Code cleanup of user name and user id handling in the backend. The current

user is now defined in terms of the user id, the user name is only computed
upon request (for display purposes). This is kind of the opposite of the
previous state, which would maintain the user name and compute the user id
for permission checks.

Besides perhaps saving a few cycles (integer vs string), this now creates a
single point of attack for changing the user id during a connection, for
purposes of "setuid" functions, etc.

11 files changed, 57 insertions, 98 deletions

diff --git a/src/backend/commands/analyze.c b/src/backend/commands/analyze.c
index 1747132f8a7..048d4b1df9d 100644
--- a/src/backend/commands/analyze.c
+++ b/src/backend/commands/analyze.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/analyze.c,v 1.5 2000/08/21 17:22:32 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/analyze.c,v 1.6 2000/09/06 14:15:16 petere Exp $
  *
 
  *-------------------------------------------------------------------------
@@ -99,7 +99,7 @@ analyze_rel(Oid relid, List *anal_cols2, int MESSAGE_LEVEL)
 	onerel = heap_open(relid, AccessShareLock);
 
 #ifndef NO_SECURITY
-	if (!pg_ownercheck(GetPgUserName(), RelationGetRelationName(onerel),
+	if (!pg_ownercheck(GetUserId(), RelationGetRelationName(onerel),
 					   RELNAME))
 	{
 		/* we already did an elog during vacuum
diff --git a/src/backend/commands/command.c b/src/backend/commands/command.c
index 97b3563d9fc..054b76e480d 100644
--- a/src/backend/commands/command.c
+++ b/src/backend/commands/command.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.97 2000/08/29 04:20:43 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.98 2000/09/06 14:15:16 petere Exp $
  *
  * NOTES
  *	  The PerformAddAttribute() code, like most of the relation
@@ -308,7 +308,7 @@ AlterTableAddColumn(const char *relationName,
 		elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
 			 relationName);
 #ifndef NO_SECURITY
-	if (!pg_ownercheck(UserName, relationName, RELNAME))
+	if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
 		elog(ERROR, "ALTER TABLE: permission denied");
 #endif
 
@@ -523,7 +523,7 @@ AlterTableAlterColumn(const char *relationName,
 		elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
 			 relationName);
 #ifndef NO_SECURITY
-	if (!pg_ownercheck(UserName, relationName, RELNAME))
+	if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
 		elog(ERROR, "ALTER TABLE: permission denied");
 #endif
 
@@ -935,7 +935,7 @@ AlterTableDropColumn(const char *relationName,
 		elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog",
 			 relationName);
 #ifndef NO_SECURITY
-	if (!pg_ownercheck(UserName, relationName, RELNAME))
+	if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
 		elog(ERROR, "ALTER TABLE: permission denied");
 #endif
 
@@ -1095,7 +1095,7 @@ AlterTableAddConstraint(char *relationName,
 		elog(ERROR, "ALTER TABLE / ADD CONSTRAINT passed invalid constraint.");
 
 #ifndef NO_SECURITY
-	if (!pg_ownercheck(UserName, relationName, RELNAME))
+	if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
 		elog(ERROR, "ALTER TABLE: permission denied");
 #endif
 
@@ -1484,7 +1484,7 @@ AlterTableCreateToastTable(const char *relationName, bool silent)
 	 * permissions checking.  XXX exactly what is appropriate here?
 	 */
 #ifndef NO_SECURITY
-	if (!pg_ownercheck(UserName, relationName, RELNAME))
+	if (!pg_ownercheck(GetUserId(), relationName, RELNAME))
 		elog(ERROR, "ALTER TABLE: permission denied");
 #endif
 
@@ -1723,9 +1723,9 @@ LockTableCommand(LockStmt *lockstmt)
 	rel = heap_openr(lockstmt->relname, NoLock);
 
 	if (lockstmt->mode == AccessShareLock)
-		aclresult = pg_aclcheck(lockstmt->relname, GetPgUserName(), ACL_RD);
+		aclresult = pg_aclcheck(lockstmt->relname, GetUserId(), ACL_RD);
 	else
-		aclresult = pg_aclcheck(lockstmt->relname, GetPgUserName(), ACL_WR);
+		aclresult = pg_aclcheck(lockstmt->relname, GetUserId(), ACL_WR);
 
 	if (aclresult != ACLCHECK_OK)
 		elog(ERROR, "LOCK TABLE: permission denied");
diff --git a/src/backend/commands/comment.c b/src/backend/commands/comment.c
index c76912f332a..87c7d84727d 100644
--- a/src/backend/commands/comment.c
+++ b/src/backend/commands/comment.c
@@ -281,7 +281,7 @@ CommentRelation(int reltype, char *relname, char *comment)
 	/*** First, check object security ***/
 
 #ifndef NO_SECURITY
-	if (!pg_ownercheck(GetPgUserName(), relname, RELNAME))
+	if (!pg_ownercheck(GetUserId(), relname, RELNAME))
 		elog(ERROR, "you are not permitted to comment on class '%s'", relname);
 #endif
 
@@ -347,7 +347,7 @@ CommentAttribute(char *relname, char *attrname, char *comment)
 	/*** First, check object security ***/
 
 #ifndef NO_SECURITY
-	if (!pg_ownercheck(GetPgUserName(), relname, RELNAME))
+	if (!pg_ownercheck(GetUserId(), relname, RELNAME))
 		elog(ERROR, "you are not permitted to comment on class '%s\'", relname);
 #endif
 
@@ -395,9 +395,8 @@ CommentDatabase(char *database, char *comment)
 	HeapScanDesc scan;
 	Oid			oid;
 	bool		superuser;
-	int4		dba,
-				userid;
-	char	   *username;
+	int4		dba;
+	Oid		userid;
 
 	/*** First find the tuple in pg_database for the database ***/
 
@@ -416,12 +415,11 @@ CommentDatabase(char *database, char *comment)
 
 	/*** Now, fetch user information ***/
 
-	username = GetPgUserName();
-	usertuple = SearchSysCacheTuple(SHADOWNAME, PointerGetDatum(username),
+	userid = GetUserId();
+	usertuple = SearchSysCacheTuple(SHADOWSYSID, ObjectIdGetDatum(userid),
 									0, 0, 0);
 	if (!HeapTupleIsValid(usertuple))
-		elog(ERROR, "current user '%s' does not exist", username);
-	userid = ((Form_pg_shadow) GETSTRUCT(usertuple))->usesysid;
+		elog(ERROR, "invalid user id %u", (unsigned) userid);
 	superuser = ((Form_pg_shadow) GETSTRUCT(usertuple))->usesuper;
 
 	/*** Allow if the userid matches the database dba or is a superuser ***/
@@ -461,16 +459,14 @@ CommentRewrite(char *rule, char *comment)
 
 	HeapTuple	rewritetuple;
 	Oid			oid;
-	char	   *user,
-			   *relation;
+	char	   *relation;
 	int			aclcheck;
 
 	/*** First, validate user ***/
 
 #ifndef NO_SECURITY
-	user = GetPgUserName();
 	relation = RewriteGetRuleEventRel(rule);
-	aclcheck = pg_aclcheck(relation, user, ACL_RU);
+	aclcheck = pg_aclcheck(relation, GetUserId(), ACL_RU);
 	if (aclcheck != ACLCHECK_OK)
 	{
 		elog(ERROR, "you are not permitted to comment on rule '%s'",
@@ -510,13 +506,11 @@ CommentType(char *type, char *comment)
 
 	HeapTuple	typetuple;
 	Oid			oid;
-	char	   *user;
 
 	/*** First, validate user ***/
 
 #ifndef NO_SECURITY
-	user = GetPgUserName();
-	if (!pg_ownercheck(user, type, TYPENAME))
+	if (!pg_ownercheck(GetUserId(), type, TYPENAME))
 	{
 		elog(ERROR, "you are not permitted to comment on type '%s'",
 			 type);
@@ -556,7 +550,6 @@ CommentAggregate(char *aggregate, char *argument, char *comment)
 	Oid			baseoid,
 				oid;
 	bool		defined;
-	char	   *user;
 
 	/*** First, attempt to determine the base aggregate oid ***/
 
@@ -572,8 +565,7 @@ CommentAggregate(char *aggregate, char *argument, char *comment)
 	/*** Next, validate the user's attempt to comment ***/
 
 #ifndef NO_SECURITY
-	user = GetPgUserName();
-	if (!pg_aggr_ownercheck(user, aggregate, baseoid))
+	if (!pg_aggr_ownercheck(GetUserId(), aggregate, baseoid))
 	{
 		if (argument)
 		{
@@ -629,8 +621,7 @@ CommentProc(char *function, List *arguments, char *comment)
 				functuple;
 	Oid			oid,
 				argoids[FUNC_MAX_ARGS];
-	char	   *user,
-			   *argument;
+	char	   *argument;
 	int			i,
 				argcount;
 
@@ -662,8 +653,7 @@ CommentProc(char *function, List *arguments, char *comment)
 	/*** Now, validate the user's ability to comment on this function ***/
 
 #ifndef NO_SECURITY
-	user = GetPgUserName();
-	if (!pg_func_ownercheck(user, function, argcount, argoids))
+	if (!pg_func_ownercheck(GetUserId(), function, argcount, argoids))
 		elog(ERROR, "you are not permitted to comment on function '%s'",
 			 function);
 #endif
@@ -708,7 +698,6 @@ CommentOperator(char *opername, List *arguments, char *comment)
 				rightoid = InvalidOid;
 	bool		defined;
 	char		oprtype = 0,
-			   *user,
 			   *lefttype = NULL,
 			   *righttype = NULL;
 
@@ -762,8 +751,7 @@ CommentOperator(char *opername, List *arguments, char *comment)
 	/*** Valid user's ability to comment on this operator ***/
 
 #ifndef NO_SECURITY
-	user = GetPgUserName();
-	if (!pg_ownercheck(user, (char *) ObjectIdGetDatum(oid), OPEROID))
+	if (!pg_ownercheck(GetUserId(), (char *) ObjectIdGetDatum(oid), OPEROID))
 	{
 		elog(ERROR, "you are not permitted to comment on operator '%s'",
 			 opername);
@@ -805,13 +793,11 @@ CommentTrigger(char *trigger, char *relname, char *comment)
 	HeapScanDesc scan;
 	ScanKeyData entry;
 	Oid			oid = InvalidOid;
-	char	   *user;
 
 	/*** First, validate the user's action ***/
 
 #ifndef NO_SECURITY
-	user = GetPgUserName();
-	if (!pg_ownercheck(user, relname, RELNAME))
+	if (!pg_ownercheck(GetUserId(), relname, RELNAME))
 	{
 		elog(ERROR, "you are not permitted to comment on trigger '%s' %s '%s'",
 			 trigger, "defined for relation", relname);
diff --git a/src/backend/commands/copy.c b/src/backend/commands/copy.c
index 4b81a35c122..ea90e0f2e04 100644
--- a/src/backend/commands/copy.c
+++ b/src/backend/commands/copy.c
@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.121 2000/08/22 04:06:21 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.122 2000/09/06 14:15:16 petere Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -272,7 +272,6 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
 
 	FILE	   *fp;
 	Relation	rel;
-	extern char *UserName;		/* defined in global.c */
 	const AclMode required_access = from ? ACL_WR : ACL_RD;
 	int			result;
 
@@ -281,7 +280,7 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
 	 */
 	rel = heap_openr(relname, (from ? RowExclusiveLock : AccessShareLock));
 
-	result = pg_aclcheck(relname, UserName, required_access);
+	result = pg_aclcheck(relname, GetUserId(), required_access);
 	if (result != ACLCHECK_OK)
 		elog(ERROR, "%s: %s", relname, aclcheck_error_strings[result]);
 	if (!pipe && !superuser())
diff --git a/src/backend/commands/dbcommands.c b/src/backend/commands/dbcommands.c
index 1c2df9c5eb8..f320979af99 100644
--- a/src/backend/commands/dbcommands.c
+++ b/src/backend/commands/dbcommands.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/dbcommands.c,v 1.59 2000/08/03 16:34:01 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/dbcommands.c,v 1.60 2000/09/06 14:15:16 petere Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -37,7 +37,7 @@
 
 /* non-export function prototypes */
 static bool
-			get_user_info(const char *name, int4 *use_sysid, bool *use_super, bool *use_createdb);
+			get_user_info(Oid use_sysid, bool *use_super, bool *use_createdb);
 
 static bool
 			get_db_info(const char *name, char *dbpath, Oid *dbIdP, int4 *ownerIdP);
@@ -54,7 +54,6 @@ createdb(const char *dbname, const char *dbpath, int encoding)
 	char		buf[2 * MAXPGPATH + 100];
 	char	   *loc;
 	char		locbuf[512];
-	int4		user_id;
 	int			ret;
 	bool		use_super,
 				use_createdb;
@@ -64,7 +63,7 @@ createdb(const char *dbname, const char *dbpath, int encoding)
 	Datum		new_record[Natts_pg_database];
 	char		new_record_nulls[Natts_pg_database] = {' ', ' ', ' ', ' '};
 
-	if (!get_user_info(GetPgUserName(), &user_id, &use_super, &use_createdb))
+	if (!get_user_info(GetUserId(), &use_super, &use_createdb))
 		elog(ERROR, "current user name is invalid");
 
 	if (!use_createdb && !use_super)
@@ -100,7 +99,7 @@ createdb(const char *dbname, const char *dbpath, int encoding)
 	/* Form tuple */
 	new_record[Anum_pg_database_datname - 1] = DirectFunctionCall1(namein,
 													CStringGetDatum(dbname));
-	new_record[Anum_pg_database_datdba - 1] = Int32GetDatum(user_id);
+	new_record[Anum_pg_database_datdba - 1] = Int32GetDatum(GetUserId());
 	new_record[Anum_pg_database_encoding - 1] = Int32GetDatum(encoding);
 	new_record[Anum_pg_database_datpath - 1] = DirectFunctionCall1(textin,
 													CStringGetDatum(locbuf));
@@ -174,8 +173,7 @@ createdb(const char *dbname, const char *dbpath, int encoding)
 void
 dropdb(const char *dbname)
 {
-	int4		user_id,
-				db_owner;
+	int4		db_owner;
 	bool		use_super;
 	Oid			db_id;
 	char	   *path,
@@ -197,13 +195,13 @@ dropdb(const char *dbname)
 	if (IsTransactionBlock())
 		elog(ERROR, "DROP DATABASE: May not be called in a transaction block");
 
-	if (!get_user_info(GetPgUserName(), &user_id, &use_super, NULL))
+	if (!get_user_info(GetUserId(), &use_super, NULL))
 		elog(ERROR, "Current user name is invalid");
 
 	if (!get_db_info(dbname, dbpath, &db_id, &db_owner))
 		elog(ERROR, "DROP DATABASE: Database \"%s\" does not exist", dbname);
 
-	if (user_id != db_owner && !use_super)
+	if (GetUserId() != db_owner && !use_super)
 		elog(ERROR, "DROP DATABASE: Permission denied");
 
 	path = ExpandDatabasePath(dbpath);
@@ -374,20 +372,17 @@ get_db_info(const char *name, char *dbpath, Oid *dbIdP, int4 *ownerIdP)
 
 
 static bool
-get_user_info(const char *name, int4 *use_sysid, bool *use_super, bool *use_createdb)
+get_user_info(Oid use_sysid, bool *use_super, bool *use_createdb)
 {
 	HeapTuple	utup;
 
-	AssertArg(name);
-	utup = SearchSysCacheTuple(SHADOWNAME,
-							   PointerGetDatum(name),
+	utup = SearchSysCacheTuple(SHADOWSYSID,
+							   ObjectIdGetDatum(use_sysid),
 							   0, 0, 0);
 
 	if (!HeapTupleIsValid(utup))
 		return false;
 
-	if (use_sysid)
-		*use_sysid = ((Form_pg_shadow) GETSTRUCT(utup))->usesysid;
 	if (use_super)
 		*use_super = ((Form_pg_shadow) GETSTRUCT(utup))->usesuper;
 	if (use_createdb)
diff --git a/src/backend/commands/indexcmds.c b/src/backend/commands/indexcmds.c
index 0fb1129f731..64cdf840f06 100644
--- a/src/backend/commands/indexcmds.c
+++ b/src/backend/commands/indexcmds.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.37 2000/08/20 00:44:19 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/indexcmds.c,v 1.38 2000/09/06 14:15:16 petere Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -697,15 +697,11 @@ ReindexDatabase(const char *dbname, bool force, bool all)
 {
 	Relation	relation,
 				relationRelation;
-	HeapTuple	usertuple,
-				dbtuple,
+	HeapTuple	dbtuple,
 				tuple;
 	HeapScanDesc scan;
-	int4		user_id,
-				db_owner;
-	bool		superuser;
+	int4		db_owner;
 	Oid			db_id;
-	char	   *username;
 	ScanKeyData scankey;
 	MemoryContext private_context;
 	MemoryContext old;
@@ -717,14 +713,6 @@ ReindexDatabase(const char *dbname, bool force, bool all)
 
 	AssertArg(dbname);
 
-	username = GetPgUserName();
-	usertuple = SearchSysCacheTuple(SHADOWNAME, PointerGetDatum(username),
-									0, 0, 0);
-	if (!HeapTupleIsValid(usertuple))
-		elog(ERROR, "Current user \"%s\" is invalid.", username);
-	user_id = ((Form_pg_shadow) GETSTRUCT(usertuple))->usesysid;
-	superuser = ((Form_pg_shadow) GETSTRUCT(usertuple))->usesuper;
-
 	relation = heap_openr(DatabaseRelationName, AccessShareLock);
 	ScanKeyEntryInitialize(&scankey, 0, Anum_pg_database_datname,
 						   F_NAMEEQ, NameGetDatum(dbname));
@@ -737,7 +725,7 @@ ReindexDatabase(const char *dbname, bool force, bool all)
 	heap_endscan(scan);
 	heap_close(relation, NoLock);
 
-	if (user_id != db_owner && !superuser)
+	if (GetUserId() != db_owner && !superuser())
 		elog(ERROR, "REINDEX DATABASE: Permission denied.");
 
 	if (db_id != MyDatabaseId)
diff --git a/src/backend/commands/remove.c b/src/backend/commands/remove.c
index 75f3356289d..f0958ab393c 100644
--- a/src/backend/commands/remove.c
+++ b/src/backend/commands/remove.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/remove.c,v 1.50 2000/07/04 06:11:29 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/remove.c,v 1.51 2000/09/06 14:15:16 petere Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -47,7 +47,6 @@ RemoveOperator(char *operatorName,		/* operator name */
 	Oid			typeId1 = InvalidOid;
 	Oid			typeId2 = InvalidOid;
 	bool		defined;
-	char	   *userName;
 	char		oprtype;
 
 	if (typeName1)
@@ -88,8 +87,7 @@ RemoveOperator(char *operatorName,		/* operator name */
 	if (HeapTupleIsValid(tup))
 	{
 #ifndef NO_SECURITY
-		userName = GetPgUserName();
-		if (!pg_ownercheck(userName,
+		if (!pg_ownercheck(GetUserId(),
 						   (char *) ObjectIdGetDatum(tup->t_data->t_oid),
 						   OPEROID))
 			elog(ERROR, "RemoveOperator: operator '%s': permission denied",
@@ -257,11 +255,9 @@ RemoveType(char *typeName)		/* type name to be removed */
 	HeapTuple	tup;
 	Oid			typeOid;
 	char	   *shadow_type;
-	char	   *userName;
 
 #ifndef NO_SECURITY
-	userName = GetPgUserName();
-	if (!pg_ownercheck(userName, typeName, TYPENAME))
+	if (!pg_ownercheck(GetUserId(), typeName, TYPENAME))
 		elog(ERROR, "RemoveType: type '%s': permission denied",
 			 typeName);
 #endif
@@ -318,7 +314,6 @@ RemoveFunction(char *functionName,		/* function name to be removed */
 	Relation	relation;
 	HeapTuple	tup;
 	Oid			argList[FUNC_MAX_ARGS];
-	char	   *userName;
 	char	   *typename;
 	int			i;
 
@@ -346,8 +341,7 @@ RemoveFunction(char *functionName,		/* function name to be removed */
 	}
 
 #ifndef NO_SECURITY
-	userName = GetPgUserName();
-	if (!pg_func_ownercheck(userName, functionName, nargs, argList))
+	if (!pg_func_ownercheck(GetUserId(), functionName, nargs, argList))
 	{
 		elog(ERROR, "RemoveFunction: function '%s': permission denied",
 			 functionName);
@@ -388,7 +382,6 @@ RemoveAggregate(char *aggName, char *aggType)
 {
 	Relation	relation;
 	HeapTuple	tup;
-	char	   *userName;
 	Oid			basetypeID = InvalidOid;
 	bool		defined;
 
@@ -413,8 +406,7 @@ RemoveAggregate(char *aggName, char *aggType)
 		basetypeID = 0;
 
 #ifndef NO_SECURITY
-	userName = GetPgUserName();
-	if (!pg_aggr_ownercheck(userName, aggName, basetypeID))
+	if (!pg_aggr_ownercheck(GetUserId(), aggName, basetypeID))
 	{
 		if (aggType)
 		{
diff --git a/src/backend/commands/rename.c b/src/backend/commands/rename.c
index 2daebf7c5e1..0519df323da 100644
--- a/src/backend/commands/rename.c
+++ b/src/backend/commands/rename.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/rename.c,v 1.46 2000/06/20 06:41:13 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/rename.c,v 1.47 2000/09/06 14:15:16 petere Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -53,7 +53,6 @@ void
 renameatt(char *relname,
 		  char *oldattname,
 		  char *newattname,
-		  char *userName,
 		  int recurse)
 {
 	Relation	targetrelation;
@@ -74,7 +73,7 @@ renameatt(char *relname,
 			 relname);
 #ifndef NO_SECURITY
 	if (!IsBootstrapProcessingMode() &&
-		!pg_ownercheck(userName, relname, RELNAME))
+		!pg_ownercheck(GetUserId(), relname, RELNAME))
 		elog(ERROR, "renameatt: you do not own class \"%s\"",
 			 relname);
 #endif
@@ -129,7 +128,7 @@ renameatt(char *relname,
 					NameStr(((Form_pg_class) GETSTRUCT(reltup))->relname),
 					NAMEDATALEN);
 			/* note we need not recurse again! */
-			renameatt(childname, oldattname, newattname, userName, 0);
+			renameatt(childname, oldattname, newattname, 0);
 		}
 	}
 
diff --git a/src/backend/commands/sequence.c b/src/backend/commands/sequence.c
index f528abed752..d623c0630e0 100644
--- a/src/backend/commands/sequence.c
+++ b/src/backend/commands/sequence.c
@@ -201,7 +201,7 @@ nextval(PG_FUNCTION_ARGS)
 				rescnt = 0;
 
 #ifndef NO_SECURITY
-	if (pg_aclcheck(seqname, GetPgUserName(), ACL_WR) != ACLCHECK_OK)
+	if (pg_aclcheck(seqname, GetUserId(), ACL_WR) != ACLCHECK_OK)
 		elog(ERROR, "%s.nextval: you don't have permissions to set sequence %s",
 			 seqname, seqname);
 #endif
@@ -298,7 +298,7 @@ currval(PG_FUNCTION_ARGS)
 	int32		result;
 
 #ifndef NO_SECURITY
-	if (pg_aclcheck(seqname, GetPgUserName(), ACL_RD) != ACLCHECK_OK)
+	if (pg_aclcheck(seqname, GetUserId(), ACL_RD) != ACLCHECK_OK)
 		elog(ERROR, "%s.currval: you don't have permissions to read sequence %s",
 			 seqname, seqname);
 #endif
@@ -328,7 +328,7 @@ setval(PG_FUNCTION_ARGS)
 	Form_pg_sequence seq;
 
 #ifndef NO_SECURITY
-	if (pg_aclcheck(seqname, GetPgUserName(), ACL_WR) != ACLCHECK_OK)
+	if (pg_aclcheck(seqname, GetUserId(), ACL_WR) != ACLCHECK_OK)
 		elog(ERROR, "%s.setval: you don't have permissions to set sequence %s",
 			 seqname, seqname);
 #endif
diff --git a/src/backend/commands/trigger.c b/src/backend/commands/trigger.c
index 4a63094d6e2..c2db6a93745 100644
--- a/src/backend/commands/trigger.c
+++ b/src/backend/commands/trigger.c
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1994, Regents of the University of California
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.76 2000/08/11 23:45:28 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.77 2000/09/06 14:15:16 petere Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -69,7 +69,7 @@ CreateTrigger(CreateTrigStmt *stmt)
 		elog(ERROR, "CreateTrigger: can't create trigger for system relation %s", stmt->relname);
 
 #ifndef NO_SECURITY
-	if (!pg_ownercheck(GetPgUserName(), stmt->relname, RELNAME))
+	if (!pg_ownercheck(GetUserId(), stmt->relname, RELNAME))
 		elog(ERROR, "%s: %s", stmt->relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
 #endif
 
@@ -309,7 +309,7 @@ DropTrigger(DropTrigStmt *stmt)
 	int			tgfound = 0;
 
 #ifndef NO_SECURITY
-	if (!pg_ownercheck(GetPgUserName(), stmt->relname, RELNAME))
+	if (!pg_ownercheck(GetUserId(), stmt->relname, RELNAME))
 		elog(ERROR, "%s: %s", stmt->relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
 #endif
 
diff --git a/src/backend/commands/vacuum.c b/src/backend/commands/vacuum.c
index ee0ebeb4bb7..398d002ffcd 100644
--- a/src/backend/commands/vacuum.c
+++ b/src/backend/commands/vacuum.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/vacuum.c,v 1.163 2000/07/14 22:17:42 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/vacuum.c,v 1.164 2000/09/06 14:15:16 petere Exp $
  *
 
  *-------------------------------------------------------------------------
@@ -404,7 +404,7 @@ vacuum_rel(Oid relid, bool analyze, bool is_toastrel)
 	toast_relid = onerel->rd_rel->reltoastrelid;
 
 #ifndef NO_SECURITY
-	if (!pg_ownercheck(GetPgUserName(), RelationGetRelationName(onerel),
+	if (!pg_ownercheck(GetUserId(), RelationGetRelationName(onerel),
 					   RELNAME))
 	{
 		elog(NOTICE, "Skipping \"%s\" --- only table owner can VACUUM it",