Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit0eaa36a

Browse files
committed
Bring syntax of role-related commands into SQL compliance. To avoid
syntactic conflicts, both privilege and role GRANT/REVOKE commands haveto use the same production for scanning the list of tokens that mighteventually turn out to be privileges or role names. So, change theexisting GRANT/REVOKE code to expect a list of strings not pre-reducedAclMode values. Fix a couple other minor issues while at it, such asInitializeAcl function name conflicting with a Windows system function.
1 parent88b49cd commit0eaa36a

File tree

11 files changed

+344
-316
lines changed

11 files changed

+344
-316
lines changed

‎src/backend/catalog/aclchk.c

Lines changed: 53 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.113 2005/06/2805:08:52 tgl Exp $
11+
* $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.114 2005/06/2819:51:21 tgl Exp $
1212
*
1313
* NOTES
1414
* See acl.h.
@@ -47,6 +47,7 @@ static void ExecuteGrantStmt_Language(GrantStmt *stmt);
4747
staticvoidExecuteGrantStmt_Namespace(GrantStmt*stmt);
4848
staticvoidExecuteGrantStmt_Tablespace(GrantStmt*stmt);
4949

50+
staticAclModestring_to_privilege(constchar*privname);
5051
staticconstchar*privilege_to_string(AclModeprivilege);
5152

5253

@@ -209,7 +210,7 @@ ExecuteGrantStmt_Relation(GrantStmt *stmt)
209210
boolall_privs;
210211
ListCell*i;
211212

212-
if (linitial_int(stmt->privileges)==ACL_ALL_RIGHTS)
213+
if (stmt->privileges==NIL)
213214
{
214215
all_privs= true;
215216
privileges=ACL_ALL_RIGHTS_RELATION;
@@ -220,7 +221,8 @@ ExecuteGrantStmt_Relation(GrantStmt *stmt)
220221
privileges=ACL_NO_RIGHTS;
221222
foreach(i,stmt->privileges)
222223
{
223-
AclModepriv=lfirst_int(i);
224+
char*privname=strVal(lfirst(i));
225+
AclModepriv=string_to_privilege(privname);
224226

225227
if (priv& ~((AclMode)ACL_ALL_RIGHTS_RELATION))
226228
ereport(ERROR,
@@ -377,7 +379,7 @@ ExecuteGrantStmt_Database(GrantStmt *stmt)
377379
boolall_privs;
378380
ListCell*i;
379381

380-
if (linitial_int(stmt->privileges)==ACL_ALL_RIGHTS)
382+
if (stmt->privileges==NIL)
381383
{
382384
all_privs= true;
383385
privileges=ACL_ALL_RIGHTS_DATABASE;
@@ -388,7 +390,8 @@ ExecuteGrantStmt_Database(GrantStmt *stmt)
388390
privileges=ACL_NO_RIGHTS;
389391
foreach(i,stmt->privileges)
390392
{
391-
AclModepriv=lfirst_int(i);
393+
char*privname=strVal(lfirst(i));
394+
AclModepriv=string_to_privilege(privname);
392395

393396
if (priv& ~((AclMode)ACL_ALL_RIGHTS_DATABASE))
394397
ereport(ERROR,
@@ -535,7 +538,7 @@ ExecuteGrantStmt_Function(GrantStmt *stmt)
535538
boolall_privs;
536539
ListCell*i;
537540

538-
if (linitial_int(stmt->privileges)==ACL_ALL_RIGHTS)
541+
if (stmt->privileges==NIL)
539542
{
540543
all_privs= true;
541544
privileges=ACL_ALL_RIGHTS_FUNCTION;
@@ -546,7 +549,8 @@ ExecuteGrantStmt_Function(GrantStmt *stmt)
546549
privileges=ACL_NO_RIGHTS;
547550
foreach(i,stmt->privileges)
548551
{
549-
AclModepriv=lfirst_int(i);
552+
char*privname=strVal(lfirst(i));
553+
AclModepriv=string_to_privilege(privname);
550554

551555
if (priv& ~((AclMode)ACL_ALL_RIGHTS_FUNCTION))
552556
ereport(ERROR,
@@ -689,7 +693,7 @@ ExecuteGrantStmt_Language(GrantStmt *stmt)
689693
boolall_privs;
690694
ListCell*i;
691695

692-
if (linitial_int(stmt->privileges)==ACL_ALL_RIGHTS)
696+
if (stmt->privileges==NIL)
693697
{
694698
all_privs= true;
695699
privileges=ACL_ALL_RIGHTS_LANGUAGE;
@@ -700,7 +704,8 @@ ExecuteGrantStmt_Language(GrantStmt *stmt)
700704
privileges=ACL_NO_RIGHTS;
701705
foreach(i,stmt->privileges)
702706
{
703-
AclModepriv=lfirst_int(i);
707+
char*privname=strVal(lfirst(i));
708+
AclModepriv=string_to_privilege(privname);
704709

705710
if (priv& ~((AclMode)ACL_ALL_RIGHTS_LANGUAGE))
706711
ereport(ERROR,
@@ -852,7 +857,7 @@ ExecuteGrantStmt_Namespace(GrantStmt *stmt)
852857
boolall_privs;
853858
ListCell*i;
854859

855-
if (linitial_int(stmt->privileges)==ACL_ALL_RIGHTS)
860+
if (stmt->privileges==NIL)
856861
{
857862
all_privs= true;
858863
privileges=ACL_ALL_RIGHTS_NAMESPACE;
@@ -863,7 +868,8 @@ ExecuteGrantStmt_Namespace(GrantStmt *stmt)
863868
privileges=ACL_NO_RIGHTS;
864869
foreach(i,stmt->privileges)
865870
{
866-
AclModepriv=lfirst_int(i);
871+
char*privname=strVal(lfirst(i));
872+
AclModepriv=string_to_privilege(privname);
867873

868874
if (priv& ~((AclMode)ACL_ALL_RIGHTS_NAMESPACE))
869875
ereport(ERROR,
@@ -1006,7 +1012,7 @@ ExecuteGrantStmt_Tablespace(GrantStmt *stmt)
10061012
boolall_privs;
10071013
ListCell*i;
10081014

1009-
if (linitial_int(stmt->privileges)==ACL_ALL_RIGHTS)
1015+
if (stmt->privileges==NIL)
10101016
{
10111017
all_privs= true;
10121018
privileges=ACL_ALL_RIGHTS_TABLESPACE;
@@ -1017,7 +1023,8 @@ ExecuteGrantStmt_Tablespace(GrantStmt *stmt)
10171023
privileges=ACL_NO_RIGHTS;
10181024
foreach(i,stmt->privileges)
10191025
{
1020-
AclModepriv=lfirst_int(i);
1026+
char*privname=strVal(lfirst(i));
1027+
AclModepriv=string_to_privilege(privname);
10211028

10221029
if (priv& ~((AclMode)ACL_ALL_RIGHTS_TABLESPACE))
10231030
ereport(ERROR,
@@ -1157,6 +1164,39 @@ ExecuteGrantStmt_Tablespace(GrantStmt *stmt)
11571164
}
11581165

11591166

1167+
staticAclMode
1168+
string_to_privilege(constchar*privname)
1169+
{
1170+
if (strcmp(privname,"insert")==0)
1171+
returnACL_INSERT;
1172+
if (strcmp(privname,"select")==0)
1173+
returnACL_SELECT;
1174+
if (strcmp(privname,"update")==0)
1175+
returnACL_UPDATE;
1176+
if (strcmp(privname,"delete")==0)
1177+
returnACL_DELETE;
1178+
if (strcmp(privname,"rule")==0)
1179+
returnACL_RULE;
1180+
if (strcmp(privname,"references")==0)
1181+
returnACL_REFERENCES;
1182+
if (strcmp(privname,"trigger")==0)
1183+
returnACL_TRIGGER;
1184+
if (strcmp(privname,"execute")==0)
1185+
returnACL_EXECUTE;
1186+
if (strcmp(privname,"usage")==0)
1187+
returnACL_USAGE;
1188+
if (strcmp(privname,"create")==0)
1189+
returnACL_CREATE;
1190+
if (strcmp(privname,"temporary")==0)
1191+
returnACL_CREATE_TEMP;
1192+
if (strcmp(privname,"temp")==0)
1193+
returnACL_CREATE_TEMP;
1194+
ereport(ERROR,
1195+
(errcode(ERRCODE_SYNTAX_ERROR),
1196+
errmsg("unrecognized privilege type \"%s\"",privname)));
1197+
return0;/* appease compiler */
1198+
}
1199+
11601200
staticconstchar*
11611201
privilege_to_string(AclModeprivilege)
11621202
{

‎src/backend/catalog/pg_proc.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $PostgreSQL: pgsql/src/backend/catalog/pg_proc.c,v 1.130 2005/06/2805:08:52 tgl Exp $
11+
* $PostgreSQL: pgsql/src/backend/catalog/pg_proc.c,v 1.131 2005/06/2819:51:21 tgl Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -266,7 +266,7 @@ ProcedureCreate(const char *procedureName,
266266
(errcode(ERRCODE_DUPLICATE_FUNCTION),
267267
errmsg("function \"%s\" already exists with same argument types",
268268
procedureName)));
269-
if (GetUserId()!=oldproc->proowner&& !superuser())
269+
if (!pg_proc_ownercheck(HeapTupleGetOid(oldtup),GetUserId()))
270270
aclcheck_error(ACLCHECK_NOT_OWNER,ACL_KIND_PROC,
271271
procedureName);
272272

‎src/backend/commands/user.c

Lines changed: 49 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
* Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
77
* Portions Copyright (c) 1994, Regents of the University of California
88
*
9-
* $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.152 2005/06/2805:08:55 tgl Exp $
9+
* $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.153 2005/06/2819:51:22 tgl Exp $
1010
*
1111
*-------------------------------------------------------------------------
1212
*/
@@ -61,16 +61,17 @@ CreateRole(CreateRoleStmt *stmt)
6161
boolcreaterole= false;/* Can this user create roles? */
6262
boolcreatedb= false;/* Can the user create databases? */
6363
boolcanlogin= false;/* Can this user login? */
64-
List*roleElts=NIL;/* rolesthe user is a member of */
65-
List*rolememElts=NIL;/* roleswhich will be members of this role */
66-
char*validUntil=NULL;/*The time the login is valid
67-
* until */
64+
List*addroleto=NIL;/* rolesto make this a member of */
65+
List*rolemembers=NIL;/* rolesto be members of this role */
66+
List*adminmembers=NIL;/*roles to be admins of this role */
67+
char*validUntil=NULL;/* time the login is valid until */
6868
DefElem*dpassword=NULL;
6969
DefElem*dcreatedb=NULL;
7070
DefElem*dcreaterole=NULL;
7171
DefElem*dcanlogin=NULL;
72-
DefElem*droleElts=NULL;
73-
DefElem*drolememElts=NULL;
72+
DefElem*daddroleto=NULL;
73+
DefElem*drolemembers=NULL;
74+
DefElem*dadminmembers=NULL;
7475
DefElem*dvalidUntil=NULL;
7576

7677
/* Extract options from the statement node tree */
@@ -121,21 +122,29 @@ CreateRole(CreateRoleStmt *stmt)
121122
errmsg("conflicting or redundant options")));
122123
dcanlogin=defel;
123124
}
124-
elseif (strcmp(defel->defname,"roleElts")==0)
125+
elseif (strcmp(defel->defname,"addroleto")==0)
125126
{
126-
if (droleElts)
127+
if (daddroleto)
127128
ereport(ERROR,
128129
(errcode(ERRCODE_SYNTAX_ERROR),
129130
errmsg("conflicting or redundant options")));
130-
droleElts=defel;
131+
daddroleto=defel;
131132
}
132-
elseif (strcmp(defel->defname,"rolememElts")==0)
133+
elseif (strcmp(defel->defname,"rolemembers")==0)
133134
{
134-
if (drolememElts)
135+
if (drolemembers)
135136
ereport(ERROR,
136137
(errcode(ERRCODE_SYNTAX_ERROR),
137138
errmsg("conflicting or redundant options")));
138-
drolememElts=defel;
139+
drolemembers=defel;
140+
}
141+
elseif (strcmp(defel->defname,"adminmembers")==0)
142+
{
143+
if (dadminmembers)
144+
ereport(ERROR,
145+
(errcode(ERRCODE_SYNTAX_ERROR),
146+
errmsg("conflicting or redundant options")));
147+
dadminmembers=defel;
139148
}
140149
elseif (strcmp(defel->defname,"validUntil")==0)
141150
{
@@ -164,10 +173,12 @@ CreateRole(CreateRoleStmt *stmt)
164173
validUntil=strVal(dvalidUntil->arg);
165174
if (dpassword)
166175
password=strVal(dpassword->arg);
167-
if (droleElts)
168-
roleElts= (List*)droleElts->arg;
169-
if (drolememElts)
170-
rolememElts= (List*)drolememElts->arg;
176+
if (daddroleto)
177+
addroleto= (List*)daddroleto->arg;
178+
if (drolemembers)
179+
rolemembers= (List*)drolemembers->arg;
180+
if (dadminmembers)
181+
adminmembers= (List*)dadminmembers->arg;
171182

172183
/* Check some permissions first */
173184
if (!superuser())
@@ -257,7 +268,7 @@ CreateRole(CreateRoleStmt *stmt)
257268
/*
258269
* Add the new role to the specified existing roles.
259270
*/
260-
foreach(item,roleElts)
271+
foreach(item,addroleto)
261272
{
262273
char*oldrolename=strVal(lfirst(item));
263274
Oidoldroleid=get_roleid_checked(oldrolename);
@@ -269,10 +280,14 @@ CreateRole(CreateRoleStmt *stmt)
269280
}
270281

271282
/*
272-
* Add the specified members to this new role.
283+
* Add the specified members to this new role. adminmembers get the
284+
* admin option, rolemembers don't.
273285
*/
274286
AddRoleMems(stmt->role,roleid,
275-
rolememElts,roleNamesToIds(rolememElts),
287+
adminmembers,roleNamesToIds(adminmembers),
288+
GetUserId(), true);
289+
AddRoleMems(stmt->role,roleid,
290+
rolemembers,roleNamesToIds(rolemembers),
276291
GetUserId(), false);
277292

278293
/*
@@ -309,17 +324,14 @@ AlterRole(AlterRoleStmt *stmt)
309324
intcreaterole=-1;/* Can this user create roles? */
310325
intcreatedb=-1;/* Can the user create databases? */
311326
intcanlogin=-1;/* Can this user login? */
312-
intadminopt=0;/* Can this user grant this role to others? */
313-
List*rolememElts=NIL;/* The roles which will be added/removed to this role */
314-
char*validUntil=NULL;/* The time the login is valid
315-
* until */
327+
List*rolemembers=NIL;/* roles to be added/removed */
328+
char*validUntil=NULL;/* time the login is valid until */
316329
DefElem*dpassword=NULL;
317330
DefElem*dcreatedb=NULL;
318331
DefElem*dcreaterole=NULL;
319332
DefElem*dcanlogin=NULL;
320-
DefElem*dadminopt=NULL;
321333
DefElem*dvalidUntil=NULL;
322-
DefElem*drolememElts=NULL;
334+
DefElem*drolemembers=NULL;
323335
Oidroleid;
324336

325337
/* Extract options from the statement node tree */
@@ -365,14 +377,6 @@ AlterRole(AlterRoleStmt *stmt)
365377
errmsg("conflicting or redundant options")));
366378
dcanlogin=defel;
367379
}
368-
elseif (strcmp(defel->defname,"adminopt")==0)
369-
{
370-
if (dadminopt)
371-
ereport(ERROR,
372-
(errcode(ERRCODE_SYNTAX_ERROR),
373-
errmsg("conflicting or redundant options")));
374-
dadminopt=defel;
375-
}
376380
elseif (strcmp(defel->defname,"validUntil")==0)
377381
{
378382
if (dvalidUntil)
@@ -381,13 +385,14 @@ AlterRole(AlterRoleStmt *stmt)
381385
errmsg("conflicting or redundant options")));
382386
dvalidUntil=defel;
383387
}
384-
elseif (strcmp(defel->defname,"rolememElts")==0&&stmt->action!=0)
388+
elseif (strcmp(defel->defname,"rolemembers")==0&&
389+
stmt->action!=0)
385390
{
386-
if (drolememElts)
391+
if (drolemembers)
387392
ereport(ERROR,
388393
(errcode(ERRCODE_SYNTAX_ERROR),
389394
errmsg("conflicting or redundant options")));
390-
drolememElts=defel;
395+
drolemembers=defel;
391396
}
392397
else
393398
elog(ERROR,"option \"%s\" not recognized",
@@ -404,14 +409,12 @@ AlterRole(AlterRoleStmt *stmt)
404409
}
405410
if (dcanlogin)
406411
canlogin=intVal(dcanlogin->arg);
407-
if (dadminopt)
408-
adminopt=intVal(dadminopt->arg);
409412
if (dvalidUntil)
410413
validUntil=strVal(dvalidUntil->arg);
411414
if (dpassword)
412415
password=strVal(dpassword->arg);
413-
if (drolememElts)
414-
rolememElts= (List*)drolememElts->arg;
416+
if (drolemembers)
417+
rolemembers= (List*)drolemembers->arg;
415418

416419
/* must be superuser or just want to change your own password */
417420
if (!superuser()&&
@@ -420,8 +423,7 @@ AlterRole(AlterRoleStmt *stmt)
420423
createdb<0&&
421424
canlogin<0&&
422425
!validUntil&&
423-
!rolememElts&&
424-
!adminopt&&
426+
!rolemembers&&
425427
password&&
426428
strcmp(GetUserNameFromId(GetUserId()),stmt->role)==0))
427429
ereport(ERROR,
@@ -537,12 +539,12 @@ AlterRole(AlterRoleStmt *stmt)
537539

538540
if (stmt->action==+1)/* add members to role */
539541
AddRoleMems(stmt->role,roleid,
540-
rolememElts,roleNamesToIds(rolememElts),
541-
GetUserId(),adminopt);
542+
rolemembers,roleNamesToIds(rolemembers),
543+
GetUserId(),false);
542544
elseif (stmt->action==-1)/* drop members from role */
543545
DelRoleMems(stmt->role,roleid,
544-
rolememElts,roleNamesToIds(rolememElts),
545-
adminopt);
546+
rolemembers,roleNamesToIds(rolemembers),
547+
false);
546548

547549
/*
548550
* Set flag to update flat auth file at commit.

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp