Change the aclchk.c routines to uniformly use OIDs to identify the

objects to be privilege-checked.  Some change in their APIs would be
necessary no matter what in the schema environment, and simply getting
rid of the name-based interface entirely seems like the best way.

diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index 2244827f7c4ec39f0e0ddeac0b944c00dfd89436..2225dc3a14ef6465dfa7e36e5087d21132092cb1 100644 (file)
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.57 2002/03/21 16:00:29 tgl Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.58 2002/03/21 23:27:19 tgl Exp $
  *
  * NOTES
  *   See acl.h.
@@ -50,8 +50,8 @@ static const char *privilege_token_string(int token);
 static int32 aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode);
 
 /* warning messages, now more explicit. */
-/* MUST correspond to the order of the ACLCHK_* result codes in acl.h. */
-char      *aclcheck_error_strings[] = {
+/* MUST correspond to the order of the ACLCHECK_* result codes in acl.h. */
+const char * const aclcheck_error_strings[] = {
    "No error.",
    "Permission denied.",
    "Table does not exist.",
@@ -66,11 +66,11 @@ dumpacl(Acl *acl)
    int         i;
    AclItem    *aip;
 
-   elog(LOG, "acl size = %d, # acls = %d",
+   elog(DEBUG1, "acl size = %d, # acls = %d",
         ACL_SIZE(acl), ACL_NUM(acl));
    aip = ACL_DAT(acl);
    for (i = 0; i < ACL_NUM(acl); ++i)
-       elog(LOG, " acl[%d]: %s", i,
+       elog(DEBUG1, "  acl[%d]: %s", i,
             DatumGetCString(DirectFunctionCall1(aclitemout,
                                             PointerGetDatum(aip + i))));
 }
@@ -214,23 +214,20 @@ ExecuteGrantStmt_Table(GrantStmt *stmt)
        char        nulls[Natts_pg_class];
        char        replaces[Natts_pg_class];
 
-
-       if (!pg_ownercheck(GetUserId(), relname, RELNAME))
-           elog(ERROR, "permission denied");
-
        /* open pg_class */
        relation = heap_openr(RelationRelationName, RowExclusiveLock);
        tuple = SearchSysCache(RELNAME,
                               PointerGetDatum(relname),
                               0, 0, 0);
        if (!HeapTupleIsValid(tuple))
-       {
-           heap_close(relation, RowExclusiveLock);
            elog(ERROR, "relation \"%s\" not found",
                 relname);
-       }
        pg_class_tuple = (Form_pg_class) GETSTRUCT(tuple);
 
+       if (!pg_class_ownercheck(tuple->t_data->t_oid, GetUserId()))
+           elog(ERROR, "%s: permission denied",
+                relname);
+
        if (pg_class_tuple->relkind == RELKIND_INDEX)
            elog(ERROR, "\"%s\" is an index",
                 relname);
@@ -658,7 +655,7 @@ aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode)
     */
    if (!acl)
    {
-       elog(LOG, "aclcheck: null ACL, returning OK");
+       elog(DEBUG1, "aclcheck: null ACL, returning OK");
        return ACLCHECK_OK;
    }
 
@@ -673,7 +670,7 @@ aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode)
     */
    if (num < 1)
    {
-       elog(LOG, "aclcheck: zero-length ACL, returning OK");
+       elog(DEBUG1, "aclcheck: zero-length ACL, returning OK");
        return ACLCHECK_OK;
    }
 
@@ -686,7 +683,7 @@ aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode)
    if (aidat->ai_mode & mode)
    {
 #ifdef ACLDEBUG
-       elog(LOG, "aclcheck: using world=%d", aidat->ai_mode);
+       elog(DEBUG1, "aclcheck: using world=%d", aidat->ai_mode);
 #endif
        return ACLCHECK_OK;
    }
@@ -702,7 +699,7 @@ aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode)
                if (aip->ai_id == id)
                {
 #ifdef ACLDEBUG
-                   elog(LOG, "aclcheck: found user %u/%d",
+                   elog(DEBUG1, "aclcheck: found user %u/%d",
                         aip->ai_id, aip->ai_mode);
 #endif
                    if (aip->ai_mode & mode)
@@ -719,7 +716,7 @@ aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode)
                    if (in_group(id, aip->ai_id))
                    {
 #ifdef ACLDEBUG
-                       elog(LOG, "aclcheck: found group %u/%d",
+                       elog(DEBUG1, "aclcheck: found group %u/%d",
                             aip->ai_id, aip->ai_mode);
 #endif
                        return ACLCHECK_OK;
@@ -740,7 +737,7 @@ aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode)
                if (aip->ai_id == id)
                {
 #ifdef ACLDEBUG
-                   elog(LOG, "aclcheck: found group %u/%d",
+                   elog(DEBUG1, "aclcheck: found group %u/%d",
                         aip->ai_id, aip->ai_mode);
 #endif
                    if (aip->ai_mode & mode)
@@ -760,46 +757,63 @@ aclcheck(Acl *acl, AclId id, AclIdType idtype, AclMode mode)
    return ACLCHECK_NO_PRIV;
 }
 
+
 /*
  * Exported routine for checking a user's access privileges to a table
  *
  * Returns an ACLCHECK_* result code.
  */
 int32
-pg_aclcheck(char *relname, Oid userid, AclMode mode)
+pg_class_aclcheck(Oid table_oid, Oid userid, AclMode mode)
 {
    int32       result;
+   bool        usesuper,
+               usecatupd;
+   char       *relname;
    HeapTuple   tuple;
-   char       *usename;
    Datum       aclDatum;
    bool        isNull;
    Acl        *acl;
 
    /*
     * Validate userid, find out if he is superuser
+    *
+    * We do not use superuser_arg() here because we also need to check
+    * usecatupd.
     */
    tuple = SearchSysCache(SHADOWSYSID,
                           ObjectIdGetDatum(userid),
                           0, 0, 0);
    if (!HeapTupleIsValid(tuple))
-       elog(ERROR, "pg_aclcheck: invalid user id %u",
-            (unsigned) userid);
+       elog(ERROR, "pg_class_aclcheck: invalid user id %u", userid);
 
-   usename = NameStr(((Form_pg_shadow) GETSTRUCT(tuple))->usename);
+   usesuper = ((Form_pg_shadow) GETSTRUCT(tuple))->usesuper;
+   usecatupd = ((Form_pg_shadow) GETSTRUCT(tuple))->usecatupd;
+
+   ReleaseSysCache(tuple);
+
+   /*
+    * Now get the relation's tuple from pg_class
+    */
+   tuple = SearchSysCache(RELOID,
+                          ObjectIdGetDatum(table_oid),
+                          0, 0, 0);
+   if (!HeapTupleIsValid(tuple))
+       elog(ERROR, "pg_class_aclcheck: relation %u not found", table_oid);
 
    /*
     * Deny anyone permission to update a system catalog unless
     * pg_shadow.usecatupd is set.  (This is to let superusers protect
     * themselves from themselves.)
     */
+   relname = NameStr(((Form_pg_class) GETSTRUCT(tuple))->relname);
    if ((mode & (ACL_INSERT | ACL_UPDATE | ACL_DELETE)) &&
        !allowSystemTableMods && IsSystemRelationName(relname) &&
        !is_temp_relname(relname) &&
-       !((Form_pg_shadow) GETSTRUCT(tuple))->usecatupd)
+       !usecatupd)
    {
 #ifdef ACLDEBUG
-       elog(LOG, "pg_aclcheck: catalog update to \"%s\": permission denied",
-            relname);
+       elog(DEBUG1, "pg_class_aclcheck: catalog update: permission denied");
 #endif
        ReleaseSysCache(tuple);
        return ACLCHECK_NO_PRIV;
@@ -808,29 +822,19 @@ pg_aclcheck(char *relname, Oid userid, AclMode mode)
    /*
     * Otherwise, superusers bypass all permission-checking.
     */
-   if (((Form_pg_shadow) GETSTRUCT(tuple))->usesuper)
+   if (usesuper)
    {
 #ifdef ACLDEBUG
-       elog(LOG, "pg_aclcheck: \"%s\" is superuser",
-            usename);
+       elog(DEBUG1, "pg_class_aclcheck: %u is superuser", userid);
 #endif
        ReleaseSysCache(tuple);
        return ACLCHECK_OK;
    }
 
-   ReleaseSysCache(tuple);
-   /* caution: usename is inaccessible beyond this point... */
-
    /*
     * Normal case: get the relation's ACL from pg_class
     */
-   tuple = SearchSysCache(RELNAME,
-                          PointerGetDatum(relname),
-                          0, 0, 0);
-   if (!HeapTupleIsValid(tuple))
-       elog(ERROR, "pg_aclcheck: class \"%s\" not found", relname);
-
-   aclDatum = SysCacheGetAttr(RELNAME, tuple, Anum_pg_class_relacl,
+   aclDatum = SysCacheGetAttr(RELOID, tuple, Anum_pg_class_relacl,
                               &isNull);
    if (isNull)
    {
@@ -858,227 +862,6 @@ pg_aclcheck(char *relname, Oid userid, AclMode mode)
    return result;
 }
 
-/*
- * Check ownership of an object identified by name (which will be looked
- * up in the system cache identified by cacheid).
- *
- * Returns true if userid owns the item, or should be allowed to modify
- * the item as if he owned it.
- */
-bool
-pg_ownercheck(Oid userid,
-             const char *name,
-             int cacheid)
-{
-   HeapTuple   tuple;
-   AclId       owner_id;
-   char       *usename;
-
-   tuple = SearchSysCache(SHADOWSYSID,
-                          ObjectIdGetDatum(userid),
-                          0, 0, 0);
-   if (!HeapTupleIsValid(tuple))
-       elog(ERROR, "pg_ownercheck: invalid user id %u",
-            (unsigned) userid);
-   usename = NameStr(((Form_pg_shadow) GETSTRUCT(tuple))->usename);
-
-   /*
-    * Superusers bypass all permission-checking.
-    */
-   if (((Form_pg_shadow) GETSTRUCT(tuple))->usesuper)
-   {
-#ifdef ACLDEBUG
-       elog(LOG, "pg_ownercheck: user \"%s\" is superuser",
-            usename);
-#endif
-       ReleaseSysCache(tuple);
-       return true;
-   }
-
-   ReleaseSysCache(tuple);
-   /* caution: usename is inaccessible beyond this point... */
-
-   tuple = SearchSysCache(cacheid,
-                          PointerGetDatum(name),
-                          0, 0, 0);
-   switch (cacheid)
-   {
-       case RELNAME:
-           if (!HeapTupleIsValid(tuple))
-               elog(ERROR, "pg_ownercheck: class \"%s\" not found",
-                    name);
-           owner_id = ((Form_pg_class) GETSTRUCT(tuple))->relowner;
-           break;
-       case TYPENAME:
-           if (!HeapTupleIsValid(tuple))
-               elog(ERROR, "pg_ownercheck: type \"%s\" not found",
-                    name);
-           owner_id = ((Form_pg_type) GETSTRUCT(tuple))->typowner;
-           break;
-       default:
-           elog(ERROR, "pg_ownercheck: invalid cache id: %d", cacheid);
-           owner_id = 0;       /* keep compiler quiet */
-           break;
-   }
-
-   ReleaseSysCache(tuple);
-
-   return userid == owner_id;
-}
-
-/*
- * Ownership check for an operator (specified by OID).
- */
-bool
-pg_oper_ownercheck(Oid userid, Oid oprid)
-{
-   HeapTuple   tuple;
-   AclId       owner_id;
-   char       *usename;
-
-   tuple = SearchSysCache(SHADOWSYSID,
-                          ObjectIdGetDatum(userid),
-                          0, 0, 0);
-   if (!HeapTupleIsValid(tuple))
-       elog(ERROR, "pg_oper_ownercheck: invalid user id %u",
-            (unsigned) userid);
-   usename = NameStr(((Form_pg_shadow) GETSTRUCT(tuple))->usename);
-
-   /*
-    * Superusers bypass all permission-checking.
-    */
-   if (((Form_pg_shadow) GETSTRUCT(tuple))->usesuper)
-   {
-#ifdef ACLDEBUG
-       elog(LOG, "pg_ownercheck: user \"%s\" is superuser",
-            usename);
-#endif
-       ReleaseSysCache(tuple);
-       return true;
-   }
-
-   ReleaseSysCache(tuple);
-   /* caution: usename is inaccessible beyond this point... */
-
-   tuple = SearchSysCache(OPEROID,
-                          ObjectIdGetDatum(oprid),
-                          0, 0, 0);
-   if (!HeapTupleIsValid(tuple))
-       elog(ERROR, "pg_ownercheck: operator %u not found",
-            oprid);
-
-   owner_id = ((Form_pg_operator) GETSTRUCT(tuple))->oprowner;
-
-   ReleaseSysCache(tuple);
-
-   return userid == owner_id;
-}
-
-/*
- * Ownership check for a function (specified by name and argument types).
- */
-bool
-pg_func_ownercheck(Oid userid,
-                  char *funcname,
-                  int nargs,
-                  Oid *arglist)
-{
-   HeapTuple   tuple;
-   AclId       owner_id;
-   char       *usename;
-
-   tuple = SearchSysCache(SHADOWSYSID,
-                          ObjectIdGetDatum(userid),
-                          0, 0, 0);
-   if (!HeapTupleIsValid(tuple))
-       elog(ERROR, "pg_func_ownercheck: invalid user id %u",
-            (unsigned) userid);
-   usename = NameStr(((Form_pg_shadow) GETSTRUCT(tuple))->usename);
-
-   /*
-    * Superusers bypass all permission-checking.
-    */
-   if (((Form_pg_shadow) GETSTRUCT(tuple))->usesuper)
-   {
-#ifdef ACLDEBUG
-       elog(LOG, "pg_ownercheck: user \"%s\" is superuser",
-            usename);
-#endif
-       ReleaseSysCache(tuple);
-       return true;
-   }
-
-   ReleaseSysCache(tuple);
-   /* caution: usename is inaccessible beyond this point... */
-
-   tuple = SearchSysCache(PROCNAME,
-                          PointerGetDatum(funcname),
-                          Int32GetDatum(nargs),
-                          PointerGetDatum(arglist),
-                          0);
-   if (!HeapTupleIsValid(tuple))
-       func_error("pg_func_ownercheck", funcname, nargs, arglist, NULL);
-
-   owner_id = ((Form_pg_proc) GETSTRUCT(tuple))->proowner;
-
-   ReleaseSysCache(tuple);
-
-   return userid == owner_id;
-}
-
-/*
- * Ownership check for an aggregate function (specified by name and
- * argument type).
- */
-bool
-pg_aggr_ownercheck(Oid userid,
-                  char *aggname,
-                  Oid basetypeID)
-{
-   HeapTuple   tuple;
-   AclId       owner_id;
-   char       *usename;
-
-   tuple = SearchSysCache(SHADOWSYSID,
-                          PointerGetDatum(userid),
-                          0, 0, 0);
-   if (!HeapTupleIsValid(tuple))
-       elog(ERROR, "pg_aggr_ownercheck: invalid user id %u",
-            (unsigned) userid);
-   usename = NameStr(((Form_pg_shadow) GETSTRUCT(tuple))->usename);
-
-   /*
-    * Superusers bypass all permission-checking.
-    */
-   if (((Form_pg_shadow) GETSTRUCT(tuple))->usesuper)
-   {
-#ifdef ACLDEBUG
-       elog(LOG, "pg_aggr_ownercheck: user \"%s\" is superuser",
-            usename);
-#endif
-       ReleaseSysCache(tuple);
-       return true;
-   }
-
-   ReleaseSysCache(tuple);
-   /* caution: usename is inaccessible beyond this point... */
-
-   tuple = SearchSysCache(AGGNAME,
-                          PointerGetDatum(aggname),
-                          ObjectIdGetDatum(basetypeID),
-                          0, 0);
-   if (!HeapTupleIsValid(tuple))
-       agg_error("pg_aggr_ownercheck", aggname, basetypeID);
-
-   owner_id = ((Form_pg_aggregate) GETSTRUCT(tuple))->aggowner;
-
-   ReleaseSysCache(tuple);
-
-   return userid == owner_id;
-}
-
-
-
 /*
  * Exported routine for checking a user's access privileges to a function
  *
@@ -1093,22 +876,12 @@ pg_proc_aclcheck(Oid proc_oid, Oid userid)
    bool        isNull;
    Acl        *acl;
 
+   /* Superusers bypass all permission checking. */
    if (superuser_arg(userid))
        return ACLCHECK_OK;
 
    /*
-    * Validate userid
-    */
-   tuple = SearchSysCache(SHADOWSYSID,
-                          ObjectIdGetDatum(userid),
-                          0, 0, 0);
-   if (!HeapTupleIsValid(tuple))
-       elog(ERROR, "pg_proc_aclcheck: invalid user id %u",
-            (unsigned) userid);
-   ReleaseSysCache(tuple);
-
-   /*
-    * Normal case: get the function's ACL from pg_proc
+    * Get the function's ACL from pg_proc
     */
    tuple = SearchSysCache(PROCOID,
                           ObjectIdGetDatum(proc_oid),
@@ -1148,8 +921,6 @@ pg_proc_aclcheck(Oid proc_oid, Oid userid)
    return result;
 }
 
-
-
 /*
  * Exported routine for checking a user's access privileges to a language
  *
@@ -1164,22 +935,12 @@ pg_language_aclcheck(Oid lang_oid, Oid userid)
    bool        isNull;
    Acl        *acl;
 
+   /* Superusers bypass all permission checking. */
    if (superuser_arg(userid))
        return ACLCHECK_OK;
 
    /*
-    * Validate userid
-    */
-   tuple = SearchSysCache(SHADOWSYSID,
-                          ObjectIdGetDatum(userid),
-                          0, 0, 0);
-   if (!HeapTupleIsValid(tuple))
-       elog(ERROR, "pg_language_aclcheck: invalid user id %u",
-            (unsigned) userid);
-   ReleaseSysCache(tuple);
-
-   /*
-    * Normal case: get the function's ACL from pg_language
+    * Get the function's ACL from pg_language
     */
    tuple = SearchSysCache(LANGOID,
                           ObjectIdGetDatum(lang_oid),
@@ -1215,3 +976,134 @@ pg_language_aclcheck(Oid lang_oid, Oid userid)
 
    return result;
 }
+
+
+/*
+ * Ownership check for a relation (specified by OID).
+ */
+bool
+pg_class_ownercheck(Oid class_oid, Oid userid)
+{
+   HeapTuple   tuple;
+   AclId       owner_id;
+
+   /* Superusers bypass all permission checking. */
+   if (superuser_arg(userid))
+       return true;
+
+   tuple = SearchSysCache(RELOID,
+                          ObjectIdGetDatum(class_oid),
+                          0, 0, 0);
+   if (!HeapTupleIsValid(tuple))
+       elog(ERROR, "pg_class_ownercheck: relation %u not found", class_oid);
+
+   owner_id = ((Form_pg_class) GETSTRUCT(tuple))->relowner;
+
+   ReleaseSysCache(tuple);
+
+   return userid == owner_id;
+}
+
+/*
+ * Ownership check for a type (specified by OID).
+ */
+bool
+pg_type_ownercheck(Oid type_oid, Oid userid)
+{
+   HeapTuple   tuple;
+   AclId       owner_id;
+
+   /* Superusers bypass all permission checking. */
+   if (superuser_arg(userid))
+       return true;
+
+   tuple = SearchSysCache(TYPEOID,
+                          ObjectIdGetDatum(type_oid),
+                          0, 0, 0);
+   if (!HeapTupleIsValid(tuple))
+       elog(ERROR, "pg_type_ownercheck: type %u not found", type_oid);
+
+   owner_id = ((Form_pg_type) GETSTRUCT(tuple))->typowner;
+
+   ReleaseSysCache(tuple);
+
+   return userid == owner_id;
+}
+
+/*
+ * Ownership check for an operator (specified by OID).
+ */
+bool
+pg_oper_ownercheck(Oid oper_oid, Oid userid)
+{
+   HeapTuple   tuple;
+   AclId       owner_id;
+
+   /* Superusers bypass all permission checking. */
+   if (superuser_arg(userid))
+       return true;
+
+   tuple = SearchSysCache(OPEROID,
+                          ObjectIdGetDatum(oper_oid),
+                          0, 0, 0);
+   if (!HeapTupleIsValid(tuple))
+       elog(ERROR, "pg_oper_ownercheck: operator %u not found", oper_oid);
+
+   owner_id = ((Form_pg_operator) GETSTRUCT(tuple))->oprowner;
+
+   ReleaseSysCache(tuple);
+
+   return userid == owner_id;
+}
+
+/*
+ * Ownership check for a function (specified by OID).
+ */
+bool
+pg_proc_ownercheck(Oid proc_oid, Oid userid)
+{
+   HeapTuple   tuple;
+   AclId       owner_id;
+
+   /* Superusers bypass all permission checking. */
+   if (superuser_arg(userid))
+       return true;
+
+   tuple = SearchSysCache(PROCOID,
+                          ObjectIdGetDatum(proc_oid),
+                          0, 0, 0);
+   if (!HeapTupleIsValid(tuple))
+       elog(ERROR, "pg_proc_ownercheck: function %u not found", proc_oid);
+
+   owner_id = ((Form_pg_proc) GETSTRUCT(tuple))->proowner;
+
+   ReleaseSysCache(tuple);
+
+   return userid == owner_id;
+}
+
+/*
+ * Ownership check for an aggregate function (specified by OID).
+ */
+bool
+pg_aggr_ownercheck(Oid aggr_oid, Oid userid)
+{
+   HeapTuple   tuple;
+   AclId       owner_id;
+
+   /* Superusers bypass all permission checking. */
+   if (superuser_arg(userid))
+       return true;
+
+   tuple = SearchSysCache(AGGOID,
+                          ObjectIdGetDatum(aggr_oid),
+                          0, 0, 0);
+   if (!HeapTupleIsValid(tuple))
+       elog(ERROR, "pg_aggr_ownercheck: aggregate %u not found", aggr_oid);
+
+   owner_id = ((Form_pg_aggregate) GETSTRUCT(tuple))->aggowner;
+
+   ReleaseSysCache(tuple);
+
+   return userid == owner_id;
+}

diff --git a/src/backend/commands/analyze.c b/src/backend/commands/analyze.c
index d033fa950542c2f7959a7504a1e42246f58a36d3..df9735089aab470a10a334753db3e7d12649c586 100644 (file)
--- a/src/backend/commands/analyze.c
+++ b/src/backend/commands/analyze.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/commands/analyze.c,v 1.28 2002/03/06 06:09:28 momjian Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/commands/analyze.c,v 1.29 2002/03/21 23:27:20 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -200,8 +200,7 @@ analyze_rel(Oid relid, VacuumStmt *vacstmt)
     */
    onerel = heap_open(relid, AccessShareLock);
 
-   if (!(pg_ownercheck(GetUserId(), RelationGetRelationName(onerel),
-                       RELNAME) ||
+   if (!(pg_class_ownercheck(RelationGetRelid(onerel), GetUserId()) ||
          (is_dbadmin(MyDatabaseId) && !onerel->rd_rel->relisshared)))
    {
        /* No need for a WARNING if we already complained during VACUUM */

diff --git a/src/backend/commands/command.c b/src/backend/commands/command.c
index 5821e1d10366acc1ca49b77e12ea0abe1dc1ed5f..31df6cabd77ccbedabe39c3665cd0a11d3ccd3b3 100644 (file)
--- a/src/backend/commands/command.c
+++ b/src/backend/commands/command.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.162 2002/03/21 16:00:31 tgl Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.163 2002/03/21 23:27:20 tgl Exp $
  *
  * NOTES
  *   The PerformAddAttribute() code, like most of the relation
@@ -327,6 +327,17 @@ AlterTableAddColumn(const char *relationName,
    char       *typename;
    int         attndims;
 
+   /*
+    * Grab an exclusive lock on the target table, which we will NOT
+    * release until end of transaction.
+    */
+   rel = heap_openr(relationName, AccessExclusiveLock);
+   myrelid = RelationGetRelid(rel);
+
+   if (rel->rd_rel->relkind != RELKIND_RELATION)
+       elog(ERROR, "ALTER TABLE: relation \"%s\" is not a table",
+            relationName);
+
    /*
     * permissions checking.  this would normally be done in utility.c,
     * but this particular routine is recursive.
@@ -336,20 +347,9 @@ AlterTableAddColumn(const char *relationName,
    if (!allowSystemTableMods && IsSystemRelationName(relationName))
        elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
             relationName);
-   if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
+   if (!pg_class_ownercheck(myrelid, GetUserId()))
        elog(ERROR, "ALTER TABLE: permission denied");
 
-   /*
-    * Grab an exclusive lock on the target table, which we will NOT
-    * release until end of transaction.
-    */
-   rel = heap_openr(relationName, AccessExclusiveLock);
-
-   if (rel->rd_rel->relkind != RELKIND_RELATION)
-       elog(ERROR, "ALTER TABLE: relation \"%s\" is not a table",
-            relationName);
-
-   myrelid = RelationGetRelid(rel);
    heap_close(rel, NoLock);    /* close rel but keep lock! */
 
    /*
@@ -556,21 +556,19 @@ AlterTableAlterColumnDefault(const char *relationName,
    int16       attnum;
    Oid         myrelid;
 
-   if (!allowSystemTableMods && IsSystemRelationName(relationName))
-       elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
-            relationName);
-#ifndef NO_SECURITY
-   if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
-       elog(ERROR, "ALTER TABLE: permission denied");
-#endif
-
    rel = heap_openr(relationName, AccessExclusiveLock);
+   myrelid = RelationGetRelid(rel);
 
    if (rel->rd_rel->relkind != RELKIND_RELATION)
        elog(ERROR, "ALTER TABLE: relation \"%s\" is not a table",
             relationName);
 
-   myrelid = RelationGetRelid(rel);
+   if (!allowSystemTableMods && IsSystemRelationName(relationName))
+       elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
+            relationName);
+   if (!pg_class_ownercheck(myrelid, GetUserId()))
+       elog(ERROR, "ALTER TABLE: permission denied");
+
    heap_close(rel, NoLock);
 
    /*
@@ -730,24 +728,21 @@ AlterTableAlterColumnFlags(const char *relationName,
    Relation    attrelation;
    HeapTuple   tuple;
 
-   /* we allow statistics case for system tables */
-
-   if (*flagType =='M' && !allowSystemTableMods && IsSystemRelationName(relationName))
-       elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
-            relationName);
-
-#ifndef NO_SECURITY
-   if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
-       elog(ERROR, "ALTER TABLE: permission denied");
-#endif
-
    rel = heap_openr(relationName, AccessExclusiveLock);
+   myrelid = RelationGetRelid(rel);
 
    if (rel->rd_rel->relkind != RELKIND_RELATION)
        elog(ERROR, "ALTER TABLE: relation \"%s\" is not a table",
             relationName);
 
-   myrelid = RelationGetRelid(rel);
+   /* we allow statistics case for system tables */
+   if (*flagType == 'M' &&
+       !allowSystemTableMods && IsSystemRelationName(relationName))
+       elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
+            relationName);
+   if (!pg_class_ownercheck(myrelid, GetUserId()))
+       elog(ERROR, "ALTER TABLE: permission denied");
+
    heap_close(rel, NoLock);    /* close rel, but keep lock! */
 
 
@@ -1034,6 +1029,17 @@ AlterTableDropColumn(const char *relationName,
    if (inh)
        elog(ERROR, "ALTER TABLE / DROP COLUMN with inherit option is not supported yet");
 
+   /*
+    * Grab an exclusive lock on the target table, which we will NOT
+    * release until end of transaction.
+    */
+   rel = heap_openr(relationName, AccessExclusiveLock);
+   myrelid = RelationGetRelid(rel);
+
+   if (rel->rd_rel->relkind != RELKIND_RELATION)
+       elog(ERROR, "ALTER TABLE: relation \"%s\" is not a table",
+            relationName);
+
    /*
     * permissions checking.  this would normally be done in utility.c,
     * but this particular routine is recursive.
@@ -1043,22 +1049,9 @@ AlterTableDropColumn(const char *relationName,
    if (!allowSystemTableMods && IsSystemRelationName(relationName))
        elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
             relationName);
-#ifndef NO_SECURITY
-   if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
+   if (!pg_class_ownercheck(myrelid, GetUserId()))
        elog(ERROR, "ALTER TABLE: permission denied");
-#endif
-
-   /*
-    * Grab an exclusive lock on the target table, which we will NOT
-    * release until end of transaction.
-    */
-   rel = heap_openr(relationName, AccessExclusiveLock);
-
-   if (rel->rd_rel->relkind != RELKIND_RELATION)
-       elog(ERROR, "ALTER TABLE: relation \"%s\" is not a table",
-            relationName);
 
-   myrelid = RelationGetRelid(rel);
    heap_close(rel, NoLock);    /* close rel but keep lock! */
 
    /*
@@ -1180,25 +1173,22 @@ AlterTableAddConstraint(char *relationName,
    Oid         myrelid;
    List       *listptr;
 
-   if (!allowSystemTableMods && IsSystemRelationName(relationName))
-       elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
-            relationName);
-#ifndef NO_SECURITY
-   if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
-       elog(ERROR, "ALTER TABLE: permission denied");
-#endif
-
    /*
     * Grab an exclusive lock on the target table, which we will NOT
     * release until end of transaction.
     */
    rel = heap_openr(relationName, AccessExclusiveLock);
+   myrelid = RelationGetRelid(rel);
 
    if (rel->rd_rel->relkind != RELKIND_RELATION)
        elog(ERROR, "ALTER TABLE: relation \"%s\" is not a table",
             relationName);
 
-   myrelid = RelationGetRelid(rel);
+   if (!allowSystemTableMods && IsSystemRelationName(relationName))
+       elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
+            relationName);
+   if (!pg_class_ownercheck(myrelid, GetUserId()))
+       elog(ERROR, "ALTER TABLE: permission denied");
 
    if (inh)
    {
@@ -1496,16 +1486,9 @@ AlterTableDropConstraint(const char *relationName,
                         int behavior)
 {
    Relation    rel;
+   Oid         myrelid;
    int         deleted;
 
-   if (!allowSystemTableMods && IsSystemRelationName(relationName))
-       elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
-            relationName);
-#ifndef NO_SECURITY
-   if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
-       elog(ERROR, "ALTER TABLE: permission denied");
-#endif
-
    /*
     * We don't support CASCADE yet  - in fact, RESTRICT doesn't work to
     * the spec either!
@@ -1517,14 +1500,20 @@ AlterTableDropConstraint(const char *relationName,
     * Acquire an exclusive lock on the target relation for the duration
     * of the operation.
     */
-
    rel = heap_openr(relationName, AccessExclusiveLock);
+   myrelid = RelationGetRelid(rel);
 
    /* Disallow DROP CONSTRAINT on views, indexes, sequences, etc */
    if (rel->rd_rel->relkind != RELKIND_RELATION)
        elog(ERROR, "ALTER TABLE: relation \"%s\" is not a table",
             relationName);
 
+   if (!allowSystemTableMods && IsSystemRelationName(relationName))
+       elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
+            relationName);
+   if (!pg_class_ownercheck(myrelid, GetUserId()))
+       elog(ERROR, "ALTER TABLE: permission denied");
+
    /*
     * Since all we have is the name of the constraint, we have to look
     * through all catalogs that could possibly contain a constraint for
@@ -1692,25 +1681,19 @@ AlterTableCreateToastTable(const char *relationName, bool silent)
    IndexInfo  *indexInfo;
    Oid         classObjectId[2];
 
-   /*
-    * permissions checking.  XXX exactly what is appropriate here?
-    */
-#ifndef NO_SECURITY
-   if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
-       elog(ERROR, "ALTER TABLE: permission denied");
-#endif
-
    /*
     * Grab an exclusive lock on the target table, which we will NOT
     * release until end of transaction.
     */
    rel = heap_openr(relationName, AccessExclusiveLock);
+   myrelid = RelationGetRelid(rel);
 
    if (rel->rd_rel->relkind != RELKIND_RELATION)
        elog(ERROR, "ALTER TABLE: relation \"%s\" is not a table",
             relationName);
 
-   myrelid = RelationGetRelid(rel);
+   if (!pg_class_ownercheck(myrelid, GetUserId()))
+       elog(ERROR, "ALTER TABLE: permission denied");
 
    /*
     * lock the pg_class tuple for update (is that really needed?)
@@ -1940,20 +1923,32 @@ LockTableCommand(LockStmt *lockstmt)
    {
        RangeVar   *relation = lfirst(p);
        char       *relname = relation->relname;
+       Oid         reloid;
        int         aclresult;
        Relation    rel;
 
+       /*
+        * We don't want to open the relation until we've checked privilege.
+        * So, manually get the relation OID.
+        */
+       reloid = GetSysCacheOid(RELNAME,
+                               PointerGetDatum(relname),
+                               0, 0, 0);
+       if (!OidIsValid(reloid))
+           elog(ERROR, "LOCK TABLE: relation \"%s\" does not exist",
+                relname);
+
        if (lockstmt->mode == AccessShareLock)
-           aclresult = pg_aclcheck(relname, GetUserId(),
-                                   ACL_SELECT);
+           aclresult = pg_class_aclcheck(reloid, GetUserId(),
+                                         ACL_SELECT);
        else
-           aclresult = pg_aclcheck(relname, GetUserId(),
-                                   ACL_UPDATE | ACL_DELETE);
+           aclresult = pg_class_aclcheck(reloid, GetUserId(),
+                                         ACL_UPDATE | ACL_DELETE);
 
        if (aclresult != ACLCHECK_OK)
            elog(ERROR, "LOCK TABLE: permission denied");
 
-       rel = relation_openr(relname, lockstmt->mode);
+       rel = relation_open(reloid, lockstmt->mode);
 
        /* Currently, we only allow plain tables to be locked */
        if (rel->rd_rel->relkind != RELKIND_RELATION)

diff --git a/src/backend/commands/comment.c b/src/backend/commands/comment.c
index baeff0c172d240032826b5b81f269a74ad59b8c4..4ad49581629c3acc67151959959323192a62ad81 100644 (file)
--- a/src/backend/commands/comment.c
+++ b/src/backend/commands/comment.c
@@ -7,7 +7,7 @@
  * Copyright (c) 1999-2001, PostgreSQL Global Development Group
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/commands/comment.c,v 1.35 2001/11/02 16:30:29 tgl Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/commands/comment.c,v 1.36 2002/03/21 23:27:20 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -21,6 +21,7 @@
 #include "catalog/pg_database.h"
 #include "catalog/pg_description.h"
 #include "catalog/pg_operator.h"
+#include "catalog/pg_rewrite.h"
 #include "catalog/pg_trigger.h"
 #include "catalog/pg_type.h"
 #include "commands/comment.h"
@@ -326,11 +327,6 @@ CommentRelation(int reltype, char *relname, char *comment)
 {
    Relation    relation;
 
-   /* First, check object security */
-
-   if (!pg_ownercheck(GetUserId(), relname, RELNAME))
-       elog(ERROR, "you are not permitted to comment on class '%s'", relname);
-
    /*
     * Open the relation.  We do this mainly to acquire a lock that
     * ensures no one else drops the relation before we commit.  (If they
@@ -339,6 +335,10 @@ CommentRelation(int reltype, char *relname, char *comment)
     */
    relation = relation_openr(relname, AccessShareLock);
 
+   /* Check object security */
+   if (!pg_class_ownercheck(RelationGetRelid(relation), GetUserId()))
+       elog(ERROR, "you are not permitted to comment on class '%s'", relname);
+
    /* Next, verify that the relation type matches the intent */
 
    switch (reltype)
@@ -387,15 +387,15 @@ CommentAttribute(char *relname, char *attrname, char *comment)
    Relation    relation;
    AttrNumber  attnum;
 
-   /* First, check object security */
-
-   if (!pg_ownercheck(GetUserId(), relname, RELNAME))
-       elog(ERROR, "you are not permitted to comment on class '%s'", relname);
-
    /* Open the containing relation to ensure it won't go away meanwhile */
 
    relation = heap_openr(relname, AccessShareLock);
 
+   /* Check object security */
+
+   if (!pg_class_ownercheck(RelationGetRelid(relation), GetUserId()))
+       elog(ERROR, "you are not permitted to comment on class '%s'", relname);
+
    /* Now, fetch the attribute number from the system cache */
 
    attnum = get_attnum(RelationGetRelid(relation), attrname);
@@ -476,27 +476,32 @@ CommentDatabase(char *database, char *comment)
 static void
 CommentRewrite(char *rule, char *comment)
 {
-   Oid         oid;
+   HeapTuple   tuple;
+   Oid         reloid;
+   Oid         ruleoid;
    Oid         classoid;
-   char       *relation;
-   int         aclcheck;
+   int32       aclcheck;
+
+   /* Find the rule's pg_rewrite tuple, get its OID and its table's OID */
+
+   tuple = SearchSysCache(RULENAME,
+                          PointerGetDatum(rule),
+                          0, 0, 0);
+   if (!HeapTupleIsValid(tuple))
+       elog(ERROR, "rule '%s' does not exist", rule);
+
+   reloid = ((Form_pg_rewrite) GETSTRUCT(tuple))->ev_class;
+   ruleoid = tuple->t_data->t_oid;
 
-   /* First, validate user */
+   ReleaseSysCache(tuple);
 
-   relation = RewriteGetRuleEventRel(rule);
-   aclcheck = pg_aclcheck(relation, GetUserId(), ACL_RULE);
+   /* Check object security */
+
+   aclcheck = pg_class_aclcheck(reloid, GetUserId(), ACL_RULE);
    if (aclcheck != ACLCHECK_OK)
        elog(ERROR, "you are not permitted to comment on rule '%s'",
             rule);
 
-   /* Next, find the rule's oid */
-
-   oid = GetSysCacheOid(RULENAME,
-                        PointerGetDatum(rule),
-                        0, 0, 0);
-   if (!OidIsValid(oid))
-       elog(ERROR, "rule '%s' does not exist", rule);
-
    /* pg_rewrite doesn't have a hard-coded OID, so must look it up */
 
    classoid = GetSysCacheOid(RELNAME,
@@ -506,7 +511,7 @@ CommentRewrite(char *rule, char *comment)
 
    /* Call CreateComments() to create/drop the comments */
 
-   CreateComments(oid, classoid, 0, comment);
+   CreateComments(ruleoid, classoid, 0, comment);
 }
 
 /*------------------------------------------------------------------
@@ -525,13 +530,7 @@ CommentType(char *type, char *comment)
 {
    Oid         oid;
 
-   /* First, validate user */
-
-   if (!pg_ownercheck(GetUserId(), type, TYPENAME))
-       elog(ERROR, "you are not permitted to comment on type '%s'",
-            type);
-
-   /* Next, find the type's oid */
+   /* Find the type's oid */
 
    oid = GetSysCacheOid(TYPENAME,
                         PointerGetDatum(type),
@@ -539,6 +538,12 @@ CommentType(char *type, char *comment)
    if (!OidIsValid(oid))
        elog(ERROR, "type '%s' does not exist", type);
 
+   /* Check object security */
+
+   if (!pg_type_ownercheck(oid, GetUserId()))
+       elog(ERROR, "you are not permitted to comment on type '%s'",
+            type);
+
    /* Call CreateComments() to create/drop the comments */
 
    CreateComments(oid, RelOid_pg_type, 0, comment);
@@ -576,9 +581,18 @@ CommentAggregate(char *aggregate, List *arguments, char *comment)
    else
        baseoid = InvalidOid;
 
+   /* Now, attempt to find the actual tuple in pg_aggregate */
+
+   oid = GetSysCacheOid(AGGNAME,
+                        PointerGetDatum(aggregate),
+                        ObjectIdGetDatum(baseoid),
+                        0, 0);
+   if (!OidIsValid(oid))
+       agg_error("CommentAggregate", aggregate, baseoid);
+
    /* Next, validate the user's attempt to comment */
 
-   if (!pg_aggr_ownercheck(GetUserId(), aggregate, baseoid))
+   if (!pg_aggr_ownercheck(oid, GetUserId()))
    {
        if (baseoid == InvalidOid)
            elog(ERROR, "you are not permitted to comment on aggregate '%s' for all types",
@@ -588,15 +602,6 @@ CommentAggregate(char *aggregate, List *arguments, char *comment)
                 aggregate, format_type_be(baseoid));
    }
 
-   /* Now, attempt to find the actual tuple in pg_aggregate */
-
-   oid = GetSysCacheOid(AGGNAME,
-                        PointerGetDatum(aggregate),
-                        ObjectIdGetDatum(baseoid),
-                        0, 0);
-   if (!OidIsValid(oid))
-       agg_error("CommentAggregate", aggregate, baseoid);
-
    /* pg_aggregate doesn't have a hard-coded OID, so must look it up */
 
    classoid = GetSysCacheOid(RELNAME,
@@ -654,12 +659,6 @@ CommentProc(char *function, List *arguments, char *comment)
        }
    }
 
-   /* Now, validate the user's ability to comment on this function */
-
-   if (!pg_func_ownercheck(GetUserId(), function, argcount, argoids))
-       elog(ERROR, "you are not permitted to comment on function '%s'",
-            function);
-
    /* Now, find the corresponding oid for this procedure */
 
    oid = GetSysCacheOid(PROCNAME,
@@ -670,6 +669,12 @@ CommentProc(char *function, List *arguments, char *comment)
    if (!OidIsValid(oid))
        func_error("CommentProc", function, argcount, argoids, NULL);
 
+   /* Now, validate the user's ability to comment on this function */
+
+   if (!pg_proc_ownercheck(oid, GetUserId()))
+       elog(ERROR, "you are not permitted to comment on function '%s'",
+            function);
+
    /* Call CreateComments() to create/drop the comments */
 
    CreateComments(oid, RelOid_pg_proc, 0, comment);
@@ -757,7 +762,7 @@ CommentOperator(char *opername, List *arguments, char *comment)
 
    /* Valid user's ability to comment on this operator */
 
-   if (!pg_oper_ownercheck(GetUserId(), oid))
+   if (!pg_oper_ownercheck(oid, GetUserId()))
        elog(ERROR, "you are not permitted to comment on operator '%s'",
             opername);
 
@@ -798,13 +803,14 @@ CommentTrigger(char *trigger, char *relname, char *comment)
 
    /* First, validate the user's action */
 
-   if (!pg_ownercheck(GetUserId(), relname, RELNAME))
+   relation = heap_openr(relname, AccessShareLock);
+
+   if (!pg_class_ownercheck(RelationGetRelid(relation), GetUserId()))
        elog(ERROR, "you are not permitted to comment on trigger '%s' %s '%s'",
             trigger, "defined for relation", relname);
 
-   /* Now, fetch the trigger oid from pg_trigger  */
+   /* Fetch the trigger oid from pg_trigger  */
 
-   relation = heap_openr(relname, AccessShareLock);
    pg_trigger = heap_openr(TriggerRelationName, AccessShareLock);
    ScanKeyEntryInitialize(&entry[0], 0x0, Anum_pg_trigger_tgrelid,
                           F_OIDEQ,

diff --git a/src/backend/commands/copy.c b/src/backend/commands/copy.c
index 541f3d0a484d3ed1de8978d106bb46728801e372..fc4f80468cdd6db2b953c294b8e468fd9af87ddd 100644 (file)
--- a/src/backend/commands/copy.c
+++ b/src/backend/commands/copy.c
@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.150 2002/03/06 06:09:30 momjian Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.151 2002/03/21 23:27:20 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -266,16 +266,20 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
    FILE       *fp;
    Relation    rel;
    const AclMode required_access = (from ? ACL_INSERT : ACL_SELECT);
-   int         result;
+   int32       aclresult;
 
    /*
     * Open and lock the relation, using the appropriate lock type.
     */
    rel = heap_openr(relname, (from ? RowExclusiveLock : AccessShareLock));
 
-   result = pg_aclcheck(relname, GetUserId(), required_access);
-   if (result != ACLCHECK_OK)
-       elog(ERROR, "%s: %s", relname, aclcheck_error_strings[result]);
+   /* Check permissions. */
+   aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
+                                 required_access);
+   if (aclresult != ACLCHECK_OK)
+       elog(ERROR, "%s: %s",
+            RelationGetRelationName(rel),
+            aclcheck_error_strings[aclresult]);
    if (!pipe && !superuser())
        elog(ERROR, "You must have Postgres superuser privilege to do a COPY "
             "directly to or from a file.  Anyone can COPY to stdout or "

diff --git a/src/backend/commands/creatinh.c b/src/backend/commands/creatinh.c
index 04854a2afa1a481bb933d1564e6d4e4e36eca0d8..91f5d14a37a591f0f1c26866dbd5acd4fb93e15b 100644 (file)
--- a/src/backend/commands/creatinh.c
+++ b/src/backend/commands/creatinh.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/commands/Attic/creatinh.c,v 1.89 2002/03/21 16:00:31 tgl Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/commands/Attic/creatinh.c,v 1.90 2002/03/21 23:27:20 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -247,13 +247,6 @@ TruncateRelation(const char *relname)
 
    AssertArg(relname);
 
-   if (!allowSystemTableMods && IsSystemRelationName(relname))
-       elog(ERROR, "TRUNCATE cannot be used on system tables. '%s' is a system table",
-            relname);
-
-   if (!pg_ownercheck(GetUserId(), relname, RELNAME))
-       elog(ERROR, "you do not own relation \"%s\"", relname);
-
    /* Grab exclusive lock in preparation for truncate */
    rel = heap_openr(relname, AccessExclusiveLock);
 
@@ -265,6 +258,13 @@ TruncateRelation(const char *relname)
        elog(ERROR, "TRUNCATE cannot be used on views. '%s' is a view",
             relname);
 
+   if (!allowSystemTableMods && IsSystemRelationName(relname))
+       elog(ERROR, "TRUNCATE cannot be used on system tables. '%s' is a system table",
+            relname);
+
+   if (!pg_class_ownercheck(RelationGetRelid(rel), GetUserId()))
+       elog(ERROR, "you do not own relation \"%s\"", relname);
+
    /* Keep the lock until transaction commit */
    heap_close(rel, NoLock);
 
@@ -458,7 +458,7 @@ MergeAttributes(List *schema, List *supers, bool istemp,
         * We should have an UNDER permission flag for this, but for now,
         * demand that creator of a child table own the parent.
         */
-       if (!pg_ownercheck(GetUserId(), name, RELNAME))
+       if (!pg_class_ownercheck(RelationGetRelid(relation), GetUserId()))
            elog(ERROR, "you do not own table \"%s\"", name);
 
        parentOids = lappendi(parentOids, relation->rd_id);

diff --git a/src/backend/commands/remove.c b/src/backend/commands/remove.c
index 99b243ed4fdf9f2cfe8266ff5fd6f73c5d72f095..0dbadd95779e1b8257ca7eeebee26fcc226537ef 100644 (file)
--- a/src/backend/commands/remove.c
+++ b/src/backend/commands/remove.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/commands/Attic/remove.c,v 1.70 2002/03/20 19:43:49 tgl Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/commands/Attic/remove.c,v 1.71 2002/03/21 23:27:21 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -84,7 +84,7 @@ RemoveOperator(char *operatorName,        /* operator name */
 
    if (HeapTupleIsValid(tup))
    {
-       if (!pg_oper_ownercheck(GetUserId(), tup->t_data->t_oid))
+       if (!pg_oper_ownercheck(tup->t_data->t_oid, GetUserId()))
            elog(ERROR, "RemoveOperator: operator '%s': permission denied",
                 operatorName);
 
@@ -92,7 +92,6 @@ RemoveOperator(char *operatorName,        /* operator name */
        DeleteComments(tup->t_data->t_oid, RelationGetRelid(relation));
 
        simple_heap_delete(relation, &tup->t_self);
-
    }
    else
    {
@@ -242,10 +241,6 @@ RemoveType(char *typeName)     /* type name to be removed */
    HeapTuple   tup;
    char       *shadow_type;
 
-   if (!pg_ownercheck(GetUserId(), typeName, TYPENAME))
-       elog(ERROR, "RemoveType: type '%s': permission denied",
-            typeName);
-
    relation = heap_openr(TypeRelationName, RowExclusiveLock);
 
    tup = SearchSysCache(TYPENAME,
@@ -254,6 +249,10 @@ RemoveType(char *typeName)     /* type name to be removed */
    if (!HeapTupleIsValid(tup))
        elog(ERROR, "RemoveType: type '%s' does not exist", typeName);
 
+   if (!pg_type_ownercheck(tup->t_data->t_oid, GetUserId()))
+       elog(ERROR, "RemoveType: type '%s': permission denied",
+            typeName);
+
    /* Delete any comments associated with this type */
    DeleteComments(tup->t_data->t_oid, RelationGetRelid(relation));
 
@@ -288,10 +287,9 @@ RemoveDomain(char *domainName, int behavior)
    HeapTuple   tup;
    char        typtype;
 
-   /* Domains are stored as types.  Check for permissions on the type */
-   if (!pg_ownercheck(GetUserId(), domainName, TYPENAME))
-       elog(ERROR, "RemoveDomain: type '%s': permission denied",
-            domainName);
+   /* CASCADE unsupported */
+   if (behavior == CASCADE)
+       elog(ERROR, "DROP DOMAIN does not support the CASCADE keyword");
 
    relation = heap_openr(TypeRelationName, RowExclusiveLock);
 
@@ -301,17 +299,16 @@ RemoveDomain(char *domainName, int behavior)
    if (!HeapTupleIsValid(tup))
        elog(ERROR, "RemoveType: type '%s' does not exist", domainName);
 
+   if (!pg_type_ownercheck(tup->t_data->t_oid, GetUserId()))
+       elog(ERROR, "RemoveDomain: type '%s': permission denied",
+            domainName);
+
    /* Check that this is actually a domain */
    typtype = ((Form_pg_type) GETSTRUCT(tup))->typtype;
 
    if (typtype != 'd')
        elog(ERROR, "%s is not a domain", domainName);
 
-   /* CASCADE unsupported */
-   if (behavior == CASCADE) {
-       elog(ERROR, "DROP DOMAIN does not support the CASCADE keyword");
-   }
-
    /* Delete any comments associated with this type */
    DeleteComments(tup->t_data->t_oid, RelationGetRelid(relation));
 
@@ -364,12 +361,6 @@ RemoveFunction(char *functionName,     /* function name to be removed */
        }
    }
 
-   if (!pg_func_ownercheck(GetUserId(), functionName, nargs, argList))
-   {
-       elog(ERROR, "RemoveFunction: function '%s': permission denied",
-            functionName);
-   }
-
    relation = heap_openr(ProcedureRelationName, RowExclusiveLock);
 
    tup = SearchSysCache(PROCNAME,
@@ -381,6 +372,10 @@ RemoveFunction(char *functionName,     /* function name to be removed */
    if (!HeapTupleIsValid(tup))
        func_error("RemoveFunction", functionName, nargs, argList, NULL);
 
+   if (!pg_proc_ownercheck(tup->t_data->t_oid, GetUserId()))
+       elog(ERROR, "RemoveFunction: function '%s': permission denied",
+            functionName);
+
    if (((Form_pg_proc) GETSTRUCT(tup))->prolang == INTERNALlanguageId)
    {
        /* "Helpful" WARNING when removing a builtin function ... */
@@ -423,16 +418,6 @@ RemoveAggregate(char *aggName, char *aggType)
    else
        basetypeID = InvalidOid;
 
-   if (!pg_aggr_ownercheck(GetUserId(), aggName, basetypeID))
-   {
-       if (basetypeID == InvalidOid)
-           elog(ERROR, "RemoveAggregate: aggregate '%s' for all types: permission denied",
-                aggName);
-       else
-           elog(ERROR, "RemoveAggregate: aggregate '%s' for type %s: permission denied",
-                aggName, format_type_be(basetypeID));
-   }
-
    relation = heap_openr(AggregateRelationName, RowExclusiveLock);
 
    tup = SearchSysCache(AGGNAME,
@@ -443,6 +428,16 @@ RemoveAggregate(char *aggName, char *aggType)
    if (!HeapTupleIsValid(tup))
        agg_error("RemoveAggregate", aggName, basetypeID);
 
+   if (!pg_aggr_ownercheck(tup->t_data->t_oid, GetUserId()))
+   {
+       if (basetypeID == InvalidOid)
+           elog(ERROR, "RemoveAggregate: aggregate '%s' for all types: permission denied",
+                aggName);
+       else
+           elog(ERROR, "RemoveAggregate: aggregate '%s' for type %s: permission denied",
+                aggName, format_type_be(basetypeID));
+   }
+
    /* Remove any comments related to this aggregate */
    DeleteComments(tup->t_data->t_oid, RelationGetRelid(relation));
 

diff --git a/src/backend/commands/rename.c b/src/backend/commands/rename.c
index 308808c220232d308a32858c2d6e0f49463af3c0..0ce475303a7c0092c378fbe1339833106d814bf1 100644 (file)
--- a/src/backend/commands/rename.c
+++ b/src/backend/commands/rename.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/commands/Attic/rename.c,v 1.63 2001/11/12 01:34:50 momjian Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/commands/Attic/rename.c,v 1.64 2002/03/21 23:27:21 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -81,6 +81,13 @@ renameatt(char *relname,
    List       *indexoidlist;
    List       *indexoidscan;
 
+   /*
+    * Grab an exclusive lock on the target table, which we will NOT
+    * release until end of transaction.
+    */
+   targetrelation = heap_openr(relname, AccessExclusiveLock);
+   relid = RelationGetRelid(targetrelation);
+
    /*
     * permissions checking.  this would normally be done in utility.c,
     * but this particular routine is recursive.
@@ -90,18 +97,10 @@ renameatt(char *relname,
    if (!allowSystemTableMods && IsSystemRelationName(relname))
        elog(ERROR, "renameatt: class \"%s\" is a system catalog",
             relname);
-   if (!IsBootstrapProcessingMode() &&
-       !pg_ownercheck(GetUserId(), relname, RELNAME))
+   if (!pg_class_ownercheck(relid, GetUserId()))
        elog(ERROR, "renameatt: you do not own class \"%s\"",
             relname);
 
-   /*
-    * Grab an exclusive lock on the target table, which we will NOT
-    * release until end of transaction.
-    */
-   targetrelation = heap_openr(relname, AccessExclusiveLock);
-   relid = RelationGetRelid(targetrelation);
-
    /*
     * if the 'recurse' flag is set then we are supposed to rename this
     * attribute in all classes that inherit from 'relname' (as well as in

diff --git a/src/backend/commands/sequence.c b/src/backend/commands/sequence.c
index e9df6392bc083591565d106dd0f4c4f70f80adb4..5bcf4f8232794d1484168480f32bf7a0500084f0 100644 (file)
--- a/src/backend/commands/sequence.c
+++ b/src/backend/commands/sequence.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/commands/sequence.c,v 1.72 2002/03/21 16:00:33 tgl Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/commands/sequence.c,v 1.73 2002/03/21 23:27:21 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -299,13 +299,13 @@ nextval(PG_FUNCTION_ARGS)
                rescnt = 0;
    bool        logit = false;
 
-   if (pg_aclcheck(seqname, GetUserId(), ACL_UPDATE) != ACLCHECK_OK)
-       elog(ERROR, "%s.nextval: you don't have permissions to set sequence %s",
-            seqname, seqname);
-
    /* open and AccessShareLock sequence */
    elm = init_sequence("nextval", seqname);
 
+   if (pg_class_aclcheck(elm->relid, GetUserId(), ACL_UPDATE) != ACLCHECK_OK)
+       elog(ERROR, "%s.nextval: you don't have permissions to set sequence %s",
+            seqname, seqname);
+
    pfree(seqname);
 
    if (elm->last != elm->cached)       /* some numbers were cached */
@@ -466,13 +466,13 @@ currval(PG_FUNCTION_ARGS)
    SeqTable    elm;
    int64       result;
 
-   if (pg_aclcheck(seqname, GetUserId(), ACL_SELECT) != ACLCHECK_OK)
-       elog(ERROR, "%s.currval: you don't have permissions to read sequence %s",
-            seqname, seqname);
-
    /* open and AccessShareLock sequence */
    elm = init_sequence("currval", seqname);
 
+   if (pg_class_aclcheck(elm->relid, GetUserId(), ACL_SELECT) != ACLCHECK_OK)
+       elog(ERROR, "%s.currval: you don't have permissions to read sequence %s",
+            seqname, seqname);
+
    if (elm->increment == 0)    /* nextval/read_info were not called */
        elog(ERROR, "%s.currval is not yet defined in this session",
             seqname);
@@ -504,14 +504,15 @@ do_setval(char *seqname, int64 next, bool iscalled)
    Buffer      buf;
    Form_pg_sequence seq;
 
-   if (pg_aclcheck(seqname, GetUserId(), ACL_UPDATE) != ACLCHECK_OK)
+   /* open and AccessShareLock sequence */
+   elm = init_sequence("setval", seqname);
+
+   if (pg_class_aclcheck(elm->relid, GetUserId(), ACL_UPDATE) != ACLCHECK_OK)
        elog(ERROR, "%s.setval: you don't have permissions to set sequence %s",
             seqname, seqname);
 
-   /* open and AccessShareLock sequence */
-   elm = init_sequence("setval", seqname);
-   seq = read_info("setval", elm, &buf);       /* lock page' buffer and
-                                                * read tuple */
+   /* lock page' buffer and read tuple */
+   seq = read_info("setval", elm, &buf);
 
    if ((next < seq->min_value) || (next > seq->max_value))
        elog(ERROR, "%s.setval: value " INT64_FORMAT " is out of bounds (" INT64_FORMAT "," INT64_FORMAT ")",

diff --git a/src/backend/commands/trigger.c b/src/backend/commands/trigger.c
index 5bef86e30610ce1f69a01242c4e5cf8c63f632cc..2fa17612e37616c05a4b90720f49b7874703bd89 100644 (file)
--- a/src/backend/commands/trigger.c
+++ b/src/backend/commands/trigger.c
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1994, Regents of the University of California
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.106 2002/03/21 16:00:34 tgl Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.107 2002/03/21 23:27:22 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -71,12 +71,18 @@ CreateTrigger(CreateTrigStmt *stmt)
    char       *constrname = "";
    Oid         constrrelid = InvalidOid;
 
+   rel = heap_openr(stmt->relation->relname, AccessExclusiveLock);
+
+   if (rel->rd_rel->relkind != RELKIND_RELATION)
+       elog(ERROR, "CreateTrigger: relation \"%s\" is not a table",
+            stmt->relation->relname);
+
    if (!allowSystemTableMods && IsSystemRelationName(stmt->relation->relname))
        elog(ERROR, "CreateTrigger: can't create trigger for system relation %s",
            stmt->relation->relname);
 
-   if (pg_aclcheck(stmt->relation->relname, GetUserId(),
-                   stmt->isconstraint ? ACL_REFERENCES : ACL_TRIGGER)
+   if (pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
+                         stmt->isconstraint ? ACL_REFERENCES : ACL_TRIGGER)
        != ACLCHECK_OK)
        elog(ERROR, "permission denied");
 
@@ -98,18 +104,14 @@ CreateTrigger(CreateTrigStmt *stmt)
             * NoLock is probably sufficient here, since we're only
             * interested in getting the relation's OID...
             */
-           rel = heap_openr(stmt->constrrel->relname, NoLock);
-           constrrelid = rel->rd_id;
-           heap_close(rel, NoLock);
+           Relation    conrel;
+
+           conrel = heap_openr(stmt->constrrel->relname, NoLock);
+           constrrelid = conrel->rd_id;
+           heap_close(conrel, NoLock);
        }
    }
 
-   rel = heap_openr(stmt->relation->relname, AccessExclusiveLock);
-
-   if (rel->rd_rel->relkind != RELKIND_RELATION)
-       elog(ERROR, "CreateTrigger: relation \"%s\" is not a table",
-            stmt->relation->relname);
-
    TRIGGER_CLEAR_TYPE(tgtype);
    if (stmt->before)
        TRIGGER_SETT_BEFORE(tgtype);
@@ -321,20 +323,20 @@ DropTrigger(DropTrigStmt *stmt)
    int         found = 0;
    int         tgfound = 0;
 
+   rel = heap_openr(stmt->relation->relname, AccessExclusiveLock);
+
+   if (rel->rd_rel->relkind != RELKIND_RELATION)
+       elog(ERROR, "DropTrigger: relation \"%s\" is not a table",
+            stmt->relation->relname);
+
    if (!allowSystemTableMods && IsSystemRelationName(stmt->relation->relname))
        elog(ERROR, "DropTrigger: can't drop trigger for system relation %s",
             stmt->relation->relname);
 
-   if (!pg_ownercheck(GetUserId(), stmt->relation->relname, RELNAME))
+   if (!pg_class_ownercheck(RelationGetRelid(rel), GetUserId()))
        elog(ERROR, "%s: %s", stmt->relation->relname,
             aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
 
-   rel = heap_openr(stmt->relation->relname, AccessExclusiveLock);
-
-   if (rel->rd_rel->relkind != RELKIND_RELATION)
-       elog(ERROR, "DropTrigger: relation \"%s\" is not a table",
-            stmt->relation->relname);
-
    /*
     * Search pg_trigger, delete target trigger, count remaining triggers
     * for relation.  Note this is OK only because we have

diff --git a/src/backend/commands/vacuum.c b/src/backend/commands/vacuum.c
index 836091c583f45224f2834e0079ad666006e48733..41405f3654a9220c0d27f3a88d8843fdae2d9104 100644 (file)
--- a/src/backend/commands/vacuum.c
+++ b/src/backend/commands/vacuum.c
@@ -13,7 +13,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/commands/vacuum.c,v 1.218 2002/03/21 16:00:35 tgl Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/commands/vacuum.c,v 1.219 2002/03/21 23:27:22 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -714,15 +714,14 @@ vacuum_rel(Oid relid, VacuumStmt *vacstmt)
     *
     * We allow the user to vacuum a table if he is superuser, the table
     * owner, or the database owner (but in the latter case, only if it's
-    * not a shared relation).  pg_ownercheck includes the superuser case.
+    * not a shared relation).  pg_class_ownercheck includes the superuser case.
     *
     * Note we choose to treat permissions failure as a WARNING and keep
     * trying to vacuum the rest of the DB --- is this appropriate?
     */
    onerel = heap_open(relid, lmode);
 
-   if (!(pg_ownercheck(GetUserId(), RelationGetRelationName(onerel),
-                       RELNAME) ||
+   if (!(pg_class_ownercheck(RelationGetRelid(onerel), GetUserId()) ||
          (is_dbadmin(MyDatabaseId) && !onerel->rd_rel->relisshared)))
    {
        elog(WARNING, "Skipping \"%s\" --- only table or database owner can VACUUM it",

diff --git a/src/backend/executor/execMain.c b/src/backend/executor/execMain.c
index 9b8e3586024178765e8ff7621f941193d882b713..8532da15975a3ab22f9b6a95c3ba1300b7b31046 100644 (file)
--- a/src/backend/executor/execMain.c
+++ b/src/backend/executor/execMain.c
@@ -27,7 +27,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.153 2002/03/21 16:00:37 tgl Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.154 2002/03/21 23:27:23 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -43,6 +43,7 @@
 #include "optimizer/var.h"
 #include "parser/parsetree.h"
 #include "utils/acl.h"
+#include "utils/lsyscache.h"
 
 
 /* decls for local routines only used within this module */
@@ -355,7 +356,7 @@ ExecCheckRTPerms(List *rangeTable, CmdType operation)
 static void
 ExecCheckRTEPerms(RangeTblEntry *rte, CmdType operation)
 {
-   char       *relName;
+   Oid         relOid;
    Oid         userid;
    int32       aclcheck_result;
 
@@ -363,10 +364,10 @@ ExecCheckRTEPerms(RangeTblEntry *rte, CmdType operation)
     * If it's a subquery RTE, ignore it --- it will be checked when
     * ExecCheckPlanPerms finds the SubqueryScan node for it.
     */
-   if (rte->subquery)
+   if (rte->rtekind != RTE_RELATION)
        return;
 
-   relName = rte->relname;
+   relOid = rte->relid;
 
    /*
     * userid to check as: current user unless we have a setuid
@@ -379,14 +380,15 @@ ExecCheckRTEPerms(RangeTblEntry *rte, CmdType operation)
     */
    userid = rte->checkAsUser ? rte->checkAsUser : GetUserId();
 
-#define CHECK(MODE)        pg_aclcheck(relName, userid, MODE)
+#define CHECK(MODE)        pg_class_aclcheck(relOid, userid, MODE)
 
    if (rte->checkForRead)
    {
        aclcheck_result = CHECK(ACL_SELECT);
        if (aclcheck_result != ACLCHECK_OK)
            elog(ERROR, "%s: %s",
-                relName, aclcheck_error_strings[aclcheck_result]);
+                get_rel_name(relOid),
+                aclcheck_error_strings[aclcheck_result]);
    }
 
    if (rte->checkForWrite)
@@ -416,7 +418,8 @@ ExecCheckRTEPerms(RangeTblEntry *rte, CmdType operation)
        }
        if (aclcheck_result != ACLCHECK_OK)
            elog(ERROR, "%s: %s",
-                relName, aclcheck_error_strings[aclcheck_result]);
+                get_rel_name(relOid),
+                aclcheck_error_strings[aclcheck_result]);
    }
 }
 

diff --git a/src/backend/rewrite/rewriteDefine.c b/src/backend/rewrite/rewriteDefine.c
index 0b47aa9c924593f07d064566102d384c5929651e..7e9f0fcfbb350e7113f15364db23f351fab2e2df 100644 (file)
--- a/src/backend/rewrite/rewriteDefine.c
+++ b/src/backend/rewrite/rewriteDefine.c
@@ -8,11 +8,10 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/rewrite/rewriteDefine.c,v 1.64 2002/03/21 16:01:16 tgl Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/rewrite/rewriteDefine.c,v 1.65 2002/03/21 23:27:23 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
-
 #include "postgres.h"
 
 #include "access/heapam.h"
@@ -27,6 +26,7 @@
 #include "rewrite/rewriteManip.h"
 #include "rewrite/rewriteSupport.h"
 #include "storage/smgr.h"
+#include "utils/acl.h"
 #include "utils/builtins.h"
 #include "utils/syscache.h"
 
@@ -127,6 +127,7 @@ DefineQueryRewrite(RuleStmt *stmt)
               *event_qualP;
    List       *l;
    Query      *query;
+   int32       aclcheck_result;
    bool        RelisBecomingView = false;
 
    /*
@@ -140,6 +141,15 @@ DefineQueryRewrite(RuleStmt *stmt)
    event_relation = heap_openr(event_obj->relname, AccessExclusiveLock);
    ev_relid = RelationGetRelid(event_relation);
 
+   /*
+    * Check user has permission to apply rules to this relation.
+    */
+   aclcheck_result = pg_class_aclcheck(ev_relid, GetUserId(), ACL_RULE);
+   if (aclcheck_result != ACLCHECK_OK)
+       elog(ERROR, "%s: %s",
+            RelationGetRelationName(event_relation),
+            aclcheck_error_strings[aclcheck_result]);
+
    /*
     * No rule actions that modify OLD or NEW
     */

diff --git a/src/backend/rewrite/rewriteRemove.c b/src/backend/rewrite/rewriteRemove.c
index 92326d93b6dc8ccf8e8936f12ac0f579ae51f729..6d251b78343416bcd01164c62ab0d6fb552c113a 100644 (file)
--- a/src/backend/rewrite/rewriteRemove.c
+++ b/src/backend/rewrite/rewriteRemove.c
@@ -8,12 +8,10 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/rewrite/rewriteRemove.c,v 1.45 2001/08/10 18:57:37 tgl Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/rewrite/rewriteRemove.c,v 1.46 2002/03/21 23:27:23 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
-
-
 #include "postgres.h"
 
 #include "utils/builtins.h"
@@ -21,41 +19,13 @@
 #include "catalog/catname.h"
 #include "catalog/pg_rewrite.h"
 #include "commands/comment.h"
+#include "miscadmin.h"
 #include "rewrite/rewriteRemove.h"
 #include "rewrite/rewriteSupport.h"
+#include "utils/acl.h"
 #include "utils/fmgroids.h"
 #include "utils/syscache.h"
 
-/*-----------------------------------------------------------------------
- * RewriteGetRuleEventRel
- *-----------------------------------------------------------------------
- */
-char *
-RewriteGetRuleEventRel(char *rulename)
-{
-   HeapTuple   htup;
-   Oid         eventrel;
-   char       *result;
-
-   htup = SearchSysCache(RULENAME,
-                         PointerGetDatum(rulename),
-                         0, 0, 0);
-   if (!HeapTupleIsValid(htup))
-       elog(ERROR, "Rule or view \"%s\" not found",
-            ((strncmp(rulename, "_RET", 4) == 0) ? (rulename + 4) : rulename));
-   eventrel = ((Form_pg_rewrite) GETSTRUCT(htup))->ev_class;
-   ReleaseSysCache(htup);
-
-   htup = SearchSysCache(RELOID,
-                         PointerGetDatum(eventrel),
-                         0, 0, 0);
-   if (!HeapTupleIsValid(htup))
-       elog(ERROR, "Relation %u not found", eventrel);
-
-   result = pstrdup(NameStr(((Form_pg_class) GETSTRUCT(htup))->relname));
-   ReleaseSysCache(htup);
-   return result;
-}
 
 /*
  * RemoveRewriteRule
@@ -71,6 +41,7 @@ RemoveRewriteRule(char *ruleName)
    Oid         ruleId;
    Oid         eventRelationOid;
    bool        hasMoreRules;
+   int32       aclcheck_result;
 
    /*
     * Open the pg_rewrite relation.
@@ -88,10 +59,7 @@ RemoveRewriteRule(char *ruleName)
     * complain if no rule with such name existed
     */
    if (!HeapTupleIsValid(tuple))
-   {
-       heap_close(RewriteRelation, RowExclusiveLock);
        elog(ERROR, "Rule \"%s\" not found", ruleName);
-   }
 
    /*
     * Save the OID of the rule (i.e. the tuple's OID) and the event
@@ -108,6 +76,16 @@ RemoveRewriteRule(char *ruleName)
     */
    event_relation = heap_open(eventRelationOid, AccessExclusiveLock);
 
+   /*
+    * Verify user has appropriate permissions.
+    */
+   aclcheck_result = pg_class_aclcheck(eventRelationOid, GetUserId(),
+                                       ACL_RULE);
+   if (aclcheck_result != ACLCHECK_OK)
+       elog(ERROR, "%s: %s",
+            RelationGetRelationName(event_relation),
+            aclcheck_error_strings[aclcheck_result]);
+
    /* do not allow the removal of a view's SELECT rule */
    if (event_relation->rd_rel->relkind == RELKIND_VIEW &&
        ((Form_pg_rewrite) GETSTRUCT(tuple))->ev_type == '1')

diff --git a/src/backend/tcop/utility.c b/src/backend/tcop/utility.c
index 9a6813635cac0e1771bb920d3937ef80acfde837..1f0046887f429a3a250b46c1431cf5bb337338a9 100644 (file)
--- a/src/backend/tcop/utility.c
+++ b/src/backend/tcop/utility.c
@@ -10,7 +10,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.136 2002/03/21 16:01:30 tgl Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.137 2002/03/21 23:27:23 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -116,7 +116,7 @@ CheckDropPermissions(char *name, char rightkind)
    if (classform->relkind != rightkind)
        DropErrorMsg(name, classform->relkind, rightkind);
 
-   if (!pg_ownercheck(GetUserId(), name, RELNAME))
+   if (!pg_class_ownercheck(tuple->t_data->t_oid, GetUserId()))
        elog(ERROR, "you do not own %s \"%s\"",
             rentry->name, name);
 
@@ -128,6 +128,31 @@ CheckDropPermissions(char *name, char rightkind)
    ReleaseSysCache(tuple);
 }
 
+static void
+CheckOwnership(char *relname, bool noCatalogs)
+{
+   HeapTuple   tuple;
+
+   tuple = SearchSysCache(RELNAME,
+                          PointerGetDatum(relname),
+                          0, 0, 0);
+   if (!HeapTupleIsValid(tuple))
+       elog(ERROR, "Relation \"%s\" does not exist", relname);
+
+   if (!pg_class_ownercheck(tuple->t_data->t_oid, GetUserId()))
+       elog(ERROR, "%s: %s", relname,
+            aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
+
+   if (noCatalogs)
+   {
+       if (!allowSystemTableMods && IsSystemRelationName(relname))
+           elog(ERROR, "relation \"%s\" is a system catalog",
+                relname);
+   }
+
+   ReleaseSysCache(tuple);
+}
+
 
 /*
  * ProcessUtility
@@ -149,7 +174,6 @@ ProcessUtility(Node *parsetree,
               char *completionTag)
 {
    char       *relname;
-   char       *relationName;
 
    if (completionTag)
        completionTag[0] = '\0';
@@ -271,17 +295,8 @@ ProcessUtility(Node *parsetree,
                            break;
 
                        case DROP_RULE:
-                           {
-                               char       *rulename = relname;
-                               int         aclcheck_result;
-
-                               relationName = RewriteGetRuleEventRel(rulename);
-                               aclcheck_result = pg_aclcheck(relationName, GetUserId(), ACL_RULE);
-                               if (aclcheck_result != ACLCHECK_OK)
-                                   elog(ERROR, "%s: %s", relationName,
-                                        aclcheck_error_strings[aclcheck_result]);
-                               RemoveRewriteRule(rulename);
-                           }
+                           /* RemoveRewriteRule checks permissions */
+                           RemoveRewriteRule(relname);
                            break;
 
                        case DROP_TYPE:
@@ -355,11 +370,7 @@ ProcessUtility(Node *parsetree,
                RenameStmt *stmt = (RenameStmt *) parsetree;
 
                relname = stmt->relation->relname;
-               if (!allowSystemTableMods && IsSystemRelationName(relname))
-                   elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
-                        relname);
-               if (!pg_ownercheck(GetUserId(), relname, RELNAME))
-                   elog(ERROR, "permission denied");
+               CheckOwnership(relname, true);
 
                /* ----------------
                 *  XXX using len == 3 to tell the difference
@@ -509,11 +520,7 @@ ProcessUtility(Node *parsetree,
                IndexStmt  *stmt = (IndexStmt *) parsetree;
 
                relname = stmt->relation->relname;
-               if (!allowSystemTableMods && IsSystemRelationName(relname))
-                   elog(ERROR, "CREATE INDEX: relation \"%s\" is a system catalog",
-                        relname);
-               if (!pg_ownercheck(GetUserId(), relname, RELNAME))
-                   elog(ERROR, "permission denied");
+               CheckOwnership(relname, true);
 
                DefineIndex(stmt->relation->relname,    /* relation */
                            stmt->idxname,              /* index name */
@@ -527,17 +534,7 @@ ProcessUtility(Node *parsetree,
            break;
 
        case T_RuleStmt:        /* CREATE RULE */
-           {
-               RuleStmt   *stmt = (RuleStmt *) parsetree;
-               int         aclcheck_result;
-
-               relname = stmt->relation->relname;
-               aclcheck_result = pg_aclcheck(relname, GetUserId(), ACL_RULE);
-               if (aclcheck_result != ACLCHECK_OK)
-                   elog(ERROR, "%s: %s", relname, aclcheck_error_strings[aclcheck_result]);
-
-               DefineQueryRewrite(stmt);
-           }
+           DefineQueryRewrite((RuleStmt *) parsetree);
            break;
 
        case T_CreateSeqStmt:
@@ -646,11 +643,7 @@ ProcessUtility(Node *parsetree,
                ClusterStmt *stmt = (ClusterStmt *) parsetree;
 
                relname = stmt->relation->relname;
-               if (IsSystemRelationName(relname))
-                   elog(ERROR, "CLUSTER: relation \"%s\" is a system catalog",
-                        relname);
-               if (!pg_ownercheck(GetUserId(), relname, RELNAME))
-                   elog(ERROR, "permission denied");
+               CheckOwnership(relname, true);
 
                cluster(relname, stmt->indexname);
            }
@@ -790,14 +783,12 @@ ProcessUtility(Node *parsetree,
                                elog(ERROR, "\"%s\" is a system index. call REINDEX under standalone postgres with -P -O options",
                                     relname);
                        }
-                       if (!pg_ownercheck(GetUserId(), relname, RELNAME))
-                           elog(ERROR, "%s: %s", relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
+                       CheckOwnership(relname, false);
                        ReindexIndex(relname, stmt->force);
                        break;
                    case TABLE:
                        relname = (char *) stmt->relation->relname;
-                       if (!pg_ownercheck(GetUserId(), relname, RELNAME))
-                           elog(ERROR, "%s: %s", relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
+                       CheckOwnership(relname, false);
                        ReindexTable(relname, stmt->force);
                        break;
                    case DATABASE:

diff --git a/src/backend/utils/adt/acl.c b/src/backend/utils/adt/acl.c
index f868b36861d8260f3e54dc206144b544f3868c84..0e73cb04b10d7504a4e803b937c9387ce24201b2 100644 (file)
--- a/src/backend/utils/adt/acl.c
+++ b/src/backend/utils/adt/acl.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.68 2002/03/02 21:39:32 momjian Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.69 2002/03/21 23:27:24 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -817,30 +817,21 @@ has_table_privilege_id(PG_FUNCTION_ARGS)
 {
    Oid         reloid = PG_GETARG_OID(0);
    text       *priv_type_text = PG_GETARG_TEXT_P(1);
-   char       *relname;
    int32       usesysid;
    AclMode     mode;
    int32       result;
 
    usesysid = GetUserId();
 
-   /*
-    * Lookup relname based on rel oid
-    */
-   relname = get_rel_name(reloid);
-   if (relname == NULL)
-       elog(ERROR, "has_table_privilege: invalid relation oid %u",
-            reloid);
-
    /*
     * Convert priv_type_text to an AclMode
     */
    mode = convert_priv_string(priv_type_text);
 
    /*
-    * Finally, check for the privilege
+    * Check for the privilege
     */
-   result = pg_aclcheck(relname, usesysid, mode);
+   result = pg_class_aclcheck(reloid, usesysid, mode);
 
    if (result == ACLCHECK_OK)
        PG_RETURN_BOOL(true);
@@ -891,27 +882,18 @@ has_table_privilege_id_id(PG_FUNCTION_ARGS)
    int32       usesysid = PG_GETARG_INT32(0);
    Oid         reloid = PG_GETARG_OID(1);
    text       *priv_type_text = PG_GETARG_TEXT_P(2);
-   char       *relname;
    AclMode     mode;
    int32       result;
 
-   /*
-    * Lookup relname based on rel oid
-    */
-   relname = get_rel_name(reloid);
-   if (relname == NULL)
-       elog(ERROR, "has_table_privilege: invalid relation oid %u",
-            reloid);
-
    /*
     * Convert priv_type_text to an AclMode
     */
    mode = convert_priv_string(priv_type_text);
 
    /*
-    * Finally, check for the privilege
+    * Check for the privilege
     */
-   result = pg_aclcheck(relname, usesysid, mode);
+   result = pg_class_aclcheck(reloid, usesysid, mode);
 
    if (result == ACLCHECK_OK)
        PG_RETURN_BOOL(true);
@@ -1050,22 +1032,19 @@ static bool
 has_table_privilege_id_cname(int32 usesysid, char *relname,
                             text *priv_type_text)
 {
-   HeapTuple   tuple;
+   Oid         reloid;
    AclMode     mode;
    int32       result;
 
    /*
-    * Check relname is valid. This is needed to deal with the case when
-    * usename is a superuser in which case pg_aclcheck simply returns
-    * ACLCHECK_OK without validating relname
+    * Convert relname to rel OID.
     */
-   tuple = SearchSysCache(RELNAME,
-                          PointerGetDatum(relname),
-                          0, 0, 0);
-   if (!HeapTupleIsValid(tuple))
+   reloid = GetSysCacheOid(RELNAME,
+                           PointerGetDatum(relname),
+                           0, 0, 0);
+   if (!OidIsValid(reloid))
        elog(ERROR, "has_table_privilege: relation \"%s\" does not exist",
             relname);
-   ReleaseSysCache(tuple);
 
    /*
     * Convert priv_type_text to an AclMode
@@ -1075,7 +1054,7 @@ has_table_privilege_id_cname(int32 usesysid, char *relname,
    /*
     * Finally, check for the privilege
     */
-   result = pg_aclcheck(relname, usesysid, mode);
+   result = pg_class_aclcheck(reloid, usesysid, mode);
 
    if (result == ACLCHECK_OK)
        return true;

diff --git a/src/backend/utils/cache/syscache.c b/src/backend/utils/cache/syscache.c
index dfbcccffbed250efda87862838f135fc11c352cb..8779125d1591d4554ee0c9c8809626df6dd1b6de 100644 (file)
--- a/src/backend/utils/cache/syscache.c
+++ b/src/backend/utils/cache/syscache.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/utils/cache/syscache.c,v 1.67 2002/02/19 20:11:18 tgl Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/utils/cache/syscache.c,v 1.68 2002/03/21 23:27:24 tgl Exp $
  *
  * NOTES
  *   These routines allow the parser/planner/executor to perform
@@ -103,6 +103,16 @@ static struct cachedesc cacheinfo[] = {
            0,
            0
    }},
+   {AggregateRelationName,     /* AGGOID */
+       AggregateOidIndex,
+       0,
+       1,
+       {
+           ObjectIdAttributeNumber,
+           0,
+           0,
+           0
+   }},
    {AccessMethodRelationName,  /* AMNAME */
        AmNameIndex,
        0,

diff --git a/src/include/rewrite/rewriteRemove.h b/src/include/rewrite/rewriteRemove.h
index 672ed7f85d880629f67eba6724813c8e31459153..ccfc2dbb12bb76c4e8d1e2f471d9a7a1abe2ef97 100644 (file)
--- a/src/include/rewrite/rewriteRemove.h
+++ b/src/include/rewrite/rewriteRemove.h
@@ -7,14 +7,13 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: rewriteRemove.h,v 1.10 2001/11/05 17:46:35 momjian Exp $
+ * $Id: rewriteRemove.h,v 1.11 2002/03/21 23:27:24 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
 #ifndef REWRITEREMOVE_H
 #define REWRITEREMOVE_H
 
-extern char *RewriteGetRuleEventRel(char *rulename);
 extern void RemoveRewriteRule(char *ruleName);
 extern void RelationRemoveRules(Oid relid);
 

diff --git a/src/include/utils/acl.h b/src/include/utils/acl.h
index 3619797151b68e10728cc1b51f856d50bf476b9c..2a862af4bdd06cedf1b54191c8afa53dacfb7e20 100644 (file)
--- a/src/include/utils/acl.h
+++ b/src/include/utils/acl.h
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: acl.h,v 1.40 2002/02/18 23:11:45 petere Exp $
+ * $Id: acl.h,v 1.41 2002/03/21 23:27:25 tgl Exp $
  *
  * NOTES
  *   For backward-compatibility purposes we have to allow there
@@ -24,11 +24,11 @@
 
 #include "nodes/parsenodes.h"
 #include "utils/array.h"
-#include "utils/memutils.h"
+
 
 /*
  * AclId       system identifier for the user, group, etc.
- *             XXX currently UNIX uid for users...
+ *             XXX Perhaps replace this type by OID?
  */
 typedef uint32 AclId;
 
@@ -159,14 +159,14 @@ typedef ArrayType IdList;
 #define ACL_MODE_REFERENCES_CHR 'x'
 #define ACL_MODE_TRIGGER_CHR   't'
 
-/* result codes for pg_aclcheck */
+/* result codes for pg_*_aclcheck */
 #define ACLCHECK_OK                  0
 #define ACLCHECK_NO_PRIV         1
 #define ACLCHECK_NO_CLASS        2
 #define ACLCHECK_NOT_OWNER       3
 
-/* error messages (index by ACL_CHECK_* result code).  set in aclchk.c. */
-extern char *aclcheck_error_strings[];
+/* error messages (index by ACLCHECK_* result code).  set in aclchk.c. */
+extern const char * const aclcheck_error_strings[];
 
 /*
  * routines used internally
@@ -199,16 +199,16 @@ extern void ExecuteGrantStmt(GrantStmt *stmt);
 extern AclId get_grosysid(char *groname);
 extern char *get_groname(AclId grosysid);
 
-extern int32 pg_aclcheck(char *relname, Oid userid, AclMode mode);
-
-extern bool pg_ownercheck(Oid userid, const char *name, int cacheid);
-extern bool pg_oper_ownercheck(Oid userid, Oid oprid);
-extern bool pg_func_ownercheck(Oid userid, char *funcname,
-                  int nargs, Oid *arglist);
-extern bool pg_aggr_ownercheck(Oid userid, char *aggname,
-                  Oid basetypeID);
-
+/* these return ACLCHECK_* result codes */
+extern int32 pg_class_aclcheck(Oid table_oid, Oid userid, AclMode mode);
 extern int32 pg_proc_aclcheck(Oid proc_oid, Oid userid);
 extern int32 pg_language_aclcheck(Oid lang_oid, Oid userid);
 
+/* ownercheck routines just return true (owner) or false (not) */
+extern bool pg_class_ownercheck(Oid class_oid, Oid userid);
+extern bool pg_type_ownercheck(Oid type_oid, Oid userid);
+extern bool pg_oper_ownercheck(Oid oper_oid, Oid userid);
+extern bool pg_proc_ownercheck(Oid proc_oid, Oid userid);
+extern bool pg_aggr_ownercheck(Oid aggr_oid, Oid userid);
+
 #endif   /* ACL_H */

diff --git a/src/include/utils/syscache.h b/src/include/utils/syscache.h
index 6164c02b1525e6320b545250f39518e9a16f82e2..d4bcd14256e1fd9650bace2110f6f2d1edc68fe4 100644 (file)
--- a/src/include/utils/syscache.h
+++ b/src/include/utils/syscache.h
@@ -9,7 +9,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: syscache.h,v 1.37 2002/02/19 20:11:20 tgl Exp $
+ * $Id: syscache.h,v 1.38 2002/03/21 23:27:25 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -29,33 +29,35 @@
  */
 
 #define AGGNAME            0
-#define AMNAME         1
-#define AMOID          2
-#define AMOPOPID       3
-#define AMOPSTRATEGY   4
-#define AMPROCNUM      5
-#define ATTNAME            6
-#define ATTNUM         7
-#define CLAAMNAME      8
-#define CLAOID         9
-#define GRONAME            10
-#define GROSYSID       11
-#define INDEXRELID     12
-#define INHRELID       13
-#define LANGNAME       14
-#define LANGOID            15
-#define OPERNAME       16
-#define OPEROID            17
-#define PROCNAME       18
-#define PROCOID            19
-#define RELNAME            20
-#define RELOID         21
-#define RULENAME       22
-#define SHADOWNAME     23
-#define SHADOWSYSID        24
-#define STATRELATT     25
-#define TYPENAME       26
-#define TYPEOID            27
+#define AGGOID         1
+#define AMNAME         2
+#define AMOID          3
+#define AMOPOPID       4
+#define AMOPSTRATEGY   5
+#define AMPROCNUM      6
+#define ATTNAME            7
+#define ATTNUM         8
+#define CLAAMNAME      9
+#define CLAOID         10
+#define GRONAME            11
+#define GROSYSID       12
+#define INDEXRELID     13
+#define INHRELID       14
+#define LANGNAME       15
+#define LANGOID            16
+#define OPERNAME       17
+#define OPEROID            18
+#define PROCNAME       19
+#define PROCOID            20
+#define RELNAME            21
+#define RELOID         22
+#define RULENAME       23
+#define SHADOWNAME     24
+#define SHADOWSYSID        25
+#define STATRELATT     26
+#define TYPENAME       27
+#define TYPEOID            28
+
 
 extern void InitCatalogCache(void);
 extern void InitCatalogCachePhase2(void);

diff --git a/src/test/regress/expected/errors.out b/src/test/regress/expected/errors.out
index 625c6d7499d8ac8f3585e37cf016ad00a35c3f05..bd9707c2bdbeeb07e734cd35c97ca55885c9516f 100644 (file)
--- a/src/test/regress/expected/errors.out
+++ b/src/test/regress/expected/errors.out
@@ -221,7 +221,7 @@ drop rule 314159;
 ERROR:  parser: parse error at or near "314159"
 -- no such rule 
 drop rule nonesuch;
-ERROR:  Rule or view "nonesuch" not found
+ERROR:  Rule "nonesuch" not found
 -- bad keyword 
 drop tuple rule nonesuch;
 ERROR:  parser: parse error at or near "tuple"

diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out
index 0bf560a949f8f932e1c9fd0dab3a9e21f0453c06..6c9b84dda2b8f56a4d63deec162b66c41300679d 100644 (file)
--- a/src/test/regress/expected/privileges.out
+++ b/src/test/regress/expected/privileges.out
@@ -90,7 +90,7 @@ ERROR:  LOCK TABLE: permission denied
 COPY atest2 FROM stdin; -- fail
 ERROR:  atest2: Permission denied.
 GRANT ALL ON atest1 TO PUBLIC; -- fail
-ERROR:  permission denied
+ERROR:  atest1: permission denied
 -- checks in subquery, both ok
 SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) );
  a | b 
@@ -246,9 +246,9 @@ ERROR:  user "nosuchuser" does not exist
 select has_table_privilege('pg_shadow','sel');
 ERROR:  has_table_privilege: invalid privilege type sel
 select has_table_privilege(-999999,'pg_shadow','update');
-ERROR:  pg_aclcheck: invalid user id 4293967297
+ERROR:  pg_class_aclcheck: invalid user id 4293967297
 select has_table_privilege(1,'rule');
-ERROR:  has_table_privilege: invalid relation oid 1
+ERROR:  pg_class_aclcheck: relation 1 not found
 -- superuser
 \c -
 select has_table_privilege(current_user,'pg_shadow','select');