pgsql: ALTER TABLE .. FORCE ROW LEVEL SECURITY

ALTER TABLE .. FORCE ROW LEVEL SECURITY

To allow users to force RLS to always be applied, even for table owners,
add ALTER TABLE .. FORCE ROW LEVEL SECURITY.

row_security=off overrides FORCE ROW LEVEL SECURITY, to ensure pg_dump
output is complete (by default).

Also add SECURITY_NOFORCE_RLS context to avoid data corruption when
ALTER TABLE .. FORCE ROW SECURITY is being used. The
SECURITY_NOFORCE_RLS security context is used only during referential
integrity checks and is only considered in check_enable_rls() after we
have already checked that the current user is the owner of the relation
(which should always be the case during referential integrity checks).

Back-patch to 9.5 where RLS was added.

Branch
------
master

Details
-------
http://git.postgresql.org/pg/commitdiff/088c83363a11200f2225f279d4a5c6cc6f9db3d2

Modified Files
--------------
doc/src/sgml/catalogs.sgml | 10 ++
doc/src/sgml/ref/alter_table.sgml | 17 +++
src/backend/catalog/heap.c | 1 +
src/backend/commands/tablecmds.c | 40 +++++
src/backend/parser/gram.y | 14 ++
src/backend/utils/adt/ri_triggers.c | 6 +-
src/backend/utils/init/miscinit.c | 18 ++-
src/backend/utils/misc/rls.c | 44 +++++-
src/bin/pg_dump/pg_dump.c | 20 ++-
src/bin/pg_dump/pg_dump.h | 1 +
src/bin/psql/describe.c | 44 +++---
src/include/catalog/catversion.h | 2 +-
src/include/catalog/pg_class.h | 72 ++++-----
src/include/miscadmin.h | 2 +
src/include/nodes/parsenodes.h | 2 +
.../modules/test_ddl_deparse/test_ddl_deparse.c | 6 +
src/test/regress/expected/rowsecurity.out | 156 ++++++++++++++++++++
src/test/regress/output/misc.source | 3 +-
src/test/regress/sql/rowsecurity.sql | 143 ++++++++++++++++++
19 files changed, 537 insertions(+), 64 deletions(-)