Match pg_user_mappings limits to information_schema.user_mapping_options.

Both views replace the umoptions field with NULL when the user does not meet qualifications to see it. They used different qualifications, and pg_user_mappings documented qualifications did not match its implemented qualifications. Make its documentation and implementation match those of user_mapping_options. One might argue for stronger qualifications, but these have long, documented tenure. pg_user_mappings has always exhibited this problem, so back-patch to 9.2 (all supported versions). Michael Paquier and Feike Steenbergen. Reviewed by Jeff Janes. Reported by Andrew Wheelwright. Security: CVE-2017-7486
2025-07-30 11:03:19 +03:00 · 2017-05-08 07:24:24 -07:00
parent 3eab811275
commit b5b124046c
5 changed files with 82 additions and 8 deletions
--- a/doc/src/sgml/catalogs.sgml
+++ b/doc/src/sgml/catalogs.sgml
@ -9212,8 +9212,11 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx
      <entry></entry>
      <entry>
       User mapping specific options, as <quote>keyword=value</>
-       strings, if the current user is the owner of the foreign
-       server, else null
+       strings.  This column will show as null unless the current user
+       is the user being mapped, or the mapping is for
+       <literal>PUBLIC</literal> and the current user is the server
+       owner, or the current user is a superuser.  The intent is
+       to protect password information stored as user mapping option.
      </entry>
     </row>
    </tbody>