Skip to content

Commit c3d8de0

Browse files
tglsfdctglsfdc
committed
Disregard superuserness when checking to see if a role GRANT would
create circularity of role memberships. This is a minimum-impact fix for the problem reported by Florian Pflug. I thought about removing the superuser_arg test from is_member_of_role() altogether, as it seems redundant for many of the callers --- but not all, and it's way too late in the 8.1 cycle to be making large changes. Perhaps reconsider this later.
1 parent e47ea05 commit c3d8de0

File tree

3 files changed

+27
-5
lines changed

3 files changed

+27
-5
lines changed

src/backend/commands/user.c

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
* Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
77
* Portions Copyright (c) 1994, Regents of the University of California
88
*
9-
* $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.163 2005/10/29 00:31:51 petere Exp $
9+
* $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.164 2005/11/04 17:25:15 tgl Exp $
1010
*
1111
*-------------------------------------------------------------------------
1212
*/
@@ -1214,9 +1214,10 @@ AddRoleMems(const char *rolename, Oid roleid,
12141214
* Refuse creation of membership loops, including the trivial case
12151215
* where a role is made a member of itself. We do this by checking to
12161216
* see if the target role is already a member of the proposed member
1217-
* role.
1217+
* role. We have to ignore possible superuserness, however, else we
1218+
* could never grant membership in a superuser-privileged role.
12181219
*/
1219-
if (is_member_of_role(roleid, memberid))
1220+
if (is_member_of_role_nosuper(roleid, memberid))
12201221
ereport(ERROR,
12211222
(errcode(ERRCODE_INVALID_GRANT_OPERATION),
12221223
(errmsg("role \"%s\" is a member of role \"%s\"",

src/backend/utils/adt/acl.c

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.126 2005/10/15 02:49:27 momjian Exp $
11+
* $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.127 2005/11/04 17:25:15 tgl Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -3067,6 +3067,26 @@ check_is_member_of_role(Oid member, Oid role)
30673067
GetUserNameFromId(role))));
30683068
}
30693069

3070+
/*
3071+
* Is member a member of role, not considering superuserness?
3072+
*
3073+
* This is identical to is_member_of_role except we ignore superuser
3074+
* status.
3075+
*/
3076+
bool
3077+
is_member_of_role_nosuper(Oid member, Oid role)
3078+
{
3079+
/* Fast path for simple case */
3080+
if (member == role)
3081+
return true;
3082+
3083+
/*
3084+
* Find all the roles that member is a member of, including multi-level
3085+
* recursion, then see if target role is any one of them.
3086+
*/
3087+
return list_member_oid(roles_is_member_of(member), role);
3088+
}
3089+
30703090

30713091
/*
30723092
* Is member an admin of role (directly or indirectly)? That is, is it

src/include/utils/acl.h

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
* Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
88
* Portions Copyright (c) 1994, Regents of the University of California
99
*
10-
* $PostgreSQL: pgsql/src/include/utils/acl.h,v 1.85 2005/10/15 02:49:46 momjian Exp $
10+
* $PostgreSQL: pgsql/src/include/utils/acl.h,v 1.86 2005/11/04 17:25:15 tgl Exp $
1111
*
1212
* NOTES
1313
* An ACL array is simply an array of AclItems, representing the union
@@ -212,6 +212,7 @@ extern int aclmembers(const Acl *acl, Oid **roleids);
212212

213213
extern bool has_privs_of_role(Oid member, Oid role);
214214
extern bool is_member_of_role(Oid member, Oid role);
215+
extern bool is_member_of_role_nosuper(Oid member, Oid role);
215216
extern bool is_admin_of_role(Oid member, Oid role);
216217
extern void check_is_member_of_role(Oid member, Oid role);
217218

0 commit comments

Comments
 (0)