2017-08-12 03:04:04 +02:00
|
|
|
CREATE EXTENSION adminpack;
|
|
|
|
-- create new file
|
|
|
|
SELECT pg_file_write('test_file1', 'test1', false);
|
|
|
|
pg_file_write
|
|
|
|
---------------
|
|
|
|
5
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
SELECT pg_read_file('test_file1');
|
|
|
|
pg_read_file
|
|
|
|
--------------
|
|
|
|
test1
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
-- append
|
|
|
|
SELECT pg_file_write('test_file1', 'test1', true);
|
|
|
|
pg_file_write
|
|
|
|
---------------
|
|
|
|
5
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
SELECT pg_read_file('test_file1');
|
|
|
|
pg_read_file
|
|
|
|
--------------
|
|
|
|
test1test1
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
-- error, already exists
|
|
|
|
SELECT pg_file_write('test_file1', 'test1', false);
|
|
|
|
ERROR: file "test_file1" exists
|
|
|
|
SELECT pg_read_file('test_file1');
|
|
|
|
pg_read_file
|
|
|
|
--------------
|
|
|
|
test1test1
|
|
|
|
(1 row)
|
|
|
|
|
2018-04-06 20:47:10 +02:00
|
|
|
-- disallowed file paths for non-superusers and users who are
|
|
|
|
-- not members of pg_write_server_files
|
2022-10-05 19:43:13 +02:00
|
|
|
CREATE ROLE regress_adminpack_user1;
|
|
|
|
GRANT pg_read_all_settings TO regress_adminpack_user1;
|
|
|
|
GRANT EXECUTE ON FUNCTION pg_file_write(text,text,bool) TO regress_adminpack_user1;
|
|
|
|
SET ROLE regress_adminpack_user1;
|
2017-08-12 03:04:04 +02:00
|
|
|
SELECT pg_file_write('../test_file0', 'test0', false);
|
2023-03-16 17:04:08 +01:00
|
|
|
ERROR: path must be in or below the data directory
|
2017-08-12 03:04:04 +02:00
|
|
|
SELECT pg_file_write('/tmp/test_file0', 'test0', false);
|
|
|
|
ERROR: absolute path not allowed
|
|
|
|
SELECT pg_file_write(current_setting('data_directory') || '/test_file4', 'test4', false);
|
|
|
|
pg_file_write
|
|
|
|
---------------
|
|
|
|
5
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
SELECT pg_file_write(current_setting('data_directory') || '/../test_file4', 'test4', false);
|
Make canonicalize_path() more canonical.
Teach canonicalize_path() how to strip all unnecessary uses of "."
and "..", replacing the previous ad-hoc code that got rid of only
some such cases. In particular, we can always remove all such
uses from absolute paths.
The proximate reason to do this is that Windows rejects paths
involving ".." in some cases (in particular, you can't put one in a
symlink), so we ought to be sure we don't use ".." unnecessarily.
Moreover, it seems like good cleanup on general principles.
There is other path-munging code that could be simplified now, but
we'll leave that for followup work.
It is tempting to call this a bug fix and back-patch it. On the other
hand, the misbehavior can only be reached if a highly privileged user
does something dubious, so it's not unreasonable to say "so don't do
that". And this patch could result in unexpected behavioral changes,
in case anybody was expecting uses of ".." to stay put. So at least
for now, just put it in HEAD.
Shenhao Wang, editorialized a bit by me
Discussion: https://postgr.es/m/OSBPR01MB4214FA221FFE046F11F2AD74F2D49@OSBPR01MB4214.jpnprd01.prod.outlook.com
2022-01-31 18:05:37 +01:00
|
|
|
ERROR: absolute path not allowed
|
2018-04-06 20:47:10 +02:00
|
|
|
RESET ROLE;
|
2022-10-05 19:43:13 +02:00
|
|
|
REVOKE EXECUTE ON FUNCTION pg_file_write(text,text,bool) FROM regress_adminpack_user1;
|
|
|
|
REVOKE pg_read_all_settings FROM regress_adminpack_user1;
|
|
|
|
DROP ROLE regress_adminpack_user1;
|
2020-01-24 12:42:52 +01:00
|
|
|
-- sync
|
|
|
|
SELECT pg_file_sync('test_file1'); -- sync file
|
|
|
|
pg_file_sync
|
|
|
|
--------------
|
|
|
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
SELECT pg_file_sync('pg_stat'); -- sync directory
|
|
|
|
pg_file_sync
|
|
|
|
--------------
|
|
|
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
SELECT pg_file_sync('test_file2'); -- not there
|
|
|
|
ERROR: could not stat file "test_file2": No such file or directory
|
2017-08-12 03:04:04 +02:00
|
|
|
-- rename file
|
|
|
|
SELECT pg_file_rename('test_file1', 'test_file2');
|
|
|
|
pg_file_rename
|
|
|
|
----------------
|
|
|
|
t
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
SELECT pg_read_file('test_file1'); -- not there
|
Read until EOF vice stat-reported size in read_binary_file
read_binary_file(), used by SQL functions pg_read_file() and friends,
uses stat to determine file length to read, when not passed an explicit
length as an argument. This is problematic, for example, if the file
being read is a virtual file with a stat-reported length of zero.
Arrange to read until EOF, or StringInfo data string lenth limit, is
reached instead.
Original complaint and patch by me, with significant review, corrections,
advice, and code optimizations by Tom Lane. Backpatched to v11. Prior to
that only paths relative to the data and log dirs were allowed for files,
so no "zero length" files were reachable anyway.
Reviewed-By: Tom Lane
Discussion: https://postgr.es/m/flat/969b8d82-5bb2-5fa8-4eb1-f0e685c5d736%40joeconway.com
Backpatch-through: 11
2020-07-04 12:26:53 +02:00
|
|
|
ERROR: could not open file "test_file1" for reading: No such file or directory
|
2017-08-12 03:04:04 +02:00
|
|
|
SELECT pg_read_file('test_file2');
|
|
|
|
pg_read_file
|
|
|
|
--------------
|
|
|
|
test1test1
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
-- error
|
|
|
|
SELECT pg_file_rename('test_file1', 'test_file2');
|
|
|
|
WARNING: file "test_file1" is not accessible: No such file or directory
|
|
|
|
pg_file_rename
|
|
|
|
----------------
|
|
|
|
f
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
-- rename file and archive
|
|
|
|
SELECT pg_file_write('test_file3', 'test3', false);
|
|
|
|
pg_file_write
|
|
|
|
---------------
|
|
|
|
5
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
SELECT pg_file_rename('test_file2', 'test_file3', 'test_file3_archive');
|
|
|
|
pg_file_rename
|
|
|
|
----------------
|
|
|
|
t
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
SELECT pg_read_file('test_file2'); -- not there
|
Read until EOF vice stat-reported size in read_binary_file
read_binary_file(), used by SQL functions pg_read_file() and friends,
uses stat to determine file length to read, when not passed an explicit
length as an argument. This is problematic, for example, if the file
being read is a virtual file with a stat-reported length of zero.
Arrange to read until EOF, or StringInfo data string lenth limit, is
reached instead.
Original complaint and patch by me, with significant review, corrections,
advice, and code optimizations by Tom Lane. Backpatched to v11. Prior to
that only paths relative to the data and log dirs were allowed for files,
so no "zero length" files were reachable anyway.
Reviewed-By: Tom Lane
Discussion: https://postgr.es/m/flat/969b8d82-5bb2-5fa8-4eb1-f0e685c5d736%40joeconway.com
Backpatch-through: 11
2020-07-04 12:26:53 +02:00
|
|
|
ERROR: could not open file "test_file2" for reading: No such file or directory
|
2017-08-12 03:04:04 +02:00
|
|
|
SELECT pg_read_file('test_file3');
|
|
|
|
pg_read_file
|
|
|
|
--------------
|
|
|
|
test1test1
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
SELECT pg_read_file('test_file3_archive');
|
|
|
|
pg_read_file
|
|
|
|
--------------
|
|
|
|
test3
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
-- unlink
|
|
|
|
SELECT pg_file_unlink('test_file1'); -- does not exist
|
|
|
|
pg_file_unlink
|
|
|
|
----------------
|
|
|
|
f
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
SELECT pg_file_unlink('test_file2'); -- does not exist
|
|
|
|
pg_file_unlink
|
|
|
|
----------------
|
|
|
|
f
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
SELECT pg_file_unlink('test_file3');
|
|
|
|
pg_file_unlink
|
|
|
|
----------------
|
|
|
|
t
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
SELECT pg_file_unlink('test_file3_archive');
|
|
|
|
pg_file_unlink
|
|
|
|
----------------
|
|
|
|
t
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
SELECT pg_file_unlink('test_file4');
|
|
|
|
pg_file_unlink
|
|
|
|
----------------
|
|
|
|
t
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
-- superuser checks
|
2022-10-05 19:43:13 +02:00
|
|
|
CREATE USER regress_adminpack_user1;
|
|
|
|
SET ROLE regress_adminpack_user1;
|
2017-08-12 03:04:04 +02:00
|
|
|
SELECT pg_file_write('test_file0', 'test0', false);
|
2018-04-06 20:47:10 +02:00
|
|
|
ERROR: permission denied for function pg_file_write
|
2020-01-24 12:42:52 +01:00
|
|
|
SELECT pg_file_sync('test_file0');
|
|
|
|
ERROR: permission denied for function pg_file_sync
|
2017-08-12 03:04:04 +02:00
|
|
|
SELECT pg_file_rename('test_file0', 'test_file0');
|
2018-04-06 20:47:10 +02:00
|
|
|
ERROR: permission denied for function pg_file_rename
|
2017-08-12 03:04:04 +02:00
|
|
|
CONTEXT: SQL function "pg_file_rename" statement 1
|
|
|
|
SELECT pg_file_unlink('test_file0');
|
2018-04-06 20:47:10 +02:00
|
|
|
ERROR: permission denied for function pg_file_unlink
|
2017-08-12 03:04:04 +02:00
|
|
|
SELECT pg_logdir_ls();
|
2018-04-06 20:47:10 +02:00
|
|
|
ERROR: permission denied for function pg_logdir_ls
|
2017-08-12 03:04:04 +02:00
|
|
|
RESET ROLE;
|
2022-10-05 19:43:13 +02:00
|
|
|
DROP USER regress_adminpack_user1;
|
2017-08-12 03:04:04 +02:00
|
|
|
-- no further tests for pg_logdir_ls() because it depends on the
|
|
|
|
-- server's logging setup
|