diff options
| author | Robert Haas <rhaas@postgresql.org> | 2011-12-22 16:15:57 -0500 |
|---|---|---|
| committer | Robert Haas <rhaas@postgresql.org> | 2011-12-22 16:16:31 -0500 |
| commit | 0e4611c0234d89e288a53351f775c59522baed7c (patch) | |
| tree | 942b0bf5b61f1b5150c58b96fd4ce46880c6cfda /src/include | |
| parent | f90dd28062db2128a340fbe02f55829f15ab5561 (diff) | |
| download | postgresql-0e4611c0234d89e288a53351f775c59522baed7c.tar.gz postgresql-0e4611c0234d89e288a53351f775c59522baed7c.zip | |
Add a security_barrier option for views.
When a view is marked as a security barrier, it will not be pulled up
into the containing query, and no quals will be pushed down into it,
so that no function or operator chosen by the user can be applied to
rows not exposed by the view. Views not configured with this
option cannot provide robust row-level security, but will perform far
better.
Patch by KaiGai Kohei; original problem report by Heikki Linnakangas
(in October 2009!). Review (in earlier versions) by Noah Misch and
others. Design advice by Tom Lane and myself. Further review and
cleanup by me.
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/access/reloptions.h | 3 | ||||
| -rw-r--r-- | src/include/nodes/parsenodes.h | 3 | ||||
| -rw-r--r-- | src/include/utils/rel.h | 9 |
3 files changed, 14 insertions, 1 deletions
diff --git a/src/include/access/reloptions.h b/src/include/access/reloptions.h index 10b2f9ea4db..afba016195a 100644 --- a/src/include/access/reloptions.h +++ b/src/include/access/reloptions.h @@ -43,8 +43,9 @@ typedef enum relopt_kind RELOPT_KIND_ATTRIBUTE = (1 << 6), RELOPT_KIND_TABLESPACE = (1 << 7), RELOPT_KIND_SPGIST = (1 << 8), + RELOPT_KIND_VIEW = (1 << 9), /* if you add a new kind, make sure you update "last_default" too */ - RELOPT_KIND_LAST_DEFAULT = RELOPT_KIND_SPGIST, + RELOPT_KIND_LAST_DEFAULT = RELOPT_KIND_VIEW, /* some compilers treat enums as signed ints, so we can't use 1 << 31 */ RELOPT_KIND_MAX = (1 << 30) } relopt_kind; diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index 734227366d1..6e8b11027d4 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -706,6 +706,7 @@ typedef struct RangeTblEntry * Fields valid for a subquery RTE (else NULL): */ Query *subquery; /* the sub-query */ + bool security_barrier; /* subquery from security_barrier view */ /* * Fields valid for a join RTE (else NULL/zero): @@ -1208,6 +1209,7 @@ typedef enum AlterTableType AT_SetTableSpace, /* SET TABLESPACE */ AT_SetRelOptions, /* SET (...) -- AM specific parameters */ AT_ResetRelOptions, /* RESET (...) -- AM specific parameters */ + AT_ReplaceRelOptions, /* replace reloption list in its entirety */ AT_EnableTrig, /* ENABLE TRIGGER name */ AT_EnableAlwaysTrig, /* ENABLE ALWAYS TRIGGER name */ AT_EnableReplicaTrig, /* ENABLE REPLICA TRIGGER name */ @@ -2277,6 +2279,7 @@ typedef struct ViewStmt List *aliases; /* target column names */ Node *query; /* the SELECT query */ bool replace; /* replace an existing view? */ + List *options; /* options from WITH clause */ } ViewStmt; /* ---------------------- diff --git a/src/include/utils/rel.h b/src/include/utils/rel.h index 70d16eb01e4..ed9c0038571 100644 --- a/src/include/utils/rel.h +++ b/src/include/utils/rel.h @@ -195,6 +195,7 @@ typedef struct StdRdOptions int32 vl_len_; /* varlena header (do not touch directly!) */ int fillfactor; /* page fill factor in percent (0..100) */ AutoVacOpts autovacuum; /* autovacuum-related options */ + bool security_barrier; /* for views */ } StdRdOptions; #define HEAP_MIN_FILLFACTOR 10 @@ -223,6 +224,14 @@ typedef struct StdRdOptions (BLCKSZ * (100 - RelationGetFillFactor(relation, defaultff)) / 100) /* + * RelationIsSecurityView + * Returns whether the relation is security view, or not + */ +#define RelationIsSecurityView(relation) \ + ((relation)->rd_options ? \ + ((StdRdOptions *) (relation)->rd_options)->security_barrier : false) + +/* * RelationIsValid * True iff relation descriptor is valid. */ |