diff options
| author | Dean Rasheed <dean.a.rasheed@gmail.com> | 2019-04-02 08:22:48 +0100 |
|---|---|---|
| committer | Dean Rasheed <dean.a.rasheed@gmail.com> | 2019-04-02 08:22:48 +0100 |
| commit | 2e606d0ad7984c15f323eacfc333990b93683cc7 (patch) | |
| tree | 9c95e2539af1869961792eaddf2f539d6e687629 /src/backend/rewrite/rowsecurity.c | |
| parent | 52e7e4d1dfe6e8f3b0923458cda732e8cb230719 (diff) | |
Perform RLS subquery checks as the right user when going via a view.
When accessing a table with RLS via a view, the RLS checks are
performed as the view owner. However, the code neglected to propagate
that to any subqueries in the RLS checks. Fix that by calling
setRuleCheckAsUser() for all RLS policy quals and withCheckOption
checks for RTEs with RLS.
Back-patch to 9.5 where RLS was added.
Per bug #15708 from daurnimator.
Discussion: https://postgr.es/m/15708-d65cab2ce9b1717a@postgresql.org
Diffstat (limited to 'src/backend/rewrite/rowsecurity.c')
| -rw-r--r-- | src/backend/rewrite/rowsecurity.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/backend/rewrite/rowsecurity.c b/src/backend/rewrite/rowsecurity.c index 4a228b9e158..b794e7365e9 100644 --- a/src/backend/rewrite/rowsecurity.c +++ b/src/backend/rewrite/rowsecurity.c @@ -47,6 +47,7 @@ #include "nodes/pg_list.h" #include "nodes/plannodes.h" #include "parser/parsetree.h" +#include "rewrite/rewriteDefine.h" #include "rewrite/rewriteHandler.h" #include "rewrite/rewriteManip.h" #include "rewrite/rowsecurity.h" @@ -379,6 +380,13 @@ get_row_security_policies(Query *root, RangeTblEntry *rte, int rt_index, heap_close(rel, NoLock); /* + * Copy checkAsUser to the row security quals and WithCheckOption checks, + * in case they contain any subqueries referring to other relations. + */ + setRuleCheckAsUser((Node *) *securityQuals, rte->checkAsUser); + setRuleCheckAsUser((Node *) *withCheckOptions, rte->checkAsUser); + + /* * Mark this query as having row security, so plancache can invalidate it * when necessary (eg: role changes) */ |