new_tuple;
Form_pg_authid authform;
ListCell *option;
- char *rolename = NULL;
+ char *rolename;
char *password = NULL; /* user password */
- int issuper = -1; /* Make the user a superuser? */
- int inherit = -1; /* Auto inherit privileges? */
- int createrole = -1; /* Can this user create roles? */
- int createdb = -1; /* Can the user create databases? */
- int canlogin = -1; /* Can this user login? */
- int isreplication = -1; /* Is this a replication role? */
int connlimit = -1; /* maximum connections allowed */
- List *rolemembers = NIL; /* roles to be added/removed */
char *validUntil = NULL; /* time the login is valid until */
Datum validUntil_datum; /* same, as timestamptz Datum */
bool validUntil_null;
- int bypassrls = -1;
DefElem *dpassword = NULL;
DefElem *dissuper = NULL;
DefElem *dinherit = NULL;
if (dpassword && dpassword->arg)
password = strVal(dpassword->arg);
- if (dissuper)
- issuper = intVal(dissuper->arg);
- if (dinherit)
- inherit = intVal(dinherit->arg);
- if (dcreaterole)
- createrole = intVal(dcreaterole->arg);
- if (dcreatedb)
- createdb = intVal(dcreatedb->arg);
- if (dcanlogin)
- canlogin = intVal(dcanlogin->arg);
- if (disreplication)
- isreplication = intVal(disreplication->arg);
if (dconnlimit)
{
connlimit = intVal(dconnlimit->arg);
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
errmsg("invalid connection limit: %d", connlimit)));
}
- if (drolemembers)
- rolemembers = (List *) drolemembers->arg;
if (dvalidUntil)
validUntil = strVal(dvalidUntil->arg);
- if (dbypassRLS)
- bypassrls = intVal(dbypassRLS->arg);
/*
* Scan the pg_authid relation to be certain the user exists.
* property. Otherwise, if you don't have createrole, you're only allowed
* to change your own password.
*/
- if (authform->rolsuper || issuper >= 0)
+ if (authform->rolsuper || dissuper)
{
if (!superuser())
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("must be superuser to alter superuser roles or change superuser attribute")));
}
- else if (authform->rolreplication || isreplication >= 0)
+ else if (authform->rolreplication || disreplication)
{
if (!superuser())
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("must be superuser to alter replication roles or change replication attribute")));
}
- else if (bypassrls >= 0)
+ else if (dbypassRLS)
{
if (!superuser())
ereport(ERROR,
}
else if (!have_createrole_privilege())
{
- /* We already checked issuper, isreplication, and bypassrls */
- if (!(inherit < 0 &&
- createrole < 0 &&
- createdb < 0 &&
- canlogin < 0 &&
- !dconnlimit &&
- !rolemembers &&
- !validUntil &&
- dpassword &&
- roleid == GetUserId()))
+ /* check the rest */
+ if (dinherit || dcreaterole || dcreatedb || dcanlogin || dconnlimit ||
+ drolemembers || dvalidUntil || !dpassword || roleid != GetUserId())
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied")));
}
/* Convert validuntil to internal form */
- if (validUntil)
+ if (dvalidUntil)
{
validUntil_datum = DirectFunctionCall3(timestamptz_in,
CStringGetDatum(validUntil),
/*
* issuper/createrole/etc
*/
- if (issuper >= 0)
+ if (dissuper)
{
- new_record[Anum_pg_authid_rolsuper - 1] = BoolGetDatum(issuper > 0);
+ new_record[Anum_pg_authid_rolsuper - 1] = BoolGetDatum(intVal(dissuper->arg));
new_record_repl[Anum_pg_authid_rolsuper - 1] = true;
}
- if (inherit >= 0)
+ if (dinherit)
{
- new_record[Anum_pg_authid_rolinherit - 1] = BoolGetDatum(inherit > 0);
+ new_record[Anum_pg_authid_rolinherit - 1] = BoolGetDatum(intVal(dinherit->arg));
new_record_repl[Anum_pg_authid_rolinherit - 1] = true;
}
- if (createrole >= 0)
+ if (dcreaterole)
{
- new_record[Anum_pg_authid_rolcreaterole - 1] = BoolGetDatum(createrole > 0);
+ new_record[Anum_pg_authid_rolcreaterole - 1] = BoolGetDatum(intVal(dcreaterole->arg));
new_record_repl[Anum_pg_authid_rolcreaterole - 1] = true;
}
- if (createdb >= 0)
+ if (dcreatedb)
{
- new_record[Anum_pg_authid_rolcreatedb - 1] = BoolGetDatum(createdb > 0);
+ new_record[Anum_pg_authid_rolcreatedb - 1] = BoolGetDatum(intVal(dcreatedb->arg));
new_record_repl[Anum_pg_authid_rolcreatedb - 1] = true;
}
- if (canlogin >= 0)
+ if (dcanlogin)
{
- new_record[Anum_pg_authid_rolcanlogin - 1] = BoolGetDatum(canlogin > 0);
+ new_record[Anum_pg_authid_rolcanlogin - 1] = BoolGetDatum(intVal(dcanlogin->arg));
new_record_repl[Anum_pg_authid_rolcanlogin - 1] = true;
}
- if (isreplication >= 0)
+ if (disreplication)
{
- new_record[Anum_pg_authid_rolreplication - 1] = BoolGetDatum(isreplication > 0);
+ new_record[Anum_pg_authid_rolreplication - 1] = BoolGetDatum(intVal(disreplication->arg));
new_record_repl[Anum_pg_authid_rolreplication - 1] = true;
}
new_record_nulls[Anum_pg_authid_rolvaliduntil - 1] = validUntil_null;
new_record_repl[Anum_pg_authid_rolvaliduntil - 1] = true;
- if (bypassrls >= 0)
+ if (dbypassRLS)
{
- new_record[Anum_pg_authid_rolbypassrls - 1] = BoolGetDatum(bypassrls > 0);
+ new_record[Anum_pg_authid_rolbypassrls - 1] = BoolGetDatum(intVal(dbypassRLS->arg));
new_record_repl[Anum_pg_authid_rolbypassrls - 1] = true;
}
* Advance command counter so we can see new record; else tests in
* AddRoleMems may fail.
*/
- if (rolemembers)
+ if (drolemembers)
+ {
+ List *rolemembers = (List *) drolemembers->arg;
+
CommandCounterIncrement();
- if (stmt->action == +1) /* add members to role */
- AddRoleMems(rolename, roleid,
- rolemembers, roleSpecsToIds(rolemembers),
- GetUserId(), false);
- else if (stmt->action == -1) /* drop members from role */
- DelRoleMems(rolename, roleid,
- rolemembers, roleSpecsToIds(rolemembers),
- false);
+ if (stmt->action == +1) /* add members to role */
+ AddRoleMems(rolename, roleid,
+ rolemembers, roleSpecsToIds(rolemembers),
+ GetUserId(), false);
+ else if (stmt->action == -1) /* drop members from role */
+ DelRoleMems(rolename, roleid,
+ rolemembers, roleSpecsToIds(rolemembers),
+ false);
+ }
/*
* Close pg_authid, but keep lock till commit.
projects / users / gsingh / postgres.git / commitdiff