Allow non-superuser database owners to create procedural languages.

A DBA is allowed to create a language in his database if it's marked
"tmpldbacreate" in pg_pltemplate.  The factory default is that this is set
for all standard trusted languages, but of course a superuser may adjust
the settings.  In service of this, add the long-foreseen owner column to
pg_language; renaming, dropping, and altering owner of a PL now follow
normal ownership rules instead of being superuser-only.
Jeremy Drake, with some editorialization by Tom Lane.

Author: tglsfdc

doc/src/sgml/catalogs.sgml

@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/catalogs.sgml,v 2.147 2007/03/22 15:46:56 momjian Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/catalogs.sgml,v 2.148 2007/03/26 16:58:37 tgl Exp $ -->
 <!--
  Documentation of the system catalogs, directed toward PostgreSQL developers
  -->
@@ -2655,6 +2655,13 @@
       <entry>Name of the language</entry>
      </row>
 
+     <row>
+      <entry><structfield>lanowner</structfield></entry>
+      <entry><type>oid</type></entry>
+      <entry><literal><link linkend="catalog-pg-authid"><structname>pg_authid</structname></link>.oid</literal></entry>
+      <entry>Owner of the language</entry>
+     </row>
+
      <row>
       <entry><structfield>lanispl</structfield></entry>
       <entry><type>bool</type></entry>
@@ -3265,7 +3272,7 @@
   <table>
    <title><structname>pg_pltemplate</> Columns</title>
 
-   <tgroup cols=4>
+   <tgroup cols=3>
     <thead>
      <row>
       <entry>Name</entry>
@@ -3287,6 +3294,12 @@
       <entry>True if language is considered trusted</entry>
      </row>
 
+     <row>
+      <entry><structfield>tmpldbacreate</structfield></entry>
+      <entry><type>boolean</type></entry>
+      <entry>True if language may be created by a database owner</entry>
+     </row>
+
      <row>
       <entry><structfield>tmplhandler</structfield></entry>
       <entry><type>text</type></entry>

doc/src/sgml/ref/alter_language.sgml

@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/alter_language.sgml,v 1.6 2006/09/16 00:30:16 momjian Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/alter_language.sgml,v 1.7 2007/03/26 16:58:38 tgl Exp $
 PostgreSQL documentation
 -->
 
@@ -20,7 +20,8 @@ PostgreSQL documentation
 
  <refsynopsisdiv>
 <synopsis>
-ALTER LANGUAGE <replaceable>name</replaceable> RENAME TO <replaceable>newname</replaceable>
+ALTER [ PROCEDURAL ] LANGUAGE <replaceable>name</replaceable> RENAME TO <replaceable>newname</replaceable>
+ALTER [ PROCEDURAL ] LANGUAGE <replaceable>name</replaceable> OWNER TO <replaceable>new_owner</replaceable>
 </synopsis>
  </refsynopsisdiv>
 
@@ -29,8 +30,9 @@ ALTER LANGUAGE <replaceable>name</replaceable> RENAME TO <replaceable>newname</r
 
   <para>
    <command>ALTER LANGUAGE</command> changes the definition of a
-   language.  The only functionality is to rename the language.  Only
-   a superuser can rename languages.
+   procedural language.  The only functionality is to rename the language or
+   assign a new owner.  You must be superuser or owner of the language to
+   use <command>ALTER LANGUAGE</command>.
   </para>
  </refsect1>
 
@@ -55,6 +57,15 @@ ALTER LANGUAGE <replaceable>name</replaceable> RENAME TO <replaceable>newname</r
      </para>
     </listitem>
    </varlistentry>
+
+   <varlistentry>
+    <term><replaceable>new_owner</replaceable></term>
+    <listitem>
+     <para>
+      The new owner of the language
+     </para>
+    </listitem>
+   </varlistentry>
   </variablelist>
  </refsect1>
 

doc/src/sgml/ref/create_language.sgml

@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/create_language.sgml,v 1.43 2007/01/31 23:26:03 momjian Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/create_language.sgml,v 1.44 2007/03/26 16:58:38 tgl Exp $
 PostgreSQL documentation
 -->
 
@@ -34,9 +34,7 @@ CREATE [ TRUSTED ] [ PROCEDURAL ] LANGUAGE <replaceable class="parameter">name</
    <productname>PostgreSQL</productname> user can register a new
    procedural language with a <productname>PostgreSQL</productname>
    database.  Subsequently, functions and trigger procedures can be
-   defined in this new language.  The user must have the
-   <productname>PostgreSQL</productname> superuser privilege to
-   register a new language.
+   defined in this new language.
   </para>
 
   <para>
@@ -64,6 +62,20 @@ CREATE [ TRUSTED ] [ PROCEDURAL ] LANGUAGE <replaceable class="parameter">name</
    old dump files, which are likely to contain out-of-date information
    about language support functions.
   </para>
+
+  <para>
+   Ordinarily, the user must have the
+   <productname>PostgreSQL</productname> superuser privilege to
+   register a new language.  However, the owner of a database can register
+   a new language within that database if the language is listed in
+   the <structname>pg_pltemplate</structname> catalog and is marked
+   as allowed to be created by database owners (<structfield>tmpldbacreate</>
+   is true).  The default is that trusted languages can be created
+   by database owners, but this can be adjusted by superusers by modifying
+   the contents of <structname>pg_pltemplate</structname>.
+   The creator of a language becomes its owner and can later
+   drop it, rename it, or assign it to a new owner.
+  </para>
  </refsect1>
 
  <refsect1 id="sql-createlanguage-parameters">

doc/src/sgml/ref/drop_language.sgml

@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/drop_language.sgml,v 1.24 2007/01/31 23:26:03 momjian Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/drop_language.sgml,v 1.25 2007/03/26 16:58:38 tgl Exp $
 PostgreSQL documentation
 -->
 
@@ -31,6 +31,8 @@ DROP [ PROCEDURAL ] LANGUAGE [ IF EXISTS ] <replaceable class="PARAMETER">name</
    <command>DROP LANGUAGE</command> will remove the definition
    of the previously registered procedural language called
    <replaceable class="parameter">name</replaceable>.
+   You must be superuser or owner of the language to
+   use <command>DROP LANGUAGE</command>.
   </para>
  </refsect1>
 
@@ -43,7 +45,7 @@ DROP [ PROCEDURAL ] LANGUAGE [ IF EXISTS ] <replaceable class="PARAMETER">name</
     <term><literal>IF EXISTS</literal></term>
     <listitem>
      <para>
-      Do not throw an error if the function does not exist. A notice is issued 
+      Do not throw an error if the language does not exist. A notice is issued 
       in this case.
      </para>
     </listitem>

src/backend/catalog/aclchk.c

@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.137 2007/02/14 01:58:56 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/catalog/aclchk.c,v 1.138 2007/03/26 16:58:38 tgl Exp $
  *
  * NOTES
  *	  See acl.h.
@@ -1003,11 +1003,8 @@ ExecGrant_Language(InternalGrant *istmt)
 		/*
 		 * Get owner ID and working copy of existing ACL. If there's no ACL,
 		 * substitute the proper default.
-		 *
-		 * Note: for now, languages are treated as owned by the bootstrap
-		 * user. We should add an owner column to pg_language instead.
 		 */
-		ownerId = BOOTSTRAP_SUPERUSERID;
+		ownerId = pg_language_tuple->lanowner;
 		aclDatum = SysCacheGetAttr(LANGNAME, tuple, Anum_pg_language_lanacl,
 								   &isNull);
 		if (isNull)
@@ -1770,8 +1767,7 @@ pg_language_aclmask(Oid lang_oid, Oid roleid,
 				(errcode(ERRCODE_UNDEFINED_OBJECT),
 				 errmsg("language with OID %u does not exist", lang_oid)));
 
-	/* XXX pg_language should have an owner column, but doesn't */
-	ownerId = BOOTSTRAP_SUPERUSERID;
+	ownerId = ((Form_pg_language) GETSTRUCT(tuple))->lanowner;
 
 	aclDatum = SysCacheGetAttr(LANGOID, tuple, Anum_pg_language_lanacl,
 							   &isNull);
@@ -2147,6 +2143,34 @@ pg_proc_ownercheck(Oid proc_oid, Oid roleid)
 	return has_privs_of_role(roleid, ownerId);
 }
 
+/*
+ * Ownership check for a procedural language (specified by OID)
+ */
+bool
+pg_language_ownercheck(Oid lan_oid, Oid roleid)
+{
+	HeapTuple	tuple;
+	Oid			ownerId;
+
+	/* Superusers bypass all permission checking. */
+	if (superuser_arg(roleid))
+		return true;
+
+	tuple = SearchSysCache(LANGOID,
+						   ObjectIdGetDatum(lan_oid),
+						   0, 0, 0);
+	if (!HeapTupleIsValid(tuple))
+		ereport(ERROR,
+				(errcode(ERRCODE_UNDEFINED_FUNCTION),
+				 errmsg("language with OID %u does not exist", lan_oid)));
+
+	ownerId = ((Form_pg_language) GETSTRUCT(tuple))->lanowner;
+
+	ReleaseSysCache(tuple);
+
+	return has_privs_of_role(roleid, ownerId);
+}
+
 /*
  * Ownership check for a namespace (specified by OID).
  */

src/backend/commands/alter.c

@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/commands/alter.c,v 1.22 2007/01/23 05:07:17 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/commands/alter.c,v 1.23 2007/03/26 16:58:38 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -203,6 +203,10 @@ ExecAlterOwnerStmt(AlterOwnerStmt *stmt)
 			AlterFunctionOwner(stmt->object, stmt->objarg, newowner);
 			break;
 
+		case OBJECT_LANGUAGE:
+			AlterLanguageOwner((char *) linitial(stmt->object), newowner);
+			break;
+
 		case OBJECT_OPERATOR:
 			Assert(list_length(stmt->objarg) == 2);
 			AlterOperatorOwner(stmt->object,