Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * acl.c
4 : * Basic access control list data structures manipulation routines.
5 : *
6 : * Portions Copyright (c) 1996-2022, PostgreSQL Global Development Group
7 : * Portions Copyright (c) 1994, Regents of the University of California
8 : *
9 : *
10 : * IDENTIFICATION
11 : * src/backend/utils/adt/acl.c
12 : *
13 : *-------------------------------------------------------------------------
14 : */
15 : #include "postgres.h"
16 :
17 : #include <ctype.h>
18 :
19 : #include "access/htup_details.h"
20 : #include "catalog/catalog.h"
21 : #include "catalog/namespace.h"
22 : #include "catalog/pg_auth_members.h"
23 : #include "catalog/pg_authid.h"
24 : #include "catalog/pg_class.h"
25 : #include "catalog/pg_database.h"
26 : #include "catalog/pg_parameter_acl.h"
27 : #include "catalog/pg_type.h"
28 : #include "commands/dbcommands.h"
29 : #include "commands/proclang.h"
30 : #include "commands/tablespace.h"
31 : #include "common/hashfn.h"
32 : #include "foreign/foreign.h"
33 : #include "funcapi.h"
34 : #include "lib/qunique.h"
35 : #include "miscadmin.h"
36 : #include "utils/acl.h"
37 : #include "utils/array.h"
38 : #include "utils/builtins.h"
39 : #include "utils/catcache.h"
40 : #include "utils/guc.h"
41 : #include "utils/inval.h"
42 : #include "utils/lsyscache.h"
43 : #include "utils/memutils.h"
44 : #include "utils/syscache.h"
45 : #include "utils/varlena.h"
46 :
47 : typedef struct
48 : {
49 : const char *name;
50 : AclMode value;
51 : } priv_map;
52 :
53 : /*
54 : * We frequently need to test whether a given role is a member of some other
55 : * role. In most of these tests the "given role" is the same, namely the
56 : * active current user. So we can optimize it by keeping cached lists of all
57 : * the roles the "given role" is a member of, directly or indirectly.
58 : *
59 : * Possibly this mechanism should be generalized to allow caching membership
60 : * info for multiple roles?
61 : *
62 : * Each element of cached_roles is an OID list of constituent roles for the
63 : * corresponding element of cached_role (always including the cached_role
64 : * itself). One cache has ROLERECURSE_PRIVS semantics, and the other has
65 : * ROLERECURSE_MEMBERS semantics.
66 : */
67 : enum RoleRecurseType
68 : {
69 : ROLERECURSE_PRIVS = 0, /* recurse if rolinherit */
70 : ROLERECURSE_MEMBERS = 1 /* recurse unconditionally */
71 : };
72 : static Oid cached_role[] = {InvalidOid, InvalidOid};
73 : static List *cached_roles[] = {NIL, NIL};
74 : static uint32 cached_db_hash;
75 :
76 :
77 : static const char *getid(const char *s, char *n);
78 : static void putid(char *p, const char *s);
79 : static Acl *allocacl(int n);
80 : static void check_acl(const Acl *acl);
81 : static const char *aclparse(const char *s, AclItem *aip);
82 : static bool aclitem_match(const AclItem *a1, const AclItem *a2);
83 : static int aclitemComparator(const void *arg1, const void *arg2);
84 : static void check_circularity(const Acl *old_acl, const AclItem *mod_aip,
85 : Oid ownerId);
86 : static Acl *recursive_revoke(Acl *acl, Oid grantee, AclMode revoke_privs,
87 : Oid ownerId, DropBehavior behavior);
88 :
89 : static AclMode convert_priv_string(text *priv_type_text);
90 : static AclMode convert_any_priv_string(text *priv_type_text,
91 : const priv_map *privileges);
92 :
93 : static Oid convert_table_name(text *tablename);
94 : static AclMode convert_table_priv_string(text *priv_type_text);
95 : static AclMode convert_sequence_priv_string(text *priv_type_text);
96 : static AttrNumber convert_column_name(Oid tableoid, text *column);
97 : static AclMode convert_column_priv_string(text *priv_type_text);
98 : static Oid convert_database_name(text *databasename);
99 : static AclMode convert_database_priv_string(text *priv_type_text);
100 : static Oid convert_foreign_data_wrapper_name(text *fdwname);
101 : static AclMode convert_foreign_data_wrapper_priv_string(text *priv_type_text);
102 : static Oid convert_function_name(text *functionname);
103 : static AclMode convert_function_priv_string(text *priv_type_text);
104 : static Oid convert_language_name(text *languagename);
105 : static AclMode convert_language_priv_string(text *priv_type_text);
106 : static Oid convert_schema_name(text *schemaname);
107 : static AclMode convert_schema_priv_string(text *priv_type_text);
108 : static Oid convert_server_name(text *servername);
109 : static AclMode convert_server_priv_string(text *priv_type_text);
110 : static Oid convert_tablespace_name(text *tablespacename);
111 : static AclMode convert_tablespace_priv_string(text *priv_type_text);
112 : static Oid convert_type_name(text *typename);
113 : static AclMode convert_type_priv_string(text *priv_type_text);
114 : static AclMode convert_parameter_priv_string(text *priv_text);
115 : static AclMode convert_role_priv_string(text *priv_type_text);
116 : static AclResult pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode);
117 :
118 : static void RoleMembershipCacheCallback(Datum arg, int cacheid, uint32 hashvalue);
119 :
120 :
121 : /*
122 : * getid
123 : * Consumes the first alphanumeric string (identifier) found in string
124 : * 's', ignoring any leading white space. If it finds a double quote
125 : * it returns the word inside the quotes.
126 : *
127 : * RETURNS:
128 : * the string position in 's' that points to the next non-space character
129 : * in 's', after any quotes. Also:
130 : * - loads the identifier into 'n'. (If no identifier is found, 'n'
131 : * contains an empty string.) 'n' must be NAMEDATALEN bytes.
132 : */
133 : static const char *
134 1076 : getid(const char *s, char *n)
135 : {
136 1076 : int len = 0;
137 1076 : bool in_quotes = false;
138 :
139 : Assert(s && n);
140 :
141 1076 : while (isspace((unsigned char) *s))
142 0 : s++;
143 : /* This code had better match what putid() does, below */
144 1076 : for (;
145 6492 : *s != '\0' &&
146 5954 : (isalnum((unsigned char) *s) ||
147 1604 : *s == '_' ||
148 1602 : *s == '"' ||
149 : in_quotes);
150 5416 : s++)
151 : {
152 5416 : if (*s == '"')
153 : {
154 : /* safe to look at next char (could be '\0' though) */
155 1064 : if (*(s + 1) != '"')
156 : {
157 1064 : in_quotes = !in_quotes;
158 1064 : continue;
159 : }
160 : /* it's an escaped double quote; skip the escaping char */
161 0 : s++;
162 : }
163 :
164 : /* Add the character to the string */
165 4352 : if (len >= NAMEDATALEN - 1)
166 0 : ereport(ERROR,
167 : (errcode(ERRCODE_NAME_TOO_LONG),
168 : errmsg("identifier too long"),
169 : errdetail("Identifier must be less than %d characters.",
170 : NAMEDATALEN)));
171 :
172 4352 : n[len++] = *s;
173 : }
174 1076 : n[len] = '\0';
175 1076 : while (isspace((unsigned char) *s))
176 0 : s++;
177 1076 : return s;
178 : }
179 :
180 : /*
181 : * Write a role name at *p, adding double quotes if needed.
182 : * There must be at least (2*NAMEDATALEN)+2 bytes available at *p.
183 : * This needs to be kept in sync with copyAclUserName in pg_dump/dumputils.c
184 : */
185 : static void
186 857844 : putid(char *p, const char *s)
187 : {
188 : const char *src;
189 857844 : bool safe = true;
190 :
191 8243578 : for (src = s; *src; src++)
192 : {
193 : /* This test had better match what getid() does, above */
194 7385996 : if (!isalnum((unsigned char) *src) && *src != '_')
195 : {
196 262 : safe = false;
197 262 : break;
198 : }
199 : }
200 857844 : if (!safe)
201 262 : *p++ = '"';
202 8245936 : for (src = s; *src; src++)
203 : {
204 : /* A double quote character in a username is encoded as "" */
205 7388092 : if (*src == '"')
206 262 : *p++ = '"';
207 7388092 : *p++ = *src;
208 : }
209 857844 : if (!safe)
210 262 : *p++ = '"';
211 857844 : *p = '\0';
212 857844 : }
213 :
214 : /*
215 : * aclparse
216 : * Consumes and parses an ACL specification of the form:
217 : * [group|user] [A-Za-z0-9]*=[rwaR]*
218 : * from string 's', ignoring any leading white space or white space
219 : * between the optional id type keyword (group|user) and the actual
220 : * ACL specification.
221 : *
222 : * The group|user decoration is unnecessary in the roles world,
223 : * but we still accept it for backward compatibility.
224 : *
225 : * This routine is called by the parser as well as aclitemin(), hence
226 : * the added generality.
227 : *
228 : * RETURNS:
229 : * the string position in 's' immediately following the ACL
230 : * specification. Also:
231 : * - loads the structure pointed to by 'aip' with the appropriate
232 : * UID/GID, id type identifier and mode type values.
233 : */
234 : static const char *
235 538 : aclparse(const char *s, AclItem *aip)
236 : {
237 : AclMode privs,
238 : goption,
239 : read;
240 : char name[NAMEDATALEN];
241 : char name2[NAMEDATALEN];
242 :
243 : Assert(s && aip);
244 :
245 538 : s = getid(s, name);
246 538 : if (*s != '=')
247 : {
248 : /* we just read a keyword, not a name */
249 0 : if (strcmp(name, "group") != 0 && strcmp(name, "user") != 0)
250 0 : ereport(ERROR,
251 : (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
252 : errmsg("unrecognized key word: \"%s\"", name),
253 : errhint("ACL key word must be \"group\" or \"user\".")));
254 0 : s = getid(s, name); /* move s to the name beyond the keyword */
255 0 : if (name[0] == '\0')
256 0 : ereport(ERROR,
257 : (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
258 : errmsg("missing name"),
259 : errhint("A name must follow the \"group\" or \"user\" key word.")));
260 : }
261 :
262 538 : if (*s != '=')
263 0 : ereport(ERROR,
264 : (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
265 : errmsg("missing \"=\" sign")));
266 :
267 538 : privs = goption = ACL_NO_RIGHTS;
268 :
269 1082 : for (++s, read = 0; isalpha((unsigned char) *s) || *s == '*'; s++)
270 : {
271 544 : switch (*s)
272 : {
273 0 : case '*':
274 0 : goption |= read;
275 0 : break;
276 0 : case ACL_INSERT_CHR:
277 0 : read = ACL_INSERT;
278 0 : break;
279 532 : case ACL_SELECT_CHR:
280 532 : read = ACL_SELECT;
281 532 : break;
282 0 : case ACL_UPDATE_CHR:
283 0 : read = ACL_UPDATE;
284 0 : break;
285 0 : case ACL_DELETE_CHR:
286 0 : read = ACL_DELETE;
287 0 : break;
288 0 : case ACL_TRUNCATE_CHR:
289 0 : read = ACL_TRUNCATE;
290 0 : break;
291 0 : case ACL_REFERENCES_CHR:
292 0 : read = ACL_REFERENCES;
293 0 : break;
294 0 : case ACL_TRIGGER_CHR:
295 0 : read = ACL_TRIGGER;
296 0 : break;
297 0 : case ACL_EXECUTE_CHR:
298 0 : read = ACL_EXECUTE;
299 0 : break;
300 6 : case ACL_USAGE_CHR:
301 6 : read = ACL_USAGE;
302 6 : break;
303 6 : case ACL_CREATE_CHR:
304 6 : read = ACL_CREATE;
305 6 : break;
306 0 : case ACL_CREATE_TEMP_CHR:
307 0 : read = ACL_CREATE_TEMP;
308 0 : break;
309 0 : case ACL_CONNECT_CHR:
310 0 : read = ACL_CONNECT;
311 0 : break;
312 0 : case ACL_SET_CHR:
313 0 : read = ACL_SET;
314 0 : break;
315 0 : case ACL_ALTER_SYSTEM_CHR:
316 0 : read = ACL_ALTER_SYSTEM;
317 0 : break;
318 0 : case 'R': /* ignore old RULE privileges */
319 0 : read = 0;
320 0 : break;
321 0 : default:
322 0 : ereport(ERROR,
323 : (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
324 : errmsg("invalid mode character: must be one of \"%s\"",
325 : ACL_ALL_RIGHTS_STR)));
326 : }
327 :
328 544 : privs |= read;
329 : }
330 :
331 538 : if (name[0] == '\0')
332 532 : aip->ai_grantee = ACL_ID_PUBLIC;
333 : else
334 6 : aip->ai_grantee = get_role_oid(name, false);
335 :
336 : /*
337 : * XXX Allow a degree of backward compatibility by defaulting the grantor
338 : * to the superuser.
339 : */
340 538 : if (*s == '/')
341 : {
342 538 : s = getid(s + 1, name2);
343 538 : if (name2[0] == '\0')
344 0 : ereport(ERROR,
345 : (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
346 : errmsg("a name must follow the \"/\" sign")));
347 538 : aip->ai_grantor = get_role_oid(name2, false);
348 : }
349 : else
350 : {
351 0 : aip->ai_grantor = BOOTSTRAP_SUPERUSERID;
352 0 : ereport(WARNING,
353 : (errcode(ERRCODE_INVALID_GRANTOR),
354 : errmsg("defaulting grantor to user ID %u",
355 : BOOTSTRAP_SUPERUSERID)));
356 : }
357 :
358 538 : ACLITEM_SET_PRIVS_GOPTIONS(*aip, privs, goption);
359 :
360 538 : return s;
361 : }
362 :
363 : /*
364 : * allocacl
365 : * Allocates storage for a new Acl with 'n' entries.
366 : *
367 : * RETURNS:
368 : * the new Acl
369 : */
370 : static Acl *
371 804760 : allocacl(int n)
372 : {
373 : Acl *new_acl;
374 : Size size;
375 :
376 804760 : if (n < 0)
377 0 : elog(ERROR, "invalid size: %d", n);
378 804760 : size = ACL_N_SIZE(n);
379 804760 : new_acl = (Acl *) palloc0(size);
380 804760 : SET_VARSIZE(new_acl, size);
381 804760 : new_acl->ndim = 1;
382 804760 : new_acl->dataoffset = 0; /* we never put in any nulls */
383 804760 : new_acl->elemtype = ACLITEMOID;
384 804760 : ARR_LBOUND(new_acl)[0] = 1;
385 804760 : ARR_DIMS(new_acl)[0] = n;
386 804760 : return new_acl;
387 : }
388 :
389 : /*
390 : * Create a zero-entry ACL
391 : */
392 : Acl *
393 60 : make_empty_acl(void)
394 : {
395 60 : return allocacl(0);
396 : }
397 :
398 : /*
399 : * Copy an ACL
400 : */
401 : Acl *
402 44620 : aclcopy(const Acl *orig_acl)
403 : {
404 : Acl *result_acl;
405 :
406 44620 : result_acl = allocacl(ACL_NUM(orig_acl));
407 :
408 44620 : memcpy(ACL_DAT(result_acl),
409 44620 : ACL_DAT(orig_acl),
410 44620 : ACL_NUM(orig_acl) * sizeof(AclItem));
411 :
412 44620 : return result_acl;
413 : }
414 :
415 : /*
416 : * Concatenate two ACLs
417 : *
418 : * This is a bit cheesy, since we may produce an ACL with redundant entries.
419 : * Be careful what the result is used for!
420 : */
421 : Acl *
422 93110 : aclconcat(const Acl *left_acl, const Acl *right_acl)
423 : {
424 : Acl *result_acl;
425 :
426 93110 : result_acl = allocacl(ACL_NUM(left_acl) + ACL_NUM(right_acl));
427 :
428 93110 : memcpy(ACL_DAT(result_acl),
429 93110 : ACL_DAT(left_acl),
430 93110 : ACL_NUM(left_acl) * sizeof(AclItem));
431 :
432 93110 : memcpy(ACL_DAT(result_acl) + ACL_NUM(left_acl),
433 93110 : ACL_DAT(right_acl),
434 93110 : ACL_NUM(right_acl) * sizeof(AclItem));
435 :
436 93110 : return result_acl;
437 : }
438 :
439 : /*
440 : * Merge two ACLs
441 : *
442 : * This produces a properly merged ACL with no redundant entries.
443 : * Returns NULL on NULL input.
444 : */
445 : Acl *
446 192 : aclmerge(const Acl *left_acl, const Acl *right_acl, Oid ownerId)
447 : {
448 : Acl *result_acl;
449 : AclItem *aip;
450 : int i,
451 : num;
452 :
453 : /* Check for cases where one or both are empty/null */
454 192 : if (left_acl == NULL || ACL_NUM(left_acl) == 0)
455 : {
456 0 : if (right_acl == NULL || ACL_NUM(right_acl) == 0)
457 0 : return NULL;
458 : else
459 0 : return aclcopy(right_acl);
460 : }
461 : else
462 : {
463 192 : if (right_acl == NULL || ACL_NUM(right_acl) == 0)
464 138 : return aclcopy(left_acl);
465 : }
466 :
467 : /* Merge them the hard way, one item at a time */
468 54 : result_acl = aclcopy(left_acl);
469 :
470 54 : aip = ACL_DAT(right_acl);
471 54 : num = ACL_NUM(right_acl);
472 :
473 126 : for (i = 0; i < num; i++, aip++)
474 : {
475 : Acl *tmp_acl;
476 :
477 72 : tmp_acl = aclupdate(result_acl, aip, ACL_MODECHG_ADD,
478 : ownerId, DROP_RESTRICT);
479 72 : pfree(result_acl);
480 72 : result_acl = tmp_acl;
481 : }
482 :
483 54 : return result_acl;
484 : }
485 :
486 : /*
487 : * Sort the items in an ACL (into an arbitrary but consistent order)
488 : */
489 : void
490 764 : aclitemsort(Acl *acl)
491 : {
492 764 : if (acl != NULL && ACL_NUM(acl) > 1)
493 200 : qsort(ACL_DAT(acl), ACL_NUM(acl), sizeof(AclItem), aclitemComparator);
494 764 : }
495 :
496 : /*
497 : * Check if two ACLs are exactly equal
498 : *
499 : * This will not detect equality if the two arrays contain the same items
500 : * in different orders. To handle that case, sort both inputs first,
501 : * using aclitemsort().
502 : */
503 : bool
504 514 : aclequal(const Acl *left_acl, const Acl *right_acl)
505 : {
506 : /* Check for cases where one or both are empty/null */
507 514 : if (left_acl == NULL || ACL_NUM(left_acl) == 0)
508 : {
509 2 : if (right_acl == NULL || ACL_NUM(right_acl) == 0)
510 2 : return true;
511 : else
512 0 : return false;
513 : }
514 : else
515 : {
516 512 : if (right_acl == NULL || ACL_NUM(right_acl) == 0)
517 52 : return false;
518 : }
519 :
520 460 : if (ACL_NUM(left_acl) != ACL_NUM(right_acl))
521 186 : return false;
522 :
523 274 : if (memcmp(ACL_DAT(left_acl),
524 274 : ACL_DAT(right_acl),
525 274 : ACL_NUM(left_acl) * sizeof(AclItem)) == 0)
526 134 : return true;
527 :
528 140 : return false;
529 : }
530 :
531 : /*
532 : * Verify that an ACL array is acceptable (one-dimensional and has no nulls)
533 : */
534 : static void
535 370818 : check_acl(const Acl *acl)
536 : {
537 370818 : if (ARR_ELEMTYPE(acl) != ACLITEMOID)
538 0 : ereport(ERROR,
539 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
540 : errmsg("ACL array contains wrong data type")));
541 370818 : if (ARR_NDIM(acl) != 1)
542 0 : ereport(ERROR,
543 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
544 : errmsg("ACL arrays must be one-dimensional")));
545 370818 : if (ARR_HASNULL(acl))
546 0 : ereport(ERROR,
547 : (errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED),
548 : errmsg("ACL arrays must not contain null values")));
549 370818 : }
550 :
551 : /*
552 : * aclitemin
553 : * Allocates storage for, and fills in, a new AclItem given a string
554 : * 's' that contains an ACL specification. See aclparse for details.
555 : *
556 : * RETURNS:
557 : * the new AclItem
558 : */
559 : Datum
560 538 : aclitemin(PG_FUNCTION_ARGS)
561 : {
562 538 : const char *s = PG_GETARG_CSTRING(0);
563 : AclItem *aip;
564 :
565 538 : aip = (AclItem *) palloc(sizeof(AclItem));
566 538 : s = aclparse(s, aip);
567 538 : while (isspace((unsigned char) *s))
568 0 : ++s;
569 538 : if (*s)
570 0 : ereport(ERROR,
571 : (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
572 : errmsg("extra garbage at the end of the ACL specification")));
573 :
574 538 : PG_RETURN_ACLITEM_P(aip);
575 : }
576 :
577 : /*
578 : * aclitemout
579 : * Allocates storage for, and fills in, a new null-delimited string
580 : * containing a formatted ACL specification. See aclparse for details.
581 : *
582 : * RETURNS:
583 : * the new string
584 : */
585 : Datum
586 547336 : aclitemout(PG_FUNCTION_ARGS)
587 : {
588 547336 : AclItem *aip = PG_GETARG_ACLITEM_P(0);
589 : char *p;
590 : char *out;
591 : HeapTuple htup;
592 : unsigned i;
593 :
594 547336 : out = palloc(strlen("=/") +
595 : 2 * N_ACL_RIGHTS +
596 : 2 * (2 * NAMEDATALEN + 2) +
597 : 1);
598 :
599 547336 : p = out;
600 547336 : *p = '\0';
601 :
602 547336 : if (aip->ai_grantee != ACL_ID_PUBLIC)
603 : {
604 310508 : htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantee));
605 310508 : if (HeapTupleIsValid(htup))
606 : {
607 310508 : putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
608 310508 : ReleaseSysCache(htup);
609 : }
610 : else
611 : {
612 : /* Generate numeric OID if we don't find an entry */
613 0 : sprintf(p, "%u", aip->ai_grantee);
614 : }
615 : }
616 3248452 : while (*p)
617 2701116 : ++p;
618 :
619 547336 : *p++ = '=';
620 :
621 8210040 : for (i = 0; i < N_ACL_RIGHTS; ++i)
622 : {
623 7662704 : if (ACLITEM_GET_PRIVS(*aip) & (1 << i))
624 1325458 : *p++ = ACL_ALL_RIGHTS_STR[i];
625 7662704 : if (ACLITEM_GET_GOPTIONS(*aip) & (1 << i))
626 294 : *p++ = '*';
627 : }
628 :
629 547336 : *p++ = '/';
630 547336 : *p = '\0';
631 :
632 547336 : htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantor));
633 547336 : if (HeapTupleIsValid(htup))
634 : {
635 547336 : putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
636 547336 : ReleaseSysCache(htup);
637 : }
638 : else
639 : {
640 : /* Generate numeric OID if we don't find an entry */
641 0 : sprintf(p, "%u", aip->ai_grantor);
642 : }
643 :
644 547336 : PG_RETURN_CSTRING(out);
645 : }
646 :
647 : /*
648 : * aclitem_match
649 : * Two AclItems are considered to match iff they have the same
650 : * grantee and grantor; the privileges are ignored.
651 : */
652 : static bool
653 86738 : aclitem_match(const AclItem *a1, const AclItem *a2)
654 : {
655 121268 : return a1->ai_grantee == a2->ai_grantee &&
656 34530 : a1->ai_grantor == a2->ai_grantor;
657 : }
658 :
659 : /*
660 : * aclitemComparator
661 : * qsort comparison function for AclItems
662 : */
663 : static int
664 218 : aclitemComparator(const void *arg1, const void *arg2)
665 : {
666 218 : const AclItem *a1 = (const AclItem *) arg1;
667 218 : const AclItem *a2 = (const AclItem *) arg2;
668 :
669 218 : if (a1->ai_grantee > a2->ai_grantee)
670 42 : return 1;
671 176 : if (a1->ai_grantee < a2->ai_grantee)
672 176 : return -1;
673 0 : if (a1->ai_grantor > a2->ai_grantor)
674 0 : return 1;
675 0 : if (a1->ai_grantor < a2->ai_grantor)
676 0 : return -1;
677 0 : if (a1->ai_privs > a2->ai_privs)
678 0 : return 1;
679 0 : if (a1->ai_privs < a2->ai_privs)
680 0 : return -1;
681 0 : return 0;
682 : }
683 :
684 : /*
685 : * aclitem equality operator
686 : */
687 : Datum
688 530152 : aclitem_eq(PG_FUNCTION_ARGS)
689 : {
690 530152 : AclItem *a1 = PG_GETARG_ACLITEM_P(0);
691 530152 : AclItem *a2 = PG_GETARG_ACLITEM_P(1);
692 : bool result;
693 :
694 1548410 : result = a1->ai_privs == a2->ai_privs &&
695 1011942 : a1->ai_grantee == a2->ai_grantee &&
696 481790 : a1->ai_grantor == a2->ai_grantor;
697 530152 : PG_RETURN_BOOL(result);
698 : }
699 :
700 : /*
701 : * aclitem hash function
702 : *
703 : * We make aclitems hashable not so much because anyone is likely to hash
704 : * them, as because we want array equality to work on aclitem arrays, and
705 : * with the typcache mechanism we must have a hash or btree opclass.
706 : */
707 : Datum
708 134218 : hash_aclitem(PG_FUNCTION_ARGS)
709 : {
710 134218 : AclItem *a = PG_GETARG_ACLITEM_P(0);
711 :
712 : /* not very bright, but avoids any issue of padding in struct */
713 134218 : PG_RETURN_UINT32((uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor));
714 : }
715 :
716 : /*
717 : * 64-bit hash function for aclitem.
718 : *
719 : * Similar to hash_aclitem, but accepts a seed and returns a uint64 value.
720 : */
721 : Datum
722 12 : hash_aclitem_extended(PG_FUNCTION_ARGS)
723 : {
724 12 : AclItem *a = PG_GETARG_ACLITEM_P(0);
725 12 : uint64 seed = PG_GETARG_INT64(1);
726 12 : uint32 sum = (uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor);
727 :
728 12 : return (seed == 0) ? UInt64GetDatum(sum) : hash_uint32_extended(sum, seed);
729 : }
730 :
731 : /*
732 : * acldefault() --- create an ACL describing default access permissions
733 : *
734 : * Change this routine if you want to alter the default access policy for
735 : * newly-created objects (or any object with a NULL acl entry). When
736 : * you make a change here, don't forget to update the GRANT man page,
737 : * which explains all the default permissions.
738 : *
739 : * Note that these are the hard-wired "defaults" that are used in the
740 : * absence of any pg_default_acl entry.
741 : */
742 : Acl *
743 489268 : acldefault(ObjectType objtype, Oid ownerId)
744 : {
745 : AclMode world_default;
746 : AclMode owner_default;
747 : int nacl;
748 : Acl *acl;
749 : AclItem *aip;
750 :
751 489268 : switch (objtype)
752 : {
753 92808 : case OBJECT_COLUMN:
754 : /* by default, columns have no extra privileges */
755 92808 : world_default = ACL_NO_RIGHTS;
756 92808 : owner_default = ACL_NO_RIGHTS;
757 92808 : break;
758 167378 : case OBJECT_TABLE:
759 167378 : world_default = ACL_NO_RIGHTS;
760 167378 : owner_default = ACL_ALL_RIGHTS_RELATION;
761 167378 : break;
762 940 : case OBJECT_SEQUENCE:
763 940 : world_default = ACL_NO_RIGHTS;
764 940 : owner_default = ACL_ALL_RIGHTS_SEQUENCE;
765 940 : break;
766 1564 : case OBJECT_DATABASE:
767 : /* for backwards compatibility, grant some rights by default */
768 1564 : world_default = ACL_CREATE_TEMP | ACL_CONNECT;
769 1564 : owner_default = ACL_ALL_RIGHTS_DATABASE;
770 1564 : break;
771 66232 : case OBJECT_FUNCTION:
772 : /* Grant EXECUTE by default, for now */
773 66232 : world_default = ACL_EXECUTE;
774 66232 : owner_default = ACL_ALL_RIGHTS_FUNCTION;
775 66232 : break;
776 490 : case OBJECT_LANGUAGE:
777 : /* Grant USAGE by default, for now */
778 490 : world_default = ACL_USAGE;
779 490 : owner_default = ACL_ALL_RIGHTS_LANGUAGE;
780 490 : break;
781 168 : case OBJECT_LARGEOBJECT:
782 168 : world_default = ACL_NO_RIGHTS;
783 168 : owner_default = ACL_ALL_RIGHTS_LARGEOBJECT;
784 168 : break;
785 3324 : case OBJECT_SCHEMA:
786 3324 : world_default = ACL_NO_RIGHTS;
787 3324 : owner_default = ACL_ALL_RIGHTS_SCHEMA;
788 3324 : break;
789 18 : case OBJECT_TABLESPACE:
790 18 : world_default = ACL_NO_RIGHTS;
791 18 : owner_default = ACL_ALL_RIGHTS_TABLESPACE;
792 18 : break;
793 112 : case OBJECT_FDW:
794 112 : world_default = ACL_NO_RIGHTS;
795 112 : owner_default = ACL_ALL_RIGHTS_FDW;
796 112 : break;
797 232 : case OBJECT_FOREIGN_SERVER:
798 232 : world_default = ACL_NO_RIGHTS;
799 232 : owner_default = ACL_ALL_RIGHTS_FOREIGN_SERVER;
800 232 : break;
801 155770 : case OBJECT_DOMAIN:
802 : case OBJECT_TYPE:
803 155770 : world_default = ACL_USAGE;
804 155770 : owner_default = ACL_ALL_RIGHTS_TYPE;
805 155770 : break;
806 232 : case OBJECT_PARAMETER_ACL:
807 232 : world_default = ACL_NO_RIGHTS;
808 232 : owner_default = ACL_ALL_RIGHTS_PARAMETER_ACL;
809 232 : break;
810 0 : default:
811 0 : elog(ERROR, "unrecognized objtype: %d", (int) objtype);
812 : world_default = ACL_NO_RIGHTS; /* keep compiler quiet */
813 : owner_default = ACL_NO_RIGHTS;
814 : break;
815 : }
816 :
817 489268 : nacl = 0;
818 489268 : if (world_default != ACL_NO_RIGHTS)
819 224056 : nacl++;
820 489268 : if (owner_default != ACL_NO_RIGHTS)
821 396460 : nacl++;
822 :
823 489268 : acl = allocacl(nacl);
824 489268 : aip = ACL_DAT(acl);
825 :
826 489268 : if (world_default != ACL_NO_RIGHTS)
827 : {
828 224056 : aip->ai_grantee = ACL_ID_PUBLIC;
829 224056 : aip->ai_grantor = ownerId;
830 224056 : ACLITEM_SET_PRIVS_GOPTIONS(*aip, world_default, ACL_NO_RIGHTS);
831 224056 : aip++;
832 : }
833 :
834 : /*
835 : * Note that the owner's entry shows all ordinary privileges but no grant
836 : * options. This is because his grant options come "from the system" and
837 : * not from his own efforts. (The SQL spec says that the owner's rights
838 : * come from a "_SYSTEM" authid.) However, we do consider that the
839 : * owner's ordinary privileges are self-granted; this lets him revoke
840 : * them. We implement the owner's grant options without any explicit
841 : * "_SYSTEM"-like ACL entry, by internally special-casing the owner
842 : * wherever we are testing grant options.
843 : */
844 489268 : if (owner_default != ACL_NO_RIGHTS)
845 : {
846 396460 : aip->ai_grantee = ownerId;
847 396460 : aip->ai_grantor = ownerId;
848 396460 : ACLITEM_SET_PRIVS_GOPTIONS(*aip, owner_default, ACL_NO_RIGHTS);
849 : }
850 :
851 489268 : return acl;
852 : }
853 :
854 :
855 : /*
856 : * SQL-accessible version of acldefault(). Hackish mapping from "char" type to
857 : * OBJECT_* values.
858 : */
859 : Datum
860 282766 : acldefault_sql(PG_FUNCTION_ARGS)
861 : {
862 282766 : char objtypec = PG_GETARG_CHAR(0);
863 282766 : Oid owner = PG_GETARG_OID(1);
864 282766 : ObjectType objtype = 0;
865 :
866 282766 : switch (objtypec)
867 : {
868 0 : case 'c':
869 0 : objtype = OBJECT_COLUMN;
870 0 : break;
871 121280 : case 'r':
872 121280 : objtype = OBJECT_TABLE;
873 121280 : break;
874 812 : case 's':
875 812 : objtype = OBJECT_SEQUENCE;
876 812 : break;
877 88 : case 'd':
878 88 : objtype = OBJECT_DATABASE;
879 88 : break;
880 6682 : case 'f':
881 6682 : objtype = OBJECT_FUNCTION;
882 6682 : break;
883 286 : case 'l':
884 286 : objtype = OBJECT_LANGUAGE;
885 286 : break;
886 88 : case 'L':
887 88 : objtype = OBJECT_LARGEOBJECT;
888 88 : break;
889 1338 : case 'n':
890 1338 : objtype = OBJECT_SCHEMA;
891 1338 : break;
892 36 : case 'p':
893 36 : objtype = OBJECT_PARAMETER_ACL;
894 36 : break;
895 0 : case 't':
896 0 : objtype = OBJECT_TABLESPACE;
897 0 : break;
898 86 : case 'F':
899 86 : objtype = OBJECT_FDW;
900 86 : break;
901 94 : case 'S':
902 94 : objtype = OBJECT_FOREIGN_SERVER;
903 94 : break;
904 151976 : case 'T':
905 151976 : objtype = OBJECT_TYPE;
906 151976 : break;
907 0 : default:
908 0 : elog(ERROR, "unrecognized objtype abbreviation: %c", objtypec);
909 : }
910 :
911 282766 : PG_RETURN_ACL_P(acldefault(objtype, owner));
912 : }
913 :
914 :
915 : /*
916 : * Update an ACL array to add or remove specified privileges.
917 : *
918 : * old_acl: the input ACL array
919 : * mod_aip: defines the privileges to be added, removed, or substituted
920 : * modechg: ACL_MODECHG_ADD, ACL_MODECHG_DEL, or ACL_MODECHG_EQL
921 : * ownerId: Oid of object owner
922 : * behavior: RESTRICT or CASCADE behavior for recursive removal
923 : *
924 : * ownerid and behavior are only relevant when the update operation specifies
925 : * deletion of grant options.
926 : *
927 : * The result is a modified copy; the input object is not changed.
928 : *
929 : * NB: caller is responsible for having detoasted the input ACL, if needed.
930 : */
931 : Acl *
932 177652 : aclupdate(const Acl *old_acl, const AclItem *mod_aip,
933 : int modechg, Oid ownerId, DropBehavior behavior)
934 : {
935 177652 : Acl *new_acl = NULL;
936 : AclItem *old_aip,
937 177652 : *new_aip = NULL;
938 : AclMode old_rights,
939 : old_goptions,
940 : new_rights,
941 : new_goptions;
942 : int dst,
943 : num;
944 :
945 : /* Caller probably already checked old_acl, but be safe */
946 177652 : check_acl(old_acl);
947 :
948 : /* If granting grant options, check for circularity */
949 177652 : if (modechg != ACL_MODECHG_DEL &&
950 50944 : ACLITEM_GET_GOPTIONS(*mod_aip) != ACL_NO_RIGHTS)
951 74 : check_circularity(old_acl, mod_aip, ownerId);
952 :
953 177652 : num = ACL_NUM(old_acl);
954 177652 : old_aip = ACL_DAT(old_acl);
955 :
956 : /*
957 : * Search the ACL for an existing entry for this grantee and grantor. If
958 : * one exists, just modify the entry in-place (well, in the same position,
959 : * since we actually return a copy); otherwise, insert the new entry at
960 : * the end.
961 : */
962 :
963 229884 : for (dst = 0; dst < num; ++dst)
964 : {
965 86730 : if (aclitem_match(mod_aip, old_aip + dst))
966 : {
967 : /* found a match, so modify existing item */
968 34498 : new_acl = allocacl(num);
969 34498 : new_aip = ACL_DAT(new_acl);
970 34498 : memcpy(new_acl, old_acl, ACL_SIZE(old_acl));
971 34498 : break;
972 : }
973 : }
974 :
975 177652 : if (dst == num)
976 : {
977 : /* need to append a new item */
978 143154 : new_acl = allocacl(num + 1);
979 143154 : new_aip = ACL_DAT(new_acl);
980 143154 : memcpy(new_aip, old_aip, num * sizeof(AclItem));
981 :
982 : /* initialize the new entry with no permissions */
983 143154 : new_aip[dst].ai_grantee = mod_aip->ai_grantee;
984 143154 : new_aip[dst].ai_grantor = mod_aip->ai_grantor;
985 143154 : ACLITEM_SET_PRIVS_GOPTIONS(new_aip[dst],
986 : ACL_NO_RIGHTS, ACL_NO_RIGHTS);
987 143154 : num++; /* set num to the size of new_acl */
988 : }
989 :
990 177652 : old_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
991 177652 : old_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
992 :
993 : /* apply the specified permissions change */
994 177652 : switch (modechg)
995 : {
996 50944 : case ACL_MODECHG_ADD:
997 50944 : ACLITEM_SET_RIGHTS(new_aip[dst],
998 : old_rights | ACLITEM_GET_RIGHTS(*mod_aip));
999 50944 : break;
1000 126708 : case ACL_MODECHG_DEL:
1001 126708 : ACLITEM_SET_RIGHTS(new_aip[dst],
1002 : old_rights & ~ACLITEM_GET_RIGHTS(*mod_aip));
1003 126708 : break;
1004 0 : case ACL_MODECHG_EQL:
1005 0 : ACLITEM_SET_RIGHTS(new_aip[dst],
1006 : ACLITEM_GET_RIGHTS(*mod_aip));
1007 0 : break;
1008 : }
1009 :
1010 177652 : new_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
1011 177652 : new_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
1012 :
1013 : /*
1014 : * If the adjusted entry has no permissions, delete it from the list.
1015 : */
1016 177652 : if (new_rights == ACL_NO_RIGHTS)
1017 : {
1018 125548 : memmove(new_aip + dst,
1019 125548 : new_aip + dst + 1,
1020 125548 : (num - dst - 1) * sizeof(AclItem));
1021 : /* Adjust array size to be 'num - 1' items */
1022 125548 : ARR_DIMS(new_acl)[0] = num - 1;
1023 125548 : SET_VARSIZE(new_acl, ACL_N_SIZE(num - 1));
1024 : }
1025 :
1026 : /*
1027 : * Remove abandoned privileges (cascading revoke). Currently we can only
1028 : * handle this when the grantee is not PUBLIC.
1029 : */
1030 177652 : if ((old_goptions & ~new_goptions) != 0)
1031 : {
1032 : Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1033 78 : new_acl = recursive_revoke(new_acl, mod_aip->ai_grantee,
1034 78 : (old_goptions & ~new_goptions),
1035 : ownerId, behavior);
1036 : }
1037 :
1038 177640 : return new_acl;
1039 : }
1040 :
1041 : /*
1042 : * Update an ACL array to reflect a change of owner to the parent object
1043 : *
1044 : * old_acl: the input ACL array (must not be NULL)
1045 : * oldOwnerId: Oid of the old object owner
1046 : * newOwnerId: Oid of the new object owner
1047 : *
1048 : * The result is a modified copy; the input object is not changed.
1049 : *
1050 : * NB: caller is responsible for having detoasted the input ACL, if needed.
1051 : */
1052 : Acl *
1053 38 : aclnewowner(const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)
1054 : {
1055 : Acl *new_acl;
1056 : AclItem *new_aip;
1057 : AclItem *old_aip;
1058 : AclItem *dst_aip;
1059 : AclItem *src_aip;
1060 : AclItem *targ_aip;
1061 38 : bool newpresent = false;
1062 : int dst,
1063 : src,
1064 : targ,
1065 : num;
1066 :
1067 38 : check_acl(old_acl);
1068 :
1069 : /*
1070 : * Make a copy of the given ACL, substituting new owner ID for old
1071 : * wherever it appears as either grantor or grantee. Also note if the new
1072 : * owner ID is already present.
1073 : */
1074 38 : num = ACL_NUM(old_acl);
1075 38 : old_aip = ACL_DAT(old_acl);
1076 38 : new_acl = allocacl(num);
1077 38 : new_aip = ACL_DAT(new_acl);
1078 38 : memcpy(new_aip, old_aip, num * sizeof(AclItem));
1079 100 : for (dst = 0, dst_aip = new_aip; dst < num; dst++, dst_aip++)
1080 : {
1081 62 : if (dst_aip->ai_grantor == oldOwnerId)
1082 62 : dst_aip->ai_grantor = newOwnerId;
1083 0 : else if (dst_aip->ai_grantor == newOwnerId)
1084 0 : newpresent = true;
1085 62 : if (dst_aip->ai_grantee == oldOwnerId)
1086 38 : dst_aip->ai_grantee = newOwnerId;
1087 24 : else if (dst_aip->ai_grantee == newOwnerId)
1088 8 : newpresent = true;
1089 : }
1090 :
1091 : /*
1092 : * If the old ACL contained any references to the new owner, then we may
1093 : * now have generated an ACL containing duplicate entries. Find them and
1094 : * merge them so that there are not duplicates. (This is relatively
1095 : * expensive since we use a stupid O(N^2) algorithm, but it's unlikely to
1096 : * be the normal case.)
1097 : *
1098 : * To simplify deletion of duplicate entries, we temporarily leave them in
1099 : * the array but set their privilege masks to zero; when we reach such an
1100 : * entry it's just skipped. (Thus, a side effect of this code will be to
1101 : * remove privilege-free entries, should there be any in the input.) dst
1102 : * is the next output slot, targ is the currently considered input slot
1103 : * (always >= dst), and src scans entries to the right of targ looking for
1104 : * duplicates. Once an entry has been emitted to dst it is known
1105 : * duplicate-free and need not be considered anymore.
1106 : */
1107 38 : if (newpresent)
1108 : {
1109 8 : dst = 0;
1110 24 : for (targ = 0, targ_aip = new_aip; targ < num; targ++, targ_aip++)
1111 : {
1112 : /* ignore if deleted in an earlier pass */
1113 16 : if (ACLITEM_GET_RIGHTS(*targ_aip) == ACL_NO_RIGHTS)
1114 8 : continue;
1115 : /* find and merge any duplicates */
1116 16 : for (src = targ + 1, src_aip = targ_aip + 1; src < num;
1117 8 : src++, src_aip++)
1118 : {
1119 8 : if (ACLITEM_GET_RIGHTS(*src_aip) == ACL_NO_RIGHTS)
1120 0 : continue;
1121 8 : if (aclitem_match(targ_aip, src_aip))
1122 : {
1123 8 : ACLITEM_SET_RIGHTS(*targ_aip,
1124 : ACLITEM_GET_RIGHTS(*targ_aip) |
1125 : ACLITEM_GET_RIGHTS(*src_aip));
1126 : /* mark the duplicate deleted */
1127 8 : ACLITEM_SET_RIGHTS(*src_aip, ACL_NO_RIGHTS);
1128 : }
1129 : }
1130 : /* and emit to output */
1131 8 : new_aip[dst] = *targ_aip;
1132 8 : dst++;
1133 : }
1134 : /* Adjust array size to be 'dst' items */
1135 8 : ARR_DIMS(new_acl)[0] = dst;
1136 8 : SET_VARSIZE(new_acl, ACL_N_SIZE(dst));
1137 : }
1138 :
1139 38 : return new_acl;
1140 : }
1141 :
1142 :
1143 : /*
1144 : * When granting grant options, we must disallow attempts to set up circular
1145 : * chains of grant options. Suppose A (the object owner) grants B some
1146 : * privileges with grant option, and B re-grants them to C. If C could
1147 : * grant the privileges to B as well, then A would be unable to effectively
1148 : * revoke the privileges from B, since recursive_revoke would consider that
1149 : * B still has 'em from C.
1150 : *
1151 : * We check for this by recursively deleting all grant options belonging to
1152 : * the target grantee, and then seeing if the would-be grantor still has the
1153 : * grant option or not.
1154 : */
1155 : static void
1156 74 : check_circularity(const Acl *old_acl, const AclItem *mod_aip,
1157 : Oid ownerId)
1158 : {
1159 : Acl *acl;
1160 : AclItem *aip;
1161 : int i,
1162 : num;
1163 : AclMode own_privs;
1164 :
1165 74 : check_acl(old_acl);
1166 :
1167 : /*
1168 : * For now, grant options can only be granted to roles, not PUBLIC.
1169 : * Otherwise we'd have to work a bit harder here.
1170 : */
1171 : Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1172 :
1173 : /* The owner always has grant options, no need to check */
1174 74 : if (mod_aip->ai_grantor == ownerId)
1175 62 : return;
1176 :
1177 : /* Make a working copy */
1178 12 : acl = allocacl(ACL_NUM(old_acl));
1179 12 : memcpy(acl, old_acl, ACL_SIZE(old_acl));
1180 :
1181 : /* Zap all grant options of target grantee, plus what depends on 'em */
1182 18 : cc_restart:
1183 18 : num = ACL_NUM(acl);
1184 18 : aip = ACL_DAT(acl);
1185 72 : for (i = 0; i < num; i++)
1186 : {
1187 60 : if (aip[i].ai_grantee == mod_aip->ai_grantee &&
1188 6 : ACLITEM_GET_GOPTIONS(aip[i]) != ACL_NO_RIGHTS)
1189 : {
1190 : Acl *new_acl;
1191 :
1192 : /* We'll actually zap ordinary privs too, but no matter */
1193 6 : new_acl = aclupdate(acl, &aip[i], ACL_MODECHG_DEL,
1194 : ownerId, DROP_CASCADE);
1195 :
1196 6 : pfree(acl);
1197 6 : acl = new_acl;
1198 :
1199 6 : goto cc_restart;
1200 : }
1201 : }
1202 :
1203 : /* Now we can compute grantor's independently-derived privileges */
1204 12 : own_privs = aclmask(acl,
1205 : mod_aip->ai_grantor,
1206 : ownerId,
1207 12 : ACL_GRANT_OPTION_FOR(ACLITEM_GET_GOPTIONS(*mod_aip)),
1208 : ACLMASK_ALL);
1209 12 : own_privs = ACL_OPTION_TO_PRIVS(own_privs);
1210 :
1211 12 : if ((ACLITEM_GET_GOPTIONS(*mod_aip) & ~own_privs) != 0)
1212 0 : ereport(ERROR,
1213 : (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1214 : errmsg("grant options cannot be granted back to your own grantor")));
1215 :
1216 12 : pfree(acl);
1217 : }
1218 :
1219 :
1220 : /*
1221 : * Ensure that no privilege is "abandoned". A privilege is abandoned
1222 : * if the user that granted the privilege loses the grant option. (So
1223 : * the chain through which it was granted is broken.) Either the
1224 : * abandoned privileges are revoked as well, or an error message is
1225 : * printed, depending on the drop behavior option.
1226 : *
1227 : * acl: the input ACL list
1228 : * grantee: the user from whom some grant options have been revoked
1229 : * revoke_privs: the grant options being revoked
1230 : * ownerId: Oid of object owner
1231 : * behavior: RESTRICT or CASCADE behavior for recursive removal
1232 : *
1233 : * The input Acl object is pfree'd if replaced.
1234 : */
1235 : static Acl *
1236 78 : recursive_revoke(Acl *acl,
1237 : Oid grantee,
1238 : AclMode revoke_privs,
1239 : Oid ownerId,
1240 : DropBehavior behavior)
1241 : {
1242 : AclMode still_has;
1243 : AclItem *aip;
1244 : int i,
1245 : num;
1246 :
1247 78 : check_acl(acl);
1248 :
1249 : /* The owner can never truly lose grant options, so short-circuit */
1250 78 : if (grantee == ownerId)
1251 0 : return acl;
1252 :
1253 : /* The grantee might still have some grant options via another grantor */
1254 78 : still_has = aclmask(acl, grantee, ownerId,
1255 : ACL_GRANT_OPTION_FOR(revoke_privs),
1256 : ACLMASK_ALL);
1257 78 : revoke_privs &= ~ACL_OPTION_TO_PRIVS(still_has);
1258 78 : if (revoke_privs == ACL_NO_RIGHTS)
1259 6 : return acl;
1260 :
1261 72 : restart:
1262 102 : num = ACL_NUM(acl);
1263 102 : aip = ACL_DAT(acl);
1264 322 : for (i = 0; i < num; i++)
1265 : {
1266 262 : if (aip[i].ai_grantor == grantee
1267 42 : && (ACLITEM_GET_PRIVS(aip[i]) & revoke_privs) != 0)
1268 : {
1269 : AclItem mod_acl;
1270 : Acl *new_acl;
1271 :
1272 42 : if (behavior == DROP_RESTRICT)
1273 12 : ereport(ERROR,
1274 : (errcode(ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST),
1275 : errmsg("dependent privileges exist"),
1276 : errhint("Use CASCADE to revoke them too.")));
1277 :
1278 30 : mod_acl.ai_grantor = grantee;
1279 30 : mod_acl.ai_grantee = aip[i].ai_grantee;
1280 30 : ACLITEM_SET_PRIVS_GOPTIONS(mod_acl,
1281 : revoke_privs,
1282 : revoke_privs);
1283 :
1284 30 : new_acl = aclupdate(acl, &mod_acl, ACL_MODECHG_DEL,
1285 : ownerId, behavior);
1286 :
1287 30 : pfree(acl);
1288 30 : acl = new_acl;
1289 :
1290 30 : goto restart;
1291 : }
1292 : }
1293 :
1294 60 : return acl;
1295 : }
1296 :
1297 :
1298 : /*
1299 : * aclmask --- compute bitmask of all privileges held by roleid.
1300 : *
1301 : * When 'how' = ACLMASK_ALL, this simply returns the privilege bits
1302 : * held by the given roleid according to the given ACL list, ANDed
1303 : * with 'mask'. (The point of passing 'mask' is to let the routine
1304 : * exit early if all privileges of interest have been found.)
1305 : *
1306 : * When 'how' = ACLMASK_ANY, returns as soon as any bit in the mask
1307 : * is known true. (This lets us exit soonest in cases where the
1308 : * caller is only going to test for zero or nonzero result.)
1309 : *
1310 : * Usage patterns:
1311 : *
1312 : * To see if any of a set of privileges are held:
1313 : * if (aclmask(acl, roleid, ownerId, privs, ACLMASK_ANY) != 0)
1314 : *
1315 : * To see if all of a set of privileges are held:
1316 : * if (aclmask(acl, roleid, ownerId, privs, ACLMASK_ALL) == privs)
1317 : *
1318 : * To determine exactly which of a set of privileges are held:
1319 : * heldprivs = aclmask(acl, roleid, ownerId, privs, ACLMASK_ALL);
1320 : */
1321 : AclMode
1322 91582 : aclmask(const Acl *acl, Oid roleid, Oid ownerId,
1323 : AclMode mask, AclMaskHow how)
1324 : {
1325 : AclMode result;
1326 : AclMode remaining;
1327 : AclItem *aidat;
1328 : int i,
1329 : num;
1330 :
1331 : /*
1332 : * Null ACL should not happen, since caller should have inserted
1333 : * appropriate default
1334 : */
1335 91582 : if (acl == NULL)
1336 0 : elog(ERROR, "null ACL");
1337 :
1338 91582 : check_acl(acl);
1339 :
1340 : /* Quick exit for mask == 0 */
1341 91582 : if (mask == 0)
1342 70 : return 0;
1343 :
1344 91512 : result = 0;
1345 :
1346 : /* Owner always implicitly has all grant options */
1347 91676 : if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1348 164 : has_privs_of_role(roleid, ownerId))
1349 : {
1350 6 : result = mask & ACLITEM_ALL_GOPTION_BITS;
1351 6 : if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1352 6 : return result;
1353 : }
1354 :
1355 91506 : num = ACL_NUM(acl);
1356 91506 : aidat = ACL_DAT(acl);
1357 :
1358 : /*
1359 : * Check privileges granted directly to roleid or to public
1360 : */
1361 144856 : for (i = 0; i < num; i++)
1362 : {
1363 140698 : AclItem *aidata = &aidat[i];
1364 :
1365 140698 : if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1366 64978 : aidata->ai_grantee == roleid)
1367 : {
1368 88702 : result |= aidata->ai_privs & mask;
1369 88702 : if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1370 87348 : return result;
1371 : }
1372 : }
1373 :
1374 : /*
1375 : * Check privileges granted indirectly via role memberships. We do this in
1376 : * a separate pass to minimize expensive indirect membership tests. In
1377 : * particular, it's worth testing whether a given ACL entry grants any
1378 : * privileges still of interest before we perform the has_privs_of_role
1379 : * test.
1380 : */
1381 4158 : remaining = mask & ~result;
1382 10694 : for (i = 0; i < num; i++)
1383 : {
1384 6650 : AclItem *aidata = &aidat[i];
1385 :
1386 6650 : if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1387 6602 : aidata->ai_grantee == roleid)
1388 1308 : continue; /* already checked it */
1389 :
1390 9912 : if ((aidata->ai_privs & remaining) &&
1391 4570 : has_privs_of_role(roleid, aidata->ai_grantee))
1392 : {
1393 114 : result |= aidata->ai_privs & mask;
1394 114 : if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1395 114 : return result;
1396 0 : remaining = mask & ~result;
1397 : }
1398 : }
1399 :
1400 4044 : return result;
1401 : }
1402 :
1403 :
1404 : /*
1405 : * aclmask_direct --- compute bitmask of all privileges held by roleid.
1406 : *
1407 : * This is exactly like aclmask() except that we consider only privileges
1408 : * held *directly* by roleid, not those inherited via role membership.
1409 : */
1410 : static AclMode
1411 216 : aclmask_direct(const Acl *acl, Oid roleid, Oid ownerId,
1412 : AclMode mask, AclMaskHow how)
1413 : {
1414 : AclMode result;
1415 : AclItem *aidat;
1416 : int i,
1417 : num;
1418 :
1419 : /*
1420 : * Null ACL should not happen, since caller should have inserted
1421 : * appropriate default
1422 : */
1423 216 : if (acl == NULL)
1424 0 : elog(ERROR, "null ACL");
1425 :
1426 216 : check_acl(acl);
1427 :
1428 : /* Quick exit for mask == 0 */
1429 216 : if (mask == 0)
1430 0 : return 0;
1431 :
1432 216 : result = 0;
1433 :
1434 : /* Owner always implicitly has all grant options */
1435 216 : if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1436 : roleid == ownerId)
1437 : {
1438 0 : result = mask & ACLITEM_ALL_GOPTION_BITS;
1439 0 : if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1440 0 : return result;
1441 : }
1442 :
1443 216 : num = ACL_NUM(acl);
1444 216 : aidat = ACL_DAT(acl);
1445 :
1446 : /*
1447 : * Check privileges granted directly to roleid (and not to public)
1448 : */
1449 624 : for (i = 0; i < num; i++)
1450 : {
1451 546 : AclItem *aidata = &aidat[i];
1452 :
1453 546 : if (aidata->ai_grantee == roleid)
1454 : {
1455 174 : result |= aidata->ai_privs & mask;
1456 174 : if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1457 138 : return result;
1458 : }
1459 : }
1460 :
1461 78 : return result;
1462 : }
1463 :
1464 :
1465 : /*
1466 : * aclmembers
1467 : * Find out all the roleids mentioned in an Acl.
1468 : * Note that we do not distinguish grantors from grantees.
1469 : *
1470 : * *roleids is set to point to a palloc'd array containing distinct OIDs
1471 : * in sorted order. The length of the array is the function result.
1472 : */
1473 : int
1474 186826 : aclmembers(const Acl *acl, Oid **roleids)
1475 : {
1476 : Oid *list;
1477 : const AclItem *acldat;
1478 : int i,
1479 : j;
1480 :
1481 186826 : if (acl == NULL || ACL_NUM(acl) == 0)
1482 : {
1483 85696 : *roleids = NULL;
1484 85696 : return 0;
1485 : }
1486 :
1487 101130 : check_acl(acl);
1488 :
1489 : /* Allocate the worst-case space requirement */
1490 101130 : list = palloc(ACL_NUM(acl) * 2 * sizeof(Oid));
1491 101130 : acldat = ACL_DAT(acl);
1492 :
1493 : /*
1494 : * Walk the ACL collecting mentioned RoleIds.
1495 : */
1496 101130 : j = 0;
1497 249374 : for (i = 0; i < ACL_NUM(acl); i++)
1498 : {
1499 148244 : const AclItem *ai = &acldat[i];
1500 :
1501 148244 : if (ai->ai_grantee != ACL_ID_PUBLIC)
1502 103904 : list[j++] = ai->ai_grantee;
1503 : /* grantor is currently never PUBLIC, but let's check anyway */
1504 148244 : if (ai->ai_grantor != ACL_ID_PUBLIC)
1505 148244 : list[j++] = ai->ai_grantor;
1506 : }
1507 :
1508 : /* Sort the array */
1509 101130 : qsort(list, j, sizeof(Oid), oid_cmp);
1510 :
1511 : /*
1512 : * We could repalloc the array down to minimum size, but it's hardly worth
1513 : * it since it's only transient memory.
1514 : */
1515 101130 : *roleids = list;
1516 :
1517 : /* Remove duplicates from the array */
1518 101130 : return qunique(list, j, sizeof(Oid), oid_cmp);
1519 : }
1520 :
1521 :
1522 : /*
1523 : * aclinsert (exported function)
1524 : */
1525 : Datum
1526 0 : aclinsert(PG_FUNCTION_ARGS)
1527 : {
1528 0 : ereport(ERROR,
1529 : (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1530 : errmsg("aclinsert is no longer supported")));
1531 :
1532 : PG_RETURN_NULL(); /* keep compiler quiet */
1533 : }
1534 :
1535 : Datum
1536 0 : aclremove(PG_FUNCTION_ARGS)
1537 : {
1538 0 : ereport(ERROR,
1539 : (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1540 : errmsg("aclremove is no longer supported")));
1541 :
1542 : PG_RETURN_NULL(); /* keep compiler quiet */
1543 : }
1544 :
1545 : Datum
1546 0 : aclcontains(PG_FUNCTION_ARGS)
1547 : {
1548 0 : Acl *acl = PG_GETARG_ACL_P(0);
1549 0 : AclItem *aip = PG_GETARG_ACLITEM_P(1);
1550 : AclItem *aidat;
1551 : int i,
1552 : num;
1553 :
1554 0 : check_acl(acl);
1555 0 : num = ACL_NUM(acl);
1556 0 : aidat = ACL_DAT(acl);
1557 0 : for (i = 0; i < num; ++i)
1558 : {
1559 0 : if (aip->ai_grantee == aidat[i].ai_grantee &&
1560 0 : aip->ai_grantor == aidat[i].ai_grantor &&
1561 0 : (ACLITEM_GET_RIGHTS(*aip) & ACLITEM_GET_RIGHTS(aidat[i])) == ACLITEM_GET_RIGHTS(*aip))
1562 0 : PG_RETURN_BOOL(true);
1563 : }
1564 0 : PG_RETURN_BOOL(false);
1565 : }
1566 :
1567 : Datum
1568 0 : makeaclitem(PG_FUNCTION_ARGS)
1569 : {
1570 0 : Oid grantee = PG_GETARG_OID(0);
1571 0 : Oid grantor = PG_GETARG_OID(1);
1572 0 : text *privtext = PG_GETARG_TEXT_PP(2);
1573 0 : bool goption = PG_GETARG_BOOL(3);
1574 : AclItem *result;
1575 : AclMode priv;
1576 :
1577 0 : priv = convert_priv_string(privtext);
1578 :
1579 0 : result = (AclItem *) palloc(sizeof(AclItem));
1580 :
1581 0 : result->ai_grantee = grantee;
1582 0 : result->ai_grantor = grantor;
1583 :
1584 0 : ACLITEM_SET_PRIVS_GOPTIONS(*result, priv,
1585 : (goption ? priv : ACL_NO_RIGHTS));
1586 :
1587 0 : PG_RETURN_ACLITEM_P(result);
1588 : }
1589 :
1590 : static AclMode
1591 0 : convert_priv_string(text *priv_type_text)
1592 : {
1593 0 : char *priv_type = text_to_cstring(priv_type_text);
1594 :
1595 0 : if (pg_strcasecmp(priv_type, "SELECT") == 0)
1596 0 : return ACL_SELECT;
1597 0 : if (pg_strcasecmp(priv_type, "INSERT") == 0)
1598 0 : return ACL_INSERT;
1599 0 : if (pg_strcasecmp(priv_type, "UPDATE") == 0)
1600 0 : return ACL_UPDATE;
1601 0 : if (pg_strcasecmp(priv_type, "DELETE") == 0)
1602 0 : return ACL_DELETE;
1603 0 : if (pg_strcasecmp(priv_type, "TRUNCATE") == 0)
1604 0 : return ACL_TRUNCATE;
1605 0 : if (pg_strcasecmp(priv_type, "REFERENCES") == 0)
1606 0 : return ACL_REFERENCES;
1607 0 : if (pg_strcasecmp(priv_type, "TRIGGER") == 0)
1608 0 : return ACL_TRIGGER;
1609 0 : if (pg_strcasecmp(priv_type, "EXECUTE") == 0)
1610 0 : return ACL_EXECUTE;
1611 0 : if (pg_strcasecmp(priv_type, "USAGE") == 0)
1612 0 : return ACL_USAGE;
1613 0 : if (pg_strcasecmp(priv_type, "CREATE") == 0)
1614 0 : return ACL_CREATE;
1615 0 : if (pg_strcasecmp(priv_type, "TEMP") == 0)
1616 0 : return ACL_CREATE_TEMP;
1617 0 : if (pg_strcasecmp(priv_type, "TEMPORARY") == 0)
1618 0 : return ACL_CREATE_TEMP;
1619 0 : if (pg_strcasecmp(priv_type, "CONNECT") == 0)
1620 0 : return ACL_CONNECT;
1621 0 : if (pg_strcasecmp(priv_type, "SET") == 0)
1622 0 : return ACL_SET;
1623 0 : if (pg_strcasecmp(priv_type, "ALTER SYSTEM") == 0)
1624 0 : return ACL_ALTER_SYSTEM;
1625 0 : if (pg_strcasecmp(priv_type, "RULE") == 0)
1626 0 : return 0; /* ignore old RULE privileges */
1627 :
1628 0 : ereport(ERROR,
1629 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1630 : errmsg("unrecognized privilege type: \"%s\"", priv_type)));
1631 : return ACL_NO_RIGHTS; /* keep compiler quiet */
1632 : }
1633 :
1634 :
1635 : /*
1636 : * convert_any_priv_string: recognize privilege strings for has_foo_privilege
1637 : *
1638 : * We accept a comma-separated list of case-insensitive privilege names,
1639 : * producing a bitmask of the OR'd privilege bits. We are liberal about
1640 : * whitespace between items, not so much about whitespace within items.
1641 : * The allowed privilege names are given as an array of priv_map structs,
1642 : * terminated by one with a NULL name pointer.
1643 : */
1644 : static AclMode
1645 95364 : convert_any_priv_string(text *priv_type_text,
1646 : const priv_map *privileges)
1647 : {
1648 95364 : AclMode result = 0;
1649 95364 : char *priv_type = text_to_cstring(priv_type_text);
1650 : char *chunk;
1651 : char *next_chunk;
1652 :
1653 : /* We rely on priv_type being a private, modifiable string */
1654 190830 : for (chunk = priv_type; chunk; chunk = next_chunk)
1655 : {
1656 : int chunk_len;
1657 : const priv_map *this_priv;
1658 :
1659 : /* Split string at commas */
1660 95492 : next_chunk = strchr(chunk, ',');
1661 95492 : if (next_chunk)
1662 132 : *next_chunk++ = '\0';
1663 :
1664 : /* Drop leading/trailing whitespace in this chunk */
1665 95506 : while (*chunk && isspace((unsigned char) *chunk))
1666 14 : chunk++;
1667 95492 : chunk_len = strlen(chunk);
1668 95492 : while (chunk_len > 0 && isspace((unsigned char) chunk[chunk_len - 1]))
1669 0 : chunk_len--;
1670 95492 : chunk[chunk_len] = '\0';
1671 :
1672 : /* Match to the privileges list */
1673 97298 : for (this_priv = privileges; this_priv->name; this_priv++)
1674 : {
1675 97272 : if (pg_strcasecmp(this_priv->name, chunk) == 0)
1676 : {
1677 95466 : result |= this_priv->value;
1678 95466 : break;
1679 : }
1680 : }
1681 95492 : if (!this_priv->name)
1682 26 : ereport(ERROR,
1683 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1684 : errmsg("unrecognized privilege type: \"%s\"", chunk)));
1685 : }
1686 :
1687 95338 : pfree(priv_type);
1688 95338 : return result;
1689 : }
1690 :
1691 :
1692 : static const char *
1693 96 : convert_aclright_to_string(int aclright)
1694 : {
1695 96 : switch (aclright)
1696 : {
1697 0 : case ACL_INSERT:
1698 0 : return "INSERT";
1699 0 : case ACL_SELECT:
1700 0 : return "SELECT";
1701 0 : case ACL_UPDATE:
1702 0 : return "UPDATE";
1703 0 : case ACL_DELETE:
1704 0 : return "DELETE";
1705 0 : case ACL_TRUNCATE:
1706 0 : return "TRUNCATE";
1707 0 : case ACL_REFERENCES:
1708 0 : return "REFERENCES";
1709 0 : case ACL_TRIGGER:
1710 0 : return "TRIGGER";
1711 0 : case ACL_EXECUTE:
1712 0 : return "EXECUTE";
1713 96 : case ACL_USAGE:
1714 96 : return "USAGE";
1715 0 : case ACL_CREATE:
1716 0 : return "CREATE";
1717 0 : case ACL_CREATE_TEMP:
1718 0 : return "TEMPORARY";
1719 0 : case ACL_CONNECT:
1720 0 : return "CONNECT";
1721 0 : case ACL_SET:
1722 0 : return "SET";
1723 0 : case ACL_ALTER_SYSTEM:
1724 0 : return "ALTER SYSTEM";
1725 0 : default:
1726 0 : elog(ERROR, "unrecognized aclright: %d", aclright);
1727 : return NULL;
1728 : }
1729 : }
1730 :
1731 :
1732 : /*----------
1733 : * Convert an aclitem[] to a table.
1734 : *
1735 : * Example:
1736 : *
1737 : * aclexplode('{=r/joe,foo=a*w/joe}'::aclitem[])
1738 : *
1739 : * returns the table
1740 : *
1741 : * {{ OID(joe), 0::OID, 'SELECT', false },
1742 : * { OID(joe), OID(foo), 'INSERT', true },
1743 : * { OID(joe), OID(foo), 'UPDATE', false }}
1744 : *----------
1745 : */
1746 : Datum
1747 144 : aclexplode(PG_FUNCTION_ARGS)
1748 : {
1749 144 : Acl *acl = PG_GETARG_ACL_P(0);
1750 : FuncCallContext *funcctx;
1751 : int *idx;
1752 : AclItem *aidat;
1753 :
1754 144 : if (SRF_IS_FIRSTCALL())
1755 : {
1756 : TupleDesc tupdesc;
1757 : MemoryContext oldcontext;
1758 :
1759 48 : check_acl(acl);
1760 :
1761 48 : funcctx = SRF_FIRSTCALL_INIT();
1762 48 : oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
1763 :
1764 : /*
1765 : * build tupdesc for result tuples (matches out parameters in pg_proc
1766 : * entry)
1767 : */
1768 48 : tupdesc = CreateTemplateTupleDesc(4);
1769 48 : TupleDescInitEntry(tupdesc, (AttrNumber) 1, "grantor",
1770 : OIDOID, -1, 0);
1771 48 : TupleDescInitEntry(tupdesc, (AttrNumber) 2, "grantee",
1772 : OIDOID, -1, 0);
1773 48 : TupleDescInitEntry(tupdesc, (AttrNumber) 3, "privilege_type",
1774 : TEXTOID, -1, 0);
1775 48 : TupleDescInitEntry(tupdesc, (AttrNumber) 4, "is_grantable",
1776 : BOOLOID, -1, 0);
1777 :
1778 48 : funcctx->tuple_desc = BlessTupleDesc(tupdesc);
1779 :
1780 : /* allocate memory for user context */
1781 48 : idx = (int *) palloc(sizeof(int[2]));
1782 48 : idx[0] = 0; /* ACL array item index */
1783 48 : idx[1] = -1; /* privilege type counter */
1784 48 : funcctx->user_fctx = (void *) idx;
1785 :
1786 48 : MemoryContextSwitchTo(oldcontext);
1787 : }
1788 :
1789 144 : funcctx = SRF_PERCALL_SETUP();
1790 144 : idx = (int *) funcctx->user_fctx;
1791 144 : aidat = ACL_DAT(acl);
1792 :
1793 : /* need test here in case acl has no items */
1794 1392 : while (idx[0] < ACL_NUM(acl))
1795 : {
1796 : AclItem *aidata;
1797 : AclMode priv_bit;
1798 :
1799 1392 : idx[1]++;
1800 1392 : if (idx[1] == N_ACL_RIGHTS)
1801 : {
1802 96 : idx[1] = 0;
1803 96 : idx[0]++;
1804 96 : if (idx[0] >= ACL_NUM(acl)) /* done */
1805 48 : break;
1806 : }
1807 1344 : aidata = &aidat[idx[0]];
1808 1344 : priv_bit = 1 << idx[1];
1809 :
1810 1344 : if (ACLITEM_GET_PRIVS(*aidata) & priv_bit)
1811 : {
1812 : Datum result;
1813 : Datum values[4];
1814 : bool nulls[4];
1815 : HeapTuple tuple;
1816 :
1817 96 : values[0] = ObjectIdGetDatum(aidata->ai_grantor);
1818 96 : values[1] = ObjectIdGetDatum(aidata->ai_grantee);
1819 96 : values[2] = CStringGetTextDatum(convert_aclright_to_string(priv_bit));
1820 96 : values[3] = BoolGetDatum((ACLITEM_GET_GOPTIONS(*aidata) & priv_bit) != 0);
1821 :
1822 96 : MemSet(nulls, 0, sizeof(nulls));
1823 :
1824 96 : tuple = heap_form_tuple(funcctx->tuple_desc, values, nulls);
1825 96 : result = HeapTupleGetDatum(tuple);
1826 :
1827 96 : SRF_RETURN_NEXT(funcctx, result);
1828 : }
1829 : }
1830 :
1831 48 : SRF_RETURN_DONE(funcctx);
1832 : }
1833 :
1834 :
1835 : /*
1836 : * has_table_privilege variants
1837 : * These are all named "has_table_privilege" at the SQL level.
1838 : * They take various combinations of relation name, relation OID,
1839 : * user name, user OID, or implicit user = current_user.
1840 : *
1841 : * The result is a boolean value: true if user has the indicated
1842 : * privilege, false if not. The variants that take a relation OID
1843 : * return NULL if the OID doesn't exist (rather than failing, as
1844 : * they did before Postgres 8.4).
1845 : */
1846 :
1847 : /*
1848 : * has_table_privilege_name_name
1849 : * Check user privileges on a table given
1850 : * name username, text tablename, and text priv name.
1851 : */
1852 : Datum
1853 180 : has_table_privilege_name_name(PG_FUNCTION_ARGS)
1854 : {
1855 180 : Name rolename = PG_GETARG_NAME(0);
1856 180 : text *tablename = PG_GETARG_TEXT_PP(1);
1857 180 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
1858 : Oid roleid;
1859 : Oid tableoid;
1860 : AclMode mode;
1861 : AclResult aclresult;
1862 :
1863 180 : roleid = get_role_oid_or_public(NameStr(*rolename));
1864 174 : tableoid = convert_table_name(tablename);
1865 174 : mode = convert_table_priv_string(priv_type_text);
1866 :
1867 174 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1868 :
1869 174 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1870 : }
1871 :
1872 : /*
1873 : * has_table_privilege_name
1874 : * Check user privileges on a table given
1875 : * text tablename and text priv name.
1876 : * current_user is assumed
1877 : */
1878 : Datum
1879 66 : has_table_privilege_name(PG_FUNCTION_ARGS)
1880 : {
1881 66 : text *tablename = PG_GETARG_TEXT_PP(0);
1882 66 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
1883 : Oid roleid;
1884 : Oid tableoid;
1885 : AclMode mode;
1886 : AclResult aclresult;
1887 :
1888 66 : roleid = GetUserId();
1889 66 : tableoid = convert_table_name(tablename);
1890 60 : mode = convert_table_priv_string(priv_type_text);
1891 :
1892 54 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1893 :
1894 54 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1895 : }
1896 :
1897 : /*
1898 : * has_table_privilege_name_id
1899 : * Check user privileges on a table given
1900 : * name usename, table oid, and text priv name.
1901 : */
1902 : Datum
1903 24 : has_table_privilege_name_id(PG_FUNCTION_ARGS)
1904 : {
1905 24 : Name username = PG_GETARG_NAME(0);
1906 24 : Oid tableoid = PG_GETARG_OID(1);
1907 24 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
1908 : Oid roleid;
1909 : AclMode mode;
1910 : AclResult aclresult;
1911 :
1912 24 : roleid = get_role_oid_or_public(NameStr(*username));
1913 24 : mode = convert_table_priv_string(priv_type_text);
1914 :
1915 24 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
1916 0 : PG_RETURN_NULL();
1917 :
1918 24 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1919 :
1920 24 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1921 : }
1922 :
1923 : /*
1924 : * has_table_privilege_id
1925 : * Check user privileges on a table given
1926 : * table oid, and text priv name.
1927 : * current_user is assumed
1928 : */
1929 : Datum
1930 116 : has_table_privilege_id(PG_FUNCTION_ARGS)
1931 : {
1932 116 : Oid tableoid = PG_GETARG_OID(0);
1933 116 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
1934 : Oid roleid;
1935 : AclMode mode;
1936 : AclResult aclresult;
1937 :
1938 116 : roleid = GetUserId();
1939 116 : mode = convert_table_priv_string(priv_type_text);
1940 :
1941 116 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
1942 8 : PG_RETURN_NULL();
1943 :
1944 108 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1945 :
1946 108 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1947 : }
1948 :
1949 : /*
1950 : * has_table_privilege_id_name
1951 : * Check user privileges on a table given
1952 : * roleid, text tablename, and text priv name.
1953 : */
1954 : Datum
1955 42 : has_table_privilege_id_name(PG_FUNCTION_ARGS)
1956 : {
1957 42 : Oid roleid = PG_GETARG_OID(0);
1958 42 : text *tablename = PG_GETARG_TEXT_PP(1);
1959 42 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
1960 : Oid tableoid;
1961 : AclMode mode;
1962 : AclResult aclresult;
1963 :
1964 42 : tableoid = convert_table_name(tablename);
1965 42 : mode = convert_table_priv_string(priv_type_text);
1966 :
1967 42 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1968 :
1969 42 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1970 : }
1971 :
1972 : /*
1973 : * has_table_privilege_id_id
1974 : * Check user privileges on a table given
1975 : * roleid, table oid, and text priv name.
1976 : */
1977 : Datum
1978 36 : has_table_privilege_id_id(PG_FUNCTION_ARGS)
1979 : {
1980 36 : Oid roleid = PG_GETARG_OID(0);
1981 36 : Oid tableoid = PG_GETARG_OID(1);
1982 36 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
1983 : AclMode mode;
1984 : AclResult aclresult;
1985 :
1986 36 : mode = convert_table_priv_string(priv_type_text);
1987 :
1988 36 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
1989 0 : PG_RETURN_NULL();
1990 :
1991 36 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1992 :
1993 36 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1994 : }
1995 :
1996 : /*
1997 : * Support routines for has_table_privilege family.
1998 : */
1999 :
2000 : /*
2001 : * Given a table name expressed as a string, look it up and return Oid
2002 : */
2003 : static Oid
2004 348 : convert_table_name(text *tablename)
2005 : {
2006 : RangeVar *relrv;
2007 :
2008 348 : relrv = makeRangeVarFromNameList(textToQualifiedNameList(tablename));
2009 :
2010 : /* We might not even have permissions on this relation; don't lock it. */
2011 348 : return RangeVarGetRelid(relrv, NoLock, false);
2012 : }
2013 :
2014 : /*
2015 : * convert_table_priv_string
2016 : * Convert text string to AclMode value.
2017 : */
2018 : static AclMode
2019 452 : convert_table_priv_string(text *priv_type_text)
2020 : {
2021 : static const priv_map table_priv_map[] = {
2022 : {"SELECT", ACL_SELECT},
2023 : {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2024 : {"INSERT", ACL_INSERT},
2025 : {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2026 : {"UPDATE", ACL_UPDATE},
2027 : {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2028 : {"DELETE", ACL_DELETE},
2029 : {"DELETE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_DELETE)},
2030 : {"TRUNCATE", ACL_TRUNCATE},
2031 : {"TRUNCATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRUNCATE)},
2032 : {"REFERENCES", ACL_REFERENCES},
2033 : {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2034 : {"TRIGGER", ACL_TRIGGER},
2035 : {"TRIGGER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRIGGER)},
2036 : {"RULE", 0}, /* ignore old RULE privileges */
2037 : {"RULE WITH GRANT OPTION", 0},
2038 : {NULL, 0}
2039 : };
2040 :
2041 452 : return convert_any_priv_string(priv_type_text, table_priv_map);
2042 : }
2043 :
2044 : /*
2045 : * has_sequence_privilege variants
2046 : * These are all named "has_sequence_privilege" at the SQL level.
2047 : * They take various combinations of relation name, relation OID,
2048 : * user name, user OID, or implicit user = current_user.
2049 : *
2050 : * The result is a boolean value: true if user has the indicated
2051 : * privilege, false if not. The variants that take a relation OID
2052 : * return NULL if the OID doesn't exist.
2053 : */
2054 :
2055 : /*
2056 : * has_sequence_privilege_name_name
2057 : * Check user privileges on a sequence given
2058 : * name username, text sequencename, and text priv name.
2059 : */
2060 : Datum
2061 18 : has_sequence_privilege_name_name(PG_FUNCTION_ARGS)
2062 : {
2063 18 : Name rolename = PG_GETARG_NAME(0);
2064 18 : text *sequencename = PG_GETARG_TEXT_PP(1);
2065 18 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2066 : Oid roleid;
2067 : Oid sequenceoid;
2068 : AclMode mode;
2069 : AclResult aclresult;
2070 :
2071 18 : roleid = get_role_oid_or_public(NameStr(*rolename));
2072 18 : mode = convert_sequence_priv_string(priv_type_text);
2073 12 : sequenceoid = convert_table_name(sequencename);
2074 12 : if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2075 6 : ereport(ERROR,
2076 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2077 : errmsg("\"%s\" is not a sequence",
2078 : text_to_cstring(sequencename))));
2079 :
2080 6 : aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2081 :
2082 6 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2083 : }
2084 :
2085 : /*
2086 : * has_sequence_privilege_name
2087 : * Check user privileges on a sequence given
2088 : * text sequencename and text priv name.
2089 : * current_user is assumed
2090 : */
2091 : Datum
2092 6 : has_sequence_privilege_name(PG_FUNCTION_ARGS)
2093 : {
2094 6 : text *sequencename = PG_GETARG_TEXT_PP(0);
2095 6 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
2096 : Oid roleid;
2097 : Oid sequenceoid;
2098 : AclMode mode;
2099 : AclResult aclresult;
2100 :
2101 6 : roleid = GetUserId();
2102 6 : mode = convert_sequence_priv_string(priv_type_text);
2103 6 : sequenceoid = convert_table_name(sequencename);
2104 6 : if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2105 0 : ereport(ERROR,
2106 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2107 : errmsg("\"%s\" is not a sequence",
2108 : text_to_cstring(sequencename))));
2109 :
2110 6 : aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2111 :
2112 6 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2113 : }
2114 :
2115 : /*
2116 : * has_sequence_privilege_name_id
2117 : * Check user privileges on a sequence given
2118 : * name usename, sequence oid, and text priv name.
2119 : */
2120 : Datum
2121 0 : has_sequence_privilege_name_id(PG_FUNCTION_ARGS)
2122 : {
2123 0 : Name username = PG_GETARG_NAME(0);
2124 0 : Oid sequenceoid = PG_GETARG_OID(1);
2125 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2126 : Oid roleid;
2127 : AclMode mode;
2128 : AclResult aclresult;
2129 : char relkind;
2130 :
2131 0 : roleid = get_role_oid_or_public(NameStr(*username));
2132 0 : mode = convert_sequence_priv_string(priv_type_text);
2133 0 : relkind = get_rel_relkind(sequenceoid);
2134 0 : if (relkind == '\0')
2135 0 : PG_RETURN_NULL();
2136 0 : else if (relkind != RELKIND_SEQUENCE)
2137 0 : ereport(ERROR,
2138 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2139 : errmsg("\"%s\" is not a sequence",
2140 : get_rel_name(sequenceoid))));
2141 :
2142 0 : aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2143 :
2144 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2145 : }
2146 :
2147 : /*
2148 : * has_sequence_privilege_id
2149 : * Check user privileges on a sequence given
2150 : * sequence oid, and text priv name.
2151 : * current_user is assumed
2152 : */
2153 : Datum
2154 114 : has_sequence_privilege_id(PG_FUNCTION_ARGS)
2155 : {
2156 114 : Oid sequenceoid = PG_GETARG_OID(0);
2157 114 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
2158 : Oid roleid;
2159 : AclMode mode;
2160 : AclResult aclresult;
2161 : char relkind;
2162 :
2163 114 : roleid = GetUserId();
2164 114 : mode = convert_sequence_priv_string(priv_type_text);
2165 114 : relkind = get_rel_relkind(sequenceoid);
2166 114 : if (relkind == '\0')
2167 0 : PG_RETURN_NULL();
2168 114 : else if (relkind != RELKIND_SEQUENCE)
2169 0 : ereport(ERROR,
2170 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2171 : errmsg("\"%s\" is not a sequence",
2172 : get_rel_name(sequenceoid))));
2173 :
2174 114 : aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2175 :
2176 114 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2177 : }
2178 :
2179 : /*
2180 : * has_sequence_privilege_id_name
2181 : * Check user privileges on a sequence given
2182 : * roleid, text sequencename, and text priv name.
2183 : */
2184 : Datum
2185 0 : has_sequence_privilege_id_name(PG_FUNCTION_ARGS)
2186 : {
2187 0 : Oid roleid = PG_GETARG_OID(0);
2188 0 : text *sequencename = PG_GETARG_TEXT_PP(1);
2189 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2190 : Oid sequenceoid;
2191 : AclMode mode;
2192 : AclResult aclresult;
2193 :
2194 0 : mode = convert_sequence_priv_string(priv_type_text);
2195 0 : sequenceoid = convert_table_name(sequencename);
2196 0 : if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2197 0 : ereport(ERROR,
2198 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2199 : errmsg("\"%s\" is not a sequence",
2200 : text_to_cstring(sequencename))));
2201 :
2202 0 : aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2203 :
2204 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2205 : }
2206 :
2207 : /*
2208 : * has_sequence_privilege_id_id
2209 : * Check user privileges on a sequence given
2210 : * roleid, sequence oid, and text priv name.
2211 : */
2212 : Datum
2213 0 : has_sequence_privilege_id_id(PG_FUNCTION_ARGS)
2214 : {
2215 0 : Oid roleid = PG_GETARG_OID(0);
2216 0 : Oid sequenceoid = PG_GETARG_OID(1);
2217 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2218 : AclMode mode;
2219 : AclResult aclresult;
2220 : char relkind;
2221 :
2222 0 : mode = convert_sequence_priv_string(priv_type_text);
2223 0 : relkind = get_rel_relkind(sequenceoid);
2224 0 : if (relkind == '\0')
2225 0 : PG_RETURN_NULL();
2226 0 : else if (relkind != RELKIND_SEQUENCE)
2227 0 : ereport(ERROR,
2228 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2229 : errmsg("\"%s\" is not a sequence",
2230 : get_rel_name(sequenceoid))));
2231 :
2232 0 : aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2233 :
2234 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2235 : }
2236 :
2237 : /*
2238 : * convert_sequence_priv_string
2239 : * Convert text string to AclMode value.
2240 : */
2241 : static AclMode
2242 138 : convert_sequence_priv_string(text *priv_type_text)
2243 : {
2244 : static const priv_map sequence_priv_map[] = {
2245 : {"USAGE", ACL_USAGE},
2246 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
2247 : {"SELECT", ACL_SELECT},
2248 : {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2249 : {"UPDATE", ACL_UPDATE},
2250 : {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2251 : {NULL, 0}
2252 : };
2253 :
2254 138 : return convert_any_priv_string(priv_type_text, sequence_priv_map);
2255 : }
2256 :
2257 :
2258 : /*
2259 : * has_any_column_privilege variants
2260 : * These are all named "has_any_column_privilege" at the SQL level.
2261 : * They take various combinations of relation name, relation OID,
2262 : * user name, user OID, or implicit user = current_user.
2263 : *
2264 : * The result is a boolean value: true if user has the indicated
2265 : * privilege for any column of the table, false if not. The variants
2266 : * that take a relation OID return NULL if the OID doesn't exist.
2267 : */
2268 :
2269 : /*
2270 : * has_any_column_privilege_name_name
2271 : * Check user privileges on any column of a table given
2272 : * name username, text tablename, and text priv name.
2273 : */
2274 : Datum
2275 0 : has_any_column_privilege_name_name(PG_FUNCTION_ARGS)
2276 : {
2277 0 : Name rolename = PG_GETARG_NAME(0);
2278 0 : text *tablename = PG_GETARG_TEXT_PP(1);
2279 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2280 : Oid roleid;
2281 : Oid tableoid;
2282 : AclMode mode;
2283 : AclResult aclresult;
2284 :
2285 0 : roleid = get_role_oid_or_public(NameStr(*rolename));
2286 0 : tableoid = convert_table_name(tablename);
2287 0 : mode = convert_column_priv_string(priv_type_text);
2288 :
2289 : /* First check at table level, then examine each column if needed */
2290 0 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2291 0 : if (aclresult != ACLCHECK_OK)
2292 0 : aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2293 : ACLMASK_ANY);
2294 :
2295 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2296 : }
2297 :
2298 : /*
2299 : * has_any_column_privilege_name
2300 : * Check user privileges on any column of a table given
2301 : * text tablename and text priv name.
2302 : * current_user is assumed
2303 : */
2304 : Datum
2305 0 : has_any_column_privilege_name(PG_FUNCTION_ARGS)
2306 : {
2307 0 : text *tablename = PG_GETARG_TEXT_PP(0);
2308 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
2309 : Oid roleid;
2310 : Oid tableoid;
2311 : AclMode mode;
2312 : AclResult aclresult;
2313 :
2314 0 : roleid = GetUserId();
2315 0 : tableoid = convert_table_name(tablename);
2316 0 : mode = convert_column_priv_string(priv_type_text);
2317 :
2318 : /* First check at table level, then examine each column if needed */
2319 0 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2320 0 : if (aclresult != ACLCHECK_OK)
2321 0 : aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2322 : ACLMASK_ANY);
2323 :
2324 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2325 : }
2326 :
2327 : /*
2328 : * has_any_column_privilege_name_id
2329 : * Check user privileges on any column of a table given
2330 : * name usename, table oid, and text priv name.
2331 : */
2332 : Datum
2333 0 : has_any_column_privilege_name_id(PG_FUNCTION_ARGS)
2334 : {
2335 0 : Name username = PG_GETARG_NAME(0);
2336 0 : Oid tableoid = PG_GETARG_OID(1);
2337 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2338 : Oid roleid;
2339 : AclMode mode;
2340 : AclResult aclresult;
2341 :
2342 0 : roleid = get_role_oid_or_public(NameStr(*username));
2343 0 : mode = convert_column_priv_string(priv_type_text);
2344 :
2345 0 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
2346 0 : PG_RETURN_NULL();
2347 :
2348 : /* First check at table level, then examine each column if needed */
2349 0 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2350 0 : if (aclresult != ACLCHECK_OK)
2351 0 : aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2352 : ACLMASK_ANY);
2353 :
2354 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2355 : }
2356 :
2357 : /*
2358 : * has_any_column_privilege_id
2359 : * Check user privileges on any column of a table given
2360 : * table oid, and text priv name.
2361 : * current_user is assumed
2362 : */
2363 : Datum
2364 0 : has_any_column_privilege_id(PG_FUNCTION_ARGS)
2365 : {
2366 0 : Oid tableoid = PG_GETARG_OID(0);
2367 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
2368 : Oid roleid;
2369 : AclMode mode;
2370 : AclResult aclresult;
2371 :
2372 0 : roleid = GetUserId();
2373 0 : mode = convert_column_priv_string(priv_type_text);
2374 :
2375 0 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
2376 0 : PG_RETURN_NULL();
2377 :
2378 : /* First check at table level, then examine each column if needed */
2379 0 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2380 0 : if (aclresult != ACLCHECK_OK)
2381 0 : aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2382 : ACLMASK_ANY);
2383 :
2384 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2385 : }
2386 :
2387 : /*
2388 : * has_any_column_privilege_id_name
2389 : * Check user privileges on any column of a table given
2390 : * roleid, text tablename, and text priv name.
2391 : */
2392 : Datum
2393 0 : has_any_column_privilege_id_name(PG_FUNCTION_ARGS)
2394 : {
2395 0 : Oid roleid = PG_GETARG_OID(0);
2396 0 : text *tablename = PG_GETARG_TEXT_PP(1);
2397 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2398 : Oid tableoid;
2399 : AclMode mode;
2400 : AclResult aclresult;
2401 :
2402 0 : tableoid = convert_table_name(tablename);
2403 0 : mode = convert_column_priv_string(priv_type_text);
2404 :
2405 : /* First check at table level, then examine each column if needed */
2406 0 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2407 0 : if (aclresult != ACLCHECK_OK)
2408 0 : aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2409 : ACLMASK_ANY);
2410 :
2411 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2412 : }
2413 :
2414 : /*
2415 : * has_any_column_privilege_id_id
2416 : * Check user privileges on any column of a table given
2417 : * roleid, table oid, and text priv name.
2418 : */
2419 : Datum
2420 0 : has_any_column_privilege_id_id(PG_FUNCTION_ARGS)
2421 : {
2422 0 : Oid roleid = PG_GETARG_OID(0);
2423 0 : Oid tableoid = PG_GETARG_OID(1);
2424 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2425 : AclMode mode;
2426 : AclResult aclresult;
2427 :
2428 0 : mode = convert_column_priv_string(priv_type_text);
2429 :
2430 0 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
2431 0 : PG_RETURN_NULL();
2432 :
2433 : /* First check at table level, then examine each column if needed */
2434 0 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2435 0 : if (aclresult != ACLCHECK_OK)
2436 0 : aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2437 : ACLMASK_ANY);
2438 :
2439 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2440 : }
2441 :
2442 :
2443 : /*
2444 : * has_column_privilege variants
2445 : * These are all named "has_column_privilege" at the SQL level.
2446 : * They take various combinations of relation name, relation OID,
2447 : * column name, column attnum, user name, user OID, or
2448 : * implicit user = current_user.
2449 : *
2450 : * The result is a boolean value: true if user has the indicated
2451 : * privilege, false if not. The variants that take a relation OID
2452 : * return NULL (rather than throwing an error) if that relation OID
2453 : * doesn't exist. Likewise, the variants that take an integer attnum
2454 : * return NULL (rather than throwing an error) if there is no such
2455 : * pg_attribute entry. All variants return NULL if an attisdropped
2456 : * column is selected. These rules are meant to avoid unnecessary
2457 : * failures in queries that scan pg_attribute.
2458 : */
2459 :
2460 : /*
2461 : * column_privilege_check: check column privileges, but don't throw an error
2462 : * for dropped column or table
2463 : *
2464 : * Returns 1 if have the privilege, 0 if not, -1 if dropped column/table.
2465 : */
2466 : static int
2467 1770 : column_privilege_check(Oid tableoid, AttrNumber attnum,
2468 : Oid roleid, AclMode mode)
2469 : {
2470 : AclResult aclresult;
2471 1770 : bool is_missing = false;
2472 :
2473 : /*
2474 : * If convert_column_name failed, we can just return -1 immediately.
2475 : */
2476 1770 : if (attnum == InvalidAttrNumber)
2477 12 : return -1;
2478 :
2479 : /*
2480 : * Check for column-level privileges first. This serves in part as a check
2481 : * on whether the column even exists, so we need to do it before checking
2482 : * table-level privilege.
2483 : */
2484 1758 : aclresult = pg_attribute_aclcheck_ext(tableoid, attnum, roleid,
2485 : mode, &is_missing);
2486 1758 : if (aclresult == ACLCHECK_OK)
2487 12 : return 1;
2488 1746 : else if (is_missing)
2489 42 : return -1;
2490 :
2491 : /* Next check if we have the privilege at the table level */
2492 1704 : aclresult = pg_class_aclcheck_ext(tableoid, roleid, mode, &is_missing);
2493 1704 : if (aclresult == ACLCHECK_OK)
2494 1704 : return 1;
2495 0 : else if (is_missing)
2496 0 : return -1;
2497 : else
2498 0 : return 0;
2499 : }
2500 :
2501 : /*
2502 : * has_column_privilege_name_name_name
2503 : * Check user privileges on a column given
2504 : * name username, text tablename, text colname, and text priv name.
2505 : */
2506 : Datum
2507 0 : has_column_privilege_name_name_name(PG_FUNCTION_ARGS)
2508 : {
2509 0 : Name rolename = PG_GETARG_NAME(0);
2510 0 : text *tablename = PG_GETARG_TEXT_PP(1);
2511 0 : text *column = PG_GETARG_TEXT_PP(2);
2512 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2513 : Oid roleid;
2514 : Oid tableoid;
2515 : AttrNumber colattnum;
2516 : AclMode mode;
2517 : int privresult;
2518 :
2519 0 : roleid = get_role_oid_or_public(NameStr(*rolename));
2520 0 : tableoid = convert_table_name(tablename);
2521 0 : colattnum = convert_column_name(tableoid, column);
2522 0 : mode = convert_column_priv_string(priv_type_text);
2523 :
2524 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2525 0 : if (privresult < 0)
2526 0 : PG_RETURN_NULL();
2527 0 : PG_RETURN_BOOL(privresult);
2528 : }
2529 :
2530 : /*
2531 : * has_column_privilege_name_name_attnum
2532 : * Check user privileges on a column given
2533 : * name username, text tablename, int attnum, and text priv name.
2534 : */
2535 : Datum
2536 0 : has_column_privilege_name_name_attnum(PG_FUNCTION_ARGS)
2537 : {
2538 0 : Name rolename = PG_GETARG_NAME(0);
2539 0 : text *tablename = PG_GETARG_TEXT_PP(1);
2540 0 : AttrNumber colattnum = PG_GETARG_INT16(2);
2541 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2542 : Oid roleid;
2543 : Oid tableoid;
2544 : AclMode mode;
2545 : int privresult;
2546 :
2547 0 : roleid = get_role_oid_or_public(NameStr(*rolename));
2548 0 : tableoid = convert_table_name(tablename);
2549 0 : mode = convert_column_priv_string(priv_type_text);
2550 :
2551 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2552 0 : if (privresult < 0)
2553 0 : PG_RETURN_NULL();
2554 0 : PG_RETURN_BOOL(privresult);
2555 : }
2556 :
2557 : /*
2558 : * has_column_privilege_name_id_name
2559 : * Check user privileges on a column given
2560 : * name username, table oid, text colname, and text priv name.
2561 : */
2562 : Datum
2563 0 : has_column_privilege_name_id_name(PG_FUNCTION_ARGS)
2564 : {
2565 0 : Name username = PG_GETARG_NAME(0);
2566 0 : Oid tableoid = PG_GETARG_OID(1);
2567 0 : text *column = PG_GETARG_TEXT_PP(2);
2568 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2569 : Oid roleid;
2570 : AttrNumber colattnum;
2571 : AclMode mode;
2572 : int privresult;
2573 :
2574 0 : roleid = get_role_oid_or_public(NameStr(*username));
2575 0 : colattnum = convert_column_name(tableoid, column);
2576 0 : mode = convert_column_priv_string(priv_type_text);
2577 :
2578 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2579 0 : if (privresult < 0)
2580 0 : PG_RETURN_NULL();
2581 0 : PG_RETURN_BOOL(privresult);
2582 : }
2583 :
2584 : /*
2585 : * has_column_privilege_name_id_attnum
2586 : * Check user privileges on a column given
2587 : * name username, table oid, int attnum, and text priv name.
2588 : */
2589 : Datum
2590 0 : has_column_privilege_name_id_attnum(PG_FUNCTION_ARGS)
2591 : {
2592 0 : Name username = PG_GETARG_NAME(0);
2593 0 : Oid tableoid = PG_GETARG_OID(1);
2594 0 : AttrNumber colattnum = PG_GETARG_INT16(2);
2595 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2596 : Oid roleid;
2597 : AclMode mode;
2598 : int privresult;
2599 :
2600 0 : roleid = get_role_oid_or_public(NameStr(*username));
2601 0 : mode = convert_column_priv_string(priv_type_text);
2602 :
2603 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2604 0 : if (privresult < 0)
2605 0 : PG_RETURN_NULL();
2606 0 : PG_RETURN_BOOL(privresult);
2607 : }
2608 :
2609 : /*
2610 : * has_column_privilege_id_name_name
2611 : * Check user privileges on a column given
2612 : * oid roleid, text tablename, text colname, and text priv name.
2613 : */
2614 : Datum
2615 0 : has_column_privilege_id_name_name(PG_FUNCTION_ARGS)
2616 : {
2617 0 : Oid roleid = PG_GETARG_OID(0);
2618 0 : text *tablename = PG_GETARG_TEXT_PP(1);
2619 0 : text *column = PG_GETARG_TEXT_PP(2);
2620 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2621 : Oid tableoid;
2622 : AttrNumber colattnum;
2623 : AclMode mode;
2624 : int privresult;
2625 :
2626 0 : tableoid = convert_table_name(tablename);
2627 0 : colattnum = convert_column_name(tableoid, column);
2628 0 : mode = convert_column_priv_string(priv_type_text);
2629 :
2630 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2631 0 : if (privresult < 0)
2632 0 : PG_RETURN_NULL();
2633 0 : PG_RETURN_BOOL(privresult);
2634 : }
2635 :
2636 : /*
2637 : * has_column_privilege_id_name_attnum
2638 : * Check user privileges on a column given
2639 : * oid roleid, text tablename, int attnum, and text priv name.
2640 : */
2641 : Datum
2642 0 : has_column_privilege_id_name_attnum(PG_FUNCTION_ARGS)
2643 : {
2644 0 : Oid roleid = PG_GETARG_OID(0);
2645 0 : text *tablename = PG_GETARG_TEXT_PP(1);
2646 0 : AttrNumber colattnum = PG_GETARG_INT16(2);
2647 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2648 : Oid tableoid;
2649 : AclMode mode;
2650 : int privresult;
2651 :
2652 0 : tableoid = convert_table_name(tablename);
2653 0 : mode = convert_column_priv_string(priv_type_text);
2654 :
2655 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2656 0 : if (privresult < 0)
2657 0 : PG_RETURN_NULL();
2658 0 : PG_RETURN_BOOL(privresult);
2659 : }
2660 :
2661 : /*
2662 : * has_column_privilege_id_id_name
2663 : * Check user privileges on a column given
2664 : * oid roleid, table oid, text colname, and text priv name.
2665 : */
2666 : Datum
2667 0 : has_column_privilege_id_id_name(PG_FUNCTION_ARGS)
2668 : {
2669 0 : Oid roleid = PG_GETARG_OID(0);
2670 0 : Oid tableoid = PG_GETARG_OID(1);
2671 0 : text *column = PG_GETARG_TEXT_PP(2);
2672 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2673 : AttrNumber colattnum;
2674 : AclMode mode;
2675 : int privresult;
2676 :
2677 0 : colattnum = convert_column_name(tableoid, column);
2678 0 : mode = convert_column_priv_string(priv_type_text);
2679 :
2680 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2681 0 : if (privresult < 0)
2682 0 : PG_RETURN_NULL();
2683 0 : PG_RETURN_BOOL(privresult);
2684 : }
2685 :
2686 : /*
2687 : * has_column_privilege_id_id_attnum
2688 : * Check user privileges on a column given
2689 : * oid roleid, table oid, int attnum, and text priv name.
2690 : */
2691 : Datum
2692 0 : has_column_privilege_id_id_attnum(PG_FUNCTION_ARGS)
2693 : {
2694 0 : Oid roleid = PG_GETARG_OID(0);
2695 0 : Oid tableoid = PG_GETARG_OID(1);
2696 0 : AttrNumber colattnum = PG_GETARG_INT16(2);
2697 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2698 : AclMode mode;
2699 : int privresult;
2700 :
2701 0 : mode = convert_column_priv_string(priv_type_text);
2702 :
2703 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2704 0 : if (privresult < 0)
2705 0 : PG_RETURN_NULL();
2706 0 : PG_RETURN_BOOL(privresult);
2707 : }
2708 :
2709 : /*
2710 : * has_column_privilege_name_name
2711 : * Check user privileges on a column given
2712 : * text tablename, text colname, and text priv name.
2713 : * current_user is assumed
2714 : */
2715 : Datum
2716 18 : has_column_privilege_name_name(PG_FUNCTION_ARGS)
2717 : {
2718 18 : text *tablename = PG_GETARG_TEXT_PP(0);
2719 18 : text *column = PG_GETARG_TEXT_PP(1);
2720 18 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2721 : Oid roleid;
2722 : Oid tableoid;
2723 : AttrNumber colattnum;
2724 : AclMode mode;
2725 : int privresult;
2726 :
2727 18 : roleid = GetUserId();
2728 18 : tableoid = convert_table_name(tablename);
2729 18 : colattnum = convert_column_name(tableoid, column);
2730 6 : mode = convert_column_priv_string(priv_type_text);
2731 :
2732 6 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2733 6 : if (privresult < 0)
2734 6 : PG_RETURN_NULL();
2735 0 : PG_RETURN_BOOL(privresult);
2736 : }
2737 :
2738 : /*
2739 : * has_column_privilege_name_attnum
2740 : * Check user privileges on a column given
2741 : * text tablename, int attnum, and text priv name.
2742 : * current_user is assumed
2743 : */
2744 : Datum
2745 30 : has_column_privilege_name_attnum(PG_FUNCTION_ARGS)
2746 : {
2747 30 : text *tablename = PG_GETARG_TEXT_PP(0);
2748 30 : AttrNumber colattnum = PG_GETARG_INT16(1);
2749 30 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2750 : Oid roleid;
2751 : Oid tableoid;
2752 : AclMode mode;
2753 : int privresult;
2754 :
2755 30 : roleid = GetUserId();
2756 30 : tableoid = convert_table_name(tablename);
2757 30 : mode = convert_column_priv_string(priv_type_text);
2758 :
2759 30 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2760 30 : if (privresult < 0)
2761 30 : PG_RETURN_NULL();
2762 0 : PG_RETURN_BOOL(privresult);
2763 : }
2764 :
2765 : /*
2766 : * has_column_privilege_id_name
2767 : * Check user privileges on a column given
2768 : * table oid, text colname, and text priv name.
2769 : * current_user is assumed
2770 : */
2771 : Datum
2772 6 : has_column_privilege_id_name(PG_FUNCTION_ARGS)
2773 : {
2774 6 : Oid tableoid = PG_GETARG_OID(0);
2775 6 : text *column = PG_GETARG_TEXT_PP(1);
2776 6 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2777 : Oid roleid;
2778 : AttrNumber colattnum;
2779 : AclMode mode;
2780 : int privresult;
2781 :
2782 6 : roleid = GetUserId();
2783 6 : colattnum = convert_column_name(tableoid, column);
2784 6 : mode = convert_column_priv_string(priv_type_text);
2785 :
2786 6 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2787 6 : if (privresult < 0)
2788 6 : PG_RETURN_NULL();
2789 0 : PG_RETURN_BOOL(privresult);
2790 : }
2791 :
2792 : /*
2793 : * has_column_privilege_id_attnum
2794 : * Check user privileges on a column given
2795 : * table oid, int attnum, and text priv name.
2796 : * current_user is assumed
2797 : */
2798 : Datum
2799 1728 : has_column_privilege_id_attnum(PG_FUNCTION_ARGS)
2800 : {
2801 1728 : Oid tableoid = PG_GETARG_OID(0);
2802 1728 : AttrNumber colattnum = PG_GETARG_INT16(1);
2803 1728 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2804 : Oid roleid;
2805 : AclMode mode;
2806 : int privresult;
2807 :
2808 1728 : roleid = GetUserId();
2809 1728 : mode = convert_column_priv_string(priv_type_text);
2810 :
2811 1728 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2812 1728 : if (privresult < 0)
2813 12 : PG_RETURN_NULL();
2814 1716 : PG_RETURN_BOOL(privresult);
2815 : }
2816 :
2817 : /*
2818 : * Support routines for has_column_privilege family.
2819 : */
2820 :
2821 : /*
2822 : * Given a table OID and a column name expressed as a string, look it up
2823 : * and return the column number. Returns InvalidAttrNumber in cases
2824 : * where caller should return NULL instead of failing.
2825 : */
2826 : static AttrNumber
2827 24 : convert_column_name(Oid tableoid, text *column)
2828 : {
2829 : char *colname;
2830 : HeapTuple attTuple;
2831 : AttrNumber attnum;
2832 :
2833 24 : colname = text_to_cstring(column);
2834 :
2835 : /*
2836 : * We don't use get_attnum() here because it will report that dropped
2837 : * columns don't exist. We need to treat dropped columns differently from
2838 : * nonexistent columns.
2839 : */
2840 24 : attTuple = SearchSysCache2(ATTNAME,
2841 : ObjectIdGetDatum(tableoid),
2842 : CStringGetDatum(colname));
2843 24 : if (HeapTupleIsValid(attTuple))
2844 : {
2845 : Form_pg_attribute attributeForm;
2846 :
2847 6 : attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
2848 : /* We want to return NULL for dropped columns */
2849 6 : if (attributeForm->attisdropped)
2850 6 : attnum = InvalidAttrNumber;
2851 : else
2852 0 : attnum = attributeForm->attnum;
2853 6 : ReleaseSysCache(attTuple);
2854 : }
2855 : else
2856 : {
2857 18 : char *tablename = get_rel_name(tableoid);
2858 :
2859 : /*
2860 : * If the table OID is bogus, or it's just been dropped, we'll get
2861 : * NULL back. In such cases we want has_column_privilege to return
2862 : * NULL too, so just return InvalidAttrNumber.
2863 : */
2864 18 : if (tablename != NULL)
2865 : {
2866 : /* tableoid exists, colname does not, so throw error */
2867 12 : ereport(ERROR,
2868 : (errcode(ERRCODE_UNDEFINED_COLUMN),
2869 : errmsg("column \"%s\" of relation \"%s\" does not exist",
2870 : colname, tablename)));
2871 : }
2872 : /* tableoid doesn't exist, so act like attisdropped case */
2873 6 : attnum = InvalidAttrNumber;
2874 : }
2875 :
2876 12 : pfree(colname);
2877 12 : return attnum;
2878 : }
2879 :
2880 : /*
2881 : * convert_column_priv_string
2882 : * Convert text string to AclMode value.
2883 : */
2884 : static AclMode
2885 1770 : convert_column_priv_string(text *priv_type_text)
2886 : {
2887 : static const priv_map column_priv_map[] = {
2888 : {"SELECT", ACL_SELECT},
2889 : {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2890 : {"INSERT", ACL_INSERT},
2891 : {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2892 : {"UPDATE", ACL_UPDATE},
2893 : {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2894 : {"REFERENCES", ACL_REFERENCES},
2895 : {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2896 : {NULL, 0}
2897 : };
2898 :
2899 1770 : return convert_any_priv_string(priv_type_text, column_priv_map);
2900 : }
2901 :
2902 :
2903 : /*
2904 : * has_database_privilege variants
2905 : * These are all named "has_database_privilege" at the SQL level.
2906 : * They take various combinations of database name, database OID,
2907 : * user name, user OID, or implicit user = current_user.
2908 : *
2909 : * The result is a boolean value: true if user has the indicated
2910 : * privilege, false if not, or NULL if object doesn't exist.
2911 : */
2912 :
2913 : /*
2914 : * has_database_privilege_name_name
2915 : * Check user privileges on a database given
2916 : * name username, text databasename, and text priv name.
2917 : */
2918 : Datum
2919 0 : has_database_privilege_name_name(PG_FUNCTION_ARGS)
2920 : {
2921 0 : Name username = PG_GETARG_NAME(0);
2922 0 : text *databasename = PG_GETARG_TEXT_PP(1);
2923 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2924 : Oid roleid;
2925 : Oid databaseoid;
2926 : AclMode mode;
2927 : AclResult aclresult;
2928 :
2929 0 : roleid = get_role_oid_or_public(NameStr(*username));
2930 0 : databaseoid = convert_database_name(databasename);
2931 0 : mode = convert_database_priv_string(priv_type_text);
2932 :
2933 0 : aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
2934 :
2935 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2936 : }
2937 :
2938 : /*
2939 : * has_database_privilege_name
2940 : * Check user privileges on a database given
2941 : * text databasename and text priv name.
2942 : * current_user is assumed
2943 : */
2944 : Datum
2945 0 : has_database_privilege_name(PG_FUNCTION_ARGS)
2946 : {
2947 0 : text *databasename = PG_GETARG_TEXT_PP(0);
2948 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
2949 : Oid roleid;
2950 : Oid databaseoid;
2951 : AclMode mode;
2952 : AclResult aclresult;
2953 :
2954 0 : roleid = GetUserId();
2955 0 : databaseoid = convert_database_name(databasename);
2956 0 : mode = convert_database_priv_string(priv_type_text);
2957 :
2958 0 : aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
2959 :
2960 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2961 : }
2962 :
2963 : /*
2964 : * has_database_privilege_name_id
2965 : * Check user privileges on a database given
2966 : * name usename, database oid, and text priv name.
2967 : */
2968 : Datum
2969 0 : has_database_privilege_name_id(PG_FUNCTION_ARGS)
2970 : {
2971 0 : Name username = PG_GETARG_NAME(0);
2972 0 : Oid databaseoid = PG_GETARG_OID(1);
2973 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2974 : Oid roleid;
2975 : AclMode mode;
2976 : AclResult aclresult;
2977 :
2978 0 : roleid = get_role_oid_or_public(NameStr(*username));
2979 0 : mode = convert_database_priv_string(priv_type_text);
2980 :
2981 0 : if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
2982 0 : PG_RETURN_NULL();
2983 :
2984 0 : aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
2985 :
2986 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2987 : }
2988 :
2989 : /*
2990 : * has_database_privilege_id
2991 : * Check user privileges on a database given
2992 : * database oid, and text priv name.
2993 : * current_user is assumed
2994 : */
2995 : Datum
2996 0 : has_database_privilege_id(PG_FUNCTION_ARGS)
2997 : {
2998 0 : Oid databaseoid = PG_GETARG_OID(0);
2999 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3000 : Oid roleid;
3001 : AclMode mode;
3002 : AclResult aclresult;
3003 :
3004 0 : roleid = GetUserId();
3005 0 : mode = convert_database_priv_string(priv_type_text);
3006 :
3007 0 : if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
3008 0 : PG_RETURN_NULL();
3009 :
3010 0 : aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
3011 :
3012 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3013 : }
3014 :
3015 : /*
3016 : * has_database_privilege_id_name
3017 : * Check user privileges on a database given
3018 : * roleid, text databasename, and text priv name.
3019 : */
3020 : Datum
3021 0 : has_database_privilege_id_name(PG_FUNCTION_ARGS)
3022 : {
3023 0 : Oid roleid = PG_GETARG_OID(0);
3024 0 : text *databasename = PG_GETARG_TEXT_PP(1);
3025 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3026 : Oid databaseoid;
3027 : AclMode mode;
3028 : AclResult aclresult;
3029 :
3030 0 : databaseoid = convert_database_name(databasename);
3031 0 : mode = convert_database_priv_string(priv_type_text);
3032 :
3033 0 : aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
3034 :
3035 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3036 : }
3037 :
3038 : /*
3039 : * has_database_privilege_id_id
3040 : * Check user privileges on a database given
3041 : * roleid, database oid, and text priv name.
3042 : */
3043 : Datum
3044 0 : has_database_privilege_id_id(PG_FUNCTION_ARGS)
3045 : {
3046 0 : Oid roleid = PG_GETARG_OID(0);
3047 0 : Oid databaseoid = PG_GETARG_OID(1);
3048 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3049 : AclMode mode;
3050 : AclResult aclresult;
3051 :
3052 0 : mode = convert_database_priv_string(priv_type_text);
3053 :
3054 0 : if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
3055 0 : PG_RETURN_NULL();
3056 :
3057 0 : aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
3058 :
3059 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3060 : }
3061 :
3062 : /*
3063 : * Support routines for has_database_privilege family.
3064 : */
3065 :
3066 : /*
3067 : * Given a database name expressed as a string, look it up and return Oid
3068 : */
3069 : static Oid
3070 0 : convert_database_name(text *databasename)
3071 : {
3072 0 : char *dbname = text_to_cstring(databasename);
3073 :
3074 0 : return get_database_oid(dbname, false);
3075 : }
3076 :
3077 : /*
3078 : * convert_database_priv_string
3079 : * Convert text string to AclMode value.
3080 : */
3081 : static AclMode
3082 0 : convert_database_priv_string(text *priv_type_text)
3083 : {
3084 : static const priv_map database_priv_map[] = {
3085 : {"CREATE", ACL_CREATE},
3086 : {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
3087 : {"TEMPORARY", ACL_CREATE_TEMP},
3088 : {"TEMPORARY WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3089 : {"TEMP", ACL_CREATE_TEMP},
3090 : {"TEMP WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3091 : {"CONNECT", ACL_CONNECT},
3092 : {"CONNECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CONNECT)},
3093 : {NULL, 0}
3094 : };
3095 :
3096 0 : return convert_any_priv_string(priv_type_text, database_priv_map);
3097 : }
3098 :
3099 :
3100 : /*
3101 : * has_foreign_data_wrapper_privilege variants
3102 : * These are all named "has_foreign_data_wrapper_privilege" at the SQL level.
3103 : * They take various combinations of foreign-data wrapper name,
3104 : * fdw OID, user name, user OID, or implicit user = current_user.
3105 : *
3106 : * The result is a boolean value: true if user has the indicated
3107 : * privilege, false if not.
3108 : */
3109 :
3110 : /*
3111 : * has_foreign_data_wrapper_privilege_name_name
3112 : * Check user privileges on a foreign-data wrapper given
3113 : * name username, text fdwname, and text priv name.
3114 : */
3115 : Datum
3116 12 : has_foreign_data_wrapper_privilege_name_name(PG_FUNCTION_ARGS)
3117 : {
3118 12 : Name username = PG_GETARG_NAME(0);
3119 12 : text *fdwname = PG_GETARG_TEXT_PP(1);
3120 12 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3121 : Oid roleid;
3122 : Oid fdwid;
3123 : AclMode mode;
3124 : AclResult aclresult;
3125 :
3126 12 : roleid = get_role_oid_or_public(NameStr(*username));
3127 12 : fdwid = convert_foreign_data_wrapper_name(fdwname);
3128 12 : mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3129 :
3130 12 : aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3131 :
3132 12 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3133 : }
3134 :
3135 : /*
3136 : * has_foreign_data_wrapper_privilege_name
3137 : * Check user privileges on a foreign-data wrapper given
3138 : * text fdwname and text priv name.
3139 : * current_user is assumed
3140 : */
3141 : Datum
3142 6 : has_foreign_data_wrapper_privilege_name(PG_FUNCTION_ARGS)
3143 : {
3144 6 : text *fdwname = PG_GETARG_TEXT_PP(0);
3145 6 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3146 : Oid roleid;
3147 : Oid fdwid;
3148 : AclMode mode;
3149 : AclResult aclresult;
3150 :
3151 6 : roleid = GetUserId();
3152 6 : fdwid = convert_foreign_data_wrapper_name(fdwname);
3153 6 : mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3154 :
3155 6 : aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3156 :
3157 6 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3158 : }
3159 :
3160 : /*
3161 : * has_foreign_data_wrapper_privilege_name_id
3162 : * Check user privileges on a foreign-data wrapper given
3163 : * name usename, foreign-data wrapper oid, and text priv name.
3164 : */
3165 : Datum
3166 6 : has_foreign_data_wrapper_privilege_name_id(PG_FUNCTION_ARGS)
3167 : {
3168 6 : Name username = PG_GETARG_NAME(0);
3169 6 : Oid fdwid = PG_GETARG_OID(1);
3170 6 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3171 : Oid roleid;
3172 : AclMode mode;
3173 : AclResult aclresult;
3174 :
3175 6 : roleid = get_role_oid_or_public(NameStr(*username));
3176 6 : mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3177 :
3178 6 : if (!SearchSysCacheExists1(FOREIGNDATAWRAPPEROID, ObjectIdGetDatum(fdwid)))
3179 0 : PG_RETURN_NULL();
3180 :
3181 6 : aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3182 :
3183 6 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3184 : }
3185 :
3186 : /*
3187 : * has_foreign_data_wrapper_privilege_id
3188 : * Check user privileges on a foreign-data wrapper given
3189 : * foreign-data wrapper oid, and text priv name.
3190 : * current_user is assumed
3191 : */
3192 : Datum
3193 6 : has_foreign_data_wrapper_privilege_id(PG_FUNCTION_ARGS)
3194 : {
3195 6 : Oid fdwid = PG_GETARG_OID(0);
3196 6 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3197 : Oid roleid;
3198 : AclMode mode;
3199 : AclResult aclresult;
3200 :
3201 6 : roleid = GetUserId();
3202 6 : mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3203 :
3204 6 : if (!SearchSysCacheExists1(FOREIGNDATAWRAPPEROID, ObjectIdGetDatum(fdwid)))
3205 0 : PG_RETURN_NULL();
3206 :
3207 6 : aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3208 :
3209 6 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3210 : }
3211 :
3212 : /*
3213 : * has_foreign_data_wrapper_privilege_id_name
3214 : * Check user privileges on a foreign-data wrapper given
3215 : * roleid, text fdwname, and text priv name.
3216 : */
3217 : Datum
3218 6 : has_foreign_data_wrapper_privilege_id_name(PG_FUNCTION_ARGS)
3219 : {
3220 6 : Oid roleid = PG_GETARG_OID(0);
3221 6 : text *fdwname = PG_GETARG_TEXT_PP(1);
3222 6 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3223 : Oid fdwid;
3224 : AclMode mode;
3225 : AclResult aclresult;
3226 :
3227 6 : fdwid = convert_foreign_data_wrapper_name(fdwname);
3228 6 : mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3229 :
3230 6 : aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3231 :
3232 6 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3233 : }
3234 :
3235 : /*
3236 : * has_foreign_data_wrapper_privilege_id_id
3237 : * Check user privileges on a foreign-data wrapper given
3238 : * roleid, fdw oid, and text priv name.
3239 : */
3240 : Datum
3241 6 : has_foreign_data_wrapper_privilege_id_id(PG_FUNCTION_ARGS)
3242 : {
3243 6 : Oid roleid = PG_GETARG_OID(0);
3244 6 : Oid fdwid = PG_GETARG_OID(1);
3245 6 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3246 : AclMode mode;
3247 : AclResult aclresult;
3248 :
3249 6 : mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3250 :
3251 6 : if (!SearchSysCacheExists1(FOREIGNDATAWRAPPEROID, ObjectIdGetDatum(fdwid)))
3252 0 : PG_RETURN_NULL();
3253 :
3254 6 : aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3255 :
3256 6 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3257 : }
3258 :
3259 : /*
3260 : * Support routines for has_foreign_data_wrapper_privilege family.
3261 : */
3262 :
3263 : /*
3264 : * Given a FDW name expressed as a string, look it up and return Oid
3265 : */
3266 : static Oid
3267 24 : convert_foreign_data_wrapper_name(text *fdwname)
3268 : {
3269 24 : char *fdwstr = text_to_cstring(fdwname);
3270 :
3271 24 : return get_foreign_data_wrapper_oid(fdwstr, false);
3272 : }
3273 :
3274 : /*
3275 : * convert_foreign_data_wrapper_priv_string
3276 : * Convert text string to AclMode value.
3277 : */
3278 : static AclMode
3279 42 : convert_foreign_data_wrapper_priv_string(text *priv_type_text)
3280 : {
3281 : static const priv_map foreign_data_wrapper_priv_map[] = {
3282 : {"USAGE", ACL_USAGE},
3283 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3284 : {NULL, 0}
3285 : };
3286 :
3287 42 : return convert_any_priv_string(priv_type_text, foreign_data_wrapper_priv_map);
3288 : }
3289 :
3290 :
3291 : /*
3292 : * has_function_privilege variants
3293 : * These are all named "has_function_privilege" at the SQL level.
3294 : * They take various combinations of function name, function OID,
3295 : * user name, user OID, or implicit user = current_user.
3296 : *
3297 : * The result is a boolean value: true if user has the indicated
3298 : * privilege, false if not, or NULL if object doesn't exist.
3299 : */
3300 :
3301 : /*
3302 : * has_function_privilege_name_name
3303 : * Check user privileges on a function given
3304 : * name username, text functionname, and text priv name.
3305 : */
3306 : Datum
3307 162 : has_function_privilege_name_name(PG_FUNCTION_ARGS)
3308 : {
3309 162 : Name username = PG_GETARG_NAME(0);
3310 162 : text *functionname = PG_GETARG_TEXT_PP(1);
3311 162 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3312 : Oid roleid;
3313 : Oid functionoid;
3314 : AclMode mode;
3315 : AclResult aclresult;
3316 :
3317 162 : roleid = get_role_oid_or_public(NameStr(*username));
3318 162 : functionoid = convert_function_name(functionname);
3319 162 : mode = convert_function_priv_string(priv_type_text);
3320 :
3321 162 : aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3322 :
3323 162 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3324 : }
3325 :
3326 : /*
3327 : * has_function_privilege_name
3328 : * Check user privileges on a function given
3329 : * text functionname and text priv name.
3330 : * current_user is assumed
3331 : */
3332 : Datum
3333 0 : has_function_privilege_name(PG_FUNCTION_ARGS)
3334 : {
3335 0 : text *functionname = PG_GETARG_TEXT_PP(0);
3336 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3337 : Oid roleid;
3338 : Oid functionoid;
3339 : AclMode mode;
3340 : AclResult aclresult;
3341 :
3342 0 : roleid = GetUserId();
3343 0 : functionoid = convert_function_name(functionname);
3344 0 : mode = convert_function_priv_string(priv_type_text);
3345 :
3346 0 : aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3347 :
3348 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3349 : }
3350 :
3351 : /*
3352 : * has_function_privilege_name_id
3353 : * Check user privileges on a function given
3354 : * name usename, function oid, and text priv name.
3355 : */
3356 : Datum
3357 0 : has_function_privilege_name_id(PG_FUNCTION_ARGS)
3358 : {
3359 0 : Name username = PG_GETARG_NAME(0);
3360 0 : Oid functionoid = PG_GETARG_OID(1);
3361 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3362 : Oid roleid;
3363 : AclMode mode;
3364 : AclResult aclresult;
3365 :
3366 0 : roleid = get_role_oid_or_public(NameStr(*username));
3367 0 : mode = convert_function_priv_string(priv_type_text);
3368 :
3369 0 : if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
3370 0 : PG_RETURN_NULL();
3371 :
3372 0 : aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3373 :
3374 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3375 : }
3376 :
3377 : /*
3378 : * has_function_privilege_id
3379 : * Check user privileges on a function given
3380 : * function oid, and text priv name.
3381 : * current_user is assumed
3382 : */
3383 : Datum
3384 0 : has_function_privilege_id(PG_FUNCTION_ARGS)
3385 : {
3386 0 : Oid functionoid = PG_GETARG_OID(0);
3387 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3388 : Oid roleid;
3389 : AclMode mode;
3390 : AclResult aclresult;
3391 :
3392 0 : roleid = GetUserId();
3393 0 : mode = convert_function_priv_string(priv_type_text);
3394 :
3395 0 : if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
3396 0 : PG_RETURN_NULL();
3397 :
3398 0 : aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3399 :
3400 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3401 : }
3402 :
3403 : /*
3404 : * has_function_privilege_id_name
3405 : * Check user privileges on a function given
3406 : * roleid, text functionname, and text priv name.
3407 : */
3408 : Datum
3409 0 : has_function_privilege_id_name(PG_FUNCTION_ARGS)
3410 : {
3411 0 : Oid roleid = PG_GETARG_OID(0);
3412 0 : text *functionname = PG_GETARG_TEXT_PP(1);
3413 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3414 : Oid functionoid;
3415 : AclMode mode;
3416 : AclResult aclresult;
3417 :
3418 0 : functionoid = convert_function_name(functionname);
3419 0 : mode = convert_function_priv_string(priv_type_text);
3420 :
3421 0 : aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3422 :
3423 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3424 : }
3425 :
3426 : /*
3427 : * has_function_privilege_id_id
3428 : * Check user privileges on a function given
3429 : * roleid, function oid, and text priv name.
3430 : */
3431 : Datum
3432 0 : has_function_privilege_id_id(PG_FUNCTION_ARGS)
3433 : {
3434 0 : Oid roleid = PG_GETARG_OID(0);
3435 0 : Oid functionoid = PG_GETARG_OID(1);
3436 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3437 : AclMode mode;
3438 : AclResult aclresult;
3439 :
3440 0 : mode = convert_function_priv_string(priv_type_text);
3441 :
3442 0 : if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
3443 0 : PG_RETURN_NULL();
3444 :
3445 0 : aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3446 :
3447 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3448 : }
3449 :
3450 : /*
3451 : * Support routines for has_function_privilege family.
3452 : */
3453 :
3454 : /*
3455 : * Given a function name expressed as a string, look it up and return Oid
3456 : */
3457 : static Oid
3458 162 : convert_function_name(text *functionname)
3459 : {
3460 162 : char *funcname = text_to_cstring(functionname);
3461 : Oid oid;
3462 :
3463 162 : oid = DatumGetObjectId(DirectFunctionCall1(regprocedurein,
3464 : CStringGetDatum(funcname)));
3465 :
3466 162 : if (!OidIsValid(oid))
3467 0 : ereport(ERROR,
3468 : (errcode(ERRCODE_UNDEFINED_FUNCTION),
3469 : errmsg("function \"%s\" does not exist", funcname)));
3470 :
3471 162 : return oid;
3472 : }
3473 :
3474 : /*
3475 : * convert_function_priv_string
3476 : * Convert text string to AclMode value.
3477 : */
3478 : static AclMode
3479 162 : convert_function_priv_string(text *priv_type_text)
3480 : {
3481 : static const priv_map function_priv_map[] = {
3482 : {"EXECUTE", ACL_EXECUTE},
3483 : {"EXECUTE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_EXECUTE)},
3484 : {NULL, 0}
3485 : };
3486 :
3487 162 : return convert_any_priv_string(priv_type_text, function_priv_map);
3488 : }
3489 :
3490 :
3491 : /*
3492 : * has_language_privilege variants
3493 : * These are all named "has_language_privilege" at the SQL level.
3494 : * They take various combinations of language name, language OID,
3495 : * user name, user OID, or implicit user = current_user.
3496 : *
3497 : * The result is a boolean value: true if user has the indicated
3498 : * privilege, false if not, or NULL if object doesn't exist.
3499 : */
3500 :
3501 : /*
3502 : * has_language_privilege_name_name
3503 : * Check user privileges on a language given
3504 : * name username, text languagename, and text priv name.
3505 : */
3506 : Datum
3507 0 : has_language_privilege_name_name(PG_FUNCTION_ARGS)
3508 : {
3509 0 : Name username = PG_GETARG_NAME(0);
3510 0 : text *languagename = PG_GETARG_TEXT_PP(1);
3511 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3512 : Oid roleid;
3513 : Oid languageoid;
3514 : AclMode mode;
3515 : AclResult aclresult;
3516 :
3517 0 : roleid = get_role_oid_or_public(NameStr(*username));
3518 0 : languageoid = convert_language_name(languagename);
3519 0 : mode = convert_language_priv_string(priv_type_text);
3520 :
3521 0 : aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3522 :
3523 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3524 : }
3525 :
3526 : /*
3527 : * has_language_privilege_name
3528 : * Check user privileges on a language given
3529 : * text languagename and text priv name.
3530 : * current_user is assumed
3531 : */
3532 : Datum
3533 0 : has_language_privilege_name(PG_FUNCTION_ARGS)
3534 : {
3535 0 : text *languagename = PG_GETARG_TEXT_PP(0);
3536 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3537 : Oid roleid;
3538 : Oid languageoid;
3539 : AclMode mode;
3540 : AclResult aclresult;
3541 :
3542 0 : roleid = GetUserId();
3543 0 : languageoid = convert_language_name(languagename);
3544 0 : mode = convert_language_priv_string(priv_type_text);
3545 :
3546 0 : aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3547 :
3548 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3549 : }
3550 :
3551 : /*
3552 : * has_language_privilege_name_id
3553 : * Check user privileges on a language given
3554 : * name usename, language oid, and text priv name.
3555 : */
3556 : Datum
3557 0 : has_language_privilege_name_id(PG_FUNCTION_ARGS)
3558 : {
3559 0 : Name username = PG_GETARG_NAME(0);
3560 0 : Oid languageoid = PG_GETARG_OID(1);
3561 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3562 : Oid roleid;
3563 : AclMode mode;
3564 : AclResult aclresult;
3565 :
3566 0 : roleid = get_role_oid_or_public(NameStr(*username));
3567 0 : mode = convert_language_priv_string(priv_type_text);
3568 :
3569 0 : if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
3570 0 : PG_RETURN_NULL();
3571 :
3572 0 : aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3573 :
3574 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3575 : }
3576 :
3577 : /*
3578 : * has_language_privilege_id
3579 : * Check user privileges on a language given
3580 : * language oid, and text priv name.
3581 : * current_user is assumed
3582 : */
3583 : Datum
3584 0 : has_language_privilege_id(PG_FUNCTION_ARGS)
3585 : {
3586 0 : Oid languageoid = PG_GETARG_OID(0);
3587 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3588 : Oid roleid;
3589 : AclMode mode;
3590 : AclResult aclresult;
3591 :
3592 0 : roleid = GetUserId();
3593 0 : mode = convert_language_priv_string(priv_type_text);
3594 :
3595 0 : if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
3596 0 : PG_RETURN_NULL();
3597 :
3598 0 : aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3599 :
3600 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3601 : }
3602 :
3603 : /*
3604 : * has_language_privilege_id_name
3605 : * Check user privileges on a language given
3606 : * roleid, text languagename, and text priv name.
3607 : */
3608 : Datum
3609 0 : has_language_privilege_id_name(PG_FUNCTION_ARGS)
3610 : {
3611 0 : Oid roleid = PG_GETARG_OID(0);
3612 0 : text *languagename = PG_GETARG_TEXT_PP(1);
3613 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3614 : Oid languageoid;
3615 : AclMode mode;
3616 : AclResult aclresult;
3617 :
3618 0 : languageoid = convert_language_name(languagename);
3619 0 : mode = convert_language_priv_string(priv_type_text);
3620 :
3621 0 : aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3622 :
3623 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3624 : }
3625 :
3626 : /*
3627 : * has_language_privilege_id_id
3628 : * Check user privileges on a language given
3629 : * roleid, language oid, and text priv name.
3630 : */
3631 : Datum
3632 0 : has_language_privilege_id_id(PG_FUNCTION_ARGS)
3633 : {
3634 0 : Oid roleid = PG_GETARG_OID(0);
3635 0 : Oid languageoid = PG_GETARG_OID(1);
3636 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3637 : AclMode mode;
3638 : AclResult aclresult;
3639 :
3640 0 : mode = convert_language_priv_string(priv_type_text);
3641 :
3642 0 : if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
3643 0 : PG_RETURN_NULL();
3644 :
3645 0 : aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3646 :
3647 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3648 : }
3649 :
3650 : /*
3651 : * Support routines for has_language_privilege family.
3652 : */
3653 :
3654 : /*
3655 : * Given a language name expressed as a string, look it up and return Oid
3656 : */
3657 : static Oid
3658 0 : convert_language_name(text *languagename)
3659 : {
3660 0 : char *langname = text_to_cstring(languagename);
3661 :
3662 0 : return get_language_oid(langname, false);
3663 : }
3664 :
3665 : /*
3666 : * convert_language_priv_string
3667 : * Convert text string to AclMode value.
3668 : */
3669 : static AclMode
3670 0 : convert_language_priv_string(text *priv_type_text)
3671 : {
3672 : static const priv_map language_priv_map[] = {
3673 : {"USAGE", ACL_USAGE},
3674 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3675 : {NULL, 0}
3676 : };
3677 :
3678 0 : return convert_any_priv_string(priv_type_text, language_priv_map);
3679 : }
3680 :
3681 :
3682 : /*
3683 : * has_schema_privilege variants
3684 : * These are all named "has_schema_privilege" at the SQL level.
3685 : * They take various combinations of schema name, schema OID,
3686 : * user name, user OID, or implicit user = current_user.
3687 : *
3688 : * The result is a boolean value: true if user has the indicated
3689 : * privilege, false if not, or NULL if object doesn't exist.
3690 : */
3691 :
3692 : /*
3693 : * has_schema_privilege_name_name
3694 : * Check user privileges on a schema given
3695 : * name username, text schemaname, and text priv name.
3696 : */
3697 : Datum
3698 54 : has_schema_privilege_name_name(PG_FUNCTION_ARGS)
3699 : {
3700 54 : Name username = PG_GETARG_NAME(0);
3701 54 : text *schemaname = PG_GETARG_TEXT_PP(1);
3702 54 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3703 : Oid roleid;
3704 : Oid schemaoid;
3705 : AclMode mode;
3706 : AclResult aclresult;
3707 :
3708 54 : roleid = get_role_oid_or_public(NameStr(*username));
3709 54 : schemaoid = convert_schema_name(schemaname);
3710 54 : mode = convert_schema_priv_string(priv_type_text);
3711 :
3712 54 : aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3713 :
3714 54 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3715 : }
3716 :
3717 : /*
3718 : * has_schema_privilege_name
3719 : * Check user privileges on a schema given
3720 : * text schemaname and text priv name.
3721 : * current_user is assumed
3722 : */
3723 : Datum
3724 0 : has_schema_privilege_name(PG_FUNCTION_ARGS)
3725 : {
3726 0 : text *schemaname = PG_GETARG_TEXT_PP(0);
3727 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3728 : Oid roleid;
3729 : Oid schemaoid;
3730 : AclMode mode;
3731 : AclResult aclresult;
3732 :
3733 0 : roleid = GetUserId();
3734 0 : schemaoid = convert_schema_name(schemaname);
3735 0 : mode = convert_schema_priv_string(priv_type_text);
3736 :
3737 0 : aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3738 :
3739 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3740 : }
3741 :
3742 : /*
3743 : * has_schema_privilege_name_id
3744 : * Check user privileges on a schema given
3745 : * name usename, schema oid, and text priv name.
3746 : */
3747 : Datum
3748 0 : has_schema_privilege_name_id(PG_FUNCTION_ARGS)
3749 : {
3750 0 : Name username = PG_GETARG_NAME(0);
3751 0 : Oid schemaoid = PG_GETARG_OID(1);
3752 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3753 : Oid roleid;
3754 : AclMode mode;
3755 : AclResult aclresult;
3756 :
3757 0 : roleid = get_role_oid_or_public(NameStr(*username));
3758 0 : mode = convert_schema_priv_string(priv_type_text);
3759 :
3760 0 : if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
3761 0 : PG_RETURN_NULL();
3762 :
3763 0 : aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3764 :
3765 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3766 : }
3767 :
3768 : /*
3769 : * has_schema_privilege_id
3770 : * Check user privileges on a schema given
3771 : * schema oid, and text priv name.
3772 : * current_user is assumed
3773 : */
3774 : Datum
3775 0 : has_schema_privilege_id(PG_FUNCTION_ARGS)
3776 : {
3777 0 : Oid schemaoid = PG_GETARG_OID(0);
3778 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3779 : Oid roleid;
3780 : AclMode mode;
3781 : AclResult aclresult;
3782 :
3783 0 : roleid = GetUserId();
3784 0 : mode = convert_schema_priv_string(priv_type_text);
3785 :
3786 0 : if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
3787 0 : PG_RETURN_NULL();
3788 :
3789 0 : aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3790 :
3791 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3792 : }
3793 :
3794 : /*
3795 : * has_schema_privilege_id_name
3796 : * Check user privileges on a schema given
3797 : * roleid, text schemaname, and text priv name.
3798 : */
3799 : Datum
3800 0 : has_schema_privilege_id_name(PG_FUNCTION_ARGS)
3801 : {
3802 0 : Oid roleid = PG_GETARG_OID(0);
3803 0 : text *schemaname = PG_GETARG_TEXT_PP(1);
3804 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3805 : Oid schemaoid;
3806 : AclMode mode;
3807 : AclResult aclresult;
3808 :
3809 0 : schemaoid = convert_schema_name(schemaname);
3810 0 : mode = convert_schema_priv_string(priv_type_text);
3811 :
3812 0 : aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3813 :
3814 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3815 : }
3816 :
3817 : /*
3818 : * has_schema_privilege_id_id
3819 : * Check user privileges on a schema given
3820 : * roleid, schema oid, and text priv name.
3821 : */
3822 : Datum
3823 0 : has_schema_privilege_id_id(PG_FUNCTION_ARGS)
3824 : {
3825 0 : Oid roleid = PG_GETARG_OID(0);
3826 0 : Oid schemaoid = PG_GETARG_OID(1);
3827 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3828 : AclMode mode;
3829 : AclResult aclresult;
3830 :
3831 0 : mode = convert_schema_priv_string(priv_type_text);
3832 :
3833 0 : if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
3834 0 : PG_RETURN_NULL();
3835 :
3836 0 : aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3837 :
3838 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3839 : }
3840 :
3841 : /*
3842 : * Support routines for has_schema_privilege family.
3843 : */
3844 :
3845 : /*
3846 : * Given a schema name expressed as a string, look it up and return Oid
3847 : */
3848 : static Oid
3849 54 : convert_schema_name(text *schemaname)
3850 : {
3851 54 : char *nspname = text_to_cstring(schemaname);
3852 :
3853 54 : return get_namespace_oid(nspname, false);
3854 : }
3855 :
3856 : /*
3857 : * convert_schema_priv_string
3858 : * Convert text string to AclMode value.
3859 : */
3860 : static AclMode
3861 54 : convert_schema_priv_string(text *priv_type_text)
3862 : {
3863 : static const priv_map schema_priv_map[] = {
3864 : {"CREATE", ACL_CREATE},
3865 : {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
3866 : {"USAGE", ACL_USAGE},
3867 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3868 : {NULL, 0}
3869 : };
3870 :
3871 54 : return convert_any_priv_string(priv_type_text, schema_priv_map);
3872 : }
3873 :
3874 :
3875 : /*
3876 : * has_server_privilege variants
3877 : * These are all named "has_server_privilege" at the SQL level.
3878 : * They take various combinations of foreign server name,
3879 : * server OID, user name, user OID, or implicit user = current_user.
3880 : *
3881 : * The result is a boolean value: true if user has the indicated
3882 : * privilege, false if not.
3883 : */
3884 :
3885 : /*
3886 : * has_server_privilege_name_name
3887 : * Check user privileges on a foreign server given
3888 : * name username, text servername, and text priv name.
3889 : */
3890 : Datum
3891 12 : has_server_privilege_name_name(PG_FUNCTION_ARGS)
3892 : {
3893 12 : Name username = PG_GETARG_NAME(0);
3894 12 : text *servername = PG_GETARG_TEXT_PP(1);
3895 12 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3896 : Oid roleid;
3897 : Oid serverid;
3898 : AclMode mode;
3899 : AclResult aclresult;
3900 :
3901 12 : roleid = get_role_oid_or_public(NameStr(*username));
3902 12 : serverid = convert_server_name(servername);
3903 12 : mode = convert_server_priv_string(priv_type_text);
3904 :
3905 12 : aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
3906 :
3907 12 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3908 : }
3909 :
3910 : /*
3911 : * has_server_privilege_name
3912 : * Check user privileges on a foreign server given
3913 : * text servername and text priv name.
3914 : * current_user is assumed
3915 : */
3916 : Datum
3917 6 : has_server_privilege_name(PG_FUNCTION_ARGS)
3918 : {
3919 6 : text *servername = PG_GETARG_TEXT_PP(0);
3920 6 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3921 : Oid roleid;
3922 : Oid serverid;
3923 : AclMode mode;
3924 : AclResult aclresult;
3925 :
3926 6 : roleid = GetUserId();
3927 6 : serverid = convert_server_name(servername);
3928 6 : mode = convert_server_priv_string(priv_type_text);
3929 :
3930 6 : aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
3931 :
3932 6 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3933 : }
3934 :
3935 : /*
3936 : * has_server_privilege_name_id
3937 : * Check user privileges on a foreign server given
3938 : * name usename, foreign server oid, and text priv name.
3939 : */
3940 : Datum
3941 6 : has_server_privilege_name_id(PG_FUNCTION_ARGS)
3942 : {
3943 6 : Name username = PG_GETARG_NAME(0);
3944 6 : Oid serverid = PG_GETARG_OID(1);
3945 6 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3946 : Oid roleid;
3947 : AclMode mode;
3948 : AclResult aclresult;
3949 :
3950 6 : roleid = get_role_oid_or_public(NameStr(*username));
3951 6 : mode = convert_server_priv_string(priv_type_text);
3952 :
3953 6 : if (!SearchSysCacheExists1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)))
3954 0 : PG_RETURN_NULL();
3955 :
3956 6 : aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
3957 :
3958 6 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3959 : }
3960 :
3961 : /*
3962 : * has_server_privilege_id
3963 : * Check user privileges on a foreign server given
3964 : * server oid, and text priv name.
3965 : * current_user is assumed
3966 : */
3967 : Datum
3968 78 : has_server_privilege_id(PG_FUNCTION_ARGS)
3969 : {
3970 78 : Oid serverid = PG_GETARG_OID(0);
3971 78 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3972 : Oid roleid;
3973 : AclMode mode;
3974 : AclResult aclresult;
3975 :
3976 78 : roleid = GetUserId();
3977 78 : mode = convert_server_priv_string(priv_type_text);
3978 :
3979 78 : if (!SearchSysCacheExists1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)))
3980 0 : PG_RETURN_NULL();
3981 :
3982 78 : aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
3983 :
3984 78 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3985 : }
3986 :
3987 : /*
3988 : * has_server_privilege_id_name
3989 : * Check user privileges on a foreign server given
3990 : * roleid, text servername, and text priv name.
3991 : */
3992 : Datum
3993 6 : has_server_privilege_id_name(PG_FUNCTION_ARGS)
3994 : {
3995 6 : Oid roleid = PG_GETARG_OID(0);
3996 6 : text *servername = PG_GETARG_TEXT_PP(1);
3997 6 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3998 : Oid serverid;
3999 : AclMode mode;
4000 : AclResult aclresult;
4001 :
4002 6 : serverid = convert_server_name(servername);
4003 6 : mode = convert_server_priv_string(priv_type_text);
4004 :
4005 6 : aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
4006 :
4007 6 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4008 : }
4009 :
4010 : /*
4011 : * has_server_privilege_id_id
4012 : * Check user privileges on a foreign server given
4013 : * roleid, server oid, and text priv name.
4014 : */
4015 : Datum
4016 6 : has_server_privilege_id_id(PG_FUNCTION_ARGS)
4017 : {
4018 6 : Oid roleid = PG_GETARG_OID(0);
4019 6 : Oid serverid = PG_GETARG_OID(1);
4020 6 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4021 : AclMode mode;
4022 : AclResult aclresult;
4023 :
4024 6 : mode = convert_server_priv_string(priv_type_text);
4025 :
4026 6 : if (!SearchSysCacheExists1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)))
4027 0 : PG_RETURN_NULL();
4028 :
4029 6 : aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
4030 :
4031 6 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4032 : }
4033 :
4034 : /*
4035 : * Support routines for has_server_privilege family.
4036 : */
4037 :
4038 : /*
4039 : * Given a server name expressed as a string, look it up and return Oid
4040 : */
4041 : static Oid
4042 24 : convert_server_name(text *servername)
4043 : {
4044 24 : char *serverstr = text_to_cstring(servername);
4045 :
4046 24 : return get_foreign_server_oid(serverstr, false);
4047 : }
4048 :
4049 : /*
4050 : * convert_server_priv_string
4051 : * Convert text string to AclMode value.
4052 : */
4053 : static AclMode
4054 114 : convert_server_priv_string(text *priv_type_text)
4055 : {
4056 : static const priv_map server_priv_map[] = {
4057 : {"USAGE", ACL_USAGE},
4058 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
4059 : {NULL, 0}
4060 : };
4061 :
4062 114 : return convert_any_priv_string(priv_type_text, server_priv_map);
4063 : }
4064 :
4065 :
4066 : /*
4067 : * has_tablespace_privilege variants
4068 : * These are all named "has_tablespace_privilege" at the SQL level.
4069 : * They take various combinations of tablespace name, tablespace OID,
4070 : * user name, user OID, or implicit user = current_user.
4071 : *
4072 : * The result is a boolean value: true if user has the indicated
4073 : * privilege, false if not.
4074 : */
4075 :
4076 : /*
4077 : * has_tablespace_privilege_name_name
4078 : * Check user privileges on a tablespace given
4079 : * name username, text tablespacename, and text priv name.
4080 : */
4081 : Datum
4082 0 : has_tablespace_privilege_name_name(PG_FUNCTION_ARGS)
4083 : {
4084 0 : Name username = PG_GETARG_NAME(0);
4085 0 : text *tablespacename = PG_GETARG_TEXT_PP(1);
4086 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4087 : Oid roleid;
4088 : Oid tablespaceoid;
4089 : AclMode mode;
4090 : AclResult aclresult;
4091 :
4092 0 : roleid = get_role_oid_or_public(NameStr(*username));
4093 0 : tablespaceoid = convert_tablespace_name(tablespacename);
4094 0 : mode = convert_tablespace_priv_string(priv_type_text);
4095 :
4096 0 : aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4097 :
4098 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4099 : }
4100 :
4101 : /*
4102 : * has_tablespace_privilege_name
4103 : * Check user privileges on a tablespace given
4104 : * text tablespacename and text priv name.
4105 : * current_user is assumed
4106 : */
4107 : Datum
4108 0 : has_tablespace_privilege_name(PG_FUNCTION_ARGS)
4109 : {
4110 0 : text *tablespacename = PG_GETARG_TEXT_PP(0);
4111 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
4112 : Oid roleid;
4113 : Oid tablespaceoid;
4114 : AclMode mode;
4115 : AclResult aclresult;
4116 :
4117 0 : roleid = GetUserId();
4118 0 : tablespaceoid = convert_tablespace_name(tablespacename);
4119 0 : mode = convert_tablespace_priv_string(priv_type_text);
4120 :
4121 0 : aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4122 :
4123 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4124 : }
4125 :
4126 : /*
4127 : * has_tablespace_privilege_name_id
4128 : * Check user privileges on a tablespace given
4129 : * name usename, tablespace oid, and text priv name.
4130 : */
4131 : Datum
4132 0 : has_tablespace_privilege_name_id(PG_FUNCTION_ARGS)
4133 : {
4134 0 : Name username = PG_GETARG_NAME(0);
4135 0 : Oid tablespaceoid = PG_GETARG_OID(1);
4136 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4137 : Oid roleid;
4138 : AclMode mode;
4139 : AclResult aclresult;
4140 :
4141 0 : roleid = get_role_oid_or_public(NameStr(*username));
4142 0 : mode = convert_tablespace_priv_string(priv_type_text);
4143 :
4144 0 : if (!SearchSysCacheExists1(TABLESPACEOID, ObjectIdGetDatum(tablespaceoid)))
4145 0 : PG_RETURN_NULL();
4146 :
4147 0 : aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4148 :
4149 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4150 : }
4151 :
4152 : /*
4153 : * has_tablespace_privilege_id
4154 : * Check user privileges on a tablespace given
4155 : * tablespace oid, and text priv name.
4156 : * current_user is assumed
4157 : */
4158 : Datum
4159 0 : has_tablespace_privilege_id(PG_FUNCTION_ARGS)
4160 : {
4161 0 : Oid tablespaceoid = PG_GETARG_OID(0);
4162 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
4163 : Oid roleid;
4164 : AclMode mode;
4165 : AclResult aclresult;
4166 :
4167 0 : roleid = GetUserId();
4168 0 : mode = convert_tablespace_priv_string(priv_type_text);
4169 :
4170 0 : if (!SearchSysCacheExists1(TABLESPACEOID, ObjectIdGetDatum(tablespaceoid)))
4171 0 : PG_RETURN_NULL();
4172 :
4173 0 : aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4174 :
4175 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4176 : }
4177 :
4178 : /*
4179 : * has_tablespace_privilege_id_name
4180 : * Check user privileges on a tablespace given
4181 : * roleid, text tablespacename, and text priv name.
4182 : */
4183 : Datum
4184 0 : has_tablespace_privilege_id_name(PG_FUNCTION_ARGS)
4185 : {
4186 0 : Oid roleid = PG_GETARG_OID(0);
4187 0 : text *tablespacename = PG_GETARG_TEXT_PP(1);
4188 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4189 : Oid tablespaceoid;
4190 : AclMode mode;
4191 : AclResult aclresult;
4192 :
4193 0 : tablespaceoid = convert_tablespace_name(tablespacename);
4194 0 : mode = convert_tablespace_priv_string(priv_type_text);
4195 :
4196 0 : aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4197 :
4198 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4199 : }
4200 :
4201 : /*
4202 : * has_tablespace_privilege_id_id
4203 : * Check user privileges on a tablespace given
4204 : * roleid, tablespace oid, and text priv name.
4205 : */
4206 : Datum
4207 0 : has_tablespace_privilege_id_id(PG_FUNCTION_ARGS)
4208 : {
4209 0 : Oid roleid = PG_GETARG_OID(0);
4210 0 : Oid tablespaceoid = PG_GETARG_OID(1);
4211 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4212 : AclMode mode;
4213 : AclResult aclresult;
4214 :
4215 0 : mode = convert_tablespace_priv_string(priv_type_text);
4216 :
4217 0 : if (!SearchSysCacheExists1(TABLESPACEOID, ObjectIdGetDatum(tablespaceoid)))
4218 0 : PG_RETURN_NULL();
4219 :
4220 0 : aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4221 :
4222 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4223 : }
4224 :
4225 : /*
4226 : * Support routines for has_tablespace_privilege family.
4227 : */
4228 :
4229 : /*
4230 : * Given a tablespace name expressed as a string, look it up and return Oid
4231 : */
4232 : static Oid
4233 0 : convert_tablespace_name(text *tablespacename)
4234 : {
4235 0 : char *spcname = text_to_cstring(tablespacename);
4236 :
4237 0 : return get_tablespace_oid(spcname, false);
4238 : }
4239 :
4240 : /*
4241 : * convert_tablespace_priv_string
4242 : * Convert text string to AclMode value.
4243 : */
4244 : static AclMode
4245 0 : convert_tablespace_priv_string(text *priv_type_text)
4246 : {
4247 : static const priv_map tablespace_priv_map[] = {
4248 : {"CREATE", ACL_CREATE},
4249 : {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4250 : {NULL, 0}
4251 : };
4252 :
4253 0 : return convert_any_priv_string(priv_type_text, tablespace_priv_map);
4254 : }
4255 :
4256 : /*
4257 : * has_type_privilege variants
4258 : * These are all named "has_type_privilege" at the SQL level.
4259 : * They take various combinations of type name, type OID,
4260 : * user name, user OID, or implicit user = current_user.
4261 : *
4262 : * The result is a boolean value: true if user has the indicated
4263 : * privilege, false if not, or NULL if object doesn't exist.
4264 : */
4265 :
4266 : /*
4267 : * has_type_privilege_name_name
4268 : * Check user privileges on a type given
4269 : * name username, text typename, and text priv name.
4270 : */
4271 : Datum
4272 12 : has_type_privilege_name_name(PG_FUNCTION_ARGS)
4273 : {
4274 12 : Name username = PG_GETARG_NAME(0);
4275 12 : text *typename = PG_GETARG_TEXT_PP(1);
4276 12 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4277 : Oid roleid;
4278 : Oid typeoid;
4279 : AclMode mode;
4280 : AclResult aclresult;
4281 :
4282 12 : roleid = get_role_oid_or_public(NameStr(*username));
4283 12 : typeoid = convert_type_name(typename);
4284 12 : mode = convert_type_priv_string(priv_type_text);
4285 :
4286 12 : aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4287 :
4288 12 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4289 : }
4290 :
4291 : /*
4292 : * has_type_privilege_name
4293 : * Check user privileges on a type given
4294 : * text typename and text priv name.
4295 : * current_user is assumed
4296 : */
4297 : Datum
4298 0 : has_type_privilege_name(PG_FUNCTION_ARGS)
4299 : {
4300 0 : text *typename = PG_GETARG_TEXT_PP(0);
4301 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
4302 : Oid roleid;
4303 : Oid typeoid;
4304 : AclMode mode;
4305 : AclResult aclresult;
4306 :
4307 0 : roleid = GetUserId();
4308 0 : typeoid = convert_type_name(typename);
4309 0 : mode = convert_type_priv_string(priv_type_text);
4310 :
4311 0 : aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4312 :
4313 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4314 : }
4315 :
4316 : /*
4317 : * has_type_privilege_name_id
4318 : * Check user privileges on a type given
4319 : * name usename, type oid, and text priv name.
4320 : */
4321 : Datum
4322 0 : has_type_privilege_name_id(PG_FUNCTION_ARGS)
4323 : {
4324 0 : Name username = PG_GETARG_NAME(0);
4325 0 : Oid typeoid = PG_GETARG_OID(1);
4326 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4327 : Oid roleid;
4328 : AclMode mode;
4329 : AclResult aclresult;
4330 :
4331 0 : roleid = get_role_oid_or_public(NameStr(*username));
4332 0 : mode = convert_type_priv_string(priv_type_text);
4333 :
4334 0 : if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
4335 0 : PG_RETURN_NULL();
4336 :
4337 0 : aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4338 :
4339 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4340 : }
4341 :
4342 : /*
4343 : * has_type_privilege_id
4344 : * Check user privileges on a type given
4345 : * type oid, and text priv name.
4346 : * current_user is assumed
4347 : */
4348 : Datum
4349 0 : has_type_privilege_id(PG_FUNCTION_ARGS)
4350 : {
4351 0 : Oid typeoid = PG_GETARG_OID(0);
4352 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
4353 : Oid roleid;
4354 : AclMode mode;
4355 : AclResult aclresult;
4356 :
4357 0 : roleid = GetUserId();
4358 0 : mode = convert_type_priv_string(priv_type_text);
4359 :
4360 0 : if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
4361 0 : PG_RETURN_NULL();
4362 :
4363 0 : aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4364 :
4365 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4366 : }
4367 :
4368 : /*
4369 : * has_type_privilege_id_name
4370 : * Check user privileges on a type given
4371 : * roleid, text typename, and text priv name.
4372 : */
4373 : Datum
4374 0 : has_type_privilege_id_name(PG_FUNCTION_ARGS)
4375 : {
4376 0 : Oid roleid = PG_GETARG_OID(0);
4377 0 : text *typename = PG_GETARG_TEXT_PP(1);
4378 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4379 : Oid typeoid;
4380 : AclMode mode;
4381 : AclResult aclresult;
4382 :
4383 0 : typeoid = convert_type_name(typename);
4384 0 : mode = convert_type_priv_string(priv_type_text);
4385 :
4386 0 : aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4387 :
4388 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4389 : }
4390 :
4391 : /*
4392 : * has_type_privilege_id_id
4393 : * Check user privileges on a type given
4394 : * roleid, type oid, and text priv name.
4395 : */
4396 : Datum
4397 0 : has_type_privilege_id_id(PG_FUNCTION_ARGS)
4398 : {
4399 0 : Oid roleid = PG_GETARG_OID(0);
4400 0 : Oid typeoid = PG_GETARG_OID(1);
4401 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4402 : AclMode mode;
4403 : AclResult aclresult;
4404 :
4405 0 : mode = convert_type_priv_string(priv_type_text);
4406 :
4407 0 : if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
4408 0 : PG_RETURN_NULL();
4409 :
4410 0 : aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4411 :
4412 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4413 : }
4414 :
4415 : /*
4416 : * Support routines for has_type_privilege family.
4417 : */
4418 :
4419 : /*
4420 : * Given a type name expressed as a string, look it up and return Oid
4421 : */
4422 : static Oid
4423 12 : convert_type_name(text *typename)
4424 : {
4425 12 : char *typname = text_to_cstring(typename);
4426 : Oid oid;
4427 :
4428 12 : oid = DatumGetObjectId(DirectFunctionCall1(regtypein,
4429 : CStringGetDatum(typname)));
4430 :
4431 12 : if (!OidIsValid(oid))
4432 0 : ereport(ERROR,
4433 : (errcode(ERRCODE_UNDEFINED_OBJECT),
4434 : errmsg("type \"%s\" does not exist", typname)));
4435 :
4436 12 : return oid;
4437 : }
4438 :
4439 : /*
4440 : * convert_type_priv_string
4441 : * Convert text string to AclMode value.
4442 : */
4443 : static AclMode
4444 12 : convert_type_priv_string(text *priv_type_text)
4445 : {
4446 : static const priv_map type_priv_map[] = {
4447 : {"USAGE", ACL_USAGE},
4448 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
4449 : {NULL, 0}
4450 : };
4451 :
4452 12 : return convert_any_priv_string(priv_type_text, type_priv_map);
4453 : }
4454 :
4455 : /*
4456 : * has_parameter_privilege variants
4457 : * These are all named "has_parameter_privilege" at the SQL level.
4458 : * They take various combinations of parameter name with
4459 : * user name, user OID, or implicit user = current_user.
4460 : *
4461 : * The result is a boolean value: true if user has been granted
4462 : * the indicated privilege or false if not.
4463 : */
4464 :
4465 : /*
4466 : * has_param_priv_byname
4467 : *
4468 : * Helper function to check user privileges on a parameter given the
4469 : * role by Oid, parameter by text name, and privileges as AclMode.
4470 : */
4471 : static bool
4472 74 : has_param_priv_byname(Oid roleid, const text *parameter, AclMode priv)
4473 : {
4474 74 : char *paramstr = text_to_cstring(parameter);
4475 :
4476 74 : return pg_parameter_aclcheck(paramstr, roleid, priv) == ACLCHECK_OK;
4477 : }
4478 :
4479 : /*
4480 : * has_parameter_privilege_name_name
4481 : * Check user privileges on a parameter given name username, text
4482 : * parameter, and text priv name.
4483 : */
4484 : Datum
4485 84 : has_parameter_privilege_name_name(PG_FUNCTION_ARGS)
4486 : {
4487 84 : Name username = PG_GETARG_NAME(0);
4488 84 : text *parameter = PG_GETARG_TEXT_PP(1);
4489 84 : AclMode priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(2));
4490 70 : Oid roleid = get_role_oid_or_public(NameStr(*username));
4491 :
4492 70 : PG_RETURN_BOOL(has_param_priv_byname(roleid, parameter, priv));
4493 : }
4494 :
4495 : /*
4496 : * has_parameter_privilege_name
4497 : * Check user privileges on a parameter given text parameter and text priv
4498 : * name. current_user is assumed
4499 : */
4500 : Datum
4501 2 : has_parameter_privilege_name(PG_FUNCTION_ARGS)
4502 : {
4503 2 : text *parameter = PG_GETARG_TEXT_PP(0);
4504 2 : AclMode priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(1));
4505 :
4506 2 : PG_RETURN_BOOL(has_param_priv_byname(GetUserId(), parameter, priv));
4507 : }
4508 :
4509 : /*
4510 : * has_parameter_privilege_id_name
4511 : * Check user privileges on a parameter given roleid, text parameter, and
4512 : * text priv name.
4513 : */
4514 : Datum
4515 2 : has_parameter_privilege_id_name(PG_FUNCTION_ARGS)
4516 : {
4517 2 : Oid roleid = PG_GETARG_OID(0);
4518 2 : text *parameter = PG_GETARG_TEXT_PP(1);
4519 2 : AclMode priv = convert_parameter_priv_string(PG_GETARG_TEXT_PP(2));
4520 :
4521 2 : PG_RETURN_BOOL(has_param_priv_byname(roleid, parameter, priv));
4522 : }
4523 :
4524 : /*
4525 : * Support routines for has_parameter_privilege family.
4526 : */
4527 :
4528 : /*
4529 : * convert_parameter_priv_string
4530 : * Convert text string to AclMode value.
4531 : */
4532 : static AclMode
4533 88 : convert_parameter_priv_string(text *priv_text)
4534 : {
4535 : static const priv_map parameter_priv_map[] = {
4536 : {"SET", ACL_SET},
4537 : {"SET WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SET)},
4538 : {"ALTER SYSTEM", ACL_ALTER_SYSTEM},
4539 : {"ALTER SYSTEM WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_ALTER_SYSTEM)},
4540 : {NULL, 0}
4541 : };
4542 :
4543 88 : return convert_any_priv_string(priv_text, parameter_priv_map);
4544 : }
4545 :
4546 : /*
4547 : * pg_has_role variants
4548 : * These are all named "pg_has_role" at the SQL level.
4549 : * They take various combinations of role name, role OID,
4550 : * user name, user OID, or implicit user = current_user.
4551 : *
4552 : * The result is a boolean value: true if user has the indicated
4553 : * privilege, false if not.
4554 : */
4555 :
4556 : /*
4557 : * pg_has_role_name_name
4558 : * Check user privileges on a role given
4559 : * name username, name rolename, and text priv name.
4560 : */
4561 : Datum
4562 36 : pg_has_role_name_name(PG_FUNCTION_ARGS)
4563 : {
4564 36 : Name username = PG_GETARG_NAME(0);
4565 36 : Name rolename = PG_GETARG_NAME(1);
4566 36 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4567 : Oid roleid;
4568 : Oid roleoid;
4569 : AclMode mode;
4570 : AclResult aclresult;
4571 :
4572 36 : roleid = get_role_oid(NameStr(*username), false);
4573 36 : roleoid = get_role_oid(NameStr(*rolename), false);
4574 36 : mode = convert_role_priv_string(priv_type_text);
4575 :
4576 36 : aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4577 :
4578 36 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4579 : }
4580 :
4581 : /*
4582 : * pg_has_role_name
4583 : * Check user privileges on a role given
4584 : * name rolename and text priv name.
4585 : * current_user is assumed
4586 : */
4587 : Datum
4588 18 : pg_has_role_name(PG_FUNCTION_ARGS)
4589 : {
4590 18 : Name rolename = PG_GETARG_NAME(0);
4591 18 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
4592 : Oid roleid;
4593 : Oid roleoid;
4594 : AclMode mode;
4595 : AclResult aclresult;
4596 :
4597 18 : roleid = GetUserId();
4598 18 : roleoid = get_role_oid(NameStr(*rolename), false);
4599 18 : mode = convert_role_priv_string(priv_type_text);
4600 :
4601 18 : aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4602 :
4603 18 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4604 : }
4605 :
4606 : /*
4607 : * pg_has_role_name_id
4608 : * Check user privileges on a role given
4609 : * name usename, role oid, and text priv name.
4610 : */
4611 : Datum
4612 0 : pg_has_role_name_id(PG_FUNCTION_ARGS)
4613 : {
4614 0 : Name username = PG_GETARG_NAME(0);
4615 0 : Oid roleoid = PG_GETARG_OID(1);
4616 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4617 : Oid roleid;
4618 : AclMode mode;
4619 : AclResult aclresult;
4620 :
4621 0 : roleid = get_role_oid(NameStr(*username), false);
4622 0 : mode = convert_role_priv_string(priv_type_text);
4623 :
4624 0 : aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4625 :
4626 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4627 : }
4628 :
4629 : /*
4630 : * pg_has_role_id
4631 : * Check user privileges on a role given
4632 : * role oid, and text priv name.
4633 : * current_user is assumed
4634 : */
4635 : Datum
4636 92394 : pg_has_role_id(PG_FUNCTION_ARGS)
4637 : {
4638 92394 : Oid roleoid = PG_GETARG_OID(0);
4639 92394 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
4640 : Oid roleid;
4641 : AclMode mode;
4642 : AclResult aclresult;
4643 :
4644 92394 : roleid = GetUserId();
4645 92394 : mode = convert_role_priv_string(priv_type_text);
4646 :
4647 92394 : aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4648 :
4649 92394 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4650 : }
4651 :
4652 : /*
4653 : * pg_has_role_id_name
4654 : * Check user privileges on a role given
4655 : * roleid, name rolename, and text priv name.
4656 : */
4657 : Datum
4658 0 : pg_has_role_id_name(PG_FUNCTION_ARGS)
4659 : {
4660 0 : Oid roleid = PG_GETARG_OID(0);
4661 0 : Name rolename = PG_GETARG_NAME(1);
4662 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4663 : Oid roleoid;
4664 : AclMode mode;
4665 : AclResult aclresult;
4666 :
4667 0 : roleoid = get_role_oid(NameStr(*rolename), false);
4668 0 : mode = convert_role_priv_string(priv_type_text);
4669 :
4670 0 : aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4671 :
4672 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4673 : }
4674 :
4675 : /*
4676 : * pg_has_role_id_id
4677 : * Check user privileges on a role given
4678 : * roleid, role oid, and text priv name.
4679 : */
4680 : Datum
4681 84 : pg_has_role_id_id(PG_FUNCTION_ARGS)
4682 : {
4683 84 : Oid roleid = PG_GETARG_OID(0);
4684 84 : Oid roleoid = PG_GETARG_OID(1);
4685 84 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4686 : AclMode mode;
4687 : AclResult aclresult;
4688 :
4689 84 : mode = convert_role_priv_string(priv_type_text);
4690 :
4691 84 : aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4692 :
4693 84 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4694 : }
4695 :
4696 : /*
4697 : * Support routines for pg_has_role family.
4698 : */
4699 :
4700 : /*
4701 : * convert_role_priv_string
4702 : * Convert text string to AclMode value.
4703 : *
4704 : * We use USAGE to denote whether the privileges of the role are accessible
4705 : * (has_privs), MEMBER to denote is_member, and MEMBER WITH GRANT OPTION
4706 : * (or ADMIN OPTION) to denote is_admin. There is no ACL bit corresponding
4707 : * to MEMBER so we cheat and use ACL_CREATE for that. This convention
4708 : * is shared only with pg_role_aclcheck, below.
4709 : */
4710 : static AclMode
4711 92532 : convert_role_priv_string(text *priv_type_text)
4712 : {
4713 : static const priv_map role_priv_map[] = {
4714 : {"USAGE", ACL_USAGE},
4715 : {"MEMBER", ACL_CREATE},
4716 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4717 : {"USAGE WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4718 : {"MEMBER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4719 : {"MEMBER WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4720 : {NULL, 0}
4721 : };
4722 :
4723 92532 : return convert_any_priv_string(priv_type_text, role_priv_map);
4724 : }
4725 :
4726 : /*
4727 : * pg_role_aclcheck
4728 : * Quick-and-dirty support for pg_has_role
4729 : */
4730 : static AclResult
4731 92532 : pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode)
4732 : {
4733 92532 : if (mode & ACL_GRANT_OPTION_FOR(ACL_CREATE))
4734 : {
4735 12 : if (is_admin_of_role(roleid, role_oid))
4736 0 : return ACLCHECK_OK;
4737 : }
4738 92532 : if (mode & ACL_CREATE)
4739 : {
4740 12 : if (is_member_of_role(roleid, role_oid))
4741 6 : return ACLCHECK_OK;
4742 : }
4743 92526 : if (mode & ACL_USAGE)
4744 : {
4745 92508 : if (has_privs_of_role(roleid, role_oid))
4746 91692 : return ACLCHECK_OK;
4747 : }
4748 834 : return ACLCHECK_NO_PRIV;
4749 : }
4750 :
4751 :
4752 : /*
4753 : * initialization function (called by InitPostgres)
4754 : */
4755 : void
4756 18478 : initialize_acl(void)
4757 : {
4758 18478 : if (!IsBootstrapProcessingMode())
4759 : {
4760 17946 : cached_db_hash =
4761 17946 : GetSysCacheHashValue1(DATABASEOID,
4762 : ObjectIdGetDatum(MyDatabaseId));
4763 :
4764 : /*
4765 : * In normal mode, set a callback on any syscache invalidation of rows
4766 : * of pg_auth_members (for roles_is_member_of()), pg_authid (for
4767 : * has_rolinherit()), or pg_database (for roles_is_member_of())
4768 : */
4769 17946 : CacheRegisterSyscacheCallback(AUTHMEMROLEMEM,
4770 : RoleMembershipCacheCallback,
4771 : (Datum) 0);
4772 17946 : CacheRegisterSyscacheCallback(AUTHOID,
4773 : RoleMembershipCacheCallback,
4774 : (Datum) 0);
4775 17946 : CacheRegisterSyscacheCallback(DATABASEOID,
4776 : RoleMembershipCacheCallback,
4777 : (Datum) 0);
4778 : }
4779 18478 : }
4780 :
4781 : /*
4782 : * RoleMembershipCacheCallback
4783 : * Syscache inval callback function
4784 : */
4785 : static void
4786 37856 : RoleMembershipCacheCallback(Datum arg, int cacheid, uint32 hashvalue)
4787 : {
4788 37856 : if (cacheid == DATABASEOID &&
4789 10386 : hashvalue != cached_db_hash &&
4790 : hashvalue != 0)
4791 : {
4792 4380 : return; /* ignore pg_database changes for other DBs */
4793 : }
4794 :
4795 : /* Force membership caches to be recomputed on next use */
4796 33476 : cached_role[ROLERECURSE_PRIVS] = InvalidOid;
4797 33476 : cached_role[ROLERECURSE_MEMBERS] = InvalidOid;
4798 : }
4799 :
4800 :
4801 : /* Check if specified role has rolinherit set */
4802 : static bool
4803 2398 : has_rolinherit(Oid roleid)
4804 : {
4805 2398 : bool result = false;
4806 : HeapTuple utup;
4807 :
4808 2398 : utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
4809 2398 : if (HeapTupleIsValid(utup))
4810 : {
4811 2398 : result = ((Form_pg_authid) GETSTRUCT(utup))->rolinherit;
4812 2398 : ReleaseSysCache(utup);
4813 : }
4814 2398 : return result;
4815 : }
4816 :
4817 :
4818 : /*
4819 : * Get a list of roles that the specified roleid is a member of
4820 : *
4821 : * Type ROLERECURSE_PRIVS recurses only through roles that have rolinherit
4822 : * set, while ROLERECURSE_MEMBERS recurses through all roles. This sets
4823 : * *is_admin==true if and only if role "roleid" has an ADMIN OPTION membership
4824 : * in role "admin_of".
4825 : *
4826 : * Since indirect membership testing is relatively expensive, we cache
4827 : * a list of memberships. Hence, the result is only guaranteed good until
4828 : * the next call of roles_is_member_of()!
4829 : *
4830 : * For the benefit of select_best_grantor, the result is defined to be
4831 : * in breadth-first order, ie, closer relationships earlier.
4832 : */
4833 : static List *
4834 30866 : roles_is_member_of(Oid roleid, enum RoleRecurseType type,
4835 : Oid admin_of, bool *is_admin)
4836 : {
4837 : Oid dba;
4838 : List *roles_list;
4839 : ListCell *l;
4840 : List *new_cached_roles;
4841 : MemoryContext oldctx;
4842 :
4843 : Assert(OidIsValid(admin_of) == PointerIsValid(is_admin));
4844 :
4845 : /* If cache is valid and ADMIN OPTION not sought, just return the list */
4846 30866 : if (cached_role[type] == roleid && !OidIsValid(admin_of) &&
4847 27058 : OidIsValid(cached_role[type]))
4848 27058 : return cached_roles[type];
4849 :
4850 : /*
4851 : * Role expansion happens in a non-database backend when guc.c checks
4852 : * ROLE_PG_READ_ALL_SETTINGS for a physical walsender SHOW command. In
4853 : * that case, no role gets pg_database_owner.
4854 : */
4855 3808 : if (!OidIsValid(MyDatabaseId))
4856 12 : dba = InvalidOid;
4857 : else
4858 : {
4859 : HeapTuple dbtup;
4860 :
4861 3796 : dbtup = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(MyDatabaseId));
4862 3796 : if (!HeapTupleIsValid(dbtup))
4863 0 : elog(ERROR, "cache lookup failed for database %u", MyDatabaseId);
4864 3796 : dba = ((Form_pg_database) GETSTRUCT(dbtup))->datdba;
4865 3796 : ReleaseSysCache(dbtup);
4866 : }
4867 :
4868 : /*
4869 : * Find all the roles that roleid is a member of, including multi-level
4870 : * recursion. The role itself will always be the first element of the
4871 : * resulting list.
4872 : *
4873 : * Each element of the list is scanned to see if it adds any indirect
4874 : * memberships. We can use a single list as both the record of
4875 : * already-found memberships and the agenda of roles yet to be scanned.
4876 : * This is a bit tricky but works because the foreach() macro doesn't
4877 : * fetch the next list element until the bottom of the loop.
4878 : */
4879 3808 : roles_list = list_make1_oid(roleid);
4880 :
4881 8646 : foreach(l, roles_list)
4882 : {
4883 4838 : Oid memberid = lfirst_oid(l);
4884 : CatCList *memlist;
4885 : int i;
4886 :
4887 4838 : if (type == ROLERECURSE_PRIVS && !has_rolinherit(memberid))
4888 6 : continue; /* ignore non-inheriting roles */
4889 :
4890 : /* Find roles that memberid is directly a member of */
4891 4832 : memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
4892 : ObjectIdGetDatum(memberid));
4893 5844 : for (i = 0; i < memlist->n_members; i++)
4894 : {
4895 1012 : HeapTuple tup = &memlist->members[i]->tuple;
4896 1012 : Oid otherid = ((Form_pg_auth_members) GETSTRUCT(tup))->roleid;
4897 :
4898 : /*
4899 : * While otherid==InvalidOid shouldn't appear in the catalog, the
4900 : * OidIsValid() avoids crashing if that arises.
4901 : */
4902 1012 : if (otherid == admin_of &&
4903 54 : ((Form_pg_auth_members) GETSTRUCT(tup))->admin_option &&
4904 : OidIsValid(admin_of))
4905 48 : *is_admin = true;
4906 :
4907 : /*
4908 : * Even though there shouldn't be any loops in the membership
4909 : * graph, we must test for having already seen this role. It is
4910 : * legal for instance to have both A->B and A->C->B.
4911 : */
4912 1012 : roles_list = list_append_unique_oid(roles_list, otherid);
4913 : }
4914 4832 : ReleaseSysCacheList(memlist);
4915 :
4916 : /* implement pg_database_owner implicit membership */
4917 4832 : if (memberid == dba && OidIsValid(dba))
4918 18 : roles_list = list_append_unique_oid(roles_list,
4919 : ROLE_PG_DATABASE_OWNER);
4920 : }
4921 :
4922 : /*
4923 : * Copy the completed list into TopMemoryContext so it will persist.
4924 : */
4925 3808 : oldctx = MemoryContextSwitchTo(TopMemoryContext);
4926 3808 : new_cached_roles = list_copy(roles_list);
4927 3808 : MemoryContextSwitchTo(oldctx);
4928 3808 : list_free(roles_list);
4929 :
4930 : /*
4931 : * Now safe to assign to state variable
4932 : */
4933 3808 : cached_role[type] = InvalidOid; /* just paranoia */
4934 3808 : list_free(cached_roles[type]);
4935 3808 : cached_roles[type] = new_cached_roles;
4936 3808 : cached_role[type] = roleid;
4937 :
4938 : /* And now we can return the answer */
4939 3808 : return cached_roles[type];
4940 : }
4941 :
4942 :
4943 : /*
4944 : * Does member have the privileges of role (directly or indirectly)?
4945 : *
4946 : * This is defined not to recurse through roles that don't have rolinherit
4947 : * set; for such roles, membership implies the ability to do SET ROLE, but
4948 : * the privileges are not available until you've done so.
4949 : */
4950 : bool
4951 251588 : has_privs_of_role(Oid member, Oid role)
4952 : {
4953 : /* Fast path for simple case */
4954 251588 : if (member == role)
4955 95588 : return true;
4956 :
4957 : /* Superusers have every privilege, so are part of every role */
4958 156000 : if (superuser_arg(member))
4959 127618 : return true;
4960 :
4961 : /*
4962 : * Find all the roles that member has the privileges of, including
4963 : * multi-level recursion, then see if target role is any one of them.
4964 : */
4965 28382 : return list_member_oid(roles_is_member_of(member, ROLERECURSE_PRIVS,
4966 : InvalidOid, NULL),
4967 : role);
4968 : }
4969 :
4970 :
4971 : /*
4972 : * Is member a member of role (directly or indirectly)?
4973 : *
4974 : * This is defined to recurse through roles regardless of rolinherit.
4975 : *
4976 : * Do not use this for privilege checking, instead use has_privs_of_role()
4977 : */
4978 : bool
4979 3664 : is_member_of_role(Oid member, Oid role)
4980 : {
4981 : /* Fast path for simple case */
4982 3664 : if (member == role)
4983 2572 : return true;
4984 :
4985 : /* Superusers have every privilege, so are part of every role */
4986 1092 : if (superuser_arg(member))
4987 846 : return true;
4988 :
4989 : /*
4990 : * Find all the roles that member is a member of, including multi-level
4991 : * recursion, then see if target role is any one of them.
4992 : */
4993 246 : return list_member_oid(roles_is_member_of(member, ROLERECURSE_MEMBERS,
4994 : InvalidOid, NULL),
4995 : role);
4996 : }
4997 :
4998 : /*
4999 : * check_is_member_of_role
5000 : * is_member_of_role with a standard permission-violation error if not
5001 : */
5002 : void
5003 2896 : check_is_member_of_role(Oid member, Oid role)
5004 : {
5005 2896 : if (!is_member_of_role(member, role))
5006 120 : ereport(ERROR,
5007 : (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
5008 : errmsg("must be member of role \"%s\"",
5009 : GetUserNameFromId(role, false))));
5010 2776 : }
5011 :
5012 : /*
5013 : * Is member a member of role, not considering superuserness?
5014 : *
5015 : * This is identical to is_member_of_role except we ignore superuser
5016 : * status.
5017 : *
5018 : * Do not use this for privilege checking, instead use has_privs_of_role()
5019 : */
5020 : bool
5021 1920 : is_member_of_role_nosuper(Oid member, Oid role)
5022 : {
5023 : /* Fast path for simple case */
5024 1920 : if (member == role)
5025 12 : return true;
5026 :
5027 : /*
5028 : * Find all the roles that member is a member of, including multi-level
5029 : * recursion, then see if target role is any one of them.
5030 : */
5031 1908 : return list_member_oid(roles_is_member_of(member, ROLERECURSE_MEMBERS,
5032 : InvalidOid, NULL),
5033 : role);
5034 : }
5035 :
5036 :
5037 : /*
5038 : * Is member an admin of role? That is, is member the role itself (subject to
5039 : * restrictions below), a member (directly or indirectly) WITH ADMIN OPTION,
5040 : * or a superuser?
5041 : */
5042 : bool
5043 144 : is_admin_of_role(Oid member, Oid role)
5044 : {
5045 144 : bool result = false;
5046 :
5047 144 : if (superuser_arg(member))
5048 0 : return true;
5049 :
5050 : /* By policy, a role cannot have WITH ADMIN OPTION on itself. */
5051 144 : if (member == role)
5052 18 : return false;
5053 :
5054 126 : (void) roles_is_member_of(member, ROLERECURSE_MEMBERS, role, &result);
5055 126 : return result;
5056 : }
5057 :
5058 :
5059 : /* does what it says ... */
5060 : static int
5061 0 : count_one_bits(AclMode mask)
5062 : {
5063 0 : int nbits = 0;
5064 :
5065 : /* this code relies on AclMode being an unsigned type */
5066 0 : while (mask)
5067 : {
5068 0 : if (mask & 1)
5069 0 : nbits++;
5070 0 : mask >>= 1;
5071 : }
5072 0 : return nbits;
5073 : }
5074 :
5075 :
5076 : /*
5077 : * Select the effective grantor ID for a GRANT or REVOKE operation.
5078 : *
5079 : * The grantor must always be either the object owner or some role that has
5080 : * been explicitly granted grant options. This ensures that all granted
5081 : * privileges appear to flow from the object owner, and there are never
5082 : * multiple "original sources" of a privilege. Therefore, if the would-be
5083 : * grantor is a member of a role that has the needed grant options, we have
5084 : * to do the grant as that role instead.
5085 : *
5086 : * It is possible that the would-be grantor is a member of several roles
5087 : * that have different subsets of the desired grant options, but no one
5088 : * role has 'em all. In this case we pick a role with the largest number
5089 : * of desired options. Ties are broken in favor of closer ancestors.
5090 : *
5091 : * roleId: the role attempting to do the GRANT/REVOKE
5092 : * privileges: the privileges to be granted/revoked
5093 : * acl: the ACL of the object in question
5094 : * ownerId: the role owning the object in question
5095 : * *grantorId: receives the OID of the role to do the grant as
5096 : * *grantOptions: receives the grant options actually held by grantorId
5097 : *
5098 : * If no grant options exist, we set grantorId to roleId, grantOptions to 0.
5099 : */
5100 : void
5101 177294 : select_best_grantor(Oid roleId, AclMode privileges,
5102 : const Acl *acl, Oid ownerId,
5103 : Oid *grantorId, AclMode *grantOptions)
5104 : {
5105 177294 : AclMode needed_goptions = ACL_GRANT_OPTION_FOR(privileges);
5106 : List *roles_list;
5107 : int nrights;
5108 : ListCell *l;
5109 :
5110 : /*
5111 : * The object owner is always treated as having all grant options, so if
5112 : * roleId is the owner it's easy. Also, if roleId is a superuser it's
5113 : * easy: superusers are implicitly members of every role, so they act as
5114 : * the object owner.
5115 : */
5116 177294 : if (roleId == ownerId || superuser_arg(roleId))
5117 : {
5118 177090 : *grantorId = ownerId;
5119 177090 : *grantOptions = needed_goptions;
5120 177090 : return;
5121 : }
5122 :
5123 : /*
5124 : * Otherwise we have to do a careful search to see if roleId has the
5125 : * privileges of any suitable role. Note: we can hang onto the result of
5126 : * roles_is_member_of() throughout this loop, because aclmask_direct()
5127 : * doesn't query any role memberships.
5128 : */
5129 204 : roles_list = roles_is_member_of(roleId, ROLERECURSE_PRIVS,
5130 : InvalidOid, NULL);
5131 :
5132 : /* initialize candidate result as default */
5133 204 : *grantorId = roleId;
5134 204 : *grantOptions = ACL_NO_RIGHTS;
5135 204 : nrights = 0;
5136 :
5137 282 : foreach(l, roles_list)
5138 : {
5139 216 : Oid otherrole = lfirst_oid(l);
5140 : AclMode otherprivs;
5141 :
5142 216 : otherprivs = aclmask_direct(acl, otherrole, ownerId,
5143 : needed_goptions, ACLMASK_ALL);
5144 216 : if (otherprivs == needed_goptions)
5145 : {
5146 : /* Found a suitable grantor */
5147 138 : *grantorId = otherrole;
5148 138 : *grantOptions = otherprivs;
5149 138 : return;
5150 : }
5151 :
5152 : /*
5153 : * If it has just some of the needed privileges, remember best
5154 : * candidate.
5155 : */
5156 78 : if (otherprivs != ACL_NO_RIGHTS)
5157 : {
5158 0 : int nnewrights = count_one_bits(otherprivs);
5159 :
5160 0 : if (nnewrights > nrights)
5161 : {
5162 0 : *grantorId = otherrole;
5163 0 : *grantOptions = otherprivs;
5164 0 : nrights = nnewrights;
5165 : }
5166 : }
5167 : }
5168 : }
5169 :
5170 : /*
5171 : * get_role_oid - Given a role name, look up the role's OID.
5172 : *
5173 : * If missing_ok is false, throw an error if role name not found. If
5174 : * true, just return InvalidOid.
5175 : */
5176 : Oid
5177 34362 : get_role_oid(const char *rolname, bool missing_ok)
5178 : {
5179 : Oid oid;
5180 :
5181 34362 : oid = GetSysCacheOid1(AUTHNAME, Anum_pg_authid_oid,
5182 : CStringGetDatum(rolname));
5183 34362 : if (!OidIsValid(oid) && !missing_ok)
5184 76 : ereport(ERROR,
5185 : (errcode(ERRCODE_UNDEFINED_OBJECT),
5186 : errmsg("role \"%s\" does not exist", rolname)));
5187 34286 : return oid;
5188 : }
5189 :
5190 : /*
5191 : * get_role_oid_or_public - As above, but return ACL_ID_PUBLIC if the
5192 : * role name is "public".
5193 : */
5194 : Oid
5195 556 : get_role_oid_or_public(const char *rolname)
5196 : {
5197 556 : if (strcmp(rolname, "public") == 0)
5198 0 : return ACL_ID_PUBLIC;
5199 :
5200 556 : return get_role_oid(rolname, false);
5201 : }
5202 :
5203 : /*
5204 : * Given a RoleSpec node, return the OID it corresponds to. If missing_ok is
5205 : * true, return InvalidOid if the role does not exist.
5206 : *
5207 : * PUBLIC is always disallowed here. Routines wanting to handle the PUBLIC
5208 : * case must check the case separately.
5209 : */
5210 : Oid
5211 15084 : get_rolespec_oid(const RoleSpec *role, bool missing_ok)
5212 : {
5213 : Oid oid;
5214 :
5215 15084 : switch (role->roletype)
5216 : {
5217 14784 : case ROLESPEC_CSTRING:
5218 : Assert(role->rolename);
5219 14784 : oid = get_role_oid(role->rolename, missing_ok);
5220 14746 : break;
5221 :
5222 262 : case ROLESPEC_CURRENT_ROLE:
5223 : case ROLESPEC_CURRENT_USER:
5224 262 : oid = GetUserId();
5225 262 : break;
5226 :
5227 22 : case ROLESPEC_SESSION_USER:
5228 22 : oid = GetSessionUserId();
5229 22 : break;
5230 :
5231 16 : case ROLESPEC_PUBLIC:
5232 16 : ereport(ERROR,
5233 : (errcode(ERRCODE_UNDEFINED_OBJECT),
5234 : errmsg("role \"%s\" does not exist", "public")));
5235 : oid = InvalidOid; /* make compiler happy */
5236 : break;
5237 :
5238 0 : default:
5239 0 : elog(ERROR, "unexpected role type %d", role->roletype);
5240 : }
5241 :
5242 15030 : return oid;
5243 : }
5244 :
5245 : /*
5246 : * Given a RoleSpec node, return the pg_authid HeapTuple it corresponds to.
5247 : * Caller must ReleaseSysCache when done with the result tuple.
5248 : */
5249 : HeapTuple
5250 486 : get_rolespec_tuple(const RoleSpec *role)
5251 : {
5252 : HeapTuple tuple;
5253 :
5254 486 : switch (role->roletype)
5255 : {
5256 434 : case ROLESPEC_CSTRING:
5257 : Assert(role->rolename);
5258 434 : tuple = SearchSysCache1(AUTHNAME, CStringGetDatum(role->rolename));
5259 434 : if (!HeapTupleIsValid(tuple))
5260 12 : ereport(ERROR,
5261 : (errcode(ERRCODE_UNDEFINED_OBJECT),
5262 : errmsg("role \"%s\" does not exist", role->rolename)));
5263 422 : break;
5264 :
5265 28 : case ROLESPEC_CURRENT_ROLE:
5266 : case ROLESPEC_CURRENT_USER:
5267 28 : tuple = SearchSysCache1(AUTHOID, GetUserId());
5268 28 : if (!HeapTupleIsValid(tuple))
5269 0 : elog(ERROR, "cache lookup failed for role %u", GetUserId());
5270 28 : break;
5271 :
5272 12 : case ROLESPEC_SESSION_USER:
5273 12 : tuple = SearchSysCache1(AUTHOID, GetSessionUserId());
5274 12 : if (!HeapTupleIsValid(tuple))
5275 0 : elog(ERROR, "cache lookup failed for role %u", GetSessionUserId());
5276 12 : break;
5277 :
5278 12 : case ROLESPEC_PUBLIC:
5279 12 : ereport(ERROR,
5280 : (errcode(ERRCODE_UNDEFINED_OBJECT),
5281 : errmsg("role \"%s\" does not exist", "public")));
5282 : tuple = NULL; /* make compiler happy */
5283 : break;
5284 :
5285 0 : default:
5286 0 : elog(ERROR, "unexpected role type %d", role->roletype);
5287 : }
5288 :
5289 462 : return tuple;
5290 : }
5291 :
5292 : /*
5293 : * Given a RoleSpec, returns a palloc'ed copy of the corresponding role's name.
5294 : */
5295 : char *
5296 30 : get_rolespec_name(const RoleSpec *role)
5297 : {
5298 : HeapTuple tp;
5299 : Form_pg_authid authForm;
5300 : char *rolename;
5301 :
5302 30 : tp = get_rolespec_tuple(role);
5303 30 : authForm = (Form_pg_authid) GETSTRUCT(tp);
5304 30 : rolename = pstrdup(NameStr(authForm->rolname));
5305 30 : ReleaseSysCache(tp);
5306 :
5307 30 : return rolename;
5308 : }
5309 :
5310 : /*
5311 : * Given a RoleSpec, throw an error if the name is reserved, using detail_msg,
5312 : * if provided.
5313 : *
5314 : * If node is NULL, no error is thrown. If detail_msg is NULL then no detail
5315 : * message is provided.
5316 : */
5317 : void
5318 374 : check_rolespec_name(const RoleSpec *role, const char *detail_msg)
5319 : {
5320 374 : if (!role)
5321 0 : return;
5322 :
5323 374 : if (role->roletype != ROLESPEC_CSTRING)
5324 52 : return;
5325 :
5326 322 : if (IsReservedName(role->rolename))
5327 : {
5328 0 : if (detail_msg)
5329 0 : ereport(ERROR,
5330 : (errcode(ERRCODE_RESERVED_NAME),
5331 : errmsg("role name \"%s\" is reserved",
5332 : role->rolename),
5333 : errdetail("%s", detail_msg)));
5334 : else
5335 0 : ereport(ERROR,
5336 : (errcode(ERRCODE_RESERVED_NAME),
5337 : errmsg("role name \"%s\" is reserved",
5338 : role->rolename)));
5339 : }
5340 : }
|
