Re: Superuser can't revoke role granted by non-superuser
| От | Alexander Kukushkin |
|---|---|
| Тема | Re: Superuser can't revoke role granted by non-superuser |
| Дата | |
| Msg-id | CAFh8B==5bnZ9eT8fRt0onuh4Qag2OSXUGqv3Vx9JASw5=Zw4Eg@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Superuser can't revoke role granted by non-superuser (Kirill Reshke <reshkekirill@gmail.com>) |
| Ответы |
Re: Superuser can't revoke role granted by non-superuser
|
| Список | pgsql-bugs |
On Mon, 27 Jan 2025 at 10:20, Kirill Reshke <reshkekirill@gmail.com> wrote:
Reproduced this at cf5eb37 (and not on its parent f026c16)
There was some huge refactoring around user.c and particularly
`check_role_grantor` function. I'm trying to comprehend.
I think the fix should look like:
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index 02824c32a49..29948d692b6 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -2342,7 +2342,8 @@ plan_single_revoke(CatCList *memlist, RevokeRoleGrantAction *actions,
authmem_form = (Form_pg_auth_members) GETSTRUCT(authmem_tuple);
if (authmem_form->member == member &&
- authmem_form->grantor == grantor)
+ (authmem_form->grantor == grantor ||
+ grantor == BOOTSTRAP_SUPERUSERID))
{
if ((popt->specified & GRANT_ROLE_SPECIFIED_INHERIT) != 0)
{
index 02824c32a49..29948d692b6 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -2342,7 +2342,8 @@ plan_single_revoke(CatCList *memlist, RevokeRoleGrantAction *actions,
authmem_form = (Form_pg_auth_members) GETSTRUCT(authmem_tuple);
if (authmem_form->member == member &&
- authmem_form->grantor == grantor)
+ (authmem_form->grantor == grantor ||
+ grantor == BOOTSTRAP_SUPERUSERID))
{
if ((popt->specified & GRANT_ROLE_SPECIFIED_INHERIT) != 0)
{
I am going to work on the patch and update regression tests accordingly.
Regards,
--
Alexander Kukushkin
В списке pgsql-bugs по дате отправления: