2006-05-30 23:34:15 +02:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
*
|
2006-10-19 19:48:04 +02:00
|
|
|
* adminpack.c
|
2006-05-30 23:34:15 +02:00
|
|
|
*
|
|
|
|
*
|
2019-01-02 18:44:25 +01:00
|
|
|
* Copyright (c) 2002-2019, PostgreSQL Global Development Group
|
2006-10-04 02:30:14 +02:00
|
|
|
*
|
2006-05-30 23:34:15 +02:00
|
|
|
* Author: Andreas Pflug <pgadmin@pse-consulting.de>
|
|
|
|
*
|
|
|
|
* IDENTIFICATION
|
2010-09-20 22:08:53 +02:00
|
|
|
* contrib/adminpack/adminpack.c
|
2006-05-30 23:34:15 +02:00
|
|
|
*
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
*/
|
|
|
|
#include "postgres.h"
|
|
|
|
|
|
|
|
#include <sys/file.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
|
2018-04-06 20:47:10 +02:00
|
|
|
#include "catalog/pg_authid.h"
|
2006-05-30 23:34:15 +02:00
|
|
|
#include "catalog/pg_type.h"
|
|
|
|
#include "funcapi.h"
|
2006-10-20 02:59:03 +02:00
|
|
|
#include "miscadmin.h"
|
2006-10-19 20:32:48 +02:00
|
|
|
#include "postmaster/syslogger.h"
|
2006-07-11 18:35:33 +02:00
|
|
|
#include "storage/fd.h"
|
2008-03-25 23:42:46 +01:00
|
|
|
#include "utils/builtins.h"
|
2006-05-30 23:34:15 +02:00
|
|
|
#include "utils/datetime.h"
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef WIN32
|
|
|
|
|
|
|
|
#ifdef rename
|
|
|
|
#undef rename
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef unlink
|
|
|
|
#undef unlink
|
|
|
|
#endif
|
|
|
|
#endif
|
|
|
|
|
|
|
|
PG_MODULE_MAGIC;
|
|
|
|
|
|
|
|
PG_FUNCTION_INFO_V1(pg_file_write);
|
2018-04-06 20:47:10 +02:00
|
|
|
PG_FUNCTION_INFO_V1(pg_file_write_v1_1);
|
2006-05-30 23:34:15 +02:00
|
|
|
PG_FUNCTION_INFO_V1(pg_file_rename);
|
2018-04-06 20:47:10 +02:00
|
|
|
PG_FUNCTION_INFO_V1(pg_file_rename_v1_1);
|
2006-05-30 23:34:15 +02:00
|
|
|
PG_FUNCTION_INFO_V1(pg_file_unlink);
|
2018-04-06 20:47:10 +02:00
|
|
|
PG_FUNCTION_INFO_V1(pg_file_unlink_v1_1);
|
2006-05-30 23:34:15 +02:00
|
|
|
PG_FUNCTION_INFO_V1(pg_logdir_ls);
|
2018-04-06 20:47:10 +02:00
|
|
|
PG_FUNCTION_INFO_V1(pg_logdir_ls_v1_1);
|
|
|
|
|
|
|
|
static int64 pg_file_write_internal(text *file, text *data, bool replace);
|
|
|
|
static bool pg_file_rename_internal(text *file1, text *file2, text *file3);
|
|
|
|
static Datum pg_logdir_ls_internal(FunctionCallInfo fcinfo);
|
2006-05-30 23:34:15 +02:00
|
|
|
|
2006-10-04 02:30:14 +02:00
|
|
|
typedef struct
|
2006-05-30 23:34:15 +02:00
|
|
|
{
|
2006-10-04 02:30:14 +02:00
|
|
|
char *location;
|
|
|
|
DIR *dirdesc;
|
2006-05-30 23:34:15 +02:00
|
|
|
} directory_fctx;
|
|
|
|
|
|
|
|
/*-----------------------
|
|
|
|
* some helper functions
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
2006-11-06 04:06:41 +01:00
|
|
|
* Convert a "text" filename argument to C string, and check it's allowable.
|
|
|
|
*
|
|
|
|
* Filename may be absolute or relative to the DataDir, but we only allow
|
|
|
|
* absolute paths that match DataDir or Log_directory.
|
2006-05-30 23:34:15 +02:00
|
|
|
*/
|
2006-10-04 02:30:14 +02:00
|
|
|
static char *
|
2006-11-06 04:06:41 +01:00
|
|
|
convert_and_check_filename(text *arg, bool logAllowed)
|
2006-05-30 23:34:15 +02:00
|
|
|
{
|
2008-03-25 23:42:46 +01:00
|
|
|
char *filename = text_to_cstring(arg);
|
2006-05-30 23:34:15 +02:00
|
|
|
|
2006-11-06 04:06:41 +01:00
|
|
|
canonicalize_path(filename); /* filename can change length here */
|
2006-05-30 23:34:15 +02:00
|
|
|
|
2018-04-06 20:47:10 +02:00
|
|
|
/*
|
|
|
|
* Members of the 'pg_write_server_files' role are allowed to access any
|
|
|
|
* files on the server as the PG user, so no need to do any further checks
|
|
|
|
* here.
|
|
|
|
*/
|
|
|
|
if (is_member_of_role(GetUserId(), DEFAULT_ROLE_WRITE_SERVER_FILES))
|
|
|
|
return filename;
|
|
|
|
|
|
|
|
/* User isn't a member of the default role, so check if it's allowable */
|
2006-05-30 23:34:15 +02:00
|
|
|
if (is_absolute_path(filename))
|
|
|
|
{
|
2011-02-12 15:47:51 +01:00
|
|
|
/* Disallow '/a/b/data/..' */
|
|
|
|
if (path_contains_parent_reference(filename))
|
|
|
|
ereport(ERROR,
|
2011-04-10 17:42:00 +02:00
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
Phase 3 of pgindent updates.
Don't move parenthesized lines to the left, even if that means they
flow past the right margin.
By default, BSD indent lines up statement continuation lines that are
within parentheses so that they start just to the right of the preceding
left parenthesis. However, traditionally, if that resulted in the
continuation line extending to the right of the desired right margin,
then indent would push it left just far enough to not overrun the margin,
if it could do so without making the continuation line start to the left of
the current statement indent. That makes for a weird mix of indentations
unless one has been completely rigid about never violating the 80-column
limit.
This behavior has been pretty universally panned by Postgres developers.
Hence, disable it with indent's new -lpl switch, so that parenthesized
lines are always lined up with the preceding left paren.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
|
|
|
(errmsg("reference to parent directory (\"..\") not allowed"))));
|
2011-04-10 17:42:00 +02:00
|
|
|
|
2011-02-12 15:47:51 +01:00
|
|
|
/*
|
2011-04-10 17:42:00 +02:00
|
|
|
* Allow absolute paths if within DataDir or Log_directory, even
|
|
|
|
* though Log_directory might be outside DataDir.
|
2011-02-12 15:47:51 +01:00
|
|
|
*/
|
|
|
|
if (!path_is_prefix_of_path(DataDir, filename) &&
|
|
|
|
(!logAllowed || !is_absolute_path(Log_directory) ||
|
|
|
|
!path_is_prefix_of_path(Log_directory, filename)))
|
|
|
|
ereport(ERROR,
|
2011-04-10 17:42:00 +02:00
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
(errmsg("absolute path not allowed"))));
|
2006-05-30 23:34:15 +02:00
|
|
|
}
|
2011-02-12 15:47:51 +01:00
|
|
|
else if (!path_is_relative_and_below_cwd(filename))
|
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
(errmsg("path must be in or below the current directory"))));
|
|
|
|
|
|
|
|
return filename;
|
2006-05-30 23:34:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* check for superuser, bark if not.
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
requireSuperuser(void)
|
|
|
|
{
|
|
|
|
if (!superuser())
|
2006-10-04 02:30:14 +02:00
|
|
|
ereport(ERROR,
|
2006-05-30 23:34:15 +02:00
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
Phase 3 of pgindent updates.
Don't move parenthesized lines to the left, even if that means they
flow past the right margin.
By default, BSD indent lines up statement continuation lines that are
within parentheses so that they start just to the right of the preceding
left parenthesis. However, traditionally, if that resulted in the
continuation line extending to the right of the desired right margin,
then indent would push it left just far enough to not overrun the margin,
if it could do so without making the continuation line start to the left of
the current statement indent. That makes for a weird mix of indentations
unless one has been completely rigid about never violating the 80-column
limit.
This behavior has been pretty universally panned by Postgres developers.
Hence, disable it with indent's new -lpl switch, so that parenthesized
lines are always lined up with the preceding left paren.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
2017-06-21 21:35:54 +02:00
|
|
|
(errmsg("only superuser may access generic file functions"))));
|
2006-05-30 23:34:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* ------------------------------------
|
2018-04-06 20:47:10 +02:00
|
|
|
* pg_file_write - old version
|
|
|
|
*
|
|
|
|
* The superuser() check here must be kept as the library might be upgraded
|
|
|
|
* without the extension being upgraded, meaning that in pre-1.1 installations
|
|
|
|
* these functions could be called by any user.
|
2006-05-30 23:34:15 +02:00
|
|
|
*/
|
2006-10-04 02:30:14 +02:00
|
|
|
Datum
|
|
|
|
pg_file_write(PG_FUNCTION_ARGS)
|
2006-05-30 23:34:15 +02:00
|
|
|
{
|
2018-04-06 20:47:10 +02:00
|
|
|
text *file = PG_GETARG_TEXT_PP(0);
|
|
|
|
text *data = PG_GETARG_TEXT_PP(1);
|
|
|
|
bool replace = PG_GETARG_BOOL(2);
|
2006-10-04 02:30:14 +02:00
|
|
|
int64 count = 0;
|
2006-05-30 23:34:15 +02:00
|
|
|
|
|
|
|
requireSuperuser();
|
|
|
|
|
2018-04-06 20:47:10 +02:00
|
|
|
count = pg_file_write_internal(file, data, replace);
|
|
|
|
|
|
|
|
PG_RETURN_INT64(count);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* ------------------------------------
|
|
|
|
* pg_file_write_v1_1 - Version 1.1
|
|
|
|
*
|
|
|
|
* As of adminpack version 1.1, we no longer need to check if the user
|
|
|
|
* is a superuser because we REVOKE EXECUTE on the function from PUBLIC.
|
|
|
|
* Users can then grant access to it based on their policies.
|
|
|
|
*
|
|
|
|
* Otherwise identical to pg_file_write (above).
|
|
|
|
*/
|
|
|
|
Datum
|
|
|
|
pg_file_write_v1_1(PG_FUNCTION_ARGS)
|
|
|
|
{
|
|
|
|
text *file = PG_GETARG_TEXT_PP(0);
|
|
|
|
text *data = PG_GETARG_TEXT_PP(1);
|
|
|
|
bool replace = PG_GETARG_BOOL(2);
|
|
|
|
int64 count = 0;
|
|
|
|
|
|
|
|
count = pg_file_write_internal(file, data, replace);
|
|
|
|
|
|
|
|
PG_RETURN_INT64(count);
|
|
|
|
}
|
2006-05-30 23:34:15 +02:00
|
|
|
|
2018-04-06 20:47:10 +02:00
|
|
|
/* ------------------------------------
|
|
|
|
* pg_file_write_internal - Workhorse for pg_file_write functions.
|
|
|
|
*
|
|
|
|
* This handles the actual work for pg_file_write.
|
|
|
|
*/
|
2018-04-08 16:54:54 +02:00
|
|
|
static int64
|
2018-04-06 20:47:10 +02:00
|
|
|
pg_file_write_internal(text *file, text *data, bool replace)
|
|
|
|
{
|
|
|
|
FILE *f;
|
|
|
|
char *filename;
|
|
|
|
int64 count = 0;
|
|
|
|
|
|
|
|
filename = convert_and_check_filename(file, false);
|
|
|
|
|
|
|
|
if (!replace)
|
2006-05-30 23:34:15 +02:00
|
|
|
{
|
2006-10-04 02:30:14 +02:00
|
|
|
struct stat fst;
|
|
|
|
|
2006-05-30 23:34:15 +02:00
|
|
|
if (stat(filename, &fst) >= 0)
|
2006-10-04 02:30:14 +02:00
|
|
|
ereport(ERROR,
|
2006-05-30 23:34:15 +02:00
|
|
|
(ERRCODE_DUPLICATE_FILE,
|
2006-11-06 04:06:41 +01:00
|
|
|
errmsg("file \"%s\" exists", filename)));
|
2006-05-30 23:34:15 +02:00
|
|
|
|
2017-03-13 00:35:31 +01:00
|
|
|
f = AllocateFile(filename, "wb");
|
2006-05-30 23:34:15 +02:00
|
|
|
}
|
|
|
|
else
|
2017-03-13 00:35:31 +01:00
|
|
|
f = AllocateFile(filename, "ab");
|
2006-05-30 23:34:15 +02:00
|
|
|
|
|
|
|
if (!f)
|
|
|
|
ereport(ERROR,
|
|
|
|
(errcode_for_file_access(),
|
2006-11-06 04:06:41 +01:00
|
|
|
errmsg("could not open file \"%s\" for writing: %m",
|
|
|
|
filename)));
|
2006-05-30 23:34:15 +02:00
|
|
|
|
2017-03-13 00:35:34 +01:00
|
|
|
count = fwrite(VARDATA_ANY(data), 1, VARSIZE_ANY_EXHDR(data), f);
|
|
|
|
if (count != VARSIZE_ANY_EXHDR(data) || FreeFile(f))
|
2017-03-13 00:35:31 +01:00
|
|
|
ereport(ERROR,
|
|
|
|
(errcode_for_file_access(),
|
|
|
|
errmsg("could not write file \"%s\": %m", filename)));
|
2006-05-30 23:34:15 +02:00
|
|
|
|
2018-04-06 20:47:10 +02:00
|
|
|
return (count);
|
2006-05-30 23:34:15 +02:00
|
|
|
}
|
|
|
|
|
2018-04-06 20:47:10 +02:00
|
|
|
/* ------------------------------------
|
|
|
|
* pg_file_rename - old version
|
|
|
|
*
|
|
|
|
* The superuser() check here must be kept as the library might be upgraded
|
|
|
|
* without the extension being upgraded, meaning that in pre-1.1 installations
|
|
|
|
* these functions could be called by any user.
|
|
|
|
*/
|
2006-10-04 02:30:14 +02:00
|
|
|
Datum
|
|
|
|
pg_file_rename(PG_FUNCTION_ARGS)
|
2006-05-30 23:34:15 +02:00
|
|
|
{
|
2018-04-06 20:47:10 +02:00
|
|
|
text *file1;
|
|
|
|
text *file2;
|
|
|
|
text *file3;
|
|
|
|
bool result;
|
2006-05-30 23:34:15 +02:00
|
|
|
|
|
|
|
requireSuperuser();
|
|
|
|
|
|
|
|
if (PG_ARGISNULL(0) || PG_ARGISNULL(1))
|
|
|
|
PG_RETURN_NULL();
|
|
|
|
|
2018-04-06 20:47:10 +02:00
|
|
|
file1 = PG_GETARG_TEXT_PP(0);
|
|
|
|
file2 = PG_GETARG_TEXT_PP(1);
|
|
|
|
|
2006-05-30 23:34:15 +02:00
|
|
|
if (PG_ARGISNULL(2))
|
2018-04-06 20:47:10 +02:00
|
|
|
file3 = NULL;
|
|
|
|
else
|
|
|
|
file3 = PG_GETARG_TEXT_PP(2);
|
|
|
|
|
|
|
|
result = pg_file_rename_internal(file1, file2, file3);
|
|
|
|
|
|
|
|
PG_RETURN_BOOL(result);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* ------------------------------------
|
|
|
|
* pg_file_rename_v1_1 - Version 1.1
|
|
|
|
*
|
|
|
|
* As of adminpack version 1.1, we no longer need to check if the user
|
|
|
|
* is a superuser because we REVOKE EXECUTE on the function from PUBLIC.
|
|
|
|
* Users can then grant access to it based on their policies.
|
|
|
|
*
|
|
|
|
* Otherwise identical to pg_file_write (above).
|
|
|
|
*/
|
|
|
|
Datum
|
|
|
|
pg_file_rename_v1_1(PG_FUNCTION_ARGS)
|
|
|
|
{
|
|
|
|
text *file1;
|
|
|
|
text *file2;
|
|
|
|
text *file3;
|
|
|
|
bool result;
|
|
|
|
|
|
|
|
if (PG_ARGISNULL(0) || PG_ARGISNULL(1))
|
|
|
|
PG_RETURN_NULL();
|
|
|
|
|
|
|
|
file1 = PG_GETARG_TEXT_PP(0);
|
|
|
|
file2 = PG_GETARG_TEXT_PP(1);
|
|
|
|
|
|
|
|
if (PG_ARGISNULL(2))
|
|
|
|
file3 = NULL;
|
|
|
|
else
|
|
|
|
file3 = PG_GETARG_TEXT_PP(2);
|
|
|
|
|
|
|
|
result = pg_file_rename_internal(file1, file2, file3);
|
|
|
|
|
|
|
|
PG_RETURN_BOOL(result);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* ------------------------------------
|
|
|
|
* pg_file_rename_internal - Workhorse for pg_file_rename functions.
|
|
|
|
*
|
|
|
|
* This handles the actual work for pg_file_rename.
|
|
|
|
*/
|
2018-04-08 16:54:54 +02:00
|
|
|
static bool
|
2018-04-06 20:47:10 +02:00
|
|
|
pg_file_rename_internal(text *file1, text *file2, text *file3)
|
|
|
|
{
|
|
|
|
char *fn1,
|
|
|
|
*fn2,
|
|
|
|
*fn3;
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
fn1 = convert_and_check_filename(file1, false);
|
|
|
|
fn2 = convert_and_check_filename(file2, false);
|
|
|
|
|
|
|
|
if (file3 == NULL)
|
2018-04-15 19:02:11 +02:00
|
|
|
fn3 = NULL;
|
2006-05-30 23:34:15 +02:00
|
|
|
else
|
2018-04-06 20:47:10 +02:00
|
|
|
fn3 = convert_and_check_filename(file3, false);
|
2006-05-30 23:34:15 +02:00
|
|
|
|
|
|
|
if (access(fn1, W_OK) < 0)
|
|
|
|
{
|
|
|
|
ereport(WARNING,
|
|
|
|
(errcode_for_file_access(),
|
2006-11-06 04:06:41 +01:00
|
|
|
errmsg("file \"%s\" is not accessible: %m", fn1)));
|
2006-05-30 23:34:15 +02:00
|
|
|
|
2018-04-06 20:47:10 +02:00
|
|
|
return false;
|
2006-05-30 23:34:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (fn3 && access(fn2, W_OK) < 0)
|
|
|
|
{
|
|
|
|
ereport(WARNING,
|
|
|
|
(errcode_for_file_access(),
|
2006-11-06 04:06:41 +01:00
|
|
|
errmsg("file \"%s\" is not accessible: %m", fn2)));
|
2006-05-30 23:34:15 +02:00
|
|
|
|
2018-04-06 20:47:10 +02:00
|
|
|
return false;
|
2006-05-30 23:34:15 +02:00
|
|
|
}
|
|
|
|
|
2018-04-15 19:02:11 +02:00
|
|
|
rc = access(fn3 ? fn3 : fn2, W_OK);
|
2006-05-30 23:34:15 +02:00
|
|
|
if (rc >= 0 || errno != ENOENT)
|
|
|
|
{
|
|
|
|
ereport(ERROR,
|
|
|
|
(ERRCODE_DUPLICATE_FILE,
|
2006-11-06 04:06:41 +01:00
|
|
|
errmsg("cannot rename to target file \"%s\"",
|
|
|
|
fn3 ? fn3 : fn2)));
|
2006-05-30 23:34:15 +02:00
|
|
|
}
|
2006-10-04 02:30:14 +02:00
|
|
|
|
2006-05-30 23:34:15 +02:00
|
|
|
if (fn3)
|
|
|
|
{
|
2006-10-04 02:30:14 +02:00
|
|
|
if (rename(fn2, fn3) != 0)
|
2006-05-30 23:34:15 +02:00
|
|
|
{
|
|
|
|
ereport(ERROR,
|
|
|
|
(errcode_for_file_access(),
|
2006-11-06 04:06:41 +01:00
|
|
|
errmsg("could not rename \"%s\" to \"%s\": %m",
|
|
|
|
fn2, fn3)));
|
2006-05-30 23:34:15 +02:00
|
|
|
}
|
|
|
|
if (rename(fn1, fn2) != 0)
|
|
|
|
{
|
|
|
|
ereport(WARNING,
|
|
|
|
(errcode_for_file_access(),
|
2006-11-06 04:06:41 +01:00
|
|
|
errmsg("could not rename \"%s\" to \"%s\": %m",
|
|
|
|
fn1, fn2)));
|
2006-05-30 23:34:15 +02:00
|
|
|
|
|
|
|
if (rename(fn3, fn2) != 0)
|
|
|
|
{
|
|
|
|
ereport(ERROR,
|
|
|
|
(errcode_for_file_access(),
|
2006-11-06 04:06:41 +01:00
|
|
|
errmsg("could not rename \"%s\" back to \"%s\": %m",
|
|
|
|
fn3, fn2)));
|
2006-05-30 23:34:15 +02:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
ereport(ERROR,
|
|
|
|
(ERRCODE_UNDEFINED_FILE,
|
2006-11-06 04:06:41 +01:00
|
|
|
errmsg("renaming \"%s\" to \"%s\" was reverted",
|
|
|
|
fn2, fn3)));
|
2006-05-30 23:34:15 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (rename(fn1, fn2) != 0)
|
|
|
|
{
|
|
|
|
ereport(ERROR,
|
|
|
|
(errcode_for_file_access(),
|
2006-11-06 04:06:41 +01:00
|
|
|
errmsg("could not rename \"%s\" to \"%s\": %m", fn1, fn2)));
|
2006-05-30 23:34:15 +02:00
|
|
|
}
|
|
|
|
|
2018-04-06 20:47:10 +02:00
|
|
|
return true;
|
2006-05-30 23:34:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-04-06 20:47:10 +02:00
|
|
|
/* ------------------------------------
|
|
|
|
* pg_file_unlink - old version
|
|
|
|
*
|
|
|
|
* The superuser() check here must be kept as the library might be upgraded
|
|
|
|
* without the extension being upgraded, meaning that in pre-1.1 installations
|
|
|
|
* these functions could be called by any user.
|
|
|
|
*/
|
2006-10-04 02:30:14 +02:00
|
|
|
Datum
|
|
|
|
pg_file_unlink(PG_FUNCTION_ARGS)
|
2006-05-30 23:34:15 +02:00
|
|
|
{
|
2006-10-04 02:30:14 +02:00
|
|
|
char *filename;
|
2006-05-30 23:34:15 +02:00
|
|
|
|
|
|
|
requireSuperuser();
|
|
|
|
|
2017-03-13 00:35:34 +01:00
|
|
|
filename = convert_and_check_filename(PG_GETARG_TEXT_PP(0), false);
|
2006-05-30 23:34:15 +02:00
|
|
|
|
|
|
|
if (access(filename, W_OK) < 0)
|
|
|
|
{
|
2006-10-04 02:30:14 +02:00
|
|
|
if (errno == ENOENT)
|
|
|
|
PG_RETURN_BOOL(false);
|
2006-05-30 23:34:15 +02:00
|
|
|
else
|
2006-10-04 02:30:14 +02:00
|
|
|
ereport(ERROR,
|
2006-05-30 23:34:15 +02:00
|
|
|
(errcode_for_file_access(),
|
2006-11-06 04:06:41 +01:00
|
|
|
errmsg("file \"%s\" is not accessible: %m", filename)));
|
2006-05-30 23:34:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (unlink(filename) < 0)
|
|
|
|
{
|
|
|
|
ereport(WARNING,
|
|
|
|
(errcode_for_file_access(),
|
2006-11-06 04:06:41 +01:00
|
|
|
errmsg("could not unlink file \"%s\": %m", filename)));
|
2006-05-30 23:34:15 +02:00
|
|
|
|
|
|
|
PG_RETURN_BOOL(false);
|
|
|
|
}
|
|
|
|
PG_RETURN_BOOL(true);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-04-06 20:47:10 +02:00
|
|
|
/* ------------------------------------
|
|
|
|
* pg_file_unlink_v1_1 - Version 1.1
|
|
|
|
*
|
|
|
|
* As of adminpack version 1.1, we no longer need to check if the user
|
|
|
|
* is a superuser because we REVOKE EXECUTE on the function from PUBLIC.
|
|
|
|
* Users can then grant access to it based on their policies.
|
|
|
|
*
|
|
|
|
* Otherwise identical to pg_file_unlink (above).
|
|
|
|
*/
|
2006-10-04 02:30:14 +02:00
|
|
|
Datum
|
2018-04-06 20:47:10 +02:00
|
|
|
pg_file_unlink_v1_1(PG_FUNCTION_ARGS)
|
2006-05-30 23:34:15 +02:00
|
|
|
{
|
2018-04-06 20:47:10 +02:00
|
|
|
char *filename;
|
|
|
|
|
|
|
|
filename = convert_and_check_filename(PG_GETARG_TEXT_PP(0), false);
|
|
|
|
|
|
|
|
if (access(filename, W_OK) < 0)
|
|
|
|
{
|
|
|
|
if (errno == ENOENT)
|
|
|
|
PG_RETURN_BOOL(false);
|
|
|
|
else
|
|
|
|
ereport(ERROR,
|
|
|
|
(errcode_for_file_access(),
|
|
|
|
errmsg("file \"%s\" is not accessible: %m", filename)));
|
|
|
|
}
|
2006-05-30 23:34:15 +02:00
|
|
|
|
2018-04-06 20:47:10 +02:00
|
|
|
if (unlink(filename) < 0)
|
|
|
|
{
|
|
|
|
ereport(WARNING,
|
|
|
|
(errcode_for_file_access(),
|
|
|
|
errmsg("could not unlink file \"%s\": %m", filename)));
|
|
|
|
|
|
|
|
PG_RETURN_BOOL(false);
|
|
|
|
}
|
|
|
|
PG_RETURN_BOOL(true);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* ------------------------------------
|
|
|
|
* pg_logdir_ls - Old version
|
|
|
|
*
|
|
|
|
* The superuser() check here must be kept as the library might be upgraded
|
|
|
|
* without the extension being upgraded, meaning that in pre-1.1 installations
|
|
|
|
* these functions could be called by any user.
|
|
|
|
*/
|
|
|
|
Datum
|
|
|
|
pg_logdir_ls(PG_FUNCTION_ARGS)
|
|
|
|
{
|
2006-10-04 02:30:14 +02:00
|
|
|
if (!superuser())
|
2006-05-30 23:34:15 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
|
|
|
(errmsg("only superuser can list the log directory"))));
|
2006-10-04 02:30:14 +02:00
|
|
|
|
2018-04-06 20:47:10 +02:00
|
|
|
return (pg_logdir_ls_internal(fcinfo));
|
|
|
|
}
|
|
|
|
|
|
|
|
/* ------------------------------------
|
|
|
|
* pg_logdir_ls_v1_1 - Version 1.1
|
|
|
|
*
|
|
|
|
* As of adminpack version 1.1, we no longer need to check if the user
|
|
|
|
* is a superuser because we REVOKE EXECUTE on the function from PUBLIC.
|
|
|
|
* Users can then grant access to it based on their policies.
|
|
|
|
*
|
|
|
|
* Otherwise identical to pg_logdir_ls (above).
|
|
|
|
*/
|
|
|
|
Datum
|
|
|
|
pg_logdir_ls_v1_1(PG_FUNCTION_ARGS)
|
|
|
|
{
|
|
|
|
return (pg_logdir_ls_internal(fcinfo));
|
|
|
|
}
|
|
|
|
|
2018-04-08 16:54:54 +02:00
|
|
|
static Datum
|
2018-04-06 20:47:10 +02:00
|
|
|
pg_logdir_ls_internal(FunctionCallInfo fcinfo)
|
|
|
|
{
|
|
|
|
FuncCallContext *funcctx;
|
|
|
|
struct dirent *de;
|
|
|
|
directory_fctx *fctx;
|
|
|
|
|
2006-10-20 02:59:03 +02:00
|
|
|
if (strcmp(Log_filename, "postgresql-%Y-%m-%d_%H%M%S.log") != 0)
|
2006-05-30 23:34:15 +02:00
|
|
|
ereport(ERROR,
|
|
|
|
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
|
|
|
|
(errmsg("the log_filename parameter must equal 'postgresql-%%Y-%%m-%%d_%%H%%M%%S.log'"))));
|
|
|
|
|
|
|
|
if (SRF_IS_FIRSTCALL())
|
|
|
|
{
|
|
|
|
MemoryContext oldcontext;
|
2006-10-04 02:30:14 +02:00
|
|
|
TupleDesc tupdesc;
|
2006-05-30 23:34:15 +02:00
|
|
|
|
2006-10-04 02:30:14 +02:00
|
|
|
funcctx = SRF_FIRSTCALL_INIT();
|
2006-05-30 23:34:15 +02:00
|
|
|
oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx);
|
|
|
|
|
|
|
|
fctx = palloc(sizeof(directory_fctx));
|
2006-11-06 04:06:41 +01:00
|
|
|
|
Remove WITH OIDS support, change oid catalog column visibility.
Previously tables declared WITH OIDS, including a significant fraction
of the catalog tables, stored the oid column not as a normal column,
but as part of the tuple header.
This special column was not shown by default, which was somewhat odd,
as it's often (consider e.g. pg_class.oid) one of the more important
parts of a row. Neither pg_dump nor COPY included the contents of the
oid column by default.
The fact that the oid column was not an ordinary column necessitated a
significant amount of special case code to support oid columns. That
already was painful for the existing, but upcoming work aiming to make
table storage pluggable, would have required expanding and duplicating
that "specialness" significantly.
WITH OIDS has been deprecated since 2005 (commit ff02d0a05280e0).
Remove it.
Removing includes:
- CREATE TABLE and ALTER TABLE syntax for declaring the table to be
WITH OIDS has been removed (WITH (oids[ = true]) will error out)
- pg_dump does not support dumping tables declared WITH OIDS and will
issue a warning when dumping one (and ignore the oid column).
- restoring an pg_dump archive with pg_restore will warn when
restoring a table with oid contents (and ignore the oid column)
- COPY will refuse to load binary dump that includes oids.
- pg_upgrade will error out when encountering tables declared WITH
OIDS, they have to be altered to remove the oid column first.
- Functionality to access the oid of the last inserted row (like
plpgsql's RESULT_OID, spi's SPI_lastoid, ...) has been removed.
The syntax for declaring a table WITHOUT OIDS (or WITH (oids = false)
for CREATE TABLE) is still supported. While that requires a bit of
support code, it seems unnecessary to break applications / dumps that
do not use oids, and are explicit about not using them.
The biggest user of WITH OID columns was postgres' catalog. This
commit changes all 'magic' oid columns to be columns that are normally
declared and stored. To reduce unnecessary query breakage all the
newly added columns are still named 'oid', even if a table's column
naming scheme would indicate 'reloid' or such. This obviously
requires adapting a lot code, mostly replacing oid access via
HeapTupleGetOid() with access to the underlying Form_pg_*->oid column.
The bootstrap process now assigns oids for all oid columns in
genbki.pl that do not have an explicit value (starting at the largest
oid previously used), only oids assigned later by oids will be above
FirstBootstrapObjectId. As the oid column now is a normal column the
special bootstrap syntax for oids has been removed.
Oids are not automatically assigned during insertion anymore, all
backend code explicitly assigns oids with GetNewOidWithIndex(). For
the rare case that insertions into the catalog via SQL are called for
the new pg_nextoid() function can be used (which only works on catalog
tables).
The fact that oid columns on system tables are now normal columns
means that they will be included in the set of columns expanded
by * (i.e. SELECT * FROM pg_class will now include the table's oid,
previously it did not). It'd not technically be hard to hide oid
column by default, but that'd mean confusing behavior would either
have to be carried forward forever, or it'd cause breakage down the
line.
While it's not unlikely that further adjustments are needed, the
scope/invasiveness of the patch makes it worthwhile to get merge this
now. It's painful to maintain externally, too complicated to commit
after the code code freeze, and a dependency of a number of other
patches.
Catversion bump, for obvious reasons.
Author: Andres Freund, with contributions by John Naylor
Discussion: https://postgr.es/m/20180930034810.ywp2c7awz7opzcfr@alap3.anarazel.de
2018-11-21 00:36:57 +01:00
|
|
|
tupdesc = CreateTemplateTupleDesc(2);
|
2006-05-30 23:34:15 +02:00
|
|
|
TupleDescInitEntry(tupdesc, (AttrNumber) 1, "starttime",
|
|
|
|
TIMESTAMPOID, -1, 0);
|
|
|
|
TupleDescInitEntry(tupdesc, (AttrNumber) 2, "filename",
|
|
|
|
TEXTOID, -1, 0);
|
|
|
|
|
|
|
|
funcctx->attinmeta = TupleDescGetAttInMetadata(tupdesc);
|
2006-10-04 02:30:14 +02:00
|
|
|
|
2006-11-06 04:06:41 +01:00
|
|
|
fctx->location = pstrdup(Log_directory);
|
2006-05-30 23:34:15 +02:00
|
|
|
fctx->dirdesc = AllocateDir(fctx->location);
|
|
|
|
|
|
|
|
if (!fctx->dirdesc)
|
2006-10-04 02:30:14 +02:00
|
|
|
ereport(ERROR,
|
2006-05-30 23:34:15 +02:00
|
|
|
(errcode_for_file_access(),
|
Clean up assorted messiness around AllocateDir() usage.
This patch fixes a couple of low-probability bugs that could lead to
reporting an irrelevant errno value (and hence possibly a wrong SQLSTATE)
concerning directory-open or file-open failures. It also fixes places
where we took shortcuts in reporting such errors, either by using elog
instead of ereport or by using ereport but forgetting to specify an
errcode. And it eliminates a lot of just plain redundant error-handling
code.
In service of all this, export fd.c's formerly-static function
ReadDirExtended, so that external callers can make use of the coding
pattern
dir = AllocateDir(path);
while ((de = ReadDirExtended(dir, path, LOG)) != NULL)
if they'd like to treat directory-open failures as mere LOG conditions
rather than errors. Also fix FreeDir to be a no-op if we reach it
with dir == NULL, as such a coding pattern would cause.
Then, remove code at many call sites that was throwing an error or log
message for AllocateDir failure, as ReadDir or ReadDirExtended can handle
that job just fine. Aside from being a net code savings, this gets rid of
a lot of not-quite-up-to-snuff reports, as mentioned above. (In some
places these changes result in replacing a custom error message such as
"could not open tablespace directory" with more generic wording "could not
open directory", but it was agreed that the custom wording buys little as
long as we report the directory name.) In some other call sites where we
can't just remove code, change the error reports to be fully
project-style-compliant.
Also reorder code in restoreTwoPhaseData that was acquiring a lock
between AllocateDir and ReadDir; in the unlikely but surely not
impossible case that LWLockAcquire changes errno, AllocateDir failures
would be misreported. There is no great value in opening the directory
before acquiring TwoPhaseStateLock, so just do it in the other order.
Also fix CheckXLogRemoved to guarantee that it preserves errno,
as quite a number of call sites are implicitly assuming. (Again,
it's unlikely but I think not impossible that errno could change
during a SpinLockAcquire. If so, this function was broken for its
own purposes as well as breaking callers.)
And change a few places that were using not-per-project-style messages,
such as "could not read directory" when "could not open directory" is
more correct.
Back-patch the exporting of ReadDirExtended, in case we have occasion
to back-patch some fix that makes use of it; it's not needed right now
but surely making it global is pretty harmless. Also back-patch the
restoreTwoPhaseData and CheckXLogRemoved fixes. The rest of this is
essentially cosmetic and need not get back-patched.
Michael Paquier, with a bit of additional work by me
Discussion: https://postgr.es/m/CAB7nPqRpOCxjiirHmebEFhXVTK7V5Jvw4bz82p7Oimtsm3TyZA@mail.gmail.com
2017-12-04 23:02:52 +01:00
|
|
|
errmsg("could not open directory \"%s\": %m",
|
2006-11-06 04:06:41 +01:00
|
|
|
fctx->location)));
|
2006-05-30 23:34:15 +02:00
|
|
|
|
|
|
|
funcctx->user_fctx = fctx;
|
|
|
|
MemoryContextSwitchTo(oldcontext);
|
|
|
|
}
|
|
|
|
|
2006-10-04 02:30:14 +02:00
|
|
|
funcctx = SRF_PERCALL_SETUP();
|
|
|
|
fctx = (directory_fctx *) funcctx->user_fctx;
|
2006-05-30 23:34:15 +02:00
|
|
|
|
2006-10-20 02:59:03 +02:00
|
|
|
while ((de = ReadDir(fctx->dirdesc, fctx->location)) != NULL)
|
2006-05-30 23:34:15 +02:00
|
|
|
{
|
2006-10-04 02:30:14 +02:00
|
|
|
char *values[2];
|
|
|
|
HeapTuple tuple;
|
2006-10-20 02:59:03 +02:00
|
|
|
char timestampbuf[32];
|
2006-10-04 02:30:14 +02:00
|
|
|
char *field[MAXDATEFIELDS];
|
2006-05-30 23:34:15 +02:00
|
|
|
char lowstr[MAXDATELEN + 1];
|
2006-10-04 02:30:14 +02:00
|
|
|
int dtype;
|
|
|
|
int nf,
|
|
|
|
ftype[MAXDATEFIELDS];
|
2006-05-30 23:34:15 +02:00
|
|
|
fsec_t fsec;
|
2006-10-04 02:30:14 +02:00
|
|
|
int tz = 0;
|
|
|
|
struct pg_tm date;
|
2006-05-30 23:34:15 +02:00
|
|
|
|
|
|
|
/*
|
2006-10-04 02:30:14 +02:00
|
|
|
* Default format: postgresql-YYYY-MM-DD_HHMMSS.log
|
2006-05-30 23:34:15 +02:00
|
|
|
*/
|
|
|
|
if (strlen(de->d_name) != 32
|
2006-10-20 02:59:03 +02:00
|
|
|
|| strncmp(de->d_name, "postgresql-", 11) != 0
|
2006-05-30 23:34:15 +02:00
|
|
|
|| de->d_name[21] != '_'
|
2006-10-20 02:59:03 +02:00
|
|
|
|| strcmp(de->d_name + 28, ".log") != 0)
|
2006-10-04 02:30:14 +02:00
|
|
|
continue;
|
2006-05-30 23:34:15 +02:00
|
|
|
|
2006-10-20 02:59:03 +02:00
|
|
|
/* extract timestamp portion of filename */
|
|
|
|
strcpy(timestampbuf, de->d_name + 11);
|
|
|
|
timestampbuf[17] = '\0';
|
2006-05-30 23:34:15 +02:00
|
|
|
|
2006-10-20 02:59:03 +02:00
|
|
|
/* parse and decode expected timestamp to verify it's OK format */
|
|
|
|
if (ParseDateTime(timestampbuf, lowstr, MAXDATELEN, field, ftype, MAXDATEFIELDS, &nf))
|
2006-10-04 02:30:14 +02:00
|
|
|
continue;
|
2006-05-30 23:34:15 +02:00
|
|
|
|
|
|
|
if (DecodeDateTime(field, ftype, nf, &dtype, &date, &fsec, &tz))
|
2006-10-04 02:30:14 +02:00
|
|
|
continue;
|
2006-05-30 23:34:15 +02:00
|
|
|
|
2006-10-20 02:59:03 +02:00
|
|
|
/* Seems the timestamp is OK; prepare and return tuple */
|
|
|
|
|
|
|
|
values[0] = timestampbuf;
|
2013-10-13 06:09:18 +02:00
|
|
|
values[1] = psprintf("%s/%s", fctx->location, de->d_name);
|
2006-05-30 23:34:15 +02:00
|
|
|
|
|
|
|
tuple = BuildTupleFromCStrings(funcctx->attinmeta, values);
|
|
|
|
|
|
|
|
SRF_RETURN_NEXT(funcctx, HeapTupleGetDatum(tuple));
|
|
|
|
}
|
|
|
|
|
|
|
|
FreeDir(fctx->dirdesc);
|
|
|
|
SRF_RETURN_DONE(funcctx);
|
|
|
|
}
|