aboutsummaryrefslogtreecommitdiff
path: root/src/backend
diff options
context:
space:
mode:
authorNoah Misch <noah@leadboat.com>2017-08-07 07:09:28 -0700
committerNoah Misch <noah@leadboat.com>2017-08-07 07:09:31 -0700
commit156099630320fcb72d41ae90b91f15ed0dfbc271 (patch)
tree4d4360494aca71c629ce1a02ca71f22f16a407b9 /src/backend
parentf6fc72cb697295c1807d14ee5c52d2086d1864af (diff)
downloadpostgresql-156099630320fcb72d41ae90b91f15ed0dfbc271.tar.gz
postgresql-156099630320fcb72d41ae90b91f15ed0dfbc271.zip
Again match pg_user_mappings to information_schema.user_mapping_options.
Commit 3eefc51053f250837c3115c12f8119d16881a2d7 claimed to make pg_user_mappings enforce the qualifications user_mapping_options had been enforcing, but its removal of a longstanding restriction left them distinct when the current user is the subject of a mapping yet has no server privileges. user_mapping_options emits no rows for such a mapping, but pg_user_mappings includes full umoptions. Change pg_user_mappings to show null for umoptions. Back-patch to 9.2, like the above commit. Reviewed by Tom Lane. Reported by Jeff Janes. Security: CVE-2017-7547
Diffstat (limited to 'src/backend')
-rw-r--r--src/backend/catalog/system_views.sql4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql
index b769c6f066f..57535a2dea1 100644
--- a/src/backend/catalog/system_views.sql
+++ b/src/backend/catalog/system_views.sql
@@ -826,7 +826,9 @@ CREATE VIEW pg_user_mappings AS
ELSE
A.rolname
END AS usename,
- CASE WHEN (U.umuser <> 0 AND A.rolname = current_user)
+ CASE WHEN (U.umuser <> 0 AND A.rolname = current_user
+ AND (pg_has_role(S.srvowner, 'USAGE')
+ OR has_server_privilege(S.oid, 'USAGE')))
OR (U.umuser = 0 AND pg_has_role(S.srvowner, 'USAGE'))
OR (SELECT rolsuper FROM pg_authid WHERE rolname = current_user)
THEN U.umoptions