@@ -718,6 +718,7 @@ parsePGArray(const char *atext, char ***itemarray, int *nitems)
718718 *
719719 * name: the object name, in the form to use in the commands (already quoted)
720720 * subname: the sub-object name, if any (already quoted); NULL if none
721+ * nspname: the namespace the object is in (NULL if none); not pre-quoted
721722 * type: the object type (as seen in GRANT command: must be one of
722723 * TABLE, SEQUENCE, FUNCTION, LANGUAGE, SCHEMA, DATABASE, TABLESPACE,
723724 * FOREIGN DATA WRAPPER, SERVER, or LARGE OBJECT)
@@ -737,7 +738,7 @@ parsePGArray(const char *atext, char ***itemarray, int *nitems)
737738 * since this routine uses fmtId() internally.
738739 */
739740bool
740- buildACLCommands (const char * name , const char * subname ,
741+ buildACLCommands (const char * name , const char * subname , const char * nspname ,
741742 const char * type , const char * acls , const char * owner ,
742743 const char * prefix , int remoteVersion ,
743744 PQExpBuffer sql )
@@ -791,7 +792,10 @@ buildACLCommands(const char *name, const char *subname,
791792 appendPQExpBuffer (firstsql , "%sREVOKE ALL" , prefix );
792793 if (subname )
793794 appendPQExpBuffer (firstsql , "(%s)" , subname );
794- appendPQExpBuffer (firstsql , " ON %s %s FROM PUBLIC;\n" , type , name );
795+ appendPQExpBuffer (firstsql , " ON %s " , type );
796+ if (nspname && * nspname )
797+ appendPQExpBuffer (firstsql , "%s." , fmtId (nspname ));
798+ appendPQExpBuffer (firstsql , "%s FROM PUBLIC;\n" , name );
795799
796800 /*
797801 * We still need some hacking though to cover the case where new default
@@ -839,18 +843,33 @@ buildACLCommands(const char *name, const char *subname,
839843 appendPQExpBuffer (firstsql , "%sREVOKE ALL" , prefix );
840844 if (subname )
841845 appendPQExpBuffer (firstsql , "(%s)" , subname );
842- appendPQExpBuffer (firstsql , " ON %s %s FROM %s;\n" ,
843- type , name , fmtId (grantee -> data ));
846+ appendPQExpBuffer (firstsql , " ON %s " , type );
847+ if (nspname && * nspname )
848+ appendPQExpBuffer (firstsql , "%s." , fmtId (nspname ));
849+ appendPQExpBuffer (firstsql , "%s FROM %s;\n" ,
850+ name , fmtId (grantee -> data ));
844851 if (privs -> len > 0 )
852+ {
853+ appendPQExpBuffer (firstsql ,
854+ "%sGRANT %s ON %s " ,
855+ prefix , privs -> data , type );
856+ if (nspname && * nspname )
857+ appendPQExpBuffer (firstsql , "%s." , fmtId (nspname ));
845858 appendPQExpBuffer (firstsql ,
846- "%sGRANT %s ON %s % s TO %s;\n" ,
847- prefix , privs -> data , type , name ,
848- fmtId ( grantee -> data ));
859+ "%s TO %s;\n" ,
860+ name , fmtId ( grantee -> data ));
861+ }
849862 if (privswgo -> len > 0 )
863+ {
864+ appendPQExpBuffer (firstsql ,
865+ "%sGRANT %s ON %s " ,
866+ prefix , privswgo -> data , type );
867+ if (nspname && * nspname )
868+ appendPQExpBuffer (firstsql , "%s." , fmtId (nspname ));
850869 appendPQExpBuffer (firstsql ,
851- "%sGRANT %s ON %s %s TO %s WITH GRANT OPTION;\n"
852- prefix , privswgo -> data , type , name ,
853- fmtId ( grantee -> data ));
870+ " %s TO %s WITH GRANT OPTION;\n"
871+ name , fmtId ( grantee -> data ));
872+ }
854873 }
855874 }
856875 else
@@ -865,8 +884,11 @@ buildACLCommands(const char *name, const char *subname,
865884
866885 if (privs -> len > 0 )
867886 {
868- appendPQExpBuffer (secondsql , "%sGRANT %s ON %s %s TO " ,
869- prefix , privs -> data , type , name );
887+ appendPQExpBuffer (secondsql , "%sGRANT %s ON %s " ,
888+ prefix , privs -> data , type );
889+ if (nspname && * nspname )
890+ appendPQExpBuffer (secondsql , "%s." , fmtId (nspname ));
891+ appendPQExpBuffer (secondsql , "%s TO " , name );
870892 if (grantee -> len == 0 )
871893 appendPQExpBufferStr (secondsql , "PUBLIC;\n" );
872894 else if (strncmp (grantee -> data , "group " ,
@@ -878,8 +900,11 @@ buildACLCommands(const char *name, const char *subname,
878900 }
879901 if (privswgo -> len > 0 )
880902 {
881- appendPQExpBuffer (secondsql , "%sGRANT %s ON %s %s TO " ,
882- prefix , privswgo -> data , type , name );
903+ appendPQExpBuffer (secondsql , "%sGRANT %s ON %s " ,
904+ prefix , privswgo -> data , type );
905+ if (nspname && * nspname )
906+ appendPQExpBuffer (secondsql , "%s." , fmtId (nspname ));
907+ appendPQExpBuffer (secondsql , "%s TO " , name );
883908 if (grantee -> len == 0 )
884909 appendPQExpBufferStr (secondsql , "PUBLIC" );
885910 else if (strncmp (grantee -> data , "group " ,
@@ -906,8 +931,11 @@ buildACLCommands(const char *name, const char *subname,
906931 appendPQExpBuffer (firstsql , "%sREVOKE ALL" , prefix );
907932 if (subname )
908933 appendPQExpBuffer (firstsql , "(%s)" , subname );
909- appendPQExpBuffer (firstsql , " ON %s %s FROM %s;\n" ,
910- type , name , fmtId (owner ));
934+ appendPQExpBuffer (firstsql , " ON %s " , type );
935+ if (nspname && * nspname )
936+ appendPQExpBuffer (firstsql , "%s." , fmtId (nspname ));
937+ appendPQExpBuffer (firstsql , "%s FROM %s;\n" ,
938+ name , fmtId (owner ));
911939 }
912940
913941 destroyPQExpBuffer (grantee );
@@ -958,7 +986,7 @@ buildDefaultACLCommands(const char *type, const char *nspname,
958986 if (nspname )
959987 appendPQExpBuffer (prefix , "IN SCHEMA %s " , fmtId (nspname ));
960988
961- result = buildACLCommands ("" , NULL ,
989+ result = buildACLCommands ("" , NULL , NULL ,
962990 type , acls , owner ,
963991 prefix -> data , remoteVersion ,
964992 sql );
@@ -1412,26 +1440,32 @@ processSQLNamePattern(PGconn *conn, PQExpBuffer buf, const char *pattern,
14121440 * buildShSecLabelQuery
14131441 *
14141442 * Build a query to retrieve security labels for a shared object.
1443+ * The object is identified by its OID plus the name of the catalog
1444+ * it can be found in (e.g., "pg_database" for database names).
1445+ * The query is appended to "sql". (We don't execute it here so as to
1446+ * keep this file free of assumptions about how to deal with SQL errors.)
14151447 */
14161448void
1417- buildShSecLabelQuery (PGconn * conn , const char * catalog_name , uint32 objectId ,
1449+ buildShSecLabelQuery (PGconn * conn , const char * catalog_name , Oid objectId ,
14181450 PQExpBuffer sql )
14191451{
14201452 appendPQExpBuffer (sql ,
14211453 "SELECT provider, label FROM pg_catalog.pg_shseclabel "
1422- "WHERE classoid = '%s'::pg_catalog.regclass AND "
1423- "objoid = %u " , catalog_name , objectId );
1454+ "WHERE classoid = 'pg_catalog. %s'::pg_catalog.regclass "
1455+ "AND objoid = '%u' " , catalog_name , objectId );
14241456}
14251457
14261458/*
14271459 * emitShSecLabels
14281460 *
1429- * Format security label data retrieved by the query generated in
1430- * buildShSecLabelQuery.
1461+ * Construct SECURITY LABEL commands using the data retrieved by the query
1462+ * generated by buildShSecLabelQuery, and append them to "buffer".
1463+ * Here, the target object is identified by its type name (e.g. "DATABASE")
1464+ * and its name (not pre-quoted).
14311465 */
14321466void
14331467emitShSecLabels (PGconn * conn , PGresult * res , PQExpBuffer buffer ,
1434- const char * target , const char * objname )
1468+ const char * objtype , const char * objname )
14351469{
14361470 int i ;
14371471
@@ -1443,7 +1477,7 @@ emitShSecLabels(PGconn *conn, PGresult *res, PQExpBuffer buffer,
14431477 /* must use fmtId result before calling it again */
14441478 appendPQExpBuffer (buffer ,
14451479 "SECURITY LABEL FOR %s ON %s" ,
1446- fmtId (provider ), target );
1480+ fmtId (provider ), objtype );
14471481 appendPQExpBuffer (buffer ,
14481482 " %s IS " ,
14491483 fmtId (objname ));
0 commit comments