pgsql: ALTER TABLE .. FORCE ROW LEVEL SECURITY

ALTER TABLE .. FORCE ROW LEVEL SECURITY

To allow users to force RLS to always be applied, even for table owners,
add ALTER TABLE .. FORCE ROW LEVEL SECURITY.

row_security=off overrides FORCE ROW LEVEL SECURITY, to ensure pg_dump
output is complete (by default).

Also add SECURITY_NOFORCE_RLS context to avoid data corruption when
ALTER TABLE .. FORCE ROW SECURITY is being used. The
SECURITY_NOFORCE_RLS security context is used only during referential
integrity checks and is only considered in check_enable_rls() after we
have already checked that the current user is the owner of the relation
(which should always be the case during referential integrity checks).

Back-patch to 9.5 where RLS was added.

Branch
------
REL9_5_STABLE

Details
-------
http://git.postgresql.org/pg/commitdiff/90f334d2ca1a8bae2d0cd8a0898fb8ef90257565

Modified Files
--------------
doc/src/sgml/catalogs.sgml | 10 ++
doc/src/sgml/ref/alter_table.sgml | 17 +++
src/backend/catalog/heap.c | 1 +
src/backend/commands/tablecmds.c | 40 +++++
src/backend/parser/gram.y | 14 ++
src/backend/utils/adt/ri_triggers.c | 6 +-
src/backend/utils/init/miscinit.c | 18 ++-
src/backend/utils/misc/rls.c | 44 +++++-
src/bin/pg_dump/pg_dump.c | 20 ++-
src/bin/pg_dump/pg_dump.h | 1 +
src/bin/psql/describe.c | 44 +++---
src/include/catalog/catversion.h | 2 +-
src/include/catalog/pg_class.h | 72 ++++-----
src/include/miscadmin.h | 2 +
src/include/nodes/parsenodes.h | 2 +
.../modules/test_ddl_deparse/test_ddl_deparse.c | 6 +
src/test/regress/expected/rowsecurity.out | 156 ++++++++++++++++++++
src/test/regress/output/misc.source | 3 +-
src/test/regress/sql/rowsecurity.sql | 143 ++++++++++++++++++
19 files changed, 537 insertions(+), 64 deletions(-)