From 1cf079581fbae51877826af5d68f5a16bcb7cafe Mon Sep 17 00:00:00 2001 From: Jelte Fennema Date: Wed, 27 Jul 2022 17:46:32 +0200 Subject: [PATCH] Avoid possible information leakage about existing users (#6090) (cherry picked from commit 0f50bef696e8925374a7423f89b7513bf6f31d44) --- src/backend/distributed/shared_library_init.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/backend/distributed/shared_library_init.c b/src/backend/distributed/shared_library_init.c index 997f30822..96104b755 100644 --- a/src/backend/distributed/shared_library_init.c +++ b/src/backend/distributed/shared_library_init.c @@ -2373,7 +2373,11 @@ CitusAuthHook(Port *port, int status) /* - * IsSuperuser returns whether the role with the given name is superuser. + * IsSuperuser returns whether the role with the given name is superuser. If + * the user doesn't exist, this simply returns false instead of throwing an + * error. This is done to not leak information about users existing or not, in + * some cases postgres is vague about this on purpose. So, by returning false + * we let postgres return this possibly vague error message. */ static bool IsSuperuser(char *roleName) @@ -2386,9 +2390,7 @@ IsSuperuser(char *roleName) HeapTuple roleTuple = SearchSysCache1(AUTHNAME, CStringGetDatum(roleName)); if (!HeapTupleIsValid(roleTuple)) { - ereport(FATAL, - (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), - errmsg("role \"%s\" does not exist", roleName))); + return false; } Form_pg_authid rform = (Form_pg_authid) GETSTRUCT(roleTuple);