NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitfd49612

committed

Clean up some mess in row-security patches.

Fix unsafe coding around PG_TRY in RelationBuildRowSecurity: can't changea variable inside PG_TRY and then use it in PG_CATCH without marking it"volatile". In this case though it seems saner to avoid that by doinga single assignment before entering the TRY block.I started out just intending to fix that, but the more I looked at therow-security code the more distressed I got. This patch also fixesincorrect construction of the RowSecurityPolicy cache entries (there wasnot sufficient care taken to copy pass-by-ref data into the cache memorycontext) and a whole bunch of sloppiness around the definition and use ofpg_policy.polcmd. You can't use nulls in that column because initdb willmark it NOT NULL --- and I see no particular reason why a null entry wouldbe a good idea anyway, so changing initdb's behavior is not the rightanswer. The internal value of '\0' wouldn't be suitable in a "char" columneither, so after a bit of thought I settled on using '*' to represent ALL.Chasing those changes down also revealed that somebody wasn't payingattention to what the underlying values of ACL_UPDATE_CHR etc really were,and there was a great deal of lackadaiscalness in the catalogs.sgmldocumentation for pg_policy and pg_policies too.This doesn't pretend to be a complete code review for the row-securitystuff, it just fixes the things that were in my face while dealing withthe bugs in RelationBuildRowSecurity.

1 parentf8a4dd2 commitfd49612Copy full SHA for fd49612

File tree

11 files changed

+241

-236

lines changed

doc/src/sgml
- catalogs.sgml
src
- backend
  - catalog
    - system_views.sql
  - commands
    - policy.c
  - rewrite
    - rowsecurity.c
  - utils/cache
    - relcache.c
- bin
  - pg_dump
    - pg_dump.c
  - psql
    - describe.c
- include
  - catalog
    - catversion.h
    - pg_policy.h
  - rewrite
    - rowsecurity.h
- test/regress/expected
  - rules.out

11 files changed

+241

-236

lines changed

`‎doc/src/sgml/catalogs.sgml`

Lines changed: 115 additions & 111 deletions

Original file line number	Diff line number	Diff line change
`@@ -218,6 +218,11 @@`
`218`	`218`	`<entry>template data for procedural languages</entry>`
`219`	`219`	`</row>`
`220`	`220`
	`221`	`+ <row>`
	`222`	`+ <entry><link linkend="catalog-pg-policy"><structname>pg_policy</structname></link></entry>`
	`223`	`+ <entry>row-security policies</entry>`
	`224`	`+ </row>`
	`225`	`+`
`221`	`226`	`<row>`
`222`	`227`	`<entry><link linkend="catalog-pg-proc"><structname>pg_proc</structname></link></entry>`
`223`	`228`	`<entry>functions and procedures</entry>`
`@@ -238,11 +243,6 @@`
`238`	`243`	`<entry>replication slot information</entry>`
`239`	`244`	`</row>`
`240`	`245`
`241`		`- <row>`
`242`		`- <entry><link linkend="catalog-pg-policy"><structname>pg_policy</structname></link></entry>`
`243`		`- <entry>table policies</entry>`
`244`		`- </row>`
`245`		`-`
`246`	`246`	`<row>`
`247`	`247`	`<entry><link linkend="catalog-pg-seclabel"><structname>pg_seclabel</structname></link></entry>`
`248`	`248`	`<entry>security labels on database objects</entry>`
`@@ -1940,20 +1940,20 @@`
`1940`	`1940`	`</row>`
`1941`	`1941`
`1942`	`1942`	`<row>`
`1943`		`- <entry><structfield>relrowsecurity</structfield></entry>`
	`1943`	`+ <entry><structfield>relhassubclass</structfield></entry>`
`1944`	`1944`	`<entry><type>bool</type></entry>`
`1945`	`1945`	`<entry></entry>`
`1946`		`- <entry>`
`1947`		`- True if table has row level security enabled; see`
`1948`		`- <link linkend="catalog-pg-policy"><structname>pg_policy</structname></link> catalog`
`1949`		`- </entry>`
	`1946`	`+ <entry>True if table has (or once had) any inheritance children</entry>`
`1950`	`1947`	`</row>`
`1951`	`1948`
`1952`	`1949`	`<row>`
`1953`		`- <entry><structfield>relhassubclass</structfield></entry>`
	`1950`	`+ <entry><structfield>relrowsecurity</structfield></entry>`
`1954`	`1951`	`<entry><type>bool</type></entry>`
`1955`	`1952`	`<entry></entry>`
`1956`		`- <entry>True if table has (or once had) any inheritance children</entry>`
	`1953`	`+ <entry>`
	`1954`	`+ True if table has row-level security enabled; see`
	`1955`	`+ <link linkend="catalog-pg-policy"><structname>pg_policy</structname></link> catalog`
	`1956`	`+ </entry>`
`1957`	`1957`	`</row>`
`1958`	`1958`
`1959`	`1959`	`<row>`
`@@ -4711,6 +4711,98 @@`
`4711`	`4711`
`4712`	`4712`	`</sect1>`
`4713`	`4713`
	`4714`	`+ <sect1 id="catalog-pg-policy">`
	`4715`	`+ <title><structname>pg_policy</structname></title>`
	`4716`	`+`
	`4717`	`+ <indexterm zone="catalog-pg-policy">`
	`4718`	`+ <primary>pg_policy</primary>`
	`4719`	`+ </indexterm>`
	`4720`	`+`
	`4721`	`+ <para>`
	`4722`	`+ The catalog <structname>pg_policy</structname> stores row-level`
	`4723`	`+ security policies for tables. A policy includes the kind of`
	`4724`	`+ command that it applies to (possibly all commands), the roles that it`
	`4725`	`+ applies to, the expression to be added as a security-barrier`
	`4726`	`+ qualification to queries that include the table, and the expression`
	`4727`	`+ to be added as a <literal>WITH CHECK</> option for queries that attempt to`
	`4728`	`+ add new records to the table.`
	`4729`	`+ </para>`
	`4730`	`+`
	`4731`	`+ <table>`
	`4732`	`+`
	`4733`	`+ <title><structname>pg_policy</structname> Columns</title>`
	`4734`	`+`
	`4735`	`+ <tgroup cols="4">`
	`4736`	`+ <thead>`
	`4737`	`+ <row>`
	`4738`	`+ <entry>Name</entry>`
	`4739`	`+ <entry>Type</entry>`
	`4740`	`+ <entry>References</entry>`
	`4741`	`+ <entry>Description</entry>`
	`4742`	`+ </row>`
	`4743`	`+ </thead>`
	`4744`	`+`
	`4745`	`+ <tbody>`
	`4746`	`+ <row>`
	`4747`	`+ <entry><structfield>polname</structfield></entry>`
	`4748`	`+ <entry><type>name</type></entry>`
	`4749`	`+ <entry></entry>`
	`4750`	`+ <entry>The name of the policy</entry>`
	`4751`	`+ </row>`
	`4752`	`+`
	`4753`	`+ <row>`
	`4754`	`+ <entry><structfield>polrelid</structfield></entry>`
	`4755`	`+ <entry><type>oid</type></entry>`
	`4756`	`+ <entry><literal><link linkend="catalog-pg-class"><structname>pg_class</structname></link>.oid</literal></entry>`
	`4757`	`+ <entry>The table to which the policy applies</entry>`
	`4758`	`+ </row>`
	`4759`	`+`
	`4760`	`+ <row>`
	`4761`	`+ <entry><structfield>polcmd</structfield></entry>`
	`4762`	`+ <entry><type>char</type></entry>`
	`4763`	`+ <entry></entry>`
	`4764`	`+ <entry>The command type to which the policy is applied:`
	`4765`	`+ <literal>r</> for <command>SELECT</>,`
	`4766`	`+ <literal>a</> for <command>INSERT</>,`
	`4767`	`+ <literal>w</> for <command>UPDATE</>,`
	`4768`	`+ <literal>d</> for <command>DELETE</>,`
	`4769`	`+ or <literal>*</> for all</entry>`
	`4770`	`+ </row>`
	`4771`	`+`
	`4772`	`+ <row>`
	`4773`	`+ <entry><structfield>polroles</structfield></entry>`
	`4774`	`+ <entry><type>oid[]</type></entry>`
	`4775`	`+ <entry><literal><link linkend="catalog-pg-authid"><structname>pg_authid</structname></link>.oid</literal></entry>`
	`4776`	`+ <entry>The roles to which the policy is applied</entry>`
	`4777`	`+ </row>`
	`4778`	`+`
	`4779`	`+ <row>`
	`4780`	`+ <entry><structfield>polqual</structfield></entry>`
	`4781`	`+ <entry><type>pg_node_tree</type></entry>`
	`4782`	`+ <entry></entry>`
	`4783`	`+ <entry>The expression tree to be added to the security barrier qualifications for queries that use the table</entry>`
	`4784`	`+ </row>`
	`4785`	`+`
	`4786`	`+ <row>`
	`4787`	`+ <entry><structfield>polwithcheck</structfield></entry>`
	`4788`	`+ <entry><type>pg_node_tree</type></entry>`
	`4789`	`+ <entry></entry>`
	`4790`	`+ <entry>The expression tree to be added to the WITH CHECK qualifications for queries that attempt to add rows to the table</entry>`
	`4791`	`+ </row>`
	`4792`	`+`
	`4793`	`+ </tbody>`
	`4794`	`+ </tgroup>`
	`4795`	`+ </table>`
	`4796`	`+`
	`4797`	`+ <note>`
	`4798`	`+ <para>`
	`4799`	`+ Policies stored in <structname>pg_policy</> are applied only when`
	`4800`	`+ <structname>pg_class</>.<structfield>relrowsecurity</> is set for`
	`4801`	`+ their table.`
	`4802`	`+ </para>`
	`4803`	`+ </note>`
	`4804`	`+`
	`4805`	`+ </sect1>`
`4714`	`4806`
`4715`	`4807`	`<sect1 id="catalog-pg-proc">`
`4716`	`4808`	`<title><structname>pg_proc</structname></title>`
`@@ -5342,94 +5434,6 @@`
`5342`	`5434`	`</table>`
`5343`	`5435`	`</sect1>`
`5344`	`5436`
`5345`		`- <sect1 id="catalog-pg-policy">`
`5346`		`- <title><structname>pg_policy</structname></title>`
`5347`		`-`
`5348`		`- <indexterm zone="catalog-pg-policy">`
`5349`		`- <primary>pg_policy</primary>`
`5350`		`- </indexterm>`
`5351`		`-`
`5352`		`- <para>`
`5353`		`- The catalog <structname>pg_policy</structname> stores row-level`
`5354`		`- security policies for each table. A policy includes the kind of`
`5355`		`- command which it applies to (or all commands), the roles which it`
`5356`		`- applies to, the expression to be added as a security-barrier`
`5357`		`- qualification to queries which include the table and the expression`
`5358`		`- to be added as a with-check option for queries which attempt to add`
`5359`		`- new records to the table.`
`5360`		`- </para>`
`5361`		`-`
`5362`		`- <table>`
`5363`		`-`
`5364`		`- <title><structname>pg_policy</structname> Columns</title>`
`5365`		`-`
`5366`		`- <tgroup cols="4">`
`5367`		`- <thead>`
`5368`		`- <row>`
`5369`		`- <entry>Name</entry>`
`5370`		`- <entry>Type</entry>`
`5371`		`- <entry>References</entry>`
`5372`		`- <entry>Description</entry>`
`5373`		`- </row>`
`5374`		`- </thead>`
`5375`		`-`
`5376`		`- <tbody>`
`5377`		`- <row>`
`5378`		`- <entry><structfield>polname</structfield></entry>`
`5379`		`- <entry><type>name</type></entry>`
`5380`		`- <entry></entry>`
`5381`		`- <entry>The name of the policy</entry>`
`5382`		`- </row>`
`5383`		`-`
`5384`		`- <row>`
`5385`		`- <entry><structfield>polrelid</structfield></entry>`
`5386`		`- <entry><type>oid</type></entry>`
`5387`		`- <entry><literal><link linkend="catalog-pg-class"><structname>pg_class</structname></link>.oid</literal></entry>`
`5388`		`- <entry>The table to which the policy belongs</entry>`
`5389`		`- </row>`
`5390`		`-`
`5391`		`- <row>`
`5392`		`- <entry><structfield>polcmd</structfield></entry>`
`5393`		`- <entry><type>char</type></entry>`
`5394`		`- <entry></entry>`
`5395`		`- <entry>The command type to which the policy is applied.</entry>`
`5396`		`- </row>`
`5397`		`-`
`5398`		`- <row>`
`5399`		`- <entry><structfield>polroles</structfield></entry>`
`5400`		`- <entry><type>char</type></entry>`
`5401`		`- <entry></entry>`
`5402`		`- <entry>The roles to which the policy is applied.</entry>`
`5403`		`- </row>`
`5404`		`-`
`5405`		`- <row>`
`5406`		`- <entry><structfield>polqual</structfield></entry>`
`5407`		`- <entry><type>pg_node_tree</type></entry>`
`5408`		`- <entry></entry>`
`5409`		`- <entry>The expression tree to be added to the security barrier qualifications for queries which use the table.</entry>`
`5410`		`- </row>`
`5411`		`-`
`5412`		`- <row>`
`5413`		`- <entry><structfield>polwithcheck</structfield></entry>`
`5414`		`- <entry><type>pg_node_tree</type></entry>`
`5415`		`- <entry></entry>`
`5416`		`- <entry>The expression tree to be added to the with check qualifications for queries which attempt to add rows to the table.</entry>`
`5417`		`- </row>`
`5418`		`-`
`5419`		`- </tbody>`
`5420`		`- </tgroup>`
`5421`		`- </table>`
`5422`		`-`
`5423`		`- <note>`
`5424`		`- <para>`
`5425`		`- <literal>pg_class.relrowsecurity</literal>`
`5426`		`- True if the table has row security enabled. Policies will not be applied`
`5427`		`- unless row security is enabled on the table.`
`5428`		`- </para>`
`5429`		`- </note>`
`5430`		`-`
`5431`		`- </sect1>`
`5432`		`-`
`5433`	`5437`	`<sect1 id="catalog-pg-seclabel">`
`5434`	`5438`	`<title><structname>pg_seclabel</structname></title>`
`5435`	`5439`
`@@ -8166,7 +8170,7 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx`
`8166`	`8170`
`8167`	`8171`	`<para>`
`8168`	`8172`	`The view <structname>pg_policies</structname> provides access to`
`8169`		`- useful information about each policy in the database.`
	`8173`	`+ useful information about eachrow-level securitypolicy in the database.`
`8170`	`8174`	`</para>`
`8171`	`8175`
`8172`	`8176`	`<table>`
`@@ -8197,34 +8201,34 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx`
`8197`	`8201`	`<row>`
`8198`	`8202`	`<entry><structfield>policyname</structfield></entry>`
`8199`	`8203`	`<entry><type>name</type></entry>`
`8200`		`- <entry><literal><link linkend="catalog-pg-class"><structname>pg_class</structname></link>.relname</literal></entry>`
	`8204`	`+ <entry><literal><link linkend="catalog-pg-policy"><structname>pg_policy</structname></link>.polname</literal></entry>`
`8201`	`8205`	`<entry>Name of policy</entry>`
`8202`	`8206`	`</row>`
`8203`	`8207`	`<row>`
`8204`		`- <entry><structfield>cmd</structfield></entry>`
`8205`		`- <entry><type>text</type></entry>`
	`8208`	`+ <entry><structfield>roles</structfield></entry>`
	`8209`	`+ <entry><type>name[]</type></entry>`
`8206`	`8210`	`<entry></entry>`
`8207`		`- <entry>Thecommand typeto whichthe policyis applied.</entry>`
	`8211`	`+ <entry>Therolesto whichthis policyapplies</entry>`
`8208`	`8212`	`</row>`
`8209`	`8213`	`<row>`
`8210`		`- <entry><structfield>roles</structfield></entry>`
`8211`		`- <entry><type>name[]</type></entry>`
	`8214`	`+ <entry><structfield>cmd</structfield></entry>`
	`8215`	`+ <entry><type>text</type></entry>`
`8212`	`8216`	`<entry></entry>`
`8213`		`- <entry>Therolesto whichthis policyapplies.</entry>`
	`8217`	`+ <entry>Thecommand typeto whichthe policyis applied</entry>`
`8214`	`8218`	`</row>`
`8215`	`8219`	`<row>`
`8216`	`8220`	`<entry><structfield>qual</structfield></entry>`
`8217`	`8221`	`<entry><type>text</type></entry>`
`8218`	`8222`	`<entry></entry>`
`8219`	`8223`	`<entry>The expression added to the security barrier qualifications for`
`8220`		`- querieswhich this policy applies to.</entry>`
	`8224`	`+ queriesthat this policy applies to</entry>`
`8221`	`8225`	`</row>`
`8222`	`8226`	`<row>`
`8223`	`8227`	`<entry><structfield>with_check</structfield></entry>`
`8224`	`8228`	`<entry><type>text</type></entry>`
`8225`	`8229`	`<entry></entry>`
`8226`		`- <entry>The expression added to thewith check qualifications for`
`8227`		`- querieswhich attempt to add rows to this table.</entry>`
	`8230`	`+ <entry>The expression added to theWITH CHECK qualifications for`
	`8231`	`+ queriesthat attempt to add rows to this table</entry>`
`8228`	`8232`	`</row>`
`8229`	`8233`	`</tbody>`
`8230`	`8234`	`</tgroup>`

`‎src/backend/catalog/system_views.sql`

Lines changed: 6 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -79,13 +79,12 @@ CREATE VIEW pg_policies AS`
`79`	`79`	`WHEREoid= ANY (pol.polroles)ORDER BY1`
`80`	`80`	`)`
`81`	`81`	`ENDAS roles,`
`82`		`- CASE WHENpol.polcmd ISNULL THEN'ALL' ELSE`
`83`		`- CASEpol.polcmd`
`84`		`- WHEN'r' THEN'SELECT'`
`85`		`- WHEN'a' THEN'INSERT'`
`86`		`- WHEN'u' THEN'UPDATE'`
`87`		`- WHEN'd' THEN'DELETE'`
`88`		`- END`
	`82`	`+ CASEpol.polcmd`
	`83`	`+ WHEN'r' THEN'SELECT'`
	`84`	`+ WHEN'a' THEN'INSERT'`
	`85`	`+ WHEN'w' THEN'UPDATE'`
	`86`	`+ WHEN'd' THEN'DELETE'`
	`87`	`+ WHEN'*' THEN'ALL'`
`89`	`88`	`ENDAS cmd,`
`90`	`89`	`pg_catalog.pg_get_expr(pol.polqual,pol.polrelid)AS qual,`
`91`	`90`	`pg_catalog.pg_get_expr(pol.polwithcheck,pol.polrelid)AS with_check`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitfd49612

File tree

11 files changed

11 files changed

`‎doc/src/sgml/catalogs.sgml`

`‎src/backend/catalog/system_views.sql`

0 commit comments