Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A role shouldn't be able to modify the superuser status of itself or of a role granted to it #2505

Closed
hectorgcr opened this issue Oct 3, 2019 · 0 comments
Closed

A role shouldn't be able to modify the superuser status of itself or of a role granted to it #2505

hectorgcr opened this issue Oct 3, 2019 · 0 comments
Assignees
@hectorgcr
Labels
kind/bug This issue is a bug

Comments

@hectorgcr
Copy link
Contributor

hectorgcr commented Oct 3, 2019
edited
Loading

Currently, a superuser can remove the superuser status of itself, or any other role granted to it:

cassandra@cqlsh> alter role cassandra with SUPERUSER = false;

and

cassandra@cqlsh> create role s with SUPERUSER = true;
cassandra@cqlsh> grant s to cassandra;
cassandra@cqlsh> alter role s with SUPERUSER = false;

both succeed, but the ALTER ROLE statement should fail in both cases.
@hectorgcr hectorgcr self-assigned this Oct 3, 2019
@hectorgcr hectorgcr added the kind/bug This issue is a bug label Oct 3, 2019
hectorgcr added a commit that referenced this issue Oct 9, 2019
@hectorgcr
#2505: A role shouldn't be able to modify the superuser status of its…
5079fb5 
…elf or of a role granted to it

Summary:
Currently, a superuser can remove the superuser status of itself, or any other role granted to it:

```cassandra@cqlsh> alter role cassandra with SUPERUSER = false;```

and

```
cassandra@cqlsh> create role s with SUPERUSER = true;
cassandra@cqlsh> grant s to cassandra;
cassandra@cqlsh> alter role s with SUPERUSER = false;
```

This diff fixes this issue by checking whether the role is trying to modify its own superuser status or the superuser status of any role granted to it directly or through inheritance

This fix also fixes a bug in which we were allowing a non-superuser modify the status of another non-superuser role.

Test Plan: Three new unit tests `TestAuthorization.testAlterOwnSuperuserStatusFails`, `TestAuthorization.testAlterSuperuserStatusOfGrantedRoleFails`, and `TestAuthentication.testAlterSuperuserFieldOfNonSuperuserRole`

Reviewers: amitanand, mikhail, rahuldesirazu, bogdan

Reviewed By: bogdan

Subscribers: ybase

Differential Revision: https://phabricator.dev.yugabyte.com/D7335
bmatican pushed a commit that referenced this issue Oct 16, 2019
@hectorgcr @bmatican
#2505: A role shouldn't be able to modify the superuser status of its…
649c29d 
…elf or of a role granted to it

Summary:
Currently, a superuser can remove the superuser status of itself, or any other role granted to it:

```cassandra@cqlsh> alter role cassandra with SUPERUSER = false;```

and

```
cassandra@cqlsh> create role s with SUPERUSER = true;
cassandra@cqlsh> grant s to cassandra;
cassandra@cqlsh> alter role s with SUPERUSER = false;
```

This diff fixes this issue by checking whether the role is trying to modify its own superuser status or the superuser status of any role granted to it directly or through inheritance

This fix also fixes a bug in which we were allowing a non-superuser modify the status of another non-superuser role.

Test Plan: Three new unit tests `TestAuthorization.testAlterOwnSuperuserStatusFails`, `TestAuthorization.testAlterSuperuserStatusOfGrantedRoleFails`, and `TestAuthentication.testAlterSuperuserFieldOfNonSuperuserRole`

Reviewers: amitanand, mikhail, rahuldesirazu, bogdan

Reviewed By: bogdan

Subscribers: ybase

Differential Revision: https://phabricator.dev.yugabyte.com/D7335
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hectorgcr hectorgcr

Labels
kind/bug This issue is a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hectorgcr