You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Again match pg_user_mappings to information_schema.user_mapping_options.
Commit 3eefc51 claimed to make
pg_user_mappings enforce the qualifications user_mapping_options had
been enforcing, but its removal of a longstanding restriction left them
distinct when the current user is the subject of a mapping yet has no
server privileges. user_mapping_options emits no rows for such a
mapping, but pg_user_mappings includes full umoptions. Change
pg_user_mappings to show null for umoptions. Back-patch to 9.2, like
the above commit.
Reviewed by Tom Lane. Reported by Jeff Janes.
Security: CVE-2017-7547
Copy file name to clipboardExpand all lines: src/test/regress/expected/rules.out
+1-1
Original file line number
Diff line number
Diff line change
@@ -2151,7 +2151,7 @@ pg_user_mappings| SELECT u.oid AS umid,
2151
2151
ELSE a.rolname
2152
2152
END AS usename,
2153
2153
CASE
2154
-
WHEN (((u.umuser <> (0)::oid) AND (a.rolname = "current_user"())) OR ((u.umuser = (0)::oid) AND pg_has_role(s.srvowner, 'USAGE'::text)) OR ( SELECT pg_authid.rolsuper
2154
+
WHEN (((u.umuser <> (0)::oid) AND (a.rolname = "current_user"()) AND (pg_has_role(s.srvowner, 'USAGE'::text) OR has_server_privilege(s.oid, 'USAGE'::text))) OR ((u.umuser = (0)::oid) AND pg_has_role(s.srvowner, 'USAGE'::text)) OR ( SELECT pg_authid.rolsuper
2155
2155
FROM pg_authid
2156
2156
WHERE (pg_authid.rolname = "current_user"()))) THEN u.umoptions
0 commit comments