Again match pg_user_mappings to information_schema.user_mapping_options.

Commit 3eefc51053 claimed to make pg_user_mappings enforce the qualifications user_mapping_options had been enforcing, but its removal of a longstanding restriction left them distinct when the current user is the subject of a mapping yet has no server privileges. user_mapping_options emits no rows for such a mapping, but pg_user_mappings includes full umoptions. Change pg_user_mappings to show null for umoptions. Back-patch to 9.2, like the above commit. Reviewed by Tom Lane. Reported by Jeff Janes. Security: CVE-2017-7547
2025-08-27 07:42:10 +03:00 · 2017-08-07 07:09:28 -07:00
parent b2f833ea71
commit 5e8e009146
5 changed files with 856 additions and 829 deletions
--- a/src/backend/catalog/system_views.sql
+++ b/src/backend/catalog/system_views.sql
@@ -696,7 +696,9 @@ CREATE VIEW pg_user_mappings AS
        ELSE
            A.rolname
        END AS usename,
-        CASE WHEN (U.umuser <> 0 AND A.rolname = current_user)
+        CASE WHEN (U.umuser <> 0 AND A.rolname = current_user
+                     AND (pg_has_role(S.srvowner, 'USAGE')
+                          OR has_server_privilege(S.oid, 'USAGE')))
                    OR (U.umuser = 0 AND pg_has_role(S.srvowner, 'USAGE'))
                    OR (SELECT rolsuper FROM pg_authid WHERE rolname = current_user)
                    THEN U.umoptions