@@ -501,20 +501,12 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
501501new_tuple ;
502502Form_pg_authid authform ;
503503ListCell * option ;
504- char * rolename = NULL ;
504+ char * rolename ;
505505char * password = NULL ;/* user password */
506- int issuper = -1 ;/* Make the user a superuser? */
507- int inherit = -1 ;/* Auto inherit privileges? */
508- int createrole = -1 ;/* Can this user create roles? */
509- int createdb = -1 ;/* Can the user create databases? */
510- int canlogin = -1 ;/* Can this user login? */
511- int isreplication = -1 ;/* Is this a replication role? */
512506int connlimit = -1 ;/* maximum connections allowed */
513- List * rolemembers = NIL ;/* roles to be added/removed */
514507char * validUntil = NULL ;/* time the login is valid until */
515508Datum validUntil_datum ;/* same, as timestamptz Datum */
516509bool validUntil_null ;
517- int bypassrls = -1 ;
518510DefElem * dpassword = NULL ;
519511DefElem * dissuper = NULL ;
520512DefElem * dinherit = NULL ;
@@ -610,18 +602,6 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
610602
611603if (dpassword && dpassword -> arg )
612604password = strVal (dpassword -> arg );
613- if (dissuper )
614- issuper = intVal (dissuper -> arg );
615- if (dinherit )
616- inherit = intVal (dinherit -> arg );
617- if (dcreaterole )
618- createrole = intVal (dcreaterole -> arg );
619- if (dcreatedb )
620- createdb = intVal (dcreatedb -> arg );
621- if (dcanlogin )
622- canlogin = intVal (dcanlogin -> arg );
623- if (disreplication )
624- isreplication = intVal (disreplication -> arg );
625605if (dconnlimit )
626606{
627607connlimit = intVal (dconnlimit -> arg );
@@ -630,12 +610,8 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
630610(errcode (ERRCODE_INVALID_PARAMETER_VALUE ),
631611errmsg ("invalid connection limit: %d" ,connlimit )));
632612}
633- if (drolemembers )
634- rolemembers = (List * )drolemembers -> arg ;
635613if (dvalidUntil )
636614validUntil = strVal (dvalidUntil -> arg );
637- if (dbypassRLS )
638- bypassrls = intVal (dbypassRLS -> arg );
639615
640616/*
641617 * Scan the pg_authid relation to be certain the user exists.
@@ -654,21 +630,21 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
654630 * property. Otherwise, if you don't have createrole, you're only allowed
655631 * to change your own password.
656632 */
657- if (authform -> rolsuper || issuper >= 0 )
633+ if (authform -> rolsuper || dissuper )
658634{
659635if (!superuser ())
660636ereport (ERROR ,
661637(errcode (ERRCODE_INSUFFICIENT_PRIVILEGE ),
662638errmsg ("must be superuser to alter superuser roles or change superuser attribute" )));
663639}
664- else if (authform -> rolreplication || isreplication >= 0 )
640+ else if (authform -> rolreplication || disreplication )
665641{
666642if (!superuser ())
667643ereport (ERROR ,
668644(errcode (ERRCODE_INSUFFICIENT_PRIVILEGE ),
669645errmsg ("must be superuser to alter replication roles or change replication attribute" )));
670646}
671- else if (bypassrls >= 0 )
647+ else if (dbypassRLS )
672648{
673649if (!superuser ())
674650ereport (ERROR ,
@@ -677,23 +653,16 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
677653}
678654else if (!have_createrole_privilege ())
679655{
680- /* We already checked issuper, isreplication, and bypassrls */
681- if (!(inherit < 0 &&
682- createrole < 0 &&
683- createdb < 0 &&
684- canlogin < 0 &&
685- !dconnlimit &&
686- !rolemembers &&
687- !validUntil &&
688- dpassword &&
689- roleid == GetUserId ()))
656+ /* check the rest */
657+ if (dinherit || dcreaterole || dcreatedb || dcanlogin || dconnlimit ||
658+ drolemembers || dvalidUntil || !dpassword || roleid != GetUserId ())
690659ereport (ERROR ,
691660(errcode (ERRCODE_INSUFFICIENT_PRIVILEGE ),
692661errmsg ("permission denied" )));
693662}
694663
695664/* Convert validuntil to internal form */
696- if (validUntil )
665+ if (dvalidUntil )
697666{
698667validUntil_datum = DirectFunctionCall3 (timestamptz_in ,
699668CStringGetDatum (validUntil ),
@@ -729,39 +698,39 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
729698/*
730699 * issuper/createrole/etc
731700 */
732- if (issuper >= 0 )
701+ if (dissuper )
733702{
734- new_record [Anum_pg_authid_rolsuper - 1 ]= BoolGetDatum (issuper > 0 );
703+ new_record [Anum_pg_authid_rolsuper - 1 ]= BoolGetDatum (intVal ( dissuper -> arg ) );
735704new_record_repl [Anum_pg_authid_rolsuper - 1 ]= true;
736705}
737706
738- if (inherit >= 0 )
707+ if (dinherit )
739708{
740- new_record [Anum_pg_authid_rolinherit - 1 ]= BoolGetDatum (inherit > 0 );
709+ new_record [Anum_pg_authid_rolinherit - 1 ]= BoolGetDatum (intVal ( dinherit -> arg ) );
741710new_record_repl [Anum_pg_authid_rolinherit - 1 ]= true;
742711}
743712
744- if (createrole >= 0 )
713+ if (dcreaterole )
745714{
746- new_record [Anum_pg_authid_rolcreaterole - 1 ]= BoolGetDatum (createrole > 0 );
715+ new_record [Anum_pg_authid_rolcreaterole - 1 ]= BoolGetDatum (intVal ( dcreaterole -> arg ) );
747716new_record_repl [Anum_pg_authid_rolcreaterole - 1 ]= true;
748717}
749718
750- if (createdb >= 0 )
719+ if (dcreatedb )
751720{
752- new_record [Anum_pg_authid_rolcreatedb - 1 ]= BoolGetDatum (createdb > 0 );
721+ new_record [Anum_pg_authid_rolcreatedb - 1 ]= BoolGetDatum (intVal ( dcreatedb -> arg ) );
753722new_record_repl [Anum_pg_authid_rolcreatedb - 1 ]= true;
754723}
755724
756- if (canlogin >= 0 )
725+ if (dcanlogin )
757726{
758- new_record [Anum_pg_authid_rolcanlogin - 1 ]= BoolGetDatum (canlogin > 0 );
727+ new_record [Anum_pg_authid_rolcanlogin - 1 ]= BoolGetDatum (intVal ( dcanlogin -> arg ) );
759728new_record_repl [Anum_pg_authid_rolcanlogin - 1 ]= true;
760729}
761730
762- if (isreplication >= 0 )
731+ if (disreplication )
763732{
764- new_record [Anum_pg_authid_rolreplication - 1 ]= BoolGetDatum (isreplication > 0 );
733+ new_record [Anum_pg_authid_rolreplication - 1 ]= BoolGetDatum (intVal ( disreplication -> arg ) );
765734new_record_repl [Anum_pg_authid_rolreplication - 1 ]= true;
766735}
767736
@@ -808,9 +777,9 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
808777new_record_nulls [Anum_pg_authid_rolvaliduntil - 1 ]= validUntil_null ;
809778new_record_repl [Anum_pg_authid_rolvaliduntil - 1 ]= true;
810779
811- if (bypassrls >= 0 )
780+ if (dbypassRLS )
812781{
813- new_record [Anum_pg_authid_rolbypassrls - 1 ]= BoolGetDatum (bypassrls > 0 );
782+ new_record [Anum_pg_authid_rolbypassrls - 1 ]= BoolGetDatum (intVal ( dbypassRLS -> arg ) );
814783new_record_repl [Anum_pg_authid_rolbypassrls - 1 ]= true;
815784}
816785
@@ -827,17 +796,21 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
827796 * Advance command counter so we can see new record; else tests in
828797 * AddRoleMems may fail.
829798 */
830- if (rolemembers )
799+ if (drolemembers )
800+ {
801+ List * rolemembers = (List * )drolemembers -> arg ;
802+
831803CommandCounterIncrement ();
832804
833- if (stmt -> action == +1 )/* add members to role */
834- AddRoleMems (rolename ,roleid ,
835- rolemembers ,roleSpecsToIds (rolemembers ),
836- GetUserId (), false);
837- else if (stmt -> action == -1 )/* drop members from role */
838- DelRoleMems (rolename ,roleid ,
839- rolemembers ,roleSpecsToIds (rolemembers ),
840- false);
805+ if (stmt -> action == +1 )/* add members to role */
806+ AddRoleMems (rolename ,roleid ,
807+ rolemembers ,roleSpecsToIds (rolemembers ),
808+ GetUserId (), false);
809+ else if (stmt -> action == -1 )/* drop members from role */
810+ DelRoleMems (rolename ,roleid ,
811+ rolemembers ,roleSpecsToIds (rolemembers ),
812+ false);
813+ }
841814
842815/*
843816 * Close pg_authid, but keep lock till commit.