diff -Nrpc base/doc/src/sgml/catalogs.sgml blob/doc/src/sgml/catalogs.sgml
*** base/doc/src/sgml/catalogs.sgml Mon Nov 9 18:42:41 2009
--- blob/doc/src/sgml/catalogs.sgml Mon Nov 9 19:13:09 2009
***************
*** 160,166 ****
pg_largeobject
! large objects
--- 160,171 ----
pg_largeobject
! data pages for large objects
!
!
!
! pg_largeobject_metadata
! metadata for large objects
***************
*** 3082,3089 ****
The catalog pg_largeobject holds the data making up
large objects. A large object is identified by an
! OID assigned when it is created. Each large object is broken into
! segments or pages small enough to be conveniently stored as rows
in pg_largeobject.
The amount of data per page is defined to be LOBLKSIZE (which is currently
BLCKSZ/4, or typically 2 kB).
--- 3087,3095 ----
The catalog pg_largeobject holds the data making up
large objects. A large object is identified by an
! OID of pg_largeobject_metadata catalog, assigned when it is
! created. Each large object is broken into segments or pages
! small enough to be conveniently stored as rows
in pg_largeobject.
The amount of data per page is defined to be LOBLKSIZE (which is currently
BLCKSZ/4, or typically 2 kB).
***************
*** 3092,3102 ****
<structname>pg_largeobject</> Columns
! NameType
+ ReferencesDescription
***************
*** 3105,3116 ****
--- 3112,3125 ----
loidoid
+ pg_largeobject_metadata.oidIdentifier of the large object that includes this pagepagenoint4
+ Page number of this page within its large object
(counting from zero)
***************
*** 3118,3123 ****
--- 3127,3133 ----
databytea
+
Actual data stored in the large object.
This will never be more than LOBLKSIZE bytes and might be less
***************
*** 3138,3143 ****
--- 3148,3203 ----
+
+ <structname>pg_largeobject_metadata</structname>
+
+
+ pg_largeobject_metadata
+
+
+
+ The catalog pg_largeobject_metadata holds
+ the metadata of large objects.
+ In this version, a large object has OID of its owner, access permissions
+ and OID of the largeobject itself.
+
+
+
+ <structname>pg_largeobject_metadata</> Columns
+
+
+
+
+ Name
+ Type
+ References
+ Description
+
+
+
+
+
+ lomowner
+ oid
+ pg_authid.oid
+ Owner of the largeobejct
+
+
+
+ lomacl
+ aclitem[]
+
+ Access privileges; see
+ and
+
+ for details
+
+
+
+
+
+
+ <structname>pg_listener</structname>
diff -Nrpc base/doc/src/sgml/config.sgml blob/doc/src/sgml/config.sgml
*** base/doc/src/sgml/config.sgml Mon Nov 9 18:42:41 2009
--- blob/doc/src/sgml/config.sgml Fri Nov 13 11:25:02 2009
*************** dynamic_library_path = 'C:\tools\postgre
*** 4772,4777 ****
--- 4772,4805 ----
+
+ large_object_privilege_checks (boolean)
+
+
+ large_object_privilege_checks configuration parameter
+
+
+
+
+ This allows us to turn on/off database privilege checks on large objects.
+ Prior to the version 8.5.x release does not have any privilege checks on
+ large objects.
+ So, turning the large_object_privilege_checks off
+ means the large object feature performs in compatible mode.
+
+
+ Please note that it is not equivalent to disable all the security
+ checks corresponding to large objects.
+ For example, the lo_import() and
+ lo_export need superuser privileges independent
+ from this setting as prior versions were doing.
+
+
+ It is on by default.
+
+
+
+
sql_inheritance (boolean)
diff -Nrpc base/doc/src/sgml/lobj.sgml blob/doc/src/sgml/lobj.sgml
*** base/doc/src/sgml/lobj.sgml Wed Dec 10 12:46:57 2008
--- blob/doc/src/sgml/lobj.sgml Tue Nov 10 00:26:52 2009
*************** SELECT lo_export(image.raster, '/tmp/mot
*** 441,446 ****
--- 441,491 ----
The client-side functions can be used by any
PostgreSQL user.
+
+
+ Large object and privileges
+
+ The 8.5.0 or later version support access controls on large objects.
+ It allows owner of large objects to set up access rights using
+ and
+ statement.
+
+
+ Two permissions are defined on the large object class.
+ These are checked only when the
+ large_object_privilege_checks option is enabled.
+
+
+ The one is SELECT.
+ It is required on loread() function.
+ Note that when we open large object with read-only mode, we can see
+ a static image even if other concurrent transaction modified the
+ same large object.
+ This principle is also applied on the access rights of large objects.
+ Even if a transaction modified access rights and commit it, it is
+ not invisible from other transaction which already opened the large
+ object.
+
+
+ The other is UPDATE.
+ It is required on lowrite() function and
+ lo_truncate() function.
+
+
+ In addition, lo_unlink() function,
+ COMMENT ON and ALTER LARGE OBJECT
+ statements needs ownership of the large object to be accessed.
+
+
+ You may wonder why SELECT is not checked on the
+ lo_export() function or UPDATE
+ is not checked on the lo_import function.
+
+ These functions are originally requires database superuser privilege,
+ and it allows to bypass the default database privilege checks, so
+ we don't need to check an obvious test twice.
+
+
diff -Nrpc base/doc/src/sgml/ref/allfiles.sgml blob/doc/src/sgml/ref/allfiles.sgml
*** base/doc/src/sgml/ref/allfiles.sgml Tue Oct 6 08:45:40 2009
--- blob/doc/src/sgml/ref/allfiles.sgml Tue Oct 6 09:44:51 2009
*************** Complete list of usable sgml source file
*** 16,21 ****
--- 16,22 ----
+
diff -Nrpc base/doc/src/sgml/ref/alter_large_object.sgml blob/doc/src/sgml/ref/alter_large_object.sgml
*** base/doc/src/sgml/ref/alter_large_object.sgml Thu Jan 1 09:00:00 1970
--- blob/doc/src/sgml/ref/alter_large_object.sgml Fri Nov 13 11:25:02 2009
***************
*** 0 ****
--- 1,75 ----
+
+
+ ALTER LARGE OBJECT
+ 7
+ SQL - Language Statements
+
+
+
+ ALTER LARGE OBJECT
+ change the definition of a large object
+
+
+
+ ALTER LARGE OBJECT
+
+
+
+
+ ALTER LARGE OBJECT large_object_oid OWNER TO new_owner
+
+
+
+
+ Description
+
+
+ ALTER LARGE OBJECT changes the definition of a
+ large object. The only functionality is to assign a new owner.
+ You must be superuser or owner of the large object to use
+ ALTER LARGE OBJECT.
+
+
+
+
+ Parameters
+
+
+
+ large_object_oid
+
+
+ OID of the large object to be altered
+
+
+
+
+
+ new_owner
+
+
+ The new owner of the large object
+
+
+
+
+
+
+
+ Compatibility
+
+
+ There is no ALTER LARGE OBJECT statement in the SQL
+ standard.
+
+
+
+
+ See Also
+
+
+
+
+
+
+
diff -Nrpc base/doc/src/sgml/ref/grant.sgml blob/doc/src/sgml/ref/grant.sgml
*** base/doc/src/sgml/ref/grant.sgml Tue Oct 13 08:36:15 2009
--- blob/doc/src/sgml/ref/grant.sgml Fri Nov 13 11:25:02 2009
*************** GRANT { USAGE | ALL [ PRIVILEGES ] }
*** 59,64 ****
--- 59,68 ----
ON LANGUAGE lang_name [, ...]
TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]
+ GRANT { { SELECT | UPDATE } [,...] | ALL [ PRIVILEGES ] }
+ ON LARGE OBJECT loid [, ...]
+ TO { [ GROUP ] rolename | PUBLIC } [, ...] [ WITH GRANT OPTION ]
+
GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
ON SCHEMA schema_name [, ...]
TO { [ GROUP ] role_name | PUBLIC } [, ...] [ WITH GRANT OPTION ]
*************** GRANT rol
*** 170,175 ****
--- 174,181 ----
.
For sequences, this privilege also allows the use of the
currval function.
+ For largeo bjects, this privilege also allows to read from
+ the target large object.
*************** GRANT rol
*** 203,208 ****
--- 209,216 ----
SELECT privilege. For sequences, this
privilege allows the use of the nextval and
setval functions.
+ For large objects, this privilege also allows to write or truncate
+ on the target large object.
diff -Nrpc base/doc/src/sgml/ref/revoke.sgml blob/doc/src/sgml/ref/revoke.sgml
*** base/doc/src/sgml/ref/revoke.sgml Tue Oct 13 08:36:15 2009
--- blob/doc/src/sgml/ref/revoke.sgml Tue Oct 13 09:28:23 2009
*************** REVOKE [ GRANT OPTION FOR ]
*** 76,81 ****
--- 76,87 ----
[ CASCADE | RESTRICT ]
REVOKE [ GRANT OPTION FOR ]
+ { { SELECT | UPDATE } [,...] | ALL [ PRIVILEGES ] }
+ ON LARGE OBJECT loid [, ...]
+ FROM { [ GROUP ] rolename | PUBLIC } [, ...]
+ [ CASCADE | RESTRICT ]
+
+ REVOKE [ GRANT OPTION FOR ]
{ { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
ON SCHEMA schema_name [, ...]
FROM { [ GROUP ] role_name | PUBLIC } [, ...]
diff -Nrpc base/doc/src/sgml/reference.sgml blob/doc/src/sgml/reference.sgml
*** base/doc/src/sgml/reference.sgml Tue Oct 6 08:45:40 2009
--- blob/doc/src/sgml/reference.sgml Tue Oct 6 09:44:51 2009
***************
*** 44,49 ****
--- 44,50 ----
&alterGroup;
&alterIndex;
&alterLanguage;
+ &alterLargeObject;
&alterOperator;
&alterOperatorClass;
&alterOperatorFamily;
diff -Nrpc base/src/backend/catalog/Makefile blob/src/backend/catalog/Makefile
*** base/src/backend/catalog/Makefile Tue Oct 13 08:36:15 2009
--- blob/src/backend/catalog/Makefile Tue Oct 13 09:28:23 2009
*************** POSTGRES_BKI_SRCS = $(addprefix $(top_sr
*** 29,37 ****
pg_proc.h pg_type.h pg_attribute.h pg_class.h \
pg_attrdef.h pg_constraint.h pg_inherits.h pg_index.h pg_operator.h \
pg_opfamily.h pg_opclass.h pg_am.h pg_amop.h pg_amproc.h \
! pg_language.h pg_largeobject.h pg_aggregate.h pg_statistic.h \
! pg_rewrite.h pg_trigger.h pg_listener.h pg_description.h pg_cast.h \
! pg_enum.h pg_namespace.h pg_conversion.h pg_depend.h \
pg_database.h pg_db_role_setting.h pg_tablespace.h pg_pltemplate.h \
pg_authid.h pg_auth_members.h pg_shdepend.h pg_shdescription.h \
pg_ts_config.h pg_ts_config_map.h pg_ts_dict.h \
--- 29,37 ----
pg_proc.h pg_type.h pg_attribute.h pg_class.h \
pg_attrdef.h pg_constraint.h pg_inherits.h pg_index.h pg_operator.h \
pg_opfamily.h pg_opclass.h pg_am.h pg_amop.h pg_amproc.h \
! pg_language.h pg_largeobject_metadata.h pg_largeobject.h pg_aggregate.h \
! pg_statistic.h pg_rewrite.h pg_trigger.h pg_listener.h pg_description.h \
! pg_cast.h pg_enum.h pg_namespace.h pg_conversion.h pg_depend.h \
pg_database.h pg_db_role_setting.h pg_tablespace.h pg_pltemplate.h \
pg_authid.h pg_auth_members.h pg_shdepend.h pg_shdescription.h \
pg_ts_config.h pg_ts_config_map.h pg_ts_dict.h \
diff -Nrpc base/src/backend/catalog/aclchk.c blob/src/backend/catalog/aclchk.c
*** base/src/backend/catalog/aclchk.c Tue Oct 13 08:36:15 2009
--- blob/src/backend/catalog/aclchk.c Fri Nov 13 11:25:02 2009
***************
*** 31,36 ****
--- 31,38 ----
#include "catalog/pg_foreign_data_wrapper.h"
#include "catalog/pg_foreign_server.h"
#include "catalog/pg_language.h"
+ #include "catalog/pg_largeobject.h"
+ #include "catalog/pg_largeobject_metadata.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_opclass.h"
#include "catalog/pg_operator.h"
*************** static void ExecGrant_Fdw(InternalGrant
*** 103,108 ****
--- 105,111 ----
static void ExecGrant_ForeignServer(InternalGrant *grantStmt);
static void ExecGrant_Function(InternalGrant *grantStmt);
static void ExecGrant_Language(InternalGrant *grantStmt);
+ static void ExecGrant_Largeobject(InternalGrant *grantStmt);
static void ExecGrant_Namespace(InternalGrant *grantStmt);
static void ExecGrant_Tablespace(InternalGrant *grantStmt);
*************** restrict_and_check_grant(bool is_grant,
*** 251,256 ****
--- 254,262 ----
case ACL_KIND_LANGUAGE:
whole_mask = ACL_ALL_RIGHTS_LANGUAGE;
break;
+ case ACL_KIND_LARGEOBJECT:
+ whole_mask = ACL_ALL_RIGHTS_LARGEOBJECT;
+ break;
case ACL_KIND_NAMESPACE:
whole_mask = ACL_ALL_RIGHTS_NAMESPACE;
break;
*************** ExecuteGrantStmt(GrantStmt *stmt)
*** 410,415 ****
--- 416,425 ----
all_privileges = ACL_ALL_RIGHTS_LANGUAGE;
errormsg = gettext_noop("invalid privilege type %s for language");
break;
+ case ACL_OBJECT_LARGEOBJECT:
+ all_privileges = ACL_ALL_RIGHTS_LARGEOBJECT;
+ errormsg = gettext_noop("invalid privilege type %s for large object");
+ break;
case ACL_OBJECT_NAMESPACE:
all_privileges = ACL_ALL_RIGHTS_NAMESPACE;
errormsg = gettext_noop("invalid privilege type %s for schema");
*************** ExecGrantStmt_oids(InternalGrant *istmt)
*** 513,518 ****
--- 523,531 ----
case ACL_OBJECT_LANGUAGE:
ExecGrant_Language(istmt);
break;
+ case ACL_OBJECT_LARGEOBJECT:
+ ExecGrant_Largeobject(istmt);
+ break;
case ACL_OBJECT_NAMESPACE:
ExecGrant_Namespace(istmt);
break;
*************** objectNamesToOids(GrantObjectType objtyp
*** 597,602 ****
--- 610,629 ----
ReleaseSysCache(tuple);
}
break;
+ case ACL_OBJECT_LARGEOBJECT:
+ foreach(cell, objnames)
+ {
+ Oid lobjOid = intVal(lfirst(cell));
+
+ if (!LargeObjectExists(lobjOid))
+ ereport(ERROR,
+ (errcode(ERRCODE_UNDEFINED_OBJECT),
+ errmsg("large object %u does not exist",
+ lobjOid)));
+
+ objects = lappend_oid(objects, lobjOid);
+ }
+ break;
case ACL_OBJECT_NAMESPACE:
foreach(cell, objnames)
{
*************** RemoveRoleFromObjectACL(Oid roleid, Oid
*** 1279,1284 ****
--- 1306,1314 ----
case LanguageRelationId:
istmt.objtype = ACL_OBJECT_LANGUAGE;
break;
+ case LargeObjectRelationId:
+ istmt.objtype = ACL_OBJECT_LARGEOBJECT;
+ break;
case NamespaceRelationId:
istmt.objtype = ACL_OBJECT_NAMESPACE;
break;
*************** ExecGrant_Language(InternalGrant *istmt)
*** 2473,2478 ****
--- 2503,2640 ----
}
static void
+ ExecGrant_Largeobject(InternalGrant *istmt)
+ {
+ Relation relation;
+ ListCell *cell;
+
+ if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
+ istmt->privileges = ACL_ALL_RIGHTS_LARGEOBJECT;
+
+ relation = heap_open(LargeObjectMetadataRelationId,
+ RowExclusiveLock);
+
+ foreach(cell, istmt->objects)
+ {
+ Oid loid = lfirst_oid(cell);
+ Form_pg_largeobject_metadata form_lo_meta;
+ char loname[NAMEDATALEN];
+ Datum aclDatum;
+ bool isNull;
+ AclMode avail_goptions;
+ AclMode this_privileges;
+ Acl *old_acl;
+ Acl *new_acl;
+ Oid grantorId;
+ Oid ownerId;
+ HeapTuple newtuple;
+ Datum values[Natts_pg_largeobject_metadata];
+ bool nulls[Natts_pg_largeobject_metadata];
+ bool replaces[Natts_pg_largeobject_metadata];
+ int noldmembers;
+ int nnewmembers;
+ Oid *oldmembers;
+ Oid *newmembers;
+ ScanKeyData entry[1];
+ SysScanDesc scan;
+ HeapTuple tuple;
+
+ /* There's no syscache for pg_largeobject_metadata */
+ ScanKeyInit(&entry[0],
+ ObjectIdAttributeNumber,
+ BTEqualStrategyNumber, F_OIDEQ,
+ ObjectIdGetDatum(loid));
+
+ scan = systable_beginscan(relation,
+ LargeObjectMetadataOidIndexId, true,
+ SnapshotNow, 1, entry);
+
+ tuple = systable_getnext(scan);
+ if (!HeapTupleIsValid(tuple))
+ elog(ERROR, "cache lookup failed for large object %u", loid);
+
+ form_lo_meta = (Form_pg_largeobject_metadata) GETSTRUCT(tuple);
+
+ /*
+ * Get owner ID and working copy of existing ACL. If there's no ACL,
+ * substitute the proper default.
+ */
+ ownerId = form_lo_meta->lomowner;
+ aclDatum = heap_getattr(tuple,
+ Anum_pg_largeobject_metadata_lomacl,
+ RelationGetDescr(relation), &isNull);
+ if (isNull)
+ old_acl = acldefault(ACL_OBJECT_LARGEOBJECT, ownerId);
+ else
+ old_acl = DatumGetAclPCopy(aclDatum);
+
+ /* Determine ID to do the grant as, and available grant options */
+ select_best_grantor(GetUserId(), istmt->privileges,
+ old_acl, ownerId,
+ &grantorId, &avail_goptions);
+
+ /*
+ * Restrict the privileges to what we can actually grant, and emit the
+ * standards-mandated warning and error messages.
+ */
+ snprintf(loname, sizeof(loname), "large object %u", loid);
+ this_privileges =
+ restrict_and_check_grant(istmt->is_grant, avail_goptions,
+ istmt->all_privs, istmt->privileges,
+ loid, grantorId, ACL_KIND_LARGEOBJECT,
+ loname, 0, NULL);
+
+ /*
+ * Generate new ACL.
+ *
+ * We need the members of both old and new ACLs so we can correct the
+ * shared dependency information.
+ */
+ noldmembers = aclmembers(old_acl, &oldmembers);
+
+ new_acl = merge_acl_with_grant(old_acl, istmt->is_grant,
+ istmt->grant_option, istmt->behavior,
+ istmt->grantees, this_privileges,
+ grantorId, ownerId);
+
+ nnewmembers = aclmembers(new_acl, &newmembers);
+
+ /* finished building new ACL value, now insert it */
+ MemSet(values, 0, sizeof(values));
+ MemSet(nulls, false, sizeof(nulls));
+ MemSet(replaces, false, sizeof(replaces));
+
+ replaces[Anum_pg_largeobject_metadata_lomacl - 1] = true;
+ values[Anum_pg_largeobject_metadata_lomacl - 1]
+ = PointerGetDatum(new_acl);
+
+ newtuple = heap_modify_tuple(tuple, RelationGetDescr(relation),
+ values, nulls, replaces);
+
+ simple_heap_update(relation, &newtuple->t_self, newtuple);
+
+ /* keep the catalog indexes up to date */
+ CatalogUpdateIndexes(relation, newtuple);
+
+ /* Update the shared dependency ACL info */
+ updateAclDependencies(LargeObjectRelationId,
+ HeapTupleGetOid(tuple), 0,
+ ownerId, istmt->is_grant,
+ noldmembers, oldmembers,
+ nnewmembers, newmembers);
+
+ systable_endscan(scan);
+
+ pfree(new_acl);
+
+ /* prevent error when processing duplicate objects */
+ CommandCounterIncrement();
+ }
+
+ heap_close(relation, RowExclusiveLock);
+ }
+
+ static void
ExecGrant_Namespace(InternalGrant *istmt)
{
Relation relation;
*************** static const char *const no_priv_msg[MAX
*** 2812,2817 ****
--- 2974,2981 ----
gettext_noop("permission denied for type %s"),
/* ACL_KIND_LANGUAGE */
gettext_noop("permission denied for language %s"),
+ /* ACL_KIND_LARGEOBJECT */
+ gettext_noop("permission denied for large object %s"),
/* ACL_KIND_NAMESPACE */
gettext_noop("permission denied for schema %s"),
/* ACL_KIND_OPCLASS */
*************** static const char *const not_owner_msg[M
*** 2850,2855 ****
--- 3014,3021 ----
gettext_noop("must be owner of type %s"),
/* ACL_KIND_LANGUAGE */
gettext_noop("must be owner of language %s"),
+ /* ACL_KIND_LARGEOBJECT */
+ gettext_noop("must be owner of large object %s"),
/* ACL_KIND_NAMESPACE */
gettext_noop("must be owner of schema %s"),
/* ACL_KIND_OPCLASS */
*************** pg_aclmask(AclObjectKind objkind, Oid ta
*** 2969,2974 ****
--- 3135,3142 ----
return pg_proc_aclmask(table_oid, roleid, mask, how);
case ACL_KIND_LANGUAGE:
return pg_language_aclmask(table_oid, roleid, mask, how);
+ case ACL_KIND_LARGEOBJECT:
+ return pg_largeobject_aclmask(table_oid, roleid, mask, how);
case ACL_KIND_NAMESPACE:
return pg_namespace_aclmask(table_oid, roleid, mask, how);
case ACL_KIND_TABLESPACE:
*************** pg_language_aclmask(Oid lang_oid, Oid ro
*** 3352,3357 ****
--- 3520,3621 ----
}
/*
+ * Exported routine for examining a user's privileges for a largeobject
+ *
+ * The reason why this interface has an argument of snapshot is that
+ * we apply a snapshot available on lo_open(), not SnapshotNow, when
+ * it is opened as read-only mode.
+ * If we could see the metadata and data from inconsistent viewpoint,
+ * it will give us much confusion. So, we need to provide an interface
+ * which takes an argument of snapshot.
+ *
+ * If the caller refers a large object with a certain snapshot except
+ * for SnapshotNow, its permission checks should be also applied in
+ * the same snapshot.
+ */
+ AclMode
+ pg_largeobject_aclmask_snapshot(Oid lobj_oid, Oid roleid,
+ AclMode mask, AclMaskHow how, Snapshot snapshot)
+ {
+ AclMode result;
+ Relation pg_lo_meta;
+ ScanKeyData entry[1];
+ SysScanDesc scan;
+ HeapTuple tuple;
+ Datum aclDatum;
+ bool isNull;
+ Acl *acl;
+ Oid ownerId;
+
+ /* Superusers bypass all permission checking. */
+ if (superuser_arg(roleid))
+ return mask;
+
+ /*
+ * Get the largeobject's ACL from pg_language_metadata
+ */
+ pg_lo_meta = heap_open(LargeObjectMetadataRelationId,
+ AccessShareLock);
+
+ ScanKeyInit(&entry[0],
+ ObjectIdAttributeNumber,
+ BTEqualStrategyNumber, F_OIDEQ,
+ ObjectIdGetDatum(lobj_oid));
+
+ scan = systable_beginscan(pg_lo_meta,
+ LargeObjectMetadataOidIndexId, true,
+ snapshot, 1, entry);
+
+ tuple = systable_getnext(scan);
+ if (!HeapTupleIsValid(tuple))
+ ereport(ERROR,
+ (errcode(ERRCODE_UNDEFINED_OBJECT),
+ errmsg("large object %u does not exist", lobj_oid)));
+
+ ownerId = ((Form_pg_largeobject_metadata) GETSTRUCT(tuple))->lomowner;
+
+ aclDatum = heap_getattr(tuple, Anum_pg_largeobject_metadata_lomacl,
+ RelationGetDescr(pg_lo_meta), &isNull);
+
+ if (isNull)
+ {
+ /* No ACL, so build default ACL */
+ acl = acldefault(ACL_OBJECT_LARGEOBJECT, ownerId);
+ aclDatum = (Datum) 0;
+ }
+ else
+ {
+ /* detoast ACL if necessary */
+ acl = DatumGetAclP(aclDatum);
+ }
+
+ result = aclmask(acl, roleid, ownerId, mask, how);
+
+ /* if we have a detoasted copy, free it */
+ if (acl && (Pointer) acl != DatumGetPointer(aclDatum))
+ pfree(acl);
+
+ systable_endscan(scan);
+
+ heap_close(pg_lo_meta, AccessShareLock);
+
+ return result;
+ }
+
+ /*
+ * See the comment in pg_largeobject_aclmask_snapshot().
+ * It is a different version of the routine which implicitly assumes
+ * SnapshotNow to reference the metadata.
+ */
+ AclMode
+ pg_largeobject_aclmask(Oid lobj_oid, Oid roleid,
+ AclMode mask, AclMaskHow how)
+ {
+ return pg_largeobject_aclmask_snapshot(lobj_oid, roleid,
+ mask, how, SnapshotNow);
+ }
+
+ /*
* Exported routine for examining a user's privileges for a namespace
*/
AclMode
*************** pg_language_aclcheck(Oid lang_oid, Oid r
*** 3802,3807 ****
--- 4066,4092 ----
}
/*
+ * Exported routine for checking a user's access privileges to a largeobject
+ */
+ AclResult
+ pg_largeobject_aclcheck_snapshot(Oid lobj_oid, Oid roleid, AclMode mode,
+ Snapshot snapshot)
+ {
+ if (pg_largeobject_aclmask_snapshot(lobj_oid, roleid, mode,
+ ACLMASK_ANY, snapshot) != 0)
+ return ACLCHECK_OK;
+ else
+ return ACLCHECK_NO_PRIV;
+ }
+
+ AclResult
+ pg_largeobject_aclcheck(Oid lobj_oid, Oid roleid, AclMode mode)
+ {
+ return pg_largeobject_aclcheck_snapshot(lobj_oid, roleid, mode,
+ SnapshotNow);
+ }
+
+ /*
* Exported routine for checking a user's access privileges to a namespace
*/
AclResult
*************** pg_language_ownercheck(Oid lan_oid, Oid
*** 3992,3997 ****
--- 4277,4329 ----
}
/*
+ * Ownership check for a largeobject (specified by OID)
+ *
+ * Note that we have no candidate to call this routine with a certain
+ * snapshot except for SnapshotNow, so we don't provide an interface
+ * with _snapshot() version now.
+ */
+ bool
+ pg_largeobject_ownercheck(Oid lobj_oid, Oid roleid)
+ {
+ Relation pg_lo_meta;
+ ScanKeyData entry[1];
+ SysScanDesc scan;
+ HeapTuple tuple;
+ Oid ownerId;
+
+ /* Superusers bypass all permission checking. */
+ if (superuser_arg(roleid))
+ return true;
+
+ /* There's no syscache for pg_largeobject_metadata */
+ pg_lo_meta = heap_open(LargeObjectMetadataRelationId,
+ AccessShareLock);
+
+ ScanKeyInit(&entry[0],
+ ObjectIdAttributeNumber,
+ BTEqualStrategyNumber, F_OIDEQ,
+ ObjectIdGetDatum(lobj_oid));
+
+ scan = systable_beginscan(pg_lo_meta,
+ LargeObjectMetadataOidIndexId, true,
+ SnapshotNow, 1, entry);
+
+ tuple = systable_getnext(scan);
+ if (!HeapTupleIsValid(tuple))
+ ereport(ERROR,
+ (errcode(ERRCODE_UNDEFINED_FUNCTION),
+ errmsg("large object %u does not exist", lobj_oid)));
+
+ ownerId = ((Form_pg_largeobject_metadata) GETSTRUCT(tuple))->lomowner;
+
+ systable_endscan(scan);
+ heap_close(pg_lo_meta, AccessShareLock);
+
+ return has_privs_of_role(roleid, ownerId);
+ }
+
+ /*
* Ownership check for a namespace (specified by OID).
*/
bool
diff -Nrpc base/src/backend/catalog/dependency.c blob/src/backend/catalog/dependency.c
*** base/src/backend/catalog/dependency.c Tue Oct 6 08:45:40 2009
--- blob/src/backend/catalog/dependency.c Wed Oct 14 16:09:23 2009
***************
*** 37,42 ****
--- 37,43 ----
#include "catalog/pg_foreign_data_wrapper.h"
#include "catalog/pg_foreign_server.h"
#include "catalog/pg_language.h"
+ #include "catalog/pg_largeobject.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_opclass.h"
#include "catalog/pg_operator.h"
*************** static const Oid object_classes[MAX_OCLA
*** 131,136 ****
--- 132,138 ----
ConversionRelationId, /* OCLASS_CONVERSION */
AttrDefaultRelationId, /* OCLASS_DEFAULT */
LanguageRelationId, /* OCLASS_LANGUAGE */
+ LargeObjectRelationId, /* OCLASS_LARGEOBJECT */
OperatorRelationId, /* OCLASS_OPERATOR */
OperatorClassRelationId, /* OCLASS_OPCLASS */
OperatorFamilyRelationId, /* OCLASS_OPFAMILY */
*************** doDeletion(const ObjectAddress *object)
*** 1074,1079 ****
--- 1076,1085 ----
DropProceduralLanguageById(object->objectId);
break;
+ case OCLASS_LARGEOBJECT:
+ LargeObjectDrop(object->objectId);
+ break;
+
case OCLASS_OPERATOR:
RemoveOperatorById(object->objectId);
break;
*************** getObjectClass(const ObjectAddress *obje
*** 1991,1996 ****
--- 1997,2006 ----
Assert(object->objectSubId == 0);
return OCLASS_LANGUAGE;
+ case LargeObjectRelationId:
+ Assert(object->objectSubId == 0);
+ return OCLASS_LARGEOBJECT;
+
case OperatorRelationId:
Assert(object->objectSubId == 0);
return OCLASS_OPERATOR;
*************** getObjectDescription(const ObjectAddress
*** 2243,2248 ****
--- 2253,2262 ----
ReleaseSysCache(langTup);
break;
}
+ case OCLASS_LARGEOBJECT:
+ appendStringInfo(&buffer, _("large object %u"),
+ object->objectId);
+ break;
case OCLASS_OPERATOR:
appendStringInfo(&buffer, _("operator %s"),
diff -Nrpc base/src/backend/catalog/pg_largeobject.c blob/src/backend/catalog/pg_largeobject.c
*** base/src/backend/catalog/pg_largeobject.c Thu Aug 20 22:07:11 2009
--- blob/src/backend/catalog/pg_largeobject.c Fri Nov 13 13:03:07 2009
***************
*** 16,23 ****
--- 16,31 ----
#include "access/genam.h"
#include "access/heapam.h"
+ #include "access/sysattr.h"
+ #include "catalog/catalog.h"
+ #include "catalog/dependency.h"
#include "catalog/indexing.h"
+ #include "catalog/pg_authid.h"
#include "catalog/pg_largeobject.h"
+ #include "catalog/pg_largeobject_metadata.h"
+ #include "catalog/toasting.h"
+ #include "miscadmin.h"
+ #include "utils/acl.h"
#include "utils/bytea.h"
#include "utils/fmgroids.h"
#include "utils/rel.h"
***************
*** 27,139 ****
/*
* Create a large object having the given LO identifier.
*
! * We do this by inserting an empty first page, so that the object will
! * appear to exist with size 0. Note that the unique index will reject
! * an attempt to create a duplicate page.
*/
! void
LargeObjectCreate(Oid loid)
{
! Relation pg_largeobject;
HeapTuple ntup;
! Datum values[Natts_pg_largeobject];
! bool nulls[Natts_pg_largeobject];
! int i;
! pg_largeobject = heap_open(LargeObjectRelationId, RowExclusiveLock);
/*
! * Form new tuple
*/
! for (i = 0; i < Natts_pg_largeobject; i++)
! {
! values[i] = (Datum) NULL;
! nulls[i] = false;
! }
! i = 0;
! values[i++] = ObjectIdGetDatum(loid);
! values[i++] = Int32GetDatum(0);
! values[i++] = DirectFunctionCall1(byteain,
! CStringGetDatum(""));
! ntup = heap_form_tuple(pg_largeobject->rd_att, values, nulls);
! /*
! * Insert it
! */
! simple_heap_insert(pg_largeobject, ntup);
! /* Update indexes */
! CatalogUpdateIndexes(pg_largeobject, ntup);
! heap_close(pg_largeobject, RowExclusiveLock);
! heap_freetuple(ntup);
}
void
LargeObjectDrop(Oid loid)
{
! bool found = false;
Relation pg_largeobject;
ScanKeyData skey[1];
! SysScanDesc sd;
HeapTuple tuple;
ScanKeyInit(&skey[0],
! Anum_pg_largeobject_loid,
BTEqualStrategyNumber, F_OIDEQ,
! ObjectIdGetDatum(loid));
! pg_largeobject = heap_open(LargeObjectRelationId, RowExclusiveLock);
! sd = systable_beginscan(pg_largeobject, LargeObjectLOidPNIndexId, true,
! SnapshotNow, 1, skey);
! while ((tuple = systable_getnext(sd)) != NULL)
{
simple_heap_delete(pg_largeobject, &tuple->t_self);
- found = true;
}
! systable_endscan(sd);
heap_close(pg_largeobject, RowExclusiveLock);
! if (!found)
ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("large object %u does not exist", loid)));
}
bool
LargeObjectExists(Oid loid)
{
bool retval = false;
- Relation pg_largeobject;
- ScanKeyData skey[1];
- SysScanDesc sd;
- /*
- * See if we can find any tuples belonging to the specified LO
- */
ScanKeyInit(&skey[0],
! Anum_pg_largeobject_loid,
BTEqualStrategyNumber, F_OIDEQ,
ObjectIdGetDatum(loid));
! pg_largeobject = heap_open(LargeObjectRelationId, AccessShareLock);
! sd = systable_beginscan(pg_largeobject, LargeObjectLOidPNIndexId, true,
SnapshotNow, 1, skey);
! if (systable_getnext(sd) != NULL)
retval = true;
systable_endscan(sd);
! heap_close(pg_largeobject, AccessShareLock);
return retval;
}
--- 35,291 ----
/*
* Create a large object having the given LO identifier.
*
! * We create a new large object by inserting an entry into
! * pg_largeobject_metadata without any data pages, so that the object
! * will appear to exist with size 0.
*/
! Oid
LargeObjectCreate(Oid loid)
{
! Relation pg_lo_meta;
HeapTuple ntup;
! Oid loid_new;
! Datum values[Natts_pg_largeobject_metadata];
! bool nulls[Natts_pg_largeobject_metadata];
! pg_lo_meta = heap_open(LargeObjectMetadataRelationId,
! RowExclusiveLock);
/*
! * Insert metadata of the largeobject
*/
! memset(values, 0, sizeof(values));
! memset(nulls, false, sizeof(nulls));
! values[Anum_pg_largeobject_metadata_lomowner - 1]
! = ObjectIdGetDatum(GetUserId());
! nulls[Anum_pg_largeobject_metadata_lomacl - 1] = true;
!
! ntup = heap_form_tuple(RelationGetDescr(pg_lo_meta),
! values, nulls);
! if (OidIsValid(loid))
! HeapTupleSetOid(ntup, loid);
! loid_new = simple_heap_insert(pg_lo_meta, ntup);
! Assert(!OidIsValid(loid) || loid == loid_new);
! CatalogUpdateIndexes(pg_lo_meta, ntup);
! heap_freetuple(ntup);
! heap_close(pg_lo_meta, RowExclusiveLock);
! return loid_new;
}
+ /*
+ * Drop a large object having the given LO identifier.
+ *
+ * When we drop a large object, it is necessary to drop both of metadata
+ * and data pages in same time.
+ */
void
LargeObjectDrop(Oid loid)
{
! Relation pg_lo_meta;
Relation pg_largeobject;
ScanKeyData skey[1];
! SysScanDesc scan;
HeapTuple tuple;
+ pg_lo_meta = heap_open(LargeObjectMetadataRelationId,
+ RowExclusiveLock);
+
+ pg_largeobject = heap_open(LargeObjectRelationId,
+ RowExclusiveLock);
+
+ /*
+ * Delete an entry from pg_largeobject_metadata
+ */
ScanKeyInit(&skey[0],
! ObjectIdAttributeNumber,
BTEqualStrategyNumber, F_OIDEQ,
! ObjectIdGetDatum(loid));
! scan = systable_beginscan(pg_lo_meta,
! LargeObjectMetadataOidIndexId, true,
! SnapshotNow, 1, skey);
! tuple = systable_getnext(scan);
! if (!HeapTupleIsValid(tuple))
! ereport(ERROR,
! (errcode(ERRCODE_UNDEFINED_OBJECT),
! errmsg("large object %u does not exist", loid)));
!
! simple_heap_delete(pg_lo_meta, &tuple->t_self);
!
! systable_endscan(scan);
!
! /*
! * Delete all the associated entries from pg_largeobject
! */
! ScanKeyInit(&skey[0],
! Anum_pg_largeobject_loid,
! BTEqualStrategyNumber, F_OIDEQ,
! ObjectIdGetDatum(loid));
! scan = systable_beginscan(pg_largeobject,
! LargeObjectLOidPNIndexId, true,
! SnapshotNow, 1, skey);
! while (HeapTupleIsValid(tuple = systable_getnext(scan)))
{
simple_heap_delete(pg_largeobject, &tuple->t_self);
}
! systable_endscan(scan);
heap_close(pg_largeobject, RowExclusiveLock);
! heap_close(pg_lo_meta, RowExclusiveLock);
! }
!
! /*
! * LargeObjectAlterOwner
! *
! * Implementation of ALTER LARGE OBJECT statement
! */
! void
! LargeObjectAlterOwner(Oid loid, Oid newOwnerId)
! {
! Form_pg_largeobject_metadata form_lo_meta;
! Relation pg_lo_meta;
! ScanKeyData skey[1];
! SysScanDesc scan;
! HeapTuple oldtup;
! HeapTuple newtup;
!
! pg_lo_meta = heap_open(LargeObjectMetadataRelationId,
! RowExclusiveLock);
!
! ScanKeyInit(&skey[0],
! ObjectIdAttributeNumber,
! BTEqualStrategyNumber, F_OIDEQ,
! ObjectIdGetDatum(loid));
!
! scan = systable_beginscan(pg_lo_meta,
! LargeObjectMetadataOidIndexId, true,
! SnapshotNow, 1, skey);
!
! oldtup = systable_getnext(scan);
! if (!HeapTupleIsValid(oldtup))
ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("large object %u does not exist", loid)));
+
+ form_lo_meta = (Form_pg_largeobject_metadata) GETSTRUCT(oldtup);
+ if (form_lo_meta->lomowner != newOwnerId)
+ {
+ Datum values[Natts_pg_largeobject_metadata];
+ bool nulls[Natts_pg_largeobject_metadata];
+ bool replaces[Natts_pg_largeobject_metadata];
+ Acl *newAcl;
+ Datum aclDatum;
+ bool isnull;
+
+ /* Superusers can always do it */
+ if (!superuser())
+ {
+ /*
+ * large_object_privilege_checks is not refered here,
+ * because it is a compatibility option, but we don't
+ * have ALTER LARGE OBJECT prior to the v8.5.0.
+ */
+
+ /* Otherwise, must be owner of the existing object */
+ if (!pg_largeobject_ownercheck(loid, GetUserId()))
+ ereport(ERROR,
+ (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ errmsg("must be owner of large object %u", loid)));
+
+ /* Must be able to become new owner */
+ check_is_member_of_role(GetUserId(), newOwnerId);
+ }
+
+ memset(values, 0, sizeof(values));
+ memset(nulls, false, sizeof(nulls));
+ memset(replaces, false, sizeof(nulls));
+
+ values[Anum_pg_largeobject_metadata_lomowner - 1]
+ = ObjectIdGetDatum(newOwnerId);
+ replaces[Anum_pg_largeobject_metadata_lomowner - 1] = true;
+
+ /*
+ * Determine the modified ACL for the new owner.
+ * This is only necessary when the ACL is non-null.
+ */
+ aclDatum = heap_getattr(oldtup,
+ Anum_pg_largeobject_metadata_lomacl,
+ RelationGetDescr(pg_lo_meta), &isnull);
+ if (!isnull)
+ {
+ newAcl = aclnewowner(DatumGetAclP(aclDatum),
+ form_lo_meta->lomowner, newOwnerId);
+ values[Anum_pg_largeobject_metadata_lomacl - 1]
+ = PointerGetDatum(newAcl);
+ replaces[Anum_pg_largeobject_metadata_lomacl - 1] = true;
+ }
+
+ newtup = heap_modify_tuple(oldtup, RelationGetDescr(pg_lo_meta),
+ values, nulls, replaces);
+
+ simple_heap_update(pg_lo_meta, &newtup->t_self, newtup);
+ CatalogUpdateIndexes(pg_lo_meta, newtup);
+
+ heap_freetuple(newtup);
+
+ /* Update owner dependency reference */
+ changeDependencyOnOwner(LargeObjectRelationId,
+ loid, newOwnerId);
+ }
+ systable_endscan(scan);
+
+ heap_close(pg_lo_meta, RowExclusiveLock);
}
+ /*
+ * LargeObjectExists
+ *
+ * Currently, we don't use system cache to contain metadata of
+ * large objects, because massive number of large objects can
+ * consume not a small amount of process local memory.
+ *
+ * Note that LargeObjectExists always scans the system catalog
+ * with SnapshotNow, so it is unavailable to use to check
+ * existence in read-only accesses.
+ */
bool
LargeObjectExists(Oid loid)
{
+ Relation pg_lo_meta;
+ ScanKeyData skey[1];
+ SysScanDesc sd;
+ HeapTuple tuple;
bool retval = false;
ScanKeyInit(&skey[0],
! ObjectIdAttributeNumber,
BTEqualStrategyNumber, F_OIDEQ,
ObjectIdGetDatum(loid));
! pg_lo_meta = heap_open(LargeObjectMetadataRelationId,
! AccessShareLock);
! sd = systable_beginscan(pg_lo_meta,
! LargeObjectMetadataOidIndexId, true,
SnapshotNow, 1, skey);
! tuple = systable_getnext(sd);
! if (HeapTupleIsValid(tuple))
retval = true;
systable_endscan(sd);
! heap_close(pg_lo_meta, AccessShareLock);
return retval;
}
diff -Nrpc base/src/backend/catalog/pg_shdepend.c blob/src/backend/catalog/pg_shdepend.c
*** base/src/backend/catalog/pg_shdepend.c Tue Oct 13 08:36:15 2009
--- blob/src/backend/catalog/pg_shdepend.c Wed Oct 14 16:09:23 2009
***************
*** 25,30 ****
--- 25,31 ----
#include "catalog/pg_database.h"
#include "catalog/pg_default_acl.h"
#include "catalog/pg_language.h"
+ #include "catalog/pg_largeobject.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_operator.h"
#include "catalog/pg_proc.h"
*************** shdepReassignOwned(List *roleids, Oid ne
*** 1347,1352 ****
--- 1348,1357 ----
AlterLanguageOwner_oid(sdepForm->objid, newrole);
break;
+ case LargeObjectRelationId:
+ LargeObjectAlterOwner(sdepForm->objid, newrole);
+ break;
+
case DefaultAclRelationId:
/*
* Ignore default ACLs; they should be handled by
diff -Nrpc base/src/backend/commands/alter.c blob/src/backend/commands/alter.c
*** base/src/backend/commands/alter.c Sat Jan 3 13:01:35 2009
--- blob/src/backend/commands/alter.c Wed Oct 14 16:09:23 2009
***************
*** 15,20 ****
--- 15,21 ----
#include "postgres.h"
#include "catalog/namespace.h"
+ #include "catalog/pg_largeobject.h"
#include "commands/alter.h"
#include "commands/conversioncmds.h"
#include "commands/dbcommands.h"
*************** ExecAlterOwnerStmt(AlterOwnerStmt *stmt)
*** 233,238 ****
--- 234,243 ----
AlterLanguageOwner(strVal(linitial(stmt->object)), newowner);
break;
+ case OBJECT_LARGEOBJECT:
+ LargeObjectAlterOwner(intVal(linitial(stmt->object)), newowner);
+ break;
+
case OBJECT_OPERATOR:
Assert(list_length(stmt->objarg) == 2);
AlterOperatorOwner(stmt->object,
diff -Nrpc base/src/backend/commands/comment.c blob/src/backend/commands/comment.c
*** base/src/backend/commands/comment.c Tue Oct 13 08:36:15 2009
--- blob/src/backend/commands/comment.c Wed Oct 14 16:09:23 2009
***************
*** 25,30 ****
--- 25,31 ----
#include "catalog/pg_description.h"
#include "catalog/pg_language.h"
#include "catalog/pg_largeobject.h"
+ #include "catalog/pg_largeobject_metadata.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_opclass.h"
#include "catalog/pg_operator.h"
***************
*** 42,47 ****
--- 43,49 ----
#include "commands/comment.h"
#include "commands/dbcommands.h"
#include "commands/tablespace.h"
+ #include "libpq/be-fsstubs.h"
#include "miscadmin.h"
#include "nodes/makefuncs.h"
#include "parser/parse_func.h"
*************** CommentLargeObject(List *qualname, char
*** 1435,1441 ****
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("large object %u does not exist", loid)));
! /* Call CreateComments() to create/drop the comments */
CreateComments(loid, LargeObjectRelationId, 0, comment);
}
--- 1437,1456 ----
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("large object %u does not exist", loid)));
! /* Permission checks */
! if (large_object_privilege_checks &&
! !pg_largeobject_ownercheck(loid, GetUserId()))
! ereport(ERROR,
! (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
! errmsg("must be owner of large object %u", loid)));
!
! /*
! * Call CreateComments() to create/drop the comments
! *
! * See the comment in the inv_create() which describes
! * the reason why LargeObjectRelationId is used instead
! * of the LargeObjectMetadataRelationId.
! */
CreateComments(loid, LargeObjectRelationId, 0, comment);
}
diff -Nrpc base/src/backend/commands/tablecmds.c blob/src/backend/commands/tablecmds.c
*** base/src/backend/commands/tablecmds.c Mon Nov 9 18:42:41 2009
--- blob/src/backend/commands/tablecmds.c Mon Nov 9 19:13:09 2009
*************** ATExecAlterColumnType(AlteredTableInfo *
*** 6171,6176 ****
--- 6171,6177 ----
case OCLASS_CAST:
case OCLASS_CONVERSION:
case OCLASS_LANGUAGE:
+ case OCLASS_LARGEOBJECT:
case OCLASS_OPERATOR:
case OCLASS_OPCLASS:
case OCLASS_OPFAMILY:
diff -Nrpc base/src/backend/libpq/be-fsstubs.c blob/src/backend/libpq/be-fsstubs.c
*** base/src/backend/libpq/be-fsstubs.c Thu Jun 18 10:20:52 2009
--- blob/src/backend/libpq/be-fsstubs.c Fri Nov 13 11:57:50 2009
***************
*** 42,55 ****
--- 42,61 ----
#include
#include
+ #include "catalog/pg_largeobject_metadata.h"
#include "libpq/be-fsstubs.h"
#include "libpq/libpq-fs.h"
#include "miscadmin.h"
#include "storage/fd.h"
#include "storage/large_object.h"
+ #include "utils/acl.h"
#include "utils/builtins.h"
#include "utils/memutils.h"
+ /*
+ * compatibility flag for permission checks
+ */
+ bool large_object_privilege_checks;
/*#define FSDB 1*/
#define BUFSIZE 8192
*************** lo_read(int fd, char *buf, int len)
*** 156,161 ****
--- 162,178 ----
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("invalid large-object descriptor: %d", fd)));
+ /* Permission checks */
+ if (large_object_privilege_checks &&
+ pg_largeobject_aclcheck_snapshot(cookies[fd]->id,
+ GetUserId(),
+ ACL_SELECT,
+ cookies[fd]->snapshot) != ACLCHECK_OK)
+ ereport(ERROR,
+ (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ errmsg("permission denied for large object %u",
+ cookies[fd]->id)));
+
status = inv_read(cookies[fd], buf, len);
return status;
*************** lo_write(int fd, const char *buf, int le
*** 177,182 ****
--- 194,210 ----
errmsg("large object descriptor %d was not opened for writing",
fd)));
+ /* Permission checks */
+ if (large_object_privilege_checks &&
+ pg_largeobject_aclcheck_snapshot(cookies[fd]->id,
+ GetUserId(),
+ ACL_UPDATE,
+ cookies[fd]->snapshot) != ACLCHECK_OK)
+ ereport(ERROR,
+ (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ errmsg("permission denied for large object %u",
+ cookies[fd]->id)));
+
status = inv_write(cookies[fd], buf, len);
return status;
*************** lo_unlink(PG_FUNCTION_ARGS)
*** 251,256 ****
--- 279,291 ----
{
Oid lobjId = PG_GETARG_OID(0);
+ /* Must be owner of the largeobject */
+ if (large_object_privilege_checks &&
+ !pg_largeobject_ownercheck(lobjId, GetUserId()))
+ ereport(ERROR,
+ (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ errmsg("must be owner of large object %u", lobjId)));
+
/*
* If there are any open LO FDs referencing that ID, close 'em.
*/
*************** lo_truncate(PG_FUNCTION_ARGS)
*** 482,487 ****
--- 517,533 ----
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("invalid large-object descriptor: %d", fd)));
+ /* Permission checks */
+ if (large_object_privilege_checks &&
+ pg_largeobject_aclcheck_snapshot(cookies[fd]->id,
+ GetUserId(),
+ ACL_UPDATE,
+ cookies[fd]->snapshot) != ACLCHECK_OK)
+ ereport(ERROR,
+ (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ errmsg("permission denied for large object %u",
+ cookies[fd]->id)));
+
inv_truncate(cookies[fd], len);
PG_RETURN_INT32(0);
diff -Nrpc base/src/backend/parser/gram.y blob/src/backend/parser/gram.y
*** base/src/backend/parser/gram.y Thu Nov 12 23:28:17 2009
--- blob/src/backend/parser/gram.y Thu Nov 12 23:35:21 2009
*************** static TypeName *TableFuncTypeName(List
*** 393,398 ****
--- 393,399 ----
%type opt_varying opt_timezone
%type Iconst SignedIconst
+ %type Iconst_list
%type Sconst comment_text
%type RoleId opt_granted_by opt_boolean ColId_or_Sconst
%type var_list
*************** privilege_target:
*** 4520,4525 ****
--- 4521,4534 ----
n->objs = $2;
$$ = n;
}
+ | LARGE_P OBJECT_P Iconst_list
+ {
+ PrivTarget *n = (PrivTarget *) palloc(sizeof(PrivTarget));
+ n->targtype = ACL_TARGET_OBJECT;
+ n->objtype = ACL_OBJECT_LARGEOBJECT;
+ n->objs = $3;
+ $$ = n;
+ }
| SCHEMA name_list
{
PrivTarget *n = (PrivTarget *) palloc(sizeof(PrivTarget));
*************** AlterOwnerStmt: ALTER AGGREGATE func_nam
*** 5795,5800 ****
--- 5804,5817 ----
n->newowner = $7;
$$ = (Node *)n;
}
+ | ALTER LARGE_P OBJECT_P Iconst OWNER TO RoleId
+ {
+ AlterOwnerStmt *n = makeNode(AlterOwnerStmt);
+ n->objectType = OBJECT_LARGEOBJECT;
+ n->object = list_make1(makeInteger($4));
+ n->newowner = $7;
+ $$ = (Node *)n;
+ }
| ALTER OPERATOR any_operator oper_argtypes OWNER TO RoleId
{
AlterOwnerStmt *n = makeNode(AlterOwnerStmt);
*************** SignedIconst: Iconst { $$ = $1; }
*** 10446,10451 ****
--- 10463,10472 ----
| '-' Iconst { $$ = - $2; }
;
+ Iconst_list: Iconst { $$ = list_make1(makeInteger($1)); }
+ | Iconst_list ',' Iconst { $$ = lappend($1, makeInteger($3)); }
+ ;
+
/*
* Name classification hierarchy.
*
diff -Nrpc base/src/backend/storage/large_object/inv_api.c blob/src/backend/storage/large_object/inv_api.c
*** base/src/backend/storage/large_object/inv_api.c Thu Jun 18 10:20:52 2009
--- blob/src/backend/storage/large_object/inv_api.c Fri Nov 13 13:03:07 2009
***************
*** 32,49 ****
--- 32,54 ----
#include "access/genam.h"
#include "access/heapam.h"
+ #include "access/sysattr.h"
#include "access/tuptoaster.h"
#include "access/xact.h"
#include "catalog/catalog.h"
+ #include "catalog/dependency.h"
#include "catalog/indexing.h"
#include "catalog/pg_largeobject.h"
+ #include "catalog/pg_largeobject_metadata.h"
#include "commands/comment.h"
#include "libpq/libpq-fs.h"
+ #include "miscadmin.h"
#include "storage/large_object.h"
#include "utils/fmgroids.h"
#include "utils/rel.h"
#include "utils/resowner.h"
#include "utils/snapmgr.h"
+ #include "utils/syscache.h"
#include "utils/tqual.h"
*************** close_lo_relation(bool isCommit)
*** 131,137 ****
}
}
-
/*
* Same as pg_largeobject.c's LargeObjectExists(), except snapshot to
* read with can be specified.
--- 136,141 ----
*************** close_lo_relation(bool isCommit)
*** 139,168 ****
static bool
myLargeObjectExists(Oid loid, Snapshot snapshot)
{
bool retval = false;
- Relation pg_largeobject;
- ScanKeyData skey[1];
- SysScanDesc sd;
- /*
- * See if we can find any tuples belonging to the specified LO
- */
ScanKeyInit(&skey[0],
! Anum_pg_largeobject_loid,
BTEqualStrategyNumber, F_OIDEQ,
ObjectIdGetDatum(loid));
! pg_largeobject = heap_open(LargeObjectRelationId, AccessShareLock);
! sd = systable_beginscan(pg_largeobject, LargeObjectLOidPNIndexId, true,
snapshot, 1, skey);
! if (systable_getnext(sd) != NULL)
retval = true;
systable_endscan(sd);
! heap_close(pg_largeobject, AccessShareLock);
return retval;
}
--- 143,173 ----
static bool
myLargeObjectExists(Oid loid, Snapshot snapshot)
{
+ Relation pg_lo_meta;
+ ScanKeyData skey[1];
+ SysScanDesc sd;
+ HeapTuple tuple;
bool retval = false;
ScanKeyInit(&skey[0],
! ObjectIdAttributeNumber,
BTEqualStrategyNumber, F_OIDEQ,
ObjectIdGetDatum(loid));
! pg_lo_meta = heap_open(LargeObjectMetadataRelationId,
! AccessShareLock);
! sd = systable_beginscan(pg_lo_meta,
! LargeObjectMetadataOidIndexId, true,
snapshot, 1, skey);
! tuple = systable_getnext(sd);
! if (HeapTupleIsValid(tuple))
retval = true;
systable_endscan(sd);
! heap_close(pg_lo_meta, AccessShareLock);
return retval;
}
*************** getbytealen(bytea *data)
*** 193,223 ****
Oid
inv_create(Oid lobjId)
{
/*
! * Allocate an OID to be the LO's identifier, unless we were told what to
! * use. We can use the index on pg_largeobject for checking OID
! * uniqueness, even though it has additional columns besides OID.
*/
! if (!OidIsValid(lobjId))
! {
! open_lo_relation();
!
! lobjId = GetNewOidWithIndex(lo_heap_r, LargeObjectLOidPNIndexId,
! Anum_pg_largeobject_loid);
! }
/*
! * Create the LO by writing an empty first page for it in pg_largeobject
! * (will fail if duplicate)
*/
! LargeObjectCreate(lobjId);
!
/*
* Advance command counter to make new tuple visible to later operations.
*/
CommandCounterIncrement();
! return lobjId;
}
/*
--- 198,228 ----
Oid
inv_create(Oid lobjId)
{
+ Oid lobjId_new;
+
/*
! * Create a new largeobject with empty data pages
*/
! lobjId_new = LargeObjectCreate(lobjId);
/*
! * dependency on the owner of largeobject
! *
! * The reason why we use LargeObjectRelationId instead of
! * LargeObjectMetadataRelationId here is to provide backward
! * compatibility to the applications which utilize a knowledge
! * about internal layout of system catalogs.
! * OID of pg_largeobject_metadata and loid of pg_largeobject
! * are same value, so there are no actual differences here.
*/
! recordDependencyOnOwner(LargeObjectRelationId,
! lobjId_new, GetUserId());
/*
* Advance command counter to make new tuple visible to later operations.
*/
CommandCounterIncrement();
! return lobjId_new;
}
/*
*************** inv_close(LargeObjectDesc *obj_desc)
*** 292,301 ****
int
inv_drop(Oid lobjId)
{
! LargeObjectDrop(lobjId);
! /* Delete any comments on the large object */
! DeleteComments(lobjId, LargeObjectRelationId, 0);
/*
* Advance command counter so that tuple removal will be seen by later
--- 297,311 ----
int
inv_drop(Oid lobjId)
{
! ObjectAddress object;
! /*
! * Delete any comments and dependencies on the large object
! */
! object.classId = LargeObjectRelationId;
! object.objectId = lobjId;
! object.objectSubId = 0;
! performDeletion(&object, DROP_CASCADE);
/*
* Advance command counter so that tuple removal will be seen by later
*************** inv_drop(Oid lobjId)
*** 315,321 ****
static uint32
inv_getsize(LargeObjectDesc *obj_desc)
{
- bool found = false;
uint32 lastbyte = 0;
ScanKeyData skey[1];
SysScanDesc sd;
--- 325,330 ----
*************** inv_getsize(LargeObjectDesc *obj_desc)
*** 339,351 ****
* large object in reverse pageno order. So, it's sufficient to examine
* the first valid tuple (== last valid page).
*/
! while ((tuple = systable_getnext_ordered(sd, BackwardScanDirection)) != NULL)
{
Form_pg_largeobject data;
bytea *datafield;
bool pfreeit;
- found = true;
if (HeapTupleHasNulls(tuple)) /* paranoia */
elog(ERROR, "null field found in pg_largeobject");
data = (Form_pg_largeobject) GETSTRUCT(tuple);
--- 348,360 ----
* large object in reverse pageno order. So, it's sufficient to examine
* the first valid tuple (== last valid page).
*/
! tuple = systable_getnext_ordered(sd, BackwardScanDirection);
! if (HeapTupleIsValid(tuple))
{
Form_pg_largeobject data;
bytea *datafield;
bool pfreeit;
if (HeapTupleHasNulls(tuple)) /* paranoia */
elog(ERROR, "null field found in pg_largeobject");
data = (Form_pg_largeobject) GETSTRUCT(tuple);
*************** inv_getsize(LargeObjectDesc *obj_desc)
*** 360,374 ****
lastbyte = data->pageno * LOBLKSIZE + getbytealen(datafield);
if (pfreeit)
pfree(datafield);
- break;
}
systable_endscan_ordered(sd);
- if (!found)
- ereport(ERROR,
- (errcode(ERRCODE_UNDEFINED_OBJECT),
- errmsg("large object %u does not exist", obj_desc->id)));
return lastbyte;
}
--- 369,378 ----
*************** inv_write(LargeObjectDesc *obj_desc, con
*** 545,550 ****
--- 549,560 ----
errmsg("large object %u was not opened for writing",
obj_desc->id)));
+ /* check existence of the target largeobject */
+ if (!LargeObjectExists(obj_desc->id))
+ ereport(ERROR,
+ (errcode(ERRCODE_UNDEFINED_OBJECT),
+ errmsg("large object %u was already dropped", obj_desc->id)));
+
if (nbytes <= 0)
return 0;
*************** inv_truncate(LargeObjectDesc *obj_desc,
*** 736,741 ****
--- 746,757 ----
errmsg("large object %u was not opened for writing",
obj_desc->id)));
+ /* check existence of the target largeobject */
+ if (!LargeObjectExists(obj_desc->id))
+ ereport(ERROR,
+ (errcode(ERRCODE_UNDEFINED_OBJECT),
+ errmsg("large object %u was already dropped", obj_desc->id)));
+
open_lo_relation();
indstate = CatalogOpenIndexes(lo_heap_r);
diff -Nrpc base/src/backend/tcop/utility.c blob/src/backend/tcop/utility.c
*** base/src/backend/tcop/utility.c Mon Nov 9 18:42:41 2009
--- blob/src/backend/tcop/utility.c Mon Nov 9 19:13:09 2009
*************** CreateCommandTag(Node *parsetree)
*** 1611,1616 ****
--- 1611,1619 ----
case OBJECT_LANGUAGE:
tag = "ALTER LANGUAGE";
break;
+ case OBJECT_LARGEOBJECT:
+ tag = "ALTER LARGEOBJECT";
+ break;
case OBJECT_OPERATOR:
tag = "ALTER OPERATOR";
break;
diff -Nrpc base/src/backend/utils/adt/acl.c blob/src/backend/utils/adt/acl.c
*** base/src/backend/utils/adt/acl.c Tue Oct 6 08:45:40 2009
--- blob/src/backend/utils/adt/acl.c Tue Oct 6 09:44:51 2009
*************** acldefault(GrantObjectType objtype, Oid
*** 763,768 ****
--- 763,773 ----
world_default = ACL_USAGE;
owner_default = ACL_ALL_RIGHTS_LANGUAGE;
break;
+ case ACL_OBJECT_LARGEOBJECT:
+ /* Grant SELECT,UPDATE by default, for now */
+ world_default = ACL_NO_RIGHTS;
+ owner_default = ACL_ALL_RIGHTS_LARGEOBJECT;
+ break;
case ACL_OBJECT_NAMESPACE:
world_default = ACL_NO_RIGHTS;
owner_default = ACL_ALL_RIGHTS_NAMESPACE;
diff -Nrpc base/src/backend/utils/misc/guc.c blob/src/backend/utils/misc/guc.c
*** base/src/backend/utils/misc/guc.c Mon Nov 9 18:42:41 2009
--- blob/src/backend/utils/misc/guc.c Mon Nov 9 19:13:09 2009
***************
*** 38,43 ****
--- 38,44 ----
#include "commands/trigger.h"
#include "funcapi.h"
#include "libpq/auth.h"
+ #include "libpq/be-fsstubs.h"
#include "libpq/pqformat.h"
#include "miscadmin.h"
#include "optimizer/cost.h"
*************** static struct config_bool ConfigureNames
*** 1223,1228 ****
--- 1224,1238 ----
false, NULL, NULL
},
+ {
+ {"large_object_privilege_checks", PGC_SUSET, COMPAT_OPTIONS,
+ gettext_noop("Turn on/off privilege checks on large objects."),
+ NULL,
+ },
+ &large_object_privilege_checks,
+ true, NULL, NULL
+ },
+
/* End-of-list marker */
{
{NULL, 0, 0, NULL, NULL}, NULL, false, NULL, NULL
diff -Nrpc base/src/backend/utils/misc/postgresql.conf.sample blob/src/backend/utils/misc/postgresql.conf.sample
*** base/src/backend/utils/misc/postgresql.conf.sample Mon Nov 9 18:42:41 2009
--- blob/src/backend/utils/misc/postgresql.conf.sample Mon Nov 9 19:13:09 2009
***************
*** 488,493 ****
--- 488,494 ----
#backslash_quote = safe_encoding # on, off, or safe_encoding
#default_with_oids = off
#escape_string_warning = on
+ #large_object_privilege_checks = on
#sql_inheritance = on
#standard_conforming_strings = off
#synchronize_seqscans = on
diff -Nrpc base/src/bin/pg_dump/dumputils.c blob/src/bin/pg_dump/dumputils.c
*** base/src/bin/pg_dump/dumputils.c Mon Nov 9 18:42:41 2009
--- blob/src/bin/pg_dump/dumputils.c Wed Nov 11 14:50:38 2009
*************** do { \
*** 862,867 ****
--- 862,872 ----
CONVERT_PRIV('U', "USAGE");
else if (strcmp(type, "SERVER") == 0)
CONVERT_PRIV('U', "USAGE");
+ else if (strcmp(type, "LARGE OBJECT") == 0)
+ {
+ CONVERT_PRIV('r', "SELECT");
+ CONVERT_PRIV('w', "UPDATE");
+ }
else
abort();
diff -Nrpc base/src/bin/pg_dump/pg_dump.c blob/src/bin/pg_dump/pg_dump.c
*** base/src/bin/pg_dump/pg_dump.c Mon Nov 9 18:42:41 2009
--- blob/src/bin/pg_dump/pg_dump.c Wed Nov 11 14:50:38 2009
*************** dumpBlobs(Archive *AH, void *arg)
*** 2045,2051 ****
/*
* dumpBlobComments
! * dump all blob comments
*
* Since we don't provide any way to be selective about dumping blobs,
* there's no need to be selective about their comments either. We put
--- 2045,2053 ----
/*
* dumpBlobComments
! * dump all blob properties.
! * It has "BLOB COMMENTS" tag due to the historical reason, but note
! * that it is the routine to dump all the properties of blobs.
*
* Since we don't provide any way to be selective about dumping blobs,
* there's no need to be selective about their comments either. We put
*************** dumpBlobComments(Archive *AH, void *arg)
*** 2056,2085 ****
{
const char *blobQry;
const char *blobFetchQry;
! PQExpBuffer commentcmd = createPQExpBuffer();
PGresult *res;
int i;
if (g_verbose)
! write_msg(NULL, "saving large object comments\n");
/* Make sure we are in proper schema */
selectSourceSchema("pg_catalog");
/* Cursor to get all BLOB comments */
! if (AH->remoteVersion >= 70300)
blobQry = "DECLARE blobcmt CURSOR FOR SELECT loid, "
! "obj_description(loid, 'pg_largeobject') "
"FROM (SELECT DISTINCT loid FROM "
"pg_description d JOIN pg_largeobject l ON (objoid = loid) "
"WHERE classoid = 'pg_largeobject'::regclass) ss";
else if (AH->remoteVersion >= 70200)
blobQry = "DECLARE blobcmt CURSOR FOR SELECT loid, "
! "obj_description(loid, 'pg_largeobject') "
"FROM (SELECT DISTINCT loid FROM pg_largeobject) ss";
else if (AH->remoteVersion >= 70100)
blobQry = "DECLARE blobcmt CURSOR FOR SELECT loid, "
! "obj_description(loid) "
"FROM (SELECT DISTINCT loid FROM pg_largeobject) ss";
else
blobQry = "DECLARE blobcmt CURSOR FOR SELECT oid, "
--- 2058,2092 ----
{
const char *blobQry;
const char *blobFetchQry;
! PQExpBuffer cmdQry = createPQExpBuffer();
PGresult *res;
int i;
if (g_verbose)
! write_msg(NULL, "saving large object properties\n");
/* Make sure we are in proper schema */
selectSourceSchema("pg_catalog");
/* Cursor to get all BLOB comments */
! if (AH->remoteVersion >= 80500)
! blobQry = "DECLARE blobcmt CURSOR FOR SELECT oid, "
! "obj_description(oid, 'pg_largeobject'), "
! "pg_get_userbyid(lomowner), lomacl "
! "FROM pg_largeobject_metadata";
! else if (AH->remoteVersion >= 70300)
blobQry = "DECLARE blobcmt CURSOR FOR SELECT loid, "
! "obj_description(loid, 'pg_largeobject'), NULL, NULL "
"FROM (SELECT DISTINCT loid FROM "
"pg_description d JOIN pg_largeobject l ON (objoid = loid) "
"WHERE classoid = 'pg_largeobject'::regclass) ss";
else if (AH->remoteVersion >= 70200)
blobQry = "DECLARE blobcmt CURSOR FOR SELECT loid, "
! "obj_description(loid, 'pg_largeobject'), NULL, NULL "
"FROM (SELECT DISTINCT loid FROM pg_largeobject) ss";
else if (AH->remoteVersion >= 70100)
blobQry = "DECLARE blobcmt CURSOR FOR SELECT loid, "
! "obj_description(loid), NULL, NULL "
"FROM (SELECT DISTINCT loid FROM pg_largeobject) ss";
else
blobQry = "DECLARE blobcmt CURSOR FOR SELECT oid, "
*************** dumpBlobComments(Archive *AH, void *arg)
*** 2087,2093 ****
" SELECT description "
" FROM pg_description pd "
" WHERE pd.objoid=pc.oid "
! " ) "
"FROM pg_class pc WHERE relkind = 'l'";
res = PQexec(g_conn, blobQry);
--- 2094,2100 ----
" SELECT description "
" FROM pg_description pd "
" WHERE pd.objoid=pc.oid "
! " ), NULL, NULL "
"FROM pg_class pc WHERE relkind = 'l'";
res = PQexec(g_conn, blobQry);
*************** dumpBlobComments(Archive *AH, void *arg)
*** 2107,2128 ****
/* Process the tuples, if any */
for (i = 0; i < PQntuples(res); i++)
{
! Oid blobOid;
! char *comment;
! /* ignore blobs without comments */
! if (PQgetisnull(res, i, 1))
! continue;
! blobOid = atooid(PQgetvalue(res, i, 0));
! comment = PQgetvalue(res, i, 1);
! printfPQExpBuffer(commentcmd, "COMMENT ON LARGE OBJECT %u IS ",
! blobOid);
! appendStringLiteralAH(commentcmd, comment, AH);
! appendPQExpBuffer(commentcmd, ";\n");
! archputs(commentcmd->data, AH);
}
} while (PQntuples(res) > 0);
--- 2114,2164 ----
/* Process the tuples, if any */
for (i = 0; i < PQntuples(res); i++)
{
! Oid blobOid = atooid(PQgetvalue(res, i, 0));
! char *lo_comment = PQgetvalue(res, i, 1);
! char *lo_owner = PQgetvalue(res, i, 2);
! char *lo_acl = PQgetvalue(res, i, 3);
! char lo_name[32];
! resetPQExpBuffer(cmdQry);
! /* comment on the blob */
! if (!PQgetisnull(res, i, 1))
! {
! appendPQExpBuffer(cmdQry,
! "COMMENT ON LARGE OBJECT %u IS ", blobOid);
! appendStringLiteralAH(cmdQry, lo_comment, AH);
! appendPQExpBuffer(cmdQry, ";\n");
! }
!
! /* dump blob ownership, if necessary */
! if (!PQgetisnull(res, i, 2))
! {
! appendPQExpBuffer(cmdQry,
! "ALTER LARGE OBJECT %u OWNER TO %s;\n",
! blobOid, lo_owner);
! }
! /* dump blob privileges, if necessary */
! if (!PQgetisnull(res, i, 3) &&
! !dataOnly && !aclsSkip)
! {
! snprintf(lo_name, sizeof(lo_name), "%u", blobOid);
! if (!buildACLCommands(lo_name, NULL, "LARGE OBJECT",
! lo_acl, lo_owner, "",
! AH->remoteVersion, cmdQry))
! {
! write_msg(NULL, "could not parse ACL (%s) for "
! "large object %u", lo_acl, blobOid);
! exit_nicely();
! }
! }
! if (cmdQry->len > 0)
! {
! appendPQExpBuffer(cmdQry, "\n");
! archputs(cmdQry->data, AH);
! }
}
} while (PQntuples(res) > 0);
*************** dumpBlobComments(Archive *AH, void *arg)
*** 2130,2136 ****
archputs("\n", AH);
! destroyPQExpBuffer(commentcmd);
return 1;
}
--- 2166,2172 ----
archputs("\n", AH);
! destroyPQExpBuffer(cmdQry);
return 1;
}
diff -Nrpc base/src/bin/psql/large_obj.c blob/src/bin/psql/large_obj.c
*** base/src/bin/psql/large_obj.c Sat Jan 3 12:49:23 2009
--- blob/src/bin/psql/large_obj.c Wed Oct 14 16:24:55 2009
*************** do_lo_list(void)
*** 278,290 ****
char buf[1024];
printQueryOpt myopt = pset.popt;
! snprintf(buf, sizeof(buf),
! "SELECT loid as \"%s\",\n"
! " pg_catalog.obj_description(loid, 'pg_largeobject') as \"%s\"\n"
! "FROM (SELECT DISTINCT loid FROM pg_catalog.pg_largeobject) x\n"
! "ORDER BY 1",
! gettext_noop("ID"),
! gettext_noop("Description"));
res = PSQLexec(buf, false);
if (!res)
--- 278,305 ----
char buf[1024];
printQueryOpt myopt = pset.popt;
! if (pset.sversion >= 80500)
! {
! snprintf(buf, sizeof(buf),
! "SELECT oid as \"%s\",\n"
! " pg_catalog.pg_get_userbyid(lomowner) as \"%s\",\n"
! " pg_catalog.obj_description(oid, 'pg_largeobject') as \"%s\"\n"
! " FROM pg_catalog.pg_largeobject_metadata "
! " ORDER BY oid",
! gettext_noop("ID"),
! gettext_noop("Owner"),
! gettext_noop("Description"));
! }
! else
! {
! snprintf(buf, sizeof(buf),
! "SELECT loid as \"%s\",\n"
! " pg_catalog.obj_description(loid, 'pg_largeobject') as \"%s\"\n"
! "FROM (SELECT DISTINCT loid FROM pg_catalog.pg_largeobject) x\n"
! "ORDER BY 1",
! gettext_noop("ID"),
! gettext_noop("Description"));
! }
res = PSQLexec(buf, false);
if (!res)
diff -Nrpc base/src/include/catalog/dependency.h blob/src/include/catalog/dependency.h
*** base/src/include/catalog/dependency.h Tue Oct 13 08:36:15 2009
--- blob/src/include/catalog/dependency.h Tue Oct 13 09:28:23 2009
*************** typedef enum ObjectClass
*** 128,133 ****
--- 128,134 ----
OCLASS_CONVERSION, /* pg_conversion */
OCLASS_DEFAULT, /* pg_attrdef */
OCLASS_LANGUAGE, /* pg_language */
+ OCLASS_LARGEOBJECT, /* pg_largeobject */
OCLASS_OPERATOR, /* pg_operator */
OCLASS_OPCLASS, /* pg_opclass */
OCLASS_OPFAMILY, /* pg_opfamily */
diff -Nrpc base/src/include/catalog/indexing.h blob/src/include/catalog/indexing.h
*** base/src/include/catalog/indexing.h Tue Oct 13 08:36:15 2009
--- blob/src/include/catalog/indexing.h Tue Oct 13 09:28:23 2009
*************** DECLARE_UNIQUE_INDEX(pg_language_oid_ind
*** 165,170 ****
--- 165,173 ----
DECLARE_UNIQUE_INDEX(pg_largeobject_loid_pn_index, 2683, on pg_largeobject using btree(loid oid_ops, pageno int4_ops));
#define LargeObjectLOidPNIndexId 2683
+ DECLARE_UNIQUE_INDEX(pg_largeobject_metadata_oid_index, 2337, on pg_largeobject_metadata using btree(oid oid_ops));
+ #define LargeObjectMetadataOidIndexId 2337
+
DECLARE_UNIQUE_INDEX(pg_namespace_nspname_index, 2684, on pg_namespace using btree(nspname name_ops));
#define NamespaceNameIndexId 2684
DECLARE_UNIQUE_INDEX(pg_namespace_oid_index, 2685, on pg_namespace using btree(oid oid_ops));
diff -Nrpc base/src/include/catalog/pg_largeobject.h blob/src/include/catalog/pg_largeobject.h
*** base/src/include/catalog/pg_largeobject.h Sat Jan 3 12:25:21 2009
--- blob/src/include/catalog/pg_largeobject.h Fri Nov 13 13:03:07 2009
*************** typedef FormData_pg_largeobject *Form_pg
*** 51,58 ****
#define Anum_pg_largeobject_pageno 2
#define Anum_pg_largeobject_data 3
! extern void LargeObjectCreate(Oid loid);
extern void LargeObjectDrop(Oid loid);
extern bool LargeObjectExists(Oid loid);
#endif /* PG_LARGEOBJECT_H */
--- 51,59 ----
#define Anum_pg_largeobject_pageno 2
#define Anum_pg_largeobject_data 3
! extern Oid LargeObjectCreate(Oid loid);
extern void LargeObjectDrop(Oid loid);
+ extern void LargeObjectAlterOwner(Oid loid, Oid newOwnerId);
extern bool LargeObjectExists(Oid loid);
#endif /* PG_LARGEOBJECT_H */
diff -Nrpc base/src/include/catalog/pg_largeobject_metadata.h blob/src/include/catalog/pg_largeobject_metadata.h
*** base/src/include/catalog/pg_largeobject_metadata.h Thu Jan 1 09:00:00 1970
--- blob/src/include/catalog/pg_largeobject_metadata.h Wed Oct 14 16:09:23 2009
***************
*** 0 ****
--- 1,52 ----
+ /*-------------------------------------------------------------------------
+ *
+ * pg_largeobject_metadata.h
+ * definition of the system "largeobject_metadata" relation (pg_largeobject_metadata)
+ * along with the relation's initial contents.
+ *
+ *
+ * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
+ * Portions Copyright (c) 1994, Regents of the University of California
+ *
+ * $PostgreSQL: pgsql/src/include/catalog/pg_largeobject_metadata.h,v 1.24 2009/01/01 17:23:57 momjian Exp $
+ *
+ * NOTES
+ * the genbki.sh script reads this file and generates .bki
+ * information from the DATA() statements.
+ *
+ *-------------------------------------------------------------------------
+ */
+ #ifndef PG_LARGEOBJECT_METADATA_H
+ #define PG_LARGEOBJECT_METADATA_H
+
+ #include "catalog/genbki.h"
+
+ /* ----------------
+ * pg_largeobject_metadata definition. cpp turns this into
+ * typedef struct FormData_pg_largeobject_metadata
+ * ----------------
+ */
+ #define LargeObjectMetadataRelationId 2336
+
+ CATALOG(pg_largeobject_metadata,2336)
+ {
+ Oid lomowner; /* OID of the largeobject owner */
+ aclitem lomacl[1]; /* access permissions */
+ } FormData_pg_largeobject_metadata;
+
+ /* ----------------
+ * Form_pg_largeobject_metadata corresponds to a pointer to a tuple
+ * with the format of pg_largeobject_metadata relation.
+ * ----------------
+ */
+ typedef FormData_pg_largeobject_metadata *Form_pg_largeobject_metadata;
+
+ /* ----------------
+ * compiler constants for pg_largeobject_metadata
+ * ----------------
+ */
+ #define Natts_pg_largeobject_metadata 2
+ #define Anum_pg_largeobject_metadata_lomowner 1
+ #define Anum_pg_largeobject_metadata_lomacl 2
+
+ #endif /* PG_LARGEOBJECT_METADATA_H */
diff -Nrpc base/src/include/libpq/be-fsstubs.h blob/src/include/libpq/be-fsstubs.h
*** base/src/include/libpq/be-fsstubs.h Sat Jan 3 12:25:21 2009
--- blob/src/include/libpq/be-fsstubs.h Wed Oct 14 16:09:23 2009
*************** extern Datum lo_unlink(PG_FUNCTION_ARGS)
*** 38,43 ****
--- 38,48 ----
extern Datum lo_truncate(PG_FUNCTION_ARGS);
/*
+ * compatibility option for access control
+ */
+ extern bool large_object_privilege_checks;
+
+ /*
* These are not fmgr-callable, but are available to C code.
* Probably these should have had the underscore-free names,
* but too late now...
diff -Nrpc base/src/include/nodes/parsenodes.h blob/src/include/nodes/parsenodes.h
*** base/src/include/nodes/parsenodes.h Mon Nov 9 18:42:41 2009
--- blob/src/include/nodes/parsenodes.h Mon Nov 9 19:13:09 2009
*************** typedef enum GrantObjectType
*** 1195,1200 ****
--- 1195,1201 ----
ACL_OBJECT_FOREIGN_SERVER, /* foreign server */
ACL_OBJECT_FUNCTION, /* function */
ACL_OBJECT_LANGUAGE, /* procedural language */
+ ACL_OBJECT_LARGEOBJECT, /* largeobject */
ACL_OBJECT_NAMESPACE, /* namespace */
ACL_OBJECT_TABLESPACE /* tablespace */
} GrantObjectType;
diff -Nrpc base/src/include/utils/acl.h blob/src/include/utils/acl.h
*** base/src/include/utils/acl.h Tue Oct 6 08:45:40 2009
--- blob/src/include/utils/acl.h Mon Nov 9 23:35:31 2009
***************
*** 26,31 ****
--- 26,32 ----
#include "nodes/parsenodes.h"
#include "utils/array.h"
+ #include "utils/snapshot.h"
/*
*************** typedef ArrayType Acl;
*** 151,156 ****
--- 152,158 ----
#define ACL_ALL_RIGHTS_FOREIGN_SERVER (ACL_USAGE)
#define ACL_ALL_RIGHTS_FUNCTION (ACL_EXECUTE)
#define ACL_ALL_RIGHTS_LANGUAGE (ACL_USAGE)
+ #define ACL_ALL_RIGHTS_LARGEOBJECT (ACL_SELECT|ACL_UPDATE)
#define ACL_ALL_RIGHTS_NAMESPACE (ACL_USAGE|ACL_CREATE)
#define ACL_ALL_RIGHTS_TABLESPACE (ACL_CREATE)
*************** typedef enum AclObjectKind
*** 181,186 ****
--- 183,189 ----
ACL_KIND_OPER, /* pg_operator */
ACL_KIND_TYPE, /* pg_type */
ACL_KIND_LANGUAGE, /* pg_language */
+ ACL_KIND_LARGEOBJECT, /* pg_largeobject */
ACL_KIND_NAMESPACE, /* pg_namespace */
ACL_KIND_OPCLASS, /* pg_opclass */
ACL_KIND_OPFAMILY, /* pg_opfamily */
*************** extern AclMode pg_proc_aclmask(Oid proc_
*** 258,263 ****
--- 261,270 ----
AclMode mask, AclMaskHow how);
extern AclMode pg_language_aclmask(Oid lang_oid, Oid roleid,
AclMode mask, AclMaskHow how);
+ extern AclMode pg_largeobject_aclmask(Oid lobj_oid, Oid roleid,
+ AclMode mask, AclMaskHow how);
+ extern AclMode pg_largeobject_aclmask_snapshot(Oid lobj_oid, Oid roleid,
+ AclMode mask, AclMaskHow how, Snapshot snapshot);
extern AclMode pg_namespace_aclmask(Oid nsp_oid, Oid roleid,
AclMode mask, AclMaskHow how);
extern AclMode pg_tablespace_aclmask(Oid spc_oid, Oid roleid,
*************** extern AclResult pg_class_aclcheck(Oid t
*** 275,280 ****
--- 282,290 ----
extern AclResult pg_database_aclcheck(Oid db_oid, Oid roleid, AclMode mode);
extern AclResult pg_proc_aclcheck(Oid proc_oid, Oid roleid, AclMode mode);
extern AclResult pg_language_aclcheck(Oid lang_oid, Oid roleid, AclMode mode);
+ extern AclResult pg_largeobject_aclcheck(Oid lang_oid, Oid roleid, AclMode mode);
+ extern AclResult pg_largeobject_aclcheck_snapshot(Oid lang_oid, Oid roleid,
+ AclMode mode, Snapshot snapshot);
extern AclResult pg_namespace_aclcheck(Oid nsp_oid, Oid roleid, AclMode mode);
extern AclResult pg_tablespace_aclcheck(Oid spc_oid, Oid roleid, AclMode mode);
extern AclResult pg_foreign_data_wrapper_aclcheck(Oid fdw_oid, Oid roleid, AclMode mode);
*************** extern bool pg_type_ownercheck(Oid type_
*** 292,297 ****
--- 302,308 ----
extern bool pg_oper_ownercheck(Oid oper_oid, Oid roleid);
extern bool pg_proc_ownercheck(Oid proc_oid, Oid roleid);
extern bool pg_language_ownercheck(Oid lan_oid, Oid roleid);
+ extern bool pg_largeobject_ownercheck(Oid lobj_oid, Oid roleid);
extern bool pg_namespace_ownercheck(Oid nsp_oid, Oid roleid);
extern bool pg_tablespace_ownercheck(Oid spc_oid, Oid roleid);
extern bool pg_opclass_ownercheck(Oid opc_oid, Oid roleid);
diff -Nrpc base/src/test/regress/expected/privileges.out blob/src/test/regress/expected/privileges.out
*** base/src/test/regress/expected/privileges.out Mon Nov 9 18:42:41 2009
--- blob/src/test/regress/expected/privileges.out Mon Nov 9 19:13:09 2009
*************** DROP ROLE IF EXISTS regressuser2;
*** 11,16 ****
--- 11,22 ----
DROP ROLE IF EXISTS regressuser3;
DROP ROLE IF EXISTS regressuser4;
DROP ROLE IF EXISTS regressuser5;
+ DROP ROLE IF EXISTS regressuser6;
+ SELECT lo_unlink(oid) FROM pg_largeobject_metadata;
+ lo_unlink
+ -----------
+ (0 rows)
+
RESET client_min_messages;
-- test proper begins here
CREATE USER regressuser1;
*************** SELECT has_sequence_privilege('x_seq', '
*** 847,852 ****
--- 853,1046 ----
t
(1 row)
+ -- largeobject privilege tests
+ \c -
+ SET SESSION AUTHORIZATION regressuser1;
+ SELECT lo_create(1001);
+ lo_create
+ -----------
+ 1001
+ (1 row)
+
+ SELECT lo_create(1002);
+ lo_create
+ -----------
+ 1002
+ (1 row)
+
+ SELECT lo_create(1003);
+ lo_create
+ -----------
+ 1003
+ (1 row)
+
+ SELECT lo_create(1004);
+ lo_create
+ -----------
+ 1004
+ (1 row)
+
+ SELECT lo_create(1005);
+ lo_create
+ -----------
+ 1005
+ (1 row)
+
+ GRANT ALL ON LARGE OBJECT 1001 TO PUBLIC;
+ GRANT SELECT ON LARGE OBJECT 1003 TO regressuser2;
+ GRANT SELECT,UPDATE ON LARGE OBJECT 1004 TO regressuser2;
+ GRANT ALL ON LARGE OBJECT 1005 TO regressuser2;
+ GRANT SELECT ON LARGE OBJECT 1005 TO regressuser2 WITH GRANT OPTION;
+ GRANT SELECT, INSERT ON LARGE OBJECT 1001 TO PUBLIC; -- to be failed
+ ERROR: invalid privilege type INSERT for largeobject
+ GRANT SELECT, UPDATE ON LARGE OBJECT 1001 TO nosuchuser; -- to be failed
+ ERROR: role "nosuchuser" does not exist
+ GRANT SELECT, UPDATE ON LARGE OBJECT 999 TO PUBLIC; -- to be failed
+ ERROR: largeobject 999 does not exist
+ \c -
+ SET SESSION AUTHORIZATION regressuser2;
+ SELECT lo_create(2001);
+ lo_create
+ -----------
+ 2001
+ (1 row)
+
+ SELECT lo_create(2002);
+ lo_create
+ -----------
+ 2002
+ (1 row)
+
+ SELECT loread(lo_open(1001, x'40000'::int), 32);
+ loread
+ --------
+ \x
+ (1 row)
+
+ SELECT loread(lo_open(1002, x'40000'::int), 32); -- to be denied
+ ERROR: permission denied for largeobject 1002
+ SELECT loread(lo_open(1003, x'40000'::int), 32);
+ loread
+ --------
+ \x
+ (1 row)
+
+ SELECT loread(lo_open(1004, x'40000'::int), 32);
+ loread
+ --------
+ \x
+ (1 row)
+
+ SELECT lowrite(lo_open(1001, x'20000'::int), 'abcd');
+ lowrite
+ ---------
+ 4
+ (1 row)
+
+ SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd'); -- to be denied
+ ERROR: permission denied for largeobject 1002
+ SELECT lowrite(lo_open(1003, x'20000'::int), 'abcd'); -- to be denied
+ ERROR: permission denied for largeobject 1003
+ SELECT lowrite(lo_open(1004, x'20000'::int), 'abcd');
+ lowrite
+ ---------
+ 4
+ (1 row)
+
+ GRANT SELECT ON LARGE OBJECT 1005 TO regressuser3;
+ GRANT UPDATE ON LARGE OBJECT 1006 TO regressuser3; -- to be denied
+ ERROR: largeobject 1006 does not exist
+ REVOKE ALL ON LARGE OBJECT 2001, 2002 FROM PUBLIC;
+ GRANT ALL ON LARGE OBJECT 2001 TO regressuser3;
+ SELECT lo_unlink(1001); -- to be denied
+ ERROR: must be owner of large object 1001
+ SELECT lo_unlink(2002);
+ lo_unlink
+ -----------
+ 1
+ (1 row)
+
+ \c -
+ -- confirm ACL setting
+ SELECT oid, pg_get_userbyid(lomowner) ownername, lomacl FROM pg_largeobject_metadata;
+ oid | ownername | lomacl
+ ------+--------------+------------------------------------------------------------------------------------------
+ 1002 | regressuser1 |
+ 1001 | regressuser1 | {regressuser1=rw/regressuser1,=rw/regressuser1}
+ 1003 | regressuser1 | {regressuser1=rw/regressuser1,regressuser2=r/regressuser1}
+ 1004 | regressuser1 | {regressuser1=rw/regressuser1,regressuser2=rw/regressuser1}
+ 1005 | regressuser1 | {regressuser1=rw/regressuser1,regressuser2=r*w/regressuser1,regressuser3=r/regressuser2}
+ 2001 | regressuser2 | {regressuser2=rw/regressuser2,regressuser3=rw/regressuser2}
+ (6 rows)
+
+ SET SESSION AUTHORIZATION regressuser3;
+ SELECT loread(lo_open(1001, x'40000'::int), 32);
+ loread
+ ------------
+ \x61626364
+ (1 row)
+
+ SELECT loread(lo_open(1003, x'40000'::int), 32); -- to be denied
+ ERROR: permission denied for largeobject 1003
+ SELECT loread(lo_open(1005, x'40000'::int), 32);
+ loread
+ --------
+ \x
+ (1 row)
+
+ SELECT lo_truncate(lo_open(1005, x'20000'::int), 10); -- to be denied
+ ERROR: permission denied for largeobject 1005
+ SELECT lo_truncate(lo_open(2001, x'20000'::int), 10);
+ lo_truncate
+ -------------
+ 0
+ (1 row)
+
+ -- compatibility mode in largeobject permission
+ \c -
+ SET large_object_privilege_checks = true; -- default setting
+ SET SESSION AUTHORIZATION regressuser4;
+ SELECT loread(lo_open(1002, x'40000'::int), 32); -- to be denied
+ ERROR: permission denied for largeobject 1002
+ SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd'); -- to be denied
+ ERROR: permission denied for largeobject 1002
+ SELECT lo_truncate(lo_open(1002, x'20000'::int), 10); -- to be denied
+ ERROR: permission denied for largeobject 1002
+ SELECT lo_unlink(1002); -- to be denied
+ ERROR: must be owner of large object 1002
+ SELECT lo_export(1001, '/dev/null'); -- to be denied
+ ERROR: must be superuser to use server-side lo_export()
+ HINT: Anyone can use the client-side lo_export() provided by libpq.
+ \c -
+ SET large_object_privilege_checks = false; -- compatibility mode
+ SET SESSION AUTHORIZATION regressuser4;
+ SELECT loread(lo_open(1002, x'40000'::int), 32);
+ loread
+ --------
+ \x
+ (1 row)
+
+ SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd');
+ lowrite
+ ---------
+ 4
+ (1 row)
+
+ SELECT lo_truncate(lo_open(1002, x'20000'::int), 10);
+ lo_truncate
+ -------------
+ 0
+ (1 row)
+
+ SELECT lo_unlink(1002);
+ lo_unlink
+ -----------
+ 1
+ (1 row)
+
+ SELECT lo_export(1001, '/dev/null'); -- to be denied
+ ERROR: must be superuser to use server-side lo_export()
+ HINT: Anyone can use the client-side lo_export() provided by libpq.
-- test default ACLs
\c -
CREATE SCHEMA testns;
*************** DROP TABLE atest6;
*** 1034,1039 ****
--- 1228,1243 ----
DROP TABLE atestc;
DROP TABLE atestp1;
DROP TABLE atestp2;
+ SELECT lo_unlink(oid) FROM pg_largeobject_metadata;
+ lo_unlink
+ -----------
+ 1
+ 1
+ 1
+ 1
+ 1
+ (5 rows)
+
DROP GROUP regressgroup1;
DROP GROUP regressgroup2;
-- these are needed to clean up permissions
*************** DROP USER regressuser2;
*** 1044,1046 ****
--- 1248,1252 ----
DROP USER regressuser3;
DROP USER regressuser4;
DROP USER regressuser5;
+ DROP USER regressuser6;
+ ERROR: role "regressuser6" does not exist
diff -Nrpc base/src/test/regress/expected/sanity_check.out blob/src/test/regress/expected/sanity_check.out
*** base/src/test/regress/expected/sanity_check.out Tue Oct 13 08:36:15 2009
--- blob/src/test/regress/expected/sanity_check.out Tue Oct 13 10:17:59 2009
*************** SELECT relname, relhasindex
*** 106,111 ****
--- 106,112 ----
pg_inherits | t
pg_language | t
pg_largeobject | t
+ pg_largeobject_metadata | t
pg_listener | f
pg_namespace | t
pg_opclass | t
*************** SELECT relname, relhasindex
*** 153,159 ****
timetz_tbl | f
tinterval_tbl | f
varchar_tbl | f
! (142 rows)
--
-- another sanity check: every system catalog that has OIDs should have
--- 154,160 ----
timetz_tbl | f
tinterval_tbl | f
varchar_tbl | f
! (143 rows)
--
-- another sanity check: every system catalog that has OIDs should have
diff -Nrpc base/src/test/regress/sql/privileges.sql blob/src/test/regress/sql/privileges.sql
*** base/src/test/regress/sql/privileges.sql Mon Nov 9 18:42:41 2009
--- blob/src/test/regress/sql/privileges.sql Mon Nov 9 19:13:09 2009
*************** DROP ROLE IF EXISTS regressuser2;
*** 15,20 ****
--- 15,23 ----
DROP ROLE IF EXISTS regressuser3;
DROP ROLE IF EXISTS regressuser4;
DROP ROLE IF EXISTS regressuser5;
+ DROP ROLE IF EXISTS regressuser6;
+
+ SELECT lo_unlink(oid) FROM pg_largeobject_metadata;
RESET client_min_messages;
*************** ALTER GROUP regressgroup2 ADD USER regre
*** 36,42 ****
ALTER GROUP regressgroup2 DROP USER regressuser2;
ALTER GROUP regressgroup2 ADD USER regressuser4;
-
-- test owner privileges
SET SESSION AUTHORIZATION regressuser1;
--- 39,44 ----
*************** SET SESSION AUTHORIZATION regressuser2;
*** 485,490 ****
--- 487,569 ----
SELECT has_sequence_privilege('x_seq', 'USAGE');
+ -- largeobject privilege tests
+ \c -
+ SET SESSION AUTHORIZATION regressuser1;
+
+ SELECT lo_create(1001);
+ SELECT lo_create(1002);
+ SELECT lo_create(1003);
+ SELECT lo_create(1004);
+ SELECT lo_create(1005);
+
+ GRANT ALL ON LARGE OBJECT 1001 TO PUBLIC;
+ GRANT SELECT ON LARGE OBJECT 1003 TO regressuser2;
+ GRANT SELECT,UPDATE ON LARGE OBJECT 1004 TO regressuser2;
+ GRANT ALL ON LARGE OBJECT 1005 TO regressuser2;
+ GRANT SELECT ON LARGE OBJECT 1005 TO regressuser2 WITH GRANT OPTION;
+
+ GRANT SELECT, INSERT ON LARGE OBJECT 1001 TO PUBLIC; -- to be failed
+ GRANT SELECT, UPDATE ON LARGE OBJECT 1001 TO nosuchuser; -- to be failed
+ GRANT SELECT, UPDATE ON LARGE OBJECT 999 TO PUBLIC; -- to be failed
+
+ \c -
+ SET SESSION AUTHORIZATION regressuser2;
+
+ SELECT lo_create(2001);
+ SELECT lo_create(2002);
+
+ SELECT loread(lo_open(1001, x'40000'::int), 32);
+ SELECT loread(lo_open(1002, x'40000'::int), 32); -- to be denied
+ SELECT loread(lo_open(1003, x'40000'::int), 32);
+ SELECT loread(lo_open(1004, x'40000'::int), 32);
+
+ SELECT lowrite(lo_open(1001, x'20000'::int), 'abcd');
+ SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd'); -- to be denied
+ SELECT lowrite(lo_open(1003, x'20000'::int), 'abcd'); -- to be denied
+ SELECT lowrite(lo_open(1004, x'20000'::int), 'abcd');
+
+ GRANT SELECT ON LARGE OBJECT 1005 TO regressuser3;
+ GRANT UPDATE ON LARGE OBJECT 1006 TO regressuser3; -- to be denied
+ REVOKE ALL ON LARGE OBJECT 2001, 2002 FROM PUBLIC;
+ GRANT ALL ON LARGE OBJECT 2001 TO regressuser3;
+
+ SELECT lo_unlink(1001); -- to be denied
+ SELECT lo_unlink(2002);
+
+ \c -
+ -- confirm ACL setting
+ SELECT oid, pg_get_userbyid(lomowner) ownername, lomacl FROM pg_largeobject_metadata;
+
+ SET SESSION AUTHORIZATION regressuser3;
+
+ SELECT loread(lo_open(1001, x'40000'::int), 32);
+ SELECT loread(lo_open(1003, x'40000'::int), 32); -- to be denied
+ SELECT loread(lo_open(1005, x'40000'::int), 32);
+
+ SELECT lo_truncate(lo_open(1005, x'20000'::int), 10); -- to be denied
+ SELECT lo_truncate(lo_open(2001, x'20000'::int), 10);
+
+ -- compatibility mode in largeobject permission
+ \c -
+ SET large_object_privilege_checks = true; -- default setting
+ SET SESSION AUTHORIZATION regressuser4;
+
+ SELECT loread(lo_open(1002, x'40000'::int), 32); -- to be denied
+ SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd'); -- to be denied
+ SELECT lo_truncate(lo_open(1002, x'20000'::int), 10); -- to be denied
+ SELECT lo_unlink(1002); -- to be denied
+ SELECT lo_export(1001, '/dev/null'); -- to be denied
+
+ \c -
+ SET large_object_privilege_checks = false; -- compatibility mode
+ SET SESSION AUTHORIZATION regressuser4;
+
+ SELECT loread(lo_open(1002, x'40000'::int), 32);
+ SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd');
+ SELECT lo_truncate(lo_open(1002, x'20000'::int), 10);
+ SELECT lo_unlink(1002);
+ SELECT lo_export(1001, '/dev/null'); -- to be denied
-- test default ACLs
\c -
*************** DROP TABLE atestc;
*** 611,616 ****
--- 690,697 ----
DROP TABLE atestp1;
DROP TABLE atestp2;
+ SELECT lo_unlink(oid) FROM pg_largeobject_metadata;
+
DROP GROUP regressgroup1;
DROP GROUP regressgroup2;
*************** DROP USER regressuser2;
*** 623,625 ****
--- 704,707 ----
DROP USER regressuser3;
DROP USER regressuser4;
DROP USER regressuser5;
+ DROP USER regressuser6;