From c5eaa67a3d487327fd373f19f94c8d18783da08c Mon Sep 17 00:00:00 2001 From: Joshua Brindle Date: Wed, 27 Oct 2021 08:14:14 -0700 Subject: [PATCH] unexport is_member_of_role(), add can_set_role() is_member_of_role should not be used for privilege checking, so to avoid that remove it from the acl header. The only remaining usage is for SET ROLE in variable.c where membership is the legitimate check, so a new exported explicetly named can_set_role() is added in it's place. Signed-off-by: Joshua Brindle --- src/backend/commands/variable.c | 2 +- src/backend/utils/adt/acl.c | 17 +++++++++++++++++ src/include/utils/acl.h | 2 +- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c index 0c85679420c..04f56e42872 100644 --- a/src/backend/commands/variable.c +++ b/src/backend/commands/variable.c @@ -881,7 +881,7 @@ check_role(char **newval, void **extra, GucSource source) * leader's state. */ if (!InitializingParallelWorker && - !is_member_of_role(GetSessionUserId(), roleid)) + !can_set_role(GetSessionUserId(), roleid)) { if (source == PGC_S_TEST) { diff --git a/src/backend/utils/adt/acl.c b/src/backend/utils/adt/acl.c index 67f8b29434a..d638eb35e3c 100644 --- a/src/backend/utils/adt/acl.c +++ b/src/backend/utils/adt/acl.c @@ -72,6 +72,7 @@ static List *cached_roles[] = {NIL, NIL}; static uint32 cached_db_hash; +static bool is_member_of_role(Oid member, Oid role); static const char *getid(const char *s, char *n); static void putid(char *p, const char *s); static Acl *allocacl(int n); @@ -4859,11 +4860,25 @@ has_privs_of_role(Oid member, Oid role) role); } +/* + * can_set_role + * + * Identical to is_member_of_role but exported for the sole use by check_role() + * for checking SET ROLE + * + */ +bool +can_set_role(Oid member, Oid role) +{ + return is_member_of_role(member, role); +} /* * Is member a member of role (directly or indirectly)? * * This is defined to recurse through roles regardless of rolinherit. + * + * Do not use this for privilege checking, instead use has_privs_of_role() */ bool is_member_of_role(Oid member, Oid role) @@ -4904,6 +4919,8 @@ check_is_member_of_role(Oid member, Oid role) * * This is identical to is_member_of_role except we ignore superuser * status. + * + * Do not use this for privilege checking, instead use has_privs_of_role() */ bool is_member_of_role_nosuper(Oid member, Oid role) diff --git a/src/include/utils/acl.h b/src/include/utils/acl.h index af771c901d1..bdbbc43b697 100644 --- a/src/include/utils/acl.h +++ b/src/include/utils/acl.h @@ -206,7 +206,7 @@ extern AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, extern int aclmembers(const Acl *acl, Oid **roleids); extern bool has_privs_of_role(Oid member, Oid role); -extern bool is_member_of_role(Oid member, Oid role); +extern bool can_set_role(Oid member, Oid role); extern bool is_member_of_role_nosuper(Oid member, Oid role); extern bool is_admin_of_role(Oid member, Oid role); extern void check_is_member_of_role(Oid member, Oid role); -- 2.31.1