diff options
| author | Joe Conway <mail@joeconway.com> | 2022-03-28 15:10:04 -0400 |
|---|---|---|
| committer | Joe Conway <mail@joeconway.com> | 2022-03-28 15:10:04 -0400 |
| commit | 6198420ad8a72e37f4fe4964616b17e0fd33b808 (patch) | |
| tree | 48b9bf9c3997840958f3290ff8a1a2330a5b55b8 /src/backend/utils/misc | |
| parent | 79de9842ab03259325ee4055fb0a7ebd2e4372ff (diff) | |
| download | postgresql-6198420ad8a72e37f4fe4964616b17e0fd33b808.tar.gz postgresql-6198420ad8a72e37f4fe4964616b17e0fd33b808.zip | |
Use has_privs_for_roles for predefined role checks
Generally if a role is granted membership to another role with NOINHERIT
they must use SET ROLE to access the privileges of that role, however
with predefined roles the membership and privilege is conflated. Fix that
by replacing is_member_of_role with has_privs_for_role for predefined
roles. Patch does not remove is_member_of_role from acl.h, but it does
add a warning not to use that function for privilege checking. Not
backpatched based on hackers list discussion.
Author: Joshua Brindle
Reviewed-by: Stephen Frost, Nathan Bossart, Joe Conway
Discussion: https://postgr.es/m/flat/CAGB+Vh4Zv_TvKt2tv3QNS6tUM_F_9icmuj0zjywwcgVi4PAhFA@mail.gmail.com
Diffstat (limited to 'src/backend/utils/misc')
| -rw-r--r-- | src/backend/utils/misc/guc.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index b86137dc385..eb3a03b9762 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -8228,10 +8228,10 @@ GetConfigOption(const char *name, bool missing_ok, bool restrict_privileged) return NULL; if (restrict_privileged && (record->flags & GUC_SUPERUSER_ONLY) && - !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)) + !has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - errmsg("must be superuser or a member of pg_read_all_settings to examine \"%s\"", + errmsg("must be superuser or have privileges of pg_read_all_settings to examine \"%s\"", name))); switch (record->vartype) @@ -8275,10 +8275,10 @@ GetConfigOptionResetString(const char *name) record = find_option(name, false, false, ERROR); Assert(record != NULL); if ((record->flags & GUC_SUPERUSER_ONLY) && - !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)) + !has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - errmsg("must be superuser or a member of pg_read_all_settings to examine \"%s\"", + errmsg("must be superuser or have privileges of pg_read_all_settings to examine \"%s\"", name))); switch (record->vartype) @@ -9566,7 +9566,7 @@ ShowAllGUCConfig(DestReceiver *dest) if ((conf->flags & GUC_NO_SHOW_ALL) || ((conf->flags & GUC_SUPERUSER_ONLY) && - !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS))) + !has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS))) continue; /* assign to the values array */ @@ -9633,7 +9633,7 @@ get_explain_guc_options(int *num) /* return only options visible to the current user */ if ((conf->flags & GUC_NO_SHOW_ALL) || ((conf->flags & GUC_SUPERUSER_ONLY) && - !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS))) + !has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS))) continue; /* return only options that are different from their boot values */ @@ -9715,10 +9715,10 @@ GetConfigOptionByName(const char *name, const char **varname, bool missing_ok) } if ((record->flags & GUC_SUPERUSER_ONLY) && - !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)) + !has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - errmsg("must be superuser or a member of pg_read_all_settings to examine \"%s\"", + errmsg("must be superuser or have privileges of pg_read_all_settings to examine \"%s\"", name))); if (varname) @@ -9785,7 +9785,7 @@ GetConfigOptionByNum(int varnum, const char **values, bool *noshow) { if ((conf->flags & GUC_NO_SHOW_ALL) || ((conf->flags & GUC_SUPERUSER_ONLY) && - !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS))) + !has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS))) *noshow = true; else *noshow = false; @@ -9980,7 +9980,7 @@ GetConfigOptionByNum(int varnum, const char **values, bool *noshow) * insufficiently-privileged users. */ if (conf->source == PGC_S_FILE && - is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)) + has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)) { values[14] = conf->sourcefile; snprintf(buffer, sizeof(buffer), "%d", conf->sourceline); |