NotificationsYou must be signed in to change notification settings
Fork28
Star151

Commit157dcf5

committed

Perform RLS subquery checks as the right user when going via a view.

When accessing a table with RLS via a view, the RLS checks areperformed as the view owner. However, the code neglected to propagatethat to any subqueries in the RLS checks. Fix that by callingsetRuleCheckAsUser() for all RLS policy quals and withCheckOptionchecks for RTEs with RLS.Back-patch to 9.5 where RLS was added.Per bug #15708 from daurnimator.Discussion:https://postgr.es/m/15708-d65cab2ce9b1717a@postgresql.org

1 parentab7590e commit157dcf5Copy full SHA for 157dcf5

File tree

3 files changed

+61

-0

lines changed

src
- backend/rewrite
  - rowsecurity.c
- test/regress
  - expected
    - rowsecurity.out
  - sql
    - rowsecurity.sql

3 files changed

+61

-0

lines changed

`‎src/backend/rewrite/rowsecurity.c`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,7 @@`
`47`	`47`	`#include"nodes/pg_list.h"`
`48`	`48`	`#include"nodes/plannodes.h"`
`49`	`49`	`#include"parser/parsetree.h"`
	`50`	`+#include"rewrite/rewriteDefine.h"`
`50`	`51`	`#include"rewrite/rewriteHandler.h"`
`51`	`52`	`#include"rewrite/rewriteManip.h"`
`52`	`53`	`#include"rewrite/rowsecurity.h"`
`@@ -381,6 +382,13 @@ get_row_security_policies(Query root, RangeTblEntry rte, int rt_index,`
`381`	`382`
`382`	`383`	`heap_close(rel,NoLock);`
`383`	`384`
	`385`	`+/*`
	`386`	`+ * Copy checkAsUser to the row security quals and WithCheckOption checks,`
	`387`	`+ * in case they contain any subqueries referring to other relations.`
	`388`	`+ */`
	`389`	`+setRuleCheckAsUser((Node)securityQuals,rte->checkAsUser);`
	`390`	`+setRuleCheckAsUser((Node)withCheckOptions,rte->checkAsUser);`
	`391`	`+`
`384`	`392`	`/*`
`385`	`393`	`* Mark this query as having row security, so plancache can invalidate it`
`386`	`394`	`* when necessary (eg: role changes)`

`‎src/test/regress/expected/rowsecurity.out`

Lines changed: 27 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -3911,6 +3911,33 @@ DROP OWNED BY regress_rls_dob_role1;`
`3911`	`3911`	`DROP POLICY p1 ON dob_t2; -- should succeed`
`3912`	`3912`	`DROP USER regress_rls_dob_role1;`
`3913`	`3913`	`DROP USER regress_rls_dob_role2;`
	`3914`	`+-- Bug #15708: view + table with RLS should check policies as view owner`
	`3915`	`+CREATE TABLE ref_tbl (a int);`
	`3916`	`+INSERT INTO ref_tbl VALUES (1);`
	`3917`	`+CREATE TABLE rls_tbl (a int);`
	`3918`	`+INSERT INTO rls_tbl VALUES (10);`
	`3919`	`+ALTER TABLE rls_tbl ENABLE ROW LEVEL SECURITY;`
	`3920`	`+CREATE POLICY p1 ON rls_tbl USING (EXISTS (SELECT 1 FROM ref_tbl));`
	`3921`	`+GRANT SELECT ON ref_tbl TO regress_rls_bob;`
	`3922`	`+GRANT SELECT ON rls_tbl TO regress_rls_bob;`
	`3923`	`+CREATE VIEW rls_view AS SELECT * FROM rls_tbl;`
	`3924`	`+ALTER VIEW rls_view OWNER TO regress_rls_bob;`
	`3925`	`+GRANT SELECT ON rls_view TO regress_rls_alice;`
	`3926`	`+SET SESSION AUTHORIZATION regress_rls_alice;`
	`3927`	`+SELECT * FROM ref_tbl; -- Permission denied`
	`3928`	`+ERROR: permission denied for table ref_tbl`
	`3929`	`+SELECT * FROM rls_tbl; -- Permission denied`
	`3930`	`+ERROR: permission denied for table rls_tbl`
	`3931`	`+SELECT * FROM rls_view; -- OK`
	`3932`	`+ a`
	`3933`	`+----`
	`3934`	`+ 10`
	`3935`	`+(1 row)`
	`3936`	`+`
	`3937`	`+RESET SESSION AUTHORIZATION;`
	`3938`	`+DROP VIEW rls_view;`
	`3939`	`+DROP TABLE rls_tbl;`
	`3940`	`+DROP TABLE ref_tbl;`
`3914`	`3941`	`--`
`3915`	`3942`	`-- Clean up objects`
`3916`	`3943`	`--`

`‎src/test/regress/sql/rowsecurity.sql`

Lines changed: 26 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1767,6 +1767,32 @@ DROP POLICY p1 ON dob_t2; -- should succeed`
`1767`	`1767`	`DROPUSER regress_rls_dob_role1;`
`1768`	`1768`	`DROPUSER regress_rls_dob_role2;`
`1769`	`1769`
	`1770`	`+-- Bug #15708: view + table with RLS should check policies as view owner`
	`1771`	`+CREATETABLEref_tbl (aint);`
	`1772`	`+INSERT INTO ref_tblVALUES (1);`
	`1773`	`+`
	`1774`	`+CREATETABLErls_tbl (aint);`
	`1775`	`+INSERT INTO rls_tblVALUES (10);`
	`1776`	`+ALTERTABLE rls_tbl ENABLE ROW LEVEL SECURITY;`
	`1777`	`+CREATE POLICY p1ON rls_tbl USING (EXISTS (SELECT1FROM ref_tbl));`
	`1778`	`+`
	`1779`	`+GRANTSELECTON ref_tbl TO regress_rls_bob;`
	`1780`	`+GRANTSELECTON rls_tbl TO regress_rls_bob;`
	`1781`	`+`
	`1782`	`+CREATEVIEWrls_viewASSELECT*FROM rls_tbl;`
	`1783`	`+ALTERVIEW rls_view OWNER TO regress_rls_bob;`
	`1784`	`+GRANTSELECTON rls_view TO regress_rls_alice;`
	`1785`	`+`
	`1786`	`+SET SESSION AUTHORIZATION regress_rls_alice;`
	`1787`	`+SELECT*FROM ref_tbl;-- Permission denied`
	`1788`	`+SELECT*FROM rls_tbl;-- Permission denied`
	`1789`	`+SELECT*FROM rls_view;-- OK`
	`1790`	`+RESET SESSION AUTHORIZATION;`
	`1791`	`+`
	`1792`	`+DROPVIEW rls_view;`
	`1793`	`+DROPTABLE rls_tbl;`
	`1794`	`+DROPTABLE ref_tbl;`
	`1795`	`+`
`1770`	`1796`	`--`
`1771`	`1797`	`-- Clean up objects`
`1772`	`1798`	`--`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit157dcf5

File tree

3 files changed

3 files changed

`‎src/backend/rewrite/rowsecurity.c`

`‎src/test/regress/expected/rowsecurity.out`

`‎src/test/regress/sql/rowsecurity.sql`

0 commit comments