I updated the patch to use the SET AUTHORIZATION { INVOKER | DEFINER }

terminology. Also, the function owner is now determined and saved at compile
time (no gotchas here, right?)/

Mark Volpe

6 files changed, 129 insertions, 8 deletions

diff --git a/src/pl/plpgsql/src/gram.y b/src/pl/plpgsql/src/gram.y
index 14f32c278fe..4637fb97cb5 100644
--- a/src/pl/plpgsql/src/gram.y
+++ b/src/pl/plpgsql/src/gram.y
@@ -4,7 +4,7 @@
  *						  procedural language
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.21 2001/06/06 18:54:41 wieck Exp $
+ *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.22 2001/07/11 18:54:18 momjian Exp $
  *
  *	  This software is copyrighted by Jan Wieck - Hamburg.
  *
@@ -122,11 +122,13 @@ static	PLpgSQL_expr	*make_tupret_expr(PLpgSQL_row *row);
 %type <stmts>	proc_sect, proc_stmts, stmt_else, loop_body
 %type <stmt>	proc_stmt, pl_block
 %type <stmt>	stmt_assign, stmt_if, stmt_loop, stmt_while, stmt_exit
-%type <stmt>	stmt_return, stmt_raise, stmt_execsql, stmt_fori
+%type <stmt>	stmt_return, stmt_raise, stmt_execsql, stmt_fori, stmt_setauth
 %type <stmt>	stmt_fors, stmt_select, stmt_perform
 %type <stmt>	stmt_dynexecute, stmt_dynfors, stmt_getdiag
 %type <stmt>	stmt_open, stmt_fetch, stmt_close
 
+%type <ival>	auth_level
+
 %type <intlist>	raise_params
 %type <ival>	raise_level, raise_param
 %type <str>		raise_msg
@@ -172,6 +174,10 @@ static	PLpgSQL_expr	*make_tupret_expr(PLpgSQL_row *row);
 %token	K_PERFORM
 %token	K_ROW_COUNT
 %token	K_RAISE
+%token	K_SET
+%token	K_AUTHORIZATION
+%token	K_INVOKER
+%token	K_DEFINER
 %token	K_RECORD
 %token	K_RENAME
 %token	K_RESULT_OID
@@ -726,6 +732,8 @@ proc_stmt		: pl_block
 						{ $$ = $1; }
 				| stmt_raise
 						{ $$ = $1; }
+				| stmt_setauth
+						{ $$ = $1; }
 				| stmt_execsql
 						{ $$ = $1; }
 				| stmt_dynexecute
@@ -1243,6 +1251,29 @@ stmt_return		: K_RETURN lno
 					}
 				;
 
+stmt_setauth		: K_SET K_AUTHORIZATION auth_level lno ';'
+				{
+					PLpgSQL_stmt_setauth *new;
+
+					new=malloc(sizeof(PLpgSQL_stmt_setauth));
+
+					new->cmd_type = PLPGSQL_STMT_SETAUTH;
+					new->auth_level = $3;
+                                        new->lineno = $4;
+                                        
+					$$ = (PLpgSQL_stmt *)new;
+				}
+
+auth_level : K_DEFINER
+		{
+			$$=PLPGSQL_AUTH_DEFINER;
+                }
+	   | K_INVOKER
+           	{
+                	$$=PLPGSQL_AUTH_INVOKER;
+                }
+;
+
 stmt_raise		: K_RAISE lno raise_level raise_msg raise_params ';'
 					{
 						PLpgSQL_stmt_raise		*new;
diff --git a/src/pl/plpgsql/src/pl_comp.c b/src/pl/plpgsql/src/pl_comp.c
index 5d939850286..ecdb2fd21ac 100644
--- a/src/pl/plpgsql/src/pl_comp.c
+++ b/src/pl/plpgsql/src/pl_comp.c
@@ -3,7 +3,7 @@
  *			  procedural language
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_comp.c,v 1.31 2001/05/21 14:22:18 wieck Exp $
+ *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_comp.c,v 1.32 2001/07/11 18:54:18 momjian Exp $
  *
  *	  This software is copyrighted by Jan Wieck - Hamburg.
  *
@@ -169,6 +169,7 @@ plpgsql_compile(Oid fn_oid, int functype)
 
 	function->fn_functype = functype;
 	function->fn_oid = fn_oid;
+        function->definer_uid = procStruct->proowner;
 	function->fn_name = strdup(DatumGetCString(DirectFunctionCall1(nameout,
 								 NameGetDatum(&(procStruct->proname)))));
 
diff --git a/src/pl/plpgsql/src/pl_exec.c b/src/pl/plpgsql/src/pl_exec.c
index dc5fed5cf7a..d5aeba891c6 100644
--- a/src/pl/plpgsql/src/pl_exec.c
+++ b/src/pl/plpgsql/src/pl_exec.c
@@ -3,7 +3,7 @@
  *			  procedural language
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.44 2001/05/28 19:33:24 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.45 2001/07/11 18:54:18 momjian Exp $
  *
  *	  This software is copyrighted by Jan Wieck - Hamburg.
  *
@@ -47,6 +47,7 @@
 #include "plpgsql.h"
 #include "pl.tab.h"
 
+#include "miscadmin.h"
 #include "access/heapam.h"
 #include "catalog/pg_proc.h"
 #include "catalog/pg_type.h"
@@ -105,6 +106,8 @@ static int exec_stmt_exit(PLpgSQL_execstate * estate,
 			   PLpgSQL_stmt_exit * stmt);
 static int exec_stmt_return(PLpgSQL_execstate * estate,
 				 PLpgSQL_stmt_return * stmt);
+static int exec_stmt_setauth(PLpgSQL_execstate * estate,
+				PLpgSQL_stmt_setauth * stmt);
 static int exec_stmt_raise(PLpgSQL_execstate * estate,
 				PLpgSQL_stmt_raise * stmt);
 static int exec_stmt_execsql(PLpgSQL_execstate * estate,
@@ -226,6 +229,9 @@ plpgsql_exec_function(PLpgSQL_function * func, FunctionCallInfo fcinfo)
 					case PLPGSQL_STMT_RETURN:
 						stmttype = "return";
 						break;
+					case PLPGSQL_STMT_SETAUTH:
+						stmttype = "setauth";
+						break;
 					case PLPGSQL_STMT_RAISE:
 						stmttype = "raise";
 						break;
@@ -277,7 +283,10 @@ plpgsql_exec_function(PLpgSQL_function * func, FunctionCallInfo fcinfo)
 	estate.retistuple = func->fn_retistuple;
 	estate.retisset = func->fn_retset;
 	estate.exitlabel = NULL;
-
+	estate.invoker_uid = GetUserId();
+	estate.definer_uid = func->definer_uid;
+	estate.auth_level = PLPGSQL_AUTH_INVOKER;
+        
 	estate.found_varno = func->found_varno;
 	estate.ndatums = func->ndatums;
 	estate.datums = palloc(sizeof(PLpgSQL_datum *) * estate.ndatums);
@@ -397,6 +406,9 @@ plpgsql_exec_function(PLpgSQL_function * func, FunctionCallInfo fcinfo)
 		elog(ERROR, "control reaches end of function without RETURN");
 	}
 
+	if (estate.auth_level!=PLPGSQL_AUTH_INVOKER)
+		SetUserId(estate.invoker_uid);
+
 	/*
 	 * We got a return value - process it
 	 */
@@ -577,6 +589,9 @@ plpgsql_exec_trigger(PLpgSQL_function * func,
 	estate.retistuple = func->fn_retistuple;
 	estate.retisset = func->fn_retset;
 	estate.exitlabel = NULL;
+	estate.invoker_uid = GetUserId();
+	estate.definer_uid = func->definer_uid;
+	estate.auth_level = PLPGSQL_AUTH_INVOKER;
 
 	estate.found_varno = func->found_varno;
 	estate.ndatums = func->ndatums;
@@ -760,6 +775,9 @@ plpgsql_exec_trigger(PLpgSQL_function * func,
 		elog(ERROR, "control reaches end of trigger procedure without RETURN");
 	}
 
+	if (estate.auth_level!=PLPGSQL_AUTH_INVOKER)
+		SetUserId(estate.invoker_uid);
+
 	/*
 	 * Check that the returned tuple structure has the same attributes,
 	 * the relation that fired the trigger has.
@@ -1022,6 +1040,10 @@ exec_stmt(PLpgSQL_execstate * estate, PLpgSQL_stmt * stmt)
 			rc = exec_stmt_return(estate, (PLpgSQL_stmt_return *) stmt);
 			break;
 
+		case PLPGSQL_STMT_SETAUTH:
+			rc = exec_stmt_setauth(estate, (PLpgSQL_stmt_setauth *) stmt);
+			break;
+
 		case PLPGSQL_STMT_RAISE:
 			rc = exec_stmt_raise(estate, (PLpgSQL_stmt_raise *) stmt);
 			break;
@@ -1645,6 +1667,29 @@ exec_stmt_return(PLpgSQL_execstate * estate, PLpgSQL_stmt_return * stmt)
 	return PLPGSQL_RC_RETURN;
 }
 
+/* ----------
+ * exec_stmt_setauth            Changes user ID to/from
+ *                              that of the function owner's
+ * ----------
+ */
+
+static int
+exec_stmt_setauth(PLpgSQL_execstate * estate, PLpgSQL_stmt_setauth * stmt)
+{
+	switch(stmt->auth_level)
+        {
+        	case PLPGSQL_AUTH_DEFINER:
+                	SetUserId(estate->definer_uid);
+                        break;
+                case PLPGSQL_AUTH_INVOKER:
+                	SetUserId(estate->invoker_uid);
+                        break;
+	}
+
+	estate->auth_level=stmt->auth_level;
+	return PLPGSQL_RC_OK;
+}
+
 
 /* ----------
  * exec_stmt_raise			Build a message and throw it with
diff --git a/src/pl/plpgsql/src/pl_funcs.c b/src/pl/plpgsql/src/pl_funcs.c
index a657512fda1..55d6622a043 100644
--- a/src/pl/plpgsql/src/pl_funcs.c
+++ b/src/pl/plpgsql/src/pl_funcs.c
@@ -3,7 +3,7 @@
  *			  procedural language
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_funcs.c,v 1.13 2001/05/21 14:22:19 wieck Exp $
+ *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_funcs.c,v 1.14 2001/07/11 18:54:18 momjian Exp $
  *
  *	  This software is copyrighted by Jan Wieck - Hamburg.
  *
@@ -382,6 +382,7 @@ static void dump_fors(PLpgSQL_stmt_fors * stmt);
 static void dump_select(PLpgSQL_stmt_select * stmt);
 static void dump_exit(PLpgSQL_stmt_exit * stmt);
 static void dump_return(PLpgSQL_stmt_return * stmt);
+static void dump_setauth(PLpgSQL_stmt_setauth * stmt);
 static void dump_raise(PLpgSQL_stmt_raise * stmt);
 static void dump_execsql(PLpgSQL_stmt_execsql * stmt);
 static void dump_dynexecute(PLpgSQL_stmt_dynexecute * stmt);
@@ -438,6 +439,9 @@ dump_stmt(PLpgSQL_stmt * stmt)
 		case PLPGSQL_STMT_RETURN:
 			dump_return((PLpgSQL_stmt_return *) stmt);
 			break;
+		case PLPGSQL_STMT_SETAUTH:
+			dump_setauth((PLpgSQL_stmt_setauth *) stmt);
+			break;
 		case PLPGSQL_STMT_RAISE:
 			dump_raise((PLpgSQL_stmt_raise *) stmt);
 			break;
@@ -722,6 +726,21 @@ dump_return(PLpgSQL_stmt_return * stmt)
 }
 
 static void
+dump_setauth(PLpgSQL_stmt_setauth * stmt)
+{
+	dump_ind();
+        switch (stmt->auth_level)
+        {
+        	case PLPGSQL_AUTH_DEFINER:
+                	printf("SET AUTHORIZATION DEFINER\n");
+                        break;
+                case PLPGSQL_AUTH_INVOKER:
+                	printf("SET AUTHORIZATION INVOKER\n");
+                        break;
+        }
+}
+
+static void
 dump_raise(PLpgSQL_stmt_raise * stmt)
 {
 	int			i;
diff --git a/src/pl/plpgsql/src/plpgsql.h b/src/pl/plpgsql/src/plpgsql.h
index 7089144988b..c460cbf68a7 100644
--- a/src/pl/plpgsql/src/plpgsql.h
+++ b/src/pl/plpgsql/src/plpgsql.h
@@ -3,7 +3,7 @@
  *			  procedural language
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/plpgsql.h,v 1.14 2001/05/21 14:22:19 wieck Exp $
+ *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/plpgsql.h,v 1.15 2001/07/11 18:54:19 momjian Exp $
  *
  *	  This software is copyrighted by Jan Wieck - Hamburg.
  *
@@ -95,6 +95,7 @@ enum
 	PLPGSQL_STMT_DYNEXECUTE,
 	PLPGSQL_STMT_DYNFORS,
 	PLPGSQL_STMT_GETDIAG,
+	PLPGSQL_STMT_SETAUTH,
 	PLPGSQL_STMT_OPEN,
 	PLPGSQL_STMT_FETCH,
 	PLPGSQL_STMT_CLOSE
@@ -112,6 +113,16 @@ enum
 	PLPGSQL_RC_RETURN
 };
 
+/* ---------
+ * Authorization levels
+ * ---------
+ */
+enum
+{
+	PLPGSQL_AUTH_INVOKER,
+        PLPGSQL_AUTH_DEFINER,
+};
+
 /* ----------
  * GET DIAGNOSTICS system attrs
  * ----------
@@ -425,6 +436,12 @@ typedef struct
 	int			retrecno;
 }			PLpgSQL_stmt_return;
 
+typedef struct
+{                               /* SET AUTHORIZATION statement */
+    int         cmd_type;
+    int         lineno;
+    int		auth_level;
+}           PLpgSQL_stmt_setauth;
 
 typedef struct
 {								/* RAISE statement			*/
@@ -480,6 +497,7 @@ typedef struct PLpgSQL_function
 	int			tg_nargs_varno;
 
 	int			ndatums;
+        Oid			definer_uid;
 	PLpgSQL_datum **datums;
 	PLpgSQL_stmt_block *action;
 	struct PLpgSQL_function *next;
@@ -502,6 +520,9 @@ typedef struct
 	int			found_varno;
 	int			ndatums;
 	PLpgSQL_datum **datums;
+	Oid		invoker_uid;
+	Oid		definer_uid;
+        int		auth_level;
 }			PLpgSQL_execstate;
 
 
diff --git a/src/pl/plpgsql/src/scan.l b/src/pl/plpgsql/src/scan.l
index 08f9fb9d06f..7a7f6f4b1f3 100644
--- a/src/pl/plpgsql/src/scan.l
+++ b/src/pl/plpgsql/src/scan.l
@@ -4,7 +4,7 @@
  *			  procedural language
  *
  * IDENTIFICATION
- *    $Header: /cvsroot/pgsql/src/pl/plpgsql/src/Attic/scan.l,v 1.12 2001/05/21 14:22:19 wieck Exp $
+ *    $Header: /cvsroot/pgsql/src/pl/plpgsql/src/Attic/scan.l,v 1.13 2001/07/11 18:54:19 momjian Exp $
  *
  *    This software is copyrighted by Jan Wieck - Hamburg.
  *
@@ -121,6 +121,10 @@ null			{ return K_NULL;			}
 open			{ return K_OPEN;			}
 perform			{ return K_PERFORM;			}
 raise			{ return K_RAISE;			}
+set			{ return K_SET;				}
+authorization		{ return K_AUTHORIZATION;		}
+invoker			{ return K_INVOKER;			}
+definer			{ return K_DEFINER;			}
 record			{ return K_RECORD;			}
 rename			{ return K_RENAME;			}
 result_oid		{ return K_RESULT_OID;		}