2013-12-18 18:16:16 +01:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
|
*
|
|
|
|
|
* username.c
|
|
|
|
|
* get user name
|
|
|
|
|
*
|
2023-01-02 21:00:37 +01:00
|
|
|
* Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group
|
2013-12-18 18:16:16 +01:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
|
|
|
|
*
|
|
|
|
|
* IDENTIFICATION
|
2014-01-11 00:03:28 +01:00
|
|
|
* src/common/username.c
|
2013-12-18 18:16:16 +01:00
|
|
|
*
|
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef FRONTEND
|
|
|
|
|
#include "postgres.h"
|
|
|
|
|
#else
|
|
|
|
|
#include "postgres_fe.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#include <pwd.h>
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
|
2014-01-11 00:03:28 +01:00
|
|
|
#include "common/username.h"
|
2013-12-18 18:16:16 +01:00
|
|
|
|
|
|
|
|
/*
|
Fix libpq's behavior when /etc/passwd isn't readable.
Some users run their applications in chroot environments that lack an
/etc/passwd file. This means that the current UID's user name and home
directory are not obtainable. libpq used to be all right with that,
so long as the database role name to use was specified explicitly.
But commit a4c8f14364c27508233f8a31ac4b10a4c90235a9 broke such cases by
causing any failure of pg_fe_getauthname() to be treated as a hard error.
In any case it did little to advance its nominal goal of causing errors
in pg_fe_getauthname() to be reported better. So revert that and instead
put some real error-reporting code in place. This requires changes to the
APIs of pg_fe_getauthname() and pqGetpwuid(), since the latter had
departed from the POSIX-specified API of getpwuid_r() in a way that made
it impossible to distinguish actual lookup errors from "no such user".
To allow such failures to be reported, while not failing if the caller
supplies a role name, add a second call of pg_fe_getauthname() in
connectOptions2(). This is a tad ugly, and could perhaps be avoided with
some refactoring of PQsetdbLogin(), but I'll leave that idea for later.
(Note that the complained-of misbehavior only occurs in PQsetdbLogin,
not when using the PQconnect functions, because in the latter we will
never bother to call pg_fe_getauthname() if the user gives a role name.)
In passing also clean up the Windows-side usage of GetUserName(): the
recommended buffer size is 257 bytes, the passed buffer length should
be the buffer size not buffer size less 1, and any error is reported
by GetLastError() not errno.
Per report from Christoph Berg. Back-patch to 9.4 where the chroot
failure case was introduced. The generally poor reporting of errors
here is of very long standing, of course, but given the lack of field
complaints about it we won't risk changing these APIs further back
(even though they're theoretically internal to libpq).
2015-01-11 18:35:44 +01:00
|
|
|
* Returns the current user name in a static buffer
|
|
|
|
|
* On error, returns NULL and sets *errstr to point to a palloc'd message
|
2013-12-18 18:16:16 +01:00
|
|
|
*/
|
|
|
|
|
const char *
|
|
|
|
|
get_user_name(char **errstr)
|
|
|
|
|
{
|
|
|
|
|
#ifndef WIN32
|
|
|
|
|
struct passwd *pw;
|
2014-01-30 02:03:57 +01:00
|
|
|
uid_t user_id = geteuid();
|
2013-12-18 18:16:16 +01:00
|
|
|
|
|
|
|
|
*errstr = NULL;
|
|
|
|
|
|
2014-01-30 02:03:57 +01:00
|
|
|
errno = 0; /* clear errno before call */
|
2013-12-18 18:16:16 +01:00
|
|
|
pw = getpwuid(user_id);
|
|
|
|
|
if (!pw)
|
|
|
|
|
{
|
2014-08-09 06:07:00 +02:00
|
|
|
*errstr = psprintf(_("could not look up effective user ID %ld: %s"),
|
2014-01-30 02:03:57 +01:00
|
|
|
(long) user_id,
|
|
|
|
|
errno ? strerror(errno) : _("user does not exist"));
|
2013-12-18 18:16:16 +01:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return pw->pw_name;
|
|
|
|
|
#else
|
Fix libpq's behavior when /etc/passwd isn't readable.
Some users run their applications in chroot environments that lack an
/etc/passwd file. This means that the current UID's user name and home
directory are not obtainable. libpq used to be all right with that,
so long as the database role name to use was specified explicitly.
But commit a4c8f14364c27508233f8a31ac4b10a4c90235a9 broke such cases by
causing any failure of pg_fe_getauthname() to be treated as a hard error.
In any case it did little to advance its nominal goal of causing errors
in pg_fe_getauthname() to be reported better. So revert that and instead
put some real error-reporting code in place. This requires changes to the
APIs of pg_fe_getauthname() and pqGetpwuid(), since the latter had
departed from the POSIX-specified API of getpwuid_r() in a way that made
it impossible to distinguish actual lookup errors from "no such user".
To allow such failures to be reported, while not failing if the caller
supplies a role name, add a second call of pg_fe_getauthname() in
connectOptions2(). This is a tad ugly, and could perhaps be avoided with
some refactoring of PQsetdbLogin(), but I'll leave that idea for later.
(Note that the complained-of misbehavior only occurs in PQsetdbLogin,
not when using the PQconnect functions, because in the latter we will
never bother to call pg_fe_getauthname() if the user gives a role name.)
In passing also clean up the Windows-side usage of GetUserName(): the
recommended buffer size is 257 bytes, the passed buffer length should
be the buffer size not buffer size less 1, and any error is reported
by GetLastError() not errno.
Per report from Christoph Berg. Back-patch to 9.4 where the chroot
failure case was introduced. The generally poor reporting of errors
here is of very long standing, of course, but given the lack of field
complaints about it we won't risk changing these APIs further back
(even though they're theoretically internal to libpq).
2015-01-11 18:35:44 +01:00
|
|
|
/* Microsoft recommends buffer size of UNLEN+1, where UNLEN = 256 */
|
|
|
|
|
/* "static" variable remains after function exit */
|
2013-12-28 01:51:49 +01:00
|
|
|
static char username[256 + 1];
|
Fix libpq's behavior when /etc/passwd isn't readable.
Some users run their applications in chroot environments that lack an
/etc/passwd file. This means that the current UID's user name and home
directory are not obtainable. libpq used to be all right with that,
so long as the database role name to use was specified explicitly.
But commit a4c8f14364c27508233f8a31ac4b10a4c90235a9 broke such cases by
causing any failure of pg_fe_getauthname() to be treated as a hard error.
In any case it did little to advance its nominal goal of causing errors
in pg_fe_getauthname() to be reported better. So revert that and instead
put some real error-reporting code in place. This requires changes to the
APIs of pg_fe_getauthname() and pqGetpwuid(), since the latter had
departed from the POSIX-specified API of getpwuid_r() in a way that made
it impossible to distinguish actual lookup errors from "no such user".
To allow such failures to be reported, while not failing if the caller
supplies a role name, add a second call of pg_fe_getauthname() in
connectOptions2(). This is a tad ugly, and could perhaps be avoided with
some refactoring of PQsetdbLogin(), but I'll leave that idea for later.
(Note that the complained-of misbehavior only occurs in PQsetdbLogin,
not when using the PQconnect functions, because in the latter we will
never bother to call pg_fe_getauthname() if the user gives a role name.)
In passing also clean up the Windows-side usage of GetUserName(): the
recommended buffer size is 257 bytes, the passed buffer length should
be the buffer size not buffer size less 1, and any error is reported
by GetLastError() not errno.
Per report from Christoph Berg. Back-patch to 9.4 where the chroot
failure case was introduced. The generally poor reporting of errors
here is of very long standing, of course, but given the lack of field
complaints about it we won't risk changing these APIs further back
(even though they're theoretically internal to libpq).
2015-01-11 18:35:44 +01:00
|
|
|
DWORD len = sizeof(username);
|
2013-12-18 18:16:16 +01:00
|
|
|
|
2014-03-28 15:30:37 +01:00
|
|
|
*errstr = NULL;
|
|
|
|
|
|
2013-12-18 18:16:16 +01:00
|
|
|
if (!GetUserName(username, &len))
|
|
|
|
|
{
|
Fix libpq's behavior when /etc/passwd isn't readable.
Some users run their applications in chroot environments that lack an
/etc/passwd file. This means that the current UID's user name and home
directory are not obtainable. libpq used to be all right with that,
so long as the database role name to use was specified explicitly.
But commit a4c8f14364c27508233f8a31ac4b10a4c90235a9 broke such cases by
causing any failure of pg_fe_getauthname() to be treated as a hard error.
In any case it did little to advance its nominal goal of causing errors
in pg_fe_getauthname() to be reported better. So revert that and instead
put some real error-reporting code in place. This requires changes to the
APIs of pg_fe_getauthname() and pqGetpwuid(), since the latter had
departed from the POSIX-specified API of getpwuid_r() in a way that made
it impossible to distinguish actual lookup errors from "no such user".
To allow such failures to be reported, while not failing if the caller
supplies a role name, add a second call of pg_fe_getauthname() in
connectOptions2(). This is a tad ugly, and could perhaps be avoided with
some refactoring of PQsetdbLogin(), but I'll leave that idea for later.
(Note that the complained-of misbehavior only occurs in PQsetdbLogin,
not when using the PQconnect functions, because in the latter we will
never bother to call pg_fe_getauthname() if the user gives a role name.)
In passing also clean up the Windows-side usage of GetUserName(): the
recommended buffer size is 257 bytes, the passed buffer length should
be the buffer size not buffer size less 1, and any error is reported
by GetLastError() not errno.
Per report from Christoph Berg. Back-patch to 9.4 where the chroot
failure case was introduced. The generally poor reporting of errors
here is of very long standing, of course, but given the lack of field
complaints about it we won't risk changing these APIs further back
(even though they're theoretically internal to libpq).
2015-01-11 18:35:44 +01:00
|
|
|
*errstr = psprintf(_("user name lookup failure: error code %lu"),
|
|
|
|
|
GetLastError());
|
2013-12-18 18:16:16 +01:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return username;
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Returns the current user name in a static buffer or exits
|
|
|
|
|
*/
|
|
|
|
|
const char *
|
|
|
|
|
get_user_name_or_exit(const char *progname)
|
|
|
|
|
{
|
|
|
|
|
const char *user_name;
|
2013-12-27 05:51:56 +01:00
|
|
|
char *errstr;
|
2013-12-18 18:16:16 +01:00
|
|
|
|
|
|
|
|
user_name = get_user_name(&errstr);
|
|
|
|
|
|
|
|
|
|
if (!user_name)
|
|
|
|
|
{
|
|
|
|
|
fprintf(stderr, "%s: %s\n", progname, errstr);
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
return user_name;
|
|
|
|
|
}
|
