LCOV - code coverage report
Current view: top level - src/backend/utils/adt - acl.c (source / functions) Hit Total Coverage
Test: PostgreSQL 13devel Lines: 1003 1730 58.0 %
Date: 2019-09-19 02:07:14 Functions: 96 161 59.6 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*-------------------------------------------------------------------------
       2             :  *
       3             :  * acl.c
       4             :  *    Basic access control list data structures manipulation routines.
       5             :  *
       6             :  * Portions Copyright (c) 1996-2019, PostgreSQL Global Development Group
       7             :  * Portions Copyright (c) 1994, Regents of the University of California
       8             :  *
       9             :  *
      10             :  * IDENTIFICATION
      11             :  *    src/backend/utils/adt/acl.c
      12             :  *
      13             :  *-------------------------------------------------------------------------
      14             :  */
      15             : #include "postgres.h"
      16             : 
      17             : #include <ctype.h>
      18             : 
      19             : #include "access/htup_details.h"
      20             : #include "catalog/catalog.h"
      21             : #include "catalog/namespace.h"
      22             : #include "catalog/pg_authid.h"
      23             : #include "catalog/pg_auth_members.h"
      24             : #include "catalog/pg_type.h"
      25             : #include "catalog/pg_class.h"
      26             : #include "commands/dbcommands.h"
      27             : #include "commands/proclang.h"
      28             : #include "commands/tablespace.h"
      29             : #include "foreign/foreign.h"
      30             : #include "funcapi.h"
      31             : #include "miscadmin.h"
      32             : #include "utils/acl.h"
      33             : #include "utils/array.h"
      34             : #include "utils/builtins.h"
      35             : #include "utils/catcache.h"
      36             : #include "utils/hashutils.h"
      37             : #include "utils/inval.h"
      38             : #include "utils/lsyscache.h"
      39             : #include "utils/memutils.h"
      40             : #include "utils/syscache.h"
      41             : #include "utils/varlena.h"
      42             : 
      43             : 
      44             : typedef struct
      45             : {
      46             :     const char *name;
      47             :     AclMode     value;
      48             : } priv_map;
      49             : 
      50             : /*
      51             :  * We frequently need to test whether a given role is a member of some other
      52             :  * role.  In most of these tests the "given role" is the same, namely the
      53             :  * active current user.  So we can optimize it by keeping a cached list of
      54             :  * all the roles the "given role" is a member of, directly or indirectly.
      55             :  * The cache is flushed whenever we detect a change in pg_auth_members.
      56             :  *
      57             :  * There are actually two caches, one computed under "has_privs" rules
      58             :  * (do not recurse where rolinherit isn't true) and one computed under
      59             :  * "is_member" rules (recurse regardless of rolinherit).
      60             :  *
      61             :  * Possibly this mechanism should be generalized to allow caching membership
      62             :  * info for multiple roles?
      63             :  *
      64             :  * The has_privs cache is:
      65             :  * cached_privs_role is the role OID the cache is for.
      66             :  * cached_privs_roles is an OID list of roles that cached_privs_role
      67             :  *      has the privileges of (always including itself).
      68             :  * The cache is valid if cached_privs_role is not InvalidOid.
      69             :  *
      70             :  * The is_member cache is similarly:
      71             :  * cached_member_role is the role OID the cache is for.
      72             :  * cached_membership_roles is an OID list of roles that cached_member_role
      73             :  *      is a member of (always including itself).
      74             :  * The cache is valid if cached_member_role is not InvalidOid.
      75             :  */
      76             : static Oid  cached_privs_role = InvalidOid;
      77             : static List *cached_privs_roles = NIL;
      78             : static Oid  cached_member_role = InvalidOid;
      79             : static List *cached_membership_roles = NIL;
      80             : 
      81             : 
      82             : static const char *getid(const char *s, char *n);
      83             : static void putid(char *p, const char *s);
      84             : static Acl *allocacl(int n);
      85             : static void check_acl(const Acl *acl);
      86             : static const char *aclparse(const char *s, AclItem *aip);
      87             : static bool aclitem_match(const AclItem *a1, const AclItem *a2);
      88             : static int  aclitemComparator(const void *arg1, const void *arg2);
      89             : static void check_circularity(const Acl *old_acl, const AclItem *mod_aip,
      90             :                               Oid ownerId);
      91             : static Acl *recursive_revoke(Acl *acl, Oid grantee, AclMode revoke_privs,
      92             :                              Oid ownerId, DropBehavior behavior);
      93             : 
      94             : static AclMode convert_priv_string(text *priv_type_text);
      95             : static AclMode convert_any_priv_string(text *priv_type_text,
      96             :                                        const priv_map *privileges);
      97             : 
      98             : static Oid  convert_table_name(text *tablename);
      99             : static AclMode convert_table_priv_string(text *priv_type_text);
     100             : static AclMode convert_sequence_priv_string(text *priv_type_text);
     101             : static AttrNumber convert_column_name(Oid tableoid, text *column);
     102             : static AclMode convert_column_priv_string(text *priv_type_text);
     103             : static Oid  convert_database_name(text *databasename);
     104             : static AclMode convert_database_priv_string(text *priv_type_text);
     105             : static Oid  convert_foreign_data_wrapper_name(text *fdwname);
     106             : static AclMode convert_foreign_data_wrapper_priv_string(text *priv_type_text);
     107             : static Oid  convert_function_name(text *functionname);
     108             : static AclMode convert_function_priv_string(text *priv_type_text);
     109             : static Oid  convert_language_name(text *languagename);
     110             : static AclMode convert_language_priv_string(text *priv_type_text);
     111             : static Oid  convert_schema_name(text *schemaname);
     112             : static AclMode convert_schema_priv_string(text *priv_type_text);
     113             : static Oid  convert_server_name(text *servername);
     114             : static AclMode convert_server_priv_string(text *priv_type_text);
     115             : static Oid  convert_tablespace_name(text *tablespacename);
     116             : static AclMode convert_tablespace_priv_string(text *priv_type_text);
     117             : static Oid  convert_type_name(text *typename);
     118             : static AclMode convert_type_priv_string(text *priv_type_text);
     119             : static AclMode convert_role_priv_string(text *priv_type_text);
     120             : static AclResult pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode);
     121             : 
     122             : static void RoleMembershipCacheCallback(Datum arg, int cacheid, uint32 hashvalue);
     123             : 
     124             : 
     125             : /*
     126             :  * getid
     127             :  *      Consumes the first alphanumeric string (identifier) found in string
     128             :  *      's', ignoring any leading white space.  If it finds a double quote
     129             :  *      it returns the word inside the quotes.
     130             :  *
     131             :  * RETURNS:
     132             :  *      the string position in 's' that points to the next non-space character
     133             :  *      in 's', after any quotes.  Also:
     134             :  *      - loads the identifier into 'n'.  (If no identifier is found, 'n'
     135             :  *        contains an empty string.)  'n' must be NAMEDATALEN bytes.
     136             :  */
     137             : static const char *
     138         640 : getid(const char *s, char *n)
     139             : {
     140         640 :     int         len = 0;
     141         640 :     bool        in_quotes = false;
     142             : 
     143             :     Assert(s && n);
     144             : 
     145        1280 :     while (isspace((unsigned char) *s))
     146           0 :         s++;
     147             :     /* This code had better match what putid() does, below */
     148        4480 :     for (;
     149        7360 :          *s != '\0' &&
     150        4482 :          (isalnum((unsigned char) *s) ||
     151        1922 :           *s == '_' ||
     152        1280 :           *s == '"' ||
     153             :           in_quotes);
     154        3200 :          s++)
     155             :     {
     156        3200 :         if (*s == '"')
     157             :         {
     158             :             /* safe to look at next char (could be '\0' though) */
     159         640 :             if (*(s + 1) != '"')
     160             :             {
     161         640 :                 in_quotes = !in_quotes;
     162         640 :                 continue;
     163             :             }
     164             :             /* it's an escaped double quote; skip the escaping char */
     165           0 :             s++;
     166             :         }
     167             : 
     168             :         /* Add the character to the string */
     169        2560 :         if (len >= NAMEDATALEN - 1)
     170           0 :             ereport(ERROR,
     171             :                     (errcode(ERRCODE_NAME_TOO_LONG),
     172             :                      errmsg("identifier too long"),
     173             :                      errdetail("Identifier must be less than %d characters.",
     174             :                                NAMEDATALEN)));
     175             : 
     176        2560 :         n[len++] = *s;
     177             :     }
     178         640 :     n[len] = '\0';
     179        1280 :     while (isspace((unsigned char) *s))
     180           0 :         s++;
     181         640 :     return s;
     182             : }
     183             : 
     184             : /*
     185             :  * Write a role name at *p, adding double quotes if needed.
     186             :  * There must be at least (2*NAMEDATALEN)+2 bytes available at *p.
     187             :  * This needs to be kept in sync with copyAclUserName in pg_dump/dumputils.c
     188             :  */
     189             : static void
     190       14202 : putid(char *p, const char *s)
     191             : {
     192             :     const char *src;
     193       14202 :     bool        safe = true;
     194             : 
     195      159922 :     for (src = s; *src; src++)
     196             :     {
     197             :         /* This test had better match what getid() does, above */
     198      145720 :         if (!isalnum((unsigned char) *src) && *src != '_')
     199             :         {
     200           0 :             safe = false;
     201           0 :             break;
     202             :         }
     203             :     }
     204       14202 :     if (!safe)
     205           0 :         *p++ = '"';
     206      159922 :     for (src = s; *src; src++)
     207             :     {
     208             :         /* A double quote character in a username is encoded as "" */
     209      145720 :         if (*src == '"')
     210           0 :             *p++ = '"';
     211      145720 :         *p++ = *src;
     212             :     }
     213       14202 :     if (!safe)
     214           0 :         *p++ = '"';
     215       14202 :     *p = '\0';
     216       14202 : }
     217             : 
     218             : /*
     219             :  * aclparse
     220             :  *      Consumes and parses an ACL specification of the form:
     221             :  *              [group|user] [A-Za-z0-9]*=[rwaR]*
     222             :  *      from string 's', ignoring any leading white space or white space
     223             :  *      between the optional id type keyword (group|user) and the actual
     224             :  *      ACL specification.
     225             :  *
     226             :  *      The group|user decoration is unnecessary in the roles world,
     227             :  *      but we still accept it for backward compatibility.
     228             :  *
     229             :  *      This routine is called by the parser as well as aclitemin(), hence
     230             :  *      the added generality.
     231             :  *
     232             :  * RETURNS:
     233             :  *      the string position in 's' immediately following the ACL
     234             :  *      specification.  Also:
     235             :  *      - loads the structure pointed to by 'aip' with the appropriate
     236             :  *        UID/GID, id type identifier and mode type values.
     237             :  */
     238             : static const char *
     239         320 : aclparse(const char *s, AclItem *aip)
     240             : {
     241             :     AclMode     privs,
     242             :                 goption,
     243             :                 read;
     244             :     char        name[NAMEDATALEN];
     245             :     char        name2[NAMEDATALEN];
     246             : 
     247             :     Assert(s && aip);
     248             : 
     249             : #ifdef ACLDEBUG
     250             :     elog(LOG, "aclparse: input = \"%s\"", s);
     251             : #endif
     252         320 :     s = getid(s, name);
     253         320 :     if (*s != '=')
     254             :     {
     255             :         /* we just read a keyword, not a name */
     256           0 :         if (strcmp(name, "group") != 0 && strcmp(name, "user") != 0)
     257           0 :             ereport(ERROR,
     258             :                     (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
     259             :                      errmsg("unrecognized key word: \"%s\"", name),
     260             :                      errhint("ACL key word must be \"group\" or \"user\".")));
     261           0 :         s = getid(s, name);     /* move s to the name beyond the keyword */
     262           0 :         if (name[0] == '\0')
     263           0 :             ereport(ERROR,
     264             :                     (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
     265             :                      errmsg("missing name"),
     266             :                      errhint("A name must follow the \"group\" or \"user\" key word.")));
     267             :     }
     268             : 
     269         320 :     if (*s != '=')
     270           0 :         ereport(ERROR,
     271             :                 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
     272             :                  errmsg("missing \"=\" sign")));
     273             : 
     274         320 :     privs = goption = ACL_NO_RIGHTS;
     275             : 
     276         640 :     for (++s, read = 0; isalpha((unsigned char) *s) || *s == '*'; s++)
     277             :     {
     278         320 :         switch (*s)
     279             :         {
     280             :             case '*':
     281           0 :                 goption |= read;
     282           0 :                 break;
     283             :             case ACL_INSERT_CHR:
     284           0 :                 read = ACL_INSERT;
     285           0 :                 break;
     286             :             case ACL_SELECT_CHR:
     287         320 :                 read = ACL_SELECT;
     288         320 :                 break;
     289             :             case ACL_UPDATE_CHR:
     290           0 :                 read = ACL_UPDATE;
     291           0 :                 break;
     292             :             case ACL_DELETE_CHR:
     293           0 :                 read = ACL_DELETE;
     294           0 :                 break;
     295             :             case ACL_TRUNCATE_CHR:
     296           0 :                 read = ACL_TRUNCATE;
     297           0 :                 break;
     298             :             case ACL_REFERENCES_CHR:
     299           0 :                 read = ACL_REFERENCES;
     300           0 :                 break;
     301             :             case ACL_TRIGGER_CHR:
     302           0 :                 read = ACL_TRIGGER;
     303           0 :                 break;
     304             :             case ACL_EXECUTE_CHR:
     305           0 :                 read = ACL_EXECUTE;
     306           0 :                 break;
     307             :             case ACL_USAGE_CHR:
     308           0 :                 read = ACL_USAGE;
     309           0 :                 break;
     310             :             case ACL_CREATE_CHR:
     311           0 :                 read = ACL_CREATE;
     312           0 :                 break;
     313             :             case ACL_CREATE_TEMP_CHR:
     314           0 :                 read = ACL_CREATE_TEMP;
     315           0 :                 break;
     316             :             case ACL_CONNECT_CHR:
     317           0 :                 read = ACL_CONNECT;
     318           0 :                 break;
     319             :             case 'R':           /* ignore old RULE privileges */
     320           0 :                 read = 0;
     321           0 :                 break;
     322             :             default:
     323           0 :                 ereport(ERROR,
     324             :                         (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
     325             :                          errmsg("invalid mode character: must be one of \"%s\"",
     326             :                                 ACL_ALL_RIGHTS_STR)));
     327             :         }
     328             : 
     329         320 :         privs |= read;
     330             :     }
     331             : 
     332         320 :     if (name[0] == '\0')
     333         320 :         aip->ai_grantee = ACL_ID_PUBLIC;
     334             :     else
     335           0 :         aip->ai_grantee = get_role_oid(name, false);
     336             : 
     337             :     /*
     338             :      * XXX Allow a degree of backward compatibility by defaulting the grantor
     339             :      * to the superuser.
     340             :      */
     341         320 :     if (*s == '/')
     342             :     {
     343         320 :         s = getid(s + 1, name2);
     344         320 :         if (name2[0] == '\0')
     345           0 :             ereport(ERROR,
     346             :                     (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
     347             :                      errmsg("a name must follow the \"/\" sign")));
     348         320 :         aip->ai_grantor = get_role_oid(name2, false);
     349             :     }
     350             :     else
     351             :     {
     352           0 :         aip->ai_grantor = BOOTSTRAP_SUPERUSERID;
     353           0 :         ereport(WARNING,
     354             :                 (errcode(ERRCODE_INVALID_GRANTOR),
     355             :                  errmsg("defaulting grantor to user ID %u",
     356             :                         BOOTSTRAP_SUPERUSERID)));
     357             :     }
     358             : 
     359         320 :     ACLITEM_SET_PRIVS_GOPTIONS(*aip, privs, goption);
     360             : 
     361             : #ifdef ACLDEBUG
     362             :     elog(LOG, "aclparse: correctly read [%u %x %x]",
     363             :          aip->ai_grantee, privs, goption);
     364             : #endif
     365             : 
     366         320 :     return s;
     367             : }
     368             : 
     369             : /*
     370             :  * allocacl
     371             :  *      Allocates storage for a new Acl with 'n' entries.
     372             :  *
     373             :  * RETURNS:
     374             :  *      the new Acl
     375             :  */
     376             : static Acl *
     377     1488548 : allocacl(int n)
     378             : {
     379             :     Acl        *new_acl;
     380             :     Size        size;
     381             : 
     382     1488548 :     if (n < 0)
     383           0 :         elog(ERROR, "invalid size: %d", n);
     384     1488548 :     size = ACL_N_SIZE(n);
     385     1488548 :     new_acl = (Acl *) palloc0(size);
     386     1488548 :     SET_VARSIZE(new_acl, size);
     387     1488548 :     new_acl->ndim = 1;
     388     1488548 :     new_acl->dataoffset = 0; /* we never put in any nulls */
     389     1488548 :     new_acl->elemtype = ACLITEMOID;
     390     1488548 :     ARR_LBOUND(new_acl)[0] = 1;
     391     1488548 :     ARR_DIMS(new_acl)[0] = n;
     392     1488548 :     return new_acl;
     393             : }
     394             : 
     395             : /*
     396             :  * Create a zero-entry ACL
     397             :  */
     398             : Acl *
     399          36 : make_empty_acl(void)
     400             : {
     401          36 :     return allocacl(0);
     402             : }
     403             : 
     404             : /*
     405             :  * Copy an ACL
     406             :  */
     407             : Acl *
     408       24720 : aclcopy(const Acl *orig_acl)
     409             : {
     410             :     Acl        *result_acl;
     411             : 
     412       24720 :     result_acl = allocacl(ACL_NUM(orig_acl));
     413             : 
     414       49440 :     memcpy(ACL_DAT(result_acl),
     415       24720 :            ACL_DAT(orig_acl),
     416       24720 :            ACL_NUM(orig_acl) * sizeof(AclItem));
     417             : 
     418       24720 :     return result_acl;
     419             : }
     420             : 
     421             : /*
     422             :  * Concatenate two ACLs
     423             :  *
     424             :  * This is a bit cheesy, since we may produce an ACL with redundant entries.
     425             :  * Be careful what the result is used for!
     426             :  */
     427             : Acl *
     428       45258 : aclconcat(const Acl *left_acl, const Acl *right_acl)
     429             : {
     430             :     Acl        *result_acl;
     431             : 
     432       45258 :     result_acl = allocacl(ACL_NUM(left_acl) + ACL_NUM(right_acl));
     433             : 
     434       90516 :     memcpy(ACL_DAT(result_acl),
     435       45258 :            ACL_DAT(left_acl),
     436       45258 :            ACL_NUM(left_acl) * sizeof(AclItem));
     437             : 
     438       90516 :     memcpy(ACL_DAT(result_acl) + ACL_NUM(left_acl),
     439       45258 :            ACL_DAT(right_acl),
     440       45258 :            ACL_NUM(right_acl) * sizeof(AclItem));
     441             : 
     442       45258 :     return result_acl;
     443             : }
     444             : 
     445             : /*
     446             :  * Merge two ACLs
     447             :  *
     448             :  * This produces a properly merged ACL with no redundant entries.
     449             :  * Returns NULL on NULL input.
     450             :  */
     451             : Acl *
     452          92 : aclmerge(const Acl *left_acl, const Acl *right_acl, Oid ownerId)
     453             : {
     454             :     Acl        *result_acl;
     455             :     AclItem    *aip;
     456             :     int         i,
     457             :                 num;
     458             : 
     459             :     /* Check for cases where one or both are empty/null */
     460          92 :     if (left_acl == NULL || ACL_NUM(left_acl) == 0)
     461             :     {
     462           0 :         if (right_acl == NULL || ACL_NUM(right_acl) == 0)
     463           0 :             return NULL;
     464             :         else
     465           0 :             return aclcopy(right_acl);
     466             :     }
     467             :     else
     468             :     {
     469          92 :         if (right_acl == NULL || ACL_NUM(right_acl) == 0)
     470          56 :             return aclcopy(left_acl);
     471             :     }
     472             : 
     473             :     /* Merge them the hard way, one item at a time */
     474          36 :     result_acl = aclcopy(left_acl);
     475             : 
     476          36 :     aip = ACL_DAT(right_acl);
     477          36 :     num = ACL_NUM(right_acl);
     478             : 
     479          84 :     for (i = 0; i < num; i++, aip++)
     480             :     {
     481             :         Acl        *tmp_acl;
     482             : 
     483          48 :         tmp_acl = aclupdate(result_acl, aip, ACL_MODECHG_ADD,
     484             :                             ownerId, DROP_RESTRICT);
     485          48 :         pfree(result_acl);
     486          48 :         result_acl = tmp_acl;
     487             :     }
     488             : 
     489          36 :     return result_acl;
     490             : }
     491             : 
     492             : /*
     493             :  * Sort the items in an ACL (into an arbitrary but consistent order)
     494             :  */
     495             : void
     496         336 : aclitemsort(Acl *acl)
     497             : {
     498         336 :     if (acl != NULL && ACL_NUM(acl) > 1)
     499          90 :         qsort(ACL_DAT(acl), ACL_NUM(acl), sizeof(AclItem), aclitemComparator);
     500         336 : }
     501             : 
     502             : /*
     503             :  * Check if two ACLs are exactly equal
     504             :  *
     505             :  * This will not detect equality if the two arrays contain the same items
     506             :  * in different orders.  To handle that case, sort both inputs first,
     507             :  * using aclitemsort().
     508             :  */
     509             : bool
     510         168 : aclequal(const Acl *left_acl, const Acl *right_acl)
     511             : {
     512             :     /* Check for cases where one or both are empty/null */
     513         168 :     if (left_acl == NULL || ACL_NUM(left_acl) == 0)
     514             :     {
     515           2 :         if (right_acl == NULL || ACL_NUM(right_acl) == 0)
     516           2 :             return true;
     517             :         else
     518           0 :             return false;
     519             :     }
     520             :     else
     521             :     {
     522         166 :         if (right_acl == NULL || ACL_NUM(right_acl) == 0)
     523          30 :             return false;
     524             :     }
     525             : 
     526         136 :     if (ACL_NUM(left_acl) != ACL_NUM(right_acl))
     527          54 :         return false;
     528             : 
     529         164 :     if (memcmp(ACL_DAT(left_acl),
     530          82 :                ACL_DAT(right_acl),
     531          82 :                ACL_NUM(left_acl) * sizeof(AclItem)) == 0)
     532          28 :         return true;
     533             : 
     534          54 :     return false;
     535             : }
     536             : 
     537             : /*
     538             :  * Verify that an ACL array is acceptable (one-dimensional and has no nulls)
     539             :  */
     540             : static void
     541      166920 : check_acl(const Acl *acl)
     542             : {
     543      166920 :     if (ARR_ELEMTYPE(acl) != ACLITEMOID)
     544           0 :         ereport(ERROR,
     545             :                 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
     546             :                  errmsg("ACL array contains wrong data type")));
     547      166920 :     if (ARR_NDIM(acl) != 1)
     548           0 :         ereport(ERROR,
     549             :                 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
     550             :                  errmsg("ACL arrays must be one-dimensional")));
     551      166920 :     if (ARR_HASNULL(acl))
     552           0 :         ereport(ERROR,
     553             :                 (errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED),
     554             :                  errmsg("ACL arrays must not contain null values")));
     555      166920 : }
     556             : 
     557             : /*
     558             :  * aclitemin
     559             :  *      Allocates storage for, and fills in, a new AclItem given a string
     560             :  *      's' that contains an ACL specification.  See aclparse for details.
     561             :  *
     562             :  * RETURNS:
     563             :  *      the new AclItem
     564             :  */
     565             : Datum
     566         320 : aclitemin(PG_FUNCTION_ARGS)
     567             : {
     568         320 :     const char *s = PG_GETARG_CSTRING(0);
     569             :     AclItem    *aip;
     570             : 
     571         320 :     aip = (AclItem *) palloc(sizeof(AclItem));
     572         320 :     s = aclparse(s, aip);
     573         640 :     while (isspace((unsigned char) *s))
     574           0 :         ++s;
     575         320 :     if (*s)
     576           0 :         ereport(ERROR,
     577             :                 (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
     578             :                  errmsg("extra garbage at the end of the ACL specification")));
     579             : 
     580         320 :     PG_RETURN_ACLITEM_P(aip);
     581             : }
     582             : 
     583             : /*
     584             :  * aclitemout
     585             :  *      Allocates storage for, and fills in, a new null-delimited string
     586             :  *      containing a formatted ACL specification.  See aclparse for details.
     587             :  *
     588             :  * RETURNS:
     589             :  *      the new string
     590             :  */
     591             : Datum
     592       12858 : aclitemout(PG_FUNCTION_ARGS)
     593             : {
     594       12858 :     AclItem    *aip = PG_GETARG_ACLITEM_P(0);
     595             :     char       *p;
     596             :     char       *out;
     597             :     HeapTuple   htup;
     598             :     unsigned    i;
     599             : 
     600       12858 :     out = palloc(strlen("=/") +
     601             :                  2 * N_ACL_RIGHTS +
     602             :                  2 * (2 * NAMEDATALEN + 2) +
     603             :                  1);
     604             : 
     605       12858 :     p = out;
     606       12858 :     *p = '\0';
     607             : 
     608       12858 :     if (aip->ai_grantee != ACL_ID_PUBLIC)
     609             :     {
     610        1344 :         htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantee));
     611        1344 :         if (HeapTupleIsValid(htup))
     612             :         {
     613        1344 :             putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
     614        1344 :             ReleaseSysCache(htup);
     615             :         }
     616             :         else
     617             :         {
     618             :             /* Generate numeric OID if we don't find an entry */
     619           0 :             sprintf(p, "%u", aip->ai_grantee);
     620             :         }
     621             :     }
     622       53888 :     while (*p)
     623       28172 :         ++p;
     624             : 
     625       12858 :     *p++ = '=';
     626             : 
     627      167154 :     for (i = 0; i < N_ACL_RIGHTS; ++i)
     628             :     {
     629      154296 :         if (ACLITEM_GET_PRIVS(*aip) & (1 << i))
     630       14276 :             *p++ = ACL_ALL_RIGHTS_STR[i];
     631      154296 :         if (ACLITEM_GET_GOPTIONS(*aip) & (1 << i))
     632          80 :             *p++ = '*';
     633             :     }
     634             : 
     635       12858 :     *p++ = '/';
     636       12858 :     *p = '\0';
     637             : 
     638       12858 :     htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantor));
     639       12858 :     if (HeapTupleIsValid(htup))
     640             :     {
     641       12858 :         putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
     642       12858 :         ReleaseSysCache(htup);
     643             :     }
     644             :     else
     645             :     {
     646             :         /* Generate numeric OID if we don't find an entry */
     647           0 :         sprintf(p, "%u", aip->ai_grantor);
     648             :     }
     649             : 
     650       12858 :     PG_RETURN_CSTRING(out);
     651             : }
     652             : 
     653             : /*
     654             :  * aclitem_match
     655             :  *      Two AclItems are considered to match iff they have the same
     656             :  *      grantee and grantor; the privileges are ignored.
     657             :  */
     658             : static bool
     659       41100 : aclitem_match(const AclItem *a1, const AclItem *a2)
     660             : {
     661       54558 :     return a1->ai_grantee == a2->ai_grantee &&
     662       13458 :         a1->ai_grantor == a2->ai_grantor;
     663             : }
     664             : 
     665             : /*
     666             :  * aclitemComparator
     667             :  *      qsort comparison function for AclItems
     668             :  */
     669             : static int
     670          94 : aclitemComparator(const void *arg1, const void *arg2)
     671             : {
     672          94 :     const AclItem *a1 = (const AclItem *) arg1;
     673          94 :     const AclItem *a2 = (const AclItem *) arg2;
     674             : 
     675          94 :     if (a1->ai_grantee > a2->ai_grantee)
     676          28 :         return 1;
     677          66 :     if (a1->ai_grantee < a2->ai_grantee)
     678          66 :         return -1;
     679           0 :     if (a1->ai_grantor > a2->ai_grantor)
     680           0 :         return 1;
     681           0 :     if (a1->ai_grantor < a2->ai_grantor)
     682           0 :         return -1;
     683           0 :     if (a1->ai_privs > a2->ai_privs)
     684           0 :         return 1;
     685           0 :     if (a1->ai_privs < a2->ai_privs)
     686           0 :         return -1;
     687           0 :     return 0;
     688             : }
     689             : 
     690             : /*
     691             :  * aclitem equality operator
     692             :  */
     693             : Datum
     694      742216 : aclitem_eq(PG_FUNCTION_ARGS)
     695             : {
     696      742216 :     AclItem    *a1 = PG_GETARG_ACLITEM_P(0);
     697      742216 :     AclItem    *a2 = PG_GETARG_ACLITEM_P(1);
     698             :     bool        result;
     699             : 
     700     2209544 :     result = a1->ai_privs == a2->ai_privs &&
     701     1467256 :         a1->ai_grantee == a2->ai_grantee &&
     702      725040 :         a1->ai_grantor == a2->ai_grantor;
     703      742216 :     PG_RETURN_BOOL(result);
     704             : }
     705             : 
     706             : /*
     707             :  * aclitem hash function
     708             :  *
     709             :  * We make aclitems hashable not so much because anyone is likely to hash
     710             :  * them, as because we want array equality to work on aclitem arrays, and
     711             :  * with the typcache mechanism we must have a hash or btree opclass.
     712             :  */
     713             : Datum
     714      979050 : hash_aclitem(PG_FUNCTION_ARGS)
     715             : {
     716      979050 :     AclItem    *a = PG_GETARG_ACLITEM_P(0);
     717             : 
     718             :     /* not very bright, but avoids any issue of padding in struct */
     719      979050 :     PG_RETURN_UINT32((uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor));
     720             : }
     721             : 
     722             : /*
     723             :  * 64-bit hash function for aclitem.
     724             :  *
     725             :  * Similar to hash_aclitem, but accepts a seed and returns a uint64 value.
     726             :  */
     727             : Datum
     728           8 : hash_aclitem_extended(PG_FUNCTION_ARGS)
     729             : {
     730           8 :     AclItem    *a = PG_GETARG_ACLITEM_P(0);
     731           8 :     uint64      seed = PG_GETARG_INT64(1);
     732           8 :     uint32      sum = (uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor);
     733             : 
     734           8 :     return (seed == 0) ? UInt64GetDatum(sum) : hash_uint32_extended(sum, seed);
     735             : }
     736             : 
     737             : /*
     738             :  * acldefault()  --- create an ACL describing default access permissions
     739             :  *
     740             :  * Change this routine if you want to alter the default access policy for
     741             :  * newly-created objects (or any object with a NULL acl entry).  When
     742             :  * you make a change here, don't forget to update the GRANT man page,
     743             :  * which explains all the default permissions.
     744             :  *
     745             :  * Note that these are the hard-wired "defaults" that are used in the
     746             :  * absence of any pg_default_acl entry.
     747             :  */
     748             : Acl *
     749     1333228 : acldefault(ObjectType objtype, Oid ownerId)
     750             : {
     751             :     AclMode     world_default;
     752             :     AclMode     owner_default;
     753             :     int         nacl;
     754             :     Acl        *acl;
     755             :     AclItem    *aip;
     756             : 
     757     1333228 :     switch (objtype)
     758             :     {
     759             :         case OBJECT_COLUMN:
     760             :             /* by default, columns have no extra privileges */
     761      868966 :             world_default = ACL_NO_RIGHTS;
     762      868966 :             owner_default = ACL_NO_RIGHTS;
     763      868966 :             break;
     764             :         case OBJECT_TABLE:
     765      106348 :             world_default = ACL_NO_RIGHTS;
     766      106348 :             owner_default = ACL_ALL_RIGHTS_RELATION;
     767      106348 :             break;
     768             :         case OBJECT_SEQUENCE:
     769        1910 :             world_default = ACL_NO_RIGHTS;
     770        1910 :             owner_default = ACL_ALL_RIGHTS_SEQUENCE;
     771        1910 :             break;
     772             :         case OBJECT_DATABASE:
     773             :             /* for backwards compatibility, grant some rights by default */
     774        1112 :             world_default = ACL_CREATE_TEMP | ACL_CONNECT;
     775        1112 :             owner_default = ACL_ALL_RIGHTS_DATABASE;
     776        1112 :             break;
     777             :         case OBJECT_FUNCTION:
     778             :             /* Grant EXECUTE by default, for now */
     779       40526 :             world_default = ACL_EXECUTE;
     780       40526 :             owner_default = ACL_ALL_RIGHTS_FUNCTION;
     781       40526 :             break;
     782             :         case OBJECT_LANGUAGE:
     783             :             /* Grant USAGE by default, for now */
     784         798 :             world_default = ACL_USAGE;
     785         798 :             owner_default = ACL_ALL_RIGHTS_LANGUAGE;
     786         798 :             break;
     787             :         case OBJECT_LARGEOBJECT:
     788         210 :             world_default = ACL_NO_RIGHTS;
     789         210 :             owner_default = ACL_ALL_RIGHTS_LARGEOBJECT;
     790         210 :             break;
     791             :         case OBJECT_SCHEMA:
     792        4432 :             world_default = ACL_NO_RIGHTS;
     793        4432 :             owner_default = ACL_ALL_RIGHTS_SCHEMA;
     794        4432 :             break;
     795             :         case OBJECT_TABLESPACE:
     796           4 :             world_default = ACL_NO_RIGHTS;
     797           4 :             owner_default = ACL_ALL_RIGHTS_TABLESPACE;
     798           4 :             break;
     799             :         case OBJECT_FDW:
     800         158 :             world_default = ACL_NO_RIGHTS;
     801         158 :             owner_default = ACL_ALL_RIGHTS_FDW;
     802         158 :             break;
     803             :         case OBJECT_FOREIGN_SERVER:
     804         234 :             world_default = ACL_NO_RIGHTS;
     805         234 :             owner_default = ACL_ALL_RIGHTS_FOREIGN_SERVER;
     806         234 :             break;
     807             :         case OBJECT_DOMAIN:
     808             :         case OBJECT_TYPE:
     809      308530 :             world_default = ACL_USAGE;
     810      308530 :             owner_default = ACL_ALL_RIGHTS_TYPE;
     811      308530 :             break;
     812             :         default:
     813           0 :             elog(ERROR, "unrecognized objtype: %d", (int) objtype);
     814             :             world_default = ACL_NO_RIGHTS;  /* keep compiler quiet */
     815             :             owner_default = ACL_NO_RIGHTS;
     816             :             break;
     817             :     }
     818             : 
     819     1333228 :     nacl = 0;
     820     1333228 :     if (world_default != ACL_NO_RIGHTS)
     821      350966 :         nacl++;
     822     1333228 :     if (owner_default != ACL_NO_RIGHTS)
     823      464262 :         nacl++;
     824             : 
     825     1333228 :     acl = allocacl(nacl);
     826     1333228 :     aip = ACL_DAT(acl);
     827             : 
     828     1333228 :     if (world_default != ACL_NO_RIGHTS)
     829             :     {
     830      350966 :         aip->ai_grantee = ACL_ID_PUBLIC;
     831      350966 :         aip->ai_grantor = ownerId;
     832      350966 :         ACLITEM_SET_PRIVS_GOPTIONS(*aip, world_default, ACL_NO_RIGHTS);
     833      350966 :         aip++;
     834             :     }
     835             : 
     836             :     /*
     837             :      * Note that the owner's entry shows all ordinary privileges but no grant
     838             :      * options.  This is because his grant options come "from the system" and
     839             :      * not from his own efforts.  (The SQL spec says that the owner's rights
     840             :      * come from a "_SYSTEM" authid.)  However, we do consider that the
     841             :      * owner's ordinary privileges are self-granted; this lets him revoke
     842             :      * them.  We implement the owner's grant options without any explicit
     843             :      * "_SYSTEM"-like ACL entry, by internally special-casing the owner
     844             :      * wherever we are testing grant options.
     845             :      */
     846     1333228 :     if (owner_default != ACL_NO_RIGHTS)
     847             :     {
     848      464262 :         aip->ai_grantee = ownerId;
     849      464262 :         aip->ai_grantor = ownerId;
     850      464262 :         ACLITEM_SET_PRIVS_GOPTIONS(*aip, owner_default, ACL_NO_RIGHTS);
     851             :     }
     852             : 
     853     1333228 :     return acl;
     854             : }
     855             : 
     856             : 
     857             : /*
     858             :  * SQL-accessible version of acldefault().  Hackish mapping from "char" type to
     859             :  * OBJECT_* values.
     860             :  */
     861             : Datum
     862     1234372 : acldefault_sql(PG_FUNCTION_ARGS)
     863             : {
     864     1234372 :     char        objtypec = PG_GETARG_CHAR(0);
     865     1234372 :     Oid         owner = PG_GETARG_OID(1);
     866     1234372 :     ObjectType  objtype = 0;
     867             : 
     868     1234372 :     switch (objtypec)
     869             :     {
     870             :         case 'c':
     871      823808 :             objtype = OBJECT_COLUMN;
     872      823808 :             break;
     873             :         case 'r':
     874       81136 :             objtype = OBJECT_TABLE;
     875       81136 :             break;
     876             :         case 's':
     877        1832 :             objtype = OBJECT_SEQUENCE;
     878        1832 :             break;
     879             :         case 'd':
     880         256 :             objtype = OBJECT_DATABASE;
     881         256 :             break;
     882             :         case 'f':
     883       16304 :             objtype = OBJECT_FUNCTION;
     884       16304 :             break;
     885             :         case 'l':
     886         740 :             objtype = OBJECT_LANGUAGE;
     887         740 :             break;
     888             :         case 'L':
     889         160 :             objtype = OBJECT_LARGEOBJECT;
     890         160 :             break;
     891             :         case 'n':
     892        3268 :             objtype = OBJECT_SCHEMA;
     893        3268 :             break;
     894             :         case 't':
     895           0 :             objtype = OBJECT_TABLESPACE;
     896           0 :             break;
     897             :         case 'F':
     898         140 :             objtype = OBJECT_FDW;
     899         140 :             break;
     900             :         case 'S':
     901         140 :             objtype = OBJECT_FOREIGN_SERVER;
     902         140 :             break;
     903             :         case 'T':
     904      306588 :             objtype = OBJECT_TYPE;
     905      306588 :             break;
     906             :         default:
     907           0 :             elog(ERROR, "unrecognized objtype abbreviation: %c", objtypec);
     908             :     }
     909             : 
     910     1234372 :     PG_RETURN_ACL_P(acldefault(objtype, owner));
     911             : }
     912             : 
     913             : 
     914             : /*
     915             :  * Update an ACL array to add or remove specified privileges.
     916             :  *
     917             :  *  old_acl: the input ACL array
     918             :  *  mod_aip: defines the privileges to be added, removed, or substituted
     919             :  *  modechg: ACL_MODECHG_ADD, ACL_MODECHG_DEL, or ACL_MODECHG_EQL
     920             :  *  ownerId: Oid of object owner
     921             :  *  behavior: RESTRICT or CASCADE behavior for recursive removal
     922             :  *
     923             :  * ownerid and behavior are only relevant when the update operation specifies
     924             :  * deletion of grant options.
     925             :  *
     926             :  * The result is a modified copy; the input object is not changed.
     927             :  *
     928             :  * NB: caller is responsible for having detoasted the input ACL, if needed.
     929             :  */
     930             : Acl *
     931       85276 : aclupdate(const Acl *old_acl, const AclItem *mod_aip,
     932             :           int modechg, Oid ownerId, DropBehavior behavior)
     933             : {
     934       85276 :     Acl        *new_acl = NULL;
     935             :     AclItem    *old_aip,
     936       85276 :                *new_aip = NULL;
     937             :     AclMode     old_rights,
     938             :                 old_goptions,
     939             :                 new_rights,
     940             :                 new_goptions;
     941             :     int         dst,
     942             :                 num;
     943             : 
     944             :     /* Caller probably already checked old_acl, but be safe */
     945       85276 :     check_acl(old_acl);
     946             : 
     947             :     /* If granting grant options, check for circularity */
     948      110986 :     if (modechg != ACL_MODECHG_DEL &&
     949       25710 :         ACLITEM_GET_GOPTIONS(*mod_aip) != ACL_NO_RIGHTS)
     950          40 :         check_circularity(old_acl, mod_aip, ownerId);
     951             : 
     952       85276 :     num = ACL_NUM(old_acl);
     953       85276 :     old_aip = ACL_DAT(old_acl);
     954             : 
     955             :     /*
     956             :      * Search the ACL for an existing entry for this grantee and grantor. If
     957             :      * one exists, just modify the entry in-place (well, in the same position,
     958             :      * since we actually return a copy); otherwise, insert the new entry at
     959             :      * the end.
     960             :      */
     961             : 
     962      112934 :     for (dst = 0; dst < num; ++dst)
     963             :     {
     964       41094 :         if (aclitem_match(mod_aip, old_aip + dst))
     965             :         {
     966             :             /* found a match, so modify existing item */
     967       13436 :             new_acl = allocacl(num);
     968       13436 :             new_aip = ACL_DAT(new_acl);
     969       13436 :             memcpy(new_acl, old_acl, ACL_SIZE(old_acl));
     970       13436 :             break;
     971             :         }
     972             :     }
     973             : 
     974       85276 :     if (dst == num)
     975             :     {
     976             :         /* need to append a new item */
     977       71840 :         new_acl = allocacl(num + 1);
     978       71840 :         new_aip = ACL_DAT(new_acl);
     979       71840 :         memcpy(new_aip, old_aip, num * sizeof(AclItem));
     980             : 
     981             :         /* initialize the new entry with no permissions */
     982       71840 :         new_aip[dst].ai_grantee = mod_aip->ai_grantee;
     983       71840 :         new_aip[dst].ai_grantor = mod_aip->ai_grantor;
     984       71840 :         ACLITEM_SET_PRIVS_GOPTIONS(new_aip[dst],
     985             :                                    ACL_NO_RIGHTS, ACL_NO_RIGHTS);
     986       71840 :         num++;                  /* set num to the size of new_acl */
     987             :     }
     988             : 
     989       85276 :     old_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
     990       85276 :     old_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
     991             : 
     992             :     /* apply the specified permissions change */
     993       85276 :     switch (modechg)
     994             :     {
     995             :         case ACL_MODECHG_ADD:
     996       25710 :             ACLITEM_SET_RIGHTS(new_aip[dst],
     997             :                                old_rights | ACLITEM_GET_RIGHTS(*mod_aip));
     998       25710 :             break;
     999             :         case ACL_MODECHG_DEL:
    1000       59566 :             ACLITEM_SET_RIGHTS(new_aip[dst],
    1001             :                                old_rights & ~ACLITEM_GET_RIGHTS(*mod_aip));
    1002       59566 :             break;
    1003             :         case ACL_MODECHG_EQL:
    1004           0 :             ACLITEM_SET_RIGHTS(new_aip[dst],
    1005             :                                ACLITEM_GET_RIGHTS(*mod_aip));
    1006           0 :             break;
    1007             :     }
    1008             : 
    1009       85276 :     new_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
    1010       85276 :     new_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
    1011             : 
    1012             :     /*
    1013             :      * If the adjusted entry has no permissions, delete it from the list.
    1014             :      */
    1015       85276 :     if (new_rights == ACL_NO_RIGHTS)
    1016             :     {
    1017      176664 :         memmove(new_aip + dst,
    1018      117776 :                 new_aip + dst + 1,
    1019       58888 :                 (num - dst - 1) * sizeof(AclItem));
    1020             :         /* Adjust array size to be 'num - 1' items */
    1021       58888 :         ARR_DIMS(new_acl)[0] = num - 1;
    1022       58888 :         SET_VARSIZE(new_acl, ACL_N_SIZE(num - 1));
    1023             :     }
    1024             : 
    1025             :     /*
    1026             :      * Remove abandoned privileges (cascading revoke).  Currently we can only
    1027             :      * handle this when the grantee is not PUBLIC.
    1028             :      */
    1029       85276 :     if ((old_goptions & ~new_goptions) != 0)
    1030             :     {
    1031             :         Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
    1032          40 :         new_acl = recursive_revoke(new_acl, mod_aip->ai_grantee,
    1033          40 :                                    (old_goptions & ~new_goptions),
    1034             :                                    ownerId, behavior);
    1035             :     }
    1036             : 
    1037       85268 :     return new_acl;
    1038             : }
    1039             : 
    1040             : /*
    1041             :  * Update an ACL array to reflect a change of owner to the parent object
    1042             :  *
    1043             :  *  old_acl: the input ACL array (must not be NULL)
    1044             :  *  oldOwnerId: Oid of the old object owner
    1045             :  *  newOwnerId: Oid of the new object owner
    1046             :  *
    1047             :  * The result is a modified copy; the input object is not changed.
    1048             :  *
    1049             :  * NB: caller is responsible for having detoasted the input ACL, if needed.
    1050             :  */
    1051             : Acl *
    1052          22 : aclnewowner(const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)
    1053             : {
    1054             :     Acl        *new_acl;
    1055             :     AclItem    *new_aip;
    1056             :     AclItem    *old_aip;
    1057             :     AclItem    *dst_aip;
    1058             :     AclItem    *src_aip;
    1059             :     AclItem    *targ_aip;
    1060          22 :     bool        newpresent = false;
    1061             :     int         dst,
    1062             :                 src,
    1063             :                 targ,
    1064             :                 num;
    1065             : 
    1066          22 :     check_acl(old_acl);
    1067             : 
    1068             :     /*
    1069             :      * Make a copy of the given ACL, substituting new owner ID for old
    1070             :      * wherever it appears as either grantor or grantee.  Also note if the new
    1071             :      * owner ID is already present.
    1072             :      */
    1073          22 :     num = ACL_NUM(old_acl);
    1074          22 :     old_aip = ACL_DAT(old_acl);
    1075          22 :     new_acl = allocacl(num);
    1076          22 :     new_aip = ACL_DAT(new_acl);
    1077          22 :     memcpy(new_aip, old_aip, num * sizeof(AclItem));
    1078          58 :     for (dst = 0, dst_aip = new_aip; dst < num; dst++, dst_aip++)
    1079             :     {
    1080          36 :         if (dst_aip->ai_grantor == oldOwnerId)
    1081          36 :             dst_aip->ai_grantor = newOwnerId;
    1082           0 :         else if (dst_aip->ai_grantor == newOwnerId)
    1083           0 :             newpresent = true;
    1084          36 :         if (dst_aip->ai_grantee == oldOwnerId)
    1085          22 :             dst_aip->ai_grantee = newOwnerId;
    1086          14 :         else if (dst_aip->ai_grantee == newOwnerId)
    1087           6 :             newpresent = true;
    1088             :     }
    1089             : 
    1090             :     /*
    1091             :      * If the old ACL contained any references to the new owner, then we may
    1092             :      * now have generated an ACL containing duplicate entries.  Find them and
    1093             :      * merge them so that there are not duplicates.  (This is relatively
    1094             :      * expensive since we use a stupid O(N^2) algorithm, but it's unlikely to
    1095             :      * be the normal case.)
    1096             :      *
    1097             :      * To simplify deletion of duplicate entries, we temporarily leave them in
    1098             :      * the array but set their privilege masks to zero; when we reach such an
    1099             :      * entry it's just skipped.  (Thus, a side effect of this code will be to
    1100             :      * remove privilege-free entries, should there be any in the input.)  dst
    1101             :      * is the next output slot, targ is the currently considered input slot
    1102             :      * (always >= dst), and src scans entries to the right of targ looking for
    1103             :      * duplicates.  Once an entry has been emitted to dst it is known
    1104             :      * duplicate-free and need not be considered anymore.
    1105             :      */
    1106          22 :     if (newpresent)
    1107             :     {
    1108           6 :         dst = 0;
    1109          18 :         for (targ = 0, targ_aip = new_aip; targ < num; targ++, targ_aip++)
    1110             :         {
    1111             :             /* ignore if deleted in an earlier pass */
    1112          12 :             if (ACLITEM_GET_RIGHTS(*targ_aip) == ACL_NO_RIGHTS)
    1113           6 :                 continue;
    1114             :             /* find and merge any duplicates */
    1115          18 :             for (src = targ + 1, src_aip = targ_aip + 1; src < num;
    1116           6 :                  src++, src_aip++)
    1117             :             {
    1118           6 :                 if (ACLITEM_GET_RIGHTS(*src_aip) == ACL_NO_RIGHTS)
    1119           0 :                     continue;
    1120           6 :                 if (aclitem_match(targ_aip, src_aip))
    1121             :                 {
    1122           6 :                     ACLITEM_SET_RIGHTS(*targ_aip,
    1123             :                                        ACLITEM_GET_RIGHTS(*targ_aip) |
    1124             :                                        ACLITEM_GET_RIGHTS(*src_aip));
    1125             :                     /* mark the duplicate deleted */
    1126           6 :                     ACLITEM_SET_RIGHTS(*src_aip, ACL_NO_RIGHTS);
    1127             :                 }
    1128             :             }
    1129             :             /* and emit to output */
    1130           6 :             new_aip[dst] = *targ_aip;
    1131           6 :             dst++;
    1132             :         }
    1133             :         /* Adjust array size to be 'dst' items */
    1134           6 :         ARR_DIMS(new_acl)[0] = dst;
    1135           6 :         SET_VARSIZE(new_acl, ACL_N_SIZE(dst));
    1136             :     }
    1137             : 
    1138          22 :     return new_acl;
    1139             : }
    1140             : 
    1141             : 
    1142             : /*
    1143             :  * When granting grant options, we must disallow attempts to set up circular
    1144             :  * chains of grant options.  Suppose A (the object owner) grants B some
    1145             :  * privileges with grant option, and B re-grants them to C.  If C could
    1146             :  * grant the privileges to B as well, then A would be unable to effectively
    1147             :  * revoke the privileges from B, since recursive_revoke would consider that
    1148             :  * B still has 'em from C.
    1149             :  *
    1150             :  * We check for this by recursively deleting all grant options belonging to
    1151             :  * the target grantee, and then seeing if the would-be grantor still has the
    1152             :  * grant option or not.
    1153             :  */
    1154             : static void
    1155          40 : check_circularity(const Acl *old_acl, const AclItem *mod_aip,
    1156             :                   Oid ownerId)
    1157             : {
    1158             :     Acl        *acl;
    1159             :     AclItem    *aip;
    1160             :     int         i,
    1161             :                 num;
    1162             :     AclMode     own_privs;
    1163             : 
    1164          40 :     check_acl(old_acl);
    1165             : 
    1166             :     /*
    1167             :      * For now, grant options can only be granted to roles, not PUBLIC.
    1168             :      * Otherwise we'd have to work a bit harder here.
    1169             :      */
    1170             :     Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
    1171             : 
    1172             :     /* The owner always has grant options, no need to check */
    1173          40 :     if (mod_aip->ai_grantor == ownerId)
    1174          32 :         return;
    1175             : 
    1176             :     /* Make a working copy */
    1177           8 :     acl = allocacl(ACL_NUM(old_acl));
    1178           8 :     memcpy(acl, old_acl, ACL_SIZE(old_acl));
    1179             : 
    1180             :     /* Zap all grant options of target grantee, plus what depends on 'em */
    1181             : cc_restart:
    1182          12 :     num = ACL_NUM(acl);
    1183          12 :     aip = ACL_DAT(acl);
    1184          48 :     for (i = 0; i < num; i++)
    1185             :     {
    1186          44 :         if (aip[i].ai_grantee == mod_aip->ai_grantee &&
    1187           4 :             ACLITEM_GET_GOPTIONS(aip[i]) != ACL_NO_RIGHTS)
    1188             :         {
    1189             :             Acl        *new_acl;
    1190             : 
    1191             :             /* We'll actually zap ordinary privs too, but no matter */
    1192           4 :             new_acl = aclupdate(acl, &aip[i], ACL_MODECHG_DEL,
    1193             :                                 ownerId, DROP_CASCADE);
    1194             : 
    1195           4 :             pfree(acl);
    1196           4 :             acl = new_acl;
    1197             : 
    1198           4 :             goto cc_restart;
    1199             :         }
    1200             :     }
    1201             : 
    1202             :     /* Now we can compute grantor's independently-derived privileges */
    1203           8 :     own_privs = aclmask(acl,
    1204             :                         mod_aip->ai_grantor,
    1205             :                         ownerId,
    1206           8 :                         ACL_GRANT_OPTION_FOR(ACLITEM_GET_GOPTIONS(*mod_aip)),
    1207             :                         ACLMASK_ALL);
    1208           8 :     own_privs = ACL_OPTION_TO_PRIVS(own_privs);
    1209             : 
    1210           8 :     if ((ACLITEM_GET_GOPTIONS(*mod_aip) & ~own_privs) != 0)
    1211           0 :         ereport(ERROR,
    1212             :                 (errcode(ERRCODE_INVALID_GRANT_OPERATION),
    1213             :                  errmsg("grant options cannot be granted back to your own grantor")));
    1214             : 
    1215           8 :     pfree(acl);
    1216             : }
    1217             : 
    1218             : 
    1219             : /*
    1220             :  * Ensure that no privilege is "abandoned".  A privilege is abandoned
    1221             :  * if the user that granted the privilege loses the grant option.  (So
    1222             :  * the chain through which it was granted is broken.)  Either the
    1223             :  * abandoned privileges are revoked as well, or an error message is
    1224             :  * printed, depending on the drop behavior option.
    1225             :  *
    1226             :  *  acl: the input ACL list
    1227             :  *  grantee: the user from whom some grant options have been revoked
    1228             :  *  revoke_privs: the grant options being revoked
    1229             :  *  ownerId: Oid of object owner
    1230             :  *  behavior: RESTRICT or CASCADE behavior for recursive removal
    1231             :  *
    1232             :  * The input Acl object is pfree'd if replaced.
    1233             :  */
    1234             : static Acl *
    1235          40 : recursive_revoke(Acl *acl,
    1236             :                  Oid grantee,
    1237             :                  AclMode revoke_privs,
    1238             :                  Oid ownerId,
    1239             :                  DropBehavior behavior)
    1240             : {
    1241             :     AclMode     still_has;
    1242             :     AclItem    *aip;
    1243             :     int         i,
    1244             :                 num;
    1245             : 
    1246          40 :     check_acl(acl);
    1247             : 
    1248             :     /* The owner can never truly lose grant options, so short-circuit */
    1249          40 :     if (grantee == ownerId)
    1250           0 :         return acl;
    1251             : 
    1252             :     /* The grantee might still have some grant options via another grantor */
    1253          40 :     still_has = aclmask(acl, grantee, ownerId,
    1254             :                         ACL_GRANT_OPTION_FOR(revoke_privs),
    1255             :                         ACLMASK_ALL);
    1256          40 :     revoke_privs &= ~ACL_OPTION_TO_PRIVS(still_has);
    1257          40 :     if (revoke_privs == ACL_NO_RIGHTS)
    1258           4 :         return acl;
    1259             : 
    1260             : restart:
    1261          52 :     num = ACL_NUM(acl);
    1262          52 :     aip = ACL_DAT(acl);
    1263         176 :     for (i = 0; i < num; i++)
    1264             :     {
    1265         148 :         if (aip[i].ai_grantor == grantee
    1266          24 :             && (ACLITEM_GET_PRIVS(aip[i]) & revoke_privs) != 0)
    1267             :         {
    1268             :             AclItem     mod_acl;
    1269             :             Acl        *new_acl;
    1270             : 
    1271          24 :             if (behavior == DROP_RESTRICT)
    1272           8 :                 ereport(ERROR,
    1273             :                         (errcode(ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST),
    1274             :                          errmsg("dependent privileges exist"),
    1275             :                          errhint("Use CASCADE to revoke them too.")));
    1276             : 
    1277          16 :             mod_acl.ai_grantor = grantee;
    1278          16 :             mod_acl.ai_grantee = aip[i].ai_grantee;
    1279          16 :             ACLITEM_SET_PRIVS_GOPTIONS(mod_acl,
    1280             :                                        revoke_privs,
    1281             :                                        revoke_privs);
    1282             : 
    1283          16 :             new_acl = aclupdate(acl, &mod_acl, ACL_MODECHG_DEL,
    1284             :                                 ownerId, behavior);
    1285             : 
    1286          16 :             pfree(acl);
    1287          16 :             acl = new_acl;
    1288             : 
    1289          16 :             goto restart;
    1290             :         }
    1291             :     }
    1292             : 
    1293          28 :     return acl;
    1294             : }
    1295             : 
    1296             : 
    1297             : /*
    1298             :  * aclmask --- compute bitmask of all privileges held by roleid.
    1299             :  *
    1300             :  * When 'how' = ACLMASK_ALL, this simply returns the privilege bits
    1301             :  * held by the given roleid according to the given ACL list, ANDed
    1302             :  * with 'mask'.  (The point of passing 'mask' is to let the routine
    1303             :  * exit early if all privileges of interest have been found.)
    1304             :  *
    1305             :  * When 'how' = ACLMASK_ANY, returns as soon as any bit in the mask
    1306             :  * is known true.  (This lets us exit soonest in cases where the
    1307             :  * caller is only going to test for zero or nonzero result.)
    1308             :  *
    1309             :  * Usage patterns:
    1310             :  *
    1311             :  * To see if any of a set of privileges are held:
    1312             :  *      if (aclmask(acl, roleid, ownerId, privs, ACLMASK_ANY) != 0)
    1313             :  *
    1314             :  * To see if all of a set of privileges are held:
    1315             :  *      if (aclmask(acl, roleid, ownerId, privs, ACLMASK_ALL) == privs)
    1316             :  *
    1317             :  * To determine exactly which of a set of privileges are held:
    1318             :  *      heldprivs = aclmask(acl, roleid, ownerId, privs, ACLMASK_ALL);
    1319             :  */
    1320             : AclMode
    1321       36170 : aclmask(const Acl *acl, Oid roleid, Oid ownerId,
    1322             :         AclMode mask, AclMaskHow how)
    1323             : {
    1324             :     AclMode     result;
    1325             :     AclMode     remaining;
    1326             :     AclItem    *aidat;
    1327             :     int         i,
    1328             :                 num;
    1329             : 
    1330             :     /*
    1331             :      * Null ACL should not happen, since caller should have inserted
    1332             :      * appropriate default
    1333             :      */
    1334       36170 :     if (acl == NULL)
    1335           0 :         elog(ERROR, "null ACL");
    1336             : 
    1337       36170 :     check_acl(acl);
    1338             : 
    1339             :     /* Quick exit for mask == 0 */
    1340       36170 :     if (mask == 0)
    1341          32 :         return 0;
    1342             : 
    1343       36138 :     result = 0;
    1344             : 
    1345             :     /* Owner always implicitly has all grant options */
    1346       36234 :     if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
    1347          96 :         has_privs_of_role(roleid, ownerId))
    1348             :     {
    1349           4 :         result = mask & ACLITEM_ALL_GOPTION_BITS;
    1350           4 :         if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
    1351           4 :             return result;
    1352             :     }
    1353             : 
    1354       36134 :     num = ACL_NUM(acl);
    1355       36134 :     aidat = ACL_DAT(acl);
    1356             : 
    1357             :     /*
    1358             :      * Check privileges granted directly to roleid or to public
    1359             :      */
    1360       56332 :     for (i = 0; i < num; i++)
    1361             :     {
    1362       54672 :         AclItem    *aidata = &aidat[i];
    1363             : 
    1364       78570 :         if (aidata->ai_grantee == ACL_ID_PUBLIC ||
    1365       23898 :             aidata->ai_grantee == roleid)
    1366             :         {
    1367       35050 :             result |= aidata->ai_privs & mask;
    1368       35050 :             if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
    1369       34474 :                 return result;
    1370             :         }
    1371             :     }
    1372             : 
    1373             :     /*
    1374             :      * Check privileges granted indirectly via role memberships. We do this in
    1375             :      * a separate pass to minimize expensive indirect membership tests.  In
    1376             :      * particular, it's worth testing whether a given ACL entry grants any
    1377             :      * privileges still of interest before we perform the has_privs_of_role
    1378             :      * test.
    1379             :      */
    1380        1660 :     remaining = mask & ~result;
    1381        4382 :     for (i = 0; i < num; i++)
    1382             :     {
    1383        2746 :         AclItem    *aidata = &aidat[i];
    1384             : 
    1385        5468 :         if (aidata->ai_grantee == ACL_ID_PUBLIC ||
    1386        2722 :             aidata->ai_grantee == roleid)
    1387         564 :             continue;           /* already checked it */
    1388             : 
    1389        4060 :         if ((aidata->ai_privs & remaining) &&
    1390        1878 :             has_privs_of_role(roleid, aidata->ai_grantee))
    1391             :         {
    1392          24 :             result |= aidata->ai_privs & mask;
    1393          24 :             if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
    1394          24 :                 return result;
    1395           0 :             remaining = mask & ~result;
    1396             :         }
    1397             :     }
    1398             : 
    1399        1636 :     return result;
    1400             : }
    1401             : 
    1402             : 
    1403             : /*
    1404             :  * aclmask_direct --- compute bitmask of all privileges held by roleid.
    1405             :  *
    1406             :  * This is exactly like aclmask() except that we consider only privileges
    1407             :  * held *directly* by roleid, not those inherited via role membership.
    1408             :  */
    1409             : static AclMode
    1410         144 : aclmask_direct(const Acl *acl, Oid roleid, Oid ownerId,
    1411             :                AclMode mask, AclMaskHow how)
    1412             : {
    1413             :     AclMode     result;
    1414             :     AclItem    *aidat;
    1415             :     int         i,
    1416             :                 num;
    1417             : 
    1418             :     /*
    1419             :      * Null ACL should not happen, since caller should have inserted
    1420             :      * appropriate default
    1421             :      */
    1422         144 :     if (acl == NULL)
    1423           0 :         elog(ERROR, "null ACL");
    1424             : 
    1425         144 :     check_acl(acl);
    1426             : 
    1427             :     /* Quick exit for mask == 0 */
    1428         144 :     if (mask == 0)
    1429           0 :         return 0;
    1430             : 
    1431         144 :     result = 0;
    1432             : 
    1433             :     /* Owner always implicitly has all grant options */
    1434         144 :     if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
    1435             :         roleid == ownerId)
    1436             :     {
    1437           0 :         result = mask & ACLITEM_ALL_GOPTION_BITS;
    1438           0 :         if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
    1439           0 :             return result;
    1440             :     }
    1441             : 
    1442         144 :     num = ACL_NUM(acl);
    1443         144 :     aidat = ACL_DAT(acl);
    1444             : 
    1445             :     /*
    1446             :      * Check privileges granted directly to roleid (and not to public)
    1447             :      */
    1448         416 :     for (i = 0; i < num; i++)
    1449             :     {
    1450         364 :         AclItem    *aidata = &aidat[i];
    1451             : 
    1452         364 :         if (aidata->ai_grantee == roleid)
    1453             :         {
    1454         116 :             result |= aidata->ai_privs & mask;
    1455         116 :             if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
    1456          92 :                 return result;
    1457             :         }
    1458             :     }
    1459             : 
    1460          52 :     return result;
    1461             : }
    1462             : 
    1463             : 
    1464             : /*
    1465             :  * aclmembers
    1466             :  *      Find out all the roleids mentioned in an Acl.
    1467             :  *      Note that we do not distinguish grantors from grantees.
    1468             :  *
    1469             :  * *roleids is set to point to a palloc'd array containing distinct OIDs
    1470             :  * in sorted order.  The length of the array is the function result.
    1471             :  */
    1472             : int
    1473       88310 : aclmembers(const Acl *acl, Oid **roleids)
    1474             : {
    1475             :     Oid        *list;
    1476             :     const AclItem *acldat;
    1477             :     int         i,
    1478             :                 j,
    1479             :                 k;
    1480             : 
    1481       88310 :     if (acl == NULL || ACL_NUM(acl) == 0)
    1482             :     {
    1483       43114 :         *roleids = NULL;
    1484       43114 :         return 0;
    1485             :     }
    1486             : 
    1487       45196 :     check_acl(acl);
    1488             : 
    1489             :     /* Allocate the worst-case space requirement */
    1490       45196 :     list = palloc(ACL_NUM(acl) * 2 * sizeof(Oid));
    1491       45196 :     acldat = ACL_DAT(acl);
    1492             : 
    1493             :     /*
    1494             :      * Walk the ACL collecting mentioned RoleIds.
    1495             :      */
    1496       45196 :     j = 0;
    1497      115792 :     for (i = 0; i < ACL_NUM(acl); i++)
    1498             :     {
    1499       70596 :         const AclItem *ai = &acldat[i];
    1500             : 
    1501       70596 :         if (ai->ai_grantee != ACL_ID_PUBLIC)
    1502       46478 :             list[j++] = ai->ai_grantee;
    1503             :         /* grantor is currently never PUBLIC, but let's check anyway */
    1504       70596 :         if (ai->ai_grantor != ACL_ID_PUBLIC)
    1505       70596 :             list[j++] = ai->ai_grantor;
    1506             :     }
    1507             : 
    1508             :     /* Sort the array */
    1509       45196 :     qsort(list, j, sizeof(Oid), oid_cmp);
    1510             : 
    1511             :     /* Remove duplicates from the array */
    1512       45196 :     k = 0;
    1513      117074 :     for (i = 1; i < j; i++)
    1514             :     {
    1515       71878 :         if (list[k] != list[i])
    1516        3594 :             list[++k] = list[i];
    1517             :     }
    1518             : 
    1519             :     /*
    1520             :      * We could repalloc the array down to minimum size, but it's hardly worth
    1521             :      * it since it's only transient memory.
    1522             :      */
    1523       45196 :     *roleids = list;
    1524             : 
    1525       45196 :     return k + 1;
    1526             : }
    1527             : 
    1528             : 
    1529             : /*
    1530             :  * aclinsert (exported function)
    1531             :  */
    1532             : Datum
    1533           0 : aclinsert(PG_FUNCTION_ARGS)
    1534             : {
    1535           0 :     ereport(ERROR,
    1536             :             (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
    1537             :              errmsg("aclinsert is no longer supported")));
    1538             : 
    1539             :     PG_RETURN_NULL();           /* keep compiler quiet */
    1540             : }
    1541             : 
    1542             : Datum
    1543           0 : aclremove(PG_FUNCTION_ARGS)
    1544             : {
    1545           0 :     ereport(ERROR,
    1546             :             (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
    1547             :              errmsg("aclremove is no longer supported")));
    1548             : 
    1549             :     PG_RETURN_NULL();           /* keep compiler quiet */
    1550             : }
    1551             : 
    1552             : Datum
    1553           0 : aclcontains(PG_FUNCTION_ARGS)
    1554             : {
    1555           0 :     Acl        *acl = PG_GETARG_ACL_P(0);
    1556           0 :     AclItem    *aip = PG_GETARG_ACLITEM_P(1);
    1557             :     AclItem    *aidat;
    1558             :     int         i,
    1559             :                 num;
    1560             : 
    1561           0 :     check_acl(acl);
    1562           0 :     num = ACL_NUM(acl);
    1563           0 :     aidat = ACL_DAT(acl);
    1564           0 :     for (i = 0; i < num; ++i)
    1565             :     {
    1566           0 :         if (aip->ai_grantee == aidat[i].ai_grantee &&
    1567           0 :             aip->ai_grantor == aidat[i].ai_grantor &&
    1568           0 :             (ACLITEM_GET_RIGHTS(*aip) & ACLITEM_GET_RIGHTS(aidat[i])) == ACLITEM_GET_RIGHTS(*aip))
    1569           0 :             PG_RETURN_BOOL(true);
    1570             :     }
    1571           0 :     PG_RETURN_BOOL(false);
    1572             : }
    1573             : 
    1574             : Datum
    1575           0 : makeaclitem(PG_FUNCTION_ARGS)
    1576             : {
    1577           0 :     Oid         grantee = PG_GETARG_OID(0);
    1578           0 :     Oid         grantor = PG_GETARG_OID(1);
    1579           0 :     text       *privtext = PG_GETARG_TEXT_PP(2);
    1580           0 :     bool        goption = PG_GETARG_BOOL(3);
    1581             :     AclItem    *result;
    1582             :     AclMode     priv;
    1583             : 
    1584           0 :     priv = convert_priv_string(privtext);
    1585             : 
    1586           0 :     result = (AclItem *) palloc(sizeof(AclItem));
    1587             : 
    1588           0 :     result->ai_grantee = grantee;
    1589           0 :     result->ai_grantor = grantor;
    1590             : 
    1591           0 :     ACLITEM_SET_PRIVS_GOPTIONS(*result, priv,
    1592             :                                (goption ? priv : ACL_NO_RIGHTS));
    1593             : 
    1594           0 :     PG_RETURN_ACLITEM_P(result);
    1595             : }
    1596             : 
    1597             : static AclMode
    1598           0 : convert_priv_string(text *priv_type_text)
    1599             : {
    1600           0 :     char       *priv_type = text_to_cstring(priv_type_text);
    1601             : 
    1602           0 :     if (pg_strcasecmp(priv_type, "SELECT") == 0)
    1603           0 :         return ACL_SELECT;
    1604           0 :     if (pg_strcasecmp(priv_type, "INSERT") == 0)
    1605           0 :         return ACL_INSERT;
    1606           0 :     if (pg_strcasecmp(priv_type, "UPDATE") == 0)
    1607           0 :         return ACL_UPDATE;
    1608           0 :     if (pg_strcasecmp(priv_type, "DELETE") == 0)
    1609           0 :         return ACL_DELETE;
    1610           0 :     if (pg_strcasecmp(priv_type, "TRUNCATE") == 0)
    1611           0 :         return ACL_TRUNCATE;
    1612           0 :     if (pg_strcasecmp(priv_type, "REFERENCES") == 0)
    1613           0 :         return ACL_REFERENCES;
    1614           0 :     if (pg_strcasecmp(priv_type, "TRIGGER") == 0)
    1615           0 :         return ACL_TRIGGER;
    1616           0 :     if (pg_strcasecmp(priv_type, "EXECUTE") == 0)
    1617           0 :         return ACL_EXECUTE;
    1618           0 :     if (pg_strcasecmp(priv_type, "USAGE") == 0)
    1619           0 :         return ACL_USAGE;
    1620           0 :     if (pg_strcasecmp(priv_type, "CREATE") == 0)
    1621           0 :         return ACL_CREATE;
    1622           0 :     if (pg_strcasecmp(priv_type, "TEMP") == 0)
    1623           0 :         return ACL_CREATE_TEMP;
    1624           0 :     if (pg_strcasecmp(priv_type, "TEMPORARY") == 0)
    1625           0 :         return ACL_CREATE_TEMP;
    1626           0 :     if (pg_strcasecmp(priv_type, "CONNECT") == 0)
    1627           0 :         return ACL_CONNECT;
    1628           0 :     if (pg_strcasecmp(priv_type, "RULE") == 0)
    1629           0 :         return 0;               /* ignore old RULE privileges */
    1630             : 
    1631           0 :     ereport(ERROR,
    1632             :             (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    1633             :              errmsg("unrecognized privilege type: \"%s\"", priv_type)));
    1634             :     return ACL_NO_RIGHTS;       /* keep compiler quiet */
    1635             : }
    1636             : 
    1637             : 
    1638             : /*
    1639             :  * convert_any_priv_string: recognize privilege strings for has_foo_privilege
    1640             :  *
    1641             :  * We accept a comma-separated list of case-insensitive privilege names,
    1642             :  * producing a bitmask of the OR'd privilege bits.  We are liberal about
    1643             :  * whitespace between items, not so much about whitespace within items.
    1644             :  * The allowed privilege names are given as an array of priv_map structs,
    1645             :  * terminated by one with a NULL name pointer.
    1646             :  */
    1647             : static AclMode
    1648       50356 : convert_any_priv_string(text *priv_type_text,
    1649             :                         const priv_map *privileges)
    1650             : {
    1651       50356 :     AclMode     result = 0;
    1652       50356 :     char       *priv_type = text_to_cstring(priv_type_text);
    1653             :     char       *chunk;
    1654             :     char       *next_chunk;
    1655             : 
    1656             :     /* We rely on priv_type being a private, modifiable string */
    1657      100780 :     for (chunk = priv_type; chunk; chunk = next_chunk)
    1658             :     {
    1659             :         int         chunk_len;
    1660             :         const priv_map *this_priv;
    1661             : 
    1662             :         /* Split string at commas */
    1663       50432 :         next_chunk = strchr(chunk, ',');
    1664       50432 :         if (next_chunk)
    1665          76 :             *next_chunk++ = '\0';
    1666             : 
    1667             :         /* Drop leading/trailing whitespace in this chunk */
    1668      100864 :         while (*chunk && isspace((unsigned char) *chunk))
    1669           0 :             chunk++;
    1670       50432 :         chunk_len = strlen(chunk);
    1671      100864 :         while (chunk_len > 0 && isspace((unsigned char) chunk[chunk_len - 1]))
    1672           0 :             chunk_len--;
    1673       50432 :         chunk[chunk_len] = '\0';
    1674             : 
    1675             :         /* Match to the privileges list */
    1676       51484 :         for (this_priv = privileges; this_priv->name; this_priv++)
    1677             :         {
    1678       51476 :             if (pg_strcasecmp(this_priv->name, chunk) == 0)
    1679             :             {
    1680       50424 :                 result |= this_priv->value;
    1681       50424 :                 break;
    1682             :             }
    1683             :         }
    1684       50432 :         if (!this_priv->name)
    1685           8 :             ereport(ERROR,
    1686             :                     (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    1687             :                      errmsg("unrecognized privilege type: \"%s\"", chunk)));
    1688             :     }
    1689             : 
    1690       50348 :     pfree(priv_type);
    1691       50348 :     return result;
    1692             : }
    1693             : 
    1694             : 
    1695             : static const char *
    1696          64 : convert_aclright_to_string(int aclright)
    1697             : {
    1698          64 :     switch (aclright)
    1699             :     {
    1700             :         case ACL_INSERT:
    1701           0 :             return "INSERT";
    1702             :         case ACL_SELECT:
    1703           0 :             return "SELECT";
    1704             :         case ACL_UPDATE:
    1705           0 :             return "UPDATE";
    1706             :         case ACL_DELETE:
    1707           0 :             return "DELETE";
    1708             :         case ACL_TRUNCATE:
    1709           0 :             return "TRUNCATE";
    1710             :         case ACL_REFERENCES:
    1711           0 :             return "REFERENCES";
    1712             :         case ACL_TRIGGER:
    1713           0 :             return "TRIGGER";
    1714             :         case ACL_EXECUTE:
    1715           0 :             return "EXECUTE";
    1716             :         case ACL_USAGE:
    1717          64 :             return "USAGE";
    1718             :         case ACL_CREATE:
    1719           0 :             return "CREATE";
    1720             :         case ACL_CREATE_TEMP:
    1721           0 :             return "TEMPORARY";
    1722             :         case ACL_CONNECT:
    1723           0 :             return "CONNECT";
    1724             :         default:
    1725           0 :             elog(ERROR, "unrecognized aclright: %d", aclright);
    1726             :             return NULL;
    1727             :     }
    1728             : }
    1729             : 
    1730             : 
    1731             : /*----------
    1732             :  * Convert an aclitem[] to a table.
    1733             :  *
    1734             :  * Example:
    1735             :  *
    1736             :  * aclexplode('{=r/joe,foo=a*w/joe}'::aclitem[])
    1737             :  *
    1738             :  * returns the table
    1739             :  *
    1740             :  * {{ OID(joe), 0::OID,   'SELECT', false },
    1741             :  *  { OID(joe), OID(foo), 'INSERT', true },
    1742             :  *  { OID(joe), OID(foo), 'UPDATE', false }}
    1743             :  *----------
    1744             :  */
    1745             : Datum
    1746          96 : aclexplode(PG_FUNCTION_ARGS)
    1747             : {
    1748          96 :     Acl        *acl = PG_GETARG_ACL_P(0);
    1749             :     FuncCallContext *funcctx;
    1750             :     int        *idx;
    1751             :     AclItem    *aidat;
    1752             : 
    1753          96 :     if (SRF_IS_FIRSTCALL())
    1754             :     {
    1755             :         TupleDesc   tupdesc;
    1756             :         MemoryContext oldcontext;
    1757             : 
    1758          32 :         check_acl(acl);
    1759             : 
    1760          32 :         funcctx = SRF_FIRSTCALL_INIT();
    1761          32 :         oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
    1762             : 
    1763             :         /*
    1764             :          * build tupdesc for result tuples (matches out parameters in pg_proc
    1765             :          * entry)
    1766             :          */
    1767          32 :         tupdesc = CreateTemplateTupleDesc(4);
    1768          32 :         TupleDescInitEntry(tupdesc, (AttrNumber) 1, "grantor",
    1769             :                            OIDOID, -1, 0);
    1770          32 :         TupleDescInitEntry(tupdesc, (AttrNumber) 2, "grantee",
    1771             :                            OIDOID, -1, 0);
    1772          32 :         TupleDescInitEntry(tupdesc, (AttrNumber) 3, "privilege_type",
    1773             :                            TEXTOID, -1, 0);
    1774          32 :         TupleDescInitEntry(tupdesc, (AttrNumber) 4, "is_grantable",
    1775             :                            BOOLOID, -1, 0);
    1776             : 
    1777          32 :         funcctx->tuple_desc = BlessTupleDesc(tupdesc);
    1778             : 
    1779             :         /* allocate memory for user context */
    1780          32 :         idx = (int *) palloc(sizeof(int[2]));
    1781          32 :         idx[0] = 0;             /* ACL array item index */
    1782          32 :         idx[1] = -1;            /* privilege type counter */
    1783          32 :         funcctx->user_fctx = (void *) idx;
    1784             : 
    1785          32 :         MemoryContextSwitchTo(oldcontext);
    1786             :     }
    1787             : 
    1788          96 :     funcctx = SRF_PERCALL_SETUP();
    1789          96 :     idx = (int *) funcctx->user_fctx;
    1790          96 :     aidat = ACL_DAT(acl);
    1791             : 
    1792             :     /* need test here in case acl has no items */
    1793         896 :     while (idx[0] < ACL_NUM(acl))
    1794             :     {
    1795             :         AclItem    *aidata;
    1796             :         AclMode     priv_bit;
    1797             : 
    1798         800 :         idx[1]++;
    1799         800 :         if (idx[1] == N_ACL_RIGHTS)
    1800             :         {
    1801          64 :             idx[1] = 0;
    1802          64 :             idx[0]++;
    1803          64 :             if (idx[0] >= ACL_NUM(acl)) /* done */
    1804          32 :                 break;
    1805             :         }
    1806         768 :         aidata = &aidat[idx[0]];
    1807         768 :         priv_bit = 1 << idx[1];
    1808             : 
    1809         768 :         if (ACLITEM_GET_PRIVS(*aidata) & priv_bit)
    1810             :         {
    1811             :             Datum       result;
    1812             :             Datum       values[4];
    1813             :             bool        nulls[4];
    1814             :             HeapTuple   tuple;
    1815             : 
    1816          64 :             values[0] = ObjectIdGetDatum(aidata->ai_grantor);
    1817          64 :             values[1] = ObjectIdGetDatum(aidata->ai_grantee);
    1818          64 :             values[2] = CStringGetTextDatum(convert_aclright_to_string(priv_bit));
    1819          64 :             values[3] = BoolGetDatum((ACLITEM_GET_GOPTIONS(*aidata) & priv_bit) != 0);
    1820             : 
    1821          64 :             MemSet(nulls, 0, sizeof(nulls));
    1822             : 
    1823          64 :             tuple = heap_form_tuple(funcctx->tuple_desc, values, nulls);
    1824          64 :             result = HeapTupleGetDatum(tuple);
    1825             : 
    1826          64 :             SRF_RETURN_NEXT(funcctx, result);
    1827             :         }
    1828             :     }
    1829             : 
    1830          32 :     SRF_RETURN_DONE(funcctx);
    1831             : }
    1832             : 
    1833             : 
    1834             : /*
    1835             :  * has_table_privilege variants
    1836             :  *      These are all named "has_table_privilege" at the SQL level.
    1837             :  *      They take various combinations of relation name, relation OID,
    1838             :  *      user name, user OID, or implicit user = current_user.
    1839             :  *
    1840             :  *      The result is a boolean value: true if user has the indicated
    1841             :  *      privilege, false if not.  The variants that take a relation OID
    1842             :  *      return NULL if the OID doesn't exist (rather than failing, as
    1843             :  *      they did before Postgres 8.4).
    1844             :  */
    1845             : 
    1846             : /*
    1847             :  * has_table_privilege_name_name
    1848             :  *      Check user privileges on a table given
    1849             :  *      name username, text tablename, and text priv name.
    1850             :  */
    1851             : Datum
    1852         104 : has_table_privilege_name_name(PG_FUNCTION_ARGS)
    1853             : {
    1854         104 :     Name        rolename = PG_GETARG_NAME(0);
    1855         104 :     text       *tablename = PG_GETARG_TEXT_PP(1);
    1856         104 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    1857             :     Oid         roleid;
    1858             :     Oid         tableoid;
    1859             :     AclMode     mode;
    1860             :     AclResult   aclresult;
    1861             : 
    1862         104 :     roleid = get_role_oid_or_public(NameStr(*rolename));
    1863         100 :     tableoid = convert_table_name(tablename);
    1864         100 :     mode = convert_table_priv_string(priv_type_text);
    1865             : 
    1866         100 :     aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    1867             : 
    1868         100 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    1869             : }
    1870             : 
    1871             : /*
    1872             :  * has_table_privilege_name
    1873             :  *      Check user privileges on a table given
    1874             :  *      text tablename and text priv name.
    1875             :  *      current_user is assumed
    1876             :  */
    1877             : Datum
    1878          44 : has_table_privilege_name(PG_FUNCTION_ARGS)
    1879             : {
    1880          44 :     text       *tablename = PG_GETARG_TEXT_PP(0);
    1881          44 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    1882             :     Oid         roleid;
    1883             :     Oid         tableoid;
    1884             :     AclMode     mode;
    1885             :     AclResult   aclresult;
    1886             : 
    1887          44 :     roleid = GetUserId();
    1888          44 :     tableoid = convert_table_name(tablename);
    1889          40 :     mode = convert_table_priv_string(priv_type_text);
    1890             : 
    1891          36 :     aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    1892             : 
    1893          36 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    1894             : }
    1895             : 
    1896             : /*
    1897             :  * has_table_privilege_name_id
    1898             :  *      Check user privileges on a table given
    1899             :  *      name usename, table oid, and text priv name.
    1900             :  */
    1901             : Datum
    1902          16 : has_table_privilege_name_id(PG_FUNCTION_ARGS)
    1903             : {
    1904          16 :     Name        username = PG_GETARG_NAME(0);
    1905          16 :     Oid         tableoid = PG_GETARG_OID(1);
    1906          16 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    1907             :     Oid         roleid;
    1908             :     AclMode     mode;
    1909             :     AclResult   aclresult;
    1910             : 
    1911          16 :     roleid = get_role_oid_or_public(NameStr(*username));
    1912          16 :     mode = convert_table_priv_string(priv_type_text);
    1913             : 
    1914          16 :     if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
    1915           0 :         PG_RETURN_NULL();
    1916             : 
    1917          16 :     aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    1918             : 
    1919          16 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    1920             : }
    1921             : 
    1922             : /*
    1923             :  * has_table_privilege_id
    1924             :  *      Check user privileges on a table given
    1925             :  *      table oid, and text priv name.
    1926             :  *      current_user is assumed
    1927             :  */
    1928             : Datum
    1929       13212 : has_table_privilege_id(PG_FUNCTION_ARGS)
    1930             : {
    1931       13212 :     Oid         tableoid = PG_GETARG_OID(0);
    1932       13212 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    1933             :     Oid         roleid;
    1934             :     AclMode     mode;
    1935             :     AclResult   aclresult;
    1936             : 
    1937       13212 :     roleid = GetUserId();
    1938       13212 :     mode = convert_table_priv_string(priv_type_text);
    1939             : 
    1940       13212 :     if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
    1941           4 :         PG_RETURN_NULL();
    1942             : 
    1943       13208 :     aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    1944             : 
    1945       13208 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    1946             : }
    1947             : 
    1948             : /*
    1949             :  * has_table_privilege_id_name
    1950             :  *      Check user privileges on a table given
    1951             :  *      roleid, text tablename, and text priv name.
    1952             :  */
    1953             : Datum
    1954          28 : has_table_privilege_id_name(PG_FUNCTION_ARGS)
    1955             : {
    1956          28 :     Oid         roleid = PG_GETARG_OID(0);
    1957          28 :     text       *tablename = PG_GETARG_TEXT_PP(1);
    1958          28 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    1959             :     Oid         tableoid;
    1960             :     AclMode     mode;
    1961             :     AclResult   aclresult;
    1962             : 
    1963          28 :     tableoid = convert_table_name(tablename);
    1964          28 :     mode = convert_table_priv_string(priv_type_text);
    1965             : 
    1966          28 :     aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    1967             : 
    1968          28 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    1969             : }
    1970             : 
    1971             : /*
    1972             :  * has_table_privilege_id_id
    1973             :  *      Check user privileges on a table given
    1974             :  *      roleid, table oid, and text priv name.
    1975             :  */
    1976             : Datum
    1977          24 : has_table_privilege_id_id(PG_FUNCTION_ARGS)
    1978             : {
    1979          24 :     Oid         roleid = PG_GETARG_OID(0);
    1980          24 :     Oid         tableoid = PG_GETARG_OID(1);
    1981          24 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    1982             :     AclMode     mode;
    1983             :     AclResult   aclresult;
    1984             : 
    1985          24 :     mode = convert_table_priv_string(priv_type_text);
    1986             : 
    1987          24 :     if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
    1988           0 :         PG_RETURN_NULL();
    1989             : 
    1990          24 :     aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    1991             : 
    1992          24 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    1993             : }
    1994             : 
    1995             : /*
    1996             :  *      Support routines for has_table_privilege family.
    1997             :  */
    1998             : 
    1999             : /*
    2000             :  * Given a table name expressed as a string, look it up and return Oid
    2001             :  */
    2002             : static Oid
    2003         208 : convert_table_name(text *tablename)
    2004             : {
    2005             :     RangeVar   *relrv;
    2006             : 
    2007         208 :     relrv = makeRangeVarFromNameList(textToQualifiedNameList(tablename));
    2008             : 
    2009             :     /* We might not even have permissions on this relation; don't lock it. */
    2010         208 :     return RangeVarGetRelid(relrv, NoLock, false);
    2011             : }
    2012             : 
    2013             : /*
    2014             :  * convert_table_priv_string
    2015             :  *      Convert text string to AclMode value.
    2016             :  */
    2017             : static AclMode
    2018       13420 : convert_table_priv_string(text *priv_type_text)
    2019             : {
    2020             :     static const priv_map table_priv_map[] = {
    2021             :         {"SELECT", ACL_SELECT},
    2022             :         {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
    2023             :         {"INSERT", ACL_INSERT},
    2024             :         {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
    2025             :         {"UPDATE", ACL_UPDATE},
    2026             :         {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
    2027             :         {"DELETE", ACL_DELETE},
    2028             :         {"DELETE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_DELETE)},
    2029             :         {"TRUNCATE", ACL_TRUNCATE},
    2030             :         {"TRUNCATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRUNCATE)},
    2031             :         {"REFERENCES", ACL_REFERENCES},
    2032             :         {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
    2033             :         {"TRIGGER", ACL_TRIGGER},
    2034             :         {"TRIGGER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRIGGER)},
    2035             :         {"RULE", 0},          /* ignore old RULE privileges */
    2036             :         {"RULE WITH GRANT OPTION", 0},
    2037             :         {NULL, 0}
    2038             :     };
    2039             : 
    2040       13420 :     return convert_any_priv_string(priv_type_text, table_priv_map);
    2041             : }
    2042             : 
    2043             : /*
    2044             :  * has_sequence_privilege variants
    2045             :  *      These are all named "has_sequence_privilege" at the SQL level.
    2046             :  *      They take various combinations of relation name, relation OID,
    2047             :  *      user name, user OID, or implicit user = current_user.
    2048             :  *
    2049             :  *      The result is a boolean value: true if user has the indicated
    2050             :  *      privilege, false if not.  The variants that take a relation OID
    2051             :  *      return NULL if the OID doesn't exist.
    2052             :  */
    2053             : 
    2054             : /*
    2055             :  * has_sequence_privilege_name_name
    2056             :  *      Check user privileges on a sequence given
    2057             :  *      name username, text sequencename, and text priv name.
    2058             :  */
    2059             : Datum
    2060          12 : has_sequence_privilege_name_name(PG_FUNCTION_ARGS)
    2061             : {
    2062          12 :     Name        rolename = PG_GETARG_NAME(0);
    2063          12 :     text       *sequencename = PG_GETARG_TEXT_PP(1);
    2064          12 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    2065             :     Oid         roleid;
    2066             :     Oid         sequenceoid;
    2067             :     AclMode     mode;
    2068             :     AclResult   aclresult;
    2069             : 
    2070          12 :     roleid = get_role_oid_or_public(NameStr(*rolename));
    2071          12 :     mode = convert_sequence_priv_string(priv_type_text);
    2072           8 :     sequenceoid = convert_table_name(sequencename);
    2073           8 :     if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
    2074           4 :         ereport(ERROR,
    2075             :                 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
    2076             :                  errmsg("\"%s\" is not a sequence",
    2077             :                         text_to_cstring(sequencename))));
    2078             : 
    2079           4 :     aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
    2080             : 
    2081           4 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    2082             : }
    2083             : 
    2084             : /*
    2085             :  * has_sequence_privilege_name
    2086             :  *      Check user privileges on a sequence given
    2087             :  *      text sequencename and text priv name.
    2088             :  *      current_user is assumed
    2089             :  */
    2090             : Datum
    2091           4 : has_sequence_privilege_name(PG_FUNCTION_ARGS)
    2092             : {
    2093           4 :     text       *sequencename = PG_GETARG_TEXT_PP(0);
    2094           4 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    2095             :     Oid         roleid;
    2096             :     Oid         sequenceoid;
    2097             :     AclMode     mode;
    2098             :     AclResult   aclresult;
    2099             : 
    2100           4 :     roleid = GetUserId();
    2101           4 :     mode = convert_sequence_priv_string(priv_type_text);
    2102           4 :     sequenceoid = convert_table_name(sequencename);
    2103           4 :     if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
    2104           0 :         ereport(ERROR,
    2105             :                 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
    2106             :                  errmsg("\"%s\" is not a sequence",
    2107             :                         text_to_cstring(sequencename))));
    2108             : 
    2109           4 :     aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
    2110             : 
    2111           4 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    2112             : }
    2113             : 
    2114             : /*
    2115             :  * has_sequence_privilege_name_id
    2116             :  *      Check user privileges on a sequence given
    2117             :  *      name usename, sequence oid, and text priv name.
    2118             :  */
    2119             : Datum
    2120           0 : has_sequence_privilege_name_id(PG_FUNCTION_ARGS)
    2121             : {
    2122           0 :     Name        username = PG_GETARG_NAME(0);
    2123           0 :     Oid         sequenceoid = PG_GETARG_OID(1);
    2124           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    2125             :     Oid         roleid;
    2126             :     AclMode     mode;
    2127             :     AclResult   aclresult;
    2128             :     char        relkind;
    2129             : 
    2130           0 :     roleid = get_role_oid_or_public(NameStr(*username));
    2131           0 :     mode = convert_sequence_priv_string(priv_type_text);
    2132           0 :     relkind = get_rel_relkind(sequenceoid);
    2133           0 :     if (relkind == '\0')
    2134           0 :         PG_RETURN_NULL();
    2135           0 :     else if (relkind != RELKIND_SEQUENCE)
    2136           0 :         ereport(ERROR,
    2137             :                 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
    2138             :                  errmsg("\"%s\" is not a sequence",
    2139             :                         get_rel_name(sequenceoid))));
    2140             : 
    2141           0 :     aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
    2142             : 
    2143           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    2144             : }
    2145             : 
    2146             : /*
    2147             :  * has_sequence_privilege_id
    2148             :  *      Check user privileges on a sequence given
    2149             :  *      sequence oid, and text priv name.
    2150             :  *      current_user is assumed
    2151             :  */
    2152             : Datum
    2153          76 : has_sequence_privilege_id(PG_FUNCTION_ARGS)
    2154             : {
    2155          76 :     Oid         sequenceoid = PG_GETARG_OID(0);
    2156          76 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    2157             :     Oid         roleid;
    2158             :     AclMode     mode;
    2159             :     AclResult   aclresult;
    2160             :     char        relkind;
    2161             : 
    2162          76 :     roleid = GetUserId();
    2163          76 :     mode = convert_sequence_priv_string(priv_type_text);
    2164          76 :     relkind = get_rel_relkind(sequenceoid);
    2165          76 :     if (relkind == '\0')
    2166           0 :         PG_RETURN_NULL();
    2167          76 :     else if (relkind != RELKIND_SEQUENCE)
    2168           0 :         ereport(ERROR,
    2169             :                 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
    2170             :                  errmsg("\"%s\" is not a sequence",
    2171             :                         get_rel_name(sequenceoid))));
    2172             : 
    2173          76 :     aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
    2174             : 
    2175          76 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    2176             : }
    2177             : 
    2178             : /*
    2179             :  * has_sequence_privilege_id_name
    2180             :  *      Check user privileges on a sequence given
    2181             :  *      roleid, text sequencename, and text priv name.
    2182             :  */
    2183             : Datum
    2184           0 : has_sequence_privilege_id_name(PG_FUNCTION_ARGS)
    2185             : {
    2186           0 :     Oid         roleid = PG_GETARG_OID(0);
    2187           0 :     text       *sequencename = PG_GETARG_TEXT_PP(1);
    2188           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    2189             :     Oid         sequenceoid;
    2190             :     AclMode     mode;
    2191             :     AclResult   aclresult;
    2192             : 
    2193           0 :     mode = convert_sequence_priv_string(priv_type_text);
    2194           0 :     sequenceoid = convert_table_name(sequencename);
    2195           0 :     if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
    2196           0 :         ereport(ERROR,
    2197             :                 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
    2198             :                  errmsg("\"%s\" is not a sequence",
    2199             :                         text_to_cstring(sequencename))));
    2200             : 
    2201           0 :     aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
    2202             : 
    2203           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    2204             : }
    2205             : 
    2206             : /*
    2207             :  * has_sequence_privilege_id_id
    2208             :  *      Check user privileges on a sequence given
    2209             :  *      roleid, sequence oid, and text priv name.
    2210             :  */
    2211             : Datum
    2212           0 : has_sequence_privilege_id_id(PG_FUNCTION_ARGS)
    2213             : {
    2214           0 :     Oid         roleid = PG_GETARG_OID(0);
    2215           0 :     Oid         sequenceoid = PG_GETARG_OID(1);
    2216           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    2217             :     AclMode     mode;
    2218             :     AclResult   aclresult;
    2219             :     char        relkind;
    2220             : 
    2221           0 :     mode = convert_sequence_priv_string(priv_type_text);
    2222           0 :     relkind = get_rel_relkind(sequenceoid);
    2223           0 :     if (relkind == '\0')
    2224           0 :         PG_RETURN_NULL();
    2225           0 :     else if (relkind != RELKIND_SEQUENCE)
    2226           0 :         ereport(ERROR,
    2227             :                 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
    2228             :                  errmsg("\"%s\" is not a sequence",
    2229             :                         get_rel_name(sequenceoid))));
    2230             : 
    2231           0 :     aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
    2232             : 
    2233           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    2234             : }
    2235             : 
    2236             : /*
    2237             :  * convert_sequence_priv_string
    2238             :  *      Convert text string to AclMode value.
    2239             :  */
    2240             : static AclMode
    2241          92 : convert_sequence_priv_string(text *priv_type_text)
    2242             : {
    2243             :     static const priv_map sequence_priv_map[] = {
    2244             :         {"USAGE", ACL_USAGE},
    2245             :         {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
    2246             :         {"SELECT", ACL_SELECT},
    2247             :         {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
    2248             :         {"UPDATE", ACL_UPDATE},
    2249             :         {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
    2250             :         {NULL, 0}
    2251             :     };
    2252             : 
    2253          92 :     return convert_any_priv_string(priv_type_text, sequence_priv_map);
    2254             : }
    2255             : 
    2256             : 
    2257             : /*
    2258             :  * has_any_column_privilege variants
    2259             :  *      These are all named "has_any_column_privilege" at the SQL level.
    2260             :  *      They take various combinations of relation name, relation OID,
    2261             :  *      user name, user OID, or implicit user = current_user.
    2262             :  *
    2263             :  *      The result is a boolean value: true if user has the indicated
    2264             :  *      privilege for any column of the table, false if not.  The variants
    2265             :  *      that take a relation OID return NULL if the OID doesn't exist.
    2266             :  */
    2267             : 
    2268             : /*
    2269             :  * has_any_column_privilege_name_name
    2270             :  *      Check user privileges on any column of a table given
    2271             :  *      name username, text tablename, and text priv name.
    2272             :  */
    2273             : Datum
    2274           0 : has_any_column_privilege_name_name(PG_FUNCTION_ARGS)
    2275             : {
    2276           0 :     Name        rolename = PG_GETARG_NAME(0);
    2277           0 :     text       *tablename = PG_GETARG_TEXT_PP(1);
    2278           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    2279             :     Oid         roleid;
    2280             :     Oid         tableoid;
    2281             :     AclMode     mode;
    2282             :     AclResult   aclresult;
    2283             : 
    2284           0 :     roleid = get_role_oid_or_public(NameStr(*rolename));
    2285           0 :     tableoid = convert_table_name(tablename);
    2286           0 :     mode = convert_column_priv_string(priv_type_text);
    2287             : 
    2288             :     /* First check at table level, then examine each column if needed */
    2289           0 :     aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    2290           0 :     if (aclresult != ACLCHECK_OK)
    2291           0 :         aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
    2292             :                                               ACLMASK_ANY);
    2293             : 
    2294           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    2295             : }
    2296             : 
    2297             : /*
    2298             :  * has_any_column_privilege_name
    2299             :  *      Check user privileges on any column of a table given
    2300             :  *      text tablename and text priv name.
    2301             :  *      current_user is assumed
    2302             :  */
    2303             : Datum
    2304           0 : has_any_column_privilege_name(PG_FUNCTION_ARGS)
    2305             : {
    2306           0 :     text       *tablename = PG_GETARG_TEXT_PP(0);
    2307           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    2308             :     Oid         roleid;
    2309             :     Oid         tableoid;
    2310             :     AclMode     mode;
    2311             :     AclResult   aclresult;
    2312             : 
    2313           0 :     roleid = GetUserId();
    2314           0 :     tableoid = convert_table_name(tablename);
    2315           0 :     mode = convert_column_priv_string(priv_type_text);
    2316             : 
    2317             :     /* First check at table level, then examine each column if needed */
    2318           0 :     aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    2319           0 :     if (aclresult != ACLCHECK_OK)
    2320           0 :         aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
    2321             :                                               ACLMASK_ANY);
    2322             : 
    2323           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    2324             : }
    2325             : 
    2326             : /*
    2327             :  * has_any_column_privilege_name_id
    2328             :  *      Check user privileges on any column of a table given
    2329             :  *      name usename, table oid, and text priv name.
    2330             :  */
    2331             : Datum
    2332           0 : has_any_column_privilege_name_id(PG_FUNCTION_ARGS)
    2333             : {
    2334           0 :     Name        username = PG_GETARG_NAME(0);
    2335           0 :     Oid         tableoid = PG_GETARG_OID(1);
    2336           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    2337             :     Oid         roleid;
    2338             :     AclMode     mode;
    2339             :     AclResult   aclresult;
    2340             : 
    2341           0 :     roleid = get_role_oid_or_public(NameStr(*username));
    2342           0 :     mode = convert_column_priv_string(priv_type_text);
    2343             : 
    2344           0 :     if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
    2345           0 :         PG_RETURN_NULL();
    2346             : 
    2347             :     /* First check at table level, then examine each column if needed */
    2348           0 :     aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    2349           0 :     if (aclresult != ACLCHECK_OK)
    2350           0 :         aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
    2351             :                                               ACLMASK_ANY);
    2352             : 
    2353           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    2354             : }
    2355             : 
    2356             : /*
    2357             :  * has_any_column_privilege_id
    2358             :  *      Check user privileges on any column of a table given
    2359             :  *      table oid, and text priv name.
    2360             :  *      current_user is assumed
    2361             :  */
    2362             : Datum
    2363           0 : has_any_column_privilege_id(PG_FUNCTION_ARGS)
    2364             : {
    2365           0 :     Oid         tableoid = PG_GETARG_OID(0);
    2366           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    2367             :     Oid         roleid;
    2368             :     AclMode     mode;
    2369             :     AclResult   aclresult;
    2370             : 
    2371           0 :     roleid = GetUserId();
    2372           0 :     mode = convert_column_priv_string(priv_type_text);
    2373             : 
    2374           0 :     if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
    2375           0 :         PG_RETURN_NULL();
    2376             : 
    2377             :     /* First check at table level, then examine each column if needed */
    2378           0 :     aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    2379           0 :     if (aclresult != ACLCHECK_OK)
    2380           0 :         aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
    2381             :                                               ACLMASK_ANY);
    2382             : 
    2383           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    2384             : }
    2385             : 
    2386             : /*
    2387             :  * has_any_column_privilege_id_name
    2388             :  *      Check user privileges on any column of a table given
    2389             :  *      roleid, text tablename, and text priv name.
    2390             :  */
    2391             : Datum
    2392           0 : has_any_column_privilege_id_name(PG_FUNCTION_ARGS)
    2393             : {
    2394           0 :     Oid         roleid = PG_GETARG_OID(0);
    2395           0 :     text       *tablename = PG_GETARG_TEXT_PP(1);
    2396           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    2397             :     Oid         tableoid;
    2398             :     AclMode     mode;
    2399             :     AclResult   aclresult;
    2400             : 
    2401           0 :     tableoid = convert_table_name(tablename);
    2402           0 :     mode = convert_column_priv_string(priv_type_text);
    2403             : 
    2404             :     /* First check at table level, then examine each column if needed */
    2405           0 :     aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    2406           0 :     if (aclresult != ACLCHECK_OK)
    2407           0 :         aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
    2408             :                                               ACLMASK_ANY);
    2409             : 
    2410           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    2411             : }
    2412             : 
    2413             : /*
    2414             :  * has_any_column_privilege_id_id
    2415             :  *      Check user privileges on any column of a table given
    2416             :  *      roleid, table oid, and text priv name.
    2417             :  */
    2418             : Datum
    2419           0 : has_any_column_privilege_id_id(PG_FUNCTION_ARGS)
    2420             : {
    2421           0 :     Oid         roleid = PG_GETARG_OID(0);
    2422           0 :     Oid         tableoid = PG_GETARG_OID(1);
    2423           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    2424             :     AclMode     mode;
    2425             :     AclResult   aclresult;
    2426             : 
    2427           0 :     mode = convert_column_priv_string(priv_type_text);
    2428             : 
    2429           0 :     if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
    2430           0 :         PG_RETURN_NULL();
    2431             : 
    2432             :     /* First check at table level, then examine each column if needed */
    2433           0 :     aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    2434           0 :     if (aclresult != ACLCHECK_OK)
    2435           0 :         aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
    2436             :                                               ACLMASK_ANY);
    2437             : 
    2438           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    2439             : }
    2440             : 
    2441             : 
    2442             : /*
    2443             :  * has_column_privilege variants
    2444             :  *      These are all named "has_column_privilege" at the SQL level.
    2445             :  *      They take various combinations of relation name, relation OID,
    2446             :  *      column name, column attnum, user name, user OID, or
    2447             :  *      implicit user = current_user.
    2448             :  *
    2449             :  *      The result is a boolean value: true if user has the indicated
    2450             :  *      privilege, false if not.  The variants that take a relation OID
    2451             :  *      return NULL (rather than throwing an error) if that relation OID
    2452             :  *      doesn't exist.  Likewise, the variants that take an integer attnum
    2453             :  *      return NULL (rather than throwing an error) if there is no such
    2454             :  *      pg_attribute entry.  All variants return NULL if an attisdropped
    2455             :  *      column is selected.  These rules are meant to avoid unnecessary
    2456             :  *      failures in queries that scan pg_attribute.
    2457             :  */
    2458             : 
    2459             : /*
    2460             :  * column_privilege_check: check column privileges, but don't throw an error
    2461             :  *      for dropped column or table
    2462             :  *
    2463             :  * Returns 1 if have the privilege, 0 if not, -1 if dropped column/table.
    2464             :  */
    2465             : static int
    2466        1488 : column_privilege_check(Oid tableoid, AttrNumber attnum,
    2467             :                        Oid roleid, AclMode mode)
    2468             : {
    2469             :     AclResult   aclresult;
    2470             :     HeapTuple   attTuple;
    2471             :     Form_pg_attribute attributeForm;
    2472             : 
    2473             :     /*
    2474             :      * If convert_column_name failed, we can just return -1 immediately.
    2475             :      */
    2476        1488 :     if (attnum == InvalidAttrNumber)
    2477           8 :         return -1;
    2478             : 
    2479             :     /*
    2480             :      * First check if we have the privilege at the table level.  We check
    2481             :      * existence of the pg_class row before risking calling pg_class_aclcheck.
    2482             :      * Note: it might seem there's a race condition against concurrent DROP,
    2483             :      * but really it's safe because there will be no syscache flush between
    2484             :      * here and there.  So if we see the row in the syscache, so will
    2485             :      * pg_class_aclcheck.
    2486             :      */
    2487        1480 :     if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
    2488           8 :         return -1;
    2489             : 
    2490        1472 :     aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    2491             : 
    2492        1472 :     if (aclresult == ACLCHECK_OK)
    2493        1464 :         return true;
    2494             : 
    2495             :     /*
    2496             :      * No table privilege, so try per-column privileges.  Again, we have to
    2497             :      * check for dropped attribute first, and we rely on the syscache not to
    2498             :      * notice a concurrent drop before pg_attribute_aclcheck fetches the row.
    2499             :      */
    2500           8 :     attTuple = SearchSysCache2(ATTNUM,
    2501             :                                ObjectIdGetDatum(tableoid),
    2502             :                                Int16GetDatum(attnum));
    2503           8 :     if (!HeapTupleIsValid(attTuple))
    2504           4 :         return -1;
    2505           4 :     attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
    2506           4 :     if (attributeForm->attisdropped)
    2507             :     {
    2508           4 :         ReleaseSysCache(attTuple);
    2509           4 :         return -1;
    2510             :     }
    2511           0 :     ReleaseSysCache(attTuple);
    2512             : 
    2513           0 :     aclresult = pg_attribute_aclcheck(tableoid, attnum, roleid, mode);
    2514             : 
    2515           0 :     return (aclresult == ACLCHECK_OK);
    2516             : }
    2517             : 
    2518             : /*
    2519             :  * has_column_privilege_name_name_name
    2520             :  *      Check user privileges on a column given
    2521             :  *      name username, text tablename, text colname, and text priv name.
    2522             :  */
    2523             : Datum
    2524           0 : has_column_privilege_name_name_name(PG_FUNCTION_ARGS)
    2525             : {
    2526           0 :     Name        rolename = PG_GETARG_NAME(0);
    2527           0 :     text       *tablename = PG_GETARG_TEXT_PP(1);
    2528           0 :     text       *column = PG_GETARG_TEXT_PP(2);
    2529           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(3);
    2530             :     Oid         roleid;
    2531             :     Oid         tableoid;
    2532             :     AttrNumber  colattnum;
    2533             :     AclMode     mode;
    2534             :     int         privresult;
    2535             : 
    2536           0 :     roleid = get_role_oid_or_public(NameStr(*rolename));
    2537           0 :     tableoid = convert_table_name(tablename);
    2538           0 :     colattnum = convert_column_name(tableoid, column);
    2539           0 :     mode = convert_column_priv_string(priv_type_text);
    2540             : 
    2541           0 :     privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    2542           0 :     if (privresult < 0)
    2543           0 :         PG_RETURN_NULL();
    2544           0 :     PG_RETURN_BOOL(privresult);
    2545             : }
    2546             : 
    2547             : /*
    2548             :  * has_column_privilege_name_name_attnum
    2549             :  *      Check user privileges on a column given
    2550             :  *      name username, text tablename, int attnum, and text priv name.
    2551             :  */
    2552             : Datum
    2553           0 : has_column_privilege_name_name_attnum(PG_FUNCTION_ARGS)
    2554             : {
    2555           0 :     Name        rolename = PG_GETARG_NAME(0);
    2556           0 :     text       *tablename = PG_GETARG_TEXT_PP(1);
    2557           0 :     AttrNumber  colattnum = PG_GETARG_INT16(2);
    2558           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(3);
    2559             :     Oid         roleid;
    2560             :     Oid         tableoid;
    2561             :     AclMode     mode;
    2562             :     int         privresult;
    2563             : 
    2564           0 :     roleid = get_role_oid_or_public(NameStr(*rolename));
    2565           0 :     tableoid = convert_table_name(tablename);
    2566           0 :     mode = convert_column_priv_string(priv_type_text);
    2567             : 
    2568           0 :     privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    2569           0 :     if (privresult < 0)
    2570           0 :         PG_RETURN_NULL();
    2571           0 :     PG_RETURN_BOOL(privresult);
    2572             : }
    2573             : 
    2574             : /*
    2575             :  * has_column_privilege_name_id_name
    2576             :  *      Check user privileges on a column given
    2577             :  *      name username, table oid, text colname, and text priv name.
    2578             :  */
    2579             : Datum
    2580           0 : has_column_privilege_name_id_name(PG_FUNCTION_ARGS)
    2581             : {
    2582           0 :     Name        username = PG_GETARG_NAME(0);
    2583           0 :     Oid         tableoid = PG_GETARG_OID(1);
    2584           0 :     text       *column = PG_GETARG_TEXT_PP(2);
    2585           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(3);
    2586             :     Oid         roleid;
    2587             :     AttrNumber  colattnum;
    2588             :     AclMode     mode;
    2589             :     int         privresult;
    2590             : 
    2591           0 :     roleid = get_role_oid_or_public(NameStr(*username));
    2592           0 :     colattnum = convert_column_name(tableoid, column);
    2593           0 :     mode = convert_column_priv_string(priv_type_text);
    2594             : 
    2595           0 :     privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    2596           0 :     if (privresult < 0)
    2597           0 :         PG_RETURN_NULL();
    2598           0 :     PG_RETURN_BOOL(privresult);
    2599             : }
    2600             : 
    2601             : /*
    2602             :  * has_column_privilege_name_id_attnum
    2603             :  *      Check user privileges on a column given
    2604             :  *      name username, table oid, int attnum, and text priv name.
    2605             :  */
    2606             : Datum
    2607           0 : has_column_privilege_name_id_attnum(PG_FUNCTION_ARGS)
    2608             : {
    2609           0 :     Name        username = PG_GETARG_NAME(0);
    2610           0 :     Oid         tableoid = PG_GETARG_OID(1);
    2611           0 :     AttrNumber  colattnum = PG_GETARG_INT16(2);
    2612           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(3);
    2613             :     Oid         roleid;
    2614             :     AclMode     mode;
    2615             :     int         privresult;
    2616             : 
    2617           0 :     roleid = get_role_oid_or_public(NameStr(*username));
    2618           0 :     mode = convert_column_priv_string(priv_type_text);
    2619             : 
    2620           0 :     privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    2621           0 :     if (privresult < 0)
    2622           0 :         PG_RETURN_NULL();
    2623           0 :     PG_RETURN_BOOL(privresult);
    2624             : }
    2625             : 
    2626             : /*
    2627             :  * has_column_privilege_id_name_name
    2628             :  *      Check user privileges on a column given
    2629             :  *      oid roleid, text tablename, text colname, and text priv name.
    2630             :  */
    2631             : Datum
    2632           0 : has_column_privilege_id_name_name(PG_FUNCTION_ARGS)
    2633             : {
    2634           0 :     Oid         roleid = PG_GETARG_OID(0);
    2635           0 :     text       *tablename = PG_GETARG_TEXT_PP(1);
    2636           0 :     text       *column = PG_GETARG_TEXT_PP(2);
    2637           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(3);
    2638             :     Oid         tableoid;
    2639             :     AttrNumber  colattnum;
    2640             :     AclMode     mode;
    2641             :     int         privresult;
    2642             : 
    2643           0 :     tableoid = convert_table_name(tablename);
    2644           0 :     colattnum = convert_column_name(tableoid, column);
    2645           0 :     mode = convert_column_priv_string(priv_type_text);
    2646             : 
    2647           0 :     privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    2648           0 :     if (privresult < 0)
    2649           0 :         PG_RETURN_NULL();
    2650           0 :     PG_RETURN_BOOL(privresult);
    2651             : }
    2652             : 
    2653             : /*
    2654             :  * has_column_privilege_id_name_attnum
    2655             :  *      Check user privileges on a column given
    2656             :  *      oid roleid, text tablename, int attnum, and text priv name.
    2657             :  */
    2658             : Datum
    2659           0 : has_column_privilege_id_name_attnum(PG_FUNCTION_ARGS)
    2660             : {
    2661           0 :     Oid         roleid = PG_GETARG_OID(0);
    2662           0 :     text       *tablename = PG_GETARG_TEXT_PP(1);
    2663           0 :     AttrNumber  colattnum = PG_GETARG_INT16(2);
    2664           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(3);
    2665             :     Oid         tableoid;
    2666             :     AclMode     mode;
    2667             :     int         privresult;
    2668             : 
    2669           0 :     tableoid = convert_table_name(tablename);
    2670           0 :     mode = convert_column_priv_string(priv_type_text);
    2671             : 
    2672           0 :     privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    2673           0 :     if (privresult < 0)
    2674           0 :         PG_RETURN_NULL();
    2675           0 :     PG_RETURN_BOOL(privresult);
    2676             : }
    2677             : 
    2678             : /*
    2679             :  * has_column_privilege_id_id_name
    2680             :  *      Check user privileges on a column given
    2681             :  *      oid roleid, table oid, text colname, and text priv name.
    2682             :  */
    2683             : Datum
    2684           0 : has_column_privilege_id_id_name(PG_FUNCTION_ARGS)
    2685             : {
    2686           0 :     Oid         roleid = PG_GETARG_OID(0);
    2687           0 :     Oid         tableoid = PG_GETARG_OID(1);
    2688           0 :     text       *column = PG_GETARG_TEXT_PP(2);
    2689           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(3);
    2690             :     AttrNumber  colattnum;
    2691             :     AclMode     mode;
    2692             :     int         privresult;
    2693             : 
    2694           0 :     colattnum = convert_column_name(tableoid, column);
    2695           0 :     mode = convert_column_priv_string(priv_type_text);
    2696             : 
    2697           0 :     privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    2698           0 :     if (privresult < 0)
    2699           0 :         PG_RETURN_NULL();
    2700           0 :     PG_RETURN_BOOL(privresult);
    2701             : }
    2702             : 
    2703             : /*
    2704             :  * has_column_privilege_id_id_attnum
    2705             :  *      Check user privileges on a column given
    2706             :  *      oid roleid, table oid, int attnum, and text priv name.
    2707             :  */
    2708             : Datum
    2709           0 : has_column_privilege_id_id_attnum(PG_FUNCTION_ARGS)
    2710             : {
    2711           0 :     Oid         roleid = PG_GETARG_OID(0);
    2712           0 :     Oid         tableoid = PG_GETARG_OID(1);
    2713           0 :     AttrNumber  colattnum = PG_GETARG_INT16(2);
    2714           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(3);
    2715             :     AclMode     mode;
    2716             :     int         privresult;
    2717             : 
    2718           0 :     mode = convert_column_priv_string(priv_type_text);
    2719             : 
    2720           0 :     privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    2721           0 :     if (privresult < 0)
    2722           0 :         PG_RETURN_NULL();
    2723           0 :     PG_RETURN_BOOL(privresult);
    2724             : }
    2725             : 
    2726             : /*
    2727             :  * has_column_privilege_name_name
    2728             :  *      Check user privileges on a column given
    2729             :  *      text tablename, text colname, and text priv name.
    2730             :  *      current_user is assumed
    2731             :  */
    2732             : Datum
    2733          12 : has_column_privilege_name_name(PG_FUNCTION_ARGS)
    2734             : {
    2735          12 :     text       *tablename = PG_GETARG_TEXT_PP(0);
    2736          12 :     text       *column = PG_GETARG_TEXT_PP(1);
    2737          12 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    2738             :     Oid         roleid;
    2739             :     Oid         tableoid;
    2740             :     AttrNumber  colattnum;
    2741             :     AclMode     mode;
    2742             :     int         privresult;
    2743             : 
    2744          12 :     roleid = GetUserId();
    2745          12 :     tableoid = convert_table_name(tablename);
    2746          12 :     colattnum = convert_column_name(tableoid, column);
    2747           4 :     mode = convert_column_priv_string(priv_type_text);
    2748             : 
    2749           4 :     privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    2750           4 :     if (privresult < 0)
    2751           4 :         PG_RETURN_NULL();
    2752           0 :     PG_RETURN_BOOL(privresult);
    2753             : }
    2754             : 
    2755             : /*
    2756             :  * has_column_privilege_name_attnum
    2757             :  *      Check user privileges on a column given
    2758             :  *      text tablename, int attnum, and text priv name.
    2759             :  *      current_user is assumed
    2760             :  */
    2761             : Datum
    2762          12 : has_column_privilege_name_attnum(PG_FUNCTION_ARGS)
    2763             : {
    2764          12 :     text       *tablename = PG_GETARG_TEXT_PP(0);
    2765          12 :     AttrNumber  colattnum = PG_GETARG_INT16(1);
    2766          12 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    2767             :     Oid         roleid;
    2768             :     Oid         tableoid;
    2769             :     AclMode     mode;
    2770             :     int         privresult;
    2771             : 
    2772          12 :     roleid = GetUserId();
    2773          12 :     tableoid = convert_table_name(tablename);
    2774          12 :     mode = convert_column_priv_string(priv_type_text);
    2775             : 
    2776          12 :     privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    2777          12 :     if (privresult < 0)
    2778           8 :         PG_RETURN_NULL();
    2779           4 :     PG_RETURN_BOOL(privresult);
    2780             : }
    2781             : 
    2782             : /*
    2783             :  * has_column_privilege_id_name
    2784             :  *      Check user privileges on a column given
    2785             :  *      table oid, text colname, and text priv name.
    2786             :  *      current_user is assumed
    2787             :  */
    2788             : Datum
    2789           4 : has_column_privilege_id_name(PG_FUNCTION_ARGS)
    2790             : {
    2791           4 :     Oid         tableoid = PG_GETARG_OID(0);
    2792           4 :     text       *column = PG_GETARG_TEXT_PP(1);
    2793           4 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    2794             :     Oid         roleid;
    2795             :     AttrNumber  colattnum;
    2796             :     AclMode     mode;
    2797             :     int         privresult;
    2798             : 
    2799           4 :     roleid = GetUserId();
    2800           4 :     colattnum = convert_column_name(tableoid, column);
    2801           4 :     mode = convert_column_priv_string(priv_type_text);
    2802             : 
    2803           4 :     privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    2804           4 :     if (privresult < 0)
    2805           4 :         PG_RETURN_NULL();
    2806           0 :     PG_RETURN_BOOL(privresult);
    2807             : }
    2808             : 
    2809             : /*
    2810             :  * has_column_privilege_id_attnum
    2811             :  *      Check user privileges on a column given
    2812             :  *      table oid, int attnum, and text priv name.
    2813             :  *      current_user is assumed
    2814             :  */
    2815             : Datum
    2816        1468 : has_column_privilege_id_attnum(PG_FUNCTION_ARGS)
    2817             : {
    2818        1468 :     Oid         tableoid = PG_GETARG_OID(0);
    2819        1468 :     AttrNumber  colattnum = PG_GETARG_INT16(1);
    2820        1468 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    2821             :     Oid         roleid;
    2822             :     AclMode     mode;
    2823             :     int         privresult;
    2824             : 
    2825        1468 :     roleid = GetUserId();
    2826        1468 :     mode = convert_column_priv_string(priv_type_text);
    2827             : 
    2828        1468 :     privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    2829        1468 :     if (privresult < 0)
    2830           8 :         PG_RETURN_NULL();
    2831        1460 :     PG_RETURN_BOOL(privresult);
    2832             : }
    2833             : 
    2834             : /*
    2835             :  *      Support routines for has_column_privilege family.
    2836             :  */
    2837             : 
    2838             : /*
    2839             :  * Given a table OID and a column name expressed as a string, look it up
    2840             :  * and return the column number.  Returns InvalidAttrNumber in cases
    2841             :  * where caller should return NULL instead of failing.
    2842             :  */
    2843             : static AttrNumber
    2844          16 : convert_column_name(Oid tableoid, text *column)
    2845             : {
    2846             :     char       *colname;
    2847             :     HeapTuple   attTuple;
    2848             :     AttrNumber  attnum;
    2849             : 
    2850          16 :     colname = text_to_cstring(column);
    2851             : 
    2852             :     /*
    2853             :      * We don't use get_attnum() here because it will report that dropped
    2854             :      * columns don't exist.  We need to treat dropped columns differently from
    2855             :      * nonexistent columns.
    2856             :      */
    2857          16 :     attTuple = SearchSysCache2(ATTNAME,
    2858             :                                ObjectIdGetDatum(tableoid),
    2859             :                                CStringGetDatum(colname));
    2860          16 :     if (HeapTupleIsValid(attTuple))
    2861             :     {
    2862             :         Form_pg_attribute attributeForm;
    2863             : 
    2864           4 :         attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
    2865             :         /* We want to return NULL for dropped columns */
    2866           4 :         if (attributeForm->attisdropped)
    2867           4 :             attnum = InvalidAttrNumber;
    2868             :         else
    2869           0 :             attnum = attributeForm->attnum;
    2870           4 :         ReleaseSysCache(attTuple);
    2871             :     }
    2872             :     else
    2873             :     {
    2874          12 :         char       *tablename = get_rel_name(tableoid);
    2875             : 
    2876             :         /*
    2877             :          * If the table OID is bogus, or it's just been dropped, we'll get
    2878             :          * NULL back.  In such cases we want has_column_privilege to return
    2879             :          * NULL too, so just return InvalidAttrNumber.
    2880             :          */
    2881          12 :         if (tablename != NULL)
    2882             :         {
    2883             :             /* tableoid exists, colname does not, so throw error */
    2884           8 :             ereport(ERROR,
    2885             :                     (errcode(ERRCODE_UNDEFINED_COLUMN),
    2886             :                      errmsg("column \"%s\" of relation \"%s\" does not exist",
    2887             :                             colname, tablename)));
    2888             :         }
    2889             :         /* tableoid doesn't exist, so act like attisdropped case */
    2890           4 :         attnum = InvalidAttrNumber;
    2891             :     }
    2892             : 
    2893           8 :     pfree(colname);
    2894           8 :     return attnum;
    2895             : }
    2896             : 
    2897             : /*
    2898             :  * convert_column_priv_string
    2899             :  *      Convert text string to AclMode value.
    2900             :  */
    2901             : static AclMode
    2902        1488 : convert_column_priv_string(text *priv_type_text)
    2903             : {
    2904             :     static const priv_map column_priv_map[] = {
    2905             :         {"SELECT", ACL_SELECT},
    2906             :         {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
    2907             :         {"INSERT", ACL_INSERT},
    2908             :         {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
    2909             :         {"UPDATE", ACL_UPDATE},
    2910             :         {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
    2911             :         {"REFERENCES", ACL_REFERENCES},
    2912             :         {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
    2913             :         {NULL, 0}
    2914             :     };
    2915             : 
    2916        1488 :     return convert_any_priv_string(priv_type_text, column_priv_map);
    2917             : }
    2918             : 
    2919             : 
    2920             : /*
    2921             :  * has_database_privilege variants
    2922             :  *      These are all named "has_database_privilege" at the SQL level.
    2923             :  *      They take various combinations of database name, database OID,
    2924             :  *      user name, user OID, or implicit user = current_user.
    2925             :  *
    2926             :  *      The result is a boolean value: true if user has the indicated
    2927             :  *      privilege, false if not, or NULL if object doesn't exist.
    2928             :  */
    2929             : 
    2930             : /*
    2931             :  * has_database_privilege_name_name
    2932             :  *      Check user privileges on a database given
    2933             :  *      name username, text databasename, and text priv name.
    2934             :  */
    2935             : Datum
    2936           0 : has_database_privilege_name_name(PG_FUNCTION_ARGS)
    2937             : {
    2938           0 :     Name        username = PG_GETARG_NAME(0);
    2939           0 :     text       *databasename = PG_GETARG_TEXT_PP(1);
    2940           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    2941             :     Oid         roleid;
    2942             :     Oid         databaseoid;
    2943             :     AclMode     mode;
    2944             :     AclResult   aclresult;
    2945             : 
    2946           0 :     roleid = get_role_oid_or_public(NameStr(*username));
    2947           0 :     databaseoid = convert_database_name(databasename);
    2948           0 :     mode = convert_database_priv_string(priv_type_text);
    2949             : 
    2950           0 :     aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
    2951             : 
    2952           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    2953             : }
    2954             : 
    2955             : /*
    2956             :  * has_database_privilege_name
    2957             :  *      Check user privileges on a database given
    2958             :  *      text databasename and text priv name.
    2959             :  *      current_user is assumed
    2960             :  */
    2961             : Datum
    2962           0 : has_database_privilege_name(PG_FUNCTION_ARGS)
    2963             : {
    2964           0 :     text       *databasename = PG_GETARG_TEXT_PP(0);
    2965           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    2966             :     Oid         roleid;
    2967             :     Oid         databaseoid;
    2968             :     AclMode     mode;
    2969             :     AclResult   aclresult;
    2970             : 
    2971           0 :     roleid = GetUserId();
    2972           0 :     databaseoid = convert_database_name(databasename);
    2973           0 :     mode = convert_database_priv_string(priv_type_text);
    2974             : 
    2975           0 :     aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
    2976             : 
    2977           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    2978             : }
    2979             : 
    2980             : /*
    2981             :  * has_database_privilege_name_id
    2982             :  *      Check user privileges on a database given
    2983             :  *      name usename, database oid, and text priv name.
    2984             :  */
    2985             : Datum
    2986           0 : has_database_privilege_name_id(PG_FUNCTION_ARGS)
    2987             : {
    2988           0 :     Name        username = PG_GETARG_NAME(0);
    2989           0 :     Oid         databaseoid = PG_GETARG_OID(1);
    2990           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    2991             :     Oid         roleid;
    2992             :     AclMode     mode;
    2993             :     AclResult   aclresult;
    2994             : 
    2995           0 :     roleid = get_role_oid_or_public(NameStr(*username));
    2996           0 :     mode = convert_database_priv_string(priv_type_text);
    2997             : 
    2998           0 :     if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
    2999           0 :         PG_RETURN_NULL();
    3000             : 
    3001           0 :     aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
    3002             : 
    3003           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3004             : }
    3005             : 
    3006             : /*
    3007             :  * has_database_privilege_id
    3008             :  *      Check user privileges on a database given
    3009             :  *      database oid, and text priv name.
    3010             :  *      current_user is assumed
    3011             :  */
    3012             : Datum
    3013           0 : has_database_privilege_id(PG_FUNCTION_ARGS)
    3014             : {
    3015           0 :     Oid         databaseoid = PG_GETARG_OID(0);
    3016           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    3017             :     Oid         roleid;
    3018             :     AclMode     mode;
    3019             :     AclResult   aclresult;
    3020             : 
    3021           0 :     roleid = GetUserId();
    3022           0 :     mode = convert_database_priv_string(priv_type_text);
    3023             : 
    3024           0 :     if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
    3025           0 :         PG_RETURN_NULL();
    3026             : 
    3027           0 :     aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
    3028             : 
    3029           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3030             : }
    3031             : 
    3032             : /*
    3033             :  * has_database_privilege_id_name
    3034             :  *      Check user privileges on a database given
    3035             :  *      roleid, text databasename, and text priv name.
    3036             :  */
    3037             : Datum
    3038           0 : has_database_privilege_id_name(PG_FUNCTION_ARGS)
    3039             : {
    3040           0 :     Oid         roleid = PG_GETARG_OID(0);
    3041           0 :     text       *databasename = PG_GETARG_TEXT_PP(1);
    3042           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3043             :     Oid         databaseoid;
    3044             :     AclMode     mode;
    3045             :     AclResult   aclresult;
    3046             : 
    3047           0 :     databaseoid = convert_database_name(databasename);
    3048           0 :     mode = convert_database_priv_string(priv_type_text);
    3049             : 
    3050           0 :     aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
    3051             : 
    3052           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3053             : }
    3054             : 
    3055             : /*
    3056             :  * has_database_privilege_id_id
    3057             :  *      Check user privileges on a database given
    3058             :  *      roleid, database oid, and text priv name.
    3059             :  */
    3060             : Datum
    3061           0 : has_database_privilege_id_id(PG_FUNCTION_ARGS)
    3062             : {
    3063           0 :     Oid         roleid = PG_GETARG_OID(0);
    3064           0 :     Oid         databaseoid = PG_GETARG_OID(1);
    3065           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3066             :     AclMode     mode;
    3067             :     AclResult   aclresult;
    3068             : 
    3069           0 :     mode = convert_database_priv_string(priv_type_text);
    3070             : 
    3071           0 :     if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
    3072           0 :         PG_RETURN_NULL();
    3073             : 
    3074           0 :     aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
    3075             : 
    3076           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3077             : }
    3078             : 
    3079             : /*
    3080             :  *      Support routines for has_database_privilege family.
    3081             :  */
    3082             : 
    3083             : /*
    3084             :  * Given a database name expressed as a string, look it up and return Oid
    3085             :  */
    3086             : static Oid
    3087           0 : convert_database_name(text *databasename)
    3088             : {
    3089           0 :     char       *dbname = text_to_cstring(databasename);
    3090             : 
    3091           0 :     return get_database_oid(dbname, false);
    3092             : }
    3093             : 
    3094             : /*
    3095             :  * convert_database_priv_string
    3096             :  *      Convert text string to AclMode value.
    3097             :  */
    3098             : static AclMode
    3099           0 : convert_database_priv_string(text *priv_type_text)
    3100             : {
    3101             :     static const priv_map database_priv_map[] = {
    3102             :         {"CREATE", ACL_CREATE},
    3103             :         {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
    3104             :         {"TEMPORARY", ACL_CREATE_TEMP},
    3105             :         {"TEMPORARY WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
    3106             :         {"TEMP", ACL_CREATE_TEMP},
    3107             :         {"TEMP WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
    3108             :         {"CONNECT", ACL_CONNECT},
    3109             :         {"CONNECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CONNECT)},
    3110             :         {NULL, 0}
    3111             :     };
    3112             : 
    3113           0 :     return convert_any_priv_string(priv_type_text, database_priv_map);
    3114             : 
    3115             : }
    3116             : 
    3117             : 
    3118             : /*
    3119             :  * has_foreign_data_wrapper_privilege variants
    3120             :  *      These are all named "has_foreign_data_wrapper_privilege" at the SQL level.
    3121             :  *      They take various combinations of foreign-data wrapper name,
    3122             :  *      fdw OID, user name, user OID, or implicit user = current_user.
    3123             :  *
    3124             :  *      The result is a boolean value: true if user has the indicated
    3125             :  *      privilege, false if not.
    3126             :  */
    3127             : 
    3128             : /*
    3129             :  * has_foreign_data_wrapper_privilege_name_name
    3130             :  *      Check user privileges on a foreign-data wrapper given
    3131             :  *      name username, text fdwname, and text priv name.
    3132             :  */
    3133             : Datum
    3134           8 : has_foreign_data_wrapper_privilege_name_name(PG_FUNCTION_ARGS)
    3135             : {
    3136           8 :     Name        username = PG_GETARG_NAME(0);
    3137           8 :     text       *fdwname = PG_GETARG_TEXT_PP(1);
    3138           8 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3139             :     Oid         roleid;
    3140             :     Oid         fdwid;
    3141             :     AclMode     mode;
    3142             :     AclResult   aclresult;
    3143             : 
    3144           8 :     roleid = get_role_oid_or_public(NameStr(*username));
    3145           8 :     fdwid = convert_foreign_data_wrapper_name(fdwname);
    3146           8 :     mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
    3147             : 
    3148           8 :     aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
    3149             : 
    3150           8 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3151             : }
    3152             : 
    3153             : /*
    3154             :  * has_foreign_data_wrapper_privilege_name
    3155             :  *      Check user privileges on a foreign-data wrapper given
    3156             :  *      text fdwname and text priv name.
    3157             :  *      current_user is assumed
    3158             :  */
    3159             : Datum
    3160           4 : has_foreign_data_wrapper_privilege_name(PG_FUNCTION_ARGS)
    3161             : {
    3162           4 :     text       *fdwname = PG_GETARG_TEXT_PP(0);
    3163           4 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    3164             :     Oid         roleid;
    3165             :     Oid         fdwid;
    3166             :     AclMode     mode;
    3167             :     AclResult   aclresult;
    3168             : 
    3169           4 :     roleid = GetUserId();
    3170           4 :     fdwid = convert_foreign_data_wrapper_name(fdwname);
    3171           4 :     mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
    3172             : 
    3173           4 :     aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
    3174             : 
    3175           4 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3176             : }
    3177             : 
    3178             : /*
    3179             :  * has_foreign_data_wrapper_privilege_name_id
    3180             :  *      Check user privileges on a foreign-data wrapper given
    3181             :  *      name usename, foreign-data wrapper oid, and text priv name.
    3182             :  */
    3183             : Datum
    3184           4 : has_foreign_data_wrapper_privilege_name_id(PG_FUNCTION_ARGS)
    3185             : {
    3186           4 :     Name        username = PG_GETARG_NAME(0);
    3187           4 :     Oid         fdwid = PG_GETARG_OID(1);
    3188           4 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3189             :     Oid         roleid;
    3190             :     AclMode     mode;
    3191             :     AclResult   aclresult;
    3192             : 
    3193           4 :     roleid = get_role_oid_or_public(NameStr(*username));
    3194           4 :     mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
    3195             : 
    3196           4 :     if (!SearchSysCacheExists1(FOREIGNDATAWRAPPEROID, ObjectIdGetDatum(fdwid)))
    3197           0 :         PG_RETURN_NULL();
    3198             : 
    3199           4 :     aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
    3200             : 
    3201           4 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3202             : }
    3203             : 
    3204             : /*
    3205             :  * has_foreign_data_wrapper_privilege_id
    3206             :  *      Check user privileges on a foreign-data wrapper given
    3207             :  *      foreign-data wrapper oid, and text priv name.
    3208             :  *      current_user is assumed
    3209             :  */
    3210             : Datum
    3211           4 : has_foreign_data_wrapper_privilege_id(PG_FUNCTION_ARGS)
    3212             : {
    3213           4 :     Oid         fdwid = PG_GETARG_OID(0);
    3214           4 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    3215             :     Oid         roleid;
    3216             :     AclMode     mode;
    3217             :     AclResult   aclresult;
    3218             : 
    3219           4 :     roleid = GetUserId();
    3220           4 :     mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
    3221             : 
    3222           4 :     if (!SearchSysCacheExists1(FOREIGNDATAWRAPPEROID, ObjectIdGetDatum(fdwid)))
    3223           0 :         PG_RETURN_NULL();
    3224             : 
    3225           4 :     aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
    3226             : 
    3227           4 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3228             : }
    3229             : 
    3230             : /*
    3231             :  * has_foreign_data_wrapper_privilege_id_name
    3232             :  *      Check user privileges on a foreign-data wrapper given
    3233             :  *      roleid, text fdwname, and text priv name.
    3234             :  */
    3235             : Datum
    3236           4 : has_foreign_data_wrapper_privilege_id_name(PG_FUNCTION_ARGS)
    3237             : {
    3238           4 :     Oid         roleid = PG_GETARG_OID(0);
    3239           4 :     text       *fdwname = PG_GETARG_TEXT_PP(1);
    3240           4 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3241             :     Oid         fdwid;
    3242             :     AclMode     mode;
    3243             :     AclResult   aclresult;
    3244             : 
    3245           4 :     fdwid = convert_foreign_data_wrapper_name(fdwname);
    3246           4 :     mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
    3247             : 
    3248           4 :     aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
    3249             : 
    3250           4 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3251             : }
    3252             : 
    3253             : /*
    3254             :  * has_foreign_data_wrapper_privilege_id_id
    3255             :  *      Check user privileges on a foreign-data wrapper given
    3256             :  *      roleid, fdw oid, and text priv name.
    3257             :  */
    3258             : Datum
    3259           4 : has_foreign_data_wrapper_privilege_id_id(PG_FUNCTION_ARGS)
    3260             : {
    3261           4 :     Oid         roleid = PG_GETARG_OID(0);
    3262           4 :     Oid         fdwid = PG_GETARG_OID(1);
    3263           4 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3264             :     AclMode     mode;
    3265             :     AclResult   aclresult;
    3266             : 
    3267           4 :     mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
    3268             : 
    3269           4 :     if (!SearchSysCacheExists1(FOREIGNDATAWRAPPEROID, ObjectIdGetDatum(fdwid)))
    3270           0 :         PG_RETURN_NULL();
    3271             : 
    3272           4 :     aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
    3273             : 
    3274           4 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3275             : }
    3276             : 
    3277             : /*
    3278             :  *      Support routines for has_foreign_data_wrapper_privilege family.
    3279             :  */
    3280             : 
    3281             : /*
    3282             :  * Given a FDW name expressed as a string, look it up and return Oid
    3283             :  */
    3284             : static Oid
    3285          16 : convert_foreign_data_wrapper_name(text *fdwname)
    3286             : {
    3287          16 :     char       *fdwstr = text_to_cstring(fdwname);
    3288             : 
    3289          16 :     return get_foreign_data_wrapper_oid(fdwstr, false);
    3290             : }
    3291             : 
    3292             : /*
    3293             :  * convert_foreign_data_wrapper_priv_string
    3294             :  *      Convert text string to AclMode value.
    3295             :  */
    3296             : static AclMode
    3297          28 : convert_foreign_data_wrapper_priv_string(text *priv_type_text)
    3298             : {
    3299             :     static const priv_map foreign_data_wrapper_priv_map[] = {
    3300             :         {"USAGE", ACL_USAGE},
    3301             :         {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
    3302             :         {NULL, 0}
    3303             :     };
    3304             : 
    3305          28 :     return convert_any_priv_string(priv_type_text, foreign_data_wrapper_priv_map);
    3306             : }
    3307             : 
    3308             : 
    3309             : /*
    3310             :  * has_function_privilege variants
    3311             :  *      These are all named "has_function_privilege" at the SQL level.
    3312             :  *      They take various combinations of function name, function OID,
    3313             :  *      user name, user OID, or implicit user = current_user.
    3314             :  *
    3315             :  *      The result is a boolean value: true if user has the indicated
    3316             :  *      privilege, false if not, or NULL if object doesn't exist.
    3317             :  */
    3318             : 
    3319             : /*
    3320             :  * has_function_privilege_name_name
    3321             :  *      Check user privileges on a function given
    3322             :  *      name username, text functionname, and text priv name.
    3323             :  */
    3324             : Datum
    3325          64 : has_function_privilege_name_name(PG_FUNCTION_ARGS)
    3326             : {
    3327          64 :     Name        username = PG_GETARG_NAME(0);
    3328          64 :     text       *functionname = PG_GETARG_TEXT_PP(1);
    3329          64 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3330             :     Oid         roleid;
    3331             :     Oid         functionoid;
    3332             :     AclMode     mode;
    3333             :     AclResult   aclresult;
    3334             : 
    3335          64 :     roleid = get_role_oid_or_public(NameStr(*username));
    3336          64 :     functionoid = convert_function_name(functionname);
    3337          64 :     mode = convert_function_priv_string(priv_type_text);
    3338             : 
    3339          64 :     aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
    3340             : 
    3341          64 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3342             : }
    3343             : 
    3344             : /*
    3345             :  * has_function_privilege_name
    3346             :  *      Check user privileges on a function given
    3347             :  *      text functionname and text priv name.
    3348             :  *      current_user is assumed
    3349             :  */
    3350             : Datum
    3351           0 : has_function_privilege_name(PG_FUNCTION_ARGS)
    3352             : {
    3353           0 :     text       *functionname = PG_GETARG_TEXT_PP(0);
    3354           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    3355             :     Oid         roleid;
    3356             :     Oid         functionoid;
    3357             :     AclMode     mode;
    3358             :     AclResult   aclresult;
    3359             : 
    3360           0 :     roleid = GetUserId();
    3361           0 :     functionoid = convert_function_name(functionname);
    3362           0 :     mode = convert_function_priv_string(priv_type_text);
    3363             : 
    3364           0 :     aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
    3365             : 
    3366           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3367             : }
    3368             : 
    3369             : /*
    3370             :  * has_function_privilege_name_id
    3371             :  *      Check user privileges on a function given
    3372             :  *      name usename, function oid, and text priv name.
    3373             :  */
    3374             : Datum
    3375           0 : has_function_privilege_name_id(PG_FUNCTION_ARGS)
    3376             : {
    3377           0 :     Name        username = PG_GETARG_NAME(0);
    3378           0 :     Oid         functionoid = PG_GETARG_OID(1);
    3379           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3380             :     Oid         roleid;
    3381             :     AclMode     mode;
    3382             :     AclResult   aclresult;
    3383             : 
    3384           0 :     roleid = get_role_oid_or_public(NameStr(*username));
    3385           0 :     mode = convert_function_priv_string(priv_type_text);
    3386             : 
    3387           0 :     if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
    3388           0 :         PG_RETURN_NULL();
    3389             : 
    3390           0 :     aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
    3391             : 
    3392           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3393             : }
    3394             : 
    3395             : /*
    3396             :  * has_function_privilege_id
    3397             :  *      Check user privileges on a function given
    3398             :  *      function oid, and text priv name.
    3399             :  *      current_user is assumed
    3400             :  */
    3401             : Datum
    3402           0 : has_function_privilege_id(PG_FUNCTION_ARGS)
    3403             : {
    3404           0 :     Oid         functionoid = PG_GETARG_OID(0);
    3405           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    3406             :     Oid         roleid;
    3407             :     AclMode     mode;
    3408             :     AclResult   aclresult;
    3409             : 
    3410           0 :     roleid = GetUserId();
    3411           0 :     mode = convert_function_priv_string(priv_type_text);
    3412             : 
    3413           0 :     if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
    3414           0 :         PG_RETURN_NULL();
    3415             : 
    3416           0 :     aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
    3417             : 
    3418           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3419             : }
    3420             : 
    3421             : /*
    3422             :  * has_function_privilege_id_name
    3423             :  *      Check user privileges on a function given
    3424             :  *      roleid, text functionname, and text priv name.
    3425             :  */
    3426             : Datum
    3427           0 : has_function_privilege_id_name(PG_FUNCTION_ARGS)
    3428             : {
    3429           0 :     Oid         roleid = PG_GETARG_OID(0);
    3430           0 :     text       *functionname = PG_GETARG_TEXT_PP(1);
    3431           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3432             :     Oid         functionoid;
    3433             :     AclMode     mode;
    3434             :     AclResult   aclresult;
    3435             : 
    3436           0 :     functionoid = convert_function_name(functionname);
    3437           0 :     mode = convert_function_priv_string(priv_type_text);
    3438             : 
    3439           0 :     aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
    3440             : 
    3441           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3442             : }
    3443             : 
    3444             : /*
    3445             :  * has_function_privilege_id_id
    3446             :  *      Check user privileges on a function given
    3447             :  *      roleid, function oid, and text priv name.
    3448             :  */
    3449             : Datum
    3450           0 : has_function_privilege_id_id(PG_FUNCTION_ARGS)
    3451             : {
    3452           0 :     Oid         roleid = PG_GETARG_OID(0);
    3453           0 :     Oid         functionoid = PG_GETARG_OID(1);
    3454           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3455             :     AclMode     mode;
    3456             :     AclResult   aclresult;
    3457             : 
    3458           0 :     mode = convert_function_priv_string(priv_type_text);
    3459             : 
    3460           0 :     if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
    3461           0 :         PG_RETURN_NULL();
    3462             : 
    3463           0 :     aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
    3464             : 
    3465           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3466             : }
    3467             : 
    3468             : /*
    3469             :  *      Support routines for has_function_privilege family.
    3470             :  */
    3471             : 
    3472             : /*
    3473             :  * Given a function name expressed as a string, look it up and return Oid
    3474             :  */
    3475             : static Oid
    3476          64 : convert_function_name(text *functionname)
    3477             : {
    3478          64 :     char       *funcname = text_to_cstring(functionname);
    3479             :     Oid         oid;
    3480             : 
    3481          64 :     oid = DatumGetObjectId(DirectFunctionCall1(regprocedurein,
    3482             :                                                CStringGetDatum(funcname)));
    3483             : 
    3484          64 :     if (!OidIsValid(oid))
    3485           0 :         ereport(ERROR,
    3486             :                 (errcode(ERRCODE_UNDEFINED_FUNCTION),
    3487             :                  errmsg("function \"%s\" does not exist", funcname)));
    3488             : 
    3489          64 :     return oid;
    3490             : }
    3491             : 
    3492             : /*
    3493             :  * convert_function_priv_string
    3494             :  *      Convert text string to AclMode value.
    3495             :  */
    3496             : static AclMode
    3497          64 : convert_function_priv_string(text *priv_type_text)
    3498             : {
    3499             :     static const priv_map function_priv_map[] = {
    3500             :         {"EXECUTE", ACL_EXECUTE},
    3501             :         {"EXECUTE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_EXECUTE)},
    3502             :         {NULL, 0}
    3503             :     };
    3504             : 
    3505          64 :     return convert_any_priv_string(priv_type_text, function_priv_map);
    3506             : }
    3507             : 
    3508             : 
    3509             : /*
    3510             :  * has_language_privilege variants
    3511             :  *      These are all named "has_language_privilege" at the SQL level.
    3512             :  *      They take various combinations of language name, language OID,
    3513             :  *      user name, user OID, or implicit user = current_user.
    3514             :  *
    3515             :  *      The result is a boolean value: true if user has the indicated
    3516             :  *      privilege, false if not, or NULL if object doesn't exist.
    3517             :  */
    3518             : 
    3519             : /*
    3520             :  * has_language_privilege_name_name
    3521             :  *      Check user privileges on a language given
    3522             :  *      name username, text languagename, and text priv name.
    3523             :  */
    3524             : Datum
    3525           0 : has_language_privilege_name_name(PG_FUNCTION_ARGS)
    3526             : {
    3527           0 :     Name        username = PG_GETARG_NAME(0);
    3528           0 :     text       *languagename = PG_GETARG_TEXT_PP(1);
    3529           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3530             :     Oid         roleid;
    3531             :     Oid         languageoid;
    3532             :     AclMode     mode;
    3533             :     AclResult   aclresult;
    3534             : 
    3535           0 :     roleid = get_role_oid_or_public(NameStr(*username));
    3536           0 :     languageoid = convert_language_name(languagename);
    3537           0 :     mode = convert_language_priv_string(priv_type_text);
    3538             : 
    3539           0 :     aclresult = pg_language_aclcheck(languageoid, roleid, mode);
    3540             : 
    3541           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3542             : }
    3543             : 
    3544             : /*
    3545             :  * has_language_privilege_name
    3546             :  *      Check user privileges on a language given
    3547             :  *      text languagename and text priv name.
    3548             :  *      current_user is assumed
    3549             :  */
    3550             : Datum
    3551           0 : has_language_privilege_name(PG_FUNCTION_ARGS)
    3552             : {
    3553           0 :     text       *languagename = PG_GETARG_TEXT_PP(0);
    3554           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    3555             :     Oid         roleid;
    3556             :     Oid         languageoid;
    3557             :     AclMode     mode;
    3558             :     AclResult   aclresult;
    3559             : 
    3560           0 :     roleid = GetUserId();
    3561           0 :     languageoid = convert_language_name(languagename);
    3562           0 :     mode = convert_language_priv_string(priv_type_text);
    3563             : 
    3564           0 :     aclresult = pg_language_aclcheck(languageoid, roleid, mode);
    3565             : 
    3566           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3567             : }
    3568             : 
    3569             : /*
    3570             :  * has_language_privilege_name_id
    3571             :  *      Check user privileges on a language given
    3572             :  *      name usename, language oid, and text priv name.
    3573             :  */
    3574             : Datum
    3575           0 : has_language_privilege_name_id(PG_FUNCTION_ARGS)
    3576             : {
    3577           0 :     Name        username = PG_GETARG_NAME(0);
    3578           0 :     Oid         languageoid = PG_GETARG_OID(1);
    3579           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3580             :     Oid         roleid;
    3581             :     AclMode     mode;
    3582             :     AclResult   aclresult;
    3583             : 
    3584           0 :     roleid = get_role_oid_or_public(NameStr(*username));
    3585           0 :     mode = convert_language_priv_string(priv_type_text);
    3586             : 
    3587           0 :     if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
    3588           0 :         PG_RETURN_NULL();
    3589             : 
    3590           0 :     aclresult = pg_language_aclcheck(languageoid, roleid, mode);
    3591             : 
    3592           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3593             : }
    3594             : 
    3595             : /*
    3596             :  * has_language_privilege_id
    3597             :  *      Check user privileges on a language given
    3598             :  *      language oid, and text priv name.
    3599             :  *      current_user is assumed
    3600             :  */
    3601             : Datum
    3602           0 : has_language_privilege_id(PG_FUNCTION_ARGS)
    3603             : {
    3604           0 :     Oid         languageoid = PG_GETARG_OID(0);
    3605           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    3606             :     Oid         roleid;
    3607             :     AclMode     mode;
    3608             :     AclResult   aclresult;
    3609             : 
    3610           0 :     roleid = GetUserId();
    3611           0 :     mode = convert_language_priv_string(priv_type_text);
    3612             : 
    3613           0 :     if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
    3614           0 :         PG_RETURN_NULL();
    3615             : 
    3616           0 :     aclresult = pg_language_aclcheck(languageoid, roleid, mode);
    3617             : 
    3618           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3619             : }
    3620             : 
    3621             : /*
    3622             :  * has_language_privilege_id_name
    3623             :  *      Check user privileges on a language given
    3624             :  *      roleid, text languagename, and text priv name.
    3625             :  */
    3626             : Datum
    3627           0 : has_language_privilege_id_name(PG_FUNCTION_ARGS)
    3628             : {
    3629           0 :     Oid         roleid = PG_GETARG_OID(0);
    3630           0 :     text       *languagename = PG_GETARG_TEXT_PP(1);
    3631           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3632             :     Oid         languageoid;
    3633             :     AclMode     mode;
    3634             :     AclResult   aclresult;
    3635             : 
    3636           0 :     languageoid = convert_language_name(languagename);
    3637           0 :     mode = convert_language_priv_string(priv_type_text);
    3638             : 
    3639           0 :     aclresult = pg_language_aclcheck(languageoid, roleid, mode);
    3640             : 
    3641           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3642             : }
    3643             : 
    3644             : /*
    3645             :  * has_language_privilege_id_id
    3646             :  *      Check user privileges on a language given
    3647             :  *      roleid, language oid, and text priv name.
    3648             :  */
    3649             : Datum
    3650           0 : has_language_privilege_id_id(PG_FUNCTION_ARGS)
    3651             : {
    3652           0 :     Oid         roleid = PG_GETARG_OID(0);
    3653           0 :     Oid         languageoid = PG_GETARG_OID(1);
    3654           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3655             :     AclMode     mode;
    3656             :     AclResult   aclresult;
    3657             : 
    3658           0 :     mode = convert_language_priv_string(priv_type_text);
    3659             : 
    3660           0 :     if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
    3661           0 :         PG_RETURN_NULL();
    3662             : 
    3663           0 :     aclresult = pg_language_aclcheck(languageoid, roleid, mode);
    3664             : 
    3665           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3666             : }
    3667             : 
    3668             : /*
    3669             :  *      Support routines for has_language_privilege family.
    3670             :  */
    3671             : 
    3672             : /*
    3673             :  * Given a language name expressed as a string, look it up and return Oid
    3674             :  */
    3675             : static Oid
    3676           0 : convert_language_name(text *languagename)
    3677             : {
    3678           0 :     char       *langname = text_to_cstring(languagename);
    3679             : 
    3680           0 :     return get_language_oid(langname, false);
    3681             : }
    3682             : 
    3683             : /*
    3684             :  * convert_language_priv_string
    3685             :  *      Convert text string to AclMode value.
    3686             :  */
    3687             : static AclMode
    3688           0 : convert_language_priv_string(text *priv_type_text)
    3689             : {
    3690             :     static const priv_map language_priv_map[] = {
    3691             :         {"USAGE", ACL_USAGE},
    3692             :         {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
    3693             :         {NULL, 0}
    3694             :     };
    3695             : 
    3696           0 :     return convert_any_priv_string(priv_type_text, language_priv_map);
    3697             : }
    3698             : 
    3699             : 
    3700             : /*
    3701             :  * has_schema_privilege variants
    3702             :  *      These are all named "has_schema_privilege" at the SQL level.
    3703             :  *      They take various combinations of schema name, schema OID,
    3704             :  *      user name, user OID, or implicit user = current_user.
    3705             :  *
    3706             :  *      The result is a boolean value: true if user has the indicated
    3707             :  *      privilege, false if not, or NULL if object doesn't exist.
    3708             :  */
    3709             : 
    3710             : /*
    3711             :  * has_schema_privilege_name_name
    3712             :  *      Check user privileges on a schema given
    3713             :  *      name username, text schemaname, and text priv name.
    3714             :  */
    3715             : Datum
    3716          32 : has_schema_privilege_name_name(PG_FUNCTION_ARGS)
    3717             : {
    3718          32 :     Name        username = PG_GETARG_NAME(0);
    3719          32 :     text       *schemaname = PG_GETARG_TEXT_PP(1);
    3720          32 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3721             :     Oid         roleid;
    3722             :     Oid         schemaoid;
    3723             :     AclMode     mode;
    3724             :     AclResult   aclresult;
    3725             : 
    3726          32 :     roleid = get_role_oid_or_public(NameStr(*username));
    3727          32 :     schemaoid = convert_schema_name(schemaname);
    3728          32 :     mode = convert_schema_priv_string(priv_type_text);
    3729             : 
    3730          32 :     aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
    3731             : 
    3732          32 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3733             : }
    3734             : 
    3735             : /*
    3736             :  * has_schema_privilege_name
    3737             :  *      Check user privileges on a schema given
    3738             :  *      text schemaname and text priv name.
    3739             :  *      current_user is assumed
    3740             :  */
    3741             : Datum
    3742           0 : has_schema_privilege_name(PG_FUNCTION_ARGS)
    3743             : {
    3744           0 :     text       *schemaname = PG_GETARG_TEXT_PP(0);
    3745           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    3746             :     Oid         roleid;
    3747             :     Oid         schemaoid;
    3748             :     AclMode     mode;
    3749             :     AclResult   aclresult;
    3750             : 
    3751           0 :     roleid = GetUserId();
    3752           0 :     schemaoid = convert_schema_name(schemaname);
    3753           0 :     mode = convert_schema_priv_string(priv_type_text);
    3754             : 
    3755           0 :     aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
    3756             : 
    3757           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3758             : }
    3759             : 
    3760             : /*
    3761             :  * has_schema_privilege_name_id
    3762             :  *      Check user privileges on a schema given
    3763             :  *      name usename, schema oid, and text priv name.
    3764             :  */
    3765             : Datum
    3766           0 : has_schema_privilege_name_id(PG_FUNCTION_ARGS)
    3767             : {
    3768           0 :     Name        username = PG_GETARG_NAME(0);
    3769           0 :     Oid         schemaoid = PG_GETARG_OID(1);
    3770           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3771             :     Oid         roleid;
    3772             :     AclMode     mode;
    3773             :     AclResult   aclresult;
    3774             : 
    3775           0 :     roleid = get_role_oid_or_public(NameStr(*username));
    3776           0 :     mode = convert_schema_priv_string(priv_type_text);
    3777             : 
    3778           0 :     if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
    3779           0 :         PG_RETURN_NULL();
    3780             : 
    3781           0 :     aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
    3782             : 
    3783           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3784             : }
    3785             : 
    3786             : /*
    3787             :  * has_schema_privilege_id
    3788             :  *      Check user privileges on a schema given
    3789             :  *      schema oid, and text priv name.
    3790             :  *      current_user is assumed
    3791             :  */
    3792             : Datum
    3793           0 : has_schema_privilege_id(PG_FUNCTION_ARGS)
    3794             : {
    3795           0 :     Oid         schemaoid = PG_GETARG_OID(0);
    3796           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    3797             :     Oid         roleid;
    3798             :     AclMode     mode;
    3799             :     AclResult   aclresult;
    3800             : 
    3801           0 :     roleid = GetUserId();
    3802           0 :     mode = convert_schema_priv_string(priv_type_text);
    3803             : 
    3804           0 :     if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
    3805           0 :         PG_RETURN_NULL();
    3806             : 
    3807           0 :     aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
    3808             : 
    3809           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3810             : }
    3811             : 
    3812             : /*
    3813             :  * has_schema_privilege_id_name
    3814             :  *      Check user privileges on a schema given
    3815             :  *      roleid, text schemaname, and text priv name.
    3816             :  */
    3817             : Datum
    3818           0 : has_schema_privilege_id_name(PG_FUNCTION_ARGS)
    3819             : {
    3820           0 :     Oid         roleid = PG_GETARG_OID(0);
    3821           0 :     text       *schemaname = PG_GETARG_TEXT_PP(1);
    3822           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3823             :     Oid         schemaoid;
    3824             :     AclMode     mode;
    3825             :     AclResult   aclresult;
    3826             : 
    3827           0 :     schemaoid = convert_schema_name(schemaname);
    3828           0 :     mode = convert_schema_priv_string(priv_type_text);
    3829             : 
    3830           0 :     aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
    3831             : 
    3832           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3833             : }
    3834             : 
    3835             : /*
    3836             :  * has_schema_privilege_id_id
    3837             :  *      Check user privileges on a schema given
    3838             :  *      roleid, schema oid, and text priv name.
    3839             :  */
    3840             : Datum
    3841           0 : has_schema_privilege_id_id(PG_FUNCTION_ARGS)
    3842             : {
    3843           0 :     Oid         roleid = PG_GETARG_OID(0);
    3844           0 :     Oid         schemaoid = PG_GETARG_OID(1);
    3845           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3846             :     AclMode     mode;
    3847             :     AclResult   aclresult;
    3848             : 
    3849           0 :     mode = convert_schema_priv_string(priv_type_text);
    3850             : 
    3851           0 :     if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
    3852           0 :         PG_RETURN_NULL();
    3853             : 
    3854           0 :     aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
    3855             : 
    3856           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3857             : }
    3858             : 
    3859             : /*
    3860             :  *      Support routines for has_schema_privilege family.
    3861             :  */
    3862             : 
    3863             : /*
    3864             :  * Given a schema name expressed as a string, look it up and return Oid
    3865             :  */
    3866             : static Oid
    3867          32 : convert_schema_name(text *schemaname)
    3868             : {
    3869          32 :     char       *nspname = text_to_cstring(schemaname);
    3870             : 
    3871          32 :     return get_namespace_oid(nspname, false);
    3872             : }
    3873             : 
    3874             : /*
    3875             :  * convert_schema_priv_string
    3876             :  *      Convert text string to AclMode value.
    3877             :  */
    3878             : static AclMode
    3879          32 : convert_schema_priv_string(text *priv_type_text)
    3880             : {
    3881             :     static const priv_map schema_priv_map[] = {
    3882             :         {"CREATE", ACL_CREATE},
    3883             :         {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
    3884             :         {"USAGE", ACL_USAGE},
    3885             :         {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
    3886             :         {NULL, 0}
    3887             :     };
    3888             : 
    3889          32 :     return convert_any_priv_string(priv_type_text, schema_priv_map);
    3890             : }
    3891             : 
    3892             : 
    3893             : /*
    3894             :  * has_server_privilege variants
    3895             :  *      These are all named "has_server_privilege" at the SQL level.
    3896             :  *      They take various combinations of foreign server name,
    3897             :  *      server OID, user name, user OID, or implicit user = current_user.
    3898             :  *
    3899             :  *      The result is a boolean value: true if user has the indicated
    3900             :  *      privilege, false if not.
    3901             :  */
    3902             : 
    3903             : /*
    3904             :  * has_server_privilege_name_name
    3905             :  *      Check user privileges on a foreign server given
    3906             :  *      name username, text servername, and text priv name.
    3907             :  */
    3908             : Datum
    3909           8 : has_server_privilege_name_name(PG_FUNCTION_ARGS)
    3910             : {
    3911           8 :     Name        username = PG_GETARG_NAME(0);
    3912           8 :     text       *servername = PG_GETARG_TEXT_PP(1);
    3913           8 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3914             :     Oid         roleid;
    3915             :     Oid         serverid;
    3916             :     AclMode     mode;
    3917             :     AclResult   aclresult;
    3918             : 
    3919           8 :     roleid = get_role_oid_or_public(NameStr(*username));
    3920           8 :     serverid = convert_server_name(servername);
    3921           8 :     mode = convert_server_priv_string(priv_type_text);
    3922             : 
    3923           8 :     aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
    3924             : 
    3925           8 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3926             : }
    3927             : 
    3928             : /*
    3929             :  * has_server_privilege_name
    3930             :  *      Check user privileges on a foreign server given
    3931             :  *      text servername and text priv name.
    3932             :  *      current_user is assumed
    3933             :  */
    3934             : Datum
    3935           4 : has_server_privilege_name(PG_FUNCTION_ARGS)
    3936             : {
    3937           4 :     text       *servername = PG_GETARG_TEXT_PP(0);
    3938           4 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    3939             :     Oid         roleid;
    3940             :     Oid         serverid;
    3941             :     AclMode     mode;
    3942             :     AclResult   aclresult;
    3943             : 
    3944           4 :     roleid = GetUserId();
    3945           4 :     serverid = convert_server_name(servername);
    3946           4 :     mode = convert_server_priv_string(priv_type_text);
    3947             : 
    3948           4 :     aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
    3949             : 
    3950           4 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3951             : }
    3952             : 
    3953             : /*
    3954             :  * has_server_privilege_name_id
    3955             :  *      Check user privileges on a foreign server given
    3956             :  *      name usename, foreign server oid, and text priv name.
    3957             :  */
    3958             : Datum
    3959           4 : has_server_privilege_name_id(PG_FUNCTION_ARGS)
    3960             : {
    3961           4 :     Name        username = PG_GETARG_NAME(0);
    3962           4 :     Oid         serverid = PG_GETARG_OID(1);
    3963           4 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    3964             :     Oid         roleid;
    3965             :     AclMode     mode;
    3966             :     AclResult   aclresult;
    3967             : 
    3968           4 :     roleid = get_role_oid_or_public(NameStr(*username));
    3969           4 :     mode = convert_server_priv_string(priv_type_text);
    3970             : 
    3971           4 :     if (!SearchSysCacheExists1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)))
    3972           0 :         PG_RETURN_NULL();
    3973             : 
    3974           4 :     aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
    3975             : 
    3976           4 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    3977             : }
    3978             : 
    3979             : /*
    3980             :  * has_server_privilege_id
    3981             :  *      Check user privileges on a foreign server given
    3982             :  *      server oid, and text priv name.
    3983             :  *      current_user is assumed
    3984             :  */
    3985             : Datum
    3986          52 : has_server_privilege_id(PG_FUNCTION_ARGS)
    3987             : {
    3988          52 :     Oid         serverid = PG_GETARG_OID(0);
    3989          52 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    3990             :     Oid         roleid;
    3991             :     AclMode     mode;
    3992             :     AclResult   aclresult;
    3993             : 
    3994          52 :     roleid = GetUserId();
    3995          52 :     mode = convert_server_priv_string(priv_type_text);
    3996             : 
    3997          52 :     if (!SearchSysCacheExists1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)))
    3998           0 :         PG_RETURN_NULL();
    3999             : 
    4000          52 :     aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
    4001             : 
    4002          52 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4003             : }
    4004             : 
    4005             : /*
    4006             :  * has_server_privilege_id_name
    4007             :  *      Check user privileges on a foreign server given
    4008             :  *      roleid, text servername, and text priv name.
    4009             :  */
    4010             : Datum
    4011           4 : has_server_privilege_id_name(PG_FUNCTION_ARGS)
    4012             : {
    4013           4 :     Oid         roleid = PG_GETARG_OID(0);
    4014           4 :     text       *servername = PG_GETARG_TEXT_PP(1);
    4015           4 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    4016             :     Oid         serverid;
    4017             :     AclMode     mode;
    4018             :     AclResult   aclresult;
    4019             : 
    4020           4 :     serverid = convert_server_name(servername);
    4021           4 :     mode = convert_server_priv_string(priv_type_text);
    4022             : 
    4023           4 :     aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
    4024             : 
    4025           4 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4026             : }
    4027             : 
    4028             : /*
    4029             :  * has_server_privilege_id_id
    4030             :  *      Check user privileges on a foreign server given
    4031             :  *      roleid, server oid, and text priv name.
    4032             :  */
    4033             : Datum
    4034           4 : has_server_privilege_id_id(PG_FUNCTION_ARGS)
    4035             : {
    4036           4 :     Oid         roleid = PG_GETARG_OID(0);
    4037           4 :     Oid         serverid = PG_GETARG_OID(1);
    4038           4 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    4039             :     AclMode     mode;
    4040             :     AclResult   aclresult;
    4041             : 
    4042           4 :     mode = convert_server_priv_string(priv_type_text);
    4043             : 
    4044           4 :     if (!SearchSysCacheExists1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)))
    4045           0 :         PG_RETURN_NULL();
    4046             : 
    4047           4 :     aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
    4048             : 
    4049           4 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4050             : }
    4051             : 
    4052             : /*
    4053             :  *      Support routines for has_server_privilege family.
    4054             :  */
    4055             : 
    4056             : /*
    4057             :  * Given a server name expressed as a string, look it up and return Oid
    4058             :  */
    4059             : static Oid
    4060          16 : convert_server_name(text *servername)
    4061             : {
    4062          16 :     char       *serverstr = text_to_cstring(servername);
    4063             : 
    4064          16 :     return get_foreign_server_oid(serverstr, false);
    4065             : }
    4066             : 
    4067             : /*
    4068             :  * convert_server_priv_string
    4069             :  *      Convert text string to AclMode value.
    4070             :  */
    4071             : static AclMode
    4072          76 : convert_server_priv_string(text *priv_type_text)
    4073             : {
    4074             :     static const priv_map server_priv_map[] = {
    4075             :         {"USAGE", ACL_USAGE},
    4076             :         {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
    4077             :         {NULL, 0}
    4078             :     };
    4079             : 
    4080          76 :     return convert_any_priv_string(priv_type_text, server_priv_map);
    4081             : }
    4082             : 
    4083             : 
    4084             : /*
    4085             :  * has_tablespace_privilege variants
    4086             :  *      These are all named "has_tablespace_privilege" at the SQL level.
    4087             :  *      They take various combinations of tablespace name, tablespace OID,
    4088             :  *      user name, user OID, or implicit user = current_user.
    4089             :  *
    4090             :  *      The result is a boolean value: true if user has the indicated
    4091             :  *      privilege, false if not.
    4092             :  */
    4093             : 
    4094             : /*
    4095             :  * has_tablespace_privilege_name_name
    4096             :  *      Check user privileges on a tablespace given
    4097             :  *      name username, text tablespacename, and text priv name.
    4098             :  */
    4099             : Datum
    4100           0 : has_tablespace_privilege_name_name(PG_FUNCTION_ARGS)
    4101             : {
    4102           0 :     Name        username = PG_GETARG_NAME(0);
    4103           0 :     text       *tablespacename = PG_GETARG_TEXT_PP(1);
    4104           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    4105             :     Oid         roleid;
    4106             :     Oid         tablespaceoid;
    4107             :     AclMode     mode;
    4108             :     AclResult   aclresult;
    4109             : 
    4110           0 :     roleid = get_role_oid_or_public(NameStr(*username));
    4111           0 :     tablespaceoid = convert_tablespace_name(tablespacename);
    4112           0 :     mode = convert_tablespace_priv_string(priv_type_text);
    4113             : 
    4114           0 :     aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
    4115             : 
    4116           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4117             : }
    4118             : 
    4119             : /*
    4120             :  * has_tablespace_privilege_name
    4121             :  *      Check user privileges on a tablespace given
    4122             :  *      text tablespacename and text priv name.
    4123             :  *      current_user is assumed
    4124             :  */
    4125             : Datum
    4126           0 : has_tablespace_privilege_name(PG_FUNCTION_ARGS)
    4127             : {
    4128           0 :     text       *tablespacename = PG_GETARG_TEXT_PP(0);
    4129           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    4130             :     Oid         roleid;
    4131             :     Oid         tablespaceoid;
    4132             :     AclMode     mode;
    4133             :     AclResult   aclresult;
    4134             : 
    4135           0 :     roleid = GetUserId();
    4136           0 :     tablespaceoid = convert_tablespace_name(tablespacename);
    4137           0 :     mode = convert_tablespace_priv_string(priv_type_text);
    4138             : 
    4139           0 :     aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
    4140             : 
    4141           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4142             : }
    4143             : 
    4144             : /*
    4145             :  * has_tablespace_privilege_name_id
    4146             :  *      Check user privileges on a tablespace given
    4147             :  *      name usename, tablespace oid, and text priv name.
    4148             :  */
    4149             : Datum
    4150           0 : has_tablespace_privilege_name_id(PG_FUNCTION_ARGS)
    4151             : {
    4152           0 :     Name        username = PG_GETARG_NAME(0);
    4153           0 :     Oid         tablespaceoid = PG_GETARG_OID(1);
    4154           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    4155             :     Oid         roleid;
    4156             :     AclMode     mode;
    4157             :     AclResult   aclresult;
    4158             : 
    4159           0 :     roleid = get_role_oid_or_public(NameStr(*username));
    4160           0 :     mode = convert_tablespace_priv_string(priv_type_text);
    4161             : 
    4162           0 :     if (!SearchSysCacheExists1(TABLESPACEOID, ObjectIdGetDatum(tablespaceoid)))
    4163           0 :         PG_RETURN_NULL();
    4164             : 
    4165           0 :     aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
    4166             : 
    4167           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4168             : }
    4169             : 
    4170             : /*
    4171             :  * has_tablespace_privilege_id
    4172             :  *      Check user privileges on a tablespace given
    4173             :  *      tablespace oid, and text priv name.
    4174             :  *      current_user is assumed
    4175             :  */
    4176             : Datum
    4177           0 : has_tablespace_privilege_id(PG_FUNCTION_ARGS)
    4178             : {
    4179           0 :     Oid         tablespaceoid = PG_GETARG_OID(0);
    4180           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    4181             :     Oid         roleid;
    4182             :     AclMode     mode;
    4183             :     AclResult   aclresult;
    4184             : 
    4185           0 :     roleid = GetUserId();
    4186           0 :     mode = convert_tablespace_priv_string(priv_type_text);
    4187             : 
    4188           0 :     if (!SearchSysCacheExists1(TABLESPACEOID, ObjectIdGetDatum(tablespaceoid)))
    4189           0 :         PG_RETURN_NULL();
    4190             : 
    4191           0 :     aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
    4192             : 
    4193           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4194             : }
    4195             : 
    4196             : /*
    4197             :  * has_tablespace_privilege_id_name
    4198             :  *      Check user privileges on a tablespace given
    4199             :  *      roleid, text tablespacename, and text priv name.
    4200             :  */
    4201             : Datum
    4202           0 : has_tablespace_privilege_id_name(PG_FUNCTION_ARGS)
    4203             : {
    4204           0 :     Oid         roleid = PG_GETARG_OID(0);
    4205           0 :     text       *tablespacename = PG_GETARG_TEXT_PP(1);
    4206           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    4207             :     Oid         tablespaceoid;
    4208             :     AclMode     mode;
    4209             :     AclResult   aclresult;
    4210             : 
    4211           0 :     tablespaceoid = convert_tablespace_name(tablespacename);
    4212           0 :     mode = convert_tablespace_priv_string(priv_type_text);
    4213             : 
    4214           0 :     aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
    4215             : 
    4216           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4217             : }
    4218             : 
    4219             : /*
    4220             :  * has_tablespace_privilege_id_id
    4221             :  *      Check user privileges on a tablespace given
    4222             :  *      roleid, tablespace oid, and text priv name.
    4223             :  */
    4224             : Datum
    4225           0 : has_tablespace_privilege_id_id(PG_FUNCTION_ARGS)
    4226             : {
    4227           0 :     Oid         roleid = PG_GETARG_OID(0);
    4228           0 :     Oid         tablespaceoid = PG_GETARG_OID(1);
    4229           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    4230             :     AclMode     mode;
    4231             :     AclResult   aclresult;
    4232             : 
    4233           0 :     mode = convert_tablespace_priv_string(priv_type_text);
    4234             : 
    4235           0 :     if (!SearchSysCacheExists1(TABLESPACEOID, ObjectIdGetDatum(tablespaceoid)))
    4236           0 :         PG_RETURN_NULL();
    4237             : 
    4238           0 :     aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
    4239             : 
    4240           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4241             : }
    4242             : 
    4243             : /*
    4244             :  *      Support routines for has_tablespace_privilege family.
    4245             :  */
    4246             : 
    4247             : /*
    4248             :  * Given a tablespace name expressed as a string, look it up and return Oid
    4249             :  */
    4250             : static Oid
    4251           0 : convert_tablespace_name(text *tablespacename)
    4252             : {
    4253           0 :     char       *spcname = text_to_cstring(tablespacename);
    4254             : 
    4255           0 :     return get_tablespace_oid(spcname, false);
    4256             : }
    4257             : 
    4258             : /*
    4259             :  * convert_tablespace_priv_string
    4260             :  *      Convert text string to AclMode value.
    4261             :  */
    4262             : static AclMode
    4263           0 : convert_tablespace_priv_string(text *priv_type_text)
    4264             : {
    4265             :     static const priv_map tablespace_priv_map[] = {
    4266             :         {"CREATE", ACL_CREATE},
    4267             :         {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
    4268             :         {NULL, 0}
    4269             :     };
    4270             : 
    4271           0 :     return convert_any_priv_string(priv_type_text, tablespace_priv_map);
    4272             : }
    4273             : 
    4274             : /*
    4275             :  * has_type_privilege variants
    4276             :  *      These are all named "has_type_privilege" at the SQL level.
    4277             :  *      They take various combinations of type name, type OID,
    4278             :  *      user name, user OID, or implicit user = current_user.
    4279             :  *
    4280             :  *      The result is a boolean value: true if user has the indicated
    4281             :  *      privilege, false if not, or NULL if object doesn't exist.
    4282             :  */
    4283             : 
    4284             : /*
    4285             :  * has_type_privilege_name_name
    4286             :  *      Check user privileges on a type given
    4287             :  *      name username, text typename, and text priv name.
    4288             :  */
    4289             : Datum
    4290           8 : has_type_privilege_name_name(PG_FUNCTION_ARGS)
    4291             : {
    4292           8 :     Name        username = PG_GETARG_NAME(0);
    4293           8 :     text       *typename = PG_GETARG_TEXT_PP(1);
    4294           8 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    4295             :     Oid         roleid;
    4296             :     Oid         typeoid;
    4297             :     AclMode     mode;
    4298             :     AclResult   aclresult;
    4299             : 
    4300           8 :     roleid = get_role_oid_or_public(NameStr(*username));
    4301           8 :     typeoid = convert_type_name(typename);
    4302           8 :     mode = convert_type_priv_string(priv_type_text);
    4303             : 
    4304           8 :     aclresult = pg_type_aclcheck(typeoid, roleid, mode);
    4305             : 
    4306           8 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4307             : }
    4308             : 
    4309             : /*
    4310             :  * has_type_privilege_name
    4311             :  *      Check user privileges on a type given
    4312             :  *      text typename and text priv name.
    4313             :  *      current_user is assumed
    4314             :  */
    4315             : Datum
    4316           0 : has_type_privilege_name(PG_FUNCTION_ARGS)
    4317             : {
    4318           0 :     text       *typename = PG_GETARG_TEXT_PP(0);
    4319           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    4320             :     Oid         roleid;
    4321             :     Oid         typeoid;
    4322             :     AclMode     mode;
    4323             :     AclResult   aclresult;
    4324             : 
    4325           0 :     roleid = GetUserId();
    4326           0 :     typeoid = convert_type_name(typename);
    4327           0 :     mode = convert_type_priv_string(priv_type_text);
    4328             : 
    4329           0 :     aclresult = pg_type_aclcheck(typeoid, roleid, mode);
    4330             : 
    4331           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4332             : }
    4333             : 
    4334             : /*
    4335             :  * has_type_privilege_name_id
    4336             :  *      Check user privileges on a type given
    4337             :  *      name usename, type oid, and text priv name.
    4338             :  */
    4339             : Datum
    4340           0 : has_type_privilege_name_id(PG_FUNCTION_ARGS)
    4341             : {
    4342           0 :     Name        username = PG_GETARG_NAME(0);
    4343           0 :     Oid         typeoid = PG_GETARG_OID(1);
    4344           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    4345             :     Oid         roleid;
    4346             :     AclMode     mode;
    4347             :     AclResult   aclresult;
    4348             : 
    4349           0 :     roleid = get_role_oid_or_public(NameStr(*username));
    4350           0 :     mode = convert_type_priv_string(priv_type_text);
    4351             : 
    4352           0 :     if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
    4353           0 :         PG_RETURN_NULL();
    4354             : 
    4355           0 :     aclresult = pg_type_aclcheck(typeoid, roleid, mode);
    4356             : 
    4357           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4358             : }
    4359             : 
    4360             : /*
    4361             :  * has_type_privilege_id
    4362             :  *      Check user privileges on a type given
    4363             :  *      type oid, and text priv name.
    4364             :  *      current_user is assumed
    4365             :  */
    4366             : Datum
    4367           0 : has_type_privilege_id(PG_FUNCTION_ARGS)
    4368             : {
    4369           0 :     Oid         typeoid = PG_GETARG_OID(0);
    4370           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    4371             :     Oid         roleid;
    4372             :     AclMode     mode;
    4373             :     AclResult   aclresult;
    4374             : 
    4375           0 :     roleid = GetUserId();
    4376           0 :     mode = convert_type_priv_string(priv_type_text);
    4377             : 
    4378           0 :     if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
    4379           0 :         PG_RETURN_NULL();
    4380             : 
    4381           0 :     aclresult = pg_type_aclcheck(typeoid, roleid, mode);
    4382             : 
    4383           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4384             : }
    4385             : 
    4386             : /*
    4387             :  * has_type_privilege_id_name
    4388             :  *      Check user privileges on a type given
    4389             :  *      roleid, text typename, and text priv name.
    4390             :  */
    4391             : Datum
    4392           0 : has_type_privilege_id_name(PG_FUNCTION_ARGS)
    4393             : {
    4394           0 :     Oid         roleid = PG_GETARG_OID(0);
    4395           0 :     text       *typename = PG_GETARG_TEXT_PP(1);
    4396           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    4397             :     Oid         typeoid;
    4398             :     AclMode     mode;
    4399             :     AclResult   aclresult;
    4400             : 
    4401           0 :     typeoid = convert_type_name(typename);
    4402           0 :     mode = convert_type_priv_string(priv_type_text);
    4403             : 
    4404           0 :     aclresult = pg_type_aclcheck(typeoid, roleid, mode);
    4405             : 
    4406           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4407             : }
    4408             : 
    4409             : /*
    4410             :  * has_type_privilege_id_id
    4411             :  *      Check user privileges on a type given
    4412             :  *      roleid, type oid, and text priv name.
    4413             :  */
    4414             : Datum
    4415           0 : has_type_privilege_id_id(PG_FUNCTION_ARGS)
    4416             : {
    4417           0 :     Oid         roleid = PG_GETARG_OID(0);
    4418           0 :     Oid         typeoid = PG_GETARG_OID(1);
    4419           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    4420             :     AclMode     mode;
    4421             :     AclResult   aclresult;
    4422             : 
    4423           0 :     mode = convert_type_priv_string(priv_type_text);
    4424             : 
    4425           0 :     if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
    4426           0 :         PG_RETURN_NULL();
    4427             : 
    4428           0 :     aclresult = pg_type_aclcheck(typeoid, roleid, mode);
    4429             : 
    4430           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4431             : }
    4432             : 
    4433             : /*
    4434             :  *      Support routines for has_type_privilege family.
    4435             :  */
    4436             : 
    4437             : /*
    4438             :  * Given a type name expressed as a string, look it up and return Oid
    4439             :  */
    4440             : static Oid
    4441           8 : convert_type_name(text *typename)
    4442             : {
    4443           8 :     char       *typname = text_to_cstring(typename);
    4444             :     Oid         oid;
    4445             : 
    4446           8 :     oid = DatumGetObjectId(DirectFunctionCall1(regtypein,
    4447             :                                                CStringGetDatum(typname)));
    4448             : 
    4449           8 :     if (!OidIsValid(oid))
    4450           0 :         ereport(ERROR,
    4451             :                 (errcode(ERRCODE_UNDEFINED_OBJECT),
    4452             :                  errmsg("type \"%s\" does not exist", typname)));
    4453             : 
    4454           8 :     return oid;
    4455             : }
    4456             : 
    4457             : /*
    4458             :  * convert_type_priv_string
    4459             :  *      Convert text string to AclMode value.
    4460             :  */
    4461             : static AclMode
    4462           8 : convert_type_priv_string(text *priv_type_text)
    4463             : {
    4464             :     static const priv_map type_priv_map[] = {
    4465             :         {"USAGE", ACL_USAGE},
    4466             :         {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
    4467             :         {NULL, 0}
    4468             :     };
    4469             : 
    4470           8 :     return convert_any_priv_string(priv_type_text, type_priv_map);
    4471             : }
    4472             : 
    4473             : 
    4474             : /*
    4475             :  * pg_has_role variants
    4476             :  *      These are all named "pg_has_role" at the SQL level.
    4477             :  *      They take various combinations of role name, role OID,
    4478             :  *      user name, user OID, or implicit user = current_user.
    4479             :  *
    4480             :  *      The result is a boolean value: true if user has the indicated
    4481             :  *      privilege, false if not.
    4482             :  */
    4483             : 
    4484             : /*
    4485             :  * pg_has_role_name_name
    4486             :  *      Check user privileges on a role given
    4487             :  *      name username, name rolename, and text priv name.
    4488             :  */
    4489             : Datum
    4490           0 : pg_has_role_name_name(PG_FUNCTION_ARGS)
    4491             : {
    4492           0 :     Name        username = PG_GETARG_NAME(0);
    4493           0 :     Name        rolename = PG_GETARG_NAME(1);
    4494           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    4495             :     Oid         roleid;
    4496             :     Oid         roleoid;
    4497             :     AclMode     mode;
    4498             :     AclResult   aclresult;
    4499             : 
    4500           0 :     roleid = get_role_oid(NameStr(*username), false);
    4501           0 :     roleoid = get_role_oid(NameStr(*rolename), false);
    4502           0 :     mode = convert_role_priv_string(priv_type_text);
    4503             : 
    4504           0 :     aclresult = pg_role_aclcheck(roleoid, roleid, mode);
    4505             : 
    4506           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4507             : }
    4508             : 
    4509             : /*
    4510             :  * pg_has_role_name
    4511             :  *      Check user privileges on a role given
    4512             :  *      name rolename and text priv name.
    4513             :  *      current_user is assumed
    4514             :  */
    4515             : Datum
    4516          12 : pg_has_role_name(PG_FUNCTION_ARGS)
    4517             : {
    4518          12 :     Name        rolename = PG_GETARG_NAME(0);
    4519          12 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    4520             :     Oid         roleid;
    4521             :     Oid         roleoid;
    4522             :     AclMode     mode;
    4523             :     AclResult   aclresult;
    4524             : 
    4525          12 :     roleid = GetUserId();
    4526          12 :     roleoid = get_role_oid(NameStr(*rolename), false);
    4527          12 :     mode = convert_role_priv_string(priv_type_text);
    4528             : 
    4529          12 :     aclresult = pg_role_aclcheck(roleoid, roleid, mode);
    4530             : 
    4531          12 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4532             : }
    4533             : 
    4534             : /*
    4535             :  * pg_has_role_name_id
    4536             :  *      Check user privileges on a role given
    4537             :  *      name usename, role oid, and text priv name.
    4538             :  */
    4539             : Datum
    4540           0 : pg_has_role_name_id(PG_FUNCTION_ARGS)
    4541             : {
    4542           0 :     Name        username = PG_GETARG_NAME(0);
    4543           0 :     Oid         roleoid = PG_GETARG_OID(1);
    4544           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    4545             :     Oid         roleid;
    4546             :     AclMode     mode;
    4547             :     AclResult   aclresult;
    4548             : 
    4549           0 :     roleid = get_role_oid(NameStr(*username), false);
    4550           0 :     mode = convert_role_priv_string(priv_type_text);
    4551             : 
    4552           0 :     aclresult = pg_role_aclcheck(roleoid, roleid, mode);
    4553             : 
    4554           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4555             : }
    4556             : 
    4557             : /*
    4558             :  * pg_has_role_id
    4559             :  *      Check user privileges on a role given
    4560             :  *      role oid, and text priv name.
    4561             :  *      current_user is assumed
    4562             :  */
    4563             : Datum
    4564       35080 : pg_has_role_id(PG_FUNCTION_ARGS)
    4565             : {
    4566       35080 :     Oid         roleoid = PG_GETARG_OID(0);
    4567       35080 :     text       *priv_type_text = PG_GETARG_TEXT_PP(1);
    4568             :     Oid         roleid;
    4569             :     AclMode     mode;
    4570             :     AclResult   aclresult;
    4571             : 
    4572       35080 :     roleid = GetUserId();
    4573       35080 :     mode = convert_role_priv_string(priv_type_text);
    4574             : 
    4575       35080 :     aclresult = pg_role_aclcheck(roleoid, roleid, mode);
    4576             : 
    4577       35080 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4578             : }
    4579             : 
    4580             : /*
    4581             :  * pg_has_role_id_name
    4582             :  *      Check user privileges on a role given
    4583             :  *      roleid, name rolename, and text priv name.
    4584             :  */
    4585             : Datum
    4586           0 : pg_has_role_id_name(PG_FUNCTION_ARGS)
    4587             : {
    4588           0 :     Oid         roleid = PG_GETARG_OID(0);
    4589           0 :     Name        rolename = PG_GETARG_NAME(1);
    4590           0 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    4591             :     Oid         roleoid;
    4592             :     AclMode     mode;
    4593             :     AclResult   aclresult;
    4594             : 
    4595           0 :     roleoid = get_role_oid(NameStr(*rolename), false);
    4596           0 :     mode = convert_role_priv_string(priv_type_text);
    4597             : 
    4598           0 :     aclresult = pg_role_aclcheck(roleoid, roleid, mode);
    4599             : 
    4600           0 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4601             : }
    4602             : 
    4603             : /*
    4604             :  * pg_has_role_id_id
    4605             :  *      Check user privileges on a role given
    4606             :  *      roleid, role oid, and text priv name.
    4607             :  */
    4608             : Datum
    4609          56 : pg_has_role_id_id(PG_FUNCTION_ARGS)
    4610             : {
    4611          56 :     Oid         roleid = PG_GETARG_OID(0);
    4612          56 :     Oid         roleoid = PG_GETARG_OID(1);
    4613          56 :     text       *priv_type_text = PG_GETARG_TEXT_PP(2);
    4614             :     AclMode     mode;
    4615             :     AclResult   aclresult;
    4616             : 
    4617          56 :     mode = convert_role_priv_string(priv_type_text);
    4618             : 
    4619          56 :     aclresult = pg_role_aclcheck(roleoid, roleid, mode);
    4620             : 
    4621          56 :     PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
    4622             : }
    4623             : 
    4624             : /*
    4625             :  *      Support routines for pg_has_role family.
    4626             :  */
    4627             : 
    4628             : /*
    4629             :  * convert_role_priv_string
    4630             :  *      Convert text string to AclMode value.
    4631             :  *
    4632             :  * We use USAGE to denote whether the privileges of the role are accessible
    4633             :  * (has_privs), MEMBER to denote is_member, and MEMBER WITH GRANT OPTION
    4634             :  * (or ADMIN OPTION) to denote is_admin.  There is no ACL bit corresponding
    4635             :  * to MEMBER so we cheat and use ACL_CREATE for that.  This convention
    4636             :  * is shared only with pg_role_aclcheck, below.
    4637             :  */
    4638             : static AclMode
    4639       35148 : convert_role_priv_string(text *priv_type_text)
    4640             : {
    4641             :     static const priv_map role_priv_map[] = {
    4642             :         {"USAGE", ACL_USAGE},
    4643             :         {"MEMBER", ACL_CREATE},
    4644             :         {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
    4645             :         {"USAGE WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
    4646             :         {"MEMBER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
    4647             :         {"MEMBER WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
    4648             :         {NULL, 0}
    4649             :     };
    4650             : 
    4651       35148 :     return convert_any_priv_string(priv_type_text, role_priv_map);
    4652             : }
    4653             : 
    4654             : /*
    4655             :  * pg_role_aclcheck
    4656             :  *      Quick-and-dirty support for pg_has_role
    4657             :  */
    4658             : static AclResult
    4659       35148 : pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode)
    4660             : {
    4661       35148 :     if (mode & ACL_GRANT_OPTION_FOR(ACL_CREATE))
    4662             :     {
    4663             :         /*
    4664             :          * XXX For roleid == role_oid, is_admin_of_role() also examines the
    4665             :          * session and call stack.  That suits two-argument pg_has_role(), but
    4666             :          * it gives the three-argument version a lamentable whimsy.
    4667             :          */
    4668           0 :         if (is_admin_of_role(roleid, role_oid))
    4669           0 :             return ACLCHECK_OK;
    4670             :     }
    4671       35148 :     if (mode & ACL_CREATE)
    4672             :     {
    4673           0 :         if (is_member_of_role(roleid, role_oid))
    4674           0 :             return ACLCHECK_OK;
    4675             :     }
    4676       35148 :     if (mode & ACL_USAGE)
    4677             :     {
    4678       35148 :         if (has_privs_of_role(roleid, role_oid))
    4679       34896 :             return ACLCHECK_OK;
    4680             :     }
    4681         252 :     return ACLCHECK_NO_PRIV;
    4682             : }
    4683             : 
    4684             : 
    4685             : /*
    4686             :  * initialization function (called by InitPostgres)
    4687             :  */
    4688             : void
    4689        8820 : initialize_acl(void)
    4690             : {
    4691        8820 :     if (!IsBootstrapProcessingMode())
    4692             :     {
    4693             :         /*
    4694             :          * In normal mode, set a callback on any syscache invalidation of
    4695             :          * pg_auth_members rows
    4696             :          */
    4697        8500 :         CacheRegisterSyscacheCallback(AUTHMEMROLEMEM,
    4698             :                                       RoleMembershipCacheCallback,
    4699             :                                       (Datum) 0);
    4700             :     }
    4701        8820 : }
    4702             : 
    4703             : /*
    4704             :  * RoleMembershipCacheCallback
    4705             :  *      Syscache inval callback function
    4706             :  */
    4707             : static void
    4708        4820 : RoleMembershipCacheCallback(Datum arg, int cacheid, uint32 hashvalue)
    4709             : {
    4710             :     /* Force membership caches to be recomputed on next use */
    4711        4820 :     cached_privs_role = InvalidOid;
    4712        4820 :     cached_member_role = InvalidOid;
    4713        4820 : }
    4714             : 
    4715             : 
    4716             : /* Check if specified role has rolinherit set */
    4717             : static bool
    4718        1114 : has_rolinherit(Oid roleid)
    4719             : {
    4720        1114 :     bool        result = false;
    4721             :     HeapTuple   utup;
    4722             : 
    4723        1114 :     utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
    4724        1114 :     if (HeapTupleIsValid(utup))
    4725             :     {
    4726        1114 :         result = ((Form_pg_authid) GETSTRUCT(utup))->rolinherit;
    4727        1114 :         ReleaseSysCache(utup);
    4728             :     }
    4729        1114 :     return result;
    4730             : }
    4731             : 
    4732             : 
    4733             : /*
    4734             :  * Get a list of roles that the specified roleid has the privileges of
    4735             :  *
    4736             :  * This is defined not to recurse through roles that don't have rolinherit
    4737             :  * set; for such roles, membership implies the ability to do SET ROLE, but
    4738             :  * the privileges are not available until you've done so.
    4739             :  *
    4740             :  * Since indirect membership testing is relatively expensive, we cache
    4741             :  * a list of memberships.  Hence, the result is only guaranteed good until
    4742             :  * the next call of roles_has_privs_of()!
    4743             :  *
    4744             :  * For the benefit of select_best_grantor, the result is defined to be
    4745             :  * in breadth-first order, ie, closer relationships earlier.
    4746             :  */
    4747             : static List *
    4748        5368 : roles_has_privs_of(Oid roleid)
    4749             : {
    4750             :     List       *roles_list;
    4751             :     ListCell   *l;
    4752             :     List       *new_cached_privs_roles;
    4753             :     MemoryContext oldctx;
    4754             : 
    4755             :     /* If cache is already valid, just return the list */
    4756        5368 :     if (OidIsValid(cached_privs_role) && cached_privs_role == roleid)
    4757        4616 :         return cached_privs_roles;
    4758             : 
    4759             :     /*
    4760             :      * Find all the roles that roleid is a member of, including multi-level
    4761             :      * recursion.  The role itself will always be the first element of the
    4762             :      * resulting list.
    4763             :      *
    4764             :      * Each element of the list is scanned to see if it adds any indirect
    4765             :      * memberships.  We can use a single list as both the record of
    4766             :      * already-found memberships and the agenda of roles yet to be scanned.
    4767             :      * This is a bit tricky but works because the foreach() macro doesn't
    4768             :      * fetch the next list element until the bottom of the loop.
    4769             :      */
    4770         752 :     roles_list = list_make1_oid(roleid);
    4771             : 
    4772        1866 :     foreach(l, roles_list)
    4773             :     {
    4774        1114 :         Oid         memberid = lfirst_oid(l);
    4775             :         CatCList   *memlist;
    4776             :         int         i;
    4777             : 
    4778             :         /* Ignore non-inheriting roles */
    4779        1114 :         if (!has_rolinherit(memberid))
    4780           0 :             continue;
    4781             : 
    4782             :         /* Find roles that memberid is directly a member of */
    4783        1114 :         memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
    4784             :                                       ObjectIdGetDatum(memberid));
    4785        1476 :         for (i = 0; i < memlist->n_members; i++)
    4786             :         {
    4787         362 :             HeapTuple   tup = &memlist->members[i]->tuple;
    4788         362 :             Oid         otherid = ((Form_pg_auth_members) GETSTRUCT(tup))->roleid;
    4789             : 
    4790             :             /*
    4791             :              * Even though there shouldn't be any loops in the membership
    4792             :              * graph, we must test for having already seen this role. It is
    4793             :              * legal for instance to have both A->B and A->C->B.
    4794             :              */
    4795         362 :             roles_list = list_append_unique_oid(roles_list, otherid);
    4796             :         }
    4797        1114 :         ReleaseSysCacheList(memlist);
    4798             :     }
    4799             : 
    4800             :     /*
    4801             :      * Copy the completed list into TopMemoryContext so it will persist.
    4802             :      */
    4803         752 :     oldctx = MemoryContextSwitchTo(TopMemoryContext);
    4804         752 :     new_cached_privs_roles = list_copy(roles_list);
    4805         752 :     MemoryContextSwitchTo(oldctx);
    4806         752 :     list_free(roles_list);
    4807             : 
    4808             :     /*
    4809             :      * Now safe to assign to state variable
    4810             :      */
    4811         752 :     cached_privs_role = InvalidOid; /* just paranoia */
    4812         752 :     list_free(cached_privs_roles);
    4813         752 :     cached_privs_roles = new_cached_privs_roles;
    4814         752 :     cached_privs_role = roleid;
    4815             : 
    4816             :     /* And now we can return the answer */
    4817         752 :     return cached_privs_roles;
    4818             : }
    4819             : 
    4820             : 
    4821             : /*
    4822             :  * Get a list of roles that the specified roleid is a member of
    4823             :  *
    4824             :  * This is defined to recurse through roles regardless of rolinherit.
    4825             :  *
    4826             :  * Since indirect membership testing is relatively expensive, we cache
    4827             :  * a list of memberships.  Hence, the result is only guaranteed good until
    4828             :  * the next call of roles_is_member_of()!
    4829             :  */
    4830             : static List *
    4831       14862 : roles_is_member_of(Oid roleid)
    4832             : {
    4833             :     List       *roles_list;
    4834             :     ListCell   *l;
    4835             :     List       *new_cached_membership_roles;
    4836             :     MemoryContext oldctx;
    4837             : 
    4838             :     /* If cache is already valid, just return the list */
    4839       14862 :     if (OidIsValid(cached_member_role) && cached_member_role == roleid)
    4840       13718 :         return cached_membership_roles;
    4841             : 
    4842             :     /*
    4843             :      * Find all the roles that roleid is a member of, including multi-level
    4844             :      * recursion.  The role itself will always be the first element of the
    4845             :      * resulting list.
    4846             :      *
    4847             :      * Each element of the list is scanned to see if it adds any indirect
    4848             :      * memberships.  We can use a single list as both the record of
    4849             :      * already-found memberships and the agenda of roles yet to be scanned.
    4850             :      * This is a bit tricky but works because the foreach() macro doesn't
    4851             :      * fetch the next list element until the bottom of the loop.
    4852             :      */
    4853        1144 :     roles_list = list_make1_oid(roleid);
    4854             : 
    4855        2362 :     foreach(l, roles_list)
    4856             :     {
    4857        1218 :         Oid         memberid = lfirst_oid(l);
    4858             :         CatCList   *memlist;
    4859             :         int         i;
    4860             : 
    4861             :         /* Find roles that memberid is directly a member of */
    4862        1218 :         memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
    4863             :                                       ObjectIdGetDatum(memberid));
    4864        1292 :         for (i = 0; i < memlist->n_members; i++)
    4865             :         {
    4866          74 :             HeapTuple   tup = &memlist->members[i]->tuple;
    4867          74 :             Oid         otherid = ((Form_pg_auth_members) GETSTRUCT(tup))->roleid;
    4868             : 
    4869             :             /*
    4870             :              * Even though there shouldn't be any loops in the membership
    4871             :              * graph, we must test for having already seen this role. It is
    4872             :              * legal for instance to have both A->B and A->C->B.
    4873             :              */
    4874          74 :             roles_list = list_append_unique_oid(roles_list, otherid);
    4875             :         }
    4876        1218 :         ReleaseSysCacheList(memlist);
    4877             :     }
    4878             : 
    4879             :     /*
    4880             :      * Copy the completed list into TopMemoryContext so it will persist.
    4881             :      */
    4882        1144 :     oldctx = MemoryContextSwitchTo(TopMemoryContext);
    4883        1144 :     new_cached_membership_roles = list_copy(roles_list);
    4884        1144 :     MemoryContextSwitchTo(oldctx);
    4885        1144 :     list_free(roles_list);
    4886             : 
    4887             :     /*
    4888             :      * Now safe to assign to state variable
    4889             :      */
    4890        1144 :     cached_member_role = InvalidOid;    /* just paranoia */
    4891        1144 :     list_free(cached_membership_roles);
    4892        1144 :     cached_membership_roles = new_cached_membership_roles;
    4893        1144 :     cached_member_role = roleid;
    4894             : 
    4895             :     /* And now we can return the answer */
    4896        1144 :     return cached_membership_roles;
    4897             : }
    4898             : 
    4899             : 
    4900             : /*
    4901             :  * Does member have the privileges of role (directly or indirectly)?
    4902             :  *
    4903             :  * This is defined not to recurse through roles that don't have rolinherit
    4904             :  * set; for such roles, membership implies the ability to do SET ROLE, but
    4905             :  * the privileges are not available until you've done so.
    4906             :  */
    4907             : bool
    4908       44014 : has_privs_of_role(Oid member, Oid role)
    4909             : {
    4910             :     /* Fast path for simple case */
    4911       44014 :     if (member == role)
    4912       37646 :         return true;
    4913             : 
    4914             :     /* Superusers have every privilege, so are part of every role */
    4915        6368 :     if (superuser_arg(member))
    4916        1136 :         return true;
    4917             : 
    4918             :     /*
    4919             :      * Find all the roles that member has the privileges of, including
    4920             :      * multi-level recursion, then see if target role is any one of them.
    4921             :      */
    4922        5232 :     return list_member_oid(roles_has_privs_of(member), role);
    4923             : }
    4924             : 
    4925             : 
    4926             : /*
    4927             :  * Is member a member of role (directly or indirectly)?
    4928             :  *
    4929             :  * This is defined to recurse through roles regardless of rolinherit.
    4930             :  */
    4931             : bool
    4932       18384 : is_member_of_role(Oid member, Oid role)
    4933             : {
    4934             :     /* Fast path for simple case */
    4935       18384 :     if (member == role)
    4936        1518 :         return true;
    4937             : 
    4938             :     /* Superusers have every privilege, so are part of every role */
    4939       16866 :     if (superuser_arg(member))
    4940        3036 :         return true;
    4941             : 
    4942             :     /*
    4943             :      * Find all the roles that member is a member of, including multi-level
    4944             :      * recursion, then see if target role is any one of them.
    4945             :      */
    4946       13830 :     return list_member_oid(roles_is_member_of(member), role);
    4947             : }
    4948             : 
    4949             : /*
    4950             :  * check_is_member_of_role
    4951             :  *      is_member_of_role with a standard permission-violation error if not
    4952             :  */
    4953             : void
    4954        1724 : check_is_member_of_role(Oid member, Oid role)
    4955             : {
    4956        1724 :     if (!is_member_of_role(member, role))
    4957          80 :         ereport(ERROR,
    4958             :                 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
    4959             :                  errmsg("must be member of role \"%s\"",
    4960             :                         GetUserNameFromId(role, false))));
    4961        1644 : }
    4962             : 
    4963             : /*
    4964             :  * Is member a member of role, not considering superuserness?
    4965             :  *
    4966             :  * This is identical to is_member_of_role except we ignore superuser
    4967             :  * status.
    4968             :  */
    4969             : bool
    4970        1032 : is_member_of_role_nosuper(Oid member, Oid role)
    4971             : {
    4972             :     /* Fast path for simple case */
    4973        1032 :     if (member == role)
    4974           0 :         return true;
    4975             : 
    4976             :     /*
    4977             :      * Find all the roles that member is a member of, including multi-level
    4978             :      * recursion, then see if target role is any one of them.
    4979             :      */
    4980        1032 :     return list_member_oid(roles_is_member_of(member), role);
    4981             : }
    4982             : 
    4983             : 
    4984             : /*
    4985             :  * Is member an admin of role?  That is, is member the role itself (subject to
    4986             :  * restrictions below), a member (directly or indirectly) WITH ADMIN OPTION,
    4987             :  * or a superuser?
    4988             :  */
    4989             : bool
    4990          32 : is_admin_of_role(Oid member, Oid role)
    4991             : {
    4992          32 :     bool        result = false;
    4993             :     List       *roles_list;
    4994             :     ListCell   *l;
    4995             : 
    4996          32 :     if (superuser_arg(member))
    4997           0 :         return true;
    4998             : 
    4999          32 :     if (member == role)
    5000             : 
    5001             :         /*
    5002             :          * A role can admin itself when it matches the session user and we're
    5003             :          * outside any security-restricted operation, SECURITY DEFINER or
    5004             :          * similar context.  SQL-standard roles cannot self-admin.  However,
    5005             :          * SQL-standard users are distinct from roles, and they are not
    5006             :          * grantable like roles: PostgreSQL's role-user duality extends the
    5007             :          * standard.  Checking for a session user match has the effect of
    5008             :          * letting a role self-admin only when it's conspicuously behaving
    5009             :          * like a user.  Note that allowing self-admin under a mere SET ROLE
    5010             :          * would make WITH ADMIN OPTION largely irrelevant; any member could
    5011             :          * SET ROLE to issue the otherwise-forbidden command.
    5012             :          *
    5013             :          * Withholding self-admin in a security-restricted operation prevents
    5014             :          * object owners from harnessing the session user identity during
    5015             :          * administrative maintenance.  Suppose Alice owns a database, has
    5016             :          * issued "GRANT alice TO bob", and runs a daily ANALYZE.  Bob creates
    5017             :          * an alice-owned SECURITY DEFINER function that issues "REVOKE alice
    5018             :          * FROM carol".  If he creates an expression index calling that
    5019             :          * function, Alice will attempt the REVOKE during each ANALYZE.
    5020             :          * Checking InSecurityRestrictedOperation() thwarts that attack.
    5021             :          *
    5022             :          * Withholding self-admin in SECURITY DEFINER functions makes their
    5023             :          * behavior independent of the calling user.  There's no security or
    5024             :          * SQL-standard-conformance need for that restriction, though.
    5025             :          *
    5026             :          * A role cannot have actual WITH ADMIN OPTION on itself, because that
    5027             :          * would imply a membership loop.  Therefore, we're done either way.
    5028             :          */
    5029          24 :         return member == GetSessionUserId() &&
    5030          20 :             !InLocalUserIdChange() && !InSecurityRestrictedOperation();
    5031             : 
    5032             :     /*
    5033             :      * Find all the roles that member is a member of, including multi-level
    5034             :      * recursion.  We build a list in the same way that is_member_of_role does
    5035             :      * to track visited and unvisited roles.
    5036             :      */
    5037          16 :     roles_list = list_make1_oid(member);
    5038             : 
    5039          24 :     foreach(l, roles_list)
    5040             :     {
    5041          20 :         Oid         memberid = lfirst_oid(l);
    5042             :         CatCList   *memlist;
    5043             :         int         i;
    5044             : 
    5045             :         /* Find roles that memberid is directly a member of */
    5046          20 :         memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
    5047             :                                       ObjectIdGetDatum(memberid));
    5048          36 :         for (i = 0; i < memlist->n_members; i++)
    5049             :         {
    5050          28 :             HeapTuple   tup = &memlist->members[i]->tuple;
    5051          28 :             Oid         otherid = ((Form_pg_auth_members) GETSTRUCT(tup))->roleid;
    5052             : 
    5053          44 :             if (otherid == role &&
    5054          16 :                 ((Form_pg_auth_members) GETSTRUCT(tup))->admin_option)
    5055             :             {
    5056             :                 /* Found what we came for, so can stop searching */
    5057          12 :                 result = true;
    5058          12 :                 break;
    5059             :             }
    5060             : 
    5061          16 :             roles_list = list_append_unique_oid(roles_list, otherid);
    5062             :         }
    5063          20 :         ReleaseSysCacheList(memlist);
    5064          20 :         if (result)
    5065          12 :             break;
    5066             :     }
    5067             : 
    5068          16 :     list_free(roles_list);
    5069             : 
    5070          16 :     return result;
    5071             : }
    5072             : 
    5073             : 
    5074             : /* does what it says ... */
    5075             : static int
    5076           0 : count_one_bits(AclMode mask)
    5077             : {
    5078           0 :     int         nbits = 0;
    5079             : 
    5080             :     /* this code relies on AclMode being an unsigned type */
    5081           0 :     while (mask)
    5082             :     {
    5083           0 :         if (mask & 1)
    5084           0 :             nbits++;
    5085           0 :         mask >>= 1;
    5086             :     }
    5087           0 :     return nbits;
    5088             : }
    5089             : 
    5090             : 
    5091             : /*
    5092             :  * Select the effective grantor ID for a GRANT or REVOKE operation.
    5093             :  *
    5094             :  * The grantor must always be either the object owner or some role that has
    5095             :  * been explicitly granted grant options.  This ensures that all granted
    5096             :  * privileges appear to flow from the object owner, and there are never
    5097             :  * multiple "original sources" of a privilege.  Therefore, if the would-be
    5098             :  * grantor is a member of a role that has the needed grant options, we have
    5099             :  * to do the grant as that role instead.
    5100             :  *
    5101             :  * It is possible that the would-be grantor is a member of several roles
    5102             :  * that have different subsets of the desired grant options, but no one
    5103             :  * role has 'em all.  In this case we pick a role with the largest number
    5104             :  * of desired options.  Ties are broken in favor of closer ancestors.
    5105             :  *
    5106             :  * roleId: the role attempting to do the GRANT/REVOKE
    5107             :  * privileges: the privileges to be granted/revoked
    5108             :  * acl: the ACL of the object in question
    5109             :  * ownerId: the role owning the object in question
    5110             :  * *grantorId: receives the OID of the role to do the grant as
    5111             :  * *grantOptions: receives the grant options actually held by grantorId
    5112             :  *
    5113             :  * If no grant options exist, we set grantorId to roleId, grantOptions to 0.
    5114             :  */
    5115             : void
    5116       85100 : select_best_grantor(Oid roleId, AclMode privileges,
    5117             :                     const Acl *acl, Oid ownerId,
    5118             :                     Oid *grantorId, AclMode *grantOptions)
    5119             : {
    5120       85100 :     AclMode     needed_goptions = ACL_GRANT_OPTION_FOR(privileges);
    5121             :     List       *roles_list;
    5122             :     int         nrights;
    5123             :     ListCell   *l;
    5124             : 
    5125             :     /*
    5126             :      * The object owner is always treated as having all grant options, so if
    5127             :      * roleId is the owner it's easy.  Also, if roleId is a superuser it's
    5128             :      * easy: superusers are implicitly members of every role, so they act as
    5129             :      * the object owner.
    5130             :      */
    5131       85100 :     if (roleId == ownerId || superuser_arg(roleId))
    5132             :     {
    5133       84964 :         *grantorId = ownerId;
    5134       84964 :         *grantOptions = needed_goptions;
    5135       84964 :         return;
    5136             :     }
    5137             : 
    5138             :     /*
    5139             :      * Otherwise we have to do a careful search to see if roleId has the
    5140             :      * privileges of any suitable role.  Note: we can hang onto the result of
    5141             :      * roles_has_privs_of() throughout this loop, because aclmask_direct()
    5142             :      * doesn't query any role memberships.
    5143             :      */
    5144         136 :     roles_list = roles_has_privs_of(roleId);
    5145             : 
    5146             :     /* initialize candidate result as default */
    5147         136 :     *grantorId = roleId;
    5148         136 :     *grantOptions = ACL_NO_RIGHTS;
    5149         136 :     nrights = 0;
    5150             : 
    5151         188 :     foreach(l, roles_list)
    5152             :     {
    5153         144 :         Oid         otherrole = lfirst_oid(l);
    5154             :         AclMode     otherprivs;
    5155             : 
    5156         144 :         otherprivs = aclmask_direct(acl, otherrole, ownerId,
    5157             :                                     needed_goptions, ACLMASK_ALL);
    5158         144 :         if (otherprivs == needed_goptions)
    5159             :         {
    5160             :             /* Found a suitable grantor */
    5161          92 :             *grantorId = otherrole;
    5162          92 :             *grantOptions = otherprivs;
    5163         184 :             return;
    5164             :         }
    5165             : 
    5166             :         /*
    5167             :          * If it has just some of the needed privileges, remember best
    5168             :          * candidate.
    5169             :          */
    5170          52 :         if (otherprivs != ACL_NO_RIGHTS)
    5171             :         {
    5172           0 :             int         nnewrights = count_one_bits(otherprivs);
    5173             : 
    5174           0 :             if (nnewrights > nrights)
    5175             :             {
    5176           0 :                 *grantorId = otherrole;
    5177           0 :                 *grantOptions = otherprivs;
    5178           0 :                 nrights = nnewrights;
    5179             :             }
    5180             :         }
    5181             :     }
    5182             : }
    5183             : 
    5184             : /*
    5185             :  * get_role_oid - Given a role name, look up the role's OID.
    5186             :  *
    5187             :  * If missing_ok is false, throw an error if role name not found.  If
    5188             :  * true, just return InvalidOid.
    5189             :  */
    5190             : Oid
    5191       15790 : get_role_oid(const char *rolname, bool missing_ok)
    5192             : {
    5193             :     Oid         oid;
    5194             : 
    5195       15790 :     oid = GetSysCacheOid1(AUTHNAME, Anum_pg_authid_oid,
    5196             :                           CStringGetDatum(rolname));
    5197       15790 :     if (!OidIsValid(oid) && !missing_ok)
    5198          56 :         ereport(ERROR,
    5199             :                 (errcode(ERRCODE_UNDEFINED_OBJECT),
    5200             :                  errmsg("role \"%s\" does not exist", rolname)));
    5201       15734 :     return oid;
    5202             : }
    5203             : 
    5204             : /*
    5205             :  * get_role_oid_or_public - As above, but return ACL_ID_PUBLIC if the
    5206             :  *      role name is "public".
    5207             :  */
    5208             : Oid
    5209         260 : get_role_oid_or_public(const char *rolname)
    5210             : {
    5211         260 :     if (strcmp(rolname, "public") == 0)
    5212           0 :         return ACL_ID_PUBLIC;
    5213             : 
    5214         260 :     return get_role_oid(rolname, false);
    5215             : }
    5216             : 
    5217             : /*
    5218             :  * Given a RoleSpec node, return the OID it corresponds to.  If missing_ok is
    5219             :  * true, return InvalidOid if the role does not exist.
    5220             :  *
    5221             :  * PUBLIC is always disallowed here.  Routines wanting to handle the PUBLIC
    5222             :  * case must check the case separately.
    5223             :  */
    5224             : Oid
    5225        6832 : get_rolespec_oid(const RoleSpec *role, bool missing_ok)
    5226             : {
    5227             :     Oid         oid;
    5228             : 
    5229        6832 :     switch (role->roletype)
    5230             :     {
    5231             :         case ROLESPEC_CSTRING:
    5232             :             Assert(role->rolename);
    5233        6640 :             oid = get_role_oid(role->rolename, missing_ok);
    5234        6610 :             break;
    5235             : 
    5236             :         case ROLESPEC_CURRENT_USER:
    5237         154 :             oid = GetUserId();
    5238         154 :             break;
    5239             : 
    5240             :         case ROLESPEC_SESSION_USER:
    5241          22 :             oid = GetSessionUserId();
    5242          22 :             break;
    5243             : 
    5244             :         case ROLESPEC_PUBLIC:
    5245          16 :             ereport(ERROR,
    5246             :                     (errcode(ERRCODE_UNDEFINED_OBJECT),
    5247             :                      errmsg("role \"%s\" does not exist", "public")));
    5248             :             oid = InvalidOid;   /* make compiler happy */
    5249             :             break;
    5250             : 
    5251             :         default:
    5252           0 :             elog(ERROR, "unexpected role type %d", role->roletype);
    5253             :     }
    5254             : 
    5255        6786 :     return oid;
    5256             : }
    5257             : 
    5258             : /*
    5259             :  * Given a RoleSpec node, return the pg_authid HeapTuple it corresponds to.
    5260             :  * Caller must ReleaseSysCache when done with the result tuple.
    5261             :  */
    5262             : HeapTuple
    5263         276 : get_rolespec_tuple(const RoleSpec *role)
    5264             : {
    5265             :     HeapTuple   tuple;
    5266             : 
    5267         276 :     switch (role->roletype)
    5268             :     {
    5269             :         case ROLESPEC_CSTRING:
    5270             :             Assert(role->rolename);
    5271         238 :             tuple = SearchSysCache1(AUTHNAME, CStringGetDatum(role->rolename));
    5272         238 :             if (!HeapTupleIsValid(tuple))
    5273          12 :                 ereport(ERROR,
    5274             :                         (errcode(ERRCODE_UNDEFINED_OBJECT),
    5275             :                          errmsg("role \"%s\" does not exist", role->rolename)));
    5276         226 :             break;
    5277             : 
    5278             :         case ROLESPEC_CURRENT_USER:
    5279          14 :             tuple = SearchSysCache1(AUTHOID, GetUserId());
    5280          14 :             if (!HeapTupleIsValid(tuple))
    5281           0 :                 elog(ERROR, "cache lookup failed for role %u", GetUserId());
    5282          14 :             break;
    5283             : 
    5284             :         case ROLESPEC_SESSION_USER:
    5285          12 :             tuple = SearchSysCache1(AUTHOID, GetSessionUserId());
    5286          12 :             if (!HeapTupleIsValid(tuple))
    5287           0 :                 elog(ERROR, "cache lookup failed for role %u", GetSessionUserId());
    5288          12 :             break;
    5289             : 
    5290             :         case ROLESPEC_PUBLIC:
    5291          12 :             ereport(ERROR,
    5292             :                     (errcode(ERRCODE_UNDEFINED_OBJECT),
    5293             :                      errmsg("role \"%s\" does not exist", "public")));
    5294             :             tuple = NULL;       /* make compiler happy */
    5295             :             break;
    5296             : 
    5297             :         default:
    5298           0 :             elog(ERROR, "unexpected role type %d", role->roletype);
    5299             :     }
    5300             : 
    5301         252 :     return tuple;
    5302             : }
    5303             : 
    5304             : /*
    5305             :  * Given a RoleSpec, returns a palloc'ed copy of the corresponding role's name.
    5306             :  */
    5307             : char *
    5308          12 : get_rolespec_name(const RoleSpec *role)
    5309             : {
    5310             :     HeapTuple   tp;
    5311             :     Form_pg_authid authForm;
    5312             :     char       *rolename;
    5313             : 
    5314          12 :     tp = get_rolespec_tuple(role);
    5315          12 :     authForm = (Form_pg_authid) GETSTRUCT(tp);
    5316          12 :     rolename = pstrdup(NameStr(authForm->rolname));
    5317          12 :     ReleaseSysCache(tp);
    5318             : 
    5319          12 :     return rolename;
    5320             : }
    5321             : 
    5322             : /*
    5323             :  * Given a RoleSpec, throw an error if the name is reserved, using detail_msg,
    5324             :  * if provided.
    5325             :  *
    5326             :  * If node is NULL, no error is thrown.  If detail_msg is NULL then no detail
    5327             :  * message is provided.
    5328             :  */
    5329             : void
    5330         258 : check_rolespec_name(const RoleSpec *role, const char *detail_msg)
    5331             : {
    5332         258 :     if (!role)
    5333           0 :         return;
    5334             : 
    5335         258 :     if (role->roletype != ROLESPEC_CSTRING)
    5336          38 :         return;
    5337             : 
    5338         220 :     if (IsReservedName(role->rolename))
    5339             :     {
    5340           0 :         if (detail_msg)
    5341           0 :             ereport(ERROR,
    5342             :                     (errcode(ERRCODE_RESERVED_NAME),
    5343             :                      errmsg("role name \"%s\" is reserved",
    5344             :                             role->rolename),
    5345             :                      errdetail("%s", detail_msg)));
    5346             :         else
    5347           0 :             ereport(ERROR,
    5348             :                     (errcode(ERRCODE_RESERVED_NAME),
    5349             :                      errmsg("role name \"%s\" is reserved",
    5350             :                             role->rolename)));
    5351             :     }
    5352             : }

Generated by: LCOV version 1.13