| 1 | /*------------------------------------------------------------------------- |
|---|---|
| 2 | * |
| 3 | * schemacmds.c |
| 4 | * schema creation/manipulation commands |
| 5 | * |
| 6 | * Portions Copyright (c) 1996-2019, PostgreSQL Global Development Group |
| 7 | * Portions Copyright (c) 1994, Regents of the University of California |
| 8 | * |
| 9 | * |
| 10 | * IDENTIFICATION |
| 11 | * src/backend/commands/schemacmds.c |
| 12 | * |
| 13 | *------------------------------------------------------------------------- |
| 14 | */ |
| 15 | #include "postgres.h" |
| 16 | |
| 17 | #include "access/htup_details.h" |
| 18 | #include "access/table.h" |
| 19 | #include "access/xact.h" |
| 20 | #include "catalog/catalog.h" |
| 21 | #include "catalog/dependency.h" |
| 22 | #include "catalog/indexing.h" |
| 23 | #include "catalog/namespace.h" |
| 24 | #include "catalog/pg_authid.h" |
| 25 | #include "catalog/objectaccess.h" |
| 26 | #include "catalog/pg_namespace.h" |
| 27 | #include "commands/dbcommands.h" |
| 28 | #include "commands/event_trigger.h" |
| 29 | #include "commands/schemacmds.h" |
| 30 | #include "miscadmin.h" |
| 31 | #include "parser/parse_utilcmd.h" |
| 32 | #include "tcop/utility.h" |
| 33 | #include "utils/acl.h" |
| 34 | #include "utils/builtins.h" |
| 35 | #include "utils/rel.h" |
| 36 | #include "utils/syscache.h" |
| 37 | |
| 38 | |
| 39 | static void AlterSchemaOwner_internal(HeapTuple tup, Relation rel, Oid newOwnerId); |
| 40 | |
| 41 | /* |
| 42 | * CREATE SCHEMA |
| 43 | * |
| 44 | * Note: caller should pass in location information for the whole |
| 45 | * CREATE SCHEMA statement, which in turn we pass down as the location |
| 46 | * of the component commands. This comports with our general plan of |
| 47 | * reporting location/len for the whole command even when executing |
| 48 | * a subquery. |
| 49 | */ |
| 50 | Oid |
| 51 | CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString, |
| 52 | int stmt_location, int stmt_len) |
| 53 | { |
| 54 | const char *schemaName = stmt->schemaname; |
| 55 | Oid namespaceId; |
| 56 | OverrideSearchPath *overridePath; |
| 57 | List *parsetree_list; |
| 58 | ListCell *parsetree_item; |
| 59 | Oid owner_uid; |
| 60 | Oid saved_uid; |
| 61 | int save_sec_context; |
| 62 | AclResult aclresult; |
| 63 | ObjectAddress address; |
| 64 | |
| 65 | GetUserIdAndSecContext(&saved_uid, &save_sec_context); |
| 66 | |
| 67 | /* |
| 68 | * Who is supposed to own the new schema? |
| 69 | */ |
| 70 | if (stmt->authrole) |
| 71 | owner_uid = get_rolespec_oid(stmt->authrole, false); |
| 72 | else |
| 73 | owner_uid = saved_uid; |
| 74 | |
| 75 | /* fill schema name with the user name if not specified */ |
| 76 | if (!schemaName) |
| 77 | { |
| 78 | HeapTuple tuple; |
| 79 | |
| 80 | tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(owner_uid)); |
| 81 | if (!HeapTupleIsValid(tuple)) |
| 82 | elog(ERROR, "cache lookup failed for role %u", owner_uid); |
| 83 | schemaName = |
| 84 | pstrdup(NameStr(((Form_pg_authid) GETSTRUCT(tuple))->rolname)); |
| 85 | ReleaseSysCache(tuple); |
| 86 | } |
| 87 | |
| 88 | /* |
| 89 | * To create a schema, must have schema-create privilege on the current |
| 90 | * database and must be able to become the target role (this does not |
| 91 | * imply that the target role itself must have create-schema privilege). |
| 92 | * The latter provision guards against "giveaway" attacks. Note that a |
| 93 | * superuser will always have both of these privileges a fortiori. |
| 94 | */ |
| 95 | aclresult = pg_database_aclcheck(MyDatabaseId, saved_uid, ACL_CREATE); |
| 96 | if (aclresult != ACLCHECK_OK) |
| 97 | aclcheck_error(aclresult, OBJECT_DATABASE, |
| 98 | get_database_name(MyDatabaseId)); |
| 99 | |
| 100 | check_is_member_of_role(saved_uid, owner_uid); |
| 101 | |
| 102 | /* Additional check to protect reserved schema names */ |
| 103 | if (!allowSystemTableMods && IsReservedName(schemaName)) |
| 104 | ereport(ERROR, |
| 105 | (errcode(ERRCODE_RESERVED_NAME), |
| 106 | errmsg("unacceptable schema name \"%s\"", schemaName), |
| 107 | errdetail("The prefix \"pg_\" is reserved for system schemas."))); |
| 108 | |
| 109 | /* |
| 110 | * If if_not_exists was given and the schema already exists, bail out. |
| 111 | * (Note: we needn't check this when not if_not_exists, because |
| 112 | * NamespaceCreate will complain anyway.) We could do this before making |
| 113 | * the permissions checks, but since CREATE TABLE IF NOT EXISTS makes its |
| 114 | * creation-permission check first, we do likewise. |
| 115 | */ |
| 116 | if (stmt->if_not_exists && |
| 117 | SearchSysCacheExists1(NAMESPACENAME, PointerGetDatum(schemaName))) |
| 118 | { |
| 119 | ereport(NOTICE, |
| 120 | (errcode(ERRCODE_DUPLICATE_SCHEMA), |
| 121 | errmsg("schema \"%s\" already exists, skipping", |
| 122 | schemaName))); |
| 123 | return InvalidOid; |
| 124 | } |
| 125 | |
| 126 | /* |
| 127 | * If the requested authorization is different from the current user, |
| 128 | * temporarily set the current user so that the object(s) will be created |
| 129 | * with the correct ownership. |
| 130 | * |
| 131 | * (The setting will be restored at the end of this routine, or in case of |
| 132 | * error, transaction abort will clean things up.) |
| 133 | */ |
| 134 | if (saved_uid != owner_uid) |
| 135 | SetUserIdAndSecContext(owner_uid, |
| 136 | save_sec_context | SECURITY_LOCAL_USERID_CHANGE); |
| 137 | |
| 138 | /* Create the schema's namespace */ |
| 139 | namespaceId = NamespaceCreate(schemaName, owner_uid, false); |
| 140 | |
| 141 | /* Advance cmd counter to make the namespace visible */ |
| 142 | CommandCounterIncrement(); |
| 143 | |
| 144 | /* |
| 145 | * Temporarily make the new namespace be the front of the search path, as |
| 146 | * well as the default creation target namespace. This will be undone at |
| 147 | * the end of this routine, or upon error. |
| 148 | */ |
| 149 | overridePath = GetOverrideSearchPath(CurrentMemoryContext); |
| 150 | overridePath->schemas = lcons_oid(namespaceId, overridePath->schemas); |
| 151 | /* XXX should we clear overridePath->useTemp? */ |
| 152 | PushOverrideSearchPath(overridePath); |
| 153 | |
| 154 | /* |
| 155 | * Report the new schema to possibly interested event triggers. Note we |
| 156 | * must do this here and not in ProcessUtilitySlow because otherwise the |
| 157 | * objects created below are reported before the schema, which would be |
| 158 | * wrong. |
| 159 | */ |
| 160 | ObjectAddressSet(address, NamespaceRelationId, namespaceId); |
| 161 | EventTriggerCollectSimpleCommand(address, InvalidObjectAddress, |
| 162 | (Node *) stmt); |
| 163 | |
| 164 | /* |
| 165 | * Examine the list of commands embedded in the CREATE SCHEMA command, and |
| 166 | * reorganize them into a sequentially executable order with no forward |
| 167 | * references. Note that the result is still a list of raw parsetrees --- |
| 168 | * we cannot, in general, run parse analysis on one statement until we |
| 169 | * have actually executed the prior ones. |
| 170 | */ |
| 171 | parsetree_list = transformCreateSchemaStmt(stmt); |
| 172 | |
| 173 | /* |
| 174 | * Execute each command contained in the CREATE SCHEMA. Since the grammar |
| 175 | * allows only utility commands in CREATE SCHEMA, there is no need to pass |
| 176 | * them through parse_analyze() or the rewriter; we can just hand them |
| 177 | * straight to ProcessUtility. |
| 178 | */ |
| 179 | foreach(parsetree_item, parsetree_list) |
| 180 | { |
| 181 | Node *stmt = (Node *) lfirst(parsetree_item); |
| 182 | PlannedStmt *wrapper; |
| 183 | |
| 184 | /* need to make a wrapper PlannedStmt */ |
| 185 | wrapper = makeNode(PlannedStmt); |
| 186 | wrapper->commandType = CMD_UTILITY; |
| 187 | wrapper->canSetTag = false; |
| 188 | wrapper->utilityStmt = stmt; |
| 189 | wrapper->stmt_location = stmt_location; |
| 190 | wrapper->stmt_len = stmt_len; |
| 191 | |
| 192 | /* do this step */ |
| 193 | ProcessUtility(wrapper, |
| 194 | queryString, |
| 195 | PROCESS_UTILITY_SUBCOMMAND, |
| 196 | NULL, |
| 197 | NULL, |
| 198 | None_Receiver, |
| 199 | NULL); |
| 200 | |
| 201 | /* make sure later steps can see the object created here */ |
| 202 | CommandCounterIncrement(); |
| 203 | } |
| 204 | |
| 205 | /* Reset search path to normal state */ |
| 206 | PopOverrideSearchPath(); |
| 207 | |
| 208 | /* Reset current user and security context */ |
| 209 | SetUserIdAndSecContext(saved_uid, save_sec_context); |
| 210 | |
| 211 | return namespaceId; |
| 212 | } |
| 213 | |
| 214 | /* |
| 215 | * Guts of schema deletion. |
| 216 | */ |
| 217 | void |
| 218 | RemoveSchemaById(Oid schemaOid) |
| 219 | { |
| 220 | Relation relation; |
| 221 | HeapTuple tup; |
| 222 | |
| 223 | relation = table_open(NamespaceRelationId, RowExclusiveLock); |
| 224 | |
| 225 | tup = SearchSysCache1(NAMESPACEOID, |
| 226 | ObjectIdGetDatum(schemaOid)); |
| 227 | if (!HeapTupleIsValid(tup)) /* should not happen */ |
| 228 | elog(ERROR, "cache lookup failed for namespace %u", schemaOid); |
| 229 | |
| 230 | CatalogTupleDelete(relation, &tup->t_self); |
| 231 | |
| 232 | ReleaseSysCache(tup); |
| 233 | |
| 234 | table_close(relation, RowExclusiveLock); |
| 235 | } |
| 236 | |
| 237 | |
| 238 | /* |
| 239 | * Rename schema |
| 240 | */ |
| 241 | ObjectAddress |
| 242 | RenameSchema(const char *oldname, const char *newname) |
| 243 | { |
| 244 | Oid nspOid; |
| 245 | HeapTuple tup; |
| 246 | Relation rel; |
| 247 | AclResult aclresult; |
| 248 | ObjectAddress address; |
| 249 | Form_pg_namespace nspform; |
| 250 | |
| 251 | rel = table_open(NamespaceRelationId, RowExclusiveLock); |
| 252 | |
| 253 | tup = SearchSysCacheCopy1(NAMESPACENAME, CStringGetDatum(oldname)); |
| 254 | if (!HeapTupleIsValid(tup)) |
| 255 | ereport(ERROR, |
| 256 | (errcode(ERRCODE_UNDEFINED_SCHEMA), |
| 257 | errmsg("schema \"%s\" does not exist", oldname))); |
| 258 | |
| 259 | nspform = (Form_pg_namespace) GETSTRUCT(tup); |
| 260 | nspOid = nspform->oid; |
| 261 | |
| 262 | /* make sure the new name doesn't exist */ |
| 263 | if (OidIsValid(get_namespace_oid(newname, true))) |
| 264 | ereport(ERROR, |
| 265 | (errcode(ERRCODE_DUPLICATE_SCHEMA), |
| 266 | errmsg("schema \"%s\" already exists", newname))); |
| 267 | |
| 268 | /* must be owner */ |
| 269 | if (!pg_namespace_ownercheck(nspOid, GetUserId())) |
| 270 | aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SCHEMA, |
| 271 | oldname); |
| 272 | |
| 273 | /* must have CREATE privilege on database */ |
| 274 | aclresult = pg_database_aclcheck(MyDatabaseId, GetUserId(), ACL_CREATE); |
| 275 | if (aclresult != ACLCHECK_OK) |
| 276 | aclcheck_error(aclresult, OBJECT_DATABASE, |
| 277 | get_database_name(MyDatabaseId)); |
| 278 | |
| 279 | if (!allowSystemTableMods && IsReservedName(newname)) |
| 280 | ereport(ERROR, |
| 281 | (errcode(ERRCODE_RESERVED_NAME), |
| 282 | errmsg("unacceptable schema name \"%s\"", newname), |
| 283 | errdetail("The prefix \"pg_\" is reserved for system schemas."))); |
| 284 | |
| 285 | /* rename */ |
| 286 | namestrcpy(&nspform->nspname, newname); |
| 287 | CatalogTupleUpdate(rel, &tup->t_self, tup); |
| 288 | |
| 289 | InvokeObjectPostAlterHook(NamespaceRelationId, nspOid, 0); |
| 290 | |
| 291 | ObjectAddressSet(address, NamespaceRelationId, nspOid); |
| 292 | |
| 293 | table_close(rel, NoLock); |
| 294 | heap_freetuple(tup); |
| 295 | |
| 296 | return address; |
| 297 | } |
| 298 | |
| 299 | void |
| 300 | AlterSchemaOwner_oid(Oid oid, Oid newOwnerId) |
| 301 | { |
| 302 | HeapTuple tup; |
| 303 | Relation rel; |
| 304 | |
| 305 | rel = table_open(NamespaceRelationId, RowExclusiveLock); |
| 306 | |
| 307 | tup = SearchSysCache1(NAMESPACEOID, ObjectIdGetDatum(oid)); |
| 308 | if (!HeapTupleIsValid(tup)) |
| 309 | elog(ERROR, "cache lookup failed for schema %u", oid); |
| 310 | |
| 311 | AlterSchemaOwner_internal(tup, rel, newOwnerId); |
| 312 | |
| 313 | ReleaseSysCache(tup); |
| 314 | |
| 315 | table_close(rel, RowExclusiveLock); |
| 316 | } |
| 317 | |
| 318 | |
| 319 | /* |
| 320 | * Change schema owner |
| 321 | */ |
| 322 | ObjectAddress |
| 323 | AlterSchemaOwner(const char *name, Oid newOwnerId) |
| 324 | { |
| 325 | Oid nspOid; |
| 326 | HeapTuple tup; |
| 327 | Relation rel; |
| 328 | ObjectAddress address; |
| 329 | Form_pg_namespace nspform; |
| 330 | |
| 331 | rel = table_open(NamespaceRelationId, RowExclusiveLock); |
| 332 | |
| 333 | tup = SearchSysCache1(NAMESPACENAME, CStringGetDatum(name)); |
| 334 | if (!HeapTupleIsValid(tup)) |
| 335 | ereport(ERROR, |
| 336 | (errcode(ERRCODE_UNDEFINED_SCHEMA), |
| 337 | errmsg("schema \"%s\" does not exist", name))); |
| 338 | |
| 339 | nspform = (Form_pg_namespace) GETSTRUCT(tup); |
| 340 | nspOid = nspform->oid; |
| 341 | |
| 342 | AlterSchemaOwner_internal(tup, rel, newOwnerId); |
| 343 | |
| 344 | ObjectAddressSet(address, NamespaceRelationId, nspOid); |
| 345 | |
| 346 | ReleaseSysCache(tup); |
| 347 | |
| 348 | table_close(rel, RowExclusiveLock); |
| 349 | |
| 350 | return address; |
| 351 | } |
| 352 | |
| 353 | static void |
| 354 | AlterSchemaOwner_internal(HeapTuple tup, Relation rel, Oid newOwnerId) |
| 355 | { |
| 356 | Form_pg_namespace nspForm; |
| 357 | |
| 358 | Assert(tup->t_tableOid == NamespaceRelationId); |
| 359 | Assert(RelationGetRelid(rel) == NamespaceRelationId); |
| 360 | |
| 361 | nspForm = (Form_pg_namespace) GETSTRUCT(tup); |
| 362 | |
| 363 | /* |
| 364 | * If the new owner is the same as the existing owner, consider the |
| 365 | * command to have succeeded. This is for dump restoration purposes. |
| 366 | */ |
| 367 | if (nspForm->nspowner != newOwnerId) |
| 368 | { |
| 369 | Datum repl_val[Natts_pg_namespace]; |
| 370 | bool repl_null[Natts_pg_namespace]; |
| 371 | bool repl_repl[Natts_pg_namespace]; |
| 372 | Acl *newAcl; |
| 373 | Datum aclDatum; |
| 374 | bool isNull; |
| 375 | HeapTuple newtuple; |
| 376 | AclResult aclresult; |
| 377 | |
| 378 | /* Otherwise, must be owner of the existing object */ |
| 379 | if (!pg_namespace_ownercheck(nspForm->oid, GetUserId())) |
| 380 | aclcheck_error(ACLCHECK_NOT_OWNER, OBJECT_SCHEMA, |
| 381 | NameStr(nspForm->nspname)); |
| 382 | |
| 383 | /* Must be able to become new owner */ |
| 384 | check_is_member_of_role(GetUserId(), newOwnerId); |
| 385 | |
| 386 | /* |
| 387 | * must have create-schema rights |
| 388 | * |
| 389 | * NOTE: This is different from other alter-owner checks in that the |
| 390 | * current user is checked for create privileges instead of the |
| 391 | * destination owner. This is consistent with the CREATE case for |
| 392 | * schemas. Because superusers will always have this right, we need |
| 393 | * no special case for them. |
| 394 | */ |
| 395 | aclresult = pg_database_aclcheck(MyDatabaseId, GetUserId(), |
| 396 | ACL_CREATE); |
| 397 | if (aclresult != ACLCHECK_OK) |
| 398 | aclcheck_error(aclresult, OBJECT_DATABASE, |
| 399 | get_database_name(MyDatabaseId)); |
| 400 | |
| 401 | memset(repl_null, false, sizeof(repl_null)); |
| 402 | memset(repl_repl, false, sizeof(repl_repl)); |
| 403 | |
| 404 | repl_repl[Anum_pg_namespace_nspowner - 1] = true; |
| 405 | repl_val[Anum_pg_namespace_nspowner - 1] = ObjectIdGetDatum(newOwnerId); |
| 406 | |
| 407 | /* |
| 408 | * Determine the modified ACL for the new owner. This is only |
| 409 | * necessary when the ACL is non-null. |
| 410 | */ |
| 411 | aclDatum = SysCacheGetAttr(NAMESPACENAME, tup, |
| 412 | Anum_pg_namespace_nspacl, |
| 413 | &isNull); |
| 414 | if (!isNull) |
| 415 | { |
| 416 | newAcl = aclnewowner(DatumGetAclP(aclDatum), |
| 417 | nspForm->nspowner, newOwnerId); |
| 418 | repl_repl[Anum_pg_namespace_nspacl - 1] = true; |
| 419 | repl_val[Anum_pg_namespace_nspacl - 1] = PointerGetDatum(newAcl); |
| 420 | } |
| 421 | |
| 422 | newtuple = heap_modify_tuple(tup, RelationGetDescr(rel), repl_val, repl_null, repl_repl); |
| 423 | |
| 424 | CatalogTupleUpdate(rel, &newtuple->t_self, newtuple); |
| 425 | |
| 426 | heap_freetuple(newtuple); |
| 427 | |
| 428 | /* Update owner dependency reference */ |
| 429 | changeDependencyOnOwner(NamespaceRelationId, nspForm->oid, |
| 430 | newOwnerId); |
| 431 | } |
| 432 | |
| 433 | InvokeObjectPostAlterHook(NamespaceRelationId, |
| 434 | nspForm->oid, 0); |
| 435 | } |
| 436 |
Generated on 2019-Nov-14 from project PostgreSQL revision 12.0
Powered by 
Code Browser 2.1
Generator usage only permitted with license.