2005-08-15 17:02:26 -04:00
|
|
|
/*
|
|
|
|
|
* common.h
|
|
|
|
|
* Common support routines for bin/scripts/
|
|
|
|
|
*
|
2020-01-01 12:21:45 -05:00
|
|
|
* Copyright (c) 2003-2020, PostgreSQL Global Development Group
|
2005-08-15 17:02:26 -04:00
|
|
|
*
|
2010-09-20 16:08:53 -04:00
|
|
|
* src/bin/scripts/common.h
|
2005-08-15 17:02:26 -04:00
|
|
|
*/
|
|
|
|
|
#ifndef COMMON_H
|
|
|
|
|
#define COMMON_H
|
2003-03-18 17:19:47 -05:00
|
|
|
|
2014-01-10 18:03:28 -05:00
|
|
|
#include "common/username.h"
|
2011-08-26 16:04:29 -04:00
|
|
|
#include "getopt_long.h" /* pgrminclude ignore */
|
2019-11-24 21:38:57 -05:00
|
|
|
#include "libpq-fe.h"
|
2011-08-26 16:04:29 -04:00
|
|
|
#include "pqexpbuffer.h" /* pgrminclude ignore */
|
2003-03-18 17:19:47 -05:00
|
|
|
|
2009-02-26 11:02:39 -05:00
|
|
|
enum trivalue
|
|
|
|
|
{
|
|
|
|
|
TRI_DEFAULT,
|
|
|
|
|
TRI_NO,
|
|
|
|
|
TRI_YES
|
|
|
|
|
};
|
|
|
|
|
|
Fix connection string handling in src/bin/scripts/ programs.
When told to process all databases, clusterdb, reindexdb, and vacuumdb
would reconnect by replacing their --maintenance-db parameter with the
name of the target database. If that parameter is a connstring (which
has been allowed for a long time, though we failed to document that
before this patch), we'd lose any other options it might specify, for
example SSL or GSS parameters, possibly resulting in failure to connect.
Thus, this is the same bug as commit a45bc8a4f fixed in pg_dump and
pg_restore. We can fix it in the same way, by using libpq's rules for
handling multiple "dbname" parameters to add the target database name
separately. I chose to apply the same refactoring approach as in that
patch, with a struct to handle the command line parameters that need to
be passed through to connectDatabase. (Maybe someday we can unify the
very similar functions here and in pg_dump/pg_restore.)
Per Peter Eisentraut's comments on bug #16604. Back-patch to all
supported branches.
Discussion: https://postgr.es/m/16604-933f4b8791227b15@postgresql.org
2020-10-19 19:03:46 -04:00
|
|
|
/* Parameters needed by connectDatabase/connectMaintenanceDatabase */
|
|
|
|
|
typedef struct _connParams
|
|
|
|
|
{
|
|
|
|
|
/* These fields record the actual command line parameters */
|
|
|
|
|
const char *dbname; /* this may be a connstring! */
|
|
|
|
|
const char *pghost;
|
|
|
|
|
const char *pgport;
|
|
|
|
|
const char *pguser;
|
|
|
|
|
enum trivalue prompt_password;
|
|
|
|
|
/* If not NULL, this overrides the dbname obtained from command line */
|
|
|
|
|
/* (but *only* the DB name, not anything else in the connstring) */
|
|
|
|
|
const char *override_dbname;
|
|
|
|
|
} ConnParams;
|
|
|
|
|
|
2005-08-15 17:02:26 -04:00
|
|
|
typedef void (*help_handler) (const char *progname);
|
2003-03-18 17:19:47 -05:00
|
|
|
|
2005-08-15 17:02:26 -04:00
|
|
|
extern void handle_help_version_opts(int argc, char *argv[],
|
|
|
|
|
const char *fixed_progname,
|
|
|
|
|
help_handler hlp);
|
2003-03-18 17:19:47 -05:00
|
|
|
|
Fix connection string handling in src/bin/scripts/ programs.
When told to process all databases, clusterdb, reindexdb, and vacuumdb
would reconnect by replacing their --maintenance-db parameter with the
name of the target database. If that parameter is a connstring (which
has been allowed for a long time, though we failed to document that
before this patch), we'd lose any other options it might specify, for
example SSL or GSS parameters, possibly resulting in failure to connect.
Thus, this is the same bug as commit a45bc8a4f fixed in pg_dump and
pg_restore. We can fix it in the same way, by using libpq's rules for
handling multiple "dbname" parameters to add the target database name
separately. I chose to apply the same refactoring approach as in that
patch, with a struct to handle the command line parameters that need to
be passed through to connectDatabase. (Maybe someday we can unify the
very similar functions here and in pg_dump/pg_restore.)
Per Peter Eisentraut's comments on bug #16604. Back-patch to all
supported branches.
Discussion: https://postgr.es/m/16604-933f4b8791227b15@postgresql.org
2020-10-19 19:03:46 -04:00
|
|
|
extern PGconn *connectDatabase(const ConnParams *cparams,
|
|
|
|
|
const char *progname,
|
|
|
|
|
bool echo, bool fail_ok,
|
|
|
|
|
bool allow_password_reuse);
|
2011-12-06 08:48:15 -05:00
|
|
|
|
Fix connection string handling in src/bin/scripts/ programs.
When told to process all databases, clusterdb, reindexdb, and vacuumdb
would reconnect by replacing their --maintenance-db parameter with the
name of the target database. If that parameter is a connstring (which
has been allowed for a long time, though we failed to document that
before this patch), we'd lose any other options it might specify, for
example SSL or GSS parameters, possibly resulting in failure to connect.
Thus, this is the same bug as commit a45bc8a4f fixed in pg_dump and
pg_restore. We can fix it in the same way, by using libpq's rules for
handling multiple "dbname" parameters to add the target database name
separately. I chose to apply the same refactoring approach as in that
patch, with a struct to handle the command line parameters that need to
be passed through to connectDatabase. (Maybe someday we can unify the
very similar functions here and in pg_dump/pg_restore.)
Per Peter Eisentraut's comments on bug #16604. Back-patch to all
supported branches.
Discussion: https://postgr.es/m/16604-933f4b8791227b15@postgresql.org
2020-10-19 19:03:46 -04:00
|
|
|
extern PGconn *connectMaintenanceDatabase(ConnParams *cparams,
|
Empty search_path in Autovacuum and non-psql/pgbench clients.
This makes the client programs behave as documented regardless of the
connect-time search_path and regardless of user-created objects. Today,
a malicious user with CREATE permission on a search_path schema can take
control of certain of these clients' queries and invoke arbitrary SQL
functions under the client identity, often a superuser. This is
exploitable in the default configuration, where all users have CREATE
privilege on schema "public".
This changes behavior of user-defined code stored in the database, like
pg_index.indexprs and pg_extension_config_dump(). If they reach code
bearing unqualified names, "does not exist" or "no schema has been
selected to create in" errors might appear. Users may fix such errors
by schema-qualifying affected names. After upgrading, consider watching
server logs for these errors.
The --table arguments of src/bin/scripts clients have been lax; for
example, "vacuumdb -Zt pg_am\;CHECKPOINT" performed a checkpoint. That
now fails, but for now, "vacuumdb -Zt 'pg_am(amname);CHECKPOINT'" still
performs a checkpoint.
Back-patch to 9.3 (all supported versions).
Reviewed by Tom Lane, though this fix strategy was not his first choice.
Reported by Arseniy Sharoglazov.
Security: CVE-2018-1058
2018-02-26 10:39:44 -05:00
|
|
|
const char *progname, bool echo);
|
2003-03-18 17:19:47 -05:00
|
|
|
|
2019-07-18 20:31:58 -04:00
|
|
|
extern void disconnectDatabase(PGconn *conn);
|
2003-05-27 15:36:55 -04:00
|
|
|
|
2019-07-18 20:31:58 -04:00
|
|
|
extern PGresult *executeQuery(PGconn *conn, const char *query, bool echo);
|
|
|
|
|
|
|
|
|
|
extern void executeCommand(PGconn *conn, const char *query, bool echo);
|
2005-08-15 17:02:26 -04:00
|
|
|
|
2007-04-09 14:21:22 -04:00
|
|
|
extern bool executeMaintenanceCommand(PGconn *conn, const char *query,
|
|
|
|
|
bool echo);
|
|
|
|
|
|
2019-07-18 20:31:58 -04:00
|
|
|
extern bool consumeQueryResult(PGconn *conn);
|
|
|
|
|
|
|
|
|
|
extern bool processQueryResult(PGconn *conn, PGresult *result);
|
|
|
|
|
|
Use catalog query to discover tables to process in vacuumdb
vacuumdb would use a catalog query only when the command caller does not
define a list of tables. Switching to a catalog table represents two
advantages:
- Relation existence check can happen before running any VACUUM or
ANALYZE query. Before this change, if multiple relations are defined
using --table, the utility would fail only after processing the
firstly-defined ones, which may be a long some depending on the size of
the relation. This adds checks for the relation names, and does
nothing, at least yet, for the attribute names.
- More filtering options can become available for the utility user.
These options, which may be introduced later on, are based on the
relation size or the relation age, and need to be made available even if
the user does not list any specific table with --table.
Author: Nathan Bossart
Reviewed-by: Michael Paquier, Masahiko Sawada
Discussion: https://postgr.es/m/FFE5373C-E26A-495B-B5C8-911EC4A41C5E@amazon.com
2019-01-28 21:22:03 -05:00
|
|
|
extern void splitTableColumnsSpec(const char *spec, int encoding,
|
|
|
|
|
char **table, const char **columns);
|
|
|
|
|
|
Empty search_path in Autovacuum and non-psql/pgbench clients.
This makes the client programs behave as documented regardless of the
connect-time search_path and regardless of user-created objects. Today,
a malicious user with CREATE permission on a search_path schema can take
control of certain of these clients' queries and invoke arbitrary SQL
functions under the client identity, often a superuser. This is
exploitable in the default configuration, where all users have CREATE
privilege on schema "public".
This changes behavior of user-defined code stored in the database, like
pg_index.indexprs and pg_extension_config_dump(). If they reach code
bearing unqualified names, "does not exist" or "no schema has been
selected to create in" errors might appear. Users may fix such errors
by schema-qualifying affected names. After upgrading, consider watching
server logs for these errors.
The --table arguments of src/bin/scripts clients have been lax; for
example, "vacuumdb -Zt pg_am\;CHECKPOINT" performed a checkpoint. That
now fails, but for now, "vacuumdb -Zt 'pg_am(amname);CHECKPOINT'" still
performs a checkpoint.
Back-patch to 9.3 (all supported versions).
Reviewed by Tom Lane, though this fix strategy was not his first choice.
Reported by Arseniy Sharoglazov.
Security: CVE-2018-1058
2018-02-26 10:39:44 -05:00
|
|
|
extern void appendQualifiedRelation(PQExpBuffer buf, const char *name,
|
2019-07-18 20:31:58 -04:00
|
|
|
PGconn *conn, bool echo);
|
Empty search_path in Autovacuum and non-psql/pgbench clients.
This makes the client programs behave as documented regardless of the
connect-time search_path and regardless of user-created objects. Today,
a malicious user with CREATE permission on a search_path schema can take
control of certain of these clients' queries and invoke arbitrary SQL
functions under the client identity, often a superuser. This is
exploitable in the default configuration, where all users have CREATE
privilege on schema "public".
This changes behavior of user-defined code stored in the database, like
pg_index.indexprs and pg_extension_config_dump(). If they reach code
bearing unqualified names, "does not exist" or "no schema has been
selected to create in" errors might appear. Users may fix such errors
by schema-qualifying affected names. After upgrading, consider watching
server logs for these errors.
The --table arguments of src/bin/scripts clients have been lax; for
example, "vacuumdb -Zt pg_am\;CHECKPOINT" performed a checkpoint. That
now fails, but for now, "vacuumdb -Zt 'pg_am(amname);CHECKPOINT'" still
performs a checkpoint.
Back-patch to 9.3 (all supported versions).
Reviewed by Tom Lane, though this fix strategy was not his first choice.
Reported by Arseniy Sharoglazov.
Security: CVE-2018-1058
2018-02-26 10:39:44 -05:00
|
|
|
|
2006-09-22 14:50:41 -04:00
|
|
|
extern bool yesno_prompt(const char *question);
|
2005-08-15 17:02:26 -04:00
|
|
|
|
|
|
|
|
#endif /* COMMON_H */
|
