>From ebe2d8b5549eddbd073b65aabe15af9299b948f6 Mon Sep 17 00:00:00 2001 From: Kyotaro Horiguchi Date: Wed, 29 Oct 2014 17:38:46 +0900 Subject: [PATCH] CURRENT_USER_WIP_v1 --- src/backend/commands/alter.c | 2 +- src/backend/commands/schemacmds.c | 20 ++++++++++- src/backend/commands/tablecmds.c | 2 +- src/backend/commands/user.c | 48 ++++++++++++++++++-------- src/backend/parser/gram.y | 71 ++++++++++++++++++++------------------- src/include/commands/dbcommands.h | 1 + src/include/commands/user.h | 1 + 7 files changed, 93 insertions(+), 52 deletions(-) diff --git a/src/backend/commands/alter.c b/src/backend/commands/alter.c index c9a9baf..1f598f6 100644 --- a/src/backend/commands/alter.c +++ b/src/backend/commands/alter.c @@ -678,7 +678,7 @@ AlterObjectNamespace_internal(Relation rel, Oid objid, Oid nspOid) Oid ExecAlterOwnerStmt(AlterOwnerStmt *stmt) { - Oid newowner = get_role_oid(stmt->newowner, false); + Oid newowner = ResolveRoleId(stmt->newowner, false); switch (stmt->objectType) { diff --git a/src/backend/commands/schemacmds.c b/src/backend/commands/schemacmds.c index 03f5514..d67789a 100644 --- a/src/backend/commands/schemacmds.c +++ b/src/backend/commands/schemacmds.c @@ -23,8 +23,10 @@ #include "catalog/namespace.h" #include "catalog/objectaccess.h" #include "catalog/pg_namespace.h" +#include "catalog/pg_authid.h" #include "commands/dbcommands.h" #include "commands/schemacmds.h" +#include "commands/user.h" #include "miscadmin.h" #include "parser/parse_utilcmd.h" #include "tcop/utility.h" @@ -59,10 +61,26 @@ CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString) * Who is supposed to own the new schema? */ if (authId) - owner_uid = get_role_oid(authId, false); + owner_uid = ResolveRoleId(authId, false); else owner_uid = saved_uid; + /* Use the name for the owner_uid as the schema name if it is omitted */ + if (!schemaName) + { + HeapTuple tuple; + + tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(owner_uid)); + if (!HeapTupleIsValid(tuple)) + ereport(ERROR, + (errcode(ERRCODE_UNDEFINED_OBJECT), + errmsg("roleid %d does not exist", owner_uid))); + + schemaName = + strdup(((Form_pg_authid) GETSTRUCT(tuple))->rolname.data); + ReleaseSysCache(tuple); + } + /* * To create a schema, must have schema-create privilege on the current * database and must be able to become the target role (this does not diff --git a/src/backend/commands/tablecmds.c b/src/backend/commands/tablecmds.c index ecdff1e..0b82765 100644 --- a/src/backend/commands/tablecmds.c +++ b/src/backend/commands/tablecmds.c @@ -3473,7 +3473,7 @@ ATExecCmd(List **wqueue, AlteredTableInfo *tab, Relation rel, break; case AT_ChangeOwner: /* ALTER OWNER */ ATExecChangeOwner(RelationGetRelid(rel), - get_role_oid(cmd->name, false), + ResolveRoleId(cmd->name, false), false, lockmode); break; case AT_ClusterOn: /* CLUSTER ON */ diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index 1a73fd8..ab0612e 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -63,6 +63,27 @@ have_createrole_privilege(void) return has_createrole_privilege(GetUserId()); } +/* + * ResolveRoleId - Resolving role id with treating some special keywords which + * appears as RoleId_or_curruser in gram.y. + * + * If missing_ok is false, throw an error if tablespace name not found. If + * true, just return InvalidOid. + */ +Oid ResolveRoleId(const char *name, bool missing_ok) +{ + Oid roleid; + + if (!name) /* PUBLIC user mapping */ + return InvalidOid; + else if (strcmp(name, "current_user") == 0) + roleid = GetUserId(); + else + roleid = get_role_oid(name, missing_ok); + + return roleid; +} + /* * CREATE ROLE @@ -649,13 +670,13 @@ AlterRole(AlterRoleStmt *stmt) pg_authid_rel = heap_open(AuthIdRelationId, RowExclusiveLock); pg_authid_dsc = RelationGetDescr(pg_authid_rel); - tuple = SearchSysCache1(AUTHNAME, PointerGetDatum(stmt->role)); + roleid = ResolveRoleId(stmt->role, false); + + tuple = SearchSysCache1(AUTHOID, PointerGetDatum(roleid)); if (!HeapTupleIsValid(tuple)) ereport(ERROR, (errcode(ERRCODE_UNDEFINED_OBJECT), - errmsg("role \"%s\" does not exist", stmt->role))); - - roleid = HeapTupleGetOid(tuple); + errmsg("role \"%s\" does not exist", roleid))); /* * To mess with a superuser you gotta be superuser; else you need @@ -870,21 +891,20 @@ AlterRoleSet(AlterRoleSetStmt *stmt) if (stmt->role) { - roletuple = SearchSysCache1(AUTHNAME, PointerGetDatum(stmt->role)); - - if (!HeapTupleIsValid(roletuple)) - ereport(ERROR, - (errcode(ERRCODE_UNDEFINED_OBJECT), - errmsg("role \"%s\" does not exist", stmt->role))); - - roleid = HeapTupleGetOid(roletuple); + roleid = ResolveRoleId(stmt->role, false); /* * Obtain a lock on the role and make sure it didn't go away in the * meantime. */ - shdepLockAndCheckObject(AuthIdRelationId, HeapTupleGetOid(roletuple)); + shdepLockAndCheckObject(AuthIdRelationId, roleid); + roletuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid)); + if (!HeapTupleIsValid(roletuple)) + ereport(ERROR, + (errcode(ERRCODE_UNDEFINED_OBJECT), + errmsg("roleid %d does not exist", roleid))); + /* * To mess with a superuser you gotta be superuser; else you need * createrole, or just want to change your own settings @@ -1268,7 +1288,7 @@ GrantRole(GrantRoleStmt *stmt) (errcode(ERRCODE_INVALID_GRANT_OPERATION), errmsg("column names cannot be included in GRANT/REVOKE ROLE"))); - roleid = get_role_oid(rolename, false); + roleid = ResolveRoleId(rolename, false); if (stmt->is_grant) AddRoleMems(rolename, roleid, stmt->grantee_roles, grantee_ids, diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index 0de9584..da82073 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -474,7 +474,8 @@ static Node *makeRecursiveViewSelect(char *relname, List *aliases, Node *query); %type Iconst SignedIconst %type Sconst comment_text notify_payload -%type RoleId opt_granted_by opt_boolean_or_string +%type RoleId RoleId_or_curruser +%type opt_granted_by opt_boolean_or_string %type var_list %type ColId ColLabel var_name type_function_name param_name %type NonReservedWord NonReservedWord_or_Sconst @@ -1036,7 +1037,7 @@ CreateUserStmt: *****************************************************************************/ AlterRoleStmt: - ALTER ROLE RoleId opt_with AlterOptRoleList + ALTER ROLE RoleId_or_curruser opt_with AlterOptRoleList { AlterRoleStmt *n = makeNode(AlterRoleStmt); n->role = $3; @@ -1052,7 +1053,7 @@ opt_in_database: ; AlterRoleSetStmt: - ALTER ROLE RoleId opt_in_database SetResetClause + ALTER ROLE RoleId_or_curruser opt_in_database SetResetClause { AlterRoleSetStmt *n = makeNode(AlterRoleSetStmt); n->role = $3; @@ -1078,7 +1079,7 @@ AlterRoleSetStmt: *****************************************************************************/ AlterUserStmt: - ALTER USER RoleId opt_with AlterOptRoleList + ALTER USER RoleId_or_curruser opt_with AlterOptRoleList { AlterRoleStmt *n = makeNode(AlterRoleStmt); n->role = $3; @@ -1090,7 +1091,7 @@ AlterUserStmt: AlterUserSetStmt: - ALTER USER RoleId SetResetClause + ALTER USER RoleId_or_curruser SetResetClause { AlterRoleSetStmt *n = makeNode(AlterRoleSetStmt); n->role = $3; @@ -1227,14 +1228,11 @@ DropGroupStmt: *****************************************************************************/ CreateSchemaStmt: - CREATE SCHEMA OptSchemaName AUTHORIZATION RoleId OptSchemaEltList + CREATE SCHEMA OptSchemaName AUTHORIZATION RoleId_or_curruser OptSchemaEltList { CreateSchemaStmt *n = makeNode(CreateSchemaStmt); - /* One can omit the schema name or the authorization id. */ - if ($3 != NULL) - n->schemaname = $3; - else - n->schemaname = $5; + /* schemaname will be completed using authid if NULL */ + n->schemaname = $3; n->authid = $5; n->schemaElts = $6; n->if_not_exists = false; @@ -1250,7 +1248,7 @@ CreateSchemaStmt: n->if_not_exists = false; $$ = (Node *)n; } - | CREATE SCHEMA IF_P NOT EXISTS OptSchemaName AUTHORIZATION RoleId OptSchemaEltList + | CREATE SCHEMA IF_P NOT EXISTS OptSchemaName AUTHORIZATION RoleId_or_curruser OptSchemaEltList { CreateSchemaStmt *n = makeNode(CreateSchemaStmt); /* One can omit the schema name or the authorization id. */ @@ -2259,7 +2257,7 @@ alter_table_cmd: $$ = (Node *)n; } /* ALTER TABLE OWNER TO RoleId */ - | OWNER TO RoleId + | OWNER TO RoleId_or_curruser { AlterTableCmd *n = makeNode(AlterTableCmd); n->subtype = AT_ChangeOwner; @@ -6218,7 +6216,7 @@ grantee_list: | grantee_list ',' grantee { $$ = lappend($1, $3); } ; -grantee: RoleId +grantee: RoleId_or_curruser { PrivGrantee *n = makeNode(PrivGrantee); /* This hack lets us avoid reserving PUBLIC as a keyword*/ @@ -6228,7 +6226,7 @@ grantee: RoleId n->rolname = $1; $$ = (Node *)n; } - | GROUP_P RoleId + | GROUP_P RoleId_or_curruser { PrivGrantee *n = makeNode(PrivGrantee); /* Treat GROUP PUBLIC as a synonym for PUBLIC */ @@ -6308,7 +6306,7 @@ opt_grant_admin_option: WITH ADMIN OPTION { $$ = TRUE; } | /*EMPTY*/ { $$ = FALSE; } ; -opt_granted_by: GRANTED BY RoleId { $$ = $3; } +opt_granted_by: GRANTED BY RoleId_or_curruser { $$ = $3; } | /*EMPTY*/ { $$ = NULL; } ; @@ -7941,7 +7939,7 @@ AlterObjectSchemaStmt: * *****************************************************************************/ -AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId +AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId_or_curruser { AlterOwnerStmt *n = makeNode(AlterOwnerStmt); n->objectType = OBJECT_AGGREGATE; @@ -7950,7 +7948,7 @@ AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId n->newowner = $7; $$ = (Node *)n; } - | ALTER COLLATION any_name OWNER TO RoleId + | ALTER COLLATION any_name OWNER TO RoleId_or_curruser { AlterOwnerStmt *n = makeNode(AlterOwnerStmt); n->objectType = OBJECT_COLLATION; @@ -7958,7 +7956,7 @@ AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId n->newowner = $6; $$ = (Node *)n; } - | ALTER CONVERSION_P any_name OWNER TO RoleId + | ALTER CONVERSION_P any_name OWNER TO RoleId_or_curruser { AlterOwnerStmt *n = makeNode(AlterOwnerStmt); n->objectType = OBJECT_CONVERSION; @@ -7966,7 +7964,7 @@ AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId n->newowner = $6; $$ = (Node *)n; } - | ALTER DATABASE database_name OWNER TO RoleId + | ALTER DATABASE database_name OWNER TO RoleId_or_curruser { AlterOwnerStmt *n = makeNode(AlterOwnerStmt); n->objectType = OBJECT_DATABASE; @@ -7974,7 +7972,7 @@ AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId n->newowner = $6; $$ = (Node *)n; } - | ALTER DOMAIN_P any_name OWNER TO RoleId + | ALTER DOMAIN_P any_name OWNER TO RoleId_or_curruser { AlterOwnerStmt *n = makeNode(AlterOwnerStmt); n->objectType = OBJECT_DOMAIN; @@ -7982,7 +7980,7 @@ AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId n->newowner = $6; $$ = (Node *)n; } - | ALTER FUNCTION function_with_argtypes OWNER TO RoleId + | ALTER FUNCTION function_with_argtypes OWNER TO RoleId_or_curruser { AlterOwnerStmt *n = makeNode(AlterOwnerStmt); n->objectType = OBJECT_FUNCTION; @@ -7991,7 +7989,7 @@ AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId n->newowner = $6; $$ = (Node *)n; } - | ALTER opt_procedural LANGUAGE name OWNER TO RoleId + | ALTER opt_procedural LANGUAGE name OWNER TO RoleId_or_curruser { AlterOwnerStmt *n = makeNode(AlterOwnerStmt); n->objectType = OBJECT_LANGUAGE; @@ -7999,7 +7997,7 @@ AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId n->newowner = $7; $$ = (Node *)n; } - | ALTER LARGE_P OBJECT_P NumericOnly OWNER TO RoleId + | ALTER LARGE_P OBJECT_P NumericOnly OWNER TO RoleId_or_curruser { AlterOwnerStmt *n = makeNode(AlterOwnerStmt); n->objectType = OBJECT_LARGEOBJECT; @@ -8007,7 +8005,7 @@ AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId n->newowner = $7; $$ = (Node *)n; } - | ALTER OPERATOR any_operator oper_argtypes OWNER TO RoleId + | ALTER OPERATOR any_operator oper_argtypes OWNER TO RoleId_or_curruser { AlterOwnerStmt *n = makeNode(AlterOwnerStmt); n->objectType = OBJECT_OPERATOR; @@ -8016,7 +8014,7 @@ AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId n->newowner = $7; $$ = (Node *)n; } - | ALTER OPERATOR CLASS any_name USING access_method OWNER TO RoleId + | ALTER OPERATOR CLASS any_name USING access_method OWNER TO RoleId_or_curruser { AlterOwnerStmt *n = makeNode(AlterOwnerStmt); n->objectType = OBJECT_OPCLASS; @@ -8025,7 +8023,7 @@ AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId n->newowner = $9; $$ = (Node *)n; } - | ALTER OPERATOR FAMILY any_name USING access_method OWNER TO RoleId + | ALTER OPERATOR FAMILY any_name USING access_method OWNER TO RoleId_or_curruser { AlterOwnerStmt *n = makeNode(AlterOwnerStmt); n->objectType = OBJECT_OPFAMILY; @@ -8034,7 +8032,7 @@ AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId n->newowner = $9; $$ = (Node *)n; } - | ALTER SCHEMA name OWNER TO RoleId + | ALTER SCHEMA name OWNER TO RoleId_or_curruser { AlterOwnerStmt *n = makeNode(AlterOwnerStmt); n->objectType = OBJECT_SCHEMA; @@ -8042,7 +8040,7 @@ AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId n->newowner = $6; $$ = (Node *)n; } - | ALTER TYPE_P any_name OWNER TO RoleId + | ALTER TYPE_P any_name OWNER TO RoleId_or_curruser { AlterOwnerStmt *n = makeNode(AlterOwnerStmt); n->objectType = OBJECT_TYPE; @@ -8050,7 +8048,7 @@ AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId n->newowner = $6; $$ = (Node *)n; } - | ALTER TABLESPACE name OWNER TO RoleId + | ALTER TABLESPACE name OWNER TO RoleId_or_curruser { AlterOwnerStmt *n = makeNode(AlterOwnerStmt); n->objectType = OBJECT_TABLESPACE; @@ -8058,7 +8056,7 @@ AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId n->newowner = $6; $$ = (Node *)n; } - | ALTER TEXT_P SEARCH DICTIONARY any_name OWNER TO RoleId + | ALTER TEXT_P SEARCH DICTIONARY any_name OWNER TO RoleId_or_curruser { AlterOwnerStmt *n = makeNode(AlterOwnerStmt); n->objectType = OBJECT_TSDICTIONARY; @@ -8066,7 +8064,7 @@ AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId n->newowner = $8; $$ = (Node *)n; } - | ALTER TEXT_P SEARCH CONFIGURATION any_name OWNER TO RoleId + | ALTER TEXT_P SEARCH CONFIGURATION any_name OWNER TO RoleId_or_curruser { AlterOwnerStmt *n = makeNode(AlterOwnerStmt); n->objectType = OBJECT_TSCONFIGURATION; @@ -8074,7 +8072,7 @@ AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId n->newowner = $8; $$ = (Node *)n; } - | ALTER FOREIGN DATA_P WRAPPER name OWNER TO RoleId + | ALTER FOREIGN DATA_P WRAPPER name OWNER TO RoleId_or_curruser { AlterOwnerStmt *n = makeNode(AlterOwnerStmt); n->objectType = OBJECT_FDW; @@ -8082,7 +8080,7 @@ AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId n->newowner = $8; $$ = (Node *)n; } - | ALTER SERVER name OWNER TO RoleId + | ALTER SERVER name OWNER TO RoleId_or_curruser { AlterOwnerStmt *n = makeNode(AlterOwnerStmt); n->objectType = OBJECT_FOREIGN_SERVER; @@ -8090,7 +8088,7 @@ AlterOwnerStmt: ALTER AGGREGATE func_name aggr_args OWNER TO RoleId n->newowner = $6; $$ = (Node *)n; } - | ALTER EVENT TRIGGER name OWNER TO RoleId + | ALTER EVENT TRIGGER name OWNER TO RoleId_or_curruser { AlterOwnerStmt *n = makeNode(AlterOwnerStmt); n->objectType = OBJECT_EVENT_TRIGGER; @@ -12922,6 +12920,9 @@ Iconst: ICONST { $$ = $1; }; Sconst: SCONST { $$ = $1; }; RoleId: NonReservedWord { $$ = $1; }; +RoleId_or_curruser: RoleId { $$ = $1; } + | CURRENT_USER { $$ = "current_user";}; + role_list: RoleId { $$ = list_make1(makeString($1)); } | role_list ',' RoleId diff --git a/src/include/commands/dbcommands.h b/src/include/commands/dbcommands.h index 811713f..7c1df8e 100644 --- a/src/include/commands/dbcommands.h +++ b/src/include/commands/dbcommands.h @@ -16,6 +16,7 @@ #include "access/xlog.h" #include "nodes/parsenodes.h" +//#include "access/htup.h" /* XLOG stuff */ #define XLOG_DBASE_CREATE 0x00 diff --git a/src/include/commands/user.h b/src/include/commands/user.h index d766851..9e1f2a5 100644 --- a/src/include/commands/user.h +++ b/src/include/commands/user.h @@ -22,6 +22,7 @@ typedef void (*check_password_hook_type) (const char *username, const char *pass extern PGDLLIMPORT check_password_hook_type check_password_hook; +extern Oid ResolveRoleId(const char *name, bool missing_ok); extern Oid CreateRole(CreateRoleStmt *stmt); extern Oid AlterRole(AlterRoleStmt *stmt); extern Oid AlterRoleSet(AlterRoleSetStmt *stmt); -- 2.1.0.GIT