Eneboo - Documentación para desarrolladores
src/libpq/include/utils/acl.h
Ir a la documentación de este archivo.
00001 /*-------------------------------------------------------------------------
00002  *
00003  * acl.h
00004  *        Definition of (and support for) access control list data structures.
00005  *
00006  *
00007  * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
00008  * Portions Copyright (c) 1994, Regents of the University of California
00009  *
00010  * $PostgreSQL: pgsql/src/include/utils/acl.h,v 1.86 2005/11/04 17:25:15 tgl Exp $
00011  *
00012  * NOTES
00013  *        An ACL array is simply an array of AclItems, representing the union
00014  *        of the privileges represented by the individual items.  A zero-length
00015  *        array represents "no privileges".  There are no assumptions about the
00016  *        ordering of the items, but we do expect that there are no two entries
00017  *        in the array with the same grantor and grantee.
00018  *
00019  *        For backward-compatibility purposes we have to allow null ACL entries
00020  *        in system catalogs.  A null ACL will be treated as meaning "default
00021  *        protection" (i.e., whatever acldefault() returns).
00022  *-------------------------------------------------------------------------
00023  */
00024 #ifndef ACL_H
00025 #define ACL_H
00026 
00027 #include "nodes/parsenodes.h"
00028 #include "utils/array.h"
00029 
00030 
00031 /*
00032  * typedef AclMode is declared in parsenodes.h, also the individual privilege
00033  * bit meanings are defined there
00034  */
00035 
00036 #define ACL_ID_PUBLIC   0               /* placeholder for id in a PUBLIC acl item */
00037 
00038 /*
00039  * AclItem
00040  *
00041  * Note: must be same size on all platforms, because the size is hardcoded
00042  * in the pg_type.h entry for aclitem.
00043  */
00044 typedef struct AclItem
00045 {
00046         Oid                     ai_grantee;             /* ID that this item grants privs to */
00047         Oid                     ai_grantor;             /* grantor of privs */
00048         AclMode         ai_privs;               /* privilege bits */
00049 } AclItem;
00050 
00051 /*
00052  * The upper 16 bits of the ai_privs field of an AclItem are the grant option
00053  * bits, and the lower 16 bits are the actual privileges.  We use "rights"
00054  * to mean the combined grant option and privilege bits fields.
00055  */
00056 #define ACLITEM_GET_PRIVS(item)    ((item).ai_privs & 0xFFFF)
00057 #define ACLITEM_GET_GOPTIONS(item) (((item).ai_privs >> 16) & 0xFFFF)
00058 #define ACLITEM_GET_RIGHTS(item)   ((item).ai_privs)
00059 
00060 #define ACL_GRANT_OPTION_FOR(privs) (((AclMode) (privs) & 0xFFFF) << 16)
00061 #define ACL_OPTION_TO_PRIVS(privs)      (((AclMode) (privs) >> 16) & 0xFFFF)
00062 
00063 #define ACLITEM_SET_PRIVS(item,privs) \
00064   ((item).ai_privs = ((item).ai_privs & ~((AclMode) 0xFFFF)) | \
00065                                          ((AclMode) (privs) & 0xFFFF))
00066 #define ACLITEM_SET_GOPTIONS(item,goptions) \
00067   ((item).ai_privs = ((item).ai_privs & ~(((AclMode) 0xFFFF) << 16)) | \
00068                                          (((AclMode) (goptions) & 0xFFFF) << 16))
00069 #define ACLITEM_SET_RIGHTS(item,rights) \
00070   ((item).ai_privs = (AclMode) (rights))
00071 
00072 #define ACLITEM_SET_PRIVS_GOPTIONS(item,privs,goptions) \
00073   ((item).ai_privs = ((AclMode) (privs) & 0xFFFF) | \
00074                                          (((AclMode) (goptions) & 0xFFFF) << 16))
00075 
00076 
00077 #define ACLITEM_ALL_PRIV_BITS           ((AclMode) 0xFFFF)
00078 #define ACLITEM_ALL_GOPTION_BITS        ((AclMode) 0xFFFF << 16)
00079 
00080 /*
00081  * Definitions for convenient access to Acl (array of AclItem) and IdList
00082  * (array of Oid).      These are standard PostgreSQL arrays, but are restricted
00083  * to have one dimension.  We also ignore the lower bound when reading,
00084  * and set it to one when writing.
00085  *
00086  * CAUTION: as of PostgreSQL 7.1, these arrays are toastable (just like all
00087  * other array types).  Therefore, be careful to detoast them with the
00088  * macros provided, unless you know for certain that a particular array
00089  * can't have been toasted.
00090  */
00091 
00092 
00093 /*
00094  * Acl                  a one-dimensional array of AclItem
00095  */
00096 typedef ArrayType Acl;
00097 
00098 #define ACL_NUM(ACL)                    (ARR_DIMS(ACL)[0])
00099 #define ACL_DAT(ACL)                    ((AclItem *) ARR_DATA_PTR(ACL))
00100 #define ACL_N_SIZE(N)                   (ARR_OVERHEAD(1) + ((N) * sizeof(AclItem)))
00101 #define ACL_SIZE(ACL)                   ARR_SIZE(ACL)
00102 
00103 /*
00104  * IdList               a one-dimensional array of Oid
00105  */
00106 typedef ArrayType IdList;
00107 
00108 #define IDLIST_NUM(IDL)                 (ARR_DIMS(IDL)[0])
00109 #define IDLIST_DAT(IDL)                 ((Oid *) ARR_DATA_PTR(IDL))
00110 #define IDLIST_N_SIZE(N)                (ARR_OVERHEAD(1) + ((N) * sizeof(Oid)))
00111 #define IDLIST_SIZE(IDL)                ARR_SIZE(IDL)
00112 
00113 /*
00114  * fmgr macros for these types
00115  */
00116 #define DatumGetAclItemP(X)                ((AclItem *) DatumGetPointer(X))
00117 #define PG_GETARG_ACLITEM_P(n)     DatumGetAclItemP(PG_GETARG_DATUM(n))
00118 #define PG_RETURN_ACLITEM_P(x)     PG_RETURN_POINTER(x)
00119 
00120 #define DatumGetAclP(X)                    ((Acl *) PG_DETOAST_DATUM(X))
00121 #define DatumGetAclPCopy(X)                ((Acl *) PG_DETOAST_DATUM_COPY(X))
00122 #define PG_GETARG_ACL_P(n)                 DatumGetAclP(PG_GETARG_DATUM(n))
00123 #define PG_GETARG_ACL_P_COPY(n)    DatumGetAclPCopy(PG_GETARG_DATUM(n))
00124 #define PG_RETURN_ACL_P(x)                 PG_RETURN_POINTER(x)
00125 
00126 #define DatumGetIdListP(X)                 ((IdList *) PG_DETOAST_DATUM(X))
00127 #define DatumGetIdListPCopy(X)     ((IdList *) PG_DETOAST_DATUM_COPY(X))
00128 #define PG_GETARG_IDLIST_P(n)      DatumGetIdListP(PG_GETARG_DATUM(n))
00129 #define PG_GETARG_IDLIST_P_COPY(n) DatumGetIdListPCopy(PG_GETARG_DATUM(n))
00130 #define PG_RETURN_IDLIST_P(x)      PG_RETURN_POINTER(x)
00131 
00132 
00133 /*
00134  * ACL modification opcodes for aclupdate
00135  */
00136 #define ACL_MODECHG_ADD                 1
00137 #define ACL_MODECHG_DEL                 2
00138 #define ACL_MODECHG_EQL                 3
00139 
00140 /*
00141  * External representations of the privilege bits --- aclitemin/aclitemout
00142  * represent each possible privilege bit with a distinct 1-character code
00143  */
00144 #define ACL_INSERT_CHR                  'a'             /* formerly known as "append" */
00145 #define ACL_SELECT_CHR                  'r'             /* formerly known as "read" */
00146 #define ACL_UPDATE_CHR                  'w'             /* formerly known as "write" */
00147 #define ACL_DELETE_CHR                  'd'
00148 #define ACL_RULE_CHR                    'R'
00149 #define ACL_REFERENCES_CHR              'x'
00150 #define ACL_TRIGGER_CHR                 't'
00151 #define ACL_EXECUTE_CHR                 'X'
00152 #define ACL_USAGE_CHR                   'U'
00153 #define ACL_CREATE_CHR                  'C'
00154 #define ACL_CREATE_TEMP_CHR             'T'
00155 
00156 /* string holding all privilege code chars, in order by bitmask position */
00157 #define ACL_ALL_RIGHTS_STR      "arwdRxtXUCT"
00158 
00159 /*
00160  * Bitmasks defining "all rights" for each supported object type
00161  */
00162 #define ACL_ALL_RIGHTS_RELATION         (ACL_INSERT|ACL_SELECT|ACL_UPDATE|ACL_DELETE|ACL_RULE|ACL_REFERENCES|ACL_TRIGGER)
00163 #define ACL_ALL_RIGHTS_DATABASE         (ACL_CREATE|ACL_CREATE_TEMP)
00164 #define ACL_ALL_RIGHTS_FUNCTION         (ACL_EXECUTE)
00165 #define ACL_ALL_RIGHTS_LANGUAGE         (ACL_USAGE)
00166 #define ACL_ALL_RIGHTS_NAMESPACE        (ACL_USAGE|ACL_CREATE)
00167 #define ACL_ALL_RIGHTS_TABLESPACE       (ACL_CREATE)
00168 
00169 /* operation codes for pg_*_aclmask */
00170 typedef enum
00171 {
00172         ACLMASK_ALL,                            /* normal case: compute all bits */
00173         ACLMASK_ANY                                     /* return when result is known nonzero */
00174 } AclMaskHow;
00175 
00176 /* result codes for pg_*_aclcheck */
00177 typedef enum
00178 {
00179         ACLCHECK_OK = 0,
00180         ACLCHECK_NO_PRIV,
00181         ACLCHECK_NOT_OWNER
00182 } AclResult;
00183 
00184 /* this enum covers all object types that can have privilege errors */
00185 /* currently it's only used to tell aclcheck_error what to say */
00186 typedef enum AclObjectKind
00187 {
00188         ACL_KIND_CLASS,                         /* pg_class */
00189         ACL_KIND_DATABASE,                      /* pg_database */
00190         ACL_KIND_PROC,                          /* pg_proc */
00191         ACL_KIND_OPER,                          /* pg_operator */
00192         ACL_KIND_TYPE,                          /* pg_type */
00193         ACL_KIND_LANGUAGE,                      /* pg_language */
00194         ACL_KIND_NAMESPACE,                     /* pg_namespace */
00195         ACL_KIND_OPCLASS,                       /* pg_opclass */
00196         ACL_KIND_CONVERSION,            /* pg_conversion */
00197         ACL_KIND_TABLESPACE,            /* pg_tablespace */
00198         MAX_ACL_KIND                            /* MUST BE LAST */
00199 } AclObjectKind;
00200 
00201 /*
00202  * routines used internally
00203  */
00204 extern Acl *acldefault(GrantObjectType objtype, Oid ownerId);
00205 extern Acl *aclupdate(const Acl *old_acl, const AclItem *mod_aip,
00206                   int modechg, Oid ownerId, DropBehavior behavior);
00207 extern Acl *aclnewowner(const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId);
00208 
00209 extern AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId,
00210                 AclMode mask, AclMaskHow how);
00211 extern int      aclmembers(const Acl *acl, Oid **roleids);
00212 
00213 extern bool has_privs_of_role(Oid member, Oid role);
00214 extern bool is_member_of_role(Oid member, Oid role);
00215 extern bool is_member_of_role_nosuper(Oid member, Oid role);
00216 extern bool is_admin_of_role(Oid member, Oid role);
00217 extern void check_is_member_of_role(Oid member, Oid role);
00218 
00219 extern void select_best_grantor(Oid roleId, AclMode privileges,
00220                                         const Acl *acl, Oid ownerId,
00221                                         Oid *grantorId, AclMode *grantOptions);
00222 
00223 extern void initialize_acl(void);
00224 
00225 /*
00226  * SQL functions (from acl.c)
00227  */
00228 extern Datum aclitemin(PG_FUNCTION_ARGS);
00229 extern Datum aclitemout(PG_FUNCTION_ARGS);
00230 extern Datum aclinsert(PG_FUNCTION_ARGS);
00231 extern Datum aclremove(PG_FUNCTION_ARGS);
00232 extern Datum aclcontains(PG_FUNCTION_ARGS);
00233 extern Datum makeaclitem(PG_FUNCTION_ARGS);
00234 extern Datum aclitem_eq(PG_FUNCTION_ARGS);
00235 extern Datum hash_aclitem(PG_FUNCTION_ARGS);
00236 
00237 /*
00238  * prototypes for functions in aclchk.c
00239  */
00240 extern void ExecuteGrantStmt(GrantStmt *stmt);
00241 
00242 extern AclMode pg_class_aclmask(Oid table_oid, Oid roleid,
00243                                  AclMode mask, AclMaskHow how);
00244 extern AclMode pg_database_aclmask(Oid db_oid, Oid roleid,
00245                                         AclMode mask, AclMaskHow how);
00246 extern AclMode pg_proc_aclmask(Oid proc_oid, Oid roleid,
00247                                 AclMode mask, AclMaskHow how);
00248 extern AclMode pg_language_aclmask(Oid lang_oid, Oid roleid,
00249                                         AclMode mask, AclMaskHow how);
00250 extern AclMode pg_namespace_aclmask(Oid nsp_oid, Oid roleid,
00251                                          AclMode mask, AclMaskHow how);
00252 extern AclMode pg_tablespace_aclmask(Oid spc_oid, Oid roleid,
00253                                           AclMode mask, AclMaskHow how);
00254 
00255 extern AclResult pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode);
00256 extern AclResult pg_database_aclcheck(Oid db_oid, Oid roleid, AclMode mode);
00257 extern AclResult pg_proc_aclcheck(Oid proc_oid, Oid roleid, AclMode mode);
00258 extern AclResult pg_language_aclcheck(Oid lang_oid, Oid roleid, AclMode mode);
00259 extern AclResult pg_namespace_aclcheck(Oid nsp_oid, Oid roleid, AclMode mode);
00260 extern AclResult pg_tablespace_aclcheck(Oid spc_oid, Oid roleid, AclMode mode);
00261 
00262 extern void aclcheck_error(AclResult aclerr, AclObjectKind objectkind,
00263                            const char *objectname);
00264 
00265 /* ownercheck routines just return true (owner) or false (not) */
00266 extern bool pg_class_ownercheck(Oid class_oid, Oid roleid);
00267 extern bool pg_type_ownercheck(Oid type_oid, Oid roleid);
00268 extern bool pg_oper_ownercheck(Oid oper_oid, Oid roleid);
00269 extern bool pg_proc_ownercheck(Oid proc_oid, Oid roleid);
00270 extern bool pg_namespace_ownercheck(Oid nsp_oid, Oid roleid);
00271 extern bool pg_tablespace_ownercheck(Oid spc_oid, Oid roleid);
00272 extern bool pg_opclass_ownercheck(Oid opc_oid, Oid roleid);
00273 extern bool pg_database_ownercheck(Oid db_oid, Oid roleid);
00274 extern bool pg_conversion_ownercheck(Oid conv_oid, Oid roleid);
00275 
00276 #endif   /* ACL_H */
 Todo Clases Namespaces Archivos Funciones Variables 'typedefs' Enumeraciones Valores de enumeraciones Propiedades Amigas 'defines'