Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit 80eacaa

Browse files
committed
Clean up includes from RLS patch
The initial patch for RLS mistakenly included headers associated with the executor and planner bits in rewrite/rowsecurity.h. Per policy and general good sense, executor headers should not be included in planner headers or vice versa. The include of execnodes.h was a mistaken holdover from previous versions, while the include of relation.h was used for Relation's definition, which should have been coming from utils/relcache.h. This patch cleans these issues up, adds comments to the RowSecurityPolicy struct and the RowSecurityConfigType enum, and changes Relation->rsdesc to Relation->rd_rsdesc to follow Relation field naming convention. Additionally, utils/rel.h was including rewrite/rowsecurity.h, which wasn't a great idea since that was pulling in things not really needed in utils/rel.h (which gets included in quite a few places). Instead, use 'struct RowSecurityDesc' for the rd_rsdesc field and add comments explaining why. Lastly, add an include into access/nbtree/nbtsort.c for utils/sortsupport.h, which was evidently missed due to the above mess. Pointed out by Tom in 16970.1415838651@sss.pgh.pa.us; note that the concerns regarding a similar situation in the custom-path commit still need to be addressed.
1 parent 79172a5 commit 80eacaa

File tree

6 files changed

+29
-25
lines changed

6 files changed

+29
-25
lines changed

src/backend/access/nbtree/nbtsort.c

+1
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,7 @@
7373
#include "storage/smgr.h"
7474
#include "tcop/tcopprot.h"
7575
#include "utils/rel.h"
76+
#include "utils/sortsupport.h"
7677
#include "utils/tuplesort.h"
7778

7879

src/backend/commands/policy.c

+2-1
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@
3232
#include "parser/parse_clause.h"
3333
#include "parser/parse_node.h"
3434
#include "parser/parse_relation.h"
35+
#include "rewrite/rowsecurity.h"
3536
#include "storage/lock.h"
3637
#include "utils/acl.h"
3738
#include "utils/array.h"
@@ -358,7 +359,7 @@ RelationBuildRowSecurity(Relation relation)
358359
systable_endscan(sscan);
359360
heap_close(catalog, AccessShareLock);
360361

361-
relation->rsdesc = rsdesc;
362+
relation->rd_rsdesc = rsdesc;
362363
}
363364

364365
/*

src/backend/rewrite/rowsecurity.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -300,7 +300,7 @@ pull_row_security_policies(CmdType cmd, Relation relation, Oid user_id)
300300
* There must always be at least one policy defined (may be the simple
301301
* 'default-deny' policy, if none are explicitly defined on the table).
302302
*/
303-
foreach(item, relation->rsdesc->policies)
303+
foreach(item, relation->rd_rsdesc->policies)
304304
{
305305
policy = (RowSecurityPolicy *) lfirst(item);
306306

src/backend/utils/cache/relcache.c

+9-8
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,7 @@
6464
#include "optimizer/prep.h"
6565
#include "optimizer/var.h"
6666
#include "rewrite/rewriteDefine.h"
67+
#include "rewrite/rowsecurity.h"
6768
#include "storage/lmgr.h"
6869
#include "storage/smgr.h"
6970
#include "utils/array.h"
@@ -1052,7 +1053,7 @@ RelationBuildDesc(Oid targetRelId, bool insertIt)
10521053
if (relation->rd_rel->relrowsecurity)
10531054
RelationBuildRowSecurity(relation);
10541055
else
1055-
relation->rsdesc = NULL;
1056+
relation->rd_rsdesc = NULL;
10561057

10571058
/*
10581059
* if it's an index, initialize index-related information
@@ -2024,8 +2025,8 @@ RelationDestroyRelation(Relation relation, bool remember_tupdesc)
20242025
MemoryContextDelete(relation->rd_indexcxt);
20252026
if (relation->rd_rulescxt)
20262027
MemoryContextDelete(relation->rd_rulescxt);
2027-
if (relation->rsdesc)
2028-
MemoryContextDelete(relation->rsdesc->rscxt);
2028+
if (relation->rd_rsdesc)
2029+
MemoryContextDelete(relation->rd_rsdesc->rscxt);
20292030
if (relation->rd_fdwroutine)
20302031
pfree(relation->rd_fdwroutine);
20312032
pfree(relation);
@@ -2200,7 +2201,7 @@ RelationClearRelation(Relation relation, bool rebuild)
22002201

22012202
keep_tupdesc = equalTupleDescs(relation->rd_att, newrel->rd_att);
22022203
keep_rules = equalRuleLocks(relation->rd_rules, newrel->rd_rules);
2203-
keep_policies = equalRSDesc(relation->rsdesc, newrel->rsdesc);
2204+
keep_policies = equalRSDesc(relation->rd_rsdesc, newrel->rd_rsdesc);
22042205

22052206
/*
22062207
* Perform swapping of the relcache entry contents. Within this
@@ -2250,7 +2251,7 @@ RelationClearRelation(Relation relation, bool rebuild)
22502251
SWAPFIELD(MemoryContext, rd_rulescxt);
22512252
}
22522253
if (keep_policies)
2253-
SWAPFIELD(RowSecurityDesc *, rsdesc);
2254+
SWAPFIELD(RowSecurityDesc *, rd_rsdesc);
22542255
/* toast OID override must be preserved */
22552256
SWAPFIELD(Oid, rd_toastoid);
22562257
/* pgstat_info must be preserved */
@@ -3435,11 +3436,11 @@ RelationCacheInitializePhase3(void)
34353436
* RelationBuildRowSecurity will create a single default-deny policy
34363437
* if there is no policy defined in pg_rowsecurity.
34373438
*/
3438-
if (relation->rd_rel->relrowsecurity && relation->rsdesc == NULL)
3439+
if (relation->rd_rel->relrowsecurity && relation->rd_rsdesc == NULL)
34393440
{
34403441
RelationBuildRowSecurity(relation);
34413442

3442-
Assert (relation->rsdesc != NULL);
3443+
Assert (relation->rd_rsdesc != NULL);
34433444
restart = true;
34443445
}
34453446

@@ -4815,7 +4816,7 @@ load_relcache_init_file(bool shared)
48154816
rel->rd_rules = NULL;
48164817
rel->rd_rulescxt = NULL;
48174818
rel->trigdesc = NULL;
4818-
rel->rsdesc = NULL;
4819+
rel->rd_rsdesc = NULL;
48194820
rel->rd_indexprs = NIL;
48204821
rel->rd_indpred = NIL;
48214822
rel->rd_exclops = NULL;

src/include/rewrite/rowsecurity.h

+14-13
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,9 @@
11
/* -------------------------------------------------------------------------
22
*
33
* rowsecurity.h
4-
* prototypes for optimizer/rowsecurity.c
4+
*
5+
* prototypes for rewrite/rowsecurity.c and the structures for managing
6+
* the row security policies for relations in relcache.
57
*
68
* Portions Copyright (c) 1996-2012, PostgreSQL Global Development Group
79
* Portions Copyright (c) 1994, Regents of the University of California
@@ -11,20 +13,19 @@
1113
#ifndef ROWSECURITY_H
1214
#define ROWSECURITY_H
1315

14-
#include "nodes/execnodes.h"
1516
#include "nodes/parsenodes.h"
16-
#include "nodes/relation.h"
1717
#include "utils/array.h"
18+
#include "utils/relcache.h"
1819

1920
typedef struct RowSecurityPolicy
2021
{
21-
Oid rsecid;
22-
char *policy_name;
23-
char cmd;
24-
ArrayType *roles;
25-
Expr *qual;
26-
Expr *with_check_qual;
27-
bool hassublinks;
22+
Oid rsecid; /* OID of the policy */
23+
char *policy_name; /* Name of the policy */
24+
char cmd; /* Type of command policy is for */
25+
ArrayType *roles; /* Array of roles policy is for */
26+
Expr *qual; /* Expression to filter rows */
27+
Expr *with_check_qual; /* Expression to limit rows allowed */
28+
bool hassublinks; /* If expression has sublinks */
2829
} RowSecurityPolicy;
2930

3031
typedef struct RowSecurityDesc
@@ -39,9 +40,9 @@ extern int row_security;
3940
/* Possible values for row_security GUC */
4041
typedef enum RowSecurityConfigType
4142
{
42-
ROW_SECURITY_OFF,
43-
ROW_SECURITY_ON,
44-
ROW_SECURITY_FORCE
43+
ROW_SECURITY_OFF, /* RLS never applied- error thrown if no priv */
44+
ROW_SECURITY_ON, /* normal case, RLS applied for regular users */
45+
ROW_SECURITY_FORCE /* RLS applied for superusers and table owners */
4546
} RowSecurityConfigType;
4647

4748
/*

src/include/utils/rel.h

+2-2
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,6 @@
2121
#include "fmgr.h"
2222
#include "nodes/bitmapset.h"
2323
#include "rewrite/prs2lock.h"
24-
#include "rewrite/rowsecurity.h"
2524
#include "storage/block.h"
2625
#include "storage/relfilenode.h"
2726
#include "utils/relcache.h"
@@ -106,7 +105,8 @@ typedef struct RelationData
106105
RuleLock *rd_rules; /* rewrite rules */
107106
MemoryContext rd_rulescxt; /* private memory cxt for rd_rules, if any */
108107
TriggerDesc *trigdesc; /* Trigger info, or NULL if rel has none */
109-
RowSecurityDesc *rsdesc; /* Row-security policy, or NULL */
108+
/* use "struct" here to avoid needing to include rowsecurity.h: */
109+
struct RowSecurityDesc *rd_rsdesc; /* Row-security policies, or NULL */
110110

111111
/* data managed by RelationGetIndexList: */
112112
List *rd_indexlist; /* list of OIDs of indexes on relation */

0 commit comments

Comments
 (0)