acl.c File Reference

#include "postgres.h"
#include <ctype.h>
#include "access/htup_details.h"
#include "catalog/namespace.h"
#include "catalog/pg_authid.h"
#include "catalog/pg_auth_members.h"
#include "catalog/pg_type.h"
#include "catalog/pg_class.h"
#include "commands/dbcommands.h"
#include "commands/proclang.h"
#include "commands/tablespace.h"
#include "foreign/foreign.h"
#include "funcapi.h"
#include "miscadmin.h"
#include "utils/acl.h"
#include "utils/builtins.h"
#include "utils/catcache.h"
#include "utils/inval.h"
#include "utils/lsyscache.h"
#include "utils/memutils.h"
#include "utils/syscache.h"

Include dependency graph for acl.c:

Go to the source code of this file.

Data Structures
struct	priv_map
Functions
static const char *	getid (const char *s, char *n)
static void	putid (char *p, const char *s)
static Acl *	allocacl (int n)
static void	check_acl (const Acl *acl)
static const char *	aclparse (const char *s, AclItem *aip)
static bool	aclitem_match (const AclItem *a1, const AclItem *a2)
static int	aclitemComparator (const void *arg1, const void *arg2)
static void	check_circularity (const Acl *old_acl, const AclItem *mod_aip, Oid ownerId)
static Acl *	recursive_revoke (Acl *acl, Oid grantee, AclMode revoke_privs, Oid ownerId, DropBehavior behavior)
static int	oidComparator (const void *arg1, const void *arg2)
static AclMode	convert_priv_string (text *priv_type_text)
static AclMode	convert_any_priv_string (text *priv_type_text, const priv_map *privileges)
static Oid	convert_table_name (text *tablename)
static AclMode	convert_table_priv_string (text *priv_type_text)
static AclMode	convert_sequence_priv_string (text *priv_type_text)
static AttrNumber	convert_column_name (Oid tableoid, text *column)
static AclMode	convert_column_priv_string (text *priv_type_text)
static Oid	convert_database_name (text *databasename)
static AclMode	convert_database_priv_string (text *priv_type_text)
static Oid	convert_foreign_data_wrapper_name (text *fdwname)
static AclMode	convert_foreign_data_wrapper_priv_string (text *priv_type_text)
static Oid	convert_function_name (text *functionname)
static AclMode	convert_function_priv_string (text *priv_type_text)
static Oid	convert_language_name (text *languagename)
static AclMode	convert_language_priv_string (text *priv_type_text)
static Oid	convert_schema_name (text *schemaname)
static AclMode	convert_schema_priv_string (text *priv_type_text)
static Oid	convert_server_name (text *servername)
static AclMode	convert_server_priv_string (text *priv_type_text)
static Oid	convert_tablespace_name (text *tablespacename)
static AclMode	convert_tablespace_priv_string (text *priv_type_text)
static Oid	convert_type_name (text *typename)
static AclMode	convert_type_priv_string (text *priv_type_text)
static AclMode	convert_role_priv_string (text *priv_type_text)
static AclResult	pg_role_aclcheck (Oid role_oid, Oid roleid, AclMode mode)
static void	RoleMembershipCacheCallback (Datum arg, int cacheid, uint32 hashvalue)
static Oid	get_role_oid_or_public (const char *rolname)
Acl *	make_empty_acl (void)
Acl *	aclcopy (const Acl *orig_acl)
Acl *	aclconcat (const Acl *left_acl, const Acl *right_acl)
Acl *	aclmerge (const Acl *left_acl, const Acl *right_acl, Oid ownerId)
void	aclitemsort (Acl *acl)
bool	aclequal (const Acl *left_acl, const Acl *right_acl)
Datum	aclitemin (PG_FUNCTION_ARGS)
Datum	aclitemout (PG_FUNCTION_ARGS)
Datum	aclitem_eq (PG_FUNCTION_ARGS)
Datum	hash_aclitem (PG_FUNCTION_ARGS)
Acl *	acldefault (GrantObjectType objtype, Oid ownerId)
Datum	acldefault_sql (PG_FUNCTION_ARGS)
Acl *	aclupdate (const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
Acl *	aclnewowner (const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)
AclMode	aclmask (const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
static AclMode	aclmask_direct (const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
int	aclmembers (const Acl *acl, Oid **roleids)
Datum	aclinsert (PG_FUNCTION_ARGS)
Datum	aclremove (PG_FUNCTION_ARGS)
Datum	aclcontains (PG_FUNCTION_ARGS)
Datum	makeaclitem (PG_FUNCTION_ARGS)
static const char *	convert_aclright_to_string (int aclright)
Datum	aclexplode (PG_FUNCTION_ARGS)
Datum	has_table_privilege_name_name (PG_FUNCTION_ARGS)
Datum	has_table_privilege_name (PG_FUNCTION_ARGS)
Datum	has_table_privilege_name_id (PG_FUNCTION_ARGS)
Datum	has_table_privilege_id (PG_FUNCTION_ARGS)
Datum	has_table_privilege_id_name (PG_FUNCTION_ARGS)
Datum	has_table_privilege_id_id (PG_FUNCTION_ARGS)
Datum	has_sequence_privilege_name_name (PG_FUNCTION_ARGS)
Datum	has_sequence_privilege_name (PG_FUNCTION_ARGS)
Datum	has_sequence_privilege_name_id (PG_FUNCTION_ARGS)
Datum	has_sequence_privilege_id (PG_FUNCTION_ARGS)
Datum	has_sequence_privilege_id_name (PG_FUNCTION_ARGS)
Datum	has_sequence_privilege_id_id (PG_FUNCTION_ARGS)
Datum	has_any_column_privilege_name_name (PG_FUNCTION_ARGS)
Datum	has_any_column_privilege_name (PG_FUNCTION_ARGS)
Datum	has_any_column_privilege_name_id (PG_FUNCTION_ARGS)
Datum	has_any_column_privilege_id (PG_FUNCTION_ARGS)
Datum	has_any_column_privilege_id_name (PG_FUNCTION_ARGS)
Datum	has_any_column_privilege_id_id (PG_FUNCTION_ARGS)
static int	column_privilege_check (Oid tableoid, AttrNumber attnum, Oid roleid, AclMode mode)
Datum	has_column_privilege_name_name_name (PG_FUNCTION_ARGS)
Datum	has_column_privilege_name_name_attnum (PG_FUNCTION_ARGS)
Datum	has_column_privilege_name_id_name (PG_FUNCTION_ARGS)
Datum	has_column_privilege_name_id_attnum (PG_FUNCTION_ARGS)
Datum	has_column_privilege_id_name_name (PG_FUNCTION_ARGS)
Datum	has_column_privilege_id_name_attnum (PG_FUNCTION_ARGS)
Datum	has_column_privilege_id_id_name (PG_FUNCTION_ARGS)
Datum	has_column_privilege_id_id_attnum (PG_FUNCTION_ARGS)
Datum	has_column_privilege_name_name (PG_FUNCTION_ARGS)
Datum	has_column_privilege_name_attnum (PG_FUNCTION_ARGS)
Datum	has_column_privilege_id_name (PG_FUNCTION_ARGS)
Datum	has_column_privilege_id_attnum (PG_FUNCTION_ARGS)
Datum	has_database_privilege_name_name (PG_FUNCTION_ARGS)
Datum	has_database_privilege_name (PG_FUNCTION_ARGS)
Datum	has_database_privilege_name_id (PG_FUNCTION_ARGS)
Datum	has_database_privilege_id (PG_FUNCTION_ARGS)
Datum	has_database_privilege_id_name (PG_FUNCTION_ARGS)
Datum	has_database_privilege_id_id (PG_FUNCTION_ARGS)
Datum	has_foreign_data_wrapper_privilege_name_name (PG_FUNCTION_ARGS)
Datum	has_foreign_data_wrapper_privilege_name (PG_FUNCTION_ARGS)
Datum	has_foreign_data_wrapper_privilege_name_id (PG_FUNCTION_ARGS)
Datum	has_foreign_data_wrapper_privilege_id (PG_FUNCTION_ARGS)
Datum	has_foreign_data_wrapper_privilege_id_name (PG_FUNCTION_ARGS)
Datum	has_foreign_data_wrapper_privilege_id_id (PG_FUNCTION_ARGS)
Datum	has_function_privilege_name_name (PG_FUNCTION_ARGS)
Datum	has_function_privilege_name (PG_FUNCTION_ARGS)
Datum	has_function_privilege_name_id (PG_FUNCTION_ARGS)
Datum	has_function_privilege_id (PG_FUNCTION_ARGS)
Datum	has_function_privilege_id_name (PG_FUNCTION_ARGS)
Datum	has_function_privilege_id_id (PG_FUNCTION_ARGS)
Datum	has_language_privilege_name_name (PG_FUNCTION_ARGS)
Datum	has_language_privilege_name (PG_FUNCTION_ARGS)
Datum	has_language_privilege_name_id (PG_FUNCTION_ARGS)
Datum	has_language_privilege_id (PG_FUNCTION_ARGS)
Datum	has_language_privilege_id_name (PG_FUNCTION_ARGS)
Datum	has_language_privilege_id_id (PG_FUNCTION_ARGS)
Datum	has_schema_privilege_name_name (PG_FUNCTION_ARGS)
Datum	has_schema_privilege_name (PG_FUNCTION_ARGS)
Datum	has_schema_privilege_name_id (PG_FUNCTION_ARGS)
Datum	has_schema_privilege_id (PG_FUNCTION_ARGS)
Datum	has_schema_privilege_id_name (PG_FUNCTION_ARGS)
Datum	has_schema_privilege_id_id (PG_FUNCTION_ARGS)
Datum	has_server_privilege_name_name (PG_FUNCTION_ARGS)
Datum	has_server_privilege_name (PG_FUNCTION_ARGS)
Datum	has_server_privilege_name_id (PG_FUNCTION_ARGS)
Datum	has_server_privilege_id (PG_FUNCTION_ARGS)
Datum	has_server_privilege_id_name (PG_FUNCTION_ARGS)
Datum	has_server_privilege_id_id (PG_FUNCTION_ARGS)
Datum	has_tablespace_privilege_name_name (PG_FUNCTION_ARGS)
Datum	has_tablespace_privilege_name (PG_FUNCTION_ARGS)
Datum	has_tablespace_privilege_name_id (PG_FUNCTION_ARGS)
Datum	has_tablespace_privilege_id (PG_FUNCTION_ARGS)
Datum	has_tablespace_privilege_id_name (PG_FUNCTION_ARGS)
Datum	has_tablespace_privilege_id_id (PG_FUNCTION_ARGS)
Datum	has_type_privilege_name_name (PG_FUNCTION_ARGS)
Datum	has_type_privilege_name (PG_FUNCTION_ARGS)
Datum	has_type_privilege_name_id (PG_FUNCTION_ARGS)
Datum	has_type_privilege_id (PG_FUNCTION_ARGS)
Datum	has_type_privilege_id_name (PG_FUNCTION_ARGS)
Datum	has_type_privilege_id_id (PG_FUNCTION_ARGS)
Datum	pg_has_role_name_name (PG_FUNCTION_ARGS)
Datum	pg_has_role_name (PG_FUNCTION_ARGS)
Datum	pg_has_role_name_id (PG_FUNCTION_ARGS)
Datum	pg_has_role_id (PG_FUNCTION_ARGS)
Datum	pg_has_role_id_name (PG_FUNCTION_ARGS)
Datum	pg_has_role_id_id (PG_FUNCTION_ARGS)
void	initialize_acl (void)
static bool	has_rolinherit (Oid roleid)
static List *	roles_has_privs_of (Oid roleid)
static List *	roles_is_member_of (Oid roleid)
bool	has_privs_of_role (Oid member, Oid role)
bool	is_member_of_role (Oid member, Oid role)
void	check_is_member_of_role (Oid member, Oid role)
bool	is_member_of_role_nosuper (Oid member, Oid role)
bool	is_admin_of_role (Oid member, Oid role)
static int	count_one_bits (AclMode mask)
void	select_best_grantor (Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
Oid	get_role_oid (const char *rolname, bool missing_ok)
Variables
static Oid	cached_privs_role = InvalidOid
static List *	cached_privs_roles = NIL
static Oid	cached_member_role = InvalidOid
static List *	cached_membership_roles = NIL

---

Function Documentation

Acl* aclconcat	(	const Acl *	left_acl,
		const Acl *	right_acl
	)

Definition at line 426 of file acl.c.

References ACL_DAT, ACL_NUM, and allocacl().

Referenced by ExecGrant_Attribute().

{
    Acl        *result_acl;

    result_acl = allocacl(ACL_NUM(left_acl) + ACL_NUM(right_acl));

    memcpy(ACL_DAT(result_acl),
           ACL_DAT(left_acl),
           ACL_NUM(left_acl) * sizeof(AclItem));

    memcpy(ACL_DAT(result_acl) + ACL_NUM(left_acl),
           ACL_DAT(right_acl),
           ACL_NUM(right_acl) * sizeof(AclItem));

    return result_acl;
}

Datum aclcontains

(

PG_FUNCTION_ARGS

)

Definition at line 1553 of file acl.c.

References ACL_DAT, ACL_NUM, ACLITEM_GET_RIGHTS, AclItem::ai_grantee, AclItem::ai_grantor, check_acl(), i, PG_GETARG_ACL_P, PG_GETARG_ACLITEM_P, and PG_RETURN_BOOL.

{
    Acl        *acl = PG_GETARG_ACL_P(0);
    AclItem    *aip = PG_GETARG_ACLITEM_P(1);
    AclItem    *aidat;
    int         i,
                num;

    check_acl(acl);
    num = ACL_NUM(acl);
    aidat = ACL_DAT(acl);
    for (i = 0; i < num; ++i)
    {
        if (aip->ai_grantee == aidat[i].ai_grantee &&
            aip->ai_grantor == aidat[i].ai_grantor &&
            (ACLITEM_GET_RIGHTS(*aip) & ACLITEM_GET_RIGHTS(aidat[i])) == ACLITEM_GET_RIGHTS(*aip))
            PG_RETURN_BOOL(true);
    }
    PG_RETURN_BOOL(false);
}

Acl* aclcopy

(

const Acl *

orig_acl

)

Definition at line 406 of file acl.c.

References ACL_DAT, ACL_NUM, and allocacl().

Referenced by aclmerge(), ExecGrant_Relation(), and SetDefaultACL().

{
    Acl        *result_acl;

    result_acl = allocacl(ACL_NUM(orig_acl));

    memcpy(ACL_DAT(result_acl),
           ACL_DAT(orig_acl),
           ACL_NUM(orig_acl) * sizeof(AclItem));

    return result_acl;
}

Acl* acldefault	(	GrantObjectType	objtype,
		Oid	ownerId
	)

Definition at line 731 of file acl.c.

References ACL_CREATE_TEMP, ACL_DAT, ACL_NO_RIGHTS, ACL_OBJECT_COLUMN, ACL_OBJECT_DATABASE, ACL_OBJECT_DOMAIN, ACL_OBJECT_FDW, ACL_OBJECT_FOREIGN_SERVER, ACL_OBJECT_FUNCTION, ACL_OBJECT_LANGUAGE, ACL_OBJECT_LARGEOBJECT, ACL_OBJECT_NAMESPACE, ACL_OBJECT_RELATION, ACL_OBJECT_SEQUENCE, ACL_OBJECT_TABLESPACE, ACL_OBJECT_TYPE, ACLITEM_SET_PRIVS_GOPTIONS, AclItem::ai_grantee, AclItem::ai_grantor, allocacl(), elog, and ERROR.

Referenced by acldefault_sql(), ExecGrant_Attribute(), ExecGrant_Database(), ExecGrant_Fdw(), ExecGrant_ForeignServer(), ExecGrant_Function(), ExecGrant_Language(), ExecGrant_Largeobject(), ExecGrant_Namespace(), ExecGrant_Relation(), ExecGrant_Tablespace(), ExecGrant_Type(), get_user_default_acl(), pg_class_aclmask(), pg_database_aclmask(), pg_foreign_data_wrapper_aclmask(), pg_foreign_server_aclmask(), pg_language_aclmask(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask(), pg_proc_aclmask(), pg_tablespace_aclmask(), pg_type_aclmask(), and SetDefaultACL().

{
    AclMode     world_default;
    AclMode     owner_default;
    int         nacl;
    Acl        *acl;
    AclItem    *aip;

    switch (objtype)
    {
        case ACL_OBJECT_COLUMN:
            /* by default, columns have no extra privileges */
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_NO_RIGHTS;
            break;
        case ACL_OBJECT_RELATION:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_RELATION;
            break;
        case ACL_OBJECT_SEQUENCE:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_SEQUENCE;
            break;
        case ACL_OBJECT_DATABASE:
            /* for backwards compatibility, grant some rights by default */
            world_default = ACL_CREATE_TEMP | ACL_CONNECT;
            owner_default = ACL_ALL_RIGHTS_DATABASE;
            break;
        case ACL_OBJECT_FUNCTION:
            /* Grant EXECUTE by default, for now */
            world_default = ACL_EXECUTE;
            owner_default = ACL_ALL_RIGHTS_FUNCTION;
            break;
        case ACL_OBJECT_LANGUAGE:
            /* Grant USAGE by default, for now */
            world_default = ACL_USAGE;
            owner_default = ACL_ALL_RIGHTS_LANGUAGE;
            break;
        case ACL_OBJECT_LARGEOBJECT:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_LARGEOBJECT;
            break;
        case ACL_OBJECT_NAMESPACE:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_NAMESPACE;
            break;
        case ACL_OBJECT_TABLESPACE:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_TABLESPACE;
            break;
        case ACL_OBJECT_FDW:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_FDW;
            break;
        case ACL_OBJECT_FOREIGN_SERVER:
            world_default = ACL_NO_RIGHTS;
            owner_default = ACL_ALL_RIGHTS_FOREIGN_SERVER;
            break;
        case ACL_OBJECT_DOMAIN:
        case ACL_OBJECT_TYPE:
            world_default = ACL_USAGE;
            owner_default = ACL_ALL_RIGHTS_TYPE;
            break;
        default:
            elog(ERROR, "unrecognized objtype: %d", (int) objtype);
            world_default = ACL_NO_RIGHTS;      /* keep compiler quiet */
            owner_default = ACL_NO_RIGHTS;
            break;
    }

    nacl = 0;
    if (world_default != ACL_NO_RIGHTS)
        nacl++;
    if (owner_default != ACL_NO_RIGHTS)
        nacl++;

    acl = allocacl(nacl);
    aip = ACL_DAT(acl);

    if (world_default != ACL_NO_RIGHTS)
    {
        aip->ai_grantee = ACL_ID_PUBLIC;
        aip->ai_grantor = ownerId;
        ACLITEM_SET_PRIVS_GOPTIONS(*aip, world_default, ACL_NO_RIGHTS);
        aip++;
    }

    /*
     * Note that the owner's entry shows all ordinary privileges but no grant
     * options.  This is because his grant options come "from the system" and
     * not from his own efforts.  (The SQL spec says that the owner's rights
     * come from a "_SYSTEM" authid.)  However, we do consider that the
     * owner's ordinary privileges are self-granted; this lets him revoke
     * them.  We implement the owner's grant options without any explicit
     * "_SYSTEM"-like ACL entry, by internally special-casing the owner
     * wherever we are testing grant options.
     */
    if (owner_default != ACL_NO_RIGHTS)
    {
        aip->ai_grantee = ownerId;
        aip->ai_grantor = ownerId;
        ACLITEM_SET_PRIVS_GOPTIONS(*aip, owner_default, ACL_NO_RIGHTS);
    }

    return acl;
}

Datum acldefault_sql

(

PG_FUNCTION_ARGS

)

Definition at line 845 of file acl.c.

References acldefault(), elog, ERROR, PG_GETARG_CHAR, PG_GETARG_OID, and PG_RETURN_ACL_P.

{
    char        objtypec = PG_GETARG_CHAR(0);
    Oid         owner = PG_GETARG_OID(1);
    GrantObjectType objtype = 0;

    switch (objtypec)
    {
        case 'c':
            objtype = ACL_OBJECT_COLUMN;
            break;
        case 'r':
            objtype = ACL_OBJECT_RELATION;
            break;
        case 's':
            objtype = ACL_OBJECT_SEQUENCE;
            break;
        case 'd':
            objtype = ACL_OBJECT_DATABASE;
            break;
        case 'f':
            objtype = ACL_OBJECT_FUNCTION;
            break;
        case 'l':
            objtype = ACL_OBJECT_LANGUAGE;
            break;
        case 'L':
            objtype = ACL_OBJECT_LARGEOBJECT;
            break;
        case 'n':
            objtype = ACL_OBJECT_NAMESPACE;
            break;
        case 't':
            objtype = ACL_OBJECT_TABLESPACE;
            break;
        case 'F':
            objtype = ACL_OBJECT_FDW;
            break;
        case 'S':
            objtype = ACL_OBJECT_FOREIGN_SERVER;
            break;
        case 'T':
            objtype = ACL_OBJECT_TYPE;
            break;
        default:
            elog(ERROR, "unrecognized objtype abbreviation: %c", objtypec);
    }

    PG_RETURN_ACL_P(acldefault(objtype, owner));
}

bool aclequal	(	const Acl *	left_acl,
		const Acl *	right_acl
	)

Definition at line 508 of file acl.c.

References ACL_DAT, ACL_NUM, memcmp(), and NULL.

Referenced by get_user_default_acl(), and SetDefaultACL().

{
    /* Check for cases where one or both are empty/null */
    if (left_acl == NULL || ACL_NUM(left_acl) == 0)
    {
        if (right_acl == NULL || ACL_NUM(right_acl) == 0)
            return true;
        else
            return false;
    }
    else
    {
        if (right_acl == NULL || ACL_NUM(right_acl) == 0)
            return false;
    }

    if (ACL_NUM(left_acl) != ACL_NUM(right_acl))
        return false;

    if (memcmp(ACL_DAT(left_acl),
               ACL_DAT(right_acl),
               ACL_NUM(left_acl) * sizeof(AclItem)) == 0)
        return true;

    return false;
}

Datum aclexplode

(

PG_FUNCTION_ARGS

)

Definition at line 1746 of file acl.c.

References ACL_DAT, ACL_NUM, ACLITEM_GET_GOPTIONS, ACLITEM_GET_PRIVS, AclItem::ai_grantee, AclItem::ai_grantor, BlessTupleDesc(), BoolGetDatum, BOOLOID, check_acl(), convert_aclright_to_string(), CreateTemplateTupleDesc(), CStringGetTextDatum, heap_form_tuple(), HeapTupleGetDatum, MemoryContextSwitchTo(), MemSet, FuncCallContext::multi_call_memory_ctx, N_ACL_RIGHTS, ObjectIdGetDatum, OIDOID, palloc(), PG_GETARG_ACL_P, SRF_FIRSTCALL_INIT, SRF_IS_FIRSTCALL, SRF_PERCALL_SETUP, SRF_RETURN_DONE, SRF_RETURN_NEXT, TEXTOID, FuncCallContext::tuple_desc, TupleDescInitEntry(), FuncCallContext::user_fctx, and values.

{
    Acl        *acl = PG_GETARG_ACL_P(0);
    FuncCallContext *funcctx;
    int        *idx;
    AclItem    *aidat;

    if (SRF_IS_FIRSTCALL())
    {
        TupleDesc   tupdesc;
        MemoryContext oldcontext;

        check_acl(acl);

        funcctx = SRF_FIRSTCALL_INIT();
        oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);

        /*
         * build tupdesc for result tuples (matches out parameters in pg_proc
         * entry)
         */
        tupdesc = CreateTemplateTupleDesc(4, false);
        TupleDescInitEntry(tupdesc, (AttrNumber) 1, "grantor",
                           OIDOID, -1, 0);
        TupleDescInitEntry(tupdesc, (AttrNumber) 2, "grantee",
                           OIDOID, -1, 0);
        TupleDescInitEntry(tupdesc, (AttrNumber) 3, "privilege_type",
                           TEXTOID, -1, 0);
        TupleDescInitEntry(tupdesc, (AttrNumber) 4, "is_grantable",
                           BOOLOID, -1, 0);

        funcctx->tuple_desc = BlessTupleDesc(tupdesc);

        /* allocate memory for user context */
        idx = (int *) palloc(sizeof(int[2]));
        idx[0] = 0;             /* ACL array item index */
        idx[1] = -1;            /* privilege type counter */
        funcctx->user_fctx = (void *) idx;

        MemoryContextSwitchTo(oldcontext);
    }

    funcctx = SRF_PERCALL_SETUP();
    idx = (int *) funcctx->user_fctx;
    aidat = ACL_DAT(acl);

    /* need test here in case acl has no items */
    while (idx[0] < ACL_NUM(acl))
    {
        AclItem    *aidata;
        AclMode     priv_bit;

        idx[1]++;
        if (idx[1] == N_ACL_RIGHTS)
        {
            idx[1] = 0;
            idx[0]++;
            if (idx[0] >= ACL_NUM(acl)) /* done */
                break;
        }
        aidata = &aidat[idx[0]];
        priv_bit = 1 << idx[1];

        if (ACLITEM_GET_PRIVS(*aidata) & priv_bit)
        {
            Datum       result;
            Datum       values[4];
            bool        nulls[4];
            HeapTuple   tuple;

            values[0] = ObjectIdGetDatum(aidata->ai_grantor);
            values[1] = ObjectIdGetDatum(aidata->ai_grantee);
            values[2] = CStringGetTextDatum(convert_aclright_to_string(priv_bit));
            values[3] = BoolGetDatum((ACLITEM_GET_GOPTIONS(*aidata) & priv_bit) != 0);

            MemSet(nulls, 0, sizeof(nulls));

            tuple = heap_form_tuple(funcctx->tuple_desc, values, nulls);
            result = HeapTupleGetDatum(tuple);

            SRF_RETURN_NEXT(funcctx, result);
        }
    }

    SRF_RETURN_DONE(funcctx);
}

Datum aclinsert

(

PG_FUNCTION_ARGS

)

Definition at line 1533 of file acl.c.

References ereport, errcode(), errmsg(), ERROR, and PG_RETURN_NULL.

{
    ereport(ERROR,
            (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
             errmsg("aclinsert is no longer supported")));

    PG_RETURN_NULL();           /* keep compiler quiet */
}

Datum aclitem_eq

(

PG_FUNCTION_ARGS

)

Definition at line 692 of file acl.c.

References a1, a2, AclItem::ai_grantee, AclItem::ai_grantor, AclItem::ai_privs, PG_GETARG_ACLITEM_P, and PG_RETURN_BOOL.

{
    AclItem    *a1 = PG_GETARG_ACLITEM_P(0);
    AclItem    *a2 = PG_GETARG_ACLITEM_P(1);
    bool        result;

    result = a1->ai_privs == a2->ai_privs &&
        a1->ai_grantee == a2->ai_grantee &&
        a1->ai_grantor == a2->ai_grantor;
    PG_RETURN_BOOL(result);
}

static bool aclitem_match	(	const AclItem *	a1,
		const AclItem *	a2
	)			[static]

Definition at line 657 of file acl.c.

References AclItem::ai_grantee, and AclItem::ai_grantor.

Referenced by aclnewowner(), and aclupdate().

{
    return a1->ai_grantee == a2->ai_grantee &&
        a1->ai_grantor == a2->ai_grantor;
}

static int aclitemComparator	(	const void *	arg1,
		const void *	arg2
	)			[static]

Definition at line 668 of file acl.c.

References a1, a2, AclItem::ai_grantee, AclItem::ai_grantor, and AclItem::ai_privs.

Referenced by aclitemsort().

{
    const AclItem *a1 = (const AclItem *) arg1;
    const AclItem *a2 = (const AclItem *) arg2;

    if (a1->ai_grantee > a2->ai_grantee)
        return 1;
    if (a1->ai_grantee < a2->ai_grantee)
        return -1;
    if (a1->ai_grantor > a2->ai_grantor)
        return 1;
    if (a1->ai_grantor < a2->ai_grantor)
        return -1;
    if (a1->ai_privs > a2->ai_privs)
        return 1;
    if (a1->ai_privs < a2->ai_privs)
        return -1;
    return 0;
}

Datum aclitemin

(

PG_FUNCTION_ARGS

)

Definition at line 564 of file acl.c.

References aclparse(), ereport, errcode(), errmsg(), ERROR, palloc(), PG_GETARG_CSTRING, and PG_RETURN_ACLITEM_P.

{
    const char *s = PG_GETARG_CSTRING(0);
    AclItem    *aip;

    aip = (AclItem *) palloc(sizeof(AclItem));
    s = aclparse(s, aip);
    while (isspace((unsigned char) *s))
        ++s;
    if (*s)
        ereport(ERROR,
                (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
               errmsg("extra garbage at the end of the ACL specification")));

    PG_RETURN_ACLITEM_P(aip);
}

Datum aclitemout

(

PG_FUNCTION_ARGS

)

Definition at line 590 of file acl.c.

References ACL_ALL_RIGHTS_STR, ACL_ID_PUBLIC, ACLITEM_GET_GOPTIONS, ACLITEM_GET_PRIVS, AclItem::ai_grantee, AclItem::ai_grantor, AUTHOID, GETSTRUCT, HeapTupleIsValid, i, N_ACL_RIGHTS, NAMEDATALEN, NameStr, ObjectIdGetDatum, palloc(), PG_GETARG_ACLITEM_P, PG_RETURN_CSTRING, putid(), ReleaseSysCache(), and SearchSysCache1.

{
    AclItem    *aip = PG_GETARG_ACLITEM_P(0);
    char       *p;
    char       *out;
    HeapTuple   htup;
    unsigned    i;

    out = palloc(strlen("=/") +
                 2 * N_ACL_RIGHTS +
                 2 * (2 * NAMEDATALEN + 2) +
                 1);

    p = out;
    *p = '\0';

    if (aip->ai_grantee != ACL_ID_PUBLIC)
    {
        htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantee));
        if (HeapTupleIsValid(htup))
        {
            putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
            ReleaseSysCache(htup);
        }
        else
        {
            /* Generate numeric OID if we don't find an entry */
            sprintf(p, "%u", aip->ai_grantee);
        }
    }
    while (*p)
        ++p;

    *p++ = '=';

    for (i = 0; i < N_ACL_RIGHTS; ++i)
    {
        if (ACLITEM_GET_PRIVS(*aip) & (1 << i))
            *p++ = ACL_ALL_RIGHTS_STR[i];
        if (ACLITEM_GET_GOPTIONS(*aip) & (1 << i))
            *p++ = '*';
    }

    *p++ = '/';
    *p = '\0';

    htup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(aip->ai_grantor));
    if (HeapTupleIsValid(htup))
    {
        putid(p, NameStr(((Form_pg_authid) GETSTRUCT(htup))->rolname));
        ReleaseSysCache(htup);
    }
    else
    {
        /* Generate numeric OID if we don't find an entry */
        sprintf(p, "%u", aip->ai_grantor);
    }

    PG_RETURN_CSTRING(out);
}

void aclitemsort

(

Acl *

acl

)

Definition at line 494 of file acl.c.

References ACL_DAT, ACL_NUM, aclitemComparator(), NULL, and qsort.

Referenced by get_user_default_acl(), and SetDefaultACL().

{
    if (acl != NULL && ACL_NUM(acl) > 1)
        qsort(ACL_DAT(acl), ACL_NUM(acl), sizeof(AclItem), aclitemComparator);
}

AclMode aclmask	(	const Acl *	acl,
		Oid	roleid,
		Oid	ownerId,
		AclMode	mask,
		AclMaskHow	how
	)

Definition at line 1304 of file acl.c.

References ACL_DAT, ACL_ID_PUBLIC, ACL_NUM, ACLITEM_ALL_GOPTION_BITS, ACLMASK_ALL, AclItem::ai_grantee, AclItem::ai_privs, check_acl(), elog, ERROR, has_privs_of_role(), i, NULL, and remaining.

Referenced by check_circularity(), pg_attribute_aclmask(), pg_class_aclmask(), pg_database_aclmask(), pg_foreign_data_wrapper_aclmask(), pg_foreign_server_aclmask(), pg_language_aclmask(), pg_largeobject_aclmask_snapshot(), pg_namespace_aclmask(), pg_proc_aclmask(), pg_tablespace_aclmask(), pg_type_aclmask(), and recursive_revoke().

{
    AclMode     result;
    AclMode     remaining;
    AclItem    *aidat;
    int         i,
                num;

    /*
     * Null ACL should not happen, since caller should have inserted
     * appropriate default
     */
    if (acl == NULL)
        elog(ERROR, "null ACL");

    check_acl(acl);

    /* Quick exit for mask == 0 */
    if (mask == 0)
        return 0;

    result = 0;

    /* Owner always implicitly has all grant options */
    if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
        has_privs_of_role(roleid, ownerId))
    {
        result = mask & ACLITEM_ALL_GOPTION_BITS;
        if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
            return result;
    }

    num = ACL_NUM(acl);
    aidat = ACL_DAT(acl);

    /*
     * Check privileges granted directly to roleid or to public
     */
    for (i = 0; i < num; i++)
    {
        AclItem    *aidata = &aidat[i];

        if (aidata->ai_grantee == ACL_ID_PUBLIC ||
            aidata->ai_grantee == roleid)
        {
            result |= aidata->ai_privs & mask;
            if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
                return result;
        }
    }

    /*
     * Check privileges granted indirectly via role memberships. We do this in
     * a separate pass to minimize expensive indirect membership tests.  In
     * particular, it's worth testing whether a given ACL entry grants any
     * privileges still of interest before we perform the has_privs_of_role
     * test.
     */
    remaining = mask & ~result;
    for (i = 0; i < num; i++)
    {
        AclItem    *aidata = &aidat[i];

        if (aidata->ai_grantee == ACL_ID_PUBLIC ||
            aidata->ai_grantee == roleid)
            continue;           /* already checked it */

        if ((aidata->ai_privs & remaining) &&
            has_privs_of_role(roleid, aidata->ai_grantee))
        {
            result |= aidata->ai_privs & mask;
            if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
                return result;
            remaining = mask & ~result;
        }
    }

    return result;
}

static AclMode aclmask_direct	(	const Acl *	acl,
		Oid	roleid,
		Oid	ownerId,
		AclMode	mask,
		AclMaskHow	how
	)			[static]

Definition at line 1393 of file acl.c.

References ACL_DAT, ACL_NUM, ACLITEM_ALL_GOPTION_BITS, ACLMASK_ALL, AclItem::ai_grantee, AclItem::ai_privs, check_acl(), elog, ERROR, i, and NULL.

Referenced by select_best_grantor().

{
    AclMode     result;
    AclItem    *aidat;
    int         i,
                num;

    /*
     * Null ACL should not happen, since caller should have inserted
     * appropriate default
     */
    if (acl == NULL)
        elog(ERROR, "null ACL");

    check_acl(acl);

    /* Quick exit for mask == 0 */
    if (mask == 0)
        return 0;

    result = 0;

    /* Owner always implicitly has all grant options */
    if ((mask & ACLITEM_ALL_GOPTION_BITS) &&
        roleid == ownerId)
    {
        result = mask & ACLITEM_ALL_GOPTION_BITS;
        if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
            return result;
    }

    num = ACL_NUM(acl);
    aidat = ACL_DAT(acl);

    /*
     * Check privileges granted directly to roleid (and not to public)
     */
    for (i = 0; i < num; i++)
    {
        AclItem    *aidata = &aidat[i];

        if (aidata->ai_grantee == roleid)
        {
            result |= aidata->ai_privs & mask;
            if ((how == ACLMASK_ALL) ? (result == mask) : (result != 0))
                return result;
        }
    }

    return result;
}

int aclmembers	(	const Acl *	acl,
		Oid **	roleids
	)

Definition at line 1456 of file acl.c.

References ACL_DAT, ACL_ID_PUBLIC, ACL_NUM, AclItem::ai_grantee, AclItem::ai_grantor, check_acl(), i, sort-test::list, NULL, oidComparator(), palloc(), and qsort.

Referenced by ExecGrant_Attribute(), ExecGrant_Database(), ExecGrant_Fdw(), ExecGrant_ForeignServer(), ExecGrant_Function(), ExecGrant_Language(), ExecGrant_Largeobject(), ExecGrant_Namespace(), ExecGrant_Relation(), ExecGrant_Tablespace(), ExecGrant_Type(), heap_create_with_catalog(), ProcedureCreate(), and SetDefaultACL().

{
    Oid        *list;
    const AclItem *acldat;
    int         i,
                j,
                k;

    if (acl == NULL || ACL_NUM(acl) == 0)
    {
        *roleids = NULL;
        return 0;
    }

    check_acl(acl);

    /* Allocate the worst-case space requirement */
    list = palloc(ACL_NUM(acl) * 2 * sizeof(Oid));
    acldat = ACL_DAT(acl);

    /*
     * Walk the ACL collecting mentioned RoleIds.
     */
    j = 0;
    for (i = 0; i < ACL_NUM(acl); i++)
    {
        const AclItem *ai = &acldat[i];

        if (ai->ai_grantee != ACL_ID_PUBLIC)
            list[j++] = ai->ai_grantee;
        /* grantor is currently never PUBLIC, but let's check anyway */
        if (ai->ai_grantor != ACL_ID_PUBLIC)
            list[j++] = ai->ai_grantor;
    }

    /* Sort the array */
    qsort(list, j, sizeof(Oid), oidComparator);

    /* Remove duplicates from the array */
    k = 0;
    for (i = 1; i < j; i++)
    {
        if (list[k] != list[i])
            list[++k] = list[i];
    }

    /*
     * We could repalloc the array down to minimum size, but it's hardly worth
     * it since it's only transient memory.
     */
    *roleids = list;

    return k + 1;
}

Acl* aclmerge	(	const Acl *	left_acl,
		const Acl *	right_acl,
		Oid	ownerId
	)

Definition at line 450 of file acl.c.

References ACL_DAT, ACL_MODECHG_ADD, ACL_NUM, aclcopy(), aclupdate(), DROP_RESTRICT, i, NULL, and pfree().

Referenced by get_user_default_acl().

{
    Acl        *result_acl;
    AclItem    *aip;
    int         i,
                num;

    /* Check for cases where one or both are empty/null */
    if (left_acl == NULL || ACL_NUM(left_acl) == 0)
    {
        if (right_acl == NULL || ACL_NUM(right_acl) == 0)
            return NULL;
        else
            return aclcopy(right_acl);
    }
    else
    {
        if (right_acl == NULL || ACL_NUM(right_acl) == 0)
            return aclcopy(left_acl);
    }

    /* Merge them the hard way, one item at a time */
    result_acl = aclcopy(left_acl);

    aip = ACL_DAT(right_acl);
    num = ACL_NUM(right_acl);

    for (i = 0; i < num; i++, aip++)
    {
        Acl        *tmp_acl;

        tmp_acl = aclupdate(result_acl, aip, ACL_MODECHG_ADD,
                            ownerId, DROP_RESTRICT);
        pfree(result_acl);
        result_acl = tmp_acl;
    }

    return result_acl;
}

Acl* aclnewowner	(	const Acl *	old_acl,
		Oid	oldOwnerId,
		Oid	newOwnerId
	)

Definition at line 1035 of file acl.c.

References ACL_DAT, ACL_N_SIZE, ACL_NO_RIGHTS, ACL_NUM, ACLITEM_GET_RIGHTS, aclitem_match(), ACLITEM_SET_RIGHTS, AclItem::ai_grantee, AclItem::ai_grantor, allocacl(), ARR_DIMS, check_acl(), and SET_VARSIZE.

Referenced by AlterDatabaseOwner(), AlterObjectOwner_internal(), AlterSchemaOwner_internal(), ATExecChangeOwner(), and change_owner_fix_column_acls().

{
    Acl        *new_acl;
    AclItem    *new_aip;
    AclItem    *old_aip;
    AclItem    *dst_aip;
    AclItem    *src_aip;
    AclItem    *targ_aip;
    bool        newpresent = false;
    int         dst,
                src,
                targ,
                num;

    check_acl(old_acl);

    /*
     * Make a copy of the given ACL, substituting new owner ID for old
     * wherever it appears as either grantor or grantee.  Also note if the new
     * owner ID is already present.
     */
    num = ACL_NUM(old_acl);
    old_aip = ACL_DAT(old_acl);
    new_acl = allocacl(num);
    new_aip = ACL_DAT(new_acl);
    memcpy(new_aip, old_aip, num * sizeof(AclItem));
    for (dst = 0, dst_aip = new_aip; dst < num; dst++, dst_aip++)
    {
        if (dst_aip->ai_grantor == oldOwnerId)
            dst_aip->ai_grantor = newOwnerId;
        else if (dst_aip->ai_grantor == newOwnerId)
            newpresent = true;
        if (dst_aip->ai_grantee == oldOwnerId)
            dst_aip->ai_grantee = newOwnerId;
        else if (dst_aip->ai_grantee == newOwnerId)
            newpresent = true;
    }

    /*
     * If the old ACL contained any references to the new owner, then we may
     * now have generated an ACL containing duplicate entries.  Find them and
     * merge them so that there are not duplicates.  (This is relatively
     * expensive since we use a stupid O(N^2) algorithm, but it's unlikely to
     * be the normal case.)
     *
     * To simplify deletion of duplicate entries, we temporarily leave them in
     * the array but set their privilege masks to zero; when we reach such an
     * entry it's just skipped.  (Thus, a side effect of this code will be to
     * remove privilege-free entries, should there be any in the input.)  dst
     * is the next output slot, targ is the currently considered input slot
     * (always >= dst), and src scans entries to the right of targ looking for
     * duplicates.  Once an entry has been emitted to dst it is known
     * duplicate-free and need not be considered anymore.
     */
    if (newpresent)
    {
        dst = 0;
        for (targ = 0, targ_aip = new_aip; targ < num; targ++, targ_aip++)
        {
            /* ignore if deleted in an earlier pass */
            if (ACLITEM_GET_RIGHTS(*targ_aip) == ACL_NO_RIGHTS)
                continue;
            /* find and merge any duplicates */
            for (src = targ + 1, src_aip = targ_aip + 1; src < num;
                 src++, src_aip++)
            {
                if (ACLITEM_GET_RIGHTS(*src_aip) == ACL_NO_RIGHTS)
                    continue;
                if (aclitem_match(targ_aip, src_aip))
                {
                    ACLITEM_SET_RIGHTS(*targ_aip,
                                       ACLITEM_GET_RIGHTS(*targ_aip) |
                                       ACLITEM_GET_RIGHTS(*src_aip));
                    /* mark the duplicate deleted */
                    ACLITEM_SET_RIGHTS(*src_aip, ACL_NO_RIGHTS);
                }
            }
            /* and emit to output */
            new_aip[dst] = *targ_aip;
            dst++;
        }
        /* Adjust array size to be 'dst' items */
        ARR_DIMS(new_acl)[0] = dst;
        SET_VARSIZE(new_acl, ACL_N_SIZE(dst));
    }

    return new_acl;
}

static const char * aclparse	(	const char *	s,
		AclItem *	aip
	)			[static]

Definition at line 237 of file acl.c.

References ACL_ALL_RIGHTS_STR, ACL_CONNECT_CHR, ACL_CREATE_CHR, ACL_CREATE_TEMP_CHR, ACL_DELETE_CHR, ACL_EXECUTE_CHR, ACL_INSERT_CHR, ACL_REFERENCES_CHR, ACL_SELECT_CHR, ACL_TRIGGER_CHR, ACL_TRUNCATE_CHR, ACL_UPDATE_CHR, ACL_USAGE_CHR, ACLITEM_SET_PRIVS_GOPTIONS, AclItem::ai_grantee, AclItem::ai_grantor, Assert, BOOTSTRAP_SUPERUSERID, elog, ereport, errcode(), errhint(), errmsg(), ERROR, get_role_oid(), getid(), LOG, name, and WARNING.

Referenced by aclitemin().

{
    AclMode     privs,
                goption,
                read;
    char        name[NAMEDATALEN];
    char        name2[NAMEDATALEN];

    Assert(s && aip);

#ifdef ACLDEBUG
    elog(LOG, "aclparse: input = \"%s\"", s);
#endif
    s = getid(s, name);
    if (*s != '=')
    {
        /* we just read a keyword, not a name */
        if (strcmp(name, "group") != 0 && strcmp(name, "user") != 0)
            ereport(ERROR,
                    (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
                     errmsg("unrecognized key word: \"%s\"", name),
                     errhint("ACL key word must be \"group\" or \"user\".")));
        s = getid(s, name);     /* move s to the name beyond the keyword */
        if (name[0] == '\0')
            ereport(ERROR,
                    (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
                     errmsg("missing name"),
                     errhint("A name must follow the \"group\" or \"user\" key word.")));
    }

    if (*s != '=')
        ereport(ERROR,
                (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
                 errmsg("missing \"=\" sign")));

    privs = goption = ACL_NO_RIGHTS;

    for (++s, read = 0; isalpha((unsigned char) *s) || *s == '*'; s++)
    {
        switch (*s)
        {
            case '*':
                goption |= read;
                break;
            case ACL_INSERT_CHR:
                read = ACL_INSERT;
                break;
            case ACL_SELECT_CHR:
                read = ACL_SELECT;
                break;
            case ACL_UPDATE_CHR:
                read = ACL_UPDATE;
                break;
            case ACL_DELETE_CHR:
                read = ACL_DELETE;
                break;
            case ACL_TRUNCATE_CHR:
                read = ACL_TRUNCATE;
                break;
            case ACL_REFERENCES_CHR:
                read = ACL_REFERENCES;
                break;
            case ACL_TRIGGER_CHR:
                read = ACL_TRIGGER;
                break;
            case ACL_EXECUTE_CHR:
                read = ACL_EXECUTE;
                break;
            case ACL_USAGE_CHR:
                read = ACL_USAGE;
                break;
            case ACL_CREATE_CHR:
                read = ACL_CREATE;
                break;
            case ACL_CREATE_TEMP_CHR:
                read = ACL_CREATE_TEMP;
                break;
            case ACL_CONNECT_CHR:
                read = ACL_CONNECT;
                break;
            case 'R':           /* ignore old RULE privileges */
                read = 0;
                break;
            default:
                ereport(ERROR,
                        (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
                      errmsg("invalid mode character: must be one of \"%s\"",
                             ACL_ALL_RIGHTS_STR)));
        }

        privs |= read;
    }

    if (name[0] == '\0')
        aip->ai_grantee = ACL_ID_PUBLIC;
    else
        aip->ai_grantee = get_role_oid(name, false);

    /*
     * XXX Allow a degree of backward compatibility by defaulting the grantor
     * to the superuser.
     */
    if (*s == '/')
    {
        s = getid(s + 1, name2);
        if (name2[0] == '\0')
            ereport(ERROR,
                    (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION),
                     errmsg("a name must follow the \"/\" sign")));
        aip->ai_grantor = get_role_oid(name2, false);
    }
    else
    {
        aip->ai_grantor = BOOTSTRAP_SUPERUSERID;
        ereport(WARNING,
                (errcode(ERRCODE_INVALID_GRANTOR),
                 errmsg("defaulting grantor to user ID %u",
                        BOOTSTRAP_SUPERUSERID)));
    }

    ACLITEM_SET_PRIVS_GOPTIONS(*aip, privs, goption);

#ifdef ACLDEBUG
    elog(LOG, "aclparse: correctly read [%u %x %x]",
         aip->ai_grantee, privs, goption);
#endif

    return s;
}

Datum aclremove

(

PG_FUNCTION_ARGS

)

Definition at line 1543 of file acl.c.

References ereport, errcode(), errmsg(), ERROR, and PG_RETURN_NULL.

{
    ereport(ERROR,
            (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
             errmsg("aclremove is no longer supported")));

    PG_RETURN_NULL();           /* keep compiler quiet */
}

Acl* aclupdate	(	const Acl *	old_acl,
		const AclItem *	mod_aip,
		int	modechg,
		Oid	ownerId,
		DropBehavior	behavior
	)

Definition at line 914 of file acl.c.

References ACL_DAT, ACL_ID_PUBLIC, ACL_MODECHG_ADD, ACL_MODECHG_DEL, ACL_MODECHG_EQL, ACL_N_SIZE, ACL_NO_RIGHTS, ACL_NUM, ACL_SIZE, ACLITEM_GET_GOPTIONS, ACLITEM_GET_RIGHTS, aclitem_match(), ACLITEM_SET_PRIVS_GOPTIONS, ACLITEM_SET_RIGHTS, AclItem::ai_grantee, AclItem::ai_grantor, allocacl(), ARR_DIMS, Assert, check_acl(), check_circularity(), memmove, recursive_revoke(), and SET_VARSIZE.

Referenced by aclmerge(), check_circularity(), merge_acl_with_grant(), and recursive_revoke().

{
    Acl        *new_acl = NULL;
    AclItem    *old_aip,
               *new_aip = NULL;
    AclMode     old_rights,
                old_goptions,
                new_rights,
                new_goptions;
    int         dst,
                num;

    /* Caller probably already checked old_acl, but be safe */
    check_acl(old_acl);

    /* If granting grant options, check for circularity */
    if (modechg != ACL_MODECHG_DEL &&
        ACLITEM_GET_GOPTIONS(*mod_aip) != ACL_NO_RIGHTS)
        check_circularity(old_acl, mod_aip, ownerId);

    num = ACL_NUM(old_acl);
    old_aip = ACL_DAT(old_acl);

    /*
     * Search the ACL for an existing entry for this grantee and grantor. If
     * one exists, just modify the entry in-place (well, in the same position,
     * since we actually return a copy); otherwise, insert the new entry at
     * the end.
     */

    for (dst = 0; dst < num; ++dst)
    {
        if (aclitem_match(mod_aip, old_aip + dst))
        {
            /* found a match, so modify existing item */
            new_acl = allocacl(num);
            new_aip = ACL_DAT(new_acl);
            memcpy(new_acl, old_acl, ACL_SIZE(old_acl));
            break;
        }
    }

    if (dst == num)
    {
        /* need to append a new item */
        new_acl = allocacl(num + 1);
        new_aip = ACL_DAT(new_acl);
        memcpy(new_aip, old_aip, num * sizeof(AclItem));

        /* initialize the new entry with no permissions */
        new_aip[dst].ai_grantee = mod_aip->ai_grantee;
        new_aip[dst].ai_grantor = mod_aip->ai_grantor;
        ACLITEM_SET_PRIVS_GOPTIONS(new_aip[dst],
                                   ACL_NO_RIGHTS, ACL_NO_RIGHTS);
        num++;                  /* set num to the size of new_acl */
    }

    old_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
    old_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);

    /* apply the specified permissions change */
    switch (modechg)
    {
        case ACL_MODECHG_ADD:
            ACLITEM_SET_RIGHTS(new_aip[dst],
                               old_rights | ACLITEM_GET_RIGHTS(*mod_aip));
            break;
        case ACL_MODECHG_DEL:
            ACLITEM_SET_RIGHTS(new_aip[dst],
                               old_rights & ~ACLITEM_GET_RIGHTS(*mod_aip));
            break;
        case ACL_MODECHG_EQL:
            ACLITEM_SET_RIGHTS(new_aip[dst],
                               ACLITEM_GET_RIGHTS(*mod_aip));
            break;
    }

    new_rights = ACLITEM_GET_RIGHTS(new_aip[dst]);
    new_goptions = ACLITEM_GET_GOPTIONS(new_aip[dst]);

    /*
     * If the adjusted entry has no permissions, delete it from the list.
     */
    if (new_rights == ACL_NO_RIGHTS)
    {
        memmove(new_aip + dst,
                new_aip + dst + 1,
                (num - dst - 1) * sizeof(AclItem));
        /* Adjust array size to be 'num - 1' items */
        ARR_DIMS(new_acl)[0] = num - 1;
        SET_VARSIZE(new_acl, ACL_N_SIZE(num - 1));
    }

    /*
     * Remove abandoned privileges (cascading revoke).  Currently we can only
     * handle this when the grantee is not PUBLIC.
     */
    if ((old_goptions & ~new_goptions) != 0)
    {
        Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);
        new_acl = recursive_revoke(new_acl, mod_aip->ai_grantee,
                                   (old_goptions & ~new_goptions),
                                   ownerId, behavior);
    }

    return new_acl;
}

static Acl * allocacl

(

int

n

)

[static]

Definition at line 375 of file acl.c.

References ACL_N_SIZE, ARR_DIMS, ARR_LBOUND, ArrayType::dataoffset, ArrayType::elemtype, elog, ERROR, ArrayType::ndim, palloc0(), and SET_VARSIZE.

Referenced by aclconcat(), aclcopy(), acldefault(), aclnewowner(), aclupdate(), check_circularity(), and make_empty_acl().

{
    Acl        *new_acl;
    Size        size;

    if (n < 0)
        elog(ERROR, "invalid size: %d", n);
    size = ACL_N_SIZE(n);
    new_acl = (Acl *) palloc0(size);
    SET_VARSIZE(new_acl, size);
    new_acl->ndim = 1;
    new_acl->dataoffset = 0;    /* we never put in any nulls */
    new_acl->elemtype = ACLITEMOID;
    ARR_LBOUND(new_acl)[0] = 1;
    ARR_DIMS(new_acl)[0] = n;
    return new_acl;
}

static void check_acl

(

const Acl *

acl

)

[static]

Definition at line 539 of file acl.c.

References ACLITEMOID, ARR_ELEMTYPE, ARR_HASNULL, ARR_NDIM, ereport, errcode(), errmsg(), and ERROR.

Referenced by aclcontains(), aclexplode(), aclmask(), aclmask_direct(), aclmembers(), aclnewowner(), aclupdate(), check_circularity(), and recursive_revoke().

{
    if (ARR_ELEMTYPE(acl) != ACLITEMOID)
        ereport(ERROR,
                (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                 errmsg("ACL array contains wrong data type")));
    if (ARR_NDIM(acl) != 1)
        ereport(ERROR,
                (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                 errmsg("ACL arrays must be one-dimensional")));
    if (ARR_HASNULL(acl))
        ereport(ERROR,
                (errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED),
                 errmsg("ACL arrays must not contain null values")));
}

static void check_circularity	(	const Acl *	old_acl,
		const AclItem *	mod_aip,
		Oid	ownerId
	)			[static]

Definition at line 1138 of file acl.c.

References ACL_DAT, ACL_GRANT_OPTION_FOR, ACL_ID_PUBLIC, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACL_NUM, ACL_OPTION_TO_PRIVS, ACL_SIZE, ACLITEM_GET_GOPTIONS, aclmask(), ACLMASK_ALL, aclupdate(), AclItem::ai_grantee, AclItem::ai_grantor, allocacl(), Assert, check_acl(), DROP_CASCADE, ereport, errcode(), errmsg(), ERROR, i, and pfree().

Referenced by aclupdate().

{
    Acl        *acl;
    AclItem    *aip;
    int         i,
                num;
    AclMode     own_privs;

    check_acl(old_acl);

    /*
     * For now, grant options can only be granted to roles, not PUBLIC.
     * Otherwise we'd have to work a bit harder here.
     */
    Assert(mod_aip->ai_grantee != ACL_ID_PUBLIC);

    /* The owner always has grant options, no need to check */
    if (mod_aip->ai_grantor == ownerId)
        return;

    /* Make a working copy */
    acl = allocacl(ACL_NUM(old_acl));
    memcpy(acl, old_acl, ACL_SIZE(old_acl));

    /* Zap all grant options of target grantee, plus what depends on 'em */
cc_restart:
    num = ACL_NUM(acl);
    aip = ACL_DAT(acl);
    for (i = 0; i < num; i++)
    {
        if (aip[i].ai_grantee == mod_aip->ai_grantee &&
            ACLITEM_GET_GOPTIONS(aip[i]) != ACL_NO_RIGHTS)
        {
            Acl        *new_acl;

            /* We'll actually zap ordinary privs too, but no matter */
            new_acl = aclupdate(acl, &aip[i], ACL_MODECHG_DEL,
                                ownerId, DROP_CASCADE);

            pfree(acl);
            acl = new_acl;

            goto cc_restart;
        }
    }

    /* Now we can compute grantor's independently-derived privileges */
    own_privs = aclmask(acl,
                        mod_aip->ai_grantor,
                        ownerId,
                        ACL_GRANT_OPTION_FOR(ACLITEM_GET_GOPTIONS(*mod_aip)),
                        ACLMASK_ALL);
    own_privs = ACL_OPTION_TO_PRIVS(own_privs);

    if ((ACLITEM_GET_GOPTIONS(*mod_aip) & ~own_privs) != 0)
        ereport(ERROR,
                (errcode(ERRCODE_INVALID_GRANT_OPERATION),
        errmsg("grant options cannot be granted back to your own grantor")));

    pfree(acl);
}

void check_is_member_of_role	(	Oid	member,
		Oid	role
	)

Definition at line 4871 of file acl.c.

References ereport, errcode(), errmsg(), ERROR, GetUserNameFromId(), and is_member_of_role().

Referenced by AlterDatabaseOwner(), AlterForeignServerOwner_internal(), AlterObjectOwner_internal(), AlterSchemaOwner_internal(), AlterTypeOwner(), ATExecChangeOwner(), createdb(), CreateSchemaCommand(), and ExecAlterDefaultPrivilegesStmt().

{
    if (!is_member_of_role(member, role))
        ereport(ERROR,
                (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                 errmsg("must be member of role \"%s\"",
                        GetUserNameFromId(role))));
}

static int column_privilege_check	(	Oid	tableoid,
		AttrNumber	attnum,
		Oid	roleid,
		AclMode	mode
	)			[static]

Definition at line 2459 of file acl.c.

References ACLCHECK_OK, ATTNUM, GETSTRUCT, HeapTupleIsValid, Int16GetDatum, ObjectIdGetDatum, pg_attribute_aclcheck(), pg_class_aclcheck(), ReleaseSysCache(), RELOID, SearchSysCache2, and SearchSysCacheExists1.

Referenced by has_column_privilege_id_attnum(), has_column_privilege_id_id_attnum(), has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), and has_column_privilege_name_name_name().

{
    AclResult   aclresult;
    HeapTuple   attTuple;
    Form_pg_attribute attributeForm;

    /*
     * First check if we have the privilege at the table level.  We check
     * existence of the pg_class row before risking calling pg_class_aclcheck.
     * Note: it might seem there's a race condition against concurrent DROP,
     * but really it's safe because there will be no syscache flush between
     * here and there.  So if we see the row in the syscache, so will
     * pg_class_aclcheck.
     */
    if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
        return -1;

    aclresult = pg_class_aclcheck(tableoid, roleid, mode);

    if (aclresult == ACLCHECK_OK)
        return true;

    /*
     * No table privilege, so try per-column privileges.  Again, we have to
     * check for dropped attribute first, and we rely on the syscache not to
     * notice a concurrent drop before pg_attribute_aclcheck fetches the row.
     */
    attTuple = SearchSysCache2(ATTNUM,
                               ObjectIdGetDatum(tableoid),
                               Int16GetDatum(attnum));
    if (!HeapTupleIsValid(attTuple))
        return -1;
    attributeForm = (Form_pg_attribute) GETSTRUCT(attTuple);
    if (attributeForm->attisdropped)
    {
        ReleaseSysCache(attTuple);
        return -1;
    }
    ReleaseSysCache(attTuple);

    aclresult = pg_attribute_aclcheck(tableoid, attnum, roleid, mode);

    return (aclresult == ACLCHECK_OK);
}

static const char* convert_aclright_to_string

(

int

aclright

)

[static]

Definition at line 1696 of file acl.c.

References ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_DELETE, ACL_EXECUTE, ACL_INSERT, ACL_REFERENCES, ACL_SELECT, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, ACL_USAGE, elog, and ERROR.

Referenced by aclexplode().

{
    switch (aclright)
    {
        case ACL_INSERT:
            return "INSERT";
        case ACL_SELECT:
            return "SELECT";
        case ACL_UPDATE:
            return "UPDATE";
        case ACL_DELETE:
            return "DELETE";
        case ACL_TRUNCATE:
            return "TRUNCATE";
        case ACL_REFERENCES:
            return "REFERENCES";
        case ACL_TRIGGER:
            return "TRIGGER";
        case ACL_EXECUTE:
            return "EXECUTE";
        case ACL_USAGE:
            return "USAGE";
        case ACL_CREATE:
            return "CREATE";
        case ACL_CREATE_TEMP:
            return "TEMPORARY";
        case ACL_CONNECT:
            return "CONNECT";
        default:
            elog(ERROR, "unrecognized aclright: %d", aclright);
            return NULL;
    }
}

static AclMode convert_any_priv_string	(	text *	priv_type_text,
		const priv_map *	privileges
	)			[static]

Definition at line 1648 of file acl.c.

References ereport, errcode(), errmsg(), ERROR, priv_map::name, pfree(), pg_strcasecmp(), text_to_cstring(), and priv_map::value.

Referenced by convert_column_priv_string(), convert_database_priv_string(), convert_foreign_data_wrapper_priv_string(), convert_function_priv_string(), convert_language_priv_string(), convert_role_priv_string(), convert_schema_priv_string(), convert_sequence_priv_string(), convert_server_priv_string(), convert_table_priv_string(), convert_tablespace_priv_string(), and convert_type_priv_string().

{
    AclMode     result = 0;
    char       *priv_type = text_to_cstring(priv_type_text);
    char       *chunk;
    char       *next_chunk;

    /* We rely on priv_type being a private, modifiable string */
    for (chunk = priv_type; chunk; chunk = next_chunk)
    {
        int         chunk_len;
        const priv_map *this_priv;

        /* Split string at commas */
        next_chunk = strchr(chunk, ',');
        if (next_chunk)
            *next_chunk++ = '\0';

        /* Drop leading/trailing whitespace in this chunk */
        while (*chunk && isspace((unsigned char) *chunk))
            chunk++;
        chunk_len = strlen(chunk);
        while (chunk_len > 0 && isspace((unsigned char) chunk[chunk_len - 1]))
            chunk_len--;
        chunk[chunk_len] = '\0';

        /* Match to the privileges list */
        for (this_priv = privileges; this_priv->name; this_priv++)
        {
            if (pg_strcasecmp(this_priv->name, chunk) == 0)
            {
                result |= this_priv->value;
                break;
            }
        }
        if (!this_priv->name)
            ereport(ERROR,
                    (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                     errmsg("unrecognized privilege type: \"%s\"", chunk)));
    }

    pfree(priv_type);
    return result;
}

static AttrNumber convert_column_name	(	Oid	tableoid,
		text *	column
	)			[static]

Definition at line 2830 of file acl.c.

References ereport, errcode(), errmsg(), ERROR, get_attnum(), get_rel_name(), InvalidAttrNumber, pfree(), and text_to_cstring().

Referenced by has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_name(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), and has_column_privilege_name_name_name().

{
    AttrNumber  attnum;
    char       *colname;

    colname = text_to_cstring(column);
    attnum = get_attnum(tableoid, colname);
    if (attnum == InvalidAttrNumber)
        ereport(ERROR,
                (errcode(ERRCODE_UNDEFINED_COLUMN),
                 errmsg("column \"%s\" of relation \"%s\" does not exist",
                        colname, get_rel_name(tableoid))));
    pfree(colname);
    return attnum;
}

static AclMode convert_column_priv_string

(

text *

priv_type_text

)

[static]

Definition at line 2851 of file acl.c.

References ACL_GRANT_OPTION_FOR, ACL_INSERT, ACL_REFERENCES, ACL_SELECT, ACL_UPDATE, and convert_any_priv_string().

Referenced by has_any_column_privilege_id(), has_any_column_privilege_id_id(), has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_id(), has_any_column_privilege_name_name(), has_column_privilege_id_attnum(), has_column_privilege_id_id_attnum(), has_column_privilege_id_id_name(), has_column_privilege_id_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), and has_column_privilege_name_name_name().

{
    static const priv_map column_priv_map[] = {
        {"SELECT", ACL_SELECT},
        {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
        {"INSERT", ACL_INSERT},
        {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
        {"UPDATE", ACL_UPDATE},
        {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
        {"REFERENCES", ACL_REFERENCES},
        {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
        {NULL, 0}
    };

    return convert_any_priv_string(priv_type_text, column_priv_map);
}

static Oid convert_database_name

(

text *

databasename

)

[static]

Definition at line 3036 of file acl.c.

References get_database_oid(), and text_to_cstring().

Referenced by has_database_privilege_id_name(), has_database_privilege_name(), and has_database_privilege_name_name().

{
    char       *dbname = text_to_cstring(databasename);

    return get_database_oid(dbname, false);
}

static AclMode convert_database_priv_string

(

text *

priv_type_text

)

[static]

Definition at line 3048 of file acl.c.

References ACL_CONNECT, ACL_CREATE, ACL_CREATE_TEMP, ACL_GRANT_OPTION_FOR, and convert_any_priv_string().

Referenced by has_database_privilege_id(), has_database_privilege_id_id(), has_database_privilege_id_name(), has_database_privilege_name(), has_database_privilege_name_id(), and has_database_privilege_name_name().

{
    static const priv_map database_priv_map[] = {
        {"CREATE", ACL_CREATE},
        {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
        {"TEMPORARY", ACL_CREATE_TEMP},
        {"TEMPORARY WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
        {"TEMP", ACL_CREATE_TEMP},
        {"TEMP WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE_TEMP)},
        {"CONNECT", ACL_CONNECT},
        {"CONNECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CONNECT)},
        {NULL, 0}
    };

    return convert_any_priv_string(priv_type_text, database_priv_map);

}

static Oid convert_foreign_data_wrapper_name

(

text *

fdwname

)

[static]

Definition at line 3225 of file acl.c.

References get_foreign_data_wrapper_oid(), and text_to_cstring().

Referenced by has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), and has_foreign_data_wrapper_privilege_name_name().

{
    char       *fdwstr = text_to_cstring(fdwname);

    return get_foreign_data_wrapper_oid(fdwstr, false);
}

static AclMode convert_foreign_data_wrapper_priv_string

(

text *

priv_type_text

)

[static]

Definition at line 3237 of file acl.c.

References ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_foreign_data_wrapper_privilege_id(), has_foreign_data_wrapper_privilege_id_id(), has_foreign_data_wrapper_privilege_id_name(), has_foreign_data_wrapper_privilege_name(), has_foreign_data_wrapper_privilege_name_id(), and has_foreign_data_wrapper_privilege_name_name().

{
    static const priv_map foreign_data_wrapper_priv_map[] = {
        {"USAGE", ACL_USAGE},
        {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
        {NULL, 0}
    };

    return convert_any_priv_string(priv_type_text, foreign_data_wrapper_priv_map);
}

static Oid convert_function_name

(

text *

functionname

)

[static]

Definition at line 3416 of file acl.c.

References CStringGetDatum, DatumGetObjectId, DirectFunctionCall1, ereport, errcode(), errmsg(), ERROR, OidIsValid, regprocedurein(), and text_to_cstring().

Referenced by has_function_privilege_id_name(), has_function_privilege_name(), and has_function_privilege_name_name().

{
    char       *funcname = text_to_cstring(functionname);
    Oid         oid;

    oid = DatumGetObjectId(DirectFunctionCall1(regprocedurein,
                                               CStringGetDatum(funcname)));

    if (!OidIsValid(oid))
        ereport(ERROR,
                (errcode(ERRCODE_UNDEFINED_FUNCTION),
                 errmsg("function \"%s\" does not exist", funcname)));

    return oid;
}

static AclMode convert_function_priv_string

(

text *

priv_type_text

)

[static]

Definition at line 3437 of file acl.c.

References ACL_EXECUTE, ACL_GRANT_OPTION_FOR, and convert_any_priv_string().

Referenced by has_function_privilege_id(), has_function_privilege_id_id(), has_function_privilege_id_name(), has_function_privilege_name(), has_function_privilege_name_id(), and has_function_privilege_name_name().

{
    static const priv_map function_priv_map[] = {
        {"EXECUTE", ACL_EXECUTE},
        {"EXECUTE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_EXECUTE)},
        {NULL, 0}
    };

    return convert_any_priv_string(priv_type_text, function_priv_map);
}

static Oid convert_language_name

(

text *

languagename

)

[static]

Definition at line 3616 of file acl.c.

References get_language_oid(), and text_to_cstring().

Referenced by has_language_privilege_id_name(), has_language_privilege_name(), and has_language_privilege_name_name().

{
    char       *langname = text_to_cstring(languagename);

    return get_language_oid(langname, false);
}

static AclMode convert_language_priv_string

(

text *

priv_type_text

)

[static]

Definition at line 3628 of file acl.c.

References ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_language_privilege_id(), has_language_privilege_id_id(), has_language_privilege_id_name(), has_language_privilege_name(), has_language_privilege_name_id(), and has_language_privilege_name_name().

{
    static const priv_map language_priv_map[] = {
        {"USAGE", ACL_USAGE},
        {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
        {NULL, 0}
    };

    return convert_any_priv_string(priv_type_text, language_priv_map);
}

static AclMode convert_priv_string

(

text *

priv_type_text

)

[static]

Definition at line 1598 of file acl.c.

References ereport, errcode(), errmsg(), ERROR, pg_strcasecmp(), and text_to_cstring().

Referenced by makeaclitem().

{
    char       *priv_type = text_to_cstring(priv_type_text);

    if (pg_strcasecmp(priv_type, "SELECT") == 0)
        return ACL_SELECT;
    if (pg_strcasecmp(priv_type, "INSERT") == 0)
        return ACL_INSERT;
    if (pg_strcasecmp(priv_type, "UPDATE") == 0)
        return ACL_UPDATE;
    if (pg_strcasecmp(priv_type, "DELETE") == 0)
        return ACL_DELETE;
    if (pg_strcasecmp(priv_type, "TRUNCATE") == 0)
        return ACL_TRUNCATE;
    if (pg_strcasecmp(priv_type, "REFERENCES") == 0)
        return ACL_REFERENCES;
    if (pg_strcasecmp(priv_type, "TRIGGER") == 0)
        return ACL_TRIGGER;
    if (pg_strcasecmp(priv_type, "EXECUTE") == 0)
        return ACL_EXECUTE;
    if (pg_strcasecmp(priv_type, "USAGE") == 0)
        return ACL_USAGE;
    if (pg_strcasecmp(priv_type, "CREATE") == 0)
        return ACL_CREATE;
    if (pg_strcasecmp(priv_type, "TEMP") == 0)
        return ACL_CREATE_TEMP;
    if (pg_strcasecmp(priv_type, "TEMPORARY") == 0)
        return ACL_CREATE_TEMP;
    if (pg_strcasecmp(priv_type, "CONNECT") == 0)
        return ACL_CONNECT;
    if (pg_strcasecmp(priv_type, "RULE") == 0)
        return 0;               /* ignore old RULE privileges */

    ereport(ERROR,
            (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
             errmsg("unrecognized privilege type: \"%s\"", priv_type)));
    return ACL_NO_RIGHTS;       /* keep compiler quiet */
}

static AclMode convert_role_priv_string

(

text *

priv_type_text

)

[static]

Definition at line 4561 of file acl.c.

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by pg_has_role_id(), pg_has_role_id_id(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), and pg_has_role_name_name().

{
    static const priv_map role_priv_map[] = {
        {"USAGE", ACL_USAGE},
        {"MEMBER", ACL_CREATE},
        {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
        {"USAGE WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
        {"MEMBER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
        {"MEMBER WITH ADMIN OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
        {NULL, 0}
    };

    return convert_any_priv_string(priv_type_text, role_priv_map);
}

static Oid convert_schema_name

(

text *

schemaname

)

[static]

Definition at line 3807 of file acl.c.

References get_namespace_oid(), and text_to_cstring().

Referenced by has_schema_privilege_id_name(), has_schema_privilege_name(), and has_schema_privilege_name_name().

{
    char       *nspname = text_to_cstring(schemaname);

    return get_namespace_oid(nspname, false);
}

static AclMode convert_schema_priv_string

(

text *

priv_type_text

)

[static]

Definition at line 3819 of file acl.c.

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_schema_privilege_id(), has_schema_privilege_id_id(), has_schema_privilege_id_name(), has_schema_privilege_name(), has_schema_privilege_name_id(), and has_schema_privilege_name_name().

{
    static const priv_map schema_priv_map[] = {
        {"CREATE", ACL_CREATE},
        {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
        {"USAGE", ACL_USAGE},
        {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
        {NULL, 0}
    };

    return convert_any_priv_string(priv_type_text, schema_priv_map);
}

static AclMode convert_sequence_priv_string

(

text *

priv_type_text

)

[static]

Definition at line 2241 of file acl.c.

References ACL_SELECT, ACL_UPDATE, ACL_USAGE, and convert_any_priv_string().

Referenced by has_sequence_privilege_id(), has_sequence_privilege_id_id(), has_sequence_privilege_id_name(), has_sequence_privilege_name(), has_sequence_privilege_name_id(), and has_sequence_privilege_name_name().

{
    static const priv_map sequence_priv_map[] = {
        {"USAGE", ACL_USAGE},
        {"SELECT", ACL_SELECT},
        {"UPDATE", ACL_UPDATE},
        {NULL, 0}
    };

    return convert_any_priv_string(priv_type_text, sequence_priv_map);
}

static Oid convert_server_name

(

text *

servername

)

[static]

Definition at line 3991 of file acl.c.

References get_foreign_server_oid(), and text_to_cstring().

Referenced by has_server_privilege_id_name(), has_server_privilege_name(), and has_server_privilege_name_name().

{
    char       *serverstr = text_to_cstring(servername);

    return get_foreign_server_oid(serverstr, false);
}

static AclMode convert_server_priv_string

(

text *

priv_type_text

)

[static]

Definition at line 4003 of file acl.c.

References ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_server_privilege_id(), has_server_privilege_id_id(), has_server_privilege_id_name(), has_server_privilege_name(), has_server_privilege_name_id(), and has_server_privilege_name_name().

{
    static const priv_map server_priv_map[] = {
        {"USAGE", ACL_USAGE},
        {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
        {NULL, 0}
    };

    return convert_any_priv_string(priv_type_text, server_priv_map);
}

static Oid convert_table_name

(

text *

tablename

)

[static]

Definition at line 2003 of file acl.c.

References makeRangeVarFromNameList(), NoLock, RangeVarGetRelid, and textToQualifiedNameList().

Referenced by has_any_column_privilege_id_name(), has_any_column_privilege_name(), has_any_column_privilege_name_name(), has_column_privilege_id_name_attnum(), has_column_privilege_id_name_name(), has_column_privilege_name_attnum(), has_column_privilege_name_name(), has_column_privilege_name_name_attnum(), has_column_privilege_name_name_name(), has_sequence_privilege_id_name(), has_sequence_privilege_name(), has_sequence_privilege_name_name(), has_table_privilege_id_name(), has_table_privilege_name(), and has_table_privilege_name_name().

{
    RangeVar   *relrv;

    relrv = makeRangeVarFromNameList(textToQualifiedNameList(tablename));

    /* We might not even have permissions on this relation; don't lock it. */
    return RangeVarGetRelid(relrv, NoLock, false);
}

static AclMode convert_table_priv_string

(

text *

priv_type_text

)

[static]

Definition at line 2018 of file acl.c.

References ACL_DELETE, ACL_GRANT_OPTION_FOR, ACL_INSERT, ACL_REFERENCES, ACL_SELECT, ACL_TRIGGER, ACL_TRUNCATE, ACL_UPDATE, and convert_any_priv_string().

Referenced by has_table_privilege_id(), has_table_privilege_id_id(), has_table_privilege_id_name(), has_table_privilege_name(), has_table_privilege_name_id(), and has_table_privilege_name_name().

{
    static const priv_map table_priv_map[] = {
        {"SELECT", ACL_SELECT},
        {"SELECT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_SELECT)},
        {"INSERT", ACL_INSERT},
        {"INSERT WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_INSERT)},
        {"UPDATE", ACL_UPDATE},
        {"UPDATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_UPDATE)},
        {"DELETE", ACL_DELETE},
        {"DELETE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_DELETE)},
        {"TRUNCATE", ACL_TRUNCATE},
        {"TRUNCATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRUNCATE)},
        {"REFERENCES", ACL_REFERENCES},
        {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)},
        {"TRIGGER", ACL_TRIGGER},
        {"TRIGGER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRIGGER)},
        {"RULE", 0},            /* ignore old RULE privileges */
        {"RULE WITH GRANT OPTION", 0},
        {NULL, 0}
    };

    return convert_any_priv_string(priv_type_text, table_priv_map);
}

static Oid convert_tablespace_name

(

text *

tablespacename

)

[static]

Definition at line 4173 of file acl.c.

References get_tablespace_oid(), and text_to_cstring().

Referenced by has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), and has_tablespace_privilege_name_name().

{
    char       *spcname = text_to_cstring(tablespacename);

    return get_tablespace_oid(spcname, false);
}

static AclMode convert_tablespace_priv_string

(

text *

priv_type_text

)

[static]

Definition at line 4185 of file acl.c.

References ACL_CREATE, ACL_GRANT_OPTION_FOR, and convert_any_priv_string().

Referenced by has_tablespace_privilege_id(), has_tablespace_privilege_id_id(), has_tablespace_privilege_id_name(), has_tablespace_privilege_name(), has_tablespace_privilege_name_id(), and has_tablespace_privilege_name_name().

{
    static const priv_map tablespace_priv_map[] = {
        {"CREATE", ACL_CREATE},
        {"CREATE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_CREATE)},
        {NULL, 0}
    };

    return convert_any_priv_string(priv_type_text, tablespace_priv_map);
}

static Oid convert_type_name

(

text *

typename

)

[static]

Definition at line 4363 of file acl.c.

References CStringGetDatum, DatumGetObjectId, DirectFunctionCall1, ereport, errcode(), errmsg(), ERROR, OidIsValid, regtypein(), and text_to_cstring().

Referenced by has_type_privilege_id_name(), has_type_privilege_name(), and has_type_privilege_name_name().

{
    char       *typname = text_to_cstring(typename);
    Oid         oid;

    oid = DatumGetObjectId(DirectFunctionCall1(regtypein,
                                               CStringGetDatum(typname)));

    if (!OidIsValid(oid))
        ereport(ERROR,
                (errcode(ERRCODE_UNDEFINED_OBJECT),
                 errmsg("type \"%s\" does not exist", typname)));

    return oid;
}

static AclMode convert_type_priv_string

(

text *

priv_type_text

)

[static]

Definition at line 4384 of file acl.c.

References ACL_GRANT_OPTION_FOR, ACL_USAGE, and convert_any_priv_string().

Referenced by has_type_privilege_id(), has_type_privilege_id_id(), has_type_privilege_id_name(), has_type_privilege_name(), has_type_privilege_name_id(), and has_type_privilege_name_name().

{
    static const priv_map type_priv_map[] = {
        {"USAGE", ACL_USAGE},
        {"USAGE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_USAGE)},
        {NULL, 0}
    };

    return convert_any_priv_string(priv_type_text, type_priv_map);
}

static int count_one_bits

(

AclMode

mask

)

[static]

Definition at line 4967 of file acl.c.

Referenced by select_best_grantor().

{
    int         nbits = 0;

    /* this code relies on AclMode being an unsigned type */
    while (mask)
    {
        if (mask & 1)
            nbits++;
        mask >>= 1;
    }
    return nbits;
}

Oid get_role_oid	(	const char *	rolname,
		bool	missing_ok
	)

Definition at line 5082 of file acl.c.

References AUTHNAME, CStringGetDatum, ereport, errcode(), errmsg(), ERROR, GetSysCacheOid1, and OidIsValid.

Referenced by aclparse(), ATExecCmd(), check_hba(), createdb(), CreateRole(), CreateSchemaCommand(), CreateTableSpace(), ExecAlterDefaultPrivilegesStmt(), ExecAlterOwnerStmt(), ExecuteGrantStmt(), get_object_address_unqualified(), get_role_oid_or_public(), GetUserOidFromMapping(), GrantRole(), is_member(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), pg_has_role_name_name(), ReassignOwnedObjects(), and roleNamesToIds().

{
    Oid         oid;

    oid = GetSysCacheOid1(AUTHNAME, CStringGetDatum(rolname));
    if (!OidIsValid(oid) && !missing_ok)
        ereport(ERROR,
                (errcode(ERRCODE_UNDEFINED_OBJECT),
                 errmsg("role \"%s\" does not exist", rolname)));
    return oid;
}

static Oid get_role_oid_or_public

(

const char *

rolname

)

[static]

Definition at line 5099 of file acl.c.

References get_role_oid().

Referenced by has_any_column_privilege_name_id(), has_any_column_privilege_name_name(), has_column_privilege_name_id_attnum(), has_column_privilege_name_id_name(), has_column_privilege_name_name_attnum(), has_column_privilege_name_name_name(), has_database_privilege_name_id(), has_database_privilege_name_name(), has_foreign_data_wrapper_privilege_name_id(), has_foreign_data_wrapper_privilege_name_name(), has_function_privilege_name_id(), has_function_privilege_name_name(), has_language_privilege_name_id(), has_language_privilege_name_name(), has_schema_privilege_name_id(), has_schema_privilege_name_name(), has_sequence_privilege_name_id(), has_sequence_privilege_name_name(), has_server_privilege_name_id(), has_server_privilege_name_name(), has_table_privilege_name_id(), has_table_privilege_name_name(), has_tablespace_privilege_name_id(), has_tablespace_privilege_name_name(), has_type_privilege_name_id(), and has_type_privilege_name_name().

{
    if (strcmp(rolname, "public") == 0)
        return ACL_ID_PUBLIC;

    return get_role_oid(rolname, false);
}

static const char * getid	(	const char *	s,
		char *	n
	)			[static]

Definition at line 136 of file acl.c.

References Assert, ereport, errcode(), errdetail(), errmsg(), ERROR, and NAMEDATALEN.

Referenced by aclparse().

{
    int         len = 0;
    bool        in_quotes = false;

    Assert(s && n);

    while (isspace((unsigned char) *s))
        s++;
    /* This code had better match what putid() does, below */
    for (;
         *s != '\0' &&
         (isalnum((unsigned char) *s) ||
          *s == '_' ||
          *s == '"' ||
          in_quotes);
         s++)
    {
        if (*s == '"')
        {
            /* safe to look at next char (could be '\0' though) */
            if (*(s + 1) != '"')
            {
                in_quotes = !in_quotes;
                continue;
            }
            /* it's an escaped double quote; skip the escaping char */
            s++;
        }

        /* Add the character to the string */
        if (len >= NAMEDATALEN - 1)
            ereport(ERROR,
                    (errcode(ERRCODE_NAME_TOO_LONG),
                     errmsg("identifier too long"),
                     errdetail("Identifier must be less than %d characters.",
                               NAMEDATALEN)));

        n[len++] = *s;
    }
    n[len] = '\0';
    while (isspace((unsigned char) *s))
        s++;
    return s;
}

Datum has_any_column_privilege_id

(

PG_FUNCTION_ARGS

)

Definition at line 2360 of file acl.c.

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), GetUserId(), ObjectIdGetDatum, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, PG_RETURN_NULL, RELOID, and SearchSysCacheExists1.

{
    Oid         tableoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    mode = convert_column_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
        PG_RETURN_NULL();

    /* First check at table level, then examine each column if needed */
    aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    if (aclresult != ACLCHECK_OK)
        aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
                                              ACLMASK_ANY);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_any_column_privilege_id_id

(

PG_FUNCTION_ARGS

)

Definition at line 2416 of file acl.c.

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), ObjectIdGetDatum, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, PG_RETURN_NULL, RELOID, and SearchSysCacheExists1.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         tableoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    AclMode     mode;
    AclResult   aclresult;

    mode = convert_column_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
        PG_RETURN_NULL();

    /* First check at table level, then examine each column if needed */
    aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    if (aclresult != ACLCHECK_OK)
        aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
                                              ACLMASK_ANY);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_any_column_privilege_id_name

(

PG_FUNCTION_ARGS

)

Definition at line 2389 of file acl.c.

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_P, and PG_RETURN_BOOL.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *tablename = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         tableoid;
    AclMode     mode;
    AclResult   aclresult;

    tableoid = convert_table_name(tablename);
    mode = convert_column_priv_string(priv_type_text);

    /* First check at table level, then examine each column if needed */
    aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    if (aclresult != ACLCHECK_OK)
        aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
                                              ACLMASK_ANY);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_any_column_privilege_name

(

PG_FUNCTION_ARGS

)

Definition at line 2301 of file acl.c.

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), GetUserId(), pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_TEXT_P, and PG_RETURN_BOOL.

{
    text       *tablename = PG_GETARG_TEXT_P(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    Oid         tableoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    tableoid = convert_table_name(tablename);
    mode = convert_column_priv_string(priv_type_text);

    /* First check at table level, then examine each column if needed */
    aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    if (aclresult != ACLCHECK_OK)
        aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
                                              ACLMASK_ANY);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_any_column_privilege_name_id

(

PG_FUNCTION_ARGS

)

Definition at line 2329 of file acl.c.

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), get_role_oid_or_public(), NameStr, ObjectIdGetDatum, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, PG_RETURN_NULL, RELOID, SearchSysCacheExists1, and username.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         tableoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_column_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
        PG_RETURN_NULL();

    /* First check at table level, then examine each column if needed */
    aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    if (aclresult != ACLCHECK_OK)
        aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
                                              ACLMASK_ANY);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_any_column_privilege_name_name

(

PG_FUNCTION_ARGS

)

Definition at line 2271 of file acl.c.

References ACLCHECK_OK, ACLMASK_ANY, convert_column_priv_string(), convert_table_name(), get_role_oid_or_public(), NameStr, pg_attribute_aclcheck_all(), pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_P, and PG_RETURN_BOOL.

{
    Name        rolename = PG_GETARG_NAME(0);
    text       *tablename = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    Oid         tableoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*rolename));
    tableoid = convert_table_name(tablename);
    mode = convert_column_priv_string(priv_type_text);

    /* First check at table level, then examine each column if needed */
    aclresult = pg_class_aclcheck(tableoid, roleid, mode);
    if (aclresult != ACLCHECK_OK)
        aclresult = pg_attribute_aclcheck_all(tableoid, roleid, mode,
                                              ACLMASK_ANY);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_column_privilege_id_attnum

(

PG_FUNCTION_ARGS

)

Definition at line 2803 of file acl.c.

References column_privilege_check(), convert_column_priv_string(), GetUserId(), PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and PG_RETURN_NULL.

{
    Oid         tableoid = PG_GETARG_OID(0);
    AttrNumber  colattnum = PG_GETARG_INT16(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    AclMode     mode;
    int         privresult;

    roleid = GetUserId();
    mode = convert_column_priv_string(priv_type_text);

    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

Datum has_column_privilege_id_id_attnum

(

PG_FUNCTION_ARGS

)

Definition at line 2696 of file acl.c.

References column_privilege_check(), convert_column_priv_string(), PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and PG_RETURN_NULL.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         tableoid = PG_GETARG_OID(1);
    AttrNumber  colattnum = PG_GETARG_INT16(2);
    text       *priv_type_text = PG_GETARG_TEXT_P(3);
    AclMode     mode;
    int         privresult;

    mode = convert_column_priv_string(priv_type_text);

    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

Datum has_column_privilege_id_id_name

(

PG_FUNCTION_ARGS

)

Definition at line 2671 of file acl.c.

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and PG_RETURN_NULL.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         tableoid = PG_GETARG_OID(1);
    text       *column = PG_GETARG_TEXT_P(2);
    text       *priv_type_text = PG_GETARG_TEXT_P(3);
    AttrNumber  colattnum;
    AclMode     mode;
    int         privresult;

    colattnum = convert_column_name(tableoid, column);
    mode = convert_column_priv_string(priv_type_text);

    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

Datum has_column_privilege_id_name

(

PG_FUNCTION_ARGS

)

Definition at line 2776 of file acl.c.

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), GetUserId(), PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and PG_RETURN_NULL.

{
    Oid         tableoid = PG_GETARG_OID(0);
    text       *column = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    AttrNumber  colattnum;
    AclMode     mode;
    int         privresult;

    roleid = GetUserId();
    colattnum = convert_column_name(tableoid, column);
    mode = convert_column_priv_string(priv_type_text);

    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

Datum has_column_privilege_id_name_attnum

(

PG_FUNCTION_ARGS

)

Definition at line 2646 of file acl.c.

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), PG_GETARG_INT16, PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and PG_RETURN_NULL.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *tablename = PG_GETARG_TEXT_P(1);
    AttrNumber  colattnum = PG_GETARG_INT16(2);
    text       *priv_type_text = PG_GETARG_TEXT_P(3);
    Oid         tableoid;
    AclMode     mode;
    int         privresult;

    tableoid = convert_table_name(tablename);
    mode = convert_column_priv_string(priv_type_text);

    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

Datum has_column_privilege_id_name_name

(

PG_FUNCTION_ARGS

)

Definition at line 2619 of file acl.c.

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and PG_RETURN_NULL.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *tablename = PG_GETARG_TEXT_P(1);
    text       *column = PG_GETARG_TEXT_P(2);
    text       *priv_type_text = PG_GETARG_TEXT_P(3);
    Oid         tableoid;
    AttrNumber  colattnum;
    AclMode     mode;
    int         privresult;

    tableoid = convert_table_name(tablename);
    colattnum = convert_column_name(tableoid, column);
    mode = convert_column_priv_string(priv_type_text);

    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

Datum has_column_privilege_name_attnum

(

PG_FUNCTION_ARGS

)

Definition at line 2749 of file acl.c.

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), GetUserId(), PG_GETARG_INT16, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and PG_RETURN_NULL.

{
    text       *tablename = PG_GETARG_TEXT_P(0);
    AttrNumber  colattnum = PG_GETARG_INT16(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    Oid         tableoid;
    AclMode     mode;
    int         privresult;

    roleid = GetUserId();
    tableoid = convert_table_name(tablename);
    mode = convert_column_priv_string(priv_type_text);

    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

Datum has_column_privilege_name_id_attnum

(

PG_FUNCTION_ARGS

)

Definition at line 2594 of file acl.c.

References column_privilege_check(), convert_column_priv_string(), get_role_oid_or_public(), NameStr, PG_GETARG_INT16, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         tableoid = PG_GETARG_OID(1);
    AttrNumber  colattnum = PG_GETARG_INT16(2);
    text       *priv_type_text = PG_GETARG_TEXT_P(3);
    Oid         roleid;
    AclMode     mode;
    int         privresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_column_priv_string(priv_type_text);

    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

Datum has_column_privilege_name_id_name

(

PG_FUNCTION_ARGS

)

Definition at line 2567 of file acl.c.

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), get_role_oid_or_public(), NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, PG_RETURN_NULL, and username.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         tableoid = PG_GETARG_OID(1);
    text       *column = PG_GETARG_TEXT_P(2);
    text       *priv_type_text = PG_GETARG_TEXT_P(3);
    Oid         roleid;
    AttrNumber  colattnum;
    AclMode     mode;
    int         privresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    colattnum = convert_column_name(tableoid, column);
    mode = convert_column_priv_string(priv_type_text);

    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

Datum has_column_privilege_name_name

(

PG_FUNCTION_ARGS

)

Definition at line 2720 of file acl.c.

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), GetUserId(), PG_GETARG_TEXT_P, PG_RETURN_BOOL, and PG_RETURN_NULL.

{
    text       *tablename = PG_GETARG_TEXT_P(0);
    text       *column = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    Oid         tableoid;
    AttrNumber  colattnum;
    AclMode     mode;
    int         privresult;

    roleid = GetUserId();
    tableoid = convert_table_name(tablename);
    colattnum = convert_column_name(tableoid, column);
    mode = convert_column_priv_string(priv_type_text);

    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

Datum has_column_privilege_name_name_attnum

(

PG_FUNCTION_ARGS

)

Definition at line 2540 of file acl.c.

References column_privilege_check(), convert_column_priv_string(), convert_table_name(), get_role_oid_or_public(), NameStr, PG_GETARG_INT16, PG_GETARG_NAME, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and PG_RETURN_NULL.

{
    Name        rolename = PG_GETARG_NAME(0);
    text       *tablename = PG_GETARG_TEXT_P(1);
    AttrNumber  colattnum = PG_GETARG_INT16(2);
    text       *priv_type_text = PG_GETARG_TEXT_P(3);
    Oid         roleid;
    Oid         tableoid;
    AclMode     mode;
    int         privresult;

    roleid = get_role_oid_or_public(NameStr(*rolename));
    tableoid = convert_table_name(tablename);
    mode = convert_column_priv_string(priv_type_text);

    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

Datum has_column_privilege_name_name_name

(

PG_FUNCTION_ARGS

)

Definition at line 2511 of file acl.c.

References column_privilege_check(), convert_column_name(), convert_column_priv_string(), convert_table_name(), get_role_oid_or_public(), NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and PG_RETURN_NULL.

{
    Name        rolename = PG_GETARG_NAME(0);
    text       *tablename = PG_GETARG_TEXT_P(1);
    text       *column = PG_GETARG_TEXT_P(2);
    text       *priv_type_text = PG_GETARG_TEXT_P(3);
    Oid         roleid;
    Oid         tableoid;
    AttrNumber  colattnum;
    AclMode     mode;
    int         privresult;

    roleid = get_role_oid_or_public(NameStr(*rolename));
    tableoid = convert_table_name(tablename);
    colattnum = convert_column_name(tableoid, column);
    mode = convert_column_priv_string(priv_type_text);

    privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
    if (privresult < 0)
        PG_RETURN_NULL();
    PG_RETURN_BOOL(privresult);
}

Datum has_database_privilege_id

(

PG_FUNCTION_ARGS

)

Definition at line 2962 of file acl.c.

References ACLCHECK_OK, convert_database_priv_string(), DATABASEOID, GetUserId(), ObjectIdGetDatum, pg_database_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, PG_RETURN_NULL, and SearchSysCacheExists1.

{
    Oid         databaseoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    mode = convert_database_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
        PG_RETURN_NULL();

    aclresult = pg_database_aclcheck(databaseoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_database_privilege_id_id

(

PG_FUNCTION_ARGS

)

Definition at line 3010 of file acl.c.

References ACLCHECK_OK, convert_database_priv_string(), DATABASEOID, ObjectIdGetDatum, pg_database_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, PG_RETURN_NULL, and SearchSysCacheExists1.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         databaseoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    AclMode     mode;
    AclResult   aclresult;

    mode = convert_database_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
        PG_RETURN_NULL();

    aclresult = pg_database_aclcheck(databaseoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_database_privilege_id_name

(

PG_FUNCTION_ARGS

)

Definition at line 2987 of file acl.c.

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), pg_database_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_P, and PG_RETURN_BOOL.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *databasename = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         databaseoid;
    AclMode     mode;
    AclResult   aclresult;

    databaseoid = convert_database_name(databasename);
    mode = convert_database_priv_string(priv_type_text);

    aclresult = pg_database_aclcheck(databaseoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_database_privilege_name

(

PG_FUNCTION_ARGS

)

Definition at line 2911 of file acl.c.

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), GetUserId(), pg_database_aclcheck(), PG_GETARG_TEXT_P, and PG_RETURN_BOOL.

{
    text       *databasename = PG_GETARG_TEXT_P(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    Oid         databaseoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    databaseoid = convert_database_name(databasename);
    mode = convert_database_priv_string(priv_type_text);

    aclresult = pg_database_aclcheck(databaseoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_database_privilege_name_id

(

PG_FUNCTION_ARGS

)

Definition at line 2935 of file acl.c.

References ACLCHECK_OK, convert_database_priv_string(), DATABASEOID, get_role_oid_or_public(), NameStr, ObjectIdGetDatum, pg_database_aclcheck(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, PG_RETURN_NULL, SearchSysCacheExists1, and username.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         databaseoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_database_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
        PG_RETURN_NULL();

    aclresult = pg_database_aclcheck(databaseoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_database_privilege_name_name

(

PG_FUNCTION_ARGS

)

Definition at line 2885 of file acl.c.

References ACLCHECK_OK, convert_database_name(), convert_database_priv_string(), get_role_oid_or_public(), NameStr, pg_database_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and username.

{
    Name        username = PG_GETARG_NAME(0);
    text       *databasename = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    Oid         databaseoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    databaseoid = convert_database_name(databasename);
    mode = convert_database_priv_string(priv_type_text);

    aclresult = pg_database_aclcheck(databaseoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_foreign_data_wrapper_privilege_id

(

PG_FUNCTION_ARGS

)

Definition at line 3157 of file acl.c.

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), GetUserId(), pg_foreign_data_wrapper_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_P, and PG_RETURN_BOOL.

{
    Oid         fdwid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    mode = convert_foreign_data_wrapper_priv_string(priv_type_text);

    aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_foreign_data_wrapper_privilege_id_id

(

PG_FUNCTION_ARGS

)

Definition at line 3202 of file acl.c.

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), pg_foreign_data_wrapper_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_P, and PG_RETURN_BOOL.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         fdwid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    AclMode     mode;
    AclResult   aclresult;

    mode = convert_foreign_data_wrapper_priv_string(priv_type_text);

    aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_foreign_data_wrapper_privilege_id_name

(

PG_FUNCTION_ARGS

)

Definition at line 3179 of file acl.c.

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), pg_foreign_data_wrapper_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_P, and PG_RETURN_BOOL.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *fdwname = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         fdwid;
    AclMode     mode;
    AclResult   aclresult;

    fdwid = convert_foreign_data_wrapper_name(fdwname);
    mode = convert_foreign_data_wrapper_priv_string(priv_type_text);

    aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_foreign_data_wrapper_privilege_name

(

PG_FUNCTION_ARGS

)

Definition at line 3109 of file acl.c.

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), GetUserId(), pg_foreign_data_wrapper_aclcheck(), PG_GETARG_TEXT_P, and PG_RETURN_BOOL.

{
    text       *fdwname = PG_GETARG_TEXT_P(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    Oid         fdwid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    fdwid = convert_foreign_data_wrapper_name(fdwname);
    mode = convert_foreign_data_wrapper_priv_string(priv_type_text);

    aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_foreign_data_wrapper_privilege_name_id

(

PG_FUNCTION_ARGS

)

Definition at line 3133 of file acl.c.

References ACLCHECK_OK, convert_foreign_data_wrapper_priv_string(), get_role_oid_or_public(), NameStr, pg_foreign_data_wrapper_aclcheck(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and username.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         fdwid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_foreign_data_wrapper_priv_string(priv_type_text);

    aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_foreign_data_wrapper_privilege_name_name

(

PG_FUNCTION_ARGS

)

Definition at line 3083 of file acl.c.

References ACLCHECK_OK, convert_foreign_data_wrapper_name(), convert_foreign_data_wrapper_priv_string(), get_role_oid_or_public(), NameStr, pg_foreign_data_wrapper_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and username.

{
    Name        username = PG_GETARG_NAME(0);
    text       *fdwname = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    Oid         fdwid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    fdwid = convert_foreign_data_wrapper_name(fdwname);
    mode = convert_foreign_data_wrapper_priv_string(priv_type_text);

    aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_function_privilege_id

(

PG_FUNCTION_ARGS

)

Definition at line 3342 of file acl.c.

References ACLCHECK_OK, convert_function_priv_string(), GetUserId(), ObjectIdGetDatum, PG_GETARG_OID, PG_GETARG_TEXT_P, pg_proc_aclcheck(), PG_RETURN_BOOL, PG_RETURN_NULL, PROCOID, and SearchSysCacheExists1.

{
    Oid         functionoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    mode = convert_function_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
        PG_RETURN_NULL();

    aclresult = pg_proc_aclcheck(functionoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_function_privilege_id_id

(

PG_FUNCTION_ARGS

)

Definition at line 3390 of file acl.c.

References ACLCHECK_OK, convert_function_priv_string(), ObjectIdGetDatum, PG_GETARG_OID, PG_GETARG_TEXT_P, pg_proc_aclcheck(), PG_RETURN_BOOL, PG_RETURN_NULL, PROCOID, and SearchSysCacheExists1.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         functionoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    AclMode     mode;
    AclResult   aclresult;

    mode = convert_function_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
        PG_RETURN_NULL();

    aclresult = pg_proc_aclcheck(functionoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_function_privilege_id_name

(

PG_FUNCTION_ARGS

)

Definition at line 3367 of file acl.c.

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), PG_GETARG_OID, PG_GETARG_TEXT_P, pg_proc_aclcheck(), and PG_RETURN_BOOL.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *functionname = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         functionoid;
    AclMode     mode;
    AclResult   aclresult;

    functionoid = convert_function_name(functionname);
    mode = convert_function_priv_string(priv_type_text);

    aclresult = pg_proc_aclcheck(functionoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_function_privilege_name

(

PG_FUNCTION_ARGS

)

Definition at line 3291 of file acl.c.

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), GetUserId(), PG_GETARG_TEXT_P, pg_proc_aclcheck(), and PG_RETURN_BOOL.

{
    text       *functionname = PG_GETARG_TEXT_P(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    Oid         functionoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    functionoid = convert_function_name(functionname);
    mode = convert_function_priv_string(priv_type_text);

    aclresult = pg_proc_aclcheck(functionoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_function_privilege_name_id

(

PG_FUNCTION_ARGS

)

Definition at line 3315 of file acl.c.

References ACLCHECK_OK, convert_function_priv_string(), get_role_oid_or_public(), NameStr, ObjectIdGetDatum, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_P, pg_proc_aclcheck(), PG_RETURN_BOOL, PG_RETURN_NULL, PROCOID, SearchSysCacheExists1, and username.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         functionoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_function_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
        PG_RETURN_NULL();

    aclresult = pg_proc_aclcheck(functionoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_function_privilege_name_name

(

PG_FUNCTION_ARGS

)

Definition at line 3265 of file acl.c.

References ACLCHECK_OK, convert_function_name(), convert_function_priv_string(), get_role_oid_or_public(), NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_P, pg_proc_aclcheck(), PG_RETURN_BOOL, and username.

{
    Name        username = PG_GETARG_NAME(0);
    text       *functionname = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    Oid         functionoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    functionoid = convert_function_name(functionname);
    mode = convert_function_priv_string(priv_type_text);

    aclresult = pg_proc_aclcheck(functionoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_language_privilege_id

(

PG_FUNCTION_ARGS

)

Definition at line 3542 of file acl.c.

References ACLCHECK_OK, convert_language_priv_string(), GetUserId(), LANGOID, ObjectIdGetDatum, PG_GETARG_OID, PG_GETARG_TEXT_P, pg_language_aclcheck(), PG_RETURN_BOOL, PG_RETURN_NULL, and SearchSysCacheExists1.

{
    Oid         languageoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    mode = convert_language_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
        PG_RETURN_NULL();

    aclresult = pg_language_aclcheck(languageoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_language_privilege_id_id

(

PG_FUNCTION_ARGS

)

Definition at line 3590 of file acl.c.

References ACLCHECK_OK, convert_language_priv_string(), LANGOID, ObjectIdGetDatum, PG_GETARG_OID, PG_GETARG_TEXT_P, pg_language_aclcheck(), PG_RETURN_BOOL, PG_RETURN_NULL, and SearchSysCacheExists1.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         languageoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    AclMode     mode;
    AclResult   aclresult;

    mode = convert_language_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
        PG_RETURN_NULL();

    aclresult = pg_language_aclcheck(languageoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_language_privilege_id_name

(

PG_FUNCTION_ARGS

)

Definition at line 3567 of file acl.c.

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), PG_GETARG_OID, PG_GETARG_TEXT_P, pg_language_aclcheck(), and PG_RETURN_BOOL.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *languagename = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         languageoid;
    AclMode     mode;
    AclResult   aclresult;

    languageoid = convert_language_name(languagename);
    mode = convert_language_priv_string(priv_type_text);

    aclresult = pg_language_aclcheck(languageoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_language_privilege_name

(

PG_FUNCTION_ARGS

)

Definition at line 3491 of file acl.c.

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), GetUserId(), PG_GETARG_TEXT_P, pg_language_aclcheck(), and PG_RETURN_BOOL.

{
    text       *languagename = PG_GETARG_TEXT_P(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    Oid         languageoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    languageoid = convert_language_name(languagename);
    mode = convert_language_priv_string(priv_type_text);

    aclresult = pg_language_aclcheck(languageoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_language_privilege_name_id

(

PG_FUNCTION_ARGS

)

Definition at line 3515 of file acl.c.

References ACLCHECK_OK, convert_language_priv_string(), get_role_oid_or_public(), LANGOID, NameStr, ObjectIdGetDatum, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_P, pg_language_aclcheck(), PG_RETURN_BOOL, PG_RETURN_NULL, SearchSysCacheExists1, and username.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         languageoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_language_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
        PG_RETURN_NULL();

    aclresult = pg_language_aclcheck(languageoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_language_privilege_name_name

(

PG_FUNCTION_ARGS

)

Definition at line 3465 of file acl.c.

References ACLCHECK_OK, convert_language_name(), convert_language_priv_string(), get_role_oid_or_public(), NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_P, pg_language_aclcheck(), PG_RETURN_BOOL, and username.

{
    Name        username = PG_GETARG_NAME(0);
    text       *languagename = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    Oid         languageoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    languageoid = convert_language_name(languagename);
    mode = convert_language_priv_string(priv_type_text);

    aclresult = pg_language_aclcheck(languageoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

bool has_privs_of_role	(	Oid	member,
		Oid	role
	)

Definition at line 4825 of file acl.c.

References list_member_oid(), roles_has_privs_of(), and superuser_arg().

Referenced by aclmask(), AlterObjectNamespace_internal(), AlterObjectOwner_internal(), AlterObjectRename_internal(), DropOwnedObjects(), pg_class_ownercheck(), pg_collation_ownercheck(), pg_conversion_ownercheck(), pg_database_ownercheck(), pg_event_trigger_ownercheck(), pg_extension_ownercheck(), pg_foreign_data_wrapper_ownercheck(), pg_foreign_server_ownercheck(), pg_language_ownercheck(), pg_largeobject_ownercheck(), pg_namespace_ownercheck(), pg_opclass_ownercheck(), pg_oper_ownercheck(), pg_opfamily_ownercheck(), pg_proc_ownercheck(), pg_role_aclcheck(), pg_tablespace_ownercheck(), pg_ts_config_ownercheck(), pg_ts_dict_ownercheck(), pg_type_ownercheck(), and ReassignOwnedObjects().

{
    /* Fast path for simple case */
    if (member == role)
        return true;

    /* Superusers have every privilege, so are part of every role */
    if (superuser_arg(member))
        return true;

    /*
     * Find all the roles that member has the privileges of, including
     * multi-level recursion, then see if target role is any one of them.
     */
    return list_member_oid(roles_has_privs_of(member), role);
}

static bool has_rolinherit

(

Oid

roleid

)

[static]

Definition at line 4635 of file acl.c.

References AUTHOID, GETSTRUCT, HeapTupleIsValid, ObjectIdGetDatum, ReleaseSysCache(), and SearchSysCache1.

Referenced by roles_has_privs_of().

{
    bool        result = false;
    HeapTuple   utup;

    utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
    if (HeapTupleIsValid(utup))
    {
        result = ((Form_pg_authid) GETSTRUCT(utup))->rolinherit;
        ReleaseSysCache(utup);
    }
    return result;
}

Datum has_schema_privilege_id

(

PG_FUNCTION_ARGS

)

Definition at line 3733 of file acl.c.

References ACLCHECK_OK, convert_schema_priv_string(), GetUserId(), NAMESPACEOID, ObjectIdGetDatum, PG_GETARG_OID, PG_GETARG_TEXT_P, pg_namespace_aclcheck(), PG_RETURN_BOOL, PG_RETURN_NULL, and SearchSysCacheExists1.

{
    Oid         schemaoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    mode = convert_schema_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
        PG_RETURN_NULL();

    aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_schema_privilege_id_id

(

PG_FUNCTION_ARGS

)

Definition at line 3781 of file acl.c.

References ACLCHECK_OK, convert_schema_priv_string(), NAMESPACEOID, ObjectIdGetDatum, PG_GETARG_OID, PG_GETARG_TEXT_P, pg_namespace_aclcheck(), PG_RETURN_BOOL, PG_RETURN_NULL, and SearchSysCacheExists1.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         schemaoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    AclMode     mode;
    AclResult   aclresult;

    mode = convert_schema_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
        PG_RETURN_NULL();

    aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_schema_privilege_id_name

(

PG_FUNCTION_ARGS

)

Definition at line 3758 of file acl.c.

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), PG_GETARG_OID, PG_GETARG_TEXT_P, pg_namespace_aclcheck(), and PG_RETURN_BOOL.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *schemaname = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         schemaoid;
    AclMode     mode;
    AclResult   aclresult;

    schemaoid = convert_schema_name(schemaname);
    mode = convert_schema_priv_string(priv_type_text);

    aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_schema_privilege_name

(

PG_FUNCTION_ARGS

)

Definition at line 3682 of file acl.c.

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), GetUserId(), PG_GETARG_TEXT_P, pg_namespace_aclcheck(), and PG_RETURN_BOOL.

{
    text       *schemaname = PG_GETARG_TEXT_P(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    Oid         schemaoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    schemaoid = convert_schema_name(schemaname);
    mode = convert_schema_priv_string(priv_type_text);

    aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_schema_privilege_name_id

(

PG_FUNCTION_ARGS

)

Definition at line 3706 of file acl.c.

References ACLCHECK_OK, convert_schema_priv_string(), get_role_oid_or_public(), NAMESPACEOID, NameStr, ObjectIdGetDatum, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_P, pg_namespace_aclcheck(), PG_RETURN_BOOL, PG_RETURN_NULL, SearchSysCacheExists1, and username.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         schemaoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_schema_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
        PG_RETURN_NULL();

    aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_schema_privilege_name_name

(

PG_FUNCTION_ARGS

)

Definition at line 3656 of file acl.c.

References ACLCHECK_OK, convert_schema_name(), convert_schema_priv_string(), get_role_oid_or_public(), NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_P, pg_namespace_aclcheck(), PG_RETURN_BOOL, and username.

{
    Name        username = PG_GETARG_NAME(0);
    text       *schemaname = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    Oid         schemaoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    schemaoid = convert_schema_name(schemaname);
    mode = convert_schema_priv_string(priv_type_text);

    aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_sequence_privilege_id

(

PG_FUNCTION_ARGS

)

Definition at line 2153 of file acl.c.

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg(), ERROR, get_rel_name(), get_rel_relkind(), GetUserId(), pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, PG_RETURN_NULL, and RELKIND_SEQUENCE.

{
    Oid         sequenceoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    char        relkind;

    roleid = GetUserId();
    mode = convert_sequence_priv_string(priv_type_text);
    relkind = get_rel_relkind(sequenceoid);
    if (relkind == '\0')
        PG_RETURN_NULL();
    else if (relkind != RELKIND_SEQUENCE)
        ereport(ERROR,
                (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                 errmsg("\"%s\" is not a sequence",
                        get_rel_name(sequenceoid))));

    aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_sequence_privilege_id_id

(

PG_FUNCTION_ARGS

)

Definition at line 2212 of file acl.c.

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg(), ERROR, get_rel_name(), get_rel_relkind(), pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, PG_RETURN_NULL, and RELKIND_SEQUENCE.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         sequenceoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    AclMode     mode;
    AclResult   aclresult;
    char        relkind;

    mode = convert_sequence_priv_string(priv_type_text);
    relkind = get_rel_relkind(sequenceoid);
    if (relkind == '\0')
        PG_RETURN_NULL();
    else if (relkind != RELKIND_SEQUENCE)
        ereport(ERROR,
                (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                 errmsg("\"%s\" is not a sequence",
                        get_rel_name(sequenceoid))));

    aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_sequence_privilege_id_name

(

PG_FUNCTION_ARGS

)

Definition at line 2184 of file acl.c.

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, RELKIND_SEQUENCE, and text_to_cstring().

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *sequencename = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         sequenceoid;
    AclMode     mode;
    AclResult   aclresult;

    mode = convert_sequence_priv_string(priv_type_text);
    sequenceoid = convert_table_name(sequencename);
    if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
        ereport(ERROR,
                (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                 errmsg("\"%s\" is not a sequence",
                        text_to_cstring(sequencename))));

    aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_sequence_privilege_name

(

PG_FUNCTION_ARGS

)

Definition at line 2091 of file acl.c.

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), GetUserId(), pg_class_aclcheck(), PG_GETARG_TEXT_P, PG_RETURN_BOOL, RELKIND_SEQUENCE, and text_to_cstring().

{
    text       *sequencename = PG_GETARG_TEXT_P(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    Oid         sequenceoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    mode = convert_sequence_priv_string(priv_type_text);
    sequenceoid = convert_table_name(sequencename);
    if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
        ereport(ERROR,
                (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                 errmsg("\"%s\" is not a sequence",
                        text_to_cstring(sequencename))));

    aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_sequence_privilege_name_id

(

PG_FUNCTION_ARGS

)

Definition at line 2120 of file acl.c.

References ACLCHECK_OK, convert_sequence_priv_string(), ereport, errcode(), errmsg(), ERROR, get_rel_name(), get_rel_relkind(), get_role_oid_or_public(), NameStr, pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, PG_RETURN_NULL, RELKIND_SEQUENCE, and username.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         sequenceoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;
    char        relkind;

    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_sequence_priv_string(priv_type_text);
    relkind = get_rel_relkind(sequenceoid);
    if (relkind == '\0')
        PG_RETURN_NULL();
    else if (relkind != RELKIND_SEQUENCE)
        ereport(ERROR,
                (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                 errmsg("\"%s\" is not a sequence",
                        get_rel_name(sequenceoid))));

    aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_sequence_privilege_name_name

(

PG_FUNCTION_ARGS

)

Definition at line 2060 of file acl.c.

References ACLCHECK_OK, convert_sequence_priv_string(), convert_table_name(), ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), get_role_oid_or_public(), NameStr, pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_P, PG_RETURN_BOOL, RELKIND_SEQUENCE, and text_to_cstring().

{
    Name        rolename = PG_GETARG_NAME(0);
    text       *sequencename = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    Oid         sequenceoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*rolename));
    mode = convert_sequence_priv_string(priv_type_text);
    sequenceoid = convert_table_name(sequencename);
    if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
        ereport(ERROR,
                (errcode(ERRCODE_WRONG_OBJECT_TYPE),
                 errmsg("\"%s\" is not a sequence",
                        text_to_cstring(sequencename))));

    aclresult = pg_class_aclcheck(sequenceoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_server_privilege_id

(

PG_FUNCTION_ARGS

)

Definition at line 3923 of file acl.c.

References ACLCHECK_OK, convert_server_priv_string(), GetUserId(), pg_foreign_server_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_P, and PG_RETURN_BOOL.

{
    Oid         serverid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    mode = convert_server_priv_string(priv_type_text);

    aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_server_privilege_id_id

(

PG_FUNCTION_ARGS

)

Definition at line 3968 of file acl.c.

References ACLCHECK_OK, convert_server_priv_string(), pg_foreign_server_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_P, and PG_RETURN_BOOL.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         serverid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    AclMode     mode;
    AclResult   aclresult;

    mode = convert_server_priv_string(priv_type_text);

    aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_server_privilege_id_name

(

PG_FUNCTION_ARGS

)

Definition at line 3945 of file acl.c.

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), pg_foreign_server_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_P, and PG_RETURN_BOOL.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *servername = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         serverid;
    AclMode     mode;
    AclResult   aclresult;

    serverid = convert_server_name(servername);
    mode = convert_server_priv_string(priv_type_text);

    aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_server_privilege_name

(

PG_FUNCTION_ARGS

)

Definition at line 3875 of file acl.c.

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), GetUserId(), pg_foreign_server_aclcheck(), PG_GETARG_TEXT_P, and PG_RETURN_BOOL.

{
    text       *servername = PG_GETARG_TEXT_P(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    Oid         serverid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    serverid = convert_server_name(servername);
    mode = convert_server_priv_string(priv_type_text);

    aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_server_privilege_name_id

(

PG_FUNCTION_ARGS

)

Definition at line 3899 of file acl.c.

References ACLCHECK_OK, convert_server_priv_string(), get_role_oid_or_public(), NameStr, pg_foreign_server_aclcheck(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and username.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         serverid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_server_priv_string(priv_type_text);

    aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_server_privilege_name_name

(

PG_FUNCTION_ARGS

)

Definition at line 3849 of file acl.c.

References ACLCHECK_OK, convert_server_name(), convert_server_priv_string(), get_role_oid_or_public(), NameStr, pg_foreign_server_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and username.

{
    Name        username = PG_GETARG_NAME(0);
    text       *servername = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    Oid         serverid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    serverid = convert_server_name(servername);
    mode = convert_server_priv_string(priv_type_text);

    aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_table_privilege_id

(

PG_FUNCTION_ARGS

)

Definition at line 1929 of file acl.c.

References ACLCHECK_OK, convert_table_priv_string(), GetUserId(), ObjectIdGetDatum, pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, PG_RETURN_NULL, RELOID, and SearchSysCacheExists1.

{
    Oid         tableoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    mode = convert_table_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
        PG_RETURN_NULL();

    aclresult = pg_class_aclcheck(tableoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_table_privilege_id_id

(

PG_FUNCTION_ARGS

)

Definition at line 1977 of file acl.c.

References ACLCHECK_OK, convert_table_priv_string(), ObjectIdGetDatum, pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, PG_RETURN_NULL, RELOID, and SearchSysCacheExists1.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         tableoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    AclMode     mode;
    AclResult   aclresult;

    mode = convert_table_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
        PG_RETURN_NULL();

    aclresult = pg_class_aclcheck(tableoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_table_privilege_id_name

(

PG_FUNCTION_ARGS

)

Definition at line 1954 of file acl.c.

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), pg_class_aclcheck(), PG_GETARG_OID, PG_GETARG_TEXT_P, and PG_RETURN_BOOL.

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *tablename = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         tableoid;
    AclMode     mode;
    AclResult   aclresult;

    tableoid = convert_table_name(tablename);
    mode = convert_table_priv_string(priv_type_text);

    aclresult = pg_class_aclcheck(tableoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_table_privilege_name

(

PG_FUNCTION_ARGS

)

Definition at line 1878 of file acl.c.

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), GetUserId(), pg_class_aclcheck(), PG_GETARG_TEXT_P, and PG_RETURN_BOOL.

{
    text       *tablename = PG_GETARG_TEXT_P(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    Oid         tableoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    tableoid = convert_table_name(tablename);
    mode = convert_table_priv_string(priv_type_text);

    aclresult = pg_class_aclcheck(tableoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_table_privilege_name_id

(

PG_FUNCTION_ARGS

)

Definition at line 1902 of file acl.c.

References ACLCHECK_OK, convert_table_priv_string(), get_role_oid_or_public(), NameStr, ObjectIdGetDatum, pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, PG_RETURN_NULL, RELOID, SearchSysCacheExists1, and username.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         tableoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_table_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
        PG_RETURN_NULL();

    aclresult = pg_class_aclcheck(tableoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_table_privilege_name_name

(

PG_FUNCTION_ARGS

)

Definition at line 1852 of file acl.c.

References ACLCHECK_OK, convert_table_name(), convert_table_priv_string(), get_role_oid_or_public(), NameStr, pg_class_aclcheck(), PG_GETARG_NAME, PG_GETARG_TEXT_P, and PG_RETURN_BOOL.

{
    Name        rolename = PG_GETARG_NAME(0);
    text       *tablename = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    Oid         tableoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*rolename));
    tableoid = convert_table_name(tablename);
    mode = convert_table_priv_string(priv_type_text);

    aclresult = pg_class_aclcheck(tableoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_tablespace_privilege_id

(

PG_FUNCTION_ARGS

)

Definition at line 4105 of file acl.c.

References ACLCHECK_OK, convert_tablespace_priv_string(), GetUserId(), PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and pg_tablespace_aclcheck().

{
    Oid         tablespaceoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    mode = convert_tablespace_priv_string(priv_type_text);

    aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_tablespace_privilege_id_id

(

PG_FUNCTION_ARGS

)

Definition at line 4150 of file acl.c.

References ACLCHECK_OK, convert_tablespace_priv_string(), PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and pg_tablespace_aclcheck().

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         tablespaceoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    AclMode     mode;
    AclResult   aclresult;

    mode = convert_tablespace_priv_string(priv_type_text);

    aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_tablespace_privilege_id_name

(

PG_FUNCTION_ARGS

)

Definition at line 4127 of file acl.c.

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and pg_tablespace_aclcheck().

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *tablespacename = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         tablespaceoid;
    AclMode     mode;
    AclResult   aclresult;

    tablespaceoid = convert_tablespace_name(tablespacename);
    mode = convert_tablespace_priv_string(priv_type_text);

    aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_tablespace_privilege_name

(

PG_FUNCTION_ARGS

)

Definition at line 4057 of file acl.c.

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), GetUserId(), PG_GETARG_TEXT_P, PG_RETURN_BOOL, and pg_tablespace_aclcheck().

{
    text       *tablespacename = PG_GETARG_TEXT_P(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    Oid         tablespaceoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    tablespaceoid = convert_tablespace_name(tablespacename);
    mode = convert_tablespace_priv_string(priv_type_text);

    aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_tablespace_privilege_name_id

(

PG_FUNCTION_ARGS

)

Definition at line 4081 of file acl.c.

References ACLCHECK_OK, convert_tablespace_priv_string(), get_role_oid_or_public(), NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, pg_tablespace_aclcheck(), and username.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         tablespaceoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_tablespace_priv_string(priv_type_text);

    aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_tablespace_privilege_name_name

(

PG_FUNCTION_ARGS

)

Definition at line 4031 of file acl.c.

References ACLCHECK_OK, convert_tablespace_name(), convert_tablespace_priv_string(), get_role_oid_or_public(), NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_P, PG_RETURN_BOOL, pg_tablespace_aclcheck(), and username.

{
    Name        username = PG_GETARG_NAME(0);
    text       *tablespacename = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    Oid         tablespaceoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    tablespaceoid = convert_tablespace_name(tablespacename);
    mode = convert_tablespace_priv_string(priv_type_text);

    aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_type_privilege_id

(

PG_FUNCTION_ARGS

)

Definition at line 4289 of file acl.c.

References ACLCHECK_OK, convert_type_priv_string(), GetUserId(), ObjectIdGetDatum, PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, PG_RETURN_NULL, pg_type_aclcheck(), SearchSysCacheExists1, and TYPEOID.

{
    Oid         typeoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    mode = convert_type_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
        PG_RETURN_NULL();

    aclresult = pg_type_aclcheck(typeoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_type_privilege_id_id

(

PG_FUNCTION_ARGS

)

Definition at line 4337 of file acl.c.

References ACLCHECK_OK, convert_type_priv_string(), ObjectIdGetDatum, PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, PG_RETURN_NULL, pg_type_aclcheck(), SearchSysCacheExists1, and TYPEOID.

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         typeoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    AclMode     mode;
    AclResult   aclresult;

    mode = convert_type_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
        PG_RETURN_NULL();

    aclresult = pg_type_aclcheck(typeoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_type_privilege_id_name

(

PG_FUNCTION_ARGS

)

Definition at line 4314 of file acl.c.

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and pg_type_aclcheck().

{
    Oid         roleid = PG_GETARG_OID(0);
    text       *typename = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         typeoid;
    AclMode     mode;
    AclResult   aclresult;

    typeoid = convert_type_name(typename);
    mode = convert_type_priv_string(priv_type_text);

    aclresult = pg_type_aclcheck(typeoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_type_privilege_name

(

PG_FUNCTION_ARGS

)

Definition at line 4238 of file acl.c.

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), GetUserId(), PG_GETARG_TEXT_P, PG_RETURN_BOOL, and pg_type_aclcheck().

{
    text       *typename = PG_GETARG_TEXT_P(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    Oid         typeoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    typeoid = convert_type_name(typename);
    mode = convert_type_priv_string(priv_type_text);

    aclresult = pg_type_aclcheck(typeoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_type_privilege_name_id

(

PG_FUNCTION_ARGS

)

Definition at line 4262 of file acl.c.

References ACLCHECK_OK, convert_type_priv_string(), get_role_oid_or_public(), NameStr, ObjectIdGetDatum, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, PG_RETURN_NULL, pg_type_aclcheck(), SearchSysCacheExists1, TYPEOID, and username.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         typeoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    mode = convert_type_priv_string(priv_type_text);

    if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
        PG_RETURN_NULL();

    aclresult = pg_type_aclcheck(typeoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum has_type_privilege_name_name

(

PG_FUNCTION_ARGS

)

Definition at line 4212 of file acl.c.

References ACLCHECK_OK, convert_type_name(), convert_type_priv_string(), get_role_oid_or_public(), NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_P, PG_RETURN_BOOL, pg_type_aclcheck(), and username.

{
    Name        username = PG_GETARG_NAME(0);
    text       *typename = PG_GETARG_TEXT_P(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    Oid         typeoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid_or_public(NameStr(*username));
    typeoid = convert_type_name(typename);
    mode = convert_type_priv_string(priv_type_text);

    aclresult = pg_type_aclcheck(typeoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum hash_aclitem

(

PG_FUNCTION_ARGS

)

Definition at line 712 of file acl.c.

References AclItem::ai_grantee, AclItem::ai_grantor, AclItem::ai_privs, PG_GETARG_ACLITEM_P, and PG_RETURN_UINT32.

{
    AclItem    *a = PG_GETARG_ACLITEM_P(0);

    /* not very bright, but avoids any issue of padding in struct */
    PG_RETURN_UINT32((uint32) (a->ai_privs + a->ai_grantee + a->ai_grantor));
}

void initialize_acl

(

void

)

Definition at line 4606 of file acl.c.

References AUTHMEMROLEMEM, CacheRegisterSyscacheCallback(), IsBootstrapProcessingMode, and RoleMembershipCacheCallback().

Referenced by InitPostgres().

{
    if (!IsBootstrapProcessingMode())
    {
        /*
         * In normal mode, set a callback on any syscache invalidation of
         * pg_auth_members rows
         */
        CacheRegisterSyscacheCallback(AUTHMEMROLEMEM,
                                      RoleMembershipCacheCallback,
                                      (Datum) 0);
    }
}

bool is_admin_of_role	(	Oid	member,
		Oid	role
	)

Definition at line 4909 of file acl.c.

References AUTHMEMMEMROLE, GETSTRUCT, i, lfirst_oid, list_append_unique_oid(), list_free(), list_make1_oid, catclist::members, catclist::n_members, ObjectIdGetDatum, ReleaseSysCacheList, SearchSysCacheList1, superuser_arg(), and catctup::tuple.

Referenced by AddRoleMems(), DelRoleMems(), and pg_role_aclcheck().

{
    bool        result = false;
    List       *roles_list;
    ListCell   *l;

    /* Fast path for simple case */
    if (member == role)
        return true;

    /* Superusers have every privilege, so are part of every role */
    if (superuser_arg(member))
        return true;

    /*
     * Find all the roles that member is a member of, including multi-level
     * recursion.  We build a list in the same way that is_member_of_role does
     * to track visited and unvisited roles.
     */
    roles_list = list_make1_oid(member);

    foreach(l, roles_list)
    {
        Oid         memberid = lfirst_oid(l);
        CatCList   *memlist;
        int         i;

        /* Find roles that memberid is directly a member of */
        memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
                                      ObjectIdGetDatum(memberid));
        for (i = 0; i < memlist->n_members; i++)
        {
            HeapTuple   tup = &memlist->members[i]->tuple;
            Oid         otherid = ((Form_pg_auth_members) GETSTRUCT(tup))->roleid;

            if (otherid == role &&
                ((Form_pg_auth_members) GETSTRUCT(tup))->admin_option)
            {
                /* Found what we came for, so can stop searching */
                result = true;
                break;
            }

            roles_list = list_append_unique_oid(roles_list, otherid);
        }
        ReleaseSysCacheList(memlist);
        if (result)
            break;
    }

    list_free(roles_list);

    return result;
}

bool is_member_of_role	(	Oid	member,
		Oid	role
	)

Definition at line 4849 of file acl.c.

References list_member_oid(), roles_is_member_of(), and superuser_arg().

Referenced by check_is_member_of_role(), check_role(), and pg_role_aclcheck().

{
    /* Fast path for simple case */
    if (member == role)
        return true;

    /* Superusers have every privilege, so are part of every role */
    if (superuser_arg(member))
        return true;

    /*
     * Find all the roles that member is a member of, including multi-level
     * recursion, then see if target role is any one of them.
     */
    return list_member_oid(roles_is_member_of(member), role);
}

bool is_member_of_role_nosuper	(	Oid	member,
		Oid	role
	)

Definition at line 4887 of file acl.c.

References list_member_oid(), and roles_is_member_of().

Referenced by AddRoleMems(), and is_member().

{
    /* Fast path for simple case */
    if (member == role)
        return true;

    /*
     * Find all the roles that member is a member of, including multi-level
     * recursion, then see if target role is any one of them.
     */
    return list_member_oid(roles_is_member_of(member), role);
}

Acl* make_empty_acl

(

void

)

Definition at line 397 of file acl.c.

References allocacl().

Referenced by SetDefaultACL().

{
    return allocacl(0);
}

Datum makeaclitem

(

PG_FUNCTION_ARGS

)

Definition at line 1575 of file acl.c.

References ACL_NO_RIGHTS, ACLITEM_SET_PRIVS_GOPTIONS, AclItem::ai_grantee, AclItem::ai_grantor, convert_priv_string(), palloc(), PG_GETARG_BOOL, PG_GETARG_OID, PG_GETARG_TEXT_P, and PG_RETURN_ACLITEM_P.

{
    Oid         grantee = PG_GETARG_OID(0);
    Oid         grantor = PG_GETARG_OID(1);
    text       *privtext = PG_GETARG_TEXT_P(2);
    bool        goption = PG_GETARG_BOOL(3);
    AclItem    *result;
    AclMode     priv;

    priv = convert_priv_string(privtext);

    result = (AclItem *) palloc(sizeof(AclItem));

    result->ai_grantee = grantee;
    result->ai_grantor = grantor;

    ACLITEM_SET_PRIVS_GOPTIONS(*result, priv,
                               (goption ? priv : ACL_NO_RIGHTS));

    PG_RETURN_ACLITEM_P(result);
}

static int oidComparator	(	const void *	arg1,
		const void *	arg2
	)			[static]

Definition at line 1516 of file acl.c.

Referenced by aclmembers().

{
    Oid         oid1 = *(const Oid *) arg1;
    Oid         oid2 = *(const Oid *) arg2;

    if (oid1 > oid2)
        return 1;
    if (oid1 < oid2)
        return -1;
    return 0;
}

Datum pg_has_role_id

(

PG_FUNCTION_ARGS

)

Definition at line 4486 of file acl.c.

References ACLCHECK_OK, convert_role_priv_string(), GetUserId(), PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and pg_role_aclcheck().

{
    Oid         roleoid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    mode = convert_role_priv_string(priv_type_text);

    aclresult = pg_role_aclcheck(roleoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum pg_has_role_id_id

(

PG_FUNCTION_ARGS

)

Definition at line 4531 of file acl.c.

References ACLCHECK_OK, convert_role_priv_string(), PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and pg_role_aclcheck().

{
    Oid         roleid = PG_GETARG_OID(0);
    Oid         roleoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    AclMode     mode;
    AclResult   aclresult;

    mode = convert_role_priv_string(priv_type_text);

    aclresult = pg_role_aclcheck(roleoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum pg_has_role_id_name

(

PG_FUNCTION_ARGS

)

Definition at line 4508 of file acl.c.

References ACLCHECK_OK, convert_role_priv_string(), get_role_oid(), NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and pg_role_aclcheck().

{
    Oid         roleid = PG_GETARG_OID(0);
    Name        rolename = PG_GETARG_NAME(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleoid;
    AclMode     mode;
    AclResult   aclresult;

    roleoid = get_role_oid(NameStr(*rolename), false);
    mode = convert_role_priv_string(priv_type_text);

    aclresult = pg_role_aclcheck(roleoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum pg_has_role_name

(

PG_FUNCTION_ARGS

)

Definition at line 4438 of file acl.c.

References ACLCHECK_OK, convert_role_priv_string(), get_role_oid(), GetUserId(), NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_P, PG_RETURN_BOOL, and pg_role_aclcheck().

{
    Name        rolename = PG_GETARG_NAME(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
    Oid         roleid;
    Oid         roleoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = GetUserId();
    roleoid = get_role_oid(NameStr(*rolename), false);
    mode = convert_role_priv_string(priv_type_text);

    aclresult = pg_role_aclcheck(roleoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum pg_has_role_name_id

(

PG_FUNCTION_ARGS

)

Definition at line 4462 of file acl.c.

References ACLCHECK_OK, convert_role_priv_string(), get_role_oid(), NameStr, PG_GETARG_NAME, PG_GETARG_OID, PG_GETARG_TEXT_P, PG_RETURN_BOOL, pg_role_aclcheck(), and username.

{
    Name        username = PG_GETARG_NAME(0);
    Oid         roleoid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid(NameStr(*username), false);
    mode = convert_role_priv_string(priv_type_text);

    aclresult = pg_role_aclcheck(roleoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

Datum pg_has_role_name_name

(

PG_FUNCTION_ARGS

)

Definition at line 4412 of file acl.c.

References ACLCHECK_OK, convert_role_priv_string(), get_role_oid(), NameStr, PG_GETARG_NAME, PG_GETARG_TEXT_P, PG_RETURN_BOOL, pg_role_aclcheck(), and username.

{
    Name        username = PG_GETARG_NAME(0);
    Name        rolename = PG_GETARG_NAME(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
    Oid         roleid;
    Oid         roleoid;
    AclMode     mode;
    AclResult   aclresult;

    roleid = get_role_oid(NameStr(*username), false);
    roleoid = get_role_oid(NameStr(*rolename), false);
    mode = convert_role_priv_string(priv_type_text);

    aclresult = pg_role_aclcheck(roleoid, roleid, mode);

    PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}

static AclResult pg_role_aclcheck	(	Oid	role_oid,
		Oid	roleid,
		AclMode	mode
	)			[static]

Definition at line 4581 of file acl.c.

References ACL_CREATE, ACL_GRANT_OPTION_FOR, ACL_USAGE, has_privs_of_role(), is_admin_of_role(), and is_member_of_role().

Referenced by pg_has_role_id(), pg_has_role_id_id(), pg_has_role_id_name(), pg_has_role_name(), pg_has_role_name_id(), and pg_has_role_name_name().

{
    if (mode & ACL_GRANT_OPTION_FOR(ACL_CREATE))
    {
        if (is_admin_of_role(roleid, role_oid))
            return ACLCHECK_OK;
    }
    if (mode & ACL_CREATE)
    {
        if (is_member_of_role(roleid, role_oid))
            return ACLCHECK_OK;
    }
    if (mode & ACL_USAGE)
    {
        if (has_privs_of_role(roleid, role_oid))
            return ACLCHECK_OK;
    }
    return ACLCHECK_NO_PRIV;
}

static void putid	(	char *	p,
		const char *	s
	)			[static]

Definition at line 188 of file acl.c.

Referenced by aclitemout().

{
    const char *src;
    bool        safe = true;

    for (src = s; *src; src++)
    {
        /* This test had better match what getid() does, above */
        if (!isalnum((unsigned char) *src) && *src != '_')
        {
            safe = false;
            break;
        }
    }
    if (!safe)
        *p++ = '"';
    for (src = s; *src; src++)
    {
        /* A double quote character in a username is encoded as "" */
        if (*src == '"')
            *p++ = '"';
        *p++ = *src;
    }
    if (!safe)
        *p++ = '"';
    *p = '\0';
}

static Acl * recursive_revoke	(	Acl *	acl,
		Oid	grantee,
		AclMode	revoke_privs,
		Oid	ownerId,
		DropBehavior	behavior
	)			[static]

Definition at line 1218 of file acl.c.

References ACL_DAT, ACL_GRANT_OPTION_FOR, ACL_MODECHG_DEL, ACL_NO_RIGHTS, ACL_NUM, ACL_OPTION_TO_PRIVS, ACLITEM_GET_PRIVS, ACLITEM_SET_PRIVS_GOPTIONS, aclmask(), ACLMASK_ALL, aclupdate(), AclItem::ai_grantee, AclItem::ai_grantor, check_acl(), DROP_RESTRICT, ereport, errcode(), errhint(), errmsg(), ERROR, i, and pfree().

Referenced by aclupdate().

{
    AclMode     still_has;
    AclItem    *aip;
    int         i,
                num;

    check_acl(acl);

    /* The owner can never truly lose grant options, so short-circuit */
    if (grantee == ownerId)
        return acl;

    /* The grantee might still have some grant options via another grantor */
    still_has = aclmask(acl, grantee, ownerId,
                        ACL_GRANT_OPTION_FOR(revoke_privs),
                        ACLMASK_ALL);
    revoke_privs &= ~ACL_OPTION_TO_PRIVS(still_has);
    if (revoke_privs == ACL_NO_RIGHTS)
        return acl;

restart:
    num = ACL_NUM(acl);
    aip = ACL_DAT(acl);
    for (i = 0; i < num; i++)
    {
        if (aip[i].ai_grantor == grantee
            && (ACLITEM_GET_PRIVS(aip[i]) & revoke_privs) != 0)
        {
            AclItem     mod_acl;
            Acl        *new_acl;

            if (behavior == DROP_RESTRICT)
                ereport(ERROR,
                        (errcode(ERRCODE_DEPENDENT_OBJECTS_STILL_EXIST),
                         errmsg("dependent privileges exist"),
                         errhint("Use CASCADE to revoke them too.")));

            mod_acl.ai_grantor = grantee;
            mod_acl.ai_grantee = aip[i].ai_grantee;
            ACLITEM_SET_PRIVS_GOPTIONS(mod_acl,
                                       revoke_privs,
                                       revoke_privs);

            new_acl = aclupdate(acl, &mod_acl, ACL_MODECHG_DEL,
                                ownerId, behavior);

            pfree(acl);
            acl = new_acl;

            goto restart;
        }
    }

    return acl;
}

static void RoleMembershipCacheCallback	(	Datum	arg,
		int	cacheid,
		uint32	hashvalue
	)			[static]

Definition at line 4625 of file acl.c.

References cached_member_role, and cached_privs_role.

Referenced by initialize_acl().

{
    /* Force membership caches to be recomputed on next use */
    cached_privs_role = InvalidOid;
    cached_member_role = InvalidOid;
}

static List* roles_has_privs_of

(

Oid

roleid

)

[static]

Definition at line 4665 of file acl.c.

References AUTHMEMMEMROLE, cached_privs_role, GETSTRUCT, has_rolinherit(), i, lfirst_oid, list_append_unique_oid(), list_copy(), list_free(), list_make1_oid, catclist::members, MemoryContextSwitchTo(), catclist::n_members, ObjectIdGetDatum, OidIsValid, ReleaseSysCacheList, SearchSysCacheList1, TopMemoryContext, and catctup::tuple.

Referenced by has_privs_of_role(), and select_best_grantor().

{
    List       *roles_list;
    ListCell   *l;
    List       *new_cached_privs_roles;
    MemoryContext oldctx;

    /* If cache is already valid, just return the list */
    if (OidIsValid(cached_privs_role) && cached_privs_role == roleid)
        return cached_privs_roles;

    /*
     * Find all the roles that roleid is a member of, including multi-level
     * recursion.  The role itself will always be the first element of the
     * resulting list.
     *
     * Each element of the list is scanned to see if it adds any indirect
     * memberships.  We can use a single list as both the record of
     * already-found memberships and the agenda of roles yet to be scanned.
     * This is a bit tricky but works because the foreach() macro doesn't
     * fetch the next list element until the bottom of the loop.
     */
    roles_list = list_make1_oid(roleid);

    foreach(l, roles_list)
    {
        Oid         memberid = lfirst_oid(l);
        CatCList   *memlist;
        int         i;

        /* Ignore non-inheriting roles */
        if (!has_rolinherit(memberid))
            continue;

        /* Find roles that memberid is directly a member of */
        memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
                                      ObjectIdGetDatum(memberid));
        for (i = 0; i < memlist->n_members; i++)
        {
            HeapTuple   tup = &memlist->members[i]->tuple;
            Oid         otherid = ((Form_pg_auth_members) GETSTRUCT(tup))->roleid;

            /*
             * Even though there shouldn't be any loops in the membership
             * graph, we must test for having already seen this role. It is
             * legal for instance to have both A->B and A->C->B.
             */
            roles_list = list_append_unique_oid(roles_list, otherid);
        }
        ReleaseSysCacheList(memlist);
    }

    /*
     * Copy the completed list into TopMemoryContext so it will persist.
     */
    oldctx = MemoryContextSwitchTo(TopMemoryContext);
    new_cached_privs_roles = list_copy(roles_list);
    MemoryContextSwitchTo(oldctx);
    list_free(roles_list);

    /*
     * Now safe to assign to state variable
     */
    cached_privs_role = InvalidOid;     /* just paranoia */
    list_free(cached_privs_roles);
    cached_privs_roles = new_cached_privs_roles;
    cached_privs_role = roleid;

    /* And now we can return the answer */
    return cached_privs_roles;
}

static List* roles_is_member_of

(

Oid

roleid

)

[static]

Definition at line 4748 of file acl.c.

References AUTHMEMMEMROLE, cached_member_role, GETSTRUCT, i, lfirst_oid, list_append_unique_oid(), list_copy(), list_free(), list_make1_oid, catclist::members, MemoryContextSwitchTo(), catclist::n_members, ObjectIdGetDatum, OidIsValid, ReleaseSysCacheList, SearchSysCacheList1, TopMemoryContext, and catctup::tuple.

Referenced by is_member_of_role(), and is_member_of_role_nosuper().

{
    List       *roles_list;
    ListCell   *l;
    List       *new_cached_membership_roles;
    MemoryContext oldctx;

    /* If cache is already valid, just return the list */
    if (OidIsValid(cached_member_role) && cached_member_role == roleid)
        return cached_membership_roles;

    /*
     * Find all the roles that roleid is a member of, including multi-level
     * recursion.  The role itself will always be the first element of the
     * resulting list.
     *
     * Each element of the list is scanned to see if it adds any indirect
     * memberships.  We can use a single list as both the record of
     * already-found memberships and the agenda of roles yet to be scanned.
     * This is a bit tricky but works because the foreach() macro doesn't
     * fetch the next list element until the bottom of the loop.
     */
    roles_list = list_make1_oid(roleid);

    foreach(l, roles_list)
    {
        Oid         memberid = lfirst_oid(l);
        CatCList   *memlist;
        int         i;

        /* Find roles that memberid is directly a member of */
        memlist = SearchSysCacheList1(AUTHMEMMEMROLE,
                                      ObjectIdGetDatum(memberid));
        for (i = 0; i < memlist->n_members; i++)
        {
            HeapTuple   tup = &memlist->members[i]->tuple;
            Oid         otherid = ((Form_pg_auth_members) GETSTRUCT(tup))->roleid;

            /*
             * Even though there shouldn't be any loops in the membership
             * graph, we must test for having already seen this role. It is
             * legal for instance to have both A->B and A->C->B.
             */
            roles_list = list_append_unique_oid(roles_list, otherid);
        }
        ReleaseSysCacheList(memlist);
    }

    /*
     * Copy the completed list into TopMemoryContext so it will persist.
     */
    oldctx = MemoryContextSwitchTo(TopMemoryContext);
    new_cached_membership_roles = list_copy(roles_list);
    MemoryContextSwitchTo(oldctx);
    list_free(roles_list);

    /*
     * Now safe to assign to state variable
     */
    cached_member_role = InvalidOid;    /* just paranoia */
    list_free(cached_membership_roles);
    cached_membership_roles = new_cached_membership_roles;
    cached_member_role = roleid;

    /* And now we can return the answer */
    return cached_membership_roles;
}

void select_best_grantor	(	Oid	roleId,
		AclMode	privileges,
		const Acl *	acl,
		Oid	ownerId,
		Oid *	grantorId,
		AclMode *	grantOptions
	)

Definition at line 5007 of file acl.c.

References ACL_GRANT_OPTION_FOR, ACL_NO_RIGHTS, ACLMASK_ALL, aclmask_direct(), count_one_bits(), lfirst_oid, roles_has_privs_of(), and superuser_arg().

Referenced by ExecGrant_Attribute(), ExecGrant_Database(), ExecGrant_Fdw(), ExecGrant_ForeignServer(), ExecGrant_Function(), ExecGrant_Language(), ExecGrant_Largeobject(), ExecGrant_Namespace(), ExecGrant_Relation(), ExecGrant_Tablespace(), and ExecGrant_Type().

{
    AclMode     needed_goptions = ACL_GRANT_OPTION_FOR(privileges);
    List       *roles_list;
    int         nrights;
    ListCell   *l;

    /*
     * The object owner is always treated as having all grant options, so if
     * roleId is the owner it's easy.  Also, if roleId is a superuser it's
     * easy: superusers are implicitly members of every role, so they act as
     * the object owner.
     */
    if (roleId == ownerId || superuser_arg(roleId))
    {
        *grantorId = ownerId;
        *grantOptions = needed_goptions;
        return;
    }

    /*
     * Otherwise we have to do a careful search to see if roleId has the
     * privileges of any suitable role.  Note: we can hang onto the result of
     * roles_has_privs_of() throughout this loop, because aclmask_direct()
     * doesn't query any role memberships.
     */
    roles_list = roles_has_privs_of(roleId);

    /* initialize candidate result as default */
    *grantorId = roleId;
    *grantOptions = ACL_NO_RIGHTS;
    nrights = 0;

    foreach(l, roles_list)
    {
        Oid         otherrole = lfirst_oid(l);
        AclMode     otherprivs;

        otherprivs = aclmask_direct(acl, otherrole, ownerId,
                                    needed_goptions, ACLMASK_ALL);
        if (otherprivs == needed_goptions)
        {
            /* Found a suitable grantor */
            *grantorId = otherrole;
            *grantOptions = otherprivs;
            return;
        }

        /*
         * If it has just some of the needed privileges, remember best
         * candidate.
         */
        if (otherprivs != ACL_NO_RIGHTS)
        {
            int         nnewrights = count_one_bits(otherprivs);

            if (nnewrights > nrights)
            {
                *grantorId = otherrole;
                *grantOptions = otherprivs;
                nrights = nnewrights;
            }
        }
    }
}

---

Variable Documentation

Oid cached_member_role = InvalidOid [static]

Definition at line 74 of file acl.c.

Referenced by RoleMembershipCacheCallback(), and roles_is_member_of().

List* cached_membership_roles = NIL [static]

Definition at line 75 of file acl.c.

Oid cached_privs_role = InvalidOid [static]

Definition at line 72 of file acl.c.

Referenced by RoleMembershipCacheCallback(), and roles_has_privs_of().

List* cached_privs_roles = NIL [static]

Definition at line 73 of file acl.c.