fdw = GetForeignDataWrapper(fdwid);
/* Check permissions, user must have usage on the server. */
- aclresult = pg_foreign_server_aclcheck(serverid, userid, ACL_USAGE);
+ aclresult = object_aclcheck(ForeignServerRelationId, serverid, userid, ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, foreign_server->servername);
attname = entry->colname;
typenameTypeIdAndMod(NULL, entry->typeName, &atttypid, &atttypmod);
- aclresult = pg_type_aclcheck(atttypid, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(TypeRelationId, atttypid, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error_type(aclresult, atttypid);
Oid objectId, Oid grantorId,
ObjectType objtype, const char *objname,
AttrNumber att_number, const char *colname);
-static AclMode pg_aclmask(ObjectType objtype, Oid table_oid, AttrNumber attnum,
+static AclMode pg_aclmask(ObjectType objtype, Oid object_oid, AttrNumber attnum,
Oid roleid, AclMode mask, AclMaskHow how);
+static AclMode object_aclmask(Oid classid, Oid objectid, Oid roleid,
+ AclMode mask, AclMaskHow how);
+static AclMode pg_attribute_aclmask(Oid table_oid, AttrNumber attnum,
+ Oid roleid, AclMode mask, AclMaskHow how);
+static AclMode pg_attribute_aclmask_ext(Oid table_oid, AttrNumber attnum,
+ Oid roleid, AclMode mask,
+ AclMaskHow how, bool *is_missing);
+static AclMode pg_class_aclmask_ext(Oid table_oid, Oid roleid,
+ AclMode mask, AclMaskHow how,
+ bool *is_missing);
+static AclMode pg_parameter_acl_aclmask(Oid acl_oid, Oid roleid,
+ AclMode mask, AclMaskHow how);
+static AclMode pg_largeobject_aclmask_snapshot(Oid lobj_oid, Oid roleid,
+ AclMode mask, AclMaskHow how, Snapshot snapshot);
+static AclMode pg_namespace_aclmask(Oid nsp_oid, Oid roleid,
+ AclMode mask, AclMaskHow how);
+static AclMode pg_type_aclmask(Oid type_oid, Oid roleid,
+ AclMode mask, AclMaskHow how);
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid,
Acl *new_acl);
static void recordExtensionInitPrivWorker(Oid objoid, Oid classoid, int objsubid,
* Relay for the various pg_*_mask routines depending on object kind
*/
static AclMode
-pg_aclmask(ObjectType objtype, Oid table_oid, AttrNumber attnum, Oid roleid,
+pg_aclmask(ObjectType objtype, Oid object_oid, AttrNumber attnum, Oid roleid,
AclMode mask, AclMaskHow how)
{
switch (objtype)
{
case OBJECT_COLUMN:
return
- pg_class_aclmask(table_oid, roleid, mask, how) |
- pg_attribute_aclmask(table_oid, attnum, roleid, mask, how);
+ pg_class_aclmask(object_oid, roleid, mask, how) |
+ pg_attribute_aclmask(object_oid, attnum, roleid, mask, how);
case OBJECT_TABLE:
case OBJECT_SEQUENCE:
- return pg_class_aclmask(table_oid, roleid, mask, how);
+ return pg_class_aclmask(object_oid, roleid, mask, how);
case OBJECT_DATABASE:
- return pg_database_aclmask(table_oid, roleid, mask, how);
+ return object_aclmask(DatabaseRelationId, object_oid, roleid, mask, how);
case OBJECT_FUNCTION:
- return pg_proc_aclmask(table_oid, roleid, mask, how);
+ return object_aclmask(ProcedureRelationId, object_oid, roleid, mask, how);
case OBJECT_LANGUAGE:
- return pg_language_aclmask(table_oid, roleid, mask, how);
+ return object_aclmask(LanguageRelationId, object_oid, roleid, mask, how);
case OBJECT_LARGEOBJECT:
- return pg_largeobject_aclmask_snapshot(table_oid, roleid,
+ return pg_largeobject_aclmask_snapshot(object_oid, roleid,
mask, how, NULL);
case OBJECT_PARAMETER_ACL:
- return pg_parameter_acl_aclmask(table_oid, roleid, mask, how);
+ return pg_parameter_acl_aclmask(object_oid, roleid, mask, how);
case OBJECT_SCHEMA:
- return pg_namespace_aclmask(table_oid, roleid, mask, how);
+ return object_aclmask(NamespaceRelationId, object_oid, roleid, mask, how);
case OBJECT_STATISTIC_EXT:
elog(ERROR, "grantable rights not supported for statistics objects");
/* not reached, but keep compiler quiet */
return ACL_NO_RIGHTS;
case OBJECT_TABLESPACE:
- return pg_tablespace_aclmask(table_oid, roleid, mask, how);
+ return object_aclmask(TableSpaceRelationId, object_oid, roleid, mask, how);
case OBJECT_FDW:
- return pg_foreign_data_wrapper_aclmask(table_oid, roleid, mask, how);
+ return object_aclmask(ForeignDataWrapperRelationId, object_oid, roleid, mask, how);
case OBJECT_FOREIGN_SERVER:
- return pg_foreign_server_aclmask(table_oid, roleid, mask, how);
+ return object_aclmask(ForeignServerRelationId, object_oid, roleid, mask, how);
case OBJECT_EVENT_TRIGGER:
elog(ERROR, "grantable rights not supported for event triggers");
/* not reached, but keep compiler quiet */
return ACL_NO_RIGHTS;
case OBJECT_TYPE:
- return pg_type_aclmask(table_oid, roleid, mask, how);
+ return object_aclmask(TypeRelationId, object_oid, roleid, mask, how);
default:
elog(ERROR, "unrecognized object type: %d",
(int) objtype);
*/
/*
- * Exported routine for examining a user's privileges for a column
+ * Generic routine for examining a user's privileges for an object
+ */
+static AclMode
+object_aclmask(Oid classid, Oid objectid, Oid roleid,
+ AclMode mask, AclMaskHow how)
+{
+ int cacheid;
+ AclMode result;
+ HeapTuple tuple;
+ Datum aclDatum;
+ bool isNull;
+ Acl *acl;
+ Oid ownerId;
+
+ /* Special cases */
+ switch (classid)
+ {
+ case NamespaceRelationId:
+ return pg_namespace_aclmask(objectid, roleid, mask, how);
+ case TypeRelationId:
+ return pg_type_aclmask(objectid, roleid, mask, how);
+ }
+
+ /* Even more special cases */
+ Assert(classid != RelationRelationId); /* should use pg_class_acl* */
+ Assert(classid != LargeObjectMetadataRelationId); /* should use
+ * pg_largeobject_acl* */
+
+ /* Superusers bypass all permission checking. */
+ if (superuser_arg(roleid))
+ return mask;
+
+ /*
+ * Get the objects's ACL from its catalog
+ */
+
+ cacheid = get_object_catcache_oid(classid);
+
+ tuple = SearchSysCache1(cacheid, ObjectIdGetDatum(objectid));
+ if (!HeapTupleIsValid(tuple))
+ ereport(ERROR,
+ (errcode(ERRCODE_UNDEFINED_DATABASE),
+ errmsg("%s with OID %u does not exist", get_object_class_descr(classid), objectid)));
+
+ ownerId = DatumGetObjectId(SysCacheGetAttr(cacheid,
+ tuple,
+ get_object_attnum_owner(classid),
+ &isNull));
+ Assert(!isNull);
+
+ aclDatum = SysCacheGetAttr(cacheid, tuple, get_object_attnum_acl(classid),
+ &isNull);
+ if (isNull)
+ {
+ /* No ACL, so build default ACL */
+ acl = acldefault(get_object_type(classid, objectid), ownerId);
+ aclDatum = (Datum) 0;
+ }
+ else
+ {
+ /* detoast ACL if necessary */
+ acl = DatumGetAclP(aclDatum);
+ }
+
+ result = aclmask(acl, roleid, ownerId, mask, how);
+
+ /* if we have a detoasted copy, free it */
+ if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
+ pfree(acl);
+
+ ReleaseSysCache(tuple);
+
+ return result;
+}
+
+/*
+ * Routine for examining a user's privileges for a column
*
* Note: this considers only privileges granted specifically on the column.
* It is caller's responsibility to take relation-level privileges into account
* as appropriate. (For the same reason, we have no special case for
* superuser-ness here.)
*/
-AclMode
+static AclMode
pg_attribute_aclmask(Oid table_oid, AttrNumber attnum, Oid roleid,
AclMode mask, AclMaskHow how)
{
}
/*
- * Exported routine for examining a user's privileges for a column
+ * Routine for examining a user's privileges for a column
*
* Does the bulk of the work for pg_attribute_aclmask(), and allows other
* callers to avoid the missing attribute ERROR when is_missing is non-NULL.
*/
-AclMode
+static AclMode
pg_attribute_aclmask_ext(Oid table_oid, AttrNumber attnum, Oid roleid,
AclMode mask, AclMaskHow how, bool *is_missing)
{
}
/*
- * Exported routine for examining a user's privileges for a table
+ * Routine for examining a user's privileges for a table
*
* Does the bulk of the work for pg_class_aclmask(), and allows other
* callers to avoid the missing relation ERROR when is_missing is non-NULL.
*/
-AclMode
+static AclMode
pg_class_aclmask_ext(Oid table_oid, Oid roleid, AclMode mask,
AclMaskHow how, bool *is_missing)
{
}
/*
- * Exported routine for examining a user's privileges for a database
- */
-AclMode
-pg_database_aclmask(Oid db_oid, Oid roleid,
- AclMode mask, AclMaskHow how)
-{
- AclMode result;
- HeapTuple tuple;
- Datum aclDatum;
- bool isNull;
- Acl *acl;
- Oid ownerId;
-
- /* Superusers bypass all permission checking. */
- if (superuser_arg(roleid))
- return mask;
-
- /*
- * Get the database's ACL from pg_database
- */
- tuple = SearchSysCache1(DATABASEOID, ObjectIdGetDatum(db_oid));
- if (!HeapTupleIsValid(tuple))
- ereport(ERROR,
- (errcode(ERRCODE_UNDEFINED_DATABASE),
- errmsg("database with OID %u does not exist", db_oid)));
-
- ownerId = ((Form_pg_database) GETSTRUCT(tuple))->datdba;
-
- aclDatum = SysCacheGetAttr(DATABASEOID, tuple, Anum_pg_database_datacl,
- &isNull);
- if (isNull)
- {
- /* No ACL, so build default ACL */
- acl = acldefault(OBJECT_DATABASE, ownerId);
- aclDatum = (Datum) 0;
- }
- else
- {
- /* detoast ACL if necessary */
- acl = DatumGetAclP(aclDatum);
- }
-
- result = aclmask(acl, roleid, ownerId, mask, how);
-
- /* if we have a detoasted copy, free it */
- if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
- pfree(acl);
-
- ReleaseSysCache(tuple);
-
- return result;
-}
-
-/*
- * Exported routine for examining a user's privileges for a configuration
+ * Routine for examining a user's privileges for a configuration
* parameter (GUC), identified by GUC name.
*/
-AclMode
+static AclMode
pg_parameter_aclmask(const char *name, Oid roleid, AclMode mask, AclMaskHow how)
{
AclMode result;
}
/*
- * Exported routine for examining a user's privileges for a configuration
+ * Routine for examining a user's privileges for a configuration
* parameter (GUC), identified by the OID of its pg_parameter_acl entry.
*/
-AclMode
+static AclMode
pg_parameter_acl_aclmask(Oid acl_oid, Oid roleid, AclMode mask, AclMaskHow how)
{
AclMode result;
}
/*
- * Exported routine for examining a user's privileges for a function
- */
-AclMode
-pg_proc_aclmask(Oid proc_oid, Oid roleid,
- AclMode mask, AclMaskHow how)
-{
- AclMode result;
- HeapTuple tuple;
- Datum aclDatum;
- bool isNull;
- Acl *acl;
- Oid ownerId;
-
- /* Superusers bypass all permission checking. */
- if (superuser_arg(roleid))
- return mask;
-
- /*
- * Get the function's ACL from pg_proc
- */
- tuple = SearchSysCache1(PROCOID, ObjectIdGetDatum(proc_oid));
- if (!HeapTupleIsValid(tuple))
- ereport(ERROR,
- (errcode(ERRCODE_UNDEFINED_FUNCTION),
- errmsg("function with OID %u does not exist", proc_oid)));
-
- ownerId = ((Form_pg_proc) GETSTRUCT(tuple))->proowner;
-
- aclDatum = SysCacheGetAttr(PROCOID, tuple, Anum_pg_proc_proacl,
- &isNull);
- if (isNull)
- {
- /* No ACL, so build default ACL */
- acl = acldefault(OBJECT_FUNCTION, ownerId);
- aclDatum = (Datum) 0;
- }
- else
- {
- /* detoast ACL if necessary */
- acl = DatumGetAclP(aclDatum);
- }
-
- result = aclmask(acl, roleid, ownerId, mask, how);
-
- /* if we have a detoasted copy, free it */
- if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
- pfree(acl);
-
- ReleaseSysCache(tuple);
-
- return result;
-}
-
-/*
- * Exported routine for examining a user's privileges for a language
- */
-AclMode
-pg_language_aclmask(Oid lang_oid, Oid roleid,
- AclMode mask, AclMaskHow how)
-{
- AclMode result;
- HeapTuple tuple;
- Datum aclDatum;
- bool isNull;
- Acl *acl;
- Oid ownerId;
-
- /* Superusers bypass all permission checking. */
- if (superuser_arg(roleid))
- return mask;
-
- /*
- * Get the language's ACL from pg_language
- */
- tuple = SearchSysCache1(LANGOID, ObjectIdGetDatum(lang_oid));
- if (!HeapTupleIsValid(tuple))
- ereport(ERROR,
- (errcode(ERRCODE_UNDEFINED_OBJECT),
- errmsg("language with OID %u does not exist", lang_oid)));
-
- ownerId = ((Form_pg_language) GETSTRUCT(tuple))->lanowner;
-
- aclDatum = SysCacheGetAttr(LANGOID, tuple, Anum_pg_language_lanacl,
- &isNull);
- if (isNull)
- {
- /* No ACL, so build default ACL */
- acl = acldefault(OBJECT_LANGUAGE, ownerId);
- aclDatum = (Datum) 0;
- }
- else
- {
- /* detoast ACL if necessary */
- acl = DatumGetAclP(aclDatum);
- }
-
- result = aclmask(acl, roleid, ownerId, mask, how);
-
- /* if we have a detoasted copy, free it */
- if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
- pfree(acl);
-
- ReleaseSysCache(tuple);
-
- return result;
-}
-
-/*
- * Exported routine for examining a user's privileges for a largeobject
+ * Routine for examining a user's privileges for a largeobject
*
* When a large object is opened for reading, it is opened relative to the
* caller's snapshot, but when it is opened for writing, a current
* snapshot, since all we do with the snapshot argument is pass it through
* to systable_beginscan().
*/
-AclMode
+static AclMode
pg_largeobject_aclmask_snapshot(Oid lobj_oid, Oid roleid,
AclMode mask, AclMaskHow how,
Snapshot snapshot)
}
/*
- * Exported routine for examining a user's privileges for a namespace
+ * Routine for examining a user's privileges for a namespace
*/
-AclMode
+static AclMode
pg_namespace_aclmask(Oid nsp_oid, Oid roleid,
AclMode mask, AclMaskHow how)
{
*/
if (isTempNamespace(nsp_oid))
{
- if (pg_database_aclcheck(MyDatabaseId, roleid,
- ACL_CREATE_TEMP) == ACLCHECK_OK)
+ if (object_aclcheck(DatabaseRelationId, MyDatabaseId, roleid,
+ ACL_CREATE_TEMP) == ACLCHECK_OK)
return mask & ACL_ALL_RIGHTS_SCHEMA;
else
return mask & ACL_USAGE;
}
/*
- * Exported routine for examining a user's privileges for a tablespace
- */
-AclMode
-pg_tablespace_aclmask(Oid spc_oid, Oid roleid,
- AclMode mask, AclMaskHow how)
-{
- AclMode result;
- HeapTuple tuple;
- Datum aclDatum;
- bool isNull;
- Acl *acl;
- Oid ownerId;
-
- /* Superusers bypass all permission checking. */
- if (superuser_arg(roleid))
- return mask;
-
- /*
- * Get the tablespace's ACL from pg_tablespace
- */
- tuple = SearchSysCache1(TABLESPACEOID, ObjectIdGetDatum(spc_oid));
- if (!HeapTupleIsValid(tuple))
- ereport(ERROR,
- (errcode(ERRCODE_UNDEFINED_OBJECT),
- errmsg("tablespace with OID %u does not exist", spc_oid)));
-
- ownerId = ((Form_pg_tablespace) GETSTRUCT(tuple))->spcowner;
-
- aclDatum = SysCacheGetAttr(TABLESPACEOID, tuple,
- Anum_pg_tablespace_spcacl,
- &isNull);
-
- if (isNull)
- {
- /* No ACL, so build default ACL */
- acl = acldefault(OBJECT_TABLESPACE, ownerId);
- aclDatum = (Datum) 0;
- }
- else
- {
- /* detoast ACL if necessary */
- acl = DatumGetAclP(aclDatum);
- }
-
- result = aclmask(acl, roleid, ownerId, mask, how);
-
- /* if we have a detoasted copy, free it */
- if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
- pfree(acl);
-
- ReleaseSysCache(tuple);
-
- return result;
-}
-
-/*
- * Exported routine for examining a user's privileges for a foreign
- * data wrapper
- */
-AclMode
-pg_foreign_data_wrapper_aclmask(Oid fdw_oid, Oid roleid,
- AclMode mask, AclMaskHow how)
-{
- AclMode result;
- HeapTuple tuple;
- Datum aclDatum;
- bool isNull;
- Acl *acl;
- Oid ownerId;
-
- Form_pg_foreign_data_wrapper fdwForm;
-
- /* Bypass permission checks for superusers */
- if (superuser_arg(roleid))
- return mask;
-
- /*
- * Must get the FDW's tuple from pg_foreign_data_wrapper
- */
- tuple = SearchSysCache1(FOREIGNDATAWRAPPEROID, ObjectIdGetDatum(fdw_oid));
- if (!HeapTupleIsValid(tuple))
- ereport(ERROR,
- (errcode(ERRCODE_UNDEFINED_OBJECT),
- errmsg("foreign-data wrapper with OID %u does not exist",
- fdw_oid)));
- fdwForm = (Form_pg_foreign_data_wrapper) GETSTRUCT(tuple);
-
- /*
- * Normal case: get the FDW's ACL from pg_foreign_data_wrapper
- */
- ownerId = fdwForm->fdwowner;
-
- aclDatum = SysCacheGetAttr(FOREIGNDATAWRAPPEROID, tuple,
- Anum_pg_foreign_data_wrapper_fdwacl, &isNull);
- if (isNull)
- {
- /* No ACL, so build default ACL */
- acl = acldefault(OBJECT_FDW, ownerId);
- aclDatum = (Datum) 0;
- }
- else
- {
- /* detoast rel's ACL if necessary */
- acl = DatumGetAclP(aclDatum);
- }
-
- result = aclmask(acl, roleid, ownerId, mask, how);
-
- /* if we have a detoasted copy, free it */
- if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
- pfree(acl);
-
- ReleaseSysCache(tuple);
-
- return result;
-}
-
-/*
- * Exported routine for examining a user's privileges for a foreign
- * server.
- */
-AclMode
-pg_foreign_server_aclmask(Oid srv_oid, Oid roleid,
- AclMode mask, AclMaskHow how)
-{
- AclMode result;
- HeapTuple tuple;
- Datum aclDatum;
- bool isNull;
- Acl *acl;
- Oid ownerId;
-
- Form_pg_foreign_server srvForm;
-
- /* Bypass permission checks for superusers */
- if (superuser_arg(roleid))
- return mask;
-
- /*
- * Must get the FDW's tuple from pg_foreign_data_wrapper
- */
- tuple = SearchSysCache1(FOREIGNSERVEROID, ObjectIdGetDatum(srv_oid));
- if (!HeapTupleIsValid(tuple))
- ereport(ERROR,
- (errcode(ERRCODE_UNDEFINED_OBJECT),
- errmsg("foreign server with OID %u does not exist",
- srv_oid)));
- srvForm = (Form_pg_foreign_server) GETSTRUCT(tuple);
-
- /*
- * Normal case: get the foreign server's ACL from pg_foreign_server
- */
- ownerId = srvForm->srvowner;
-
- aclDatum = SysCacheGetAttr(FOREIGNSERVEROID, tuple,
- Anum_pg_foreign_server_srvacl, &isNull);
- if (isNull)
- {
- /* No ACL, so build default ACL */
- acl = acldefault(OBJECT_FOREIGN_SERVER, ownerId);
- aclDatum = (Datum) 0;
- }
- else
- {
- /* detoast rel's ACL if necessary */
- acl = DatumGetAclP(aclDatum);
- }
-
- result = aclmask(acl, roleid, ownerId, mask, how);
-
- /* if we have a detoasted copy, free it */
- if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
- pfree(acl);
-
- ReleaseSysCache(tuple);
-
- return result;
-}
-
-/*
- * Exported routine for examining a user's privileges for a type.
+ * Routine for examining a user's privileges for a type.
*/
-AclMode
+static AclMode
pg_type_aclmask(Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how)
{
AclMode result;
return result;
}
+/*
+ * Exported generic routine for checking a user's access privileges to an object
+ */
+AclResult
+object_aclcheck(Oid classid, Oid objectid, Oid roleid, AclMode mode)
+{
+ if (object_aclmask(classid, objectid, roleid, mode, ACLMASK_ANY) != 0)
+ return ACLCHECK_OK;
+ else
+ return ACLCHECK_NO_PRIV;
+}
+
/*
* Exported routine for checking a user's access privileges to a column
*
return ACLCHECK_NO_PRIV;
}
-/*
- * Exported routine for checking a user's access privileges to a database
- */
-AclResult
-pg_database_aclcheck(Oid db_oid, Oid roleid, AclMode mode)
-{
- if (pg_database_aclmask(db_oid, roleid, mode, ACLMASK_ANY) != 0)
- return ACLCHECK_OK;
- else
- return ACLCHECK_NO_PRIV;
-}
-
/*
* Exported routine for checking a user's access privileges to a configuration
* parameter (GUC), identified by GUC name.
return ACLCHECK_NO_PRIV;
}
-/*
- * Exported routine for checking a user's access privileges to a configuration
- * parameter (GUC), identified by the OID of its pg_parameter_acl entry.
- */
-AclResult
-pg_parameter_acl_aclcheck(Oid acl_oid, Oid roleid, AclMode mode)
-{
- if (pg_parameter_acl_aclmask(acl_oid, roleid, mode, ACLMASK_ANY) != 0)
- return ACLCHECK_OK;
- else
- return ACLCHECK_NO_PRIV;
-}
-
-/*
- * Exported routine for checking a user's access privileges to a function
- */
-AclResult
-pg_proc_aclcheck(Oid proc_oid, Oid roleid, AclMode mode)
-{
- if (pg_proc_aclmask(proc_oid, roleid, mode, ACLMASK_ANY) != 0)
- return ACLCHECK_OK;
- else
- return ACLCHECK_NO_PRIV;
-}
-
-/*
- * Exported routine for checking a user's access privileges to a language
- */
-AclResult
-pg_language_aclcheck(Oid lang_oid, Oid roleid, AclMode mode)
-{
- if (pg_language_aclmask(lang_oid, roleid, mode, ACLMASK_ANY) != 0)
- return ACLCHECK_OK;
- else
- return ACLCHECK_NO_PRIV;
-}
-
/*
* Exported routine for checking a user's access privileges to a largeobject
*/
return ACLCHECK_NO_PRIV;
}
-/*
- * Exported routine for checking a user's access privileges to a namespace
- */
-AclResult
-pg_namespace_aclcheck(Oid nsp_oid, Oid roleid, AclMode mode)
-{
- if (pg_namespace_aclmask(nsp_oid, roleid, mode, ACLMASK_ANY) != 0)
- return ACLCHECK_OK;
- else
- return ACLCHECK_NO_PRIV;
-}
-
-/*
- * Exported routine for checking a user's access privileges to a tablespace
- */
-AclResult
-pg_tablespace_aclcheck(Oid spc_oid, Oid roleid, AclMode mode)
-{
- if (pg_tablespace_aclmask(spc_oid, roleid, mode, ACLMASK_ANY) != 0)
- return ACLCHECK_OK;
- else
- return ACLCHECK_NO_PRIV;
-}
-
-/*
- * Exported routine for checking a user's access privileges to a foreign
- * data wrapper
- */
-AclResult
-pg_foreign_data_wrapper_aclcheck(Oid fdw_oid, Oid roleid, AclMode mode)
-{
- if (pg_foreign_data_wrapper_aclmask(fdw_oid, roleid, mode, ACLMASK_ANY) != 0)
- return ACLCHECK_OK;
- else
- return ACLCHECK_NO_PRIV;
-}
-
-/*
- * Exported routine for checking a user's access privileges to a foreign
- * server
- */
-AclResult
-pg_foreign_server_aclcheck(Oid srv_oid, Oid roleid, AclMode mode)
-{
- if (pg_foreign_server_aclmask(srv_oid, roleid, mode, ACLMASK_ANY) != 0)
- return ACLCHECK_OK;
- else
- return ACLCHECK_NO_PRIV;
-}
-
-/*
- * Exported routine for checking a user's access privileges to a type
- */
-AclResult
-pg_type_aclcheck(Oid type_oid, Oid roleid, AclMode mode)
-{
- if (pg_type_aclmask(type_oid, roleid, mode, ACLMASK_ANY) != 0)
- return ACLCHECK_OK;
- else
- return ACLCHECK_NO_PRIV;
-}
-
/*
* Generic ownership check for an object
*/
#include "catalog/pg_authid.h"
#include "catalog/pg_collation.h"
#include "catalog/pg_conversion.h"
+#include "catalog/pg_database.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_opclass.h"
#include "catalog/pg_operator.h"
break;
/* Check namespace permissions. */
- aclresult = pg_namespace_aclcheck(nspid, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(NamespaceRelationId, nspid, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(nspid));
if (missing_ok && !OidIsValid(namespaceId))
return InvalidOid;
- aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(NamespaceRelationId, namespaceId, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
nspname);
namespaceId = get_namespace_oid(nspname, false);
- aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(NamespaceRelationId, namespaceId, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
nspname);
ReleaseSysCache(tuple);
if (OidIsValid(namespaceId) &&
!list_member_oid(oidlist, namespaceId) &&
- pg_namespace_aclcheck(namespaceId, roleid,
+ object_aclcheck(NamespaceRelationId, namespaceId, roleid,
ACL_USAGE) == ACLCHECK_OK &&
InvokeNamespaceSearchHook(namespaceId, false))
oidlist = lappend_oid(oidlist, namespaceId);
namespaceId = get_namespace_oid(curname, true);
if (OidIsValid(namespaceId) &&
!list_member_oid(oidlist, namespaceId) &&
- pg_namespace_aclcheck(namespaceId, roleid,
+ object_aclcheck(NamespaceRelationId, namespaceId, roleid,
ACL_USAGE) == ACLCHECK_OK &&
InvokeNamespaceSearchHook(namespaceId, false))
oidlist = lappend_oid(oidlist, namespaceId);
* But there's no need to make the namespace in the first place until a
* temp table creation request is made by someone with appropriate rights.
*/
- if (pg_database_aclcheck(MyDatabaseId, GetUserId(),
+ if (object_aclcheck(DatabaseRelationId, MyDatabaseId, GetUserId(),
ACL_CREATE_TEMP) != ACLCHECK_OK)
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
*/
for (i = 0; i < numArgs; i++)
{
- aclresult = pg_type_aclcheck(aggArgTypes[i], GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(TypeRelationId, aggArgTypes[i], GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error_type(aclresult, aggArgTypes[i]);
}
- aclresult = pg_type_aclcheck(aggTransType, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(TypeRelationId, aggTransType, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error_type(aclresult, aggTransType);
if (OidIsValid(aggmTransType))
{
- aclresult = pg_type_aclcheck(aggmTransType, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(TypeRelationId, aggmTransType, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error_type(aclresult, aggmTransType);
}
- aclresult = pg_type_aclcheck(finaltype, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(TypeRelationId, finaltype, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error_type(aclresult, finaltype);
}
/* Check aggregate creator has permission to call the function */
- aclresult = pg_proc_aclcheck(fnOid, GetUserId(), ACL_EXECUTE);
+ aclresult = object_aclcheck(ProcedureRelationId, fnOid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION, get_func_name(fnOid));
/* not in catalogs, different from operator, so make shell */
- aclresult = pg_namespace_aclcheck(otherNamespace, GetUserId(),
+ aclresult = object_aclcheck(NamespaceRelationId, otherNamespace, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
#include "access/htup_details.h"
#include "catalog/dependency.h"
#include "catalog/pg_aggregate.h"
+#include "catalog/pg_namespace.h"
#include "catalog/pg_proc.h"
#include "catalog/pg_type.h"
#include "commands/alter.h"
aggNamespace = QualifiedNameGetCreationNamespace(name, &aggName);
/* Check we have creation rights in target namespace */
- aclresult = pg_namespace_aclcheck(aggNamespace, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(NamespaceRelationId, aggNamespace, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(aggNamespace));
/* User must have CREATE privilege on the namespace */
if (OidIsValid(namespaceId))
{
- aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(),
+ aclresult = object_aclcheck(NamespaceRelationId, namespaceId, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
NameStr(*(DatumGetName(name))));
/* User must have CREATE privilege on new namespace */
- aclresult = pg_namespace_aclcheck(nspOid, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(NamespaceRelationId, nspOid, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(nspOid));
{
AclResult aclresult;
- aclresult = pg_namespace_aclcheck(namespaceId, new_ownerId,
+ aclresult = object_aclcheck(NamespaceRelationId, namespaceId, new_ownerId,
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
#include "catalog/objectaccess.h"
#include "catalog/pg_collation.h"
#include "catalog/pg_database.h"
+#include "catalog/pg_namespace.h"
#include "commands/alter.h"
#include "commands/collationcmds.h"
#include "commands/comment.h"
collNamespace = QualifiedNameGetCreationNamespace(names, &collName);
- aclresult = pg_namespace_aclcheck(collNamespace, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(NamespaceRelationId, collNamespace, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(collNamespace));
#include "catalog/dependency.h"
#include "catalog/indexing.h"
#include "catalog/pg_conversion.h"
+#include "catalog/pg_namespace.h"
+#include "catalog/pg_proc.h"
#include "catalog/pg_type.h"
#include "commands/alter.h"
#include "commands/conversioncmds.h"
&conversion_name);
/* Check we have creation rights in target namespace */
- aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(NamespaceRelationId, namespaceId, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(namespaceId));
NameListToString(func_name), "integer")));
/* Check we have EXECUTE rights for the function */
- aclresult = pg_proc_aclcheck(funcoid, GetUserId(), ACL_EXECUTE);
+ aclresult = object_aclcheck(ProcedureRelationId, funcoid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION,
NameListToString(func_name));
tablespacename = defGetString(dtablespacename);
dst_deftablespace = get_tablespace_oid(tablespacename, false);
/* check permissions */
- aclresult = pg_tablespace_aclcheck(dst_deftablespace, GetUserId(),
+ aclresult = object_aclcheck(TableSpaceRelationId, dst_deftablespace, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_TABLESPACE,
/*
* Permission checks
*/
- aclresult = pg_tablespace_aclcheck(dst_tblspcoid, GetUserId(),
+ aclresult = object_aclcheck(TableSpaceRelationId, dst_tblspcoid, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_TABLESPACE,
#include "catalog/objectaccess.h"
#include "catalog/pg_authid.h"
#include "catalog/pg_collation.h"
+#include "catalog/pg_database.h"
#include "catalog/pg_depend.h"
#include "catalog/pg_extension.h"
#include "catalog/pg_namespace.h"
if (!control->trusted)
return false;
/* Allow if user has CREATE privilege on current database */
- aclresult = pg_database_aclcheck(MyDatabaseId, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(DatabaseRelationId, MyDatabaseId, GetUserId(), ACL_CREATE);
if (aclresult == ACLCHECK_OK)
return true;
return false;
extensionName);
/* Permission check: must have creation rights in target namespace */
- aclresult = pg_namespace_aclcheck(nspOid, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(NamespaceRelationId, nspOid, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA, newschema);
check_is_member_of_role(GetUserId(), newOwnerId);
/* New owner must have USAGE privilege on foreign-data wrapper */
- aclresult = pg_foreign_data_wrapper_aclcheck(form->srvfdw, newOwnerId, ACL_USAGE);
+ aclresult = object_aclcheck(ForeignDataWrapperRelationId, form->srvfdw, newOwnerId, ACL_USAGE);
if (aclresult != ACLCHECK_OK)
{
ForeignDataWrapper *fdw = GetForeignDataWrapper(form->srvfdw);
*/
fdw = GetForeignDataWrapperByName(stmt->fdwname, false);
- aclresult = pg_foreign_data_wrapper_aclcheck(fdw->fdwid, ownerId, ACL_USAGE);
+ aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdw->fdwid, ownerId, ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FDW, fdw->fdwname);
{
AclResult aclresult;
- aclresult = pg_foreign_server_aclcheck(serverid, curuserid, ACL_USAGE);
+ aclresult = object_aclcheck(ForeignServerRelationId, serverid, curuserid, ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, servername);
}
* get the actual FDW for option validation etc.
*/
server = GetForeignServerByName(stmt->servername, false);
- aclresult = pg_foreign_server_aclcheck(server->serverid, ownerId, ACL_USAGE);
+ aclresult = object_aclcheck(ForeignServerRelationId, server->serverid, ownerId, ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername);
/* Check that the foreign server exists and that we have USAGE on it */
server = GetForeignServerByName(stmt->server_name, false);
- aclresult = pg_foreign_server_aclcheck(server->serverid, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(ForeignServerRelationId, server->serverid, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FOREIGN_SERVER, server->servername);
errdetail("Creating a shell type definition.")));
namespaceId = QualifiedNameGetCreationNamespace(returnType->names,
&typname);
- aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(),
+ aclresult = object_aclcheck(NamespaceRelationId, namespaceId, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
Assert(OidIsValid(rettype));
}
- aclresult = pg_type_aclcheck(rettype, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(TypeRelationId, rettype, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error_type(aclresult, rettype);
toid = InvalidOid; /* keep compiler quiet */
}
- aclresult = pg_type_aclcheck(toid, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(TypeRelationId, toid, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error_type(aclresult, toid);
&funcname);
/* Check we have creation rights in target namespace */
- aclresult = pg_namespace_aclcheck(namespaceId, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(NamespaceRelationId, namespaceId, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(namespaceId));
if (languageStruct->lanpltrusted)
{
/* if trusted language, need USAGE privilege */
- aclresult = pg_language_aclcheck(languageOid, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(LanguageRelationId, languageOid, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_LANGUAGE,
NameStr(languageStruct->lanname));
format_type_be(sourcetypeid),
format_type_be(targettypeid))));
- aclresult = pg_type_aclcheck(sourcetypeid, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(TypeRelationId, sourcetypeid, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error_type(aclresult, sourcetypeid);
- aclresult = pg_type_aclcheck(targettypeid, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(TypeRelationId, targettypeid, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error_type(aclresult, targettypeid);
if (!object_ownercheck(TypeRelationId, typeid, GetUserId()))
aclcheck_error_type(ACLCHECK_NOT_OWNER, typeid);
- aclresult = pg_type_aclcheck(typeid, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(TypeRelationId, typeid, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error_type(aclresult, typeid);
*/
langid = get_language_oid(stmt->lang, false);
- aclresult = pg_language_aclcheck(langid, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(LanguageRelationId, langid, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_LANGUAGE, stmt->lang);
if (!object_ownercheck(ProcedureRelationId, fromsqlfuncid, GetUserId()))
aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION, NameListToString(stmt->fromsql->objname));
- aclresult = pg_proc_aclcheck(fromsqlfuncid, GetUserId(), ACL_EXECUTE);
+ aclresult = object_aclcheck(ProcedureRelationId, fromsqlfuncid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION, NameListToString(stmt->fromsql->objname));
if (!object_ownercheck(ProcedureRelationId, tosqlfuncid, GetUserId()))
aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_FUNCTION, NameListToString(stmt->tosql->objname));
- aclresult = pg_proc_aclcheck(tosqlfuncid, GetUserId(), ACL_EXECUTE);
+ aclresult = object_aclcheck(ProcedureRelationId, tosqlfuncid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION, NameListToString(stmt->tosql->objname));
/* if trusted language, need USAGE privilege */
AclResult aclresult;
- aclresult = pg_language_aclcheck(codeblock->langOid, GetUserId(),
+ aclresult = object_aclcheck(LanguageRelationId, codeblock->langOid, GetUserId(),
ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_LANGUAGE,
Assert(fexpr);
Assert(IsA(fexpr, FuncExpr));
- aclresult = pg_proc_aclcheck(fexpr->funcid, GetUserId(), ACL_EXECUTE);
+ aclresult = object_aclcheck(ProcedureRelationId, fexpr->funcid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_PROCEDURE, get_func_name(fexpr->funcid));
{
AclResult aclresult;
- aclresult = pg_namespace_aclcheck(namespaceId, root_save_userid,
+ aclresult = object_aclcheck(NamespaceRelationId, namespaceId, root_save_userid,
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
{
AclResult aclresult;
- aclresult = pg_tablespace_aclcheck(tablespaceId, root_save_userid,
+ aclresult = object_aclcheck(TableSpaceRelationId, tablespaceId, root_save_userid,
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_TABLESPACE,
{
AclResult aclresult;
- aclresult = pg_tablespace_aclcheck(params.tablespaceOid,
+ aclresult = object_aclcheck(TableSpaceRelationId, params.tablespaceOid,
GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_TABLESPACE,
{
AclResult aclresult;
- aclresult = pg_tablespace_aclcheck(params->tablespaceOid,
+ aclresult = object_aclcheck(TableSpaceRelationId, params->tablespaceOid,
GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_TABLESPACE,
&opcname);
/* Check we have creation rights in target namespace */
- aclresult = pg_namespace_aclcheck(namespaceoid, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(NamespaceRelationId, namespaceoid, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(namespaceoid));
&opfname);
/* Check we have creation rights in target namespace */
- aclresult = pg_namespace_aclcheck(namespaceoid, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(NamespaceRelationId, namespaceoid, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(namespaceoid));
#include "catalog/dependency.h"
#include "catalog/indexing.h"
#include "catalog/objectaccess.h"
+#include "catalog/pg_namespace.h"
#include "catalog/pg_operator.h"
+#include "catalog/pg_proc.h"
#include "catalog/pg_type.h"
#include "commands/alter.h"
#include "commands/defrem.h"
oprNamespace = QualifiedNameGetCreationNamespace(names, &oprName);
/* Check we have creation rights in target namespace */
- aclresult = pg_namespace_aclcheck(oprNamespace, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(NamespaceRelationId, oprNamespace, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(oprNamespace));
if (typeName1)
{
- aclresult = pg_type_aclcheck(typeId1, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(TypeRelationId, typeId1, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error_type(aclresult, typeId1);
}
if (typeName2)
{
- aclresult = pg_type_aclcheck(typeId2, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(TypeRelationId, typeId2, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error_type(aclresult, typeId2);
}
* necessary, since EXECUTE will be checked at any attempted use of the
* operator, but it seems like a good idea anyway.
*/
- aclresult = pg_proc_aclcheck(functionOid, GetUserId(), ACL_EXECUTE);
+ aclresult = object_aclcheck(ProcedureRelationId, functionOid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION,
NameListToString(functionName));
rettype = get_func_rettype(functionOid);
- aclresult = pg_type_aclcheck(rettype, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(TypeRelationId, rettype, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error_type(aclresult, rettype);
NameListToString(restrictionName), "float8")));
/* Require EXECUTE rights for the estimator */
- aclresult = pg_proc_aclcheck(restrictionOid, GetUserId(), ACL_EXECUTE);
+ aclresult = object_aclcheck(ProcedureRelationId, restrictionOid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION,
NameListToString(restrictionName));
NameListToString(joinName), "float8")));
/* Require EXECUTE rights for the estimator */
- aclresult = pg_proc_aclcheck(joinOid, GetUserId(), ACL_EXECUTE);
+ aclresult = object_aclcheck(ProcedureRelationId, joinOid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION,
NameListToString(joinName));
#include "catalog/objectaccess.h"
#include "catalog/objectaddress.h"
#include "catalog/partition.h"
+#include "catalog/pg_database.h"
#include "catalog/pg_inherits.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_proc.h"
List *schemaidlist = NIL;
/* must have CREATE privilege on database */
- aclresult = pg_database_aclcheck(MyDatabaseId, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(DatabaseRelationId, MyDatabaseId, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_DATABASE,
get_database_name(MyDatabaseId));
check_is_member_of_role(GetUserId(), newOwnerId);
/* New owner must have CREATE privilege on database */
- aclresult = pg_database_aclcheck(MyDatabaseId, newOwnerId, ACL_CREATE);
+ aclresult = object_aclcheck(DatabaseRelationId, MyDatabaseId, newOwnerId, ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_DATABASE,
get_database_name(MyDatabaseId));
#include "catalog/namespace.h"
#include "catalog/objectaccess.h"
#include "catalog/pg_authid.h"
+#include "catalog/pg_database.h"
#include "catalog/pg_namespace.h"
#include "commands/dbcommands.h"
#include "commands/event_trigger.h"
* The latter provision guards against "giveaway" attacks. Note that a
* superuser will always have both of these privileges a fortiori.
*/
- aclresult = pg_database_aclcheck(MyDatabaseId, saved_uid, ACL_CREATE);
+ aclresult = object_aclcheck(DatabaseRelationId, MyDatabaseId, saved_uid, ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_DATABASE,
get_database_name(MyDatabaseId));
oldname);
/* must have CREATE privilege on database */
- aclresult = pg_database_aclcheck(MyDatabaseId, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(DatabaseRelationId, MyDatabaseId, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_DATABASE,
get_database_name(MyDatabaseId));
* schemas. Because superusers will always have this right, we need
* no special case for them.
*/
- aclresult = pg_database_aclcheck(MyDatabaseId, GetUserId(),
+ aclresult = object_aclcheck(DatabaseRelationId, MyDatabaseId, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_DATABASE,
{
AclResult aclresult;
- aclresult = pg_tablespace_aclcheck(tablespaceId, GetUserId(),
+ aclresult = object_aclcheck(TableSpaceRelationId, tablespaceId, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_TABLESPACE,
ofTypeId = typenameTypeId(NULL, stmt->ofTypename);
- aclresult = pg_type_aclcheck(ofTypeId, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(TypeRelationId, ofTypeId, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error_type(aclresult, ofTypeId);
}
tform = (Form_pg_type) GETSTRUCT(typeTuple);
typeOid = tform->oid;
- aclresult = pg_type_aclcheck(typeOid, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(TypeRelationId, typeOid, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error_type(aclresult, typeOid);
/* Look up the target type */
typenameTypeIdAndMod(NULL, typeName, &targettype, &targettypmod);
- aclresult = pg_type_aclcheck(targettype, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(TypeRelationId, targettype, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error_type(aclresult, targettype);
check_is_member_of_role(GetUserId(), newOwnerId);
/* New owner must have CREATE privilege on namespace */
- aclresult = pg_namespace_aclcheck(namespaceOid, newOwnerId,
+ aclresult = object_aclcheck(NamespaceRelationId, namespaceOid, newOwnerId,
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
{
AclResult aclresult;
- aclresult = pg_tablespace_aclcheck(tablespaceId, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(TableSpaceRelationId, tablespaceId, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_TABLESPACE, tablespacename);
}
{
AclResult aclresult;
- aclresult = pg_tablespace_aclcheck(new_tablespaceoid, GetUserId(),
+ aclresult = object_aclcheck(TableSpaceRelationId, new_tablespaceoid, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_TABLESPACE,
*/
if (IsA(stmt, RenameStmt))
{
- aclresult = pg_namespace_aclcheck(classform->relnamespace,
+ aclresult = object_aclcheck(NamespaceRelationId, classform->relnamespace,
GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
}
/* Check permissions, similarly complaining only if interactive */
- aclresult = pg_tablespace_aclcheck(curoid, GetUserId(),
+ aclresult = object_aclcheck(TableSpaceRelationId, curoid, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
{
}
/* Check permissions similarly */
- aclresult = pg_tablespace_aclcheck(curoid, GetUserId(),
+ aclresult = object_aclcheck(TableSpaceRelationId, curoid, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
continue;
funcoid = LookupFuncName(stmt->funcname, 0, NULL, false);
if (!isInternal)
{
- aclresult = pg_proc_aclcheck(funcoid, GetUserId(), ACL_EXECUTE);
+ aclresult = object_aclcheck(ProcedureRelationId, funcoid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION,
NameListToString(stmt->funcname));
namespaceoid = QualifiedNameGetCreationNamespace(names, &dictname);
/* Check we have creation rights in target namespace */
- aclresult = pg_namespace_aclcheck(namespaceoid, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(NamespaceRelationId, namespaceoid, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(namespaceoid));
namespaceoid = QualifiedNameGetCreationNamespace(names, &cfgname);
/* Check we have creation rights in target namespace */
- aclresult = pg_namespace_aclcheck(namespaceoid, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(NamespaceRelationId, namespaceoid, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(namespaceoid));
#ifdef NOT_USED
/* XXX this is unnecessary given the superuser check above */
/* Check we have creation rights in target namespace */
- aclresult = pg_namespace_aclcheck(typeNamespace, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(NamespaceRelationId, typeNamespace, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(typeNamespace));
&domainName);
/* Check we have creation rights in target namespace */
- aclresult = pg_namespace_aclcheck(domainNamespace, GetUserId(),
+ aclresult = object_aclcheck(NamespaceRelationId, domainNamespace, GetUserId(),
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
errmsg("\"%s\" is not a valid base type for a domain",
TypeNameToString(stmt->typeName))));
- aclresult = pg_type_aclcheck(basetypeoid, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(TypeRelationId, basetypeoid, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error_type(aclresult, basetypeoid);
&enumName);
/* Check we have creation rights in target namespace */
- aclresult = pg_namespace_aclcheck(enumNamespace, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(NamespaceRelationId, enumNamespace, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(enumNamespace));
&typeName);
/* Check we have creation rights in target namespace */
- aclresult = pg_namespace_aclcheck(typeNamespace, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(NamespaceRelationId, typeNamespace, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(typeNamespace));
func_signature_string(procname, 1, NIL, argList))));
/* Also, range type's creator must have permission to call function */
- aclresult = pg_proc_aclcheck(procOid, GetUserId(), ACL_EXECUTE);
+ aclresult = object_aclcheck(ProcedureRelationId, procOid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION, get_func_name(procOid));
func_signature_string(procname, 2, NIL, argList))));
/* Also, range type's creator must have permission to call function */
- aclresult = pg_proc_aclcheck(procOid, GetUserId(), ACL_EXECUTE);
+ aclresult = object_aclcheck(ProcedureRelationId, procOid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION, get_func_name(procOid));
check_is_member_of_role(GetUserId(), newOwnerId);
/* New owner must have CREATE privilege on namespace */
- aclresult = pg_namespace_aclcheck(typTup->typnamespace,
+ aclresult = object_aclcheck(NamespaceRelationId, typTup->typnamespace,
newOwnerId,
ACL_CREATE);
if (aclresult != ACLCHECK_OK)
#include "access/nbtree.h"
#include "catalog/objectaccess.h"
+#include "catalog/pg_proc.h"
#include "catalog/pg_type.h"
#include "executor/execExpr.h"
#include "executor/nodeSubplan.h"
arrayarg = (Expr *) lsecond(opexpr->args);
/* Check permission to call function */
- aclresult = pg_proc_aclcheck(cmpfuncid,
+ aclresult = object_aclcheck(ProcedureRelationId, cmpfuncid,
GetUserId(),
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
if (OidIsValid(opexpr->hashfuncid))
{
- aclresult = pg_proc_aclcheck(opexpr->hashfuncid,
+ aclresult = object_aclcheck(ProcedureRelationId, opexpr->hashfuncid,
GetUserId(),
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
ListCell *lc;
/* Check permission to call function */
- aclresult = pg_proc_aclcheck(funcid, GetUserId(), ACL_EXECUTE);
+ aclresult = object_aclcheck(ProcedureRelationId, funcid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION, get_func_name(funcid));
InvokeFunctionExecuteHook(funcid);
AclResult aclresult;
/* Check permission to call function */
- aclresult = pg_proc_aclcheck(foid, GetUserId(), ACL_EXECUTE);
+ aclresult = object_aclcheck(ProcedureRelationId, foid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION, get_func_name(foid));
AclResult aclresult;
/* Check permission to call function */
- aclresult = pg_proc_aclcheck(foid, GetUserId(), ACL_EXECUTE);
+ aclresult = object_aclcheck(ProcedureRelationId, foid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION, get_func_name(foid));
#include "access/htup_details.h"
#include "catalog/objectaccess.h"
+#include "catalog/pg_proc.h"
#include "executor/execdebug.h"
#include "funcapi.h"
#include "miscadmin.h"
size_t numargs = list_length(sexpr->args);
/* Check permission to call function */
- aclresult = pg_proc_aclcheck(foid, GetUserId(), ACL_EXECUTE);
+ aclresult = object_aclcheck(ProcedureRelationId, foid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION, get_func_name(foid));
InvokeFunctionExecuteHook(foid);
aggform = (Form_pg_aggregate) GETSTRUCT(aggTuple);
/* Check permission to call aggregate function */
- aclresult = pg_proc_aclcheck(aggref->aggfnoid, GetUserId(),
+ aclresult = object_aclcheck(ProcedureRelationId, aggref->aggfnoid, GetUserId(),
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_AGGREGATE,
if (OidIsValid(finalfn_oid))
{
- aclresult = pg_proc_aclcheck(finalfn_oid, aggOwner,
+ aclresult = object_aclcheck(ProcedureRelationId, finalfn_oid, aggOwner,
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION,
}
if (OidIsValid(serialfn_oid))
{
- aclresult = pg_proc_aclcheck(serialfn_oid, aggOwner,
+ aclresult = object_aclcheck(ProcedureRelationId, serialfn_oid, aggOwner,
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION,
}
if (OidIsValid(deserialfn_oid))
{
- aclresult = pg_proc_aclcheck(deserialfn_oid, aggOwner,
+ aclresult = object_aclcheck(ProcedureRelationId, deserialfn_oid, aggOwner,
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION,
else
transfn_oid = aggform->aggtransfn;
- aclresult = pg_proc_aclcheck(transfn_oid, aggOwner, ACL_EXECUTE);
+ aclresult = object_aclcheck(ProcedureRelationId, transfn_oid, aggOwner, ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION,
get_func_name(transfn_oid));
wfuncstate->wfuncno = wfuncno;
/* Check permission to call window function */
- aclresult = pg_proc_aclcheck(wfunc->winfnoid, GetUserId(),
+ aclresult = object_aclcheck(ProcedureRelationId, wfunc->winfnoid, GetUserId(),
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION,
aggOwner = ((Form_pg_proc) GETSTRUCT(procTuple))->proowner;
ReleaseSysCache(procTuple);
- aclresult = pg_proc_aclcheck(transfn_oid, aggOwner,
+ aclresult = object_aclcheck(ProcedureRelationId, transfn_oid, aggOwner,
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION,
if (OidIsValid(invtransfn_oid))
{
- aclresult = pg_proc_aclcheck(invtransfn_oid, aggOwner,
+ aclresult = object_aclcheck(ProcedureRelationId, invtransfn_oid, aggOwner,
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION,
if (OidIsValid(finalfn_oid))
{
- aclresult = pg_proc_aclcheck(finalfn_oid, aggOwner,
+ aclresult = object_aclcheck(ProcedureRelationId, finalfn_oid, aggOwner,
ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION,
return NULL;
/* Check permission to call function (fail later, if not) */
- if (pg_proc_aclcheck(funcid, GetUserId(), ACL_EXECUTE) != ACLCHECK_OK)
+ if (object_aclcheck(ProcedureRelationId, funcid, GetUserId(), ACL_EXECUTE) != ACLCHECK_OK)
return NULL;
/* Check whether a plugin wants to hook function entry/exit */
return NULL;
/* Check permission to call function (fail later, if not) */
- if (pg_proc_aclcheck(func_oid, GetUserId(), ACL_EXECUTE) != ACLCHECK_OK)
+ if (object_aclcheck(ProcedureRelationId, func_oid, GetUserId(), ACL_EXECUTE) != ACLCHECK_OK)
return NULL;
/* Check whether a plugin wants to hook function entry/exit */
*/
if (relation->rd_rel->relkind == RELKIND_COMPOSITE_TYPE)
{
- aclresult = pg_type_aclcheck(relation->rd_rel->reltype, GetUserId(),
+ aclresult = object_aclcheck(TypeRelationId, relation->rd_rel->reltype, GetUserId(),
ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_TYPE,
#include "access/htup_details.h"
#include "access/xact.h"
#include "catalog/objectaccess.h"
+#include "catalog/pg_namespace.h"
#include "catalog/pg_proc.h"
#include "libpq/libpq.h"
#include "libpq/pqformat.h"
* Check permission to access and call function. Since we didn't go
* through a normal name lookup, we need to check schema usage too.
*/
- aclresult = pg_namespace_aclcheck(fip->namespace, GetUserId(), ACL_USAGE);
+ aclresult = object_aclcheck(NamespaceRelationId, fip->namespace, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_SCHEMA,
get_namespace_name(fip->namespace));
InvokeNamespaceSearchHook(fip->namespace, true);
- aclresult = pg_proc_aclcheck(fid, GetUserId(), ACL_EXECUTE);
+ aclresult = object_aclcheck(ProcedureRelationId, fid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION,
get_func_name(fid));
#include "catalog/pg_authid.h"
#include "catalog/pg_class.h"
#include "catalog/pg_database.h"
+#include "catalog/pg_foreign_data_wrapper.h"
+#include "catalog/pg_foreign_server.h"
+#include "catalog/pg_language.h"
+#include "catalog/pg_namespace.h"
#include "catalog/pg_parameter_acl.h"
+#include "catalog/pg_proc.h"
+#include "catalog/pg_tablespace.h"
#include "catalog/pg_type.h"
#include "commands/dbcommands.h"
#include "commands/proclang.h"
databaseoid = convert_database_name(databasename);
mode = convert_database_priv_string(priv_type_text);
- aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
+ aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
databaseoid = convert_database_name(databasename);
mode = convert_database_priv_string(priv_type_text);
- aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
+ aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
PG_RETURN_NULL();
- aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
+ aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
PG_RETURN_NULL();
- aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
+ aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
databaseoid = convert_database_name(databasename);
mode = convert_database_priv_string(priv_type_text);
- aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
+ aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
PG_RETURN_NULL();
- aclresult = pg_database_aclcheck(databaseoid, roleid, mode);
+ aclresult = object_aclcheck(DatabaseRelationId, databaseoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
fdwid = convert_foreign_data_wrapper_name(fdwname);
mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
- aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
+ aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
fdwid = convert_foreign_data_wrapper_name(fdwname);
mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
- aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
+ aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(FOREIGNDATAWRAPPEROID, ObjectIdGetDatum(fdwid)))
PG_RETURN_NULL();
- aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
+ aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(FOREIGNDATAWRAPPEROID, ObjectIdGetDatum(fdwid)))
PG_RETURN_NULL();
- aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
+ aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
fdwid = convert_foreign_data_wrapper_name(fdwname);
mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
- aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
+ aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(FOREIGNDATAWRAPPEROID, ObjectIdGetDatum(fdwid)))
PG_RETURN_NULL();
- aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
+ aclresult = object_aclcheck(ForeignDataWrapperRelationId, fdwid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
functionoid = convert_function_name(functionname);
mode = convert_function_priv_string(priv_type_text);
- aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
+ aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
functionoid = convert_function_name(functionname);
mode = convert_function_priv_string(priv_type_text);
- aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
+ aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
PG_RETURN_NULL();
- aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
+ aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
PG_RETURN_NULL();
- aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
+ aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
functionoid = convert_function_name(functionname);
mode = convert_function_priv_string(priv_type_text);
- aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
+ aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
PG_RETURN_NULL();
- aclresult = pg_proc_aclcheck(functionoid, roleid, mode);
+ aclresult = object_aclcheck(ProcedureRelationId, functionoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
languageoid = convert_language_name(languagename);
mode = convert_language_priv_string(priv_type_text);
- aclresult = pg_language_aclcheck(languageoid, roleid, mode);
+ aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
languageoid = convert_language_name(languagename);
mode = convert_language_priv_string(priv_type_text);
- aclresult = pg_language_aclcheck(languageoid, roleid, mode);
+ aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
PG_RETURN_NULL();
- aclresult = pg_language_aclcheck(languageoid, roleid, mode);
+ aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
PG_RETURN_NULL();
- aclresult = pg_language_aclcheck(languageoid, roleid, mode);
+ aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
languageoid = convert_language_name(languagename);
mode = convert_language_priv_string(priv_type_text);
- aclresult = pg_language_aclcheck(languageoid, roleid, mode);
+ aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
PG_RETURN_NULL();
- aclresult = pg_language_aclcheck(languageoid, roleid, mode);
+ aclresult = object_aclcheck(LanguageRelationId, languageoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
schemaoid = convert_schema_name(schemaname);
mode = convert_schema_priv_string(priv_type_text);
- aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
+ aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
schemaoid = convert_schema_name(schemaname);
mode = convert_schema_priv_string(priv_type_text);
- aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
+ aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
PG_RETURN_NULL();
- aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
+ aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
PG_RETURN_NULL();
- aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
+ aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
schemaoid = convert_schema_name(schemaname);
mode = convert_schema_priv_string(priv_type_text);
- aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
+ aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
PG_RETURN_NULL();
- aclresult = pg_namespace_aclcheck(schemaoid, roleid, mode);
+ aclresult = object_aclcheck(NamespaceRelationId, schemaoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
serverid = convert_server_name(servername);
mode = convert_server_priv_string(priv_type_text);
- aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
+ aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
serverid = convert_server_name(servername);
mode = convert_server_priv_string(priv_type_text);
- aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
+ aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)))
PG_RETURN_NULL();
- aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
+ aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)))
PG_RETURN_NULL();
- aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
+ aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
serverid = convert_server_name(servername);
mode = convert_server_priv_string(priv_type_text);
- aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
+ aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(FOREIGNSERVEROID, ObjectIdGetDatum(serverid)))
PG_RETURN_NULL();
- aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
+ aclresult = object_aclcheck(ForeignServerRelationId, serverid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
tablespaceoid = convert_tablespace_name(tablespacename);
mode = convert_tablespace_priv_string(priv_type_text);
- aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
+ aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
tablespaceoid = convert_tablespace_name(tablespacename);
mode = convert_tablespace_priv_string(priv_type_text);
- aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
+ aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(TABLESPACEOID, ObjectIdGetDatum(tablespaceoid)))
PG_RETURN_NULL();
- aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
+ aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(TABLESPACEOID, ObjectIdGetDatum(tablespaceoid)))
PG_RETURN_NULL();
- aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
+ aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
tablespaceoid = convert_tablespace_name(tablespacename);
mode = convert_tablespace_priv_string(priv_type_text);
- aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
+ aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(TABLESPACEOID, ObjectIdGetDatum(tablespaceoid)))
PG_RETURN_NULL();
- aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
+ aclresult = object_aclcheck(TableSpaceRelationId, tablespaceoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
typeoid = convert_type_name(typename);
mode = convert_type_priv_string(priv_type_text);
- aclresult = pg_type_aclcheck(typeoid, roleid, mode);
+ aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
typeoid = convert_type_name(typename);
mode = convert_type_priv_string(priv_type_text);
- aclresult = pg_type_aclcheck(typeoid, roleid, mode);
+ aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
PG_RETURN_NULL();
- aclresult = pg_type_aclcheck(typeoid, roleid, mode);
+ aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
PG_RETURN_NULL();
- aclresult = pg_type_aclcheck(typeoid, roleid, mode);
+ aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
typeoid = convert_type_name(typename);
mode = convert_type_priv_string(priv_type_text);
- aclresult = pg_type_aclcheck(typeoid, roleid, mode);
+ aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
if (!SearchSysCacheExists1(TYPEOID, ObjectIdGetDatum(typeoid)))
PG_RETURN_NULL();
- aclresult = pg_type_aclcheck(typeoid, roleid, mode);
+ aclresult = object_aclcheck(TypeRelationId, typeoid, roleid, mode);
PG_RETURN_BOOL(aclresult == ACLCHECK_OK);
}
#include "catalog/catalog.h"
#include "catalog/namespace.h"
#include "catalog/pg_authid.h"
+#include "catalog/pg_database.h"
#include "catalog/pg_tablespace.h"
#include "commands/dbcommands.h"
#include "commands/tablespace.h"
* User must have connect privilege for target database or have privileges
* of pg_read_all_stats
*/
- aclresult = pg_database_aclcheck(dbOid, GetUserId(), ACL_CONNECT);
+ aclresult = object_aclcheck(DatabaseRelationId, dbOid, GetUserId(), ACL_CONNECT);
if (aclresult != ACLCHECK_OK &&
!has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS))
{
if (tblspcOid != MyDatabaseTableSpace &&
!has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS))
{
- aclresult = pg_tablespace_aclcheck(tblspcOid, GetUserId(), ACL_CREATE);
+ aclresult = object_aclcheck(TableSpaceRelationId, tblspcOid, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_TABLESPACE,
get_tablespace_name(tblspcOid));
langStruct->lanvalidator)));
/* first validate that we have permissions to use the language */
- aclresult = pg_language_aclcheck(procStruct->prolang, GetUserId(),
+ aclresult = object_aclcheck(LanguageRelationId, procStruct->prolang, GetUserId(),
ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_LANGUAGE,
* execute it, there should be no possible side-effect of
* compiling/validation that execution can't have.
*/
- aclresult = pg_proc_aclcheck(functionOid, GetUserId(), ACL_EXECUTE);
+ aclresult = object_aclcheck(ProcedureRelationId, functionOid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION, NameStr(procStruct->proname));
* and save a few cycles.)
*/
if (!am_superuser &&
- pg_database_aclcheck(MyDatabaseId, GetUserId(),
+ object_aclcheck(DatabaseRelationId, MyDatabaseId, GetUserId(),
ACL_CONNECT) != ACLCHECK_OK)
ereport(FATAL,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
extern void RemoveRoleFromObjectACL(Oid roleid, Oid classid, Oid objid);
-extern AclMode pg_attribute_aclmask(Oid table_oid, AttrNumber attnum,
- Oid roleid, AclMode mask, AclMaskHow how);
-extern AclMode pg_attribute_aclmask_ext(Oid table_oid, AttrNumber attnum,
- Oid roleid, AclMode mask,
- AclMaskHow how, bool *is_missing);
extern AclMode pg_class_aclmask(Oid table_oid, Oid roleid,
AclMode mask, AclMaskHow how);
-extern AclMode pg_class_aclmask_ext(Oid table_oid, Oid roleid,
- AclMode mask, AclMaskHow how,
- bool *is_missing);
-extern AclMode pg_database_aclmask(Oid db_oid, Oid roleid,
- AclMode mask, AclMaskHow how);
-extern AclMode pg_parameter_aclmask(const char *name, Oid roleid,
- AclMode mask, AclMaskHow how);
-extern AclMode pg_parameter_acl_aclmask(Oid acl_oid, Oid roleid,
- AclMode mask, AclMaskHow how);
-extern AclMode pg_proc_aclmask(Oid proc_oid, Oid roleid,
- AclMode mask, AclMaskHow how);
-extern AclMode pg_language_aclmask(Oid lang_oid, Oid roleid,
- AclMode mask, AclMaskHow how);
-extern AclMode pg_largeobject_aclmask_snapshot(Oid lobj_oid, Oid roleid,
- AclMode mask, AclMaskHow how, Snapshot snapshot);
-extern AclMode pg_namespace_aclmask(Oid nsp_oid, Oid roleid,
- AclMode mask, AclMaskHow how);
-extern AclMode pg_tablespace_aclmask(Oid spc_oid, Oid roleid,
- AclMode mask, AclMaskHow how);
-extern AclMode pg_foreign_data_wrapper_aclmask(Oid fdw_oid, Oid roleid,
- AclMode mask, AclMaskHow how);
-extern AclMode pg_foreign_server_aclmask(Oid srv_oid, Oid roleid,
- AclMode mask, AclMaskHow how);
-extern AclMode pg_type_aclmask(Oid type_oid, Oid roleid,
- AclMode mask, AclMaskHow how);
+/* generic function */
+extern AclResult object_aclcheck(Oid classid, Oid objectid, Oid roleid, AclMode mode);
+
+/* special cases */
extern AclResult pg_attribute_aclcheck(Oid table_oid, AttrNumber attnum,
Oid roleid, AclMode mode);
extern AclResult pg_attribute_aclcheck_ext(Oid table_oid, AttrNumber attnum,
extern AclResult pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode);
extern AclResult pg_class_aclcheck_ext(Oid table_oid, Oid roleid,
AclMode mode, bool *is_missing);
-extern AclResult pg_database_aclcheck(Oid db_oid, Oid roleid, AclMode mode);
extern AclResult pg_parameter_aclcheck(const char *name, Oid roleid,
AclMode mode);
-extern AclResult pg_parameter_acl_aclcheck(Oid acl_oid, Oid roleid,
- AclMode mode);
-extern AclResult pg_proc_aclcheck(Oid proc_oid, Oid roleid, AclMode mode);
-extern AclResult pg_language_aclcheck(Oid lang_oid, Oid roleid, AclMode mode);
extern AclResult pg_largeobject_aclcheck_snapshot(Oid lobj_oid, Oid roleid,
AclMode mode, Snapshot snapshot);
-extern AclResult pg_namespace_aclcheck(Oid nsp_oid, Oid roleid, AclMode mode);
-extern AclResult pg_tablespace_aclcheck(Oid spc_oid, Oid roleid, AclMode mode);
-extern AclResult pg_foreign_data_wrapper_aclcheck(Oid fdw_oid, Oid roleid, AclMode mode);
-extern AclResult pg_foreign_server_aclcheck(Oid srv_oid, Oid roleid, AclMode mode);
-extern AclResult pg_type_aclcheck(Oid type_oid, Oid roleid, AclMode mode);
extern void aclcheck_error(AclResult aclerr, ObjectType objtype,
const char *objectname);
procOid = LookupFuncName(namelist, 0, NULL, false);
/* Current user must have permission to call function */
- aclresult = pg_proc_aclcheck(procOid, GetUserId(), ACL_EXECUTE);
+ aclresult = object_aclcheck(ProcedureRelationId, procOid, GetUserId(), ACL_EXECUTE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_FUNCTION, start_proc);
projects / users / gsingh / postgres.git / commitdiff