Only superuser can set sslcert/sslkey in postgres_fdw user mappings

Othrwise there is a security risk.

Discussion: https://postgr.es/m/20200109103014.GA4192@msg.df7cb.de

1 files changed, 10 insertions, 0 deletions

diff --git a/contrib/postgres_fdw/option.c b/contrib/postgres_fdw/option.c
index 4a26056db08..c442af5bb96 100644
--- a/contrib/postgres_fdw/option.c
+++ b/contrib/postgres_fdw/option.c
@@ -159,6 +159,16 @@ postgres_fdw_validator(PG_FUNCTION_ARGS)
 						 errmsg("password_required=false is superuser-only"),
 						 errhint("User mappings with the password_required option set to false may only be created or modified by the superuser")));
 		}
+		else if (strcmp(def->defname, "sslcert") == 0 ||
+				 strcmp(def->defname, "sslkey") == 0)
+		{
+			/* similarly for sslcert / sslkey on user mapping */
+			if (catalog == UserMappingRelationId && !superuser())
+				ereport(ERROR,
+						(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+						 errmsg("sslcert and sslkey are superuser-only"),
+						 errhint("User mappings with the sslcert or sslkey options set may only be created or modified by the superuser")));
+		}
 	}
 
 	PG_RETURN_VOID();