Fix the problem of GRANTs creating "dangling" privileges not directly

traceable to grant options. As per my earlier proposal, a GRANT made by a role member has to be recorded as being granted by the role that actually holds the grant option, and not the member.

Fix the problem of GRANTs creating "dangling" privileges not directly
traceable to grant options. As per my earlier proposal, a GRANT made by a role member has to be recorded as being granted by the role that actually holds the grant option, and not the member.
91783061 · Tom Lane · d7527540 · 91783061 · 91783061 · 91783061
Commit 91783061 authored Oct 10, 2005 by Tom Lane
Showing with 415 additions and 236 deletions

src/backend/catalog/aclchk.c src/backend/catalog/aclchk.c +163 -196

src/backend/utils/adt/acl.c src/backend/utils/adt/acl.c +247 -39

src/include/utils/acl.h src/include/utils/acl.h +5 -1

No files found.
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
--- a/src/backend/utils/adt/acl.c
+++ b/src/backend/utils/adt/acl.c
--- a/src/include/utils/acl.h
+++ b/src/include/utils/acl.h
@@ -7,7 +7,7 @@
 * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/include/utils/acl.h,v 1.83 2005/07/26 16:38:29 tgl Exp $
+ * $PostgreSQL: pgsql/src/include/utils/acl.h,v 1.84 2005/10/10 18:49:04 tgl Exp $
 *
 * NOTES
 *	  An ACL array is simply an array of AclItems, representing the union
@@ -215,6 +215,10 @@ extern bool is_member_of_role(Oid member, Oid role);
 extern bool is_admin_of_role(Oid member, Oid role);
 extern void check_is_member_of_role(Oid member, Oid role);

+extern void select_best_grantor(Oid roleId, AclMode privileges,
+								const Acl *acl, Oid ownerId,
+								Oid *grantorId, AclMode *grantOptions);
+
 extern void initialize_acl(void);

 /*