Restructure AclItem representation so that we can have more than eight

different privilege bits (might as well make use of the space we were
wasting on padding).  EXECUTE and USAGE bits for procedures, languages
now are separate privileges instead of being overlaid on SELECT.  Add
privileges for namespaces and databases.  The GRANT and REVOKE commands
work for these object types, but we don't actually enforce the privileges
yet...

9 files changed, 108 insertions, 84 deletions

diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h
index 242c285cb6c..299cef2bb40 100644
--- a/src/include/catalog/catversion.h
+++ b/src/include/catalog/catversion.h
@@ -37,7 +37,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: catversion.h,v 1.120 2002/04/19 23:13:54 tgl Exp $
+ * $Id: catversion.h,v 1.121 2002/04/21 00:26:43 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -53,6 +53,6 @@
  */
 
 /*							yyyymmddN */
-#define CATALOG_VERSION_NO	200204191
+#define CATALOG_VERSION_NO	200204201
 
 #endif
diff --git a/src/include/catalog/pg_attribute.h b/src/include/catalog/pg_attribute.h
index b39ab3acd57..e9c10c61130 100644
--- a/src/include/catalog/pg_attribute.h
+++ b/src/include/catalog/pg_attribute.h
@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_attribute.h,v 1.90 2002/04/11 20:00:11 tgl Exp $
+ * $Id: pg_attribute.h,v 1.91 2002/04/21 00:26:43 tgl Exp $
  *
  * NOTES
  *	  the genbki.sh script reads this file and generates .bki
@@ -281,6 +281,7 @@ DATA(insert ( 1262 datfrozenxid		28 0  4   8 0 -1 -1 t p f i f f));
 /* do not mark datpath as toastable; GetRawDatabaseInfo won't cope */
 DATA(insert ( 1262 datpath			25 0 -1   9 0 -1 -1 f p f i f f));
 DATA(insert ( 1262 datconfig	  1009 0 -1  10 0 -1 -1 f x f i f f));
+DATA(insert ( 1262 datacl		  1034 0 -1  11 0 -1 -1 f x f i f f));
 DATA(insert ( 1262 ctid				27 0  6  -1 0 -1 -1 f p f i f f));
 DATA(insert ( 1262 oid				26 0  4  -2 0 -1 -1 t p f i f f));
 DATA(insert ( 1262 xmin				28 0  4  -3 0 -1 -1 t p f i f f));
diff --git a/src/include/catalog/pg_class.h b/src/include/catalog/pg_class.h
index 980c6252f65..9e9c0149aeb 100644
--- a/src/include/catalog/pg_class.h
+++ b/src/include/catalog/pg_class.h
@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_class.h,v 1.66 2002/04/11 20:00:11 tgl Exp $
+ * $Id: pg_class.h,v 1.67 2002/04/21 00:26:43 tgl Exp $
  *
  * NOTES
  *	  the genbki.sh script reads this file and generates .bki
@@ -146,7 +146,7 @@ DATA(insert OID = 1260 (  pg_shadow		PGNSP 86 PGUID 0 1260 0 0 0 0 f t r 9  0 0
 DESCR("");
 DATA(insert OID = 1261 (  pg_group		PGNSP 87 PGUID 0 1261 0 0 0 0 f t r 3  0 0 0 0 0 f f f f _null_ ));
 DESCR("");
-DATA(insert OID = 1262 (  pg_database	PGNSP 88 PGUID 0 1262 0 0 0 0 f t r 10  0 0 0 0 0 t f f f _null_ ));
+DATA(insert OID = 1262 (  pg_database	PGNSP 88 PGUID 0 1262 0 0 0 0 f t r 11  0 0 0 0 0 t f f f _null_ ));
 DESCR("");
 DATA(insert OID = 376  (  pg_xactlock	PGNSP  0 PGUID 0    0 0 0 0 0 f t s 1  0 0 0 0 0 f f f f _null_ ));
 DESCR("");
diff --git a/src/include/catalog/pg_database.h b/src/include/catalog/pg_database.h
index 5a04e2917ab..3e7c08dc214 100644
--- a/src/include/catalog/pg_database.h
+++ b/src/include/catalog/pg_database.h
@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_database.h,v 1.22 2002/03/01 22:45:17 petere Exp $
+ * $Id: pg_database.h,v 1.23 2002/04/21 00:26:43 tgl Exp $
  *
  * NOTES
  *	  the genbki.sh script reads this file and generates .bki
@@ -42,7 +42,8 @@ CATALOG(pg_database) BOOTSTRAP
 	TransactionId datvacuumxid; /* all XIDs before this are vacuumed */
 	TransactionId datfrozenxid; /* all XIDs before this are frozen */
 	text		datpath;		/* VARIABLE LENGTH FIELD */
-	text		datconfig[1];		/* database-specific GUC */
+	text		datconfig[1];	/* database-specific GUC (VAR LENGTH) */
+	aclitem		datacl[1];		/* access permissions (VAR LENGTH) */
 } FormData_pg_database;
 
 /* ----------------
@@ -56,7 +57,7 @@ typedef FormData_pg_database *Form_pg_database;
  *		compiler constants for pg_database
  * ----------------
  */
-#define Natts_pg_database				10
+#define Natts_pg_database				11
 #define Anum_pg_database_datname		1
 #define Anum_pg_database_datdba			2
 #define Anum_pg_database_encoding		3
@@ -67,8 +68,9 @@ typedef FormData_pg_database *Form_pg_database;
 #define Anum_pg_database_datfrozenxid	8
 #define Anum_pg_database_datpath		9
 #define Anum_pg_database_datconfig		10
+#define Anum_pg_database_datacl			11
 
-DATA(insert OID = 1 (  template1 PGUID ENCODING t t 0 0 0 "" _null_ ));
+DATA(insert OID = 1 (  template1 PGUID ENCODING t t 0 0 0 "" _null_ _null_ ));
 DESCR("Default template database");
 
 #define TemplateDbOid			1
diff --git a/src/include/catalog/pg_namespace.h b/src/include/catalog/pg_namespace.h
index d058206daec..3b7f7d57b6d 100644
--- a/src/include/catalog/pg_namespace.h
+++ b/src/include/catalog/pg_namespace.h
@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_namespace.h,v 1.4 2002/04/01 03:34:27 tgl Exp $
+ * $Id: pg_namespace.h,v 1.5 2002/04/21 00:26:43 tgl Exp $
  *
  * NOTES
  *	  the genbki.sh script reads this file and generates .bki
@@ -66,13 +66,13 @@ typedef FormData_pg_namespace *Form_pg_namespace;
  * ---------------
  */
 
-DATA(insert OID = 11 ( "pg_catalog" PGUID "{=r}" ));
+DATA(insert OID = 11 ( "pg_catalog" PGUID "{=U}" ));
 DESCR("System catalog namespace");
 #define PG_CATALOG_NAMESPACE 11
 DATA(insert OID = 99 ( "pg_toast" PGUID "{=}" ));
 DESCR("Reserved namespace for TOAST tables");
 #define PG_TOAST_NAMESPACE 99
-DATA(insert OID = 2071 ( "public" PGUID "{=rw}" ));
+DATA(insert OID = 2071 ( "public" PGUID "{=UC}" ));
 DESCR("Standard public namespace");
 #define PG_PUBLIC_NAMESPACE 2071
 
diff --git a/src/include/catalog/pg_type.h b/src/include/catalog/pg_type.h
index bd4bf0063a4..5359ba73383 100644
--- a/src/include/catalog/pg_type.h
+++ b/src/include/catalog/pg_type.h
@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_type.h,v 1.119 2002/03/29 19:06:20 tgl Exp $
+ * $Id: pg_type.h,v 1.120 2002/04/21 00:26:43 tgl Exp $
  *
  * NOTES
  *	  the genbki.sh script reads this file and generates .bki
@@ -420,12 +420,6 @@ DATA(insert OID = 1023 (  _abstime	 PGNSP PGUID -1  -1 f b t \054 0 702 array_in
 DATA(insert OID = 1024 (  _reltime	 PGNSP PGUID -1  -1 f b t \054 0 703 array_in array_out array_in array_out i x f 0 -1 0 _null_ _null_ ));
 DATA(insert OID = 1025 (  _tinterval PGNSP PGUID -1  -1 f b t \054 0 704 array_in array_out array_in array_out i x f 0 -1 0 _null_ _null_ ));
 DATA(insert OID = 1027 (  _polygon	 PGNSP PGUID -1  -1 f b t \054 0 604 array_in array_out array_in array_out d x f 0 -1 0 _null_ _null_ ));
-/*
- *	Note: the size of aclitem needs to match sizeof(AclItem) in acl.h.
- *	Thanks to some padding, this will be 8 on all platforms.
- *	We also have an Assert to make sure.
- */
-#define ACLITEMSIZE 8
 DATA(insert OID = 1033 (  aclitem	 PGNSP PGUID 8   -1 f b t \054 0 0 aclitemin aclitemout aclitemin aclitemout i p f 0 -1 0 _null_ _null_ ));
 DESCR("access control list");
 DATA(insert OID = 1034 (  _aclitem	 PGNSP PGUID -1 -1 f b t \054 0 1033 array_in array_out array_in array_out i x f 0 -1 0 _null_ _null_ ));
diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h
index dc2eabb5b22..1433083b2fb 100644
--- a/src/include/nodes/parsenodes.h
+++ b/src/include/nodes/parsenodes.h
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: parsenodes.h,v 1.172 2002/04/18 20:01:11 tgl Exp $
+ * $Id: parsenodes.h,v 1.173 2002/04/21 00:26:43 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -756,17 +756,45 @@ typedef struct AlterTableStmt
 } AlterTableStmt;
 
 /* ----------------------
- *		Grant Statement
+ *		Grant|Revoke Statement
  * ----------------------
  */
+typedef enum GrantObjectType
+{
+	ACL_OBJECT_RELATION,		/* table, view, sequence */
+	ACL_OBJECT_DATABASE,		/* database */
+	ACL_OBJECT_FUNCTION,		/* function */
+	ACL_OBJECT_LANGUAGE,		/* procedural language */
+	ACL_OBJECT_NAMESPACE		/* namespace */
+} GrantObjectType;
+
+/*
+ * Grantable rights are encoded so that we can OR them together in a bitmask.
+ * The present representation of AclItem limits us to 30 distinct rights.
+ * Caution: changing these codes breaks stored ACLs, hence forces initdb.
+ */
+#define ACL_INSERT		(1<<0)	/* for relations */
+#define ACL_SELECT		(1<<1)
+#define ACL_UPDATE		(1<<2)
+#define ACL_DELETE		(1<<3)
+#define ACL_RULE		(1<<4)
+#define ACL_REFERENCES	(1<<5)
+#define ACL_TRIGGER		(1<<6)
+#define ACL_EXECUTE		(1<<7)	/* for functions */
+#define ACL_USAGE		(1<<8)	/* for languages and namespaces */
+#define ACL_CREATE		(1<<9)	/* for namespaces and databases */
+#define ACL_CREATE_TEMP	(1<<10)	/* for databases */
+#define N_ACL_RIGHTS	11		/* 1 plus the last 1<<x */
+#define ACL_ALL_RIGHTS	(-1)	/* all-privileges marker in GRANT list */
+#define ACL_NO_RIGHTS	0
 
 typedef struct GrantStmt
 {
 	NodeTag		type;
-	bool		is_grant;		/* not revoke */
-	int			objtype;
-	List	   *objects;		/* list of names (as Value strings)
-								 * or relations (as RangeVar's) */
+	bool		is_grant;		/* true = GRANT, false = REVOKE */
+	GrantObjectType objtype;	/* kind of object being operated on */
+	List	   *objects;		/* list of RangeVar nodes, FuncWithArgs nodes,
+								 * or plain names (as Value strings) */
 	List	   *privileges;		/* integer list of privilege codes */
 	List	   *grantees;		/* list of PrivGrantee nodes */
 } GrantStmt;
@@ -789,7 +817,7 @@ typedef struct FuncWithArgs
 typedef struct PrivTarget
 {
 	NodeTag		type;
-	int			objtype;
+	GrantObjectType objtype;
 	List	   *objs;
 } PrivTarget;
 
diff --git a/src/include/parser/keywords.h b/src/include/parser/keywords.h
index 91149072c3f..9023d688cf4 100644
--- a/src/include/parser/keywords.h
+++ b/src/include/parser/keywords.h
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: keywords.h,v 1.13 2002/02/18 23:11:45 petere Exp $
+ * $Id: keywords.h,v 1.14 2002/04/21 00:26:44 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -21,6 +21,5 @@ typedef struct ScanKeyword
 } ScanKeyword;
 
 extern ScanKeyword *ScanKeywordLookup(char *text);
-extern const char *TokenString(int token);
 
 #endif   /* KEYWORDS_H */
diff --git a/src/include/utils/acl.h b/src/include/utils/acl.h
index 16e43f267ed..146f04a27af 100644
--- a/src/include/utils/acl.h
+++ b/src/include/utils/acl.h
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: acl.h,v 1.42 2002/04/11 20:00:17 tgl Exp $
+ * $Id: acl.h,v 1.43 2002/04/21 00:26:44 tgl Exp $
  *
  * NOTES
  *	  For backward-compatibility purposes we have to allow there
@@ -37,49 +37,35 @@ typedef uint32 AclId;
 /*
  * AclIdType	tag that describes if the AclId is a user, group, etc.
  */
-typedef uint8 AclIdType;
-
-#define ACL_IDTYPE_WORLD		0x00
+#define ACL_IDTYPE_WORLD		0x00	/* PUBLIC */
 #define ACL_IDTYPE_UID			0x01	/* user id - from pg_shadow */
 #define ACL_IDTYPE_GID			0x02	/* group id - from pg_group */
 
 /*
- * AclMode		the actual permissions
- *				XXX should probably use bit.h routines.
- *				XXX should probably also stuff the modechg cruft in the
- *					high bits, too.
- */
-typedef uint8 AclMode;
-
-#define ACL_NO			0		/* no permissions */
-#define ACL_INSERT		(1<<0)
-#define ACL_SELECT		(1<<1)
-#define ACL_UPDATE		(1<<2)
-#define ACL_DELETE		(1<<3)
-#define ACL_RULE		(1<<4)
-#define ACL_REFERENCES	(1<<5)
-#define ACL_TRIGGER		(1<<6)
-#define N_ACL_MODES		7		/* 1 plus the last 1<<x */
+ * AclMode		a bitmask of privilege bits
+ */
+typedef uint32 AclMode;
 
 /*
  * AclItem
+ *
+ * Note: must be same size on all platforms, because the size is hardcoded
+ * in the pg_type.h entry for aclitem.
  */
 typedef struct AclItem
 {
-	AclId		ai_id;
-	AclIdType	ai_idtype;
-	AclMode		ai_mode;
-
-	/*
-	 * This is actually type 'aclitem', and we want a fixed size for all
-	 * platforms, so we pad this with dummies.
-	 */
-	char		dummy1,
-				dummy2;
+	AclId		ai_id;			/* ID that this item applies to */
+	AclMode		ai_privs;		/* AclIdType plus privilege bits */
 } AclItem;
 
-/* Note: if the size of AclItem changes,
-   change the aclitem typlen in pg_type.h */
+/*
+ * The AclIdType is stored in the top two bits of the ai_privs field of an
+ * AclItem, leaving us with thirty usable privilege bits.
+ */
+#define ACLITEM_GET_PRIVS(item)   ((item).ai_privs & 0x3FFFFFFF)
+#define ACLITEM_GET_IDTYPE(item)  ((item).ai_privs >> 30)
+#define ACLITEM_SET_PRIVS_IDTYPE(item,privs,idtype) \
+  ((item).ai_privs = ((privs) & 0x3FFFFFFF) | ((idtype) << 30))
 
 
 /*
@@ -144,20 +130,39 @@ typedef ArrayType IdList;
 #define ACL_MODECHG_DEL			2
 #define ACL_MODECHG_EQL			3
 
-/* mode indicators for I/O */
-#define ACL_MODECHG_STR			"+-="	/* list of valid characters */
+/* external representation of mode indicators for I/O */
 #define ACL_MODECHG_ADD_CHR		'+'
 #define ACL_MODECHG_DEL_CHR		'-'
 #define ACL_MODECHG_EQL_CHR		'='
-#define ACL_MODE_STR			"arwdRxt"		/* list of valid
-												 * characters */
-#define ACL_MODE_INSERT_CHR		'a'		/* formerly known as "append" */
-#define ACL_MODE_SELECT_CHR		'r'		/* formerly known as "read" */
-#define ACL_MODE_UPDATE_CHR		'w'		/* formerly known as "write" */
-#define ACL_MODE_DELETE_CHR		'd'
-#define ACL_MODE_RULE_CHR		'R'
-#define ACL_MODE_REFERENCES_CHR 'x'
-#define ACL_MODE_TRIGGER_CHR	't'
+
+/*
+ * External representations of the privilege bits --- aclitemin/aclitemout
+ * represent each possible privilege bit with a distinct 1-character code
+ */
+#define ACL_INSERT_CHR			'a'		/* formerly known as "append" */
+#define ACL_SELECT_CHR			'r'		/* formerly known as "read" */
+#define ACL_UPDATE_CHR			'w'		/* formerly known as "write" */
+#define ACL_DELETE_CHR			'd'
+#define ACL_RULE_CHR			'R'
+#define ACL_REFERENCES_CHR		'x'
+#define ACL_TRIGGER_CHR			't'
+#define ACL_EXECUTE_CHR			'X'
+#define ACL_USAGE_CHR			'U'
+#define ACL_CREATE_CHR			'C'
+#define ACL_CREATE_TEMP_CHR		'T'
+
+/* string holding all privilege code chars, in order by bitmask position */
+#define ACL_ALL_RIGHTS_STR	"arwdRxtXUCT"
+
+/*
+ * Bitmasks defining "all rights" for each supported object type
+ */
+#define ACL_ALL_RIGHTS_RELATION		(ACL_INSERT|ACL_SELECT|ACL_UPDATE|ACL_DELETE|ACL_RULE|ACL_REFERENCES|ACL_TRIGGER)
+#define ACL_ALL_RIGHTS_DATABASE		(ACL_CREATE|ACL_CREATE_TEMP)
+#define ACL_ALL_RIGHTS_FUNCTION		(ACL_EXECUTE)
+#define ACL_ALL_RIGHTS_LANGUAGE		(ACL_USAGE)
+#define ACL_ALL_RIGHTS_NAMESPACE	(ACL_USAGE|ACL_CREATE)
+
 
 /* result codes for pg_*_aclcheck */
 #define ACLCHECK_OK				  0
@@ -171,26 +176,18 @@ extern const char * const aclcheck_error_strings[];
 /*
  * routines used internally
  */
-extern Acl *acldefault(AclId ownerid);
-extern Acl *aclinsert3(const Acl *old_acl, const AclItem *mod_aip, unsigned modechg);
-
-/*
- * routines used by the parser
- */
-extern char *aclmakepriv(const char *old_privlist, char new_priv);
-extern char *aclmakeuser(const char *user_type, const char *user);
+extern Acl *acldefault(GrantObjectType objtype, AclId ownerid);
+extern Acl *aclinsert3(const Acl *old_acl, const AclItem *mod_aip,
+					   unsigned modechg);
 
 /*
  * exported routines (from acl.c)
  */
-extern Acl *makeacl(int n);
 extern Datum aclitemin(PG_FUNCTION_ARGS);
 extern Datum aclitemout(PG_FUNCTION_ARGS);
 extern Datum aclinsert(PG_FUNCTION_ARGS);
 extern Datum aclremove(PG_FUNCTION_ARGS);
 extern Datum aclcontains(PG_FUNCTION_ARGS);
-extern const char *aclparse(const char *s, AclItem *aip, unsigned *modechg);
-extern char *makeAclString(const char *privileges, const char *grantee, char grant_or_revoke);
 
 /*
  * prototypes for functions in aclchk.c
@@ -201,13 +198,16 @@ extern char *get_groname(AclId grosysid);
 
 /* these return ACLCHECK_* result codes */
 extern int32 pg_class_aclcheck(Oid table_oid, Oid userid, AclMode mode);
-extern int32 pg_proc_aclcheck(Oid proc_oid, Oid userid);
-extern int32 pg_language_aclcheck(Oid lang_oid, Oid userid);
+extern int32 pg_database_aclcheck(Oid db_oid, Oid userid, AclMode mode);
+extern int32 pg_proc_aclcheck(Oid proc_oid, Oid userid, AclMode mode);
+extern int32 pg_language_aclcheck(Oid lang_oid, Oid userid, AclMode mode);
+extern int32 pg_namespace_aclcheck(Oid nsp_oid, Oid userid, AclMode mode);
 
 /* ownercheck routines just return true (owner) or false (not) */
 extern bool pg_class_ownercheck(Oid class_oid, Oid userid);
 extern bool pg_type_ownercheck(Oid type_oid, Oid userid);
 extern bool pg_oper_ownercheck(Oid oper_oid, Oid userid);
 extern bool pg_proc_ownercheck(Oid proc_oid, Oid userid);
+extern bool pg_namespace_ownercheck(Oid nsp_oid, Oid userid);
 
 #endif   /* ACL_H */