Add large object access control.

A new system catalog pg_largeobject_metadata manages
ownership and access privileges of large objects.

KaiGai Kohei, reviewed by Jaime Casanova.

diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml
index be5b037aa0b7e03aa64496c389b7e3a8e570e4c2..9d7f7346d95d925915adee65a6f836287bd600f9 100644 (file)
--- a/doc/src/sgml/catalogs.sgml
+++ b/doc/src/sgml/catalogs.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/catalogs.sgml,v 2.212 2009/12/07 05:22:21 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/catalogs.sgml,v 2.213 2009/12/11 03:34:54 itagaki Exp $ -->
 <!--
  Documentation of the system catalogs, directed toward PostgreSQL developers
  -->
@@ -160,7 +160,12 @@
 
      <row>
       <entry><link linkend="catalog-pg-largeobject"><structname>pg_largeobject</structname></link></entry>
-      <entry>large objects</entry>
+      <entry>data pages for large objects</entry>
+     </row>
+
+     <row>
+      <entry><link linkend="catalog-pg-largeobject-metadata"><structname>pg_largeobject_metadata</structname></link></entry>
+      <entry>metadata for large objects</entry>
      </row>
 
      <row>
@@ -3120,22 +3125,31 @@
 
   <para>
    The catalog <structname>pg_largeobject</structname> holds the data making up
-   <quote>large objects</quote>.  A large object is identified by an
-   OID assigned when it is created.  Each large object is broken into
+   <quote>large objects</quote>.  A large object is identified by an OID of
+   <link linkend="catalog-pg-largeobject-metadata"><structname>pg_largeobject_metadata</></link>
+   catalog, assigned when it is created.  Each large object is broken into
    segments or <quote>pages</> small enough to be conveniently stored as rows
    in <structname>pg_largeobject</structname>.
    The amount of data per page is defined to be <symbol>LOBLKSIZE</> (which is currently
    <literal>BLCKSZ/4</>, or typically 2 kB).
   </para>
 
+  <para>
+   <structname>pg_largeobject</structname> should not be readable by the
+   public, since the catalog contains data in large objects of all users.
+   <structname>pg_largeobject_metadata</> is a publicly readable catalog
+   that only contains identifiers of large objects.
+  </para>
+
   <table>
    <title><structname>pg_largeobject</> Columns</title>
 
-   <tgroup cols="3">
+   <tgroup cols="4">
     <thead>
      <row>
       <entry>Name</entry>
       <entry>Type</entry>
+      <entry>References</entry>
       <entry>Description</entry>
      </row>
     </thead>
@@ -3144,12 +3158,14 @@
      <row>
       <entry><structfield>loid</structfield></entry>
       <entry><type>oid</type></entry>
+      <entry><literal><link linkend="catalog-pg-largeobject-metadata"><structname>pg_largeobject_metadata</structname></link>.oid</literal></entry>
       <entry>Identifier of the large object that includes this page</entry>
      </row>
 
      <row>
       <entry><structfield>pageno</structfield></entry>
       <entry><type>int4</type></entry>
+      <entry></entry>
       <entry>Page number of this page within its large object
       (counting from zero)</entry>
      </row>
@@ -3157,6 +3173,7 @@
      <row>
       <entry><structfield>data</structfield></entry>
       <entry><type>bytea</type></entry>
+      <entry></entry>
       <entry>
        Actual data stored in the large object.
        This will never be more than <symbol>LOBLKSIZE</> bytes and might be less
@@ -3177,6 +3194,55 @@
 
  </sect1>
 
+ <sect1 id="catalog-pg-largeobject-metadata">
+  <title><structname>pg_largeobject_metadata</structname></title>
+
+  <indexterm zone="catalog-pg-largeobject-metadata">
+   <primary>pg_largeobject_metadata</primary>
+  </indexterm>
+
+  <para>
+   The purpose of <structname>pg_largeobject_metadata</structname> is to
+   hold metadata of <quote>large objects</quote>, such as OID of its owner,
+   access permissions and OID of the large object itself.
+  </para>
+
+  <table>
+   <title><structname>pg_largeobject_metadata</> Columns</title>
+
+   <tgroup cols="4">
+    <thead>
+     <row>
+      <entry>Name</entry>
+      <entry>Type</entry>
+      <entry>References</entry>
+      <entry>Description</entry>
+     </row>
+    </thead>
+
+    <tbody>
+     <row>
+      <entry><structfield>lomowner</structfield></entry>
+      <entry><type>oid</type></entry>
+      <entry><literal><link linkend="catalog-pg-authid"><structname>pg_authid</structname></link>.oid</literal></entry>
+      <entry>Owner of the largeobejct</entry>
+     </row>
+
+     <row>
+      <entry><structfield>lomacl</structfield></entry>
+      <entry><type>aclitem[]</type></entry>
+      <entry>
+       Access privileges; see
+       <xref linkend="sql-grant" endterm="sql-grant-title"> and
+       <xref linkend="sql-revoke" endterm="sql-revoke-title">
+       for details
+      </entry>
+     </row>
+
+    </tbody>
+   </tgroup>
+  </table>
+ </sect1>
 
  <sect1 id="catalog-pg-listener">
   <title><structname>pg_listener</structname></title>

diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index 1fb32c8de398d6c700881239df026d232ab680d9..8045f5c95beed1d16231117447ca5d9df85a89de 100644 (file)
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.236 2009/12/10 06:32:27 petere Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.237 2009/12/11 03:34:55 itagaki Exp $ -->
 
 <chapter Id="runtime-config">
   <title>Server Configuration</title>
@@ -4816,6 +4816,35 @@ dynamic_library_path = 'C:\tools\postgresql;H:\my_project\lib;$libdir'
       </listitem>
      </varlistentry>
 
+     <varlistentry id="guc-lo-compat-privileges" xreflabel="lo_compat_privileges">
+      <term><varname>lo_compat_privileges</varname> (<type>boolean</type>)</term>
+      <indexterm>
+       <primary>
+        <varname>lo_compat_privileges</varname> configuration parameter
+       </primary>
+      </indexterm>
+      <listitem>
+       <para>
+        This allows us to tuen on/off database privilege checks on large
+        objects. In the 8.4.x series and earlier release do not have
+        privilege checks on large object in most cases.
+
+        So, turning the <varname>lo_compat_privileges</varname> off means
+        the large object feature performs in compatible mode.
+       </para>
+       <para>
+        Please note that it is not equivalent to disable all the security
+        checks corresponding to large objects.
+        For example, the <literal>lo_import()</literal> and
+        <literal>lo_export()</literal> need superuser privileges independent
+        from this setting as prior versions were doing.
+       </para>
+       <para>
+        It is <literal>off</literal> by default.
+       </para>
+      </listitem>
+     </varlistentry>
+
      <varlistentry id="guc-sql-inheritance" xreflabel="sql_inheritance">
       <term><varname>sql_inheritance</varname> (<type>boolean</type>)</term>
       <indexterm>

diff --git a/doc/src/sgml/lobj.sgml b/doc/src/sgml/lobj.sgml
index 750b9c5c4ee053c8d61f3cd978b7c0a3bf20d8f4..1cec73e4c025723b193f2193e2a945605e105c4d 100644 (file)
--- a/doc/src/sgml/lobj.sgml
+++ b/doc/src/sgml/lobj.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/lobj.sgml,v 1.49 2008/12/07 23:46:39 alvherre Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/lobj.sgml,v 1.50 2009/12/11 03:34:55 itagaki Exp $ -->
 
  <chapter id="largeObjects">
   <title id="largeObjects-title">Large Objects</title>
@@ -441,6 +441,57 @@ SELECT lo_export(image.raster, '/tmp/motd') FROM image
     The client-side functions can be used by any
     <productname>PostgreSQL</productname> user.
   </para>
+
+  <sect2 id="lo-func-privilege">
+   <title>Large object and privileges</title>
+   <para>
+    Note that access control feature was not supported in the 8.4.x series
+    and earlier release.
+    Also see the <xref linkend="guc-lo-compat-privileges"> compatibility
+    option.
+   </para>
+   <para>
+    Now it supports access controls on large objects, and allows the owner
+    of large objects to set up access rights using
+    <xref linkend="sql-grant" endterm="sql-grant-title"> and
+    <xref linkend="sql-revoke" endterm="sql-revoke-title"> statement.
+   </para>
+   <para>
+    Two permissions are defined on the large object class.
+    These are checked only when <xref linkend="guc-lo-compat-privileges">
+    option is disabled.
+   </para>
+   <para>
+    The first is <literal>SELECT</literal>.
+    It is required on <function>loread()</function> function.
+    Note that when we open large object with read-only mode, we can see
+    a static image even if other concurrent transaction modified the
+    same large object.
+    This principle is also applied on the access rights of large objects.
+    Even if a transaction modified access rights and commit it, it is
+    not invisible from other transaction which already opened the large
+    object.
+   </para>
+   <para>
+    The second is <literal>UPDATE</literal>.
+    It is required on <function>lowrite()</function> function and
+    <function>lo_truncate()</function> function.
+   </para>
+   <para>
+    In addition, <function>lo_unlink()</function> function,
+    <command>COMMENT ON</command> and <command>ALTER LARGE OBJECT</command>
+    statements needs ownership of the large object to be accessed.
+   </para>
+   <para>
+    You may wonder why <literal>SELECT</literal> is not checked on the
+    <function>lo_export()</function> function or <literal>UPDATE</literal>
+    is not checked on the <function>lo_import</function> function.
+
+    These functions originally require database superuser privilege,
+    and it allows to bypass the default database privilege checks,
+    so we don't need to check an obvious test twice.
+   </para>
+  </sect2>
 </sect1>
 
 <sect1 id="lo-examplesect">

diff --git a/doc/src/sgml/ref/allfiles.sgml b/doc/src/sgml/ref/allfiles.sgml
index c15579c5164916a5134426f1292c16c6db4b5edc..1754aae58b8fcc6708619a71b8713a1ae90794b6 100644 (file)
--- a/doc/src/sgml/ref/allfiles.sgml
+++ b/doc/src/sgml/ref/allfiles.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/allfiles.sgml,v 1.76 2009/10/05 19:24:33 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/allfiles.sgml,v 1.77 2009/12/11 03:34:55 itagaki Exp $
 PostgreSQL documentation
 Complete list of usable sgml source files in this directory.
 -->
@@ -16,6 +16,7 @@ Complete list of usable sgml source files in this directory.
 <!entity alterGroup         system "alter_group.sgml">
 <!entity alterIndex         system "alter_index.sgml">
 <!entity alterLanguage      system "alter_language.sgml">
+<!entity alterLargeObject   system "alter_large_object.sgml">
 <!entity alterOperator      system "alter_operator.sgml">
 <!entity alterOperatorClass system "alter_opclass.sgml">
 <!entity alterOperatorFamily system "alter_opfamily.sgml">

diff --git a/doc/src/sgml/ref/alter_large_object.sgml b/doc/src/sgml/ref/alter_large_object.sgml
new file mode 100755 (executable)
index 0000000..3436ae8
--- /dev/null
+++ b/doc/src/sgml/ref/alter_large_object.sgml
@@ -0,0 +1,75 @@
+<refentry id="SQL-ALTERLARGEOBJECT">
+ <refmeta>
+  <refentrytitle id="SQL-ALTERLARGEOBJECT-title">ALTER LARGE OBJECT</refentrytitle>
+  <manvolnum>7</manvolnum>
+  <refmiscinfo>SQL - Language Statements</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+  <refname>ALTER LARGE OBJECT</refname>
+  <refpurpose>change the definition of a large object</refpurpose>
+ </refnamediv>
+
+ <indexterm zone="sql-alterlargeobject">
+  <primary>ALTER LARGE OBJECT</primary>
+ </indexterm>
+
+ <refsynopsisdiv>
+<synopsis>
+ALTER LARGE OBJECT <replaceable class="PARAMETER">large_object_oid</replaceable> OWNER TO <replaceable>new_owner</replaceable>
+</synopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+  <title>Description</title>
+
+  <para>
+   <command>ALTER LARGE OBJECT</command> changes the definition of a
+   large object. The only functionality is to assign a new owner.
+   You must be superuser or owner of the large object to use
+   <command>ALTER LARGE OBJECT</command>.
+  </para>
+ </refsect1>
+
+ <refsect1>
+  <title>Parameters</title>
+
+  <variablelist>
+   <varlistentry>
+    <term><replaceable>large_object_oid</replaceable></term>
+    <listitem>
+     <para>
+      OID of the large object to be altered
+     </para>
+    </listitem>
+   </varlistentry>
+
+   <varlistentry>
+    <term><replaceable>new_owner</replaceable></term>
+    <listitem>
+     <para>
+      The new owner of the large object
+     </para>
+    </listitem>
+   </varlistentry>
+  </variablelist>
+ </refsect1>
+
+ <refsect1>
+  <title>Compatibility</title>
+    
+  <para>
+   There is no <command>ALTER LARGE OBJECT</command> statement in the SQL
+   standard.
+  </para>
+ </refsect1>
+
+ <refsect1>
+  <title>See Also</title>
+
+  <simplelist type="inline">
+   <member><xref linkend="largeObjects" endterm="largeObjects-title"></member>
+  </simplelist>
+ </refsect1>
+
+</refentry>

diff --git a/doc/src/sgml/ref/grant.sgml b/doc/src/sgml/ref/grant.sgml
index 2e8f2050f113289e5bdbe7e52b7fec788804dbaf..86879acedbcb1077f65d9a3b364c51da555f1849 100644 (file)
--- a/doc/src/sgml/ref/grant.sgml
+++ b/doc/src/sgml/ref/grant.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/grant.sgml,v 1.79 2009/10/12 20:39:39 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/grant.sgml,v 1.80 2009/12/11 03:34:55 itagaki Exp $
 PostgreSQL documentation
 -->
 
@@ -59,6 +59,10 @@ GRANT { USAGE | ALL [ PRIVILEGES ] }
     ON LANGUAGE <replaceable>lang_name</replaceable> [, ...]
     TO { [ GROUP ] <replaceable class="PARAMETER">role_name</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ]
 
+GRANT { { SELECT | UPDATE } [,...] | ALL [ PRIVILEGES ] }
+    ON LARGE OBJECT <replaceable class="PARAMETER">loid</replaceable> [, ...]
+    TO { [ GROUP ] <replaceable class="PARAMETER">rolename</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ]
+
 GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
     ON SCHEMA <replaceable>schema_name</replaceable> [, ...]
     TO { [ GROUP ] <replaceable class="PARAMETER">role_name</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ]
@@ -170,6 +174,8 @@ GRANT <replaceable class="PARAMETER">role_name</replaceable> [, ...] TO <replace
        <xref linkend="sql-delete" endterm="sql-delete-title">.
        For sequences, this privilege also allows the use of the
        <function>currval</function> function.
+       For large objects, this privilege also allows to read from
+       the target large object.
       </para>
      </listitem>
     </varlistentry>
@@ -203,6 +209,8 @@ GRANT <replaceable class="PARAMETER">role_name</replaceable> [, ...] TO <replace
        <literal>SELECT</literal> privilege.  For sequences, this
        privilege allows the use of the <function>nextval</function> and
        <function>setval</function> functions.
+       For large objects, this privilege also allows to write or truncate
+       on the target large object.
       </para>
      </listitem>
     </varlistentry>

diff --git a/doc/src/sgml/ref/revoke.sgml b/doc/src/sgml/ref/revoke.sgml
index 0b8aea534c4e954bc8d123685b794a0e8faf8f1f..e31549fa3c3d20278717aee4950a2f68ed441799 100644 (file)
--- a/doc/src/sgml/ref/revoke.sgml
+++ b/doc/src/sgml/ref/revoke.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/revoke.sgml,v 1.53 2009/10/12 20:39:39 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/revoke.sgml,v 1.54 2009/12/11 03:34:55 itagaki Exp $
 PostgreSQL documentation
 -->
 
@@ -75,6 +75,12 @@ REVOKE [ GRANT OPTION FOR ]
     FROM { [ GROUP ] <replaceable class="PARAMETER">role_name</replaceable> | PUBLIC } [, ...]
     [ CASCADE | RESTRICT ]
 
+REVOKE [ GRANT OPTION FOR ]
+    { { SELECT | UPDATE } [,...] | ALL [ PRIVILEGES ] }
+    ON LARGE OBJECT <replaceable class="PARAMETER">loid</replaceable> [, ...]
+    FROM { [ GROUP ] <replaceable class="PARAMETER">rolename</replaceable> | PUBLIC } [, ...]
+    [ CASCADE | RESTRICT ]
+
 REVOKE [ GRANT OPTION FOR ]
     { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
     ON SCHEMA <replaceable>schema_name</replaceable> [, ...]

diff --git a/doc/src/sgml/reference.sgml b/doc/src/sgml/reference.sgml
index 0e72fc5475bd5851652e0bb8f06e7ab911c27c36..f97bf651ce55fbca51731dd1dc06d63a857e8362 100644 (file)
--- a/doc/src/sgml/reference.sgml
+++ b/doc/src/sgml/reference.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/reference.sgml,v 1.69 2009/10/05 19:24:33 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/reference.sgml,v 1.70 2009/12/11 03:34:55 itagaki Exp $ -->
 
 <part id="reference">
  <title>Reference</title>
@@ -44,6 +44,7 @@
    &alterGroup;
    &alterIndex;
    &alterLanguage;
+   &alterLargeObject;
    &alterOperator;
    &alterOperatorClass;
    &alterOperatorFamily;

diff --git a/src/backend/catalog/Makefile b/src/backend/catalog/Makefile
index ec548990b1003b850eb5883d2d87e4c25bf65fb1..02a2b01b815b936475de6088a51947ae1e99cd99 100644 (file)
--- a/src/backend/catalog/Makefile
+++ b/src/backend/catalog/Makefile
@@ -2,7 +2,7 @@
 #
 # Makefile for backend/catalog
 #
-# $PostgreSQL: pgsql/src/backend/catalog/Makefile,v 1.73 2009/10/07 22:14:16 alvherre Exp $
+# $PostgreSQL: pgsql/src/backend/catalog/Makefile,v 1.74 2009/12/11 03:34:55 itagaki Exp $
 #
 #-------------------------------------------------------------------------
 
@@ -29,9 +29,9 @@ POSTGRES_BKI_SRCS = $(addprefix $(top_srcdir)/src/include/catalog/,\
        pg_proc.h pg_type.h pg_attribute.h pg_class.h \
        pg_attrdef.h pg_constraint.h pg_inherits.h pg_index.h pg_operator.h \
        pg_opfamily.h pg_opclass.h pg_am.h pg_amop.h pg_amproc.h \
-       pg_language.h pg_largeobject.h pg_aggregate.h pg_statistic.h \
-       pg_rewrite.h pg_trigger.h pg_listener.h pg_description.h pg_cast.h \
-       pg_enum.h pg_namespace.h pg_conversion.h pg_depend.h \
+       pg_language.h pg_largeobject_metadata.h pg_largeobject.h pg_aggregate.h \
+       pg_statistic.h pg_rewrite.h pg_trigger.h pg_listener.h pg_description.h \
+       pg_cast.h pg_enum.h pg_namespace.h pg_conversion.h pg_depend.h \
        pg_database.h pg_db_role_setting.h pg_tablespace.h pg_pltemplate.h \
        pg_authid.h pg_auth_members.h pg_shdepend.h pg_shdescription.h \
        pg_ts_config.h pg_ts_config_map.h pg_ts_dict.h \

diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index 8b2599a99f53b06455142f24cfd112efba1017c7..3c2fdb0cf14556c9fb98195b68815f1e558c16ca 100644 (file)
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.156 2009/10/12 20:39:39 tgl Exp $
+ *       $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.157 2009/12/11 03:34:55 itagaki Exp $
  *
  * NOTES
  *       See acl.h.
@@ -31,6 +31,8 @@
 #include "catalog/pg_foreign_data_wrapper.h"
 #include "catalog/pg_foreign_server.h"
 #include "catalog/pg_language.h"
+#include "catalog/pg_largeobject.h"
+#include "catalog/pg_largeobject_metadata.h"
 #include "catalog/pg_namespace.h"
 #include "catalog/pg_opclass.h"
 #include "catalog/pg_operator.h"
@@ -103,6 +105,7 @@ static void ExecGrant_Fdw(InternalGrant *grantStmt);
 static void ExecGrant_ForeignServer(InternalGrant *grantStmt);
 static void ExecGrant_Function(InternalGrant *grantStmt);
 static void ExecGrant_Language(InternalGrant *grantStmt);
+static void ExecGrant_Largeobject(InternalGrant *grantStmt);
 static void ExecGrant_Namespace(InternalGrant *grantStmt);
 static void ExecGrant_Tablespace(InternalGrant *grantStmt);
 
@@ -251,6 +254,9 @@ restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs,
                case ACL_KIND_LANGUAGE:
                        whole_mask = ACL_ALL_RIGHTS_LANGUAGE;
                        break;
+               case ACL_KIND_LARGEOBJECT:
+                       whole_mask = ACL_ALL_RIGHTS_LARGEOBJECT;
+                       break;
                case ACL_KIND_NAMESPACE:
                        whole_mask = ACL_ALL_RIGHTS_NAMESPACE;
                        break;
@@ -410,6 +416,10 @@ ExecuteGrantStmt(GrantStmt *stmt)
                        all_privileges = ACL_ALL_RIGHTS_LANGUAGE;
                        errormsg = gettext_noop("invalid privilege type %s for language");
                        break;
+               case ACL_OBJECT_LARGEOBJECT:
+                       all_privileges = ACL_ALL_RIGHTS_LARGEOBJECT;
+                       errormsg = gettext_noop("invalid privilege type %s for large object");
+                       break;
                case ACL_OBJECT_NAMESPACE:
                        all_privileges = ACL_ALL_RIGHTS_NAMESPACE;
                        errormsg = gettext_noop("invalid privilege type %s for schema");
@@ -513,6 +523,9 @@ ExecGrantStmt_oids(InternalGrant *istmt)
                case ACL_OBJECT_LANGUAGE:
                        ExecGrant_Language(istmt);
                        break;
+               case ACL_OBJECT_LARGEOBJECT:
+                       ExecGrant_Largeobject(istmt);
+                       break;
                case ACL_OBJECT_NAMESPACE:
                        ExecGrant_Namespace(istmt);
                        break;
@@ -597,6 +610,20 @@ objectNamesToOids(GrantObjectType objtype, List *objnames)
                                ReleaseSysCache(tuple);
                        }
                        break;
+               case ACL_OBJECT_LARGEOBJECT:
+                       foreach(cell, objnames)
+                       {
+                               Oid             lobjOid = intVal(lfirst(cell));
+
+                               if (!LargeObjectExists(lobjOid))
+                                       ereport(ERROR,
+                                                       (errcode(ERRCODE_UNDEFINED_OBJECT),
+                                                        errmsg("large object %u does not exist",
+                                                                       lobjOid)));
+
+                               objects = lappend_oid(objects, lobjOid);
+                       }
+                       break;
                case ACL_OBJECT_NAMESPACE:
                        foreach(cell, objnames)
                        {
@@ -1279,6 +1306,9 @@ RemoveRoleFromObjectACL(Oid roleid, Oid classid, Oid objid)
                        case LanguageRelationId:
                                istmt.objtype = ACL_OBJECT_LANGUAGE;
                                break;
+                       case LargeObjectRelationId:
+                               istmt.objtype = ACL_OBJECT_LARGEOBJECT;
+                               break;
                        case NamespaceRelationId:
                                istmt.objtype = ACL_OBJECT_NAMESPACE;
                                break;
@@ -2472,6 +2502,138 @@ ExecGrant_Language(InternalGrant *istmt)
        heap_close(relation, RowExclusiveLock);
 }
 
+static void
+ExecGrant_Largeobject(InternalGrant *istmt)
+{
+       Relation        relation;
+       ListCell   *cell;
+
+       if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
+               istmt->privileges = ACL_ALL_RIGHTS_LARGEOBJECT;
+
+       relation = heap_open(LargeObjectMetadataRelationId,
+                                                RowExclusiveLock);
+
+       foreach(cell, istmt->objects)
+       {
+               Oid                     loid = lfirst_oid(cell);
+               Form_pg_largeobject_metadata    form_lo_meta;
+               char            loname[NAMEDATALEN];
+               Datum           aclDatum;
+               bool            isNull;
+               AclMode         avail_goptions;
+               AclMode         this_privileges;
+               Acl                *old_acl;
+               Acl                *new_acl;
+               Oid                     grantorId;
+               Oid                     ownerId;
+               HeapTuple       newtuple;
+               Datum           values[Natts_pg_largeobject_metadata];
+               bool            nulls[Natts_pg_largeobject_metadata];
+               bool            replaces[Natts_pg_largeobject_metadata];
+               int                     noldmembers;
+               int                     nnewmembers;
+               Oid                *oldmembers;
+               Oid                *newmembers;
+               ScanKeyData     entry[1];
+               SysScanDesc     scan;
+               HeapTuple       tuple;
+
+               /* There's no syscache for pg_largeobject_metadata */
+               ScanKeyInit(&entry[0],
+                                       ObjectIdAttributeNumber,
+                                       BTEqualStrategyNumber, F_OIDEQ,
+                                       ObjectIdGetDatum(loid));
+
+               scan = systable_beginscan(relation,
+                                                                 LargeObjectMetadataOidIndexId, true,
+                                                                 SnapshotNow, 1, entry);
+
+               tuple = systable_getnext(scan);
+               if (!HeapTupleIsValid(tuple))
+                       elog(ERROR, "cache lookup failed for large object %u", loid);
+
+               form_lo_meta = (Form_pg_largeobject_metadata) GETSTRUCT(tuple);
+
+               /*
+                * Get owner ID and working copy of existing ACL. If there's no ACL,
+                * substitute the proper default.
+                */
+               ownerId = form_lo_meta->lomowner;
+               aclDatum = heap_getattr(tuple,
+                                                               Anum_pg_largeobject_metadata_lomacl,
+                                                               RelationGetDescr(relation), &isNull);
+               if (isNull)
+                       old_acl = acldefault(ACL_OBJECT_LARGEOBJECT, ownerId);
+               else
+                       old_acl = DatumGetAclPCopy(aclDatum);
+
+               /* Determine ID to do the grant as, and available grant options */
+               select_best_grantor(GetUserId(), istmt->privileges,
+                                                       old_acl, ownerId,
+                                                       &grantorId, &avail_goptions);
+
+               /*
+                * Restrict the privileges to what we can actually grant, and emit the
+                * standards-mandated warning and error messages.
+                */
+               snprintf(loname, sizeof(loname), "large object %u", loid);
+               this_privileges =
+                       restrict_and_check_grant(istmt->is_grant, avail_goptions,
+                                                                        istmt->all_privs, istmt->privileges,
+                                                                        loid, grantorId, ACL_KIND_LARGEOBJECT,
+                                                                        loname, 0, NULL);
+
+               /*
+                * Generate new ACL.
+                *
+                * We need the members of both old and new ACLs so we can correct the
+                * shared dependency information.
+                */
+               noldmembers = aclmembers(old_acl, &oldmembers);
+
+               new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
+                                                                          istmt->grant_option, istmt->behavior,
+                                                                          istmt->grantees, this_privileges,
+                                                                          grantorId, ownerId);
+
+               nnewmembers = aclmembers(new_acl, &newmembers);
+
+               /* finished building new ACL value, now insert it */
+               MemSet(values, 0, sizeof(values));
+               MemSet(nulls, false, sizeof(nulls));
+               MemSet(replaces, false, sizeof(replaces));
+
+               replaces[Anum_pg_largeobject_metadata_lomacl - 1] = true;
+               values[Anum_pg_largeobject_metadata_lomacl - 1]
+                       = PointerGetDatum(new_acl);
+
+               newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
+                                                                        values, nulls, replaces);
+
+               simple_heap_update(relation, &newtuple->t_self, newtuple);
+
+               /* keep the catalog indexes up to date */
+               CatalogUpdateIndexes(relation, newtuple);
+
+               /* Update the shared dependency ACL info */
+               updateAclDependencies(LargeObjectRelationId,
+                                                         HeapTupleGetOid(tuple), 0,
+                                                         ownerId, istmt->is_grant,
+                                                         noldmembers, oldmembers,
+                                                         nnewmembers, newmembers);
+
+               systable_endscan(scan);
+
+               pfree(new_acl);
+
+               /* prevent error when processing duplicate objects */
+               CommandCounterIncrement();
+       }
+
+       heap_close(relation, RowExclusiveLock);
+}
+
 static void
 ExecGrant_Namespace(InternalGrant *istmt)
 {
@@ -2812,6 +2974,8 @@ static const char *const no_priv_msg[MAX_ACL_KIND] =
        gettext_noop("permission denied for type %s"),
        /* ACL_KIND_LANGUAGE */
        gettext_noop("permission denied for language %s"),
+       /* ACL_KIND_LARGEOBJECT */
+       gettext_noop("permission denied for large object %s"),
        /* ACL_KIND_NAMESPACE */
        gettext_noop("permission denied for schema %s"),
        /* ACL_KIND_OPCLASS */
@@ -2850,6 +3014,8 @@ static const char *const not_owner_msg[MAX_ACL_KIND] =
        gettext_noop("must be owner of type %s"),
        /* ACL_KIND_LANGUAGE */
        gettext_noop("must be owner of language %s"),
+       /* ACL_KIND_LARGEOBJECT */
+       gettext_noop("must be owner of large object %s"),
        /* ACL_KIND_NAMESPACE */
        gettext_noop("must be owner of schema %s"),
        /* ACL_KIND_OPCLASS */
@@ -2969,6 +3135,9 @@ pg_aclmask(AclObjectKind objkind, Oid table_oid, AttrNumber attnum, Oid roleid,
                        return pg_proc_aclmask(table_oid, roleid, mask, how);
                case ACL_KIND_LANGUAGE:
                        return pg_language_aclmask(table_oid, roleid, mask, how);
+               case ACL_KIND_LARGEOBJECT:
+                       return pg_largeobject_aclmask_snapshot(table_oid, roleid,
+                                                                                                  mask, how, SnapshotNow);
                case ACL_KIND_NAMESPACE:
                        return pg_namespace_aclmask(table_oid, roleid, mask, how);
                case ACL_KIND_TABLESPACE:
@@ -3351,6 +3520,90 @@ pg_language_aclmask(Oid lang_oid, Oid roleid,
        return result;
 }
 
+/*
+ * Exported routine for examining a user's privileges for a largeobject
+ *
+ * The reason why this interface has an argument of snapshot is that
+ * we apply a snapshot available on lo_open(), not SnapshotNow, when
+ * it is opened as read-only mode.
+ * If we could see the metadata and data from inconsistent viewpoint,
+ * it will give us much confusion. So, we need to provide an interface
+ * which takes an argument of snapshot.
+ *
+ * If the caller refers a large object with a certain snapshot except
+ * for SnapshotNow, its permission checks should be also applied in
+ * the same snapshot.
+ */
+AclMode
+pg_largeobject_aclmask_snapshot(Oid lobj_oid, Oid roleid,
+                                                               AclMode mask, AclMaskHow how,
+                                                               Snapshot snapshot)
+{
+       AclMode         result;
+       Relation        pg_lo_meta;
+       ScanKeyData     entry[1];
+       SysScanDesc     scan;
+       HeapTuple       tuple;
+       Datum           aclDatum;
+       bool            isNull;
+       Acl                *acl;
+       Oid                     ownerId;
+
+       /* Superusers bypass all permission checking. */
+       if (superuser_arg(roleid))
+               return mask;
+
+       /*
+        * Get the largeobject's ACL from pg_language_metadata
+        */
+       pg_lo_meta = heap_open(LargeObjectMetadataRelationId,
+                                                  AccessShareLock);
+
+       ScanKeyInit(&entry[0],
+                               ObjectIdAttributeNumber,
+                               BTEqualStrategyNumber, F_OIDEQ,
+                               ObjectIdGetDatum(lobj_oid));
+
+       scan = systable_beginscan(pg_lo_meta,
+                                                         LargeObjectMetadataOidIndexId, true,
+                                                         snapshot, 1, entry);
+
+       tuple = systable_getnext(scan);
+       if (!HeapTupleIsValid(tuple))
+               ereport(ERROR,
+                               (errcode(ERRCODE_UNDEFINED_OBJECT),
+                                errmsg("large object %u does not exist", lobj_oid)));
+
+       ownerId = ((Form_pg_largeobject_metadata) GETSTRUCT(tuple))->lomowner;
+
+       aclDatum = heap_getattr(tuple, Anum_pg_largeobject_metadata_lomacl,
+                                                       RelationGetDescr(pg_lo_meta), &isNull);
+
+       if (isNull)
+       {
+               /* No ACL, so build default ACL */
+               acl = acldefault(ACL_OBJECT_LARGEOBJECT, ownerId);
+               aclDatum = (Datum) 0;
+       }
+       else
+       {
+               /* detoast ACL if necessary */
+               acl = DatumGetAclP(aclDatum);
+       }
+
+       result = aclmask(acl, roleid, ownerId, mask, how);
+
+       /* if we have a detoasted copy, free it */
+       if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
+               pfree(acl);
+
+       systable_endscan(scan);
+
+       heap_close(pg_lo_meta, AccessShareLock);
+
+       return result;
+}
+
 /*
  * Exported routine for examining a user's privileges for a namespace
  */
@@ -3801,6 +4054,20 @@ pg_language_aclcheck(Oid lang_oid, Oid roleid, AclMode mode)
                return ACLCHECK_NO_PRIV;
 }
 
+/*
+ * Exported routine for checking a user's access privileges to a largeobject
+ */
+AclResult
+pg_largeobject_aclcheck_snapshot(Oid lobj_oid, Oid roleid, AclMode mode,
+                                                                Snapshot snapshot)
+{
+       if (pg_largeobject_aclmask_snapshot(lobj_oid, roleid, mode,
+                                                                               ACLMASK_ANY, snapshot) != 0)
+               return ACLCHECK_OK;
+       else
+               return ACLCHECK_NO_PRIV;
+}
+
 /*
  * Exported routine for checking a user's access privileges to a namespace
  */
@@ -3991,6 +4258,53 @@ pg_language_ownercheck(Oid lan_oid, Oid roleid)
        return has_privs_of_role(roleid, ownerId);
 }
 
+/*
+ * Ownership check for a largeobject (specified by OID)
+ *
+ * Note that we have no candidate to call this routine with a certain
+ * snapshot except for SnapshotNow, so we don't provide an interface
+ * with _snapshot() version now.
+ */
+bool
+pg_largeobject_ownercheck(Oid lobj_oid, Oid roleid)
+{
+       Relation        pg_lo_meta;
+       ScanKeyData     entry[1];
+       SysScanDesc     scan;
+       HeapTuple       tuple;
+       Oid                     ownerId;
+
+       /* Superusers bypass all permission checking. */
+       if (superuser_arg(roleid))
+               return true;
+
+       /* There's no syscache for pg_largeobject_metadata */
+       pg_lo_meta = heap_open(LargeObjectMetadataRelationId,
+                                                  AccessShareLock);
+
+       ScanKeyInit(&entry[0],
+                               ObjectIdAttributeNumber,
+                               BTEqualStrategyNumber, F_OIDEQ,
+                               ObjectIdGetDatum(lobj_oid));
+
+       scan = systable_beginscan(pg_lo_meta,
+                                                         LargeObjectMetadataOidIndexId, true,
+                                                         SnapshotNow, 1, entry);
+
+       tuple = systable_getnext(scan);
+       if (!HeapTupleIsValid(tuple))
+               ereport(ERROR,
+                               (errcode(ERRCODE_UNDEFINED_OBJECT),
+                                errmsg("large object %u does not exist", lobj_oid)));
+
+       ownerId = ((Form_pg_largeobject_metadata) GETSTRUCT(tuple))->lomowner;
+
+       systable_endscan(scan);
+       heap_close(pg_lo_meta, AccessShareLock);
+
+       return has_privs_of_role(roleid, ownerId);
+}
+
 /*
  * Ownership check for a namespace (specified by OID).
  */

diff --git a/src/backend/catalog/dependency.c b/src/backend/catalog/dependency.c
index 8a07c69c7e85681e47c5aeafc10b1f8b26192d00..4ef3bb3c56fbbd51bdfaabc07ff8aa41ff42f741 100644 (file)
--- a/src/backend/catalog/dependency.c
+++ b/src/backend/catalog/dependency.c
@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1994, Regents of the University of California
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/catalog/dependency.c,v 1.92 2009/10/05 19:24:35 tgl Exp $
+ *       $PostgreSQL: pgsql/src/backend/catalog/dependency.c,v 1.93 2009/12/11 03:34:55 itagaki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -37,6 +37,7 @@
 #include "catalog/pg_foreign_data_wrapper.h"
 #include "catalog/pg_foreign_server.h"
 #include "catalog/pg_language.h"
+#include "catalog/pg_largeobject.h"
 #include "catalog/pg_namespace.h"
 #include "catalog/pg_opclass.h"
 #include "catalog/pg_operator.h"
@@ -131,6 +132,7 @@ static const Oid object_classes[MAX_OCLASS] = {
        ConversionRelationId,           /* OCLASS_CONVERSION */
        AttrDefaultRelationId,          /* OCLASS_DEFAULT */
        LanguageRelationId,                     /* OCLASS_LANGUAGE */
+       LargeObjectRelationId,          /* OCLASS_LARGEOBJECT */
        OperatorRelationId,                     /* OCLASS_OPERATOR */
        OperatorClassRelationId,        /* OCLASS_OPCLASS */
        OperatorFamilyRelationId,       /* OCLASS_OPFAMILY */
@@ -1074,6 +1076,10 @@ doDeletion(const ObjectAddress *object)
                        DropProceduralLanguageById(object->objectId);
                        break;
 
+               case OCLASS_LARGEOBJECT:
+                       LargeObjectDrop(object->objectId);
+                       break;
+
                case OCLASS_OPERATOR:
                        RemoveOperatorById(object->objectId);
                        break;
@@ -1991,6 +1997,10 @@ getObjectClass(const ObjectAddress *object)
                        Assert(object->objectSubId == 0);
                        return OCLASS_LANGUAGE;
 
+               case LargeObjectRelationId:
+                       Assert(object->objectSubId == 0);
+                       return OCLASS_LARGEOBJECT;
+
                case OperatorRelationId:
                        Assert(object->objectSubId == 0);
                        return OCLASS_OPERATOR;
@@ -2243,6 +2253,10 @@ getObjectDescription(const ObjectAddress *object)
                                ReleaseSysCache(langTup);
                                break;
                        }
+               case OCLASS_LARGEOBJECT:
+                       appendStringInfo(&buffer, _("large object %u"),
+                                                        object->objectId);
+                       break;
 
                case OCLASS_OPERATOR:
                        appendStringInfo(&buffer, _("operator %s"),

diff --git a/src/backend/catalog/pg_largeobject.c b/src/backend/catalog/pg_largeobject.c
index 313ccdd3f07b4e8f1d978dcd9f2adc75c2ca6425..517a0f3932ece4e5b0d2d9d7b6666eb290291b81 100644 (file)
--- a/src/backend/catalog/pg_largeobject.c
+++ b/src/backend/catalog/pg_largeobject.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/catalog/pg_largeobject.c,v 1.33 2009/08/04 16:08:36 tgl Exp $
+ *       $PostgreSQL: pgsql/src/backend/catalog/pg_largeobject.c,v 1.34 2009/12/11 03:34:55 itagaki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -16,8 +16,16 @@
 
 #include "access/genam.h"
 #include "access/heapam.h"
+#include "access/sysattr.h"
+#include "catalog/catalog.h"
+#include "catalog/dependency.h"
 #include "catalog/indexing.h"
+#include "catalog/pg_authid.h"
 #include "catalog/pg_largeobject.h"
+#include "catalog/pg_largeobject_metadata.h"
+#include "catalog/toasting.h"
+#include "miscadmin.h"
+#include "utils/acl.h"
 #include "utils/bytea.h"
 #include "utils/fmgroids.h"
 #include "utils/rel.h"
@@ -27,113 +35,258 @@
 /*
  * Create a large object having the given LO identifier.
  *
- * We do this by inserting an empty first page, so that the object will
- * appear to exist with size 0.  Note that the unique index will reject
- * an attempt to create a duplicate page.
+ * We create a new large object by inserting an entry into
+ * pg_largeobject_metadata without any data pages, so that the object
+ * will appear to exist with size 0.
  */
-void
+Oid
 LargeObjectCreate(Oid loid)
 {
-       Relation        pg_largeobject;
+       Relation        pg_lo_meta;
        HeapTuple       ntup;
-       Datum           values[Natts_pg_largeobject];
-       bool            nulls[Natts_pg_largeobject];
-       int                     i;
+       Oid                     loid_new;
+       Datum           values[Natts_pg_largeobject_metadata];
+       bool            nulls[Natts_pg_largeobject_metadata];
 
-       pg_largeobject = heap_open(LargeObjectRelationId, RowExclusiveLock);
+       pg_lo_meta = heap_open(LargeObjectMetadataRelationId,
+                                                  RowExclusiveLock);
 
        /*
-        * Form new tuple
+        * Insert metadata of the largeobject
         */
-       for (i = 0; i < Natts_pg_largeobject; i++)
-       {
-               values[i] = (Datum) NULL;
-               nulls[i] = false;
-       }
+       memset(values, 0, sizeof(values));
+       memset(nulls, false, sizeof(nulls));
 
-       i = 0;
-       values[i++] = ObjectIdGetDatum(loid);
-       values[i++] = Int32GetDatum(0);
-       values[i++] = DirectFunctionCall1(byteain,
-                                                                         CStringGetDatum(""));
+       values[Anum_pg_largeobject_metadata_lomowner - 1]
+               = ObjectIdGetDatum(GetUserId());
+       nulls[Anum_pg_largeobject_metadata_lomacl - 1] = true;
 
-       ntup = heap_form_tuple(pg_largeobject->rd_att, values, nulls);
+       ntup = heap_form_tuple(RelationGetDescr(pg_lo_meta),
+                                                  values, nulls);
+       if (OidIsValid(loid))
+               HeapTupleSetOid(ntup, loid);
 
-       /*
-        * Insert it
-        */
-       simple_heap_insert(pg_largeobject, ntup);
-
-       /* Update indexes */
-       CatalogUpdateIndexes(pg_largeobject, ntup);
+       loid_new = simple_heap_insert(pg_lo_meta, ntup);
+       Assert(!OidIsValid(loid) || loid == loid_new);
 
-       heap_close(pg_largeobject, RowExclusiveLock);
+       CatalogUpdateIndexes(pg_lo_meta, ntup);
 
        heap_freetuple(ntup);
+
+       heap_close(pg_lo_meta, RowExclusiveLock);
+
+       return loid_new;
 }
 
+/*
+ * Drop a large object having the given LO identifier.
+ *
+ * When we drop a large object, it is necessary to drop both of metadata
+ * and data pages in same time.
+ */
 void
 LargeObjectDrop(Oid loid)
 {
-       bool            found = false;
+       Relation        pg_lo_meta;
        Relation        pg_largeobject;
        ScanKeyData skey[1];
-       SysScanDesc sd;
+       SysScanDesc scan;
        HeapTuple       tuple;
 
+       pg_lo_meta = heap_open(LargeObjectMetadataRelationId,
+                                                  RowExclusiveLock);
+
+       pg_largeobject = heap_open(LargeObjectRelationId,
+                                                          RowExclusiveLock);
+
+       /*
+        * Delete an entry from pg_largeobject_metadata
+        */
        ScanKeyInit(&skey[0],
-                               Anum_pg_largeobject_loid,
+                               ObjectIdAttributeNumber,
                                BTEqualStrategyNumber, F_OIDEQ,
-                               ObjectIdGetDatum(loid));
+                               ObjectIdGetDatum(loid));        
 
-       pg_largeobject = heap_open(LargeObjectRelationId, RowExclusiveLock);
+       scan = systable_beginscan(pg_lo_meta,
+                                                         LargeObjectMetadataOidIndexId, true,
+                                                         SnapshotNow, 1, skey);
 
-       sd = systable_beginscan(pg_largeobject, LargeObjectLOidPNIndexId, true,
-                                                       SnapshotNow, 1, skey);
+       tuple = systable_getnext(scan);
+       if (!HeapTupleIsValid(tuple))
+               ereport(ERROR,
+                               (errcode(ERRCODE_UNDEFINED_OBJECT),
+                                errmsg("large object %u does not exist", loid)));
+
+       simple_heap_delete(pg_lo_meta, &tuple->t_self);
+
+       systable_endscan(scan);
+
+       /*
+        * Delete all the associated entries from pg_largeobject
+        */
+       ScanKeyInit(&skey[0],
+                               Anum_pg_largeobject_loid,
+                               BTEqualStrategyNumber, F_OIDEQ,
+                               ObjectIdGetDatum(loid));
 
-       while ((tuple = systable_getnext(sd)) != NULL)
+       scan = systable_beginscan(pg_largeobject,
+                                                         LargeObjectLOidPNIndexId, true,
+                                                         SnapshotNow, 1, skey);
+       while (HeapTupleIsValid(tuple = systable_getnext(scan)))
        {
                simple_heap_delete(pg_largeobject, &tuple->t_self);
-               found = true;
        }
 
-       systable_endscan(sd);
+       systable_endscan(scan);
 
        heap_close(pg_largeobject, RowExclusiveLock);
 
-       if (!found)
+       heap_close(pg_lo_meta, RowExclusiveLock);
+}
+
+/*
+ * LargeObjectAlterOwner
+ *
+ * Implementation of ALTER LARGE OBJECT statement
+ */
+void
+LargeObjectAlterOwner(Oid loid, Oid newOwnerId)
+{
+       Form_pg_largeobject_metadata    form_lo_meta;
+       Relation        pg_lo_meta;
+       ScanKeyData     skey[1];
+       SysScanDesc     scan;
+       HeapTuple       oldtup;
+       HeapTuple       newtup;
+
+       pg_lo_meta = heap_open(LargeObjectMetadataRelationId,
+                                                  RowExclusiveLock);
+
+       ScanKeyInit(&skey[0],
+                               ObjectIdAttributeNumber,
+                               BTEqualStrategyNumber, F_OIDEQ,
+                               ObjectIdGetDatum(loid));
+
+       scan = systable_beginscan(pg_lo_meta,
+                                                         LargeObjectMetadataOidIndexId, true,
+                                                         SnapshotNow, 1, skey);
+
+       oldtup = systable_getnext(scan);
+       if (!HeapTupleIsValid(oldtup))
                ereport(ERROR,
                                (errcode(ERRCODE_UNDEFINED_OBJECT),
                                 errmsg("large object %u does not exist", loid)));
+
+       form_lo_meta = (Form_pg_largeobject_metadata) GETSTRUCT(oldtup);
+       if (form_lo_meta->lomowner != newOwnerId)
+       {
+               Datum           values[Natts_pg_largeobject_metadata];
+               bool            nulls[Natts_pg_largeobject_metadata];
+               bool            replaces[Natts_pg_largeobject_metadata];
+               Acl                *newAcl;
+               Datum           aclDatum;
+               bool            isnull;
+
+               /* Superusers can always do it */
+               if (!superuser())
+               {
+                       /*
+                        * The 'lo_compat_privileges' is not checked here, because we
+                        * don't have any access control features in the 8.4.x series
+                        * or earlier release.
+                        * So, it is not a place we can define a compatible behavior.
+                        */
+
+                       /* Otherwise, must be owner of the existing object */
+                       if (!pg_largeobject_ownercheck(loid, GetUserId()))
+                               ereport(ERROR,
+                                               (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+                                                errmsg("must be owner of large object %u", loid)));
+
+                       /* Must be able to become new owner */
+                       check_is_member_of_role(GetUserId(), newOwnerId);
+               }
+
+               memset(values, 0, sizeof(values));
+               memset(nulls, false, sizeof(nulls));
+               memset(replaces, false, sizeof(nulls));
+
+               values[Anum_pg_largeobject_metadata_lomowner - 1]
+                       = ObjectIdGetDatum(newOwnerId);
+               replaces[Anum_pg_largeobject_metadata_lomowner - 1] = true;
+
+               /*
+                * Determine the modified ACL for the new owner.
+                * This is only necessary when the ACL is non-null.
+                */
+               aclDatum = heap_getattr(oldtup,
+                                                               Anum_pg_largeobject_metadata_lomacl,
+                                                               RelationGetDescr(pg_lo_meta), &isnull);
+               if (!isnull)
+               {
+                       newAcl = aclnewowner(DatumGetAclP(aclDatum),
+                                                                form_lo_meta->lomowner, newOwnerId);
+                       values[Anum_pg_largeobject_metadata_lomacl - 1]
+                               = PointerGetDatum(newAcl);
+                       replaces[Anum_pg_largeobject_metadata_lomacl - 1] = true;
+               }
+
+               newtup = heap_modify_tuple(oldtup, RelationGetDescr(pg_lo_meta),
+                                                                  values, nulls, replaces);
+
+               simple_heap_update(pg_lo_meta, &newtup->t_self, newtup);
+               CatalogUpdateIndexes(pg_lo_meta, newtup);
+
+               heap_freetuple(newtup);
+
+               /* Update owner dependency reference */
+               changeDependencyOnOwner(LargeObjectRelationId,
+                                                               loid, newOwnerId);
+       }
+       systable_endscan(scan);
+
+       heap_close(pg_lo_meta, RowExclusiveLock);
 }
 
+/*
+ * LargeObjectExists
+ *
+ * Currently, we don't use system cache to contain metadata of
+ * large objects, because massive number of large objects can
+ * consume not a small amount of process local memory.
+ *
+ * Note that LargeObjectExists always scans the system catalog
+ * with SnapshotNow, so it is unavailable to use to check
+ * existence in read-only accesses.
+ */
 bool
 LargeObjectExists(Oid loid)
 {
+       Relation        pg_lo_meta;
+       ScanKeyData     skey[1];
+       SysScanDesc     sd;
+       HeapTuple       tuple;
        bool            retval = false;
-       Relation        pg_largeobject;
-       ScanKeyData skey[1];
-       SysScanDesc sd;
 
-       /*
-        * See if we can find any tuples belonging to the specified LO
-        */
        ScanKeyInit(&skey[0],
-                               Anum_pg_largeobject_loid,
+                               ObjectIdAttributeNumber,
                                BTEqualStrategyNumber, F_OIDEQ,
                                ObjectIdGetDatum(loid));
 
-       pg_largeobject = heap_open(LargeObjectRelationId, AccessShareLock);
+       pg_lo_meta = heap_open(LargeObjectMetadataRelationId,
+                                                  AccessShareLock);
 
-       sd = systable_beginscan(pg_largeobject, LargeObjectLOidPNIndexId, true,
+       sd = systable_beginscan(pg_lo_meta,
+                                                       LargeObjectMetadataOidIndexId, true,
                                                        SnapshotNow, 1, skey);
 
-       if (systable_getnext(sd) != NULL)
+       tuple = systable_getnext(sd);
+       if (HeapTupleIsValid(tuple))
                retval = true;
 
        systable_endscan(sd);
 
-       heap_close(pg_largeobject, AccessShareLock);
+       heap_close(pg_lo_meta, AccessShareLock);
 
        return retval;
 }

diff --git a/src/backend/catalog/pg_shdepend.c b/src/backend/catalog/pg_shdepend.c
index be70143ea27e4ba554c9ffd13043b8d7912bc70a..7130444448e9502da857fdbcf412f943cc7ef2a6 100644 (file)
--- a/src/backend/catalog/pg_shdepend.c
+++ b/src/backend/catalog/pg_shdepend.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/catalog/pg_shdepend.c,v 1.36 2009/10/07 22:14:18 alvherre Exp $
+ *       $PostgreSQL: pgsql/src/backend/catalog/pg_shdepend.c,v 1.37 2009/12/11 03:34:55 itagaki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -25,6 +25,7 @@
 #include "catalog/pg_database.h"
 #include "catalog/pg_default_acl.h"
 #include "catalog/pg_language.h"
+#include "catalog/pg_largeobject.h"
 #include "catalog/pg_namespace.h"
 #include "catalog/pg_operator.h"
 #include "catalog/pg_proc.h"
@@ -1347,6 +1348,10 @@ shdepReassignOwned(List *roleids, Oid newrole)
                                        AlterLanguageOwner_oid(sdepForm->objid, newrole);
                                        break;
 
+                               case LargeObjectRelationId:
+                                       LargeObjectAlterOwner(sdepForm->objid, newrole);
+                                       break;
+
                                case DefaultAclRelationId:
                                        /*
                                         * Ignore default ACLs; they should be handled by

diff --git a/src/backend/commands/alter.c b/src/backend/commands/alter.c
index b91f2205d1ceed111ce97b43e0cd1729dee53113..8ba630a83db4055b9214ed7080fdabd7fd81bcd1 100644 (file)
--- a/src/backend/commands/alter.c
+++ b/src/backend/commands/alter.c
@@ -8,13 +8,14 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/commands/alter.c,v 1.31 2009/01/01 17:23:37 momjian Exp $
+ *       $PostgreSQL: pgsql/src/backend/commands/alter.c,v 1.32 2009/12/11 03:34:55 itagaki Exp $
  *
  *-------------------------------------------------------------------------
  */
 #include "postgres.h"
 
 #include "catalog/namespace.h"
+#include "catalog/pg_largeobject.h"
 #include "commands/alter.h"
 #include "commands/conversioncmds.h"
 #include "commands/dbcommands.h"
@@ -233,6 +234,10 @@ ExecAlterOwnerStmt(AlterOwnerStmt *stmt)
                        AlterLanguageOwner(strVal(linitial(stmt->object)), newowner);
                        break;
 
+               case OBJECT_LARGEOBJECT:
+                       LargeObjectAlterOwner(intVal(linitial(stmt->object)), newowner);
+                       break;
+
                case OBJECT_OPERATOR:
                        Assert(list_length(stmt->objarg) == 2);
                        AlterOperatorOwner(stmt->object,

diff --git a/src/backend/commands/comment.c b/src/backend/commands/comment.c
index 610816db6d02cc1b9d8d45195f58e5da3464dedc..d57ea25d9ca0892eb51a57ffd54e9275ef82331d 100644 (file)
--- a/src/backend/commands/comment.c
+++ b/src/backend/commands/comment.c
@@ -7,7 +7,7 @@
  * Copyright (c) 1996-2009, PostgreSQL Global Development Group
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/commands/comment.c,v 1.108 2009/10/12 19:49:24 adunstan Exp $
+ *       $PostgreSQL: pgsql/src/backend/commands/comment.c,v 1.109 2009/12/11 03:34:55 itagaki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -25,6 +25,7 @@
 #include "catalog/pg_description.h"
 #include "catalog/pg_language.h"
 #include "catalog/pg_largeobject.h"
+#include "catalog/pg_largeobject_metadata.h"
 #include "catalog/pg_namespace.h"
 #include "catalog/pg_opclass.h"
 #include "catalog/pg_operator.h"
@@ -42,6 +43,7 @@
 #include "commands/comment.h"
 #include "commands/dbcommands.h"
 #include "commands/tablespace.h"
+#include "libpq/be-fsstubs.h"
 #include "miscadmin.h"
 #include "nodes/makefuncs.h"
 #include "parser/parse_func.h"
@@ -1435,7 +1437,20 @@ CommentLargeObject(List *qualname, char *comment)
                                (errcode(ERRCODE_UNDEFINED_OBJECT),
                                 errmsg("large object %u does not exist", loid)));
 
-       /* Call CreateComments() to create/drop the comments */
+       /* Permission checks */
+       if (!lo_compat_privileges &&
+               !pg_largeobject_ownercheck(loid, GetUserId()))
+               ereport(ERROR,
+                               (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+                                errmsg("must be owner of large object %u", loid)));
+
+       /*
+        * Call CreateComments() to create/drop the comments
+        *
+        * See the comment in the inv_create() which describes
+        * the reason why LargeObjectRelationId is used instead
+        * of the LargeObjectMetadataRelationId.
+        */
        CreateComments(loid, LargeObjectRelationId, 0, comment);
 }
 

diff --git a/src/backend/commands/tablecmds.c b/src/backend/commands/tablecmds.c
index c9188b2d7c6088f1cd128cef077a20bb140553ed..2344b79547b9abb0ac0b8b589483aa1c0ab7d4e6 100644 (file)
--- a/src/backend/commands/tablecmds.c
+++ b/src/backend/commands/tablecmds.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/commands/tablecmds.c,v 1.308 2009/12/09 21:57:50 tgl Exp $
+ *       $PostgreSQL: pgsql/src/backend/commands/tablecmds.c,v 1.309 2009/12/11 03:34:55 itagaki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -6186,6 +6186,7 @@ ATExecAlterColumnType(AlteredTableInfo *tab, Relation rel,
                        case OCLASS_CAST:
                        case OCLASS_CONVERSION:
                        case OCLASS_LANGUAGE:
+                       case OCLASS_LARGEOBJECT:
                        case OCLASS_OPERATOR:
                        case OCLASS_OPCLASS:
                        case OCLASS_OPFAMILY:

diff --git a/src/backend/libpq/be-fsstubs.c b/src/backend/libpq/be-fsstubs.c
index 24605b5490df3dcfb3e276f4e219227dd95492b6..0b816b6ff02d73c81409485491387705b7038ac3 100644 (file)
--- a/src/backend/libpq/be-fsstubs.c
+++ b/src/backend/libpq/be-fsstubs.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/libpq/be-fsstubs.c,v 1.91 2009/06/11 14:48:58 momjian Exp $
+ *       $PostgreSQL: pgsql/src/backend/libpq/be-fsstubs.c,v 1.92 2009/12/11 03:34:55 itagaki Exp $
  *
  * NOTES
  *       This should be moved to a more appropriate place.  It is here
@@ -42,14 +42,20 @@
 #include <sys/stat.h>
 #include <unistd.h>
 
+#include "catalog/pg_largeobject_metadata.h"
 #include "libpq/be-fsstubs.h"
 #include "libpq/libpq-fs.h"
 #include "miscadmin.h"
 #include "storage/fd.h"
 #include "storage/large_object.h"
+#include "utils/acl.h"
 #include "utils/builtins.h"
 #include "utils/memutils.h"
 
+/*
+ * compatibility flag for permission checks
+ */
+bool lo_compat_privileges;
 
 /*#define FSDB 1*/
 #define BUFSIZE                        8192
@@ -156,6 +162,17 @@ lo_read(int fd, char *buf, int len)
                                (errcode(ERRCODE_UNDEFINED_OBJECT),
                                 errmsg("invalid large-object descriptor: %d", fd)));
 
+       /* Permission checks */
+       if (!lo_compat_privileges &&
+               pg_largeobject_aclcheck_snapshot(cookies[fd]->id,
+                                                                                GetUserId(),
+                                                                                ACL_SELECT,
+                                                                                cookies[fd]->snapshot) != ACLCHECK_OK)
+               ereport(ERROR,
+                               (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+                                errmsg("permission denied for large object %u",
+                                               cookies[fd]->id)));
+
        status = inv_read(cookies[fd], buf, len);
 
        return status;
@@ -177,6 +194,17 @@ lo_write(int fd, const char *buf, int len)
                          errmsg("large object descriptor %d was not opened for writing",
                                         fd)));
 
+       /* Permission checks */
+       if (!lo_compat_privileges &&
+               pg_largeobject_aclcheck_snapshot(cookies[fd]->id,
+                                                                                GetUserId(),
+                                                                                ACL_UPDATE,
+                                                                                cookies[fd]->snapshot) != ACLCHECK_OK)
+               ereport(ERROR,
+                (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+                                errmsg("permission denied for large object %u",
+                                               cookies[fd]->id)));
+
        status = inv_write(cookies[fd], buf, len);
 
        return status;
@@ -251,6 +279,13 @@ lo_unlink(PG_FUNCTION_ARGS)
 {
        Oid                     lobjId = PG_GETARG_OID(0);
 
+       /* Must be owner of the largeobject */
+       if (!lo_compat_privileges &&
+               !pg_largeobject_ownercheck(lobjId, GetUserId()))
+               ereport(ERROR,
+                               (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+                                errmsg("must be owner of large object %u", lobjId)));
+
        /*
         * If there are any open LO FDs referencing that ID, close 'em.
         */
@@ -482,6 +517,17 @@ lo_truncate(PG_FUNCTION_ARGS)
                                (errcode(ERRCODE_UNDEFINED_OBJECT),
                                 errmsg("invalid large-object descriptor: %d", fd)));
 
+       /* Permission checks */
+       if (!lo_compat_privileges &&
+               pg_largeobject_aclcheck_snapshot(cookies[fd]->id,
+                                                                                GetUserId(),
+                                                                                ACL_UPDATE,
+                                                                                cookies[fd]->snapshot) != ACLCHECK_OK)
+               ereport(ERROR,
+                               (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+                                errmsg("permission denied for large object %u",
+                                               cookies[fd]->id)));
+
        inv_truncate(cookies[fd], len);
 
        PG_RETURN_INT32(0);

diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y
index 8dca257360575558d73f985d72767c6bdd418fbb..3257ccbbf839dbb437d521a5cab9763473461612 100644 (file)
--- a/src/backend/parser/gram.y
+++ b/src/backend/parser/gram.y
@@ -11,7 +11,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/parser/gram.y,v 2.695 2009/12/07 05:22:22 tgl Exp $
+ *       $PostgreSQL: pgsql/src/backend/parser/gram.y,v 2.696 2009/12/11 03:34:55 itagaki Exp $
  *
  * HISTORY
  *       AUTHOR                        DATE                    MAJOR EVENT
@@ -397,6 +397,7 @@ static TypeName *TableFuncTypeName(List *columns);
 %type <boolean> opt_varying opt_timezone
 
 %type <ival>   Iconst SignedIconst
+%type <list>   Iconst_list
 %type <str>            Sconst comment_text
 %type <str>            RoleId opt_granted_by opt_boolean ColId_or_Sconst
 %type <list>   var_list
@@ -4576,6 +4577,14 @@ privilege_target:
                                        n->objs = $2;
                                        $$ = n;
                                }
+                       | LARGE_P OBJECT_P Iconst_list
+                               {
+                                       PrivTarget *n = (PrivTarget *) palloc(sizeof(PrivTarget));
+                                       n->targtype = ACL_TARGET_OBJECT;
+                                       n->objtype = ACL_OBJECT_LARGEOBJECT;
+                                       n->objs = $3;
+                                       $$ = n;
+                               }
                        | SCHEMA name_list
                                {
                                        PrivTarget *n = (PrivTarget *) palloc(sizeof(PrivTarget));
@@ -5851,6 +5860,14 @@ AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId
                                        n->newowner = $7;
                                        $$ = (Node *)n;
                                }
+                       | ALTER LARGE_P OBJECT_P Iconst OWNER TO RoleId
+                               {
+                                       AlterOwnerStmt *n = makeNode(AlterOwnerStmt);
+                                       n->objectType = OBJECT_LARGEOBJECT;
+                                       n->object = list_make1(makeInteger($4));
+                                       n->newowner = $7;
+                                       $$ = (Node *)n;
+                               }
                        | ALTER OPERATOR any_operator oper_argtypes OWNER TO RoleId
                                {
                                        AlterOwnerStmt *n = makeNode(AlterOwnerStmt);
@@ -10542,6 +10559,10 @@ SignedIconst: Iconst                                                           { $$ = $1; }
                        | '-' Iconst                                                    { $$ = - $2; }
                ;
 
+Iconst_list:   Iconst                                          { $$ = list_make1(makeInteger($1)); }
+                               | Iconst_list ',' Iconst        { $$ = lappend($1, makeInteger($3)); }
+               ;
+
 /*
  * Name classification hierarchy.
  *

diff --git a/src/backend/storage/large_object/inv_api.c b/src/backend/storage/large_object/inv_api.c
index 0def1decd0da4d6a284a5a77b04d9d585fcc7bf0..224971c03eb1df0b19a4ca331d7e55bde2e50711 100644 (file)
--- a/src/backend/storage/large_object/inv_api.c
+++ b/src/backend/storage/large_object/inv_api.c
@@ -24,7 +24,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/storage/large_object/inv_api.c,v 1.138 2009/06/11 14:49:02 momjian Exp $
+ *       $PostgreSQL: pgsql/src/backend/storage/large_object/inv_api.c,v 1.139 2009/12/11 03:34:55 itagaki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -32,18 +32,23 @@
 
 #include "access/genam.h"
 #include "access/heapam.h"
+#include "access/sysattr.h"
 #include "access/tuptoaster.h"
 #include "access/xact.h"
 #include "catalog/catalog.h"
+#include "catalog/dependency.h"
 #include "catalog/indexing.h"
 #include "catalog/pg_largeobject.h"
+#include "catalog/pg_largeobject_metadata.h"
 #include "commands/comment.h"
 #include "libpq/libpq-fs.h"
+#include "miscadmin.h"
 #include "storage/large_object.h"
 #include "utils/fmgroids.h"
 #include "utils/rel.h"
 #include "utils/resowner.h"
 #include "utils/snapmgr.h"
+#include "utils/syscache.h"
 #include "utils/tqual.h"
 
 
@@ -139,30 +144,31 @@ close_lo_relation(bool isCommit)
 static bool
 myLargeObjectExists(Oid loid, Snapshot snapshot)
 {
+       Relation        pg_lo_meta;
+       ScanKeyData     skey[1];
+       SysScanDesc     sd;
+       HeapTuple       tuple;
        bool            retval = false;
-       Relation        pg_largeobject;
-       ScanKeyData skey[1];
-       SysScanDesc sd;
 
-       /*
-        * See if we can find any tuples belonging to the specified LO
-        */
        ScanKeyInit(&skey[0],
-                               Anum_pg_largeobject_loid,
+                               ObjectIdAttributeNumber,
                                BTEqualStrategyNumber, F_OIDEQ,
                                ObjectIdGetDatum(loid));
 
-       pg_largeobject = heap_open(LargeObjectRelationId, AccessShareLock);
+       pg_lo_meta = heap_open(LargeObjectMetadataRelationId,
+                                                  AccessShareLock);
 
-       sd = systable_beginscan(pg_largeobject, LargeObjectLOidPNIndexId, true,
+       sd = systable_beginscan(pg_lo_meta,
+                                                       LargeObjectMetadataOidIndexId, true,
                                                        snapshot, 1, skey);
 
-       if (systable_getnext(sd) != NULL)
+       tuple = systable_getnext(sd);
+       if (HeapTupleIsValid(tuple))
                retval = true;
 
        systable_endscan(sd);
 
-       heap_close(pg_largeobject, AccessShareLock);
+       heap_close(pg_lo_meta, AccessShareLock);
 
        return retval;
 }
@@ -193,31 +199,31 @@ getbytealen(bytea *data)
 Oid
 inv_create(Oid lobjId)
 {
+       Oid                     lobjId_new;
+
        /*
-        * Allocate an OID to be the LO's identifier, unless we were told what to
-        * use.  We can use the index on pg_largeobject for checking OID
-        * uniqueness, even though it has additional columns besides OID.
+        * Create a new largeobject with empty data pages
         */
-       if (!OidIsValid(lobjId))
-       {
-               open_lo_relation();
-
-               lobjId = GetNewOidWithIndex(lo_heap_r, LargeObjectLOidPNIndexId,
-                                                                       Anum_pg_largeobject_loid);
-       }
+       lobjId_new = LargeObjectCreate(lobjId);
 
        /*
-        * Create the LO by writing an empty first page for it in pg_largeobject
-        * (will fail if duplicate)
+        * dependency on the owner of largeobject
+        *
+        * The reason why we use LargeObjectRelationId instead of
+        * LargeObjectMetadataRelationId here is to provide backward
+        * compatibility to the applications which utilize a knowledge
+        * about internal layout of system catalogs.
+        * OID of pg_largeobject_metadata and loid of pg_largeobject
+        * are same value, so there are no actual differences here.
         */
-       LargeObjectCreate(lobjId);
-
+       recordDependencyOnOwner(LargeObjectRelationId,
+                                                       lobjId_new, GetUserId());
        /*
         * Advance command counter to make new tuple visible to later operations.
         */
        CommandCounterIncrement();
 
-       return lobjId;
+       return lobjId_new;
 }
 
 /*
@@ -292,10 +298,15 @@ inv_close(LargeObjectDesc *obj_desc)
 int
 inv_drop(Oid lobjId)
 {
-       LargeObjectDrop(lobjId);
+       ObjectAddress   object;
 
-       /* Delete any comments on the large object */
-       DeleteComments(lobjId, LargeObjectRelationId, 0);
+       /*
+        * Delete any comments and dependencies on the large object
+        */
+       object.classId = LargeObjectRelationId;
+       object.objectId = lobjId;
+       object.objectSubId = 0;
+       performDeletion(&object, DROP_CASCADE);
 
        /*
         * Advance command counter so that tuple removal will be seen by later
@@ -315,7 +326,6 @@ inv_drop(Oid lobjId)
 static uint32
 inv_getsize(LargeObjectDesc *obj_desc)
 {
-       bool            found = false;
        uint32          lastbyte = 0;
        ScanKeyData skey[1];
        SysScanDesc sd;
@@ -339,13 +349,13 @@ inv_getsize(LargeObjectDesc *obj_desc)
         * large object in reverse pageno order.  So, it's sufficient to examine
         * the first valid tuple (== last valid page).
         */
-       while ((tuple = systable_getnext_ordered(sd, BackwardScanDirection)) != NULL)
+       tuple = systable_getnext_ordered(sd, BackwardScanDirection);
+       if (HeapTupleIsValid(tuple))
        {
                Form_pg_largeobject data;
                bytea      *datafield;
                bool            pfreeit;
 
-               found = true;
                if (HeapTupleHasNulls(tuple))   /* paranoia */
                        elog(ERROR, "null field found in pg_largeobject");
                data = (Form_pg_largeobject) GETSTRUCT(tuple);
@@ -360,15 +370,10 @@ inv_getsize(LargeObjectDesc *obj_desc)
                lastbyte = data->pageno * LOBLKSIZE + getbytealen(datafield);
                if (pfreeit)
                        pfree(datafield);
-               break;
        }
 
        systable_endscan_ordered(sd);
 
-       if (!found)
-               ereport(ERROR,
-                               (errcode(ERRCODE_UNDEFINED_OBJECT),
-                                errmsg("large object %u does not exist", obj_desc->id)));
        return lastbyte;
 }
 
@@ -545,6 +550,12 @@ inv_write(LargeObjectDesc *obj_desc, const char *buf, int nbytes)
                                 errmsg("large object %u was not opened for writing",
                                                obj_desc->id)));
 
+       /* check existence of the target largeobject */
+       if (!LargeObjectExists(obj_desc->id))
+               ereport(ERROR,
+                               (errcode(ERRCODE_UNDEFINED_OBJECT),
+                                errmsg("large object %u was already dropped", obj_desc->id)));
+
        if (nbytes <= 0)
                return 0;
 
@@ -736,6 +747,12 @@ inv_truncate(LargeObjectDesc *obj_desc, int len)
                                 errmsg("large object %u was not opened for writing",
                                                obj_desc->id)));
 
+       /* check existence of the target largeobject */
+       if (!LargeObjectExists(obj_desc->id))
+               ereport(ERROR,
+                               (errcode(ERRCODE_UNDEFINED_OBJECT),
+                                errmsg("large object %u was already dropped", obj_desc->id)));
+
        open_lo_relation();
 
        indstate = CatalogOpenIndexes(lo_heap_r);

diff --git a/src/backend/tcop/utility.c b/src/backend/tcop/utility.c
index 59576a25d8bb6e11cae2257e9cf2c6e9eb0baae9..2fd4b9923f5434d6713e213f02ecf7cbfd5e0e1b 100644 (file)
--- a/src/backend/tcop/utility.c
+++ b/src/backend/tcop/utility.c
@@ -10,7 +10,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/tcop/utility.c,v 1.322 2009/12/09 21:57:51 tgl Exp $
+ *       $PostgreSQL: pgsql/src/backend/tcop/utility.c,v 1.323 2009/12/11 03:34:55 itagaki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1638,6 +1638,9 @@ CreateCommandTag(Node *parsetree)
                                case OBJECT_LANGUAGE:
                                        tag = "ALTER LANGUAGE";
                                        break;
+                               case OBJECT_LARGEOBJECT:
+                                       tag = "ALTER LARGEOBJECT";
+                                       break;
                                case OBJECT_OPERATOR:
                                        tag = "ALTER OPERATOR";
                                        break;

diff --git a/src/backend/utils/adt/acl.c b/src/backend/utils/adt/acl.c
index 142e06cf45fc93702269a7d2cfbcc02a6f3c1c38..31cbbe7c7609078bfd2b0f14edcb305db47bff2b 100644 (file)
--- a/src/backend/utils/adt/acl.c
+++ b/src/backend/utils/adt/acl.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.151 2009/12/05 21:43:35 petere Exp $
+ *       $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.152 2009/12/11 03:34:55 itagaki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -764,6 +764,11 @@ acldefault(GrantObjectType objtype, Oid ownerId)
                        world_default = ACL_USAGE;
                        owner_default = ACL_ALL_RIGHTS_LANGUAGE;
                        break;
+               case ACL_OBJECT_LARGEOBJECT:
+                       /* Grant SELECT,UPDATE by default, for now */
+                       world_default = ACL_NO_RIGHTS;
+                       owner_default = ACL_ALL_RIGHTS_LARGEOBJECT;
+                       break;
                case ACL_OBJECT_NAMESPACE:
                        world_default = ACL_NO_RIGHTS;
                        owner_default = ACL_ALL_RIGHTS_NAMESPACE;

diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index edc5544f7f3ef74779e4c6585fa04f07adee5b4c..900c3662786356e70cfb353c089eacaf6414a205 100644 (file)
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -10,7 +10,7 @@
  * Written by Peter Eisentraut <peter_e@gmx.net>.
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.526 2009/12/09 21:57:51 tgl Exp $
+ *       $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.527 2009/12/11 03:34:56 itagaki Exp $
  *
  *--------------------------------------------------------------------
  */
@@ -38,6 +38,7 @@
 #include "commands/trigger.h"
 #include "funcapi.h"
 #include "libpq/auth.h"
+#include "libpq/be-fsstubs.h"
 #include "libpq/pqformat.h"
 #include "miscadmin.h"
 #include "optimizer/cost.h"
@@ -1226,6 +1227,16 @@ static struct config_bool ConfigureNamesBool[] =
                false, NULL, NULL
        },
 
+       {
+               {"lo_compat_privileges", PGC_SUSET, COMPAT_OPTIONS_PREVIOUS,
+                       gettext_noop("Enables backward compatibility in privilege checks on large objects"),
+                       gettext_noop("When turned on, privilege checks on large objects perform "
+                                                "with backward compatibility as 8.4.x or earlier releases.")
+               },
+               &lo_compat_privileges,
+               false, NULL, NULL
+       },
+
        /* End-of-list marker */
        {
                {NULL, 0, 0, NULL, NULL}, NULL, false, NULL, NULL

diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample
index f2accd263e6d423e7ca0d77e1e589eb5c29d9e3b..d2da9b9c3d2f665b19e4267049ab827c7de2d506 100644 (file)
--- a/src/backend/utils/misc/postgresql.conf.sample
+++ b/src/backend/utils/misc/postgresql.conf.sample
@@ -489,6 +489,7 @@
 #backslash_quote = safe_encoding       # on, off, or safe_encoding
 #default_with_oids = off
 #escape_string_warning = on
+#lo_compat_privileges = off
 #sql_inheritance = on
 #standard_conforming_strings = off
 #synchronize_seqscans = on

diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c
index de0aba36a865bfaff3120481a27edb36012bce8d..6f1f211c141a81bf55d69b312cf9837da653c657 100644 (file)
--- a/src/bin/initdb/initdb.c
+++ b/src/bin/initdb/initdb.c
@@ -42,7 +42,7 @@
  * Portions Copyright (c) 1994, Regents of the University of California
  * Portions taken from FreeBSD.
  *
- * $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.177 2009/11/14 15:39:36 mha Exp $
+ * $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.178 2009/12/11 03:34:56 itagaki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1783,6 +1783,7 @@ setup_privileges(void)
                "  WHERE relkind IN ('r', 'v', 'S') AND relacl IS NULL;\n",
                "GRANT USAGE ON SCHEMA pg_catalog TO PUBLIC;\n",
                "GRANT CREATE, USAGE ON SCHEMA public TO PUBLIC;\n",
+               "REVOKE ALL ON pg_largeobject FROM PUBLIC;\n",
                NULL
        };
 

diff --git a/src/bin/pg_dump/dumputils.c b/src/bin/pg_dump/dumputils.c
index c7cfa2a6212a1d7fd3df8183cd9627a6ff89554d..45559665aee58534064888927fa4480e9b6e2b2e 100644 (file)
--- a/src/bin/pg_dump/dumputils.c
+++ b/src/bin/pg_dump/dumputils.c
@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/bin/pg_dump/dumputils.c,v 1.51 2009/10/12 23:41:43 tgl Exp $
+ * $PostgreSQL: pgsql/src/bin/pg_dump/dumputils.c,v 1.52 2009/12/11 03:34:56 itagaki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -862,6 +862,11 @@ do { \
                CONVERT_PRIV('U', "USAGE");
        else if (strcmp(type, "SERVER") == 0)
                CONVERT_PRIV('U', "USAGE");
+       else if (strcmp(type, "LARGE OBJECT") == 0)
+       {
+               CONVERT_PRIV('r', "SELECT");
+               CONVERT_PRIV('w', "UPDATE");
+       }
        else
                abort();
 

diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c
index a753976139c81aa5625cbada7fc5a38b683d33f9..7af461bd5a65dc544c7b8d7c517238026f9b687f 100644 (file)
--- a/src/bin/pg_dump/pg_dump.c
+++ b/src/bin/pg_dump/pg_dump.c
@@ -12,7 +12,7 @@
  *     by PostgreSQL
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/bin/pg_dump/pg_dump.c,v 1.554 2009/12/07 05:22:22 tgl Exp $
+ *       $PostgreSQL: pgsql/src/bin/pg_dump/pg_dump.c,v 1.555 2009/12/11 03:34:56 itagaki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -2045,7 +2045,9 @@ dumpBlobs(Archive *AH, void *arg)
 
 /*
  * dumpBlobComments
- *     dump all blob comments
+ *     dump all blob properties.
+ *  It has "BLOB COMMENTS" tag due to the historical reason, but note
+ *  that it is the routine to dump all the properties of blobs.
  *
  * Since we don't provide any way to be selective about dumping blobs,
  * there's no need to be selective about their comments either.  We put
@@ -2056,30 +2058,35 @@ dumpBlobComments(Archive *AH, void *arg)
 {
        const char *blobQry;
        const char *blobFetchQry;
-       PQExpBuffer commentcmd = createPQExpBuffer();
+       PQExpBuffer cmdQry = createPQExpBuffer();
        PGresult   *res;
        int                     i;
 
        if (g_verbose)
-               write_msg(NULL, "saving large object comments\n");
+               write_msg(NULL, "saving large object properties\n");
 
        /* Make sure we are in proper schema */
        selectSourceSchema("pg_catalog");
 
        /* Cursor to get all BLOB comments */
-       if (AH->remoteVersion >= 70300)
+       if (AH->remoteVersion >= 80500)
+               blobQry = "DECLARE blobcmt CURSOR FOR SELECT oid, "
+                       "obj_description(oid, 'pg_largeobject'), "
+                       "pg_get_userbyid(lomowner), lomacl "
+                       "FROM pg_largeobject_metadata";
+       else if (AH->remoteVersion >= 70300)
                blobQry = "DECLARE blobcmt CURSOR FOR SELECT loid, "
-                       "obj_description(loid, 'pg_largeobject') "
+                       "obj_description(loid, 'pg_largeobject'), NULL, NULL "
                        "FROM (SELECT DISTINCT loid FROM "
                        "pg_description d JOIN pg_largeobject l ON (objoid = loid) "
                        "WHERE classoid = 'pg_largeobject'::regclass) ss";
        else if (AH->remoteVersion >= 70200)
                blobQry = "DECLARE blobcmt CURSOR FOR SELECT loid, "
-                       "obj_description(loid, 'pg_largeobject') "
+                       "obj_description(loid, 'pg_largeobject'), NULL, NULL "
                        "FROM (SELECT DISTINCT loid FROM pg_largeobject) ss";
        else if (AH->remoteVersion >= 70100)
                blobQry = "DECLARE blobcmt CURSOR FOR SELECT loid, "
-                       "obj_description(loid) "
+                       "obj_description(loid), NULL, NULL "
                        "FROM (SELECT DISTINCT loid FROM pg_largeobject) ss";
        else
                blobQry = "DECLARE blobcmt CURSOR FOR SELECT oid, "
@@ -2087,7 +2094,7 @@ dumpBlobComments(Archive *AH, void *arg)
                        "               SELECT description "
                        "               FROM pg_description pd "
                        "               WHERE pd.objoid=pc.oid "
-                       "       ) "
+                       "       ), NULL, NULL "
                        "FROM pg_class pc WHERE relkind = 'l'";
 
        res = PQexec(g_conn, blobQry);
@@ -2107,22 +2114,51 @@ dumpBlobComments(Archive *AH, void *arg)
                /* Process the tuples, if any */
                for (i = 0; i < PQntuples(res); i++)
                {
-                       Oid                     blobOid;
-                       char       *comment;
+                       Oid                     blobOid = atooid(PQgetvalue(res, i, 0));
+                       char       *lo_comment = PQgetvalue(res, i, 1);
+                       char       *lo_owner = PQgetvalue(res, i, 2);
+                       char       *lo_acl = PQgetvalue(res, i, 3);
+                       char            lo_name[32];
 
-                       /* ignore blobs without comments */
-                       if (PQgetisnull(res, i, 1))
-                               continue;
+                       resetPQExpBuffer(cmdQry);
 
-                       blobOid = atooid(PQgetvalue(res, i, 0));
-                       comment = PQgetvalue(res, i, 1);
+                       /* comment on the blob */
+                       if (!PQgetisnull(res, i, 1))
+                       {
+                               appendPQExpBuffer(cmdQry,
+                                                                 "COMMENT ON LARGE OBJECT %u IS ", blobOid);
+                               appendStringLiteralAH(cmdQry, lo_comment, AH);
+                               appendPQExpBuffer(cmdQry, ";\n");
+                       }
+
+                       /* dump blob ownership, if necessary */
+                       if (!PQgetisnull(res, i, 2))
+                       {
+                               appendPQExpBuffer(cmdQry,
+                                                                 "ALTER LARGE OBJECT %u OWNER TO %s;\n",
+                                                                 blobOid, lo_owner);
+                       }
 
-                       printfPQExpBuffer(commentcmd, "COMMENT ON LARGE OBJECT %u IS ",
-                                                         blobOid);
-                       appendStringLiteralAH(commentcmd, comment, AH);
-                       appendPQExpBuffer(commentcmd, ";\n");
+                       /* dump blob privileges, if necessary */
+                       if (!PQgetisnull(res, i, 3) &&
+                               !dataOnly && !aclsSkip)
+                       {
+                               snprintf(lo_name, sizeof(lo_name), "%u", blobOid);
+                               if (!buildACLCommands(lo_name, NULL, "LARGE OBJECT",
+                                                                         lo_acl, lo_owner, "",
+                                                                         AH->remoteVersion, cmdQry))
+                               {
+                                       write_msg(NULL, "could not parse ACL (%s) for "
+                                                         "large object %u", lo_acl, blobOid);
+                                       exit_nicely();
+                               }
+                       }
 
-                       archputs(commentcmd->data, AH);
+                       if (cmdQry->len > 0)
+                       {
+                               appendPQExpBuffer(cmdQry, "\n");
+                               archputs(cmdQry->data, AH);
+                       }
                }
        } while (PQntuples(res) > 0);
 
@@ -2130,7 +2166,7 @@ dumpBlobComments(Archive *AH, void *arg)
 
        archputs("\n", AH);
 
-       destroyPQExpBuffer(commentcmd);
+       destroyPQExpBuffer(cmdQry);
 
        return 1;
 }

diff --git a/src/bin/psql/large_obj.c b/src/bin/psql/large_obj.c
index e4da1d3e9620378c0a7989e73a76f41209471da4..c77077f9870e6386795468a56758a15c9bb39ebc 100644 (file)
--- a/src/bin/psql/large_obj.c
+++ b/src/bin/psql/large_obj.c
@@ -3,7 +3,7 @@
  *
  * Copyright (c) 2000-2009, PostgreSQL Global Development Group
  *
- * $PostgreSQL: pgsql/src/bin/psql/large_obj.c,v 1.52 2009/01/01 17:23:55 momjian Exp $
+ * $PostgreSQL: pgsql/src/bin/psql/large_obj.c,v 1.53 2009/12/11 03:34:56 itagaki Exp $
  */
 #include "postgres_fe.h"
 #include "large_obj.h"
@@ -278,13 +278,28 @@ do_lo_list(void)
        char            buf[1024];
        printQueryOpt myopt = pset.popt;
 
-       snprintf(buf, sizeof(buf),
-                        "SELECT loid as \"%s\",\n"
-                  "  pg_catalog.obj_description(loid, 'pg_largeobject') as \"%s\"\n"
-                        "FROM (SELECT DISTINCT loid FROM pg_catalog.pg_largeobject) x\n"
-                        "ORDER BY 1",
-                        gettext_noop("ID"),
-                        gettext_noop("Description"));
+       if (pset.sversion >= 80500)
+       {
+               snprintf(buf, sizeof(buf),
+                                "SELECT oid as \"%s\",\n"
+                                "  pg_catalog.pg_get_userbyid(lomowner) as \"%s\",\n"
+                                "  pg_catalog.obj_description(oid, 'pg_largeobject') as \"%s\"\n"
+                                "  FROM pg_catalog.pg_largeobject_metadata "
+                                "  ORDER BY oid",
+                                gettext_noop("ID"),
+                                gettext_noop("Owner"),
+                                gettext_noop("Description"));
+       }
+       else
+       {
+               snprintf(buf, sizeof(buf),
+                                "SELECT loid as \"%s\",\n"
+                                "  pg_catalog.obj_description(loid, 'pg_largeobject') as \"%s\"\n"
+                                "FROM (SELECT DISTINCT loid FROM pg_catalog.pg_largeobject) x\n"
+                                "ORDER BY 1",
+                                gettext_noop("ID"),
+                                gettext_noop("Description"));
+       }
 
        res = PSQLexec(buf, false);
        if (!res)

diff --git a/src/bin/psql/tab-complete.c b/src/bin/psql/tab-complete.c
index 7cd07574151f6841d0ce60c37698dee1f54b462e..10734fe00c43230ce074679be4f0518e6a4570d4 100644 (file)
--- a/src/bin/psql/tab-complete.c
+++ b/src/bin/psql/tab-complete.c
@@ -3,7 +3,7 @@
  *
  * Copyright (c) 2000-2009, PostgreSQL Global Development Group
  *
- * $PostgreSQL: pgsql/src/bin/psql/tab-complete.c,v 1.187 2009/10/13 21:04:01 tgl Exp $
+ * $PostgreSQL: pgsql/src/bin/psql/tab-complete.c,v 1.188 2009/12/11 03:34:56 itagaki Exp $
  */
 
 /*----------------------------------------------------------------------
@@ -691,7 +691,7 @@ psql_completion(char *text, int start, int end)
        {
                static const char *const list_ALTER[] =
                {"AGGREGATE", "CONVERSION", "DATABASE", "DOMAIN", "FOREIGN DATA WRAPPER", "FUNCTION",
-                       "GROUP", "INDEX", "LANGUAGE", "OPERATOR", "ROLE", "SCHEMA", "SERVER", "SEQUENCE", "TABLE",
+                       "GROUP", "INDEX", "LANGUAGE", "LARGE OBJECT", "OPERATOR", "ROLE", "SCHEMA", "SERVER", "SEQUENCE", "TABLE",
                "TABLESPACE", "TEXT SEARCH", "TRIGGER", "TYPE", "USER", "USER MAPPING FOR", "VIEW", NULL};
 
                COMPLETE_WITH_LIST(list_ALTER);
@@ -760,6 +760,17 @@ psql_completion(char *text, int start, int end)
                COMPLETE_WITH_LIST(list_ALTERLANGUAGE);
        }
 
+       /* ALTER LARGE OBJECT <oid> */
+       else if (pg_strcasecmp(prev4_wd, "ALTER") == 0 &&
+                        pg_strcasecmp(prev3_wd, "LARGE") == 0 &&
+                        pg_strcasecmp(prev2_wd, "OBJECT") == 0)
+       {
+               static const char *const list_ALTERLARGEOBJECT[] =
+               {"OWNER TO", NULL};
+
+               COMPLETE_WITH_LIST(list_ALTERLARGEOBJECT);
+       }
+
        /* ALTER USER,ROLE <name> */
        else if (pg_strcasecmp(prev3_wd, "ALTER") == 0 &&
                         !(pg_strcasecmp(prev2_wd, "USER") == 0 && pg_strcasecmp(prev_wd, "MAPPING") == 0) &&
@@ -1732,6 +1743,7 @@ psql_completion(char *text, int start, int end)
                                                                   " UNION SELECT 'FOREIGN SERVER'"
                                                                   " UNION SELECT 'FUNCTION'"
                                                                   " UNION SELECT 'LANGUAGE'"
+                                                                  " UNION SELECT 'LARGE OBJECT'"
                                                                   " UNION SELECT 'SCHEMA'"
                                                                   " UNION SELECT 'TABLESPACE'");
 

diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h
index 9b935720972924562d848d431be9c9e955234627..3fe284addbac271134734afdebe921b6836b93b9 100644 (file)
--- a/src/include/catalog/catversion.h
+++ b/src/include/catalog/catversion.h
@@ -37,7 +37,7 @@
  * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/include/catalog/catversion.h,v 1.556 2009/12/07 05:22:23 tgl Exp $
+ * $PostgreSQL: pgsql/src/include/catalog/catversion.h,v 1.557 2009/12/11 03:34:56 itagaki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -53,6 +53,6 @@
  */
 
 /*                                                     yyyymmddN */
-#define CATALOG_VERSION_NO     200912071
+#define CATALOG_VERSION_NO     200912111
 
 #endif

diff --git a/src/include/catalog/dependency.h b/src/include/catalog/dependency.h
index 5134479c3d03988dadbc7235f23eda0048988cf2..ec65f9cd2104941d868095f9451bcb528c65d6fd 100644 (file)
--- a/src/include/catalog/dependency.h
+++ b/src/include/catalog/dependency.h
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/include/catalog/dependency.h,v 1.42 2009/10/07 22:14:24 alvherre Exp $
+ * $PostgreSQL: pgsql/src/include/catalog/dependency.h,v 1.43 2009/12/11 03:34:56 itagaki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -128,6 +128,7 @@ typedef enum ObjectClass
        OCLASS_CONVERSION,                      /* pg_conversion */
        OCLASS_DEFAULT,                         /* pg_attrdef */
        OCLASS_LANGUAGE,                        /* pg_language */
+       OCLASS_LARGEOBJECT,                     /* pg_largeobject */
        OCLASS_OPERATOR,                        /* pg_operator */
        OCLASS_OPCLASS,                         /* pg_opclass */
        OCLASS_OPFAMILY,                        /* pg_opfamily */

diff --git a/src/include/catalog/indexing.h b/src/include/catalog/indexing.h
index 4f9f9e9c2acfe36941f8d32cbf223c99f5156d32..3bf606c0985111bdadcee84cb94102e6201bc538 100644 (file)
--- a/src/include/catalog/indexing.h
+++ b/src/include/catalog/indexing.h
@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/include/catalog/indexing.h,v 1.110 2009/10/07 22:14:25 alvherre Exp $
+ * $PostgreSQL: pgsql/src/include/catalog/indexing.h,v 1.111 2009/12/11 03:34:56 itagaki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -165,6 +165,9 @@ DECLARE_UNIQUE_INDEX(pg_language_oid_index, 2682, on pg_language using btree(oid
 DECLARE_UNIQUE_INDEX(pg_largeobject_loid_pn_index, 2683, on pg_largeobject using btree(loid oid_ops, pageno int4_ops));
 #define LargeObjectLOidPNIndexId  2683
 
+DECLARE_UNIQUE_INDEX(pg_largeobject_metadata_oid_index, 2996, on pg_largeobject_metadata using btree(oid oid_ops));
+#define LargeObjectMetadataOidIndexId  2996
+
 DECLARE_UNIQUE_INDEX(pg_namespace_nspname_index, 2684, on pg_namespace using btree(nspname name_ops));
 #define NamespaceNameIndexId  2684
 DECLARE_UNIQUE_INDEX(pg_namespace_oid_index, 2685, on pg_namespace using btree(oid oid_ops));

diff --git a/src/include/catalog/pg_largeobject.h b/src/include/catalog/pg_largeobject.h
index e907cc64192605eca8c81df3cbeb52860201e862..3c117225c118b164ac446e5060d1f8fa2d736d5e 100644 (file)
--- a/src/include/catalog/pg_largeobject.h
+++ b/src/include/catalog/pg_largeobject.h
@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/include/catalog/pg_largeobject.h,v 1.24 2009/01/01 17:23:57 momjian Exp $
+ * $PostgreSQL: pgsql/src/include/catalog/pg_largeobject.h,v 1.25 2009/12/11 03:34:56 itagaki Exp $
  *
  * NOTES
  *       the genbki.sh script reads this file and generates .bki
@@ -51,8 +51,9 @@ typedef FormData_pg_largeobject *Form_pg_largeobject;
 #define Anum_pg_largeobject_pageno             2
 #define Anum_pg_largeobject_data               3
 
-extern void LargeObjectCreate(Oid loid);
+extern Oid  LargeObjectCreate(Oid loid);
 extern void LargeObjectDrop(Oid loid);
+extern void LargeObjectAlterOwner(Oid loid, Oid newOwnerId);
 extern bool LargeObjectExists(Oid loid);
 
 #endif   /* PG_LARGEOBJECT_H */

diff --git a/src/include/catalog/pg_largeobject_metadata.h b/src/include/catalog/pg_largeobject_metadata.h
new file mode 100755 (executable)
index 0000000..8f4ac67
--- /dev/null
+++ b/src/include/catalog/pg_largeobject_metadata.h
@@ -0,0 +1,52 @@
+/*-------------------------------------------------------------------------
+ *
+ * pg_largeobject_metadata.h
+ *       definition of the system "largeobject_metadata" relation (pg_largeobject_metadata)
+ *       along with the relation's initial contents.
+ *
+ *
+ * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
+ * Portions Copyright (c) 1994, Regents of the University of California
+ *
+ * $PostgreSQL: pgsql/src/include/catalog/pg_largeobject_metadata.h,v 1.1 2009/12/11 03:34:56 itagaki Exp $
+ *
+ * NOTES
+ *       the genbki.sh script reads this file and generates .bki
+ *       information from the DATA() statements.
+ *
+ *-------------------------------------------------------------------------
+ */
+#ifndef PG_LARGEOBJECT_METADATA_H
+#define PG_LARGEOBJECT_METADATA_H
+
+#include "catalog/genbki.h"
+
+/* ----------------
+ *             pg_largeobject_metadata definition.     cpp turns this into
+ *             typedef struct FormData_pg_largeobject_metadata
+ * ----------------
+ */
+#define LargeObjectMetadataRelationId  2995
+
+CATALOG(pg_largeobject_metadata,2995)
+{
+       Oid                     lomowner;               /* OID of the largeobject owner */
+       aclitem         lomacl[1];              /* access permissions */
+} FormData_pg_largeobject_metadata;
+
+/* ----------------
+ *             Form_pg_largeobject_metadata corresponds to a pointer to a tuple
+ *             with the format of pg_largeobject_metadata relation.
+ * ----------------
+ */
+typedef FormData_pg_largeobject_metadata *Form_pg_largeobject_metadata;
+
+/* ----------------
+ *             compiler constants for pg_largeobject_metadata
+ * ----------------
+ */
+#define Natts_pg_largeobject_metadata                  2
+#define Anum_pg_largeobject_metadata_lomowner  1
+#define Anum_pg_largeobject_metadata_lomacl            2
+
+#endif   /* PG_LARGEOBJECT_METADATA_H */

diff --git a/src/include/libpq/be-fsstubs.h b/src/include/libpq/be-fsstubs.h
index ff5e555824a08e408a12b196e079427dfff518e6..ebdcc0e863990b63e989c8d7d36d1e0943c9330e 100644 (file)
--- a/src/include/libpq/be-fsstubs.h
+++ b/src/include/libpq/be-fsstubs.h
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/include/libpq/be-fsstubs.h,v 1.32 2009/01/01 17:23:59 momjian Exp $
+ * $PostgreSQL: pgsql/src/include/libpq/be-fsstubs.h,v 1.33 2009/12/11 03:34:56 itagaki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -37,6 +37,11 @@ extern Datum lo_tell(PG_FUNCTION_ARGS);
 extern Datum lo_unlink(PG_FUNCTION_ARGS);
 extern Datum lo_truncate(PG_FUNCTION_ARGS);
 
+/*
+ * compatibility option for access control
+ */
+extern bool    lo_compat_privileges;
+
 /*
  * These are not fmgr-callable, but are available to C code.
  * Probably these should have had the underscore-free names,

diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h
index a791223e6fb48e892a57340dde46ac904708859b..351b1c971826a9212efe645a344fe2152ea3d669 100644 (file)
--- a/src/include/nodes/parsenodes.h
+++ b/src/include/nodes/parsenodes.h
@@ -13,7 +13,7 @@
  * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/include/nodes/parsenodes.h,v 1.417 2009/12/07 05:22:23 tgl Exp $
+ * $PostgreSQL: pgsql/src/include/nodes/parsenodes.h,v 1.418 2009/12/11 03:34:56 itagaki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1195,6 +1195,7 @@ typedef enum GrantObjectType
        ACL_OBJECT_FOREIGN_SERVER,      /* foreign server */
        ACL_OBJECT_FUNCTION,            /* function */
        ACL_OBJECT_LANGUAGE,            /* procedural language */
+       ACL_OBJECT_LARGEOBJECT,         /* largeobject */
        ACL_OBJECT_NAMESPACE,           /* namespace */
        ACL_OBJECT_TABLESPACE           /* tablespace */
 } GrantObjectType;

diff --git a/src/include/utils/acl.h b/src/include/utils/acl.h
index 039d27b59c391cefab2448b2d60c8ad0f4959eee..aa6999676d37bf710a95e58fa6f023ee0140ec3d 100644 (file)
--- a/src/include/utils/acl.h
+++ b/src/include/utils/acl.h
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/include/utils/acl.h,v 1.110 2009/12/05 21:43:36 petere Exp $
+ * $PostgreSQL: pgsql/src/include/utils/acl.h,v 1.111 2009/12/11 03:34:56 itagaki Exp $
  *
  * NOTES
  *       An ACL array is simply an array of AclItems, representing the union
@@ -26,6 +26,7 @@
 
 #include "nodes/parsenodes.h"
 #include "utils/array.h"
+#include "utils/snapshot.h"
 
 
 /*
@@ -151,6 +152,7 @@ typedef ArrayType Acl;
 #define ACL_ALL_RIGHTS_FOREIGN_SERVER (ACL_USAGE)
 #define ACL_ALL_RIGHTS_FUNCTION                (ACL_EXECUTE)
 #define ACL_ALL_RIGHTS_LANGUAGE                (ACL_USAGE)
+#define ACL_ALL_RIGHTS_LARGEOBJECT     (ACL_SELECT|ACL_UPDATE)
 #define ACL_ALL_RIGHTS_NAMESPACE       (ACL_USAGE|ACL_CREATE)
 #define ACL_ALL_RIGHTS_TABLESPACE      (ACL_CREATE)
 
@@ -181,6 +183,7 @@ typedef enum AclObjectKind
        ACL_KIND_OPER,                          /* pg_operator */
        ACL_KIND_TYPE,                          /* pg_type */
        ACL_KIND_LANGUAGE,                      /* pg_language */
+       ACL_KIND_LARGEOBJECT,           /* pg_largeobject */
        ACL_KIND_NAMESPACE,                     /* pg_namespace */
        ACL_KIND_OPCLASS,                       /* pg_opclass */
        ACL_KIND_OPFAMILY,                      /* pg_opfamily */
@@ -259,6 +262,8 @@ extern AclMode pg_proc_aclmask(Oid proc_oid, Oid roleid,
                                AclMode mask, AclMaskHow how);
 extern AclMode pg_language_aclmask(Oid lang_oid, Oid roleid,
                                        AclMode mask, AclMaskHow how);
+extern AclMode pg_largeobject_aclmask_snapshot(Oid lobj_oid, Oid roleid,
+                                       AclMode mask, AclMaskHow how, Snapshot snapshot);
 extern AclMode pg_namespace_aclmask(Oid nsp_oid, Oid roleid,
                                         AclMode mask, AclMaskHow how);
 extern AclMode pg_tablespace_aclmask(Oid spc_oid, Oid roleid,
@@ -276,6 +281,8 @@ extern AclResult pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode);
 extern AclResult pg_database_aclcheck(Oid db_oid, Oid roleid, AclMode mode);
 extern AclResult pg_proc_aclcheck(Oid proc_oid, Oid roleid, AclMode mode);
 extern AclResult pg_language_aclcheck(Oid lang_oid, Oid roleid, AclMode mode);
+extern AclResult pg_largeobject_aclcheck_snapshot(Oid lang_oid, Oid roleid,
+                                                                                                 AclMode mode, Snapshot snapshot);
 extern AclResult pg_namespace_aclcheck(Oid nsp_oid, Oid roleid, AclMode mode);
 extern AclResult pg_tablespace_aclcheck(Oid spc_oid, Oid roleid, AclMode mode);
 extern AclResult pg_foreign_data_wrapper_aclcheck(Oid fdw_oid, Oid roleid, AclMode mode);
@@ -293,6 +300,7 @@ extern bool pg_type_ownercheck(Oid type_oid, Oid roleid);
 extern bool pg_oper_ownercheck(Oid oper_oid, Oid roleid);
 extern bool pg_proc_ownercheck(Oid proc_oid, Oid roleid);
 extern bool pg_language_ownercheck(Oid lan_oid, Oid roleid);
+extern bool pg_largeobject_ownercheck(Oid lobj_oid, Oid roleid);
 extern bool pg_namespace_ownercheck(Oid nsp_oid, Oid roleid);
 extern bool pg_tablespace_ownercheck(Oid spc_oid, Oid roleid);
 extern bool pg_opclass_ownercheck(Oid opc_oid, Oid roleid);

diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out
index 4decb2b07af0c8fa76c7d440e5a43888632892cb..4160cba47dafba97cc4eafd4401f10f1e3a066dc 100644 (file)
--- a/src/test/regress/expected/privileges.out
+++ b/src/test/regress/expected/privileges.out
@@ -11,6 +11,12 @@ DROP ROLE IF EXISTS regressuser2;
 DROP ROLE IF EXISTS regressuser3;
 DROP ROLE IF EXISTS regressuser4;
 DROP ROLE IF EXISTS regressuser5;
+DROP ROLE IF EXISTS regressuser6;
+SELECT lo_unlink(oid) FROM pg_largeobject_metadata;
+ lo_unlink 
+-----------
+(0 rows)
+
 RESET client_min_messages;
 -- test proper begins here
 CREATE USER regressuser1;
@@ -847,6 +853,194 @@ SELECT has_sequence_privilege('x_seq', 'USAGE');
  t
 (1 row)
 
+-- largeobject privilege tests
+\c -
+SET SESSION AUTHORIZATION regressuser1;
+SELECT lo_create(1001);
+ lo_create 
+-----------
+      1001
+(1 row)
+
+SELECT lo_create(1002);
+ lo_create 
+-----------
+      1002
+(1 row)
+
+SELECT lo_create(1003);
+ lo_create 
+-----------
+      1003
+(1 row)
+
+SELECT lo_create(1004);
+ lo_create 
+-----------
+      1004
+(1 row)
+
+SELECT lo_create(1005);
+ lo_create 
+-----------
+      1005
+(1 row)
+
+GRANT ALL ON LARGE OBJECT 1001 TO PUBLIC;
+GRANT SELECT ON LARGE OBJECT 1003 TO regressuser2;
+GRANT SELECT,UPDATE ON LARGE OBJECT 1004 TO regressuser2;
+GRANT ALL ON LARGE OBJECT 1005 TO regressuser2;
+GRANT SELECT ON LARGE OBJECT 1005 TO regressuser2 WITH GRANT OPTION;
+GRANT SELECT, INSERT ON LARGE OBJECT 1001 TO PUBLIC;   -- to be failed
+ERROR:  invalid privilege type INSERT for large object
+GRANT SELECT, UPDATE ON LARGE OBJECT 1001 TO nosuchuser;       -- to be failed
+ERROR:  role "nosuchuser" does not exist
+GRANT SELECT, UPDATE ON LARGE OBJECT  999 TO PUBLIC;   -- to be failed
+ERROR:  large object 999 does not exist
+\c -
+SET SESSION AUTHORIZATION regressuser2;
+SELECT lo_create(2001);
+ lo_create 
+-----------
+      2001
+(1 row)
+
+SELECT lo_create(2002);
+ lo_create 
+-----------
+      2002
+(1 row)
+
+SELECT loread(lo_open(1001, x'40000'::int), 32);
+ loread 
+--------
+ \x
+(1 row)
+
+SELECT loread(lo_open(1002, x'40000'::int), 32);       -- to be denied
+ERROR:  permission denied for large object 1002
+SELECT loread(lo_open(1003, x'40000'::int), 32);
+ loread 
+--------
+ \x
+(1 row)
+
+SELECT loread(lo_open(1004, x'40000'::int), 32);
+ loread 
+--------
+ \x
+(1 row)
+
+SELECT lowrite(lo_open(1001, x'20000'::int), 'abcd');
+ lowrite 
+---------
+       4
+(1 row)
+
+SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd');  -- to be denied
+ERROR:  permission denied for large object 1002
+SELECT lowrite(lo_open(1003, x'20000'::int), 'abcd');  -- to be denied
+ERROR:  permission denied for large object 1003
+SELECT lowrite(lo_open(1004, x'20000'::int), 'abcd');
+ lowrite 
+---------
+       4
+(1 row)
+
+GRANT SELECT ON LARGE OBJECT 1005 TO regressuser3;
+GRANT UPDATE ON LARGE OBJECT 1006 TO regressuser3;     -- to be denied
+ERROR:  large object 1006 does not exist
+REVOKE ALL ON LARGE OBJECT 2001, 2002 FROM PUBLIC;
+GRANT ALL ON LARGE OBJECT 2001 TO regressuser3;
+SELECT lo_unlink(1001);                -- to be denied
+ERROR:  must be owner of large object 1001
+SELECT lo_unlink(2002);
+ lo_unlink 
+-----------
+         1
+(1 row)
+
+\c -
+-- confirm ACL setting
+SELECT oid, pg_get_userbyid(lomowner) ownername, lomacl FROM pg_largeobject_metadata;
+ oid  |  ownername   |                                          lomacl                                          
+------+--------------+------------------------------------------------------------------------------------------
+ 1002 | regressuser1 | 
+ 1001 | regressuser1 | {regressuser1=rw/regressuser1,=rw/regressuser1}
+ 1003 | regressuser1 | {regressuser1=rw/regressuser1,regressuser2=r/regressuser1}
+ 1004 | regressuser1 | {regressuser1=rw/regressuser1,regressuser2=rw/regressuser1}
+ 1005 | regressuser1 | {regressuser1=rw/regressuser1,regressuser2=r*w/regressuser1,regressuser3=r/regressuser2}
+ 2001 | regressuser2 | {regressuser2=rw/regressuser2,regressuser3=rw/regressuser2}
+(6 rows)
+
+SET SESSION AUTHORIZATION regressuser3;
+SELECT loread(lo_open(1001, x'40000'::int), 32);
+   loread   
+------------
+ \x61626364
+(1 row)
+
+SELECT loread(lo_open(1003, x'40000'::int), 32);       -- to be denied
+ERROR:  permission denied for large object 1003
+SELECT loread(lo_open(1005, x'40000'::int), 32);
+ loread 
+--------
+ \x
+(1 row)
+
+SELECT lo_truncate(lo_open(1005, x'20000'::int), 10);  -- to be denied
+ERROR:  permission denied for large object 1005
+SELECT lo_truncate(lo_open(2001, x'20000'::int), 10);
+ lo_truncate 
+-------------
+           0
+(1 row)
+
+-- compatibility mode in largeobject permission
+\c -
+SET lo_compat_privileges = false;      -- default setting
+SET SESSION AUTHORIZATION regressuser4;
+SELECT loread(lo_open(1002, x'40000'::int), 32);       -- to be denied
+ERROR:  permission denied for large object 1002
+SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd');  -- to be denied
+ERROR:  permission denied for large object 1002
+SELECT lo_truncate(lo_open(1002, x'20000'::int), 10);  -- to be denied
+ERROR:  permission denied for large object 1002
+SELECT lo_unlink(1002);                                        -- to be denied
+ERROR:  must be owner of large object 1002
+SELECT lo_export(1001, '/dev/null');                   -- to be denied
+ERROR:  must be superuser to use server-side lo_export()
+HINT:  Anyone can use the client-side lo_export() provided by libpq.
+\c -
+SET lo_compat_privileges = true;       -- compatibility mode
+SET SESSION AUTHORIZATION regressuser4;
+SELECT loread(lo_open(1002, x'40000'::int), 32);
+ loread 
+--------
+ \x
+(1 row)
+
+SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd');
+ lowrite 
+---------
+       4
+(1 row)
+
+SELECT lo_truncate(lo_open(1002, x'20000'::int), 10);
+ lo_truncate 
+-------------
+           0
+(1 row)
+
+SELECT lo_unlink(1002);
+ lo_unlink 
+-----------
+         1
+(1 row)
+
+SELECT lo_export(1001, '/dev/null');                   -- to be denied
+ERROR:  must be superuser to use server-side lo_export()
+HINT:  Anyone can use the client-side lo_export() provided by libpq.
 -- test default ACLs
 \c -
 CREATE SCHEMA testns;
@@ -1034,6 +1228,16 @@ DROP TABLE atest6;
 DROP TABLE atestc;
 DROP TABLE atestp1;
 DROP TABLE atestp2;
+SELECT lo_unlink(oid) FROM pg_largeobject_metadata;
+ lo_unlink 
+-----------
+         1
+         1
+         1
+         1
+         1
+(5 rows)
+
 DROP GROUP regressgroup1;
 DROP GROUP regressgroup2;
 -- these are needed to clean up permissions
@@ -1044,3 +1248,5 @@ DROP USER regressuser2;
 DROP USER regressuser3;
 DROP USER regressuser4;
 DROP USER regressuser5;
+DROP USER regressuser6;
+ERROR:  role "regressuser6" does not exist

diff --git a/src/test/regress/expected/sanity_check.out b/src/test/regress/expected/sanity_check.out
index fe0d93670f8f7df5a133abf766770dffacae3826..2a4dc4755d74fbf70ce76d1fe482c219cae0e50a 100644 (file)
--- a/src/test/regress/expected/sanity_check.out
+++ b/src/test/regress/expected/sanity_check.out
@@ -106,6 +106,7 @@ SELECT relname, relhasindex
  pg_inherits             | t
  pg_language             | t
  pg_largeobject          | t
+ pg_largeobject_metadata | t
  pg_listener             | f
  pg_namespace            | t
  pg_opclass              | t
@@ -153,7 +154,7 @@ SELECT relname, relhasindex
  timetz_tbl              | f
  tinterval_tbl           | f
  varchar_tbl             | f
-(142 rows)
+(143 rows)
 
 --
 -- another sanity check: every system catalog that has OIDs should have

diff --git a/src/test/regress/sql/privileges.sql b/src/test/regress/sql/privileges.sql
index d4f728205f7980390dddf5f62f8d58b8df3845bc..8e8ff70608f6085a26d654a8a714a93c95ea3d0f 100644 (file)
--- a/src/test/regress/sql/privileges.sql
+++ b/src/test/regress/sql/privileges.sql
@@ -15,6 +15,9 @@ DROP ROLE IF EXISTS regressuser2;
 DROP ROLE IF EXISTS regressuser3;
 DROP ROLE IF EXISTS regressuser4;
 DROP ROLE IF EXISTS regressuser5;
+DROP ROLE IF EXISTS regressuser6;
+
+SELECT lo_unlink(oid) FROM pg_largeobject_metadata;
 
 RESET client_min_messages;
 
@@ -36,7 +39,6 @@ ALTER GROUP regressgroup2 ADD USER regressuser2;      -- duplicate
 ALTER GROUP regressgroup2 DROP USER regressuser2;
 ALTER GROUP regressgroup2 ADD USER regressuser4;
 
-
 -- test owner privileges
 
 SET SESSION AUTHORIZATION regressuser1;
@@ -485,6 +487,83 @@ SET SESSION AUTHORIZATION regressuser2;
 
 SELECT has_sequence_privilege('x_seq', 'USAGE');
 
+-- largeobject privilege tests
+\c -
+SET SESSION AUTHORIZATION regressuser1;
+
+SELECT lo_create(1001);
+SELECT lo_create(1002);
+SELECT lo_create(1003);
+SELECT lo_create(1004);
+SELECT lo_create(1005);
+
+GRANT ALL ON LARGE OBJECT 1001 TO PUBLIC;
+GRANT SELECT ON LARGE OBJECT 1003 TO regressuser2;
+GRANT SELECT,UPDATE ON LARGE OBJECT 1004 TO regressuser2;
+GRANT ALL ON LARGE OBJECT 1005 TO regressuser2;
+GRANT SELECT ON LARGE OBJECT 1005 TO regressuser2 WITH GRANT OPTION;
+
+GRANT SELECT, INSERT ON LARGE OBJECT 1001 TO PUBLIC;   -- to be failed
+GRANT SELECT, UPDATE ON LARGE OBJECT 1001 TO nosuchuser;       -- to be failed
+GRANT SELECT, UPDATE ON LARGE OBJECT  999 TO PUBLIC;   -- to be failed
+
+\c -
+SET SESSION AUTHORIZATION regressuser2;
+
+SELECT lo_create(2001);
+SELECT lo_create(2002);
+
+SELECT loread(lo_open(1001, x'40000'::int), 32);
+SELECT loread(lo_open(1002, x'40000'::int), 32);       -- to be denied
+SELECT loread(lo_open(1003, x'40000'::int), 32);
+SELECT loread(lo_open(1004, x'40000'::int), 32);
+
+SELECT lowrite(lo_open(1001, x'20000'::int), 'abcd');
+SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd');  -- to be denied
+SELECT lowrite(lo_open(1003, x'20000'::int), 'abcd');  -- to be denied
+SELECT lowrite(lo_open(1004, x'20000'::int), 'abcd');
+
+GRANT SELECT ON LARGE OBJECT 1005 TO regressuser3;
+GRANT UPDATE ON LARGE OBJECT 1006 TO regressuser3;     -- to be denied
+REVOKE ALL ON LARGE OBJECT 2001, 2002 FROM PUBLIC;
+GRANT ALL ON LARGE OBJECT 2001 TO regressuser3;
+
+SELECT lo_unlink(1001);                -- to be denied
+SELECT lo_unlink(2002);
+
+\c -
+-- confirm ACL setting
+SELECT oid, pg_get_userbyid(lomowner) ownername, lomacl FROM pg_largeobject_metadata;
+
+SET SESSION AUTHORIZATION regressuser3;
+
+SELECT loread(lo_open(1001, x'40000'::int), 32);
+SELECT loread(lo_open(1003, x'40000'::int), 32);       -- to be denied
+SELECT loread(lo_open(1005, x'40000'::int), 32);
+
+SELECT lo_truncate(lo_open(1005, x'20000'::int), 10);  -- to be denied
+SELECT lo_truncate(lo_open(2001, x'20000'::int), 10);
+
+-- compatibility mode in largeobject permission
+\c -
+SET lo_compat_privileges = false;      -- default setting
+SET SESSION AUTHORIZATION regressuser4;
+
+SELECT loread(lo_open(1002, x'40000'::int), 32);       -- to be denied
+SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd');  -- to be denied
+SELECT lo_truncate(lo_open(1002, x'20000'::int), 10);  -- to be denied
+SELECT lo_unlink(1002);                                        -- to be denied
+SELECT lo_export(1001, '/dev/null');                   -- to be denied
+
+\c -
+SET lo_compat_privileges = true;       -- compatibility mode
+SET SESSION AUTHORIZATION regressuser4;
+
+SELECT loread(lo_open(1002, x'40000'::int), 32);
+SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd');
+SELECT lo_truncate(lo_open(1002, x'20000'::int), 10);
+SELECT lo_unlink(1002);
+SELECT lo_export(1001, '/dev/null');                   -- to be denied
 
 -- test default ACLs
 \c -
@@ -611,6 +690,8 @@ DROP TABLE atestc;
 DROP TABLE atestp1;
 DROP TABLE atestp2;
 
+SELECT lo_unlink(oid) FROM pg_largeobject_metadata;
+
 DROP GROUP regressgroup1;
 DROP GROUP regressgroup2;
 
@@ -623,3 +704,4 @@ DROP USER regressuser2;
 DROP USER regressuser3;
 DROP USER regressuser4;
 DROP USER regressuser5;
+DROP USER regressuser6;