-
- Downloads
Code review for row security.
Buildfarm member tick identified an issue where the policies in the relcache for a relation were were being replaced underneath a running query, leading to segfaults while processing the policies to be added to a query. Similar to how TupleDesc RuleLocks are handled, add in a equalRSDesc() function to check if the policies have actually changed and, if not, swap back the rsdesc field (using the original instead of the temporairly built one; the whole structure is swapped and then specific fields swapped back). This now passes a CLOBBER_CACHE_ALWAYS for me and should resolve the buildfarm error. In addition to addressing this, add a new chapter in Data Definition under Privileges which explains row security and provides examples of its usage, change \d to always list policies (even if row security is disabled- but note that it is disabled, or enabled with no policies), rework check_role_for_policy (it really didn't need the entire policy, but it did need to be using has_privs_of_role()), and change the field in pg_class to relrowsecurity from relhasrowsecurity, based on Heikki's suggestion. Also from Heikki, only issue SET ROW_SECURITY in pg_restore when talking to a 9.5+ server, list Bypass RLS in \du, and document --enable-row-security options for pg_dump and pg_restore. Lastly, fix a number of minor whitespace and typo issues from Heikki, Dimitri, add a missing #include, per Peter E, fix a few minor variable-assigned-but-not-used and resource leak issues from Coverity and add tab completion for role attribute bypassrls as well.
Showing
- doc/src/sgml/catalogs.sgml 6 additions, 5 deletionsdoc/src/sgml/catalogs.sgml
- doc/src/sgml/config.sgml 2 additions, 2 deletionsdoc/src/sgml/config.sgml
- doc/src/sgml/ddl.sgml 168 additions, 0 deletionsdoc/src/sgml/ddl.sgml
- doc/src/sgml/ref/alter_table.sgml 1 addition, 1 deletiondoc/src/sgml/ref/alter_table.sgml
- doc/src/sgml/ref/create_policy.sgml 1 addition, 1 deletiondoc/src/sgml/ref/create_policy.sgml
- doc/src/sgml/ref/pg_dump.sgml 17 additions, 0 deletionsdoc/src/sgml/ref/pg_dump.sgml
- doc/src/sgml/ref/pg_restore.sgml 23 additions, 0 deletionsdoc/src/sgml/ref/pg_restore.sgml
- src/backend/catalog/heap.c 1 addition, 1 deletionsrc/backend/catalog/heap.c
- src/backend/catalog/system_views.sql 1 addition, 1 deletionsrc/backend/catalog/system_views.sql
- src/backend/commands/policy.c 8 additions, 9 deletionssrc/backend/commands/policy.c
- src/backend/commands/tablecmds.c 2 additions, 2 deletionssrc/backend/commands/tablecmds.c
- src/backend/rewrite/rowsecurity.c 16 additions, 15 deletionssrc/backend/rewrite/rowsecurity.c
- src/backend/utils/adt/ri_triggers.c 2 additions, 2 deletionssrc/backend/utils/adt/ri_triggers.c
- src/backend/utils/cache/relcache.c 88 additions, 3 deletionssrc/backend/utils/cache/relcache.c
- src/bin/pg_dump/pg_backup_archiver.c 7 additions, 4 deletionssrc/bin/pg_dump/pg_backup_archiver.c
- src/bin/pg_dump/pg_dump.c 19 additions, 17 deletionssrc/bin/pg_dump/pg_dump.c
- src/bin/pg_dump/pg_dump.h 1 addition, 1 deletionsrc/bin/pg_dump/pg_dump.h
- src/bin/pg_dump/pg_restore.c 1 addition, 1 deletionsrc/bin/pg_dump/pg_restore.c
- src/bin/psql/describe.c 47 additions, 32 deletionssrc/bin/psql/describe.c
- src/bin/psql/tab-complete.c 20 additions, 18 deletionssrc/bin/psql/tab-complete.c
Loading
Please register or sign in to comment