--- /dev/null
+
+
+
+ 2001-04-21
+
+
+
+ SET SESSION AUTHORIZATION
+ SQL - Language Statements
+
+
+
+ SET SESSION AUTHORIZATION
+ Set the session user identifier and the current user identifier
+ of the current SQL-session context
+
+
+
+
+SET SESSION AUTHORIZATION '
username'
+
+
+
+
+
Description
+
+ This command sets the session user identifier and the current user
+ identifer of the current SQL-session context to be
+
+
+ The session user identifier is initially set to be the (possibly
+ authenticated) user name provided by the client. The current user
+ identifier is normally equal to the session user identifier, but
+ may change temporarily in the context of setuid
+ functions and similar mechanisms. The current user identifer is
+ relevant for permission checking.
+
+
+ Execution of this command is only permitted if the initial session
+ user (the authenticated user) had the
+ superuser privilege. This permission is kept for the duration of a
+ connection; for example, it is possible to temporarily become an
+ unprivileged user and later switch back to become a superuser.
+
+
+
+
+
Examples
+
+
+SELECT SESSION_USER, CURRENT_USER;
+ current_user | session_user
+--------------+--------------
+ peter | peter
+
+SET SESSION AUTHORIZATION 'paul';
+
+SELECT SESSION_USER, CURRENT_USER;
+ current_user | session_user
+--------------+--------------
+ paul | paul
+
+
+
+
+
Compatibility
+
+ SQL99
+
+ SQL99 allows some other expressions to appear in place of the
+ literal
username which are not important in
+ practice.
PostgreSQL allows identifier
+ syntax ("username"), which SQL does not. SQL
+ does not allow this command during a transaction;
+
PostgreSQL does not make
+ this restriction because there is no reason to. The
+ privileges necessary to execute this command are left
+ implementation-defined by the standard.
+
+
+
+
+
&selectInto;
&set;
&setConstraints;
+ &setSessionAuth;
&setTransaction;
&show;
&truncate;
&dropuser;
&ecpgRef;
&pgAccess;
- &pgAdmin;
&pgConfig;
&pgDump;
&pgDumpall;
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.47 2001/03/29 19:03:57 petere Exp $
+ * $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.48 2001/05/08 21:06:42 petere Exp $
*
*-------------------------------------------------------------------------
*/
parse_server_encoding(mvalue);
else if (strcasecmp(name, "seed") == 0)
parse_random_seed(mvalue);
+ else if (strcasecmp(name, "session_authorization") == 0)
+ SetSessionAuthorization(value);
else
SetConfigOption(name, value, superuser() ? PGC_SUSET : PGC_USERSET);
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.223 2001/05/07 00:43:23 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.224 2001/05/08 21:06:42 petere Exp $
*
* HISTORY
* AUTHOR DATE MAJOR EVENT
%type Iconst
%type Sconst, comment_text
-%type UserId, opt_boolean, var_value, zone_value
+%type UserId, opt_boolean, var_value, zone_value, Ident_or_Sconst
%type ColId, ColLabel, TokenId
%type TableConstraint
*/
/* Keywords (in SQL92 reserved words) */
-%token ABSOLUTE, ACTION, ADD, ALL, ALTER, AND, ANY, AS, ASC, AT,
+%token ABSOLUTE, ACTION, ADD, ALL, ALTER, AND, ANY, AS, ASC, AT, AUTHORIZATION,
BEGIN_TRANS, BETWEEN, BOTH, BY,
CASCADE, CASE, CAST, CHAR, CHARACTER, CHECK, CLOSE,
COALESCE, COLLATE, COLUMN, COMMIT,
n->value = $3;
$$ = (Node *) n;
}
+ | SET SESSION AUTHORIZATION Ident_or_Sconst
+ {
+ VariableSetStmt *n = makeNode(VariableSetStmt);
+ n->name = "session_authorization";
+ n->value = $4;
+ $$ = (Node *) n;
+ }
;
opt_level: READ COMMITTED { $$ = "committed"; }
| /*EMPTY*/ { $$ = NULL; }
;
+Ident_or_Sconst: IDENT { $$ = $1; }
+ | SCONST { $$ = $1; }
+
+
VariableShowStmt: SHOW ColId
{
VariableShowStmt *n = makeNode(VariableShowStmt);
| AGGREGATE { $$ = "aggregate"; }
| ALTER { $$ = "alter"; }
| AT { $$ = "at"; }
+ | AUTHORIZATION { $$ = "authorization"; }
| BACKWARD { $$ = "backward"; }
| BEFORE { $$ = "before"; }
| BEGIN_TRANS { $$ = "begin"; }
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.91 2001/05/07 00:43:23 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.92 2001/05/08 21:06:43 petere Exp $
*
*-------------------------------------------------------------------------
*/
{"as", AS},
{"asc", ASC},
{"at", AT},
+ {"authorization", AUTHORIZATION},
{"backward", BACKWARD},
{"before", BEFORE},
{"begin", BEGIN_TRANS},
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.65 2001/04/16 02:42:01 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.66 2001/05/08 21:06:43 petere Exp $
*
*-------------------------------------------------------------------------
*/
static Oid CurrentUserId = InvalidOid;
static Oid SessionUserId = InvalidOid;
+static bool AuthenticatedUserIsSuperuser = false;
/*
* This function is relevant for all privilege checks.
void
-SetSessionUserIdFromUserName(const char *username)
+InitializeSessionUserId(const char *username)
{
HeapTuple userTup;
*/
AssertState(!IsBootstrapProcessingMode());
+ /* call only once */
+ AssertState(!OidIsValid(SessionUserId));
+
userTup = SearchSysCache(SHADOWNAME,
PointerGetDatum(username),
0, 0, 0);
SetSessionUserId(((Form_pg_shadow) GETSTRUCT(userTup))->usesysid);
+ AuthenticatedUserIsSuperuser = ((Form_pg_shadow) GETSTRUCT(userTup))->usesuper;
+
+ ReleaseSysCache(userTup);
+}
+
+
+
+void SetSessionAuthorization(const char * username)
+{
+ HeapTuple userTup;
+
+ if (!AuthenticatedUserIsSuperuser)
+ elog(ERROR, "permission denied");
+
+ userTup = SearchSysCache(SHADOWNAME,
+ PointerGetDatum(username),
+ 0, 0, 0);
+ if (!HeapTupleIsValid(userTup))
+ elog(ERROR, "user \"%s\" does not exist", username);
+
+ SetSessionUserId(((Form_pg_shadow) GETSTRUCT(userTup))->usesysid);
+ SetUserId(((Form_pg_shadow) GETSTRUCT(userTup))->usesysid);
+
ReleaseSysCache(userTup);
}
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/utils/init/postinit.c,v 1.84 2001/04/21 18:29:29 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/utils/init/postinit.c,v 1.85 2001/05/08 21:06:43 petere Exp $
*
*
*-------------------------------------------------------------------------
if (bootstrap)
SetSessionUserId(geteuid());
else
- SetSessionUserIdFromUserName(username);
+ InitializeSessionUserId(username);
/*
* Unless we are bootstrapping, double-check that InitMyDatabaseInfo()
*
* Copyright 2000 by PostgreSQL Global Development Group
*
- * $Header: /cvsroot/pgsql/src/bin/psql/tab-complete.c,v 1.31 2001/05/07 19:31:33 petere Exp $
+ * $Header: /cvsroot/pgsql/src/bin/psql/tab-complete.c,v 1.32 2001/05/08 21:06:43 petere Exp $
*/
/*----------------------------------------------------------------------
/* these SET arguments are known in gram.y */
"CONSTRAINTS",
"NAMES",
- "SESSION CHARACTERISTICS AS TRANSACTION ISOLATION LEVEL",
+ "SESSION",
"TRANSACTION ISOLATION LEVEL",
/* these are treated in backend/commands/variable.c */
"DateStyle",
COMPLETE_WITH_LIST(constraint_list);
}
+ /* Complete SET SESSION with AUTHORIZATION or CHARACTERISTICS... */
+ else if (strcasecmp(prev2_wd, "SET") == 0 && strcasecmp(prev_wd, "SESSION") == 0)
+ {
+ char *my_list[] = {"AUTHORIZATION",
+ "CHARACTERISTICS AS TRANSACTION ISOLATION LEVEL",
+ NULL};
+
+ COMPLETE_WITH_LIST(my_list);
+ }
+ /* Complete SET SESSION AUTHORIZATION with username */
+ else if (strcasecmp(prev3_wd, "SET") == 0
+ && strcasecmp(prev2_wd, "SESSION") == 0
+ && strcasecmp(prev_wd, "AUTHORIZATION") == 0)
+ {
+ COMPLETE_WITH_QUERY(Query_for_list_of_users);
+ }
/* Complete SET with "TO" */
else if (strcasecmp(prev2_wd, "SET") == 0 &&
strcasecmp(prev4_wd, "UPDATE") != 0)
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $Id: miscadmin.h,v 1.83 2001/03/22 04:00:25 momjian Exp $
+ * $Id: miscadmin.h,v 1.84 2001/05/08 21:06:43 petere Exp $
*
* NOTES
* some of the information in this file should be moved to
extern void SetUserId(Oid userid);
extern Oid GetSessionUserId(void);
extern void SetSessionUserId(Oid userid);
-extern void SetSessionUserIdFromUserName(const char *username);
+extern void InitializeSessionUserId(const char *username);
+extern void SetSessionAuthorization(const char *username);
extern void SetDataDir(const char *dir);
projects / postgresql.git / commitdiff