Thread: pgsql: Make security barrier views automatically updatable
Make security barrier views automatically updatable Views which are marked as security_barrier must have their quals applied before any user-defined quals are called, to prevent user-defined functions from being able to see rows which the security barrier view is intended to prevent them from seeing. Remove the restriction on security barrier views being automatically updatable by adding a new securityQuals list to the RTE structure which keeps track of the quals from security barrier views at each level, independently of the user-supplied quals. When RTEs are later discovered which have securityQuals populated, they are turned into subquery RTEs which are marked as security_barrier to prevent any user-supplied quals being pushed down (modulo LEAKPROOF quals). Dean Rasheed, reviewed by Craig Ringer, Simon Riggs, KaiGai Kohei Branch ------ master Details ------- http://git.postgresql.org/pg/commitdiff/842faa714c0454d67e523f5a0b6df6500e9bc1a5 Modified Files -------------- doc/src/sgml/ref/create_view.sgml | 19 +- src/backend/commands/tablecmds.c | 6 +- src/backend/commands/view.c | 6 +- src/backend/nodes/copyfuncs.c | 1 + src/backend/nodes/equalfuncs.c | 1 + src/backend/nodes/nodeFuncs.c | 4 + src/backend/nodes/outfuncs.c | 1 + src/backend/nodes/readfuncs.c | 1 + src/backend/optimizer/plan/planner.c | 45 +- src/backend/optimizer/prep/Makefile | 2 +- src/backend/optimizer/prep/prepsecurity.c | 466 +++++++++++++++++++ src/backend/optimizer/prep/prepunion.c | 60 ++- src/backend/rewrite/rewriteHandler.c | 53 ++- src/include/nodes/parsenodes.h | 1 + src/include/optimizer/prep.h | 5 + src/include/rewrite/rewriteHandler.h | 1 - src/test/regress/expected/create_view.out | 2 +- src/test/regress/expected/updatable_views.out | 620 +++++++++++++++++++++++-- src/test/regress/sql/updatable_views.sql | 180 ++++++- 19 files changed, 1372 insertions(+), 102 deletions(-)
Stephen Frost <sfrost@snowman.net> writes: > Make security barrier views automatically updatable For the record, this should have bumped catversion, because it broke stored views. Given that I'd just done a bump a few hours earlier, there's probably no need for a retrospective catversion change, but just so you know: any patch that touches readfuncs.c probably needs a catversion change. regards, tom lane
* Tom Lane (tgl@sss.pgh.pa.us) wrote: > Stephen Frost <sfrost@snowman.net> writes: > > Make security barrier views automatically updatable > > For the record, this should have bumped catversion, because it > broke stored views. Given that I'd just done a bump a few hours > earlier, there's probably no need for a retrospective catversion > change, but just so you know: any patch that touches readfuncs.c > probably needs a catversion change. Ah, yeah, makes sense. Will keep that in mind. Thanks, Stephen