Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit5e8e009

Browse files
committed
Again match pg_user_mappings to information_schema.user_mapping_options.
Commit3eefc51 claimed to makepg_user_mappings enforce the qualifications user_mapping_options hadbeen enforcing, but its removal of a longstanding restriction left themdistinct when the current user is the subject of a mapping yet has noserver privileges. user_mapping_options emits no rows for such amapping, but pg_user_mappings includes full umoptions. Changepg_user_mappings to show null for umoptions. Back-patch to 9.2, likethe above commit.Reviewed by Tom Lane. Reported by Jeff Janes.Security:CVE-2017-7547
1 parentb2f833e commit5e8e009

File tree

5 files changed

+856
-829
lines changed

5 files changed

+856
-829
lines changed

‎doc/src/sgml/catalogs.sgml‎

Lines changed: 26 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -9211,17 +9211,37 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx
92119211
<entry><type>text[]</type></entry>
92129212
<entry></entry>
92139213
<entry>
9214-
User mapping specific options, as <quote>keyword=value</>
9215-
strings. This column will show as null unless the current user
9216-
is the user being mapped, or the mapping is for
9217-
<literal>PUBLIC</literal> and the current user is the server
9218-
owner, or the current user is a superuser. The intent is
9219-
to protect password information stored as user mapping option.
9214+
User mapping specific options, as <quote>keyword=value</> strings
92209215
</entry>
92219216
</row>
92229217
</tbody>
92239218
</tgroup>
92249219
</table>
9220+
9221+
<para>
9222+
To protect password information stored as a user mapping option,
9223+
the <structfield>umoptions</structfield> column will read as null
9224+
unless one of the following applies:
9225+
<itemizedlist>
9226+
<listitem>
9227+
<para>
9228+
current user is the user being mapped, and owns the server or
9229+
holds <literal>USAGE</> privilege on it
9230+
</para>
9231+
</listitem>
9232+
<listitem>
9233+
<para>
9234+
current user is the server owner and mapping is for <literal>PUBLIC</>
9235+
</para>
9236+
</listitem>
9237+
<listitem>
9238+
<para>
9239+
current user is a superuser
9240+
</para>
9241+
</listitem>
9242+
</itemizedlist>
9243+
</para>
9244+
92259245
</sect1>
92269246

92279247

‎src/backend/catalog/system_views.sql‎

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -696,7 +696,9 @@ CREATE VIEW pg_user_mappings AS
696696
ELSE
697697
A.rolname
698698
ENDAS usename,
699-
CASE WHEN (U.umuser<>0ANDA.rolname=current_user)
699+
CASE WHEN (U.umuser<>0ANDA.rolname=current_user
700+
AND (pg_has_role(S.srvowner,'USAGE')
701+
OR has_server_privilege(S.oid,'USAGE')))
700702
OR (U.umuser=0AND pg_has_role(S.srvowner,'USAGE'))
701703
OR (SELECT rolsuperFROM pg_authidWHERE rolname=current_user)
702704
THENU.umoptions

‎src/test/regress/expected/foreign_data.out‎

Lines changed: 17 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1142,10 +1142,11 @@ ERROR: permission denied for foreign-data wrapper foo
11421142
ALTER SERVER s9 VERSION '1.1';
11431143
GRANT USAGE ON FOREIGN SERVER s9 TO regress_test_role;
11441144
CREATE USER MAPPING FOR current_user SERVER s9;
1145+
-- We use terse mode to avoid ordering issues in cascade detail output.
1146+
\set VERBOSITY terse
11451147
DROP SERVER s9 CASCADE;
11461148
NOTICE: drop cascades to 2 other objects
1147-
DETAIL: drop cascades to user mapping for public on server s9
1148-
drop cascades to user mapping for unprivileged_role on server s9
1149+
\set VERBOSITY default
11491150
RESET ROLE;
11501151
CREATE SERVER s9 FOREIGN DATA WRAPPER foo;
11511152
GRANT USAGE ON FOREIGN SERVER s9 TO unprivileged_role;
@@ -1161,57 +1162,62 @@ ERROR: must be owner of foreign server s9
11611162
SET ROLE regress_test_role;
11621163
CREATE SERVER s10 FOREIGN DATA WRAPPER foo;
11631164
CREATE USER MAPPING FOR public SERVER s10 OPTIONS (user 'secret');
1164-
GRANT USAGE ON FOREIGNSERVER s10TO unprivileged_role;
1165-
-- owner of server can see option fields
1165+
CREATE USER MAPPING FOR unprivileged_roleSERVER s10OPTIONS (user 'secret');
1166+
-- owner of server can seesomeoption fields
11661167
\deu+
11671168
List of user mappings
11681169
Server | User name | FDW Options
11691170
--------+-------------------+-------------------
11701171
s10 | public | ("user" 'secret')
1172+
s10 | unprivileged_role |
11711173
s4 | foreign_data_user |
11721174
s5 | regress_test_role | (modified '1')
11731175
s6 | regress_test_role |
11741176
s8 | foreign_data_user |
11751177
s8 | public |
11761178
s9 | unprivileged_role |
11771179
t1 | public | (modified '1')
1178-
(8 rows)
1180+
(9 rows)
11791181

11801182
RESET ROLE;
1181-
-- superuser can see option fields
1183+
-- superuser can seealloption fields
11821184
\deu+
11831185
List of user mappings
11841186
Server | User name | FDW Options
11851187
--------+-------------------+---------------------
11861188
s10 | public | ("user" 'secret')
1189+
s10 | unprivileged_role | ("user" 'secret')
11871190
s4 | foreign_data_user |
11881191
s5 | regress_test_role | (modified '1')
11891192
s6 | regress_test_role |
11901193
s8 | foreign_data_user | (password 'public')
11911194
s8 | public |
11921195
s9 | unprivileged_role |
11931196
t1 | public | (modified '1')
1194-
(8 rows)
1197+
(9 rows)
11951198

1196-
-- unprivileged user cannot see optionfields
1199+
-- unprivileged user cannot seeanyoptionfield
11971200
SET ROLE unprivileged_role;
11981201
\deu+
11991202
List of user mappings
12001203
Server | User name | FDW Options
12011204
--------+-------------------+-------------
12021205
s10 | public |
1206+
s10 | unprivileged_role |
12031207
s4 | foreign_data_user |
12041208
s5 | regress_test_role |
12051209
s6 | regress_test_role |
12061210
s8 | foreign_data_user |
12071211
s8 | public |
12081212
s9 | unprivileged_role |
12091213
t1 | public |
1210-
(8 rows)
1214+
(9 rows)
12111215

12121216
RESET ROLE;
1217+
\set VERBOSITY terse
12131218
DROP SERVER s10 CASCADE;
1214-
NOTICE: drop cascades to user mapping for public on server s10
1219+
NOTICE: drop cascades to 2 other objects
1220+
\set VERBOSITY default
12151221
-- DROP FOREIGN TABLE
12161222
DROP FOREIGN TABLE no_table; -- ERROR
12171223
ERROR: foreign table "no_table" does not exist
@@ -1236,16 +1242,12 @@ owner of user mapping for regress_test_role on server s6
12361242
DROP SERVER t1 CASCADE;
12371243
NOTICE: drop cascades to user mapping for public on server t1
12381244
DROP USER MAPPING FOR regress_test_role SERVER s6;
1239-
-- This test causes some order dependent cascade detail output,
1240-
-- so switch to terse mode for it.
12411245
\set VERBOSITY terse
12421246
DROP FOREIGN DATA WRAPPER foo CASCADE;
12431247
NOTICE: drop cascades to 5 other objects
1244-
\set VERBOSITY default
12451248
DROP SERVER s8 CASCADE;
12461249
NOTICE: drop cascades to 2 other objects
1247-
DETAIL: drop cascades to user mapping for foreign_data_user on server s8
1248-
drop cascades to user mapping for public on server s8
1250+
\set VERBOSITY default
12491251
DROP ROLE regress_test_indirect;
12501252
DROP ROLE regress_test_role;
12511253
DROP ROLE unprivileged_role; -- ERROR

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp