acl.h 5.13 KB
Newer Older
1 2
/*-------------------------------------------------------------------------
 *
3
 * acl.h
4
 *	  Definition of (and support for) access control list data structures.
5 6 7 8
 *
 *
 * Copyright (c) 1994, Regents of the University of California
 *
9
 * $Id: acl.h,v 1.23 2000/01/16 20:04:59 petere Exp $
10 11
 *
 * NOTES
12 13 14
 *	  For backward-compatability purposes we have to allow there
 *	  to be a null ACL in a pg_class tuple.  This will be defined as
 *	  meaning "no protection" (i.e., old catalogs get old semantics).
15
 *
16 17 18
 *	  The AclItems in an ACL array are currently kept in sorted order.
 *	  Things will break hard if you change that without changing the
 *	  code wherever this is included.
19 20 21 22 23 24
 *
 *-------------------------------------------------------------------------
 */
#ifndef ACL_H
#define ACL_H

25 26
#include "nodes/parsenodes.h"
#include "utils/array.h"
27
#include "utils/memutils.h"
28 29

/*
30 31
 * AclId		system identifier for the user, group, etc.
 *				XXX currently UNIX uid for users...
32
 */
33
typedef uint32 AclId;
34 35

#define ACL_ID_WORLD	0		/* XXX only idtype should be checked */
36 37 38 39

/*
 * AclIdType	tag that describes if the AclId is a user, group, etc.
 */
40
typedef uint8 AclIdType;
41 42

#define ACL_IDTYPE_WORLD		0x00
43
#define ACL_IDTYPE_UID			0x01	/* user id - from pg_shadow */
44
#define ACL_IDTYPE_GID			0x02	/* group id - from pg_group */
45 46

/*
47 48 49 50
 * AclMode		the actual permissions
 *				XXX should probably use bit.h routines.
 *				XXX should probably also stuff the modechg cruft in the
 *					high bits, too.
51
 */
52
typedef uint8 AclMode;
53 54 55 56 57 58 59 60 61 62 63

#define ACL_NO			0		/* no permissions */
#define ACL_AP			(1<<0)	/* append */
#define ACL_RD			(1<<1)	/* read */
#define ACL_WR			(1<<2)	/* write (append/delete/replace) */
#define ACL_RU			(1<<3)	/* place rules */
#define N_ACL_MODES		4

#define ACL_MODECHG_ADD			1
#define ACL_MODECHG_DEL			2
#define ACL_MODECHG_EQL			3
64 65

/* change this line if you want to set the default acl permission  */
Marc G. Fournier's avatar
Marc G. Fournier committed
66
#define ACL_WORLD_DEFAULT		(ACL_NO)
67 68
/* #define		ACL_WORLD_DEFAULT		(ACL_RD|ACL_WR|ACL_AP|ACL_RU) */
#define ACL_OWNER_DEFAULT		(ACL_RD|ACL_WR|ACL_AP|ACL_RU)
69 70 71 72

/*
 * AclItem
 */
73 74
typedef struct AclItem
{
75 76 77
	AclId		ai_id;
	AclIdType	ai_idtype;
	AclMode		ai_mode;
78 79 80 81 82
	/*
	 *	This is actually type 'aclitem', and we want a fixed size for
	 *	for all platforms, so we pad this with dummies.
	 */
	char		dummy1, dummy2;
Bruce Momjian's avatar
Bruce Momjian committed
83
} AclItem;
84 85

/* Note: if the size of AclItem changes,
86 87 88
   change the aclitem typlen in pg_type.h */

/*
89
 * The value of the first dimension-array element.	Since these arrays
90 91 92
 * always have a lower-bound of 0, this is the same as the number of
 * elements in the array.
 */
93
#define ARR_DIM0(a) (((unsigned *) (((char *) a) + sizeof(ArrayType)))[0])
94 95

/*
96
 * Acl			a one-dimensional POSTGRES array of AclItem
97 98
 */
typedef ArrayType Acl;
99 100 101 102 103 104

#define ACL_NUM(ACL)			ARR_DIM0(ACL)
#define ACL_DAT(ACL)			((AclItem *) ARR_DATA_PTR(ACL))
#define ACL_N_SIZE(N) \
		((unsigned) (ARR_OVERHEAD(1) + ((N) * sizeof(AclItem))))
#define ACL_SIZE(ACL)			ARR_SIZE(ACL)
105 106

/*
107
 * IdList		a one-dimensional POSTGRES array of AclId
108 109
 */
typedef ArrayType IdList;
110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125

#define IDLIST_NUM(IDL)			ARR_DIM0(IDL)
#define IDLIST_DAT(IDL)			((AclId *) ARR_DATA_PTR(IDL))
#define IDLIST_N_SIZE(N) \
		((unsigned) (ARR_OVERHEAD(1) + ((N) * sizeof(AclId))))
#define IDLIST_SIZE(IDL)		ARR_SIZE(IDL)

#define ACL_MODECHG_STR			"+-="	/* list of valid characters */
#define ACL_MODECHG_ADD_CHR		'+'
#define ACL_MODECHG_DEL_CHR		'-'
#define ACL_MODECHG_EQL_CHR		'='
#define ACL_MODE_STR			"arwR"	/* list of valid characters */
#define ACL_MODE_AP_CHR			'a'
#define ACL_MODE_RD_CHR			'r'
#define ACL_MODE_WR_CHR			'w'
#define ACL_MODE_RU_CHR			'R'
126

127
/* result codes for pg_aclcheck */
128 129 130 131
#define ACLCHECK_OK				  0
#define ACLCHECK_NO_PRIV		  1
#define ACLCHECK_NO_CLASS		  2
#define ACLCHECK_NOT_OWNER		  3
132 133

/* warning messages.  set these in aclchk.c. */
134
extern char *aclcheck_error_strings[];
135 136 137 138 139 140 141

/*
 * Enable ACL execution tracing and table dumps
 */
/*#define ACLDEBUG_TRACE*/

/*
142
 * routines used internally (parser, etc.)
143
 */
144 145
extern Acl *aclownerdefault(char *relname, AclId ownerid);
extern Acl *acldefault(char *relname);
Bruce Momjian's avatar
Bruce Momjian committed
146
extern Acl *aclinsert3(Acl *old_acl, AclItem *mod_aip, unsigned modechg);
147

148 149
extern char *aclmakepriv(char *old_privlist, char new_priv);
extern char *aclmakeuser(char *user_type, char *user);
150
extern ChangeACLStmt *makeAclStmt(char *privs, List *rel_list, char *grantee,
151
			char grant_or_revoke);
152 153 154 155

/*
 * exported routines (from acl.c)
 */
156
extern Acl *makeacl(int n);
157
extern AclItem *aclitemin(char *s);
Bruce Momjian's avatar
Bruce Momjian committed
158 159 160 161
extern char *aclitemout(AclItem *aip);
extern Acl *aclinsert(Acl *old_acl, AclItem *mod_aip);
extern Acl *aclremove(Acl *old_acl, AclItem *mod_aip);
extern int32 aclcontains(Acl *acl, AclItem *aip);
162 163 164 165

/*
 * prototypes for functions in aclchk.c
 */
Bruce Momjian's avatar
Bruce Momjian committed
166
extern void ChangeAcl(char *relname, AclItem *mod_aip, unsigned modechg);
167 168
extern AclId get_grosysid(char *groname);
extern char *get_groname(AclId grosysid);
169

170
extern int32 pg_aclcheck(char *relname, char *usename, AclMode mode);
171
extern int32 pg_ownercheck(const char *usename, const char *value, int cacheid);
172
extern int32 pg_func_ownercheck(char *usename, char *funcname,
173
				   int nargs, Oid *arglist);
174
extern int32 pg_aggr_ownercheck(char *usename, char *aggname,
175 176
				   Oid basetypeID);

177
#endif	 /* ACL_H */