NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit7f1f72c

committed

Fix usage of whole-row variables in WCO and RLS policy expressions.

Since WITH CHECK OPTION was introduced, ExecInitModifyTable hasinitialized WCO expressions with the wrong plan node as parent -- that is,it passed its input subplan not the ModifyTable node itself. Up to nowwe thought this was harmless, but bug #16006 from Vinay Banakar shows it'snot: if the input node is a SubqueryScan then ExecInitWholeRowVar can getconfused into doing the wrong thing. (The fact that ExecInitWholeRowVarcontains such logic is certainly a horrid kluge that doesn't deserve tolive, but figuring out another way to do that is a task for some other day.)Andres had already noticed the wrong-parent mistake and fixed it in commit148e632, but not being aware of any user-visible consequences, he quitereasonably didn't back-patch. This patch is simply a back-patch of148e632, plus addition of a test case based on bug #16006. I also addedthe test case to v12/HEAD, even though the bug is already fixed there.Back-patch to all supported branches. 9.4 lacks RLS policies so thenew test case doesn't work there, but I'm pretty sure a test could bedevised based on using a whole-row Var in a plain WITH CHECK OPTIONcondition. (I lack the cycles to do so myself, though.)Andres Freund and Tom LaneDiscussion:https://postgr.es/m/16006-99290d2e4642cbd5@postgresql.orgDiscussion:https://postgr.es/m/20181205225213.hiwa3kgoxeybqcqv@alap3.anarazel.de

1 parent614cdea commit7f1f72cCopy full SHA for 7f1f72c

File tree

2 files changed

+53

-0

lines changed

src/test/regress
- expected
  - rowsecurity.out
- sql
  - rowsecurity.sql

2 files changed

+53

-0

lines changed

`‎src/test/regress/expected/rowsecurity.out`

Lines changed: 34 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -3958,6 +3958,40 @@ DROP OPERATOR <<< (int, int);`
`3958`	`3958`	`DROP FUNCTION op_leak(int, int);`
`3959`	`3959`	`RESET SESSION AUTHORIZATION;`
`3960`	`3960`	`DROP TABLE rls_tbl;`
	`3961`	`+-- Bug #16006: whole-row Vars in a policy don't play nice with sub-selects`
	`3962`	`+SET SESSION AUTHORIZATION regress_rls_alice;`
	`3963`	`+CREATE TABLE rls_tbl (a int, b int, c int);`
	`3964`	`+CREATE POLICY p1 ON rls_tbl USING (rls_tbl >= ROW(1,1,1));`
	`3965`	`+ALTER TABLE rls_tbl ENABLE ROW LEVEL SECURITY;`
	`3966`	`+ALTER TABLE rls_tbl FORCE ROW LEVEL SECURITY;`
	`3967`	`+INSERT INTO rls_tbl SELECT 10, 20, 30;`
	`3968`	`+EXPLAIN (VERBOSE, COSTS OFF)`
	`3969`	`+INSERT INTO rls_tbl`
	`3970`	`+ SELECT * FROM (SELECT b, c FROM rls_tbl ORDER BY a) ss;`
	`3971`	`+ QUERY PLAN`
	`3972`	`+--------------------------------------------------------------------`
	`3973`	`+ Insert on regress_rls_schema.rls_tbl`
	`3974`	`+ -> Subquery Scan on ss`
	`3975`	`+ Output: ss.b, ss.c, NULL::integer`
	`3976`	`+ -> Sort`
	`3977`	`+ Output: rls_tbl_1.b, rls_tbl_1.c, rls_tbl_1.a`
	`3978`	`+ Sort Key: rls_tbl_1.a`
	`3979`	`+ -> Seq Scan on regress_rls_schema.rls_tbl rls_tbl_1`
	`3980`	`+ Output: rls_tbl_1.b, rls_tbl_1.c, rls_tbl_1.a`
	`3981`	`+ Filter: (rls_tbl_1.* >= '(1,1,1)'::record)`
	`3982`	`+(9 rows)`
	`3983`	`+`
	`3984`	`+INSERT INTO rls_tbl`
	`3985`	`+ SELECT * FROM (SELECT b, c FROM rls_tbl ORDER BY a) ss;`
	`3986`	`+SELECT * FROM rls_tbl;`
	`3987`	`+ a \| b \| c`
	`3988`	`+----+----+----`
	`3989`	`+ 10 \| 20 \| 30`
	`3990`	`+ 20 \| 30 \|`
	`3991`	`+(2 rows)`
	`3992`	`+`
	`3993`	`+DROP TABLE rls_tbl;`
	`3994`	`+RESET SESSION AUTHORIZATION;`
`3961`	`3995`	`--`
`3962`	`3996`	`-- Clean up objects`
`3963`	`3997`	`--`

`‎src/test/regress/sql/rowsecurity.sql`

Lines changed: 19 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1810,6 +1810,25 @@ DROP FUNCTION op_leak(int, int);`
`1810`	`1810`	`RESET SESSION AUTHORIZATION;`
`1811`	`1811`	`DROPTABLE rls_tbl;`
`1812`	`1812`
	`1813`	`+-- Bug #16006: whole-row Vars in a policy don't play nice with sub-selects`
	`1814`	`+SET SESSION AUTHORIZATION regress_rls_alice;`
	`1815`	`+CREATETABLErls_tbl (aint, bint, cint);`
	`1816`	`+CREATE POLICY p1ON rls_tbl USING (rls_tbl>= ROW(1,1,1));`
	`1817`	`+`
	`1818`	`+ALTERTABLE rls_tbl ENABLE ROW LEVEL SECURITY;`
	`1819`	`+ALTERTABLE rls_tbl FORCE ROW LEVEL SECURITY;`
	`1820`	`+`
	`1821`	`+INSERT INTO rls_tblSELECT10,20,30;`
	`1822`	`+EXPLAIN (VERBOSE, COSTS OFF)`
	`1823`	`+INSERT INTO rls_tbl`
	`1824`	`+SELECT*FROM (SELECT b, cFROM rls_tblORDER BY a) ss;`
	`1825`	`+INSERT INTO rls_tbl`
	`1826`	`+SELECT*FROM (SELECT b, cFROM rls_tblORDER BY a) ss;`
	`1827`	`+SELECT*FROM rls_tbl;`
	`1828`	`+`
	`1829`	`+DROPTABLE rls_tbl;`
	`1830`	`+RESET SESSION AUTHORIZATION;`
	`1831`	`+`
`1813`	`1832`	`--`
`1814`	`1833`	`-- Clean up objects`
`1815`	`1834`	`--`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit7f1f72c

File tree

2 files changed

2 files changed

`‎src/test/regress/expected/rowsecurity.out`

`‎src/test/regress/sql/rowsecurity.sql`

0 commit comments