postgres/src/backend/utils/misc/superuser.c

/*-------------------------------------------------------------------------
 *
 * superuser.c
 *	  The superuser() function.  Determines if user has superuser privilege.
 *
 * All code should use either of these two functions to find out
 * whether a given user is a superuser, rather than examining
 * pg_shadow.usesuper directly, so that the escape hatch built in for
 * the single-user case works.
 *
 *
 * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
 *
 * IDENTIFICATION
 *	  $PostgreSQL: pgsql/src/backend/utils/misc/superuser.c,v 1.31 2005/05/29 20:38:06 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
#include "postgres.h"

#include "catalog/pg_shadow.h"
#include "utils/inval.h"
#include "utils/syscache.h"
#include "miscadmin.h"


/*
 * In common cases the same userid (ie, the session or current ID) will
 * be queried repeatedly.  So we maintain a simple one-entry cache for
 * the status of the last requested userid.  The cache can be flushed
 * at need by watching for cache update events on pg_shadow.
 */
static AclId	last_userid = 0;		/* 0 == cache not valid */
static bool		last_userid_is_super = false;
static bool		userid_callback_registered = false;

static void UseridCallback(Datum arg, Oid relid);


/*
 * The Postgres user running this command has Postgres superuser privileges
 */
bool
superuser(void)
{
	return superuser_arg(GetUserId());
}


/*
 * The specified userid has Postgres superuser privileges
 */
bool
superuser_arg(AclId userid)
{
	bool		result;
	HeapTuple	utup;

	/* Quick out for cache hit */
	if (AclIdIsValid(last_userid) && last_userid == userid)
		return last_userid_is_super;

	/* Special escape path in case you deleted all your users. */
	if (!IsUnderPostmaster && userid == BOOTSTRAP_USESYSID)
		return true;

	/* OK, look up the information in pg_shadow */
	utup = SearchSysCache(SHADOWSYSID,
						  Int32GetDatum(userid),
						  0, 0, 0);
	if (HeapTupleIsValid(utup))
	{
		result = ((Form_pg_shadow) GETSTRUCT(utup))->usesuper;
		ReleaseSysCache(utup);
	}
	else
	{
		/* Report "not superuser" for invalid userids */
		result = false;
	}

	/* If first time through, set up callback for cache flushes */
	if (!userid_callback_registered)
	{
		CacheRegisterSyscacheCallback(SHADOWSYSID,
									  UseridCallback,
									  (Datum) 0);
		userid_callback_registered = true;
	}

	/* Cache the result for next time */
	last_userid = userid;
	last_userid_is_super = result;

	return result;
}

/*
 * UseridCallback
 *		Syscache inval callback function
 */
static void
UseridCallback(Datum arg, Oid relid)
{
	/* Invalidate our local cache in case user's superuserness changed */
	last_userid = 0;
}
Convenience routine for checking superuser status. 30 years ago			`/*-------------------------------------------------------------------------`
			`*`
Change my-function-name-- to my_function_name, and optimizer renames. 27 years ago			`* superuser.c`
Massive commit to run PGINDENT on all .c and .h files. 29 years ago			`* The superuser() function. Determines if user has superuser privilege.`
Make superuser.c maintain a simple one-entry cache holding the superuser status of the most recently queried userid. Since the common pattern is many successive queries about the same user (ie, the current user) this can save a lot of syscache probes. 21 years ago			`*`
			`* All code should use either of these two functions to find out`
			`* whether a given user is a superuser, rather than examining`
			`* pg_shadow.usesuper directly, so that the escape hatch built in for`
			`* the single-user case works.`
Allow a non-superuser database owner to vacuum all tables in his database, including system catalogs (but not the shared catalogs, since they don't really belong to his database). This is per recent mailing list discussion. Clean up some other code that also checks for database ownerness by introducing a test function is_dbadmin(). 25 years ago			`*`
Convenience routine for checking superuser status. 30 years ago			`*`
Tag appropriate files for rc3 Also performed an initial run through of upgrading our Copyright date to extend to 2005 ... first run here was very simple ... change everything where: grep 1996-2004 && the word 'Copyright' ... scanned through the generated list with 'less' first, and after, to make sure that I only picked up the right entries ... 21 years ago			`* Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group`
Add: * Portions Copyright (c) 1996-2000, PostgreSQL, Inc to all files copyright Regents of Berkeley. Man, that's a lot of files. 26 years ago			`* Portions Copyright (c) 1994, Regents of the University of California`
Convenience routine for checking superuser status. 30 years ago			`*`
			`*`
			`* IDENTIFICATION`
Make superuser.c maintain a simple one-entry cache holding the superuser status of the most recently queried userid. Since the common pattern is many successive queries about the same user (ie, the current user) this can save a lot of syscache probes. 21 years ago			`* $PostgreSQL: pgsql/src/backend/utils/misc/superuser.c,v 1.31 2005/05/29 20:38:06 tgl Exp $`
Convenience routine for checking superuser status. 30 years ago			`*`
			`*-------------------------------------------------------------------------`
			`*/`
Change #include's to use <> and "" as appropriate. 27 years ago			`#include "postgres.h"`
Allow a non-superuser database owner to vacuum all tables in his database, including system catalogs (but not the shared catalogs, since they don't really belong to his database). This is per recent mailing list discussion. Clean up some other code that also checks for database ownerness by introducing a test function is_dbadmin(). 25 years ago
Change #include's to use <> and "" as appropriate. 27 years ago			`#include "catalog/pg_shadow.h"`
Make superuser.c maintain a simple one-entry cache holding the superuser status of the most recently queried userid. Since the common pattern is many successive queries about the same user (ie, the current user) this can save a lot of syscache probes. 21 years ago			`#include "utils/inval.h"`
Final cleanup 27 years ago			`#include "utils/syscache.h"`
* User management commands no longer user pg_exec_query_dest -> more robust * Let unprivileged users change their own passwords. * The password is now an Sconst in the parser, which better reflects its text datatype and also forces users to quote them. * If your password is NULL you won't be written to the password file, meaning you can't connect until you have a password set up (if you use password authentication). * When you drop a user that owns a database you get an error. The database is not gone. 26 years ago			`#include "miscadmin.h"`
Convenience routine for checking superuser status. 30 years ago
Allow a non-superuser database owner to vacuum all tables in his database, including system catalogs (but not the shared catalogs, since they don't really belong to his database). This is per recent mailing list discussion. Clean up some other code that also checks for database ownerness by introducing a test function is_dbadmin(). 25 years ago
Make superuser.c maintain a simple one-entry cache holding the superuser status of the most recently queried userid. Since the common pattern is many successive queries about the same user (ie, the current user) this can save a lot of syscache probes. 21 years ago			`/*`
			`* In common cases the same userid (ie, the session or current ID) will`
			`* be queried repeatedly. So we maintain a simple one-entry cache for`
			`* the status of the last requested userid. The cache can be flushed`
			`* at need by watching for cache update events on pg_shadow.`
			`*/`
			`static AclId last_userid = 0; /* 0 == cache not valid */`
			`static bool last_userid_is_super = false;`
			`static bool userid_callback_registered = false;`

			`static void UseridCallback(Datum arg, Oid relid);`


Allow a non-superuser database owner to vacuum all tables in his database, including system catalogs (but not the shared catalogs, since they don't really belong to his database). This is per recent mailing list discussion. Clean up some other code that also checks for database ownerness by introducing a test function is_dbadmin(). 25 years ago			`/*`
			`* The Postgres user running this command has Postgres superuser privileges`
			`*/`
Convenience routine for checking superuser status. 30 years ago			`bool`
Massive commit to run PGINDENT on all .c and .h files. 29 years ago			`superuser(void)`
Privileges on functions and procedural languages 24 years ago			`{`
			`return superuser_arg(GetUserId());`
			`}`


Make superuser.c maintain a simple one-entry cache holding the superuser status of the most recently queried userid. Since the common pattern is many successive queries about the same user (ie, the current user) this can save a lot of syscache probes. 21 years ago			`/*`
			`* The specified userid has Postgres superuser privileges`
			`*/`
Privileges on functions and procedural languages 24 years ago			`bool`
More cleanup of userid to be AclId rather than Oid. 23 years ago			`superuser_arg(AclId userid)`
Massive commit to run PGINDENT on all .c and .h files. 29 years ago			`{`
Make superuser.c maintain a simple one-entry cache holding the superuser status of the most recently queried userid. Since the common pattern is many successive queries about the same user (ie, the current user) this can save a lot of syscache probes. 21 years ago			`bool result;`
Another PGINDENT run that changes variable indenting and case label indenting. Also static variable indenting. 29 years ago			`HeapTuple utup;`
Convenience routine for checking superuser status. 30 years ago
Make superuser.c maintain a simple one-entry cache holding the superuser status of the most recently queried userid. Since the common pattern is many successive queries about the same user (ie, the current user) this can save a lot of syscache probes. 21 years ago			`/* Quick out for cache hit */`
			`if (AclIdIsValid(last_userid) && last_userid == userid)`
			`return last_userid_is_super;`

Make the world somewhat safe for (not from) DELETE FROM pg_shadow; Assign the fixed user id 1 to the user created by initdb. A stand-alone backend will always set the user id to 1. (Consequently, the name of that user is no longer important.) In stand-alone mode, the user id 1 will have implicit superuser status, to allow repairs even if there are no users defined. Print a warning message when starting in stand-alone mode when no users are defined. Disallow dropping the current user and session user. Granting/revoking superuser status also grants/revokes usecatupd. (Previously, it would never grant it back. This could lead to "deadlocks".) CREATE USER and CREATE GROUP will start allocating user ids at 100 (unless explicitly specified), to prevent accidental creation of a superuser (plus some room for future extensions). 25 years ago			`/* Special escape path in case you deleted all your users. */`
Privileges on functions and procedural languages 24 years ago			`if (!IsUnderPostmaster && userid == BOOTSTRAP_USESYSID)`
Make the world somewhat safe for (not from) DELETE FROM pg_shadow; Assign the fixed user id 1 to the user created by initdb. A stand-alone backend will always set the user id to 1. (Consequently, the name of that user is no longer important.) In stand-alone mode, the user id 1 will have implicit superuser status, to allow repairs even if there are no users defined. Print a warning message when starting in stand-alone mode when no users are defined. Disallow dropping the current user and session user. Granting/revoking superuser status also grants/revokes usecatupd. (Previously, it would never grant it back. This could lead to "deadlocks".) CREATE USER and CREATE GROUP will start allocating user ids at 100 (unless explicitly specified), to prevent accidental creation of a superuser (plus some room for future extensions). 25 years ago			`return true;`

Make superuser.c maintain a simple one-entry cache holding the superuser status of the most recently queried userid. Since the common pattern is many successive queries about the same user (ie, the current user) this can save a lot of syscache probes. 21 years ago			`/* OK, look up the information in pg_shadow */`
Change SearchSysCache coding conventions so that a reference count is maintained for each cache entry. A cache entry will not be freed until the matching ReleaseSysCache call has been executed. This eliminates worries about cache entries getting dropped while still in use. See my posting to pg-hackers of even date for more info. 25 years ago			`utup = SearchSysCache(SHADOWSYSID,`
More cleanup of userid to be AclId rather than Oid. 23 years ago			`Int32GetDatum(userid),`
Change SearchSysCache coding conventions so that a reference count is maintained for each cache entry. A cache entry will not be freed until the matching ReleaseSysCache call has been executed. This eliminates worries about cache entries getting dropped while still in use. See my posting to pg-hackers of even date for more info. 25 years ago			`0, 0, 0);`
			`if (HeapTupleIsValid(utup))`
			`{`
			`result = ((Form_pg_shadow) GETSTRUCT(utup))->usesuper;`
			`ReleaseSysCache(utup);`
			`}`
Make superuser.c maintain a simple one-entry cache holding the superuser status of the most recently queried userid. Since the common pattern is many successive queries about the same user (ie, the current user) this can save a lot of syscache probes. 21 years ago			`else`
			`{`
			`/* Report "not superuser" for invalid userids */`
			`result = false;`
			`}`

			`/* If first time through, set up callback for cache flushes */`
			`if (!userid_callback_registered)`
			`{`
			`CacheRegisterSyscacheCallback(SHADOWSYSID,`
			`UseridCallback,`
			`(Datum) 0);`
			`userid_callback_registered = true;`
			`}`

			`/* Cache the result for next time */`
			`last_userid = userid;`
			`last_userid_is_super = result;`

Allow a non-superuser database owner to vacuum all tables in his database, including system catalogs (but not the shared catalogs, since they don't really belong to his database). This is per recent mailing list discussion. Clean up some other code that also checks for database ownerness by introducing a test function is_dbadmin(). 25 years ago			`return result;`
			`}`
Make superuser.c maintain a simple one-entry cache holding the superuser status of the most recently queried userid. Since the common pattern is many successive queries about the same user (ie, the current user) this can save a lot of syscache probes. 21 years ago
			`/*`
			`* UseridCallback`
			`* Syscache inval callback function`
			`*/`
			`static void`
			`UseridCallback(Datum arg, Oid relid)`
			`{`
			`/* Invalidate our local cache in case user's superuserness changed */`
			`last_userid = 0;`
			`}`