diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2020-11-03 15:41:32 -0500 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2020-11-03 15:41:32 -0500 |
| commit | 77df80cf691af9270ef52d860b5615d6d0a7afbc (patch) | |
| tree | f90655477ce8077e668079c3c47a8618ef5ecf3b /src/backend/commands/user.c | |
| parent | 29ae4cd82949843d09aa02a8125a5b5087201431 (diff) | |
| download | postgresql-77df80cf691af9270ef52d860b5615d6d0a7afbc.tar.gz postgresql-77df80cf691af9270ef52d860b5615d6d0a7afbc.zip | |
Allow users with BYPASSRLS to alter their own passwords.
The intention in commit 491c029db was to require superuserness to
change the BYPASSRLS property, but the actual effect of the coding
in AlterRole() was to require superuserness to change anything at all
about a BYPASSRLS role. Other properties of a BYPASSRLS role should
be changeable under the same rules as for a normal role, though.
Fix that, and also take care of some documentation omissions related
to BYPASSRLS and REPLICATION role properties.
Tom Lane and Stephen Frost, per bug report from Wolfgang Walther.
Back-patch to all supported branches.
Discussion: https://postgr.es/m/a5548a9f-89ee-3167-129d-162b5985fcf8@technowledgy.de
Diffstat (limited to 'src/backend/commands/user.c')
| -rw-r--r-- | src/backend/commands/user.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index ccacf2d0d1f..7567e2f17e7 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -665,8 +665,10 @@ AlterRole(AlterRoleStmt *stmt) roleid = HeapTupleGetOid(tuple); /* - * To mess with a superuser you gotta be superuser; else you need - * createrole, or just want to change your own password + * To mess with a superuser or replication role in any way you gotta be + * superuser. We also insist on superuser to change the BYPASSRLS + * property. Otherwise, if you don't have createrole, you're only allowed + * to change your own password. */ if (authform->rolsuper || issuper >= 0) { @@ -682,7 +684,7 @@ AlterRole(AlterRoleStmt *stmt) (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("must be superuser to alter replication users"))); } - else if (authform->rolbypassrls || bypassrls >= 0) + else if (bypassrls >= 0) { if (!superuser()) ereport(ERROR, @@ -691,11 +693,11 @@ AlterRole(AlterRoleStmt *stmt) } else if (!have_createrole_privilege()) { + /* We already checked issuper, isreplication, and bypassrls */ if (!(inherit < 0 && createrole < 0 && createdb < 0 && canlogin < 0 && - isreplication < 0 && !dconnlimit && !rolemembers && !validUntil && |