open-dsi
/
postgres
mirror of https://github.com/postgres/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Represent grant options in the information schema.

Browse Source
WIN32_DEV
Peter Eisentraut 23 years ago
parent 65fb311a97
commit 8a2922dcb2
4 changed files with 139 additions and 38 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 49
      src/backend/catalog/information_schema.sql
  2. 118
      src/backend/utils/adt/acl.c
  3. 4
      src/include/catalog/pg_proc.h
  4. 6
      src/include/utils/acl.h

49
src/backend/catalog/information_schema.sql
Unescape View File

@ -4,7 +4,7 @@
*
* Copyright 2002, PostgreSQL Global Development Group
*
* $Id: information_schema.sql,v 1.7 2003/06/05 16:08:47 petere Exp $
* $Id: information_schema.sql,v 1.8 2003/06/11 09:23:55 petere Exp $
*/
@ -604,7 +604,7 @@ GRANT SELECT ON referential_constraints TO PUBLIC;
*/
CREATE VIEW routine_privileges AS
SELECT CAST(u_owner.usename AS sql_identifier) AS grantor,
SELECT CAST(u_grantor.usename AS sql_identifier) AS grantor,
CAST(u_grantee.usename AS sql_identifier) AS grantee,
CAST(current_database() AS sql_identifier) AS specific_catalog,
CAST(n.nspname AS sql_identifier) AS specific_schema,
@ -613,17 +613,22 @@ CREATE VIEW routine_privileges AS
CAST(n.nspname AS sql_identifier) AS routine_schema,
CAST(p.proname AS sql_identifier) AS routine_name,
CAST('EXECUTE' AS character_data) AS privilege_type,
CAST('NO' AS character_data) AS is_grantable
CAST(
CASE WHEN aclcontains(p.proacl,
makeaclitem(u_grantee.usesysid, 0, u_grantor.usesysid, 'EXECUTE', true))
THEN 'YES' ELSE 'NO' END AS character_data) AS is_grantable
FROM pg_user u_owner,
pg_user u_grantee,
FROM pg_proc p,
pg_namespace n,
pg_proc p
pg_user u_grantor,
(SELECT usesysid, usename FROM pg_user UNION SELECT 0, 'PUBLIC') AS u_grantee
WHERE u_owner.usesysid = p.proowner
AND p.pronamespace = n.oid
AND has_function_privilege(u_grantee.usename, p.oid, 'EXECUTE')
AND (u_owner.usename = current_user OR u_grantee.usename = current_user);
WHERE p.pronamespace = n.oid
AND aclcontains(p.proacl,
makeaclitem(u_grantee.usesysid, 0, u_grantor.usesysid, 'EXECUTE', false))
AND (u_grantor.usename = current_user
OR u_grantee.usename = current_user
OR u_grantee.usename = 'PUBLIC');
GRANT SELECT ON routine_privileges TO PUBLIC;
@ -940,27 +945,31 @@ GRANT SELECT ON table_constraints TO PUBLIC;
*/
CREATE VIEW table_privileges AS
SELECT CAST(u_owner.usename AS sql_identifier) AS grantor,
SELECT CAST(u_grantor.usename AS sql_identifier) AS grantor,
CAST(u_grantee.usename AS sql_identifier) AS grantee,
CAST(current_database() AS sql_identifier) AS table_catalog,
CAST(nc.nspname AS sql_identifier) AS table_schema,
CAST(c.relname AS sql_identifier) AS table_name,
CAST(pr.type AS character_data) AS privilege_type,
CAST('NO' AS character_data) AS is_grantable,
CAST(
CASE WHEN aclcontains(c.relacl,
makeaclitem(u_grantee.usesysid, 0, u_grantor.usesysid, pr.type, true))
THEN 'YES' ELSE 'NO' END AS character_data) AS is_grantable,
CAST('NO' AS character_data) AS with_hierarchy
FROM pg_user u_owner,
pg_user u_grantee,
FROM pg_class c,
pg_namespace nc,
pg_class c,
pg_user u_grantor,
(SELECT usesysid, usename FROM pg_user UNION SELECT 0, 'PUBLIC') AS u_grantee,
(SELECT 'SELECT' UNION SELECT 'DELETE' UNION SELECT 'INSERT' UNION SELECT 'UPDATE'
UNION SELECT 'REFERENCES' UNION SELECT 'TRIGGER') AS pr (type)
WHERE u_owner.usesysid = c.relowner
AND c.relnamespace = nc.oid
AND has_table_privilege(u_grantee.usename, c.oid, pr.type)
AND (u_owner.usename = current_user OR u_grantee.usename = current_user);
WHERE c.relnamespace = nc.oid
AND aclcontains(c.relacl,
makeaclitem(u_grantee.usesysid, 0, u_grantor.usesysid, pr.type, false))
AND (u_grantor.usename = current_user
OR u_grantee.usename = current_user
OR u_grantee.usename = 'PUBLIC');
GRANT SELECT ON table_privileges TO PUBLIC;

118
src/backend/utils/adt/acl.c
Unescape View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.87 2003/06/02 19:00:29 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.88 2003/06/11 09:23:55 petere Exp $
*
*-------------------------------------------------------------------------
*/
@ -32,12 +32,14 @@
static const char *getid(const char *s, char *n);
static void putid(char *p, const char *s);
static Acl *makeacl(int n);
static Acl *allocacl(int n);
static const char *aclparse(const char *s, AclItem *aip);
static bool aclitemeq(const AclItem *a1, const AclItem *a2);
static Acl *recursive_revoke(Acl *acl, AclId grantee,
AclMode revoke_privs, DropBehavior behavior);
static AclMode convert_priv_string(text *priv_type_text);
static Oid convert_table_name(text *tablename);
static AclMode convert_table_priv_string(text *priv_type_text);
static Oid convert_database_name(text *databasename);
@ -265,20 +267,20 @@ aclparse(const char *s, AclItem *aip)
}
/*
* makeacl
* allocacl
* Allocates storage for a new Acl with 'n' entries.
*
* RETURNS:
* the new Acl
*/
static Acl *
makeacl(int n)
allocacl(int n)
{
Acl *new_acl;
Size size;
if (n < 0)
elog(ERROR, "makeacl: invalid size: %d", n);
elog(ERROR, "allocacl: invalid size: %d", n);
size = ACL_N_SIZE(n);
new_acl = (Acl *) palloc0(size);
new_acl->size = size;
@ -471,7 +473,7 @@ acldefault(GrantObjectType objtype, AclId ownerid)
break;
}
acl = makeacl((world_default != ACL_NO_RIGHTS ? 1 : 0)
acl = allocacl((world_default != ACL_NO_RIGHTS ? 1 : 0)
+ (ownerid ? 1 : 0));
aip = ACL_DAT(acl);
@ -513,10 +515,10 @@ aclinsert3(const Acl *old_acl, const AclItem *mod_aip, unsigned modechg, DropBeh
/* These checks for null input are probably dead code, but... */
if (!old_acl || ACL_NUM(old_acl) < 1)
old_acl = makeacl(1);
old_acl = allocacl(1);
if (!mod_aip)
{
new_acl = makeacl(ACL_NUM(old_acl));
new_acl = allocacl(ACL_NUM(old_acl));
memcpy((char *) new_acl, (char *) old_acl, ACL_SIZE(old_acl));
return new_acl;
}
@ -536,7 +538,7 @@ aclinsert3(const Acl *old_acl, const AclItem *mod_aip, unsigned modechg, DropBeh
if (aclitemeq(mod_aip, old_aip + dst))
{
/* found a match, so modify existing item */
new_acl = makeacl(num);
new_acl = allocacl(num);
new_aip = ACL_DAT(new_acl);
memcpy(new_acl, old_acl, ACL_SIZE(old_acl));
break;
@ -546,7 +548,7 @@ aclinsert3(const Acl *old_acl, const AclItem *mod_aip, unsigned modechg, DropBeh
if (dst == num)
{
/* need to append a new item */
new_acl = makeacl(num + 1);
new_acl = allocacl(num + 1);
new_aip = ACL_DAT(new_acl);
memcpy(new_aip, old_aip, num * sizeof(AclItem));
@ -671,10 +673,10 @@ aclremove(PG_FUNCTION_ARGS)
/* These checks for null input should be dead code, but... */
if (!old_acl || ACL_NUM(old_acl) < 1)
old_acl = makeacl(1);
old_acl = allocacl(1);
if (!mod_aip)
{
new_acl = makeacl(ACL_NUM(old_acl));
new_acl = allocacl(ACL_NUM(old_acl));
memcpy((char *) new_acl, (char *) old_acl, ACL_SIZE(old_acl));
PG_RETURN_ACL_P(new_acl);
}
@ -689,13 +691,13 @@ aclremove(PG_FUNCTION_ARGS)
if (dst >= old_num)
{
/* Not found, so return copy of source ACL */
new_acl = makeacl(old_num);
new_acl = allocacl(old_num);
memcpy((char *) new_acl, (char *) old_acl, ACL_SIZE(old_acl));
}
else
{
new_num = old_num - 1;
new_acl = makeacl(new_num);
new_acl = allocacl(new_num);
new_aip = ACL_DAT(new_acl);
if (dst == 0)
{ /* start */
@ -734,13 +736,97 @@ aclcontains(PG_FUNCTION_ARGS)
aidat = ACL_DAT(acl);
for (i = 0; i < num; ++i)
{
if (aip->ai_grantee == aidat[i].ai_grantee &&
aip->ai_privs == aidat[i].ai_privs)
if (aip->ai_grantee == aidat[i].ai_grantee
&& ACLITEM_GET_IDTYPE(*aip) == ACLITEM_GET_IDTYPE(aidat[i])
&& aip->ai_grantor == aidat[i].ai_grantor
&& (ACLITEM_GET_PRIVS(*aip) & ACLITEM_GET_PRIVS(aidat[i])) == ACLITEM_GET_PRIVS(*aip)
&& (ACLITEM_GET_GOPTIONS(*aip) & ACLITEM_GET_GOPTIONS(aidat[i])) == ACLITEM_GET_GOPTIONS(*aip))
PG_RETURN_BOOL(true);
}
PG_RETURN_BOOL(false);
}
Datum
makeaclitem(PG_FUNCTION_ARGS)
{
int32 u_grantee = PG_GETARG_INT32(0);
int32 g_grantee = PG_GETARG_INT32(1);
int32 grantor = PG_GETARG_INT32(2);
text *privtext = PG_GETARG_TEXT_P(3);
bool goption = PG_GETARG_BOOL(4);
AclItem *aclitem;
AclMode priv;
priv = convert_priv_string(privtext);
aclitem = (AclItem *) palloc(sizeof(*aclitem));
if (u_grantee == 0 && g_grantee == 0)
{
aclitem->ai_grantee = 0;
ACLITEM_SET_IDTYPE(*aclitem, ACL_IDTYPE_WORLD);
}
else if (u_grantee != 0 && g_grantee != 0)
{
elog(ERROR, "cannot specify both user and group");
}
else if (u_grantee != 0)
{
aclitem->ai_grantee = u_grantee;
ACLITEM_SET_IDTYPE(*aclitem, ACL_IDTYPE_UID);
}
else if (g_grantee != 0)
{
aclitem->ai_grantee = g_grantee;
ACLITEM_SET_IDTYPE(*aclitem, ACL_IDTYPE_GID);
}
aclitem->ai_grantor = grantor;
ACLITEM_SET_PRIVS(*aclitem, priv);
if (goption)
ACLITEM_SET_GOPTIONS(*aclitem, priv);
else
ACLITEM_SET_GOPTIONS(*aclitem, ACL_NO_RIGHTS);
PG_RETURN_ACLITEM_P(aclitem);
}
static AclMode
convert_priv_string(text *priv_type_text)
{
char *priv_type;
priv_type = DatumGetCString(DirectFunctionCall1(textout,
PointerGetDatum(priv_type_text)));
if (strcasecmp(priv_type, "SELECT") == 0)
return ACL_SELECT;
if (strcasecmp(priv_type, "INSERT") == 0)
return ACL_INSERT;
if (strcasecmp(priv_type, "UPDATE") == 0)
return ACL_UPDATE;
if (strcasecmp(priv_type, "DELETE") == 0)
return ACL_DELETE;
if (strcasecmp(priv_type, "RULE") == 0)
return ACL_RULE;
if (strcasecmp(priv_type, "REFERENCES") == 0)
return ACL_REFERENCES;
if (strcasecmp(priv_type, "TRIGGER") == 0)
return ACL_TRIGGER;
if (strcasecmp(priv_type, "EXECUTE") == 0)
return ACL_EXECUTE;
if (strcasecmp(priv_type, "USAGE") == 0)
return ACL_USAGE;
if (strcasecmp(priv_type, "CREATE") == 0)
return ACL_CREATE;
if (strcasecmp(priv_type, "TEMP") == 0)
return ACL_CREATE_TEMP;
if (strcasecmp(priv_type, "TEMPORARY") == 0)
return ACL_CREATE_TEMP;
elog(ERROR, "invalid privilege type %s", priv_type);
return ACL_NO_RIGHTS; /* keep compiler quiet */
}
/*
* has_table_privilege variants

4
src/include/catalog/pg_proc.h
Unescape View File

@ -7,7 +7,7 @@
* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $Id: pg_proc.h,v 1.302 2003/05/26 00:11:27 tgl Exp $
* $Id: pg_proc.h,v 1.303 2003/06/11 09:23:55 petere Exp $
*
* NOTES
* The script catalog/genbki.sh reads this file and generates .bki
@ -1318,6 +1318,8 @@ DATA(insert OID = 1036 ( aclremove PGNSP PGUID 12 f f t f s 2 1034 "1034 10
DESCR("remove ACL item");
DATA(insert OID = 1037 ( aclcontains PGNSP PGUID 12 f f t f s 2 16 "1034 1033" aclcontains - _null_ ));
DESCR("does ACL contain item?");
DATA(insert OID = 1365 ( makeaclitem PGNSP PGUID 12 f f t f s 5 1033 "23 23 23 25 16" makeaclitem - _null_ ));
DESCR("make ACL item");
DATA(insert OID = 1038 ( seteval PGNSP PGUID 12 f f t t v 1 23 "26" seteval - _null_ ));
DESCR("internal function supporting PostQuel-style sets");
DATA(insert OID = 1044 ( bpcharin PGNSP PGUID 12 f f t f i 3 1042 "2275 26 23" bpcharin - _null_ ));

6
src/include/utils/acl.h
Unescape View File

@ -7,7 +7,7 @@
* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $Id: acl.h,v 1.51 2003/01/23 23:39:07 petere Exp $
* $Id: acl.h,v 1.52 2003/06/11 09:23:55 petere Exp $
*
* NOTES
* For backward-compatibility purposes we have to allow there
@ -70,6 +70,9 @@ typedef struct AclItem
((item).ai_privs = (ACLITEM_GET_IDTYPE(item)<<30) | (ACLITEM_GET_GOPTIONS(item)<<15) | ((privs) & 0x7FFF))
#define ACLITEM_SET_GOPTIONS(item,goptions) \
((item).ai_privs = (ACLITEM_GET_IDTYPE(item)<<30) | (((goptions) & 0x7FFF) << 15) | ACLITEM_GET_PRIVS(item))
#define ACLITEM_SET_IDTYPE(item,idtype) \
((item).ai_privs = ((idtype)<<30) | (ACLITEM_GET_GOPTIONS(item)<<15) | ACLITEM_GET_PRIVS(item))
#define ACLITEM_SET_PRIVS_IDTYPE(item,privs,goption,idtype) \
((item).ai_privs = ((privs) & 0x7FFF) |(((goption) & 0x7FFF) << 15) | ((idtype) << 30))
@ -188,6 +191,7 @@ extern Datum aclitemout(PG_FUNCTION_ARGS);
extern Datum aclinsert(PG_FUNCTION_ARGS);
extern Datum aclremove(PG_FUNCTION_ARGS);
extern Datum aclcontains(PG_FUNCTION_ARGS);
extern Datum makeaclitem(PG_FUNCTION_ARGS);
/*
* prototypes for functions in aclchk.c

Write Preview
Loading…
Cancel
Save