Restructure AclItem representation so that we can have more than eight

different privilege bits (might as well make use of the space we were
wasting on padding).  EXECUTE and USAGE bits for procedures, languages
now are separate privileges instead of being overlaid on SELECT.  Add
privileges for namespaces and databases.  The GRANT and REVOKE commands
work for these object types, but we don't actually enforce the privileges
yet...

doc/src/sgml/catalogs.sgml

 <!--
  Documentation of the system catalogs, directed toward PostgreSQL developers
- $Header: /cvsroot/pgsql/doc/src/sgml/catalogs.sgml,v 2.42 2002/04/16 23:08:09 tgl Exp $
+ $Header: /cvsroot/pgsql/doc/src/sgml/catalogs.sgml,v 2.43 2002/04/21 00:26:42 tgl Exp $
  -->
 
 <chapter id="catalogs">
@@ -825,7 +825,7 @@
       <entry>
        If true then this database can be used in the
        <quote>TEMPLATE</quote> clause of <command>CREATE
-       DATABASE</command> to create the new database as a clone of
+       DATABASE</command> to create a new database as a clone of
        this one.
       </entry>
      </row>
@@ -890,6 +890,13 @@
       <entry></entry>
       <entry>Session defaults for run-time configuration variables</entry>
      </row>
+
+     <row>
+      <entry>datacl</entry>
+      <entry><type>aclitem[]</type></entry>
+      <entry></entry>
+      <entry>Access permissions</entry>
+     </row>
     </tbody>
    </tgroup>
   </table>

doc/src/sgml/ref/grant.sgml

 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.21 2002/02/21 22:39:36 momjian Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.22 2002/04/21 00:26:42 tgl Exp $
 PostgreSQL documentation
 -->
 
@@ -18,7 +18,11 @@ PostgreSQL documentation
 <synopsis>
 GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER }
     [,...] | ALL [ PRIVILEGES ] }
-    ON [ TABLE ] <replaceable class="PARAMETER">objectname</replaceable> [, ...]
+    ON [ TABLE ] <replaceable class="PARAMETER">tablename</replaceable> [, ...]
+    TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
+
+GRANT { { CREATE | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] }
+    ON DATABASE <replaceable>dbname</replaceable> [, ...]
     TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
 
 GRANT { EXECUTE | ALL [ PRIVILEGES ] }
@@ -28,6 +32,10 @@ GRANT { EXECUTE | ALL [ PRIVILEGES ] }
 GRANT { USAGE | ALL [ PRIVILEGES ] }
     ON LANGUAGE <replaceable>langname</replaceable> [, ...]
     TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
+
+GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
+    ON SCHEMA <replaceable>schemaname</replaceable> [, ...]
+    TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
 </synopsis>
  </refsynopsisdiv>
 
@@ -36,7 +44,8 @@ GRANT { USAGE | ALL [ PRIVILEGES ] }
 
   <para>
    The <command>GRANT</command> command gives specific permissions on
-   an object (table, view, sequence, function, procedural language) to
+   an object (table, view, sequence, database, function, procedural language,
+   or schema) to
    one or more users or groups of users.  These permissions are added
    to those already granted, if any.
   </para>
@@ -144,6 +153,29 @@ GRANT { USAGE | ALL [ PRIVILEGES ] }
      </listitem>
     </varlistentry>
 
+    <varlistentry>
+     <term>CREATE</term>
+     <listitem>
+      <para>
+       For databases, allows new schemas to be created in the database.
+      </para>
+      <para>
+       For schemas, allows new objects to be created within the specified
+       schema.
+      </para>
+     </listitem>
+    </varlistentry>
+
+    <varlistentry>
+     <term>TEMPORARY</term>
+     <term>TEMP</term>
+     <listitem>
+      <para>
+       Allows temporary tables to be created while using the database.
+      </para>
+     </listitem>
+    </varlistentry>
+
     <varlistentry>
      <term>EXECUTE</term>
      <listitem>
@@ -159,10 +191,16 @@ GRANT { USAGE | ALL [ PRIVILEGES ] }
      <term>USAGE</term>
      <listitem>
       <para>
-       Allows the use of the specified procedural language for the
-       creation of functions in that language.  This is the only type
+       For procedural languages, allows the use of the specified language for
+       the creation of functions in that language.  This is the only type
        of privilege that is applicable to procedural languages.
       </para>
+      <para>
+       For schemas, allows the use of objects contained in the specified 
+       schema (assuming that the objects' own privilege requirements are
+       met).  Essentially this allows the grantee to <quote>look up</>
+       objects within the schema.
+      </para>
      </listitem>
     </varlistentry>
 
@@ -226,7 +264,11 @@ GRANT { USAGE | ALL [ PRIVILEGES ] }
                   R -- RULE
                   x -- REFERENCES
                   t -- TRIGGER
-            arwdRxt -- ALL PRIVILEGES
+                  X -- EXECUTE
+                  U -- USAGE
+                  C -- CREATE
+                  T -- TEMPORARY
+            arwdRxt -- ALL PRIVILEGES (for tables)
 </programlisting>
    </para>
 

doc/src/sgml/ref/revoke.sgml

 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v 1.21 2002/02/21 22:39:36 momjian Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v 1.22 2002/04/21 00:26:42 tgl Exp $
 PostgreSQL documentation
 -->
 
@@ -18,7 +18,11 @@ PostgreSQL documentation
 <synopsis>
 REVOKE { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER }
     [,...] | ALL [ PRIVILEGES ] }
-    ON [ TABLE ] <replaceable class="PARAMETER">object</replaceable> [, ...]
+    ON [ TABLE ] <replaceable class="PARAMETER">tablename</replaceable> [, ...]
+    FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
+
+REVOKE { { CREATE | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] }
+    ON DATABASE <replaceable>dbname</replaceable> [, ...]
     FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
 
 REVOKE { EXECUTE | ALL [ PRIVILEGES ] }
@@ -28,6 +32,10 @@ REVOKE { EXECUTE | ALL [ PRIVILEGES ] }
 REVOKE { USAGE | ALL [ PRIVILEGES ] }
     ON LANGUAGE <replaceable>langname</replaceable> [, ...]
     FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
+
+REVOKE { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
+    ON SCHEMA <replaceable>schemaname</replaceable> [, ...]
+    FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
 </synopsis>
  </refsynopsisdiv>
 

src/backend/commands/dbcommands.c

@@ -9,7 +9,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/dbcommands.c,v 1.86 2002/04/11 05:32:03 petere Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/dbcommands.c,v 1.87 2002/04/21 00:26:42 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -269,6 +269,9 @@ createdb(const char *dbname, const char *dbowner,
 	pg_database_dsc = RelationGetDescr(pg_database_rel);
 
 	/* Form tuple */
+	MemSet(new_record, 0, sizeof(new_record));
+	MemSet(new_record_nulls, ' ', sizeof(new_record_nulls));
+
 	new_record[Anum_pg_database_datname - 1] =
 		DirectFunctionCall1(namein, CStringGetDatum(dbname));
 	new_record[Anum_pg_database_datdba - 1] = Int32GetDatum(datdba);
@@ -278,12 +281,12 @@ createdb(const char *dbname, const char *dbowner,
 	new_record[Anum_pg_database_datlastsysoid - 1] = ObjectIdGetDatum(src_lastsysoid);
 	new_record[Anum_pg_database_datvacuumxid - 1] = TransactionIdGetDatum(src_vacuumxid);
 	new_record[Anum_pg_database_datfrozenxid - 1] = TransactionIdGetDatum(src_frozenxid);
-	/* no nulls here, GetRawDatabaseInfo doesn't like them */
+	/* do not set datpath to null, GetRawDatabaseInfo won't cope */
 	new_record[Anum_pg_database_datpath - 1] =
 		DirectFunctionCall1(textin, CStringGetDatum(dbpath ? dbpath : ""));
 
-	memset(new_record_nulls, ' ', sizeof(new_record_nulls));
 	new_record_nulls[Anum_pg_database_datconfig - 1] = 'n';
+	new_record_nulls[Anum_pg_database_datacl - 1] = 'n';
 
 	tuple = heap_formtuple(pg_database_dsc, new_record, new_record_nulls);
 
@@ -454,7 +457,6 @@ AlterDatabaseSet(AlterDatabaseSetStmt *stmt)
 	Datum		repl_val[Natts_pg_database];
 	char		repl_null[Natts_pg_database];
 	char		repl_repl[Natts_pg_database];
-	int			i;
 
 	valuestr = (stmt->value
 				? ((A_Const *) lfirst(stmt->value))->val.val.str
@@ -472,8 +474,7 @@ AlterDatabaseSet(AlterDatabaseSetStmt *stmt)
 		  || ((Form_pg_database) GETSTRUCT(tuple))->datdba == GetUserId()))
 		elog(ERROR, "permission denied");
 
-	for (i = 0; i < Natts_pg_database; i++)
-		repl_repl[i] = ' ';
+	MemSet(repl_repl, ' ', sizeof(repl_repl));
 
 	repl_repl[Anum_pg_database_datconfig-1] = 'r';
 	if (strcmp(stmt->variable, "all")==0 && stmt->value == NULL)
@@ -605,7 +606,7 @@ have_createdb_privilege(void)
 						  0, 0, 0);
 
 	if (!HeapTupleIsValid(utup))
-		retval = true;
+		retval = false;
 	else
 		retval = ((Form_pg_shadow) GETSTRUCT(utup))->usecreatedb;
 

src/backend/commands/functioncmds.c

@@ -9,7 +9,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/functioncmds.c,v 1.1 2002/04/15 05:22:03 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/functioncmds.c,v 1.2 2002/04/21 00:26:42 tgl Exp $
  *
  * DESCRIPTION
  *	  These routines take the parse tree and pick out the
@@ -325,7 +325,7 @@ CreateFunction(ProcedureStmt *stmt)
 	languageStruct = (Form_pg_language) GETSTRUCT(languageTuple);
 
 	if (!((languageStruct->lanpltrusted
-		   && pg_language_aclcheck(languageOid, GetUserId()) == ACLCHECK_OK)
+		   && pg_language_aclcheck(languageOid, GetUserId(), ACL_USAGE) == ACLCHECK_OK)
 		  || superuser()))
 		elog(ERROR, "permission denied");
 

src/backend/parser/gram.y

@@ -11,7 +11,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.305 2002/04/18 21:16:16 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.306 2002/04/21 00:26:43 tgl Exp $
  *
  * HISTORY
  *	  AUTHOR			DATE			MAJOR EVENT
@@ -2473,8 +2473,8 @@ RevokeStmt:  REVOKE opt_revoke_grant_option privileges ON privilege_target FROM
 
 /* either ALL [PRIVILEGES] or a list of individual privileges */
 privileges: privilege_list { $$ = $1; }
-		| ALL { $$ = makeListi1(ALL); }
-		| ALL PRIVILEGES { $$ = makeListi1(ALL); }
+		| ALL { $$ = makeListi1(ACL_ALL_RIGHTS); }
+		| ALL PRIVILEGES { $$ = makeListi1(ACL_ALL_RIGHTS); }
 		;
 
 privilege_list: privilege { $$ = makeListi1($1); }
@@ -2482,16 +2482,20 @@ privilege_list: privilege { $$ = makeListi1($1); }
 		;
 
 /* Not all of these privilege types apply to all objects, but that
-   gets sorted out later. */
-privilege: SELECT    { $$ = SELECT; }
-		| INSERT     { $$ = INSERT; }
-		| UPDATE     { $$ = UPDATE; }
-		| DELETE     { $$ = DELETE; }
-		| RULE       { $$ = RULE; }
-		| REFERENCES { $$ = REFERENCES; }
-		| TRIGGER    { $$ = TRIGGER; }
-		| EXECUTE    { $$ = EXECUTE; }
-		| USAGE      { $$ = USAGE; }
+ * gets sorted out later.
+ */
+privilege: SELECT    { $$ = ACL_SELECT; }
+		| INSERT     { $$ = ACL_INSERT; }
+		| UPDATE     { $$ = ACL_UPDATE; }
+		| DELETE     { $$ = ACL_DELETE; }
+		| RULE       { $$ = ACL_RULE; }
+		| REFERENCES { $$ = ACL_REFERENCES; }
+		| TRIGGER    { $$ = ACL_TRIGGER; }
+		| EXECUTE    { $$ = ACL_EXECUTE; }
+		| USAGE      { $$ = ACL_USAGE; }
+		| CREATE     { $$ = ACL_CREATE; }
+		| TEMPORARY  { $$ = ACL_CREATE_TEMP; }
+		| TEMP	     { $$ = ACL_CREATE_TEMP; }
 		;
 
 
@@ -2500,28 +2504,42 @@ privilege: SELECT    { $$ = SELECT; }
 privilege_target: qualified_name_list
 				{
 					PrivTarget *n = makeNode(PrivTarget);
-					n->objtype = TABLE;
+					n->objtype = ACL_OBJECT_RELATION;
 					n->objs = $1;
 					$$ = n;
 				}
 			| TABLE qualified_name_list
 				{
 					PrivTarget *n = makeNode(PrivTarget);
-					n->objtype = TABLE;
+					n->objtype = ACL_OBJECT_RELATION;
 					n->objs = $2;
 					$$ = n;
 				}
 			| FUNCTION function_with_argtypes_list
 				{
 					PrivTarget *n = makeNode(PrivTarget);
-					n->objtype = FUNCTION;
+					n->objtype = ACL_OBJECT_FUNCTION;
+					n->objs = $2;
+					$$ = n;
+				}
+			| DATABASE name_list
+				{
+					PrivTarget *n = makeNode(PrivTarget);
+					n->objtype = ACL_OBJECT_DATABASE;
 					n->objs = $2;
 					$$ = n;
 				}
 			| LANGUAGE name_list
 				{
 					PrivTarget *n = makeNode(PrivTarget);
-					n->objtype = LANGUAGE;
+					n->objtype = ACL_OBJECT_LANGUAGE;
+					n->objs = $2;
+					$$ = n;
+				}
+			| SCHEMA name_list
+				{
+					PrivTarget *n = makeNode(PrivTarget);
+					n->objtype = ACL_OBJECT_NAMESPACE;
 					n->objs = $2;
 					$$ = n;
 				}

src/backend/parser/keywords.c

@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.105 2002/04/18 21:16:16 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.106 2002/04/21 00:26:43 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -356,36 +356,3 @@ ScanKeywordLookup(char *text)
 
 	return NULL;
 }
-
-
-/*
- * This does the reverse mapping from token number to string.
- */
-const char *
-TokenString(int token)
-{
-    int i = 0;
-    static char buf[NAMEDATALEN];
-
-    while (i < sizeof(ScanKeywords))
-    {
-	if (ScanKeywords[i].value == token)
-	{
-	    int k;
-
-	    /* uppercase */
-	    for (k = 0; k < NAMEDATALEN; k++)
-		if (ScanKeywords[i].name[k] >= 'a'
-		    && ScanKeywords[i].name[k] <= 'z')
-		    buf[k] = ScanKeywords[i].name[k] + ('A' - 'a');
-		else
-		    buf[k] = ScanKeywords[i].name[k];
-
-	    return buf;
-	}
-
-	i++;
-    }
-
-    return NULL;
-}

src/backend/utils/cache/fcache.c

@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1994, Regents of the University of California
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/cache/Attic/fcache.c,v 1.42 2002/02/18 23:11:25 petere Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/cache/Attic/fcache.c,v 1.43 2002/04/21 00:26:43 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -42,7 +42,7 @@ init_fcache(Oid foid, int nargs, MemoryContext fcacheCxt)
 	/* Initialize additional info */
 	retval->setArgsValid = false;
 
-	retval->permission_ok = pg_proc_aclcheck(foid, GetUserId()) == ACLCHECK_OK;
+	retval->permission_ok = pg_proc_aclcheck(foid, GetUserId(), ACL_EXECUTE) == ACLCHECK_OK;
 
 	return retval;
 }

src/bin/initdb/initdb.sh

@@ -27,7 +27,7 @@
 # Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
 # Portions Copyright (c) 1994, Regents of the University of California
 #
-# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.150 2002/04/19 23:13:54 tgl Exp $
+# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.151 2002/04/21 00:26:43 tgl Exp $
 #
 #-------------------------------------------------------------------------
 
@@ -949,9 +949,9 @@ $ECHO_N "setting privileges on built-in objects... "$ECHO_C
   cat <<EOF
     UPDATE pg_class SET relacl = '{"=r"}' \
         WHERE relkind IN ('r', 'v', 'S') AND relacl IS NULL;
-    UPDATE pg_proc SET proacl = '{"=r"}' \
+    UPDATE pg_proc SET proacl = '{"=X"}' \
         WHERE proacl IS NULL;
-    UPDATE pg_language SET lanacl = '{"=r"}' \
+    UPDATE pg_language SET lanacl = '{"=U"}' \
         WHERE lanpltrusted;
 EOF
 ) \

src/include/catalog/catversion.h

@@ -37,7 +37,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: catversion.h,v 1.120 2002/04/19 23:13:54 tgl Exp $
+ * $Id: catversion.h,v 1.121 2002/04/21 00:26:43 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -53,6 +53,6 @@
  */
 
 /*							yyyymmddN */
-#define CATALOG_VERSION_NO	200204191
+#define CATALOG_VERSION_NO	200204201
 
 #endif

src/include/catalog/pg_attribute.h

@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_attribute.h,v 1.90 2002/04/11 20:00:11 tgl Exp $
+ * $Id: pg_attribute.h,v 1.91 2002/04/21 00:26:43 tgl Exp $
  *
  * NOTES
  *	  the genbki.sh script reads this file and generates .bki
@@ -281,6 +281,7 @@ DATA(insert ( 1262 datfrozenxid		28 0  4   8 0 -1 -1 t p f i f f));
 /* do not mark datpath as toastable; GetRawDatabaseInfo won't cope */
 DATA(insert ( 1262 datpath			25 0 -1   9 0 -1 -1 f p f i f f));
 DATA(insert ( 1262 datconfig	  1009 0 -1  10 0 -1 -1 f x f i f f));
+DATA(insert ( 1262 datacl		  1034 0 -1  11 0 -1 -1 f x f i f f));
 DATA(insert ( 1262 ctid				27 0  6  -1 0 -1 -1 f p f i f f));
 DATA(insert ( 1262 oid				26 0  4  -2 0 -1 -1 t p f i f f));
 DATA(insert ( 1262 xmin				28 0  4  -3 0 -1 -1 t p f i f f));

src/include/catalog/pg_class.h

@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_class.h,v 1.66 2002/04/11 20:00:11 tgl Exp $
+ * $Id: pg_class.h,v 1.67 2002/04/21 00:26:43 tgl Exp $
  *
  * NOTES
  *	  the genbki.sh script reads this file and generates .bki
@@ -146,7 +146,7 @@ DATA(insert OID = 1260 (  pg_shadow		PGNSP 86 PGUID 0 1260 0 0 0 0 f t r 9  0 0
 DESCR("");
 DATA(insert OID = 1261 (  pg_group		PGNSP 87 PGUID 0 1261 0 0 0 0 f t r 3  0 0 0 0 0 f f f f _null_ ));
 DESCR("");
-DATA(insert OID = 1262 (  pg_database	PGNSP 88 PGUID 0 1262 0 0 0 0 f t r 10  0 0 0 0 0 t f f f _null_ ));
+DATA(insert OID = 1262 (  pg_database	PGNSP 88 PGUID 0 1262 0 0 0 0 f t r 11  0 0 0 0 0 t f f f _null_ ));
 DESCR("");
 DATA(insert OID = 376  (  pg_xactlock	PGNSP  0 PGUID 0    0 0 0 0 0 f t s 1  0 0 0 0 0 f f f f _null_ ));
 DESCR("");

src/include/catalog/pg_database.h

@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_database.h,v 1.22 2002/03/01 22:45:17 petere Exp $
+ * $Id: pg_database.h,v 1.23 2002/04/21 00:26:43 tgl Exp $
  *
  * NOTES
  *	  the genbki.sh script reads this file and generates .bki
@@ -42,7 +42,8 @@ CATALOG(pg_database) BOOTSTRAP
 	TransactionId datvacuumxid; /* all XIDs before this are vacuumed */
 	TransactionId datfrozenxid; /* all XIDs before this are frozen */
 	text		datpath;		/* VARIABLE LENGTH FIELD */
-	text		datconfig[1];		/* database-specific GUC */
+	text		datconfig[1];	/* database-specific GUC (VAR LENGTH) */
+	aclitem		datacl[1];		/* access permissions (VAR LENGTH) */
 } FormData_pg_database;
 
 /* ----------------
@@ -56,7 +57,7 @@ typedef FormData_pg_database *Form_pg_database;
  *		compiler constants for pg_database
  * ----------------
  */
-#define Natts_pg_database				10
+#define Natts_pg_database				11
 #define Anum_pg_database_datname		1
 #define Anum_pg_database_datdba			2
 #define Anum_pg_database_encoding		3
@@ -67,8 +68,9 @@ typedef FormData_pg_database *Form_pg_database;
 #define Anum_pg_database_datfrozenxid	8
 #define Anum_pg_database_datpath		9
 #define Anum_pg_database_datconfig		10
+#define Anum_pg_database_datacl			11
 
-DATA(insert OID = 1 (  template1 PGUID ENCODING t t 0 0 0 "" _null_ ));
+DATA(insert OID = 1 (  template1 PGUID ENCODING t t 0 0 0 "" _null_ _null_ ));
 DESCR("Default template database");
 
 #define TemplateDbOid			1

src/include/catalog/pg_namespace.h

@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_namespace.h,v 1.4 2002/04/01 03:34:27 tgl Exp $
+ * $Id: pg_namespace.h,v 1.5 2002/04/21 00:26:43 tgl Exp $
  *
  * NOTES
  *	  the genbki.sh script reads this file and generates .bki
@@ -66,13 +66,13 @@ typedef FormData_pg_namespace *Form_pg_namespace;
  * ---------------
  */
 
-DATA(insert OID = 11 ( "pg_catalog" PGUID "{=r}" ));
+DATA(insert OID = 11 ( "pg_catalog" PGUID "{=U}" ));
 DESCR("System catalog namespace");
 #define PG_CATALOG_NAMESPACE 11
 DATA(insert OID = 99 ( "pg_toast" PGUID "{=}" ));
 DESCR("Reserved namespace for TOAST tables");
 #define PG_TOAST_NAMESPACE 99
-DATA(insert OID = 2071 ( "public" PGUID "{=rw}" ));
+DATA(insert OID = 2071 ( "public" PGUID "{=UC}" ));
 DESCR("Standard public namespace");
 #define PG_PUBLIC_NAMESPACE 2071
 

src/include/catalog/pg_type.h

@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_type.h,v 1.119 2002/03/29 19:06:20 tgl Exp $
+ * $Id: pg_type.h,v 1.120 2002/04/21 00:26:43 tgl Exp $
  *
  * NOTES
  *	  the genbki.sh script reads this file and generates .bki
@@ -420,12 +420,6 @@ DATA(insert OID = 1023 (  _abstime	 PGNSP PGUID -1  -1 f b t \054 0 702 array_in
 DATA(insert OID = 1024 (  _reltime	 PGNSP PGUID -1  -1 f b t \054 0 703 array_in array_out array_in array_out i x f 0 -1 0 _null_ _null_ ));
 DATA(insert OID = 1025 (  _tinterval PGNSP PGUID -1  -1 f b t \054 0 704 array_in array_out array_in array_out i x f 0 -1 0 _null_ _null_ ));
 DATA(insert OID = 1027 (  _polygon	 PGNSP PGUID -1  -1 f b t \054 0 604 array_in array_out array_in array_out d x f 0 -1 0 _null_ _null_ ));
-/*
- *	Note: the size of aclitem needs to match sizeof(AclItem) in acl.h.
- *	Thanks to some padding, this will be 8 on all platforms.
- *	We also have an Assert to make sure.
- */
-#define ACLITEMSIZE 8
 DATA(insert OID = 1033 (  aclitem	 PGNSP PGUID 8   -1 f b t \054 0 0 aclitemin aclitemout aclitemin aclitemout i p f 0 -1 0 _null_ _null_ ));
 DESCR("access control list");
 DATA(insert OID = 1034 (  _aclitem	 PGNSP PGUID -1 -1 f b t \054 0 1033 array_in array_out array_in array_out i x f 0 -1 0 _null_ _null_ ));

src/include/nodes/parsenodes.h

@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: parsenodes.h,v 1.172 2002/04/18 20:01:11 tgl Exp $
+ * $Id: parsenodes.h,v 1.173 2002/04/21 00:26:43 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -756,17 +756,45 @@ typedef struct AlterTableStmt
 } AlterTableStmt;
 
 /* ----------------------
- *		Grant Statement
+ *		Grant|Revoke Statement
  * ----------------------
  */
+typedef enum GrantObjectType
+{
+	ACL_OBJECT_RELATION,		/* table, view, sequence */
+	ACL_OBJECT_DATABASE,		/* database */
+	ACL_OBJECT_FUNCTION,		/* function */
+	ACL_OBJECT_LANGUAGE,		/* procedural language */
+	ACL_OBJECT_NAMESPACE		/* namespace */
+} GrantObjectType;
+
+/*
+ * Grantable rights are encoded so that we can OR them together in a bitmask.
+ * The present representation of AclItem limits us to 30 distinct rights.
+ * Caution: changing these codes breaks stored ACLs, hence forces initdb.
+ */
+#define ACL_INSERT		(1<<0)	/* for relations */
+#define ACL_SELECT		(1<<1)
+#define ACL_UPDATE		(1<<2)
+#define ACL_DELETE		(1<<3)
+#define ACL_RULE		(1<<4)
+#define ACL_REFERENCES	(1<<5)
+#define ACL_TRIGGER		(1<<6)
+#define ACL_EXECUTE		(1<<7)	/* for functions */
+#define ACL_USAGE		(1<<8)	/* for languages and namespaces */
+#define ACL_CREATE		(1<<9)	/* for namespaces and databases */
+#define ACL_CREATE_TEMP	(1<<10)	/* for databases */
+#define N_ACL_RIGHTS	11		/* 1 plus the last 1<<x */
+#define ACL_ALL_RIGHTS	(-1)	/* all-privileges marker in GRANT list */
+#define ACL_NO_RIGHTS	0
 
 typedef struct GrantStmt
 {
 	NodeTag		type;
-	bool		is_grant;		/* not revoke */
-	int			objtype;
-	List	   *objects;		/* list of names (as Value strings)
-								 * or relations (as RangeVar's) */
+	bool		is_grant;		/* true = GRANT, false = REVOKE */
+	GrantObjectType objtype;	/* kind of object being operated on */
+	List	   *objects;		/* list of RangeVar nodes, FuncWithArgs nodes,
+								 * or plain names (as Value strings) */
 	List	   *privileges;		/* integer list of privilege codes */
 	List	   *grantees;		/* list of PrivGrantee nodes */
 } GrantStmt;
@@ -789,7 +817,7 @@ typedef struct FuncWithArgs
 typedef struct PrivTarget
 {
 	NodeTag		type;
-	int			objtype;
+	GrantObjectType objtype;
 	List	   *objs;
 } PrivTarget;
 

src/include/parser/keywords.h

@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: keywords.h,v 1.13 2002/02/18 23:11:45 petere Exp $
+ * $Id: keywords.h,v 1.14 2002/04/21 00:26:44 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -21,6 +21,5 @@ typedef struct ScanKeyword
 } ScanKeyword;
 
 extern ScanKeyword *ScanKeywordLookup(char *text);
-extern const char *TokenString(int token);
 
 #endif   /* KEYWORDS_H */

src/include/utils/acl.h

@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: acl.h,v 1.42 2002/04/11 20:00:17 tgl Exp $
+ * $Id: acl.h,v 1.43 2002/04/21 00:26:44 tgl Exp $
  *
  * NOTES
  *	  For backward-compatibility purposes we have to allow there
@@ -37,49 +37,35 @@ typedef uint32 AclId;
 /*
  * AclIdType	tag that describes if the AclId is a user, group, etc.
  */
-typedef uint8 AclIdType;
-
-#define ACL_IDTYPE_WORLD		0x00
+#define ACL_IDTYPE_WORLD		0x00	/* PUBLIC */
 #define ACL_IDTYPE_UID			0x01	/* user id - from pg_shadow */
 #define ACL_IDTYPE_GID			0x02	/* group id - from pg_group */
 
 /*
- * AclMode		the actual permissions
- *				XXX should probably use bit.h routines.
- *				XXX should probably also stuff the modechg cruft in the
- *					high bits, too.
- */
-typedef uint8 AclMode;
-
-#define ACL_NO			0		/* no permissions */
-#define ACL_INSERT		(1<<0)
-#define ACL_SELECT		(1<<1)
-#define ACL_UPDATE		(1<<2)
-#define ACL_DELETE		(1<<3)
-#define ACL_RULE		(1<<4)
-#define ACL_REFERENCES	(1<<5)
-#define ACL_TRIGGER		(1<<6)
-#define N_ACL_MODES		7		/* 1 plus the last 1<<x */
+ * AclMode		a bitmask of privilege bits
+ */
+typedef uint32 AclMode;
 
 /*
  * AclItem
+ *
+ * Note: must be same size on all platforms, because the size is hardcoded
+ * in the pg_type.h entry for aclitem.
  */
 typedef struct AclItem
 {
-	AclId		ai_id;
-	AclIdType	ai_idtype;
-	AclMode		ai_mode;
-
-	/*
-	 * This is actually type 'aclitem', and we want a fixed size for all
-	 * platforms, so we pad this with dummies.
-	 */
-	char		dummy1,
-				dummy2;
+	AclId		ai_id;			/* ID that this item applies to */
+	AclMode		ai_privs;		/* AclIdType plus privilege bits */
 } AclItem;
 
-/* Note: if the size of AclItem changes,
-   change the aclitem typlen in pg_type.h */
+/*
+ * The AclIdType is stored in the top two bits of the ai_privs field of an
+ * AclItem, leaving us with thirty usable privilege bits.
+ */
+#define ACLITEM_GET_PRIVS(item)   ((item).ai_privs & 0x3FFFFFFF)
+#define ACLITEM_GET_IDTYPE(item)  ((item).ai_privs >> 30)
+#define ACLITEM_SET_PRIVS_IDTYPE(item,privs,idtype) \
+  ((item).ai_privs = ((privs) & 0x3FFFFFFF) | ((idtype) << 30))
 
 
 /*
@@ -144,20 +130,39 @@ typedef ArrayType IdList;
 #define ACL_MODECHG_DEL			2
 #define ACL_MODECHG_EQL			3
 
-/* mode indicators for I/O */
-#define ACL_MODECHG_STR			"+-="	/* list of valid characters */
+/* external representation of mode indicators for I/O */
 #define ACL_MODECHG_ADD_CHR		'+'
 #define ACL_MODECHG_DEL_CHR		'-'
 #define ACL_MODECHG_EQL_CHR		'='
-#define ACL_MODE_STR			"arwdRxt"		/* list of valid
-												 * characters */
-#define ACL_MODE_INSERT_CHR		'a'		/* formerly known as "append" */
-#define ACL_MODE_SELECT_CHR		'r'		/* formerly known as "read" */
-#define ACL_MODE_UPDATE_CHR		'w'		/* formerly known as "write" */
-#define ACL_MODE_DELETE_CHR		'd'
-#define ACL_MODE_RULE_CHR		'R'
-#define ACL_MODE_REFERENCES_CHR 'x'
-#define ACL_MODE_TRIGGER_CHR	't'
+
+/*
+ * External representations of the privilege bits --- aclitemin/aclitemout
+ * represent each possible privilege bit with a distinct 1-character code
+ */
+#define ACL_INSERT_CHR			'a'		/* formerly known as "append" */
+#define ACL_SELECT_CHR			'r'		/* formerly known as "read" */
+#define ACL_UPDATE_CHR			'w'		/* formerly known as "write" */
+#define ACL_DELETE_CHR			'd'
+#define ACL_RULE_CHR			'R'
+#define ACL_REFERENCES_CHR		'x'
+#define ACL_TRIGGER_CHR			't'
+#define ACL_EXECUTE_CHR			'X'
+#define ACL_USAGE_CHR			'U'
+#define ACL_CREATE_CHR			'C'
+#define ACL_CREATE_TEMP_CHR		'T'
+
+/* string holding all privilege code chars, in order by bitmask position */
+#define ACL_ALL_RIGHTS_STR	"arwdRxtXUCT"
+
+/*
+ * Bitmasks defining "all rights" for each supported object type
+ */
+#define ACL_ALL_RIGHTS_RELATION		(ACL_INSERT|ACL_SELECT|ACL_UPDATE|ACL_DELETE|ACL_RULE|ACL_REFERENCES|ACL_TRIGGER)
+#define ACL_ALL_RIGHTS_DATABASE		(ACL_CREATE|ACL_CREATE_TEMP)
+#define ACL_ALL_RIGHTS_FUNCTION		(ACL_EXECUTE)
+#define ACL_ALL_RIGHTS_LANGUAGE		(ACL_USAGE)
+#define ACL_ALL_RIGHTS_NAMESPACE	(ACL_USAGE|ACL_CREATE)
+
 
 /* result codes for pg_*_aclcheck */
 #define ACLCHECK_OK				  0
@@ -171,26 +176,18 @@ extern const char * const aclcheck_error_strings[];
 /*
  * routines used internally
  */
-extern Acl *acldefault(AclId ownerid);
-extern Acl *aclinsert3(const Acl *old_acl, const AclItem *mod_aip, unsigned modechg);
-
-/*
- * routines used by the parser
- */
-extern char *aclmakepriv(const char *old_privlist, char new_priv);
-extern char *aclmakeuser(const char *user_type, const char *user);
+extern Acl *acldefault(GrantObjectType objtype, AclId ownerid);
+extern Acl *aclinsert3(const Acl *old_acl, const AclItem *mod_aip,
+					   unsigned modechg);
 
 /*
  * exported routines (from acl.c)
  */
-extern Acl *makeacl(int n);
 extern Datum aclitemin(PG_FUNCTION_ARGS);
 extern Datum aclitemout(PG_FUNCTION_ARGS);
 extern Datum aclinsert(PG_FUNCTION_ARGS);
 extern Datum aclremove(PG_FUNCTION_ARGS);
 extern Datum aclcontains(PG_FUNCTION_ARGS);
-extern const char *aclparse(const char *s, AclItem *aip, unsigned *modechg);
-extern char *makeAclString(const char *privileges, const char *grantee, char grant_or_revoke);
 
 /*
  * prototypes for functions in aclchk.c
@@ -201,13 +198,16 @@ extern char *get_groname(AclId grosysid);
 
 /* these return ACLCHECK_* result codes */
 extern int32 pg_class_aclcheck(Oid table_oid, Oid userid, AclMode mode);
-extern int32 pg_proc_aclcheck(Oid proc_oid, Oid userid);
-extern int32 pg_language_aclcheck(Oid lang_oid, Oid userid);
+extern int32 pg_database_aclcheck(Oid db_oid, Oid userid, AclMode mode);
+extern int32 pg_proc_aclcheck(Oid proc_oid, Oid userid, AclMode mode);
+extern int32 pg_language_aclcheck(Oid lang_oid, Oid userid, AclMode mode);
+extern int32 pg_namespace_aclcheck(Oid nsp_oid, Oid userid, AclMode mode);
 
 /* ownercheck routines just return true (owner) or false (not) */
 extern bool pg_class_ownercheck(Oid class_oid, Oid userid);
 extern bool pg_type_ownercheck(Oid type_oid, Oid userid);
 extern bool pg_oper_ownercheck(Oid oper_oid, Oid userid);
 extern bool pg_proc_ownercheck(Oid proc_oid, Oid userid);
+extern bool pg_namespace_ownercheck(Oid nsp_oid, Oid userid);
 
 #endif   /* ACL_H */