Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * acl.c
4 : * Basic access control list data structures manipulation routines.
5 : *
6 : * Portions Copyright (c) 1996-2019, PostgreSQL Global Development Group
7 : * Portions Copyright (c) 1994, Regents of the University of California
8 : *
9 : *
10 : * IDENTIFICATION
11 : * src/backend/utils/adt/acl.c
12 : *
13 : *-------------------------------------------------------------------------
14 : */
15 : #include "postgres.h"
16 :
17 : #include <ctype.h>
18 :
19 : #include "access/htup_details.h"
20 : #include "catalog/catalog.h"
21 : #include "catalog/namespace.h"
22 : #include "catalog/pg_authid.h"
23 : #include "catalog/pg_auth_members.h"
24 : #include "catalog/pg_type.h"
25 : #include "catalog/pg_class.h"
26 : #include "commands/dbcommands.h"
27 : #include "commands/proclang.h"
28 : #include "commands/tablespace.h"
29 : #include "foreign/foreign.h"
30 : #include "funcapi.h"
31 : #include "miscadmin.h"
32 : #include "utils/acl.h"
33 : #include "utils/array.h"
34 : #include "utils/builtins.h"
35 : #include "utils/catcache.h"
36 : #include "utils/hashutils.h"
37 : #include "utils/inval.h"
38 : #include "utils/lsyscache.h"
39 : #include "utils/memutils.h"
40 : #include "utils/syscache.h"
41 : #include "utils/varlena.h"
42 :
43 :
44 : typedef struct
45 : {
46 : const char *name;
47 : AclMode value;
48 : } priv_map;
49 :
50 : /*
51 : * We frequently need to test whether a given role is a member of some other
52 : * role. In most of these tests the "given role" is the same, namely the
53 : * active current user. So we can optimize it by keeping a cached list of
54 : * all the roles the "given role" is a member of, directly or indirectly.
55 : * The cache is flushed whenever we detect a change in pg_auth_members.
56 : *
57 : * There are actually two caches, one computed under "has_privs" rules
58 : * (do not recurse where rolinherit isn't true) and one computed under
59 : * "is_member" rules (recurse regardless of rolinherit).
60 : *
61 : * Possibly this mechanism should be generalized to allow caching membership
62 : * info for multiple roles?
63 : *
64 : * The has_privs cache is:
65 : * cached_privs_role is the role OID the cache is for.
66 : * cached_privs_roles is an OID list of roles that cached_privs_role
67 : * has the privileges of (always including itself).
68 : * The cache is valid if cached_privs_role is not InvalidOid.
69 : *
70 : * The is_member cache is similarly:
71 : * cached_member_role is the role OID the cache is for.
72 : * cached_membership_roles is an OID list of roles that cached_member_role
73 : * is a member of (always including itself).
74 : * The cache is valid if cached_member_role is not InvalidOid.
75 : */
76 : static Oid cached_privs_role = InvalidOid;
77 : static List *cached_privs_roles = NIL;
78 : static Oid cached_member_role = InvalidOid;
79 : static List *cached_membership_roles = NIL;
80 :
81 :
82 : static const char *getid(const char *s, char *n);
83 : static void putid(char *p, const char *s);
84 : static Acl *allocacl(int n);
85 : static void check_acl(const Acl *acl);
86 : static const char *aclparse(const char *s, AclItem *aip);
87 : static bool aclitem_match(const AclItem *a1, const AclItem *a2);
88 : static int aclitemComparator(const void *arg1, const void *arg2);
89 : static void check_circularity(const Acl *old_acl, const AclItem *mod_aip,
90 : Oid ownerId);
91 : static Acl *recursive_revoke(Acl *acl, Oid grantee, AclMode revoke_privs,
92 : Oid ownerId, DropBehavior behavior);
93 :
94 : static AclMode convert_priv_string(text *priv_type_text);
95 : static AclMode convert_any_priv_string(text *priv_type_text,
96 : const priv_map *privileges);
97 :
98 : static Oid convert_table_name(text *tablename);
99 : static AclMode convert_table_priv_string(text *priv_type_text);
100 : static AclMode convert_sequence_priv_string(text *priv_type_text);
101 : static AttrNumber convert_column_name(Oid tableoid, text *column);
102 : static AclMode convert_column_priv_string(text *priv_type_text);
103 : static Oid convert_database_name(text *databasename);
104 : static AclMode convert_database_priv_string(text *priv_type_text);
105 : static Oid convert_foreign_data_wrapper_name(text *fdwname);
106 : static AclMode convert_foreign_data_wrapper_priv_string(text *priv_type_text);
107 : static Oid convert_function_name(text *functionname);
108 : static AclMode convert_function_priv_string(text *priv_type_text);
109 : static Oid convert_language_name(text *languagename);
110 : static AclMode convert_language_priv_string(text *priv_type_text);
111 : static Oid convert_schema_name(text *schemaname);
112 : static AclMode convert_schema_priv_string(text *priv_type_text);
113 : static Oid convert_server_name(text *servername);
114 : static AclMode convert_server_priv_string(text *priv_type_text);
115 : static Oid convert_tablespace_name(text *tablespacename);
116 : static AclMode convert_tablespace_priv_string(text *priv_type_text);
117 : static Oid convert_type_name(text *typename);
118 : static AclMode convert_type_priv_string(text *priv_type_text);
119 : static AclMode convert_role_priv_string(text *priv_type_text);
120 : static AclResult pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode);
121 :
122 : static void RoleMembershipCacheCallback(Datum arg, int cacheid, uint32 hashvalue);
123 :
124 :
125 : /*
126 : * getid
127 : * Consumes the first alphanumeric string (identifier) found in string
128 : * 's', ignoring any leading white space. If it finds a double quote
129 : * it returns the word inside the quotes.
130 : *
131 : * RETURNS:
132 : * the string position in 's' that points to the next non-space character
133 : * in 's', after any quotes. Also:
134 : * - loads the identifier into 'n'. (If no identifier is found, 'n'
135 : * contains an empty string.) 'n' must be NAMEDATALEN bytes.
136 : */
137 : static const char *
138 640 : getid(const char *s, char *n)
139 : {
140 640 : int len = 0;
141 640 : bool in_quotes = false;
142 :
143 : Assert(s && n);
144 :
145 1280 : while (isspace((unsigned char) *s))
146 0 : s++;
147 : /* This code had better match what putid() does, below */
148 4480 : for (;
149 7360 : *s != '\0' &&
150 4482 : (isalnum((unsigned char) *s) ||
151 1922 : *s == '_' ||
152 1280 : *s == '"' ||
153 : in_quotes);
154 3200 : s++)
155 : {
156 3200 : if (*s == '"')
157 : {
158 : /* safe to look at next char (could be '\0' though) */
159 640 : if (*(s + 1) != '"')
160 : {
161 640 : in_quotes = !in_quotes;
162 640 : continue;
163 : }
164 : /* it's an escaped double quote; skip the escaping char */
165 0 : s++;
166 : }
167 :
168 : /* Add the character to the string */
169 2560 : if (len >= NAMEDATALEN - 1)
170 0 : ereport(ERROR,
171 : (errcode(ERRCODE_NAME_TOO_LONG),
172 : errmsg("identifier too long"),
173 : errdetail("Identifier must be less than %d characters.",
174 : NAMEDATALEN)));
175 :
176 2560 : n[len++] = *s;
177 : }
178 640 : n[len] = '\0';
179 1280 : while (isspace((unsigned char) *s))
180 0 : s++;
181 640 : return s;
182 : }
183 :
184 : /*
185 : * Write a role name at *p, adding double quotes if needed.
186 : * There must be at least (2*NAMEDATALEN)+2 bytes available at *p.
187 : * This needs to be kept in sync with copyAclUserName in pg_dump/dumputils.c
188 : */
189 : static void
190 14202 : putid(char *p, const char *s)
191 : {
192 : const char *src;
193 14202 : bool safe = true;
194 :
195 159922 : for (src = s; *src; src++)
196 : {
197 : /* This test had better match what getid() does, above */
198 145720 : if (!isalnum((unsigned char) *src) && *src != '_')
199 : {
200 0 : safe = false;
201 0 : break;
202 : }
203 : }
204 14202 : if (!safe)
205 0 : *p++ = '"';
206 159922 : for (src = s; *src; src++)
207 : {
208 : /* A double quote character in a username is encoded as "" */
209 145720 : if (*src == '"')
210 0 : *p++ = '"';
211 145720 : *p++ = *src;
212 : }
213 14202 : if (!safe)
214 0 : *p++ = '"';
215 14202 : *p = '\0';
216 14202 : }
217 :
218 : /*
219 : * aclparse
220 : * Consumes and parses an ACL specification of the form:
221 : * [group|user] [A-Za-z0-9]*=[rwaR]*
222 : * from string 's', ignoring any leading white space or white space
223 : * between the optional id type keyword (group|user) and the actual
224 : * ACL specification.
225 : *
226 : * The group|user decoration is unnecessary in the roles world,
227 : * but we still accept it for backward compatibility.
228 : *
229 : * This routine is called by the parser as well as aclitemin(), hence
230 : * the added generality.
231 : *
232 : * RETURNS:
233 : * the string position in 's' immediately following the ACL
234 : * specification. Also:
235 : * - loads the structure pointed to by 'aip' with the appropriate
236 : * UID/GID, id type identifier and mode type values.
237 : */
238 : static const char *
239 320 : aclparse(const char *s, AclItem *aip)
240 : {
241 : AclMode privs,
242 : goption,
243 : read;
244 : char name[NAMEDATALEN];
245 : char name2[NAMEDATALEN];
246 :
247 : Assert(s && aip);
248 :
249 : #ifdef ACLDEBUG
250 : elog(LOG, "aclparse: input = \"%s\"", s);
251 : #endif
252 320 : s = getid(s, name);
253 320 : if (*s != '=')
254 : {
255 : /* we just read a keyword, not a name */
256 0 : if (strcmp(name, "group") != 0 && strcmp(name, "user") != 0)
257 0 : ereport(ERROR,
258 : (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
259 : errmsg("unrecognized key word: \"%s\"", name),
260 : errhint("ACL key word must be \"group\" or \"user\".")));
261 0 : s = getid(s, name); /* move s to the name beyond the keyword */
262 0 : if (name[0] == '\0')
263 0 : ereport(ERROR,
264 : (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
265 : errmsg("missing name"),
266 : errhint("A name must follow the \"group\" or \"user\" key word.")));
267 : }
268 :
269 320 : if (*s != '=')
270 0 : ereport(ERROR,
271 : (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
272 : errmsg("missing \"=\" sign")));
273 :
274 320 : privs = goption = ACL_NO_RIGHTS;
275 :
276 640 : for (++s, read = 0; isalpha((unsigned char) *s) || *s == '*'; s++)
277 : {
278 320 : switch (*s)
279 : {
280 : case '*':
281 0 : goption |= read;
282 0 : break;
283 : case ACL_INSERT_CHR:
284 0 : read = ACL_INSERT;
285 0 : break;
286 : case ACL_SELECT_CHR:
287 320 : read = ACL_SELECT;
288 320 : break;
289 : case ACL_UPDATE_CHR:
290 0 : read = ACL_UPDATE;
291 0 : break;
292 : case ACL_DELETE_CHR:
293 0 : read = ACL_DELETE;
294 0 : break;
295 : case ACL_TRUNCATE_CHR:
296 0 : read = ACL_TRUNCATE;
297 0 : break;
298 : case ACL_REFERENCES_CHR:
299 0 : read = ACL_REFERENCES;
300 0 : break;
301 : case ACL_TRIGGER_CHR:
302 0 : read = ACL_TRIGGER;
303 0 : break;
304 : case ACL_EXECUTE_CHR:
305 0 : read = ACL_EXECUTE;
306 0 : break;
307 : case ACL_USAGE_CHR:
308 0 : read = ACL_USAGE;
309 0 : break;
310 : case ACL_CREATE_CHR:
311 0 : read = ACL_CREATE;
312 0 : break;
313 : case ACL_CREATE_TEMP_CHR:
314 0 : read = ACL_CREATE_TEMP;
315 0 : break;
316 : case ACL_CONNECT_CHR:
317 0 : read = ACL_CONNECT;
318 0 : break;
319 : case 'R': /* ignore old RULE privileges */
320 0 : read = 0;
321 0 : break;
322 : default:
323 0 : ereport(ERROR,
324 : (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
325 : errmsg("invalid mode character: must be one of \"%s\"",
326 : ACL_ALL_RIGHTS_STR)));
327 : }
328 :
329 320 : privs |= read;
330 : }
331 :
332 320 : if (name[0] == '\0')
333 320 : aip->ai_grantee = ACL_ID_PUBLIC;
334 : else
335 0 : aip->ai_grantee = get_role_oid(name, false);
336 :
337 : /*
338 : * XXX Allow a degree of backward compatibility by defaulting the grantor
339 : * to the superuser.
340 : */
341 320 : if (*s == '/')
342 : {
343 320 : s = getid(s + 1, name2);
344 320 : if (name2[0] == '\0')
345 0 : ereport(ERROR,
346 : (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
347 : errmsg("a name must follow the \"/\" sign")));
348 320 : aip->ai_grantor = get_role_oid(name2, false);
349 : }
350 : else
351 : {
352 0 : aip->ai_grantor = BOOTSTRAP_SUPERUSERID;
353 0 : ereport(WARNING,
354 : (errcode(ERRCODE_INVALID_GRANTOR),
355 : errmsg("defaulting grantor to user ID %u",
356 : BOOTSTRAP_SUPERUSERID)));
357 : }
358 :
359 320 : ACLITEM_SET_PRIVS_GOPTIONS(*aip, privs, goption);
360 :
361 : #ifdef ACLDEBUG
362 : elog(LOG, "aclparse: correctly read [%u %x %x]",
363 : aip->ai_grantee, privs, goption);
364 : #endif
365 :
366 320 : return s;
367 : }
368 :
369 : /*
370 : * allocacl
371 : * Allocates storage for a new Acl with 'n' entries.
372 : *
373 : * RETURNS:
374 : * the new Acl
375 : */
376 : static Acl *
377 1488548 : allocacl(int n)
378 : {
379 : Acl *new_acl;
380 : Size size;
381 :
382 1488548 : if (n < 0)
383 0 : elog(ERROR, "invalid size: %d", n);
384 1488548 : size = ACL_N_SIZE(n);
385 1488548 : new_acl = (Acl *) palloc0(size);
386 1488548 : SET_VARSIZE(new_acl, size);
387 1488548 : new_acl->ndim = 1;
388 1488548 : new_acl->dataoffset = 0; /* we never put in any nulls */
389 1488548 : new_acl->elemtype = ACLITEMOID;
390 1488548 : ARR_LBOUND(new_acl)[0] = 1;
391 1488548 : ARR_DIMS(new_acl)[0] = n;
392 1488548 : return new_acl;
393 : }
394 :
395 : /*
396 : * Create a zero-entry ACL
397 : */
398 : Acl *
399 36 : make_empty_acl(void)
400 : {
401 36 : return allocacl(0);
402 : }
403 :
404 : /*
405 : * Copy an ACL
406 : */
407 : Acl *
408 24720 : aclcopy(const Acl *orig_acl)
409 : {
410 : Acl *result_acl;
411 :
412 24720 : result_acl = allocacl(ACL_NUM(orig_acl));
413 :
414 49440 : memcpy(ACL_DAT(result_acl),
415 24720 : ACL_DAT(orig_acl),
416 24720 : ACL_NUM(orig_acl) * sizeof(AclItem));
417 :
418 24720 : return result_acl;
419 : }
420 :
421 : /*
422 : * Concatenate two ACLs
423 : *
424 : * This is a bit cheesy, since we may produce an ACL with redundant entries.
425 : * Be careful what the result is used for!
426 : */
427 : Acl *
428 45258 : aclconcat(const Acl *left_acl, const Acl *right_acl)
429 : {
430 : Acl *result_acl;
431 :
432 45258 : result_acl = allocacl(ACL_NUM(left_acl) + ACL_NUM(right_acl));
433 :
434 90516 : memcpy(ACL_DAT(result_acl),
435 45258 : ACL_DAT(left_acl),
436 45258 : ACL_NUM(left_acl) * sizeof(AclItem));
437 :
438 90516 : memcpy(ACL_DAT(result_acl) + ACL_NUM(left_acl),
439 45258 : ACL_DAT(right_acl),
440 45258 : ACL_NUM(right_acl) * sizeof(AclItem));
441 :
442 45258 : return result_acl;
443 : }
444 :
445 : /*
446 : * Merge two ACLs
447 : *
448 : * This produces a properly merged ACL with no redundant entries.
449 : * Returns NULL on NULL input.
450 : */
451 : Acl *
452 92 : aclmerge(const Acl *left_acl, const Acl *right_acl, Oid ownerId)
453 : {
454 : Acl *result_acl;
455 : AclItem *aip;
456 : int i,
457 : num;
458 :
459 : /* Check for cases where one or both are empty/null */
460 92 : if (left_acl == NULL || ACL_NUM(left_acl) == 0)
461 : {
462 0 : if (right_acl == NULL || ACL_NUM(right_acl) == 0)
463 0 : return NULL;
464 : else
465 0 : return aclcopy(right_acl);
466 : }
467 : else
468 : {
469 92 : if (right_acl == NULL || ACL_NUM(right_acl) == 0)
470 56 : return aclcopy(left_acl);
471 : }
472 :
473 : /* Merge them the hard way, one item at a time */
474 36 : result_acl = aclcopy(left_acl);
475 :
476 36 : aip = ACL_DAT(right_acl);
477 36 : num = ACL_NUM(right_acl);
478 :
479 84 : for (i = 0; i < num; i++, aip++)
480 : {
481 : Acl *tmp_acl;
482 :
483 48 : tmp_acl = aclupdate(result_acl, aip, ACL_MODECHG_ADD,
484 : ownerId, DROP_RESTRICT);
485 48 : pfree(result_acl);
486 48 : result_acl = tmp_acl;
487 : }
488 :
489 36 : return result_acl;
490 : }
491 :
492 : /*
493 : * Sort the items in an ACL (into an arbitrary but consistent order)
494 : */
495 : void
496 336 : aclitemsort(Acl *acl)
497 : {
498 336 : if (acl != NULL && ACL_NUM(acl) > 1)
499 90 : qsort(ACL_DAT(acl), ACL_NUM(acl), sizeof(AclItem), aclitemComparator);
500 336 : }
501 :
502 : /*
503 : * Check if two ACLs are exactly equal
504 : *
505 : * This will not detect equality if the two arrays contain the same items
506 : * in different orders. To handle that case, sort both inputs first,
507 : * using aclitemsort().
508 : */
509 : bool
510 168 : aclequal(const Acl *left_acl, const Acl *right_acl)
511 : {
512 : /* Check for cases where one or both are empty/null */
513 168 : if (left_acl == NULL || ACL_NUM(left_acl) == 0)
514 : {
515 2 : if (right_acl == NULL || ACL_NUM(right_acl) == 0)
516 2 : return true;
517 : else
518 0 : return false;
519 : }
520 : else
521 : {
522 166 : if (right_acl == NULL || ACL_NUM(right_acl) == 0)
523 30 : return false;
524 : }
525 :
526 136 : if (ACL_NUM(left_acl) != ACL_NUM(right_acl))
527 54 : return false;
528 :
529 164 : if (memcmp(ACL_DAT(left_acl),
530 82 : ACL_DAT(right_acl),
531 82 : ACL_NUM(left_acl) * sizeof(AclItem)) == 0)
532 28 : return true;
533 :
534 54 : return false;
535 : }
536 :
537 : /*
538 : * Verify that an ACL array is acceptable (one-dimensional and has no nulls)
539 : */
540 : static void
541 166920 : check_acl(const Acl *acl)
542 : {
543 166920 : if (ARR_ELEMTYPE(acl) != ACLITEMOID)
544 0 : ereport(ERROR,
545 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
546 : errmsg("ACL array contains wrong data type")));
547 166920 : if (ARR_NDIM(acl) != 1)
548 0 : ereport(ERROR,
549 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
550 : errmsg("ACL arrays must be one-dimensional")));
551 166920 : if (ARR_HASNULL(acl))
552 0 : ereport(ERROR,
553 : (errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED),
554 : errmsg("ACL arrays must not contain null values")));
555 166920 : }
556 :
557 : /*
558 : * aclitemin
559 : * Allocates storage for, and fills in, a new AclItem given a string
560 : * 's' that contains an ACL specification. See aclparse for details.
561 : *
562 : * RETURNS:
563 : * the new AclItem
564 : */
565 : Datum
566 320 : aclitemin(PG_FUNCTION_ARGS)
567 : {
568 320 : const char *s = PG_GETARG_CSTRING(0);
569 : AclItem *aip;
570 :
571 320 : aip = (AclItem *) palloc(sizeof(AclItem));
572 320 : s = aclparse(s, aip);
573 640 : while (isspace((unsigned char) *s))
574 0 : ++s;
575 320 : if (*s)
576 0 : ereport(ERROR,
577 : (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
578 : errmsg("extra garbage at the end of the ACL specification")));
579 :
580 320 : PG_RETURN_ACLITEM_P(aip);
581 : }
582 :
583 : /*
584 : * aclitemout
585 : * Allocates storage for, and fills in, a new null-delimited string
586 : * containing a formatted ACL specification. See aclparse for details.
587 : *
588 : * RETURNS:
589 : * the new string
590 : */
591 : Datum
592 12858 : aclitemout(PG_FUNCTION_ARGS)
593 : {
594 12858 : AclItem *aip = PG_GETARG_ACLITEM_P(0);
595 : char *p;
596 : char *out;
597 : HeapTuple htup;
598 : unsigned i;
599 :
600 12858 : out = palloc(strlen("=/") +
601 : 2 * N_ACL_RIGHTS +
602 : 2 * (2 * NAMEDATALEN + 2) +
603 : 1);
604 :
605 12858 : p = out;
606 12858 : *p = '\0';
607 :
608 12858 : if (aip->ai_grantee != ACL_ID_PUBLIC)
609 : {
610 1344 : htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantee));
611 1344 : if (HeapTupleIsValid(htup))
612 : {
613 1344 : putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
614 1344 : ReleaseSysCache(htup);
615 : }
616 : else
617 : {
618 : /* Generate numeric OID if we don't find an entry */
619 0 : sprintf(p, "%u", aip->ai_grantee);
620 : }
621 : }
622 53888 : while (*p)
623 28172 : ++p;
624 :
625 12858 : *p++ = '=';
626 :
627 167154 : for (i = 0; i < N_ACL_RIGHTS; ++i)
628 : {
629 154296 : if (ACLITEM_GET_PRIVS(*aip) & (1 << i))
630 14276 : *p++ = ACL_ALL_RIGHTS_STR[i];
631 154296 : if (ACLITEM_GET_GOPTIONS(*aip) & (1 << i))
632 80 : *p++ = '*';
633 : }
634 :
635 12858 : *p++ = '/';
636 12858 : *p = '\0';
637 :
638 12858 : htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantor));
639 12858 : if (HeapTupleIsValid(htup))
640 : {
641 12858 : putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
642 12858 : ReleaseSysCache(htup);
643 : }
644 : else
645 : {
646 : /* Generate numeric OID if we don't find an entry */
647 0 : sprintf(p, "%u", aip->ai_grantor);
648 : }
649 :
650 12858 : PG_RETURN_CSTRING(out);
651 : }
652 :
653 : /*
654 : * aclitem_match
655 : * Two AclItems are considered to match iff they have the same
656 : * grantee and grantor; the privileges are ignored.
657 : */
658 : static bool
659 41100 : aclitem_match(const AclItem *a1, const AclItem *a2)
660 : {
661 54558 : return a1->ai_grantee == a2->ai_grantee &&
662 13458 : a1->ai_grantor == a2->ai_grantor;
663 : }
664 :
665 : /*
666 : * aclitemComparator
667 : * qsort comparison function for AclItems
668 : */
669 : static int
670 94 : aclitemComparator(const void *arg1, const void *arg2)
671 : {
672 94 : const AclItem *a1 = (const AclItem *) arg1;
673 94 : const AclItem *a2 = (const AclItem *) arg2;
674 :
675 94 : if (a1->ai_grantee > a2->ai_grantee)
676 28 : return 1;
677 66 : if (a1->ai_grantee < a2->ai_grantee)
678 66 : return -1;
679 0 : if (a1->ai_grantor > a2->ai_grantor)
680 0 : return 1;
681 0 : if (a1->ai_grantor < a2->ai_grantor)
682 0 : return -1;
683 0 : if (a1->ai_privs > a2->ai_privs)
684 0 : return 1;
685 0 : if (a1->ai_privs < a2->ai_privs)
686 0 : return -1;
687 0 : return 0;
688 : }
689 :
690 : /*
691 : * aclitem equality operator
692 : */
693 : Datum
694 742216 : aclitem_eq(PG_FUNCTION_ARGS)
695 : {
696 742216 : AclItem *a1 = PG_GETARG_ACLITEM_P(0);
697 742216 : AclItem *a2 = PG_GETARG_ACLITEM_P(1);
698 : bool result;
699 :
700 2209544 : result = a1->ai_privs == a2->ai_privs &&
701 1467256 : a1->ai_grantee == a2->ai_grantee &&
702 725040 : a1->ai_grantor == a2->ai_grantor;
703 742216 : PG_RETURN_BOOL(result);
704 : }
705 :
706 : /*
707 : * aclitem hash function
708 : *
709 : * We make aclitems hashable not so much because anyone is likely to hash
710 : * them, as because we want array equality to work on aclitem arrays, and
711 : * with the typcache mechanism we must have a hash or btree opclass.
712 : */
713 : Datum
714 979050 : hash_aclitem(PG_FUNCTION_ARGS)
715 : {
716 979050 : AclItem *a = PG_GETARG_ACLITEM_P(0);
717 :
718 : /* not very bright, but avoids any issue of padding in struct */
719 979050 : PG_RETURN_UINT32((uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor));
720 : }
721 :
722 : /*
723 : * 64-bit hash function for aclitem.
724 : *
725 : * Similar to hash_aclitem, but accepts a seed and returns a uint64 value.
726 : */
727 : Datum
728 8 : hash_aclitem_extended(PG_FUNCTION_ARGS)
729 : {
730 8 : AclItem *a = PG_GETARG_ACLITEM_P(0);
731 8 : uint64 seed = PG_GETARG_INT64(1);
732 8 : uint32 sum = (uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor);
733 :
734 8 : return (seed == 0) ? UInt64GetDatum(sum) : hash_uint32_extended(sum, seed);
735 : }
736 :
737 : /*
738 : * acldefault() --- create an ACL describing default access permissions
739 : *
740 : * Change this routine if you want to alter the default access policy for
741 : * newly-created objects (or any object with a NULL acl entry). When
742 : * you make a change here, don't forget to update the GRANT man page,
743 : * which explains all the default permissions.
744 : *
745 : * Note that these are the hard-wired "defaults" that are used in the
746 : * absence of any pg_default_acl entry.
747 : */
748 : Acl *
749 1333228 : acldefault(ObjectType objtype, Oid ownerId)
750 : {
751 : AclMode world_default;
752 : AclMode owner_default;
753 : int nacl;
754 : Acl *acl;
755 : AclItem *aip;
756 :
757 1333228 : switch (objtype)
758 : {
759 : case OBJECT_COLUMN:
760 : /* by default, columns have no extra privileges */
761 868966 : world_default = ACL_NO_RIGHTS;
762 868966 : owner_default = ACL_NO_RIGHTS;
763 868966 : break;
764 : case OBJECT_TABLE:
765 106348 : world_default = ACL_NO_RIGHTS;
766 106348 : owner_default = ACL_ALL_RIGHTS_RELATION;
767 106348 : break;
768 : case OBJECT_SEQUENCE:
769 1910 : world_default = ACL_NO_RIGHTS;
770 1910 : owner_default = ACL_ALL_RIGHTS_SEQUENCE;
771 1910 : break;
772 : case OBJECT_DATABASE:
773 : /* for backwards compatibility, grant some rights by default */
774 1112 : world_default = ACL_CREATE_TEMP | ACL_CONNECT;
775 1112 : owner_default = ACL_ALL_RIGHTS_DATABASE;
776 1112 : break;
777 : case OBJECT_FUNCTION:
778 : /* Grant EXECUTE by default, for now */
779 40526 : world_default = ACL_EXECUTE;
780 40526 : owner_default = ACL_ALL_RIGHTS_FUNCTION;
781 40526 : break;
782 : case OBJECT_LANGUAGE:
783 : /* Grant USAGE by default, for now */
784 798 : world_default = ACL_USAGE;
785 798 : owner_default = ACL_ALL_RIGHTS_LANGUAGE;
786 798 : break;
787 : case OBJECT_LARGEOBJECT:
788 210 : world_default = ACL_NO_RIGHTS;
789 210 : owner_default = ACL_ALL_RIGHTS_LARGEOBJECT;
790 210 : break;
791 : case OBJECT_SCHEMA:
792 4432 : world_default = ACL_NO_RIGHTS;
793 4432 : owner_default = ACL_ALL_RIGHTS_SCHEMA;
794 4432 : break;
795 : case OBJECT_TABLESPACE:
796 4 : world_default = ACL_NO_RIGHTS;
797 4 : owner_default = ACL_ALL_RIGHTS_TABLESPACE;
798 4 : break;
799 : case OBJECT_FDW:
800 158 : world_default = ACL_NO_RIGHTS;
801 158 : owner_default = ACL_ALL_RIGHTS_FDW;
802 158 : break;
803 : case OBJECT_FOREIGN_SERVER:
804 234 : world_default = ACL_NO_RIGHTS;
805 234 : owner_default = ACL_ALL_RIGHTS_FOREIGN_SERVER;
806 234 : break;
807 : case OBJECT_DOMAIN:
808 : case OBJECT_TYPE:
809 308530 : world_default = ACL_USAGE;
810 308530 : owner_default = ACL_ALL_RIGHTS_TYPE;
811 308530 : break;
812 : default:
813 0 : elog(ERROR, "unrecognized objtype: %d", (int) objtype);
814 : world_default = ACL_NO_RIGHTS; /* keep compiler quiet */
815 : owner_default = ACL_NO_RIGHTS;
816 : break;
817 : }
818 :
819 1333228 : nacl = 0;
820 1333228 : if (world_default != ACL_NO_RIGHTS)
821 350966 : nacl++;
822 1333228 : if (owner_default != ACL_NO_RIGHTS)
823 464262 : nacl++;
824 :
825 1333228 : acl = allocacl(nacl);
826 1333228 : aip = ACL_DAT(acl);
827 :
828 1333228 : if (world_default != ACL_NO_RIGHTS)
829 : {
830 350966 : aip->ai_grantee = ACL_ID_PUBLIC;
831 350966 : aip->ai_grantor = ownerId;
832 350966 : ACLITEM_SET_PRIVS_GOPTIONS(*aip, world_default, ACL_NO_RIGHTS);
833 350966 : aip++;
834 : }
835 :
836 : /*
837 : * Note that the owner's entry shows all ordinary privileges but no grant
838 : * options. This is because his grant options come "from the system" and
839 : * not from his own efforts. (The SQL spec says that the owner's rights
840 : * come from a "_SYSTEM" authid.) However, we do consider that the
841 : * owner's ordinary privileges are self-granted; this lets him revoke
842 : * them. We implement the owner's grant options without any explicit
843 : * "_SYSTEM"-like ACL entry, by internally special-casing the owner
844 : * wherever we are testing grant options.
845 : */
846 1333228 : if (owner_default != ACL_NO_RIGHTS)
847 : {
848 464262 : aip->ai_grantee = ownerId;
849 464262 : aip->ai_grantor = ownerId;
850 464262 : ACLITEM_SET_PRIVS_GOPTIONS(*aip, owner_default, ACL_NO_RIGHTS);
851 : }
852 :
853 1333228 : return acl;
854 : }
855 :
856 :
857 : /*
858 : * SQL-accessible version of acldefault(). Hackish mapping from "char" type to
859 : * OBJECT_* values.
860 : */
861 : Datum
862 1234372 : acldefault_sql(PG_FUNCTION_ARGS)
863 : {
864 1234372 : char objtypec = PG_GETARG_CHAR(0);
865 1234372 : Oid owner = PG_GETARG_OID(1);
866 1234372 : ObjectType objtype = 0;
867 :
868 1234372 : switch (objtypec)
869 : {
870 : case 'c':
871 823808 : objtype = OBJECT_COLUMN;
872 823808 : break;
873 : case 'r':
874 81136 : objtype = OBJECT_TABLE;
875 81136 : break;
876 : case 's':
877 1832 : objtype = OBJECT_SEQUENCE;
878 1832 : break;
879 : case 'd':
880 256 : objtype = OBJECT_DATABASE;
881 256 : break;
882 : case 'f':
883 16304 : objtype = OBJECT_FUNCTION;
884 16304 : break;
885 : case 'l':
886 740 : objtype = OBJECT_LANGUAGE;
887 740 : break;
888 : case 'L':
889 160 : objtype = OBJECT_LARGEOBJECT;
890 160 : break;
891 : case 'n':
892 3268 : objtype = OBJECT_SCHEMA;
893 3268 : break;
894 : case 't':
895 0 : objtype = OBJECT_TABLESPACE;
896 0 : break;
897 : case 'F':
898 140 : objtype = OBJECT_FDW;
899 140 : break;
900 : case 'S':
901 140 : objtype = OBJECT_FOREIGN_SERVER;
902 140 : break;
903 : case 'T':
904 306588 : objtype = OBJECT_TYPE;
905 306588 : break;
906 : default:
907 0 : elog(ERROR, "unrecognized objtype abbreviation: %c", objtypec);
908 : }
909 :
910 1234372 : PG_RETURN_ACL_P(acldefault(objtype, owner));
911 : }
912 :
913 :
914 : /*
915 : * Update an ACL array to add or remove specified privileges.
916 : *
917 : * old_acl: the input ACL array
918 : * mod_aip: defines the privileges to be added, removed, or substituted
919 : * modechg: ACL_MODECHG_ADD, ACL_MODECHG_DEL, or ACL_MODECHG_EQL
920 : * ownerId: Oid of object owner
921 : * behavior: RESTRICT or CASCADE behavior for recursive removal
922 : *
923 : * ownerid and behavior are only relevant when the update operation specifies
924 : * deletion of grant options.
925 : *
926 : * The result is a modified copy; the input object is not changed.
927 : *
928 : * NB: caller is responsible for having detoasted the input ACL, if needed.
929 : */
930 : Acl *
931 85276 : aclupdate(const Acl *old_acl, const AclItem *mod_aip,
932 : int modechg, Oid ownerId, DropBehavior behavior)
933 : {
934 85276 : Acl *new_acl = NULL;
935 : AclItem *old_aip,
936 85276 : *new_aip = NULL;
937 : AclMode old_rights,
938 : old_goptions,
939 : new_rights,
940 : new_goptions;
941 : int dst,
942 : num;
943 :
944 : /* Caller probably already checked old_acl, but be safe */
945 85276 : check_acl(old_acl);
946 :
947 : /* If granting grant options, check for circularity */
948 110986 : if (modechg != ACL_MODECHG_DEL &&
949 25710 : ACLITEM_GET_GOPTIONS(*mod_aip) != ACL_NO_RIGHTS)
950 40 : check_circularity(old_acl, mod_aip, ownerId);
951 :
952 85276 : num = ACL_NUM(old_acl);
953 85276 : old_aip = ACL_DAT(old_acl);
954 :
955 : /*
956 : * Search the ACL for an existing entry for this grantee and grantor. If
957 : * one exists, just modify the entry in-place (well, in the same position,
958 : * since we actually return a copy); otherwise, insert the new entry at
959 : * the end.
960 : */
961 :
962 112934 : for (dst = 0; dst < num; ++dst)
963 : {
964 41094 : if (aclitem_match(mod_aip, old_aip + dst))
965 : {
966 : /* found a match, so modify existing item */
967 13436 : new_acl = allocacl(num);
968 13436 : new_aip = ACL_DAT(new_acl);
969 13436 : memcpy(new_acl, old_acl, ACL_SIZE(old_acl));
970 13436 : break;
971 : }
972 : }
973 :
974 85276 : if (dst == num)
975 : {
976 : /* need to append a new item */
977 71840 : new_acl = allocacl(num + 1);
978 71840 : new_aip = ACL_DAT(new_acl);
979 71840 : memcpy(new_aip, old_aip, num * sizeof(AclItem));
980 :
981 : /* initialize the new entry with no permissions */
982 71840 : new_aip[dst].ai_grantee = mod_aip->ai_grantee;
983 71840 : new_aip[dst].ai_grantor = mod_aip->ai_grantor;
984 71840 : ACLITEM_SET_PRIVS_GOPTIONS(new_aip[dst],
985 : ACL_NO_RIGHTS, ACL_NO_RIGHTS);
986 71840 : num++; /* set num to the size of new_acl */
987 : }
988 :
989 85276 : old_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
990 85276 : old_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
991 :
992 : /* apply the specified permissions change */
993 85276 : switch (modechg)
994 : {
995 : case ACL_MODECHG_ADD:
996 25710 : ACLITEM_SET_RIGHTS(new_aip[dst],
997 : old_rights | ACLITEM_GET_RIGHTS(*mod_aip));
998 25710 : break;
999 : case ACL_MODECHG_DEL:
1000 59566 : ACLITEM_SET_RIGHTS(new_aip[dst],
1001 : old_rights & ~ACLITEM_GET_RIGHTS(*mod_aip));
1002 59566 : break;
1003 : case ACL_MODECHG_EQL:
1004 0 : ACLITEM_SET_RIGHTS(new_aip[dst],
1005 : ACLITEM_GET_RIGHTS(*mod_aip));
1006 0 : break;
1007 : }
1008 :
1009 85276 : new_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
1010 85276 : new_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);
1011 :
1012 : /*
1013 : * If the adjusted entry has no permissions, delete it from the list.
1014 : */
1015 85276 : if (new_rights == ACL_NO_RIGHTS)
1016 : {
1017 176664 : memmove(new_aip + dst,
1018 117776 : new_aip + dst + 1,
1019 58888 : (num - dst - 1) * sizeof(AclItem));
1020 : /* Adjust array size to be 'num - 1' items */
1021 58888 : ARR_DIMS(new_acl)[0] = num - 1;
1022 58888 : SET_VARSIZE(new_acl, ACL_N_SIZE(num - 1));
1023 : }
1024 :
1025 : /*
1026 : * Remove abandoned privileges (cascading revoke). Currently we can only
1027 : * handle this when the grantee is not PUBLIC.
1028 : */
1029 85276 : if ((old_goptions & ~new_goptions) != 0)
1030 : {
1031 : Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1032 40 : new_acl = recursive_revoke(new_acl, mod_aip->ai_grantee,
1033 40 : (old_goptions & ~new_goptions),
1034 : ownerId, behavior);
1035 : }
1036 :
1037 85268 : return new_acl;
1038 : }
1039 :
1040 : /*
1041 : * Update an ACL array to reflect a change of owner to the parent object
1042 : *
1043 : * old_acl: the input ACL array (must not be NULL)
1044 : * oldOwnerId: Oid of the old object owner
1045 : * newOwnerId: Oid of the new object owner
1046 : *
1047 : * The result is a modified copy; the input object is not changed.
1048 : *
1049 : * NB: caller is responsible for having detoasted the input ACL, if needed.
1050 : */
1051 : Acl *
1052 22 : aclnewowner(const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)
1053 : {
1054 : Acl *new_acl;
1055 : AclItem *new_aip;
1056 : AclItem *old_aip;
1057 : AclItem *dst_aip;
1058 : AclItem *src_aip;
1059 : AclItem *targ_aip;
1060 22 : bool newpresent = false;
1061 : int dst,
1062 : src,
1063 : targ,
1064 : num;
1065 :
1066 22 : check_acl(old_acl);
1067 :
1068 : /*
1069 : * Make a copy of the given ACL, substituting new owner ID for old
1070 : * wherever it appears as either grantor or grantee. Also note if the new
1071 : * owner ID is already present.
1072 : */
1073 22 : num = ACL_NUM(old_acl);
1074 22 : old_aip = ACL_DAT(old_acl);
1075 22 : new_acl = allocacl(num);
1076 22 : new_aip = ACL_DAT(new_acl);
1077 22 : memcpy(new_aip, old_aip, num * sizeof(AclItem));
1078 58 : for (dst = 0, dst_aip = new_aip; dst < num; dst++, dst_aip++)
1079 : {
1080 36 : if (dst_aip->ai_grantor == oldOwnerId)
1081 36 : dst_aip->ai_grantor = newOwnerId;
1082 0 : else if (dst_aip->ai_grantor == newOwnerId)
1083 0 : newpresent = true;
1084 36 : if (dst_aip->ai_grantee == oldOwnerId)
1085 22 : dst_aip->ai_grantee = newOwnerId;
1086 14 : else if (dst_aip->ai_grantee == newOwnerId)
1087 6 : newpresent = true;
1088 : }
1089 :
1090 : /*
1091 : * If the old ACL contained any references to the new owner, then we may
1092 : * now have generated an ACL containing duplicate entries. Find them and
1093 : * merge them so that there are not duplicates. (This is relatively
1094 : * expensive since we use a stupid O(N^2) algorithm, but it's unlikely to
1095 : * be the normal case.)
1096 : *
1097 : * To simplify deletion of duplicate entries, we temporarily leave them in
1098 : * the array but set their privilege masks to zero; when we reach such an
1099 : * entry it's just skipped. (Thus, a side effect of this code will be to
1100 : * remove privilege-free entries, should there be any in the input.) dst
1101 : * is the next output slot, targ is the currently considered input slot
1102 : * (always >= dst), and src scans entries to the right of targ looking for
1103 : * duplicates. Once an entry has been emitted to dst it is known
1104 : * duplicate-free and need not be considered anymore.
1105 : */
1106 22 : if (newpresent)
1107 : {
1108 6 : dst = 0;
1109 18 : for (targ = 0, targ_aip = new_aip; targ < num; targ++, targ_aip++)
1110 : {
1111 : /* ignore if deleted in an earlier pass */
1112 12 : if (ACLITEM_GET_RIGHTS(*targ_aip) == ACL_NO_RIGHTS)
1113 6 : continue;
1114 : /* find and merge any duplicates */
1115 18 : for (src = targ + 1, src_aip = targ_aip + 1; src < num;
1116 6 : src++, src_aip++)
1117 : {
1118 6 : if (ACLITEM_GET_RIGHTS(*src_aip) == ACL_NO_RIGHTS)
1119 0 : continue;
1120 6 : if (aclitem_match(targ_aip, src_aip))
1121 : {
1122 6 : ACLITEM_SET_RIGHTS(*targ_aip,
1123 : ACLITEM_GET_RIGHTS(*targ_aip) |
1124 : ACLITEM_GET_RIGHTS(*src_aip));
1125 : /* mark the duplicate deleted */
1126 6 : ACLITEM_SET_RIGHTS(*src_aip, ACL_NO_RIGHTS);
1127 : }
1128 : }
1129 : /* and emit to output */
1130 6 : new_aip[dst] = *targ_aip;
1131 6 : dst++;
1132 : }
1133 : /* Adjust array size to be 'dst' items */
1134 6 : ARR_DIMS(new_acl)[0] = dst;
1135 6 : SET_VARSIZE(new_acl, ACL_N_SIZE(dst));
1136 : }
1137 :
1138 22 : return new_acl;
1139 : }
1140 :
1141 :
1142 : /*
1143 : * When granting grant options, we must disallow attempts to set up circular
1144 : * chains of grant options. Suppose A (the object owner) grants B some
1145 : * privileges with grant option, and B re-grants them to C. If C could
1146 : * grant the privileges to B as well, then A would be unable to effectively
1147 : * revoke the privileges from B, since recursive_revoke would consider that
1148 : * B still has 'em from C.
1149 : *
1150 : * We check for this by recursively deleting all grant options belonging to
1151 : * the target grantee, and then seeing if the would-be grantor still has the
1152 : * grant option or not.
1153 : */
1154 : static void
1155 40 : check_circularity(const Acl *old_acl, const AclItem *mod_aip,
1156 : Oid ownerId)
1157 : {
1158 : Acl *acl;
1159 : AclItem *aip;
1160 : int i,
1161 : num;
1162 : AclMode own_privs;
1163 :
1164 40 : check_acl(old_acl);
1165 :
1166 : /*
1167 : * For now, grant options can only be granted to roles, not PUBLIC.
1168 : * Otherwise we'd have to work a bit harder here.
1169 : */
1170 : Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
1171 :
1172 : /* The owner always has grant options, no need to check */
1173 40 : if (mod_aip->ai_grantor == ownerId)
1174 32 : return;
1175 :
1176 : /* Make a working copy */
1177 8 : acl = allocacl(ACL_NUM(old_acl));
1178 8 : memcpy(acl, old_acl, ACL_SIZE(old_acl));
1179 :
1180 : /* Zap all grant options of target grantee, plus what depends on 'em */
1181 : cc_restart:
1182 12 : num = ACL_NUM(acl);
1183 12 : aip = ACL_DAT(acl);
1184 48 : for (i = 0; i < num; i++)
1185 : {
1186 44 : if (aip[i].ai_grantee == mod_aip->ai_grantee &&
1187 4 : ACLITEM_GET_GOPTIONS(aip[i]) != ACL_NO_RIGHTS)
1188 : {
1189 : Acl *new_acl;
1190 :
1191 : /* We'll actually zap ordinary privs too, but no matter */
1192 4 : new_acl = aclupdate(acl, &aip[i], ACL_MODECHG_DEL,
1193 : ownerId, DROP_CASCADE);
1194 :
1195 4 : pfree(acl);
1196 4 : acl = new_acl;
1197 :
1198 4 : goto cc_restart;
1199 : }
1200 : }
1201 :
1202 : /* Now we can compute grantor's independently-derived privileges */
1203 8 : own_privs = aclmask(acl,
1204 : mod_aip->ai_grantor,
1205 : ownerId,
1206 8 : ACL_GRANT_OPTION_FOR(ACLITEM_GET_GOPTIONS(*mod_aip)),
1207 : ACLMASK_ALL);
1208 8 : own_privs = ACL_OPTION_TO_PRIVS(own_privs);
1209 :
1210 8 : if ((ACLITEM_GET_GOPTIONS(*mod_aip) & ~own_privs) != 0)
1211 0 : ereport(ERROR,
1212 : (errcode(ERRCODE_INVALID_GRANT_OPERATION),
1213 : errmsg("grant options cannot be granted back to your own grantor")));
1214 :
1215 8 : pfree(acl);
1216 : }
1217 :
1218 :
1219 : /*
1220 : * Ensure that no privilege is "abandoned". A privilege is abandoned
1221 : * if the user that granted the privilege loses the grant option. (So
1222 : * the chain through which it was granted is broken.) Either the
1223 : * abandoned privileges are revoked as well, or an error message is
1224 : * printed, depending on the drop behavior option.
1225 : *
1226 : * acl: the input ACL list
1227 : * grantee: the user from whom some grant options have been revoked
1228 : * revoke_privs: the grant options being revoked
1229 : * ownerId: Oid of object owner
1230 : * behavior: RESTRICT or CASCADE behavior for recursive removal
1231 : *
1232 : * The input Acl object is pfree'd if replaced.
1233 : */
1234 : static Acl *
1235 40 : recursive_revoke(Acl *acl,
1236 : Oid grantee,
1237 : AclMode revoke_privs,
1238 : Oid ownerId,
1239 : DropBehavior behavior)
1240 : {
1241 : AclMode still_has;
1242 : AclItem *aip;
1243 : int i,
1244 : num;
1245 :
1246 40 : check_acl(acl);
1247 :
1248 : /* The owner can never truly lose grant options, so short-circuit */
1249 40 : if (grantee == ownerId)
1250 0 : return acl;
1251 :
1252 : /* The grantee might still have some grant options via another grantor */
1253 40 : still_has = aclmask(acl, grantee, ownerId,
1254 : ACL_GRANT_OPTION_FOR(revoke_privs),
1255 : ACLMASK_ALL);
1256 40 : revoke_privs &= ~ACL_OPTION_TO_PRIVS(still_has);
1257 40 : if (revoke_privs == ACL_NO_RIGHTS)
1258 4 : return acl;
1259 :
1260 : restart:
1261 52 : num = ACL_NUM(acl);
1262 52 : aip = ACL_DAT(acl);
1263 176 : for (i = 0; i < num; i++)
1264 : {
1265 148 : if (aip[i].ai_grantor == grantee
1266 24 : && (ACLITEM_GET_PRIVS(aip[i]) & revoke_privs) != 0)
1267 : {
1268 : AclItem mod_acl;
1269 : Acl *new_acl;
1270 :
1271 24 : if (behavior == DROP_RESTRICT)
1272 8 : ereport(ERROR,
1273 : (errcode(ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST),
1274 : errmsg("dependent privileges exist"),
1275 : errhint("Use CASCADE to revoke them too.")));
1276 :
1277 16 : mod_acl.ai_grantor = grantee;
1278 16 : mod_acl.ai_grantee = aip[i].ai_grantee;
1279 16 : ACLITEM_SET_PRIVS_GOPTIONS(mod_acl,
1280 : revoke_privs,
1281 : revoke_privs);
1282 :
1283 16 : new_acl = aclupdate(acl, &mod_acl, ACL_MODECHG_DEL,
1284 : ownerId, behavior);
1285 :
1286 16 : pfree(acl);
1287 16 : acl = new_acl;
1288 :
1289 16 : goto restart;
1290 : }
1291 : }
1292 :
1293 28 : return acl;
1294 : }
1295 :
1296 :
1297 : /*
1298 : * aclmask --- compute bitmask of all privileges held by roleid.
1299 : *
1300 : * When 'how' = ACLMASK_ALL, this simply returns the privilege bits
1301 : * held by the given roleid according to the given ACL list, ANDed
1302 : * with 'mask'. (The point of passing 'mask' is to let the routine
1303 : * exit early if all privileges of interest have been found.)
1304 : *
1305 : * When 'how' = ACLMASK_ANY, returns as soon as any bit in the mask
1306 : * is known true. (This lets us exit soonest in cases where the
1307 : * caller is only going to test for zero or nonzero result.)
1308 : *
1309 : * Usage patterns:
1310 : *
1311 : * To see if any of a set of privileges are held:
1312 : * if (aclmask(acl, roleid, ownerId, privs, ACLMASK_ANY) != 0)
1313 : *
1314 : * To see if all of a set of privileges are held:
1315 : * if (aclmask(acl, roleid, ownerId, privs, ACLMASK_ALL) == privs)
1316 : *
1317 : * To determine exactly which of a set of privileges are held:
1318 : * heldprivs = aclmask(acl, roleid, ownerId, privs, ACLMASK_ALL);
1319 : */
1320 : AclMode
1321 36170 : aclmask(const Acl *acl, Oid roleid, Oid ownerId,
1322 : AclMode mask, AclMaskHow how)
1323 : {
1324 : AclMode result;
1325 : AclMode remaining;
1326 : AclItem *aidat;
1327 : int i,
1328 : num;
1329 :
1330 : /*
1331 : * Null ACL should not happen, since caller should have inserted
1332 : * appropriate default
1333 : */
1334 36170 : if (acl == NULL)
1335 0 : elog(ERROR, "null ACL");
1336 :
1337 36170 : check_acl(acl);
1338 :
1339 : /* Quick exit for mask == 0 */
1340 36170 : if (mask == 0)
1341 32 : return 0;
1342 :
1343 36138 : result = 0;
1344 :
1345 : /* Owner always implicitly has all grant options */
1346 36234 : if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1347 96 : has_privs_of_role(roleid, ownerId))
1348 : {
1349 4 : result = mask & ACLITEM_ALL_GOPTION_BITS;
1350 4 : if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1351 4 : return result;
1352 : }
1353 :
1354 36134 : num = ACL_NUM(acl);
1355 36134 : aidat = ACL_DAT(acl);
1356 :
1357 : /*
1358 : * Check privileges granted directly to roleid or to public
1359 : */
1360 56332 : for (i = 0; i < num; i++)
1361 : {
1362 54672 : AclItem *aidata = &aidat[i];
1363 :
1364 78570 : if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1365 23898 : aidata->ai_grantee == roleid)
1366 : {
1367 35050 : result |= aidata->ai_privs & mask;
1368 35050 : if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1369 34474 : return result;
1370 : }
1371 : }
1372 :
1373 : /*
1374 : * Check privileges granted indirectly via role memberships. We do this in
1375 : * a separate pass to minimize expensive indirect membership tests. In
1376 : * particular, it's worth testing whether a given ACL entry grants any
1377 : * privileges still of interest before we perform the has_privs_of_role
1378 : * test.
1379 : */
1380 1660 : remaining = mask & ~result;
1381 4382 : for (i = 0; i < num; i++)
1382 : {
1383 2746 : AclItem *aidata = &aidat[i];
1384 :
1385 5468 : if (aidata->ai_grantee == ACL_ID_PUBLIC ||
1386 2722 : aidata->ai_grantee == roleid)
1387 564 : continue; /* already checked it */
1388 :
1389 4060 : if ((aidata->ai_privs & remaining) &&
1390 1878 : has_privs_of_role(roleid, aidata->ai_grantee))
1391 : {
1392 24 : result |= aidata->ai_privs & mask;
1393 24 : if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1394 24 : return result;
1395 0 : remaining = mask & ~result;
1396 : }
1397 : }
1398 :
1399 1636 : return result;
1400 : }
1401 :
1402 :
1403 : /*
1404 : * aclmask_direct --- compute bitmask of all privileges held by roleid.
1405 : *
1406 : * This is exactly like aclmask() except that we consider only privileges
1407 : * held *directly* by roleid, not those inherited via role membership.
1408 : */
1409 : static AclMode
1410 144 : aclmask_direct(const Acl *acl, Oid roleid, Oid ownerId,
1411 : AclMode mask, AclMaskHow how)
1412 : {
1413 : AclMode result;
1414 : AclItem *aidat;
1415 : int i,
1416 : num;
1417 :
1418 : /*
1419 : * Null ACL should not happen, since caller should have inserted
1420 : * appropriate default
1421 : */
1422 144 : if (acl == NULL)
1423 0 : elog(ERROR, "null ACL");
1424 :
1425 144 : check_acl(acl);
1426 :
1427 : /* Quick exit for mask == 0 */
1428 144 : if (mask == 0)
1429 0 : return 0;
1430 :
1431 144 : result = 0;
1432 :
1433 : /* Owner always implicitly has all grant options */
1434 144 : if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
1435 : roleid == ownerId)
1436 : {
1437 0 : result = mask & ACLITEM_ALL_GOPTION_BITS;
1438 0 : if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1439 0 : return result;
1440 : }
1441 :
1442 144 : num = ACL_NUM(acl);
1443 144 : aidat = ACL_DAT(acl);
1444 :
1445 : /*
1446 : * Check privileges granted directly to roleid (and not to public)
1447 : */
1448 416 : for (i = 0; i < num; i++)
1449 : {
1450 364 : AclItem *aidata = &aidat[i];
1451 :
1452 364 : if (aidata->ai_grantee == roleid)
1453 : {
1454 116 : result |= aidata->ai_privs & mask;
1455 116 : if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
1456 92 : return result;
1457 : }
1458 : }
1459 :
1460 52 : return result;
1461 : }
1462 :
1463 :
1464 : /*
1465 : * aclmembers
1466 : * Find out all the roleids mentioned in an Acl.
1467 : * Note that we do not distinguish grantors from grantees.
1468 : *
1469 : * *roleids is set to point to a palloc'd array containing distinct OIDs
1470 : * in sorted order. The length of the array is the function result.
1471 : */
1472 : int
1473 88310 : aclmembers(const Acl *acl, Oid **roleids)
1474 : {
1475 : Oid *list;
1476 : const AclItem *acldat;
1477 : int i,
1478 : j,
1479 : k;
1480 :
1481 88310 : if (acl == NULL || ACL_NUM(acl) == 0)
1482 : {
1483 43114 : *roleids = NULL;
1484 43114 : return 0;
1485 : }
1486 :
1487 45196 : check_acl(acl);
1488 :
1489 : /* Allocate the worst-case space requirement */
1490 45196 : list = palloc(ACL_NUM(acl) * 2 * sizeof(Oid));
1491 45196 : acldat = ACL_DAT(acl);
1492 :
1493 : /*
1494 : * Walk the ACL collecting mentioned RoleIds.
1495 : */
1496 45196 : j = 0;
1497 115792 : for (i = 0; i < ACL_NUM(acl); i++)
1498 : {
1499 70596 : const AclItem *ai = &acldat[i];
1500 :
1501 70596 : if (ai->ai_grantee != ACL_ID_PUBLIC)
1502 46478 : list[j++] = ai->ai_grantee;
1503 : /* grantor is currently never PUBLIC, but let's check anyway */
1504 70596 : if (ai->ai_grantor != ACL_ID_PUBLIC)
1505 70596 : list[j++] = ai->ai_grantor;
1506 : }
1507 :
1508 : /* Sort the array */
1509 45196 : qsort(list, j, sizeof(Oid), oid_cmp);
1510 :
1511 : /* Remove duplicates from the array */
1512 45196 : k = 0;
1513 117074 : for (i = 1; i < j; i++)
1514 : {
1515 71878 : if (list[k] != list[i])
1516 3594 : list[++k] = list[i];
1517 : }
1518 :
1519 : /*
1520 : * We could repalloc the array down to minimum size, but it's hardly worth
1521 : * it since it's only transient memory.
1522 : */
1523 45196 : *roleids = list;
1524 :
1525 45196 : return k + 1;
1526 : }
1527 :
1528 :
1529 : /*
1530 : * aclinsert (exported function)
1531 : */
1532 : Datum
1533 0 : aclinsert(PG_FUNCTION_ARGS)
1534 : {
1535 0 : ereport(ERROR,
1536 : (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1537 : errmsg("aclinsert is no longer supported")));
1538 :
1539 : PG_RETURN_NULL(); /* keep compiler quiet */
1540 : }
1541 :
1542 : Datum
1543 0 : aclremove(PG_FUNCTION_ARGS)
1544 : {
1545 0 : ereport(ERROR,
1546 : (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1547 : errmsg("aclremove is no longer supported")));
1548 :
1549 : PG_RETURN_NULL(); /* keep compiler quiet */
1550 : }
1551 :
1552 : Datum
1553 0 : aclcontains(PG_FUNCTION_ARGS)
1554 : {
1555 0 : Acl *acl = PG_GETARG_ACL_P(0);
1556 0 : AclItem *aip = PG_GETARG_ACLITEM_P(1);
1557 : AclItem *aidat;
1558 : int i,
1559 : num;
1560 :
1561 0 : check_acl(acl);
1562 0 : num = ACL_NUM(acl);
1563 0 : aidat = ACL_DAT(acl);
1564 0 : for (i = 0; i < num; ++i)
1565 : {
1566 0 : if (aip->ai_grantee == aidat[i].ai_grantee &&
1567 0 : aip->ai_grantor == aidat[i].ai_grantor &&
1568 0 : (ACLITEM_GET_RIGHTS(*aip) & ACLITEM_GET_RIGHTS(aidat[i])) == ACLITEM_GET_RIGHTS(*aip))
1569 0 : PG_RETURN_BOOL(true);
1570 : }
1571 0 : PG_RETURN_BOOL(false);
1572 : }
1573 :
1574 : Datum
1575 0 : makeaclitem(PG_FUNCTION_ARGS)
1576 : {
1577 0 : Oid grantee = PG_GETARG_OID(0);
1578 0 : Oid grantor = PG_GETARG_OID(1);
1579 0 : text *privtext = PG_GETARG_TEXT_PP(2);
1580 0 : bool goption = PG_GETARG_BOOL(3);
1581 : AclItem *result;
1582 : AclMode priv;
1583 :
1584 0 : priv = convert_priv_string(privtext);
1585 :
1586 0 : result = (AclItem *) palloc(sizeof(AclItem));
1587 :
1588 0 : result->ai_grantee = grantee;
1589 0 : result->ai_grantor = grantor;
1590 :
1591 0 : ACLITEM_SET_PRIVS_GOPTIONS(*result, priv,
1592 : (goption ? priv : ACL_NO_RIGHTS));
1593 :
1594 0 : PG_RETURN_ACLITEM_P(result);
1595 : }
1596 :
1597 : static AclMode
1598 0 : convert_priv_string(text *priv_type_text)
1599 : {
1600 0 : char *priv_type = text_to_cstring(priv_type_text);
1601 :
1602 0 : if (pg_strcasecmp(priv_type, "SELECT") == 0)
1603 0 : return ACL_SELECT;
1604 0 : if (pg_strcasecmp(priv_type, "INSERT") == 0)
1605 0 : return ACL_INSERT;
1606 0 : if (pg_strcasecmp(priv_type, "UPDATE") == 0)
1607 0 : return ACL_UPDATE;
1608 0 : if (pg_strcasecmp(priv_type, "DELETE") == 0)
1609 0 : return ACL_DELETE;
1610 0 : if (pg_strcasecmp(priv_type, "TRUNCATE") == 0)
1611 0 : return ACL_TRUNCATE;
1612 0 : if (pg_strcasecmp(priv_type, "REFERENCES") == 0)
1613 0 : return ACL_REFERENCES;
1614 0 : if (pg_strcasecmp(priv_type, "TRIGGER") == 0)
1615 0 : return ACL_TRIGGER;
1616 0 : if (pg_strcasecmp(priv_type, "EXECUTE") == 0)
1617 0 : return ACL_EXECUTE;
1618 0 : if (pg_strcasecmp(priv_type, "USAGE") == 0)
1619 0 : return ACL_USAGE;
1620 0 : if (pg_strcasecmp(priv_type, "CREATE") == 0)
1621 0 : return ACL_CREATE;
1622 0 : if (pg_strcasecmp(priv_type, "TEMP") == 0)
1623 0 : return ACL_CREATE_TEMP;
1624 0 : if (pg_strcasecmp(priv_type, "TEMPORARY") == 0)
1625 0 : return ACL_CREATE_TEMP;
1626 0 : if (pg_strcasecmp(priv_type, "CONNECT") == 0)
1627 0 : return ACL_CONNECT;
1628 0 : if (pg_strcasecmp(priv_type, "RULE") == 0)
1629 0 : return 0; /* ignore old RULE privileges */
1630 :
1631 0 : ereport(ERROR,
1632 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1633 : errmsg("unrecognized privilege type: \"%s\"", priv_type)));
1634 : return ACL_NO_RIGHTS; /* keep compiler quiet */
1635 : }
1636 :
1637 :
1638 : /*
1639 : * convert_any_priv_string: recognize privilege strings for has_foo_privilege
1640 : *
1641 : * We accept a comma-separated list of case-insensitive privilege names,
1642 : * producing a bitmask of the OR'd privilege bits. We are liberal about
1643 : * whitespace between items, not so much about whitespace within items.
1644 : * The allowed privilege names are given as an array of priv_map structs,
1645 : * terminated by one with a NULL name pointer.
1646 : */
1647 : static AclMode
1648 50356 : convert_any_priv_string(text *priv_type_text,
1649 : const priv_map *privileges)
1650 : {
1651 50356 : AclMode result = 0;
1652 50356 : char *priv_type = text_to_cstring(priv_type_text);
1653 : char *chunk;
1654 : char *next_chunk;
1655 :
1656 : /* We rely on priv_type being a private, modifiable string */
1657 100780 : for (chunk = priv_type; chunk; chunk = next_chunk)
1658 : {
1659 : int chunk_len;
1660 : const priv_map *this_priv;
1661 :
1662 : /* Split string at commas */
1663 50432 : next_chunk = strchr(chunk, ',');
1664 50432 : if (next_chunk)
1665 76 : *next_chunk++ = '\0';
1666 :
1667 : /* Drop leading/trailing whitespace in this chunk */
1668 100864 : while (*chunk && isspace((unsigned char) *chunk))
1669 0 : chunk++;
1670 50432 : chunk_len = strlen(chunk);
1671 100864 : while (chunk_len > 0 && isspace((unsigned char) chunk[chunk_len - 1]))
1672 0 : chunk_len--;
1673 50432 : chunk[chunk_len] = '\0';
1674 :
1675 : /* Match to the privileges list */
1676 51484 : for (this_priv = privileges; this_priv->name; this_priv++)
1677 : {
1678 51476 : if (pg_strcasecmp(this_priv->name, chunk) == 0)
1679 : {
1680 50424 : result |= this_priv->value;
1681 50424 : break;
1682 : }
1683 : }
1684 50432 : if (!this_priv->name)
1685 8 : ereport(ERROR,
1686 : (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
1687 : errmsg("unrecognized privilege type: \"%s\"", chunk)));
1688 : }
1689 :
1690 50348 : pfree(priv_type);
1691 50348 : return result;
1692 : }
1693 :
1694 :
1695 : static const char *
1696 64 : convert_aclright_to_string(int aclright)
1697 : {
1698 64 : switch (aclright)
1699 : {
1700 : case ACL_INSERT:
1701 0 : return "INSERT";
1702 : case ACL_SELECT:
1703 0 : return "SELECT";
1704 : case ACL_UPDATE:
1705 0 : return "UPDATE";
1706 : case ACL_DELETE:
1707 0 : return "DELETE";
1708 : case ACL_TRUNCATE:
1709 0 : return "TRUNCATE";
1710 : case ACL_REFERENCES:
1711 0 : return "REFERENCES";
1712 : case ACL_TRIGGER:
1713 0 : return "TRIGGER";
1714 : case ACL_EXECUTE:
1715 0 : return "EXECUTE";
1716 : case ACL_USAGE:
1717 64 : return "USAGE";
1718 : case ACL_CREATE:
1719 0 : return "CREATE";
1720 : case ACL_CREATE_TEMP:
1721 0 : return "TEMPORARY";
1722 : case ACL_CONNECT:
1723 0 : return "CONNECT";
1724 : default:
1725 0 : elog(ERROR, "unrecognized aclright: %d", aclright);
1726 : return NULL;
1727 : }
1728 : }
1729 :
1730 :
1731 : /*----------
1732 : * Convert an aclitem[] to a table.
1733 : *
1734 : * Example:
1735 : *
1736 : * aclexplode('{=r/joe,foo=a*w/joe}'::aclitem[])
1737 : *
1738 : * returns the table
1739 : *
1740 : * {{ OID(joe), 0::OID, 'SELECT', false },
1741 : * { OID(joe), OID(foo), 'INSERT', true },
1742 : * { OID(joe), OID(foo), 'UPDATE', false }}
1743 : *----------
1744 : */
1745 : Datum
1746 96 : aclexplode(PG_FUNCTION_ARGS)
1747 : {
1748 96 : Acl *acl = PG_GETARG_ACL_P(0);
1749 : FuncCallContext *funcctx;
1750 : int *idx;
1751 : AclItem *aidat;
1752 :
1753 96 : if (SRF_IS_FIRSTCALL())
1754 : {
1755 : TupleDesc tupdesc;
1756 : MemoryContext oldcontext;
1757 :
1758 32 : check_acl(acl);
1759 :
1760 32 : funcctx = SRF_FIRSTCALL_INIT();
1761 32 : oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
1762 :
1763 : /*
1764 : * build tupdesc for result tuples (matches out parameters in pg_proc
1765 : * entry)
1766 : */
1767 32 : tupdesc = CreateTemplateTupleDesc(4);
1768 32 : TupleDescInitEntry(tupdesc, (AttrNumber) 1, "grantor",
1769 : OIDOID, -1, 0);
1770 32 : TupleDescInitEntry(tupdesc, (AttrNumber) 2, "grantee",
1771 : OIDOID, -1, 0);
1772 32 : TupleDescInitEntry(tupdesc, (AttrNumber) 3, "privilege_type",
1773 : TEXTOID, -1, 0);
1774 32 : TupleDescInitEntry(tupdesc, (AttrNumber) 4, "is_grantable",
1775 : BOOLOID, -1, 0);
1776 :
1777 32 : funcctx->tuple_desc = BlessTupleDesc(tupdesc);
1778 :
1779 : /* allocate memory for user context */
1780 32 : idx = (int *) palloc(sizeof(int[2]));
1781 32 : idx[0] = 0; /* ACL array item index */
1782 32 : idx[1] = -1; /* privilege type counter */
1783 32 : funcctx->user_fctx = (void *) idx;
1784 :
1785 32 : MemoryContextSwitchTo(oldcontext);
1786 : }
1787 :
1788 96 : funcctx = SRF_PERCALL_SETUP();
1789 96 : idx = (int *) funcctx->user_fctx;
1790 96 : aidat = ACL_DAT(acl);
1791 :
1792 : /* need test here in case acl has no items */
1793 896 : while (idx[0] < ACL_NUM(acl))
1794 : {
1795 : AclItem *aidata;
1796 : AclMode priv_bit;
1797 :
1798 800 : idx[1]++;
1799 800 : if (idx[1] == N_ACL_RIGHTS)
1800 : {
1801 64 : idx[1] = 0;
1802 64 : idx[0]++;
1803 64 : if (idx[0] >= ACL_NUM(acl)) /* done */
1804 32 : break;
1805 : }
1806 768 : aidata = &aidat[idx[0]];
1807 768 : priv_bit = 1 << idx[1];
1808 :
1809 768 : if (ACLITEM_GET_PRIVS(*aidata) & priv_bit)
1810 : {
1811 : Datum result;
1812 : Datum values[4];
1813 : bool nulls[4];
1814 : HeapTuple tuple;
1815 :
1816 64 : values[0] = ObjectIdGetDatum(aidata->ai_grantor);
1817 64 : values[1] = ObjectIdGetDatum(aidata->ai_grantee);
1818 64 : values[2] = CStringGetTextDatum(convert_aclright_to_string(priv_bit));
1819 64 : values[3] = BoolGetDatum((ACLITEM_GET_GOPTIONS(*aidata) & priv_bit) != 0);
1820 :
1821 64 : MemSet(nulls, 0, sizeof(nulls));
1822 :
1823 64 : tuple = heap_form_tuple(funcctx->tuple_desc, values, nulls);
1824 64 : result = HeapTupleGetDatum(tuple);
1825 :
1826 64 : SRF_RETURN_NEXT(funcctx, result);
1827 : }
1828 : }
1829 :
1830 32 : SRF_RETURN_DONE(funcctx);
1831 : }
1832 :
1833 :
1834 : /*
1835 : * has_table_privilege variants
1836 : * These are all named "has_table_privilege" at the SQL level.
1837 : * They take various combinations of relation name, relation OID,
1838 : * user name, user OID, or implicit user = current_user.
1839 : *
1840 : * The result is a boolean value: true if user has the indicated
1841 : * privilege, false if not. The variants that take a relation OID
1842 : * return NULL if the OID doesn't exist (rather than failing, as
1843 : * they did before Postgres 8.4).
1844 : */
1845 :
1846 : /*
1847 : * has_table_privilege_name_name
1848 : * Check user privileges on a table given
1849 : * name username, text tablename, and text priv name.
1850 : */
1851 : Datum
1852 104 : has_table_privilege_name_name(PG_FUNCTION_ARGS)
1853 : {
1854 104 : Name rolename = PG_GETARG_NAME(0);
1855 104 : text *tablename = PG_GETARG_TEXT_PP(1);
1856 104 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
1857 : Oid roleid;
1858 : Oid tableoid;
1859 : AclMode mode;
1860 : AclResult aclresult;
1861 :
1862 104 : roleid = get_role_oid_or_public(NameStr(*rolename));
1863 100 : tableoid = convert_table_name(tablename);
1864 100 : mode = convert_table_priv_string(priv_type_text);
1865 :
1866 100 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1867 :
1868 100 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1869 : }
1870 :
1871 : /*
1872 : * has_table_privilege_name
1873 : * Check user privileges on a table given
1874 : * text tablename and text priv name.
1875 : * current_user is assumed
1876 : */
1877 : Datum
1878 44 : has_table_privilege_name(PG_FUNCTION_ARGS)
1879 : {
1880 44 : text *tablename = PG_GETARG_TEXT_PP(0);
1881 44 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
1882 : Oid roleid;
1883 : Oid tableoid;
1884 : AclMode mode;
1885 : AclResult aclresult;
1886 :
1887 44 : roleid = GetUserId();
1888 44 : tableoid = convert_table_name(tablename);
1889 40 : mode = convert_table_priv_string(priv_type_text);
1890 :
1891 36 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1892 :
1893 36 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1894 : }
1895 :
1896 : /*
1897 : * has_table_privilege_name_id
1898 : * Check user privileges on a table given
1899 : * name usename, table oid, and text priv name.
1900 : */
1901 : Datum
1902 16 : has_table_privilege_name_id(PG_FUNCTION_ARGS)
1903 : {
1904 16 : Name username = PG_GETARG_NAME(0);
1905 16 : Oid tableoid = PG_GETARG_OID(1);
1906 16 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
1907 : Oid roleid;
1908 : AclMode mode;
1909 : AclResult aclresult;
1910 :
1911 16 : roleid = get_role_oid_or_public(NameStr(*username));
1912 16 : mode = convert_table_priv_string(priv_type_text);
1913 :
1914 16 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
1915 0 : PG_RETURN_NULL();
1916 :
1917 16 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1918 :
1919 16 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1920 : }
1921 :
1922 : /*
1923 : * has_table_privilege_id
1924 : * Check user privileges on a table given
1925 : * table oid, and text priv name.
1926 : * current_user is assumed
1927 : */
1928 : Datum
1929 13212 : has_table_privilege_id(PG_FUNCTION_ARGS)
1930 : {
1931 13212 : Oid tableoid = PG_GETARG_OID(0);
1932 13212 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
1933 : Oid roleid;
1934 : AclMode mode;
1935 : AclResult aclresult;
1936 :
1937 13212 : roleid = GetUserId();
1938 13212 : mode = convert_table_priv_string(priv_type_text);
1939 :
1940 13212 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
1941 4 : PG_RETURN_NULL();
1942 :
1943 13208 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1944 :
1945 13208 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1946 : }
1947 :
1948 : /*
1949 : * has_table_privilege_id_name
1950 : * Check user privileges on a table given
1951 : * roleid, text tablename, and text priv name.
1952 : */
1953 : Datum
1954 28 : has_table_privilege_id_name(PG_FUNCTION_ARGS)
1955 : {
1956 28 : Oid roleid = PG_GETARG_OID(0);
1957 28 : text *tablename = PG_GETARG_TEXT_PP(1);
1958 28 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
1959 : Oid tableoid;
1960 : AclMode mode;
1961 : AclResult aclresult;
1962 :
1963 28 : tableoid = convert_table_name(tablename);
1964 28 : mode = convert_table_priv_string(priv_type_text);
1965 :
1966 28 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1967 :
1968 28 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1969 : }
1970 :
1971 : /*
1972 : * has_table_privilege_id_id
1973 : * Check user privileges on a table given
1974 : * roleid, table oid, and text priv name.
1975 : */
1976 : Datum
1977 24 : has_table_privilege_id_id(PG_FUNCTION_ARGS)
1978 : {
1979 24 : Oid roleid = PG_GETARG_OID(0);
1980 24 : Oid tableoid = PG_GETARG_OID(1);
1981 24 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
1982 : AclMode mode;
1983 : AclResult aclresult;
1984 :
1985 24 : mode = convert_table_priv_string(priv_type_text);
1986 :
1987 24 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
1988 0 : PG_RETURN_NULL();
1989 :
1990 24 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
1991 :
1992 24 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
1993 : }
1994 :
1995 : /*
1996 : * Support routines for has_table_privilege family.
1997 : */
1998 :
1999 : /*
2000 : * Given a table name expressed as a string, look it up and return Oid
2001 : */
2002 : static Oid
2003 208 : convert_table_name(text *tablename)
2004 : {
2005 : RangeVar *relrv;
2006 :
2007 208 : relrv = makeRangeVarFromNameList(textToQualifiedNameList(tablename));
2008 :
2009 : /* We might not even have permissions on this relation; don't lock it. */
2010 208 : return RangeVarGetRelid(relrv, NoLock, false);
2011 : }
2012 :
2013 : /*
2014 : * convert_table_priv_string
2015 : * Convert text string to AclMode value.
2016 : */
2017 : static AclMode
2018 13420 : convert_table_priv_string(text *priv_type_text)
2019 : {
2020 : static const priv_map table_priv_map[] = {
2021 : {"SELECT", ACL_SELECT},
2022 : {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2023 : {"INSERT", ACL_INSERT},
2024 : {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2025 : {"UPDATE", ACL_UPDATE},
2026 : {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2027 : {"DELETE", ACL_DELETE},
2028 : {"DELETE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_DELETE)},
2029 : {"TRUNCATE", ACL_TRUNCATE},
2030 : {"TRUNCATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRUNCATE)},
2031 : {"REFERENCES", ACL_REFERENCES},
2032 : {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2033 : {"TRIGGER", ACL_TRIGGER},
2034 : {"TRIGGER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRIGGER)},
2035 : {"RULE", 0}, /* ignore old RULE privileges */
2036 : {"RULE WITH GRANT OPTION", 0},
2037 : {NULL, 0}
2038 : };
2039 :
2040 13420 : return convert_any_priv_string(priv_type_text, table_priv_map);
2041 : }
2042 :
2043 : /*
2044 : * has_sequence_privilege variants
2045 : * These are all named "has_sequence_privilege" at the SQL level.
2046 : * They take various combinations of relation name, relation OID,
2047 : * user name, user OID, or implicit user = current_user.
2048 : *
2049 : * The result is a boolean value: true if user has the indicated
2050 : * privilege, false if not. The variants that take a relation OID
2051 : * return NULL if the OID doesn't exist.
2052 : */
2053 :
2054 : /*
2055 : * has_sequence_privilege_name_name
2056 : * Check user privileges on a sequence given
2057 : * name username, text sequencename, and text priv name.
2058 : */
2059 : Datum
2060 12 : has_sequence_privilege_name_name(PG_FUNCTION_ARGS)
2061 : {
2062 12 : Name rolename = PG_GETARG_NAME(0);
2063 12 : text *sequencename = PG_GETARG_TEXT_PP(1);
2064 12 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2065 : Oid roleid;
2066 : Oid sequenceoid;
2067 : AclMode mode;
2068 : AclResult aclresult;
2069 :
2070 12 : roleid = get_role_oid_or_public(NameStr(*rolename));
2071 12 : mode = convert_sequence_priv_string(priv_type_text);
2072 8 : sequenceoid = convert_table_name(sequencename);
2073 8 : if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2074 4 : ereport(ERROR,
2075 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2076 : errmsg("\"%s\" is not a sequence",
2077 : text_to_cstring(sequencename))));
2078 :
2079 4 : aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2080 :
2081 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2082 : }
2083 :
2084 : /*
2085 : * has_sequence_privilege_name
2086 : * Check user privileges on a sequence given
2087 : * text sequencename and text priv name.
2088 : * current_user is assumed
2089 : */
2090 : Datum
2091 4 : has_sequence_privilege_name(PG_FUNCTION_ARGS)
2092 : {
2093 4 : text *sequencename = PG_GETARG_TEXT_PP(0);
2094 4 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
2095 : Oid roleid;
2096 : Oid sequenceoid;
2097 : AclMode mode;
2098 : AclResult aclresult;
2099 :
2100 4 : roleid = GetUserId();
2101 4 : mode = convert_sequence_priv_string(priv_type_text);
2102 4 : sequenceoid = convert_table_name(sequencename);
2103 4 : if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2104 0 : ereport(ERROR,
2105 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2106 : errmsg("\"%s\" is not a sequence",
2107 : text_to_cstring(sequencename))));
2108 :
2109 4 : aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2110 :
2111 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2112 : }
2113 :
2114 : /*
2115 : * has_sequence_privilege_name_id
2116 : * Check user privileges on a sequence given
2117 : * name usename, sequence oid, and text priv name.
2118 : */
2119 : Datum
2120 0 : has_sequence_privilege_name_id(PG_FUNCTION_ARGS)
2121 : {
2122 0 : Name username = PG_GETARG_NAME(0);
2123 0 : Oid sequenceoid = PG_GETARG_OID(1);
2124 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2125 : Oid roleid;
2126 : AclMode mode;
2127 : AclResult aclresult;
2128 : char relkind;
2129 :
2130 0 : roleid = get_role_oid_or_public(NameStr(*username));
2131 0 : mode = convert_sequence_priv_string(priv_type_text);
2132 0 : relkind = get_rel_relkind(sequenceoid);
2133 0 : if (relkind == '\0')
2134 0 : PG_RETURN_NULL();
2135 0 : else if (relkind != RELKIND_SEQUENCE)
2136 0 : ereport(ERROR,
2137 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2138 : errmsg("\"%s\" is not a sequence",
2139 : get_rel_name(sequenceoid))));
2140 :
2141 0 : aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2142 :
2143 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2144 : }
2145 :
2146 : /*
2147 : * has_sequence_privilege_id
2148 : * Check user privileges on a sequence given
2149 : * sequence oid, and text priv name.
2150 : * current_user is assumed
2151 : */
2152 : Datum
2153 76 : has_sequence_privilege_id(PG_FUNCTION_ARGS)
2154 : {
2155 76 : Oid sequenceoid = PG_GETARG_OID(0);
2156 76 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
2157 : Oid roleid;
2158 : AclMode mode;
2159 : AclResult aclresult;
2160 : char relkind;
2161 :
2162 76 : roleid = GetUserId();
2163 76 : mode = convert_sequence_priv_string(priv_type_text);
2164 76 : relkind = get_rel_relkind(sequenceoid);
2165 76 : if (relkind == '\0')
2166 0 : PG_RETURN_NULL();
2167 76 : else if (relkind != RELKIND_SEQUENCE)
2168 0 : ereport(ERROR,
2169 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2170 : errmsg("\"%s\" is not a sequence",
2171 : get_rel_name(sequenceoid))));
2172 :
2173 76 : aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2174 :
2175 76 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2176 : }
2177 :
2178 : /*
2179 : * has_sequence_privilege_id_name
2180 : * Check user privileges on a sequence given
2181 : * roleid, text sequencename, and text priv name.
2182 : */
2183 : Datum
2184 0 : has_sequence_privilege_id_name(PG_FUNCTION_ARGS)
2185 : {
2186 0 : Oid roleid = PG_GETARG_OID(0);
2187 0 : text *sequencename = PG_GETARG_TEXT_PP(1);
2188 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2189 : Oid sequenceoid;
2190 : AclMode mode;
2191 : AclResult aclresult;
2192 :
2193 0 : mode = convert_sequence_priv_string(priv_type_text);
2194 0 : sequenceoid = convert_table_name(sequencename);
2195 0 : if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
2196 0 : ereport(ERROR,
2197 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2198 : errmsg("\"%s\" is not a sequence",
2199 : text_to_cstring(sequencename))));
2200 :
2201 0 : aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2202 :
2203 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2204 : }
2205 :
2206 : /*
2207 : * has_sequence_privilege_id_id
2208 : * Check user privileges on a sequence given
2209 : * roleid, sequence oid, and text priv name.
2210 : */
2211 : Datum
2212 0 : has_sequence_privilege_id_id(PG_FUNCTION_ARGS)
2213 : {
2214 0 : Oid roleid = PG_GETARG_OID(0);
2215 0 : Oid sequenceoid = PG_GETARG_OID(1);
2216 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2217 : AclMode mode;
2218 : AclResult aclresult;
2219 : char relkind;
2220 :
2221 0 : mode = convert_sequence_priv_string(priv_type_text);
2222 0 : relkind = get_rel_relkind(sequenceoid);
2223 0 : if (relkind == '\0')
2224 0 : PG_RETURN_NULL();
2225 0 : else if (relkind != RELKIND_SEQUENCE)
2226 0 : ereport(ERROR,
2227 : (errcode(ERRCODE_WRONG_OBJECT_TYPE),
2228 : errmsg("\"%s\" is not a sequence",
2229 : get_rel_name(sequenceoid))));
2230 :
2231 0 : aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);
2232 :
2233 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2234 : }
2235 :
2236 : /*
2237 : * convert_sequence_priv_string
2238 : * Convert text string to AclMode value.
2239 : */
2240 : static AclMode
2241 92 : convert_sequence_priv_string(text *priv_type_text)
2242 : {
2243 : static const priv_map sequence_priv_map[] = {
2244 : {"USAGE", ACL_USAGE},
2245 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
2246 : {"SELECT", ACL_SELECT},
2247 : {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2248 : {"UPDATE", ACL_UPDATE},
2249 : {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2250 : {NULL, 0}
2251 : };
2252 :
2253 92 : return convert_any_priv_string(priv_type_text, sequence_priv_map);
2254 : }
2255 :
2256 :
2257 : /*
2258 : * has_any_column_privilege variants
2259 : * These are all named "has_any_column_privilege" at the SQL level.
2260 : * They take various combinations of relation name, relation OID,
2261 : * user name, user OID, or implicit user = current_user.
2262 : *
2263 : * The result is a boolean value: true if user has the indicated
2264 : * privilege for any column of the table, false if not. The variants
2265 : * that take a relation OID return NULL if the OID doesn't exist.
2266 : */
2267 :
2268 : /*
2269 : * has_any_column_privilege_name_name
2270 : * Check user privileges on any column of a table given
2271 : * name username, text tablename, and text priv name.
2272 : */
2273 : Datum
2274 0 : has_any_column_privilege_name_name(PG_FUNCTION_ARGS)
2275 : {
2276 0 : Name rolename = PG_GETARG_NAME(0);
2277 0 : text *tablename = PG_GETARG_TEXT_PP(1);
2278 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2279 : Oid roleid;
2280 : Oid tableoid;
2281 : AclMode mode;
2282 : AclResult aclresult;
2283 :
2284 0 : roleid = get_role_oid_or_public(NameStr(*rolename));
2285 0 : tableoid = convert_table_name(tablename);
2286 0 : mode = convert_column_priv_string(priv_type_text);
2287 :
2288 : /* First check at table level, then examine each column if needed */
2289 0 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2290 0 : if (aclresult != ACLCHECK_OK)
2291 0 : aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2292 : ACLMASK_ANY);
2293 :
2294 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2295 : }
2296 :
2297 : /*
2298 : * has_any_column_privilege_name
2299 : * Check user privileges on any column of a table given
2300 : * text tablename and text priv name.
2301 : * current_user is assumed
2302 : */
2303 : Datum
2304 0 : has_any_column_privilege_name(PG_FUNCTION_ARGS)
2305 : {
2306 0 : text *tablename = PG_GETARG_TEXT_PP(0);
2307 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
2308 : Oid roleid;
2309 : Oid tableoid;
2310 : AclMode mode;
2311 : AclResult aclresult;
2312 :
2313 0 : roleid = GetUserId();
2314 0 : tableoid = convert_table_name(tablename);
2315 0 : mode = convert_column_priv_string(priv_type_text);
2316 :
2317 : /* First check at table level, then examine each column if needed */
2318 0 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2319 0 : if (aclresult != ACLCHECK_OK)
2320 0 : aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2321 : ACLMASK_ANY);
2322 :
2323 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2324 : }
2325 :
2326 : /*
2327 : * has_any_column_privilege_name_id
2328 : * Check user privileges on any column of a table given
2329 : * name usename, table oid, and text priv name.
2330 : */
2331 : Datum
2332 0 : has_any_column_privilege_name_id(PG_FUNCTION_ARGS)
2333 : {
2334 0 : Name username = PG_GETARG_NAME(0);
2335 0 : Oid tableoid = PG_GETARG_OID(1);
2336 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2337 : Oid roleid;
2338 : AclMode mode;
2339 : AclResult aclresult;
2340 :
2341 0 : roleid = get_role_oid_or_public(NameStr(*username));
2342 0 : mode = convert_column_priv_string(priv_type_text);
2343 :
2344 0 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
2345 0 : PG_RETURN_NULL();
2346 :
2347 : /* First check at table level, then examine each column if needed */
2348 0 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2349 0 : if (aclresult != ACLCHECK_OK)
2350 0 : aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2351 : ACLMASK_ANY);
2352 :
2353 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2354 : }
2355 :
2356 : /*
2357 : * has_any_column_privilege_id
2358 : * Check user privileges on any column of a table given
2359 : * table oid, and text priv name.
2360 : * current_user is assumed
2361 : */
2362 : Datum
2363 0 : has_any_column_privilege_id(PG_FUNCTION_ARGS)
2364 : {
2365 0 : Oid tableoid = PG_GETARG_OID(0);
2366 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
2367 : Oid roleid;
2368 : AclMode mode;
2369 : AclResult aclresult;
2370 :
2371 0 : roleid = GetUserId();
2372 0 : mode = convert_column_priv_string(priv_type_text);
2373 :
2374 0 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
2375 0 : PG_RETURN_NULL();
2376 :
2377 : /* First check at table level, then examine each column if needed */
2378 0 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2379 0 : if (aclresult != ACLCHECK_OK)
2380 0 : aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2381 : ACLMASK_ANY);
2382 :
2383 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2384 : }
2385 :
2386 : /*
2387 : * has_any_column_privilege_id_name
2388 : * Check user privileges on any column of a table given
2389 : * roleid, text tablename, and text priv name.
2390 : */
2391 : Datum
2392 0 : has_any_column_privilege_id_name(PG_FUNCTION_ARGS)
2393 : {
2394 0 : Oid roleid = PG_GETARG_OID(0);
2395 0 : text *tablename = PG_GETARG_TEXT_PP(1);
2396 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2397 : Oid tableoid;
2398 : AclMode mode;
2399 : AclResult aclresult;
2400 :
2401 0 : tableoid = convert_table_name(tablename);
2402 0 : mode = convert_column_priv_string(priv_type_text);
2403 :
2404 : /* First check at table level, then examine each column if needed */
2405 0 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2406 0 : if (aclresult != ACLCHECK_OK)
2407 0 : aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2408 : ACLMASK_ANY);
2409 :
2410 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2411 : }
2412 :
2413 : /*
2414 : * has_any_column_privilege_id_id
2415 : * Check user privileges on any column of a table given
2416 : * roleid, table oid, and text priv name.
2417 : */
2418 : Datum
2419 0 : has_any_column_privilege_id_id(PG_FUNCTION_ARGS)
2420 : {
2421 0 : Oid roleid = PG_GETARG_OID(0);
2422 0 : Oid tableoid = PG_GETARG_OID(1);
2423 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2424 : AclMode mode;
2425 : AclResult aclresult;
2426 :
2427 0 : mode = convert_column_priv_string(priv_type_text);
2428 :
2429 0 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
2430 0 : PG_RETURN_NULL();
2431 :
2432 : /* First check at table level, then examine each column if needed */
2433 0 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2434 0 : if (aclresult != ACLCHECK_OK)
2435 0 : aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
2436 : ACLMASK_ANY);
2437 :
2438 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2439 : }
2440 :
2441 :
2442 : /*
2443 : * has_column_privilege variants
2444 : * These are all named "has_column_privilege" at the SQL level.
2445 : * They take various combinations of relation name, relation OID,
2446 : * column name, column attnum, user name, user OID, or
2447 : * implicit user = current_user.
2448 : *
2449 : * The result is a boolean value: true if user has the indicated
2450 : * privilege, false if not. The variants that take a relation OID
2451 : * return NULL (rather than throwing an error) if that relation OID
2452 : * doesn't exist. Likewise, the variants that take an integer attnum
2453 : * return NULL (rather than throwing an error) if there is no such
2454 : * pg_attribute entry. All variants return NULL if an attisdropped
2455 : * column is selected. These rules are meant to avoid unnecessary
2456 : * failures in queries that scan pg_attribute.
2457 : */
2458 :
2459 : /*
2460 : * column_privilege_check: check column privileges, but don't throw an error
2461 : * for dropped column or table
2462 : *
2463 : * Returns 1 if have the privilege, 0 if not, -1 if dropped column/table.
2464 : */
2465 : static int
2466 1488 : column_privilege_check(Oid tableoid, AttrNumber attnum,
2467 : Oid roleid, AclMode mode)
2468 : {
2469 : AclResult aclresult;
2470 : HeapTuple attTuple;
2471 : Form_pg_attribute attributeForm;
2472 :
2473 : /*
2474 : * If convert_column_name failed, we can just return -1 immediately.
2475 : */
2476 1488 : if (attnum == InvalidAttrNumber)
2477 8 : return -1;
2478 :
2479 : /*
2480 : * First check if we have the privilege at the table level. We check
2481 : * existence of the pg_class row before risking calling pg_class_aclcheck.
2482 : * Note: it might seem there's a race condition against concurrent DROP,
2483 : * but really it's safe because there will be no syscache flush between
2484 : * here and there. So if we see the row in the syscache, so will
2485 : * pg_class_aclcheck.
2486 : */
2487 1480 : if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
2488 8 : return -1;
2489 :
2490 1472 : aclresult = pg_class_aclcheck(tableoid, roleid, mode);
2491 :
2492 1472 : if (aclresult == ACLCHECK_OK)
2493 1464 : return true;
2494 :
2495 : /*
2496 : * No table privilege, so try per-column privileges. Again, we have to
2497 : * check for dropped attribute first, and we rely on the syscache not to
2498 : * notice a concurrent drop before pg_attribute_aclcheck fetches the row.
2499 : */
2500 8 : attTuple = SearchSysCache2(ATTNUM,
2501 : ObjectIdGetDatum(tableoid),
2502 : Int16GetDatum(attnum));
2503 8 : if (!HeapTupleIsValid(attTuple))
2504 4 : return -1;
2505 4 : attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
2506 4 : if (attributeForm->attisdropped)
2507 : {
2508 4 : ReleaseSysCache(attTuple);
2509 4 : return -1;
2510 : }
2511 0 : ReleaseSysCache(attTuple);
2512 :
2513 0 : aclresult = pg_attribute_aclcheck(tableoid, attnum, roleid, mode);
2514 :
2515 0 : return (aclresult == ACLCHECK_OK);
2516 : }
2517 :
2518 : /*
2519 : * has_column_privilege_name_name_name
2520 : * Check user privileges on a column given
2521 : * name username, text tablename, text colname, and text priv name.
2522 : */
2523 : Datum
2524 0 : has_column_privilege_name_name_name(PG_FUNCTION_ARGS)
2525 : {
2526 0 : Name rolename = PG_GETARG_NAME(0);
2527 0 : text *tablename = PG_GETARG_TEXT_PP(1);
2528 0 : text *column = PG_GETARG_TEXT_PP(2);
2529 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2530 : Oid roleid;
2531 : Oid tableoid;
2532 : AttrNumber colattnum;
2533 : AclMode mode;
2534 : int privresult;
2535 :
2536 0 : roleid = get_role_oid_or_public(NameStr(*rolename));
2537 0 : tableoid = convert_table_name(tablename);
2538 0 : colattnum = convert_column_name(tableoid, column);
2539 0 : mode = convert_column_priv_string(priv_type_text);
2540 :
2541 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2542 0 : if (privresult < 0)
2543 0 : PG_RETURN_NULL();
2544 0 : PG_RETURN_BOOL(privresult);
2545 : }
2546 :
2547 : /*
2548 : * has_column_privilege_name_name_attnum
2549 : * Check user privileges on a column given
2550 : * name username, text tablename, int attnum, and text priv name.
2551 : */
2552 : Datum
2553 0 : has_column_privilege_name_name_attnum(PG_FUNCTION_ARGS)
2554 : {
2555 0 : Name rolename = PG_GETARG_NAME(0);
2556 0 : text *tablename = PG_GETARG_TEXT_PP(1);
2557 0 : AttrNumber colattnum = PG_GETARG_INT16(2);
2558 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2559 : Oid roleid;
2560 : Oid tableoid;
2561 : AclMode mode;
2562 : int privresult;
2563 :
2564 0 : roleid = get_role_oid_or_public(NameStr(*rolename));
2565 0 : tableoid = convert_table_name(tablename);
2566 0 : mode = convert_column_priv_string(priv_type_text);
2567 :
2568 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2569 0 : if (privresult < 0)
2570 0 : PG_RETURN_NULL();
2571 0 : PG_RETURN_BOOL(privresult);
2572 : }
2573 :
2574 : /*
2575 : * has_column_privilege_name_id_name
2576 : * Check user privileges on a column given
2577 : * name username, table oid, text colname, and text priv name.
2578 : */
2579 : Datum
2580 0 : has_column_privilege_name_id_name(PG_FUNCTION_ARGS)
2581 : {
2582 0 : Name username = PG_GETARG_NAME(0);
2583 0 : Oid tableoid = PG_GETARG_OID(1);
2584 0 : text *column = PG_GETARG_TEXT_PP(2);
2585 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2586 : Oid roleid;
2587 : AttrNumber colattnum;
2588 : AclMode mode;
2589 : int privresult;
2590 :
2591 0 : roleid = get_role_oid_or_public(NameStr(*username));
2592 0 : colattnum = convert_column_name(tableoid, column);
2593 0 : mode = convert_column_priv_string(priv_type_text);
2594 :
2595 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2596 0 : if (privresult < 0)
2597 0 : PG_RETURN_NULL();
2598 0 : PG_RETURN_BOOL(privresult);
2599 : }
2600 :
2601 : /*
2602 : * has_column_privilege_name_id_attnum
2603 : * Check user privileges on a column given
2604 : * name username, table oid, int attnum, and text priv name.
2605 : */
2606 : Datum
2607 0 : has_column_privilege_name_id_attnum(PG_FUNCTION_ARGS)
2608 : {
2609 0 : Name username = PG_GETARG_NAME(0);
2610 0 : Oid tableoid = PG_GETARG_OID(1);
2611 0 : AttrNumber colattnum = PG_GETARG_INT16(2);
2612 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2613 : Oid roleid;
2614 : AclMode mode;
2615 : int privresult;
2616 :
2617 0 : roleid = get_role_oid_or_public(NameStr(*username));
2618 0 : mode = convert_column_priv_string(priv_type_text);
2619 :
2620 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2621 0 : if (privresult < 0)
2622 0 : PG_RETURN_NULL();
2623 0 : PG_RETURN_BOOL(privresult);
2624 : }
2625 :
2626 : /*
2627 : * has_column_privilege_id_name_name
2628 : * Check user privileges on a column given
2629 : * oid roleid, text tablename, text colname, and text priv name.
2630 : */
2631 : Datum
2632 0 : has_column_privilege_id_name_name(PG_FUNCTION_ARGS)
2633 : {
2634 0 : Oid roleid = PG_GETARG_OID(0);
2635 0 : text *tablename = PG_GETARG_TEXT_PP(1);
2636 0 : text *column = PG_GETARG_TEXT_PP(2);
2637 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2638 : Oid tableoid;
2639 : AttrNumber colattnum;
2640 : AclMode mode;
2641 : int privresult;
2642 :
2643 0 : tableoid = convert_table_name(tablename);
2644 0 : colattnum = convert_column_name(tableoid, column);
2645 0 : mode = convert_column_priv_string(priv_type_text);
2646 :
2647 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2648 0 : if (privresult < 0)
2649 0 : PG_RETURN_NULL();
2650 0 : PG_RETURN_BOOL(privresult);
2651 : }
2652 :
2653 : /*
2654 : * has_column_privilege_id_name_attnum
2655 : * Check user privileges on a column given
2656 : * oid roleid, text tablename, int attnum, and text priv name.
2657 : */
2658 : Datum
2659 0 : has_column_privilege_id_name_attnum(PG_FUNCTION_ARGS)
2660 : {
2661 0 : Oid roleid = PG_GETARG_OID(0);
2662 0 : text *tablename = PG_GETARG_TEXT_PP(1);
2663 0 : AttrNumber colattnum = PG_GETARG_INT16(2);
2664 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2665 : Oid tableoid;
2666 : AclMode mode;
2667 : int privresult;
2668 :
2669 0 : tableoid = convert_table_name(tablename);
2670 0 : mode = convert_column_priv_string(priv_type_text);
2671 :
2672 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2673 0 : if (privresult < 0)
2674 0 : PG_RETURN_NULL();
2675 0 : PG_RETURN_BOOL(privresult);
2676 : }
2677 :
2678 : /*
2679 : * has_column_privilege_id_id_name
2680 : * Check user privileges on a column given
2681 : * oid roleid, table oid, text colname, and text priv name.
2682 : */
2683 : Datum
2684 0 : has_column_privilege_id_id_name(PG_FUNCTION_ARGS)
2685 : {
2686 0 : Oid roleid = PG_GETARG_OID(0);
2687 0 : Oid tableoid = PG_GETARG_OID(1);
2688 0 : text *column = PG_GETARG_TEXT_PP(2);
2689 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2690 : AttrNumber colattnum;
2691 : AclMode mode;
2692 : int privresult;
2693 :
2694 0 : colattnum = convert_column_name(tableoid, column);
2695 0 : mode = convert_column_priv_string(priv_type_text);
2696 :
2697 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2698 0 : if (privresult < 0)
2699 0 : PG_RETURN_NULL();
2700 0 : PG_RETURN_BOOL(privresult);
2701 : }
2702 :
2703 : /*
2704 : * has_column_privilege_id_id_attnum
2705 : * Check user privileges on a column given
2706 : * oid roleid, table oid, int attnum, and text priv name.
2707 : */
2708 : Datum
2709 0 : has_column_privilege_id_id_attnum(PG_FUNCTION_ARGS)
2710 : {
2711 0 : Oid roleid = PG_GETARG_OID(0);
2712 0 : Oid tableoid = PG_GETARG_OID(1);
2713 0 : AttrNumber colattnum = PG_GETARG_INT16(2);
2714 0 : text *priv_type_text = PG_GETARG_TEXT_PP(3);
2715 : AclMode mode;
2716 : int privresult;
2717 :
2718 0 : mode = convert_column_priv_string(priv_type_text);
2719 :
2720 0 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2721 0 : if (privresult < 0)
2722 0 : PG_RETURN_NULL();
2723 0 : PG_RETURN_BOOL(privresult);
2724 : }
2725 :
2726 : /*
2727 : * has_column_privilege_name_name
2728 : * Check user privileges on a column given
2729 : * text tablename, text colname, and text priv name.
2730 : * current_user is assumed
2731 : */
2732 : Datum
2733 12 : has_column_privilege_name_name(PG_FUNCTION_ARGS)
2734 : {
2735 12 : text *tablename = PG_GETARG_TEXT_PP(0);
2736 12 : text *column = PG_GETARG_TEXT_PP(1);
2737 12 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2738 : Oid roleid;
2739 : Oid tableoid;
2740 : AttrNumber colattnum;
2741 : AclMode mode;
2742 : int privresult;
2743 :
2744 12 : roleid = GetUserId();
2745 12 : tableoid = convert_table_name(tablename);
2746 12 : colattnum = convert_column_name(tableoid, column);
2747 4 : mode = convert_column_priv_string(priv_type_text);
2748 :
2749 4 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2750 4 : if (privresult < 0)
2751 4 : PG_RETURN_NULL();
2752 0 : PG_RETURN_BOOL(privresult);
2753 : }
2754 :
2755 : /*
2756 : * has_column_privilege_name_attnum
2757 : * Check user privileges on a column given
2758 : * text tablename, int attnum, and text priv name.
2759 : * current_user is assumed
2760 : */
2761 : Datum
2762 12 : has_column_privilege_name_attnum(PG_FUNCTION_ARGS)
2763 : {
2764 12 : text *tablename = PG_GETARG_TEXT_PP(0);
2765 12 : AttrNumber colattnum = PG_GETARG_INT16(1);
2766 12 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2767 : Oid roleid;
2768 : Oid tableoid;
2769 : AclMode mode;
2770 : int privresult;
2771 :
2772 12 : roleid = GetUserId();
2773 12 : tableoid = convert_table_name(tablename);
2774 12 : mode = convert_column_priv_string(priv_type_text);
2775 :
2776 12 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2777 12 : if (privresult < 0)
2778 8 : PG_RETURN_NULL();
2779 4 : PG_RETURN_BOOL(privresult);
2780 : }
2781 :
2782 : /*
2783 : * has_column_privilege_id_name
2784 : * Check user privileges on a column given
2785 : * table oid, text colname, and text priv name.
2786 : * current_user is assumed
2787 : */
2788 : Datum
2789 4 : has_column_privilege_id_name(PG_FUNCTION_ARGS)
2790 : {
2791 4 : Oid tableoid = PG_GETARG_OID(0);
2792 4 : text *column = PG_GETARG_TEXT_PP(1);
2793 4 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2794 : Oid roleid;
2795 : AttrNumber colattnum;
2796 : AclMode mode;
2797 : int privresult;
2798 :
2799 4 : roleid = GetUserId();
2800 4 : colattnum = convert_column_name(tableoid, column);
2801 4 : mode = convert_column_priv_string(priv_type_text);
2802 :
2803 4 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2804 4 : if (privresult < 0)
2805 4 : PG_RETURN_NULL();
2806 0 : PG_RETURN_BOOL(privresult);
2807 : }
2808 :
2809 : /*
2810 : * has_column_privilege_id_attnum
2811 : * Check user privileges on a column given
2812 : * table oid, int attnum, and text priv name.
2813 : * current_user is assumed
2814 : */
2815 : Datum
2816 1468 : has_column_privilege_id_attnum(PG_FUNCTION_ARGS)
2817 : {
2818 1468 : Oid tableoid = PG_GETARG_OID(0);
2819 1468 : AttrNumber colattnum = PG_GETARG_INT16(1);
2820 1468 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2821 : Oid roleid;
2822 : AclMode mode;
2823 : int privresult;
2824 :
2825 1468 : roleid = GetUserId();
2826 1468 : mode = convert_column_priv_string(priv_type_text);
2827 :
2828 1468 : privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
2829 1468 : if (privresult < 0)
2830 8 : PG_RETURN_NULL();
2831 1460 : PG_RETURN_BOOL(privresult);
2832 : }
2833 :
2834 : /*
2835 : * Support routines for has_column_privilege family.
2836 : */
2837 :
2838 : /*
2839 : * Given a table OID and a column name expressed as a string, look it up
2840 : * and return the column number. Returns InvalidAttrNumber in cases
2841 : * where caller should return NULL instead of failing.
2842 : */
2843 : static AttrNumber
2844 16 : convert_column_name(Oid tableoid, text *column)
2845 : {
2846 : char *colname;
2847 : HeapTuple attTuple;
2848 : AttrNumber attnum;
2849 :
2850 16 : colname = text_to_cstring(column);
2851 :
2852 : /*
2853 : * We don't use get_attnum() here because it will report that dropped
2854 : * columns don't exist. We need to treat dropped columns differently from
2855 : * nonexistent columns.
2856 : */
2857 16 : attTuple = SearchSysCache2(ATTNAME,
2858 : ObjectIdGetDatum(tableoid),
2859 : CStringGetDatum(colname));
2860 16 : if (HeapTupleIsValid(attTuple))
2861 : {
2862 : Form_pg_attribute attributeForm;
2863 :
2864 4 : attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
2865 : /* We want to return NULL for dropped columns */
2866 4 : if (attributeForm->attisdropped)
2867 4 : attnum = InvalidAttrNumber;
2868 : else
2869 0 : attnum = attributeForm->attnum;
2870 4 : ReleaseSysCache(attTuple);
2871 : }
2872 : else
2873 : {
2874 12 : char *tablename = get_rel_name(tableoid);
2875 :
2876 : /*
2877 : * If the table OID is bogus, or it's just been dropped, we'll get
2878 : * NULL back. In such cases we want has_column_privilege to return
2879 : * NULL too, so just return InvalidAttrNumber.
2880 : */
2881 12 : if (tablename != NULL)
2882 : {
2883 : /* tableoid exists, colname does not, so throw error */
2884 8 : ereport(ERROR,
2885 : (errcode(ERRCODE_UNDEFINED_COLUMN),
2886 : errmsg("column \"%s\" of relation \"%s\" does not exist",
2887 : colname, tablename)));
2888 : }
2889 : /* tableoid doesn't exist, so act like attisdropped case */
2890 4 : attnum = InvalidAttrNumber;
2891 : }
2892 :
2893 8 : pfree(colname);
2894 8 : return attnum;
2895 : }
2896 :
2897 : /*
2898 : * convert_column_priv_string
2899 : * Convert text string to AclMode value.
2900 : */
2901 : static AclMode
2902 1488 : convert_column_priv_string(text *priv_type_text)
2903 : {
2904 : static const priv_map column_priv_map[] = {
2905 : {"SELECT", ACL_SELECT},
2906 : {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
2907 : {"INSERT", ACL_INSERT},
2908 : {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
2909 : {"UPDATE", ACL_UPDATE},
2910 : {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
2911 : {"REFERENCES", ACL_REFERENCES},
2912 : {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
2913 : {NULL, 0}
2914 : };
2915 :
2916 1488 : return convert_any_priv_string(priv_type_text, column_priv_map);
2917 : }
2918 :
2919 :
2920 : /*
2921 : * has_database_privilege variants
2922 : * These are all named "has_database_privilege" at the SQL level.
2923 : * They take various combinations of database name, database OID,
2924 : * user name, user OID, or implicit user = current_user.
2925 : *
2926 : * The result is a boolean value: true if user has the indicated
2927 : * privilege, false if not, or NULL if object doesn't exist.
2928 : */
2929 :
2930 : /*
2931 : * has_database_privilege_name_name
2932 : * Check user privileges on a database given
2933 : * name username, text databasename, and text priv name.
2934 : */
2935 : Datum
2936 0 : has_database_privilege_name_name(PG_FUNCTION_ARGS)
2937 : {
2938 0 : Name username = PG_GETARG_NAME(0);
2939 0 : text *databasename = PG_GETARG_TEXT_PP(1);
2940 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2941 : Oid roleid;
2942 : Oid databaseoid;
2943 : AclMode mode;
2944 : AclResult aclresult;
2945 :
2946 0 : roleid = get_role_oid_or_public(NameStr(*username));
2947 0 : databaseoid = convert_database_name(databasename);
2948 0 : mode = convert_database_priv_string(priv_type_text);
2949 :
2950 0 : aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
2951 :
2952 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2953 : }
2954 :
2955 : /*
2956 : * has_database_privilege_name
2957 : * Check user privileges on a database given
2958 : * text databasename and text priv name.
2959 : * current_user is assumed
2960 : */
2961 : Datum
2962 0 : has_database_privilege_name(PG_FUNCTION_ARGS)
2963 : {
2964 0 : text *databasename = PG_GETARG_TEXT_PP(0);
2965 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
2966 : Oid roleid;
2967 : Oid databaseoid;
2968 : AclMode mode;
2969 : AclResult aclresult;
2970 :
2971 0 : roleid = GetUserId();
2972 0 : databaseoid = convert_database_name(databasename);
2973 0 : mode = convert_database_priv_string(priv_type_text);
2974 :
2975 0 : aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
2976 :
2977 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
2978 : }
2979 :
2980 : /*
2981 : * has_database_privilege_name_id
2982 : * Check user privileges on a database given
2983 : * name usename, database oid, and text priv name.
2984 : */
2985 : Datum
2986 0 : has_database_privilege_name_id(PG_FUNCTION_ARGS)
2987 : {
2988 0 : Name username = PG_GETARG_NAME(0);
2989 0 : Oid databaseoid = PG_GETARG_OID(1);
2990 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
2991 : Oid roleid;
2992 : AclMode mode;
2993 : AclResult aclresult;
2994 :
2995 0 : roleid = get_role_oid_or_public(NameStr(*username));
2996 0 : mode = convert_database_priv_string(priv_type_text);
2997 :
2998 0 : if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
2999 0 : PG_RETURN_NULL();
3000 :
3001 0 : aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
3002 :
3003 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3004 : }
3005 :
3006 : /*
3007 : * has_database_privilege_id
3008 : * Check user privileges on a database given
3009 : * database oid, and text priv name.
3010 : * current_user is assumed
3011 : */
3012 : Datum
3013 0 : has_database_privilege_id(PG_FUNCTION_ARGS)
3014 : {
3015 0 : Oid databaseoid = PG_GETARG_OID(0);
3016 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3017 : Oid roleid;
3018 : AclMode mode;
3019 : AclResult aclresult;
3020 :
3021 0 : roleid = GetUserId();
3022 0 : mode = convert_database_priv_string(priv_type_text);
3023 :
3024 0 : if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
3025 0 : PG_RETURN_NULL();
3026 :
3027 0 : aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
3028 :
3029 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3030 : }
3031 :
3032 : /*
3033 : * has_database_privilege_id_name
3034 : * Check user privileges on a database given
3035 : * roleid, text databasename, and text priv name.
3036 : */
3037 : Datum
3038 0 : has_database_privilege_id_name(PG_FUNCTION_ARGS)
3039 : {
3040 0 : Oid roleid = PG_GETARG_OID(0);
3041 0 : text *databasename = PG_GETARG_TEXT_PP(1);
3042 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3043 : Oid databaseoid;
3044 : AclMode mode;
3045 : AclResult aclresult;
3046 :
3047 0 : databaseoid = convert_database_name(databasename);
3048 0 : mode = convert_database_priv_string(priv_type_text);
3049 :
3050 0 : aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
3051 :
3052 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3053 : }
3054 :
3055 : /*
3056 : * has_database_privilege_id_id
3057 : * Check user privileges on a database given
3058 : * roleid, database oid, and text priv name.
3059 : */
3060 : Datum
3061 0 : has_database_privilege_id_id(PG_FUNCTION_ARGS)
3062 : {
3063 0 : Oid roleid = PG_GETARG_OID(0);
3064 0 : Oid databaseoid = PG_GETARG_OID(1);
3065 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3066 : AclMode mode;
3067 : AclResult aclresult;
3068 :
3069 0 : mode = convert_database_priv_string(priv_type_text);
3070 :
3071 0 : if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
3072 0 : PG_RETURN_NULL();
3073 :
3074 0 : aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
3075 :
3076 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3077 : }
3078 :
3079 : /*
3080 : * Support routines for has_database_privilege family.
3081 : */
3082 :
3083 : /*
3084 : * Given a database name expressed as a string, look it up and return Oid
3085 : */
3086 : static Oid
3087 0 : convert_database_name(text *databasename)
3088 : {
3089 0 : char *dbname = text_to_cstring(databasename);
3090 :
3091 0 : return get_database_oid(dbname, false);
3092 : }
3093 :
3094 : /*
3095 : * convert_database_priv_string
3096 : * Convert text string to AclMode value.
3097 : */
3098 : static AclMode
3099 0 : convert_database_priv_string(text *priv_type_text)
3100 : {
3101 : static const priv_map database_priv_map[] = {
3102 : {"CREATE", ACL_CREATE},
3103 : {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
3104 : {"TEMPORARY", ACL_CREATE_TEMP},
3105 : {"TEMPORARY WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3106 : {"TEMP", ACL_CREATE_TEMP},
3107 : {"TEMP WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
3108 : {"CONNECT", ACL_CONNECT},
3109 : {"CONNECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CONNECT)},
3110 : {NULL, 0}
3111 : };
3112 :
3113 0 : return convert_any_priv_string(priv_type_text, database_priv_map);
3114 :
3115 : }
3116 :
3117 :
3118 : /*
3119 : * has_foreign_data_wrapper_privilege variants
3120 : * These are all named "has_foreign_data_wrapper_privilege" at the SQL level.
3121 : * They take various combinations of foreign-data wrapper name,
3122 : * fdw OID, user name, user OID, or implicit user = current_user.
3123 : *
3124 : * The result is a boolean value: true if user has the indicated
3125 : * privilege, false if not.
3126 : */
3127 :
3128 : /*
3129 : * has_foreign_data_wrapper_privilege_name_name
3130 : * Check user privileges on a foreign-data wrapper given
3131 : * name username, text fdwname, and text priv name.
3132 : */
3133 : Datum
3134 8 : has_foreign_data_wrapper_privilege_name_name(PG_FUNCTION_ARGS)
3135 : {
3136 8 : Name username = PG_GETARG_NAME(0);
3137 8 : text *fdwname = PG_GETARG_TEXT_PP(1);
3138 8 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3139 : Oid roleid;
3140 : Oid fdwid;
3141 : AclMode mode;
3142 : AclResult aclresult;
3143 :
3144 8 : roleid = get_role_oid_or_public(NameStr(*username));
3145 8 : fdwid = convert_foreign_data_wrapper_name(fdwname);
3146 8 : mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3147 :
3148 8 : aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3149 :
3150 8 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3151 : }
3152 :
3153 : /*
3154 : * has_foreign_data_wrapper_privilege_name
3155 : * Check user privileges on a foreign-data wrapper given
3156 : * text fdwname and text priv name.
3157 : * current_user is assumed
3158 : */
3159 : Datum
3160 4 : has_foreign_data_wrapper_privilege_name(PG_FUNCTION_ARGS)
3161 : {
3162 4 : text *fdwname = PG_GETARG_TEXT_PP(0);
3163 4 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3164 : Oid roleid;
3165 : Oid fdwid;
3166 : AclMode mode;
3167 : AclResult aclresult;
3168 :
3169 4 : roleid = GetUserId();
3170 4 : fdwid = convert_foreign_data_wrapper_name(fdwname);
3171 4 : mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3172 :
3173 4 : aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3174 :
3175 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3176 : }
3177 :
3178 : /*
3179 : * has_foreign_data_wrapper_privilege_name_id
3180 : * Check user privileges on a foreign-data wrapper given
3181 : * name usename, foreign-data wrapper oid, and text priv name.
3182 : */
3183 : Datum
3184 4 : has_foreign_data_wrapper_privilege_name_id(PG_FUNCTION_ARGS)
3185 : {
3186 4 : Name username = PG_GETARG_NAME(0);
3187 4 : Oid fdwid = PG_GETARG_OID(1);
3188 4 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3189 : Oid roleid;
3190 : AclMode mode;
3191 : AclResult aclresult;
3192 :
3193 4 : roleid = get_role_oid_or_public(NameStr(*username));
3194 4 : mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3195 :
3196 4 : if (!SearchSysCacheExists1(FOREIGNDATAWRAPPEROID, ObjectIdGetDatum(fdwid)))
3197 0 : PG_RETURN_NULL();
3198 :
3199 4 : aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3200 :
3201 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3202 : }
3203 :
3204 : /*
3205 : * has_foreign_data_wrapper_privilege_id
3206 : * Check user privileges on a foreign-data wrapper given
3207 : * foreign-data wrapper oid, and text priv name.
3208 : * current_user is assumed
3209 : */
3210 : Datum
3211 4 : has_foreign_data_wrapper_privilege_id(PG_FUNCTION_ARGS)
3212 : {
3213 4 : Oid fdwid = PG_GETARG_OID(0);
3214 4 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3215 : Oid roleid;
3216 : AclMode mode;
3217 : AclResult aclresult;
3218 :
3219 4 : roleid = GetUserId();
3220 4 : mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3221 :
3222 4 : if (!SearchSysCacheExists1(FOREIGNDATAWRAPPEROID, ObjectIdGetDatum(fdwid)))
3223 0 : PG_RETURN_NULL();
3224 :
3225 4 : aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3226 :
3227 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3228 : }
3229 :
3230 : /*
3231 : * has_foreign_data_wrapper_privilege_id_name
3232 : * Check user privileges on a foreign-data wrapper given
3233 : * roleid, text fdwname, and text priv name.
3234 : */
3235 : Datum
3236 4 : has_foreign_data_wrapper_privilege_id_name(PG_FUNCTION_ARGS)
3237 : {
3238 4 : Oid roleid = PG_GETARG_OID(0);
3239 4 : text *fdwname = PG_GETARG_TEXT_PP(1);
3240 4 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3241 : Oid fdwid;
3242 : AclMode mode;
3243 : AclResult aclresult;
3244 :
3245 4 : fdwid = convert_foreign_data_wrapper_name(fdwname);
3246 4 : mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3247 :
3248 4 : aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3249 :
3250 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3251 : }
3252 :
3253 : /*
3254 : * has_foreign_data_wrapper_privilege_id_id
3255 : * Check user privileges on a foreign-data wrapper given
3256 : * roleid, fdw oid, and text priv name.
3257 : */
3258 : Datum
3259 4 : has_foreign_data_wrapper_privilege_id_id(PG_FUNCTION_ARGS)
3260 : {
3261 4 : Oid roleid = PG_GETARG_OID(0);
3262 4 : Oid fdwid = PG_GETARG_OID(1);
3263 4 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3264 : AclMode mode;
3265 : AclResult aclresult;
3266 :
3267 4 : mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
3268 :
3269 4 : if (!SearchSysCacheExists1(FOREIGNDATAWRAPPEROID, ObjectIdGetDatum(fdwid)))
3270 0 : PG_RETURN_NULL();
3271 :
3272 4 : aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
3273 :
3274 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3275 : }
3276 :
3277 : /*
3278 : * Support routines for has_foreign_data_wrapper_privilege family.
3279 : */
3280 :
3281 : /*
3282 : * Given a FDW name expressed as a string, look it up and return Oid
3283 : */
3284 : static Oid
3285 16 : convert_foreign_data_wrapper_name(text *fdwname)
3286 : {
3287 16 : char *fdwstr = text_to_cstring(fdwname);
3288 :
3289 16 : return get_foreign_data_wrapper_oid(fdwstr, false);
3290 : }
3291 :
3292 : /*
3293 : * convert_foreign_data_wrapper_priv_string
3294 : * Convert text string to AclMode value.
3295 : */
3296 : static AclMode
3297 28 : convert_foreign_data_wrapper_priv_string(text *priv_type_text)
3298 : {
3299 : static const priv_map foreign_data_wrapper_priv_map[] = {
3300 : {"USAGE", ACL_USAGE},
3301 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3302 : {NULL, 0}
3303 : };
3304 :
3305 28 : return convert_any_priv_string(priv_type_text, foreign_data_wrapper_priv_map);
3306 : }
3307 :
3308 :
3309 : /*
3310 : * has_function_privilege variants
3311 : * These are all named "has_function_privilege" at the SQL level.
3312 : * They take various combinations of function name, function OID,
3313 : * user name, user OID, or implicit user = current_user.
3314 : *
3315 : * The result is a boolean value: true if user has the indicated
3316 : * privilege, false if not, or NULL if object doesn't exist.
3317 : */
3318 :
3319 : /*
3320 : * has_function_privilege_name_name
3321 : * Check user privileges on a function given
3322 : * name username, text functionname, and text priv name.
3323 : */
3324 : Datum
3325 64 : has_function_privilege_name_name(PG_FUNCTION_ARGS)
3326 : {
3327 64 : Name username = PG_GETARG_NAME(0);
3328 64 : text *functionname = PG_GETARG_TEXT_PP(1);
3329 64 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3330 : Oid roleid;
3331 : Oid functionoid;
3332 : AclMode mode;
3333 : AclResult aclresult;
3334 :
3335 64 : roleid = get_role_oid_or_public(NameStr(*username));
3336 64 : functionoid = convert_function_name(functionname);
3337 64 : mode = convert_function_priv_string(priv_type_text);
3338 :
3339 64 : aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3340 :
3341 64 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3342 : }
3343 :
3344 : /*
3345 : * has_function_privilege_name
3346 : * Check user privileges on a function given
3347 : * text functionname and text priv name.
3348 : * current_user is assumed
3349 : */
3350 : Datum
3351 0 : has_function_privilege_name(PG_FUNCTION_ARGS)
3352 : {
3353 0 : text *functionname = PG_GETARG_TEXT_PP(0);
3354 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3355 : Oid roleid;
3356 : Oid functionoid;
3357 : AclMode mode;
3358 : AclResult aclresult;
3359 :
3360 0 : roleid = GetUserId();
3361 0 : functionoid = convert_function_name(functionname);
3362 0 : mode = convert_function_priv_string(priv_type_text);
3363 :
3364 0 : aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3365 :
3366 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3367 : }
3368 :
3369 : /*
3370 : * has_function_privilege_name_id
3371 : * Check user privileges on a function given
3372 : * name usename, function oid, and text priv name.
3373 : */
3374 : Datum
3375 0 : has_function_privilege_name_id(PG_FUNCTION_ARGS)
3376 : {
3377 0 : Name username = PG_GETARG_NAME(0);
3378 0 : Oid functionoid = PG_GETARG_OID(1);
3379 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3380 : Oid roleid;
3381 : AclMode mode;
3382 : AclResult aclresult;
3383 :
3384 0 : roleid = get_role_oid_or_public(NameStr(*username));
3385 0 : mode = convert_function_priv_string(priv_type_text);
3386 :
3387 0 : if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
3388 0 : PG_RETURN_NULL();
3389 :
3390 0 : aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3391 :
3392 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3393 : }
3394 :
3395 : /*
3396 : * has_function_privilege_id
3397 : * Check user privileges on a function given
3398 : * function oid, and text priv name.
3399 : * current_user is assumed
3400 : */
3401 : Datum
3402 0 : has_function_privilege_id(PG_FUNCTION_ARGS)
3403 : {
3404 0 : Oid functionoid = PG_GETARG_OID(0);
3405 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3406 : Oid roleid;
3407 : AclMode mode;
3408 : AclResult aclresult;
3409 :
3410 0 : roleid = GetUserId();
3411 0 : mode = convert_function_priv_string(priv_type_text);
3412 :
3413 0 : if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
3414 0 : PG_RETURN_NULL();
3415 :
3416 0 : aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3417 :
3418 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3419 : }
3420 :
3421 : /*
3422 : * has_function_privilege_id_name
3423 : * Check user privileges on a function given
3424 : * roleid, text functionname, and text priv name.
3425 : */
3426 : Datum
3427 0 : has_function_privilege_id_name(PG_FUNCTION_ARGS)
3428 : {
3429 0 : Oid roleid = PG_GETARG_OID(0);
3430 0 : text *functionname = PG_GETARG_TEXT_PP(1);
3431 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3432 : Oid functionoid;
3433 : AclMode mode;
3434 : AclResult aclresult;
3435 :
3436 0 : functionoid = convert_function_name(functionname);
3437 0 : mode = convert_function_priv_string(priv_type_text);
3438 :
3439 0 : aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3440 :
3441 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3442 : }
3443 :
3444 : /*
3445 : * has_function_privilege_id_id
3446 : * Check user privileges on a function given
3447 : * roleid, function oid, and text priv name.
3448 : */
3449 : Datum
3450 0 : has_function_privilege_id_id(PG_FUNCTION_ARGS)
3451 : {
3452 0 : Oid roleid = PG_GETARG_OID(0);
3453 0 : Oid functionoid = PG_GETARG_OID(1);
3454 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3455 : AclMode mode;
3456 : AclResult aclresult;
3457 :
3458 0 : mode = convert_function_priv_string(priv_type_text);
3459 :
3460 0 : if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
3461 0 : PG_RETURN_NULL();
3462 :
3463 0 : aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
3464 :
3465 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3466 : }
3467 :
3468 : /*
3469 : * Support routines for has_function_privilege family.
3470 : */
3471 :
3472 : /*
3473 : * Given a function name expressed as a string, look it up and return Oid
3474 : */
3475 : static Oid
3476 64 : convert_function_name(text *functionname)
3477 : {
3478 64 : char *funcname = text_to_cstring(functionname);
3479 : Oid oid;
3480 :
3481 64 : oid = DatumGetObjectId(DirectFunctionCall1(regprocedurein,
3482 : CStringGetDatum(funcname)));
3483 :
3484 64 : if (!OidIsValid(oid))
3485 0 : ereport(ERROR,
3486 : (errcode(ERRCODE_UNDEFINED_FUNCTION),
3487 : errmsg("function \"%s\" does not exist", funcname)));
3488 :
3489 64 : return oid;
3490 : }
3491 :
3492 : /*
3493 : * convert_function_priv_string
3494 : * Convert text string to AclMode value.
3495 : */
3496 : static AclMode
3497 64 : convert_function_priv_string(text *priv_type_text)
3498 : {
3499 : static const priv_map function_priv_map[] = {
3500 : {"EXECUTE", ACL_EXECUTE},
3501 : {"EXECUTE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_EXECUTE)},
3502 : {NULL, 0}
3503 : };
3504 :
3505 64 : return convert_any_priv_string(priv_type_text, function_priv_map);
3506 : }
3507 :
3508 :
3509 : /*
3510 : * has_language_privilege variants
3511 : * These are all named "has_language_privilege" at the SQL level.
3512 : * They take various combinations of language name, language OID,
3513 : * user name, user OID, or implicit user = current_user.
3514 : *
3515 : * The result is a boolean value: true if user has the indicated
3516 : * privilege, false if not, or NULL if object doesn't exist.
3517 : */
3518 :
3519 : /*
3520 : * has_language_privilege_name_name
3521 : * Check user privileges on a language given
3522 : * name username, text languagename, and text priv name.
3523 : */
3524 : Datum
3525 0 : has_language_privilege_name_name(PG_FUNCTION_ARGS)
3526 : {
3527 0 : Name username = PG_GETARG_NAME(0);
3528 0 : text *languagename = PG_GETARG_TEXT_PP(1);
3529 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3530 : Oid roleid;
3531 : Oid languageoid;
3532 : AclMode mode;
3533 : AclResult aclresult;
3534 :
3535 0 : roleid = get_role_oid_or_public(NameStr(*username));
3536 0 : languageoid = convert_language_name(languagename);
3537 0 : mode = convert_language_priv_string(priv_type_text);
3538 :
3539 0 : aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3540 :
3541 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3542 : }
3543 :
3544 : /*
3545 : * has_language_privilege_name
3546 : * Check user privileges on a language given
3547 : * text languagename and text priv name.
3548 : * current_user is assumed
3549 : */
3550 : Datum
3551 0 : has_language_privilege_name(PG_FUNCTION_ARGS)
3552 : {
3553 0 : text *languagename = PG_GETARG_TEXT_PP(0);
3554 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3555 : Oid roleid;
3556 : Oid languageoid;
3557 : AclMode mode;
3558 : AclResult aclresult;
3559 :
3560 0 : roleid = GetUserId();
3561 0 : languageoid = convert_language_name(languagename);
3562 0 : mode = convert_language_priv_string(priv_type_text);
3563 :
3564 0 : aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3565 :
3566 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3567 : }
3568 :
3569 : /*
3570 : * has_language_privilege_name_id
3571 : * Check user privileges on a language given
3572 : * name usename, language oid, and text priv name.
3573 : */
3574 : Datum
3575 0 : has_language_privilege_name_id(PG_FUNCTION_ARGS)
3576 : {
3577 0 : Name username = PG_GETARG_NAME(0);
3578 0 : Oid languageoid = PG_GETARG_OID(1);
3579 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3580 : Oid roleid;
3581 : AclMode mode;
3582 : AclResult aclresult;
3583 :
3584 0 : roleid = get_role_oid_or_public(NameStr(*username));
3585 0 : mode = convert_language_priv_string(priv_type_text);
3586 :
3587 0 : if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
3588 0 : PG_RETURN_NULL();
3589 :
3590 0 : aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3591 :
3592 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3593 : }
3594 :
3595 : /*
3596 : * has_language_privilege_id
3597 : * Check user privileges on a language given
3598 : * language oid, and text priv name.
3599 : * current_user is assumed
3600 : */
3601 : Datum
3602 0 : has_language_privilege_id(PG_FUNCTION_ARGS)
3603 : {
3604 0 : Oid languageoid = PG_GETARG_OID(0);
3605 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3606 : Oid roleid;
3607 : AclMode mode;
3608 : AclResult aclresult;
3609 :
3610 0 : roleid = GetUserId();
3611 0 : mode = convert_language_priv_string(priv_type_text);
3612 :
3613 0 : if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
3614 0 : PG_RETURN_NULL();
3615 :
3616 0 : aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3617 :
3618 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3619 : }
3620 :
3621 : /*
3622 : * has_language_privilege_id_name
3623 : * Check user privileges on a language given
3624 : * roleid, text languagename, and text priv name.
3625 : */
3626 : Datum
3627 0 : has_language_privilege_id_name(PG_FUNCTION_ARGS)
3628 : {
3629 0 : Oid roleid = PG_GETARG_OID(0);
3630 0 : text *languagename = PG_GETARG_TEXT_PP(1);
3631 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3632 : Oid languageoid;
3633 : AclMode mode;
3634 : AclResult aclresult;
3635 :
3636 0 : languageoid = convert_language_name(languagename);
3637 0 : mode = convert_language_priv_string(priv_type_text);
3638 :
3639 0 : aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3640 :
3641 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3642 : }
3643 :
3644 : /*
3645 : * has_language_privilege_id_id
3646 : * Check user privileges on a language given
3647 : * roleid, language oid, and text priv name.
3648 : */
3649 : Datum
3650 0 : has_language_privilege_id_id(PG_FUNCTION_ARGS)
3651 : {
3652 0 : Oid roleid = PG_GETARG_OID(0);
3653 0 : Oid languageoid = PG_GETARG_OID(1);
3654 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3655 : AclMode mode;
3656 : AclResult aclresult;
3657 :
3658 0 : mode = convert_language_priv_string(priv_type_text);
3659 :
3660 0 : if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
3661 0 : PG_RETURN_NULL();
3662 :
3663 0 : aclresult = pg_language_aclcheck(languageoid, roleid, mode);
3664 :
3665 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3666 : }
3667 :
3668 : /*
3669 : * Support routines for has_language_privilege family.
3670 : */
3671 :
3672 : /*
3673 : * Given a language name expressed as a string, look it up and return Oid
3674 : */
3675 : static Oid
3676 0 : convert_language_name(text *languagename)
3677 : {
3678 0 : char *langname = text_to_cstring(languagename);
3679 :
3680 0 : return get_language_oid(langname, false);
3681 : }
3682 :
3683 : /*
3684 : * convert_language_priv_string
3685 : * Convert text string to AclMode value.
3686 : */
3687 : static AclMode
3688 0 : convert_language_priv_string(text *priv_type_text)
3689 : {
3690 : static const priv_map language_priv_map[] = {
3691 : {"USAGE", ACL_USAGE},
3692 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3693 : {NULL, 0}
3694 : };
3695 :
3696 0 : return convert_any_priv_string(priv_type_text, language_priv_map);
3697 : }
3698 :
3699 :
3700 : /*
3701 : * has_schema_privilege variants
3702 : * These are all named "has_schema_privilege" at the SQL level.
3703 : * They take various combinations of schema name, schema OID,
3704 : * user name, user OID, or implicit user = current_user.
3705 : *
3706 : * The result is a boolean value: true if user has the indicated
3707 : * privilege, false if not, or NULL if object doesn't exist.
3708 : */
3709 :
3710 : /*
3711 : * has_schema_privilege_name_name
3712 : * Check user privileges on a schema given
3713 : * name username, text schemaname, and text priv name.
3714 : */
3715 : Datum
3716 32 : has_schema_privilege_name_name(PG_FUNCTION_ARGS)
3717 : {
3718 32 : Name username = PG_GETARG_NAME(0);
3719 32 : text *schemaname = PG_GETARG_TEXT_PP(1);
3720 32 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3721 : Oid roleid;
3722 : Oid schemaoid;
3723 : AclMode mode;
3724 : AclResult aclresult;
3725 :
3726 32 : roleid = get_role_oid_or_public(NameStr(*username));
3727 32 : schemaoid = convert_schema_name(schemaname);
3728 32 : mode = convert_schema_priv_string(priv_type_text);
3729 :
3730 32 : aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3731 :
3732 32 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3733 : }
3734 :
3735 : /*
3736 : * has_schema_privilege_name
3737 : * Check user privileges on a schema given
3738 : * text schemaname and text priv name.
3739 : * current_user is assumed
3740 : */
3741 : Datum
3742 0 : has_schema_privilege_name(PG_FUNCTION_ARGS)
3743 : {
3744 0 : text *schemaname = PG_GETARG_TEXT_PP(0);
3745 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3746 : Oid roleid;
3747 : Oid schemaoid;
3748 : AclMode mode;
3749 : AclResult aclresult;
3750 :
3751 0 : roleid = GetUserId();
3752 0 : schemaoid = convert_schema_name(schemaname);
3753 0 : mode = convert_schema_priv_string(priv_type_text);
3754 :
3755 0 : aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3756 :
3757 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3758 : }
3759 :
3760 : /*
3761 : * has_schema_privilege_name_id
3762 : * Check user privileges on a schema given
3763 : * name usename, schema oid, and text priv name.
3764 : */
3765 : Datum
3766 0 : has_schema_privilege_name_id(PG_FUNCTION_ARGS)
3767 : {
3768 0 : Name username = PG_GETARG_NAME(0);
3769 0 : Oid schemaoid = PG_GETARG_OID(1);
3770 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3771 : Oid roleid;
3772 : AclMode mode;
3773 : AclResult aclresult;
3774 :
3775 0 : roleid = get_role_oid_or_public(NameStr(*username));
3776 0 : mode = convert_schema_priv_string(priv_type_text);
3777 :
3778 0 : if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
3779 0 : PG_RETURN_NULL();
3780 :
3781 0 : aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3782 :
3783 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3784 : }
3785 :
3786 : /*
3787 : * has_schema_privilege_id
3788 : * Check user privileges on a schema given
3789 : * schema oid, and text priv name.
3790 : * current_user is assumed
3791 : */
3792 : Datum
3793 0 : has_schema_privilege_id(PG_FUNCTION_ARGS)
3794 : {
3795 0 : Oid schemaoid = PG_GETARG_OID(0);
3796 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3797 : Oid roleid;
3798 : AclMode mode;
3799 : AclResult aclresult;
3800 :
3801 0 : roleid = GetUserId();
3802 0 : mode = convert_schema_priv_string(priv_type_text);
3803 :
3804 0 : if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
3805 0 : PG_RETURN_NULL();
3806 :
3807 0 : aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3808 :
3809 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3810 : }
3811 :
3812 : /*
3813 : * has_schema_privilege_id_name
3814 : * Check user privileges on a schema given
3815 : * roleid, text schemaname, and text priv name.
3816 : */
3817 : Datum
3818 0 : has_schema_privilege_id_name(PG_FUNCTION_ARGS)
3819 : {
3820 0 : Oid roleid = PG_GETARG_OID(0);
3821 0 : text *schemaname = PG_GETARG_TEXT_PP(1);
3822 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3823 : Oid schemaoid;
3824 : AclMode mode;
3825 : AclResult aclresult;
3826 :
3827 0 : schemaoid = convert_schema_name(schemaname);
3828 0 : mode = convert_schema_priv_string(priv_type_text);
3829 :
3830 0 : aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3831 :
3832 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3833 : }
3834 :
3835 : /*
3836 : * has_schema_privilege_id_id
3837 : * Check user privileges on a schema given
3838 : * roleid, schema oid, and text priv name.
3839 : */
3840 : Datum
3841 0 : has_schema_privilege_id_id(PG_FUNCTION_ARGS)
3842 : {
3843 0 : Oid roleid = PG_GETARG_OID(0);
3844 0 : Oid schemaoid = PG_GETARG_OID(1);
3845 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3846 : AclMode mode;
3847 : AclResult aclresult;
3848 :
3849 0 : mode = convert_schema_priv_string(priv_type_text);
3850 :
3851 0 : if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
3852 0 : PG_RETURN_NULL();
3853 :
3854 0 : aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
3855 :
3856 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3857 : }
3858 :
3859 : /*
3860 : * Support routines for has_schema_privilege family.
3861 : */
3862 :
3863 : /*
3864 : * Given a schema name expressed as a string, look it up and return Oid
3865 : */
3866 : static Oid
3867 32 : convert_schema_name(text *schemaname)
3868 : {
3869 32 : char *nspname = text_to_cstring(schemaname);
3870 :
3871 32 : return get_namespace_oid(nspname, false);
3872 : }
3873 :
3874 : /*
3875 : * convert_schema_priv_string
3876 : * Convert text string to AclMode value.
3877 : */
3878 : static AclMode
3879 32 : convert_schema_priv_string(text *priv_type_text)
3880 : {
3881 : static const priv_map schema_priv_map[] = {
3882 : {"CREATE", ACL_CREATE},
3883 : {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
3884 : {"USAGE", ACL_USAGE},
3885 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
3886 : {NULL, 0}
3887 : };
3888 :
3889 32 : return convert_any_priv_string(priv_type_text, schema_priv_map);
3890 : }
3891 :
3892 :
3893 : /*
3894 : * has_server_privilege variants
3895 : * These are all named "has_server_privilege" at the SQL level.
3896 : * They take various combinations of foreign server name,
3897 : * server OID, user name, user OID, or implicit user = current_user.
3898 : *
3899 : * The result is a boolean value: true if user has the indicated
3900 : * privilege, false if not.
3901 : */
3902 :
3903 : /*
3904 : * has_server_privilege_name_name
3905 : * Check user privileges on a foreign server given
3906 : * name username, text servername, and text priv name.
3907 : */
3908 : Datum
3909 8 : has_server_privilege_name_name(PG_FUNCTION_ARGS)
3910 : {
3911 8 : Name username = PG_GETARG_NAME(0);
3912 8 : text *servername = PG_GETARG_TEXT_PP(1);
3913 8 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3914 : Oid roleid;
3915 : Oid serverid;
3916 : AclMode mode;
3917 : AclResult aclresult;
3918 :
3919 8 : roleid = get_role_oid_or_public(NameStr(*username));
3920 8 : serverid = convert_server_name(servername);
3921 8 : mode = convert_server_priv_string(priv_type_text);
3922 :
3923 8 : aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
3924 :
3925 8 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3926 : }
3927 :
3928 : /*
3929 : * has_server_privilege_name
3930 : * Check user privileges on a foreign server given
3931 : * text servername and text priv name.
3932 : * current_user is assumed
3933 : */
3934 : Datum
3935 4 : has_server_privilege_name(PG_FUNCTION_ARGS)
3936 : {
3937 4 : text *servername = PG_GETARG_TEXT_PP(0);
3938 4 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3939 : Oid roleid;
3940 : Oid serverid;
3941 : AclMode mode;
3942 : AclResult aclresult;
3943 :
3944 4 : roleid = GetUserId();
3945 4 : serverid = convert_server_name(servername);
3946 4 : mode = convert_server_priv_string(priv_type_text);
3947 :
3948 4 : aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
3949 :
3950 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3951 : }
3952 :
3953 : /*
3954 : * has_server_privilege_name_id
3955 : * Check user privileges on a foreign server given
3956 : * name usename, foreign server oid, and text priv name.
3957 : */
3958 : Datum
3959 4 : has_server_privilege_name_id(PG_FUNCTION_ARGS)
3960 : {
3961 4 : Name username = PG_GETARG_NAME(0);
3962 4 : Oid serverid = PG_GETARG_OID(1);
3963 4 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
3964 : Oid roleid;
3965 : AclMode mode;
3966 : AclResult aclresult;
3967 :
3968 4 : roleid = get_role_oid_or_public(NameStr(*username));
3969 4 : mode = convert_server_priv_string(priv_type_text);
3970 :
3971 4 : if (!SearchSysCacheExists1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)))
3972 0 : PG_RETURN_NULL();
3973 :
3974 4 : aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
3975 :
3976 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
3977 : }
3978 :
3979 : /*
3980 : * has_server_privilege_id
3981 : * Check user privileges on a foreign server given
3982 : * server oid, and text priv name.
3983 : * current_user is assumed
3984 : */
3985 : Datum
3986 52 : has_server_privilege_id(PG_FUNCTION_ARGS)
3987 : {
3988 52 : Oid serverid = PG_GETARG_OID(0);
3989 52 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
3990 : Oid roleid;
3991 : AclMode mode;
3992 : AclResult aclresult;
3993 :
3994 52 : roleid = GetUserId();
3995 52 : mode = convert_server_priv_string(priv_type_text);
3996 :
3997 52 : if (!SearchSysCacheExists1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)))
3998 0 : PG_RETURN_NULL();
3999 :
4000 52 : aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
4001 :
4002 52 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4003 : }
4004 :
4005 : /*
4006 : * has_server_privilege_id_name
4007 : * Check user privileges on a foreign server given
4008 : * roleid, text servername, and text priv name.
4009 : */
4010 : Datum
4011 4 : has_server_privilege_id_name(PG_FUNCTION_ARGS)
4012 : {
4013 4 : Oid roleid = PG_GETARG_OID(0);
4014 4 : text *servername = PG_GETARG_TEXT_PP(1);
4015 4 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4016 : Oid serverid;
4017 : AclMode mode;
4018 : AclResult aclresult;
4019 :
4020 4 : serverid = convert_server_name(servername);
4021 4 : mode = convert_server_priv_string(priv_type_text);
4022 :
4023 4 : aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
4024 :
4025 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4026 : }
4027 :
4028 : /*
4029 : * has_server_privilege_id_id
4030 : * Check user privileges on a foreign server given
4031 : * roleid, server oid, and text priv name.
4032 : */
4033 : Datum
4034 4 : has_server_privilege_id_id(PG_FUNCTION_ARGS)
4035 : {
4036 4 : Oid roleid = PG_GETARG_OID(0);
4037 4 : Oid serverid = PG_GETARG_OID(1);
4038 4 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4039 : AclMode mode;
4040 : AclResult aclresult;
4041 :
4042 4 : mode = convert_server_priv_string(priv_type_text);
4043 :
4044 4 : if (!SearchSysCacheExists1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)))
4045 0 : PG_RETURN_NULL();
4046 :
4047 4 : aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
4048 :
4049 4 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4050 : }
4051 :
4052 : /*
4053 : * Support routines for has_server_privilege family.
4054 : */
4055 :
4056 : /*
4057 : * Given a server name expressed as a string, look it up and return Oid
4058 : */
4059 : static Oid
4060 16 : convert_server_name(text *servername)
4061 : {
4062 16 : char *serverstr = text_to_cstring(servername);
4063 :
4064 16 : return get_foreign_server_oid(serverstr, false);
4065 : }
4066 :
4067 : /*
4068 : * convert_server_priv_string
4069 : * Convert text string to AclMode value.
4070 : */
4071 : static AclMode
4072 76 : convert_server_priv_string(text *priv_type_text)
4073 : {
4074 : static const priv_map server_priv_map[] = {
4075 : {"USAGE", ACL_USAGE},
4076 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
4077 : {NULL, 0}
4078 : };
4079 :
4080 76 : return convert_any_priv_string(priv_type_text, server_priv_map);
4081 : }
4082 :
4083 :
4084 : /*
4085 : * has_tablespace_privilege variants
4086 : * These are all named "has_tablespace_privilege" at the SQL level.
4087 : * They take various combinations of tablespace name, tablespace OID,
4088 : * user name, user OID, or implicit user = current_user.
4089 : *
4090 : * The result is a boolean value: true if user has the indicated
4091 : * privilege, false if not.
4092 : */
4093 :
4094 : /*
4095 : * has_tablespace_privilege_name_name
4096 : * Check user privileges on a tablespace given
4097 : * name username, text tablespacename, and text priv name.
4098 : */
4099 : Datum
4100 0 : has_tablespace_privilege_name_name(PG_FUNCTION_ARGS)
4101 : {
4102 0 : Name username = PG_GETARG_NAME(0);
4103 0 : text *tablespacename = PG_GETARG_TEXT_PP(1);
4104 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4105 : Oid roleid;
4106 : Oid tablespaceoid;
4107 : AclMode mode;
4108 : AclResult aclresult;
4109 :
4110 0 : roleid = get_role_oid_or_public(NameStr(*username));
4111 0 : tablespaceoid = convert_tablespace_name(tablespacename);
4112 0 : mode = convert_tablespace_priv_string(priv_type_text);
4113 :
4114 0 : aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4115 :
4116 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4117 : }
4118 :
4119 : /*
4120 : * has_tablespace_privilege_name
4121 : * Check user privileges on a tablespace given
4122 : * text tablespacename and text priv name.
4123 : * current_user is assumed
4124 : */
4125 : Datum
4126 0 : has_tablespace_privilege_name(PG_FUNCTION_ARGS)
4127 : {
4128 0 : text *tablespacename = PG_GETARG_TEXT_PP(0);
4129 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
4130 : Oid roleid;
4131 : Oid tablespaceoid;
4132 : AclMode mode;
4133 : AclResult aclresult;
4134 :
4135 0 : roleid = GetUserId();
4136 0 : tablespaceoid = convert_tablespace_name(tablespacename);
4137 0 : mode = convert_tablespace_priv_string(priv_type_text);
4138 :
4139 0 : aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4140 :
4141 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4142 : }
4143 :
4144 : /*
4145 : * has_tablespace_privilege_name_id
4146 : * Check user privileges on a tablespace given
4147 : * name usename, tablespace oid, and text priv name.
4148 : */
4149 : Datum
4150 0 : has_tablespace_privilege_name_id(PG_FUNCTION_ARGS)
4151 : {
4152 0 : Name username = PG_GETARG_NAME(0);
4153 0 : Oid tablespaceoid = PG_GETARG_OID(1);
4154 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4155 : Oid roleid;
4156 : AclMode mode;
4157 : AclResult aclresult;
4158 :
4159 0 : roleid = get_role_oid_or_public(NameStr(*username));
4160 0 : mode = convert_tablespace_priv_string(priv_type_text);
4161 :
4162 0 : if (!SearchSysCacheExists1(TABLESPACEOID, ObjectIdGetDatum(tablespaceoid)))
4163 0 : PG_RETURN_NULL();
4164 :
4165 0 : aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4166 :
4167 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4168 : }
4169 :
4170 : /*
4171 : * has_tablespace_privilege_id
4172 : * Check user privileges on a tablespace given
4173 : * tablespace oid, and text priv name.
4174 : * current_user is assumed
4175 : */
4176 : Datum
4177 0 : has_tablespace_privilege_id(PG_FUNCTION_ARGS)
4178 : {
4179 0 : Oid tablespaceoid = PG_GETARG_OID(0);
4180 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
4181 : Oid roleid;
4182 : AclMode mode;
4183 : AclResult aclresult;
4184 :
4185 0 : roleid = GetUserId();
4186 0 : mode = convert_tablespace_priv_string(priv_type_text);
4187 :
4188 0 : if (!SearchSysCacheExists1(TABLESPACEOID, ObjectIdGetDatum(tablespaceoid)))
4189 0 : PG_RETURN_NULL();
4190 :
4191 0 : aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4192 :
4193 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4194 : }
4195 :
4196 : /*
4197 : * has_tablespace_privilege_id_name
4198 : * Check user privileges on a tablespace given
4199 : * roleid, text tablespacename, and text priv name.
4200 : */
4201 : Datum
4202 0 : has_tablespace_privilege_id_name(PG_FUNCTION_ARGS)
4203 : {
4204 0 : Oid roleid = PG_GETARG_OID(0);
4205 0 : text *tablespacename = PG_GETARG_TEXT_PP(1);
4206 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4207 : Oid tablespaceoid;
4208 : AclMode mode;
4209 : AclResult aclresult;
4210 :
4211 0 : tablespaceoid = convert_tablespace_name(tablespacename);
4212 0 : mode = convert_tablespace_priv_string(priv_type_text);
4213 :
4214 0 : aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4215 :
4216 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4217 : }
4218 :
4219 : /*
4220 : * has_tablespace_privilege_id_id
4221 : * Check user privileges on a tablespace given
4222 : * roleid, tablespace oid, and text priv name.
4223 : */
4224 : Datum
4225 0 : has_tablespace_privilege_id_id(PG_FUNCTION_ARGS)
4226 : {
4227 0 : Oid roleid = PG_GETARG_OID(0);
4228 0 : Oid tablespaceoid = PG_GETARG_OID(1);
4229 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4230 : AclMode mode;
4231 : AclResult aclresult;
4232 :
4233 0 : mode = convert_tablespace_priv_string(priv_type_text);
4234 :
4235 0 : if (!SearchSysCacheExists1(TABLESPACEOID, ObjectIdGetDatum(tablespaceoid)))
4236 0 : PG_RETURN_NULL();
4237 :
4238 0 : aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
4239 :
4240 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4241 : }
4242 :
4243 : /*
4244 : * Support routines for has_tablespace_privilege family.
4245 : */
4246 :
4247 : /*
4248 : * Given a tablespace name expressed as a string, look it up and return Oid
4249 : */
4250 : static Oid
4251 0 : convert_tablespace_name(text *tablespacename)
4252 : {
4253 0 : char *spcname = text_to_cstring(tablespacename);
4254 :
4255 0 : return get_tablespace_oid(spcname, false);
4256 : }
4257 :
4258 : /*
4259 : * convert_tablespace_priv_string
4260 : * Convert text string to AclMode value.
4261 : */
4262 : static AclMode
4263 0 : convert_tablespace_priv_string(text *priv_type_text)
4264 : {
4265 : static const priv_map tablespace_priv_map[] = {
4266 : {"CREATE", ACL_CREATE},
4267 : {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4268 : {NULL, 0}
4269 : };
4270 :
4271 0 : return convert_any_priv_string(priv_type_text, tablespace_priv_map);
4272 : }
4273 :
4274 : /*
4275 : * has_type_privilege variants
4276 : * These are all named "has_type_privilege" at the SQL level.
4277 : * They take various combinations of type name, type OID,
4278 : * user name, user OID, or implicit user = current_user.
4279 : *
4280 : * The result is a boolean value: true if user has the indicated
4281 : * privilege, false if not, or NULL if object doesn't exist.
4282 : */
4283 :
4284 : /*
4285 : * has_type_privilege_name_name
4286 : * Check user privileges on a type given
4287 : * name username, text typename, and text priv name.
4288 : */
4289 : Datum
4290 8 : has_type_privilege_name_name(PG_FUNCTION_ARGS)
4291 : {
4292 8 : Name username = PG_GETARG_NAME(0);
4293 8 : text *typename = PG_GETARG_TEXT_PP(1);
4294 8 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4295 : Oid roleid;
4296 : Oid typeoid;
4297 : AclMode mode;
4298 : AclResult aclresult;
4299 :
4300 8 : roleid = get_role_oid_or_public(NameStr(*username));
4301 8 : typeoid = convert_type_name(typename);
4302 8 : mode = convert_type_priv_string(priv_type_text);
4303 :
4304 8 : aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4305 :
4306 8 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4307 : }
4308 :
4309 : /*
4310 : * has_type_privilege_name
4311 : * Check user privileges on a type given
4312 : * text typename and text priv name.
4313 : * current_user is assumed
4314 : */
4315 : Datum
4316 0 : has_type_privilege_name(PG_FUNCTION_ARGS)
4317 : {
4318 0 : text *typename = PG_GETARG_TEXT_PP(0);
4319 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
4320 : Oid roleid;
4321 : Oid typeoid;
4322 : AclMode mode;
4323 : AclResult aclresult;
4324 :
4325 0 : roleid = GetUserId();
4326 0 : typeoid = convert_type_name(typename);
4327 0 : mode = convert_type_priv_string(priv_type_text);
4328 :
4329 0 : aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4330 :
4331 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4332 : }
4333 :
4334 : /*
4335 : * has_type_privilege_name_id
4336 : * Check user privileges on a type given
4337 : * name usename, type oid, and text priv name.
4338 : */
4339 : Datum
4340 0 : has_type_privilege_name_id(PG_FUNCTION_ARGS)
4341 : {
4342 0 : Name username = PG_GETARG_NAME(0);
4343 0 : Oid typeoid = PG_GETARG_OID(1);
4344 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4345 : Oid roleid;
4346 : AclMode mode;
4347 : AclResult aclresult;
4348 :
4349 0 : roleid = get_role_oid_or_public(NameStr(*username));
4350 0 : mode = convert_type_priv_string(priv_type_text);
4351 :
4352 0 : if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
4353 0 : PG_RETURN_NULL();
4354 :
4355 0 : aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4356 :
4357 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4358 : }
4359 :
4360 : /*
4361 : * has_type_privilege_id
4362 : * Check user privileges on a type given
4363 : * type oid, and text priv name.
4364 : * current_user is assumed
4365 : */
4366 : Datum
4367 0 : has_type_privilege_id(PG_FUNCTION_ARGS)
4368 : {
4369 0 : Oid typeoid = PG_GETARG_OID(0);
4370 0 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
4371 : Oid roleid;
4372 : AclMode mode;
4373 : AclResult aclresult;
4374 :
4375 0 : roleid = GetUserId();
4376 0 : mode = convert_type_priv_string(priv_type_text);
4377 :
4378 0 : if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
4379 0 : PG_RETURN_NULL();
4380 :
4381 0 : aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4382 :
4383 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4384 : }
4385 :
4386 : /*
4387 : * has_type_privilege_id_name
4388 : * Check user privileges on a type given
4389 : * roleid, text typename, and text priv name.
4390 : */
4391 : Datum
4392 0 : has_type_privilege_id_name(PG_FUNCTION_ARGS)
4393 : {
4394 0 : Oid roleid = PG_GETARG_OID(0);
4395 0 : text *typename = PG_GETARG_TEXT_PP(1);
4396 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4397 : Oid typeoid;
4398 : AclMode mode;
4399 : AclResult aclresult;
4400 :
4401 0 : typeoid = convert_type_name(typename);
4402 0 : mode = convert_type_priv_string(priv_type_text);
4403 :
4404 0 : aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4405 :
4406 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4407 : }
4408 :
4409 : /*
4410 : * has_type_privilege_id_id
4411 : * Check user privileges on a type given
4412 : * roleid, type oid, and text priv name.
4413 : */
4414 : Datum
4415 0 : has_type_privilege_id_id(PG_FUNCTION_ARGS)
4416 : {
4417 0 : Oid roleid = PG_GETARG_OID(0);
4418 0 : Oid typeoid = PG_GETARG_OID(1);
4419 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4420 : AclMode mode;
4421 : AclResult aclresult;
4422 :
4423 0 : mode = convert_type_priv_string(priv_type_text);
4424 :
4425 0 : if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
4426 0 : PG_RETURN_NULL();
4427 :
4428 0 : aclresult = pg_type_aclcheck(typeoid, roleid, mode);
4429 :
4430 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4431 : }
4432 :
4433 : /*
4434 : * Support routines for has_type_privilege family.
4435 : */
4436 :
4437 : /*
4438 : * Given a type name expressed as a string, look it up and return Oid
4439 : */
4440 : static Oid
4441 8 : convert_type_name(text *typename)
4442 : {
4443 8 : char *typname = text_to_cstring(typename);
4444 : Oid oid;
4445 :
4446 8 : oid = DatumGetObjectId(DirectFunctionCall1(regtypein,
4447 : CStringGetDatum(typname)));
4448 :
4449 8 : if (!OidIsValid(oid))
4450 0 : ereport(ERROR,
4451 : (errcode(ERRCODE_UNDEFINED_OBJECT),
4452 : errmsg("type \"%s\" does not exist", typname)));
4453 :
4454 8 : return oid;
4455 : }
4456 :
4457 : /*
4458 : * convert_type_priv_string
4459 : * Convert text string to AclMode value.
4460 : */
4461 : static AclMode
4462 8 : convert_type_priv_string(text *priv_type_text)
4463 : {
4464 : static const priv_map type_priv_map[] = {
4465 : {"USAGE", ACL_USAGE},
4466 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
4467 : {NULL, 0}
4468 : };
4469 :
4470 8 : return convert_any_priv_string(priv_type_text, type_priv_map);
4471 : }
4472 :
4473 :
4474 : /*
4475 : * pg_has_role variants
4476 : * These are all named "pg_has_role" at the SQL level.
4477 : * They take various combinations of role name, role OID,
4478 : * user name, user OID, or implicit user = current_user.
4479 : *
4480 : * The result is a boolean value: true if user has the indicated
4481 : * privilege, false if not.
4482 : */
4483 :
4484 : /*
4485 : * pg_has_role_name_name
4486 : * Check user privileges on a role given
4487 : * name username, name rolename, and text priv name.
4488 : */
4489 : Datum
4490 0 : pg_has_role_name_name(PG_FUNCTION_ARGS)
4491 : {
4492 0 : Name username = PG_GETARG_NAME(0);
4493 0 : Name rolename = PG_GETARG_NAME(1);
4494 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4495 : Oid roleid;
4496 : Oid roleoid;
4497 : AclMode mode;
4498 : AclResult aclresult;
4499 :
4500 0 : roleid = get_role_oid(NameStr(*username), false);
4501 0 : roleoid = get_role_oid(NameStr(*rolename), false);
4502 0 : mode = convert_role_priv_string(priv_type_text);
4503 :
4504 0 : aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4505 :
4506 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4507 : }
4508 :
4509 : /*
4510 : * pg_has_role_name
4511 : * Check user privileges on a role given
4512 : * name rolename and text priv name.
4513 : * current_user is assumed
4514 : */
4515 : Datum
4516 12 : pg_has_role_name(PG_FUNCTION_ARGS)
4517 : {
4518 12 : Name rolename = PG_GETARG_NAME(0);
4519 12 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
4520 : Oid roleid;
4521 : Oid roleoid;
4522 : AclMode mode;
4523 : AclResult aclresult;
4524 :
4525 12 : roleid = GetUserId();
4526 12 : roleoid = get_role_oid(NameStr(*rolename), false);
4527 12 : mode = convert_role_priv_string(priv_type_text);
4528 :
4529 12 : aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4530 :
4531 12 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4532 : }
4533 :
4534 : /*
4535 : * pg_has_role_name_id
4536 : * Check user privileges on a role given
4537 : * name usename, role oid, and text priv name.
4538 : */
4539 : Datum
4540 0 : pg_has_role_name_id(PG_FUNCTION_ARGS)
4541 : {
4542 0 : Name username = PG_GETARG_NAME(0);
4543 0 : Oid roleoid = PG_GETARG_OID(1);
4544 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4545 : Oid roleid;
4546 : AclMode mode;
4547 : AclResult aclresult;
4548 :
4549 0 : roleid = get_role_oid(NameStr(*username), false);
4550 0 : mode = convert_role_priv_string(priv_type_text);
4551 :
4552 0 : aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4553 :
4554 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4555 : }
4556 :
4557 : /*
4558 : * pg_has_role_id
4559 : * Check user privileges on a role given
4560 : * role oid, and text priv name.
4561 : * current_user is assumed
4562 : */
4563 : Datum
4564 35080 : pg_has_role_id(PG_FUNCTION_ARGS)
4565 : {
4566 35080 : Oid roleoid = PG_GETARG_OID(0);
4567 35080 : text *priv_type_text = PG_GETARG_TEXT_PP(1);
4568 : Oid roleid;
4569 : AclMode mode;
4570 : AclResult aclresult;
4571 :
4572 35080 : roleid = GetUserId();
4573 35080 : mode = convert_role_priv_string(priv_type_text);
4574 :
4575 35080 : aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4576 :
4577 35080 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4578 : }
4579 :
4580 : /*
4581 : * pg_has_role_id_name
4582 : * Check user privileges on a role given
4583 : * roleid, name rolename, and text priv name.
4584 : */
4585 : Datum
4586 0 : pg_has_role_id_name(PG_FUNCTION_ARGS)
4587 : {
4588 0 : Oid roleid = PG_GETARG_OID(0);
4589 0 : Name rolename = PG_GETARG_NAME(1);
4590 0 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4591 : Oid roleoid;
4592 : AclMode mode;
4593 : AclResult aclresult;
4594 :
4595 0 : roleoid = get_role_oid(NameStr(*rolename), false);
4596 0 : mode = convert_role_priv_string(priv_type_text);
4597 :
4598 0 : aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4599 :
4600 0 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4601 : }
4602 :
4603 : /*
4604 : * pg_has_role_id_id
4605 : * Check user privileges on a role given
4606 : * roleid, role oid, and text priv name.
4607 : */
4608 : Datum
4609 56 : pg_has_role_id_id(PG_FUNCTION_ARGS)
4610 : {
4611 56 : Oid roleid = PG_GETARG_OID(0);
4612 56 : Oid roleoid = PG_GETARG_OID(1);
4613 56 : text *priv_type_text = PG_GETARG_TEXT_PP(2);
4614 : AclMode mode;
4615 : AclResult aclresult;
4616 :
4617 56 : mode = convert_role_priv_string(priv_type_text);
4618 :
4619 56 : aclresult = pg_role_aclcheck(roleoid, roleid, mode);
4620 :
4621 56 : PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
4622 : }
4623 :
4624 : /*
4625 : * Support routines for pg_has_role family.
4626 : */
4627 :
4628 : /*
4629 : * convert_role_priv_string
4630 : * Convert text string to AclMode value.
4631 : *
4632 : * We use USAGE to denote whether the privileges of the role are accessible
4633 : * (has_privs), MEMBER to denote is_member, and MEMBER WITH GRANT OPTION
4634 : * (or ADMIN OPTION) to denote is_admin. There is no ACL bit corresponding
4635 : * to MEMBER so we cheat and use ACL_CREATE for that. This convention
4636 : * is shared only with pg_role_aclcheck, below.
4637 : */
4638 : static AclMode
4639 35148 : convert_role_priv_string(text *priv_type_text)
4640 : {
4641 : static const priv_map role_priv_map[] = {
4642 : {"USAGE", ACL_USAGE},
4643 : {"MEMBER", ACL_CREATE},
4644 : {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4645 : {"USAGE WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4646 : {"MEMBER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4647 : {"MEMBER WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
4648 : {NULL, 0}
4649 : };
4650 :
4651 35148 : return convert_any_priv_string(priv_type_text, role_priv_map);
4652 : }
4653 :
4654 : /*
4655 : * pg_role_aclcheck
4656 : * Quick-and-dirty support for pg_has_role
4657 : */
4658 : static AclResult
4659 35148 : pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode)
4660 : {
4661 35148 : if (mode & ACL_GRANT_OPTION_FOR(ACL_CREATE))
4662 : {
4663 : /*
4664 : * XXX For roleid == role_oid, is_admin_of_role() also examines the
4665 : * session and call stack. That suits two-argument pg_has_role(), but
4666 : * it gives the three-argument version a lamentable whimsy.
4667 : */
4668 0 : if (is_admin_of_role(roleid, role_oid))
4669 0 : return ACLCHECK_OK;
4670 : }
4671 35148 : if (mode & ACL_CREATE)
4672 : {
4673 0 : if (is_member_of_role(roleid, role_oid))
4674 0 : return ACLCHECK_OK;
4675 : }
4676 35148 : if (mode & ACL_USAGE)
4677 : {
4678 35148 : if (has_privs_of_role(roleid, role_oid))
4679 34896 : return ACLCHECK_OK;
4680 : }
4681 252 : return ACLCHECK_NO_PRIV;
4682 : }
4683 :
4684 :
4685 : /*
4686 : * initialization function (called by InitPostgres)
4687 : */
4688 : void
4689 8820 : initialize_acl(void)
4690 : {
4691 8820 : if (!IsBootstrapProcessingMode())
4692 : {
4693 : /*
4694 : * In normal mode, set a callback on any syscache invalidation of
4695 : * pg_auth_members rows
4696 : */
4697 8500 : CacheRegisterSyscacheCallback(AUTHMEMROLEMEM,
4698 : RoleMembershipCacheCallback,
4699 : (Datum) 0);
4700 : }
4701 8820 : }
4702 :
4703 : /*
4704 : * RoleMembershipCacheCallback
4705 : * Syscache inval callback function
4706 : */
4707 : static void
4708 4820 : RoleMembershipCacheCallback(Datum arg, int cacheid, uint32 hashvalue)
4709 : {
4710 : /* Force membership caches to be recomputed on next use */
4711 4820 : cached_privs_role = InvalidOid;
4712 4820 : cached_member_role = InvalidOid;
4713 4820 : }
4714 :
4715 :
4716 : /* Check if specified role has rolinherit set */
4717 : static bool
4718 1114 : has_rolinherit(Oid roleid)
4719 : {
4720 1114 : bool result = false;
4721 : HeapTuple utup;
4722 :
4723 1114 : utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
4724 1114 : if (HeapTupleIsValid(utup))
4725 : {
4726 1114 : result = ((Form_pg_authid) GETSTRUCT(utup))->rolinherit;
4727 1114 : ReleaseSysCache(utup);
4728 : }
4729 1114 : return result;
4730 : }
4731 :
4732 :
4733 : /*
4734 : * Get a list of roles that the specified roleid has the privileges of
4735 : *
4736 : * This is defined not to recurse through roles that don't have rolinherit
4737 : * set; for such roles, membership implies the ability to do SET ROLE, but
4738 : * the privileges are not available until you've done so.
4739 : *
4740 : * Since indirect membership testing is relatively expensive, we cache
4741 : * a list of memberships. Hence, the result is only guaranteed good until
4742 : * the next call of roles_has_privs_of()!
4743 : *
4744 : * For the benefit of select_best_grantor, the result is defined to be
4745 : * in breadth-first order, ie, closer relationships earlier.
4746 : */
4747 : static List *
4748 5368 : roles_has_privs_of(Oid roleid)
4749 : {
4750 : List *roles_list;
4751 : ListCell *l;
4752 : List *new_cached_privs_roles;
4753 : MemoryContext oldctx;
4754 :
4755 : /* If cache is already valid, just return the list */
4756 5368 : if (OidIsValid(cached_privs_role) && cached_privs_role == roleid)
4757 4616 : return cached_privs_roles;
4758 :
4759 : /*
4760 : * Find all the roles that roleid is a member of, including multi-level
4761 : * recursion. The role itself will always be the first element of the
4762 : * resulting list.
4763 : *
4764 : * Each element of the list is scanned to see if it adds any indirect
4765 : * memberships. We can use a single list as both the record of
4766 : * already-found memberships and the agenda of roles yet to be scanned.
4767 : * This is a bit tricky but works because the foreach() macro doesn't
4768 : * fetch the next list element until the bottom of the loop.
4769 : */
4770 752 : roles_list = list_make1_oid(roleid);
4771 :
4772 1866 : foreach(l, roles_list)
4773 : {
4774 1114 : Oid memberid = lfirst_oid(l);
4775 : CatCList *memlist;
4776 : int i;
4777 :
4778 : /* Ignore non-inheriting roles */
4779 1114 : if (!has_rolinherit(memberid))
4780 0 : continue;
4781 :
4782 : /* Find roles that memberid is directly a member of */
4783 1114 : memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
4784 : ObjectIdGetDatum(memberid));
4785 1476 : for (i = 0; i < memlist->n_members; i++)
4786 : {
4787 362 : HeapTuple tup = &memlist->members[i]->tuple;
4788 362 : Oid otherid = ((Form_pg_auth_members) GETSTRUCT(tup))->roleid;
4789 :
4790 : /*
4791 : * Even though there shouldn't be any loops in the membership
4792 : * graph, we must test for having already seen this role. It is
4793 : * legal for instance to have both A->B and A->C->B.
4794 : */
4795 362 : roles_list = list_append_unique_oid(roles_list, otherid);
4796 : }
4797 1114 : ReleaseSysCacheList(memlist);
4798 : }
4799 :
4800 : /*
4801 : * Copy the completed list into TopMemoryContext so it will persist.
4802 : */
4803 752 : oldctx = MemoryContextSwitchTo(TopMemoryContext);
4804 752 : new_cached_privs_roles = list_copy(roles_list);
4805 752 : MemoryContextSwitchTo(oldctx);
4806 752 : list_free(roles_list);
4807 :
4808 : /*
4809 : * Now safe to assign to state variable
4810 : */
4811 752 : cached_privs_role = InvalidOid; /* just paranoia */
4812 752 : list_free(cached_privs_roles);
4813 752 : cached_privs_roles = new_cached_privs_roles;
4814 752 : cached_privs_role = roleid;
4815 :
4816 : /* And now we can return the answer */
4817 752 : return cached_privs_roles;
4818 : }
4819 :
4820 :
4821 : /*
4822 : * Get a list of roles that the specified roleid is a member of
4823 : *
4824 : * This is defined to recurse through roles regardless of rolinherit.
4825 : *
4826 : * Since indirect membership testing is relatively expensive, we cache
4827 : * a list of memberships. Hence, the result is only guaranteed good until
4828 : * the next call of roles_is_member_of()!
4829 : */
4830 : static List *
4831 14862 : roles_is_member_of(Oid roleid)
4832 : {
4833 : List *roles_list;
4834 : ListCell *l;
4835 : List *new_cached_membership_roles;
4836 : MemoryContext oldctx;
4837 :
4838 : /* If cache is already valid, just return the list */
4839 14862 : if (OidIsValid(cached_member_role) && cached_member_role == roleid)
4840 13718 : return cached_membership_roles;
4841 :
4842 : /*
4843 : * Find all the roles that roleid is a member of, including multi-level
4844 : * recursion. The role itself will always be the first element of the
4845 : * resulting list.
4846 : *
4847 : * Each element of the list is scanned to see if it adds any indirect
4848 : * memberships. We can use a single list as both the record of
4849 : * already-found memberships and the agenda of roles yet to be scanned.
4850 : * This is a bit tricky but works because the foreach() macro doesn't
4851 : * fetch the next list element until the bottom of the loop.
4852 : */
4853 1144 : roles_list = list_make1_oid(roleid);
4854 :
4855 2362 : foreach(l, roles_list)
4856 : {
4857 1218 : Oid memberid = lfirst_oid(l);
4858 : CatCList *memlist;
4859 : int i;
4860 :
4861 : /* Find roles that memberid is directly a member of */
4862 1218 : memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
4863 : ObjectIdGetDatum(memberid));
4864 1292 : for (i = 0; i < memlist->n_members; i++)
4865 : {
4866 74 : HeapTuple tup = &memlist->members[i]->tuple;
4867 74 : Oid otherid = ((Form_pg_auth_members) GETSTRUCT(tup))->roleid;
4868 :
4869 : /*
4870 : * Even though there shouldn't be any loops in the membership
4871 : * graph, we must test for having already seen this role. It is
4872 : * legal for instance to have both A->B and A->C->B.
4873 : */
4874 74 : roles_list = list_append_unique_oid(roles_list, otherid);
4875 : }
4876 1218 : ReleaseSysCacheList(memlist);
4877 : }
4878 :
4879 : /*
4880 : * Copy the completed list into TopMemoryContext so it will persist.
4881 : */
4882 1144 : oldctx = MemoryContextSwitchTo(TopMemoryContext);
4883 1144 : new_cached_membership_roles = list_copy(roles_list);
4884 1144 : MemoryContextSwitchTo(oldctx);
4885 1144 : list_free(roles_list);
4886 :
4887 : /*
4888 : * Now safe to assign to state variable
4889 : */
4890 1144 : cached_member_role = InvalidOid; /* just paranoia */
4891 1144 : list_free(cached_membership_roles);
4892 1144 : cached_membership_roles = new_cached_membership_roles;
4893 1144 : cached_member_role = roleid;
4894 :
4895 : /* And now we can return the answer */
4896 1144 : return cached_membership_roles;
4897 : }
4898 :
4899 :
4900 : /*
4901 : * Does member have the privileges of role (directly or indirectly)?
4902 : *
4903 : * This is defined not to recurse through roles that don't have rolinherit
4904 : * set; for such roles, membership implies the ability to do SET ROLE, but
4905 : * the privileges are not available until you've done so.
4906 : */
4907 : bool
4908 44014 : has_privs_of_role(Oid member, Oid role)
4909 : {
4910 : /* Fast path for simple case */
4911 44014 : if (member == role)
4912 37646 : return true;
4913 :
4914 : /* Superusers have every privilege, so are part of every role */
4915 6368 : if (superuser_arg(member))
4916 1136 : return true;
4917 :
4918 : /*
4919 : * Find all the roles that member has the privileges of, including
4920 : * multi-level recursion, then see if target role is any one of them.
4921 : */
4922 5232 : return list_member_oid(roles_has_privs_of(member), role);
4923 : }
4924 :
4925 :
4926 : /*
4927 : * Is member a member of role (directly or indirectly)?
4928 : *
4929 : * This is defined to recurse through roles regardless of rolinherit.
4930 : */
4931 : bool
4932 18384 : is_member_of_role(Oid member, Oid role)
4933 : {
4934 : /* Fast path for simple case */
4935 18384 : if (member == role)
4936 1518 : return true;
4937 :
4938 : /* Superusers have every privilege, so are part of every role */
4939 16866 : if (superuser_arg(member))
4940 3036 : return true;
4941 :
4942 : /*
4943 : * Find all the roles that member is a member of, including multi-level
4944 : * recursion, then see if target role is any one of them.
4945 : */
4946 13830 : return list_member_oid(roles_is_member_of(member), role);
4947 : }
4948 :
4949 : /*
4950 : * check_is_member_of_role
4951 : * is_member_of_role with a standard permission-violation error if not
4952 : */
4953 : void
4954 1724 : check_is_member_of_role(Oid member, Oid role)
4955 : {
4956 1724 : if (!is_member_of_role(member, role))
4957 80 : ereport(ERROR,
4958 : (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
4959 : errmsg("must be member of role \"%s\"",
4960 : GetUserNameFromId(role, false))));
4961 1644 : }
4962 :
4963 : /*
4964 : * Is member a member of role, not considering superuserness?
4965 : *
4966 : * This is identical to is_member_of_role except we ignore superuser
4967 : * status.
4968 : */
4969 : bool
4970 1032 : is_member_of_role_nosuper(Oid member, Oid role)
4971 : {
4972 : /* Fast path for simple case */
4973 1032 : if (member == role)
4974 0 : return true;
4975 :
4976 : /*
4977 : * Find all the roles that member is a member of, including multi-level
4978 : * recursion, then see if target role is any one of them.
4979 : */
4980 1032 : return list_member_oid(roles_is_member_of(member), role);
4981 : }
4982 :
4983 :
4984 : /*
4985 : * Is member an admin of role? That is, is member the role itself (subject to
4986 : * restrictions below), a member (directly or indirectly) WITH ADMIN OPTION,
4987 : * or a superuser?
4988 : */
4989 : bool
4990 32 : is_admin_of_role(Oid member, Oid role)
4991 : {
4992 32 : bool result = false;
4993 : List *roles_list;
4994 : ListCell *l;
4995 :
4996 32 : if (superuser_arg(member))
4997 0 : return true;
4998 :
4999 32 : if (member == role)
5000 :
5001 : /*
5002 : * A role can admin itself when it matches the session user and we're
5003 : * outside any security-restricted operation, SECURITY DEFINER or
5004 : * similar context. SQL-standard roles cannot self-admin. However,
5005 : * SQL-standard users are distinct from roles, and they are not
5006 : * grantable like roles: PostgreSQL's role-user duality extends the
5007 : * standard. Checking for a session user match has the effect of
5008 : * letting a role self-admin only when it's conspicuously behaving
5009 : * like a user. Note that allowing self-admin under a mere SET ROLE
5010 : * would make WITH ADMIN OPTION largely irrelevant; any member could
5011 : * SET ROLE to issue the otherwise-forbidden command.
5012 : *
5013 : * Withholding self-admin in a security-restricted operation prevents
5014 : * object owners from harnessing the session user identity during
5015 : * administrative maintenance. Suppose Alice owns a database, has
5016 : * issued "GRANT alice TO bob", and runs a daily ANALYZE. Bob creates
5017 : * an alice-owned SECURITY DEFINER function that issues "REVOKE alice
5018 : * FROM carol". If he creates an expression index calling that
5019 : * function, Alice will attempt the REVOKE during each ANALYZE.
5020 : * Checking InSecurityRestrictedOperation() thwarts that attack.
5021 : *
5022 : * Withholding self-admin in SECURITY DEFINER functions makes their
5023 : * behavior independent of the calling user. There's no security or
5024 : * SQL-standard-conformance need for that restriction, though.
5025 : *
5026 : * A role cannot have actual WITH ADMIN OPTION on itself, because that
5027 : * would imply a membership loop. Therefore, we're done either way.
5028 : */
5029 24 : return member == GetSessionUserId() &&
5030 20 : !InLocalUserIdChange() && !InSecurityRestrictedOperation();
5031 :
5032 : /*
5033 : * Find all the roles that member is a member of, including multi-level
5034 : * recursion. We build a list in the same way that is_member_of_role does
5035 : * to track visited and unvisited roles.
5036 : */
5037 16 : roles_list = list_make1_oid(member);
5038 :
5039 24 : foreach(l, roles_list)
5040 : {
5041 20 : Oid memberid = lfirst_oid(l);
5042 : CatCList *memlist;
5043 : int i;
5044 :
5045 : /* Find roles that memberid is directly a member of */
5046 20 : memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
5047 : ObjectIdGetDatum(memberid));
5048 36 : for (i = 0; i < memlist->n_members; i++)
5049 : {
5050 28 : HeapTuple tup = &memlist->members[i]->tuple;
5051 28 : Oid otherid = ((Form_pg_auth_members) GETSTRUCT(tup))->roleid;
5052 :
5053 44 : if (otherid == role &&
5054 16 : ((Form_pg_auth_members) GETSTRUCT(tup))->admin_option)
5055 : {
5056 : /* Found what we came for, so can stop searching */
5057 12 : result = true;
5058 12 : break;
5059 : }
5060 :
5061 16 : roles_list = list_append_unique_oid(roles_list, otherid);
5062 : }
5063 20 : ReleaseSysCacheList(memlist);
5064 20 : if (result)
5065 12 : break;
5066 : }
5067 :
5068 16 : list_free(roles_list);
5069 :
5070 16 : return result;
5071 : }
5072 :
5073 :
5074 : /* does what it says ... */
5075 : static int
5076 0 : count_one_bits(AclMode mask)
5077 : {
5078 0 : int nbits = 0;
5079 :
5080 : /* this code relies on AclMode being an unsigned type */
5081 0 : while (mask)
5082 : {
5083 0 : if (mask & 1)
5084 0 : nbits++;
5085 0 : mask >>= 1;
5086 : }
5087 0 : return nbits;
5088 : }
5089 :
5090 :
5091 : /*
5092 : * Select the effective grantor ID for a GRANT or REVOKE operation.
5093 : *
5094 : * The grantor must always be either the object owner or some role that has
5095 : * been explicitly granted grant options. This ensures that all granted
5096 : * privileges appear to flow from the object owner, and there are never
5097 : * multiple "original sources" of a privilege. Therefore, if the would-be
5098 : * grantor is a member of a role that has the needed grant options, we have
5099 : * to do the grant as that role instead.
5100 : *
5101 : * It is possible that the would-be grantor is a member of several roles
5102 : * that have different subsets of the desired grant options, but no one
5103 : * role has 'em all. In this case we pick a role with the largest number
5104 : * of desired options. Ties are broken in favor of closer ancestors.
5105 : *
5106 : * roleId: the role attempting to do the GRANT/REVOKE
5107 : * privileges: the privileges to be granted/revoked
5108 : * acl: the ACL of the object in question
5109 : * ownerId: the role owning the object in question
5110 : * *grantorId: receives the OID of the role to do the grant as
5111 : * *grantOptions: receives the grant options actually held by grantorId
5112 : *
5113 : * If no grant options exist, we set grantorId to roleId, grantOptions to 0.
5114 : */
5115 : void
5116 85100 : select_best_grantor(Oid roleId, AclMode privileges,
5117 : const Acl *acl, Oid ownerId,
5118 : Oid *grantorId, AclMode *grantOptions)
5119 : {
5120 85100 : AclMode needed_goptions = ACL_GRANT_OPTION_FOR(privileges);
5121 : List *roles_list;
5122 : int nrights;
5123 : ListCell *l;
5124 :
5125 : /*
5126 : * The object owner is always treated as having all grant options, so if
5127 : * roleId is the owner it's easy. Also, if roleId is a superuser it's
5128 : * easy: superusers are implicitly members of every role, so they act as
5129 : * the object owner.
5130 : */
5131 85100 : if (roleId == ownerId || superuser_arg(roleId))
5132 : {
5133 84964 : *grantorId = ownerId;
5134 84964 : *grantOptions = needed_goptions;
5135 84964 : return;
5136 : }
5137 :
5138 : /*
5139 : * Otherwise we have to do a careful search to see if roleId has the
5140 : * privileges of any suitable role. Note: we can hang onto the result of
5141 : * roles_has_privs_of() throughout this loop, because aclmask_direct()
5142 : * doesn't query any role memberships.
5143 : */
5144 136 : roles_list = roles_has_privs_of(roleId);
5145 :
5146 : /* initialize candidate result as default */
5147 136 : *grantorId = roleId;
5148 136 : *grantOptions = ACL_NO_RIGHTS;
5149 136 : nrights = 0;
5150 :
5151 188 : foreach(l, roles_list)
5152 : {
5153 144 : Oid otherrole = lfirst_oid(l);
5154 : AclMode otherprivs;
5155 :
5156 144 : otherprivs = aclmask_direct(acl, otherrole, ownerId,
5157 : needed_goptions, ACLMASK_ALL);
5158 144 : if (otherprivs == needed_goptions)
5159 : {
5160 : /* Found a suitable grantor */
5161 92 : *grantorId = otherrole;
5162 92 : *grantOptions = otherprivs;
5163 184 : return;
5164 : }
5165 :
5166 : /*
5167 : * If it has just some of the needed privileges, remember best
5168 : * candidate.
5169 : */
5170 52 : if (otherprivs != ACL_NO_RIGHTS)
5171 : {
5172 0 : int nnewrights = count_one_bits(otherprivs);
5173 :
5174 0 : if (nnewrights > nrights)
5175 : {
5176 0 : *grantorId = otherrole;
5177 0 : *grantOptions = otherprivs;
5178 0 : nrights = nnewrights;
5179 : }
5180 : }
5181 : }
5182 : }
5183 :
5184 : /*
5185 : * get_role_oid - Given a role name, look up the role's OID.
5186 : *
5187 : * If missing_ok is false, throw an error if role name not found. If
5188 : * true, just return InvalidOid.
5189 : */
5190 : Oid
5191 15790 : get_role_oid(const char *rolname, bool missing_ok)
5192 : {
5193 : Oid oid;
5194 :
5195 15790 : oid = GetSysCacheOid1(AUTHNAME, Anum_pg_authid_oid,
5196 : CStringGetDatum(rolname));
5197 15790 : if (!OidIsValid(oid) && !missing_ok)
5198 56 : ereport(ERROR,
5199 : (errcode(ERRCODE_UNDEFINED_OBJECT),
5200 : errmsg("role \"%s\" does not exist", rolname)));
5201 15734 : return oid;
5202 : }
5203 :
5204 : /*
5205 : * get_role_oid_or_public - As above, but return ACL_ID_PUBLIC if the
5206 : * role name is "public".
5207 : */
5208 : Oid
5209 260 : get_role_oid_or_public(const char *rolname)
5210 : {
5211 260 : if (strcmp(rolname, "public") == 0)
5212 0 : return ACL_ID_PUBLIC;
5213 :
5214 260 : return get_role_oid(rolname, false);
5215 : }
5216 :
5217 : /*
5218 : * Given a RoleSpec node, return the OID it corresponds to. If missing_ok is
5219 : * true, return InvalidOid if the role does not exist.
5220 : *
5221 : * PUBLIC is always disallowed here. Routines wanting to handle the PUBLIC
5222 : * case must check the case separately.
5223 : */
5224 : Oid
5225 6832 : get_rolespec_oid(const RoleSpec *role, bool missing_ok)
5226 : {
5227 : Oid oid;
5228 :
5229 6832 : switch (role->roletype)
5230 : {
5231 : case ROLESPEC_CSTRING:
5232 : Assert(role->rolename);
5233 6640 : oid = get_role_oid(role->rolename, missing_ok);
5234 6610 : break;
5235 :
5236 : case ROLESPEC_CURRENT_USER:
5237 154 : oid = GetUserId();
5238 154 : break;
5239 :
5240 : case ROLESPEC_SESSION_USER:
5241 22 : oid = GetSessionUserId();
5242 22 : break;
5243 :
5244 : case ROLESPEC_PUBLIC:
5245 16 : ereport(ERROR,
5246 : (errcode(ERRCODE_UNDEFINED_OBJECT),
5247 : errmsg("role \"%s\" does not exist", "public")));
5248 : oid = InvalidOid; /* make compiler happy */
5249 : break;
5250 :
5251 : default:
5252 0 : elog(ERROR, "unexpected role type %d", role->roletype);
5253 : }
5254 :
5255 6786 : return oid;
5256 : }
5257 :
5258 : /*
5259 : * Given a RoleSpec node, return the pg_authid HeapTuple it corresponds to.
5260 : * Caller must ReleaseSysCache when done with the result tuple.
5261 : */
5262 : HeapTuple
5263 276 : get_rolespec_tuple(const RoleSpec *role)
5264 : {
5265 : HeapTuple tuple;
5266 :
5267 276 : switch (role->roletype)
5268 : {
5269 : case ROLESPEC_CSTRING:
5270 : Assert(role->rolename);
5271 238 : tuple = SearchSysCache1(AUTHNAME, CStringGetDatum(role->rolename));
5272 238 : if (!HeapTupleIsValid(tuple))
5273 12 : ereport(ERROR,
5274 : (errcode(ERRCODE_UNDEFINED_OBJECT),
5275 : errmsg("role \"%s\" does not exist", role->rolename)));
5276 226 : break;
5277 :
5278 : case ROLESPEC_CURRENT_USER:
5279 14 : tuple = SearchSysCache1(AUTHOID, GetUserId());
5280 14 : if (!HeapTupleIsValid(tuple))
5281 0 : elog(ERROR, "cache lookup failed for role %u", GetUserId());
5282 14 : break;
5283 :
5284 : case ROLESPEC_SESSION_USER:
5285 12 : tuple = SearchSysCache1(AUTHOID, GetSessionUserId());
5286 12 : if (!HeapTupleIsValid(tuple))
5287 0 : elog(ERROR, "cache lookup failed for role %u", GetSessionUserId());
5288 12 : break;
5289 :
5290 : case ROLESPEC_PUBLIC:
5291 12 : ereport(ERROR,
5292 : (errcode(ERRCODE_UNDEFINED_OBJECT),
5293 : errmsg("role \"%s\" does not exist", "public")));
5294 : tuple = NULL; /* make compiler happy */
5295 : break;
5296 :
5297 : default:
5298 0 : elog(ERROR, "unexpected role type %d", role->roletype);
5299 : }
5300 :
5301 252 : return tuple;
5302 : }
5303 :
5304 : /*
5305 : * Given a RoleSpec, returns a palloc'ed copy of the corresponding role's name.
5306 : */
5307 : char *
5308 12 : get_rolespec_name(const RoleSpec *role)
5309 : {
5310 : HeapTuple tp;
5311 : Form_pg_authid authForm;
5312 : char *rolename;
5313 :
5314 12 : tp = get_rolespec_tuple(role);
5315 12 : authForm = (Form_pg_authid) GETSTRUCT(tp);
5316 12 : rolename = pstrdup(NameStr(authForm->rolname));
5317 12 : ReleaseSysCache(tp);
5318 :
5319 12 : return rolename;
5320 : }
5321 :
5322 : /*
5323 : * Given a RoleSpec, throw an error if the name is reserved, using detail_msg,
5324 : * if provided.
5325 : *
5326 : * If node is NULL, no error is thrown. If detail_msg is NULL then no detail
5327 : * message is provided.
5328 : */
5329 : void
5330 258 : check_rolespec_name(const RoleSpec *role, const char *detail_msg)
5331 : {
5332 258 : if (!role)
5333 0 : return;
5334 :
5335 258 : if (role->roletype != ROLESPEC_CSTRING)
5336 38 : return;
5337 :
5338 220 : if (IsReservedName(role->rolename))
5339 : {
5340 0 : if (detail_msg)
5341 0 : ereport(ERROR,
5342 : (errcode(ERRCODE_RESERVED_NAME),
5343 : errmsg("role name \"%s\" is reserved",
5344 : role->rolename),
5345 : errdetail("%s", detail_msg)));
5346 : else
5347 0 : ereport(ERROR,
5348 : (errcode(ERRCODE_RESERVED_NAME),
5349 : errmsg("role name \"%s\" is reserved",
5350 : role->rolename)));
5351 : }
5352 : }
|
