database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-26 12:21:12 +03:00
Code Activity

Back out has_table_privilege patch.

Browse Source
This commit is contained in:
Bruce Momjian
2001-06-12 16:34:27 +00:00
parent 3c3ff4288d
commit 76e9ad1f55
7 changed files with 6 additions and 826 deletions
Download Patch File Download Diff File Expand all files Collapse all files

757
src/backend/utils/adt/acl.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.62 2001/06/12 15:58:34 momjian Exp $
* $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.63 2001/06/12 16:34:26 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -31,12 +31,6 @@ static const char *getid(const char *s, char *n);
static bool aclitemeq(const AclItem *a1, const AclItem *a2);
static bool aclitemgt(const AclItem *a1, const AclItem *a2);
AclMode convert_priv_string(text *priv_type_text);
bool has_table_privilege_cname_cname(char *username, char *relname, text *priv_type_text);
bool has_table_privilege_id_cname(Oid usesysid, char *relname, text *priv_type_text);
bool has_table_privilege_cname_id(char *username, Oid reloid, text *priv_type_text);
static char *get_Name(text *relin);
#define ACL_IDTYPE_GID_KEYWORD "group"
#define ACL_IDTYPE_UID_KEYWORD "user"
@ -716,752 +710,3 @@ makeAclString(const char *privileges, const char *grantee, char grant_or_revoke)
pfree(str.data);
return ret;
}
/*
* has_table_privilege_tname_tname
* Check user privileges on a relation given
* text usename, text relname, and text priv name.
*
* RETURNS
* a boolean value
* 't' indicating user has the privilege
* 'f' indicating user does not have the privilege
*/
Datum
has_table_privilege_tname_tname(PG_FUNCTION_ARGS)
{
text *username_text;
char *username;
text *relname_text;
char *relname;
text *priv_type_text;
bool result;
username_text = PG_GETARG_TEXT_P(0);
relname_text = PG_GETARG_TEXT_P(1);
priv_type_text = PG_GETARG_TEXT_P(2);
/*
* Convert username and relname 'text' pattern to null-terminated string
*/
username = get_Name(username_text);
relname = get_Name(relname_text);
/*
* Make use of has_table_privilege_cname_cname.
* It accepts the arguments we now have.
*/
result = has_table_privilege_cname_cname(username, relname, priv_type_text);
PG_RETURN_BOOL(result);
}
/*
* has_table_privilege_tname_name
* Check user privileges on a relation given
* text usename, name relname, and text priv name.
*
* RETURNS
* a boolean value
* 't' indicating user has the privilege
* 'f' indicating user does not have the privilege
*/
Datum
has_table_privilege_tname_name(PG_FUNCTION_ARGS)
{
text *username_text;
char *username;
Name relname_name;
char *relname;
text *priv_type_text;
bool result;
username_text = PG_GETARG_TEXT_P(0);
relname_name = PG_GETARG_NAME(1);
priv_type_text = PG_GETARG_TEXT_P(2);
/*
* Convert username 'text' pattern to null-terminated string
*/
username = get_Name(username_text);
/*
* Convert relname 'name' pattern to null-terminated string
*/
relname = DatumGetCString(DirectFunctionCall1(nameout, PointerGetDatum(relname_name)));
/*
* Make use of has_table_privilege_cname_cname.
* It accepts the arguments we now have.
*/
result = has_table_privilege_cname_cname(username, relname, priv_type_text);
PG_RETURN_BOOL(result);
}
/*
* has_table_privilege_name_tname
* Check user privileges on a relation given
* name usename, text relname, and text priv name.
*
* RETURNS
* a boolean value
* 't' indicating user has the privilege
* 'f' indicating user does not have the privilege
*/
Datum
has_table_privilege_name_tname(PG_FUNCTION_ARGS)
{
Name username_name;
char *username;
text *relname_text;
char *relname;
text *priv_type_text;
bool result;
username_name = PG_GETARG_NAME(0);
relname_text = PG_GETARG_TEXT_P(1);
priv_type_text = PG_GETARG_TEXT_P(2);
/*
* Convert username 'name' pattern to null-terminated string
*/
username = DatumGetCString(DirectFunctionCall1(nameout, PointerGetDatum(username_name)));
/*
* Convert relname 'text' pattern to null-terminated string
*/
relname = get_Name(relname_text);
/*
* Make use of has_table_privilege_cname_cname.
* It accepts the arguments we now have.
*/
result = has_table_privilege_cname_cname(username, relname, priv_type_text);
PG_RETURN_BOOL(result);
}
/*
* has_table_privilege_name_name
* Check user privileges on a relation given
* name usename, name relname, and text priv name.
*
* RETURNS
* a boolean value
* 't' indicating user has the privilege
* 'f' indicating user does not have the privilege
*/
Datum
has_table_privilege_name_name(PG_FUNCTION_ARGS)
{
Name username_name;
char *username;
Name relname_name;
char *relname;
text *priv_type_text;
bool result;
username_name = PG_GETARG_NAME(0);
relname_name = PG_GETARG_NAME(1);
priv_type_text = PG_GETARG_TEXT_P(2);
/*
* Convert username and relname 'name' pattern to null-terminated string
*/
username = DatumGetCString(DirectFunctionCall1(nameout, PointerGetDatum(username_name)));
relname = DatumGetCString(DirectFunctionCall1(nameout, PointerGetDatum(relname_name)));
/*
* Make use of has_table_privilege_cname_cname.
* It accepts the arguments we now have.
*/
result = has_table_privilege_cname_cname(username, relname, priv_type_text);
PG_RETURN_BOOL(result);
}
/*
* has_table_privilege_tname
* Check user privileges on a relation given
* text relname and text priv name.
* current_user is assumed
*
* RETURNS
* a boolean value
* 't' indicating user has the privilege
* 'f' indicating user does not have the privilege
*/
Datum
has_table_privilege_tname(PG_FUNCTION_ARGS)
{
Oid usesysid = (Oid) -1;
text *relname_text;
char *relname;
text *priv_type_text;
bool result;
relname_text = PG_GETARG_TEXT_P(0);
priv_type_text = PG_GETARG_TEXT_P(1);
usesysid = GetUserId();
/*
* Convert relname 'text' pattern to null-terminated string
*/
relname = get_Name(relname_text);
/*
* Make use of has_table_privilege_id_cname.
* It accepts the arguments we now have.
*/
result = has_table_privilege_id_cname(usesysid, relname, priv_type_text);
PG_RETURN_BOOL(result);
}
/*
* has_table_privilege_name
* Check user privileges on a relation given
* name relname and text priv name.
* current_user is assumed
*
* RETURNS
* a boolean value
* 't' indicating user has the privilege
* 'f' indicating user does not have the privilege
*/
Datum
has_table_privilege_name(PG_FUNCTION_ARGS)
{
Oid usesysid = (Oid) -1;
Name relname_name;
char *relname;
text *priv_type_text;
bool result;
relname_name = PG_GETARG_NAME(0);
priv_type_text = PG_GETARG_TEXT_P(1);
usesysid = GetUserId();
/*
* Convert relname 'Name' pattern to null-terminated string
*/
relname = DatumGetCString(DirectFunctionCall1(nameout, PointerGetDatum(relname_name)));
/*
* Make use of has_table_privilege_id_cname.
* It accepts the arguments we now have.
*/
result = has_table_privilege_id_cname(usesysid, relname, priv_type_text);
PG_RETURN_BOOL(result);
}
/*
* has_table_privilege_tname_id
* Check user privileges on a relation given
* text usename, rel oid, and text priv name.
*
* RETURNS
* a boolean value
* 't' indicating user has the privilege
* 'f' indicating user does not have the privilege
*/
Datum
has_table_privilege_tname_id(PG_FUNCTION_ARGS)
{
text *username_text;
char *username;
Oid reloid = 0;
text *priv_type_text;
bool result;
username_text = PG_GETARG_TEXT_P(0);
reloid = PG_GETARG_OID(1);
priv_type_text = PG_GETARG_TEXT_P(2);
/*
* Convert username 'text' pattern to null-terminated string
*/
username = get_Name(username_text);
/*
* Make use of has_table_privilege_cname_id.
* It accepts the arguments we now have.
*/
result = has_table_privilege_cname_id(username, reloid, priv_type_text);
PG_RETURN_BOOL(result);
}
/*
* has_table_privilege_name_id
* Check user privileges on a relation given
* name usename, rel oid, and text priv name.
*
* RETURNS
* a boolean value
* 't' indicating user has the privilege
* 'f' indicating user does not have the privilege
*/
Datum
has_table_privilege_name_id(PG_FUNCTION_ARGS)
{
Name username_name;
char *username;
Oid reloid = 0;
text *priv_type_text = NULL;
bool result;
username_name = PG_GETARG_NAME(0);
reloid = PG_GETARG_OID(1);
priv_type_text = PG_GETARG_TEXT_P(2);
/*
* Convert username 'name' pattern to null-terminated string
*/
username = DatumGetCString(DirectFunctionCall1(nameout, PointerGetDatum(username_name)));
/*
* Make use of has_table_privilege_cname_id.
* It accepts the arguments we now have.
*/
result = has_table_privilege_cname_id(username, reloid, priv_type_text);
PG_RETURN_BOOL(result);
}
/*
* has_table_privilege_id
* Check user privileges on a relation given
* rel oid, and text priv name.
* current_user is assumed
*
* RETURNS
* a boolean value
* 't' indicating user has the privilege
* 'f' indicating user does not have the privilege
*/
Datum
has_table_privilege_id(PG_FUNCTION_ARGS)
{
char *username;
Oid reloid = 0;
text *priv_type_text;
bool result;
reloid = PG_GETARG_OID(0);
priv_type_text = PG_GETARG_TEXT_P(1);
username = GetUserName(GetUserId());
/*
* Make use of has_table_privilege_cname_id.
* It accepts the arguments we now have.
*/
result = has_table_privilege_cname_id(username, reloid, priv_type_text);
PG_RETURN_BOOL(result);
}
/*
* has_table_privilege_id_tname
* Check user privileges on a relation given
* usesysid, text relname, and priv name.
*
* RETURNS
* a boolean value
* 't' indicating user has the privilege
* 'f' indicating user does not have the privilege
*/
Datum
has_table_privilege_id_tname(PG_FUNCTION_ARGS)
{
Oid usesysid;
text *relname_text;
char *relname;
text *priv_type_text;
bool result;
usesysid = PG_GETARG_OID(0);
relname_text = PG_GETARG_TEXT_P(1);
priv_type_text = PG_GETARG_TEXT_P(2);
/*
* Convert relname 'text' pattern to null-terminated string
*/
relname = get_Name(relname_text);
/*
* Make use of has_table_privilege_id_cname.
* It accepts the arguments we now have.
*/
result = has_table_privilege_id_cname(usesysid, relname, priv_type_text);
PG_RETURN_BOOL(result);
}
/*
* has_table_privilege_id_name
* Check user privileges on a relation given
* usesysid, name relname, and priv name.
*
* RETURNS
* a boolean value
* 't' indicating user has the privilege
* 'f' indicating user does not have the privilege
*/
Datum
has_table_privilege_id_name(PG_FUNCTION_ARGS)
{
Oid usesysid;
Name relname_name;
char *relname;
text *priv_type_text;
bool result;
usesysid = PG_GETARG_OID(0);
relname_name = PG_GETARG_NAME(1);
priv_type_text = PG_GETARG_TEXT_P(2);
/*
* Convert relname 'name' pattern to null-terminated string
*/
relname = DatumGetCString(DirectFunctionCall1(nameout, PointerGetDatum(relname_name)));
/*
* Make use of has_table_privilege_id_cname.
* It accepts the arguments we now have.
*/
result = has_table_privilege_id_cname(usesysid, relname, priv_type_text);
PG_RETURN_BOOL(result);
}
/*
* has_table_privilege_id_id
* Check user privileges on a relation given
* usesysid, rel oid, and priv name.
*
* RETURNS
* a boolean value
* 't' indicating user has the privilege
* 'f' indicating user does not have the privilege
*/
Datum
has_table_privilege_id_id(PG_FUNCTION_ARGS)
{
Oid usesysid;
Oid reloid;
char *relname;
text *priv_type_text;
HeapTuple tuple;
AclMode mode;
int32 result;
usesysid = PG_GETARG_OID(0);
reloid = PG_GETARG_OID(1);
priv_type_text = PG_GETARG_TEXT_P(2);
/*
* Lookup relname based on rel oid
*/
tuple = SearchSysCache(RELOID, ObjectIdGetDatum(reloid), 0, 0, 0);
if (!HeapTupleIsValid(tuple)) {
elog(ERROR, "has_table_privilege: invalid relation oid %d", (int) reloid);
}
relname = NameStr(((Form_pg_class) GETSTRUCT(tuple))->relname);
ReleaseSysCache(tuple);
/*
* Convert priv_type_text to an AclMode
*/
mode = convert_priv_string(priv_type_text);
/*
* Finally, check for the privilege
*/
result = pg_aclcheck(relname, usesysid, mode);
if (result == ACLCHECK_OK) {
PG_RETURN_BOOL(TRUE);
} else {
PG_RETURN_BOOL(FALSE);
}
}
/*
* Internal functions.
*/
/*
* convert_priv_string
* Internal function.
* Return mode from priv_type string
*
* RETURNS
* AclMode
*/
AclMode
convert_priv_string(text *priv_type_text)
{
char *priv_type = DatumGetCString(DirectFunctionCall1(textout, PointerGetDatum(priv_type_text)));
/*
* Return mode from priv_type string
*/
if (strcasecmp(priv_type, "SELECT") == 0)
return ACL_SELECT;
if (strcasecmp(priv_type, "INSERT") == 0)
return ACL_INSERT;
if (strcasecmp(priv_type, "UPDATE") == 0)
return ACL_UPDATE;
if (strcasecmp(priv_type, "DELETE") == 0)
return ACL_DELETE;
if (strcasecmp(priv_type, "RULE") == 0)
return ACL_RULE;
if (strcasecmp(priv_type, "REFERENCES") == 0)
return ACL_REFERENCES;
if (strcasecmp(priv_type, "TRIGGER") == 0)
return ACL_TRIGGER;
elog(ERROR, "has_table_privilege: invalid privilege type %s", priv_type);
/*
* We should never get here, but stop the compiler from complaining
*/
return ACL_NO;
}
/*
* has_table_privilege_cname_cname
* Check user privileges on a relation given
* char *usename, char *relname, and text priv name.
*
* RETURNS
* a boolean value
* 't' indicating user has the privilege
* 'f' indicating user does not have the privilege
*/
bool
has_table_privilege_cname_cname(char *username, char *relname, text *priv_type_text)
{
Oid usesysid = (Oid) -1;
HeapTuple tuple;
bool result;
/*
* Lookup userid based on username
*/
tuple = SearchSysCache(SHADOWNAME, NameGetDatum(username), 0, 0, 0);
if (!HeapTupleIsValid(tuple)) {
elog(ERROR, "has_table_privilege: invalid user name %s", (char *) username);
}
usesysid = (Oid) ((Form_pg_shadow) GETSTRUCT(tuple))->usesysid;
ReleaseSysCache(tuple);
/*
* Make use of has_table_privilege_id_cname.
* It accepts the arguments we now have.
*/
result = has_table_privilege_id_cname(usesysid, relname, priv_type_text);
return result;
}
/*
* has_table_privilege_cname_id
* Check user privileges on a relation given
* char *usename, rel oid, and text priv name.
*
* RETURNS
* a boolean value
* 't' indicating user has the privilege
* 'f' indicating user does not have the privilege
*/
bool
has_table_privilege_cname_id(char *username, Oid reloid, text *priv_type_text)
{
Oid usesysid = (Oid) -1;
char *relname = NULL;
HeapTuple tuple;
bool result;
/*
* Lookup userid based on username
*/
tuple = SearchSysCache(SHADOWNAME, NameGetDatum(username), 0, 0, 0);
if (!HeapTupleIsValid(tuple)) {
elog(ERROR, "has_table_privilege: invalid user name %s", (char *) username);
}
usesysid = (Oid) ((Form_pg_shadow) GETSTRUCT(tuple))->usesysid;
ReleaseSysCache(tuple);
/*
* Lookup relname based on rel oid
*/
tuple = SearchSysCache(RELOID, ObjectIdGetDatum(reloid), 0, 0, 0);
if (!HeapTupleIsValid(tuple)) {
elog(ERROR, "has_table_privilege: invalid relation oid %d", (int) reloid);
}
relname = NameStr(((Form_pg_class) GETSTRUCT(tuple))->relname);
ReleaseSysCache(tuple);
/*
* Make use of has_table_privilege_id_cname.
* It accepts the arguments we now have.
*/
result = has_table_privilege_id_cname(usesysid, relname, priv_type_text);
return result;
}
/*
* has_table_privilege_id_cname
* Check user privileges on a relation given
* usesysid, char *relname, and text priv name.
*
* RETURNS
* a boolean value
* 't' indicating user has the privilege
* 'f' indicating user does not have the privilege
*/
bool
has_table_privilege_id_cname(Oid usesysid, char *relname, text *priv_type_text)
{
HeapTuple tuple;
AclMode mode;
int32 result;
/*
* Check relname is valid.
* This is needed to deal with the case when usename is a superuser
* in which case pg_aclcheck simply returns ACLCHECK_OK
* without validating relname
*/
tuple = SearchSysCache(RELNAME, PointerGetDatum(relname), 0, 0, 0);
if (!HeapTupleIsValid(tuple)) {
elog(ERROR, "has_table_privilege: invalid relname %s", relname);
}
ReleaseSysCache(tuple);
/*
* Convert priv_type_text to an AclMode
*/
mode = convert_priv_string(priv_type_text);
/*
* Finally, check for the privilege
*/
result = pg_aclcheck(relname, usesysid, mode);
if (result == ACLCHECK_OK) {
return TRUE;
} else {
return FALSE;
}
}
/*
* Given a 'text' relname parameter to a function, extract the actual
* relname. We downcase the name if it's not double-quoted,
* and truncate it if it's too long.
*
* This is a kluge, really --- should be able to write, e.g. nextval(seqrel).
*/
static char *
get_Name(text *relin)
{
char *rawname = DatumGetCString(DirectFunctionCall1(textout,
PointerGetDatum(relin)));
int rawlen = strlen(rawname);
char *relname;
if (rawlen >= 2 &&
rawname[0] == '\"' && rawname[rawlen - 1] == '\"')
{
/* strip off quotes, keep case */
rawname[rawlen - 1] = '\0';
relname = pstrdup(rawname + 1);
pfree(rawname);
}
else
{
relname = rawname;
/*
* It's important that this match the identifier downcasing code
* used by backend/parser/scan.l.
*/
for (; *rawname; rawname++)
{
if (isupper((unsigned char) *rawname))
*rawname = tolower((unsigned char) *rawname);
}
}
/* Truncate name if it's overlength; again, should match scan.l */
if (strlen(relname) >= NAMEDATALEN)
{
#ifdef MULTIBYTE
int len;
len = pg_mbcliplen(relname, i, NAMEDATALEN-1);
relname[len] = '\0';
#else
relname[NAMEDATALEN-1] = '\0';
#endif
}
return relname;
}