use has_privs_of_role() for pg_hba.conf

Nathan Bossart <nathandbossart@gmail.com>

From: Nathan Bossart <nathandbossart@gmail.com>
To: pgsql-hackers@postgresql.org
Date: 2022-04-01T22:06:48Z
Lists: pgsql-hackers

Attachments

Hi hackers,

6198420 ensured that has_privs_of_role() is used for predefined roles,
which means that the role inheritance hierarchy is checked instead of mere
role membership.  However, inheritance is still not respected for
pg_hba.conf.  Specifically, "samerole", "samegroup", and "+" still use
is_member_of_role_nosuper().

The attached patch introduces has_privs_of_role_nosuper() and uses it for
the aforementioned pg_hba.conf functionality.  I think this is desirable
for consistency.  If a role_a has membership in role_b but none of its
privileges (i.e., NOINHERIT), does it make sense that role_a should match
+role_b in pg_hba.conf?  It is true that role_a could always "SET ROLE
role_b", and with this change, the user won't even have the ability to log
in to run SET ROLE.  But I'm not sure if that's a strong enough argument
for deviating from the standard role privilege checks.

Thoughts?

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

Commits

  1. Add TAP tests for role membership in pg_hba.conf