Use has_privs_for_roles for predefined role checks
authorJoe Conway <mail@joeconway.com>
Mon, 28 Mar 2022 19:10:04 +0000 (15:10 -0400)
committerJoe Conway <mail@joeconway.com>
Mon, 28 Mar 2022 19:10:04 +0000 (15:10 -0400)
commit6198420ad8a72e37f4fe4964616b17e0fd33b808
tree48b9bf9c3997840958f3290ff8a1a2330a5b55b8
parent79de9842ab03259325ee4055fb0a7ebd2e4372ff
Use has_privs_for_roles for predefined role checks

Generally if a role is granted membership to another role with NOINHERIT
they must use SET ROLE to access the privileges of that role, however
with predefined roles the membership and privilege is conflated. Fix that
by replacing is_member_of_role with has_privs_for_role for predefined
roles. Patch does not remove is_member_of_role from acl.h, but it does
add a warning not to use that function for privilege checking. Not
backpatched based on hackers list discussion.

Author: Joshua Brindle
Reviewed-by: Stephen Frost, Nathan Bossart, Joe Conway
Discussion: https://postgr.es/m/flat/CAGB+Vh4Zv_TvKt2tv3QNS6tUM_F_9icmuj0zjywwcgVi4PAhFA@mail.gmail.com
23 files changed:
contrib/adminpack/adminpack.c
contrib/file_fdw/expected/file_fdw.out
contrib/file_fdw/file_fdw.c
contrib/pg_stat_statements/pg_stat_statements.c
contrib/pgrowlocks/pgrowlocks.c
doc/src/sgml/adminpack.sgml
doc/src/sgml/catalogs.sgml
doc/src/sgml/func.sgml
doc/src/sgml/monitoring.sgml
doc/src/sgml/pgbuffercache.sgml
doc/src/sgml/pgfreespacemap.sgml
doc/src/sgml/pgrowlocks.sgml
doc/src/sgml/pgstatstatements.sgml
doc/src/sgml/pgvisibility.sgml
src/backend/commands/copy.c
src/backend/replication/walreceiver.c
src/backend/replication/walsender.c
src/backend/utils/adt/acl.c
src/backend/utils/adt/dbsize.c
src/backend/utils/adt/genfile.c
src/backend/utils/adt/pgstatfuncs.c
src/backend/utils/misc/guc.c
src/test/modules/unsafe_tests/expected/rolenames.out