diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2015-01-24 16:16:22 -0500 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2015-01-24 16:16:22 -0500 |
| commit | fd496129d160950ed681c1150ea8f627b292c511 (patch) | |
| tree | 692b18245d6efca00dea4e99f66595ae0d16691a /src/include/rewrite | |
| parent | f8a4dd2e141a12e349882edecc683504acb82ec8 (diff) | |
| download | postgresql-fd496129d160950ed681c1150ea8f627b292c511.tar.gz | |
Clean up some mess in row-security patches.
Fix unsafe coding around PG_TRY in RelationBuildRowSecurity: can't change
a variable inside PG_TRY and then use it in PG_CATCH without marking it
"volatile". In this case though it seems saner to avoid that by doing
a single assignment before entering the TRY block.
I started out just intending to fix that, but the more I looked at the
row-security code the more distressed I got. This patch also fixes
incorrect construction of the RowSecurityPolicy cache entries (there was
not sufficient care taken to copy pass-by-ref data into the cache memory
context) and a whole bunch of sloppiness around the definition and use of
pg_policy.polcmd. You can't use nulls in that column because initdb will
mark it NOT NULL --- and I see no particular reason why a null entry would
be a good idea anyway, so changing initdb's behavior is not the right
answer. The internal value of '\0' wouldn't be suitable in a "char" column
either, so after a bit of thought I settled on using '*' to represent ALL.
Chasing those changes down also revealed that somebody wasn't paying
attention to what the underlying values of ACL_UPDATE_CHR etc really were,
and there was a great deal of lackadaiscalness in the catalogs.sgml
documentation for pg_policy and pg_policies too.
This doesn't pretend to be a complete code review for the row-security
stuff, it just fixes the things that were in my face while dealing with
the bugs in RelationBuildRowSecurity.
Diffstat (limited to 'src/include/rewrite')
| -rw-r--r-- | src/include/rewrite/rowsecurity.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/include/rewrite/rowsecurity.h b/src/include/rewrite/rowsecurity.h index aa1b45b1c9..240f987a3a 100644 --- a/src/include/rewrite/rowsecurity.h +++ b/src/include/rewrite/rowsecurity.h @@ -21,11 +21,11 @@ typedef struct RowSecurityPolicy { Oid policy_id; /* OID of the policy */ char *policy_name; /* Name of the policy */ - char cmd; /* Type of command policy is for */ + char polcmd; /* Type of command policy is for */ ArrayType *roles; /* Array of roles policy is for */ Expr *qual; /* Expression to filter rows */ Expr *with_check_qual; /* Expression to limit rows allowed */ - bool hassublinks; /* If expression has sublinks */ + bool hassublinks; /* If either expression has sublinks */ } RowSecurityPolicy; typedef struct RowSecurityDesc |