From 2ca9d5445c35db8956e4abbf1e653373820e8c0a Mon Sep 17 00:00:00 2001 From: Stephen Frost Date: Mon, 5 Oct 2015 07:55:13 -0400 Subject: [PATCH] Apply SELECT policies in INSERT/UPDATE+RETURNING Similar to 7d8db3e, given that INSERT+RETURNING requires SELECT rights on the table, apply the SELECT policies as WCOs to the tuples being inserted. Apply the same logic to UPDATE+RETURNING. Back-patch to 9.5 where RLS was added. --- src/backend/rewrite/rowsecurity.c | 32 ++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/src/backend/rewrite/rowsecurity.c b/src/backend/rewrite/rowsecurity.c index 3d7f7a3a18..eebc493849 100644 --- a/src/backend/rewrite/rowsecurity.c +++ b/src/backend/rewrite/rowsecurity.c @@ -271,6 +271,30 @@ get_row_security_policies(Query *root, RangeTblEntry *rte, int rt_index, withCheckOptions, hasSubLinks); + /* + * Get and add ALL/SELECT policies, if SELECT rights are required + * for this relation (eg: when RETURNING is used). These are added as + * WCO policies rather than security quals to ensure that an error is + * raised if a policy is violated; otherwise, we might end up silently + * dropping rows to be added. + */ + if (rte->requiredPerms & ACL_SELECT) + { + List *select_permissive_policies = NIL; + List *select_restrictive_policies = NIL; + + get_policies_for_relation(rel, CMD_SELECT, user_id, + &select_permissive_policies, + &select_restrictive_policies); + add_with_check_options(rel, rt_index, + commandType == CMD_INSERT ? + WCO_RLS_INSERT_CHECK : WCO_RLS_UPDATE_CHECK, + select_permissive_policies, + select_restrictive_policies, + withCheckOptions, + hasSubLinks); + } + /* * For INSERT ... ON CONFLICT DO UPDATE we need additional policy * checks for the UPDATE which may be applied to the same RTE. @@ -300,9 +324,11 @@ get_row_security_policies(Query *root, RangeTblEntry *rte, int rt_index, hasSubLinks); /* - * Get and add ALL/SELECT policies, if SELECT rights are required - * for this relation, also as WCO policies, again, to avoid - * silently dropping data. See above. + * Get and add ALL/SELECT policies, as WCO_RLS_CONFLICT_CHECK + * WCOs to ensure they are considered when taking the UPDATE + * path of an INSERT .. ON CONFLICT DO UPDATE, if SELECT + * rights are required for this relation, also as WCO policies, + * again, to avoid silently dropping data. See above. */ if (rte->requiredPerms & ACL_SELECT) { -- 2.40.0