Bring syntax of role-related commands into SQL compliance. To avoid

syntactic conflicts, both privilege and role GRANT/REVOKE commands have to use the same production for scanning the list of tokens that might eventually turn out to be privileges or role names. So, change the existing GRANT/REVOKE code to expect a list of strings not pre-reduced AclMode values. Fix a couple other minor issues while at it, such as InitializeAcl function name conflicting with a Windows system function.
author: Tom Lane <tgl@sss.pgh.pa.us> 2005-06-28 19:51:26 +0000
committer: Tom Lane <tgl@sss.pgh.pa.us> 2005-06-28 19:51:26 +0000
commit: 0eaa36a16a89029f1b2eb9a38c90e3a0a0e2641e (patch)
tree: 31ad7be7a83a1fa7186e8de04c317f011ef4f54e /src
parent: 88b49cdc95ef9601edcb2cdb3fbe1986128b5092 (diff)
download: postgresql-0eaa36a16a89029f1b2eb9a38c90e3a0a0e2641e.tar.gz
postgresql-0eaa36a16a89029f1b2eb9a38c90e3a0a0e2641e.zip
11 files changed, 344 insertions, 316 deletions
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index 6ff89eb0425..f095ef24d6b 100644
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.113 2005/06/28 05:08:52 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.114 2005/06/28 19:51:21 tgl Exp $
  *
  * NOTES
  *	  See acl.h.
@@ -47,6 +47,7 @@ static void ExecuteGrantStmt_Language(GrantStmt *stmt);
 static void ExecuteGrantStmt_Namespace(GrantStmt *stmt);
 static void ExecuteGrantStmt_Tablespace(GrantStmt *stmt);
 
+static AclMode string_to_privilege(const char *privname);
 static const char *privilege_to_string(AclMode privilege);
 
 
@@ -209,7 +210,7 @@ ExecuteGrantStmt_Relation(GrantStmt *stmt)
 	bool		all_privs;
 	ListCell   *i;
 
-	if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
+	if (stmt->privileges == NIL)
 	{
 		all_privs = true;
 		privileges = ACL_ALL_RIGHTS_RELATION;
@@ -220,7 +221,8 @@ ExecuteGrantStmt_Relation(GrantStmt *stmt)
 		privileges = ACL_NO_RIGHTS;
 		foreach(i, stmt->privileges)
 		{
-			AclMode		priv = lfirst_int(i);
+			char	   *privname = strVal(lfirst(i));
+			AclMode		priv = string_to_privilege(privname);
 
 			if (priv & ~((AclMode) ACL_ALL_RIGHTS_RELATION))
 				ereport(ERROR,
@@ -377,7 +379,7 @@ ExecuteGrantStmt_Database(GrantStmt *stmt)
 	bool		all_privs;
 	ListCell   *i;
 
-	if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
+	if (stmt->privileges == NIL)
 	{
 		all_privs = true;
 		privileges = ACL_ALL_RIGHTS_DATABASE;
@@ -388,7 +390,8 @@ ExecuteGrantStmt_Database(GrantStmt *stmt)
 		privileges = ACL_NO_RIGHTS;
 		foreach(i, stmt->privileges)
 		{
-			AclMode		priv = lfirst_int(i);
+			char	   *privname = strVal(lfirst(i));
+			AclMode		priv = string_to_privilege(privname);
 
 			if (priv & ~((AclMode) ACL_ALL_RIGHTS_DATABASE))
 				ereport(ERROR,
@@ -535,7 +538,7 @@ ExecuteGrantStmt_Function(GrantStmt *stmt)
 	bool		all_privs;
 	ListCell   *i;
 
-	if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
+	if (stmt->privileges == NIL)
 	{
 		all_privs = true;
 		privileges = ACL_ALL_RIGHTS_FUNCTION;
@@ -546,7 +549,8 @@ ExecuteGrantStmt_Function(GrantStmt *stmt)
 		privileges = ACL_NO_RIGHTS;
 		foreach(i, stmt->privileges)
 		{
-			AclMode		priv = lfirst_int(i);
+			char	   *privname = strVal(lfirst(i));
+			AclMode		priv = string_to_privilege(privname);
 
 			if (priv & ~((AclMode) ACL_ALL_RIGHTS_FUNCTION))
 				ereport(ERROR,
@@ -689,7 +693,7 @@ ExecuteGrantStmt_Language(GrantStmt *stmt)
 	bool		all_privs;
 	ListCell   *i;
 
-	if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
+	if (stmt->privileges == NIL)
 	{
 		all_privs = true;
 		privileges = ACL_ALL_RIGHTS_LANGUAGE;
@@ -700,7 +704,8 @@ ExecuteGrantStmt_Language(GrantStmt *stmt)
 		privileges = ACL_NO_RIGHTS;
 		foreach(i, stmt->privileges)
 		{
-			AclMode		priv = lfirst_int(i);
+			char	   *privname = strVal(lfirst(i));
+			AclMode		priv = string_to_privilege(privname);
 
 			if (priv & ~((AclMode) ACL_ALL_RIGHTS_LANGUAGE))
 				ereport(ERROR,
@@ -852,7 +857,7 @@ ExecuteGrantStmt_Namespace(GrantStmt *stmt)
 	bool		all_privs;
 	ListCell   *i;
 
-	if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
+	if (stmt->privileges == NIL)
 	{
 		all_privs = true;
 		privileges = ACL_ALL_RIGHTS_NAMESPACE;
@@ -863,7 +868,8 @@ ExecuteGrantStmt_Namespace(GrantStmt *stmt)
 		privileges = ACL_NO_RIGHTS;
 		foreach(i, stmt->privileges)
 		{
-			AclMode		priv = lfirst_int(i);
+			char	   *privname = strVal(lfirst(i));
+			AclMode		priv = string_to_privilege(privname);
 
 			if (priv & ~((AclMode) ACL_ALL_RIGHTS_NAMESPACE))
 				ereport(ERROR,
@@ -1006,7 +1012,7 @@ ExecuteGrantStmt_Tablespace(GrantStmt *stmt)
 	bool		all_privs;
 	ListCell   *i;
 
-	if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
+	if (stmt->privileges == NIL)
 	{
 		all_privs = true;
 		privileges = ACL_ALL_RIGHTS_TABLESPACE;
@@ -1017,7 +1023,8 @@ ExecuteGrantStmt_Tablespace(GrantStmt *stmt)
 		privileges = ACL_NO_RIGHTS;
 		foreach(i, stmt->privileges)
 		{
-			AclMode		priv = lfirst_int(i);
+			char	   *privname = strVal(lfirst(i));
+			AclMode		priv = string_to_privilege(privname);
 
 			if (priv & ~((AclMode) ACL_ALL_RIGHTS_TABLESPACE))
 				ereport(ERROR,
@@ -1157,6 +1164,39 @@ ExecuteGrantStmt_Tablespace(GrantStmt *stmt)
 }
 
 
+static AclMode
+string_to_privilege(const char *privname)
+{
+	if (strcmp(privname, "insert") == 0)
+		return ACL_INSERT;
+	if (strcmp(privname, "select") == 0)
+		return ACL_SELECT;
+	if (strcmp(privname, "update") == 0)
+		return ACL_UPDATE;
+	if (strcmp(privname, "delete") == 0)
+		return ACL_DELETE;
+	if (strcmp(privname, "rule") == 0)
+		return ACL_RULE;
+	if (strcmp(privname, "references") == 0)
+		return ACL_REFERENCES;
+	if (strcmp(privname, "trigger") == 0)
+		return ACL_TRIGGER;
+	if (strcmp(privname, "execute") == 0)
+		return ACL_EXECUTE;
+	if (strcmp(privname, "usage") == 0)
+		return ACL_USAGE;
+	if (strcmp(privname, "create") == 0)
+		return ACL_CREATE;
+	if (strcmp(privname, "temporary") == 0)
+		return ACL_CREATE_TEMP;
+	if (strcmp(privname, "temp") == 0)
+		return ACL_CREATE_TEMP;
+	ereport(ERROR,
+			(errcode(ERRCODE_SYNTAX_ERROR),
+			 errmsg("unrecognized privilege type \"%s\"", privname)));
+	return 0;					/* appease compiler */
+}
+
 static const char *
 privilege_to_string(AclMode privilege)
 {
diff --git a/src/backend/catalog/pg_proc.c b/src/backend/catalog/pg_proc.c
index 7d1384ed382..f8ed892ebfe 100644
--- a/src/backend/catalog/pg_proc.c
+++ b/src/backend/catalog/pg_proc.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/catalog/pg_proc.c,v 1.130 2005/06/28 05:08:52 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/catalog/pg_proc.c,v 1.131 2005/06/28 19:51:21 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -266,7 +266,7 @@ ProcedureCreate(const char *procedureName,
 					(errcode(ERRCODE_DUPLICATE_FUNCTION),
 					 errmsg("function \"%s\" already exists with same argument types",
 							procedureName)));
-		if (GetUserId() != oldproc->proowner && !superuser())
+		if (!pg_proc_ownercheck(HeapTupleGetOid(oldtup), GetUserId()))
 			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
 						   procedureName);
 
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index 131f1896f92..0d34e57b258 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -6,7 +6,7 @@
  * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.152 2005/06/28 05:08:55 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.153 2005/06/28 19:51:22 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -61,16 +61,17 @@ CreateRole(CreateRoleStmt *stmt)
 	bool		createrole = false;		/* Can this user create roles? */
 	bool		createdb = false;		/* Can the user create databases? */
 	bool		canlogin = false;		/* Can this user login? */
-	List	   *roleElts = NIL;			/* roles the user is a member of */
-	List	   *rolememElts = NIL;	/* roles which will be members of this role */
-	char	   *validUntil = NULL;		/* The time the login is valid
-										 * until */
+	List	   *addroleto = NIL;		/* roles to make this a member of */
+	List	   *rolemembers = NIL;		/* roles to be members of this role */
+	List	   *adminmembers = NIL;		/* roles to be admins of this role */
+	char	   *validUntil = NULL;		/* time the login is valid until */
 	DefElem    *dpassword = NULL;
 	DefElem    *dcreatedb = NULL;
 	DefElem    *dcreaterole = NULL;
 	DefElem    *dcanlogin = NULL;
-	DefElem    *droleElts = NULL;
-	DefElem    *drolememElts = NULL;
+	DefElem    *daddroleto = NULL;
+	DefElem    *drolemembers = NULL;
+	DefElem    *dadminmembers = NULL;
 	DefElem    *dvalidUntil = NULL;
 
 	/* Extract options from the statement node tree */
@@ -121,21 +122,29 @@ CreateRole(CreateRoleStmt *stmt)
 						 errmsg("conflicting or redundant options")));
 			dcanlogin = defel;
 		}
-		else if (strcmp(defel->defname, "roleElts") == 0)
+		else if (strcmp(defel->defname, "addroleto") == 0)
 		{
-			if (droleElts)
+			if (daddroleto)
 				ereport(ERROR,
 						(errcode(ERRCODE_SYNTAX_ERROR),
 						 errmsg("conflicting or redundant options")));
-			droleElts = defel;
+			daddroleto = defel;
 		}
-		else if (strcmp(defel->defname, "rolememElts") == 0)
+		else if (strcmp(defel->defname, "rolemembers") == 0)
 		{
-			if (drolememElts)
+			if (drolemembers)
 				ereport(ERROR,
 						(errcode(ERRCODE_SYNTAX_ERROR),
 						 errmsg("conflicting or redundant options")));
-			drolememElts = defel;
+			drolemembers = defel;
+		}
+		else if (strcmp(defel->defname, "adminmembers") == 0)
+		{
+			if (dadminmembers)
+				ereport(ERROR,
+						(errcode(ERRCODE_SYNTAX_ERROR),
+						 errmsg("conflicting or redundant options")));
+			dadminmembers = defel;
 		}
 		else if (strcmp(defel->defname, "validUntil") == 0)
 		{
@@ -164,10 +173,12 @@ CreateRole(CreateRoleStmt *stmt)
 		validUntil = strVal(dvalidUntil->arg);
 	if (dpassword)
 		password = strVal(dpassword->arg);
-	if (droleElts)
-		roleElts = (List *) droleElts->arg;
-	if (drolememElts)
-		rolememElts = (List *) drolememElts->arg;
+	if (daddroleto)
+		addroleto = (List *) daddroleto->arg;
+	if (drolemembers)
+		rolemembers = (List *) drolemembers->arg;
+	if (dadminmembers)
+		adminmembers = (List *) dadminmembers->arg;
 
 	/* Check some permissions first */
 	if (!superuser())
@@ -257,7 +268,7 @@ CreateRole(CreateRoleStmt *stmt)
 	/*
 	 * Add the new role to the specified existing roles.
 	 */
-	foreach(item, roleElts)
+	foreach(item, addroleto)
 	{
 		char   *oldrolename = strVal(lfirst(item));
 		Oid		oldroleid = get_roleid_checked(oldrolename);
@@ -269,10 +280,14 @@ CreateRole(CreateRoleStmt *stmt)
 	}
 
 	/*
-	 * Add the specified members to this new role.
+	 * Add the specified members to this new role. adminmembers get the
+	 * admin option, rolemembers don't.
 	 */
 	AddRoleMems(stmt->role, roleid,
-				rolememElts, roleNamesToIds(rolememElts),
+				adminmembers, roleNamesToIds(adminmembers),
+				GetUserId(), true);
+	AddRoleMems(stmt->role, roleid,
+				rolemembers, roleNamesToIds(rolemembers),
 				GetUserId(), false);
 
 	/*
@@ -309,17 +324,14 @@ AlterRole(AlterRoleStmt *stmt)
 	int			createrole = -1;		/* Can this user create roles? */
 	int			createdb = -1;			/* Can the user create databases? */
 	int			canlogin = -1;			/* Can this user login? */
-	int			adminopt = 0;	/* Can this user grant this role to others? */
-	List	   *rolememElts = NIL;	/* The roles which will be added/removed to this role */
-	char	   *validUntil = NULL;		/* The time the login is valid
-										 * until */
+	List	   *rolemembers = NIL;		/* roles to be added/removed */
+	char	   *validUntil = NULL;		/* time the login is valid until */
 	DefElem    *dpassword = NULL;
 	DefElem    *dcreatedb = NULL;
 	DefElem    *dcreaterole = NULL;
 	DefElem    *dcanlogin = NULL;
-	DefElem    *dadminopt = NULL;
 	DefElem    *dvalidUntil = NULL;
-	DefElem    *drolememElts = NULL;
+	DefElem    *drolemembers = NULL;
 	Oid			roleid;
 
 	/* Extract options from the statement node tree */
@@ -365,14 +377,6 @@ AlterRole(AlterRoleStmt *stmt)
 						 errmsg("conflicting or redundant options")));
 			dcanlogin = defel;
 		}
-		else if (strcmp(defel->defname, "adminopt") == 0)
-		{
-			if (dadminopt)
-				ereport(ERROR,
-						(errcode(ERRCODE_SYNTAX_ERROR),
-						 errmsg("conflicting or redundant options")));
-			dadminopt = defel;
-		}
 		else if (strcmp(defel->defname, "validUntil") == 0)
 		{
 			if (dvalidUntil)
@@ -381,13 +385,14 @@ AlterRole(AlterRoleStmt *stmt)
 						 errmsg("conflicting or redundant options")));
 			dvalidUntil = defel;
 		}
-		else if (strcmp(defel->defname, "rolememElts") == 0 && stmt->action != 0)
+		else if (strcmp(defel->defname, "rolemembers") == 0 &&
+				 stmt->action != 0)
 		{
-			if (drolememElts)
+			if (drolemembers)
 				ereport(ERROR,
 						(errcode(ERRCODE_SYNTAX_ERROR),
 						 errmsg("conflicting or redundant options")));
-			drolememElts = defel;
+			drolemembers = defel;
 		}
 		else
 			elog(ERROR, "option \"%s\" not recognized",
@@ -404,14 +409,12 @@ AlterRole(AlterRoleStmt *stmt)
 	}
 	if (dcanlogin)
 		canlogin = intVal(dcanlogin->arg);
-	if (dadminopt)
-		adminopt = intVal(dadminopt->arg);
 	if (dvalidUntil)
 		validUntil = strVal(dvalidUntil->arg);
 	if (dpassword)
 		password = strVal(dpassword->arg);
-	if (drolememElts)
-		rolememElts = (List *) drolememElts->arg;
+	if (drolemembers)
+		rolemembers = (List *) drolemembers->arg;
 
 	/* must be superuser or just want to change your own password */
 	if (!superuser() &&
@@ -420,8 +423,7 @@ AlterRole(AlterRoleStmt *stmt)
 		  createdb < 0 &&
 		  canlogin < 0 &&
 		  !validUntil &&
-		  !rolememElts &&
-		  !adminopt &&
+		  !rolemembers &&
 		  password &&
 		  strcmp(GetUserNameFromId(GetUserId()), stmt->role) == 0))
 		ereport(ERROR,
@@ -537,12 +539,12 @@ AlterRole(AlterRoleStmt *stmt)
 
 	if (stmt->action == +1)		/* add members to role */
 		AddRoleMems(stmt->role, roleid,
-					rolememElts, roleNamesToIds(rolememElts),
-					GetUserId(), adminopt);
+					rolemembers, roleNamesToIds(rolemembers),
+					GetUserId(), false);
 	else if (stmt->action == -1)	/* drop members from role */
 		DelRoleMems(stmt->role, roleid,
-					rolememElts, roleNamesToIds(rolememElts),
-					adminopt);
+					rolemembers, roleNamesToIds(rolemembers),
+					false);
 
 	/*
 	 * Set flag to update flat auth file at commit.
diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y
index d822a7176a7..7f18b12b92b 100644
--- a/src/backend/parser/gram.y
+++ b/src/backend/parser/gram.y
@@ -11,7 +11,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/parser/gram.y,v 2.499 2005/06/28 05:08:57 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/parser/gram.y,v 2.500 2005/06/28 19:51:22 tgl Exp $
  *
  * HISTORY
  *	  AUTHOR			DATE			MAJOR EVENT
@@ -143,10 +143,10 @@ static void doNegateFloat(Value *v);
 		DropGroupStmt DropOpClassStmt DropPLangStmt DropStmt
 		DropAssertStmt DropTrigStmt DropRuleStmt DropCastStmt DropRoleStmt
 		DropUserStmt DropdbStmt DropTableSpaceStmt ExplainStmt FetchStmt
-		GrantRoleStmt GrantStmt IndexStmt InsertStmt ListenStmt LoadStmt
+		GrantStmt GrantRoleStmt IndexStmt InsertStmt ListenStmt LoadStmt
 		LockStmt NotifyStmt ExplainableStmt PreparableStmt
 		CreateFunctionStmt AlterFunctionStmt ReindexStmt RemoveAggrStmt
-		RemoveFuncStmt RemoveOperStmt RenameStmt RevokeRoleStmt RevokeStmt
+		RemoveFuncStmt RemoveOperStmt RenameStmt RevokeStmt RevokeRoleStmt
 		RuleActionStmt RuleActionStmtOrEmpty RuleStmt
 		SelectStmt TransactionStmt TruncateStmt
 		UnlistenStmt UpdateStmt VacuumStmt
@@ -170,15 +170,11 @@ static void doNegateFloat(Value *v);
 
 %type <ival>	opt_lock lock_type cast_context
 %type <boolean>	opt_force opt_or_replace
-				opt_grant_grant_option opt_revoke_grant_option
-				opt_alter_admin_option 
-				opt_grant_admin_option opt_revoke_admin_option
+				opt_grant_grant_option opt_grant_admin_option
 				opt_nowait
 
 %type <boolean>	like_including_defaults
 
-%type <list>	role_list
-
 %type <list>	OptRoleList
 %type <defelt>	OptRoleElem
 
@@ -205,7 +201,7 @@ static void doNegateFloat(Value *v);
 %type <str>		iso_level opt_encoding
 %type <node>	grantee
 %type <list>	grantee_list
-%type <ival>	privilege
+%type <str>		privilege
 %type <list>	privileges privilege_list
 %type <privtarget> privilege_target
 %type <funwithargs> function_with_argtypes
@@ -347,8 +343,8 @@ static void doNegateFloat(Value *v);
 	CHARACTER CHARACTERISTICS CHECK CHECKPOINT CLASS CLOSE
 	CLUSTER COALESCE COLLATE COLUMN COMMENT COMMIT
 	COMMITTED CONSTRAINT CONSTRAINTS CONVERSION_P CONVERT COPY CREATE CREATEDB
-	CREATEROLE CREATEUSER CROSS CSV CURRENT_DATE CURRENT_TIME
-	CURRENT_TIMESTAMP CURRENT_ROLE CURRENT_USER CURSOR CYCLE
+	CREATEROLE CREATEUSER CROSS CSV CURRENT_DATE CURRENT_ROLE CURRENT_TIME
+	CURRENT_TIMESTAMP CURRENT_USER CURSOR CYCLE
 
 	DATABASE DAY_P DEALLOCATE DEC DECIMAL_P DECLARE DEFAULT DEFAULTS
 	DEFERRABLE DEFERRED DEFINER DELETE_P DELIMITER DELIMITERS
@@ -375,13 +371,13 @@ static void doNegateFloat(Value *v);
 
 	LANCOMPILER LANGUAGE LARGE_P  LAST_P LEADING LEAST LEFT LEVEL
 	LIKE LIMIT LISTEN LOAD LOCAL LOCALTIME LOCALTIMESTAMP LOCATION
-	LOCK_P LOGIN
+	LOCK_P LOGIN_P
 
 	MATCH MAXVALUE MINUTE_P MINVALUE MODE MONTH_P MOVE
 
 	NAMES NATIONAL NATURAL NCHAR NEW NEXT NO NOCREATEDB
-	NOCREATEROLE NOCREATEUSER NONE NOT NOTHING NOTIFY NOTNULL NOWAIT NULL_P
-	NULLIF NUMERIC NOLOGIN
+	NOCREATEROLE NOCREATEUSER NOLOGIN_P NONE NOT NOTHING NOTIFY
+	NOTNULL NOWAIT NULL_P NULLIF NUMERIC
 
 	OBJECT_P OF OFF OFFSET OIDS OLD ON ONLY OPERATOR OPTION OR
 	ORDER OUT_P OUTER_P OVERLAPS OVERLAY OWNER
@@ -397,7 +393,7 @@ static void doNegateFloat(Value *v);
 	ROLE ROLLBACK ROW ROWS RULE
 
 	SAVEPOINT SCHEMA SCROLL SECOND_P SECURITY SELECT SEQUENCE
-	SERIALIZABLE SESSION SESSION_ROLE SESSION_USER SET SETOF SHARE
+	SERIALIZABLE SESSION SESSION_USER SET SETOF SHARE
 	SHOW SIMILAR SIMPLE SMALLINT SOME STABLE START STATEMENT
 	STATISTICS STDIN STDOUT STORAGE STRICT_P SUBSTRING SYMMETRIC
 	SYSID SYSTEM_P
@@ -407,7 +403,7 @@ static void doNegateFloat(Value *v);
 	TRUNCATE TRUSTED TYPE_P
 
 	UNCOMMITTED UNENCRYPTED UNION UNIQUE UNKNOWN UNLISTEN UNTIL
-	UPDATE USAGE USER USING
+	UPDATE USER USING
 
 	VACUUM VALID VALIDATOR VALUES VARCHAR VARYING
 	VERBOSE VIEW VOLATILE
@@ -544,8 +540,8 @@ stmt :
 			| ExecuteStmt
 			| ExplainStmt
 			| FetchStmt
-			| GrantRoleStmt
 			| GrantStmt
+			| GrantRoleStmt
 			| IndexStmt
 			| InsertStmt
 			| ListenStmt
@@ -558,8 +554,8 @@ stmt :
 			| RemoveFuncStmt
 			| RemoveOperStmt
 			| RenameStmt
-			| RevokeRoleStmt
 			| RevokeStmt
+			| RevokeRoleStmt
 			| RuleStmt
 			| SelectStmt
 			| TransactionStmt
@@ -579,7 +575,6 @@ stmt :
  *
  * Create a new Postgres DBMS role
  *
- *
  *****************************************************************************/
 
 CreateRoleStmt:
@@ -597,11 +592,99 @@ opt_with:	WITH									{}
 			| /*EMPTY*/								{}
 		;
 
+/*
+ * Options for CREATE ROLE and ALTER ROLE (also used by CREATE/ALTER USER
+ * for backwards compatibility).  Note: the only option required by SQL99
+ * is "WITH ADMIN name".
+ */
+OptRoleList:
+			OptRoleList OptRoleElem					{ $$ = lappend($1, $2); }
+			| /* EMPTY */							{ $$ = NIL; }
+		;
+
+OptRoleElem:
+			PASSWORD Sconst
+				{
+					$$ = makeDefElem("password",
+									 (Node *)makeString($2));
+				}
+			| ENCRYPTED PASSWORD Sconst
+				{
+					$$ = makeDefElem("encryptedPassword",
+									 (Node *)makeString($3));
+				}
+			| UNENCRYPTED PASSWORD Sconst
+				{
+					$$ = makeDefElem("unencryptedPassword",
+									 (Node *)makeString($3));
+				}
+			| SYSID Iconst
+				{
+					$$ = makeDefElem("sysid", (Node *)makeInteger($2));
+				}
+			| CREATEDB
+				{
+					$$ = makeDefElem("createdb", (Node *)makeInteger(TRUE));
+				}
+			| NOCREATEDB
+				{
+					$$ = makeDefElem("createdb", (Node *)makeInteger(FALSE));
+				}
+			| CREATEROLE
+				{
+					$$ = makeDefElem("createrole", (Node *)makeInteger(TRUE));
+				}
+			| CREATEUSER
+				{
+					$$ = makeDefElem("createrole", (Node *)makeInteger(TRUE));
+				}
+			| LOGIN_P
+				{
+					$$ = makeDefElem("canlogin", (Node *)makeInteger(TRUE));
+				}
+			| NOCREATEROLE
+				{
+					$$ = makeDefElem("createrole", (Node *)makeInteger(FALSE));
+				}
+			| NOCREATEUSER
+				{
+					$$ = makeDefElem("createrole", (Node *)makeInteger(FALSE));
+				}
+			| NOLOGIN_P
+				{
+					$$ = makeDefElem("canlogin", (Node *)makeInteger(FALSE));
+				}
+			| IN_P ROLE name_list
+				{
+					$$ = makeDefElem("addroleto", (Node *)$3);
+				}
+			| IN_P GROUP_P name_list
+				{
+					$$ = makeDefElem("addroleto", (Node *)$3);
+				}
+			| VALID UNTIL Sconst
+				{
+					$$ = makeDefElem("validUntil", (Node *)makeString($3));
+				}
+			| ADMIN name_list
+				{
+					$$ = makeDefElem("adminmembers", (Node *)$2);
+				}
+			| ROLE name_list
+				{
+					$$ = makeDefElem("rolemembers", (Node *)$2);
+				}
+			| USER name_list
+				{
+					$$ = makeDefElem("rolemembers", (Node *)$2);
+				}
+		;
+
+
 /*****************************************************************************
  *
  * Create a new Postgres DBMS user (role with implied login ability)
  *
- *
  *****************************************************************************/
 
 CreateUserStmt:
@@ -609,8 +692,9 @@ CreateUserStmt:
 				{
 					CreateRoleStmt *n = makeNode(CreateRoleStmt);
 					n->role = $3;
-					n->options = $5;
-					n->options = lappend(n->options,makeDefElem("canlogin", (Node *)makeInteger(TRUE)));
+					n->options = lappend($5,
+										 makeDefElem("canlogin",
+													 (Node *)makeInteger(TRUE)));
 					$$ = (Node *)n;
 				}
 		;
@@ -620,7 +704,6 @@ CreateUserStmt:
  *
  * Alter a postgresql DBMS role
  *
- *
  *****************************************************************************/
 
 AlterRoleStmt:
@@ -631,24 +714,6 @@ AlterRoleStmt:
 					n->options = $5;
 					$$ = (Node *)n;
 				 }
-			| ALTER ROLE RoleId add_drop ROLE role_list opt_alter_admin_option
-				{
-					AlterRoleStmt *n = makeNode(AlterRoleStmt);
-					n->role = $3;
-					n->action = $4;
-					n->options = lappend(n->options,makeDefElem("rolememElts", (Node *)$6));
-					n->options = lappend(n->options,makeDefElem("adminopt", (Node *)makeInteger($7)));
-					$$ = (Node *)n;
-				}
-		;
-
-add_drop:	ADD										{ $$ = +1; }
-			| DROP									{ $$ = -1; }
-		;
-
-opt_alter_admin_option:
-			ADMIN OPTION { $$ = TRUE; }
-			| /*EMPTY*/ { $$ = FALSE; }
 		;
 
 AlterRoleSetStmt:
@@ -668,14 +733,13 @@ AlterRoleSetStmt:
 					n->value = NIL;
 					$$ = (Node *)n;
 				}
-			;
+		;
 
 
 /*****************************************************************************
  *
  * Alter a postgresql DBMS user
  *
- *
  *****************************************************************************/
 
 AlterUserStmt:
@@ -719,7 +783,7 @@ AlterUserSetStmt:
  *****************************************************************************/
 
 DropRoleStmt:
-			DROP ROLE role_list
+			DROP ROLE name_list
 				{
 					DropRoleStmt *n = makeNode(DropRoleStmt);
 					n->roles = $3;
@@ -737,7 +801,7 @@ DropRoleStmt:
  *****************************************************************************/
 
 DropUserStmt:
-			DROP USER role_list
+			DROP USER name_list
 				{
 					DropRoleStmt *n = makeNode(DropRoleStmt);
 					n->roles = $3;
@@ -745,96 +809,11 @@ DropUserStmt:
 				}
 			;
 
-/*
- * Options for CREATE ROLE and ALTER ROLE (also used by CREATE/ALTER USER for backwards compat)
- */
-OptRoleList:
-			OptRoleList OptRoleElem					{ $$ = lappend($1, $2); }
-			| /* EMPTY */							{ $$ = NIL; }
-		;
-
-OptRoleElem:
-			PASSWORD Sconst
-				{
-					$$ = makeDefElem("password", (Node *)makeString($2));
-				}
-			| ENCRYPTED PASSWORD Sconst
-				{
-					$$ = makeDefElem("encryptedPassword", (Node *)makeString($3));
-				}
-			| UNENCRYPTED PASSWORD Sconst
-				{
-					$$ = makeDefElem("unencryptedPassword", (Node *)makeString($3));
-				}
-			| SYSID Iconst
-				{
-					$$ = makeDefElem("sysid", (Node *)makeInteger($2));
-				}
-			| CREATEDB
-				{
-					$$ = makeDefElem("createdb", (Node *)makeInteger(TRUE));
-				}
-			| NOCREATEDB
-				{
-					$$ = makeDefElem("createdb", (Node *)makeInteger(FALSE));
-				}
-			| CREATEROLE
-				{
-					$$ = makeDefElem("createrole", (Node *)makeInteger(TRUE));
-				}
-			| CREATEUSER
-				{
-					$$ = makeDefElem("createrole", (Node *)makeInteger(TRUE));
-				}
-			| LOGIN
-				{
-					$$ = makeDefElem("canlogin", (Node *)makeInteger(TRUE));
-				}
-			| NOCREATEROLE
-				{
-					$$ = makeDefElem("createrole", (Node *)makeInteger(FALSE));
-				}
-			| NOCREATEUSER
-				{
-					$$ = makeDefElem("createrole", (Node *)makeInteger(FALSE));
-				}
-			| NOLOGIN
-				{
-					$$ = makeDefElem("canlogin", (Node *)makeInteger(FALSE));
-				}
-			| IN_P ROLE role_list
-				{
-					$$ = makeDefElem("roleElts", (Node *)$3);
-				}
-			| IN_P GROUP_P role_list
-				{
-					$$ = makeDefElem("roleElts", (Node *)$3);
-				}
-			| VALID UNTIL Sconst
-				{
-					$$ = makeDefElem("validUntil", (Node *)makeString($3));
-				}
-			| ROLE role_list
-				{
-					$$ = makeDefElem("rolememElts", (Node *)$2);
-				}
-			| USER role_list
-				{
-					$$ = makeDefElem("rolememElts", (Node *)$2);
-				}
-		;
-
-role_list:	role_list ',' RoleId		{ $$ = lappend($1, makeString($3)); }
-			| RoleId					{ $$ = list_make1(makeString($1)); }
-		;
-
-
 
 /*****************************************************************************
  *
  * Create a postgresql group (role without login ability)
  *
- *
  *****************************************************************************/
 
 CreateGroupStmt:
@@ -852,20 +831,24 @@ CreateGroupStmt:
  *
  * Alter a postgresql group
  *
- *
  *****************************************************************************/
 
 AlterGroupStmt:
-			ALTER GROUP_P RoleId add_drop USER role_list
+			ALTER GROUP_P RoleId add_drop USER name_list
 				{
 					AlterRoleStmt *n = makeNode(AlterRoleStmt);
 					n->role = $3;
 					n->action = $4;
-					n->options = lappend(n->options,makeDefElem("rolememElts", (Node *)$6));
+					n->options = list_make1(makeDefElem("rolemembers",
+														(Node *)$6));
 					$$ = (Node *)n;
 				}
 		;
 
+add_drop:	ADD										{ $$ = +1; }
+			| DROP									{ $$ = -1; }
+		;
+
 
 /*****************************************************************************
  *
@@ -875,7 +858,7 @@ AlterGroupStmt:
  *****************************************************************************/
 
 DropGroupStmt:
-			DROP GROUP_P role_list
+			DROP GROUP_P name_list
 				{
 					DropRoleStmt *n = makeNode(DropRoleStmt);
 					n->roles = $3;
@@ -3118,36 +3101,6 @@ from_in:	FROM									{}
 
 /*****************************************************************************
  *
- * GRANT and REVOKE ROLE statements
- *
- *****************************************************************************/
-
-GrantRoleStmt:	GRANT ROLE role_list TO role_list opt_grant_admin_option
-			opt_granted_by
-				{
-					GrantRoleStmt *n = makeNode(GrantRoleStmt);
-					n->granted_roles = $3;
-					n->grantee_roles = $5;
-					n->is_grant = true;
-					n->admin_opt = $6;
-					n->grantor = $7;
-					$$ = (Node*)n;
-				}
-
-RevokeRoleStmt:	REVOKE ROLE opt_revoke_admin_option role_list FROM role_list
-			opt_drop_behavior
-				{
-					GrantRoleStmt *n = makeNode(GrantRoleStmt);
-					n->granted_roles = $4;
-					n->grantee_roles = $6;
-					n->is_grant = false;
-					n->admin_opt = $3;
-					n->behavior = $7;
-					$$ = (Node*)n;
-				}
-
-/*****************************************************************************
- *
  * GRANT and REVOKE statements
  *
  *****************************************************************************/
@@ -3166,54 +3119,70 @@ GrantStmt:	GRANT privileges ON privilege_target TO grantee_list
 				}
 		;
 
-RevokeStmt: REVOKE opt_revoke_grant_option privileges ON privilege_target
+RevokeStmt:
+			REVOKE privileges ON privilege_target
 			FROM grantee_list opt_drop_behavior
 				{
 					GrantStmt *n = makeNode(GrantStmt);
 					n->is_grant = false;
-					n->privileges = $3;
-					n->objtype = ($5)->objtype;
-					n->objects = ($5)->objs;
-					n->grantees = $7;
-					n->grant_option = $2;
-					n->behavior = $8;
-
+					n->grant_option = false;
+					n->privileges = $2;
+					n->objtype = ($4)->objtype;
+					n->objects = ($4)->objs;
+					n->grantees = $6;
+					n->behavior = $7;
+					$$ = (Node *)n;
+				}
+			| REVOKE GRANT OPTION FOR privileges ON privilege_target
+			FROM grantee_list opt_drop_behavior
+				{
+					GrantStmt *n = makeNode(GrantStmt);
+					n->is_grant = false;
+					n->grant_option = true;
+					n->privileges = $5;
+					n->objtype = ($7)->objtype;
+					n->objects = ($7)->objs;
+					n->grantees = $9;
+					n->behavior = $10;
 					$$ = (Node *)n;
 				}
 		;
 
 
+/*
+ * A privilege list is represented as a list of strings; the validity of
+ * the privilege names gets checked at execution.  This is a bit annoying
+ * but we have little choice because of the syntactic conflict with lists
+ * of role names in GRANT/REVOKE.  What's more, we have to call out in
+ * the "privilege" production any reserved keywords that need to be usable
+ * as privilege names.
+ */
+
 /* either ALL [PRIVILEGES] or a list of individual privileges */
-privileges: privilege_list				{ $$ = $1; }
-			| ALL						{ $$ = list_make1_int(ACL_ALL_RIGHTS); }
-			| ALL PRIVILEGES			{ $$ = list_make1_int(ACL_ALL_RIGHTS); }
+privileges: privilege_list
+				{ $$ = $1; }
+			| ALL
+				{ $$ = NIL; }
+			| ALL PRIVILEGES
+				{ $$ = NIL; }
 		;
 
-privilege_list:
-			privilege								{ $$ = list_make1_int($1); }
-			| privilege_list ',' privilege			{ $$ = lappend_int($1, $3); }
+privilege_list:	privilege
+					{ $$ = list_make1(makeString($1)); }
+			| privilege_list ',' privilege
+					{ $$ = lappend($1, makeString($3)); }
 		;
 
-/* Not all of these privilege types apply to all objects, but that
- * gets sorted out later.
- */
-privilege:	SELECT									{ $$ = ACL_SELECT; }
-			| INSERT								{ $$ = ACL_INSERT; }
-			| UPDATE								{ $$ = ACL_UPDATE; }
-			| DELETE_P								{ $$ = ACL_DELETE; }
-			| RULE									{ $$ = ACL_RULE; }
-			| REFERENCES							{ $$ = ACL_REFERENCES; }
-			| TRIGGER								{ $$ = ACL_TRIGGER; }
-			| EXECUTE								{ $$ = ACL_EXECUTE; }
-			| USAGE									{ $$ = ACL_USAGE; }
-			| CREATE								{ $$ = ACL_CREATE; }
-			| TEMPORARY								{ $$ = ACL_CREATE_TEMP; }
-			| TEMP									{ $$ = ACL_CREATE_TEMP; }
+privilege:	SELECT									{ $$ = pstrdup($1); }
+			| REFERENCES							{ $$ = pstrdup($1); }
+			| CREATE								{ $$ = pstrdup($1); }
+			| ColId									{ $$ = $1; }
 		;
 
 
 /* Don't bother trying to fold the first two rules into one using
-   opt_table.  You're going to get conflicts. */
+ * opt_table.  You're going to get conflicts.
+ */
 privilege_target:
 			qualified_name_list
 				{
@@ -3300,27 +3269,6 @@ opt_grant_grant_option:
 			| /*EMPTY*/ { $$ = FALSE; }
 		;
 
-opt_grant_admin_option:
-			WITH ADMIN OPTION { $$ = TRUE; }
-			| /*EMPTY*/ { $$ = FALSE; }
-		;
-
-opt_granted_by:
-			GRANTED BY RoleId { $$ = $3; }
-			| /*EMPTY*/ { $$ = NULL; }
-		;
-
-opt_revoke_grant_option:
-			GRANT OPTION FOR { $$ = TRUE; }
-			| /*EMPTY*/ { $$ = FALSE; }
-		;
-
-opt_revoke_admin_option:
-			ADMIN OPTION FOR { $$ = TRUE; }
-			| /*EMPTY*/ { $$ = FALSE; }
-		;
-
-
 function_with_argtypes_list:
 			function_with_argtypes					{ $$ = list_make1($1); }
 			| function_with_argtypes_list ',' function_with_argtypes
@@ -3337,6 +3285,56 @@ function_with_argtypes:
 				}
 		;
 
+/*****************************************************************************
+ *
+ * GRANT and REVOKE ROLE statements
+ *
+ *****************************************************************************/
+
+GrantRoleStmt:
+			GRANT privilege_list TO name_list opt_grant_admin_option opt_granted_by
+				{
+					GrantRoleStmt *n = makeNode(GrantRoleStmt);
+					n->is_grant = true;
+					n->granted_roles = $2;
+					n->grantee_roles = $4;
+					n->admin_opt = $5;
+					n->grantor = $6;
+					$$ = (Node*)n;
+				}
+		;
+
+RevokeRoleStmt:
+			REVOKE privilege_list FROM name_list opt_granted_by opt_drop_behavior
+				{
+					GrantRoleStmt *n = makeNode(GrantRoleStmt);
+					n->is_grant = false;
+					n->admin_opt = false;
+					n->granted_roles = $2;
+					n->grantee_roles = $4;
+					n->behavior = $6;
+					$$ = (Node*)n;
+				}
+			| REVOKE ADMIN OPTION FOR privilege_list FROM name_list opt_granted_by opt_drop_behavior
+				{
+					GrantRoleStmt *n = makeNode(GrantRoleStmt);
+					n->is_grant = false;
+					n->admin_opt = true;
+					n->granted_roles = $5;
+					n->grantee_roles = $7;
+					n->behavior = $9;
+					$$ = (Node*)n;
+				}
+		;
+
+opt_grant_admin_option: WITH ADMIN OPTION				{ $$ = TRUE; }
+			| /*EMPTY*/									{ $$ = FALSE; }
+		;
+
+opt_granted_by: GRANTED BY RoleId						{ $$ = $3; }
+			| /*EMPTY*/									{ $$ = NULL; }
+		;
+
 
 /*****************************************************************************
  *
@@ -7066,24 +7064,6 @@ func_expr:	func_name '(' ')'
 					n->agg_distinct = FALSE;
 					$$ = (Node *)n;
 				}
-			| SESSION_ROLE
-				{
-					FuncCall *n = makeNode(FuncCall);
-					n->funcname = SystemFuncName("session_user");
-					n->args = NIL;
-					n->agg_star = FALSE;
-					n->agg_distinct = FALSE;
-					$$ = (Node *)n;
-				}
-			| ROLE
-				{
-					FuncCall *n = makeNode(FuncCall);
-					n->funcname = SystemFuncName("current_user");
-					n->args = NIL;
-					n->agg_star = FALSE;
-					n->agg_distinct = FALSE;
-					$$ = (Node *)n;
-				}
 			| CURRENT_USER
 				{
 					FuncCall *n = makeNode(FuncCall);
@@ -7928,6 +7908,7 @@ unreserved_keyword:
 			| ACCESS
 			| ACTION
 			| ADD
+			| ADMIN
 			| AFTER
 			| AGGREGATE
 			| ALSO
@@ -7988,6 +7969,7 @@ unreserved_keyword:
 			| FORWARD
 			| FUNCTION
 			| GLOBAL
+			| GRANTED
 			| HANDLER
 			| HEADER
 			| HOLD
@@ -8016,7 +7998,7 @@ unreserved_keyword:
 			| LOCAL
 			| LOCATION
 			| LOCK_P
-			| LOGIN
+			| LOGIN_P
 			| MATCH
 			| MAXVALUE
 			| MINUTE_P
@@ -8030,7 +8012,7 @@ unreserved_keyword:
 			| NOCREATEDB
 			| NOCREATEROLE
 			| NOCREATEUSER
-			| NOLOGIN
+			| NOLOGIN_P
 			| NOTHING
 			| NOTIFY
 			| NOWAIT
@@ -8063,6 +8045,7 @@ unreserved_keyword:
 			| RESTRICT
 			| RETURNS
 			| REVOKE
+			| ROLE
 			| ROLLBACK
 			| ROWS
 			| RULE
@@ -8104,7 +8087,6 @@ unreserved_keyword:
 			| UNLISTEN
 			| UNTIL
 			| UPDATE
-			| USAGE
 			| VACUUM
 			| VALID
 			| VALIDATOR
@@ -8228,9 +8210,9 @@ reserved_keyword:
 			| CONSTRAINT
 			| CREATE
 			| CURRENT_DATE
+			| CURRENT_ROLE
 			| CURRENT_TIME
 			| CURRENT_TIMESTAMP
-			| CURRENT_ROLE
 			| CURRENT_USER
 			| DEFAULT
 			| DEFERRABLE
@@ -8269,7 +8251,6 @@ reserved_keyword:
 			| PRIMARY
 			| REFERENCES
 			| SELECT
-			| SESSION_ROLE
 			| SESSION_USER
 			| SOME
 			| SYMMETRIC
@@ -8280,7 +8261,6 @@ reserved_keyword:
 			| TRUE_P
 			| UNION
 			| UNIQUE
-			| ROLE
 			| USER
 			| USING
 			| WHEN
diff --git a/src/backend/parser/keywords.c b/src/backend/parser/keywords.c
index a11d4affc1d..6fcb97675f6 100644
--- a/src/backend/parser/keywords.c
+++ b/src/backend/parser/keywords.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/parser/keywords.c,v 1.160 2005/06/28 05:08:58 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/parser/keywords.c,v 1.161 2005/06/28 19:51:22 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -35,6 +35,7 @@ static const ScanKeyword ScanKeywords[] = {
 	{"access", ACCESS},
 	{"action", ACTION},
 	{"add", ADD},
+	{"admin", ADMIN},
 	{"after", AFTER},
 	{"aggregate", AGGREGATE},
 	{"all", ALL},
@@ -89,10 +90,12 @@ static const ScanKeyword ScanKeywords[] = {
 	{"copy", COPY},
 	{"create", CREATE},
 	{"createdb", CREATEDB},
+	{"createrole", CREATEROLE},
 	{"createuser", CREATEUSER},
 	{"cross", CROSS},
 	{"csv", CSV},
 	{"current_date", CURRENT_DATE},
+	{"current_role", CURRENT_ROLE},
 	{"current_time", CURRENT_TIME},
 	{"current_timestamp", CURRENT_TIMESTAMP},
 	{"current_user", CURRENT_USER},
@@ -146,6 +149,7 @@ static const ScanKeyword ScanKeywords[] = {
 	{"function", FUNCTION},
 	{"global", GLOBAL},
 	{"grant", GRANT},
+	{"granted", GRANTED},
 	{"greatest", GREATEST},
 	{"group", GROUP_P},
 	{"handler", HANDLER},
@@ -197,6 +201,7 @@ static const ScanKeyword ScanKeywords[] = {
 	{"localtimestamp", LOCALTIMESTAMP},
 	{"location", LOCATION},
 	{"lock", LOCK_P},
+	{"login", LOGIN_P},
 	{"match", MATCH},
 	{"maxvalue", MAXVALUE},
 	{"minute", MINUTE_P},
@@ -212,7 +217,9 @@ static const ScanKeyword ScanKeywords[] = {
 	{"next", NEXT},
 	{"no", NO},
 	{"nocreatedb", NOCREATEDB},
+	{"nocreaterole", NOCREATEROLE},
 	{"nocreateuser", NOCREATEUSER},
+	{"nologin", NOLOGIN_P},
 	{"none", NONE},
 	{"not", NOT},
 	{"nothing", NOTHING},
@@ -331,7 +338,6 @@ static const ScanKeyword ScanKeywords[] = {
 	{"unlisten", UNLISTEN},
 	{"until", UNTIL},
 	{"update", UPDATE},
-	{"usage", USAGE},
 	{"user", USER},
 	{"using", USING},
 	{"vacuum", VACUUM},
diff --git a/src/backend/utils/adt/acl.c b/src/backend/utils/adt/acl.c
index 4d5904b7690..2fe7fd39bca 100644
--- a/src/backend/utils/adt/acl.c
+++ b/src/backend/utils/adt/acl.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.115 2005/06/28 05:09:00 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.116 2005/06/28 19:51:23 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -2414,7 +2414,7 @@ convert_tablespace_priv_string(text *priv_type_text)
 }
 
 void
-InitializeAcl(void)
+initialize_acl(void)
 {
 	if (!IsBootstrapProcessingMode())
 	{
diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c
index 9baacacfffd..21b0650e827 100644
--- a/src/backend/utils/init/postinit.c
+++ b/src/backend/utils/init/postinit.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/utils/init/postinit.c,v 1.150 2005/06/28 05:09:02 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/utils/init/postinit.c,v 1.151 2005/06/28 19:51:23 tgl Exp $
  *
  *
  *-------------------------------------------------------------------------
@@ -471,7 +471,7 @@ InitPostgres(const char *dbname, const char *username)
 	InitializeSearchPath();
 
 	/* set up ACL framework (currently just sets RolMemCache callback) */
-	InitializeAcl();
+	initialize_acl();
 
 	/* initialize client encoding */
 	InitializeClientEncoding();
diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h
index 64acaa72e57..32f9b03c585 100644
--- a/src/include/nodes/parsenodes.h
+++ b/src/include/nodes/parsenodes.h
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/include/nodes/parsenodes.h,v 1.284 2005/06/28 05:09:13 tgl Exp $
+ * $PostgreSQL: pgsql/src/include/nodes/parsenodes.h,v 1.285 2005/06/28 19:51:24 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -29,7 +29,7 @@ typedef enum QuerySource
 
 /*
  * Grantable rights are encoded so that we can OR them together in a bitmask.
- * The present representation of AclItem limits us to 15 distinct rights,
+ * The present representation of AclItem limits us to 16 distinct rights,
  * even though AclMode is defined as uint32.  See utils/acl.h.
  *
  * Caution: changing these codes breaks stored ACLs, hence forces initdb.
@@ -48,7 +48,6 @@ typedef uint32 AclMode;			/* a bitmask of privilege bits */
 #define ACL_CREATE		(1<<9)	/* for namespaces and databases */
 #define ACL_CREATE_TEMP (1<<10) /* for databases */
 #define N_ACL_RIGHTS	11		/* 1 plus the last 1<<x */
-#define ACL_ALL_RIGHTS	(-1)	/* all-privileges marker in GRANT list */
 #define ACL_NO_RIGHTS	0
 /* Currently, SELECT ... FOR UPDATE/FOR SHARE requires UPDATE privileges */
 #define ACL_SELECT_FOR_UPDATE	ACL_UPDATE
@@ -886,7 +885,8 @@ typedef struct GrantStmt
 	List	   *objects;		/* list of RangeVar nodes, FuncWithArgs
 								 * nodes, or plain names (as Value
 								 * strings) */
-	List	   *privileges;		/* integer list of privilege codes */
+	List	   *privileges;		/* list of privilege names (as Strings) */
+	/* privileges == NIL denotes "all privileges" */
 	List	   *grantees;		/* list of PrivGrantee nodes */
 	bool		grant_option;	/* grant or revoke grant option */
 	DropBehavior behavior;		/* drop behavior (for REVOKE) */
diff --git a/src/include/storage/pmsignal.h b/src/include/storage/pmsignal.h
index f82630ae242..d7956d94105 100644
--- a/src/include/storage/pmsignal.h
+++ b/src/include/storage/pmsignal.h
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/include/storage/pmsignal.h,v 1.11 2004/12/31 22:03:42 pgsql Exp $
+ * $PostgreSQL: pgsql/src/include/storage/pmsignal.h,v 1.12 2005/06/28 19:51:25 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -22,7 +22,7 @@
  */
 typedef enum
 {
-	PMSIGNAL_PASSWORD_CHANGE,	/* pg_pwd file has changed */
+	PMSIGNAL_PASSWORD_CHANGE,	/* pg_auth file has changed */
 	PMSIGNAL_WAKEN_CHILDREN,	/* send a SIGUSR1 signal to all backends */
 	PMSIGNAL_WAKEN_ARCHIVER,	/* send a NOTIFY signal to xlog archiver */
 
diff --git a/src/include/utils/acl.h b/src/include/utils/acl.h
index f055ac93aa3..82e004794bc 100644
--- a/src/include/utils/acl.h
+++ b/src/include/utils/acl.h
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/include/utils/acl.h,v 1.78 2005/06/28 05:09:13 tgl Exp $
+ * $PostgreSQL: pgsql/src/include/utils/acl.h,v 1.79 2005/06/28 19:51:25 tgl Exp $
  *
  * NOTES
  *	  An ACL array is simply an array of AclItems, representing the union
@@ -211,7 +211,7 @@ extern AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId,
 
 extern bool is_member_of_role(Oid member, Oid role);
 
-extern void InitializeAcl(void);
+extern void initialize_acl(void);
 
 /*
  * SQL functions (from acl.c)
diff --git a/src/test/regress/expected/rules.out b/src/test/regress/expected/rules.out
index 47fc262c315..41cc113b6dd 100644
--- a/src/test/regress/expected/rules.out
+++ b/src/test/regress/expected/rules.out
@@ -1279,7 +1279,7 @@ SELECT viewname, definition FROM pg_views WHERE schemaname <> 'information_schem
  iexit                    | SELECT ih.name, ih.thepath, interpt_pp(ih.thepath, r.thepath) AS exit FROM ihighway ih, ramp r WHERE (ih.thepath ## r.thepath);
  pg_group                 | SELECT pg_authid.rolname AS groname, pg_authid.oid AS grosysid, ARRAY(SELECT pg_auth_members.member FROM pg_auth_members WHERE (pg_auth_members.roleid = pg_authid.oid)) AS grolist FROM pg_authid WHERE (NOT pg_authid.rolcanlogin);
  pg_indexes               | SELECT n.nspname AS schemaname, c.relname AS tablename, i.relname AS indexname, t.spcname AS "tablespace", pg_get_indexdef(i.oid) AS indexdef FROM ((((pg_index x JOIN pg_class c ON ((c.oid = x.indrelid))) JOIN pg_class i ON ((i.oid = x.indexrelid))) LEFT JOIN pg_namespace n ON ((n.oid = c.relnamespace))) LEFT JOIN pg_tablespace t ON ((t.oid = i.reltablespace))) WHERE ((c.relkind = 'r'::"char") AND (i.relkind = 'i'::"char"));
- pg_locks                 | SELECT l.locktype, l."database", l.relation, l.page, l.tuple, l.transactionid, l.classid, l.objid, l.objsubid, l."transaction", l.pid, l."mode", l.granted FROM pg_lock_status() l(locktype text, "database" oid, relation oid, page integer, tuple smallint, transactionid xid, classid oid, objid oid, objsubid smallint, "transaction" xid, pid integer, "mode" text, granted boolean);
+ pg_locks                 | SELECT l.locktype, l."database", l.relation, l.page, l.tuple, l.transactionid, l.classid, l.objid, l.objsubid, l."transaction", l.pid, l."mode", l."granted" FROM pg_lock_status() l(locktype text, "database" oid, relation oid, page integer, tuple smallint, transactionid xid, classid oid, objid oid, objsubid smallint, "transaction" xid, pid integer, "mode" text, "granted" boolean);
  pg_prepared_xacts        | SELECT p."transaction", p.gid, p."prepared", u.rolname AS "owner", d.datname AS "database" FROM ((pg_prepared_xact() p("transaction" xid, gid text, "prepared" timestamp with time zone, ownerid oid, dbid oid) LEFT JOIN pg_authid u ON ((p.ownerid = u.oid))) LEFT JOIN pg_database d ON ((p.dbid = d.oid)));
  pg_roles                 | SELECT pg_authid.rolname, pg_authid.rolsuper, pg_authid.rolcreaterole, pg_authid.rolcreatedb, pg_authid.rolcatupdate, pg_authid.rolcanlogin, '********'::text AS rolpassword, pg_authid.rolvaliduntil, pg_authid.rolconfig FROM pg_authid;
  pg_rules                 | SELECT n.nspname AS schemaname, c.relname AS tablename, r.rulename, pg_get_ruledef(r.oid) AS definition FROM ((pg_rewrite r JOIN pg_class c ON ((c.oid = r.ev_class))) LEFT JOIN pg_namespace n ON ((n.oid = c.relnamespace))) WHERE (r.rulename <> '_RETURN'::name);
author	Tom Lane <tgl@sss.pgh.pa.us>	2005-06-28 19:51:26 +0000
committer	Tom Lane <tgl@sss.pgh.pa.us>	2005-06-28 19:51:26 +0000
commit	0eaa36a16a89029f1b2eb9a38c90e3a0a0e2641e (patch)
tree	31ad7be7a83a1fa7186e8de04c317f011ef4f54e /src
parent	88b49cdc95ef9601edcb2cdb3fbe1986128b5092 (diff)
download	postgresql-0eaa36a16a89029f1b2eb9a38c90e3a0a0e2641e.tar.gz postgresql-0eaa36a16a89029f1b2eb9a38c90e3a0a0e2641e.zip