Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commit7f11724

Browse files
committed
Remove the SECURITY_ROW_LEVEL_DISABLED security context bit.
This commit's parent made superfluous the bit's sole usage. Referentialintegrity checks have long run as the subject table's owner, and thatnow implies RLS bypass. Safe use of the bit was tricky, requiringstrict control over the SQL expressions evaluating therein. Back-patchto 9.5, where the bit was introduced.Based on a patch by Stephen Frost.
1 parent537bd17 commit7f11724

File tree

6 files changed

+4
-49
lines changed

6 files changed

+4
-49
lines changed

‎src/backend/utils/adt/ri_triggers.c

Lines changed: 1 addition & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -2970,7 +2970,6 @@ ri_PlanCheck(const char *querystr, int nargs, Oid *argtypes,
29702970
Relationquery_rel;
29712971
Oidsave_userid;
29722972
intsave_sec_context;
2973-
inttemp_sec_context;
29742973

29752974
/*
29762975
* Use the query type code to determine whether the query is run against
@@ -2983,22 +2982,8 @@ ri_PlanCheck(const char *querystr, int nargs, Oid *argtypes,
29832982

29842983
/* Switch to proper UID to perform check as */
29852984
GetUserIdAndSecContext(&save_userid,&save_sec_context);
2986-
2987-
/*
2988-
* Row-level security should be disabled in the case where a foreign-key
2989-
* relation is queried to check existence of tuples that references the
2990-
* primary-key being modified.
2991-
*/
2992-
temp_sec_context=save_sec_context |SECURITY_LOCAL_USERID_CHANGE;
2993-
if (qkey->constr_queryno==RI_PLAN_CHECK_LOOKUPPK
2994-
||qkey->constr_queryno==RI_PLAN_CHECK_LOOKUPPK_FROM_PK
2995-
||qkey->constr_queryno==RI_PLAN_RESTRICT_DEL_CHECKREF
2996-
||qkey->constr_queryno==RI_PLAN_RESTRICT_UPD_CHECKREF)
2997-
temp_sec_context |=SECURITY_ROW_LEVEL_DISABLED;
2998-
2999-
30002985
SetUserIdAndSecContext(RelationGetForm(query_rel)->relowner,
3001-
temp_sec_context);
2986+
save_sec_context |SECURITY_LOCAL_USERID_CHANGE);
30022987

30032988
/* Create the plan */
30042989
qplan=SPI_prepare(querystr,nargs,argtypes);

‎src/backend/utils/cache/plancache.c

Lines changed: 2 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -204,7 +204,6 @@ CreateCachedPlan(Node *raw_parse_tree,
204204
plansource->total_custom_cost=0;
205205
plansource->num_custom_plans=0;
206206
plansource->hasRowSecurity= false;
207-
plansource->rowSecurityDisabled=InRowLevelSecurityDisabled();
208207
plansource->row_security_env=row_security;
209208
plansource->planUserId=InvalidOid;
210209

@@ -601,17 +600,10 @@ RevalidateCachedQuery(CachedPlanSource *plansource)
601600
}
602601

603602
/*
604-
* Check if row security is enabled for this query and things have changed
605-
* such that we need to invalidate this plan and rebuild it. Note that if
606-
* row security was explicitly disabled (eg: this is a FK check plan) then
607-
* we don't invalidate due to RLS.
608-
*
609-
* Otherwise, if the plan has a possible RLS dependency, force a replan if
610-
* either the role under which the plan was planned or the row_security
611-
* setting has been changed.
603+
* If the plan has a possible RLS dependency, force a replan if either the
604+
* role or the row_security setting has changed.
612605
*/
613606
if (plansource->is_valid
614-
&& !plansource->rowSecurityDisabled
615607
&&plansource->hasRowSecurity
616608
&& (plansource->planUserId!=GetUserId()
617609
||plansource->row_security_env!=row_security))

‎src/backend/utils/init/miscinit.c

Lines changed: 1 addition & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -341,7 +341,7 @@ GetAuthenticatedUserId(void)
341341
* GetUserIdAndSecContext/SetUserIdAndSecContext - get/set the current user ID
342342
* and the SecurityRestrictionContext flags.
343343
*
344-
* Currently there arethree valid bits in SecurityRestrictionContext:
344+
* Currently there aretwo valid bits in SecurityRestrictionContext:
345345
*
346346
* SECURITY_LOCAL_USERID_CHANGE indicates that we are inside an operation
347347
* that is temporarily changing CurrentUserId via these functions. This is
@@ -359,9 +359,6 @@ GetAuthenticatedUserId(void)
359359
* where the called functions are really supposed to be side-effect-free
360360
* anyway, such as VACUUM/ANALYZE/REINDEX.
361361
*
362-
* SECURITY_ROW_LEVEL_DISABLED indicates that we are inside an operation that
363-
* needs to bypass row level security checks, for example FK checks.
364-
*
365362
* Unlike GetUserId, GetUserIdAndSecContext does *not* Assert that the current
366363
* value of CurrentUserId is valid; nor does SetUserIdAndSecContext require
367364
* the new value to be valid. In fact, these routines had better not
@@ -404,15 +401,6 @@ InSecurityRestrictedOperation(void)
404401
return (SecurityRestrictionContext&SECURITY_RESTRICTED_OPERATION)!=0;
405402
}
406403

407-
/*
408-
* InRowLevelSecurityDisabled - are we inside a RLS-disabled operation?
409-
*/
410-
bool
411-
InRowLevelSecurityDisabled(void)
412-
{
413-
return (SecurityRestrictionContext&SECURITY_ROW_LEVEL_DISABLED)!=0;
414-
}
415-
416404

417405
/*
418406
* These are obsolete versions of Get/SetUserIdAndSecContext that are

‎src/backend/utils/misc/rls.c

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -63,13 +63,6 @@ check_enable_rls(Oid relid, Oid checkAsUser, bool noError)
6363
if (relid<FirstNormalObjectId)
6464
returnRLS_NONE;
6565

66-
/*
67-
* Check if we have been told to explicitly skip RLS (perhaps because this
68-
* is a foreign key check)
69-
*/
70-
if (InRowLevelSecurityDisabled())
71-
returnRLS_NONE;
72-
7366
tuple=SearchSysCache1(RELOID,ObjectIdGetDatum(relid));
7467
if (!HeapTupleIsValid(tuple))
7568
returnRLS_NONE;

‎src/include/miscadmin.h

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -286,7 +286,6 @@ extern inttrace_recovery(int trace_level);
286286
/* flags to be OR'd to form sec_context */
287287
#defineSECURITY_LOCAL_USERID_CHANGE0x0001
288288
#defineSECURITY_RESTRICTED_OPERATION0x0002
289-
#defineSECURITY_ROW_LEVEL_DISABLED0x0004
290289

291290
externchar*DatabasePath;
292291

@@ -305,7 +304,6 @@ extern void GetUserIdAndSecContext(Oid *userid, int *sec_context);
305304
externvoidSetUserIdAndSecContext(Oiduserid,intsec_context);
306305
externboolInLocalUserIdChange(void);
307306
externboolInSecurityRestrictedOperation(void);
308-
externboolInRowLevelSecurityDisabled(void);
309307
externvoidGetUserIdAndContext(Oid*userid,bool*sec_def_context);
310308
externvoidSetUserIdAndContext(Oiduserid,boolsec_def_context);
311309
externvoidInitializeSessionUserId(constchar*rolename,Oiduseroid);

‎src/include/utils/plancache.h

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -111,7 +111,6 @@ typedef struct CachedPlanSource
111111
intnum_custom_plans;/* number of plans included in total */
112112
boolhasRowSecurity;/* planned with row security? */
113113
boolrow_security_env;/* row security setting when planned */
114-
boolrowSecurityDisabled;/* is row security disabled? */
115114
}CachedPlanSource;
116115

117116
/*

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp