NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit6198420

committed

Use has_privs_for_roles for predefined role checks

Generally if a role is granted membership to another role with NOINHERITthey must use SET ROLE to access the privileges of that role, howeverwith predefined roles the membership and privilege is conflated. Fix thatby replacing is_member_of_role with has_privs_for_role for predefinedroles. Patch does not remove is_member_of_role from acl.h, but it doesadd a warning not to use that function for privilege checking. Notbackpatched based on hackers list discussion.Author: Joshua BrindleReviewed-by: Stephen Frost, Nathan Bossart, Joe ConwayDiscussion:https://postgr.es/m/flat/CAGB+Vh4Zv_TvKt2tv3QNS6tUM_F_9icmuj0zjywwcgVi4PAhFA@mail.gmail.com

1 parent79de984 commit6198420Copy full SHA for 6198420

File tree

23 files changed

+68

-64

lines changed

contrib
- adminpack
  - adminpack.c
- file_fdw
  - expected
    - file_fdw.out
  - file_fdw.c
- pg_stat_statements
  - pg_stat_statements.c
- pgrowlocks
  - pgrowlocks.c
doc/src/sgml
src
- backend
  - commands
    - copy.c
  - replication
    - walreceiver.c
    - walsender.c
  - utils
    - adt
    - misc
      - guc.c
- test/modules/unsafe_tests/expected
  - rolenames.out

23 files changed

+68

-64

lines changed

`‎contrib/adminpack/adminpack.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -79,7 +79,7 @@ convert_and_check_filename(text *arg)`
`79`	`79`	`* files on the server as the PG user, so no need to do any further checks`
`80`	`80`	`* here.`
`81`	`81`	`*/`
`82`		`-if (is_member_of_role(GetUserId(),ROLE_PG_WRITE_SERVER_FILES))`
	`82`	`+if (has_privs_of_role(GetUserId(),ROLE_PG_WRITE_SERVER_FILES))`
`83`	`83`	`returnfilename;`
`84`	`84`
`85`	`85`	`/*`

`‎contrib/file_fdw/expected/file_fdw.out`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -459,7 +459,7 @@ ALTER FOREIGN TABLE agg_text OWNER TO regress_file_fdw_user;`
`459`	`459`	`ALTER FOREIGN TABLE agg_text OPTIONS (SET format 'text');`
`460`	`460`	`SET ROLE regress_file_fdw_user;`
`461`	`461`	`ALTER FOREIGN TABLE agg_text OPTIONS (SET format 'text');`
`462`		`-ERROR: only superuser or amember of the pg_read_server_files role may specify the filename option of a file_fdw foreign table`
	`462`	`+ERROR: only superuser or arole with privileges of the pg_read_server_files role may specify the filename option of a file_fdw foreign table`
`463`	`463`	`SET ROLE regress_file_fdw_superuser;`
`464`	`464`	`-- cleanup`
`465`	`465`	`RESET ROLE;`

`‎contrib/file_fdw/file_fdw.c`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -269,16 +269,16 @@ file_fdw_validator(PG_FUNCTION_ARGS)`
`269`	`269`	`* otherwise there'd still be a security hole.`
`270`	`270`	`*/`
`271`	`271`	`if (strcmp(def->defname,"filename")==0&&`
`272`		`-!is_member_of_role(GetUserId(),ROLE_PG_READ_SERVER_FILES))`
	`272`	`+!has_privs_of_role(GetUserId(),ROLE_PG_READ_SERVER_FILES))`
`273`	`273`	`ereport(ERROR,`
`274`	`274`	`(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
`275`		`-errmsg("only superuser or amember of the pg_read_server_files role may specify the filename option of a file_fdw foreign table")));`
	`275`	`+errmsg("only superuser or arole with privileges of the pg_read_server_files role may specify the filename option of a file_fdw foreign table")));`
`276`	`276`
`277`	`277`	`if (strcmp(def->defname,"program")==0&&`
`278`		`-!is_member_of_role(GetUserId(),ROLE_PG_EXECUTE_SERVER_PROGRAM))`
	`278`	`+!has_privs_of_role(GetUserId(),ROLE_PG_EXECUTE_SERVER_PROGRAM))`
`279`	`279`	`ereport(ERROR,`
`280`	`280`	`(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
`281`		`-errmsg("only superuser or amember of the pg_execute_server_program role may specify the program option of a file_fdw foreign table")));`
	`281`	`+errmsg("only superuser or arole with privileges of the pg_execute_server_program role may specify the program option of a file_fdw foreign table")));`
`282`	`282`
`283`	`283`	`filename=defGetString(def);`
`284`	`284`	`}`

`‎contrib/pg_stat_statements/pg_stat_statements.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1503,8 +1503,8 @@ pg_stat_statements_internal(FunctionCallInfo fcinfo,`
`1503`	`1503`	`HASH_SEQ_STATUShash_seq;`
`1504`	`1504`	`pgssEntry*entry;`
`1505`	`1505`
`1506`		`-/* Superusers ormembers of pg_read_all_stats members are allowed */`
`1507`		`-is_allowed_role=is_member_of_role(userid,ROLE_PG_READ_ALL_STATS);`
	`1506`	`+/* Superusers orroles with the privileges of pg_read_all_stats members are allowed */`
	`1507`	`+is_allowed_role=has_privs_of_role(userid,ROLE_PG_READ_ALL_STATS);`
`1508`	`1508`
`1509`	`1509`	`/* hash table must exist already */`
`1510`	`1510`	`if (!pgss\|\| !pgss_hash)`

`‎contrib/pgrowlocks/pgrowlocks.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -104,7 +104,7 @@ pgrowlocks(PG_FUNCTION_ARGS)`
`104`	`104`	`aclresult=pg_class_aclcheck(RelationGetRelid(rel),GetUserId(),`
`105`	`105`	`ACL_SELECT);`
`106`	`106`	`if (aclresult!=ACLCHECK_OK)`
`107`		`-aclresult=is_member_of_role(GetUserId(),ROLE_PG_STAT_SCAN_TABLES) ?ACLCHECK_OK :ACLCHECK_NO_PRIV;`
	`107`	`+aclresult=has_privs_of_role(GetUserId(),ROLE_PG_STAT_SCAN_TABLES) ?ACLCHECK_OK :ACLCHECK_NO_PRIV;`
`108`	`108`
`109`	`109`	`if (aclresult!=ACLCHECK_OK)`
`110`	`110`	`aclcheck_error(aclresult,get_relkind_objtype(rel->rd_rel->relkind),`

`‎doc/src/sgml/adminpack.sgml`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -22,9 +22,9 @@`
`22`	`22`	`functions in <xref linkend="functions-admin-genfile-table"/>, which`
`23`	`23`	`provide read-only access.)`
`24`	`24`	`Only files within the database cluster directory can be accessed, unless the`
`25`		`- user is a superuser or given one of the pg_read_server_files,or pg_write_server_files`
`26`		`- roles, as appropriate for the function, but either a relative or absolute path is`
`27`		`- allowable.`
	`25`	`+ user is a superuser or givenprivileges ofone of the pg_read_server_files,`
	`26`	`+or pg_write_server_filesroles, as appropriate for the function, but either a`
	`27`	`+relative or absolute path isallowable.`
`28`	`28`	`</para>`
`29`	`29`
`30`	`30`	`<table id="functions-adminpack-table">`

`‎doc/src/sgml/catalogs.sgml`

Lines changed: 6 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -10044,8 +10044,8 @@ SCRAM-SHA-256$<replaceable><iteration count></replaceable>:<replaceable>&l`
`10044`	`10044`
`10045`	`10045`	`<para>`
`10046`	`10046`	`By default, the <structname>pg_backend_memory_contexts</structname> view can be`
`10047`		`- read only by superusers ormembers of the<literal>pg_read_all_stats</literal>`
`10048`		`- role.`
	`10047`	`+ read only by superusers orroles with theprivileges of the`
	`10048`	`+<literal>pg_read_all_stats</literal>role.`
`10049`	`10049`	`</para>`
`10050`	`10050`	`</sect1>`
`10051`	`10051`
`@@ -12552,7 +12552,7 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx`
`12552`	`12552`	`<para>`
`12553`	`12553`	`Configuration file the current value was set in (null for`
`12554`	`12554`	`values set from sources other than configuration files, or when`
`12555`		`- examined by a user whoisneither a superuseror a member of`
	`12555`	`+ examined by a user who neitherisa superusernor has privileges of`
`12556`	`12556`	`<literal>pg_read_all_settings</literal>); helpful when using`
`12557`	`12557`	`<literal>include</literal> directives in configuration files`
`12558`	`12558`	`</para></entry>`
`@@ -12565,7 +12565,7 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx`
`12565`	`12565`	`<para>`
`12566`	`12566`	`Line number within the configuration file the current value was`
`12567`	`12567`	`set at (null for values set from sources other than configuration files,`
`12568`		`- or when examined by a user whoisneither a superuseror a member of`
	`12568`	`+ or when examined by a user who neitherisa superusernor has privileges of`
`12569`	`12569`	`<literal>pg_read_all_settings</literal>).`
`12570`	`12570`	`</para></entry>`
`12571`	`12571`	`</row>`
`@@ -12941,8 +12941,8 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx`
`12941`	`12941`
`12942`	`12942`	`<para>`
`12943`	`12943`	`By default, the <structname>pg_shmem_allocations</structname> view can be`
`12944`		`- read only by superusers ormembersof the <literal>pg_read_all_stats</literal>`
`12945`		`- role.`
	`12944`	`+ read only by superusers orroles with privilegesof the`
	`12945`	`+<literal>pg_read_all_stats</literal>role.`
`12946`	`12946`	`</para>`
`12947`	`12947`	`</sect1>`
`12948`	`12948`

`‎doc/src/sgml/func.sgml`

Lines changed: 6 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -25435,7 +25435,7 @@ SELECT collation for ('foo' COLLATE "de_DE");`
`25435`	`25435`	`Cancels the current query of the session whose backend process has the`
`25436`	`25436`	`specified process ID. This is also allowed if the`
`25437`	`25437`	`calling role is a member of the role whose backend is being canceled or`
`25438`		`- the calling role hasbeen granted <literal>pg_signal_backend</literal>,`
	`25438`	`+ the calling role hasprivileges of <literal>pg_signal_backend</literal>,`
`25439`	`25439`	`however only superusers can cancel superuser backends.`
`25440`	`25440`	`</para></entry>`
`25441`	`25441`	`</row>`
`@@ -25508,7 +25508,7 @@ SELECT collation for ('foo' COLLATE "de_DE");`
`25508`	`25508`	`Terminates the session whose backend process has the`
`25509`	`25509`	`specified process ID. This is also allowed if the calling role`
`25510`	`25510`	`is a member of the role whose backend is being terminated or the`
`25511`		`- calling role hasbeen granted <literal>pg_signal_backend</literal>,`
	`25511`	`+ calling role hasprivileges of <literal>pg_signal_backend</literal>,`
`25512`	`25512`	`however only superusers can terminate superuser backends.`
`25513`	`25513`	`</para>`
`25514`	`25514`	`<para>`
`@@ -26783,7 +26783,7 @@ postgres=# SELECT * FROM pg_walfile_name_offset(pg_stop_backup());`
`26783`	`26783`	`Computes the total disk space used by the database with the specified`
`26784`	`26784`	`name or OID. To use this function, you must`
`26785`	`26785`	`have <literal>CONNECT</literal> privilege on the specified database`
`26786`		`- (which is granted by default) orbe a member of`
	`26786`	`+ (which is granted by default) orhave privileges of`
`26787`	`26787`	`the <literal>pg_read_all_stats</literal> role.`
`26788`	`26788`	`</para></entry>`
`26789`	`26789`	`</row>`
`@@ -26913,7 +26913,7 @@ postgres=# SELECT * FROM pg_walfile_name_offset(pg_stop_backup());`
`26913`	`26913`	`Computes the total disk space used in the tablespace with the`
`26914`	`26914`	`specified name or OID. To use this function, you must`
`26915`	`26915`	`have <literal>CREATE</literal> privilege on the specified tablespace`
`26916`		`- orbe a member of the <literal>pg_read_all_stats</literal> role,`
	`26916`	`+ orhave privileges of the <literal>pg_read_all_stats</literal> role,`
`26917`	`26917`	`unless it is the default tablespace for the current database.`
`26918`	`26918`	`</para></entry>`
`26919`	`26919`	`</row>`
`@@ -27392,7 +27392,7 @@ SELECT pg_size_pretty(sum(pg_relation_size(relid))) AS total_size`
`27392`	`27392`	`a dot, directories, and other special files are excluded.`
`27393`	`27393`	`</para>`
`27394`	`27394`	`<para>`
`27395`		`- This function is restricted to superusers andmembers of`
	`27395`	`+ This function is restricted to superusers androles with privileges of`
`27396`	`27396`	`the <literal>pg_monitor</literal> role by default, but other users can`
`27397`	`27397`	`be granted EXECUTE to run the function.`
`27398`	`27398`	`</para></entry>`
`@@ -27416,7 +27416,7 @@ SELECT pg_size_pretty(sum(pg_relation_size(relid))) AS total_size`
`27416`	`27416`	`are excluded.`
`27417`	`27417`	`</para>`
`27418`	`27418`	`<para>`
`27419`		`- This function is restricted to superusers andmembers of`
	`27419`	`+ This function is restricted to superusers androles with privileges of`
`27420`	`27420`	`the <literal>pg_monitor</literal> role by default, but other users can`
`27421`	`27421`	`be granted EXECUTE to run the function.`
`27422`	`27422`	`</para></entry>`

`‎doc/src/sgml/monitoring.sgml`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -280,7 +280,7 @@ postgres 27093 0.0 0.0 30096 2752 ? Ss 11:34 0:00 postgres: ser`
`280`	`280`	`(sessions belonging to a role that they are a member of). In rows about`
`281`	`281`	`other sessions, many columns will be null. Note, however, that the`
`282`	`282`	`existence of a session and its general properties such as its sessions user`
`283`		`- and database are visible to all users. Superusers andmembers of the`
	`283`	`+ and database are visible to all users. Superusers androles with privileges of`
`284`	`284`	`built-in role <literal>pg_read_all_stats</literal> (see also <xref`
`285`	`285`	`linkend="predefined-roles"/>) can see all the information about all sessions.`
`286`	`286`	`</para>`

`‎doc/src/sgml/pgbuffercache.sgml`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@`
`24`	`24`	`</para>`
`25`	`25`
`26`	`26`	`<para>`
`27`		`- By default, use is restricted to superusers andmembers of the`
	`27`	`+ By default, use is restricted to superusers androles with privileges of the`
`28`	`28`	`<literal>pg_monitor</literal> role. Access may be granted to others`
`29`	`29`	`using <command>GRANT</command>.`
`30`	`30`	`</para>`

`‎doc/src/sgml/pgfreespacemap.sgml`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@`
`16`	`16`	`</para>`
`17`	`17`
`18`	`18`	`<para>`
`19`		`- By default use is restricted to superusers andmembers of the`
	`19`	`+ By default use is restricted to superusers androles with privileges of the`
`20`	`20`	`<literal>pg_stat_scan_tables</literal> role. Access may be granted to others`
`21`	`21`	`using <command>GRANT</command>.`
`22`	`22`	`</para>`

`‎doc/src/sgml/pgrowlocks.sgml`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@`
`13`	`13`	`</para>`
`14`	`14`
`15`	`15`	`<para>`
`16`		`- By default use is restricted to superusers,members of the`
	`16`	`+ By default use is restricted to superusers,roles with privileges of the`
`17`	`17`	`<literal>pg_stat_scan_tables</literal> role, and users with`
`18`	`18`	`<literal>SELECT</literal> permissions on the table.`
`19`	`19`	`</para>`

`‎doc/src/sgml/pgstatstatements.sgml`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -384,7 +384,7 @@`
`384`	`384`	`</table>`
`385`	`385`
`386`	`386`	`<para>`
`387`		`- For security reasons, only superusers andmembers of the`
	`387`	`+ For security reasons, only superusers androles with privileges of the`
`388`	`388`	`<literal>pg_read_all_stats</literal> role are allowed to see the SQL text and`
`389`	`389`	`<structfield>queryid</structfield> of queries executed by other users.`
`390`	`390`	`Other users can see the statistics, however, if the view has been installed`

`‎doc/src/sgml/pgvisibility.sgml`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -140,8 +140,8 @@`
`140`	`140`	`</variablelist>`
`141`	`141`
`142`	`142`	`<para>`
`143`		`- By default, these functions are executable only by superusers andmembers of the`
`144`		`- <literal>pg_stat_scan_tables</literal> role, with the exception of`
	`143`	`+ By default, these functions are executable only by superusers androles with privileges`
	`144`	`+of the<literal>pg_stat_scan_tables</literal> role, with the exception of`
`145`	`145`	`<function>pg_truncate_visibility_map(relation regclass)</function> which can only`
`146`	`146`	`be executed by superusers.`
`147`	`147`	`</para>`

`‎src/backend/commands/copy.c`

Lines changed: 6 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -80,26 +80,26 @@ DoCopy(ParseState pstate, const CopyStmt stmt,`
`80`	`80`	`{`
`81`	`81`	`if (stmt->is_program)`
`82`	`82`	`{`
`83`		`-if (!is_member_of_role(GetUserId(),ROLE_PG_EXECUTE_SERVER_PROGRAM))`
	`83`	`+if (!has_privs_of_role(GetUserId(),ROLE_PG_EXECUTE_SERVER_PROGRAM))`
`84`	`84`	`ereport(ERROR,`
`85`	`85`	`(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
`86`		`-errmsg("must be superuser ora member of the pg_execute_server_program role to COPY to or from an external program"),`
	`86`	`+errmsg("must be superuser orhave privileges of the pg_execute_server_program role to COPY to or from an external program"),`
`87`	`87`	`errhint("Anyone can COPY to stdout or from stdin. "`
`88`	`88`	`"psql's \\copy command also works for anyone.")));`
`89`	`89`	`}`
`90`	`90`	`else`
`91`	`91`	`{`
`92`		`-if (is_from&& !is_member_of_role(GetUserId(),ROLE_PG_READ_SERVER_FILES))`
	`92`	`+if (is_from&& !has_privs_of_role(GetUserId(),ROLE_PG_READ_SERVER_FILES))`
`93`	`93`	`ereport(ERROR,`
`94`	`94`	`(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
`95`		`-errmsg("must be superuser ora member of the pg_read_server_files role to COPY from a file"),`
	`95`	`+errmsg("must be superuser orhave privileges of the pg_read_server_files role to COPY from a file"),`
`96`	`96`	`errhint("Anyone can COPY to stdout or from stdin. "`
`97`	`97`	`"psql's \\copy command also works for anyone.")));`
`98`	`98`
`99`		`-if (!is_from&& !is_member_of_role(GetUserId(),ROLE_PG_WRITE_SERVER_FILES))`
	`99`	`+if (!is_from&& !has_privs_of_role(GetUserId(),ROLE_PG_WRITE_SERVER_FILES))`
`100`	`100`	`ereport(ERROR,`
`101`	`101`	`(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),`
`102`		`-errmsg("must be superuser ora member of the pg_write_server_files role to COPY to a file"),`
	`102`	`+errmsg("must be superuser orhave privileges of the pg_write_server_files role to COPY to a file"),`
`103`	`103`	`errhint("Anyone can COPY to stdout or from stdin. "`
`104`	`104`	`"psql's \\copy command also works for anyone.")));`
`105`	`105`	`}`

`‎src/backend/replication/walreceiver.c`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -1403,12 +1403,12 @@ pg_stat_get_wal_receiver(PG_FUNCTION_ARGS)`
`1403`	`1403`	`/* Fetch values */`
`1404`	`1404`	`values[0]=Int32GetDatum(pid);`
`1405`	`1405`
`1406`		`-if (!is_member_of_role(GetUserId(),ROLE_PG_READ_ALL_STATS))`
	`1406`	`+if (!has_privs_of_role(GetUserId(),ROLE_PG_READ_ALL_STATS))`
`1407`	`1407`	`{`
`1408`	`1408`	`/*`
`1409`		`- * Only superusers andmembers of pg_read_all_stats can see details.`
`1410`		`- * Other users only get the pid value to know whether it is a WAL`
`1411`		`- * receiver, but no details.`
	`1409`	`+ * Only superusers androles with privileges of pg_read_all_stats`
	`1410`	`+ *can see details.Other users only get the pid value to know whether`
	`1411`	`+ *it is a WALreceiver, but no details.`
`1412`	`1412`	`*/`
`1413`	`1413`	`MemSet(&nulls[1], true,sizeof(bool)* (tupdesc->natts-1));`
`1414`	`1414`	`}`

`‎src/backend/replication/walsender.c`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -3473,12 +3473,12 @@ pg_stat_get_wal_senders(PG_FUNCTION_ARGS)`
`3473`	`3473`	`memset(nulls,0,sizeof(nulls));`
`3474`	`3474`	`values[0]=Int32GetDatum(pid);`
`3475`	`3475`
`3476`		`-if (!is_member_of_role(GetUserId(),ROLE_PG_READ_ALL_STATS))`
	`3476`	`+if (!has_privs_of_role(GetUserId(),ROLE_PG_READ_ALL_STATS))`
`3477`	`3477`	`{`
`3478`	`3478`	`/*`
`3479`		`- * Only superusers andmembers of pg_read_all_stats can see`
`3480`		`- * details. Other users only get the pid value to know it's a`
`3481`		`- * walsender, but no details.`
	`3479`	`+ * Only superusers androles with privileges of pg_read_all_stats`
	`3480`	`+ *can seedetails. Other users only get the pid value to know`
	`3481`	`+ *it's awalsender, but no details.`
`3482`	`3482`	`*/`
`3483`	`3483`	`MemSet(&nulls[1], true,PG_STAT_GET_WAL_SENDERS_COLS-1);`
`3484`	`3484`	`}`

`‎src/backend/utils/adt/acl.c`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -4859,6 +4859,8 @@ has_privs_of_role(Oid member, Oid role)`
`4859`	`4859`	`* Is member a member of role (directly or indirectly)?`
`4860`	`4860`	`*`
`4861`	`4861`	`* This is defined to recurse through roles regardless of rolinherit.`
	`4862`	`+ *`
	`4863`	`+ * Do not use this for privilege checking, instead use has_privs_of_role()`
`4862`	`4864`	`*/`
`4863`	`4865`	`bool`
`4864`	`4866`	`is_member_of_role(Oidmember,Oidrole)`
`@@ -4899,6 +4901,8 @@ check_is_member_of_role(Oid member, Oid role)`
`4899`	`4901`	`*`
`4900`	`4902`	`* This is identical to is_member_of_role except we ignore superuser`
`4901`	`4903`	`* status.`
	`4904`	`+ *`
	`4905`	`+ * Do not use this for privilege checking, instead use has_privs_of_role()`
`4902`	`4906`	`*/`
`4903`	`4907`	`bool`
`4904`	`4908`	`is_member_of_role_nosuper(Oidmember,Oidrole)`

`‎src/backend/utils/adt/dbsize.c`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -112,12 +112,12 @@ calculate_database_size(Oid dbOid)`
`112`	`112`	`AclResultaclresult;`
`113`	`113`
`114`	`114`	`/*`
`115`		`- * User must have connect privilege for target database orbe a member of`
	`115`	`+ * User must have connect privilege for target database orhave privileges of`
`116`	`116`	`* pg_read_all_stats`
`117`	`117`	`*/`
`118`	`118`	`aclresult=pg_database_aclcheck(dbOid,GetUserId(),ACL_CONNECT);`
`119`	`119`	`if (aclresult!=ACLCHECK_OK&&`
`120`		`-!is_member_of_role(GetUserId(),ROLE_PG_READ_ALL_STATS))`
	`120`	`+!has_privs_of_role(GetUserId(),ROLE_PG_READ_ALL_STATS))`
`121`	`121`	`{`
`122`	`122`	`aclcheck_error(aclresult,OBJECT_DATABASE,`
`123`	`123`	`get_database_name(dbOid));`
`@@ -196,12 +196,12 @@ calculate_tablespace_size(Oid tblspcOid)`
`196`	`196`	`AclResultaclresult;`
`197`	`197`
`198`	`198`	`/*`
`199`		`- * User mustbe a member of pg_read_all_stats or have CREATE privilege for`
	`199`	`+ * User musthave privileges of pg_read_all_stats or have CREATE privilege for`
`200`	`200`	`* target tablespace, either explicitly granted or implicitly because it`
`201`	`201`	`* is default for current database.`
`202`	`202`	`*/`
`203`	`203`	`if (tblspcOid!=MyDatabaseTableSpace&&`
`204`		`-!is_member_of_role(GetUserId(),ROLE_PG_READ_ALL_STATS))`
	`204`	`+!has_privs_of_role(GetUserId(),ROLE_PG_READ_ALL_STATS))`
`205`	`205`	`{`
`206`	`206`	`aclresult=pg_tablespace_aclcheck(tblspcOid,GetUserId(),ACL_CREATE);`
`207`	`207`	`if (aclresult!=ACLCHECK_OK)`

`‎src/backend/utils/adt/genfile.c`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -59,11 +59,11 @@ convert_and_check_filename(text *arg)`
`59`	`59`	`canonicalize_path(filename);/* filename can change length here */`
`60`	`60`
`61`	`61`	`/*`
`62`		`- *Membersof the 'pg_read_server_files' role are allowed to access any`
`63`		`- * files on the server as the PG user, so no need to do any further checks`
	`62`	`+ *Roles with privlegesof the 'pg_read_server_files' role are allowed to access`
	`63`	`+ *anyfiles on the server as the PG user, so no need to do any further checks`
`64`	`64`	`* here.`
`65`	`65`	`*/`
`66`		`-if (is_member_of_role(GetUserId(),ROLE_PG_READ_SERVER_FILES))`
	`66`	`+if (has_privs_of_role(GetUserId(),ROLE_PG_READ_SERVER_FILES))`
`67`	`67`	`returnfilename;`
`68`	`68`
`69`	`69`	`/*`

`‎src/backend/utils/adt/pgstatfuncs.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@`
`34`	`34`
`35`	`35`	`#defineUINT32_ACCESS_ONCE(var) ((uint32)(((volatile uint32 )&(var))))`
`36`	`36`
`37`		`-#defineHAS_PGSTAT_PERMISSIONS(role) (is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS) \|\| has_privs_of_role(GetUserId(), role))`
	`37`	`+#defineHAS_PGSTAT_PERMISSIONS(role) (has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS) \|\| has_privs_of_role(GetUserId(), role))`
`38`	`38`
`39`	`39`	`Datum`
`40`	`40`	`pg_stat_get_numscans(PG_FUNCTION_ARGS)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit6198420

File tree

23 files changed

23 files changed

`‎contrib/adminpack/adminpack.c`

`‎contrib/file_fdw/expected/file_fdw.out`

`‎contrib/file_fdw/file_fdw.c`

`‎contrib/pg_stat_statements/pg_stat_statements.c`

`‎contrib/pgrowlocks/pgrowlocks.c`

`‎doc/src/sgml/adminpack.sgml`

`‎doc/src/sgml/catalogs.sgml`

`‎doc/src/sgml/func.sgml`

`‎doc/src/sgml/monitoring.sgml`

`‎doc/src/sgml/pgbuffercache.sgml`

`‎doc/src/sgml/pgfreespacemap.sgml`

`‎doc/src/sgml/pgrowlocks.sgml`

`‎doc/src/sgml/pgstatstatements.sgml`

`‎doc/src/sgml/pgvisibility.sgml`

`‎src/backend/commands/copy.c`

`‎src/backend/replication/walreceiver.c`

`‎src/backend/replication/walsender.c`

`‎src/backend/utils/adt/acl.c`

`‎src/backend/utils/adt/dbsize.c`

`‎src/backend/utils/adt/genfile.c`

`‎src/backend/utils/adt/pgstatfuncs.c`

0 commit comments