Bring syntax of role-related commands into SQL compliance. To avoid

syntactic conflicts, both privilege and role GRANT/REVOKE commands have to use the same production for scanning the list of tokens that might eventually turn out to be privileges or role names. So, change the existing GRANT/REVOKE code to expect a list of strings not pre-reduced AclMode values. Fix a couple other minor issues while at it, such as InitializeAcl function name conflicting with a Windows system function.
2025-05-31 00:01:57 -04:00 · 2005-06-28 19:51:26 +00:00 · 2005-06-28 19:51:26 +00:00 · 0eaa36a16a
commit 0eaa36a16a
parent 88b49cdc95
11 changed files with 348 additions and 320 deletions
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.113 2005/06/28 05:08:52 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.114 2005/06/28 19:51:21 tgl Exp $
 *
 * NOTES
 *	  See acl.h.
@ -47,6 +47,7 @@ static void ExecuteGrantStmt_Language(GrantStmt *stmt);
 static void ExecuteGrantStmt_Namespace(GrantStmt *stmt);
 static void ExecuteGrantStmt_Tablespace(GrantStmt *stmt);
 static AclMode string_to_privilege(const char *privname);
 static const char *privilege_to_string(AclMode privilege);
@ -209,7 +210,7 @@ ExecuteGrantStmt_Relation(GrantStmt *stmt)
 	bool		all_privs;
 	ListCell   *i;
-	if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
+	if (stmt->privileges == NIL)
 	{
 		all_privs = true;
 		privileges = ACL_ALL_RIGHTS_RELATION;
@ -220,7 +221,8 @@ ExecuteGrantStmt_Relation(GrantStmt *stmt)
 		privileges = ACL_NO_RIGHTS;
 		foreach(i, stmt->privileges)
 		{
-			AclMode		priv = lfirst_int(i);
+			char	   *privname = strVal(lfirst(i));
 			AclMode		priv = string_to_privilege(privname);
 			if (priv & ~((AclMode) ACL_ALL_RIGHTS_RELATION))
 				ereport(ERROR,
@ -377,7 +379,7 @@ ExecuteGrantStmt_Database(GrantStmt *stmt)
 	bool		all_privs;
 	ListCell   *i;
-	if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
+	if (stmt->privileges == NIL)
 	{
 		all_privs = true;
 		privileges = ACL_ALL_RIGHTS_DATABASE;
@ -388,7 +390,8 @@ ExecuteGrantStmt_Database(GrantStmt *stmt)
 		privileges = ACL_NO_RIGHTS;
 		foreach(i, stmt->privileges)
 		{
-			AclMode		priv = lfirst_int(i);
+			char	   *privname = strVal(lfirst(i));
 			AclMode		priv = string_to_privilege(privname);
 			if (priv & ~((AclMode) ACL_ALL_RIGHTS_DATABASE))
 				ereport(ERROR,
@ -535,7 +538,7 @@ ExecuteGrantStmt_Function(GrantStmt *stmt)
 	bool		all_privs;
 	ListCell   *i;
-	if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
+	if (stmt->privileges == NIL)
 	{
 		all_privs = true;
 		privileges = ACL_ALL_RIGHTS_FUNCTION;
@ -546,7 +549,8 @@ ExecuteGrantStmt_Function(GrantStmt *stmt)
 		privileges = ACL_NO_RIGHTS;
 		foreach(i, stmt->privileges)
 		{
-			AclMode		priv = lfirst_int(i);
+			char	   *privname = strVal(lfirst(i));
 			AclMode		priv = string_to_privilege(privname);
 			if (priv & ~((AclMode) ACL_ALL_RIGHTS_FUNCTION))
 				ereport(ERROR,
@ -689,7 +693,7 @@ ExecuteGrantStmt_Language(GrantStmt *stmt)
 	bool		all_privs;
 	ListCell   *i;
-	if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
+	if (stmt->privileges == NIL)
 	{
 		all_privs = true;
 		privileges = ACL_ALL_RIGHTS_LANGUAGE;
@ -700,7 +704,8 @@ ExecuteGrantStmt_Language(GrantStmt *stmt)
 		privileges = ACL_NO_RIGHTS;
 		foreach(i, stmt->privileges)
 		{
-			AclMode		priv = lfirst_int(i);
+			char	   *privname = strVal(lfirst(i));
 			AclMode		priv = string_to_privilege(privname);
 			if (priv & ~((AclMode) ACL_ALL_RIGHTS_LANGUAGE))
 				ereport(ERROR,
@ -852,7 +857,7 @@ ExecuteGrantStmt_Namespace(GrantStmt *stmt)
 	bool		all_privs;
 	ListCell   *i;
-	if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
+	if (stmt->privileges == NIL)
 	{
 		all_privs = true;
 		privileges = ACL_ALL_RIGHTS_NAMESPACE;
@ -863,7 +868,8 @@ ExecuteGrantStmt_Namespace(GrantStmt *stmt)
 		privileges = ACL_NO_RIGHTS;
 		foreach(i, stmt->privileges)
 		{
-			AclMode		priv = lfirst_int(i);
+			char	   *privname = strVal(lfirst(i));
 			AclMode		priv = string_to_privilege(privname);
 			if (priv & ~((AclMode) ACL_ALL_RIGHTS_NAMESPACE))
 				ereport(ERROR,
@ -1006,7 +1012,7 @@ ExecuteGrantStmt_Tablespace(GrantStmt *stmt)
 	bool		all_privs;
 	ListCell   *i;
-	if (linitial_int(stmt->privileges) == ACL_ALL_RIGHTS)
+	if (stmt->privileges == NIL)
 	{
 		all_privs = true;
 		privileges = ACL_ALL_RIGHTS_TABLESPACE;
@ -1017,7 +1023,8 @@ ExecuteGrantStmt_Tablespace(GrantStmt *stmt)
 		privileges = ACL_NO_RIGHTS;
 		foreach(i, stmt->privileges)
 		{
-			AclMode		priv = lfirst_int(i);
+			char	   *privname = strVal(lfirst(i));
 			AclMode		priv = string_to_privilege(privname);
 			if (priv & ~((AclMode) ACL_ALL_RIGHTS_TABLESPACE))
 				ereport(ERROR,
@ -1157,6 +1164,39 @@ ExecuteGrantStmt_Tablespace(GrantStmt *stmt)
 }
 static AclMode
 string_to_privilege(const char *privname)
 {
 	if (strcmp(privname, "insert") == 0)
 		return ACL_INSERT;
 	if (strcmp(privname, "select") == 0)
 		return ACL_SELECT;
 	if (strcmp(privname, "update") == 0)
 		return ACL_UPDATE;
 	if (strcmp(privname, "delete") == 0)
 		return ACL_DELETE;
 	if (strcmp(privname, "rule") == 0)
 		return ACL_RULE;
 	if (strcmp(privname, "references") == 0)
 		return ACL_REFERENCES;
 	if (strcmp(privname, "trigger") == 0)
 		return ACL_TRIGGER;
 	if (strcmp(privname, "execute") == 0)
 		return ACL_EXECUTE;
 	if (strcmp(privname, "usage") == 0)
 		return ACL_USAGE;
 	if (strcmp(privname, "create") == 0)
 		return ACL_CREATE;
 	if (strcmp(privname, "temporary") == 0)
 		return ACL_CREATE_TEMP;
 	if (strcmp(privname, "temp") == 0)
 		return ACL_CREATE_TEMP;
 	ereport(ERROR,
 			(errcode(ERRCODE_SYNTAX_ERROR),
 			 errmsg("unrecognized privilege type \"%s\"", privname)));
 	return 0;					/* appease compiler */
 }
 static const char *
 privilege_to_string(AclMode privilege)
 {
--- a/src/backend/catalog/pg_proc.c
+++ b/src/backend/catalog/pg_proc.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/catalog/pg_proc.c,v 1.130 2005/06/28 05:08:52 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/catalog/pg_proc.c,v 1.131 2005/06/28 19:51:21 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -266,7 +266,7 @@ ProcedureCreate(const char *procedureName,
 					(errcode(ERRCODE_DUPLICATE_FUNCTION),
 					 errmsg("function \"%s\" already exists with same argument types",
 							procedureName)));
-		if (GetUserId() != oldproc->proowner && !superuser())
+		if (!pg_proc_ownercheck(HeapTupleGetOid(oldtup), GetUserId()))
 			aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_PROC,
 						   procedureName);
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@ -6,7 +6,7 @@
 * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.152 2005/06/28 05:08:55 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.153 2005/06/28 19:51:22 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -61,16 +61,17 @@ CreateRole(CreateRoleStmt *stmt)
 	bool		createrole = false;		/* Can this user create roles? */
 	bool		createdb = false;		/* Can the user create databases? */
 	bool		canlogin = false;		/* Can this user login? */
-	List	   *roleElts = NIL;			/* roles the user is a member of */
+	List	   *addroleto = NIL;		/* roles to make this a member of */
-	List	   *rolememElts = NIL;	/* roles which will be members of this role */
+	List	   *rolemembers = NIL;		/* roles to be members of this role */
-	char	   *validUntil = NULL;		/* The time the login is valid
+	List	   *adminmembers = NIL;		/* roles to be admins of this role */
-										 * until */
+	char	   *validUntil = NULL;		/* time the login is valid until */
 	DefElem    *dpassword = NULL;
 	DefElem    *dcreatedb = NULL;
 	DefElem    *dcreaterole = NULL;
 	DefElem    *dcanlogin = NULL;
-	DefElem    *droleElts = NULL;
+	DefElem    *daddroleto = NULL;
-	DefElem    *drolememElts = NULL;
+	DefElem    *drolemembers = NULL;
 	DefElem    *dadminmembers = NULL;
 	DefElem    *dvalidUntil = NULL;
 	/* Extract options from the statement node tree */
@ -121,21 +122,29 @@ CreateRole(CreateRoleStmt *stmt)
 						 errmsg("conflicting or redundant options")));
 			dcanlogin = defel;
 		}
-		else if (strcmp(defel->defname, "roleElts") == 0)
+		else if (strcmp(defel->defname, "addroleto") == 0)
 		{
-			if (droleElts)
+			if (daddroleto)
 				ereport(ERROR,
 						(errcode(ERRCODE_SYNTAX_ERROR),
 						 errmsg("conflicting or redundant options")));
-			droleElts = defel;
+			daddroleto = defel;
 		}
-		else if (strcmp(defel->defname, "rolememElts") == 0)
+		else if (strcmp(defel->defname, "rolemembers") == 0)
 		{
-			if (drolememElts)
+			if (drolemembers)
 				ereport(ERROR,
 						(errcode(ERRCODE_SYNTAX_ERROR),
 						 errmsg("conflicting or redundant options")));
-			drolememElts = defel;
+			drolemembers = defel;
 		}
 		else if (strcmp(defel->defname, "adminmembers") == 0)
 		{
 			if (dadminmembers)
 				ereport(ERROR,
 						(errcode(ERRCODE_SYNTAX_ERROR),
 						 errmsg("conflicting or redundant options")));
 			dadminmembers = defel;
 		}
 		else if (strcmp(defel->defname, "validUntil") == 0)
 		{
@ -164,10 +173,12 @@ CreateRole(CreateRoleStmt *stmt)
 		validUntil = strVal(dvalidUntil->arg);
 	if (dpassword)
 		password = strVal(dpassword->arg);
-	if (droleElts)
+	if (daddroleto)
-		roleElts = (List *) droleElts->arg;
+		addroleto = (List *) daddroleto->arg;
-	if (drolememElts)
+	if (drolemembers)
-		rolememElts = (List *) drolememElts->arg;
+		rolemembers = (List *) drolemembers->arg;
 	if (dadminmembers)
 		adminmembers = (List *) dadminmembers->arg;
 	/* Check some permissions first */
 	if (!superuser())
@ -257,7 +268,7 @@ CreateRole(CreateRoleStmt *stmt)
 	/*
 	 * Add the new role to the specified existing roles.
 	 */
-	foreach(item, roleElts)
+	foreach(item, addroleto)
 	{
 		char   *oldrolename = strVal(lfirst(item));
 		Oid		oldroleid = get_roleid_checked(oldrolename);
@ -269,10 +280,14 @@ CreateRole(CreateRoleStmt *stmt)
 	}
 	/*
-	 * Add the specified members to this new role.
+	 * Add the specified members to this new role. adminmembers get the
 	 * admin option, rolemembers don't.
 	 */
 	AddRoleMems(stmt->role, roleid,
-				rolememElts, roleNamesToIds(rolememElts),
+				adminmembers, roleNamesToIds(adminmembers),
 				GetUserId(), true);
 	AddRoleMems(stmt->role, roleid,
 				rolemembers, roleNamesToIds(rolemembers),
 				GetUserId(), false);
 	/*
@ -309,17 +324,14 @@ AlterRole(AlterRoleStmt *stmt)
 	int			createrole = -1;		/* Can this user create roles? */
 	int			createdb = -1;			/* Can the user create databases? */
 	int			canlogin = -1;			/* Can this user login? */
-	int			adminopt = 0;	/* Can this user grant this role to others? */
+	List	   *rolemembers = NIL;		/* roles to be added/removed */
-	List	   *rolememElts = NIL;	/* The roles which will be added/removed to this role */
+	char	   *validUntil = NULL;		/* time the login is valid until */
 	char	   *validUntil = NULL;		/* The time the login is valid
 										 * until */
 	DefElem    *dpassword = NULL;
 	DefElem    *dcreatedb = NULL;
 	DefElem    *dcreaterole = NULL;
 	DefElem    *dcanlogin = NULL;
 	DefElem    *dadminopt = NULL;
 	DefElem    *dvalidUntil = NULL;
-	DefElem    *drolememElts = NULL;
+	DefElem    *drolemembers = NULL;
 	Oid			roleid;
 	/* Extract options from the statement node tree */
@ -365,14 +377,6 @@ AlterRole(AlterRoleStmt *stmt)
 						 errmsg("conflicting or redundant options")));
 			dcanlogin = defel;
 		}
 		else if (strcmp(defel->defname, "adminopt") == 0)
 		{
 			if (dadminopt)
 				ereport(ERROR,
 						(errcode(ERRCODE_SYNTAX_ERROR),
 						 errmsg("conflicting or redundant options")));
 			dadminopt = defel;
 		}
 		else if (strcmp(defel->defname, "validUntil") == 0)
 		{
 			if (dvalidUntil)
@ -381,13 +385,14 @@ AlterRole(AlterRoleStmt *stmt)
 						 errmsg("conflicting or redundant options")));
 			dvalidUntil = defel;
 		}
-		else if (strcmp(defel->defname, "rolememElts") == 0 && stmt->action != 0)
+		else if (strcmp(defel->defname, "rolemembers") == 0 &&
 				 stmt->action != 0)
 		{
-			if (drolememElts)
+			if (drolemembers)
 				ereport(ERROR,
 						(errcode(ERRCODE_SYNTAX_ERROR),
 						 errmsg("conflicting or redundant options")));
-			drolememElts = defel;
+			drolemembers = defel;
 		}
 		else
 			elog(ERROR, "option \"%s\" not recognized",
@ -404,14 +409,12 @@ AlterRole(AlterRoleStmt *stmt)
 	}
 	if (dcanlogin)
 		canlogin = intVal(dcanlogin->arg);
 	if (dadminopt)
 		adminopt = intVal(dadminopt->arg);
 	if (dvalidUntil)
 		validUntil = strVal(dvalidUntil->arg);
 	if (dpassword)
 		password = strVal(dpassword->arg);
-	if (drolememElts)
+	if (drolemembers)
-		rolememElts = (List *) drolememElts->arg;
+		rolemembers = (List *) drolemembers->arg;
 	/* must be superuser or just want to change your own password */
 	if (!superuser() &&
@ -420,8 +423,7 @@ AlterRole(AlterRoleStmt *stmt)
 		  createdb < 0 &&
 		  canlogin < 0 &&
 		  !validUntil &&
-		  !rolememElts &&
+		  !rolemembers &&
 		  !adminopt &&
 		  password &&
 		  strcmp(GetUserNameFromId(GetUserId()), stmt->role) == 0))
 		ereport(ERROR,
@ -537,12 +539,12 @@ AlterRole(AlterRoleStmt *stmt)
 	if (stmt->action == +1)		/* add members to role */
 		AddRoleMems(stmt->role, roleid,
-					rolememElts, roleNamesToIds(rolememElts),
+					rolemembers, roleNamesToIds(rolemembers),
-					GetUserId(), adminopt);
+					GetUserId(), false);
 	else if (stmt->action == -1)	/* drop members from role */
 		DelRoleMems(stmt->role, roleid,
-					rolememElts, roleNamesToIds(rolememElts),
+					rolemembers, roleNamesToIds(rolemembers),
-					adminopt);
+					false);
 	/*
 	 * Set flag to update flat auth file at commit.
--- a/src/backend/parser/gram.y
+++ b/src/backend/parser/gram.y
@ -11,7 +11,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/parser/gram.y,v 2.499 2005/06/28 05:08:57 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/parser/gram.y,v 2.500 2005/06/28 19:51:22 tgl Exp $
 *
 * HISTORY
 *	  AUTHOR			DATE			MAJOR EVENT
@ -143,10 +143,10 @@ static void doNegateFloat(Value *v);
 		DropGroupStmt DropOpClassStmt DropPLangStmt DropStmt
 		DropAssertStmt DropTrigStmt DropRuleStmt DropCastStmt DropRoleStmt
 		DropUserStmt DropdbStmt DropTableSpaceStmt ExplainStmt FetchStmt
-		GrantRoleStmt GrantStmt IndexStmt InsertStmt ListenStmt LoadStmt
+		GrantStmt GrantRoleStmt IndexStmt InsertStmt ListenStmt LoadStmt
 		LockStmt NotifyStmt ExplainableStmt PreparableStmt
 		CreateFunctionStmt AlterFunctionStmt ReindexStmt RemoveAggrStmt
-		RemoveFuncStmt RemoveOperStmt RenameStmt RevokeRoleStmt RevokeStmt
+		RemoveFuncStmt RemoveOperStmt RenameStmt RevokeStmt RevokeRoleStmt
 		RuleActionStmt RuleActionStmtOrEmpty RuleStmt
 		SelectStmt TransactionStmt TruncateStmt
 		UnlistenStmt UpdateStmt VacuumStmt
@ -170,15 +170,11 @@ static void doNegateFloat(Value *v);
 %type <ival>	opt_lock lock_type cast_context
 %type <boolean>	opt_force opt_or_replace
-				opt_grant_grant_option opt_revoke_grant_option
+				opt_grant_grant_option opt_grant_admin_option
 				opt_alter_admin_option 
 				opt_grant_admin_option opt_revoke_admin_option
 				opt_nowait
 %type <boolean>	like_including_defaults
 %type <list>	role_list
 %type <list>	OptRoleList
 %type <defelt>	OptRoleElem
@ -205,7 +201,7 @@ static void doNegateFloat(Value *v);
 %type <str>		iso_level opt_encoding
 %type <node>	grantee
 %type <list>	grantee_list
-%type <ival>	privilege
+%type <str>		privilege
 %type <list>	privileges privilege_list
 %type <privtarget> privilege_target
 %type <funwithargs> function_with_argtypes
@ -347,8 +343,8 @@ static void doNegateFloat(Value *v);
 	CHARACTER CHARACTERISTICS CHECK CHECKPOINT CLASS CLOSE
 	CLUSTER COALESCE COLLATE COLUMN COMMENT COMMIT
 	COMMITTED CONSTRAINT CONSTRAINTS CONVERSION_P CONVERT COPY CREATE CREATEDB
-	CREATEROLE CREATEUSER CROSS CSV CURRENT_DATE CURRENT_TIME
+	CREATEROLE CREATEUSER CROSS CSV CURRENT_DATE CURRENT_ROLE CURRENT_TIME
-	CURRENT_TIMESTAMP CURRENT_ROLE CURRENT_USER CURSOR CYCLE
+	CURRENT_TIMESTAMP CURRENT_USER CURSOR CYCLE
 	DATABASE DAY_P DEALLOCATE DEC DECIMAL_P DECLARE DEFAULT DEFAULTS
 	DEFERRABLE DEFERRED DEFINER DELETE_P DELIMITER DELIMITERS
@ -375,13 +371,13 @@ static void doNegateFloat(Value *v);
 	LANCOMPILER LANGUAGE LARGE_P  LAST_P LEADING LEAST LEFT LEVEL
 	LIKE LIMIT LISTEN LOAD LOCAL LOCALTIME LOCALTIMESTAMP LOCATION
-	LOCK_P LOGIN
+	LOCK_P LOGIN_P
 	MATCH MAXVALUE MINUTE_P MINVALUE MODE MONTH_P MOVE
 	NAMES NATIONAL NATURAL NCHAR NEW NEXT NO NOCREATEDB
-	NOCREATEROLE NOCREATEUSER NONE NOT NOTHING NOTIFY NOTNULL NOWAIT NULL_P
+	NOCREATEROLE NOCREATEUSER NOLOGIN_P NONE NOT NOTHING NOTIFY
-	NULLIF NUMERIC NOLOGIN
+	NOTNULL NOWAIT NULL_P NULLIF NUMERIC
 	OBJECT_P OF OFF OFFSET OIDS OLD ON ONLY OPERATOR OPTION OR
 	ORDER OUT_P OUTER_P OVERLAPS OVERLAY OWNER
@ -397,7 +393,7 @@ static void doNegateFloat(Value *v);
 	ROLE ROLLBACK ROW ROWS RULE
 	SAVEPOINT SCHEMA SCROLL SECOND_P SECURITY SELECT SEQUENCE
-	SERIALIZABLE SESSION SESSION_ROLE SESSION_USER SET SETOF SHARE
+	SERIALIZABLE SESSION SESSION_USER SET SETOF SHARE
 	SHOW SIMILAR SIMPLE SMALLINT SOME STABLE START STATEMENT
 	STATISTICS STDIN STDOUT STORAGE STRICT_P SUBSTRING SYMMETRIC
 	SYSID SYSTEM_P
@ -407,7 +403,7 @@ static void doNegateFloat(Value *v);
 	TRUNCATE TRUSTED TYPE_P
 	UNCOMMITTED UNENCRYPTED UNION UNIQUE UNKNOWN UNLISTEN UNTIL
-	UPDATE USAGE USER USING
+	UPDATE USER USING
 	VACUUM VALID VALIDATOR VALUES VARCHAR VARYING
 	VERBOSE VIEW VOLATILE
@ -544,8 +540,8 @@ stmt :
 			| ExecuteStmt
 			| ExplainStmt
 			| FetchStmt
 			| GrantRoleStmt
 			| GrantStmt
 			| GrantRoleStmt
 			| IndexStmt
 			| InsertStmt
 			| ListenStmt
@ -558,8 +554,8 @@ stmt :
 			| RemoveFuncStmt
 			| RemoveOperStmt
 			| RenameStmt
 			| RevokeRoleStmt
 			| RevokeStmt
 			| RevokeRoleStmt
 			| RuleStmt
 			| SelectStmt
 			| TransactionStmt
@ -579,7 +575,6 @@ stmt :
 *
 * Create a new Postgres DBMS role
 *
 *
 *****************************************************************************/
 CreateRoleStmt:
@ -597,11 +592,99 @@ opt_with:	WITH									{}
 			| /*EMPTY*/								{}
 		;
 /*
 * Options for CREATE ROLE and ALTER ROLE (also used by CREATE/ALTER USER
 * for backwards compatibility).  Note: the only option required by SQL99
 * is "WITH ADMIN name".
 */
 OptRoleList:
 			OptRoleList OptRoleElem					{ $$ = lappend($1, $2); }
 			| /* EMPTY */							{ $$ = NIL; }
 		;
 OptRoleElem:
 			PASSWORD Sconst
 				{
 					$$ = makeDefElem("password",
 									 (Node *)makeString($2));
 				}
 			| ENCRYPTED PASSWORD Sconst
 				{
 					$$ = makeDefElem("encryptedPassword",
 									 (Node *)makeString($3));
 				}
 			| UNENCRYPTED PASSWORD Sconst
 				{
 					$$ = makeDefElem("unencryptedPassword",
 									 (Node *)makeString($3));
 				}
 			| SYSID Iconst
 				{
 					$$ = makeDefElem("sysid", (Node *)makeInteger($2));
 				}
 			| CREATEDB
 				{
 					$$ = makeDefElem("createdb", (Node *)makeInteger(TRUE));
 				}
 			| NOCREATEDB
 				{
 					$$ = makeDefElem("createdb", (Node *)makeInteger(FALSE));
 				}
 			| CREATEROLE
 				{
 					$$ = makeDefElem("createrole", (Node *)makeInteger(TRUE));
 				}
 			| CREATEUSER
 				{
 					$$ = makeDefElem("createrole", (Node *)makeInteger(TRUE));
 				}
 			| LOGIN_P
 				{
 					$$ = makeDefElem("canlogin", (Node *)makeInteger(TRUE));
 				}
 			| NOCREATEROLE
 				{
 					$$ = makeDefElem("createrole", (Node *)makeInteger(FALSE));
 				}
 			| NOCREATEUSER
 				{
 					$$ = makeDefElem("createrole", (Node *)makeInteger(FALSE));
 				}
 			| NOLOGIN_P
 				{
 					$$ = makeDefElem("canlogin", (Node *)makeInteger(FALSE));
 				}
 			| IN_P ROLE name_list
 				{
 					$$ = makeDefElem("addroleto", (Node *)$3);
 				}
 			| IN_P GROUP_P name_list
 				{
 					$$ = makeDefElem("addroleto", (Node *)$3);
 				}
 			| VALID UNTIL Sconst
 				{
 					$$ = makeDefElem("validUntil", (Node *)makeString($3));
 				}
 			| ADMIN name_list
 				{
 					$$ = makeDefElem("adminmembers", (Node *)$2);
 				}
 			| ROLE name_list
 				{
 					$$ = makeDefElem("rolemembers", (Node *)$2);
 				}
 			| USER name_list
 				{
 					$$ = makeDefElem("rolemembers", (Node *)$2);
 				}
 		;
 /*****************************************************************************
 *
 * Create a new Postgres DBMS user (role with implied login ability)
 *
 *
 *****************************************************************************/
 CreateUserStmt:
@ -609,8 +692,9 @@ CreateUserStmt:
 				{
 					CreateRoleStmt *n = makeNode(CreateRoleStmt);
 					n->role = $3;
-					n->options = $5;
+					n->options = lappend($5,
-					n->options = lappend(n->options,makeDefElem("canlogin", (Node *)makeInteger(TRUE)));
+										 makeDefElem("canlogin",
 													 (Node *)makeInteger(TRUE)));
 					$$ = (Node *)n;
 				}
 		;
@ -620,7 +704,6 @@ CreateUserStmt:
 *
 * Alter a postgresql DBMS role
 *
 *
 *****************************************************************************/
 AlterRoleStmt:
@ -631,24 +714,6 @@ AlterRoleStmt:
 					n->options = $5;
 					$$ = (Node *)n;
 				 }
 			| ALTER ROLE RoleId add_drop ROLE role_list opt_alter_admin_option
 				{
 					AlterRoleStmt *n = makeNode(AlterRoleStmt);
 					n->role = $3;
 					n->action = $4;
 					n->options = lappend(n->options,makeDefElem("rolememElts", (Node *)$6));
 					n->options = lappend(n->options,makeDefElem("adminopt", (Node *)makeInteger($7)));
 					$$ = (Node *)n;
 				}
 		;
 add_drop:	ADD										{ $$ = +1; }
 			| DROP									{ $$ = -1; }
 		;
 opt_alter_admin_option:
 			ADMIN OPTION { $$ = TRUE; }
 			| /*EMPTY*/ { $$ = FALSE; }
 		;
 AlterRoleSetStmt:
@ -668,14 +733,13 @@ AlterRoleSetStmt:
 					n->value = NIL;
 					$$ = (Node *)n;
 				}
-			;
+		;
 /*****************************************************************************
 *
 * Alter a postgresql DBMS user
 *
 *
 *****************************************************************************/
 AlterUserStmt:
@ -719,7 +783,7 @@ AlterUserSetStmt:
 *****************************************************************************/
 DropRoleStmt:
-			DROP ROLE role_list
+			DROP ROLE name_list
 				{
 					DropRoleStmt *n = makeNode(DropRoleStmt);
 					n->roles = $3;
@ -737,7 +801,7 @@ DropRoleStmt:
 *****************************************************************************/
 DropUserStmt:
-			DROP USER role_list
+			DROP USER name_list
 				{
 					DropRoleStmt *n = makeNode(DropRoleStmt);
 					n->roles = $3;
@ -745,96 +809,11 @@ DropUserStmt:
 				}
 			;
 /*
 * Options for CREATE ROLE and ALTER ROLE (also used by CREATE/ALTER USER for backwards compat)
 */
 OptRoleList:
 			OptRoleList OptRoleElem					{ $$ = lappend($1, $2); }
 			| /* EMPTY */							{ $$ = NIL; }
 		;
 OptRoleElem:
 			PASSWORD Sconst
 				{
 					$$ = makeDefElem("password", (Node *)makeString($2));
 				}
 			| ENCRYPTED PASSWORD Sconst
 				{
 					$$ = makeDefElem("encryptedPassword", (Node *)makeString($3));
 				}
 			| UNENCRYPTED PASSWORD Sconst
 				{
 					$$ = makeDefElem("unencryptedPassword", (Node *)makeString($3));
 				}
 			| SYSID Iconst
 				{
 					$$ = makeDefElem("sysid", (Node *)makeInteger($2));
 				}
 			| CREATEDB
 				{
 					$$ = makeDefElem("createdb", (Node *)makeInteger(TRUE));
 				}
 			| NOCREATEDB
 				{
 					$$ = makeDefElem("createdb", (Node *)makeInteger(FALSE));
 				}
 			| CREATEROLE
 				{
 					$$ = makeDefElem("createrole", (Node *)makeInteger(TRUE));
 				}
 			| CREATEUSER
 				{
 					$$ = makeDefElem("createrole", (Node *)makeInteger(TRUE));
 				}
 			| LOGIN
 				{
 					$$ = makeDefElem("canlogin", (Node *)makeInteger(TRUE));
 				}
 			| NOCREATEROLE
 				{
 					$$ = makeDefElem("createrole", (Node *)makeInteger(FALSE));
 				}
 			| NOCREATEUSER
 				{
 					$$ = makeDefElem("createrole", (Node *)makeInteger(FALSE));
 				}
 			| NOLOGIN
 				{
 					$$ = makeDefElem("canlogin", (Node *)makeInteger(FALSE));
 				}
 			| IN_P ROLE role_list
 				{
 					$$ = makeDefElem("roleElts", (Node *)$3);
 				}
 			| IN_P GROUP_P role_list
 				{
 					$$ = makeDefElem("roleElts", (Node *)$3);
 				}
 			| VALID UNTIL Sconst
 				{
 					$$ = makeDefElem("validUntil", (Node *)makeString($3));
 				}
 			| ROLE role_list
 				{
 					$$ = makeDefElem("rolememElts", (Node *)$2);
 				}
 			| USER role_list
 				{
 					$$ = makeDefElem("rolememElts", (Node *)$2);
 				}
 		;
 role_list:	role_list ',' RoleId		{ $$ = lappend($1, makeString($3)); }
 			| RoleId					{ $$ = list_make1(makeString($1)); }
 		;
 /*****************************************************************************
 *
 * Create a postgresql group (role without login ability)
 *
 *
 *****************************************************************************/
 CreateGroupStmt:
@ -852,20 +831,24 @@ CreateGroupStmt:
 *
 * Alter a postgresql group
 *
 *
 *****************************************************************************/
 AlterGroupStmt:
-			ALTER GROUP_P RoleId add_drop USER role_list
+			ALTER GROUP_P RoleId add_drop USER name_list
 				{
 					AlterRoleStmt *n = makeNode(AlterRoleStmt);
 					n->role = $3;
 					n->action = $4;
-					n->options = lappend(n->options,makeDefElem("rolememElts", (Node *)$6));
+					n->options = list_make1(makeDefElem("rolemembers",
 														(Node *)$6));
 					$$ = (Node *)n;
 				}
 		;
 add_drop:	ADD										{ $$ = +1; }
 			| DROP									{ $$ = -1; }
 		;
 /*****************************************************************************
 *
@ -875,7 +858,7 @@ AlterGroupStmt:
 *****************************************************************************/
 DropGroupStmt:
-			DROP GROUP_P role_list
+			DROP GROUP_P name_list
 				{
 					DropRoleStmt *n = makeNode(DropRoleStmt);
 					n->roles = $3;
@ -3116,36 +3099,6 @@ from_in:	FROM									{}
 		;
 /*****************************************************************************
 *
 * GRANT and REVOKE ROLE statements
 *
 *****************************************************************************/
 GrantRoleStmt:	GRANT ROLE role_list TO role_list opt_grant_admin_option
 			opt_granted_by
 				{
 					GrantRoleStmt *n = makeNode(GrantRoleStmt);
 					n->granted_roles = $3;
 					n->grantee_roles = $5;
 					n->is_grant = true;
 					n->admin_opt = $6;
 					n->grantor = $7;
 					$$ = (Node*)n;
 				}
 RevokeRoleStmt:	REVOKE ROLE opt_revoke_admin_option role_list FROM role_list
 			opt_drop_behavior
 				{
 					GrantRoleStmt *n = makeNode(GrantRoleStmt);
 					n->granted_roles = $4;
 					n->grantee_roles = $6;
 					n->is_grant = false;
 					n->admin_opt = $3;
 					n->behavior = $7;
 					$$ = (Node*)n;
 				}
 /*****************************************************************************
 *
 * GRANT and REVOKE statements
@ -3166,54 +3119,70 @@ GrantStmt:	GRANT privileges ON privilege_target TO grantee_list
 				}
 		;
-RevokeStmt: REVOKE opt_revoke_grant_option privileges ON privilege_target
+RevokeStmt:
 			REVOKE privileges ON privilege_target
 			FROM grantee_list opt_drop_behavior
 				{
 					GrantStmt *n = makeNode(GrantStmt);
 					n->is_grant = false;
-					n->privileges = $3;
+					n->grant_option = false;
-					n->objtype = ($5)->objtype;
+					n->privileges = $2;
-					n->objects = ($5)->objs;
+					n->objtype = ($4)->objtype;
-					n->grantees = $7;
+					n->objects = ($4)->objs;
-					n->grant_option = $2;
+					n->grantees = $6;
-					n->behavior = $8;
+					n->behavior = $7;
-
+					$$ = (Node *)n;
 				}
 			| REVOKE GRANT OPTION FOR privileges ON privilege_target
 			FROM grantee_list opt_drop_behavior
 				{
 					GrantStmt *n = makeNode(GrantStmt);
 					n->is_grant = false;
 					n->grant_option = true;
 					n->privileges = $5;
 					n->objtype = ($7)->objtype;
 					n->objects = ($7)->objs;
 					n->grantees = $9;
 					n->behavior = $10;
 					$$ = (Node *)n;
 				}
 		;
-/* either ALL [PRIVILEGES] or a list of individual privileges */
+/*
-privileges: privilege_list				{ $$ = $1; }
+ * A privilege list is represented as a list of strings; the validity of
-			| ALL						{ $$ = list_make1_int(ACL_ALL_RIGHTS); }
+ * the privilege names gets checked at execution.  This is a bit annoying
-			| ALL PRIVILEGES			{ $$ = list_make1_int(ACL_ALL_RIGHTS); }
+ * but we have little choice because of the syntactic conflict with lists
-		;
+ * of role names in GRANT/REVOKE.  What's more, we have to call out in
-
+ * the "privilege" production any reserved keywords that need to be usable
-privilege_list:
+ * as privilege names.
 			privilege								{ $$ = list_make1_int($1); }
 			| privilege_list ',' privilege			{ $$ = lappend_int($1, $3); }
 		;
 /* Not all of these privilege types apply to all objects, but that
 * gets sorted out later.
 */
-privilege:	SELECT									{ $$ = ACL_SELECT; }
+
-			| INSERT								{ $$ = ACL_INSERT; }
+/* either ALL [PRIVILEGES] or a list of individual privileges */
-			| UPDATE								{ $$ = ACL_UPDATE; }
+privileges: privilege_list
-			| DELETE_P								{ $$ = ACL_DELETE; }
+				{ $$ = $1; }
-			| RULE									{ $$ = ACL_RULE; }
+			| ALL
-			| REFERENCES							{ $$ = ACL_REFERENCES; }
+				{ $$ = NIL; }
-			| TRIGGER								{ $$ = ACL_TRIGGER; }
+			| ALL PRIVILEGES
-			| EXECUTE								{ $$ = ACL_EXECUTE; }
+				{ $$ = NIL; }
-			| USAGE									{ $$ = ACL_USAGE; }
+		;
-			| CREATE								{ $$ = ACL_CREATE; }
+
-			| TEMPORARY								{ $$ = ACL_CREATE_TEMP; }
+privilege_list:	privilege
-			| TEMP									{ $$ = ACL_CREATE_TEMP; }
+					{ $$ = list_make1(makeString($1)); }
 			| privilege_list ',' privilege
 					{ $$ = lappend($1, makeString($3)); }
 		;
 privilege:	SELECT									{ $$ = pstrdup($1); }
 			| REFERENCES							{ $$ = pstrdup($1); }
 			| CREATE								{ $$ = pstrdup($1); }
 			| ColId									{ $$ = $1; }
 		;
 /* Don't bother trying to fold the first two rules into one using
-   opt_table.  You're going to get conflicts. */
+ * opt_table.  You're going to get conflicts.
 */
 privilege_target:
 			qualified_name_list
 				{
@ -3300,27 +3269,6 @@ opt_grant_grant_option:
 			| /*EMPTY*/ { $$ = FALSE; }
 		;
 opt_grant_admin_option:
 			WITH ADMIN OPTION { $$ = TRUE; }
 			| /*EMPTY*/ { $$ = FALSE; }
 		;
 opt_granted_by:
 			GRANTED BY RoleId { $$ = $3; }
 			| /*EMPTY*/ { $$ = NULL; }
 		;
 opt_revoke_grant_option:
 			GRANT OPTION FOR { $$ = TRUE; }
 			| /*EMPTY*/ { $$ = FALSE; }
 		;
 opt_revoke_admin_option:
 			ADMIN OPTION FOR { $$ = TRUE; }
 			| /*EMPTY*/ { $$ = FALSE; }
 		;
 function_with_argtypes_list:
 			function_with_argtypes					{ $$ = list_make1($1); }
 			| function_with_argtypes_list ',' function_with_argtypes
@ -3337,6 +3285,56 @@ function_with_argtypes:
 				}
 		;
 /*****************************************************************************
 *
 * GRANT and REVOKE ROLE statements
 *
 *****************************************************************************/
 GrantRoleStmt:
 			GRANT privilege_list TO name_list opt_grant_admin_option opt_granted_by
 				{
 					GrantRoleStmt *n = makeNode(GrantRoleStmt);
 					n->is_grant = true;
 					n->granted_roles = $2;
 					n->grantee_roles = $4;
 					n->admin_opt = $5;
 					n->grantor = $6;
 					$$ = (Node*)n;
 				}
 		;
 RevokeRoleStmt:
 			REVOKE privilege_list FROM name_list opt_granted_by opt_drop_behavior
 				{
 					GrantRoleStmt *n = makeNode(GrantRoleStmt);
 					n->is_grant = false;
 					n->admin_opt = false;
 					n->granted_roles = $2;
 					n->grantee_roles = $4;
 					n->behavior = $6;
 					$$ = (Node*)n;
 				}
 			| REVOKE ADMIN OPTION FOR privilege_list FROM name_list opt_granted_by opt_drop_behavior
 				{
 					GrantRoleStmt *n = makeNode(GrantRoleStmt);
 					n->is_grant = false;
 					n->admin_opt = true;
 					n->granted_roles = $5;
 					n->grantee_roles = $7;
 					n->behavior = $9;
 					$$ = (Node*)n;
 				}
 		;
 opt_grant_admin_option: WITH ADMIN OPTION				{ $$ = TRUE; }
 			| /*EMPTY*/									{ $$ = FALSE; }
 		;
 opt_granted_by: GRANTED BY RoleId						{ $$ = $3; }
 			| /*EMPTY*/									{ $$ = NULL; }
 		;
 /*****************************************************************************
 *
@ -7066,24 +7064,6 @@ func_expr:	func_name '(' ')'
 					n->agg_distinct = FALSE;
 					$$ = (Node *)n;
 				}
 			| SESSION_ROLE
 				{
 					FuncCall *n = makeNode(FuncCall);
 					n->funcname = SystemFuncName("session_user");
 					n->args = NIL;
 					n->agg_star = FALSE;
 					n->agg_distinct = FALSE;
 					$$ = (Node *)n;
 				}
 			| ROLE
 				{
 					FuncCall *n = makeNode(FuncCall);
 					n->funcname = SystemFuncName("current_user");
 					n->args = NIL;
 					n->agg_star = FALSE;
 					n->agg_distinct = FALSE;
 					$$ = (Node *)n;
 				}
 			| CURRENT_USER
 				{
 					FuncCall *n = makeNode(FuncCall);
@ -7928,6 +7908,7 @@ unreserved_keyword:
 			| ACCESS
 			| ACTION
 			| ADD
 			| ADMIN
 			| AFTER
 			| AGGREGATE
 			| ALSO
@ -7988,6 +7969,7 @@ unreserved_keyword:
 			| FORWARD
 			| FUNCTION
 			| GLOBAL
 			| GRANTED
 			| HANDLER
 			| HEADER
 			| HOLD
@ -8016,7 +7998,7 @@ unreserved_keyword:
 			| LOCAL
 			| LOCATION
 			| LOCK_P
-			| LOGIN
+			| LOGIN_P
 			| MATCH
 			| MAXVALUE
 			| MINUTE_P
@ -8030,7 +8012,7 @@ unreserved_keyword:
 			| NOCREATEDB
 			| NOCREATEROLE
 			| NOCREATEUSER
-			| NOLOGIN
+			| NOLOGIN_P
 			| NOTHING
 			| NOTIFY
 			| NOWAIT
@ -8063,6 +8045,7 @@ unreserved_keyword:
 			| RESTRICT
 			| RETURNS
 			| REVOKE
 			| ROLE
 			| ROLLBACK
 			| ROWS
 			| RULE
@ -8104,7 +8087,6 @@ unreserved_keyword:
 			| UNLISTEN
 			| UNTIL
 			| UPDATE
 			| USAGE
 			| VACUUM
 			| VALID
 			| VALIDATOR
@ -8228,9 +8210,9 @@ reserved_keyword:
 			| CONSTRAINT
 			| CREATE
 			| CURRENT_DATE
 			| CURRENT_ROLE
 			| CURRENT_TIME
 			| CURRENT_TIMESTAMP
 			| CURRENT_ROLE
 			| CURRENT_USER
 			| DEFAULT
 			| DEFERRABLE
@ -8269,7 +8251,6 @@ reserved_keyword:
 			| PRIMARY
 			| REFERENCES
 			| SELECT
 			| SESSION_ROLE
 			| SESSION_USER
 			| SOME
 			| SYMMETRIC
@ -8280,7 +8261,6 @@ reserved_keyword:
 			| TRUE_P
 			| UNION
 			| UNIQUE
 			| ROLE
 			| USER
 			| USING
 			| WHEN
--- a/src/backend/parser/keywords.c
+++ b/src/backend/parser/keywords.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/parser/keywords.c,v 1.160 2005/06/28 05:08:58 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/parser/keywords.c,v 1.161 2005/06/28 19:51:22 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -35,6 +35,7 @@ static const ScanKeyword ScanKeywords[] = {
 	{"access", ACCESS},
 	{"action", ACTION},
 	{"add", ADD},
 	{"admin", ADMIN},
 	{"after", AFTER},
 	{"aggregate", AGGREGATE},
 	{"all", ALL},
@ -89,10 +90,12 @@ static const ScanKeyword ScanKeywords[] = {
 	{"copy", COPY},
 	{"create", CREATE},
 	{"createdb", CREATEDB},
 	{"createrole", CREATEROLE},
 	{"createuser", CREATEUSER},
 	{"cross", CROSS},
 	{"csv", CSV},
 	{"current_date", CURRENT_DATE},
 	{"current_role", CURRENT_ROLE},
 	{"current_time", CURRENT_TIME},
 	{"current_timestamp", CURRENT_TIMESTAMP},
 	{"current_user", CURRENT_USER},
@ -146,6 +149,7 @@ static const ScanKeyword ScanKeywords[] = {
 	{"function", FUNCTION},
 	{"global", GLOBAL},
 	{"grant", GRANT},
 	{"granted", GRANTED},
 	{"greatest", GREATEST},
 	{"group", GROUP_P},
 	{"handler", HANDLER},
@ -197,6 +201,7 @@ static const ScanKeyword ScanKeywords[] = {
 	{"localtimestamp", LOCALTIMESTAMP},
 	{"location", LOCATION},
 	{"lock", LOCK_P},
 	{"login", LOGIN_P},
 	{"match", MATCH},
 	{"maxvalue", MAXVALUE},
 	{"minute", MINUTE_P},
@ -212,7 +217,9 @@ static const ScanKeyword ScanKeywords[] = {
 	{"next", NEXT},
 	{"no", NO},
 	{"nocreatedb", NOCREATEDB},
 	{"nocreaterole", NOCREATEROLE},
 	{"nocreateuser", NOCREATEUSER},
 	{"nologin", NOLOGIN_P},
 	{"none", NONE},
 	{"not", NOT},
 	{"nothing", NOTHING},
@ -331,7 +338,6 @@ static const ScanKeyword ScanKeywords[] = {
 	{"unlisten", UNLISTEN},
 	{"until", UNTIL},
 	{"update", UPDATE},
 	{"usage", USAGE},
 	{"user", USER},
 	{"using", USING},
 	{"vacuum", VACUUM},
--- a/src/backend/utils/adt/acl.c
+++ b/src/backend/utils/adt/acl.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.115 2005/06/28 05:09:00 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.116 2005/06/28 19:51:23 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -2414,7 +2414,7 @@ convert_tablespace_priv_string(text *priv_type_text)
 }
 void
-InitializeAcl(void)
+initialize_acl(void)
 {
 	if (!IsBootstrapProcessingMode())
 	{
--- a/src/backend/utils/init/postinit.c
+++ b/src/backend/utils/init/postinit.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/utils/init/postinit.c,v 1.150 2005/06/28 05:09:02 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/utils/init/postinit.c,v 1.151 2005/06/28 19:51:23 tgl Exp $
 *
 *
 *-------------------------------------------------------------------------
@ -471,7 +471,7 @@ InitPostgres(const char *dbname, const char *username)
 	InitializeSearchPath();
 	/* set up ACL framework (currently just sets RolMemCache callback) */
-	InitializeAcl();
+	initialize_acl();
 	/* initialize client encoding */
 	InitializeClientEncoding();
--- a/src/include/nodes/parsenodes.h
+++ b/src/include/nodes/parsenodes.h
@ -7,7 +7,7 @@
 * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/include/nodes/parsenodes.h,v 1.284 2005/06/28 05:09:13 tgl Exp $
+ * $PostgreSQL: pgsql/src/include/nodes/parsenodes.h,v 1.285 2005/06/28 19:51:24 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -29,7 +29,7 @@ typedef enum QuerySource
 /*
 * Grantable rights are encoded so that we can OR them together in a bitmask.
- * The present representation of AclItem limits us to 15 distinct rights,
+ * The present representation of AclItem limits us to 16 distinct rights,
 * even though AclMode is defined as uint32.  See utils/acl.h.
 *
 * Caution: changing these codes breaks stored ACLs, hence forces initdb.
@ -48,7 +48,6 @@ typedef uint32 AclMode;			/* a bitmask of privilege bits */
 #define ACL_CREATE		(1<<9)	/* for namespaces and databases */
 #define ACL_CREATE_TEMP (1<<10) /* for databases */
 #define N_ACL_RIGHTS	11		/* 1 plus the last 1<<x */
 #define ACL_ALL_RIGHTS	(-1)	/* all-privileges marker in GRANT list */
 #define ACL_NO_RIGHTS	0
 /* Currently, SELECT ... FOR UPDATE/FOR SHARE requires UPDATE privileges */
 #define ACL_SELECT_FOR_UPDATE	ACL_UPDATE
@ -886,7 +885,8 @@ typedef struct GrantStmt
 	List	   *objects;		/* list of RangeVar nodes, FuncWithArgs
 								 * nodes, or plain names (as Value
 								 * strings) */
-	List	   *privileges;		/* integer list of privilege codes */
+	List	   *privileges;		/* list of privilege names (as Strings) */
 	/* privileges == NIL denotes "all privileges" */
 	List	   *grantees;		/* list of PrivGrantee nodes */
 	bool		grant_option;	/* grant or revoke grant option */
 	DropBehavior behavior;		/* drop behavior (for REVOKE) */
--- a/src/include/storage/pmsignal.h
+++ b/src/include/storage/pmsignal.h
@ -7,7 +7,7 @@
 * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/include/storage/pmsignal.h,v 1.11 2004/12/31 22:03:42 pgsql Exp $
+ * $PostgreSQL: pgsql/src/include/storage/pmsignal.h,v 1.12 2005/06/28 19:51:25 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -22,7 +22,7 @@
 */
 typedef enum
 {
-	PMSIGNAL_PASSWORD_CHANGE,	/* pg_pwd file has changed */
+	PMSIGNAL_PASSWORD_CHANGE,	/* pg_auth file has changed */
 	PMSIGNAL_WAKEN_CHILDREN,	/* send a SIGUSR1 signal to all backends */
 	PMSIGNAL_WAKEN_ARCHIVER,	/* send a NOTIFY signal to xlog archiver */
--- a/src/include/utils/acl.h
+++ b/src/include/utils/acl.h
@ -7,7 +7,7 @@
 * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/include/utils/acl.h,v 1.78 2005/06/28 05:09:13 tgl Exp $
+ * $PostgreSQL: pgsql/src/include/utils/acl.h,v 1.79 2005/06/28 19:51:25 tgl Exp $
 *
 * NOTES
 *	  An ACL array is simply an array of AclItems, representing the union
@ -211,7 +211,7 @@ extern AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId,
 extern bool is_member_of_role(Oid member, Oid role);
-extern void InitializeAcl(void);
+extern void initialize_acl(void);
 /*
 * SQL functions (from acl.c)
--- a/src/test/regress/expected/rules.out
+++ b/src/test/regress/expected/rules.out
@ -1279,7 +1279,7 @@ SELECT viewname, definition FROM pg_views WHERE schemaname <> 'information_schem
 iexit                    | SELECT ih.name, ih.thepath, interpt_pp(ih.thepath, r.thepath) AS exit FROM ihighway ih, ramp r WHERE (ih.thepath ## r.thepath);
 pg_group                 | SELECT pg_authid.rolname AS groname, pg_authid.oid AS grosysid, ARRAY(SELECT pg_auth_members.member FROM pg_auth_members WHERE (pg_auth_members.roleid = pg_authid.oid)) AS grolist FROM pg_authid WHERE (NOT pg_authid.rolcanlogin);
 pg_indexes               | SELECT n.nspname AS schemaname, c.relname AS tablename, i.relname AS indexname, t.spcname AS "tablespace", pg_get_indexdef(i.oid) AS indexdef FROM ((((pg_index x JOIN pg_class c ON ((c.oid = x.indrelid))) JOIN pg_class i ON ((i.oid = x.indexrelid))) LEFT JOIN pg_namespace n ON ((n.oid = c.relnamespace))) LEFT JOIN pg_tablespace t ON ((t.oid = i.reltablespace))) WHERE ((c.relkind = 'r'::"char") AND (i.relkind = 'i'::"char"));
- pg_locks                 | SELECT l.locktype, l."database", l.relation, l.page, l.tuple, l.transactionid, l.classid, l.objid, l.objsubid, l."transaction", l.pid, l."mode", l.granted FROM pg_lock_status() l(locktype text, "database" oid, relation oid, page integer, tuple smallint, transactionid xid, classid oid, objid oid, objsubid smallint, "transaction" xid, pid integer, "mode" text, granted boolean);
+ pg_locks                 | SELECT l.locktype, l."database", l.relation, l.page, l.tuple, l.transactionid, l.classid, l.objid, l.objsubid, l."transaction", l.pid, l."mode", l."granted" FROM pg_lock_status() l(locktype text, "database" oid, relation oid, page integer, tuple smallint, transactionid xid, classid oid, objid oid, objsubid smallint, "transaction" xid, pid integer, "mode" text, "granted" boolean);
 pg_prepared_xacts        | SELECT p."transaction", p.gid, p."prepared", u.rolname AS "owner", d.datname AS "database" FROM ((pg_prepared_xact() p("transaction" xid, gid text, "prepared" timestamp with time zone, ownerid oid, dbid oid) LEFT JOIN pg_authid u ON ((p.ownerid = u.oid))) LEFT JOIN pg_database d ON ((p.dbid = d.oid)));
 pg_roles                 | SELECT pg_authid.rolname, pg_authid.rolsuper, pg_authid.rolcreaterole, pg_authid.rolcreatedb, pg_authid.rolcatupdate, pg_authid.rolcanlogin, '********'::text AS rolpassword, pg_authid.rolvaliduntil, pg_authid.rolconfig FROM pg_authid;
 pg_rules                 | SELECT n.nspname AS schemaname, c.relname AS tablename, r.rulename, pg_get_ruledef(r.oid) AS definition FROM ((pg_rewrite r JOIN pg_class c ON ((c.oid = r.ev_class))) LEFT JOIN pg_namespace n ON ((n.oid = c.relnamespace))) WHERE (r.rulename <> '_RETURN'::name);