NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitb54cff2

committed

Fix usage of whole-row variables in WCO and RLS policy expressions.

Since WITH CHECK OPTION was introduced, ExecInitModifyTable hasinitialized WCO expressions with the wrong plan node as parent -- that is,it passed its input subplan not the ModifyTable node itself. Up to nowwe thought this was harmless, but bug #16006 from Vinay Banakar shows it'snot: if the input node is a SubqueryScan then ExecInitWholeRowVar can getconfused into doing the wrong thing. (The fact that ExecInitWholeRowVarcontains such logic is certainly a horrid kluge that doesn't deserve tolive, but figuring out another way to do that is a task for some other day.)Andres had already noticed the wrong-parent mistake and fixed it in commit148e632, but not being aware of any user-visible consequences, he quitereasonably didn't back-patch. This patch is simply a back-patch of148e632, plus addition of a test case based on bug #16006. I also addedthe test case to v12/HEAD, even though the bug is already fixed there.Back-patch to all supported branches. 9.4 lacks RLS policies so thenew test case doesn't work there, but I'm pretty sure a test could bedevised based on using a whole-row Var in a plain WITH CHECK OPTIONcondition. (I lack the cycles to do so myself, though.)Andres Freund and Tom LaneDiscussion:https://postgr.es/m/16006-99290d2e4642cbd5@postgresql.orgDiscussion:https://postgr.es/m/20181205225213.hiwa3kgoxeybqcqv@alap3.anarazel.de

1 parent603a28b commitb54cff2Copy full SHA for b54cff2

File tree

4 files changed

+68

-15

lines changed

src
- backend/executor
  - nodeModifyTable.c
- test/regress
  - expected
    - rowsecurity.out
    - updatable_views.out
  - sql
    - rowsecurity.sql

4 files changed

+68

-15

lines changed

`‎src/backend/executor/nodeModifyTable.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1988,7 +1988,7 @@ ExecInitModifyTable(ModifyTable node, EState estate, int eflags)`
`1988`	`1988`	`{`
`1989`	`1989`	`WithCheckOptionwco= (WithCheckOption)lfirst(ll);`
`1990`	`1990`	`ExprStatewcoExpr=ExecInitQual((List)wco->qual,`
`1991`		`-mtstate->mt_plans[i]);`
	`1991`	`+&mtstate->ps);`
`1992`	`1992`
`1993`	`1993`	`wcoExprs=lappend(wcoExprs,wcoExpr);`
`1994`	`1994`	`}`

`‎src/test/regress/expected/rowsecurity.out`

Lines changed: 34 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -3959,6 +3959,40 @@ DROP OPERATOR <<< (int, int);`
`3959`	`3959`	`DROP FUNCTION op_leak(int, int);`
`3960`	`3960`	`RESET SESSION AUTHORIZATION;`
`3961`	`3961`	`DROP TABLE rls_tbl;`
	`3962`	`+-- Bug #16006: whole-row Vars in a policy don't play nice with sub-selects`
	`3963`	`+SET SESSION AUTHORIZATION regress_rls_alice;`
	`3964`	`+CREATE TABLE rls_tbl (a int, b int, c int);`
	`3965`	`+CREATE POLICY p1 ON rls_tbl USING (rls_tbl >= ROW(1,1,1));`
	`3966`	`+ALTER TABLE rls_tbl ENABLE ROW LEVEL SECURITY;`
	`3967`	`+ALTER TABLE rls_tbl FORCE ROW LEVEL SECURITY;`
	`3968`	`+INSERT INTO rls_tbl SELECT 10, 20, 30;`
	`3969`	`+EXPLAIN (VERBOSE, COSTS OFF)`
	`3970`	`+INSERT INTO rls_tbl`
	`3971`	`+ SELECT * FROM (SELECT b, c FROM rls_tbl ORDER BY a) ss;`
	`3972`	`+ QUERY PLAN`
	`3973`	`+--------------------------------------------------------------------`
	`3974`	`+ Insert on regress_rls_schema.rls_tbl`
	`3975`	`+ -> Subquery Scan on ss`
	`3976`	`+ Output: ss.b, ss.c, NULL::integer`
	`3977`	`+ -> Sort`
	`3978`	`+ Output: rls_tbl_1.b, rls_tbl_1.c, rls_tbl_1.a`
	`3979`	`+ Sort Key: rls_tbl_1.a`
	`3980`	`+ -> Seq Scan on regress_rls_schema.rls_tbl rls_tbl_1`
	`3981`	`+ Output: rls_tbl_1.b, rls_tbl_1.c, rls_tbl_1.a`
	`3982`	`+ Filter: (rls_tbl_1.* >= ROW(1, 1, 1))`
	`3983`	`+(9 rows)`
	`3984`	`+`
	`3985`	`+INSERT INTO rls_tbl`
	`3986`	`+ SELECT * FROM (SELECT b, c FROM rls_tbl ORDER BY a) ss;`
	`3987`	`+SELECT * FROM rls_tbl;`
	`3988`	`+ a \| b \| c`
	`3989`	`+----+----+----`
	`3990`	`+ 10 \| 20 \| 30`
	`3991`	`+ 20 \| 30 \|`
	`3992`	`+(2 rows)`
	`3993`	`+`
	`3994`	`+DROP TABLE rls_tbl;`
	`3995`	`+RESET SESSION AUTHORIZATION;`
`3962`	`3996`	`--`
`3963`	`3997`	`-- Clean up objects`
`3964`	`3998`	`--`

`‎src/test/regress/expected/updatable_views.out`

Lines changed: 14 additions & 14 deletions

Original file line number	Diff line number	Diff line change
`@@ -1658,31 +1658,31 @@ UPDATE rw_view1 SET a = a + 5; -- should fail`
`1658`	`1658`	`ERROR: new row violates check option for view "rw_view1"`
`1659`	`1659`	`DETAIL: Failing row contains (15).`
`1660`	`1660`	`EXPLAIN (costs off) INSERT INTO rw_view1 VALUES (5);`
`1661`		`-QUERY PLAN`
`1662`		`----------------------------------------------------------------`
	`1661`	`+ QUERY PLAN`
	`1662`	`+---------------------------------------------------------`
`1663`	`1663`	`Insert on base_tbl b`
`1664`	`1664`	`-> Result`
`1665`		`-SubPlan 1`
`1666`		`--> Index Only Scan using ref_tbl_pkey on ref_tbl r`
`1667`		`-Index Cond: (a = b.a)`
`1668`		`-SubPlan 2`
`1669`		`--> Seq Scan on ref_tbl r_1`
	`1665`	`+ SubPlan 1`
	`1666`	`+ -> Index Only Scan using ref_tbl_pkey on ref_tbl r`
	`1667`	`+ Index Cond: (a = b.a)`
	`1668`	`+ SubPlan 2`
	`1669`	`+ -> Seq Scan on ref_tbl r_1`
`1670`	`1670`	`(7 rows)`
`1671`	`1671`
`1672`	`1672`	`EXPLAIN (costs off) UPDATE rw_view1 SET a = a + 5;`
`1673`		`-QUERY PLAN`
`1674`		`------------------------------------------------------------------`
	`1673`	`+ QUERY PLAN`
	`1674`	`+-----------------------------------------------------------`
`1675`	`1675`	`Update on base_tbl b`
`1676`	`1676`	`-> Hash Join`
`1677`	`1677`	`Hash Cond: (b.a = r.a)`
`1678`	`1678`	`-> Seq Scan on base_tbl b`
`1679`	`1679`	`-> Hash`
`1680`	`1680`	`-> Seq Scan on ref_tbl r`
`1681`		`-SubPlan 1`
`1682`		`--> Index Only Scan using ref_tbl_pkey on ref_tbl r_1`
`1683`		`-Index Cond: (a = b.a)`
`1684`		`-SubPlan 2`
`1685`		`--> Seq Scan on ref_tbl r_2`
	`1681`	`+ SubPlan 1`
	`1682`	`+ -> Index Only Scan using ref_tbl_pkey on ref_tbl r_1`
	`1683`	`+ Index Cond: (a = b.a)`
	`1684`	`+ SubPlan 2`
	`1685`	`+ -> Seq Scan on ref_tbl r_2`
`1686`	`1686`	`(11 rows)`
`1687`	`1687`
`1688`	`1688`	`DROP TABLE base_tbl, ref_tbl CASCADE;`

`‎src/test/regress/sql/rowsecurity.sql`

Lines changed: 19 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1813,6 +1813,25 @@ DROP FUNCTION op_leak(int, int);`
`1813`	`1813`	`RESET SESSION AUTHORIZATION;`
`1814`	`1814`	`DROPTABLE rls_tbl;`
`1815`	`1815`
	`1816`	`+-- Bug #16006: whole-row Vars in a policy don't play nice with sub-selects`
	`1817`	`+SET SESSION AUTHORIZATION regress_rls_alice;`
	`1818`	`+CREATETABLErls_tbl (aint, bint, cint);`
	`1819`	`+CREATE POLICY p1ON rls_tbl USING (rls_tbl>= ROW(1,1,1));`
	`1820`	`+`
	`1821`	`+ALTERTABLE rls_tbl ENABLE ROW LEVEL SECURITY;`
	`1822`	`+ALTERTABLE rls_tbl FORCE ROW LEVEL SECURITY;`
	`1823`	`+`
	`1824`	`+INSERT INTO rls_tblSELECT10,20,30;`
	`1825`	`+EXPLAIN (VERBOSE, COSTS OFF)`
	`1826`	`+INSERT INTO rls_tbl`
	`1827`	`+SELECT*FROM (SELECT b, cFROM rls_tblORDER BY a) ss;`
	`1828`	`+INSERT INTO rls_tbl`
	`1829`	`+SELECT*FROM (SELECT b, cFROM rls_tblORDER BY a) ss;`
	`1830`	`+SELECT*FROM rls_tbl;`
	`1831`	`+`
	`1832`	`+DROPTABLE rls_tbl;`
	`1833`	`+RESET SESSION AUTHORIZATION;`
	`1834`	`+`
`1816`	`1835`	`--`
`1817`	`1836`	`-- Clean up objects`
`1818`	`1837`	`--`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitb54cff2

File tree

4 files changed

4 files changed

`‎src/backend/executor/nodeModifyTable.c`

`‎src/test/regress/expected/rowsecurity.out`

`‎src/test/regress/expected/updatable_views.out`

`‎src/test/regress/sql/rowsecurity.sql`

0 commit comments