|
|
|
|
/*
|
|
|
|
|
* common.h
|
|
|
|
|
* Common support routines for bin/scripts/
|
|
|
|
|
*
|
|
|
|
|
* Copyright (c) 2003-2019, PostgreSQL Global Development Group
|
|
|
|
|
*
|
|
|
|
|
* src/bin/scripts/common.h
|
|
|
|
|
*/
|
|
|
|
|
#ifndef COMMON_H
|
|
|
|
|
#define COMMON_H
|
|
|
|
|
|
|
|
|
|
#include "common/username.h"
|
|
|
|
|
#include "libpq-fe.h"
|
|
|
|
|
#include "getopt_long.h" /* pgrminclude ignore */
|
|
|
|
|
#include "pqexpbuffer.h" /* pgrminclude ignore */
|
|
|
|
|
|
|
|
|
|
enum trivalue
|
|
|
|
|
{
|
|
|
|
|
TRI_DEFAULT,
|
|
|
|
|
TRI_NO,
|
|
|
|
|
TRI_YES
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
extern bool CancelRequested;
|
|
|
|
|
|
|
|
|
|
typedef void (*help_handler) (const char *progname);
|
|
|
|
|
|
|
|
|
|
extern void handle_help_version_opts(int argc, char *argv[],
|
|
|
|
|
const char *fixed_progname,
|
|
|
|
|
help_handler hlp);
|
|
|
|
|
|
|
|
|
|
extern PGconn *connectDatabase(const char *dbname, const char *pghost,
|
|
|
|
|
const char *pgport, const char *pguser,
|
|
|
|
|
enum trivalue prompt_password, const char *progname,
|
Empty search_path in Autovacuum and non-psql/pgbench clients.
This makes the client programs behave as documented regardless of the
connect-time search_path and regardless of user-created objects. Today,
a malicious user with CREATE permission on a search_path schema can take
control of certain of these clients' queries and invoke arbitrary SQL
functions under the client identity, often a superuser. This is
exploitable in the default configuration, where all users have CREATE
privilege on schema "public".
This changes behavior of user-defined code stored in the database, like
pg_index.indexprs and pg_extension_config_dump(). If they reach code
bearing unqualified names, "does not exist" or "no schema has been
selected to create in" errors might appear. Users may fix such errors
by schema-qualifying affected names. After upgrading, consider watching
server logs for these errors.
The --table arguments of src/bin/scripts clients have been lax; for
example, "vacuumdb -Zt pg_am\;CHECKPOINT" performed a checkpoint. That
now fails, but for now, "vacuumdb -Zt 'pg_am(amname);CHECKPOINT'" still
performs a checkpoint.
Back-patch to 9.3 (all supported versions).
Reviewed by Tom Lane, though this fix strategy was not his first choice.
Reported by Arseniy Sharoglazov.
Security: CVE-2018-1058
8 years ago
|
|
|
bool echo, bool fail_ok, bool allow_password_reuse);
|
|
|
|
|
|
|
|
|
|
extern PGconn *connectMaintenanceDatabase(const char *maintenance_db,
|
Empty search_path in Autovacuum and non-psql/pgbench clients.
This makes the client programs behave as documented regardless of the
connect-time search_path and regardless of user-created objects. Today,
a malicious user with CREATE permission on a search_path schema can take
control of certain of these clients' queries and invoke arbitrary SQL
functions under the client identity, often a superuser. This is
exploitable in the default configuration, where all users have CREATE
privilege on schema "public".
This changes behavior of user-defined code stored in the database, like
pg_index.indexprs and pg_extension_config_dump(). If they reach code
bearing unqualified names, "does not exist" or "no schema has been
selected to create in" errors might appear. Users may fix such errors
by schema-qualifying affected names. After upgrading, consider watching
server logs for these errors.
The --table arguments of src/bin/scripts clients have been lax; for
example, "vacuumdb -Zt pg_am\;CHECKPOINT" performed a checkpoint. That
now fails, but for now, "vacuumdb -Zt 'pg_am(amname);CHECKPOINT'" still
performs a checkpoint.
Back-patch to 9.3 (all supported versions).
Reviewed by Tom Lane, though this fix strategy was not his first choice.
Reported by Arseniy Sharoglazov.
Security: CVE-2018-1058
8 years ago
|
|
|
const char *pghost, const char *pgport,
|
|
|
|
|
const char *pguser, enum trivalue prompt_password,
|
|
|
|
|
const char *progname, bool echo);
|
|
|
|
|
|
|
|
|
|
extern PGresult *executeQuery(PGconn *conn, const char *query,
|
|
|
|
|
const char *progname, bool echo);
|
|
|
|
|
|
|
|
|
|
extern void executeCommand(PGconn *conn, const char *query,
|
|
|
|
|
const char *progname, bool echo);
|
|
|
|
|
|
|
|
|
|
extern bool executeMaintenanceCommand(PGconn *conn, const char *query,
|
|
|
|
|
bool echo);
|
|
|
|
|
|
Empty search_path in Autovacuum and non-psql/pgbench clients.
This makes the client programs behave as documented regardless of the
connect-time search_path and regardless of user-created objects. Today,
a malicious user with CREATE permission on a search_path schema can take
control of certain of these clients' queries and invoke arbitrary SQL
functions under the client identity, often a superuser. This is
exploitable in the default configuration, where all users have CREATE
privilege on schema "public".
This changes behavior of user-defined code stored in the database, like
pg_index.indexprs and pg_extension_config_dump(). If they reach code
bearing unqualified names, "does not exist" or "no schema has been
selected to create in" errors might appear. Users may fix such errors
by schema-qualifying affected names. After upgrading, consider watching
server logs for these errors.
The --table arguments of src/bin/scripts clients have been lax; for
example, "vacuumdb -Zt pg_am\;CHECKPOINT" performed a checkpoint. That
now fails, but for now, "vacuumdb -Zt 'pg_am(amname);CHECKPOINT'" still
performs a checkpoint.
Back-patch to 9.3 (all supported versions).
Reviewed by Tom Lane, though this fix strategy was not his first choice.
Reported by Arseniy Sharoglazov.
Security: CVE-2018-1058
8 years ago
|
|
|
extern void appendQualifiedRelation(PQExpBuffer buf, const char *name,
|
|
|
|
|
PGconn *conn, const char *progname, bool echo);
|
|
|
|
|
|
|
|
|
|
extern bool yesno_prompt(const char *question);
|
|
|
|
|
|
|
|
|
|
extern void setup_cancel_handler(void);
|
|
|
|
|
|
|
|
|
|
extern void SetCancelConn(PGconn *conn);
|
|
|
|
|
extern void ResetCancelConn(void);
|
|
|
|
|
|
|
|
|
|
|
Phase 2 of pgindent updates.
Change pg_bsd_indent to follow upstream rules for placement of comments
to the right of code, and remove pgindent hack that caused comments
following #endif to not obey the general rule.
Commit e3860ffa4dd0dad0dd9eea4be9cc1412373a8c89 wasn't actually using
the published version of pg_bsd_indent, but a hacked-up version that
tried to minimize the amount of movement of comments to the right of
code. The situation of interest is where such a comment has to be
moved to the right of its default placement at column 33 because there's
code there. BSD indent has always moved right in units of tab stops
in such cases --- but in the previous incarnation, indent was working
in 8-space tab stops, while now it knows we use 4-space tabs. So the
net result is that in about half the cases, such comments are placed
one tab stop left of before. This is better all around: it leaves
more room on the line for comment text, and it means that in such
cases the comment uniformly starts at the next 4-space tab stop after
the code, rather than sometimes one and sometimes two tabs after.
Also, ensure that comments following #endif are indented the same
as comments following other preprocessor commands such as #else.
That inconsistency turns out to have been self-inflicted damage
from a poorly-thought-through post-indent "fixup" in pgindent.
This patch is much less interesting than the first round of indent
changes, but also bulkier, so I thought it best to separate the effects.
Discussion: https://postgr.es/m/E1dAmxK-0006EE-1r@gemulon.postgresql.org
Discussion: https://postgr.es/m/30527.1495162840@sss.pgh.pa.us
8 years ago
|
|
|
#endif /* COMMON_H */
|
