<!--

$Header: /cvsroot/pgsql/doc/src/sgml/func.sgml,v 1.97 2002/05/13 19:22:06 tgl Exp $

$Header: /cvsroot/pgsql/doc/src/sgml/func.sgml,v 1.98 2002/05/18 13:47:59 petere Exp $

PostgreSQL documentation

-->

</indexterm>

<para>

The <function>session_user</> is the user that initiated a database

connection; it is fixed for the duration of that connection. The

<function>current_user</> is the user identifier that is applicable

for permission checking.Currently it isalwaysequal to the session

user, butin the future there might be <quote>setuid</> functions and

other facilities to allowthecurrent user to change temporarily.

In Unix parlance, the session user is the <quote>real user</>

andthe current user is the <quote>effective user</>.

The <function>session_user</> is the user that initiated a

databaseconnection; it is fixed for the duration of that

connection. The<function>current_user</> is the user identifier

that is applicablefor permission checking.Normally, it is equal

to the sessionuser, butit changes during the execution of

functions withtheattribute <literal>SECURITY DEFINER</literal>.

In Unix parlance, the session user is the <quote>real user</> and

the current user is the <quote>effective user</>.

</para>

<note>

<!--

$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_function.sgml,v 1.38 2002/05/17 18:32:52 petere Exp $

$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_function.sgml,v 1.39 2002/05/18 13:47:59 petere Exp $

-->

<refentry id="SQL-CREATEFUNCTION">

| IMMUTABLE | STABLE | VOLATILE

| CALLED ON NULL INPUT | RETURNS NULL ON NULL INPUT | STRICT

| IMPLICIT CAST

| [EXTERNAL] SECURITY INVOKER | [EXTERNAL] SECURITY DEFINER

| AS '<replaceable class="parameter">definition</replaceable>'

| AS '<replaceable class="parameter">obj_file</replaceable>', '<replaceable class="parameter">link_symbol</replaceable>'

} ...

</listitem>

</varlistentry>

<varlistentry>

<term><optional>EXTERNAL</optional> SECURITY INVOKER</term>

<term><optional>EXTERNAL</optional> SECURITY DEFINER</term>

<listitem>

<para>

<literal>SECURITY INVOKER</literal> indicates that the function

is to be executed with the privileges of the user that calls it.

That is the default. <literal>SECURITY DEFINER</literal>

specifies that the function is to be executed with the

privileges of the user that created it.

</para>

<para>

The key word <literal>EXTERNAL</literal> is present for SQL

compatibility but is optional since, unlike in SQL, this feature

does not only apply to external functions.

</para>

</listitem>

</varlistentry>

<varlistentry>

<term><replaceable class="parameter">definition</replaceable></term>

</para>

</refsect1>

<refsect1 id="sql-createfunction-cast-function">

<refsect1 id="sql-createfunction-cast-functions">

<title id="sql-createfunction-cast-functions-title">

Type Cast Functions

</title>

<!--

$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.136 2002/05/17 18:32:52 petere Exp $

$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.137 2002/05/18 13:47:59 petere Exp $

-->

<appendix id="release">

worries about funny characters.

-->

<literallayout><![CDATA[

Functions can be executed with the privileges of the owner

Syntax of CREATE FUNCTION has been extended to resemble SQL99

Effects of SET within a transaction block now roll back if transaction aborts

New SET LOCAL syntax sets a parameter for the life of the current transaction

"aggregate_dummy",/* placeholder proc */

"-",/* probin */

true,/* isAgg */

true,/*(obsolete "trusted") */

false,/*security invoker (currently not definable for agg) */

false,/* isImplicit */

false,/* isStrict (not needed for agg) */

PROVOLATILE_IMMUTABLE,/* volatility (not needed for agg) */

constchar*prosrc,

constchar*probin,

boolisAgg,

booltrusted,

boolsecurity_definer,

boolisImplicit,

boolisStrict,

charvolatility,

values[i++]=Int32GetDatum(GetUserId());/* proowner */

values[i++]=ObjectIdGetDatum(languageObjectId);/* prolang */

values[i++]=BoolGetDatum(isAgg);/* proisagg */

values[i++]=BoolGetDatum(trusted);/*proistrusted */

values[i++]=BoolGetDatum(security_definer);/*prosecdef */

values[i++]=BoolGetDatum(isImplicit);/* proimplicit */

values[i++]=BoolGetDatum(isStrict);/* proisstrict */

values[i++]=BoolGetDatum(returnsSet);/* proretset */

outin_ratio=OUTIN_RATIO;

isImplicit= false;

isStrict= false;

security= false;

volatility=PROVOLATILE_VOLATILE;

prosrc_str,/* converted to text later */

probin_str,/* converted to text later */

false,/* not an aggregate */

isImplicit,

isStrict,

volatility,

querystr,/* prosrc */

fileName,/* probin */

false,/* not aggregate */

true,/*trusted */

false,/*security invoker */

false,/* not implicit coercion */

false,/* isStrict (irrelevant, no args) */

PROVOLATILE_VOLATILE,/* assume unsafe */

}Oldstyle_fnextra;

staticvoidfmgr_info_cxt_security(OidfunctionId,FmgrInfo*finfo,MemoryContextmcxt,

boolignore_security);

staticvoidfmgr_info_C_lang(OidfunctionId,FmgrInfo*finfo,HeapTupleprocedureTuple);

staticvoidfmgr_info_other_lang(OidfunctionId,FmgrInfo*finfo,HeapTupleprocedureTuple);

staticDatumfmgr_oldstyle(PG_FUNCTION_ARGS);

staticDatumfmgr_untrusted(PG_FUNCTION_ARGS);

staticDatumfmgr_security_definer(PG_FUNCTION_ARGS);

fmgr_info_cxt(OidfunctionId,FmgrInfo*finfo,MemoryContextmcxt)

{

fmgr_info_cxt_security(functionId,finfo,mcxt, false);

}

fmgr_info_cxt_security(OidfunctionId,FmgrInfo*finfo,MemoryContextmcxt,

boolignore_security)

{

constFmgrBuiltin*fbp;

HeapTupleprocedureTuple;

finfo->fn_strict=procedureStruct->proisstrict;

finfo->fn_retset=procedureStruct->proretset;

if (!procedureStruct->proistrusted)

if (procedureStruct->prosecdef&& !ignore_security)

{

finfo->fn_addr=fmgr_untrusted;

finfo->fn_addr=fmgr_security_definer;

finfo->fn_oid=functionId;

ReleaseSysCache(procedureTuple);

return;

{

FmgrInfoflinfo;

Oiduserid;

};

fmgr_untrusted(PG_FUNCTION_ARGS)

fmgr_security_definer(PG_FUNCTION_ARGS)

{

elog(ERROR,"Untrusted functions not supported");

return0;/* keep compiler happy */

Datumresult;

FmgrInfo*save_flinfo;

structfmgr_security_definer_cache*fcache;

Oidsave_userid;

HeapTupletuple;

if (!fcinfo->flinfo->fn_extra)

{

fcache=MemoryContextAlloc(fcinfo->flinfo->fn_mcxt,sizeof(*fcache));

memset(fcache,0,sizeof(*fcache));

fmgr_info_cxt_security(fcinfo->flinfo->fn_oid,&fcache->flinfo,

fcinfo->flinfo->fn_mcxt, true);

tuple=SearchSysCache(PROCOID,ObjectIdGetDatum(fcinfo->flinfo->fn_oid),0,0,0);

if (!HeapTupleIsValid(tuple))

elog(ERROR,"fmgr_security_definer: function %u: cache lookup failed",

fcinfo->flinfo->fn_oid);

fcache->userid= ((Form_pg_proc)GETSTRUCT(tuple))->proowner;

ReleaseSysCache(tuple);

fcinfo->flinfo->fn_extra=fcache;

}

fcache=fcinfo->flinfo->fn_extra;

save_flinfo=fcinfo->flinfo;

fcinfo->flinfo=&fcache->flinfo;

save_userid=GetUserId();

SetUserId(fcache->userid);

result=FunctionCallInvoke(fcinfo);

SetUserId(save_userid);

fcinfo->flinfo=save_flinfo;

returnresult;

}

char*provolatile;

char*proimplicit;

char*proisstrict;

char*prosecdef;

char*lanname;

char*rettypename;

{

appendPQExpBuffer(query,

"WHERE oid = '%s'::oid",

"WHERE oid = '%s'::oid",

"WHERE oid = '%s'::oid",

provolatile=PQgetvalue(res,0,PQfnumber(res,"provolatile"));

proimplicit=PQgetvalue(res,0,PQfnumber(res,"proimplicit"));

proisstrict=PQgetvalue(res,0,PQfnumber(res,"proisstrict"));

prosecdef=PQgetvalue(res,0,PQfnumber(res,"prosecdef"));

lanname=PQgetvalue(res,0,PQfnumber(res,"lanname"));

if (proisstrict[0]=='t')

appendPQExpBuffer(q," STRICT");

if (prosecdef[0]=='t')

appendPQExpBuffer(q," SECURITY DEFINER");

appendPQExpBuffer(q,";\n");

ArchiveEntry(fout,finfo->oid,fn->data,finfo->pronamespace->nspname,