*/
#include "postgres_fe.h"
+#include "fe_utils/connect.h"
#include "libpq-fe.h"
#include "pg_getopt.h"
PGconn *conn;
char *password = NULL;
bool new_pass;
+ PGresult *res;
/*
* Start the connection. Loop until we have a password if requested by
exit(1);
}
+ res = PQexec(conn, ALWAYS_SECURE_SEARCH_PATH_SQL);
+ if (PQresultStatus(res) != PGRES_TUPLES_OK)
+ {
+ fprintf(stderr, "oid2name: could not clear search_path: %s\n",
+ PQerrorMessage(conn));
+ PQclear(res);
+ PQfinish(conn);
+ exit(-1);
+ }
+ PQclear(res);
+
/* return the conn if good */
return conn;
}
#include "postgres_fe.h"
+#include "fe_utils/connect.h"
#include "pg_upgrade.h"
exit(1);
}
+ PQclear(executeQueryOrDie(conn, ALWAYS_SECURE_SEARCH_PATH_SQL));
+
return conn;
}
#include
#endif
+#include "fe_utils/connect.h"
#include "libpq-fe.h"
#include "pg_getopt.h"
fprintf(stdout, "Test run: no large objects will be removed!\n");
}
- /*
- * Don't get fooled by any non-system catalogs
- */
- res = PQexec(conn, "SET search_path = pg_catalog");
- if (PQresultStatus(res) != PGRES_COMMAND_OK)
+ res = PQexec(conn, ALWAYS_SECURE_SEARCH_PATH_SQL);
+ if (PQresultStatus(res) != PGRES_TUPLES_OK)
{
fprintf(stderr, "Failed to set search_path:\n");
fprintf(stderr, "%s", PQerrorMessage(conn));
/* must unblock signals before calling rebuild_database_list */
PG_SETMASK(&UnBlockSig);
+ /*
+ * Set always-secure search path. Launcher doesn't connect to a database,
+ * so this has no effect.
+ */
+ SetConfigOption("search_path", "", PGC_SUSET, PGC_S_OVERRIDE);
+
/*
* Force zero_damaged_pages OFF in the autovac process, even if it is set
* in postgresql.conf. We don't really want such a dangerous option being
PG_SETMASK(&UnBlockSig);
+ /*
+ * Set always-secure search path, so malicious users can't redirect user
+ * code (e.g. pg_index.indexprs). (That code runs in a
+ * SECURITY_RESTRICTED_OPERATION sandbox, so malicious users could not
+ * take control of the entire autovacuum worker in any case.)
+ */
+ SetConfigOption("search_path", "", PGC_SUSET, PGC_S_OVERRIDE);
+
/*
* Force zero_damaged_pages OFF in the autovac process, even if it is set
* in postgresql.conf. We don't really want such a dangerous option being
#include "common/fe_memutils.h"
#include "datatype/timestamp.h"
+#include "fe_utils/connect.h"
const char *progname;
char *connection_string = NULL;
if (conn_opts)
PQconninfoFree(conn_opts);
+ /* Set always-secure search path, so malicious users can't get control. */
+ if (dbname != NULL)
+ {
+ PGresult *res;
+
+ res = PQexec(tmpconn, ALWAYS_SECURE_SEARCH_PATH_SQL);
+ if (PQresultStatus(res) != PGRES_TUPLES_OK)
+ {
+ fprintf(stderr, _("%s: could not clear search_path: %s\n"),
+ progname, PQerrorMessage(tmpconn));
+ PQclear(res);
+ PQfinish(tmpconn);
+ exit(1);
+ }
+ PQclear(res);
+ }
+
/*
* Ensure we have the same value of integer timestamps as the server we
* are connecting to.
}
/*
- * Now decide what we need to emit. Note there will be a leading "^(" in
- * the patterns in any case.
+ * Now decide what we need to emit. We may run under a hostile
+ * search_path, so qualify EVERY name. Note there will be a leading "^("
+ * in the patterns in any case.
*/
if (namebuf.len > 2)
{
WHEREAND();
if (altnamevar)
{
- appendPQExpBuffer(buf, "(%s ~ ", namevar);
+ appendPQExpBuffer(buf,
+ "(%s OPERATOR(pg_catalog.~) ", namevar);
appendStringLiteralConn(buf, namebuf.data, conn);
- appendPQExpBuffer(buf, "\n OR %s ~ ", altnamevar);
+ appendPQExpBuffer(buf,
+ "\n OR %s OPERATOR(pg_catalog.~) ",
+ altnamevar);
appendStringLiteralConn(buf, namebuf.data, conn);
appendPQExpBufferStr(buf, ")\n");
}
else
{
- appendPQExpBuffer(buf, "%s ~ ", namevar);
+ appendPQExpBuffer(buf, "%s OPERATOR(pg_catalog.~) ", namevar);
appendStringLiteralConn(buf, namebuf.data, conn);
appendPQExpBufferChar(buf, '\n');
}
if (strcmp(schemabuf.data, "^(.*)$") != 0 && schemavar)
{
WHEREAND();
- appendPQExpBuffer(buf, "%s ~ ", schemavar);
+ appendPQExpBuffer(buf, "%s OPERATOR(pg_catalog.~) ", schemavar);
appendStringLiteralConn(buf, schemabuf.data, conn);
appendPQExpBufferChar(buf, '\n');
}
*-------------------------------------------------------------------------
*/
+#include "fe_utils/connect.h"
#include "pg_backup_db.h"
#include "pg_backup_utils.h"
#include "dumputils.h"
PQfinish(AH->connection);
AH->connection = newConn;
+ /* Start strict; later phases may override this. */
+ if (PQserverVersion(AH->connection) >= 70300)
+ PQclear(ExecuteSqlQueryForSingleRow((Archive *) AH,
+ ALWAYS_SECURE_SEARCH_PATH_SQL));
+
return 1;
}
PQdb(AH->connection) ? PQdb(AH->connection) : "",
PQerrorMessage(AH->connection));
+ /* Start strict; later phases may override this. */
+ if (PQserverVersion(AH->connection) >= 70300)
+ PQclear(ExecuteSqlQueryForSingleRow((Archive *) AH,
+ ALWAYS_SECURE_SEARCH_PATH_SQL));
+
/*
* We want to remember connection's actual password, whether or not we got
* it by prompting. So we don't just store the password variable.
#include "pg_backup_db.h"
#include "pg_backup_utils.h"
#include "dumputils.h"
+#include "fe_utils/connect.h"
#include "parallel.h"
PGconn *conn = GetConnection(AH);
const char *std_strings;
+ if (AH->remoteVersion >= 70300)
+ PQclear(ExecuteSqlQueryForSingleRow(AH, ALWAYS_SECURE_SEARCH_PATH_SQL));
+
/*
* Set the client encoding if requested.
*/
for (cell = patterns->head; cell; cell = cell->next)
{
+ /*
+ * Query must remain ABSOLUTELY devoid of unqualified names. This
+ * would be unnecessary given a pg_table_is_visible() variant taking a
+ * search_path argument.
+ */
if (cell != patterns->head)
appendPQExpBufferStr(query, "UNION ALL\n");
appendPQExpBuffer(query,
"SELECT c.oid"
"\nFROM pg_catalog.pg_class c"
- "\n LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace"
- "\nWHERE c.relkind in ('%c', '%c', '%c', '%c', '%c')\n",
+ "\n LEFT JOIN pg_catalog.pg_namespace n"
+ "\n ON n.oid OPERATOR(pg_catalog.=) c.relnamespace"
+ "\nWHERE c.relkind OPERATOR(pg_catalog.=) ANY"
+ "\n (array['%c', '%c', '%c', '%c', '%c'])\n",
RELKIND_RELATION, RELKIND_SEQUENCE, RELKIND_VIEW,
RELKIND_MATVIEW, RELKIND_FOREIGN_TABLE);
processSQLNamePattern(GetConnection(fout), query, cell->val, true,
"pg_catalog.pg_table_is_visible(c.oid)");
}
+ ExecuteSqlStatement(fout, "RESET search_path");
res = ExecuteSqlQuery(fout, query->data, PGRES_TUPLES_OK);
+ PQclear(ExecuteSqlQueryForSingleRow(fout, ALWAYS_SECURE_SEARCH_PATH_SQL));
for (i = 0; i < PQntuples(res); i++)
{
#include "dumputils.h"
#include "pg_backup.h"
+#include "fe_utils/connect.h"
/* version string we expect back from pg_dump */
#define PGDUMP_VERSIONSTR "pg_dump (PostgreSQL) " PG_VERSION "\n"
exit_nicely(1);
}
- /*
- * On 7.3 and later, make sure we are not fooled by non-system schemas in
- * the search path.
- */
if (server_version >= 70300)
- executeCommand(conn, "SET search_path = pg_catalog");
+ PQclear(executeQuery(conn, ALWAYS_SECURE_SEARCH_PATH_SQL));
return conn;
}
%: %.o $(WIN32RES)
$(CC) $(CFLAGS) $^ $(libpq_pgport) $(LDFLAGS) $(LDFLAGS_EX) $(LIBS) -o $@$(X)
-createdb: createdb.o common.o dumputils.o kwlookup.o keywords.o | submake-libpq submake-libpgport
-createlang: createlang.o common.o print.o mbprint.o | submake-libpq submake-libpgport
-createuser: createuser.o common.o dumputils.o kwlookup.o keywords.o | submake-libpq submake-libpgport
-dropdb: dropdb.o common.o dumputils.o kwlookup.o keywords.o | submake-libpq submake-libpgport
-droplang: droplang.o common.o print.o mbprint.o | submake-libpq submake-libpgport
-dropuser: dropuser.o common.o dumputils.o kwlookup.o keywords.o | submake-libpq submake-libpgport
-clusterdb: clusterdb.o common.o dumputils.o kwlookup.o keywords.o | submake-libpq submake-libpgport
-vacuumdb: vacuumdb.o common.o dumputils.o kwlookup.o keywords.o | submake-libpq submake-libpgport
-reindexdb: reindexdb.o common.o dumputils.o kwlookup.o keywords.o | submake-libpq submake-libpgport
-pg_isready: pg_isready.o common.o | submake-libpq submake-libpgport
+SCRIPTS_COMMON = common.o dumputils.o kwlookup.o keywords.o
+createdb: createdb.o $(SCRIPTS_COMMON) | submake-libpq submake-libpgport
+createlang: createlang.o $(SCRIPTS_COMMON) print.o mbprint.o | submake-libpq submake-libpgport
+createuser: createuser.o $(SCRIPTS_COMMON) | submake-libpq submake-libpgport
+dropdb: dropdb.o $(SCRIPTS_COMMON) | submake-libpq submake-libpgport
+droplang: droplang.o $(SCRIPTS_COMMON) print.o mbprint.o | submake-libpq submake-libpgport
+dropuser: dropuser.o $(SCRIPTS_COMMON) | submake-libpq submake-libpgport
+clusterdb: clusterdb.o $(SCRIPTS_COMMON) | submake-libpq submake-libpgport
+vacuumdb: vacuumdb.o $(SCRIPTS_COMMON) | submake-libpq submake-libpgport
+reindexdb: reindexdb.o $(SCRIPTS_COMMON) | submake-libpq submake-libpgport
+pg_isready: pg_isready.o $(SCRIPTS_COMMON) | submake-libpq submake-libpgport
dumputils.c keywords.c: % : $(top_srcdir)/src/bin/pg_dump/%
rm -f $@ && $(LN_S) $< .
clean distclean maintainer-clean:
rm -f $(addsuffix $(X), $(PROGRAMS)) $(addsuffix .o, $(PROGRAMS))
- rm -f common.o dumputils.o kwlookup.o keywords.o print.o mbprint.o $(WIN32RES)
+ rm -f $(SCRIPTS_COMMON) print.o mbprint.o $(WIN32RES)
rm -f dumputils.c print.c mbprint.c kwlookup.c keywords.c
rm -rf tmp_check
PGconn *conn;
+ conn = connectDatabase(dbname, host, port, username, prompt_password,
+ progname, echo, false);
+
initPQExpBuffer(&sql);
appendPQExpBufferStr(&sql, "CLUSTER");
if (verbose)
appendPQExpBufferStr(&sql, " VERBOSE");
if (table)
- appendPQExpBuffer(&sql, " %s", table);
- appendPQExpBufferStr(&sql, ";");
+ {
+ appendPQExpBufferChar(&sql, ' ');
+ appendQualifiedRelation(&sql, table, conn, progname, echo);
+ }
+ appendPQExpBufferChar(&sql, ';');
- conn = connectDatabase(dbname, host, port, username, prompt_password,
- progname, false);
if (!executeMaintenanceCommand(conn, sql.data, echo))
{
if (table)
int i;
conn = connectMaintenanceDatabase(maintenance_db, host, port, username,
- prompt_password, progname);
+ prompt_password, progname, echo);
result = executeQuery(conn, "SELECT datname FROM pg_database WHERE datallowconn ORDER BY 1;", progname, echo);
PQfinish(conn);
#include
#include "common.h"
+#include "dumputils.h"
+#include "fe_utils/connect.h"
static void SetCancelConn(PGconn *conn);
static void ResetCancelConn(void);
* interactive password prompt is automatically issued if required.
*/
PGconn *
-connectDatabase(const char *dbname, const char *pghost, const char *pgport,
- const char *pguser, enum trivalue prompt_password,
- const char *progname, bool fail_ok)
+connectDatabase(const char *dbname, const char *pghost,
+ const char *pgport, const char *pguser,
+ enum trivalue prompt_password, const char *progname,
+ bool echo, bool fail_ok)
{
PGconn *conn;
char *password = NULL;
exit(1);
}
+ if (PQserverVersion(conn) >= 70300)
+ PQclear(executeQuery(conn, ALWAYS_SECURE_SEARCH_PATH_SQL,
+ progname, echo));
+
return conn;
}
* Try to connect to the appropriate maintenance database.
*/
PGconn *
-connectMaintenanceDatabase(const char *maintenance_db, const char *pghost,
- const char *pgport, const char *pguser,
- enum trivalue prompt_password,
- const char *progname)
+connectMaintenanceDatabase(const char *maintenance_db,
+ const char *pghost, const char *pgport,
+ const char *pguser, enum trivalue prompt_password,
+ const char *progname, bool echo)
{
PGconn *conn;
/* If a maintenance database name was specified, just connect to it. */
if (maintenance_db)
return connectDatabase(maintenance_db, pghost, pgport, pguser,
- prompt_password, progname, false);
+ prompt_password, progname, echo, false);
/* Otherwise, try postgres first and then template1. */
conn = connectDatabase("postgres", pghost, pgport, pguser, prompt_password,
- progname, true);
+ progname, echo, true);
if (!conn)
conn = connectDatabase("template1", pghost, pgport, pguser,
- prompt_password, progname, false);
+ prompt_password, progname, echo, false);
return conn;
}
return r;
}
+
+/*
+ * Split TABLE[(COLUMNS)] into TABLE and [(COLUMNS)] portions. When you
+ * finish using them, pg_free(*table). *columns is a pointer into "spec",
+ * possibly to its NUL terminator.
+ */
+static void
+split_table_columns_spec(const char *spec, int encoding,
+ char **table, const char **columns)
+{
+ bool inquotes = false;
+ const char *cp = spec;
+
+ /*
+ * Find the first '(' not identifier-quoted. Based on
+ * dequote_downcase_identifier().
+ */
+ while (*cp && (*cp != '(' || inquotes))
+ {
+ if (*cp == '"')
+ {
+ if (inquotes && cp[1] == '"')
+ cp++; /* pair does not affect quoting */
+ else
+ inquotes = !inquotes;
+ cp++;
+ }
+ else
+ cp += PQmblen(cp, encoding);
+ }
+ *table = pg_strdup(spec);
+ (*table)[cp - spec] = '\0'; /* no strndup */
+ *columns = cp;
+}
+
+/*
+ * Break apart TABLE[(COLUMNS)] of "spec". With the reset_val of search_path
+ * in effect, have regclassin() interpret the TABLE portion. Append to "buf"
+ * the qualified name of TABLE, followed by any (COLUMNS). Exit on failure.
+ * We use this to interpret --table=foo under the search path psql would get,
+ * in advance of "ANALYZE public.foo" under the always-secure search path.
+ */
+void
+appendQualifiedRelation(PQExpBuffer buf, const char *spec,
+ PGconn *conn, const char *progname, bool echo)
+{
+ char *table;
+ const char *columns;
+ PQExpBufferData sql;
+ PGresult *res;
+ int ntups;
+
+ /* Before 7.3, the concept of qualifying a name did not exist. */
+ if (PQserverVersion(conn) < 70300)
+ {
+ appendPQExpBufferStr(&sql, spec);
+ return;
+ }
+
+ split_table_columns_spec(spec, PQclientEncoding(conn), &table, &columns);
+
+ /*
+ * Query must remain ABSOLUTELY devoid of unqualified names. This would
+ * be unnecessary given a regclassin() variant taking a search_path
+ * argument.
+ */
+ initPQExpBuffer(&sql);
+ appendPQExpBufferStr(&sql,
+ "SELECT c.relname, ns.nspname\n"
+ " FROM pg_catalog.pg_class c,"
+ " pg_catalog.pg_namespace ns\n"
+ " WHERE c.relnamespace OPERATOR(pg_catalog.=) ns.oid\n"
+ " AND c.oid OPERATOR(pg_catalog.=) ");
+ appendStringLiteralConn(&sql, table, conn);
+ appendPQExpBufferStr(&sql, "::pg_catalog.regclass;");
+
+ executeCommand(conn, "RESET search_path", progname, echo);
+
+ /*
+ * One row is a typical result, as is a nonexistent relation ERROR.
+ * regclassin() unconditionally accepts all-digits input as an OID; if no
+ * relation has that OID; this query returns no rows. Catalog corruption
+ * might elicit other row counts.
+ */
+ res = executeQuery(conn, sql.data, progname, echo);
+ ntups = PQntuples(res);
+ if (ntups != 1)
+ {
+ fprintf(stderr,
+ ngettext("%s: query returned %d row instead of one: %s\n",
+ "%s: query returned %d rows instead of one: %s\n",
+ ntups),
+ progname, ntups, sql.data);
+ PQfinish(conn);
+ exit(1);
+ }
+ appendPQExpBufferStr(buf,
+ fmtQualifiedId(PQserverVersion(conn),
+ PQgetvalue(res, 0, 1),
+ PQgetvalue(res, 0, 0)));
+ appendPQExpBufferStr(buf, columns);
+ PQclear(res);
+ termPQExpBuffer(&sql);
+ pg_free(table);
+
+ PQclear(executeQuery(conn, ALWAYS_SECURE_SEARCH_PATH_SQL,
+ progname, echo));
+}
+
+
/*
* Check yes/no answer in a localized way. 1=yes, 0=no, -1=neither.
*/
extern PGconn *connectDatabase(const char *dbname, const char *pghost,
const char *pgport, const char *pguser,
enum trivalue prompt_password, const char *progname,
- bool fail_ok);
+ bool echo, bool fail_ok);
extern PGconn *connectMaintenanceDatabase(const char *maintenance_db,
- const char *pghost, const char *pgport, const char *pguser,
- enum trivalue prompt_password, const char *progname);
+ const char *pghost, const char *pgport,
+ const char *pguser, enum trivalue prompt_password,
+ const char *progname, bool echo);
extern PGresult *executeQuery(PGconn *conn, const char *query,
const char *progname, bool echo);
extern bool executeMaintenanceCommand(PGconn *conn, const char *query,
bool echo);
+extern void appendQualifiedRelation(PQExpBuffer buf, const char *name,
+ PGconn *conn, const char *progname, bool echo);
+
extern bool yesno_prompt(const char *question);
extern void setup_cancel_handler(void);
maintenance_db = "template1";
conn = connectMaintenanceDatabase(maintenance_db, host, port, username,
- prompt_password, progname);
+ prompt_password, progname, echo);
if (echo)
printf("%s\n", sql.data);
static const bool translate_columns[] = {false, true};
conn = connectDatabase(dbname, host, port, username, prompt_password,
- progname, false);
+ progname, echo, false);
printfPQExpBuffer(&sql, "SELECT lanname as \"%s\", "
"(CASE WHEN lanpltrusted THEN '%s' ELSE '%s' END) as \"%s\" "
*p += ('a' - 'A');
conn = connectDatabase(dbname, host, port, username, prompt_password,
- progname, false);
+ progname, echo, false);
/*
* Make sure the language isn't already installed
login = TRI_YES;
conn = connectDatabase("postgres", host, port, username, prompt_password,
- progname, false);
+ progname, echo, false);
initPQExpBuffer(&sql);
maintenance_db = "template1";
conn = connectMaintenanceDatabase(maintenance_db,
- host, port, username, prompt_password, progname);
+ host, port, username, prompt_password,
+ progname, echo);
if (echo)
printf("%s\n", sql.data);
static const bool translate_columns[] = {false, true};
conn = connectDatabase(dbname, host, port, username, prompt_password,
- progname, false);
+ progname, echo, false);
printfPQExpBuffer(&sql, "SELECT lanname as \"%s\", "
"(CASE WHEN lanpltrusted THEN '%s' ELSE '%s' END) as \"%s\" "
*p += ('a' - 'A');
conn = connectDatabase(dbname, host, port, username, prompt_password,
- progname, false);
-
- /*
- * Force schema search path to be just pg_catalog, so that we don't have
- * to be paranoid about search paths below.
- */
- executeCommand(conn, "SET search_path = pg_catalog;", progname, echo);
+ progname, echo, false);
/*
* Make sure the language is installed
(if_exists ? "IF EXISTS " : ""), fmtId(dropuser));
conn = connectDatabase("postgres", host, port, username, prompt_password,
- progname, false);
+ progname, echo, false);
if (echo)
printf("%s\n", sql.data);
PGconn *conn;
conn = connectDatabase(dbname, host, port, username, prompt_password,
- progname, false);
+ progname, echo, false);
initPQExpBuffer(&sql);
- appendPQExpBufferStr(&sql, "REINDEX");
- if (strcmp(type, "TABLE") == 0)
- appendPQExpBuffer(&sql, " TABLE %s", name);
- else if (strcmp(type, "INDEX") == 0)
- appendPQExpBuffer(&sql, " INDEX %s", name);
+ appendPQExpBufferStr(&sql, "REINDEX ");
+ appendPQExpBufferStr(&sql, type);
+ appendPQExpBufferChar(&sql, ' ');
+ if (strcmp(type, "TABLE") == 0 ||
+ strcmp(type, "INDEX") == 0)
+ appendQualifiedRelation(&sql, name, conn, progname, echo);
else if (strcmp(type, "DATABASE") == 0)
- appendPQExpBuffer(&sql, " DATABASE %s", fmtId(PQdb(conn)));
- appendPQExpBufferStr(&sql, ";");
+ appendPQExpBufferStr(&sql, fmtId(PQdb(conn)));
+ appendPQExpBufferChar(&sql, ';');
if (!executeMaintenanceCommand(conn, sql.data, echo))
{
int i;
conn = connectMaintenanceDatabase(maintenance_db, host, port, username,
- prompt_password, progname);
+ prompt_password, progname, echo);
result = executeQuery(conn, "SELECT datname FROM pg_database WHERE datallowconn ORDER BY 1;", progname, echo);
PQfinish(conn);
PQExpBufferData sql;
conn = connectDatabase(dbname, host, port, username, prompt_password,
- progname, false);
+ progname, echo, false);
initPQExpBuffer(&sql);
'CREATE TABLE test1 (a int); CREATE INDEX test1x ON test1 (a); CLUSTER test1 USING test1x';
issues_sql_like(
[ 'clusterdb', '-t', 'test1', 'postgres' ],
- qr/statement: CLUSTER test1;/,
+ qr/statement: CLUSTER public\.test1;/,
'cluster specific table');
'CREATE TABLE test1 (a int); CREATE INDEX test1x ON test1 (a);';
issues_sql_like(
[ 'reindexdb', '-t', 'test1', 'postgres' ],
- qr/statement: REINDEX TABLE test1;/,
+ qr/statement: REINDEX TABLE public\.test1;/,
'reindex specific table');
issues_sql_like(
[ 'reindexdb', '-i', 'test1x', 'postgres' ],
- qr/statement: REINDEX INDEX test1x;/,
+ qr/statement: REINDEX INDEX public\.test1x;/,
'reindex specific index');
issues_sql_like(
[ 'reindexdb', '-s', 'postgres' ],
use strict;
use warnings;
use TestLib;
-use Test::More tests => 18;
+use Test::More tests => 23;
program_help_ok('vacuumdb');
program_version_ok('vacuumdb');
[ 'vacuumdb', '-Z', 'postgres' ],
qr/statement: ANALYZE;/,
'vacuumdb -Z');
+command_ok([qw(vacuumdb -Z --table=pg_am dbname=template1)],
+ 'vacuumdb with connection string');
+
+command_fails([qw(vacuumdb -Zt pg_am;ABORT postgres)],
+ 'trailing command in "-t", without COLUMNS');
+# Unwanted; better if it failed.
+command_ok([qw(vacuumdb -Zt pg_am(amname);ABORT postgres)],
+ 'trailing command in "-t", with COLUMNS');
+
+psql('postgres', q|
+ CREATE TABLE "need""q(uot" (")x" text);
+
+ CREATE FUNCTION f0(int) RETURNS int LANGUAGE SQL AS 'SELECT $1 * $1';
+ CREATE FUNCTION f1(int) RETURNS int LANGUAGE SQL AS 'SELECT f0($1)';
+ CREATE TABLE funcidx (x int);
+ INSERT INTO funcidx VALUES (0),(1),(2),(3);
+ CREATE INDEX i0 ON funcidx ((f1(x)));
+|);
+command_ok([qw|vacuumdb -Z --table="need""q(uot"(")x") postgres|],
+ 'column list');
+command_fails([qw|vacuumdb -Zt funcidx postgres|],
+ 'unqualifed name via functional index');
initPQExpBuffer(&sql);
conn = connectDatabase(dbname, host, port, username, prompt_password,
- progname, false);
+ progname, echo, false);
if (analyze_only)
{
}
}
if (table)
- appendPQExpBuffer(&sql, " %s", table);
+ {
+ appendPQExpBufferChar(&sql, ' ');
+ appendQualifiedRelation(&sql, table, conn, progname, echo);
+ }
appendPQExpBufferStr(&sql, ";");
if (analyze_in_stages)
int stage;
conn = connectMaintenanceDatabase(maintenance_db, host, port,
- username, prompt_password, progname);
+ username, prompt_password, progname, echo);
result = executeQuery(conn, "SELECT datname FROM pg_database WHERE datallowconn ORDER BY 1;", progname, echo);
PQfinish(conn);
# Subdirectories containing headers for server-side dev
-SUBDIRS = access bootstrap catalog commands common datatype executor foreign \
+SUBDIRS = access bootstrap catalog commands common datatype \
+ executor fe_utils foreign \
lib libpq mb nodes optimizer parser postmaster regex replication \
rewrite storage tcop snowball snowball/libstemmer tsearch \
tsearch/dicts utils port port/win32 port/win32_msvc \
--- /dev/null
+/*-------------------------------------------------------------------------
+ *
+ * Interfaces in support of FE/BE connections.
+ *
+ *
+ * Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
+ * Portions Copyright (c) 1994, Regents of the University of California
+ *
+ * src/include/fe_utils/connect.h
+ *
+ *-------------------------------------------------------------------------
+ */
+#ifndef CONNECT_H
+#define CONNECT_H
+
+/*
+ * This SQL statement installs an always-secure search path, so malicious
+ * users can't take control. CREATE of an unqualified name will fail, because
+ * this selects no creation schema. This does not demote pg_temp, so it is
+ * suitable where we control the entire FE/BE connection but not suitable in
+ * SECURITY DEFINER functions. This is portable to PostgreSQL 7.3, which
+ * introduced schemas. When connected to an older version from code that
+ * might work with the old server, skip this.
+ */
+#define ALWAYS_SECURE_SEARCH_PATH_SQL \
+ "SELECT pg_catalog.set_config('search_path', '', false)"
+
+#endif /* CONNECT_H */
*/
#include "postgres_fe.h"
+#include "fe_utils/connect.h"
#include "libpq-fe.h"
#include "pqexpbuffer.h"
exit(EXIT_FAILURE);
}
+ res = PQexec(conn, ALWAYS_SECURE_SEARCH_PATH_SQL);
+ if (!res || PQresultStatus(res) != PGRES_TUPLES_OK)
+ {
+ fprintf(stderr, "sql error: %s\n", PQerrorMessage(conn));
+ exit(EXIT_FAILURE);
+ }
+ PQclear(res);
+
/* Get a list of relations that have OIDs */
printfPQExpBuffer(&sql, "%s",
projects / postgresql.git / commitdiff