104 : */
1105 22 : if (newpresent)
1106 : {
1107 6 : dst = 0;
1108 18 : for (targ = 0, targ_aip = new_aip; targ < num; targ++, targ_aip++)
1109 : {
1110 : /* ignore if deleted in an earlier pass */
1111 12 : if (ACLITEM_GET_RIGHTS(*targ_aip) == ACL_NO_RIGHTS)
1112 6 : continue;
1113 : /* find and merge any duplicates */
1114 18 : for (src = targ + 1, src_aip = targ_aip + 1; src < num;
1115 6 : src++, src_aip++)
1116 : {
1117 6 : if (ACLITEM_GET_RIGHTS(*src_aip) == ACL_NO_RIGHTS)
1118 0 : continue;
1119 6 : if (aclitem_match(targ_aip, src_aip))
1120 : {
1121 6 : ACLITEM_SET_RIGHTS(*targ_aip,
1122 : ACLITEM_GET_RIGHTS(*targ_aip) |
1123 : ACLITEM_GET_RIGHTS(*src_aip));
1124 : /* mark the duplicate deleted */
1125 6 : ACLITEM_SET_RIGHTS(*src_aip, ACL_NO_RIGHTS);
1126 : }
1127 : }
1128 : /* and emit to output */
1129 6 : new_aip[dst] = *targ_aip;
1130 6 : dst++;
1131 : }
1132 : /* Adjust array size to be 'dst' items */
1133 6 : ARR_DIMS(new_acl)[0] = dst;
1134 6 : SET_VARSIZE(new_acl, ACL_N_SIZE(dst));
1135 : }
1136 :
1137 22 : return new_acl;
1138 : }
1139 :
1140 :
1141 : /*
1142 : * When granting grant options, we must disallow attempts to set up circular
1143 : * chains of grant options. Suppose A (the object owner) grants B some
1144 : * privileges with grant option, and B re-grants them to C. If C could
1145 : * grant the privileges to B as well, then A would be unable to effectively
1146 : * revoke the privileges from B, since recursive_revoke would consider that
1147 : * B still has 'em from C.
1148 : *
1149 : * We check for this by recursively deleting all grant options belonging to
1150 : * the target grantee, and then seeing if the would-be grantor still has the
1151 : * grant option or not.
1152 : */
1153 : static void
1154 40 : check_circularity(const Acl *old_acl, const AclItem *mod_aip,
1155 : Oid ownerId)
1156 : {
1157 : Acl *acl;
1158 : AclItem *aip;
1159 : int i,
1160 : num;
1161 : AclMode own_privs;
1162 :
1163 40 : check_acl(old_acl);
1164 :
1165 : /*
1166 : * For now, grant options can only be granted to roles, not PUBLIC.
1167 : * Otherwise we'd have to work a bit harder here.
1168 : */
1169 : Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1170 :
1171 : /* The owner always has grant options, no need to check */
1172 40 : if (mod_aip->ai_grantor == ownerId)
1173 32 : return;
1174 :
1175 : /* Make a working copy */
1176 8 : acl = allocacl(ACL_NUM(old_acl));
1177 8 : memcpy(acl, old_acl, ACL_SIZE(old_acl));
1178 :
1179 : /* Zap all grant options of target grantee, plus what depends on 'em */
1180 : cc_restart:
1181 12 : num = ACL_NUM(acl);
1182 12 : aip = ACL_DAT(acl);
1183 48 : for (i = 0; i < num; i++)
1184 : {
1185 44 : if (aip[i].ai_grantee == mod_aip->ai_grantee &&
1186 4 : ACLITEM_GET_GOPTIONS(aip[i]) != ACL_NO_RIGHTS)
1187 : {
1188 : Acl *new_acl;
1189 :
1190 : /* We'll actually zap ordinary privs too, but no matter */
1191 4 : new_acl = aclupdate(acl, &aip[i], ACL_MODECHG_DEL,
1192 : ownerId, DROP_CASCADE);
1193 :
1194 4 : pfree(acl);
1195 4 : acl = new_acl;
1196 :
1197 4 : goto cc_restart;
1198 : }
1199 : }
1200 :
1201 : /* Now we can compute grantor's independently-derived privileges */
1202 8 : own_privs = aclmask(acl,
1203 : mod_aip->ai_grantor,
1204 : ownerId,
1205 8 : ACL_GRANT_OPTION_FOR(ACLITEM_GET_GOPTIONS(*mod_aip)),
1206 : ACLMASK_ALL);
1207 8 : own_privs = ACL_OPTION_TO_PRIVS(own_privs);
1208 :
1209 8 : if ((ACLITEM_GET_GOPTIONS(*mod_aip) & ~own_privs) != 0)
1210 0 : ereport(ERROR,
1211 : (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1212 : errmsg("grant options cannot be granted back to your own grantor")));
1213 :
1214 8 : pfree(acl);
1215 : }
1216 :
1217 :
1218 : /*
1219 : * Ensure that no privilege is "abandoned". A privilege is abandoned
1220 : * if the user that granted the privilege loses the grant option. (So
1221 : * the chain through which it was granted is broken.) Either the
1222 : * abandoned privileges are revoked as well, or an error message is
1223 : * printed, depending on the drop behavior option.
1224 : *
1225 : * acl: the input ACL list
1226 : * grantee: the user from whom some grant options have been revoked
1227 : * revoke_privs: the grant options being revoked
1228 : * ownerId: Oid of object owner
1229 : * behavior: RESTRICT or CASCADE behavior for recursive removal
1230 : *
1231 : * The input Acl object is pfree'd if replaced.
1232 : */
1233 : static Acl *
1234 40 : recursive_revoke(Acl *acl,
1235 : Oid grantee,
1236 : AclMode revoke_privs,
1237 : Oid ownerId,
1238 : DropBehavior behavior)
1239 : {
1240 : AclMode still_has;
1241 : AclItem *aip;
1242 : int i,
1243 : num;
1244 :
1245 40 : check_acl(acl);
1246 :
1247 : /* The owner can never truly lose grant options, so short-circuit */
1248 40 : if (grantee == ownerId)
1249 0 : return acl;
1250 :
1251 : /* The grantee might still have some grant options via another grantor */
1252 40 : still_has = aclmask(acl, grantee, ownerId,
1253 : ACL_GRANT_OPTION_FOR(revoke_privs),
1254 : ACLMASK_ALL);
1255 40 : revoke_privs &= ~ACL_OPTION_TO_PRIVS(still_has);
1256 40 : if (revoke_privs == ACL_NO_RIGHTS)
1257 4 : return acl;
1258 :
1259 : restart:
1260 52 : num = ACL_NUM(acl);
1261 52 : aip = ACL_DAT(acl);
1262 176 : for (i = 0; i < num; i++)
1263 : {
1264 148 : if (aip[i].ai_grantor == grantee
1265 24 : && (ACLITEM_GET_PRIVS(aip[i]) & revoke_privs) != 0)
1266 : {
1267 : AclItem mod_acl;
1268 : Acl *new_acl;
1269 :
1270 24 : if (behavior == DROP_RESTRICT)
1271 8 : ereport(ERROR,
1272 : (errcode(ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST),
1273 : errmsg("dependent privileges exist"),
1274 : errhint("Use CASCADE to revoke them too.")));
1275 :
1276 16 : mod_acl.ai_grantor = grantee;
1277 16 : mod_acl.ai_grantee = aip[i].ai_grantee;
1278 16 : ACLITEM_SET_PRIVS_GOPTIONS(mod_acl,
1279 : revoke_privs,
1280 : revoke_privs);
1281 :
1282 16 : new_acl = aclupdate(acl, &mod_acl, ACL_MODECHG_DEL,
1283 : ownerId, behavior);
1284 :
1285 16 : pfree(acl);
1286 16 : acl = new_acl;
1287 :
1288 16 : goto restart;
1289 : }
1290 : }
1291 :
1292 28 : return acl;
1293 : }
1294 :
1295 :
1296 : /*
1297 : * aclmask --- compute bitmask of all privileges held by roleid.
1298 : *
1299 : * When 'how' = ACLMASK_ALL, this simply returns the privilege bits
1300 : * held by the given roleid according to the given ACL list, ANDed
1301 : * with 'mask'. (The point of passing 'mask' is to let the routine
1302 : * exit early if all privileges of interest have been found.)
1303 : *
1304 : * When 'how' = ACLMASK_ANY, returns as soon as any bit in the mask
1305 : * is known true. (This lets us exit soonest in cases where the
1306 : * caller is only going to test for zero or nonzero result.)
1307 : *
1308 : * Usage patterns:
1309 : *
1310 : * To see if any of a set of privileges are held:
1311 : * if (aclmask(acl, roleid, ownerId, privs, ACLMASK_ANY) != 0)
1312 : *
1313 : * To see if all of a set of privileges are held:
1314 : * if (aclmask(acl, roleid, ownerId, privs, ACLMASK_ALL) == privs)
1315 : *
1316 : * To determine exactly which of a set of privileges are held:
1317 : * heldprivs = aclmask(acl, roleid, ownerId, privs, ACLMASK_ALL);
1318 : */
1319 : AclMode
1320 36006 : aclmask(const Acl *acl, Oid roleid, Oid ownerId,
1321 : AclMode mask, AclMaskHow how)
1322 : {
1323 : AclMode result;
1324 : AclMode remaining;
1325 : AclItem *aidat;
1326 : int i,
1327 : num;
1328 :
1329 : /*
1330 : * Null ACL should not happen, since caller should have inserted
1331 : * appropriate default
1332 : */
1333 36006 : if (acl == NULL)
1334 0 : elog(ERROR, "null ACL");
1335 :
1336 36006 : check_acl(acl);
1337 :
1338 : /* Quick exit for mask == 0 */
1339 36006 : if (mask == 0)
1340 32 : return 0;
1341 :
1342 35974 : result = 0;
1343 :
1344 : /* Owner always implicitly has all grant options */
1345 36070 : if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1346 96 : has_privs_of_role(roleid, ownerId))
1347 : {
1348 4 : result = mask & ACLITEM_ALL_GOPTION_BITS;
1349 4 : if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1350 4 : return result;
1351 : }
1352 :
1353 35970 : num = ACL_NUM(acl);
1354 35970 : aidat = ACL_DAT(acl);
1355 :
1356 : /*
1357 : * Check privileges granted directly to roleid or to public
1358 : */
1359 55964 : for (i = 0; i < num; i++)
1360 : {
1361 54348 : AclItem *aidata = &aidat[i];
1362 :
1363 77978 : if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1364 23630 : aidata->ai_grantee == roleid)
1365 : {
1366 34930 : result |= aidata->ai_privs & mask;
1367 34930 : if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1368 34354 : return result;
1369 : }
1370 : }
1371 :
1372 : /*
1373 : * Check privileges granted indirectly via role memberships. We do this in
1374 : * a separate pass to minimize expensive indirect membership tests. In
1375 : * particular, it's worth testing whether a given ACL entry grants any
1376 : * privileges still of interest before we perform the has_privs_of_role
1377 : * test.
1378 : */
1379 1616 : remaining = mask & ~result;
1380 4294 : for (i = 0; i < num; i++)
1381 : {
1382 2702 : AclItem *aidata = &aidat[i];
1383 :
1384 5380 : if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1385 2678 : aidata->ai_grantee == roleid)
1386 564 : continue; /* already checked it */
1387 :
1388 3972 : if ((aidata->ai_privs & remaining) &&
1389 1834 : has_privs_of_role(roleid, aidata->ai_grantee))
1390 : {
1391 24 : result |= aidata->ai_privs & mask;
1392 24 : if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1393 24 : return result;
1394 0 : remaining = mask & ~result;
1395 : }
1396 : }
1397 :
1398 1592 : return result;
1399 : }
1400 :
1401 :
1402 : /*
1403 : * aclmask_direct --- compute bitmask of all privileges held by roleid.
1404 : *
1405 : * This is exactly like aclmask() except that we consider only privileges
1406 : * held *directly* by roleid, not those inherited via role membership.
1407 : */
1408 : static AclMode
1409 144 : aclmask_direct(const Acl *acl, Oid roleid, Oid ownerId,
1410 : AclMode mask, AclMaskHow how)
1411 : {
1412 : AclMode result;
1413 : AclItem *aidat;
1414 : int i,
1415 : num;
1416 :
1417 : /*
1418 : * Null ACL should not happen, since caller should have inserted
1419 : * appropriate default
1420 : */
1421 144 : if (acl == NULL)
1422 0 : elog(ERROR, "null ACL");
1423 :
1424 144 : check_acl(acl);
1425 :
1426 : /* Quick exit for mask == 0 */
1427 144 : if (mask == 0)
1428 0 : return 0;
1429 :
1430 144 : result = 0;
1431 :
1432 : /* Owner always implicitly has all grant options */
1433 144 : if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1434 : roleid == ownerId)
1435 : {
1436 0 : result = mask & ACLITEM_ALL_GOPTION_BITS;
1437 0 : if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1438 0 : return result;
1439 : }
1440 :
1441 144 : num = ACL_NUM(acl);
1442 144 : aidat = ACL_DAT(acl);
1443 :
1444 : /*
1445 : * Check privileges granted directly to roleid (and not to public)
1446 : */
1447 416 : for (i = 0; i < num; i++)
1448 : {
1449 364 : AclItem *aidata = &aidat[i];
1450 :
1451 364 : if (aidata->ai_grantee == roleid)
1452 : {
1453 116 : result |= aidata->ai_privs & mask;
1454 116 : if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1455 92 : return result;
1456 : }
1457 : }
1458 :
1459 52 : return result;
1460 : }
1461 :
1462 :
1463 : /*
1464 : * aclmembers
1465 : * Find out all the roleids mentioned in an Acl.
1466 : * Note that we do not distinguish grantors from grantees.
1467 : *
1468 : * *roleids is set to point to a palloc'd array containing distinct OIDs
1469 : * in sorted order. The length of the array is the function result.
1470 : */
1471 : int
1472 87852 : aclmembers(const Acl *acl, Oid **roleids)
1473 : {
1474 : Oid *list;
1475 : const AclItem *acldat;
1476 : int i,
1477 : j,
1478 : k;
1479 :
1480 87852 : if (acl == NULL || ACL_NUM(acl) == 0)
1481 : {
1482 42856 : *roleids = NULL;
1483 42856 : return 0;
1484 : }
1485 :
1486 44996 : check_acl(acl);
1487 :
1488 : /* Allocate the worst-case space requirement */
1489 44996 : list = palloc(ACL_NUM(acl) * 2 * sizeof(Oid));
1490 44996 : acldat = ACL_DAT(acl);
1491 :
1492 : /*
1493 : * Walk the ACL collecting mentioned RoleIds.
1494 : */
1495 44996 : j = 0;
1496 115270 : for (i = 0; i < ACL_NUM(acl); i++)
1497 : {
1498 70274 : const AclItem *ai = &acldat[i];
1499 :
1500 70274 : if (ai->ai_grantee != ACL_ID_PUBLIC)
1501 46292 : list[j++] = ai->ai_grantee;
1502 : /* grantor is currently never PUBLIC, but let's check anyway */
1503 70274 : if (ai->ai_grantor != ACL_ID_PUBLIC)
1504 70274 : list[j++] = ai->ai_grantor;
1505 : }
1506 :
1507 : /* Sort the array */
1508 44996 : qsort(list, j, sizeof(Oid), oid_cmp);
1509 :
1510 : /* Remove duplicates from the array */
1511 44996 : k = 0;
1512 116566 : for (i = 1; i < j; i++)
1513 : {
1514 71570 : if (list[k] != list[i])
1515 3596 : list[++k] = list[i];
1516 : }
1517 :
1518 : /*
1519 : * We could repalloc the array down to minimum size, but it's hardly worth
1520 : * it since it's only transient memory.
1521 : */
1522 44996 : *roleids = list;
1523 :
1524 44996 : return k + 1;
1525 : }
1526 :
1527 :
1528 : /*
1529 : * aclinsert (exported function)
1530 : */
1531 : Datum
1532 0 : aclinsert(PG_FUNCTION_ARGS)
1533 : {
1534 0 : ereport(ERROR,
1535 : (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1536 : errmsg("aclinsert is no longer supported")));
1537 :
1538 : PG_RETURN_NULL(); /* keep compiler quiet */
1539 : }
1540 :
1541 : Datum
1542 0 : aclremove(PG_FUNCTION_ARGS)
1543 : {
1544 0 : ereport(ERROR,
1545 : (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1546 : errmsg("aclremove is no longer supported")));
1547 :
1548 : PG_RETURN_NULL(); /* keep compiler quiet */
1549 : }
1550 :
1551 : Datum
1552 0 : aclcontains(PG_FUNCTION_ARGS)
1553 : {
1554 0 : Acl *acl = PG_GETARG_ACL_P(0);
1555 0 : AclItem *aip = PG_GETARG_ACLITEM_P(1);
1556 : AclItem *aidat;
1557 : int i,
1558 : num;
1559 :
1560 0 : check_acl(acl);
1561 0 : num = ACL_NUM(acl);
1562 0 : aidat = ACL_DAT(acl);
1563 0 : for (i = 0; i < num; ++i)
1564 : {
1565 0 : if (aip->ai_grantee == aidat[i].ai_grantee &&
1566 0 : aip->ai_grantor == aidat[i].ai_grantor &&
1567 0 : (ACLITEM_GET_RIGHTS(*aip) & ACLITEM_GET_RIGHTS(aidat[i])) == ACLITEM_GET_RIGHTS(*aip))
1568 0 : PG_RETURN_BOOL(true);
1569 : }
1570 0 : PG_RETURN_BOOL(false);
1571 : }
1572 :
1573 : Datum
1574 0 : makeaclitem(PG_FUNCTION_ARGS)
1575 : {
1576 0 : Oid grantee = PG_GETARG_OID(0);
1577 0 : Oid grantor = PG_GETARG_OID(1);
1578 0 : text *privtext = PG_GETARG_TEXT_PP(2);
1579 0 : bool goption = PG_GETARG_BOOL(3);
1580 : AclItem *result;
1581 : AclMode priv;
1582 :
1583 0 : priv = convert_priv_string(privtext);
1584 :
1585 0 : result = (AclItem *) palloc(sizeof(AclItem));
1586 :
1587 0 : result->ai_grantee = grantee;
1588 0 : result->ai_grantor = grantor;
1589 :
1590 0 : ACLITEM_SET_PRIVS_GOPTIONS(*result, priv,
1591 : (goption ? priv : ACL_NO_RIGHTS));
1592 :
1593 0 : PG_RETURN_ACLITEM_P(result);
1594 : }
1595 :
1596 : static AclMode
1597 0 : convert_priv_string(text *priv_type_text)
1598 : {
1599 0 : char *priv_type = text_to_cstring(priv_type_text);
1600 :
1601 0 : if (pg_strcasecmp(priv_type, "SELECT") == 0)
1602 0 : return ACL_SELECT;
1603 0 : if (pg_strcasecmp(priv_type, "INSERT") == 0)
1604 0 : return ACL_INSERT;
1605 0 : if (pg_strcasecmp(priv_type, "UPDATE") == 0)
1606 0 : return ACL_UPDATE;
1607 0 : if (pg_strcasecmp(priv_type, "DELETE") == 0)
1608 0 : return ACL_DELETE;
1609 0 : if (pg_strcasecmp(priv_type, "TRUNCATE") == 0)
1610 0 : return ACL_TRUNCATE;
1611 0 : if (pg_strcasecmp(priv_type, "REFERENCES") == 0)
1612 0 : return ACL_REFERENCES;
1613 0 : if (pg_strcasecmp(priv_type, "TRIGGER") == 0)
1614 0 : return ACL_TRIGGER;
1615 0 : if (pg_strcasecmp(priv_type, "EXECUTE") == 0)
1616 0 : return ACL_EXECUTE;
1617 0 : if (pg_strcasecmp(priv_type, "USAGE") == 0)
1618 0 : return ACL_USAGE;
1619 0 : if (pg_strcasecmp(priv_type, "CREATE") == 0)
1620 0 : return ACL_CREATE;
1621 0 : if (pg_strcasecmp(priv_type, "TEMP") == 0)
1622 0 : return ACL_CREATE_TEMP;
1623 0 : if (pg_strcasecmp(priv_type, "TEMPORARY") == 0)
1624 0 : return ACL_CREATE_TEMP;
1625 0 : if (pg_strcasecmp(priv_type, "CONNECT") == 0)
1626 0 : return ACL_CONNECT;
1627 0 : if (pg_strcasecmp(priv_type, "RULE") == 0)
1628 0 : return 0; /* ignore old RULE privileges */
1629 :
1630 0 : ereport(ERROR,
1631 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1632 : errmsg("unrecognized privilege type: \"%s\"", priv_type)));
1633 : return ACL_NO_RIGHTS; /* keep compiler quiet */
1634 : }
1635 :
1636 :
1637 : /*
1638 : * convert_any_priv_string: recognize privilege strings for has_foo_privilege
1639 : *
1640 : * We accept a comma-separated list of case-insensitive privilege names,
1641 : * producing a bitmask of the OR'd privilege bits. We are liberal about
1642 : * whitespace between items, not so much about whitespace within items.
1643 : * The allowed privilege names are given as an array of priv_map structs,
1644 : * terminated by one with a NULL name pointer.
1645 : */
1646 : static AclMode
1647 62648 : convert_any_priv_string(text *priv_type_text,
1648 : const priv_map *privileges)
1649 : {
1650 62648 : AclMode result = 0;
1651 62648 : char *priv_type = text_to_cstring(priv_type_text);
1652 : char *chunk;
1653 : char *next_chunk;
1654 :
1655 : /* We rely on priv_type being a private, modifiable string */
1656 125364 : for (chunk = priv_type; chunk; chunk = next_chunk)
1657 : {
1658 : int chunk_len;
1659 : const priv_map *this_priv;
1660 :
1661 : /* Split string at commas */
1662 62724 : next_chunk = strchr(chunk, ',');
1663 62724 : if (next_chunk)
1664 76 : *next_chunk++ = '\0';
1665 :
1666 : /* Drop leading/trailing whitespace in this chunk */
1667 125448 : while (*chunk && isspace((unsigned char) *chunk))
1668 0 : chunk++;
1669 62724 : chunk_len = strlen(chunk);
1670 125448 : while (chunk_len > 0 && isspace((unsigned char) chunk[chunk_len - 1]))
1671 0 : chunk_len--;
1672 62724 : chunk[chunk_len] = '\0';
1673 :
1674 : /* Match to the privileges list */
1675 63776 : for (this_priv = privileges; this_priv->name; this_priv++)
1676 : {
1677 63768 : if (pg_strcasecmp(this_priv->name, chunk) == 0)
1678 : {
1679 62716 : result |= this_priv->value;
1680 62716 : break;
1681 : }
1682 : }
1683 62724 : if (!this_priv->name)
1684 8 : ereport(ERROR,
1685 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1686 : errmsg("unrecognized privilege type: \"%s\"", chunk)));
1687 : }
1688 :
1689 62640 : pfree(priv_type);
1690 62640 : return result;
1691 : }
1692 :
1693 :
1694 : static const char *
1695 64 : convert_aclright_to_string(int aclright)
1696 : {
1697 64 : switch (aclright)
1698 : {
1699 : case ACL_INSERT:
1700 0 : return "INSERT";
1701 : case ACL_SELECT:
1702 0 : return "SELECT";
1703 : case ACL_UPDATE:
1704 0 : return "UPDATE";
1705 : case ACL_DELETE:
1706 0 : return "DELETE";
1707 : case ACL_TRUNCATE:
1708 0 : return "TRUNCATE";
1709 : case ACL_REFERENCES:
1710 0 : return "REFERENCES";
1711 : case ACL_TRIGGER:
1712 0 : return "TRIGGER";
1713 : case ACL_EXECUTE:
1714 0 : return "EXECUTE";
1715 : case ACL_USAGE:
1716 64 : return "USAGE";
1717 : case ACL_CREATE:
1718 0 : return "CREATE";
1719 : case ACL_CREATE_TEMP:
1720 0 : return "TEMPORARY";
1721 : case ACL_CONNECT:
1722 0 : return "CONNECT";
1723 : default:
1724 0 : elog(ERROR, "unrecognized aclright: %d", aclright);
1725 : return NULL;
1726 : }
1727 : }
1728 :
1729 :
1730 : /*----------
1731 : * Convert an aclitem[] to a table.
1732 : *
1733 : * Example:
1734 : *
1735 : * aclexplode('{=r/joe,foo=a*w/joe}'::aclitem[])
1736 : *
1737 : * returns the table
1738 : *
1739 : * {{ OID(joe), 0::OID, 'SELECT', false },
1740 : * { OID(joe), OID(foo), 'INSERT', true },
1741 : * { OID(joe), OID(foo), 'UPDATE', false }}
1742 : *----------
1743 : */
1744 : Datum
1745 96 : aclexplode(PG_FUNCTION_ARGS)
1746 : {
1747 96 : Acl *acl = PG_GETARG_ACL_P(0);
1748 : FuncCallContext *funcctx;
1749 : int *idx;
1750 : AclItem *aidat;
1751 :
1752 96 : if (SRF_IS_FIRSTCALL())
1753 : {
1754 : TupleDesc tupdesc;
1755 : MemoryContext oldcontext;
1756 :
1757 32 : check_acl(acl);
1758 :
1759 32 : funcctx = SRF_FIRSTCALL_INIT();
1760 32 : oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
1761 :
1762 : /*
1763 : * build tupdesc for result tuples (matches out parameters in pg_proc
1764 : * entry)
1765 : */
1766 32 : tupdesc = CreateTemplateTupleDesc(4);
1767 32 : TupleDescInitEntry(tupdesc, (AttrNumber) 1, "grantor",
1768 : OIDOID, -1, 0);
1769 32 : TupleDescInitEntry(tupdesc, (AttrNumber) 2, "grantee",
1770 : OIDOID, -1, 0);
1771 32 : TupleDescInitEntry(tupdesc, (AttrNumber) 3, "privilege_type",
1772 : TEXTOID, -1, 0);
1773 32 : TupleDescInitEntry(tupdesc, (AttrNumber) 4, "is_grantable",
1774 : BOOLOID, -1, 0);
1775 :
1776 32 : funcctx->tuple_desc = BlessTupleDesc(tupdesc);
1777 :
1778 : /* allocate memory for user context */
1779 32 : idx = (int *) palloc(sizeof(int[2]));
1780 32 : idx[0] = 0; /* ACL array item index */
1781 32 : idx[1] = -1; /* privilege type counter */
1782 32 : funcctx->user_fctx = (void *) idx;
1783 :
1784 32 : MemoryContextSwitchTo(oldcontext);
1785 : }
1786 :
1787 96 : funcctx = SRF_PERCALL_SETUP();
1788 96 : idx = (int *) funcctx->user_fctx;
1789 96 : aidat = ACL_DAT(acl);
1790 :
1791 : /* need test here in case acl has no items */
1792 896 : while (idx[0] < ACL_NUM(acl))
1793 : {
1794 : AclItem *aidata;
1795 : AclMode priv_bit;
1796 :
1797 800 : idx[1]++;
1798 800 : if (idx[1] == N_ACL_RIGHTS)
1799 : {
1800 64 : idx[1] = 0;
1801 64 : idx[0]++;
1802 64 : if (idx[0] >= ACL_NUM(acl)) /* done */
1803 32 : break;
1804 : }
1805 768 : aidata = &aidat[idx[0]];
1806 768 : priv_bit = 1 << idx[1];
1807 :
1808 768 : if (ACLITEM_GET_PRIVS(*aidata) & priv_bit)
1809 : {
1810 : Datum result;
1811 : Datum values[4];
1812 : bool nulls[4];
1813 : HeapTuple tuple;
1814 :
1815 64 : values[0] = ObjectIdGetDatum(aidata->ai_grantor);
1816 64 : values[1] = ObjectIdGetDatum(aidata->ai_grantee);
1817 64 : values[2] = CStringGetTextDatum(convert_aclright_to_string(priv_bit));
1818 64 : values[3] = BoolGetDatum((ACLITEM_GET_GOPTIONS(*aidata) & priv_bit) != 0);
1819 :
1820 64 : MemSet(nulls, 0, sizeof(nulls));
1821 :
1822 64 : tuple = heap_form_tuple(funcctx->tuple_desc, values, nulls);
1823 64 : result = HeapTupleGetDatum(tuple);
1824 :
1825 64 : SRF_RETURN_NEXT(funcctx, result);
1826 : }
1827 : }
1828 :
1829 32 : SRF_RETURN_DONE(funcctx);
1830 : }
1831 :
1832 :
1833 : /*
1834 : * has_table_privilege variants
1835 : * These are all named "has_table_privilege" at the SQL level.
1836 : * They take various combinations of relation name, relation OID,
1837 : * user name, user OID, or implicit user = current_user.
1838 : *
1839 : * The result is a boolean value: true if user has the indicated
1840 : * privilege, false if not. The variants that take a relation OID
1841 : * return NULL if the OID doesn't exist (rather than failing, as
1842 : * they did before Postgres 8.4).
1843 : */
1844 :
1845 : /*
1846 : * has_table_privilege_name_name
1847 : * Check user privileges on a table given
1848 : * name username, text tablename, and text priv name.
1849 : */
1850 : Datum
1851 104 : has_table_privilege_name_name(PG_FUNCTION_ARGS)
1852 : {
1853 104 : Name rolename = PG_GETARG_NAME(0);
1854 104 : text *tablename = PG_GETARG_TEXT_PP(1);
1855 104 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
1856 : Oid roleid;
1857 : Oid tableoid;
1858 : AclMode mode;
1859 : AclResult aclresult;
1860 :
1861 104 : roleid = get_role_oid_or_public(NameStr(*rolename));
1862 100 : tableoid = convert_table_name(tablename);
1863 100 : mode = convert_table_priv_string(priv_type_text);
1864 :
1865 100 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1866 :
1867 100 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1868 : }
1869 :
1870 : /*
1871 : * has_table_privilege_name
1872 : * Check user privileges on a table given
1873 : * text tablename and text priv name.
1874 : * current_user is assumed
1875 : */
1876 : Datum
1877 44 : has_table_privilege_name(PG_FUNCTION_ARGS)
1878 : {
1879 44 : text *tablename = PG_GETARG_TEXT_PP(0);
1880 44 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
1881 : Oid roleid;
1882 : Oid tableoid;
1883 : AclMode mode;
1884 : AclResult aclresult;
1885 :
1886 44 : roleid = GetUserId();
1887 44 : tableoid = convert_table_name(tablename);
1888 40 : mode = convert_table_priv_string(priv_type_text);
1889 :
1890 36 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1891 :
1892 36 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1893 : }
1894 :
1895 : /*
1896 : * has_table_privilege_name_id
1897 : * Check user privileges on a table given
1898 : * name usename, table oid, and text priv name.
1899 : */
1900 : Datum
1901 16 : has_table_privilege_name_id(PG_FUNCTION_ARGS)
1902 : {
1903 16 : Name username = PG_GETARG_NAME(0);
1904 16 : Oid tableoid = PG_GETARG_OID(1);
1905 16 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
1906 : Oid roleid;
1907 : AclMode mode;
1908 : AclResult aclresult;
1909 :
1910 16 : roleid = get_role_oid_or_public(NameStr(*username));
1911 16 : mode = convert_table_priv_string(priv_type_text);
1912 :
1913 16 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
1914 0 : PG_RETURN_NULL();
1915 :
1916 16 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1917 :
1918 16 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1919 : }
1920 :
1921 : /*
1922 : * has_table_privilege_id
1923 : * Check user privileges on a table given
1924 : * table oid, and text priv name.
1925 : * current_user is assumed
1926 : */
1927 : Datum
1928 26054 : has_table_privilege_id(PG_FUNCTION_ARGS)
1929 : {
1930 26054 : Oid tableoid = PG_GETARG_OID(0);
1931 26054 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
1932 : Oid roleid;
1933 : AclMode mode;
1934 : AclResult aclresult;
1935 :
1936 26054 : roleid = GetUserId();
1937 26054 : mode = convert_table_priv_string(priv_type_text);
1938 :
1939 26054 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
1940 4 : PG_RETURN_NULL();
1941 :
1942 26050 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1943 :
1944 26050 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1945 : }
1946 :
1947 : /*
1948 : * has_table_privilege_id_name
1949 : * Check user privileges on a table given
1950 : * roleid, text tablename, and text priv name.
1951 : */
1952 : Datum
1953 28 : has_table_privilege_id_name(PG_FUNCTION_ARGS)
1954 : {
1955 28 : Oid roleid = PG_GETARG_OID(0);
1956 28 : text *tablename = PG_GETARG_TEXT_PP(1);
1957 28 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
1958 : Oid tableoid;
1959 : AclMode mode;
1960 : AclResult aclresult;
1961 :
1962 28 : tableoid = convert_table_name(tablename);
1963 28 : mode = convert_table_priv_string(priv_type_text);
1964 :
1965 28 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1966 :
1967 28 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1968 : }
1969 :
1970 : /*
1971 : * has_table_privilege_id_id
1972 : * Check user privileges on a table given
1973 : * roleid, table oid, and text priv name.
1974 : */
1975 : Datum
1976 24 : has_table_privilege_id_id(PG_FUNCTION_ARGS)
1977 : {
1978 24 : Oid roleid = PG_GETARG_OID(0);
1979 24 : Oid tableoid = PG_GETARG_OID(1);
1980 24 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
1981 : AclMode mode;
1982 : AclResult aclresult;
1983 :
1984 24 : mode = convert_table_priv_string(priv_type_text);
1985 :
1986 24 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
1987 0 : PG_RETURN_NULL();
1988 :
1989 24 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1990 :
1991 24 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1992 : }
1993 :
1994 : /*
1995 : * Support routines for has_table_privilege family.
1996 : */
1997 :
1998 : /*
1999 : * Given a table name expressed as a string, look it up and return Oid
2000 : */
2001 : static Oid
2002 208 : convert_table_name(text *tablename)
2003 : {
2004 : RangeVar *relrv;
2005 :
2006 208 : relrv = makeRangeVarFromNameList(textToQualifiedNameList(tablename));
2007 :
2008 : /* We might not even have permissions on this relation; don't lock it. */
2009 208 : return RangeVarGetRelid(relrv, NoLock, false);
2010 : }
2011 :
2012 : /*
2013 : * convert_table_priv_string
2014 : * Convert text string to AclMode value.
2015 : */
2016 : static AclMode
2017 26262 : convert_table_priv_string(text *priv_type_text)
2018 : {
2019 : static const priv_map table_priv_map[] = {
2020 : {"SELECT", ACL_SELECT},
2021 : {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2022 : {"INSERT", ACL_INSERT},
2023 : {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2024 : {"UPDATE", ACL_UPDATE},
2025 : {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2026 : {"DELETE", ACL_DELETE},
2027 : {"DELETE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_DELETE)},
2028 : {"TRUNCATE", ACL_TRUNCATE},
2029 : {"TRUNCATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRUNCATE)},
2030 : {"REFERENCES", ACL_REFERENCES},
2031 : {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2032 : {"TRIGGER", ACL_TRIGGER},
2033 : {"TRIGGER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRIGGER)},
2034 : {"RULE", 0}, /* ignore old RULE privileges */
2035 : {"RULE WITH GRANT OPTION", 0},
2036 : {NULL, 0}
2037 : };
2038 :
2039 26262 : return convert_any_priv_string(priv_type_text, table_priv_map);
2040 : }
2041 :
2042 : /*
2043 : * has_sequence_privilege variants
2044 : * These are all named "has_sequence_privilege" at the SQL level.
2045 : * They take various combinations of relation name, relation OID,
2046 : * user name, user OID, or implicit user = current_user.
2047 : *
2048 : * The result is a boolean value: true if user has the indicated
2049 : * privilege, false if not. The variants that take a relation OID
2050 : * return NULL if the OID doesn't exist.
2051 : */
2052 :
2053 : /*
2054 : * has_sequence_privilege_name_name
2055 : * Check user privileges on a sequence given
2056 : * name username, text sequencename, and text priv name.
2057 : */
2058 : Datum
2059 12 : has_sequence_privilege_name_name(PG_FUNCTION_ARGS)
2060 : {
2061 12 : Name rolename = PG_GETARG_NAME(0);
2062 12 : text *sequencename = PG_GETARG_TEXT_PP(1);
2063 12 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2064 : Oid roleid;
2065 : Oid sequenceoid;
2066 : AclMode mode;
2067 : AclResult aclresult;
2068 :
2069 12 : roleid = get_role_oid_or_public(NameStr(*rolename));
2070 12 : mode = convert_sequence_priv_string(priv_type_text);
2071 8 : sequenceoid = convert_table_name(sequencename);
2072 8 : if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2073 4 : ereport(ERROR,
2074 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2075 : errmsg("\"%s\" is not a sequence",
2076 : text_to_cstring(sequencename))));
2077 :
2078 4 : aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2079 :
2080 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2081 : }
2082 :
2083 : /*
2084 : * has_sequence_privilege_name
2085 : * Check user privileges on a sequence given
2086 : * text sequencename and text priv name.
2087 : * current_user is assumed
2088 : */
2089 : Datum
2090 4 : has_sequence_privilege_name(PG_FUNCTION_ARGS)
2091 : {
2092 4 : text *sequencename = PG_GETARG_TEXT_PP(0);
2093 4 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
2094 : Oid roleid;
2095 : Oid sequenceoid;
2096 : AclMode mode;
2097 : AclResult aclresult;
2098 :
2099 4 : roleid = GetUserId();
2100 4 : mode = convert_sequence_priv_string(priv_type_text);
2101 4 : sequenceoid = convert_table_name(sequencename);
2102 4 : if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2103 0 : ereport(ERROR,
2104 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2105 : errmsg("\"%s\" is not a sequence",
2106 : text_to_cstring(sequencename))));
2107 :
2108 4 : aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2109 :
2110 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2111 : }
2112 :
2113 : /*
2114 : * has_sequence_privilege_name_id
2115 : * Check user privileges on a sequence given
2116 : * name usename, sequence oid, and text priv name.
2117 : */
2118 : Datum
2119 0 : has_sequence_privilege_name_id(PG_FUNCTION_ARGS)
2120 : {
2121 0 : Name username = PG_GETARG_NAME(0);
2122 0 : Oid sequenceoid = PG_GETARG_OID(1);
2123 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2124 : Oid roleid;
2125 : AclMode mode;
2126 : AclResult aclresult;
2127 : char relkind;
2128 :
2129 0 : roleid = get_role_oid_or_public(NameStr(*username));
2130 0 : mode = convert_sequence_priv_string(priv_type_text);
2131 0 : relkind = get_rel_relkind(sequenceoid);
2132 0 : if (relkind == '\0')
2133 0 : PG_RETURN_NULL();
2134 0 : else if (relkind != RELKIND_SEQUENCE)
2135 0 : ereport(ERROR,
2136 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2137 : errmsg("\"%s\" is not a sequence",
2138 : get_rel_name(sequenceoid))));
2139 :
2140 0 : aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2141 :
2142 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2143 : }
2144 :
2145 : /*
2146 : * has_sequence_privilege_id
2147 : * Check user privileges on a sequence given
2148 : * sequence oid, and text priv name.
2149 : * current_user is assumed
2150 : */
2151 : Datum
2152 76 : has_sequence_privilege_id(PG_FUNCTION_ARGS)
2153 : {
2154 76 : Oid sequenceoid = PG_GETARG_OID(0);
2155 76 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
2156 : Oid roleid;
2157 : AclMode mode;
2158 : AclResult aclresult;
2159 : char relkind;
2160 :
2161 76 : roleid = GetUserId();
2162 76 : mode = convert_sequence_priv_string(priv_type_text);
2163 76 : relkind = get_rel_relkind(sequenceoid);
2164 76 : if (relkind == '\0')
2165 0 : PG_RETURN_NULL();
2166 76 : else if (relkind != RELKIND_SEQUENCE)
2167 0 : ereport(ERROR,
2168 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2169 : errmsg("\"%s\" is not a sequence",
2170 : get_rel_name(sequenceoid))));
2171 :
2172 76 : aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2173 :
2174 76 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2175 : }
2176 :
2177 : /*
2178 : * has_sequence_privilege_id_name
2179 : * Check user privileges on a sequence given
2180 : * roleid, text sequencename, and text priv name.
2181 : */
2182 : Datum
2183 0 : has_sequence_privilege_id_name(PG_FUNCTION_ARGS)
2184 : {
2185 0 : Oid roleid = PG_GETARG_OID(0);
2186 0 : text *sequencename = PG_GETARG_TEXT_PP(1);
2187 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2188 : Oid sequenceoid;
2189 : AclMode mode;
2190 : AclResult aclresult;
2191 :
2192 0 : mode = convert_sequence_priv_string(priv_type_text);
2193 0 : sequenceoid = convert_table_name(sequencename);
2194 0 : if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2195 0 : ereport(ERROR,
2196 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2197 : errmsg("\"%s\" is not a sequence",
2198 : text_to_cstring(sequencename))));
2199 :
2200 0 : aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2201 :
2202 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2203 : }
2204 :
2205 : /*
2206 : * has_sequence_privilege_id_id
2207 : * Check user privileges on a sequence given
2208 : * roleid, sequence oid, and text priv name.
2209 : */
2210 : Datum
2211 0 : has_sequence_privilege_id_id(PG_FUNCTION_ARGS)
2212 : {
2213 0 : Oid roleid = PG_GETARG_OID(0);
2214 0 : Oid sequenceoid = PG_GETARG_OID(1);
2215 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2216 : AclMode mode;
2217 : AclResult aclresult;
2218 : char relkind;
2219 :
2220 0 : mode = convert_sequence_priv_string(priv_type_text);
2221 0 : relkind = get_rel_relkind(sequenceoid);
2222 0 : if (relkind == '\0')
2223 0 : PG_RETURN_NULL();
2224 0 : else if (relkind != RELKIND_SEQUENCE)
2225 0 : ereport(ERROR,
2226 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2227 : errmsg("\"%s\" is not a sequence",
2228 : get_rel_name(sequenceoid))));
2229 :
2230 0 : aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2231 :
2232 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2233 : }
2234 :
2235 : /*
2236 : * convert_sequence_priv_string
2237 : * Convert text string to AclMode value.
2238 : */
2239 : static AclMode
2240 92 : convert_sequence_priv_string(text *priv_type_text)
2241 : {
2242 : static const priv_map sequence_priv_map[] = {
2243 : {"USAGE", ACL_USAGE},
2244 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
2245 : {"SELECT", ACL_SELECT},
2246 : {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2247 : {"UPDATE", ACL_UPDATE},
2248 : {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2249 : {NULL, 0}
2250 : };
2251 :
2252 92 : return convert_any_priv_string(priv_type_text, sequence_priv_map);
2253 : }
2254 :
2255 :
2256 : /*
2257 : * has_any_column_privilege variants
2258 : * These are all named "has_any_column_privilege" at the SQL level.
2259 : * They take various combinations of relation name, relation OID,
2260 : * user name, user OID, or implicit user = current_user.
2261 : *
2262 : * The result is a boolean value: true if user has the indicated
2263 : * privilege for any column of the table, false if not. The variants
2264 : * that take a relation OID return NULL if the OID doesn't exist.
2265 : */
2266 :
2267 : /*
2268 : * has_any_column_privilege_name_name
2269 : * Check user privileges on any column of a table given
2270 : * name username, text tablename, and text priv name.
2271 : */
2272 : Datum
2273 0 : has_any_column_privilege_name_name(PG_FUNCTION_ARGS)
2274 : {
2275 0 : Name rolename = PG_GETARG_NAME(0);
2276 0 : text *tablename = PG_GETARG_TEXT_PP(1);
2277 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2278 : Oid roleid;
2279 : Oid tableoid;
2280 : AclMode mode;
2281 : AclResult aclresult;
2282 :
2283 0 : roleid = get_role_oid_or_public(NameStr(*rolename));
2284 0 : tableoid = convert_table_name(tablename);
2285 0 : mode = convert_column_priv_string(priv_type_text);
2286 :
2287 : /* First check at table level, then examine each column if needed */
2288 0 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2289 0 : if (aclresult != ACLCHECK_OK)
2290 0 : aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2291 : ACLMASK_ANY);
2292 :
2293 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2294 : }
2295 :
2296 : /*
2297 : * has_any_column_privilege_name
2298 : * Check user privileges on any column of a table given
2299 : * text tablename and text priv name.
2300 : * current_user is assumed
2301 : */
2302 : Datum
2303 0 : has_any_column_privilege_name(PG_FUNCTION_ARGS)
2304 : {
2305 0 : text *tablename = PG_GETARG_TEXT_PP(0);
2306 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
2307 : Oid roleid;
2308 : Oid tableoid;
2309 : AclMode mode;
2310 : AclResult aclresult;
2311 :
2312 0 : roleid = GetUserId();
2313 0 : tableoid = convert_table_name(tablename);
2314 0 : mode = convert_column_priv_string(priv_type_text);
2315 :
2316 : /* First check at table level, then examine each column if needed */
2317 0 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2318 0 : if (aclresult != ACLCHECK_OK)
2319 0 : aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2320 : ACLMASK_ANY);
2321 :
2322 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2323 : }
2324 :
2325 : /*
2326 : * has_any_column_privilege_name_id
2327 : * Check user privileges on any column of a table given
2328 : * name usename, table oid, and text priv name.
2329 : */
2330 : Datum
2331 0 : has_any_column_privilege_name_id(PG_FUNCTION_ARGS)
2332 : {
2333 0 : Name username = PG_GETARG_NAME(0);
2334 0 : Oid tableoid = PG_GETARG_OID(1);
2335 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2336 : Oid roleid;
2337 : AclMode mode;
2338 : AclResult aclresult;
2339 :
2340 0 : roleid = get_role_oid_or_public(NameStr(*username));
2341 0 : mode = convert_column_priv_string(priv_type_text);
2342 :
2343 0 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
2344 0 : PG_RETURN_NULL();
2345 :
2346 : /* First check at table level, then examine each column if needed */
2347 0 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2348 0 : if (aclresult != ACLCHECK_OK)
2349 0 : aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2350 : ACLMASK_ANY);
2351 :
2352 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2353 : }
2354 :
2355 : /*
2356 : * has_any_column_privilege_id
2357 : * Check user privileges on any column of a table given
2358 : * table oid, and text priv name.
2359 : * current_user is assumed
2360 : */
2361 : Datum
2362 0 : has_any_column_privilege_id(PG_FUNCTION_ARGS)
2363 : {
2364 0 : Oid tableoid = PG_GETARG_OID(0);
2365 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
2366 : Oid roleid;
2367 : AclMode mode;
2368 : AclResult aclresult;
2369 :
2370 0 : roleid = GetUserId();
2371 0 : mode = convert_column_priv_string(priv_type_text);
2372 :
2373 0 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
2374 0 : PG_RETURN_NULL();
2375 :
2376 : /* First check at table level, then examine each column if needed */
2377 0 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2378 0 : if (aclresult != ACLCHECK_OK)
2379 0 : aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2380 : ACLMASK_ANY);
2381 :
2382 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2383 : }
2384 :
2385 : /*
2386 : * has_any_column_privilege_id_name
2387 : * Check user privileges on any column of a table given
2388 : * roleid, text tablename, and text priv name.
2389 : */
2390 : Datum
2391 0 : has_any_column_privilege_id_name(PG_FUNCTION_ARGS)
2392 : {
2393 0 : Oid roleid = PG_GETARG_OID(0);
2394 0 : text *tablename = PG_GETARG_TEXT_PP(1);
2395 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2396 : Oid tableoid;
2397 : AclMode mode;
2398 : AclResult aclresult;
2399 :
2400 0 : tableoid = convert_table_name(tablename);
2401 0 : mode = convert_column_priv_string(priv_type_text);
2402 :
2403 : /* First check at table level, then examine each column if needed */
2404 0 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2405 0 : if (aclresult != ACLCHECK_OK)
2406 0 : aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2407 : ACLMASK_ANY);
2408 :
2409 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2410 : }
2411 :
2412 : /*
2413 : * has_any_column_privilege_id_id
2414 : * Check user privileges on any column of a table given
2415 : * roleid, table oid, and text priv name.
2416 : */
2417 : Datum
2418 0 : has_any_column_privilege_id_id(PG_FUNCTION_ARGS)
2419 : {
2420 0 : Oid roleid = PG_GETARG_OID(0);
2421 0 : Oid tableoid = PG_GETARG_OID(1);
2422 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2423 : AclMode mode;
2424 : AclResult aclresult;
2425 :
2426 0 : mode = convert_column_priv_string(priv_type_text);
2427 :
2428 0 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
2429 0 : PG_RETURN_NULL();
2430 :
2431 : /* First check at table level, then examine each column if needed */
2432 0 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2433 0 : if (aclresult != ACLCHECK_OK)
2434 0 : aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2435 : ACLMASK_ANY);
2436 :
2437 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2438 : }
2439 :
2440 :
2441 : /*
2442 : * has_column_privilege variants
2443 : * These are all named "has_column_privilege" at the SQL level.
2444 : * They take various combinations of relation name, relation OID,
2445 : * column name, column attnum, user name, user OID, or
2446 : * implicit user = current_user.
2447 : *
2448 : * The result is a boolean value: true if user has the indicated
2449 : * privilege, false if not. The variants that take a relation OID
2450 : * return NULL (rather than throwing an error) if that relation OID
2451 : * doesn't exist. Likewise, the variants that take an integer attnum
2452 : * return NULL (rather than throwing an error) if there is no such
2453 : * pg_attribute entry. All variants return NULL if an attisdropped
2454 : * column is selected. These rules are meant to avoid unnecessary
2455 : * failures in queries that scan pg_attribute.
2456 : */
2457 :
2458 : /*
2459 : * column_privilege_check: check column privileges, but don't throw an error
2460 : * for dropped column or table
2461 : *
2462 : * Returns 1 if have the privilege, 0 if not, -1 if dropped column/table.
2463 : */
2464 : static int
2465 1404 : column_privilege_check(Oid tableoid, AttrNumber attnum,
2466 : Oid roleid, AclMode mode)
2467 : {
2468 : AclResult aclresult;
2469 : HeapTuple attTuple;
2470 : Form_pg_attribute attributeForm;
2471 :
2472 : /*
2473 : * If convert_column_name failed, we can just return -1 immediately.
2474 : */
2475 1404 : if (attnum == InvalidAttrNumber)
2476 8 : return -1;
2477 :
2478 : /*
2479 : * First check if we have the privilege at the table level. We check
2480 : * existence of the pg_class row before risking calling pg_class_aclcheck.
2481 : * Note: it might seem there's a race condition against concurrent DROP,
2482 : * but really it's safe because there will be no syscache flush between
2483 : * here and there. So if we see the row in the syscache, so will
2484 : * pg_class_aclcheck.
2485 : */
2486 1396 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
2487 8 : return -1;
2488 :
2489 1388 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2490 :
2491 1388 : if (aclresult == ACLCHECK_OK)
2492 1380 : return true;
2493 :
2494 : /*
2495 : * No table privilege, so try per-column privileges. Again, we have to
2496 : * check for dropped attribute first, and we rely on the syscache not to
2497 : * notice a concurrent drop before pg_attribute_aclcheck fetches the row.
2498 : */
2499 8 : attTuple = SearchSysCache2(ATTNUM,
2500 : ObjectIdGetDatum(tableoid),
2501 : Int16GetDatum(attnum));
2502 8 : if (!HeapTupleIsValid(attTuple))
2503 4 : return -1;
2504 4 : attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
2505 4 : if (attributeForm->attisdropped)
2506 : {
2507 4 : ReleaseSysCache(attTuple);
2508 4 : return -1;
2509 : }
2510 0 : ReleaseSysCache(attTuple);
2511 :
2512 0 : aclresult = pg_attribute_aclcheck(tableoid, attnum, roleid, mode);
2513 :
2514 0 : return (aclresult == ACLCHECK_OK);
2515 : }
2516 :
2517 : /*
2518 : * has_column_privilege_name_name_name
2519 : * Check user privileges on a column given
2520 : * name username, text tablename, text colname, and text priv name.
2521 : */
2522 : Datum
2523 0 : has_column_privilege_name_name_name(PG_FUNCTION_ARGS)
2524 : {
2525 0 : Name rolename = PG_GETARG_NAME(0);
2526 0 : text *tablename = PG_GETARG_TEXT_PP(1);
2527 0 : text *column = PG_GETARG_TEXT_PP(2);
2528 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2529 : Oid roleid;
2530 : Oid tableoid;
2531 : AttrNumber colattnum;
2532 : AclMode mode;
2533 : int privresult;
2534 :
2535 0 : roleid = get_role_oid_or_public(NameStr(*rolename));
2536 0 : tableoid = convert_table_name(tablename);
2537 0 : colattnum = convert_column_name(tableoid, column);
2538 0 : mode = convert_column_priv_string(priv_type_text);
2539 :
2540 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2541 0 : if (privresult < 0)
2542 0 : PG_RETURN_NULL();
2543 0 : PG_RETURN_BOOL(privresult);
2544 : }
2545 :
2546 : /*
2547 : * has_column_privilege_name_name_attnum
2548 : * Check user privileges on a column given
2549 : * name username, text tablename, int attnum, and text priv name.
2550 : */
2551 : Datum
2552 0 : has_column_privilege_name_name_attnum(PG_FUNCTION_ARGS)
2553 : {
2554 0 : Name rolename = PG_GETARG_NAME(0);
2555 0 : text *tablename = PG_GETARG_TEXT_PP(1);
2556 0 : AttrNumber colattnum = PG_GETARG_INT16(2);
2557 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2558 : Oid roleid;
2559 : Oid tableoid;
2560 : AclMode mode;
2561 : int privresult;
2562 :
2563 0 : roleid = get_role_oid_or_public(NameStr(*rolename));
2564 0 : tableoid = convert_table_name(tablename);
2565 0 : mode = convert_column_priv_string(priv_type_text);
2566 :
2567 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2568 0 : if (privresult < 0)
2569 0 : PG_RETURN_NULL();
2570 0 : PG_RETURN_BOOL(privresult);
2571 : }
2572 :
2573 : /*
2574 : * has_column_privilege_name_id_name
2575 : * Check user privileges on a column given
2576 : * name username, table oid, text colname, and text priv name.
2577 : */
2578 : Datum
2579 0 : has_column_privilege_name_id_name(PG_FUNCTION_ARGS)
2580 : {
2581 0 : Name username = PG_GETARG_NAME(0);
2582 0 : Oid tableoid = PG_GETARG_OID(1);
2583 0 : text *column = PG_GETARG_TEXT_PP(2);
2584 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2585 : Oid roleid;
2586 : AttrNumber colattnum;
2587 : AclMode mode;
2588 : int privresult;
2589 :
2590 0 : roleid = get_role_oid_or_public(NameStr(*username));
2591 0 : colattnum = convert_column_name(tableoid, column);
2592 0 : mode = convert_column_priv_string(priv_type_text);
2593 :
2594 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2595 0 : if (privresult < 0)
2596 0 : PG_RETURN_NULL();
2597 0 : PG_RETURN_BOOL(privresult);
2598 : }
2599 :
2600 : /*
2601 : * has_column_privilege_name_id_attnum
2602 : * Check user privileges on a column given
2603 : * name username, table oid, int attnum, and text priv name.
2604 : */
2605 : Datum
2606 0 : has_column_privilege_name_id_attnum(PG_FUNCTION_ARGS)
2607 : {
2608 0 : Name username = PG_GETARG_NAME(0);
2609 0 : Oid tableoid = PG_GETARG_OID(1);
2610 0 : AttrNumber colattnum = PG_GETARG_INT16(2);
2611 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2612 : Oid roleid;
2613 : AclMode mode;
2614 : int privresult;
2615 :
2616 0 : roleid = get_role_oid_or_public(NameStr(*username));
2617 0 : mode = convert_column_priv_string(priv_type_text);
2618 :
2619 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2620 0 : if (privresult < 0)
2621 0 : PG_RETURN_NULL();
2622 0 : PG_RETURN_BOOL(privresult);
2623 : }
2624 :
2625 : /*
2626 : * has_column_privilege_id_name_name
2627 : * Check user privileges on a column given
2628 : * oid roleid, text tablename, text colname, and text priv name.
2629 : */
2630 : Datum
2631 0 : has_column_privilege_id_name_name(PG_FUNCTION_ARGS)
2632 : {
2633 0 : Oid roleid = PG_GETARG_OID(0);
2634 0 : text *tablename = PG_GETARG_TEXT_PP(1);
2635 0 : text *column = PG_GETARG_TEXT_PP(2);
2636 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2637 : Oid tableoid;
2638 : AttrNumber colattnum;
2639 : AclMode mode;
2640 : int privresult;
2641 :
2642 0 : tableoid = convert_table_name(tablename);
2643 0 : colattnum = convert_column_name(tableoid, column);
2644 0 : mode = convert_column_priv_string(priv_type_text);
2645 :
2646 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2647 0 : if (privresult < 0)
2648 0 : PG_RETURN_NULL();
2649 0 : PG_RETURN_BOOL(privresult);
2650 : }
2651 :
2652 : /*
2653 : * has_column_privilege_id_name_attnum
2654 : * Check user privileges on a column given
2655 : * oid roleid, text tablename, int attnum, and text priv name.
2656 : */
2657 : Datum
2658 0 : has_column_privilege_id_name_attnum(PG_FUNCTION_ARGS)
2659 : {
2660 0 : Oid roleid = PG_GETARG_OID(0);
2661 0 : text *tablename = PG_GETARG_TEXT_PP(1);
2662 0 : AttrNumber colattnum = PG_GETARG_INT16(2);
2663 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2664 : Oid tableoid;
2665 : AclMode mode;
2666 : int privresult;
2667 :
2668 0 : tableoid = convert_table_name(tablename);
2669 0 : mode = convert_column_priv_string(priv_type_text);
2670 :
2671 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2672 0 : if (privresult < 0)
2673 0 : PG_RETURN_NULL();
2674 0 : PG_RETURN_BOOL(privresult);
2675 : }
2676 :
2677 : /*
2678 : * has_column_privilege_id_id_name
2679 : * Check user privileges on a column given
2680 : * oid roleid, table oid, text colname, and text priv name.
2681 : */
2682 : Datum
2683 0 : has_column_privilege_id_id_name(PG_FUNCTION_ARGS)
2684 : {
2685 0 : Oid roleid = PG_GETARG_OID(0);
2686 0 : Oid tableoid = PG_GETARG_OID(1);
2687 0 : text *column = PG_GETARG_TEXT_PP(2);
2688 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2689 : AttrNumber colattnum;
2690 : AclMode mode;
2691 : int privresult;
2692 :
2693 0 : colattnum = convert_column_name(tableoid, column);
2694 0 : mode = convert_column_priv_string(priv_type_text);
2695 :
2696 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2697 0 : if (privresult < 0)
2698 0 : PG_RETURN_NULL();
2699 0 : PG_RETURN_BOOL(privresult);
2700 : }
2701 :
2702 : /*
2703 : * has_column_privilege_id_id_attnum
2704 : * Check user privileges on a column given
2705 : * oid roleid, table oid, int attnum, and text priv name.
2706 : */
2707 : Datum
2708 0 : has_column_privilege_id_id_attnum(PG_FUNCTION_ARGS)
2709 : {
2710 0 : Oid roleid = PG_GETARG_OID(0);
2711 0 : Oid tableoid = PG_GETARG_OID(1);
2712 0 : AttrNumber colattnum = PG_GETARG_INT16(2);
2713 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2714 : AclMode mode;
2715 : int privresult;
2716 :
2717 0 : mode = convert_column_priv_string(priv_type_text);
2718 :
2719 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2720 0 : if (privresult < 0)
2721 0 : PG_RETURN_NULL();
2722 0 : PG_RETURN_BOOL(privresult);
2723 : }
2724 :
2725 : /*
2726 : * has_column_privilege_name_name
2727 : * Check user privileges on a column given
2728 : * text tablename, text colname, and text priv name.
2729 : * current_user is assumed
2730 : */
2731 : Datum
2732 12 : has_column_privilege_name_name(PG_FUNCTION_ARGS)
2733 : {
2734 12 : text *tablename = PG_GETARG_TEXT_PP(0);
2735 12 : text *column = PG_GETARG_TEXT_PP(1);
2736 12 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2737 : Oid roleid;
2738 : Oid tableoid;
2739 : AttrNumber colattnum;
2740 : AclMode mode;
2741 : int privresult;
2742 :
2743 12 : roleid = GetUserId();
2744 12 : tableoid = convert_table_name(tablename);
2745 12 : colattnum = convert_column_name(tableoid, column);
2746 4 : mode = convert_column_priv_string(priv_type_text);
2747 :
2748 4 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2749 4 : if (privresult < 0)
2750 4 : PG_RETURN_NULL();
2751 0 : PG_RETURN_BOOL(privresult);
2752 : }
2753 :
2754 : /*
2755 : * has_column_privilege_name_attnum
2756 : * Check user privileges on a column given
2757 : * text tablename, int attnum, and text priv name.
2758 : * current_user is assumed
2759 : */
2760 : Datum
2761 12 : has_column_privilege_name_attnum(PG_FUNCTION_ARGS)
2762 : {
2763 12 : text *tablename = PG_GETARG_TEXT_PP(0);
2764 12 : AttrNumber colattnum = PG_GETARG_INT16(1);
2765 12 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2766 : Oid roleid;
2767 : Oid tableoid;
2768 : AclMode mode;
2769 : int privresult;
2770 :
2771 12 : roleid = GetUserId();
2772 12 : tableoid = convert_table_name(tablename);
2773 12 : mode = convert_column_priv_string(priv_type_text);
2774 :
2775 12 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2776 12 : if (privresult < 0)
2777 8 : PG_RETURN_NULL();
2778 4 : PG_RETURN_BOOL(privresult);
2779 : }
2780 :
2781 : /*
2782 : * has_column_privilege_id_name
2783 : * Check user privileges on a column given
2784 : * table oid, text colname, and text priv name.
2785 : * current_user is assumed
2786 : */
2787 : Datum
2788 4 : has_column_privilege_id_name(PG_FUNCTION_ARGS)
2789 : {
2790 4 : Oid tableoid = PG_GETARG_OID(0);
2791 4 : text *column = PG_GETARG_TEXT_PP(1);
2792 4 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2793 : Oid roleid;
2794 : AttrNumber colattnum;
2795 : AclMode mode;
2796 : int privresult;
2797 :
2798 4 : roleid = GetUserId();
2799 4 : colattnum = convert_column_name(tableoid, column);
2800 4 : mode = convert_column_priv_string(priv_type_text);
2801 :
2802 4 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2803 4 : if (privresult < 0)
2804 4 : PG_RETURN_NULL();
2805 0 : PG_RETURN_BOOL(privresult);
2806 : }
2807 :
2808 : /*
2809 : * has_column_privilege_id_attnum
2810 : * Check user privileges on a column given
2811 : * table oid, int attnum, and text priv name.
2812 : * current_user is assumed
2813 : */
2814 : Datum
2815 1384 : has_column_privilege_id_attnum(PG_FUNCTION_ARGS)
2816 : {
2817 1384 : Oid tableoid = PG_GETARG_OID(0);
2818 1384 : AttrNumber colattnum = PG_GETARG_INT16(1);
2819 1384 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2820 : Oid roleid;
2821 : AclMode mode;
2822 : int privresult;
2823 :
2824 1384 : roleid = GetUserId();
2825 1384 : mode = convert_column_priv_string(priv_type_text);
2826 :
2827 1384 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2828 1384 : if (privresult < 0)
2829 8 : PG_RETURN_NULL();
2830 1376 : PG_RETURN_BOOL(privresult);
2831 : }
2832 :
2833 : /*
2834 : * Support routines for has_column_privilege family.
2835 : */
2836 :
2837 : /*
2838 : * Given a table OID and a column name expressed as a string, look it up
2839 : * and return the column number. Returns InvalidAttrNumber in cases
2840 : * where caller should return NULL instead of failing.
2841 : */
2842 : static AttrNumber
2843 16 : convert_column_name(Oid tableoid, text *column)
2844 : {
2845 : char *colname;
2846 : HeapTuple attTuple;
2847 : AttrNumber attnum;
2848 :
2849 16 : colname = text_to_cstring(column);
2850 :
2851 : /*
2852 : * We don't use get_attnum() here because it will report that dropped
2853 : * columns don't exist. We need to treat dropped columns differently from
2854 : * nonexistent columns.
2855 : */
2856 16 : attTuple = SearchSysCache2(ATTNAME,
2857 : ObjectIdGetDatum(tableoid),
2858 : CStringGetDatum(colname));
2859 16 : if (HeapTupleIsValid(attTuple))
2860 : {
2861 : Form_pg_attribute attributeForm;
2862 :
2863 4 : attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
2864 : /* We want to return NULL for dropped columns */
2865 4 : if (attributeForm->attisdropped)
2866 4 : attnum = InvalidAttrNumber;
2867 : else
2868 0 : attnum = attributeForm->attnum;
2869 4 : ReleaseSysCache(attTuple);
2870 : }
2871 : else
2872 : {
2873 12 : char *tablename = get_rel_name(tableoid);
2874 :
2875 : /*
2876 : * If the table OID is bogus, or it's just been dropped, we'll get
2877 : * NULL back. In such cases we want has_column_privilege to return
2878 : * NULL too, so just return InvalidAttrNumber.
2879 : */
2880 12 : if (tablename != NULL)
2881 : {
2882 : /* tableoid exists, colname does not, so throw error */
2883 8 : ereport(ERROR,
2884 : (errcode(ERRCODE_UNDEFINED_COLUMN),
2885 : errmsg("column \"%s\" of relation \"%s\" does not exist",
2886 : colname, tablename)));
2887 : }
2888 : /* tableoid doesn't exist, so act like attisdropped case */
2889 4 : attnum = InvalidAttrNumber;
2890 : }
2891 :
2892 8 : pfree(colname);
2893 8 : return attnum;
2894 : }
2895 :
2896 : /*
2897 : * convert_column_priv_string
2898 : * Convert text string to AclMode value.
2899 : */
2900 : static AclMode
2901 1404 : convert_column_priv_string(text *priv_type_text)
2902 : {
2903 : static const priv_map column_priv_map[] = {
2904 : {"SELECT", ACL_SELECT},
2905 : {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2906 : {"INSERT", ACL_INSERT},
2907 : {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2908 : {"UPDATE", ACL_UPDATE},
2909 : {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2910 : {"REFERENCES", ACL_REFERENCES},
2911 : {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2912 : {NULL, 0}
2913 : };
2914 :
2915 1404 : return convert_any_priv_string(priv_type_text, column_priv_map);
2916 : }
2917 :
2918 :
2919 : /*
2920 : * has_database_privilege variants
2921 : * These are all named "has_database_privilege" at the SQL level.
2922 : * They take various combinations of database name, database OID,
2923 : * user name, user OID, or implicit user = current_user.
2924 : *
2925 : * The result is a boolean value: true if user has the indicated
2926 : * privilege, false if not, or NULL if object doesn't exist.
2927 : */
2928 :
2929 : /*
2930 : * has_database_privilege_name_name
2931 : * Check user privileges on a database given
2932 : * name username, text databasename, and text priv name.
2933 : */
2934 : Datum
2935 0 : has_database_privilege_name_name(PG_FUNCTION_ARGS)
2936 : {
2937 0 : Name username = PG_GETARG_NAME(0);
2938 0 : text *databasename = PG_GETARG_TEXT_PP(1);
2939 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2940 : Oid roleid;
2941 : Oid databaseoid;
2942 : AclMode mode;
2943 : AclResult aclresult;
2944 :
2945 0 : roleid = get_role_oid_or_public(NameStr(*username));
2946 0 : databaseoid = convert_database_name(databasename);
2947 0 : mode = convert_database_priv_string(priv_type_text);
2948 :
2949 0 : aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
2950 :
2951 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2952 : }
2953 :
2954 : /*
2955 : * has_database_privilege_name
2956 : * Check user privileges on a database given
2957 : * text databasename and text priv name.
2958 : * current_user is assumed
2959 : */
2960 : Datum
2961 0 : has_database_privilege_name(PG_FUNCTION_ARGS)
2962 : {
2963 0 : text *databasename = PG_GETARG_TEXT_PP(0);
2964 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
2965 : Oid roleid;
2966 : Oid databaseoid;
2967 : AclMode mode;
2968 : AclResult aclresult;
2969 :
2970 0 : roleid = GetUserId();
2971 0 : databaseoid = convert_database_name(databasename);
2972 0 : mode = convert_database_priv_string(priv_type_text);
2973 :
2974 0 : aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
2975 :
2976 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2977 : }
2978 :
2979 : /*
2980 : * has_database_privilege_name_id
2981 : * Check user privileges on a database given
2982 : * name usename, database oid, and text priv name.
2983 : */
2984 : Datum
2985 0 : has_database_privilege_name_id(PG_FUNCTION_ARGS)
2986 : {
2987 0 : Name username = PG_GETARG_NAME(0);
2988 0 : Oid databaseoid = PG_GETARG_OID(1);
2989 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2990 : Oid roleid;
2991 : AclMode mode;
2992 : AclResult aclresult;
2993 :
2994 0 : roleid = get_role_oid_or_public(NameStr(*username));
2995 0 : mode = convert_database_priv_string(priv_type_text);
2996 :
2997 0 : if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
2998 0 : PG_RETURN_NULL();
2999 :
3000 0 : aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
3001 :
3002 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3003 : }
3004 :
3005 : /*
3006 : * has_database_privilege_id
3007 : * Check user privileges on a database given
3008 : * database oid, and text priv name.
3009 : * current_user is assumed
3010 : */
3011 : Datum
3012 0 : has_database_privilege_id(PG_FUNCTION_ARGS)
3013 : {
3014 0 : Oid databaseoid = PG_GETARG_OID(0);
3015 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3016 : Oid roleid;
3017 : AclMode mode;
3018 : AclResult aclresult;
3019 :
3020 0 : roleid = GetUserId();
3021 0 : mode = convert_database_priv_string(priv_type_text);
3022 :
3023 0 : if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
3024 0 : PG_RETURN_NULL();
3025 :
3026 0 : aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
3027 :
3028 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3029 : }
3030 :
3031 : /*
3032 : * has_database_privilege_id_name
3033 : * Check user privileges on a database given
3034 : * roleid, text databasename, and text priv name.
3035 : */
3036 : Datum
3037 0 : has_database_privilege_id_name(PG_FUNCTION_ARGS)
3038 : {
3039 0 : Oid roleid = PG_GETARG_OID(0);
3040 0 : text *databasename = PG_GETARG_TEXT_PP(1);
3041 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3042 : Oid databaseoid;
3043 : AclMode mode;
3044 : AclResult aclresult;
3045 :
3046 0 : databaseoid = convert_database_name(databasename);
3047 0 : mode = convert_database_priv_string(priv_type_text);
3048 :
3049 0 : aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
3050 :
3051 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3052 : }
3053 :
3054 : /*
3055 : * has_database_privilege_id_id
3056 : * Check user privileges on a database given
3057 : * roleid, database oid, and text priv name.
3058 : */
3059 : Datum
3060 0 : has_database_privilege_id_id(PG_FUNCTION_ARGS)
3061 : {
3062 0 : Oid roleid = PG_GETARG_OID(0);
3063 0 : Oid databaseoid = PG_GETARG_OID(1);
3064 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3065 : AclMode mode;
3066 : AclResult aclresult;
3067 :
3068 0 : mode = convert_database_priv_string(priv_type_text);
3069 :
3070 0 : if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
3071 0 : PG_RETURN_NULL();
3072 :
3073 0 : aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
3074 :
3075 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3076 : }
3077 :
3078 : /*
3079 : * Support routines for has_database_privilege family.
3080 : */
3081 :
3082 : /*
3083 : * Given a database name expressed as a string, look it up and return Oid
3084 : */
3085 : static Oid
3086 0 : convert_database_name(text *databasename)
3087 : {
3088 0 : char *dbname = text_to_cstring(databasename);
3089 :
3090 0 : return get_database_oid(dbname, false);
3091 : }
3092 :
3093 : /*
3094 : * convert_database_priv_string
3095 : * Convert text string to AclMode value.
3096 : */
3097 : static AclMode
3098 0 : convert_database_priv_string(text *priv_type_text)
3099 : {
3100 : static const priv_map database_priv_map[] = {
3101 : {"CREATE", ACL_CREATE},
3102 : {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
3103 : {"TEMPORARY", ACL_CREATE_TEMP},
3104 : {"TEMPORARY WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3105 : {"TEMP", ACL_CREATE_TEMP},
3106 : {"TEMP WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3107 : {"CONNECT", ACL_CONNECT},
3108 : {"CONNECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CONNECT)},
3109 : {NULL, 0}
3110 : };
3111 :
3112 0 : return convert_any_priv_string(priv_type_text, database_priv_map);
3113 :
3114 : }
3115 :
3116 :
3117 : /*
3118 : * has_foreign_data_wrapper_privilege variants
3119 : * These are all named "has_foreign_data_wrapper_privilege" at the SQL level.
3120 : * They take various combinations of foreign-data wrapper name,
3121 : * fdw OID, user name, user OID, or implicit user = current_user.
3122 : *
3123 : * The result is a boolean value: true if user has the indicated
3124 : * privilege, false if not.
3125 : */
3126 :
3127 : /*
3128 : * has_foreign_data_wrapper_privilege_name_name
3129 : * Check user privileges on a foreign-data wrapper given
3130 : * name username, text fdwname, and text priv name.
3131 : */
3132 : Datum
3133 8 : has_foreign_data_wrapper_privilege_name_name(PG_FUNCTION_ARGS)
3134 : {
3135 8 : Name username = PG_GETARG_NAME(0);
3136 8 : text *fdwname = PG_GETARG_TEXT_PP(1);
3137 8 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3138 : Oid roleid;
3139 : Oid fdwid;
3140 : AclMode mode;
3141 : AclResult aclresult;
3142 :
3143 8 : roleid = get_role_oid_or_public(NameStr(*username));
3144 8 : fdwid = convert_foreign_data_wrapper_name(fdwname);
3145 8 : mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3146 :
3147 8 : aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3148 :
3149 8 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3150 : }
3151 :
3152 : /*
3153 : * has_foreign_data_wrapper_privilege_name
3154 : * Check user privileges on a foreign-data wrapper given
3155 : * text fdwname and text priv name.
3156 : * current_user is assumed
3157 : */
3158 : Datum
3159 4 : has_foreign_data_wrapper_privilege_name(PG_FUNCTION_ARGS)
3160 : {
3161 4 : text *fdwname = PG_GETARG_TEXT_PP(0);
3162 4 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3163 : Oid roleid;
3164 : Oid fdwid;
3165 : AclMode mode;
3166 : AclResult aclresult;
3167 :
3168 4 : roleid = GetUserId();
3169 4 : fdwid = convert_foreign_data_wrapper_name(fdwname);
3170 4 : mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3171 :
3172 4 : aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3173 :
3174 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3175 : }
3176 :
3177 : /*
3178 : * has_foreign_data_wrapper_privilege_name_id
3179 : * Check user privileges on a foreign-data wrapper given
3180 : * name usename, foreign-data wrapper oid, and text priv name.
3181 : */
3182 : Datum
3183 4 : has_foreign_data_wrapper_privilege_name_id(PG_FUNCTION_ARGS)
3184 : {
3185 4 : Name username = PG_GETARG_NAME(0);
3186 4 : Oid fdwid = PG_GETARG_OID(1);
3187 4 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3188 : Oid roleid;
3189 : AclMode mode;
3190 : AclResult aclresult;
3191 :
3192 4 : roleid = get_role_oid_or_public(NameStr(*username));
3193 4 : mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3194 :
3195 4 : if (!SearchSysCacheExists1(FOREIGNDATAWRAPPEROID, ObjectIdGetDatum(fdwid)))
3196 0 : PG_RETURN_NULL();
3197 :
3198 4 : aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3199 :
3200 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3201 : }
3202 :
3203 : /*
3204 : * has_foreign_data_wrapper_privilege_id
3205 : * Check user privileges on a foreign-data wrapper given
3206 : * foreign-data wrapper oid, and text priv name.
3207 : * current_user is assumed
3208 : */
3209 : Datum
3210 4 : has_foreign_data_wrapper_privilege_id(PG_FUNCTION_ARGS)
3211 : {
3212 4 : Oid fdwid = PG_GETARG_OID(0);
3213 4 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3214 : Oid roleid;
3215 : AclMode mode;
3216 : AclResult aclresult;
3217 :
3218 4 : roleid = GetUserId();
3219 4 : mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3220 :
3221 4 : if (!SearchSysCacheExists1(FOREIGNDATAWRAPPEROID, ObjectIdGetDatum(fdwid)))
3222 0 : PG_RETURN_NULL();
3223 :
3224 4 : aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3225 :
3226 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3227 : }
3228 :
3229 : /*
3230 : * has_foreign_data_wrapper_privilege_id_name
3231 : * Check user privileges on a foreign-data wrapper given
3232 : * roleid, text fdwname, and text priv name.
3233 : */
3234 : Datum
3235 4 : has_foreign_data_wrapper_privilege_id_name(PG_FUNCTION_ARGS)
3236 : {
3237 4 : Oid roleid = PG_GETARG_OID(0);
3238 4 : text *fdwname = PG_GETARG_TEXT_PP(1);
3239 4 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3240 : Oid fdwid;
3241 : AclMode mode;
3242 : AclResult aclresult;
3243 :
3244 4 : fdwid = convert_foreign_data_wrapper_name(fdwname);
3245 4 : mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3246 :
3247 4 : aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3248 :
3249 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3250 : }
3251 :
3252 : /*
3253 : * has_foreign_data_wrapper_privilege_id_id
3254 : * Check user privileges on a foreign-data wrapper given
3255 : * roleid, fdw oid, and text priv name.
3256 : */
3257 : Datum
3258 4 : has_foreign_data_wrapper_privilege_id_id(PG_FUNCTION_ARGS)
3259 : {
3260 4 : Oid roleid = PG_GETARG_OID(0);
3261 4 : Oid fdwid = PG_GETARG_OID(1);
3262 4 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3263 : AclMode mode;
3264 : AclResult aclresult;
3265 :
3266 4 : mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3267 :
3268 4 : if (!SearchSysCacheExists1(FOREIGNDATAWRAPPEROID, ObjectIdGetDatum(fdwid)))
3269 0 : PG_RETURN_NULL();
3270 :
3271 4 : aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3272 :
3273 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3274 : }
3275 :
3276 : /*
3277 : * Support routines for has_foreign_data_wrapper_privilege family.
3278 : */
3279 :
3280 : /*
3281 : * Given a FDW name expressed as a string, look it up and return Oid
3282 : */
3283 : static Oid
3284 16 : convert_foreign_data_wrapper_name(text *fdwname)
3285 : {
3286 16 : char *fdwstr = text_to_cstring(fdwname);
3287 :
3288 16 : return get_foreign_data_wrapper_oid(fdwstr, false);
3289 : }
3290 :
3291 : /*
3292 : * convert_foreign_data_wrapper_priv_string
3293 : * Convert text string to AclMode value.
3294 : */
3295 : static AclMode
3296 28 : convert_foreign_data_wrapper_priv_string(text *priv_type_text)
3297 : {
3298 : static const priv_map foreign_data_wrapper_priv_map[] = {
3299 : {"USAGE", ACL_USAGE},
3300 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3301 : {NULL, 0}
3302 : };
3303 :
3304 28 : return convert_any_priv_string(priv_type_text, foreign_data_wrapper_priv_map);
3305 : }
3306 :
3307 :
3308 : /*
3309 : * has_function_privilege variants
3310 : * These are all named "has_function_privilege" at the SQL level.
3311 : * They take various combinations of function name, function OID,
3312 : * user name, user OID, or implicit user = current_user.
3313 : *
3314 : * The result is a boolean value: true if user has the indicated
3315 : * privilege, false if not, or NULL if object doesn't exist.
3316 : */
3317 :
3318 : /*
3319 : * has_function_privilege_name_name
3320 : * Check user privileges on a function given
3321 : * name username, text functionname, and text priv name.
3322 : */
3323 : Datum
3324 64 : has_function_privilege_name_name(PG_FUNCTION_ARGS)
3325 : {
3326 64 : Name username = PG_GETARG_NAME(0);
3327 64 : text *functionname = PG_GETARG_TEXT_PP(1);
3328 64 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3329 : Oid roleid;
3330 : Oid functionoid;
3331 : AclMode mode;
3332 : AclResult aclresult;
3333 :
3334 64 : roleid = get_role_oid_or_public(NameStr(*username));
3335 64 : functionoid = convert_function_name(functionname);
3336 64 : mode = convert_function_priv_string(priv_type_text);
3337 :
3338 64 : aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3339 :
3340 64 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3341 : }
3342 :
3343 : /*
3344 : * has_function_privilege_name
3345 : * Check user privileges on a function given
3346 : * text functionname and text priv name.
3347 : * current_user is assumed
3348 : */
3349 : Datum
3350 0 : has_function_privilege_name(PG_FUNCTION_ARGS)
3351 : {
3352 0 : text *functionname = PG_GETARG_TEXT_PP(0);
3353 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3354 : Oid roleid;
3355 : Oid functionoid;
3356 : AclMode mode;
3357 : AclResult aclresult;
3358 :
3359 0 : roleid = GetUserId();
3360 0 : functionoid = convert_function_name(functionname);
3361 0 : mode = convert_function_priv_string(priv_type_text);
3362 :
3363 0 : aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3364 :
3365 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3366 : }
3367 :
3368 : /*
3369 : * has_function_privilege_name_id
3370 : * Check user privileges on a function given
3371 : * name usename, function oid, and text priv name.
3372 : */
3373 : Datum
3374 0 : has_function_privilege_name_id(PG_FUNCTION_ARGS)
3375 : {
3376 0 : Name username = PG_GETARG_NAME(0);
3377 0 : Oid functionoid = PG_GETARG_OID(1);
3378 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3379 : Oid roleid;
3380 : AclMode mode;
3381 : AclResult aclresult;
3382 :
3383 0 : roleid = get_role_oid_or_public(NameStr(*username));
3384 0 : mode = convert_function_priv_string(priv_type_text);
3385 :
3386 0 : if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
3387 0 : PG_RETURN_NULL();
3388 :
3389 0 : aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3390 :
3391 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3392 : }
3393 :
3394 : /*
3395 : * has_function_privilege_id
3396 : * Check user privileges on a function given
3397 : * function oid, and text priv name.
3398 : * current_user is assumed
3399 : */
3400 : Datum
3401 0 : has_function_privilege_id(PG_FUNCTION_ARGS)
3402 : {
3403 0 : Oid functionoid = PG_GETARG_OID(0);
3404 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3405 : Oid roleid;
3406 : AclMode mode;
3407 : AclResult aclresult;
3408 :
3409 0 : roleid = GetUserId();
3410 0 : mode = convert_function_priv_string(priv_type_text);
3411 :
3412 0 : if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
3413 0 : PG_RETURN_NULL();
3414 :
3415 0 : aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3416 :
3417 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3418 : }
3419 :
3420 : /*
3421 : * has_function_privilege_id_name
3422 : * Check user privileges on a function given
3423 : * roleid, text functionname, and text priv name.
3424 : */
3425 : Datum
3426 0 : has_function_privilege_id_name(PG_FUNCTION_ARGS)
3427 : {
3428 0 : Oid roleid = PG_GETARG_OID(0);
3429 0 : text *functionname = PG_GETARG_TEXT_PP(1);
3430 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3431 : Oid functionoid;
3432 : AclMode mode;
3433 : AclResult aclresult;
3434 :
3435 0 : functionoid = convert_function_name(functionname);
3436 0 : mode = convert_function_priv_string(priv_type_text);
3437 :
3438 0 : aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3439 :
3440 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3441 : }
3442 :
3443 : /*
3444 : * has_function_privilege_id_id
3445 : * Check user privileges on a function given
3446 : * roleid, function oid, and text priv name.
3447 : */
3448 : Datum
3449 0 : has_function_privilege_id_id(PG_FUNCTION_ARGS)
3450 : {
3451 0 : Oid roleid = PG_GETARG_OID(0);
3452 0 : Oid functionoid = PG_GETARG_OID(1);
3453 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3454 : AclMode mode;
3455 : AclResult aclresult;
3456 :
3457 0 : mode = convert_function_priv_string(priv_type_text);
3458 :
3459 0 : if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
3460 0 : PG_RETURN_NULL();
3461 :
3462 0 : aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3463 :
3464 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3465 : }
3466 :
3467 : /*
3468 : * Support routines for has_function_privilege family.
3469 : */
3470 :
3471 : /*
3472 : * Given a function name expressed as a string, look it up and return Oid
3473 : */
3474 : static Oid
3475 64 : convert_function_name(text *functionname)
3476 : {
3477 64 : char *funcname = text_to_cstring(functionname);
3478 : Oid oid;
3479 :
3480 64 : oid = DatumGetObjectId(DirectFunctionCall1(regprocedurein,
3481 : CStringGetDatum(funcname)));
3482 :
3483 64 : if (!OidIsValid(oid))
3484 0 : ereport(ERROR,
3485 : (errcode(ERRCODE_UNDEFINED_FUNCTION),
3486 : errmsg("function \"%s\" does not exist", funcname)));
3487 :
3488 64 : return oid;
3489 : }
3490 :
3491 : /*
3492 : * convert_function_priv_string
3493 : * Convert text string to AclMode value.
3494 : */
3495 : static AclMode
3496 64 : convert_function_priv_string(text *priv_type_text)
3497 : {
3498 : static const priv_map function_priv_map[] = {
3499 : {"EXECUTE", ACL_EXECUTE},
3500 : {"EXECUTE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_EXECUTE)},
3501 : {NULL, 0}
3502 : };
3503 :
3504 64 : return convert_any_priv_string(priv_type_text, function_priv_map);
3505 : }
3506 :
3507 :
3508 : /*
3509 : * has_language_privilege variants
3510 : * These are all named "has_language_privilege" at the SQL level.
3511 : * They take various combinations of language name, language OID,
3512 : * user name, user OID, or implicit user = current_user.
3513 : *
3514 : * The result is a boolean value: true if user has the indicated
3515 : * privilege, false if not, or NULL if object doesn't exist.
3516 : */
3517 :
3518 : /*
3519 : * has_language_privilege_name_name
3520 : * Check user privileges on a language given
3521 : * name username, text languagename, and text priv name.
3522 : */
3523 : Datum
3524 0 : has_language_privilege_name_name(PG_FUNCTION_ARGS)
3525 : {
3526 0 : Name username = PG_GETARG_NAME(0);
3527 0 : text *languagename = PG_GETARG_TEXT_PP(1);
3528 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3529 : Oid roleid;
3530 : Oid languageoid;
3531 : AclMode mode;
3532 : AclResult aclresult;
3533 :
3534 0 : roleid = get_role_oid_or_public(NameStr(*username));
3535 0 : languageoid = convert_language_name(languagename);
3536 0 : mode = convert_language_priv_string(priv_type_text);
3537 :
3538 0 : aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3539 :
3540 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3541 : }
3542 :
3543 : /*
3544 : * has_language_privilege_name
3545 : * Check user privileges on a language given
3546 : * text languagename and text priv name.
3547 : * current_user is assumed
3548 : */
3549 : Datum
3550 0 : has_language_privilege_name(PG_FUNCTION_ARGS)
3551 : {
3552 0 : text *languagename = PG_GETARG_TEXT_PP(0);
3553 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3554 : Oid roleid;
3555 : Oid languageoid;
3556 : AclMode mode;
3557 : AclResult aclresult;
3558 :
3559 0 : roleid = GetUserId();
3560 0 : languageoid = convert_language_name(languagename);
3561 0 : mode = convert_language_priv_string(priv_type_text);
3562 :
3563 0 : aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3564 :
3565 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3566 : }
3567 :
3568 : /*
3569 : * has_language_privilege_name_id
3570 : * Check user privileges on a language given
3571 : * name usename, language oid, and text priv name.
3572 : */
3573 : Datum
3574 0 : has_language_privilege_name_id(PG_FUNCTION_ARGS)
3575 : {
3576 0 : Name username = PG_GETARG_NAME(0);
3577 0 : Oid languageoid = PG_GETARG_OID(1);
3578 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3579 : Oid roleid;
3580 : AclMode mode;
3581 : AclResult aclresult;
3582 :
3583 0 : roleid = get_role_oid_or_public(NameStr(*username));
3584 0 : mode = convert_language_priv_string(priv_type_text);
3585 :
3586 0 : if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
3587 0 : PG_RETURN_NULL();
3588 :
3589 0 : aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3590 :
3591 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3592 : }
3593 :
3594 : /*
3595 : * has_language_privilege_id
3596 : * Check user privileges on a language given
3597 : * language oid, and text priv name.
3598 : * current_user is assumed
3599 : */
3600 : Datum
3601 0 : has_language_privilege_id(PG_FUNCTION_ARGS)
3602 : {
3603 0 : Oid languageoid = PG_GETARG_OID(0);
3604 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3605 : Oid roleid;
3606 : AclMode mode;
3607 : AclResult aclresult;
3608 :
3609 0 : roleid = GetUserId();
3610 0 : mode = convert_language_priv_string(priv_type_text);
3611 :
3612 0 : if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
3613 0 : PG_RETURN_NULL();
3614 :
3615 0 : aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3616 :
3617 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3618 : }
3619 :
3620 : /*
3621 : * has_language_privilege_id_name
3622 : * Check user privileges on a language given
3623 : * roleid, text languagename, and text priv name.
3624 : */
3625 : Datum
3626 0 : has_language_privilege_id_name(PG_FUNCTION_ARGS)
3627 : {
3628 0 : Oid roleid = PG_GETARG_OID(0);
3629 0 : text *languagename = PG_GETARG_TEXT_PP(1);
3630 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3631 : Oid languageoid;
3632 : AclMode mode;
3633 : AclResult aclresult;
3634 :
3635 0 : languageoid = convert_language_name(languagename);
3636 0 : mode = convert_language_priv_string(priv_type_text);
3637 :
3638 0 : aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3639 :
3640 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3641 : }
3642 :
3643 : /*
3644 : * has_language_privilege_id_id
3645 : * Check user privileges on a language given
3646 : * roleid, language oid, and text priv name.
3647 : */
3648 : Datum
3649 0 : has_language_privilege_id_id(PG_FUNCTION_ARGS)
3650 : {
3651 0 : Oid roleid = PG_GETARG_OID(0);
3652 0 : Oid languageoid = PG_GETARG_OID(1);
3653 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3654 : AclMode mode;
3655 : AclResult aclresult;
3656 :
3657 0 : mode = convert_language_priv_string(priv_type_text);
3658 :
3659 0 : if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
3660 0 : PG_RETURN_NULL();
3661 :
3662 0 : aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3663 :
3664 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3665 : }
3666 :
3667 : /*
3668 : * Support routines for has_language_privilege family.
3669 : */
3670 :
3671 : /*
3672 : * Given a language name expressed as a string, look it up and return Oid
3673 : */
3674 : static Oid
3675 0 : convert_language_name(text *languagename)
3676 : {
3677 0 : char *langname = text_to_cstring(languagename);
3678 :
3679 0 : return get_language_oid(langname, false);
3680 : }
3681 :
3682 : /*
3683 : * convert_language_priv_string
3684 : * Convert text string to AclMode value.
3685 : */
3686 : static AclMode
3687 0 : convert_language_priv_string(text *priv_type_text)
3688 : {
3689 : static const priv_map language_priv_map[] = {
3690 : {"USAGE", ACL_USAGE},
3691 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3692 : {NULL, 0}
3693 : };
3694 :
3695 0 : return convert_any_priv_string(priv_type_text, language_priv_map);
3696 : }
3697 :
3698 :
3699 : /*
3700 : * has_schema_privilege variants
3701 : * These are all named "has_schema_privilege" at the SQL level.
3702 : * They take various combinations of schema name, schema OID,
3703 : * user name, user OID, or implicit user = current_user.
3704 : *
3705 : * The result is a boolean value: true if user has the indicated
3706 : * privilege, false if not, or NULL if object doesn't exist.
3707 : */
3708 :
3709 : /*
3710 : * has_schema_privilege_name_name
3711 : * Check user privileges on a schema given
3712 : * name username, text schemaname, and text priv name.
3713 : */
3714 : Datum
3715 32 : has_schema_privilege_name_name(PG_FUNCTION_ARGS)
3716 : {
3717 32 : Name username = PG_GETARG_NAME(0);
3718 32 : text *schemaname = PG_GETARG_TEXT_PP(1);
3719 32 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3720 : Oid roleid;
3721 : Oid schemaoid;
3722 : AclMode mode;
3723 : AclResult aclresult;
3724 :
3725 32 : roleid = get_role_oid_or_public(NameStr(*username));
3726 32 : schemaoid = convert_schema_name(schemaname);
3727 32 : mode = convert_schema_priv_string(priv_type_text);
3728 :
3729 32 : aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3730 :
3731 32 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3732 : }
3733 :
3734 : /*
3735 : * has_schema_privilege_name
3736 : * Check user privileges on a schema given
3737 : * text schemaname and text priv name.
3738 : * current_user is assumed
3739 : */
3740 : Datum
3741 0 : has_schema_privilege_name(PG_FUNCTION_ARGS)
3742 : {
3743 0 : text *schemaname = PG_GETARG_TEXT_PP(0);
3744 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3745 : Oid roleid;
3746 : Oid schemaoid;
3747 : AclMode mode;
3748 : AclResult aclresult;
3749 :
3750 0 : roleid = GetUserId();
3751 0 : schemaoid = convert_schema_name(schemaname);
3752 0 : mode = convert_schema_priv_string(priv_type_text);
3753 :
3754 0 : aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3755 :
3756 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3757 : }
3758 :
3759 : /*
3760 : * has_schema_privilege_name_id
3761 : * Check user privileges on a schema given
3762 : * name usename, schema oid, and text priv name.
3763 : */
3764 : Datum
3765 0 : has_schema_privilege_name_id(PG_FUNCTION_ARGS)
3766 : {
3767 0 : Name username = PG_GETARG_NAME(0);
3768 0 : Oid schemaoid = PG_GETARG_OID(1);
3769 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3770 : Oid roleid;
3771 : AclMode mode;
3772 : AclResult aclresult;
3773 :
3774 0 : roleid = get_role_oid_or_public(NameStr(*username));
3775 0 : mode = convert_schema_priv_string(priv_type_text);
3776 :
3777 0 : if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
3778 0 : PG_RETURN_NULL();
3779 :
3780 0 : aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3781 :
3782 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3783 : }
3784 :
3785 : /*
3786 : * has_schema_privilege_id
3787 : * Check user privileges on a schema given
3788 : * schema oid, and text priv name.
3789 : * current_user is assumed
3790 : */
3791 : Datum
3792 0 : has_schema_privilege_id(PG_FUNCTION_ARGS)
3793 : {
3794 0 : Oid schemaoid = PG_GETARG_OID(0);
3795 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3796 : Oid roleid;
3797 : AclMode mode;
3798 : AclResult aclresult;
3799 :
3800 0 : roleid = GetUserId();
3801 0 : mode = convert_schema_priv_string(priv_type_text);
3802 :
3803 0 : if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
3804 0 : PG_RETURN_NULL();
3805 :
3806 0 : aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3807 :
3808 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3809 : }
3810 :
3811 : /*
3812 : * has_schema_privilege_id_name
3813 : * Check user privileges on a schema given
3814 : * roleid, text schemaname, and text priv name.
3815 : */
3816 : Datum
3817 0 : has_schema_privilege_id_name(PG_FUNCTION_ARGS)
3818 : {
3819 0 : Oid roleid = PG_GETARG_OID(0);
3820 0 : text *schemaname = PG_GETARG_TEXT_PP(1);
3821 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3822 : Oid schemaoid;
3823 : AclMode mode;
3824 : AclResult aclresult;
3825 :
3826 0 : schemaoid = convert_schema_name(schemaname);
3827 0 : mode = convert_schema_priv_string(priv_type_text);
3828 :
3829 0 : aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3830 :
3831 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3832 : }
3833 :
3834 : /*
3835 : * has_schema_privilege_id_id
3836 : * Check user privileges on a schema given
3837 : * roleid, schema oid, and text priv name.
3838 : */
3839 : Datum
3840 0 : has_schema_privilege_id_id(PG_FUNCTION_ARGS)
3841 : {
3842 0 : Oid roleid = PG_GETARG_OID(0);
3843 0 : Oid schemaoid = PG_GETARG_OID(1);
3844 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3845 : AclMode mode;
3846 : AclResult aclresult;
3847 :
3848 0 : mode = convert_schema_priv_string(priv_type_text);
3849 :
3850 0 : if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
3851 0 : PG_RETURN_NULL();
3852 :
3853 0 : aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3854 :
3855 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3856 : }
3857 :
3858 : /*
3859 : * Support routines for has_schema_privilege family.
3860 : */
3861 :
3862 : /*
3863 : * Given a schema name expressed as a string, look it up and return Oid
3864 : */
3865 : static Oid
3866 32 : convert_schema_name(text *schemaname)
3867 : {
3868 32 : char *nspname = text_to_cstring(schemaname);
3869 :
3870 32 : return get_namespace_oid(nspname, false);
3871 : }
3872 :
3873 : /*
3874 : * convert_schema_priv_string
3875 : * Convert text string to AclMode value.
3876 : */
3877 : static AclMode
3878 32 : convert_schema_priv_string(text *priv_type_text)
3879 : {
3880 : static const priv_map schema_priv_map[] = {
3881 : {"CREATE", ACL_CREATE},
3882 : {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
3883 : {"USAGE", ACL_USAGE},
3884 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3885 : {NULL, 0}
3886 : };
3887 :
3888 32 : return convert_any_priv_string(priv_type_text, schema_priv_map);
3889 : }
3890 :
3891 :
3892 : /*
3893 : * has_server_privilege variants
3894 : * These are all named "has_server_privilege" at the SQL level.
3895 : * They take various combinations of foreign server name,
3896 : * server OID, user name, user OID, or implicit user = current_user.
3897 : *
3898 : * The result is a boolean value: true if user has the indicated
3899 : * privilege, false if not.
3900 : */
3901 :
3902 : /*
3903 : * has_server_privilege_name_name
3904 : * Check user privileges on a foreign server given
3905 : * name username, text servername, and text priv name.
3906 : */
3907 : Datum
3908 8 : has_server_privilege_name_name(PG_FUNCTION_ARGS)
3909 : {
3910 8 : Name username = PG_GETARG_NAME(0);
3911 8 : text *servername = PG_GETARG_TEXT_PP(1);
3912 8 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3913 : Oid roleid;
3914 : Oid serverid;
3915 : AclMode mode;
3916 : AclResult aclresult;
3917 :
3918 8 : roleid = get_role_oid_or_public(NameStr(*username));
3919 8 : serverid = convert_server_name(servername);
3920 8 : mode = convert_server_priv_string(priv_type_text);
3921 :
3922 8 : aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
3923 :
3924 8 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3925 : }
3926 :
3927 : /*
3928 : * has_server_privilege_name
3929 : * Check user privileges on a foreign server given
3930 : * text servername and text priv name.
3931 : * current_user is assumed
3932 : */
3933 : Datum
3934 4 : has_server_privilege_name(PG_FUNCTION_ARGS)
3935 : {
3936 4 : text *servername = PG_GETARG_TEXT_PP(0);
3937 4 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3938 : Oid roleid;
3939 : Oid serverid;
3940 : AclMode mode;
3941 : AclResult aclresult;
3942 :
3943 4 : roleid = GetUserId();
3944 4 : serverid = convert_server_name(servername);
3945 4 : mode = convert_server_priv_string(priv_type_text);
3946 :
3947 4 : aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
3948 :
3949 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3950 : }
3951 :
3952 : /*
3953 : * has_server_privilege_name_id
3954 : * Check user privileges on a foreign server given
3955 : * name usename, foreign server oid, and text priv name.
3956 : */
3957 : Datum
3958 4 : has_server_privilege_name_id(PG_FUNCTION_ARGS)
3959 : {
3960 4 : Name username = PG_GETARG_NAME(0);
3961 4 : Oid serverid = PG_GETARG_OID(1);
3962 4 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3963 : Oid roleid;
3964 : AclMode mode;
3965 : AclResult aclresult;
3966 :
3967 4 : roleid = get_role_oid_or_public(NameStr(*username));
3968 4 : mode = convert_server_priv_string(priv_type_text);
3969 :
3970 4 : if (!SearchSysCacheExists1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)))
3971 0 : PG_RETURN_NULL();
3972 :
3973 4 : aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
3974 :
3975 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3976 : }
3977 :
3978 : /*
3979 : * has_server_privilege_id
3980 : * Check user privileges on a foreign server given
3981 : * server oid, and text priv name.
3982 : * current_user is assumed
3983 : */
3984 : Datum
3985 52 : has_server_privilege_id(PG_FUNCTION_ARGS)
3986 : {
3987 52 : Oid serverid = PG_GETARG_OID(0);
3988 52 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3989 : Oid roleid;
3990 : AclMode mode;
3991 : AclResult aclresult;
3992 :
3993 52 : roleid = GetUserId();
3994 52 : mode = convert_server_priv_string(priv_type_text);
3995 :
3996 52 : if (!SearchSysCacheExists1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)))
3997 0 : PG_RETURN_NULL();
3998 :
3999 52 : aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
4000 :
4001 52 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4002 : }
4003 :
4004 : /*
4005 : * has_server_privilege_id_name
4006 : * Check user privileges on a foreign server given
4007 : * roleid, text servername, and text priv name.
4008 : */
4009 : Datum
4010 4 : has_server_privilege_id_name(PG_FUNCTION_ARGS)
4011 : {
4012 4 : Oid roleid = PG_GETARG_OID(0);
4013 4 : text *servername = PG_GETARG_TEXT_PP(1);
4014 4 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4015 : Oid serverid;
4016 : AclMode mode;
4017 : AclResult aclresult;
4018 :
4019 4 : serverid = convert_server_name(servername);
4020 4 : mode = convert_server_priv_string(priv_type_text);
4021 :
4022 4 : aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
4023 :
4024 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4025 : }
4026 :
4027 : /*
4028 : * has_server_privilege_id_id
4029 : * Check user privileges on a foreign server given
4030 : * roleid, server oid, and text priv name.
4031 : */
4032 : Datum
4033 4 : has_server_privilege_id_id(PG_FUNCTION_ARGS)
4034 : {
4035 4 : Oid roleid = PG_GETARG_OID(0);
4036 4 : Oid serverid = PG_GETARG_OID(1);
4037 4 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4038 : AclMode mode;
4039 : AclResult aclresult;
4040 :
4041 4 : mode = convert_server_priv_string(priv_type_text);
4042 :
4043 4 : if (!SearchSysCacheExists1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)))
4044 0 : PG_RETURN_NULL();
4045 :
4046 4 : aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
4047 :
4048 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4049 : }
4050 :
4051 : /*
4052 : * Support routines for has_server_privilege family.
4053 : */
4054 :
4055 : /*
4056 : * Given a server name expressed as a string, look it up and return Oid
4057 : */
4058 : static Oid
4059 16 : convert_server_name(text *servername)
4060 : {
4061 16 : char *serverstr = text_to_cstring(servername);
4062 :
4063 16 : return get_foreign_server_oid(serverstr, false);
4064 : }
4065 :
4066 : /*
4067 : * convert_server_priv_string
4068 : * Convert text string to AclMode value.
4069 : */
4070 : static AclMode
4071 76 : convert_server_priv_string(text *priv_type_text)
4072 : {
4073 : static const priv_map server_priv_map[] = {
4074 : {"USAGE", ACL_USAGE},
4075 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
4076 : {NULL, 0}
4077 : };
4078 :
4079 76 : return convert_any_priv_string(priv_type_text, server_priv_map);
4080 : }
4081 :
4082 :
4083 : /*
4084 : * has_tablespace_privilege variants
4085 : * These are all named "has_tablespace_privilege" at the SQL level.
4086 : * They take various combinations of tablespace name, tablespace OID,
4087 : * user name, user OID, or implicit user = current_user.
4088 : *
4089 : * The result is a boolean value: true if user has the indicated
4090 : * privilege, false if not.
4091 : */
4092 :
4093 : /*
4094 : * has_tablespace_privilege_name_name
4095 : * Check user privileges on a tablespace given
4096 : * name username, text tablespacename, and text priv name.
4097 : */
4098 : Datum
4099 0 : has_tablespace_privilege_name_name(PG_FUNCTION_ARGS)
4100 : {
4101 0 : Name username = PG_GETARG_NAME(0);
4102 0 : text *tablespacename = PG_GETARG_TEXT_PP(1);
4103 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4104 : Oid roleid;
4105 : Oid tablespaceoid;
4106 : AclMode mode;
4107 : AclResult aclresult;
4108 :
4109 0 : roleid = get_role_oid_or_public(NameStr(*username));
4110 0 : tablespaceoid = convert_tablespace_name(tablespacename);
4111 0 : mode = convert_tablespace_priv_string(priv_type_text);
4112 :
4113 0 : aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4114 :
4115 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4116 : }
4117 :
4118 : /*
4119 : * has_tablespace_privilege_name
4120 : * Check user privileges on a tablespace given
4121 : * text tablespacename and text priv name.
4122 : * current_user is assumed
4123 : */
4124 : Datum
4125 0 : has_tablespace_privilege_name(PG_FUNCTION_ARGS)
4126 : {
4127 0 : text *tablespacename = PG_GETARG_TEXT_PP(0);
4128 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
4129 : Oid roleid;
4130 : Oid tablespaceoid;
4131 : AclMode mode;
4132 : AclResult aclresult;
4133 :
4134 0 : roleid = GetUserId();
4135 0 : tablespaceoid = convert_tablespace_name(tablespacename);
4136 0 : mode = convert_tablespace_priv_string(priv_type_text);
4137 :
4138 0 : aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4139 :
4140 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4141 : }
4142 :
4143 : /*
4144 : * has_tablespace_privilege_name_id
4145 : * Check user privileges on a tablespace given
4146 : * name usename, tablespace oid, and text priv name.
4147 : */
4148 : Datum
4149 0 : has_tablespace_privilege_name_id(PG_FUNCTION_ARGS)
4150 : {
4151 0 : Name username = PG_GETARG_NAME(0);
4152 0 : Oid tablespaceoid = PG_GETARG_OID(1);
4153 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4154 : Oid roleid;
4155 : AclMode mode;
4156 : AclResult aclresult;
4157 :
4158 0 : roleid = get_role_oid_or_public(NameStr(*username));
4159 0 : mode = convert_tablespace_priv_string(priv_type_text);
4160 :
4161 0 : if (!SearchSysCacheExists1(TABLESPACEOID, ObjectIdGetDatum(tablespaceoid)))
4162 0 : PG_RETURN_NULL();
4163 :
4164 0 : aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4165 :
4166 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4167 : }
4168 :
4169 : /*
4170 : * has_tablespace_privilege_id
4171 : * Check user privileges on a tablespace given
4172 : * tablespace oid, and text priv name.
4173 : * current_user is assumed
4174 : */
4175 : Datum
4176 0 : has_tablespace_privilege_id(PG_FUNCTION_ARGS)
4177 : {
4178 0 : Oid tablespaceoid = PG_GETARG_OID(0);
4179 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
4180 : Oid roleid;
4181 : AclMode mode;
4182 : AclResult aclresult;
4183 :
4184 0 : roleid = GetUserId();
4185 0 : mode = convert_tablespace_priv_string(priv_type_text);
4186 :
4187 0 : if (!SearchSysCacheExists1(TABLESPACEOID, ObjectIdGetDatum(tablespaceoid)))
4188 0 : PG_RETURN_NULL();
4189 :
4190 0 : aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4191 :
4192 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4193 : }
4194 :
4195 : /*
4196 : * has_tablespace_privilege_id_name
4197 : * Check user privileges on a tablespace given
4198 : * roleid, text tablespacename, and text priv name.
4199 : */
4200 : Datum
4201 0 : has_tablespace_privilege_id_name(PG_FUNCTION_ARGS)
4202 : {
4203 0 : Oid roleid = PG_GETARG_OID(0);
4204 0 : text *tablespacename = PG_GETARG_TEXT_PP(1);
4205 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4206 : Oid tablespaceoid;
4207 : AclMode mode;
4208 : AclResult aclresult;
4209 :
4210 0 : tablespaceoid = convert_tablespace_name(tablespacename);
4211 0 : mode = convert_tablespace_priv_string(priv_type_text);
4212 :
4213 0 : aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4214 :
4215 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4216 : }
4217 :
4218 : /*
4219 : * has_tablespace_privilege_id_id
4220 : * Check user privileges on a tablespace given
4221 : * roleid, tablespace oid, and text priv name.
4222 : */
4223 : Datum
4224 0 : has_tablespace_privilege_id_id(PG_FUNCTION_ARGS)
4225 : {
4226 0 : Oid roleid = PG_GETARG_OID(0);
4227 0 : Oid tablespaceoid = PG_GETARG_OID(1);
4228 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4229 : AclMode mode;
4230 : AclResult aclresult;
4231 :
4232 0 : mode = convert_tablespace_priv_string(priv_type_text);
4233 :
4234 0 : if (!SearchSysCacheExists1(TABLESPACEOID, ObjectIdGetDatum(tablespaceoid)))
4235 0 : PG_RETURN_NULL();
4236 :
4237 0 : aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4238 :
4239 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4240 : }
4241 :
4242 : /*
4243 : * Support routines for has_tablespace_privilege family.
4244 : */
4245 :
4246 : /*
4247 : * Given a tablespace name expressed as a string, look it up and return Oid
4248 : */
4249 : static Oid
4250 0 : convert_tablespace_name(text *tablespacename)
4251 : {
4252 0 : char *spcname = text_to_cstring(tablespacename);
4253 :
4254 0 : return get_tablespace_oid(spcname, false);
4255 : }
4256 :
4257 : /*
4258 : * convert_tablespace_priv_string
4259 : * Convert text string to AclMode value.
4260 : */
4261 : static AclMode
4262 0 : convert_tablespace_priv_string(text *priv_type_text)
4263 : {
4264 : static const priv_map tablespace_priv_map[] = {
4265 : {"CREATE", ACL_CREATE},
4266 : {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4267 : {NULL, 0}
4268 : };
4269 :
4270 0 : return convert_any_priv_string(priv_type_text, tablespace_priv_map);
4271 : }
4272 :
4273 : /*
4274 : * has_type_privilege variants
4275 : * These are all named "has_type_privilege" at the SQL level.
4276 : * They take various combinations of type name, type OID,
4277 : * user name, user OID, or implicit user = current_user.
4278 : *
4279 : * The result is a boolean value: true if user has the indicated
4280 : * privilege, false if not, or NULL if object doesn't exist.
4281 : */
4282 :
4283 : /*
4284 : * has_type_privilege_name_name
4285 : * Check user privileges on a type given
4286 : * name username, text typename, and text priv name.
4287 : */
4288 : Datum
4289 8 : has_type_privilege_name_name(PG_FUNCTION_ARGS)
4290 : {
4291 8 : Name username = PG_GETARG_NAME(0);
4292 8 : text *typename = PG_GETARG_TEXT_PP(1);
4293 8 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4294 : Oid roleid;
4295 : Oid typeoid;
4296 : AclMode mode;
4297 : AclResult aclresult;
4298 :
4299 8 : roleid = get_role_oid_or_public(NameStr(*username));
4300 8 : typeoid = convert_type_name(typename);
4301 8 : mode = convert_type_priv_string(priv_type_text);
4302 :
4303 8 : aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4304 :
4305 8 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4306 : }
4307 :
4308 : /*
4309 : * has_type_privilege_name
4310 : * Check user privileges on a type given
4311 : * text typename and text priv name.
4312 : * current_user is assumed
4313 : */
4314 : Datum
4315 0 : has_type_privilege_name(PG_FUNCTION_ARGS)
4316 : {
4317 0 : text *typename = PG_GETARG_TEXT_PP(0);
4318 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
4319 : Oid roleid;
4320 : Oid typeoid;
4321 : AclMode mode;
4322 : AclResult aclresult;
4323 :
4324 0 : roleid = GetUserId();
4325 0 : typeoid = convert_type_name(typename);
4326 0 : mode = convert_type_priv_string(priv_type_text);
4327 :
4328 0 : aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4329 :
4330 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4331 : }
4332 :
4333 : /*
4334 : * has_type_privilege_name_id
4335 : * Check user privileges on a type given
4336 : * name usename, type oid, and text priv name.
4337 : */
4338 : Datum
4339 0 : has_type_privilege_name_id(PG_FUNCTION_ARGS)
4340 : {
4341 0 : Name username = PG_GETARG_NAME(0);
4342 0 : Oid typeoid = PG_GETARG_OID(1);
4343 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4344 : Oid roleid;
4345 : AclMode mode;
4346 : AclResult aclresult;
4347 :
4348 0 : roleid = get_role_oid_or_public(NameStr(*username));
4349 0 : mode = convert_type_priv_string(priv_type_text);
4350 :
4351 0 : if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
4352 0 : PG_RETURN_NULL();
4353 :
4354 0 : aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4355 :
4356 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4357 : }
4358 :
4359 : /*
4360 : * has_type_privilege_id
4361 : * Check user privileges on a type given
4362 : * type oid, and text priv name.
4363 : * current_user is assumed
4364 : */
4365 : Datum
4366 0 : has_type_privilege_id(PG_FUNCTION_ARGS)
4367 : {
4368 0 : Oid typeoid = PG_GETARG_OID(0);
4369 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
4370 : Oid roleid;
4371 : AclMode mode;
4372 : AclResult aclresult;
4373 :
4374 0 : roleid = GetUserId();
4375 0 : mode = convert_type_priv_string(priv_type_text);
4376 :
4377 0 : if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
4378 0 : PG_RETURN_NULL();
4379 :
4380 0 : aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4381 :
4382 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4383 : }
4384 :
4385 : /*
4386 : * has_type_privilege_id_name
4387 : * Check user privileges on a type given
4388 : * roleid, text typename, and text priv name.
4389 : */
4390 : Datum
4391 0 : has_type_privilege_id_name(PG_FUNCTION_ARGS)
4392 : {
4393 0 : Oid roleid = PG_GETARG_OID(0);
4394 0 : text *typename = PG_GETARG_TEXT_PP(1);
4395 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4396 : Oid typeoid;
4397 : AclMode mode;
4398 : AclResult aclresult;
4399 :
4400 0 : typeoid = convert_type_name(typename);
4401 0 : mode = convert_type_priv_string(priv_type_text);
4402 :
4403 0 : aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4404 :
4405 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4406 : }
4407 :
4408 : /*
4409 : * has_type_privilege_id_id
4410 : * Check user privileges on a type given
4411 : * roleid, type oid, and text priv name.
4412 : */
4413 : Datum
4414 0 : has_type_privilege_id_id(PG_FUNCTION_ARGS)
4415 : {
4416 0 : Oid roleid = PG_GETARG_OID(0);
4417 0 : Oid typeoid = PG_GETARG_OID(1);
4418 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4419 : AclMode mode;
4420 : AclResult aclresult;
4421 :
4422 0 : mode = convert_type_priv_string(priv_type_text);
4423 :
4424 0 : if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
4425 0 : PG_RETURN_NULL();
4426 :
4427 0 : aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4428 :
4429 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4430 : }
4431 :
4432 : /*
4433 : * Support routines for has_type_privilege family.
4434 : */
4435 :
4436 : /*
4437 : * Given a type name expressed as a string, look it up and return Oid
4438 : */
4439 : static Oid
4440 8 : convert_type_name(text *typename)
4441 : {
4442 8 : char *typname = text_to_cstring(typename);
4443 : Oid oid;
4444 :
4445 8 : oid = DatumGetObjectId(DirectFunctionCall1(regtypein,
4446 : CStringGetDatum(typname)));
4447 :
4448 8 : if (!OidIsValid(oid))
4449 0 : ereport(ERROR,
4450 : (errcode(ERRCODE_UNDEFINED_OBJECT),
4451 : errmsg("type \"%s\" does not exist", typname)));
4452 :
4453 8 : return oid;
4454 : }
4455 :
4456 : /*
4457 : * convert_type_priv_string
4458 : * Convert text string to AclMode value.
4459 : */
4460 : static AclMode
4461 8 : convert_type_priv_string(text *priv_type_text)
4462 : {
4463 : static const priv_map type_priv_map[] = {
4464 : {"USAGE", ACL_USAGE},
4465 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
4466 : {NULL, 0}
4467 : };
4468 :
4469 8 : return convert_any_priv_string(priv_type_text, type_priv_map);
4470 : }
4471 :
4472 :
4473 : /*
4474 : * pg_has_role variants
4475 : * These are all named "pg_has_role" at the SQL level.
4476 : * They take various combinations of role name, role OID,
4477 : * user name, user OID, or implicit user = current_user.
4478 : *
4479 : * The result is a boolean value: true if user has the indicated
4480 : * privilege, false if not.
4481 : */
4482 :
4483 : /*
4484 : * pg_has_role_name_name
4485 : * Check user privileges on a role given
4486 : * name username, name rolename, and text priv name.
4487 : */
4488 : Datum
4489 0 : pg_has_role_name_name(PG_FUNCTION_ARGS)
4490 : {
4491 0 : Name username = PG_GETARG_NAME(0);
4492 0 : Name rolename = PG_GETARG_NAME(1);
4493 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4494 : Oid roleid;
4495 : Oid roleoid;
4496 : AclMode mode;
4497 : AclResult aclresult;
4498 :
4499 0 : roleid = get_role_oid(NameStr(*username), false);
4500 0 : roleoid = get_role_oid(NameStr(*rolename), false);
4501 0 : mode = convert_role_priv_string(priv_type_text);
4502 :
4503 0 : aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4504 :
4505 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4506 : }
4507 :
4508 : /*
4509 : * pg_has_role_name
4510 : * Check user privileges on a role given
4511 : * name rolename and text priv name.
4512 : * current_user is assumed
4513 : */
4514 : Datum
4515 12 : pg_has_role_name(PG_FUNCTION_ARGS)
4516 : {
4517 12 : Name rolename = PG_GETARG_NAME(0);
4518 12 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
4519 : Oid roleid;
4520 : Oid roleoid;
4521 : AclMode mode;
4522 : AclResult aclresult;
4523 :
4524 12 : roleid = GetUserId();
4525 12 : roleoid = get_role_oid(NameStr(*rolename), false);
4526 12 : mode = convert_role_priv_string(priv_type_text);
4527 :
4528 12 : aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4529 :
4530 12 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4531 : }
4532 :
4533 : /*
4534 : * pg_has_role_name_id
4535 : * Check user privileges on a role given
4536 : * name usename, role oid, and text priv name.
4537 : */
4538 : Datum
4539 0 : pg_has_role_name_id(PG_FUNCTION_ARGS)
4540 : {
4541 0 : Name username = PG_GETARG_NAME(0);
4542 0 : Oid roleoid = PG_GETARG_OID(1);
4543 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4544 : Oid roleid;
4545 : AclMode mode;
4546 : AclResult aclresult;
4547 :
4548 0 : roleid = get_role_oid(NameStr(*username), false);
4549 0 : mode = convert_role_priv_string(priv_type_text);
4550 :
4551 0 : aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4552 :
4553 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4554 : }
4555 :
4556 : /*
4557 : * pg_has_role_id
4558 : * Check user privileges on a role given
4559 : * role oid, and text priv name.
4560 : * current_user is assumed
4561 : */
4562 : Datum
4563 34614 : pg_has_role_id(PG_FUNCTION_ARGS)
4564 : {
4565 34614 : Oid roleoid = PG_GETARG_OID(0);
4566 34614 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
4567 : Oid roleid;
4568 : AclMode mode;
4569 : AclResult aclresult;
4570 :
4571 34614 : roleid = GetUserId();
4572 34614 : mode = convert_role_priv_string(priv_type_text);
4573 :
4574 34614 : aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4575 :
4576 34614 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4577 : }
4578 :
4579 : /*
4580 : * pg_has_role_id_name
4581 : * Check user privileges on a role given
4582 : * roleid, name rolename, and text priv name.
4583 : */
4584 : Datum
4585 0 : pg_has_role_id_name(PG_FUNCTION_ARGS)
4586 : {
4587 0 : Oid roleid = PG_GETARG_OID(0);
4588 0 : Name rolename = PG_GETARG_NAME(1);
4589 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4590 : Oid roleoid;
4591 : AclMode mode;
4592 : AclResult aclresult;
4593 :
4594 0 : roleoid = get_role_oid(NameStr(*rolename), false);
4595 0 : mode = convert_role_priv_string(priv_type_text);
4596 :
4597 0 : aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4598 :
4599 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4600 : }
4601 :
4602 : /*
4603 : * pg_has_role_id_id
4604 : * Check user privileges on a role given
4605 : * roleid, role oid, and text priv name.
4606 : */
4607 : Datum
4608 56 : pg_has_role_id_id(PG_FUNCTION_ARGS)
4609 : {
4610 56 : Oid roleid = PG_GETARG_OID(0);
4611 56 : Oid roleoid = PG_GETARG_OID(1);
4612 56 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4613 : AclMode mode;
4614 : AclResult aclresult;
4615 :
4616 56 : mode = convert_role_priv_string(priv_type_text);
4617 :
4618 56 : aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4619 :
4620 56 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4621 : }
4622 :
4623 : /*
4624 : * Support routines for pg_has_role family.
4625 : */
4626 :
4627 : /*
4628 : * convert_role_priv_string
4629 : * Convert text string to AclMode value.
4630 : *
4631 : * We use USAGE to denote whether the privileges of the role are accessible
4632 : * (has_privs), MEMBER to denote is_member, and MEMBER WITH GRANT OPTION
4633 : * (or ADMIN OPTION) to denote is_admin. There is no ACL bit corresponding
4634 : * to MEMBER so we cheat and use ACL_CREATE for that. This convention
4635 : * is shared only with pg_role_aclcheck, below.
4636 : */
4637 : static AclMode
4638 34682 : convert_role_priv_string(text *priv_type_text)
4639 : {
4640 : static const priv_map role_priv_map[] = {
4641 : {"USAGE", ACL_USAGE},
4642 : {"MEMBER", ACL_CREATE},
4643 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4644 : {"USAGE WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4645 : {"MEMBER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4646 : {"MEMBER WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4647 : {NULL, 0}
4648 : };
4649 :
4650 34682 : return convert_any_priv_string(priv_type_text, role_priv_map);
4651 : }
4652 :
4653 : /*
4654 : * pg_role_aclcheck
4655 : * Quick-and-dirty support for pg_has_role
4656 : */
4657 : static AclResult
4658 34682 : pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode)
4659 : {
4660 34682 : if (mode & ACL_GRANT_OPTION_FOR(ACL_CREATE))
4661 : {
4662 : /*
4663 : * XXX For roleid == role_oid, is_admin_of_role() also examines the
4664 : * session and call stack. That suits two-argument pg_has_role(), but
4665 : * it gives the three-argument version a lamentable whimsy.
4666 : */
4667 0 : if (is_admin_of_role(roleid, role_oid))
4668 0 : return ACLCHECK_OK;
4669 : }
4670 34682 : if (mode & ACL_CREATE)
4671 : {
4672 0 : if (is_member_of_role(roleid, role_oid))
4673 0 : return ACLCHECK_OK;
4674 : }
4675 34682 : if (mode & ACL_USAGE)
4676 : {
4677 34682 : if (has_privs_of_role(roleid, role_oid))
4678 34424 : return ACLCHECK_OK;
4679 : }
4680 258 : return ACLCHECK_NO_PRIV;
4681 : }
4682 :
4683 :
4684 : /*
4685 : * initialization function (called by InitPostgres)
4686 : */
4687 : void
4688 8738 : initialize_acl(void)
4689 : {
4690 8738 : if (!IsBootstrapProcessingMode())
4691 : {
4692 : /*
4693 : * In normal mode, set a callback on any syscache invalidation of
4694 : * pg_auth_members rows
4695 : */
4696 8420 : CacheRegisterSyscacheCallback(AUTHMEMROLEMEM,
4697 : RoleMembershipCacheCallback,
4698 : (Datum) 0);
4699 : }
4700 8738 : }
4701 :
4702 : /*
4703 : * RoleMembershipCacheCallback
4704 : * Syscache inval callback function
4705 : */
4706 : static void
4707 4714 : RoleMembershipCacheCallback(Datum arg, int cacheid, uint32 hashvalue)
4708 : {
4709 : /* Force membership caches to be recomputed on next use */
4710 4714 : cached_privs_role = InvalidOid;
4711 4714 : cached_member_role = InvalidOid;
4712 4714 : }
4713 :
4714 :
4715 : /* Check if specified role has rolinherit set */
4716 : static bool
4717 1114 : has_rolinherit(Oid roleid)
4718 : {
4719 1114 : bool result = false;
4720 : HeapTuple utup;
4721 :
4722 1114 : utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
4723 1114 : if (HeapTupleIsValid(utup))
4724 : {
4725 1114 : result = ((Form_pg_authid) GETSTRUCT(utup))->rolinherit;
4726 1114 : ReleaseSysCache(utup);
4727 : }
4728 1114 : return result;
4729 : }
4730 :
4731 :
4732 : /*
4733 : * Get a list of roles that the specified roleid has the privileges of
4734 : *
4735 : * This is defined not to recurse through roles that don't have rolinherit
4736 : * set; for such roles, membership implies the ability to do SET ROLE, but
4737 : * the privileges are not available until you've done so.
4738 : *
4739 : * Since indirect membership testing is relatively expensive, we cache
4740 : * a list of memberships. Hence, the result is only guaranteed good until
4741 : * the next call of roles_has_privs_of()!
4742 : *
4743 : * For the benefit of select_best_grantor, the result is defined to be
4744 : * in breadth-first order, ie, closer relationships earlier.
4745 : */
4746 : static List *
4747 5362 : roles_has_privs_of(Oid roleid)
4748 : {
4749 : List *roles_list;
4750 : ListCell *l;
4751 : List *new_cached_privs_roles;
4752 : MemoryContext oldctx;
4753 :
4754 : /* If cache is already valid, just return the list */
4755 5362 : if (OidIsValid(cached_privs_role) && cached_privs_role == roleid)
4756 4608 : return cached_privs_roles;
4757 :
4758 : /*
4759 : * Find all the roles that roleid is a member of, including multi-level
4760 : * recursion. The role itself will always be the first element of the
4761 : * resulting list.
4762 : *
4763 : * Each element of the list is scanned to see if it adds any indirect
4764 : * memberships. We can use a single list as both the record of
4765 : * already-found memberships and the agenda of roles yet to be scanned.
4766 : * This is a bit tricky but works because the foreach() macro doesn't
4767 : * fetch the next list element until the bottom of the loop.
4768 : */
4769 754 : roles_list = list_make1_oid(roleid);
4770 :
4771 1868 : foreach(l, roles_list)
4772 : {
4773 1114 : Oid memberid = lfirst_oid(l);
4774 : CatCList *memlist;
4775 : int i;
4776 :
4777 : /* Ignore non-inheriting roles */
4778 1114 : if (!has_rolinherit(memberid))
4779 0 : continue;
4780 :
4781 : /* Find roles that memberid is directly a member of */
4782 1114 : memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
4783 : ObjectIdGetDatum(memberid));
4784 1474 : for (i = 0; i < memlist->n_members; i++)
4785 : {
4786 360 : HeapTuple tup = &memlist->members[i]->tuple;
4787 360 : Oid otherid = ((Form_pg_auth_members) GETSTRUCT(tup))->roleid;
4788 :
4789 : /*
4790 : * Even though there shouldn't be any loops in the membership
4791 : * graph, we must test for having already seen this role. It is
4792 : * legal for instance to have both A->B and A->C->B.
4793 : */
4794 360 : roles_list = list_append_unique_oid(roles_list, otherid);
4795 : }
4796 1114 : ReleaseSysCacheList(memlist);
4797 : }
4798 :
4799 : /*
4800 : * Copy the completed list into TopMemoryContext so it will persist.
4801 : */
4802 754 : oldctx = MemoryContextSwitchTo(TopMemoryContext);
4803 754 : new_cached_privs_roles = list_copy(roles_list);
4804 754 : MemoryContextSwitchTo(oldctx);
4805 754 : list_free(roles_list);
4806 :
4807 : /*
4808 : * Now safe to assign to state variable
4809 : */
4810 754 : cached_privs_role = InvalidOid; /* just paranoia */
4811 754 : list_free(cached_privs_roles);
4812 754 : cached_privs_roles = new_cached_privs_roles;
4813 754 : cached_privs_role = roleid;
4814 :
4815 : /* And now we can return the answer */
4816 754 : return cached_privs_roles;
4817 : }
4818 :
4819 :
4820 : /*
4821 : * Get a list of roles that the specified roleid is a member of
4822 : *
4823 : * This is defined to recurse through roles regardless of rolinherit.
4824 : *
4825 : * Since indirect membership testing is relatively expensive, we cache
4826 : * a list of memberships. Hence, the result is only guaranteed good until
4827 : * the next call of roles_is_member_of()!
4828 : */
4829 : static List *
4830 14920 : roles_is_member_of(Oid roleid)
4831 : {
4832 : List *roles_list;
4833 : ListCell *l;
4834 : List *new_cached_membership_roles;
4835 : MemoryContext oldctx;
4836 :
4837 : /* If cache is already valid, just return the list */
4838 14920 : if (OidIsValid(cached_member_role) && cached_member_role == roleid)
4839 13766 : return cached_membership_roles;
4840 :
4841 : /*
4842 : * Find all the roles that roleid is a member of, including multi-level
4843 : * recursion. The role itself will always be the first element of the
4844 : * resulting list.
4845 : *
4846 : * Each element of the list is scanned to see if it adds any indirect
4847 : * memberships. We can use a single list as both the record of
4848 : * already-found memberships and the agenda of roles yet to be scanned.
4849 : * This is a bit tricky but works because the foreach() macro doesn't
4850 : * fetch the next list element until the bottom of the loop.
4851 : */
4852 1154 : roles_list = list_make1_oid(roleid);
4853 :
4854 2386 : foreach(l, roles_list)
4855 : {
4856 1232 : Oid memberid = lfirst_oid(l);
4857 : CatCList *memlist;
4858 : int i;
4859 :
4860 : /* Find roles that memberid is directly a member of */
4861 1232 : memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
4862 : ObjectIdGetDatum(memberid));
4863 1310 : for (i = 0; i < memlist->n_members; i++)
4864 : {
4865 78 : HeapTuple tup = &memlist->members[i]->tuple;
4866 78 : Oid otherid = ((Form_pg_auth_members) GETSTRUCT(tup))->roleid;
4867 :
4868 : /*
4869 : * Even though there shouldn't be any loops in the membership
4870 : * graph, we must test for having already seen this role. It is
4871 : * legal for instance to have both A->B and A->C->B.
4872 : */
4873 78 : roles_list = list_append_unique_oid(roles_list, otherid);
4874 : }
4875 1232 : ReleaseSysCacheList(memlist);
4876 : }
4877 :
4878 : /*
4879 : * Copy the completed list into TopMemoryContext so it will persist.
4880 : */
4881 1154 : oldctx = MemoryContextSwitchTo(TopMemoryContext);
4882 1154 : new_cached_membership_roles = list_copy(roles_list);
4883 1154 : MemoryContextSwitchTo(oldctx);
4884 1154 : list_free(roles_list);
4885 :
4886 : /*
4887 : * Now safe to assign to state variable
4888 : */
4889 1154 : cached_member_role = InvalidOid; /* just paranoia */
4890 1154 : list_free(cached_membership_roles);
4891 1154 : cached_membership_roles = new_cached_membership_roles;
4892 1154 : cached_member_role = roleid;
4893 :
4894 : /* And now we can return the answer */
4895 1154 : return cached_membership_roles;
4896 : }
4897 :
4898 :
4899 : /*
4900 : * Does member have the privileges of role (directly or indirectly)?
4901 : *
4902 : * This is defined not to recurse through roles that don't have rolinherit
4903 : * set; for such roles, membership implies the ability to do SET ROLE, but
4904 : * the privileges are not available until you've done so.
4905 : */
4906 : bool
4907 43428 : has_privs_of_role(Oid member, Oid role)
4908 : {
4909 : /* Fast path for simple case */
4910 43428 : if (member == role)
4911 37060 : return true;
4912 :
4913 : /* Superusers have every privilege, so are part of every role */
4914 6368 : if (superuser_arg(member))
4915 1142 : return true;
4916 :
4917 : /*
4918 : * Find all the roles that member has the privileges of, including
4919 : * multi-level recursion, then see if target role is any one of them.
4920 : */
4921 5226 : return list_member_oid(roles_has_privs_of(member), role);
4922 : }
4923 :
4924 :
4925 : /*
4926 : * Is member a member of role (directly or indirectly)?
4927 : *
4928 : * This is defined to recurse through roles regardless of rolinherit.
4929 : */
4930 : bool
4931 18426 : is_member_of_role(Oid member, Oid role)
4932 : {
4933 : /* Fast path for simple case */
4934 18426 : if (member == role)
4935 1502 : return true;
4936 :
4937 : /* Superusers have every privilege, so are part of every role */
4938 16924 : if (superuser_arg(member))
4939 3038 : return true;
4940 :
4941 : /*
4942 : * Find all the roles that member is a member of, including multi-level
4943 : * recursion, then see if target role is any one of them.
4944 : */
4945 13886 : return list_member_oid(roles_is_member_of(member), role);
4946 : }
4947 :
4948 : /*
4949 : * check_is_member_of_role
4950 : * is_member_of_role with a standard permission-violation error if not
4951 : */
4952 : void
4953 1730 : check_is_member_of_role(Oid member, Oid role)
4954 : {
4955 1730 : if (!is_member_of_role(member, role))
4956 80 : ereport(ERROR,
4957 : (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
4958 : errmsg("must be member of role \"%s\"",
4959 : GetUserNameFromId(role, false))));
4960 1650 : }
4961 :
4962 : /*
4963 : * Is member a member of role, not considering superuserness?
4964 : *
4965 : * This is identical to is_member_of_role except we ignore superuser
4966 : * status.
4967 : */
4968 : bool
4969 1034 : is_member_of_role_nosuper(Oid member, Oid role)
4970 : {
4971 : /* Fast path for simple case */
4972 1034 : if (member == role)
4973 0 : return true;
4974 :
4975 : /*
4976 : * Find all the roles that member is a member of, including multi-level
4977 : * recursion, then see if target role is any one of them.
4978 : */
4979 1034 : return list_member_oid(roles_is_member_of(member), role);
4980 : }
4981 :
4982 :
4983 : /*
4984 : * Is member an admin of role? That is, is member the role itself (subject to
4985 : * restrictions below), a member (directly or indirectly) WITH ADMIN OPTION,
4986 : * or a superuser?
4987 : */
4988 : bool
4989 32 : is_admin_of_role(Oid member, Oid role)
4990 : {
4991 32 : bool result = false;
4992 : List *roles_list;
4993 : ListCell *l;
4994 :
4995 32 : if (superuser_arg(member))
4996 0 : return true;
4997 :
4998 32 : if (member == role)
4999 :
5000 : /*
5001 : * A role can admin itself when it matches the session user and we're
5002 : * outside any security-restricted operation, SECURITY DEFINER or
5003 : * similar context. SQL-standard roles cannot self-admin. However,
5004 : * SQL-standard users are distinct from roles, and they are not
5005 : * grantable like roles: PostgreSQL's role-user duality extends the
5006 : * standard. Checking for a session user match has the effect of
5007 : * letting a role self-admin only when it's conspicuously behaving
5008 : * like a user. Note that allowing self-admin under a mere SET ROLE
5009 : * would make WITH ADMIN OPTION largely irrelevant; any member could
5010 : * SET ROLE to issue the otherwise-forbidden command.
5011 : *
5012 : * Withholding self-admin in a security-restricted operation prevents
5013 : * object owners from harnessing the session user identity during
5014 : * administrative maintenance. Suppose Alice owns a database, has
5015 : * issued "GRANT alice TO bob", and runs a daily ANALYZE. Bob creates
5016 : * an alice-owned SECURITY DEFINER function that issues "REVOKE alice
5017 : * FROM carol". If he creates an expression index calling that
5018 : * function, Alice will attempt the REVOKE during each ANALYZE.
5019 : * Checking InSecurityRestrictedOperation() thwarts that attack.
5020 : *
5021 : * Withholding self-admin in SECURITY DEFINER functions makes their
5022 : * behavior independent of the calling user. There's no security or
5023 : * SQL-standard-conformance need for that restriction, though.
5024 : *
5025 : * A role cannot have actual WITH ADMIN OPTION on itself, because that
5026 : * would imply a membership loop. Therefore, we're done either way.
5027 : */
5028 24 : return member == GetSessionUserId() &&
5029 20 : !InLocalUserIdChange() && !InSecurityRestrictedOperation();
5030 :
5031 : /*
5032 : * Find all the roles that member is a member of, including multi-level
5033 : * recursion. We build a list in the same way that is_member_of_role does
5034 : * to track visited and unvisited roles.
5035 : */
5036 16 : roles_list = list_make1_oid(member);
5037 :
5038 24 : foreach(l, roles_list)
5039 : {
5040 20 : Oid memberid = lfirst_oid(l);
5041 : CatCList *memlist;
5042 : int i;
5043 :
5044 : /* Find roles that memberid is directly a member of */
5045 20 : memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
5046 : ObjectIdGetDatum(memberid));
5047 36 : for (i = 0; i < memlist->n_members; i++)
5048 : {
5049 28 : HeapTuple tup = &memlist->members[i]->tuple;
5050 28 : Oid otherid = ((Form_pg_auth_members) GETSTRUCT(tup))->roleid;
5051 :
5052 44 : if (otherid == role &&
5053 16 : ((Form_pg_auth_members) GETSTRUCT(tup))->admin_option)
5054 : {
5055 : /* Found what we came for, so can stop searching */
5056 12 : result = true;
5057 12 : break;
5058 : }
5059 :
5060 16 : roles_list = list_append_unique_oid(roles_list, otherid);
5061 : }
5062 20 : ReleaseSysCacheList(memlist);
5063 20 : if (result)
5064 12 : break;
5065 : }
5066 :
5067 16 : list_free(roles_list);
5068 :
5069 16 : return result;
5070 : }
5071 :
5072 :
5073 : /* does what it says ... */
5074 : static int
5075 0 : count_one_bits(AclMode mask)
5076 : {
5077 0 : int nbits = 0;
5078 :
5079 : /* this code relies on AclMode being an unsigned type */
5080 0 : while (mask)
5081 : {
5082 0 : if (mask & 1)
5083 0 : nbits++;
5084 0 : mask >>= 1;
5085 : }
5086 0 : return nbits;
5087 : }
5088 :
5089 :
5090 : /*
5091 : * Select the effective grantor ID for a GRANT or REVOKE operation.
5092 : *
5093 : * The grantor must always be either the object owner or some role that has
5094 : * been explicitly granted grant options. This ensures that all granted
5095 : * privileges appear to flow from the object owner, and there are never
5096 : * multiple "original sources" of a privilege. Therefore, if the would-be
5097 : * grantor is a member of a role that has the needed grant options, we have
5098 : * to do the grant as that role instead.
5099 : *
5100 : * It is possible that the would-be grantor is a member of several roles
5101 : * that have different subsets of the desired grant options, but no one
5102 : * role has 'em all. In this case we pick a role with the largest number
5103 : * of desired options. Ties are broken in favor of closer ancestors.
5104 : *
5105 : * roleId: the role attempting to do the GRANT/REVOKE
5106 : * privileges: the privileges to be granted/revoked
5107 : * acl: the ACL of the object in question
5108 : * ownerId: the role owning the object in question
5109 : * *grantorId: receives the OID of the role to do the grant as
5110 : * *grantOptions: receives the grant options actually held by grantorId
5111 : *
5112 : * If no grant options exist, we set grantorId to roleId, grantOptions to 0.
5113 : */
5114 : void
5115 84624 : select_best_grantor(Oid roleId, AclMode privileges,
5116 : const Acl *acl, Oid ownerId,
5117 : Oid *grantorId, AclMode *grantOptions)
5118 : {
5119 84624 : AclMode needed_goptions = ACL_GRANT_OPTION_FOR(privileges);
5120 : List *roles_list;
5121 : int nrights;
5122 : ListCell *l;
5123 :
5124 : /*
5125 : * The object owner is always treated as having all grant options, so if
5126 : * roleId is the owner it's easy. Also, if roleId is a superuser it's
5127 : * easy: superusers are implicitly members of every role, so they act as
5128 : * the object owner.
5129 : */
5130 84624 : if (roleId == ownerId || superuser_arg(roleId))
5131 : {
5132 84488 : *grantorId = ownerId;
5133 84488 : *grantOptions = needed_goptions;
5134 84488 : return;
5135 : }
5136 :
5137 : /*
5138 : * Otherwise we have to do a careful search to see if roleId has the
5139 : * privileges of any suitable role. Note: we can hang onto the result of
5140 : * roles_has_privs_of() throughout this loop, because aclmask_direct()
5141 : * doesn't query any role memberships.
5142 : */
5143 136 : roles_list = roles_has_privs_of(roleId);
5144 :
5145 : /* initialize candidate result as default */
5146 136 : *grantorId = roleId;
5147 136 : *grantOptions = ACL_NO_RIGHTS;
5148 136 : nrights = 0;
5149 :
5150 188 : foreach(l, roles_list)
5151 : {
5152 144 : Oid otherrole = lfirst_oid(l);
5153 : AclMode otherprivs;
5154 :
5155 144 : otherprivs = aclmask_direct(acl, otherrole, ownerId,
5156 : needed_goptions, ACLMASK_ALL);
5157 144 : if (otherprivs == needed_goptions)
5158 : {
5159 : /* Found a suitable grantor */
5160 92 : *grantorId = otherrole;
5161 92 : *grantOptions = otherprivs;
5162 92 : return;
5163 : }
5164 :
5165 : /*
5166 : * If it has just some of the needed privileges, remember best
5167 : * candidate.
5168 : */
5169 52 : if (otherprivs != ACL_NO_RIGHTS)
5170 : {
5171 0 : int nnewrights = count_one_bits(otherprivs);
5172 :
5173 0 : if (nnewrights > nrights)
5174 : {
5175 0 : *grantorId = otherrole;
5176 0 : *grantOptions = otherprivs;
5177 0 : nrights = nnewrights;
5178 : }
5179 : }
5180 : }
5181 : }
5182 :
5183 : /*
5184 : * get_role_oid - Given a role name, look up the role's OID.
5185 : *
5186 : * If missing_ok is false, throw an error if role name not found. If
5187 : * true, just return InvalidOid.
5188 : */
5189 : Oid
5190 15804 : get_role_oid(const char *rolname, bool missing_ok)
5191 : {
5192 : Oid oid;
5193 :
5194 15804 : oid = GetSysCacheOid1(AUTHNAME, Anum_pg_authid_oid,
5195 : CStringGetDatum(rolname));
5196 15804 : if (!OidIsValid(oid) && !missing_ok)
5197 70 : ereport(ERROR,
5198 : (errcode(ERRCODE_UNDEFINED_OBJECT),
5199 : errmsg("role \"%s\" does not exist", rolname)));
5200 15734 : return oid;
5201 : }
5202 :
5203 : /*
5204 : * get_role_oid_or_public - As above, but return ACL_ID_PUBLIC if the
5205 : * role name is "public".
5206 : */
5207 : Oid
5208 260 : get_role_oid_or_public(const char *rolname)
5209 : {
5210 260 : if (strcmp(rolname, "public") == 0)
5211 0 : return ACL_ID_PUBLIC;
5212 :
5213 260 : return get_role_oid(rolname, false);
5214 : }
5215 :
5216 : /*
5217 : * Given a RoleSpec node, return the OID it corresponds to. If missing_ok is
5218 : * true, return InvalidOid if the role does not exist.
5219 : *
5220 : * PUBLIC is always disallowed here. Routines wanting to handle the PUBLIC
5221 : * case must check the case separately.
5222 : */
5223 : Oid
5224 6996 : get_rolespec_oid(const RoleSpec *role, bool missing_ok)
5225 : {
5226 : Oid oid;
5227 :
5228 6996 : switch (role->roletype)
5229 : {
5230 : case ROLESPEC_CSTRING:
5231 : Assert(role->rolename);
5232 6730 : oid = get_role_oid(role->rolename, missing_ok);
5233 6686 : break;
5234 :
5235 : case ROLESPEC_CURRENT_USER:
5236 190 : oid = GetUserId();
5237 190 : break;
5238 :
5239 : case ROLESPEC_SESSION_USER:
5240 44 : oid = GetSessionUserId();
5241 44 : break;
5242 :
5243 : case ROLESPEC_PUBLIC:
5244 32 : ereport(ERROR,
5245 : (errcode(ERRCODE_UNDEFINED_OBJECT),
5246 : errmsg("role \"%s\" does not exist", "public")));
5247 : oid = InvalidOid; /* make compiler happy */
5248 : break;
5249 :
5250 : default:
5251 0 : elog(ERROR, "unexpected role type %d", role->roletype);
5252 : }
5253 :
5254 6920 : return oid;
5255 : }
5256 :
5257 : /*
5258 : * Given a RoleSpec node, return the pg_authid HeapTuple it corresponds to.
5259 : * Caller must ReleaseSysCache when done with the result tuple.
5260 : */
5261 : HeapTuple
5262 376 : get_rolespec_tuple(const RoleSpec *role)
5263 : {
5264 : HeapTuple tuple;
5265 :
5266 376 : switch (role->roletype)
5267 : {
5268 : case ROLESPEC_CSTRING:
5269 : Assert(role->rolename);
5270 300 : tuple = SearchSysCache1(AUTHNAME, CStringGetDatum(role->rolename));
5271 300 : if (!HeapTupleIsValid(tuple))
5272 24 : ereport(ERROR,
5273 : (errcode(ERRCODE_UNDEFINED_OBJECT),
5274 : errmsg("role \"%s\" does not exist", role->rolename)));
5275 276 : break;
5276 :
5277 : case ROLESPEC_CURRENT_USER:
5278 28 : tuple = SearchSysCache1(AUTHOID, GetUserId());
5279 28 : if (!HeapTupleIsValid(tuple))
5280 0 : elog(ERROR, "cache lookup failed for role %u", GetUserId());
5281 28 : break;
5282 :
5283 : case ROLESPEC_SESSION_USER:
5284 24 : tuple = SearchSysCache1(AUTHOID, GetSessionUserId());
5285 24 : if (!HeapTupleIsValid(tuple))
5286 0 : elog(ERROR, "cache lookup failed for role %u", GetSessionUserId());
5287 24 : break;
5288 :
5289 : case ROLESPEC_PUBLIC:
5290 24 : ereport(ERROR,
5291 : (errcode(ERRCODE_UNDEFINED_OBJECT),
5292 : errmsg("role \"%s\" does not exist", "public")));
5293 : tuple = NULL; /* make compiler happy */
5294 : break;
5295 :
5296 : default:
5297 0 : elog(ERROR, "unexpected role type %d", role->roletype);
5298 : }
5299 :
5300 328 : return tuple;
5301 : }
5302 :
5303 : /*
5304 : * Given a RoleSpec, returns a palloc'ed copy of the corresponding role's name.
5305 : */
5306 : char *
5307 12 : get_rolespec_name(const RoleSpec *role)
5308 : {
5309 : HeapTuple tp;
5310 : Form_pg_authid authForm;
5311 : char *rolename;
5312 :
5313 12 : tp = get_rolespec_tuple(role);
5314 12 : authForm = (Form_pg_authid) GETSTRUCT(tp);
5315 12 : rolename = pstrdup(NameStr(authForm->rolname));
5316 12 : ReleaseSysCache(tp);
5317 :
5318 12 : return rolename;
5319 : }
5320 :
5321 : /*
5322 : * Given a RoleSpec, throw an error if the name is reserved, using detail_msg,
5323 : * if provided.
5324 : *
5325 : * If node is NULL, no error is thrown. If detail_msg is NULL then no detail
5326 : * message is provided.
5327 : */
5328 : void
5329 356 : check_rolespec_name(const RoleSpec *role, const char *detail_msg)
5330 : {
5331 356 : if (!role)
5332 0 : return;
5333 :
5334 356 : if (role->roletype != ROLESPEC_CSTRING)
5335 76 : return;
5336 :
5337 280 : if (IsReservedName(role->rolename))
5338 : {
5339 0 : if (detail_msg)
5340 0 : ereport(ERROR,
5341 : (errcode(ERRCODE_RESERVED_NAME),
5342 : errmsg("role name \"%s\" is reserved",
5343 : role->rolename),
5344 : errdetail("%s", detail_msg)));
5345 : else
5346 0 : ereport(ERROR,
5347 : (errcode(ERRCODE_RESERVED_NAME),
5348 : errmsg("role name \"%s\" is reserved",
5349 : role->rolename)));
5350 : }
5351 : }
|
