* procedural language
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.21 2001/06/06 18:54:41 wieck Exp $
+ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.22 2001/07/11 18:54:18 momjian Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
%type <stmts> proc_sect, proc_stmts, stmt_else, loop_body
%type <stmt> proc_stmt, pl_block
%type <stmt> stmt_assign, stmt_if, stmt_loop, stmt_while, stmt_exit
-%type <stmt> stmt_return, stmt_raise, stmt_execsql, stmt_fori
+%type <stmt> stmt_return, stmt_raise, stmt_execsql, stmt_fori, stmt_setauth
%type <stmt> stmt_fors, stmt_select, stmt_perform
%type <stmt> stmt_dynexecute, stmt_dynfors, stmt_getdiag
%type <stmt> stmt_open, stmt_fetch, stmt_close
+%type <ival> auth_level
+
%type <intlist> raise_params
%type <ival> raise_level, raise_param
%type <str> raise_msg
%token K_PERFORM
%token K_ROW_COUNT
%token K_RAISE
+%token K_SET
+%token K_AUTHORIZATION
+%token K_INVOKER
+%token K_DEFINER
%token K_RECORD
%token K_RENAME
%token K_RESULT_OID
{ $$ = $1; }
| stmt_raise
{ $$ = $1; }
+ | stmt_setauth
+ { $$ = $1; }
| stmt_execsql
{ $$ = $1; }
| stmt_dynexecute
}
;
+stmt_setauth : K_SET K_AUTHORIZATION auth_level lno ';'
+ {
+ PLpgSQL_stmt_setauth *new;
+
+ new=malloc(sizeof(PLpgSQL_stmt_setauth));
+
+ new->cmd_type = PLPGSQL_STMT_SETAUTH;
+ new->auth_level = $3;
+ new->lineno = $4;
+
+ $$ = (PLpgSQL_stmt *)new;
+ }
+
+auth_level : K_DEFINER
+ {
+ $$=PLPGSQL_AUTH_DEFINER;
+ }
+ | K_INVOKER
+ {
+ $$=PLPGSQL_AUTH_INVOKER;
+ }
+;
+
stmt_raise : K_RAISE lno raise_level raise_msg raise_params ';'
{
PLpgSQL_stmt_raise *new;
* procedural language
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_comp.c,v 1.31 2001/05/21 14:22:18 wieck Exp $
+ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_comp.c,v 1.32 2001/07/11 18:54:18 momjian Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
function->fn_functype = functype;
function->fn_oid = fn_oid;
+ function->definer_uid = procStruct->proowner;
function->fn_name = strdup(DatumGetCString(DirectFunctionCall1(nameout,
NameGetDatum(&(procStruct->proname)))));
* procedural language
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.44 2001/05/28 19:33:24 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.45 2001/07/11 18:54:18 momjian Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
#include "plpgsql.h"
#include "pl.tab.h"
+#include "miscadmin.h"
#include "access/heapam.h"
#include "catalog/pg_proc.h"
#include "catalog/pg_type.h"
PLpgSQL_stmt_exit * stmt);
static int exec_stmt_return(PLpgSQL_execstate * estate,
PLpgSQL_stmt_return * stmt);
+static int exec_stmt_setauth(PLpgSQL_execstate * estate,
+ PLpgSQL_stmt_setauth * stmt);
static int exec_stmt_raise(PLpgSQL_execstate * estate,
PLpgSQL_stmt_raise * stmt);
static int exec_stmt_execsql(PLpgSQL_execstate * estate,
case PLPGSQL_STMT_RETURN:
stmttype = "return";
break;
+ case PLPGSQL_STMT_SETAUTH:
+ stmttype = "setauth";
+ break;
case PLPGSQL_STMT_RAISE:
stmttype = "raise";
break;
estate.retistuple = func->fn_retistuple;
estate.retisset = func->fn_retset;
estate.exitlabel = NULL;
-
+ estate.invoker_uid = GetUserId();
+ estate.definer_uid = func->definer_uid;
+ estate.auth_level = PLPGSQL_AUTH_INVOKER;
+
estate.found_varno = func->found_varno;
estate.ndatums = func->ndatums;
estate.datums = palloc(sizeof(PLpgSQL_datum *) * estate.ndatums);
elog(ERROR, "control reaches end of function without RETURN");
}
+ if (estate.auth_level!=PLPGSQL_AUTH_INVOKER)
+ SetUserId(estate.invoker_uid);
+
/*
* We got a return value - process it
*/
estate.retistuple = func->fn_retistuple;
estate.retisset = func->fn_retset;
estate.exitlabel = NULL;
+ estate.invoker_uid = GetUserId();
+ estate.definer_uid = func->definer_uid;
+ estate.auth_level = PLPGSQL_AUTH_INVOKER;
estate.found_varno = func->found_varno;
estate.ndatums = func->ndatums;
elog(ERROR, "control reaches end of trigger procedure without RETURN");
}
+ if (estate.auth_level!=PLPGSQL_AUTH_INVOKER)
+ SetUserId(estate.invoker_uid);
+
/*
* Check that the returned tuple structure has the same attributes,
* the relation that fired the trigger has.
rc = exec_stmt_return(estate, (PLpgSQL_stmt_return *) stmt);
break;
+ case PLPGSQL_STMT_SETAUTH:
+ rc = exec_stmt_setauth(estate, (PLpgSQL_stmt_setauth *) stmt);
+ break;
+
case PLPGSQL_STMT_RAISE:
rc = exec_stmt_raise(estate, (PLpgSQL_stmt_raise *) stmt);
break;
return PLPGSQL_RC_RETURN;
}
+/* ----------
+ * exec_stmt_setauth Changes user ID to/from
+ * that of the function owner's
+ * ----------
+ */
+
+static int
+exec_stmt_setauth(PLpgSQL_execstate * estate, PLpgSQL_stmt_setauth * stmt)
+{
+ switch(stmt->auth_level)
+ {
+ case PLPGSQL_AUTH_DEFINER:
+ SetUserId(estate->definer_uid);
+ break;
+ case PLPGSQL_AUTH_INVOKER:
+ SetUserId(estate->invoker_uid);
+ break;
+ }
+
+ estate->auth_level=stmt->auth_level;
+ return PLPGSQL_RC_OK;
+}
+
/* ----------
* exec_stmt_raise Build a message and throw it with
* procedural language
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_funcs.c,v 1.13 2001/05/21 14:22:19 wieck Exp $
+ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_funcs.c,v 1.14 2001/07/11 18:54:18 momjian Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
static void dump_select(PLpgSQL_stmt_select * stmt);
static void dump_exit(PLpgSQL_stmt_exit * stmt);
static void dump_return(PLpgSQL_stmt_return * stmt);
+static void dump_setauth(PLpgSQL_stmt_setauth * stmt);
static void dump_raise(PLpgSQL_stmt_raise * stmt);
static void dump_execsql(PLpgSQL_stmt_execsql * stmt);
static void dump_dynexecute(PLpgSQL_stmt_dynexecute * stmt);
case PLPGSQL_STMT_RETURN:
dump_return((PLpgSQL_stmt_return *) stmt);
break;
+ case PLPGSQL_STMT_SETAUTH:
+ dump_setauth((PLpgSQL_stmt_setauth *) stmt);
+ break;
case PLPGSQL_STMT_RAISE:
dump_raise((PLpgSQL_stmt_raise *) stmt);
break;
printf("\n");
}
+static void
+dump_setauth(PLpgSQL_stmt_setauth * stmt)
+{
+ dump_ind();
+ switch (stmt->auth_level)
+ {
+ case PLPGSQL_AUTH_DEFINER:
+ printf("SET AUTHORIZATION DEFINER\n");
+ break;
+ case PLPGSQL_AUTH_INVOKER:
+ printf("SET AUTHORIZATION INVOKER\n");
+ break;
+ }
+}
+
static void
dump_raise(PLpgSQL_stmt_raise * stmt)
{
* procedural language
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/plpgsql.h,v 1.14 2001/05/21 14:22:19 wieck Exp $
+ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/plpgsql.h,v 1.15 2001/07/11 18:54:19 momjian Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
PLPGSQL_STMT_DYNEXECUTE,
PLPGSQL_STMT_DYNFORS,
PLPGSQL_STMT_GETDIAG,
+ PLPGSQL_STMT_SETAUTH,
PLPGSQL_STMT_OPEN,
PLPGSQL_STMT_FETCH,
PLPGSQL_STMT_CLOSE
PLPGSQL_RC_RETURN
};
+/* ---------
+ * Authorization levels
+ * ---------
+ */
+enum
+{
+ PLPGSQL_AUTH_INVOKER,
+ PLPGSQL_AUTH_DEFINER,
+};
+
/* ----------
* GET DIAGNOSTICS system attrs
* ----------
int retrecno;
} PLpgSQL_stmt_return;
+typedef struct
+{ /* SET AUTHORIZATION statement */
+ int cmd_type;
+ int lineno;
+ int auth_level;
+} PLpgSQL_stmt_setauth;
typedef struct
{ /* RAISE statement */
int tg_nargs_varno;
int ndatums;
+ Oid definer_uid;
PLpgSQL_datum **datums;
PLpgSQL_stmt_block *action;
struct PLpgSQL_function *next;
int found_varno;
int ndatums;
PLpgSQL_datum **datums;
+ Oid invoker_uid;
+ Oid definer_uid;
+ int auth_level;
} PLpgSQL_execstate;
* procedural language
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/Attic/scan.l,v 1.12 2001/05/21 14:22:19 wieck Exp $
+ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/Attic/scan.l,v 1.13 2001/07/11 18:54:19 momjian Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
open { return K_OPEN; }
perform { return K_PERFORM; }
raise { return K_RAISE; }
+set { return K_SET; }
+authorization { return K_AUTHORIZATION; }
+invoker { return K_INVOKER; }
+definer { return K_DEFINER; }
record { return K_RECORD; }
rename { return K_RENAME; }
result_oid { return K_RESULT_OID; }
projects / users / rhaas / postgres.git / commitdiff