1 /*-------------------------------------------------------------------------
4 * Definition of (and support for) access control list data structures.
7 * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
8 * Portions Copyright (c) 1994, Regents of the University of California
10 * $Id: acl.h,v 1.38 2001/10/28 06:26:09 momjian Exp $
13 * For backward-compatibility purposes we have to allow there
14 * to be a null ACL in a pg_class tuple. This will be defined as
15 * meaning "default protection" (i.e., whatever acldefault() returns).
17 * The AclItems in an ACL array are currently kept in sorted order.
18 * Things will break hard if you change that without changing the
19 * code wherever this is included.
20 *-------------------------------------------------------------------------
25 #include "nodes/parsenodes.h"
26 #include "utils/array.h"
27 #include "utils/memutils.h"
30 * AclId system identifier for the user, group, etc.
31 * XXX currently UNIX uid for users...
35 #define ACL_ID_WORLD 0 /* placeholder for id in a WORLD acl item */
38 * AclIdType tag that describes if the AclId is a user, group, etc.
40 typedef uint8 AclIdType;
42 #define ACL_IDTYPE_WORLD 0x00
43 #define ACL_IDTYPE_UID 0x01 /* user id - from pg_shadow */
44 #define ACL_IDTYPE_GID 0x02 /* group id - from pg_group */
47 * AclMode the actual permissions
48 * XXX should probably use bit.h routines.
49 * XXX should probably also stuff the modechg cruft in the
52 typedef uint8 AclMode;
54 #define ACL_NO 0 /* no permissions */
55 #define ACL_INSERT (1<<0)
56 #define ACL_SELECT (1<<1)
57 #define ACL_UPDATE (1<<2)
58 #define ACL_DELETE (1<<3)
59 #define ACL_RULE (1<<4)
60 #define ACL_REFERENCES (1<<5)
61 #define ACL_TRIGGER (1<<6)
62 #define N_ACL_MODES 7 /* 1 plus the last 1<<x */
67 typedef struct AclItem
74 * This is actually type 'aclitem', and we want a fixed size for all
75 * platforms, so we pad this with dummies.
81 /* Note: if the size of AclItem changes,
82 change the aclitem typlen in pg_type.h */
86 * Definitions for convenient access to Acl (array of AclItem) and IdList
87 * (array of AclId). These are standard Postgres arrays, but are restricted
88 * to have one dimension. We also ignore the lower bound when reading,
89 * and set it to zero when writing.
91 * CAUTION: as of Postgres 7.1, these arrays are toastable (just like all
92 * other array types). Therefore, be careful to detoast them with the
93 * macros provided, unless you know for certain that a particular array
94 * can't have been toasted. Presently, we do not provide toast tables for
95 * pg_class or pg_group, so the entries in those tables won't have been
96 * stored externally --- but they could have been compressed!
101 * Acl a one-dimensional POSTGRES array of AclItem
103 typedef ArrayType Acl;
105 #define ACL_NUM(ACL) (ARR_DIMS(ACL)[0])
106 #define ACL_DAT(ACL) ((AclItem *) ARR_DATA_PTR(ACL))
107 #define ACL_N_SIZE(N) (ARR_OVERHEAD(1) + ((N) * sizeof(AclItem)))
108 #define ACL_SIZE(ACL) ARR_SIZE(ACL)
111 * IdList a one-dimensional POSTGRES array of AclId
113 typedef ArrayType IdList;
115 #define IDLIST_NUM(IDL) (ARR_DIMS(IDL)[0])
116 #define IDLIST_DAT(IDL) ((AclId *) ARR_DATA_PTR(IDL))
117 #define IDLIST_N_SIZE(N) (ARR_OVERHEAD(1) + ((N) * sizeof(AclId)))
118 #define IDLIST_SIZE(IDL) ARR_SIZE(IDL)
121 * fmgr macros for these types
123 #define DatumGetAclItemP(X) ((AclItem *) DatumGetPointer(X))
124 #define PG_GETARG_ACLITEM_P(n) DatumGetAclItemP(PG_GETARG_DATUM(n))
125 #define PG_RETURN_ACLITEM_P(x) PG_RETURN_POINTER(x)
127 #define DatumGetAclP(X) ((Acl *) PG_DETOAST_DATUM(X))
128 #define DatumGetAclPCopy(X) ((Acl *) PG_DETOAST_DATUM_COPY(X))
129 #define PG_GETARG_ACL_P(n) DatumGetAclP(PG_GETARG_DATUM(n))
130 #define PG_GETARG_ACL_P_COPY(n) DatumGetAclPCopy(PG_GETARG_DATUM(n))
131 #define PG_RETURN_ACL_P(x) PG_RETURN_POINTER(x)
133 #define DatumGetIdListP(X) ((IdList *) PG_DETOAST_DATUM(X))
134 #define DatumGetIdListPCopy(X) ((IdList *) PG_DETOAST_DATUM_COPY(X))
135 #define PG_GETARG_IDLIST_P(n) DatumGetIdListP(PG_GETARG_DATUM(n))
136 #define PG_GETARG_IDLIST_P_COPY(n) DatumGetIdListPCopy(PG_GETARG_DATUM(n))
137 #define PG_RETURN_IDLIST_P(x) PG_RETURN_POINTER(x)
141 * ACL modification opcodes
143 #define ACL_MODECHG_ADD 1
144 #define ACL_MODECHG_DEL 2
145 #define ACL_MODECHG_EQL 3
147 /* mode indicators for I/O */
148 #define ACL_MODECHG_STR "+-=" /* list of valid characters */
149 #define ACL_MODECHG_ADD_CHR '+'
150 #define ACL_MODECHG_DEL_CHR '-'
151 #define ACL_MODECHG_EQL_CHR '='
152 #define ACL_MODE_STR "arwdRxt" /* list of valid
154 #define ACL_MODE_INSERT_CHR 'a' /* formerly known as "append" */
155 #define ACL_MODE_SELECT_CHR 'r' /* formerly known as "read" */
156 #define ACL_MODE_UPDATE_CHR 'w' /* formerly known as "write" */
157 #define ACL_MODE_DELETE_CHR 'd'
158 #define ACL_MODE_RULE_CHR 'R'
159 #define ACL_MODE_REFERENCES_CHR 'x'
160 #define ACL_MODE_TRIGGER_CHR 't'
162 /* result codes for pg_aclcheck */
163 #define ACLCHECK_OK 0
164 #define ACLCHECK_NO_PRIV 1
165 #define ACLCHECK_NO_CLASS 2
166 #define ACLCHECK_NOT_OWNER 3
168 /* error messages (index by ACL_CHECK_* result code). set in aclchk.c. */
169 extern char *aclcheck_error_strings[];
172 * routines used internally
174 extern Acl *acldefault(const char *relname, AclId ownerid);
175 extern Acl *aclinsert3(const Acl *old_acl, const AclItem *mod_aip, unsigned modechg);
178 * routines used by the parser
180 extern char *aclmakepriv(const char *old_privlist, char new_priv);
181 extern char *aclmakeuser(const char *user_type, const char *user);
184 * exported routines (from acl.c)
186 extern Acl *makeacl(int n);
187 extern Datum aclitemin(PG_FUNCTION_ARGS);
188 extern Datum aclitemout(PG_FUNCTION_ARGS);
189 extern Datum aclinsert(PG_FUNCTION_ARGS);
190 extern Datum aclremove(PG_FUNCTION_ARGS);
191 extern Datum aclcontains(PG_FUNCTION_ARGS);
192 extern const char *aclparse(const char *s, AclItem *aip, unsigned *modechg);
193 extern char *makeAclString(const char *privileges, const char *grantee, char grant_or_revoke);
196 * prototypes for functions in aclchk.c
198 extern void ExecuteGrantStmt(GrantStmt *stmt);
199 extern AclId get_grosysid(char *groname);
200 extern char *get_groname(AclId grosysid);
202 extern int32 pg_aclcheck(char *relname, Oid userid, AclMode mode);
204 extern bool pg_ownercheck(Oid userid, const char *name, int cacheid);
205 extern bool pg_oper_ownercheck(Oid userid, Oid oprid);
206 extern bool pg_func_ownercheck(Oid userid, char *funcname,
207 int nargs, Oid *arglist);
208 extern bool pg_aggr_ownercheck(Oid userid, char *aggname,