Bring syntax of role-related commands into SQL compliance. To avoid

syntactic conflicts, both privilege and role GRANT/REVOKE commands have to use the same production for scanning the list of tokens that might eventually turn out to be privileges or role names. So, change the existing GRANT/REVOKE code to expect a list of strings not pre-reduced AclMode values. Fix a couple other minor issues while at it, such as InitializeAcl function name conflicting with a Windows system function.

Bring syntax of role-related commands into SQL compliance. To avoid
syntactic conflicts, both privilege and role GRANT/REVOKE commands have to use the same production for scanning the list of tokens that might eventually turn out to be privileges or role names. So, change the existing GRANT/REVOKE code to expect a list of strings not pre-reduced AclMode values. Fix a couple other minor issues while at it, such as InitializeAcl function name conflicting with a Windows system function.
0eaa36a1 · Tom Lane · 88b49cdc · 0eaa36a1 · 0eaa36a1 · 0eaa36a1
Commit 0eaa36a1 authored Jun 28, 2005 by Tom Lane
11 changed files
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.113 2005/06/28 05:08:52 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.114 2005/06/28 19:51:21 tgl Exp $
 *
 * NOTES
 *	  See acl.h.
@@ -47,6 +47,7 @@ static void ExecuteGrantStmt_Language(GrantStmt *stmt);
 static void ExecuteGrantStmt_Namespace(GrantStmt *stmt);
 static void ExecuteGrantStmt_Tablespace(GrantStmt *stmt);
+static AclMode string_to_privilege(const char *privname);
 static const char *privilege_to_string(AclMode privilege);
@@ -209,7 +210,7 @@ ExecuteGrantStmt_Relation(GrantStmt *stmt)
 	bool		all_privs;
 	ListCell   *i;
-	if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
+	if (stmt->privileges == NIL)
 	{
 		all_privs = true;
 		privileges = ACL_ALL_RIGHTS_RELATION;
@@ -220,7 +221,8 @@ ExecuteGrantStmt_Relation(GrantStmt *stmt)
 		privileges = ACL_NO_RIGHTS;
 		foreach(i, stmt->privileges)
 		{
-			AclMode		priv = lfirst_int(i);
+			char	   *privname = strVal(lfirst(i));
+			AclMode		priv = string_to_privilege(privname);
 			if (priv & ~((AclMode) ACL_ALL_RIGHTS_RELATION))
 				ereport(ERROR,
@@ -377,7 +379,7 @@ ExecuteGrantStmt_Database(GrantStmt *stmt)
 	bool		all_privs;
 	ListCell   *i;
-	if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
+	if (stmt->privileges == NIL)
 	{
 		all_privs = true;
 		privileges = ACL_ALL_RIGHTS_DATABASE;
@@ -388,7 +390,8 @@ ExecuteGrantStmt_Database(GrantStmt *stmt)
 		privileges = ACL_NO_RIGHTS;
 		foreach(i, stmt->privileges)
 		{
-			AclMode		priv = lfirst_int(i);
+			char	   *privname = strVal(lfirst(i));
+			AclMode		priv = string_to_privilege(privname);
 			if (priv & ~((AclMode) ACL_ALL_RIGHTS_DATABASE))
 				ereport(ERROR,
@@ -535,7 +538,7 @@ ExecuteGrantStmt_Function(GrantStmt *stmt)
 	bool		all_privs;
 	ListCell   *i;
-	if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
+	if (stmt->privileges == NIL)
 	{
 		all_privs = true;
 		privileges = ACL_ALL_RIGHTS_FUNCTION;
@@ -546,7 +549,8 @@ ExecuteGrantStmt_Function(GrantStmt *stmt)
 		privileges = ACL_NO_RIGHTS;
 		foreach(i, stmt->privileges)
 		{
-			AclMode		priv = lfirst_int(i);
+			char	   *privname = strVal(lfirst(i));
+			AclMode		priv = string_to_privilege(privname);
 			if (priv & ~((AclMode) ACL_ALL_RIGHTS_FUNCTION))
 				ereport(ERROR,
@@ -689,7 +693,7 @@ ExecuteGrantStmt_Language(GrantStmt *stmt)
 	bool		all_privs;
 	ListCell   *i;
-	if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
+	if (stmt->privileges == NIL)
 	{
 		all_privs = true;
 		privileges = ACL_ALL_RIGHTS_LANGUAGE;
@@ -700,7 +704,8 @@ ExecuteGrantStmt_Language(GrantStmt *stmt)
 		privileges = ACL_NO_RIGHTS;
 		foreach(i, stmt->privileges)
 		{
-			AclMode		priv = lfirst_int(i);
+			char	   *privname = strVal(lfirst(i));
+			AclMode		priv = string_to_privilege(privname);
 			if (priv & ~((AclMode) ACL_ALL_RIGHTS_LANGUAGE))
 				ereport(ERROR,
@@ -852,7 +857,7 @@ ExecuteGrantStmt_Namespace(GrantStmt *stmt)
 	bool		all_privs;
 	ListCell   *i;
-	if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
+	if (stmt->privileges == NIL)
 	{
 		all_privs = true;
 		privileges = ACL_ALL_RIGHTS_NAMESPACE;
@@ -863,7 +868,8 @@ ExecuteGrantStmt_Namespace(GrantStmt *stmt)
 		privileges = ACL_NO_RIGHTS;
 		foreach(i, stmt->privileges)
 		{
-			AclMode		priv = lfirst_int(i);
+			char	   *privname = strVal(lfirst(i));
+			AclMode		priv = string_to_privilege(privname);
 			if (priv & ~((AclMode) ACL_ALL_RIGHTS_NAMESPACE))
 				ereport(ERROR,
@@ -1006,7 +1012,7 @@ ExecuteGrantStmt_Tablespace(GrantStmt *stmt)
 	bool		all_privs;
 	ListCell   *i;
-	if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
+	if (stmt->privileges == NIL)
 	{
 		all_privs = true;
 		privileges = ACL_ALL_RIGHTS_TABLESPACE;
@@ -1017,7 +1023,8 @@ ExecuteGrantStmt_Tablespace(GrantStmt *stmt)
 		privileges = ACL_NO_RIGHTS;
 		foreach(i, stmt->privileges)
 		{
-			AclMode		priv = lfirst_int(i);
+			char	   *privname = strVal(lfirst(i));
+			AclMode		priv = string_to_privilege(privname);
 			if (priv & ~((AclMode) ACL_ALL_RIGHTS_TABLESPACE))
 				ereport(ERROR,
@@ -1157,6 +1164,39 @@ ExecuteGrantStmt_Tablespace(GrantStmt *stmt)
 }
+static AclMode
+string_to_privilege(const char *privname)
+{
+	if (strcmp(privname, "insert") == 0)
+		return ACL_INSERT;
+	if (strcmp(privname, "select") == 0)
+		return ACL_SELECT;
+	if (strcmp(privname, "update") == 0)
+		return ACL_UPDATE;
+	if (strcmp(privname, "delete") == 0)
+		return ACL_DELETE;
+	if (strcmp(privname, "rule") == 0)
+		return ACL_RULE;
+	if (strcmp(privname, "references") == 0)
+		return ACL_REFERENCES;
+	if (strcmp(privname, "trigger") == 0)
+		return ACL_TRIGGER;
+	if (strcmp(privname, "execute") == 0)
+		return ACL_EXECUTE;
+	if (strcmp(privname, "usage") == 0)
+		return ACL_USAGE;
+	if (strcmp(privname, "create") == 0)
+		return ACL_CREATE;
+	if (strcmp(privname, "temporary") == 0)
+		return ACL_CREATE_TEMP;
+	if (strcmp(privname, "temp") == 0)
+		return ACL_CREATE_TEMP;
+	ereport(ERROR,
+			(errcode(ERRCODE_SYNTAX_ERROR),
+			 errmsg("unrecognized privilege type \"%s\"", privname)));
+	return 0;					/* appease compiler */
+}
 static const char *
 privilege_to_string(AclMode privilege)
 {

--- a/src/backend/catalog/pg_proc.c
+++ b/src/backend/catalog/pg_proc.c
@@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/catalog/pg_proc.c,v 1.130 2005/06/28 05:08:52 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/catalog/pg_proc.c,v 1.131 2005/06/28 19:51:21 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -266,7 +266,7 @@ ProcedureCreate(const char *procedureName,
 					(errcode(ERRCODE_DUPLICATE_FUNCTION),
 					 errmsg("function \"%s\" already exists with same argument types",
 							procedureName)));
-		if (GetUserId() != oldproc->proowner && !superuser())
+		if (!pg_proc_ownercheck(HeapTupleGetOid(oldtup), GetUserId()))
 			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
 						   procedureName);

--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -6,7 +6,7 @@
 * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.152 2005/06/28 05:08:55 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.153 2005/06/28 19:51:22 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -61,16 +61,17 @@ CreateRole(CreateRoleStmt *stmt)
 	bool		createrole = false;		/* Can this user create roles? */
 	bool		createdb = false;		/* Can the user create databases? */
 	bool		canlogin = false;		/* Can this user login? */
-	List	   *roleElts = NIL;			/* roles the user is a member of */
+	List	   *addroleto = NIL;		/* roles to make this a member of */
-	List	   *rolememElts = NIL;	/* roles which will be members of this role */
+	List	   *rolemembers = NIL;		/* roles to be members of this role */
-	char	   *validUntil = NULL;		/* The time the login is valid
+	List	   *adminmembers = NIL;		/* roles to be admins of this role */
-										 * until */
+	char	   *validUntil = NULL;		/* time the login is valid until */
 	DefElem    *dpassword = NULL;
 	DefElem    *dcreatedb = NULL;
 	DefElem    *dcreaterole = NULL;
 	DefElem    *dcanlogin = NULL;
-	DefElem    *droleElts = NULL;
+	DefElem    *daddroleto = NULL;
-	DefElem    *drolememElts = NULL;
+	DefElem    *drolemembers = NULL;
+	DefElem    *dadminmembers = NULL;
 	DefElem    *dvalidUntil = NULL;
 	/* Extract options from the statement node tree */
@@ -121,21 +122,29 @@ CreateRole(CreateRoleStmt *stmt)
 						 errmsg("conflicting or redundant options")));
 			dcanlogin = defel;
 		}
-		else if (strcmp(defel->defname, "roleElts") == 0)
+		else if (strcmp(defel->defname, "addroleto") == 0)
 		{
-			if (droleElts)
+			if (daddroleto)
 				ereport(ERROR,
 						(errcode(ERRCODE_SYNTAX_ERROR),
 						 errmsg("conflicting or redundant options")));
-			droleElts = defel;
+			daddroleto = defel;
 		}
-		else if (strcmp(defel->defname, "rolememElts") == 0)
+		else if (strcmp(defel->defname, "rolemembers") == 0)
 		{
-			if (drolememElts)
+			if (drolemembers)
 				ereport(ERROR,
 						(errcode(ERRCODE_SYNTAX_ERROR),
 						 errmsg("conflicting or redundant options")));
-			drolememElts = defel;
+			drolemembers = defel;
+		}
+		else if (strcmp(defel->defname, "adminmembers") == 0)
+		{
+			if (dadminmembers)
+				ereport(ERROR,
+						(errcode(ERRCODE_SYNTAX_ERROR),
+						 errmsg("conflicting or redundant options")));
+			dadminmembers = defel;
 		}
 		else if (strcmp(defel->defname, "validUntil") == 0)
 		{
@@ -164,10 +173,12 @@ CreateRole(CreateRoleStmt *stmt)
 		validUntil = strVal(dvalidUntil->arg);
 	if (dpassword)
 		password = strVal(dpassword->arg);
-	if (droleElts)
+	if (daddroleto)
-		roleElts = (List *) droleElts->arg;
+		addroleto = (List *) daddroleto->arg;
-	if (drolememElts)
+	if (drolemembers)
-		rolememElts = (List *) drolememElts->arg;
+		rolemembers = (List *) drolemembers->arg;
+	if (dadminmembers)
+		adminmembers = (List *) dadminmembers->arg;
 	/* Check some permissions first */
 	if (!superuser())
@@ -257,7 +268,7 @@ CreateRole(CreateRoleStmt *stmt)
 	/*
 	 * Add the new role to the specified existing roles.
 	 */
-	foreach(item, roleElts)
+	foreach(item, addroleto)
 	{
 		char   *oldrolename = strVal(lfirst(item));
 		Oid		oldroleid = get_roleid_checked(oldrolename);
@@ -269,10 +280,14 @@ CreateRole(CreateRoleStmt *stmt)
 	}
 	/*
-	 * Add the specified members to this new role.
+	 * Add the specified members to this new role. adminmembers get the
+	 * admin option, rolemembers don't.
 	 */
 	AddRoleMems(stmt->role, roleid,
-				rolememElts, roleNamesToIds(rolememElts),
+				adminmembers, roleNamesToIds(adminmembers),
+				GetUserId(), true);
+	AddRoleMems(stmt->role, roleid,
+				rolemembers, roleNamesToIds(rolemembers),
 				GetUserId(), false);
 	/*
@@ -309,17 +324,14 @@ AlterRole(AlterRoleStmt *stmt)
 	int			createrole = -1;		/* Can this user create roles? */
 	int			createdb = -1;			/* Can the user create databases? */
 	int			canlogin = -1;			/* Can this user login? */
-	int			adminopt = 0;	/* Can this user grant this role to others? */
+	List	   *rolemembers = NIL;		/* roles to be added/removed */
-	List	   *rolememElts = NIL;	/* The roles which will be added/removed to this role */
+	char	   *validUntil = NULL;		/* time the login is valid until */
-	char	   *validUntil = NULL;		/* The time the login is valid
-										 * until */
 	DefElem    *dpassword = NULL;
 	DefElem    *dcreatedb = NULL;
 	DefElem    *dcreaterole = NULL;
 	DefElem    *dcanlogin = NULL;
-	DefElem    *dadminopt = NULL;
 	DefElem    *dvalidUntil = NULL;
-	DefElem    *drolememElts = NULL;
+	DefElem    *drolemembers = NULL;
 	Oid			roleid;
 	/* Extract options from the statement node tree */
@@ -365,14 +377,6 @@ AlterRole(AlterRoleStmt *stmt)
 						 errmsg("conflicting or redundant options")));
 			dcanlogin = defel;
 		}
-		else if (strcmp(defel->defname, "adminopt") == 0)
-		{
-			if (dadminopt)
-				ereport(ERROR,
-						(errcode(ERRCODE_SYNTAX_ERROR),
-						 errmsg("conflicting or redundant options")));
-			dadminopt = defel;
-		}
 		else if (strcmp(defel->defname, "validUntil") == 0)
 		{
 			if (dvalidUntil)
@@ -381,13 +385,14 @@ AlterRole(AlterRoleStmt *stmt)
 						 errmsg("conflicting or redundant options")));
 			dvalidUntil = defel;
 		}
-		else if (strcmp(defel->defname, "rolememElts") == 0 && stmt->action != 0)
+		else if (strcmp(defel->defname, "rolemembers") == 0 &&
+				 stmt->action != 0)
 		{
-			if (drolememElts)
+			if (drolemembers)
 				ereport(ERROR,
 						(errcode(ERRCODE_SYNTAX_ERROR),
 						 errmsg("conflicting or redundant options")));
-			drolememElts = defel;
+			drolemembers = defel;
 		}
 		else
 			elog(ERROR, "option \"%s\" not recognized",
@@ -404,14 +409,12 @@ AlterRole(AlterRoleStmt *stmt)
 	}
 	if (dcanlogin)
 		canlogin = intVal(dcanlogin->arg);
-	if (dadminopt)
-		adminopt = intVal(dadminopt->arg);
 	if (dvalidUntil)
 		validUntil = strVal(dvalidUntil->arg);
 	if (dpassword)
 		password = strVal(dpassword->arg);
-	if (drolememElts)
+	if (drolemembers)
-		rolememElts = (List *) drolememElts->arg;
+		rolemembers = (List *) drolemembers->arg;
 	/* must be superuser or just want to change your own password */
 	if (!superuser() &&
@@ -420,8 +423,7 @@ AlterRole(AlterRoleStmt *stmt)
 		  createdb < 0 &&
 		  canlogin < 0 &&
 		  !validUntil &&
-		  !rolememElts &&
+		  !rolemembers &&
-		  !adminopt &&
 		  password &&
 		  strcmp(GetUserNameFromId(GetUserId()), stmt->role) == 0))
 		ereport(ERROR,
@@ -537,12 +539,12 @@ AlterRole(AlterRoleStmt *stmt)
 	if (stmt->action == +1)		/* add members to role */
 		AddRoleMems(stmt->role, roleid,
-					rolememElts, roleNamesToIds(rolememElts),
+					rolemembers, roleNamesToIds(rolemembers),
-					GetUserId(), adminopt);
+					GetUserId(), false);
 	else if (stmt->action == -1)	/* drop members from role */
 		DelRoleMems(stmt->role, roleid,
-					rolememElts, roleNamesToIds(rolememElts),
+					rolemembers, roleNamesToIds(rolemembers),
-					adminopt);
+					false);
 	/*
 	 * Set flag to update flat auth file at commit.

--- a/src/backend/parser/gram.y
+++ b/src/backend/parser/gram.y
--- a/src/backend/parser/keywords.c
+++ b/src/backend/parser/keywords.c
@@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/parser/keywords.c,v 1.160 2005/06/28 05:08:58 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/parser/keywords.c,v 1.161 2005/06/28 19:51:22 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -35,6 +35,7 @@ static const ScanKeyword ScanKeywords[] = {
 	{"access", ACCESS},
 	{"action", ACTION},
 	{"add", ADD},
+	{"admin", ADMIN},
 	{"after", AFTER},
 	{"aggregate", AGGREGATE},
 	{"all", ALL},
@@ -89,10 +90,12 @@ static const ScanKeyword ScanKeywords[] = {
 	{"copy", COPY},
 	{"create", CREATE},
 	{"createdb", CREATEDB},
+	{"createrole", CREATEROLE},
 	{"createuser", CREATEUSER},
 	{"cross", CROSS},
 	{"csv", CSV},
 	{"current_date", CURRENT_DATE},
+	{"current_role", CURRENT_ROLE},
 	{"current_time", CURRENT_TIME},
 	{"current_timestamp", CURRENT_TIMESTAMP},
 	{"current_user", CURRENT_USER},
@@ -146,6 +149,7 @@ static const ScanKeyword ScanKeywords[] = {
 	{"function", FUNCTION},
 	{"global", GLOBAL},
 	{"grant", GRANT},
+	{"granted", GRANTED},
 	{"greatest", GREATEST},
 	{"group", GROUP_P},
 	{"handler", HANDLER},
@@ -197,6 +201,7 @@ static const ScanKeyword ScanKeywords[] = {
 	{"localtimestamp", LOCALTIMESTAMP},
 	{"location", LOCATION},
 	{"lock", LOCK_P},
+	{"login", LOGIN_P},
 	{"match", MATCH},
 	{"maxvalue", MAXVALUE},
 	{"minute", MINUTE_P},
@@ -212,7 +217,9 @@ static const ScanKeyword ScanKeywords[] = {
 	{"next", NEXT},
 	{"no", NO},
 	{"nocreatedb", NOCREATEDB},
+	{"nocreaterole", NOCREATEROLE},
 	{"nocreateuser", NOCREATEUSER},
+	{"nologin", NOLOGIN_P},
 	{"none", NONE},
 	{"not", NOT},
 	{"nothing", NOTHING},
@@ -331,7 +338,6 @@ static const ScanKeyword ScanKeywords[] = {
 	{"unlisten", UNLISTEN},
 	{"until", UNTIL},
 	{"update", UPDATE},
-	{"usage", USAGE},
 	{"user", USER},
 	{"using", USING},
 	{"vacuum", VACUUM},

--- a/src/backend/utils/adt/acl.c
+++ b/src/backend/utils/adt/acl.c
@@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.115 2005/06/28 05:09:00 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.116 2005/06/28 19:51:23 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -2414,7 +2414,7 @@ convert_tablespace_priv_string(text *priv_type_text)
 }
 void
-InitializeAcl(void)
+initialize_acl(void)
 {
 	if (!IsBootstrapProcessingMode())
 	{

--- a/src/backend/utils/init/postinit.c
+++ b/src/backend/utils/init/postinit.c
@@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/utils/init/postinit.c,v 1.150 2005/06/28 05:09:02 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/utils/init/postinit.c,v 1.151 2005/06/28 19:51:23 tgl Exp $
 *
 *
 *-------------------------------------------------------------------------
@@ -471,7 +471,7 @@ InitPostgres(const char *dbname, const char *username)
 	InitializeSearchPath();
 	/* set up ACL framework (currently just sets RolMemCache callback) */
-	InitializeAcl();
+	initialize_acl();
 	/* initialize client encoding */
 	InitializeClientEncoding();

--- a/src/include/nodes/parsenodes.h
+++ b/src/include/nodes/parsenodes.h
@@ -7,7 +7,7 @@
 * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/include/nodes/parsenodes.h,v 1.284 2005/06/28 05:09:13 tgl Exp $
+ * $PostgreSQL: pgsql/src/include/nodes/parsenodes.h,v 1.285 2005/06/28 19:51:24 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -29,7 +29,7 @@ typedef enum QuerySource
 /*
 * Grantable rights are encoded so that we can OR them together in a bitmask.
- * The present representation of AclItem limits us to 15 distinct rights,
+ * The present representation of AclItem limits us to 16 distinct rights,
 * even though AclMode is defined as uint32.  See utils/acl.h.
 *
 * Caution: changing these codes breaks stored ACLs, hence forces initdb.
@@ -48,7 +48,6 @@ typedef uint32 AclMode;			/* a bitmask of privilege bits */
 #define ACL_CREATE		(1<<9)	/* for namespaces and databases */
 #define ACL_CREATE_TEMP (1<<10) /* for databases */
 #define N_ACL_RIGHTS	11		/* 1 plus the last 1<<x */
-#define ACL_ALL_RIGHTS	(-1)	/* all-privileges marker in GRANT list */
 #define ACL_NO_RIGHTS	0
 /* Currently, SELECT ... FOR UPDATE/FOR SHARE requires UPDATE privileges */
 #define ACL_SELECT_FOR_UPDATE	ACL_UPDATE
@@ -886,7 +885,8 @@ typedef struct GrantStmt
 	List	   *objects;		/* list of RangeVar nodes, FuncWithArgs
 								 * nodes, or plain names (as Value
 								 * strings) */
-	List	   *privileges;		/* integer list of privilege codes */
+	List	   *privileges;		/* list of privilege names (as Strings) */
+	/* privileges == NIL denotes "all privileges" */
 	List	   *grantees;		/* list of PrivGrantee nodes */
 	bool		grant_option;	/* grant or revoke grant option */
 	DropBehavior behavior;		/* drop behavior (for REVOKE) */

--- a/src/include/storage/pmsignal.h
+++ b/src/include/storage/pmsignal.h
@@ -7,7 +7,7 @@
 * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/include/storage/pmsignal.h,v 1.11 2004/12/31 22:03:42 pgsql Exp $
+ * $PostgreSQL: pgsql/src/include/storage/pmsignal.h,v 1.12 2005/06/28 19:51:25 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -22,7 +22,7 @@
 */
 typedef enum
 {
-	PMSIGNAL_PASSWORD_CHANGE,	/* pg_pwd file has changed */
+	PMSIGNAL_PASSWORD_CHANGE,	/* pg_auth file has changed */
 	PMSIGNAL_WAKEN_CHILDREN,	/* send a SIGUSR1 signal to all backends */
 	PMSIGNAL_WAKEN_ARCHIVER,	/* send a NOTIFY signal to xlog archiver */

--- a/src/include/utils/acl.h
+++ b/src/include/utils/acl.h
@@ -7,7 +7,7 @@
 * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/include/utils/acl.h,v 1.78 2005/06/28 05:09:13 tgl Exp $
+ * $PostgreSQL: pgsql/src/include/utils/acl.h,v 1.79 2005/06/28 19:51:25 tgl Exp $
 *
 * NOTES
 *	  An ACL array is simply an array of AclItems, representing the union
@@ -211,7 +211,7 @@ extern AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId,
 extern bool is_member_of_role(Oid member, Oid role);
-extern void InitializeAcl(void);
+extern void initialize_acl(void);
 /*
 * SQL functions (from acl.c)

--- a/src/test/regress/expected/rules.out
+++ b/src/test/regress/expected/rules.out
@@ -1279,7 +1279,7 @@ SELECT viewname, definition FROM pg_views WHERE schemaname <> 'information_schem
 iexit                    | SELECT ih.name, ih.thepath, interpt_pp(ih.thepath, r.thepath) AS exit FROM ihighway ih, ramp r WHERE (ih.thepath ## r.thepath);
 pg_group                 | SELECT pg_authid.rolname AS groname, pg_authid.oid AS grosysid, ARRAY(SELECT pg_auth_members.member FROM pg_auth_members WHERE (pg_auth_members.roleid = pg_authid.oid)) AS grolist FROM pg_authid WHERE (NOT pg_authid.rolcanlogin);
 pg_indexes               | SELECT n.nspname AS schemaname, c.relname AS tablename, i.relname AS indexname, t.spcname AS "tablespace", pg_get_indexdef(i.oid) AS indexdef FROM ((((pg_index x JOIN pg_class c ON ((c.oid = x.indrelid))) JOIN pg_class i ON ((i.oid = x.indexrelid))) LEFT JOIN pg_namespace n ON ((n.oid = c.relnamespace))) LEFT JOIN pg_tablespace t ON ((t.oid = i.reltablespace))) WHERE ((c.relkind = 'r'::"char") AND (i.relkind = 'i'::"char"));
- pg_locks                 | SELECT l.locktype, l."database", l.relation, l.page, l.tuple, l.transactionid, l.classid, l.objid, l.objsubid, l."transaction", l.pid, l."mode", l.granted FROM pg_lock_status() l(locktype text, "database" oid, relation oid, page integer, tuple smallint, transactionid xid, classid oid, objid oid, objsubid smallint, "transaction" xid, pid integer, "mode" text, granted boolean);
+ pg_locks                 | SELECT l.locktype, l."database", l.relation, l.page, l.tuple, l.transactionid, l.classid, l.objid, l.objsubid, l."transaction", l.pid, l."mode", l."granted" FROM pg_lock_status() l(locktype text, "database" oid, relation oid, page integer, tuple smallint, transactionid xid, classid oid, objid oid, objsubid smallint, "transaction" xid, pid integer, "mode" text, "granted" boolean);
 pg_prepared_xacts        | SELECT p."transaction", p.gid, p."prepared", u.rolname AS "owner", d.datname AS "database" FROM ((pg_prepared_xact() p("transaction" xid, gid text, "prepared" timestamp with time zone, ownerid oid, dbid oid) LEFT JOIN pg_authid u ON ((p.ownerid = u.oid))) LEFT JOIN pg_database d ON ((p.dbid = d.oid)));
 pg_roles                 | SELECT pg_authid.rolname, pg_authid.rolsuper, pg_authid.rolcreaterole, pg_authid.rolcreatedb, pg_authid.rolcatupdate, pg_authid.rolcanlogin, '********'::text AS rolpassword, pg_authid.rolvaliduntil, pg_authid.rolconfig FROM pg_authid;
 pg_rules                 | SELECT n.nspname AS schemaname, c.relname AS tablename, r.rulename, pg_get_ruledef(r.oid) AS definition FROM ((pg_rewrite r JOIN pg_class c ON ((c.oid = r.ev_class))) LEFT JOIN pg_namespace n ON ((n.oid = c.relnamespace))) WHERE (r.rulename <> '_RETURN'::name);