From: Tom Lane Date: Mon, 31 Mar 2008 01:32:48 +0000 (+0000) Subject: Fix a number of places that were making file-type tests infelicitously. X-Git-Url: http://git.postgresql.org/gitweb/static/gitweb.js?a=commitdiff_plain;h=580db4cf0b98736c66b021da578d6df372a3b01a;p=users%2Fbernd%2Fpostgres.git Fix a number of places that were making file-type tests infelicitously. The places that did, eg, (statbuf.st_mode & S_IFMT) == S_IFDIR were correct, but there is no good reason not to use S_ISDIR() instead, especially when that's what the other 90% of our code does. The places that did, eg, (statbuf.st_mode & S_IFDIR) were flat out *wrong* and would fail in various platform-specific ways, eg a symlink could be mistaken for a regular file on most Unixen. The actual impact of this is probably small, since the problem cases seem to always involve symlinks or sockets, which are unlikely to be found in the directories that PG code might be scanning. But it's clearly trouble waiting to happen, so patch all the way back anyway. (There seem to be no occurrences of the mistake in 7.4.) --- diff --git a/src/backend/utils/adt/dbsize.c b/src/backend/utils/adt/dbsize.c index 106a4e456e..d96a460e3f 100644 --- a/src/backend/utils/adt/dbsize.c +++ b/src/backend/utils/adt/dbsize.c @@ -186,7 +186,7 @@ calculate_tablespace_size(Oid tblspcOid) errmsg("could not stat file \"%s\": %m", pathname))); } - if (fst.st_mode & S_IFDIR) + if (S_ISDIR(fst.st_mode)) totalsize += db_dir_size(pathname); totalsize += fst.st_size; diff --git a/src/backend/utils/adt/genfile.c b/src/backend/utils/adt/genfile.c new file mode 100644 index 0000000000..1ddae5de46 --- /dev/null +++ b/src/backend/utils/adt/genfile.c @@ -0,0 +1,277 @@ +/*------------------------------------------------------------------------- + * + * genfile.c + * Functions for direct access to files + * + * + * Copyright (c) 2004-2005, PostgreSQL Global Development Group + * + * Author: Andreas Pflug + * + * IDENTIFICATION + * $PostgreSQL$ + * + *------------------------------------------------------------------------- + */ +#include "postgres.h" + +#include +#include +#include +#include + +#include "access/heapam.h" +#include "catalog/pg_type.h" +#include "funcapi.h" +#include "miscadmin.h" +#include "postmaster/syslogger.h" +#include "storage/fd.h" +#include "utils/builtins.h" +#include "utils/memutils.h" + + +typedef struct +{ + char *location; + DIR *dirdesc; +} directory_fctx; + + +/* + * Validate a path and convert to absolute form. + * + * Argument may be absolute or relative to the DataDir (but we only allow + * absolute paths that match DataDir or Log_directory). + */ +static char * +check_and_make_absolute(text *arg) +{ + int input_len = VARSIZE(arg) - VARHDRSZ; + char *filename = palloc(input_len + 1); + + memcpy(filename, VARDATA(arg), input_len); + filename[input_len] = '\0'; + + canonicalize_path(filename); /* filename can change length here */ + + /* Disallow ".." in the path */ + if (path_contains_parent_reference(filename)) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + (errmsg("reference to parent directory (\"..\") not allowed")))); + + if (is_absolute_path(filename)) + { + /* Allow absolute references within DataDir */ + if (path_is_prefix_of_path(DataDir, filename)) + return filename; + /* The log directory might be outside our datadir, but allow it */ + if (is_absolute_path(Log_directory) && + path_is_prefix_of_path(Log_directory, filename)) + return filename; + + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + (errmsg("absolute path not allowed")))); + return NULL; /* keep compiler quiet */ + } + else + { + char *absname = palloc(strlen(DataDir) + strlen(filename) + 2); + + sprintf(absname, "%s/%s", DataDir, filename); + pfree(filename); + return absname; + } +} + + +/* + * Read a section of a file, returning it as text + */ +Datum +pg_read_file(PG_FUNCTION_ARGS) +{ + text *filename_t = PG_GETARG_TEXT_P(0); + int64 seek_offset = PG_GETARG_INT64(1); + int64 bytes_to_read = PG_GETARG_INT64(2); + char *buf; + size_t nbytes; + FILE *file; + char *filename; + + if (!superuser()) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + (errmsg("must be superuser to read files")))); + + filename = check_and_make_absolute(filename_t); + + if ((file = AllocateFile(filename, PG_BINARY_R)) == NULL) + ereport(ERROR, + (errcode_for_file_access(), + errmsg("could not open file \"%s\" for reading: %m", + filename))); + + if (fseeko(file, (off_t) seek_offset, + (seek_offset >= 0) ? SEEK_SET : SEEK_END) != 0) + ereport(ERROR, + (errcode_for_file_access(), + errmsg("could not seek in file \"%s\": %m", filename))); + + if (bytes_to_read < 0) + ereport(ERROR, + (errcode(ERRCODE_INVALID_PARAMETER_VALUE), + errmsg("requested length may not be negative"))); + + /* not sure why anyone thought that int64 length was a good idea */ + if (bytes_to_read > (MaxAllocSize - VARHDRSZ)) + ereport(ERROR, + (errcode(ERRCODE_INVALID_PARAMETER_VALUE), + errmsg("requested length too large"))); + + buf = palloc((Size) bytes_to_read + VARHDRSZ); + + nbytes = fread(VARDATA(buf), 1, (size_t) bytes_to_read, file); + + if (ferror(file)) + ereport(ERROR, + (errcode_for_file_access(), + errmsg("could not read file \"%s\": %m", filename))); + + VARATT_SIZEP(buf) = nbytes + VARHDRSZ; + + FreeFile(file); + pfree(filename); + + PG_RETURN_TEXT_P(buf); +} + +/* + * stat a file + */ +Datum +pg_stat_file(PG_FUNCTION_ARGS) +{ + text *filename_t = PG_GETARG_TEXT_P(0); + char *filename; + struct stat fst; + Datum values[6]; + bool isnull[6]; + HeapTuple tuple; + TupleDesc tupdesc; + + if (!superuser()) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + (errmsg("must be superuser to get file information")))); + + filename = check_and_make_absolute(filename_t); + + if (stat(filename, &fst) < 0) + ereport(ERROR, + (errcode_for_file_access(), + errmsg("could not stat file \"%s\": %m", filename))); + + /* + * This record type had better match the output parameters declared for me + * in pg_proc.h (actually, in system_views.sql at the moment). + */ + tupdesc = CreateTemplateTupleDesc(6, false); + TupleDescInitEntry(tupdesc, (AttrNumber) 1, + "size", INT8OID, -1, 0); + TupleDescInitEntry(tupdesc, (AttrNumber) 2, + "access", TIMESTAMPTZOID, -1, 0); + TupleDescInitEntry(tupdesc, (AttrNumber) 3, + "modification", TIMESTAMPTZOID, -1, 0); + TupleDescInitEntry(tupdesc, (AttrNumber) 4, + "change", TIMESTAMPTZOID, -1, 0); + TupleDescInitEntry(tupdesc, (AttrNumber) 5, + "creation", TIMESTAMPTZOID, -1, 0); + TupleDescInitEntry(tupdesc, (AttrNumber) 6, + "isdir", BOOLOID, -1, 0); + BlessTupleDesc(tupdesc); + + memset(isnull, false, sizeof(isnull)); + + values[0] = Int64GetDatum((int64) fst.st_size); + values[1] = TimestampTzGetDatum(time_t_to_timestamptz(fst.st_atime)); + values[2] = TimestampTzGetDatum(time_t_to_timestamptz(fst.st_mtime)); + /* Unix has file status change time, while Win32 has creation time */ +#if !defined(WIN32) && !defined(__CYGWIN__) + values[3] = TimestampTzGetDatum(time_t_to_timestamptz(fst.st_ctime)); + isnull[4] = true; +#else + isnull[3] = true; + values[4] = TimestampTzGetDatum(time_t_to_timestamptz(fst.st_ctime)); +#endif + values[5] = BoolGetDatum(S_ISDIR(fst.st_mode)); + + tuple = heap_form_tuple(tupdesc, values, isnull); + + pfree(filename); + + PG_RETURN_DATUM(HeapTupleGetDatum(tuple)); +} + + +/* + * List a directory (returns the filenames only) + */ +Datum +pg_ls_dir(PG_FUNCTION_ARGS) +{ + FuncCallContext *funcctx; + struct dirent *de; + directory_fctx *fctx; + + if (!superuser()) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + (errmsg("must be superuser to get directory listings")))); + + if (SRF_IS_FIRSTCALL()) + { + MemoryContext oldcontext; + + funcctx = SRF_FIRSTCALL_INIT(); + oldcontext = MemoryContextSwitchTo(funcctx->multi_call_memory_ctx); + + fctx = palloc(sizeof(directory_fctx)); + fctx->location = check_and_make_absolute(PG_GETARG_TEXT_P(0)); + + fctx->dirdesc = AllocateDir(fctx->location); + + if (!fctx->dirdesc) + ereport(ERROR, + (errcode_for_file_access(), + errmsg("could not open directory \"%s\": %m", + fctx->location))); + + funcctx->user_fctx = fctx; + MemoryContextSwitchTo(oldcontext); + } + + funcctx = SRF_PERCALL_SETUP(); + fctx = (directory_fctx *) funcctx->user_fctx; + + while ((de = ReadDir(fctx->dirdesc, fctx->location)) != NULL) + { + int len = strlen(de->d_name); + text *result; + + if (strcmp(de->d_name, ".") == 0 || + strcmp(de->d_name, "..") == 0) + continue; + + result = palloc(len + VARHDRSZ); + VARATT_SIZEP(result) = len + VARHDRSZ; + memcpy(VARDATA(result), de->d_name, len); + + SRF_RETURN_NEXT(funcctx, PointerGetDatum(result)); + } + + FreeDir(fctx->dirdesc); + + SRF_RETURN_DONE(funcctx); +} diff --git a/src/port/copydir.c b/src/port/copydir.c index 155e261630..3c61c9b703 100644 --- a/src/port/copydir.c +++ b/src/port/copydir.c @@ -80,13 +80,13 @@ copydir(char *fromdir, char *todir, bool recurse) (errcode_for_file_access(), errmsg("could not stat file \"%s\": %m", fromfile))); - if (fst.st_mode & S_IFDIR) + if (S_ISDIR(fst.st_mode)) { /* recurse to handle subdirectories */ if (recurse) copydir(fromfile, tofile, true); } - else if (fst.st_mode & S_IFREG) + else if (S_ISREG(fst.st_mode)) copy_file(fromfile, tofile); } diff --git a/src/port/exec.c b/src/port/exec.c index 6b7cff72be..7a3c64da7b 100644 --- a/src/port/exec.c +++ b/src/port/exec.c @@ -78,8 +78,8 @@ validate_exec(const char *path) #else char path_exe[MAXPGPATH + sizeof(".exe") - 1]; #endif - int is_r = 0; - int is_x = 0; + int is_r; + int is_x; #ifdef WIN32 /* Win32 requires a .exe suffix for stat() */ @@ -101,7 +101,7 @@ validate_exec(const char *path) if (stat(path, &buf) < 0) return -1; - if ((buf.st_mode & S_IFMT) != S_IFREG) + if (!S_ISREG(buf.st_mode)) return -1; /* @@ -329,7 +329,7 @@ resolve_symlinks(char *path) fname = path; if (lstat(fname, &buf) < 0 || - (buf.st_mode & S_IFMT) != S_IFLNK) + !S_ISLNK(buf.st_mode)) break; rllen = readlink(fname, link_buf, sizeof(link_buf));