user_mappings_leak.patch
application/octet-stream
Filename: user_mappings_leak.patch
Type: application/octet-stream
Part: 0
Patch
Same data as JSON:
GET /api/v1/attachments/:id/patch
the parsed metadata as JSON — format, series position, per-file stats; never the diff bytes.
API reference →
Format: unified
| File | + | − |
|---|---|---|
| doc/src/sgml/catalogs.sgml | 6 | 2 |
| src/backend/catalog/system_views.sql | 5 | 4 |
diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml
index ac39c639ed..f75f69e86f 100644
--- a/doc/src/sgml/catalogs.sgml
+++ b/doc/src/sgml/catalogs.sgml
@@ -11042,8 +11042,12 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx
<entry></entry>
<entry>
User mapping specific options, as <quote>keyword=value</>
- strings, if the current user is the owner of the foreign
- server, else null
+ strings. This column will show as null
+ unless the current user is the user being mapped, or the mapping
+ is for <literal>PUBLIC</literal> and the current user is the
+ server owner, or the current user is a superuser. The intent is
+ to protect password information stored as user mapping
+ option.
</entry>
</row>
</tbody>
diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql
index d357c8b8fd..43fe44fbe9 100644
--- a/src/backend/catalog/system_views.sql
+++ b/src/backend/catalog/system_views.sql
@@ -920,10 +920,11 @@ CREATE VIEW pg_user_mappings AS
ELSE
A.rolname
END AS usename,
- CASE WHEN pg_has_role(S.srvowner, 'USAGE') OR has_server_privilege(S.oid, 'USAGE') THEN
- U.umoptions
- ELSE
- NULL
+ CASE
+ WHEN U.umuser <> 0::oid AND A.rolname = "current_user"() OR U.umuser = 0::oid AND pg_has_role(S.srvowner::name, 'USAGE'::text) OR ( SELECT pg_authid.rolsuper
+ FROM pg_authid
+ WHERE pg_authid.rolname = "current_user"()) THEN U.umoptions
+ ELSE NULL::text[]
END AS umoptions
FROM pg_user_mapping U
JOIN pg_foreign_server S ON (U.umserver = S.oid)