database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-10-25 13:17:41 +03:00
Code Activity

Code review for row security.

Browse Source 
Buildfarm member tick identified an issue where the policies in the
relcache for a relation were were being replaced underneath a running
query, leading to segfaults while processing the policies to be added
to a query.  Similar to how TupleDesc RuleLocks are handled, add in a
equalRSDesc() function to check if the policies have actually changed
and, if not, swap back the rsdesc field (using the original instead of
the temporairly built one; the whole structure is swapped and then
specific fields swapped back).  This now passes a CLOBBER_CACHE_ALWAYS
for me and should resolve the buildfarm error.

In addition to addressing this, add a new chapter in Data Definition
under Privileges which explains row security and provides examples of
its usage, change \d to always list policies (even if row security is
disabled- but note that it is disabled, or enabled with no policies),
rework check_role_for_policy (it really didn't need the entire policy,
but it did need to be using has_privs_of_role()), and change the field
in pg_class to relrowsecurity from relhasrowsecurity, based on
Heikki's suggestion.  Also from Heikki, only issue SET ROW_SECURITY in
pg_restore when talking to a 9.5+ server, list Bypass RLS in \du, and
document --enable-row-security options for pg_dump and pg_restore.

Lastly, fix a number of minor whitespace and typo issues from Heikki,
Dimitri, add a missing #include, per Peter E, fix a few minor
variable-assigned-but-not-used and resource leak issues from Coverity
and add tab completion for role attribute bypassrls as well.
This commit is contained in:
Stephen Frost
2014-09-24 16:32:22 -04:00
parent 3f6f9260e3
commit 6550b901fe
24 changed files with 442 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/include/commands/policy.h
View File

@@ -16,6 +16,7 @@
#define POLICY_H
#include "nodes/parsenodes.h"
#include "utils/relcache.h"
extern void RelationBuildRowSecurity(Relation relation);
@@ -24,10 +25,10 @@ extern void RemovePolicyById(Oid policy_id);
extern Oid CreatePolicy(CreatePolicyStmt *stmt);
extern Oid AlterPolicy(AlterPolicyStmt *stmt);
Oid get_relation_policy_oid(Oid relid,
const char *policy_name, bool missing_ok);
extern Oid get_relation_policy_oid(Oid relid, const char *policy_name,
bool missing_ok);
Oid rename_policy(RenameStmt *stmt);
extern Oid rename_policy(RenameStmt *stmt);
#endif /* POLICY_H */