<!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/allfiles.sgml,v 1.29 2001/05/08 19:28:01 momjian Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/allfiles.sgml,v 1.30 2001/05/08 21:06:42 petere Exp $
Postgres documentation
Complete list of usable sgml source files in this directory.
-->
<!entity selectInto system "select_into.sgml">
<!entity set system "set.sgml">
<!entity setConstraints system "set_constraints.sgml">
+<!entity setSessionAuth system "set_session_auth.sgml">
<!entity setTransaction system "set_transaction.sgml">
<!entity show system "show.sgml">
<!entity truncate system "truncate.sgml">
--- /dev/null
+<!-- $Header: /cvsroot/pgsql/doc/src/sgml/ref/set_session_auth.sgml,v 1.1 2001/05/08 21:06:42 petere Exp $ -->
+<refentry id="SQL-SET-SESSION-AUTHORIZATION">
+ <docinfo>
+ <date>2001-04-21</date>
+ </docinfo>
+
+ <refmeta>
+ <refentrytitle>SET SESSION AUTHORIZATION</refentrytitle>
+ <refmiscinfo>SQL - Language Statements</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname>SET SESSION AUTHORIZATION</refname>
+ <refpurpose>Set the session user identifier and the current user identifier
+ of the current SQL-session context</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+<synopsis>
+SET SESSION AUTHORIZATION '<parameter>username</parameter>'
+</synopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>Description</title>
+
+ <para>
+ This command sets the session user identifier and the current user
+ identifer of the current SQL-session context to be
+ <parameter>username</parameter>.
+ </para>
+
+ <para>
+ The session user identifier is initially set to be the (possibly
+ authenticated) user name provided by the client. The current user
+ identifier is normally equal to the session user identifier, but
+ may change temporarily in the context of <quote>setuid</quote>
+ functions and similar mechanisms. The current user identifer is
+ relevant for permission checking.
+ </para>
+
+ <para>
+ Execution of this command is only permitted if the initial session
+ user (the <firstterm>authenticated user</firstterm>) had the
+ superuser privilege. This permission is kept for the duration of a
+ connection; for example, it is possible to temporarily become an
+ unprivileged user and later switch back to become a superuser.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>Examples</title>
+
+<screen>
+<userinput>SELECT SESSION_USER, CURRENT_USER;</userinput>
+ current_user | session_user
+--------------+--------------
+ peter | peter
+
+<userinput>SET SESSION AUTHORIZATION 'paul';</userinput>
+
+<userinput>SELECT SESSION_USER, CURRENT_USER;</userinput>
+ current_user | session_user
+--------------+--------------
+ paul | paul
+</screen>
+ </refsect1>
+
+ <refsect1>
+ <title>Compatibility</title>
+
+ <simpara>SQL99</simpara>
+
+ <para>
+ SQL99 allows some other expressions to appear in place of the
+ literal <parameter>username</parameter> which are not important in
+ practice. <application>PostgreSQL</application> allows identifier
+ syntax (<literal>"username"</literal>), which SQL does not. SQL
+ does not allow this command during a transaction;
+ <application>PostgreSQL</application> does not make
+ this restriction because there is no reason to. The
+ privileges necessary to execute this command are left
+ implementation-defined by the standard.
+ </para>
+ </refsect1>
+</refentry>
+
+<!-- Keep this comment at the end of the file
+Local variables:
+mode:sgml
+sgml-omittag:nil
+sgml-shorttag:t
+sgml-minimize-attributes:nil
+sgml-always-quote-attributes:t
+sgml-indent-step:1
+sgml-indent-data:t
+sgml-parent-document:nil
+sgml-default-dtd-file:"../reference.ced"
+sgml-exposed-tags:nil
+sgml-local-catalogs:("/usr/lib/sgml/catalog")
+sgml-local-ecat-files:nil
+End:
+-->
<!-- reference.sgml
-$Header: /cvsroot/pgsql/doc/src/sgml/reference.sgml,v 1.16 2001/05/07 00:43:14 tgl Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/reference.sgml,v 1.17 2001/05/08 21:06:42 petere Exp $
PostgreSQL Reference Manual
-->
&selectInto;
&set;
&setConstraints;
+ &setSessionAuth;
&setTransaction;
&show;
&truncate;
&dropuser;
&ecpgRef;
&pgAccess;
- &pgAdmin;
&pgConfig;
&pgDump;
&pgDumpall;
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.47 2001/03/29 19:03:57 petere Exp $
+ * $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.48 2001/05/08 21:06:42 petere Exp $
*
*-------------------------------------------------------------------------
*/
parse_server_encoding(mvalue);
else if (strcasecmp(name, "seed") == 0)
parse_random_seed(mvalue);
+ else if (strcasecmp(name, "session_authorization") == 0)
+ SetSessionAuthorization(value);
else
SetConfigOption(name, value, superuser() ? PGC_SUSET : PGC_USERSET);
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.223 2001/05/07 00:43:23 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.224 2001/05/08 21:06:42 petere Exp $
*
* HISTORY
* AUTHOR DATE MAJOR EVENT
%type <ival> Iconst
%type <str> Sconst, comment_text
-%type <str> UserId, opt_boolean, var_value, zone_value
+%type <str> UserId, opt_boolean, var_value, zone_value, Ident_or_Sconst
%type <str> ColId, ColLabel, TokenId
%type <node> TableConstraint
*/
/* Keywords (in SQL92 reserved words) */
-%token ABSOLUTE, ACTION, ADD, ALL, ALTER, AND, ANY, AS, ASC, AT,
+%token ABSOLUTE, ACTION, ADD, ALL, ALTER, AND, ANY, AS, ASC, AT, AUTHORIZATION,
BEGIN_TRANS, BETWEEN, BOTH, BY,
CASCADE, CASE, CAST, CHAR, CHARACTER, CHECK, CLOSE,
COALESCE, COLLATE, COLUMN, COMMIT,
n->value = $3;
$$ = (Node *) n;
}
+ | SET SESSION AUTHORIZATION Ident_or_Sconst
+ {
+ VariableSetStmt *n = makeNode(VariableSetStmt);
+ n->name = "session_authorization";
+ n->value = $4;
+ $$ = (Node *) n;
+ }
;
opt_level: READ COMMITTED { $$ = "committed"; }
| /*EMPTY*/ { $$ = NULL; }
;
+Ident_or_Sconst: IDENT { $$ = $1; }
+ | SCONST { $$ = $1; }
+
+
VariableShowStmt: SHOW ColId
{
VariableShowStmt *n = makeNode(VariableShowStmt);
| AGGREGATE { $$ = "aggregate"; }
| ALTER { $$ = "alter"; }
| AT { $$ = "at"; }
+ | AUTHORIZATION { $$ = "authorization"; }
| BACKWARD { $$ = "backward"; }
| BEFORE { $$ = "before"; }
| BEGIN_TRANS { $$ = "begin"; }
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.91 2001/05/07 00:43:23 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.92 2001/05/08 21:06:43 petere Exp $
*
*-------------------------------------------------------------------------
*/
{"as", AS},
{"asc", ASC},
{"at", AT},
+ {"authorization", AUTHORIZATION},
{"backward", BACKWARD},
{"before", BEFORE},
{"begin", BEGIN_TRANS},
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.65 2001/04/16 02:42:01 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.66 2001/05/08 21:06:43 petere Exp $
*
*-------------------------------------------------------------------------
*/
static Oid CurrentUserId = InvalidOid;
static Oid SessionUserId = InvalidOid;
+static bool AuthenticatedUserIsSuperuser = false;
/*
* This function is relevant for all privilege checks.
void
-SetSessionUserIdFromUserName(const char *username)
+InitializeSessionUserId(const char *username)
{
HeapTuple userTup;
*/
AssertState(!IsBootstrapProcessingMode());
+ /* call only once */
+ AssertState(!OidIsValid(SessionUserId));
+
userTup = SearchSysCache(SHADOWNAME,
PointerGetDatum(username),
0, 0, 0);
SetSessionUserId(((Form_pg_shadow) GETSTRUCT(userTup))->usesysid);
+ AuthenticatedUserIsSuperuser = ((Form_pg_shadow) GETSTRUCT(userTup))->usesuper;
+
+ ReleaseSysCache(userTup);
+}
+
+
+
+void SetSessionAuthorization(const char * username)
+{
+ HeapTuple userTup;
+
+ if (!AuthenticatedUserIsSuperuser)
+ elog(ERROR, "permission denied");
+
+ userTup = SearchSysCache(SHADOWNAME,
+ PointerGetDatum(username),
+ 0, 0, 0);
+ if (!HeapTupleIsValid(userTup))
+ elog(ERROR, "user \"%s\" does not exist", username);
+
+ SetSessionUserId(((Form_pg_shadow) GETSTRUCT(userTup))->usesysid);
+ SetUserId(((Form_pg_shadow) GETSTRUCT(userTup))->usesysid);
+
ReleaseSysCache(userTup);
}
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/utils/init/postinit.c,v 1.84 2001/04/21 18:29:29 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/utils/init/postinit.c,v 1.85 2001/05/08 21:06:43 petere Exp $
*
*
*-------------------------------------------------------------------------
if (bootstrap)
SetSessionUserId(geteuid());
else
- SetSessionUserIdFromUserName(username);
+ InitializeSessionUserId(username);
/*
* Unless we are bootstrapping, double-check that InitMyDatabaseInfo()
*
* Copyright 2000 by PostgreSQL Global Development Group
*
- * $Header: /cvsroot/pgsql/src/bin/psql/tab-complete.c,v 1.31 2001/05/07 19:31:33 petere Exp $
+ * $Header: /cvsroot/pgsql/src/bin/psql/tab-complete.c,v 1.32 2001/05/08 21:06:43 petere Exp $
*/
/*----------------------------------------------------------------------
/* these SET arguments are known in gram.y */
"CONSTRAINTS",
"NAMES",
- "SESSION CHARACTERISTICS AS TRANSACTION ISOLATION LEVEL",
+ "SESSION",
"TRANSACTION ISOLATION LEVEL",
/* these are treated in backend/commands/variable.c */
"DateStyle",
COMPLETE_WITH_LIST(constraint_list);
}
+ /* Complete SET SESSION with AUTHORIZATION or CHARACTERISTICS... */
+ else if (strcasecmp(prev2_wd, "SET") == 0 && strcasecmp(prev_wd, "SESSION") == 0)
+ {
+ char *my_list[] = {"AUTHORIZATION",
+ "CHARACTERISTICS AS TRANSACTION ISOLATION LEVEL",
+ NULL};
+
+ COMPLETE_WITH_LIST(my_list);
+ }
+ /* Complete SET SESSION AUTHORIZATION with username */
+ else if (strcasecmp(prev3_wd, "SET") == 0
+ && strcasecmp(prev2_wd, "SESSION") == 0
+ && strcasecmp(prev_wd, "AUTHORIZATION") == 0)
+ {
+ COMPLETE_WITH_QUERY(Query_for_list_of_users);
+ }
/* Complete SET <var> with "TO" */
else if (strcasecmp(prev2_wd, "SET") == 0 &&
strcasecmp(prev4_wd, "UPDATE") != 0)
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $Id: miscadmin.h,v 1.83 2001/03/22 04:00:25 momjian Exp $
+ * $Id: miscadmin.h,v 1.84 2001/05/08 21:06:43 petere Exp $
*
* NOTES
* some of the information in this file should be moved to
extern void SetUserId(Oid userid);
extern Oid GetSessionUserId(void);
extern void SetSessionUserId(Oid userid);
-extern void SetSessionUserIdFromUserName(const char *username);
+extern void InitializeSessionUserId(const char *username);
+extern void SetSessionAuthorization(const char *username);
extern void SetDataDir(const char *dir);
projects / thirdparty / postgresql.git / commitdiff
