User mapping specific options, as keyword=value
- strings, if the current user is the owner of the foreign
- server, else null
+ strings. This column will show as null unless the current user
+ is the user being mapped, or the mapping is for
+ PUBLIC and the current user is the server
+ owner, or the current user is a superuser. The intent is
+ to protect password information stored as user mapping option.
ELSE
A.rolname
END AS usename,
- CASE WHEN pg_has_role(S.srvowner, 'USAGE') OR has_server_privilege(S.oid, 'USAGE') THEN
- U.umoptions
- ELSE
- NULL
- END AS umoptions
+ CASE WHEN (U.umuser <> 0 AND A.rolname = current_user)
+ OR (U.umuser = 0 AND pg_has_role(S.srvowner, 'USAGE'))
+ OR (SELECT rolsuper FROM pg_authid WHERE rolname = current_user)
+ THEN U.umoptions
+ ELSE NULL END AS umoptions
FROM pg_user_mapping U
LEFT JOIN pg_authid A ON (A.oid = U.umuser) JOIN
pg_foreign_server S ON (U.umserver = S.oid);
CREATE USER MAPPING FOR current_user SERVER s9;
DROP SERVER s9 CASCADE; -- ERROR
ERROR: must be owner of foreign server s9
+-- Check visibility of user mapping data
+SET ROLE regress_test_role;
+CREATE SERVER s10 FOREIGN DATA WRAPPER foo;
+CREATE USER MAPPING FOR public SERVER s10 OPTIONS (user 'secret');
+GRANT USAGE ON FOREIGN SERVER s10 TO unprivileged_role;
+-- owner of server can see option fields
+\deu+
+ List of user mappings
+ Server | User name | FDW Options
+--------+-------------------+-------------------
+ s10 | public | ("user" 'secret')
+ s4 | foreign_data_user |
+ s5 | regress_test_role | (modified '1')
+ s6 | regress_test_role |
+ s8 | foreign_data_user |
+ s8 | public |
+ s9 | unprivileged_role |
+ t1 | public | (modified '1')
+(8 rows)
+
+RESET ROLE;
+-- superuser can see option fields
+\deu+
+ List of user mappings
+ Server | User name | FDW Options
+--------+-------------------+---------------------
+ s10 | public | ("user" 'secret')
+ s4 | foreign_data_user |
+ s5 | regress_test_role | (modified '1')
+ s6 | regress_test_role |
+ s8 | foreign_data_user | (password 'public')
+ s8 | public |
+ s9 | unprivileged_role |
+ t1 | public | (modified '1')
+(8 rows)
+
+-- unprivileged user cannot see option fields
+SET ROLE unprivileged_role;
+\deu+
+ List of user mappings
+ Server | User name | FDW Options
+--------+-------------------+-------------
+ s10 | public |
+ s4 | foreign_data_user |
+ s5 | regress_test_role |
+ s6 | regress_test_role |
+ s8 | foreign_data_user |
+ s8 | public |
+ s9 | unprivileged_role |
+ t1 | public |
+(8 rows)
+
RESET ROLE;
+DROP SERVER s10 CASCADE;
+NOTICE: drop cascades to user mapping for public on server s10
-- Triggers
CREATE FUNCTION dummy_trigger() RETURNS TRIGGER AS $$
BEGIN
GRANT USAGE ON FOREIGN SERVER s9 TO regress_test_role; -- WARNING
CREATE USER MAPPING FOR current_user SERVER s9;
DROP SERVER s9 CASCADE; -- ERROR
+
+-- Check visibility of user mapping data
+SET ROLE regress_test_role;
+CREATE SERVER s10 FOREIGN DATA WRAPPER foo;
+CREATE USER MAPPING FOR public SERVER s10 OPTIONS (user 'secret');
+GRANT USAGE ON FOREIGN SERVER s10 TO unprivileged_role;
+-- owner of server can see option fields
+\deu+
+RESET ROLE;
+-- superuser can see option fields
+\deu+
+-- unprivileged user cannot see option fields
+SET ROLE unprivileged_role;
+\deu+
RESET ROLE;
+DROP SERVER s10 CASCADE;
-- Triggers
CREATE FUNCTION dummy_trigger() RETURNS TRIGGER AS $$
projects / postgresql.git / commitdiff