projects / postgresql.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a24a1a2)
RLS: Fix ALL vs. SELECT+UPDATE policy usage
authorStephen Frost
Sun, 7 May 2017 01:46:41 +0000 (21:46 -0400)
committerStephen Frost
Sun, 7 May 2017 01:46:41 +0000 (21:46 -0400)
When we add the SELECT-privilege based policies to the RLS with check
options (such as for an UPDATE statement, or when we have INSERT ...
RETURNING), we need to be sure and use the 'USING' case if the policy is
actually an 'ALL' policy (which could have both a USING clause and an
independent WITH CHECK clause).

This could result in policies acting differently when built using ALL
(when the ALL had both USING and WITH CHECK clauses) and when building
the policies independently as SELECT and UPDATE policies.

Fix this by adding an explicit boolean to add_with_check_options() to
indicate when the USING policy should be used, even if the policy has
both USING and WITH CHECK policies on it.

Reported by: Rod Taylor

Back-patch to 9.5 where RLS was introduced.

src/backend/rewrite/rowsecurity.c patch | blob | blame | history

diff --git a/src/backend/rewrite/rowsecurity.c b/src/backend/rewrite/rowsecurity.c
index e02911656a3f29714ff119393e1f6433f65274c6..6b34c596f394ff316349e7407f37f5e23a63bb75 100644 (file)
--- a/src/backend/rewrite/rowsecurity.c
+++ b/src/backend/rewrite/rowsecurity.c
@@ -78,7 +78,8 @@ static void add_with_check_options(Relation rel,
                       List *permissive_policies,
                       List *restrictive_policies,
                       List **withCheckOptions,
-                      bool *hasSubLinks);
+                      bool *hasSubLinks,
+                      bool force_using);
 
 static bool check_role_for_policy(ArrayType *policy_roles, Oid user_id);
 
@@ -271,7 +272,8 @@ get_row_security_policies(Query *root, RangeTblEntry *rte, int rt_index,
                               permissive_policies,
                               restrictive_policies,
                               withCheckOptions,
-                              hasSubLinks);
+                              hasSubLinks,
+                              false);
 
        /*
         * Get and add ALL/SELECT policies, if SELECT rights are required for
@@ -294,7 +296,8 @@ get_row_security_policies(Query *root, RangeTblEntry *rte, int rt_index,
                                   select_permissive_policies,
                                   select_restrictive_policies,
                                   withCheckOptions,
-                                  hasSubLinks);
+                                  hasSubLinks,
+                                  true);
        }
 
        /*
@@ -323,7 +326,8 @@ get_row_security_policies(Query *root, RangeTblEntry *rte, int rt_index,
                                   conflict_permissive_policies,
                                   conflict_restrictive_policies,
                                   withCheckOptions,
-                                  hasSubLinks);
+                                  hasSubLinks,
+                                  true);
 
            /*
             * Get and add ALL/SELECT policies, as WCO_RLS_CONFLICT_CHECK WCOs
@@ -345,7 +349,8 @@ get_row_security_policies(Query *root, RangeTblEntry *rte, int rt_index,
                                       conflict_select_permissive_policies,
                                       conflict_select_restrictive_policies,
                                       withCheckOptions,
-                                      hasSubLinks);
+                                      hasSubLinks,
+                                      true);
            }
 
            /* Enforce the WITH CHECK clauses of the UPDATE policies */
@@ -354,7 +359,8 @@ get_row_security_policies(Query *root, RangeTblEntry *rte, int rt_index,
                                   conflict_permissive_policies,
                                   conflict_restrictive_policies,
                                   withCheckOptions,
-                                  hasSubLinks);
+                                  hasSubLinks,
+                                  false);
        }
    }
 
@@ -645,13 +651,14 @@ add_with_check_options(Relation rel,
                       List *permissive_policies,
                       List *restrictive_policies,
                       List **withCheckOptions,
-                      bool *hasSubLinks)
+                      bool *hasSubLinks,
+                      bool force_using)
 {
    ListCell   *item;
    List       *permissive_quals = NIL;
 
 #define QUAL_FOR_WCO(policy) \
-   ( kind != WCO_RLS_CONFLICT_CHECK && \
+   ( !force_using && \
      (policy)->with_check_qual != NULL ? \
      (policy)->with_check_qual : (policy)->qual )
 
This is the main PostgreSQL git repository.