Clean up some mess in row-security patches.
Fix unsafe coding around PG_TRY in RelationBuildRowSecurity: can't change
a variable inside PG_TRY and then use it in PG_CATCH without marking it
"volatile". In this case though it seems saner to avoid that by doing
a single assignment before entering the TRY block.
I started out just intending to fix that, but the more I looked at the
row-security code the more distressed I got. This patch also fixes
incorrect construction of the RowSecurityPolicy cache entries (there was
not sufficient care taken to copy pass-by-ref data into the cache memory
context) and a whole bunch of sloppiness around the definition and use of
pg_policy.polcmd. You can't use nulls in that column because initdb will
mark it NOT NULL --- and I see no particular reason why a null entry would
be a good idea anyway, so changing initdb's behavior is not the right
answer. The internal value of '\0' wouldn't be suitable in a "char" column
either, so after a bit of thought I settled on using '*' to represent ALL.
Chasing those changes down also revealed that somebody wasn't paying
attention to what the underlying values of ACL_UPDATE_CHR etc really were,
and there was a great deal of lackadaiscalness in the catalogs.sgml
documentation for pg_policy and pg_policies too.
This doesn't pretend to be a complete code review for the row-security
stuff, it just fixes the things that were in my face while dealing with
the bugs in RelationBuildRowSecurity.
Branch
------
master
Details
-------
http://git.postgresql.org/pg/commitdiff/fd496129d160950ed681c1150ea8f627b292c511
Modified Files
--------------
doc/src/sgml/catalogs.sgml | 226 +++++++++++++++++-----------------
src/backend/catalog/system_views.sql | 13 +-
src/backend/commands/policy.c | 155 ++++++++++++-----------
src/backend/rewrite/rowsecurity.c | 19 ++-
src/backend/utils/cache/relcache.c | 2 +-
src/bin/pg_dump/pg_dump.c | 28 ++---
src/bin/psql/describe.c | 7 +-
src/include/catalog/catversion.h | 2 +-
src/include/catalog/pg_policy.h | 4 +-
src/include/rewrite/rowsecurity.h | 4 +-
src/test/regress/expected/rules.out | 17 ++-
11 files changed, 241 insertions(+), 236 deletions(-)