From c3d8de0907b53e3ce8988c71181edb6bcecd5aa6 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Fri, 4 Nov 2005 17:25:15 +0000 Subject: Disregard superuserness when checking to see if a role GRANT would create circularity of role memberships. This is a minimum-impact fix for the problem reported by Florian Pflug. I thought about removing the superuser_arg test from is_member_of_role() altogether, as it seems redundant for many of the callers --- but not all, and it's way too late in the 8.1 cycle to be making large changes. Perhaps reconsider this later. --- src/backend/utils/adt/acl.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'src/backend/utils/adt/acl.c') diff --git a/src/backend/utils/adt/acl.c b/src/backend/utils/adt/acl.c index 5fcb9b25fc4..6d1402356e2 100644 --- a/src/backend/utils/adt/acl.c +++ b/src/backend/utils/adt/acl.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.126 2005/10/15 02:49:27 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.127 2005/11/04 17:25:15 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -3067,6 +3067,26 @@ check_is_member_of_role(Oid member, Oid role) GetUserNameFromId(role)))); } +/* + * Is member a member of role, not considering superuserness? + * + * This is identical to is_member_of_role except we ignore superuser + * status. + */ +bool +is_member_of_role_nosuper(Oid member, Oid role) +{ + /* Fast path for simple case */ + if (member == role) + return true; + + /* + * Find all the roles that member is a member of, including multi-level + * recursion, then see if target role is any one of them. + */ + return list_member_oid(roles_is_member_of(member), role); +} + /* * Is member an admin of role (directly or indirectly)? That is, is it -- cgit v1.2.3