opensourcemirror
/
postgresql
mirror of git://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Releases Wiki Activity
postgresql/contrib/adminpack/adminpack.c

576 lines
14 KiB
C
Raw Normal View History

Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
/*-------------------------------------------------------------------------
*
Fix typo.
2006-10-19 19:48:04 +02:00
* adminpack.c
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
*
*
Update copyrights for 2020 Backpatch-through: update all files in master, backpatch legal files through 9.4
2020-01-01 18:21:45 +01:00
* Copyright (c) 2002-2020, PostgreSQL Global Development Group
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
*
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
* Author: Andreas Pflug <pgadmin@pse-consulting.de>
*
* IDENTIFICATION
Remove cvs keywords from all files.
2010-09-20 22:08:53 +02:00
* contrib/adminpack/adminpack.c
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
*
*-------------------------------------------------------------------------
*/
#include "postgres.h"
#include <sys/file.h>
#include <sys/stat.h>
#include <unistd.h>
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
#include "catalog/pg_authid.h"
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
#include "catalog/pg_type.h"
#include "funcapi.h"
Marginal code cleanups in pg_logdir_ls: use ReadDir not readdir, and avoid scribbling on its result (might be safe but why risk it)
2006-10-20 02:59:03 +02:00
#include "miscadmin.h"
Clean up local redeclarations of variables with DLLIMPORT, per report from Magnus that MSVC complains about this.
2006-10-19 20:32:48 +02:00
#include "postmaster/syslogger.h"
Sort reference of include files, "A" - "F".
2006-07-11 18:35:33 +02:00
#include "storage/fd.h"
Simplify and standardize conversions between TEXT datums and ordinary C strings. This patch introduces four support functions cstring_to_text, cstring_to_text_with_len, text_to_cstring, and text_to_cstring_buffer, and two macros CStringGetTextDatum and TextDatumGetCString. A number of existing macros that provided variants on these themes were removed. Most of the places that need to make such conversions now require just one function or macro call, in place of the multiple notational layers that used to be needed. There are no longer any direct calls of textout or textin, and we got most of the places that were using handmade conversions via memcpy (there may be a few still lurking, though). This commit doesn't make any serious effort to eliminate transient memory leaks caused by detoasting toasted text objects before they reach text_to_cstring. We changed PG_GETARG_TEXT_P to PG_GETARG_TEXT_PP in a few places where it was easy, but much more could be done. Brendan Jurd and Tom Lane
2008-03-25 23:42:46 +01:00
#include "utils/builtins.h"
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
#include "utils/datetime.h"
#ifdef WIN32
#ifdef rename
#undef rename
#endif
#ifdef unlink
#undef unlink
#endif
#endif
PG_MODULE_MAGIC;
PG_FUNCTION_INFO_V1(pg_file_write);
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
PG_FUNCTION_INFO_V1(pg_file_write_v1_1);
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
PG_FUNCTION_INFO_V1(pg_file_rename);
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
PG_FUNCTION_INFO_V1(pg_file_rename_v1_1);
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
PG_FUNCTION_INFO_V1(pg_file_unlink);
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
PG_FUNCTION_INFO_V1(pg_file_unlink_v1_1);
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
PG_FUNCTION_INFO_V1(pg_logdir_ls);
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
PG_FUNCTION_INFO_V1(pg_logdir_ls_v1_1);
static int64 pg_file_write_internal(text *file, text *data, bool replace);
static bool pg_file_rename_internal(text *file1, text *file2, text *file3);
static Datum pg_logdir_ls_internal(FunctionCallInfo fcinfo);
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
typedef struct
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
{
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
char *location;
DIR *dirdesc;
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
} directory_fctx;
/*-----------------------
* some helper functions
*/
/*
Get rid of some unnecessary dependencies on DataDir: wherever possible, the backend should rely on its working-directory setting instead. Also do some message-style police work in contrib/adminpack.
2006-11-06 04:06:41 +01:00
* Convert a "text" filename argument to C string, and check it's allowable.
*
* Filename may be absolute or relative to the DataDir, but we only allow
* absolute paths that match DataDir or Log_directory.
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
*/
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
static char *
Get rid of some unnecessary dependencies on DataDir: wherever possible, the backend should rely on its working-directory setting instead. Also do some message-style police work in contrib/adminpack.
2006-11-06 04:06:41 +01:00
convert_and_check_filename(text *arg, bool logAllowed)
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
{
Simplify and standardize conversions between TEXT datums and ordinary C strings. This patch introduces four support functions cstring_to_text, cstring_to_text_with_len, text_to_cstring, and text_to_cstring_buffer, and two macros CStringGetTextDatum and TextDatumGetCString. A number of existing macros that provided variants on these themes were removed. Most of the places that need to make such conversions now require just one function or macro call, in place of the multiple notational layers that used to be needed. There are no longer any direct calls of textout or textin, and we got most of the places that were using handmade conversions via memcpy (there may be a few still lurking, though). This commit doesn't make any serious effort to eliminate transient memory leaks caused by detoasting toasted text objects before they reach text_to_cstring. We changed PG_GETARG_TEXT_P to PG_GETARG_TEXT_PP in a few places where it was easy, but much more could be done. Brendan Jurd and Tom Lane
2008-03-25 23:42:46 +01:00
char *filename = text_to_cstring(arg);
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
Get rid of some unnecessary dependencies on DataDir: wherever possible, the backend should rely on its working-directory setting instead. Also do some message-style police work in contrib/adminpack.
2006-11-06 04:06:41 +01:00
canonicalize_path(filename); /* filename can change length here */
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
/*
* Members of the 'pg_write_server_files' role are allowed to access any
* files on the server as the PG user, so no need to do any further checks
* here.
*/
if (is_member_of_role(GetUserId(), DEFAULT_ROLE_WRITE_SERVER_FILES))
return filename;
/* User isn't a member of the default role, so check if it's allowable */
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
if (is_absolute_path(filename))
{
Properly handle Win32 paths of 'E:abc', which can be either absolute or relative, by creating a function path_is_relative_and_below_cwd() to check for specific requirements. It is unclear if this fixes a security problem or not but the new code is more robust.
2011-02-12 15:47:51 +01:00
/* Disallow '/a/b/data/..' */
if (path_contains_parent_reference(filename))
ereport(ERROR,
pgindent run before PG 9.1 beta 1.
2011-04-10 17:42:00 +02:00
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
Phase 3 of pgindent updates. Don't move parenthesized lines to the left, even if that means they flow past the right margin. By default, BSD indent lines up statement continuation lines that are within parentheses so that they start just to the right of the preceding left parenthesis. However, traditionally, if that resulted in the continuation line extending to the right of the desired right margin, then indent would push it left just far enough to not overrun the margin, if it could do so without making the continuation line start to the left of the current statement indent. That makes for a weird mix of indentations unless one has been completely rigid about never violating the 80-column limit. This behavior has been pretty universally panned by Postgres developers. Hence, disable it with indent's new -lpl switch, so that parenthesized lines are always lined up with the preceding left paren. This patch is much less interesting than the first round of indent changes, but also bulkier, so I thought it best to separate the effects. Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
(errmsg("reference to parent directory (\"..\") not allowed"))));
pgindent run before PG 9.1 beta 1.
2011-04-10 17:42:00 +02:00
Properly handle Win32 paths of 'E:abc', which can be either absolute or relative, by creating a function path_is_relative_and_below_cwd() to check for specific requirements. It is unclear if this fixes a security problem or not but the new code is more robust.
2011-02-12 15:47:51 +01:00
/*
pgindent run before PG 9.1 beta 1.
2011-04-10 17:42:00 +02:00
* Allow absolute paths if within DataDir or Log_directory, even
* though Log_directory might be outside DataDir.
Properly handle Win32 paths of 'E:abc', which can be either absolute or relative, by creating a function path_is_relative_and_below_cwd() to check for specific requirements. It is unclear if this fixes a security problem or not but the new code is more robust.
2011-02-12 15:47:51 +01:00
*/
if (!path_is_prefix_of_path(DataDir, filename) &&
(!logAllowed || !is_absolute_path(Log_directory) ||
!path_is_prefix_of_path(Log_directory, filename)))
ereport(ERROR,
pgindent run before PG 9.1 beta 1.
2011-04-10 17:42:00 +02:00
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
(errmsg("absolute path not allowed"))));
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
}
Properly handle Win32 paths of 'E:abc', which can be either absolute or relative, by creating a function path_is_relative_and_below_cwd() to check for specific requirements. It is unclear if this fixes a security problem or not but the new code is more robust.
2011-02-12 15:47:51 +01:00
else if (!path_is_relative_and_below_cwd(filename))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
(errmsg("path must be in or below the current directory"))));
return filename;
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
}
/*
* check for superuser, bark if not.
*/
static void
requireSuperuser(void)
{
if (!superuser())
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
ereport(ERROR,
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
Phase 3 of pgindent updates. Don't move parenthesized lines to the left, even if that means they flow past the right margin. By default, BSD indent lines up statement continuation lines that are within parentheses so that they start just to the right of the preceding left parenthesis. However, traditionally, if that resulted in the continuation line extending to the right of the desired right margin, then indent would push it left just far enough to not overrun the margin, if it could do so without making the continuation line start to the left of the current statement indent. That makes for a weird mix of indentations unless one has been completely rigid about never violating the 80-column limit. This behavior has been pretty universally panned by Postgres developers. Hence, disable it with indent's new -lpl switch, so that parenthesized lines are always lined up with the preceding left paren. This patch is much less interesting than the first round of indent changes, but also bulkier, so I thought it best to separate the effects. Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
(errmsg("only superuser may access generic file functions"))));
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
}
/* ------------------------------------
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
* pg_file_write - old version
*
* The superuser() check here must be kept as the library might be upgraded
* without the extension being upgraded, meaning that in pre-1.1 installations
* these functions could be called by any user.
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
*/
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
Datum
pg_file_write(PG_FUNCTION_ARGS)
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
{
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
text *file = PG_GETARG_TEXT_PP(0);
text *data = PG_GETARG_TEXT_PP(1);
bool replace = PG_GETARG_BOOL(2);
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
int64 count = 0;
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
requireSuperuser();
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
count = pg_file_write_internal(file, data, replace);
PG_RETURN_INT64(count);
}
/* ------------------------------------
* pg_file_write_v1_1 - Version 1.1
*
* As of adminpack version 1.1, we no longer need to check if the user
* is a superuser because we REVOKE EXECUTE on the function from PUBLIC.
* Users can then grant access to it based on their policies.
*
* Otherwise identical to pg_file_write (above).
*/
Datum
pg_file_write_v1_1(PG_FUNCTION_ARGS)
{
text *file = PG_GETARG_TEXT_PP(0);
text *data = PG_GETARG_TEXT_PP(1);
bool replace = PG_GETARG_BOOL(2);
int64 count = 0;
count = pg_file_write_internal(file, data, replace);
PG_RETURN_INT64(count);
}
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
/* ------------------------------------
* pg_file_write_internal - Workhorse for pg_file_write functions.
*
* This handles the actual work for pg_file_write.
*/
Add missing "static" markers. Evidently forgotten in commit 11523e860. Per buildfarm member pademelon.
2018-04-08 16:54:54 +02:00
static int64
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
pg_file_write_internal(text *file, text *data, bool replace)
{
FILE *f;
char *filename;
int64 count = 0;
filename = convert_and_check_filename(file, false);
if (!replace)
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
{
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
struct stat fst;
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
if (stat(filename, &fst) >= 0)
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
ereport(ERROR,
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
(ERRCODE_DUPLICATE_FILE,
Get rid of some unnecessary dependencies on DataDir: wherever possible, the backend should rely on its working-directory setting instead. Also do some message-style police work in contrib/adminpack.
2006-11-06 04:06:41 +01:00
errmsg("file \"%s\" exists", filename)));
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
Fix pg_file_write() error handling. Detect fclose() failures; given "ln -s /dev/full $PGDATA/devfull", "pg_file_write('devfull', 'x', true)" now fails as it should. Don't leak a stream when fwrite() fails. Remove a born-ineffective test that aimed to skip zero-length writes. Back-patch to 9.2 (all supported versions).
2017-03-13 00:35:31 +01:00
f = AllocateFile(filename, "wb");
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
}
else
Fix pg_file_write() error handling. Detect fclose() failures; given "ln -s /dev/full $PGDATA/devfull", "pg_file_write('devfull', 'x', true)" now fails as it should. Don't leak a stream when fwrite() fails. Remove a born-ineffective test that aimed to skip zero-length writes. Back-patch to 9.2 (all supported versions).
2017-03-13 00:35:31 +01:00
f = AllocateFile(filename, "ab");
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
if (!f)
ereport(ERROR,
(errcode_for_file_access(),
Get rid of some unnecessary dependencies on DataDir: wherever possible, the backend should rely on its working-directory setting instead. Also do some message-style police work in contrib/adminpack.
2006-11-06 04:06:41 +01:00
errmsg("could not open file \"%s\" for writing: %m",
filename)));
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
Use wrappers of PG_DETOAST_DATUM_PACKED() more. This makes almost all core code follow the policy introduced in the previous commit. Specific decisions: - Text search support functions with char* and length arguments, such as prsstart and lexize, may receive unaligned strings. I doubt maintainers of non-core text search code will notice. - Use plain VARDATA() on values detoasted or synthesized earlier in the same function. Use VARDATA_ANY() on varlenas sourced outside the function, even if they happen to always have four-byte headers. As an exception, retain the universal practice of using VARDATA() on return values of SendFunctionCall(). - Retain PG_GETARG_BYTEA_P() in pageinspect. (Page images are too large for a one-byte header, so this misses no optimization.) Sites that do not call get_page_from_raw() typically need the four-byte alignment. - For now, do not change btree_gist. Its use of four-byte headers in memory is partly entangled with storage of 4-byte headers inside GBT_VARKEY, on disk. - For now, do not change gtrgm_consistent() or gtrgm_distance(). They incorporate the varlena header into a cache, and there are multiple credible implementation strategies to consider.
2017-03-13 00:35:34 +01:00
count = fwrite(VARDATA_ANY(data), 1, VARSIZE_ANY_EXHDR(data), f);
if (count != VARSIZE_ANY_EXHDR(data) || FreeFile(f))
Fix pg_file_write() error handling. Detect fclose() failures; given "ln -s /dev/full $PGDATA/devfull", "pg_file_write('devfull', 'x', true)" now fails as it should. Don't leak a stream when fwrite() fails. Remove a born-ineffective test that aimed to skip zero-length writes. Back-patch to 9.2 (all supported versions).
2017-03-13 00:35:31 +01:00
ereport(ERROR,
(errcode_for_file_access(),
errmsg("could not write file \"%s\": %m", filename)));
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
return (count);
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
}
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
/* ------------------------------------
* pg_file_rename - old version
*
* The superuser() check here must be kept as the library might be upgraded
* without the extension being upgraded, meaning that in pre-1.1 installations
* these functions could be called by any user.
*/
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
Datum
pg_file_rename(PG_FUNCTION_ARGS)
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
{
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
text *file1;
text *file2;
text *file3;
bool result;
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
requireSuperuser();
if (PG_ARGISNULL(0) || PG_ARGISNULL(1))
PG_RETURN_NULL();
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
file1 = PG_GETARG_TEXT_PP(0);
file2 = PG_GETARG_TEXT_PP(1);
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
if (PG_ARGISNULL(2))
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
file3 = NULL;
else
file3 = PG_GETARG_TEXT_PP(2);
result = pg_file_rename_internal(file1, file2, file3);
PG_RETURN_BOOL(result);
}
/* ------------------------------------
* pg_file_rename_v1_1 - Version 1.1
*
* As of adminpack version 1.1, we no longer need to check if the user
* is a superuser because we REVOKE EXECUTE on the function from PUBLIC.
* Users can then grant access to it based on their policies.
*
* Otherwise identical to pg_file_write (above).
*/
Datum
pg_file_rename_v1_1(PG_FUNCTION_ARGS)
{
text *file1;
text *file2;
text *file3;
bool result;
if (PG_ARGISNULL(0) || PG_ARGISNULL(1))
PG_RETURN_NULL();
file1 = PG_GETARG_TEXT_PP(0);
file2 = PG_GETARG_TEXT_PP(1);
if (PG_ARGISNULL(2))
file3 = NULL;
else
file3 = PG_GETARG_TEXT_PP(2);
result = pg_file_rename_internal(file1, file2, file3);
PG_RETURN_BOOL(result);
}
/* ------------------------------------
* pg_file_rename_internal - Workhorse for pg_file_rename functions.
*
* This handles the actual work for pg_file_rename.
*/
Add missing "static" markers. Evidently forgotten in commit 11523e860. Per buildfarm member pademelon.
2018-04-08 16:54:54 +02:00
static bool
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
pg_file_rename_internal(text *file1, text *file2, text *file3)
{
char *fn1,
*fn2,
*fn3;
int rc;
fn1 = convert_and_check_filename(file1, false);
fn2 = convert_and_check_filename(file2, false);
if (file3 == NULL)
Fix potentially-unportable code in contrib/adminpack. Spelling access(2)'s second argument as "2" is just horrid. POSIX makes no promises as to the numeric values of W_OK and related macros. Even if it accidentally works as intended on every supported platform, it's still unreadable and inconsistent with adjacent code. In passing, don't spell "NULL" as "0" either. Yes, that's legal C; no, it's not project style. Back-patch, just in case the unportability is real and not theoretical. (Most likely, even if a platform had different bit assignments for access()'s modes, there'd not be an observable behavior difference here; but I'm being paranoid today.)
2018-04-15 19:02:11 +02:00
fn3 = NULL;
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
else
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
fn3 = convert_and_check_filename(file3, false);
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
if (access(fn1, W_OK) < 0)
{
ereport(WARNING,
(errcode_for_file_access(),
Get rid of some unnecessary dependencies on DataDir: wherever possible, the backend should rely on its working-directory setting instead. Also do some message-style police work in contrib/adminpack.
2006-11-06 04:06:41 +01:00
errmsg("file \"%s\" is not accessible: %m", fn1)));
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
return false;
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
}
if (fn3 && access(fn2, W_OK) < 0)
{
ereport(WARNING,
(errcode_for_file_access(),
Get rid of some unnecessary dependencies on DataDir: wherever possible, the backend should rely on its working-directory setting instead. Also do some message-style police work in contrib/adminpack.
2006-11-06 04:06:41 +01:00
errmsg("file \"%s\" is not accessible: %m", fn2)));
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
return false;
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
}
Fix potentially-unportable code in contrib/adminpack. Spelling access(2)'s second argument as "2" is just horrid. POSIX makes no promises as to the numeric values of W_OK and related macros. Even if it accidentally works as intended on every supported platform, it's still unreadable and inconsistent with adjacent code. In passing, don't spell "NULL" as "0" either. Yes, that's legal C; no, it's not project style. Back-patch, just in case the unportability is real and not theoretical. (Most likely, even if a platform had different bit assignments for access()'s modes, there'd not be an observable behavior difference here; but I'm being paranoid today.)
2018-04-15 19:02:11 +02:00
rc = access(fn3 ? fn3 : fn2, W_OK);
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
if (rc >= 0 || errno != ENOENT)
{
ereport(ERROR,
(ERRCODE_DUPLICATE_FILE,
Get rid of some unnecessary dependencies on DataDir: wherever possible, the backend should rely on its working-directory setting instead. Also do some message-style police work in contrib/adminpack.
2006-11-06 04:06:41 +01:00
errmsg("cannot rename to target file \"%s\"",
fn3 ? fn3 : fn2)));
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
}
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
if (fn3)
{
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
if (rename(fn2, fn3) != 0)
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
{
ereport(ERROR,
(errcode_for_file_access(),
Get rid of some unnecessary dependencies on DataDir: wherever possible, the backend should rely on its working-directory setting instead. Also do some message-style police work in contrib/adminpack.
2006-11-06 04:06:41 +01:00
errmsg("could not rename \"%s\" to \"%s\": %m",
fn2, fn3)));
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
}
if (rename(fn1, fn2) != 0)
{
ereport(WARNING,
(errcode_for_file_access(),
Get rid of some unnecessary dependencies on DataDir: wherever possible, the backend should rely on its working-directory setting instead. Also do some message-style police work in contrib/adminpack.
2006-11-06 04:06:41 +01:00
errmsg("could not rename \"%s\" to \"%s\": %m",
fn1, fn2)));
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
if (rename(fn3, fn2) != 0)
{
ereport(ERROR,
(errcode_for_file_access(),
Get rid of some unnecessary dependencies on DataDir: wherever possible, the backend should rely on its working-directory setting instead. Also do some message-style police work in contrib/adminpack.
2006-11-06 04:06:41 +01:00
errmsg("could not rename \"%s\" back to \"%s\": %m",
fn3, fn2)));
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
}
else
{
ereport(ERROR,
(ERRCODE_UNDEFINED_FILE,
Get rid of some unnecessary dependencies on DataDir: wherever possible, the backend should rely on its working-directory setting instead. Also do some message-style police work in contrib/adminpack.
2006-11-06 04:06:41 +01:00
errmsg("renaming \"%s\" to \"%s\" was reverted",
fn2, fn3)));
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
}
}
}
else if (rename(fn1, fn2) != 0)
{
ereport(ERROR,
(errcode_for_file_access(),
Get rid of some unnecessary dependencies on DataDir: wherever possible, the backend should rely on its working-directory setting instead. Also do some message-style police work in contrib/adminpack.
2006-11-06 04:06:41 +01:00
errmsg("could not rename \"%s\" to \"%s\": %m", fn1, fn2)));
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
}
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
return true;
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
}
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
/* ------------------------------------
* pg_file_unlink - old version
*
* The superuser() check here must be kept as the library might be upgraded
* without the extension being upgraded, meaning that in pre-1.1 installations
* these functions could be called by any user.
*/
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
Datum
pg_file_unlink(PG_FUNCTION_ARGS)
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
{
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
char *filename;
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
requireSuperuser();
Use wrappers of PG_DETOAST_DATUM_PACKED() more. This makes almost all core code follow the policy introduced in the previous commit. Specific decisions: - Text search support functions with char* and length arguments, such as prsstart and lexize, may receive unaligned strings. I doubt maintainers of non-core text search code will notice. - Use plain VARDATA() on values detoasted or synthesized earlier in the same function. Use VARDATA_ANY() on varlenas sourced outside the function, even if they happen to always have four-byte headers. As an exception, retain the universal practice of using VARDATA() on return values of SendFunctionCall(). - Retain PG_GETARG_BYTEA_P() in pageinspect. (Page images are too large for a one-byte header, so this misses no optimization.) Sites that do not call get_page_from_raw() typically need the four-byte alignment. - For now, do not change btree_gist. Its use of four-byte headers in memory is partly entangled with storage of 4-byte headers inside GBT_VARKEY, on disk. - For now, do not change gtrgm_consistent() or gtrgm_distance(). They incorporate the varlena header into a cache, and there are multiple credible implementation strategies to consider.
2017-03-13 00:35:34 +01:00
filename = convert_and_check_filename(PG_GETARG_TEXT_PP(0), false);
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
if (access(filename, W_OK) < 0)
{
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
if (errno == ENOENT)
PG_RETURN_BOOL(false);
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
else
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
ereport(ERROR,
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
(errcode_for_file_access(),
Get rid of some unnecessary dependencies on DataDir: wherever possible, the backend should rely on its working-directory setting instead. Also do some message-style police work in contrib/adminpack.
2006-11-06 04:06:41 +01:00
errmsg("file \"%s\" is not accessible: %m", filename)));
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
}
if (unlink(filename) < 0)
{
ereport(WARNING,
(errcode_for_file_access(),
Get rid of some unnecessary dependencies on DataDir: wherever possible, the backend should rely on its working-directory setting instead. Also do some message-style police work in contrib/adminpack.
2006-11-06 04:06:41 +01:00
errmsg("could not unlink file \"%s\": %m", filename)));
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
PG_RETURN_BOOL(false);
}
PG_RETURN_BOOL(true);
}
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
/* ------------------------------------
* pg_file_unlink_v1_1 - Version 1.1
*
* As of adminpack version 1.1, we no longer need to check if the user
* is a superuser because we REVOKE EXECUTE on the function from PUBLIC.
* Users can then grant access to it based on their policies.
*
* Otherwise identical to pg_file_unlink (above).
*/
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
Datum
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
pg_file_unlink_v1_1(PG_FUNCTION_ARGS)
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
{
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
char *filename;
filename = convert_and_check_filename(PG_GETARG_TEXT_PP(0), false);
if (access(filename, W_OK) < 0)
{
if (errno == ENOENT)
PG_RETURN_BOOL(false);
else
ereport(ERROR,
(errcode_for_file_access(),
errmsg("file \"%s\" is not accessible: %m", filename)));
}
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
if (unlink(filename) < 0)
{
ereport(WARNING,
(errcode_for_file_access(),
errmsg("could not unlink file \"%s\": %m", filename)));
PG_RETURN_BOOL(false);
}
PG_RETURN_BOOL(true);
}
/* ------------------------------------
* pg_logdir_ls - Old version
*
* The superuser() check here must be kept as the library might be upgraded
* without the extension being upgraded, meaning that in pre-1.1 installations
* these functions could be called by any user.
*/
Datum
pg_logdir_ls(PG_FUNCTION_ARGS)
{
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
if (!superuser())
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
(errmsg("only superuser can list the log directory"))));
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
return (pg_logdir_ls_internal(fcinfo));
}
/* ------------------------------------
* pg_logdir_ls_v1_1 - Version 1.1
*
* As of adminpack version 1.1, we no longer need to check if the user
* is a superuser because we REVOKE EXECUTE on the function from PUBLIC.
* Users can then grant access to it based on their policies.
*
* Otherwise identical to pg_logdir_ls (above).
*/
Datum
pg_logdir_ls_v1_1(PG_FUNCTION_ARGS)
{
return (pg_logdir_ls_internal(fcinfo));
}
Add missing "static" markers. Evidently forgotten in commit 11523e860. Per buildfarm member pademelon.
2018-04-08 16:54:54 +02:00
static Datum
Support new default roles with adminpack This provides a newer version of adminpack which works with the newly added default roles to support GRANT'ing to non-superusers access to read and write files, along with related functions (unlinking files, getting file length, renaming/removing files, scanning the log file directory) which are supported through adminpack. Note that new versions of the functions are required because an environment might have an updated version of the library but still have the old adminpack 1.0 catalog definitions (where EXECUTE is GRANT'd to PUBLIC for the functions). This patch also removes the long-deprecated alternative names for functions that adminpack used to include and which are now included in the backend, in adminpack v1.1. Applications using the deprecated names should be updated to use the backend functions instead. Existing installations which continue to use adminpack v1.0 should continue to function until/unless adminpack is upgraded. Reviewed-By: Michael Paquier Discussion: https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
2018-04-06 20:47:10 +02:00
pg_logdir_ls_internal(FunctionCallInfo fcinfo)
{
FuncCallContext *funcctx;
struct dirent *de;
directory_fctx *fctx;
Marginal code cleanups in pg_logdir_ls: use ReadDir not readdir, and avoid scribbling on its result (might be safe but why risk it)
2006-10-20 02:59:03 +02:00
if (strcmp(Log_filename, "postgresql-%Y-%m-%d_%H%M%S.log") != 0)
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
ereport(ERROR,
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
(errmsg("the log_filename parameter must equal 'postgresql-%%Y-%%m-%%d_%%H%%M%%S.log'"))));
if (SRF_IS_FIRSTCALL())
{
MemoryContext oldcontext;
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
TupleDesc tupdesc;
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
funcctx = SRF_FIRSTCALL_INIT();
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
fctx = palloc(sizeof(directory_fctx));
Get rid of some unnecessary dependencies on DataDir: wherever possible, the backend should rely on its working-directory setting instead. Also do some message-style police work in contrib/adminpack.
2006-11-06 04:06:41 +01:00
Remove WITH OIDS support, change oid catalog column visibility. Previously tables declared WITH OIDS, including a significant fraction of the catalog tables, stored the oid column not as a normal column, but as part of the tuple header. This special column was not shown by default, which was somewhat odd, as it's often (consider e.g. pg_class.oid) one of the more important parts of a row. Neither pg_dump nor COPY included the contents of the oid column by default. The fact that the oid column was not an ordinary column necessitated a significant amount of special case code to support oid columns. That already was painful for the existing, but upcoming work aiming to make table storage pluggable, would have required expanding and duplicating that "specialness" significantly. WITH OIDS has been deprecated since 2005 (commit ff02d0a05280e0). Remove it. Removing includes: - CREATE TABLE and ALTER TABLE syntax for declaring the table to be WITH OIDS has been removed (WITH (oids[ = true]) will error out) - pg_dump does not support dumping tables declared WITH OIDS and will issue a warning when dumping one (and ignore the oid column). - restoring an pg_dump archive with pg_restore will warn when restoring a table with oid contents (and ignore the oid column) - COPY will refuse to load binary dump that includes oids. - pg_upgrade will error out when encountering tables declared WITH OIDS, they have to be altered to remove the oid column first. - Functionality to access the oid of the last inserted row (like plpgsql's RESULT_OID, spi's SPI_lastoid, ...) has been removed. The syntax for declaring a table WITHOUT OIDS (or WITH (oids = false) for CREATE TABLE) is still supported. While that requires a bit of support code, it seems unnecessary to break applications / dumps that do not use oids, and are explicit about not using them. The biggest user of WITH OID columns was postgres' catalog. This commit changes all 'magic' oid columns to be columns that are normally declared and stored. To reduce unnecessary query breakage all the newly added columns are still named 'oid', even if a table's column naming scheme would indicate 'reloid' or such. This obviously requires adapting a lot code, mostly replacing oid access via HeapTupleGetOid() with access to the underlying Form_pg_*->oid column. The bootstrap process now assigns oids for all oid columns in genbki.pl that do not have an explicit value (starting at the largest oid previously used), only oids assigned later by oids will be above FirstBootstrapObjectId. As the oid column now is a normal column the special bootstrap syntax for oids has been removed. Oids are not automatically assigned during insertion anymore, all backend code explicitly assigns oids with GetNewOidWithIndex(). For the rare case that insertions into the catalog via SQL are called for the new pg_nextoid() function can be used (which only works on catalog tables). The fact that oid columns on system tables are now normal columns means that they will be included in the set of columns expanded by * (i.e. SELECT * FROM pg_class will now include the table's oid, previously it did not). It'd not technically be hard to hide oid column by default, but that'd mean confusing behavior would either have to be carried forward forever, or it'd cause breakage down the line. While it's not unlikely that further adjustments are needed, the scope/invasiveness of the patch makes it worthwhile to get merge this now. It's painful to maintain externally, too complicated to commit after the code code freeze, and a dependency of a number of other patches. Catversion bump, for obvious reasons. Author: Andres Freund, with contributions by John Naylor Discussion: https://postgr.es/m/20180930034810.ywp2c7awz7opzcfr@alap3.anarazel.de
2018-11-21 00:36:57 +01:00
tupdesc = CreateTemplateTupleDesc(2);
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
TupleDescInitEntry(tupdesc, (AttrNumber) 1, "starttime",
TIMESTAMPOID, -1, 0);
TupleDescInitEntry(tupdesc, (AttrNumber) 2, "filename",
TEXTOID, -1, 0);
funcctx->attinmeta = TupleDescGetAttInMetadata(tupdesc);
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
Get rid of some unnecessary dependencies on DataDir: wherever possible, the backend should rely on its working-directory setting instead. Also do some message-style police work in contrib/adminpack.
2006-11-06 04:06:41 +01:00
fctx->location = pstrdup(Log_directory);
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
fctx->dirdesc = AllocateDir(fctx->location);
if (!fctx->dirdesc)
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
ereport(ERROR,
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
(errcode_for_file_access(),
Clean up assorted messiness around AllocateDir() usage. This patch fixes a couple of low-probability bugs that could lead to reporting an irrelevant errno value (and hence possibly a wrong SQLSTATE) concerning directory-open or file-open failures. It also fixes places where we took shortcuts in reporting such errors, either by using elog instead of ereport or by using ereport but forgetting to specify an errcode. And it eliminates a lot of just plain redundant error-handling code. In service of all this, export fd.c's formerly-static function ReadDirExtended, so that external callers can make use of the coding pattern dir = AllocateDir(path); while ((de = ReadDirExtended(dir, path, LOG)) != NULL) if they'd like to treat directory-open failures as mere LOG conditions rather than errors. Also fix FreeDir to be a no-op if we reach it with dir == NULL, as such a coding pattern would cause. Then, remove code at many call sites that was throwing an error or log message for AllocateDir failure, as ReadDir or ReadDirExtended can handle that job just fine. Aside from being a net code savings, this gets rid of a lot of not-quite-up-to-snuff reports, as mentioned above. (In some places these changes result in replacing a custom error message such as "could not open tablespace directory" with more generic wording "could not open directory", but it was agreed that the custom wording buys little as long as we report the directory name.) In some other call sites where we can't just remove code, change the error reports to be fully project-style-compliant. Also reorder code in restoreTwoPhaseData that was acquiring a lock between AllocateDir and ReadDir; in the unlikely but surely not impossible case that LWLockAcquire changes errno, AllocateDir failures would be misreported. There is no great value in opening the directory before acquiring TwoPhaseStateLock, so just do it in the other order. Also fix CheckXLogRemoved to guarantee that it preserves errno, as quite a number of call sites are implicitly assuming. (Again, it's unlikely but I think not impossible that errno could change during a SpinLockAcquire. If so, this function was broken for its own purposes as well as breaking callers.) And change a few places that were using not-per-project-style messages, such as "could not read directory" when "could not open directory" is more correct. Back-patch the exporting of ReadDirExtended, in case we have occasion to back-patch some fix that makes use of it; it's not needed right now but surely making it global is pretty harmless. Also back-patch the restoreTwoPhaseData and CheckXLogRemoved fixes. The rest of this is essentially cosmetic and need not get back-patched. Michael Paquier, with a bit of additional work by me Discussion: https://postgr.es/m/CAB7nPqRpOCxjiirHmebEFhXVTK7V5Jvw4bz82p7Oimtsm3TyZA@mail.gmail.com
2017-12-04 23:02:52 +01:00
errmsg("could not open directory \"%s\": %m",
Get rid of some unnecessary dependencies on DataDir: wherever possible, the backend should rely on its working-directory setting instead. Also do some message-style police work in contrib/adminpack.
2006-11-06 04:06:41 +01:00
fctx->location)));
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
funcctx->user_fctx = fctx;
MemoryContextSwitchTo(oldcontext);
}
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
funcctx = SRF_PERCALL_SETUP();
fctx = (directory_fctx *) funcctx->user_fctx;
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
Marginal code cleanups in pg_logdir_ls: use ReadDir not readdir, and avoid scribbling on its result (might be safe but why risk it)
2006-10-20 02:59:03 +02:00
while ((de = ReadDir(fctx->dirdesc, fctx->location)) != NULL)
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
{
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
char *values[2];
HeapTuple tuple;
Marginal code cleanups in pg_logdir_ls: use ReadDir not readdir, and avoid scribbling on its result (might be safe but why risk it)
2006-10-20 02:59:03 +02:00
char timestampbuf[32];
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
char *field[MAXDATEFIELDS];
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
char lowstr[MAXDATELEN + 1];
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
int dtype;
int nf,
ftype[MAXDATEFIELDS];
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
fsec_t fsec;
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
int tz = 0;
struct pg_tm date;
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
/*
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
* Default format: postgresql-YYYY-MM-DD_HHMMSS.log
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
*/
if (strlen(de->d_name) != 32
Marginal code cleanups in pg_logdir_ls: use ReadDir not readdir, and avoid scribbling on its result (might be safe but why risk it)
2006-10-20 02:59:03 +02:00
|| strncmp(de->d_name, "postgresql-", 11) != 0
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
|| de->d_name[21] != '_'
Marginal code cleanups in pg_logdir_ls: use ReadDir not readdir, and avoid scribbling on its result (might be safe but why risk it)
2006-10-20 02:59:03 +02:00
|| strcmp(de->d_name + 28, ".log") != 0)
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
continue;
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
Marginal code cleanups in pg_logdir_ls: use ReadDir not readdir, and avoid scribbling on its result (might be safe but why risk it)
2006-10-20 02:59:03 +02:00
/* extract timestamp portion of filename */
strcpy(timestampbuf, de->d_name + 11);
timestampbuf[17] = '\0';
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
Marginal code cleanups in pg_logdir_ls: use ReadDir not readdir, and avoid scribbling on its result (might be safe but why risk it)
2006-10-20 02:59:03 +02:00
/* parse and decode expected timestamp to verify it's OK format */
if (ParseDateTime(timestampbuf, lowstr, MAXDATELEN, field, ftype, MAXDATEFIELDS, &nf))
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
continue;
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
if (DecodeDateTime(field, ftype, nf, &dtype, &date, &fsec, &tz))
pgindent run for 8.2.
2006-10-04 02:30:14 +02:00
continue;
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
Marginal code cleanups in pg_logdir_ls: use ReadDir not readdir, and avoid scribbling on its result (might be safe but why risk it)
2006-10-20 02:59:03 +02:00
/* Seems the timestamp is OK; prepare and return tuple */
values[0] = timestampbuf;
Add use of asprintf() Add asprintf(), pg_asprintf(), and psprintf() to simplify string allocation and composition. Replacement implementations taken from NetBSD. Reviewed-by: Álvaro Herrera <alvherre@2ndquadrant.com> Reviewed-by: Asif Naeem <anaeem.it@gmail.com>
2013-10-13 06:09:18 +02:00
values[1] = psprintf("%s/%s", fctx->location, de->d_name);
Un-DOS-ify newly added files.
2006-05-30 23:34:15 +02:00
tuple = BuildTupleFromCStrings(funcctx->attinmeta, values);
SRF_RETURN_NEXT(funcctx, HeapTupleGetDatum(tuple));
}
FreeDir(fctx->dirdesc);
SRF_RETURN_DONE(funcctx);
}