database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-02 11:44:50 +03:00
Code

Minor code cleanups, make in_group() check faster.

Browse Source
This commit is contained in:
Tom Lane 2000-11-03 19:02:18 +00:00
parent aceec9ae1a
commit 6be6a185d9
1 changed files with 44 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
src/backend/catalog/aclchk.c
View File

@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.41 2000/10/02 04:49:28 tgl Exp $ * $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.42 2000/11/03 19:02:18 tgl Exp $
* *
* NOTES * NOTES
* See acl.h. * See acl.h.
@ -185,41 +185,40 @@ get_groname(AclId grosysid)
static bool static bool
in_group(AclId uid, AclId gid) in_group(AclId uid, AclId gid)
{ {
Relation relation;
HeapTuple tuple; HeapTuple tuple;
Acl *tmp; Datum att;
bool isNull;
IdList *tmp;
AclId *aidp;
int i, int i,
num; num;
AclId *aidp;
bool found = false;
relation = heap_openr(GroupRelationName, RowExclusiveLock);
tuple = SearchSysCacheTuple(GROSYSID, tuple = SearchSysCacheTuple(GROSYSID,
ObjectIdGetDatum(gid), ObjectIdGetDatum(gid),
0, 0, 0); 0, 0, 0);
if (HeapTupleIsValid(tuple) && if (HeapTupleIsValid(tuple))
!heap_attisnull(tuple, Anum_pg_group_grolist))
{ {
tmp = (IdList *) heap_getattr(tuple, att = SysCacheGetAttr(GROSYSID,
Anum_pg_group_grolist, tuple,
RelationGetDescr(relation), Anum_pg_group_grolist,
(bool *) NULL); &isNull);
/* be sure the IdList is not toasted */ if (!isNull)
tmp = DatumGetIdListP(PointerGetDatum(tmp)); {
/* XXX make me a function */ /* be sure the IdList is not toasted */
num = IDLIST_NUM(tmp); tmp = DatumGetIdListP(att);
aidp = IDLIST_DAT(tmp); /* scan it */
for (i = 0; i < num; ++i) num = IDLIST_NUM(tmp);
if (aidp[i] == uid) aidp = IDLIST_DAT(tmp);
for (i = 0; i < num; ++i)
{ {
found = true; if (aidp[i] == uid)
break; return true;
} }
}
} }
else else
elog(NOTICE, "in_group: group %d not found", gid); elog(NOTICE, "in_group: group %u not found", gid);
heap_close(relation, RowExclusiveLock); return false;
return found;
} }
/* /*
@ -230,11 +229,10 @@ in_group(AclId uid, AclId gid)
static int32 static int32
aclcheck(char *relname, Acl *acl, AclId id, AclIdType idtype, AclMode mode) aclcheck(char *relname, Acl *acl, AclId id, AclIdType idtype, AclMode mode)
{ {
unsigned i;
AclItem *aip, AclItem *aip,
*aidat; *aidat;
unsigned num, int i,
found_group; num;
/* /*
* If ACL is null, default to "OK" --- this should not happen, * If ACL is null, default to "OK" --- this should not happen,
@ -252,17 +250,20 @@ aclcheck(char *relname, Acl *acl, AclId id, AclIdType idtype, AclMode mode)
/* /*
* We'll treat the empty ACL like that, too, although this is more * We'll treat the empty ACL like that, too, although this is more
* like an error (i.e., you manually blew away your ACL array) -- the * like an error (i.e., you manually blew away your ACL array) -- the
* system never creates an empty ACL. * system never creates an empty ACL, since there must always be
* a "world" entry in the first slot.
*/ */
if (num < 1) if (num < 1)
{ {
elog(DEBUG, "aclcheck: zero-length ACL, returning 1"); elog(DEBUG, "aclcheck: zero-length ACL, returning 1");
return ACLCHECK_OK; return ACLCHECK_OK;
} }
Assert(aidat->ai_idtype == ACL_IDTYPE_WORLD);
switch (idtype) switch (idtype)
{ {
case ACL_IDTYPE_UID: case ACL_IDTYPE_UID:
/* Look for exact match to user */
for (i = 1, aip = aidat + 1; /* skip world entry */ for (i = 1, aip = aidat + 1; /* skip world entry */
i < num && aip->ai_idtype == ACL_IDTYPE_UID; i < num && aip->ai_idtype == ACL_IDTYPE_UID;
++i, ++aip) ++i, ++aip)
@ -270,34 +271,33 @@ aclcheck(char *relname, Acl *acl, AclId id, AclIdType idtype, AclMode mode)
if (aip->ai_id == id) if (aip->ai_id == id)
{ {
#ifdef ACLDEBUG_TRACE #ifdef ACLDEBUG_TRACE
elog(DEBUG, "aclcheck: found %d/%d", elog(DEBUG, "aclcheck: found user %u/%d",
aip->ai_id, aip->ai_mode); aip->ai_id, aip->ai_mode);
#endif #endif
return (aip->ai_mode & mode) ? ACLCHECK_OK : ACLCHECK_NO_PRIV; return (aip->ai_mode & mode) ? ACLCHECK_OK : ACLCHECK_NO_PRIV;
} }
} }
for (found_group = 0; /* See if he has the permission via any group */
for (;
i < num && aip->ai_idtype == ACL_IDTYPE_GID; i < num && aip->ai_idtype == ACL_IDTYPE_GID;
++i, ++aip) ++i, ++aip)
{ {
if (in_group(id, aip->ai_id)) if (aip->ai_mode & mode)
{ {
if (aip->ai_mode & mode) if (in_group(id, aip->ai_id))
{ {
found_group = 1; #ifdef ACLDEBUG_TRACE
break; elog(DEBUG, "aclcheck: found group %u/%d",
aip->ai_id, aip->ai_mode);
#endif
return ACLCHECK_OK;
} }
} }
} }
if (found_group) /* Else, look to the world entry */
{
#ifdef ACLDEBUG_TRACE
elog(DEBUG, "aclcheck: all groups ok");
#endif
return ACLCHECK_OK;
}
break; break;
case ACL_IDTYPE_GID: case ACL_IDTYPE_GID:
/* Look for this group ID */
for (i = 1, aip = aidat + 1; /* skip world entry and for (i = 1, aip = aidat + 1; /* skip world entry and
* UIDs */ * UIDs */
i < num && aip->ai_idtype == ACL_IDTYPE_UID; i < num && aip->ai_idtype == ACL_IDTYPE_UID;
@ -310,14 +310,16 @@ aclcheck(char *relname, Acl *acl, AclId id, AclIdType idtype, AclMode mode)
if (aip->ai_id == id) if (aip->ai_id == id)
{ {
#ifdef ACLDEBUG_TRACE #ifdef ACLDEBUG_TRACE
elog(DEBUG, "aclcheck: found %d/%d", elog(DEBUG, "aclcheck: found group %u/%d",
aip->ai_id, aip->ai_mode); aip->ai_id, aip->ai_mode);
#endif #endif
return (aip->ai_mode & mode) ? ACLCHECK_OK : ACLCHECK_NO_PRIV; return (aip->ai_mode & mode) ? ACLCHECK_OK : ACLCHECK_NO_PRIV;
} }
} }
/* Else, look to the world entry */
break; break;
case ACL_IDTYPE_WORLD: case ACL_IDTYPE_WORLD:
/* Only check the world entry */
break; break;
default: default:
elog(ERROR, "aclcheck: bogus ACL id type: %d", idtype); elog(ERROR, "aclcheck: bogus ACL id type: %d", idtype);