📄 dumputils.c
字号:
* uses fmtId() internally. */boolbuildACLCommands(const char *name, const char *type, const char *acls, const char *owner, int remoteVersion, PQExpBuffer sql){ char **aclitems; int naclitems; int i; PQExpBuffer grantee, grantor, privs, privswgo; PQExpBuffer firstsql, secondsql; bool found_owner_privs = false; if (strlen(acls) == 0) return true; /* object has default permissions */ if (!parsePGArray(acls, &aclitems, &naclitems)) { if (aclitems) free(aclitems); return false; } grantee = createPQExpBuffer(); grantor = createPQExpBuffer(); privs = createPQExpBuffer(); privswgo = createPQExpBuffer(); /* * At the end, these two will be pasted together to form the result. But * the owner privileges need to go before the other ones to keep the * dependencies valid. In recent versions this is normally the case, but * in old versions they come after the PUBLIC privileges and that results * in problems if we need to run REVOKE on the owner privileges. */ firstsql = createPQExpBuffer(); secondsql = createPQExpBuffer(); /* * Always start with REVOKE ALL FROM PUBLIC, so that we don't have to * wire-in knowledge about the default public privileges for different * kinds of objects. */ appendPQExpBuffer(firstsql, "REVOKE ALL ON %s %s FROM PUBLIC;\n", type, name); /* Scan individual ACL items */ for (i = 0; i < naclitems; i++) { if (!parseAclItem(aclitems[i], type, name, remoteVersion, grantee, grantor, privs, privswgo)) return false; if (grantor->len == 0 && owner) printfPQExpBuffer(grantor, "%s", owner); if (privs->len > 0 || privswgo->len > 0) { if (owner && strcmp(grantee->data, owner) == 0 && strcmp(grantor->data, owner) == 0) { found_owner_privs = true; /* * For the owner, the default privilege level is ALL WITH * GRANT OPTION (only ALL prior to 7.4). */ if (supports_grant_options(remoteVersion) ? strcmp(privswgo->data, "ALL") != 0 : strcmp(privs->data, "ALL") != 0) { appendPQExpBuffer(firstsql, "REVOKE ALL ON %s %s FROM %s;\n", type, name, fmtId(grantee->data)); if (privs->len > 0) appendPQExpBuffer(firstsql, "GRANT %s ON %s %s TO %s;\n", privs->data, type, name, fmtId(grantee->data)); if (privswgo->len > 0) appendPQExpBuffer(firstsql, "GRANT %s ON %s %s TO %s WITH GRANT OPTION;\n", privswgo->data, type, name, fmtId(grantee->data)); } } else { /* * Otherwise can assume we are starting from no privs. */ if (grantor->len > 0 && (!owner || strcmp(owner, grantor->data) != 0)) appendPQExpBuffer(secondsql, "SET SESSION AUTHORIZATION %s;\n", fmtId(grantor->data)); if (privs->len > 0) { appendPQExpBuffer(secondsql, "GRANT %s ON %s %s TO ", privs->data, type, name); if (grantee->len == 0) appendPQExpBuffer(secondsql, "PUBLIC;\n"); else if (strncmp(grantee->data, "group ", strlen("group ")) == 0) appendPQExpBuffer(secondsql, "GROUP %s;\n", fmtId(grantee->data + strlen("group "))); else appendPQExpBuffer(secondsql, "%s;\n", fmtId(grantee->data)); } if (privswgo->len > 0) { appendPQExpBuffer(secondsql, "GRANT %s ON %s %s TO ", privswgo->data, type, name); if (grantee->len == 0) appendPQExpBuffer(secondsql, "PUBLIC"); else if (strncmp(grantee->data, "group ", strlen("group ")) == 0) appendPQExpBuffer(secondsql, "GROUP %s", fmtId(grantee->data + strlen("group "))); else appendPQExpBuffer(secondsql, "%s", fmtId(grantee->data)); appendPQExpBuffer(secondsql, " WITH GRANT OPTION;\n"); } if (grantor->len > 0 && (!owner || strcmp(owner, grantor->data) != 0)) appendPQExpBuffer(secondsql, "RESET SESSION AUTHORIZATION;\n"); } } } /* * If we didn't find any owner privs, the owner must have revoked 'em all */ if (!found_owner_privs && owner) { appendPQExpBuffer(firstsql, "REVOKE ALL ON %s %s FROM %s;\n", type, name, fmtId(owner)); } destroyPQExpBuffer(grantee); destroyPQExpBuffer(grantor); destroyPQExpBuffer(privs); destroyPQExpBuffer(privswgo); appendPQExpBuffer(sql, "%s%s", firstsql->data, secondsql->data); destroyPQExpBuffer(firstsql); destroyPQExpBuffer(secondsql); free(aclitems); return true;}/* * This will parse an aclitem string, having the general form * username=privilegecodes/grantor * or * group groupname=privilegecodes/grantor * (the /grantor part will not be present if pre-7.4 database). * * The returned grantee string will be the dequoted username or groupname * (preceded with "group " in the latter case). The returned grantor is * the dequoted grantor name or empty. Privilege characters are decoded * and split between privileges with grant option (privswgo) and without * (privs). * * Note: for cross-version compatibility, it's important to use ALL when * appropriate. */static boolparseAclItem(const char *item, const char *type, const char *name, int remoteVersion, PQExpBuffer grantee, PQExpBuffer grantor, PQExpBuffer privs, PQExpBuffer privswgo){ char *buf; bool all_with_go = true; bool all_without_go = true; char *eqpos; char *slpos; char *pos; buf = strdup(item); /* user or group name is string up to = */ eqpos = copyAclUserName(grantee, buf); if (*eqpos != '=') return false; /* grantor may be listed after / */ slpos = strchr(eqpos + 1, '/'); if (slpos) { *slpos++ = '\0'; slpos = copyAclUserName(grantor, slpos); if (*slpos != '\0') return false; } else resetPQExpBuffer(grantor); /* privilege codes */#define CONVERT_PRIV(code, keywd) \ if ((pos = strchr(eqpos + 1, code))) \ { \ if (*(pos + 1) == '*') \ { \ AddAcl(privswgo, keywd); \ all_without_go = false; \ } \ else \ { \ AddAcl(privs, keywd); \ all_with_go = false; \ } \ } \ else \ all_with_go = all_without_go = false resetPQExpBuffer(privs); resetPQExpBuffer(privswgo); if (strcmp(type, "TABLE") == 0) { CONVERT_PRIV('a', "INSERT"); CONVERT_PRIV('r', "SELECT"); CONVERT_PRIV('R', "RULE"); if (remoteVersion >= 70200) { CONVERT_PRIV('w', "UPDATE"); CONVERT_PRIV('d', "DELETE"); CONVERT_PRIV('x', "REFERENCES"); CONVERT_PRIV('t', "TRIGGER"); } else { /* 7.0 and 7.1 have a simpler worldview */ CONVERT_PRIV('w', "UPDATE,DELETE"); } } else if (strcmp(type, "FUNCTION") == 0) CONVERT_PRIV('X', "EXECUTE"); else if (strcmp(type, "LANGUAGE") == 0) CONVERT_PRIV('U', "USAGE"); else if (strcmp(type, "SCHEMA") == 0) { CONVERT_PRIV('C', "CREATE"); CONVERT_PRIV('U', "USAGE"); } else if (strcmp(type, "DATABASE") == 0) { CONVERT_PRIV('C', "CREATE"); CONVERT_PRIV('T', "TEMPORARY"); } else if (strcmp(type, "TABLESPACE") == 0) CONVERT_PRIV('C', "CREATE"); else abort();#undef CONVERT_PRIV if (all_with_go) { resetPQExpBuffer(privs); printfPQExpBuffer(privswgo, "ALL"); } else if (all_without_go) { resetPQExpBuffer(privswgo); printfPQExpBuffer(privs, "ALL"); } free(buf); return true;}/* * Transfer a user or group name starting at *input into the output buffer, * dequoting if needed. Returns a pointer to just past the input name. * The name is taken to end at an unquoted '=' or end of string. */static char *copyAclUserName(PQExpBuffer output, char *input){ resetPQExpBuffer(output); while (*input && *input != '=') { /* * If user name isn't quoted, then just add it to the output buffer */ if (*input != '"') appendPQExpBufferChar(output, *input++); else { /* Otherwise, it's a quoted username */ input++; /* Loop until we come across an unescaped quote */ while (!(*input == '"' && *(input + 1) != '"')) { if (*input == '\0') return input; /* really a syntax error... */ /* * Quoting convention is to escape " as "". Keep this code in * sync with putid() in backend's acl.c. */ if (*input == '"' && *(input + 1) == '"') input++; appendPQExpBufferChar(output, *input++); } input++; } } return input;}/* * Append a privilege keyword to a keyword list, inserting comma if needed. */static voidAddAcl(PQExpBuffer aclbuf, const char *keyword){ if (aclbuf->len > 0) appendPQExpBufferChar(aclbuf, ','); appendPQExpBuffer(aclbuf, "%s", keyword);}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -