search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Disallow empty passwords in LDAP authentication, the same way
[PostgreSQL.git] / src / bin / pg_dump / pg_backup_db.c
blob499d2c115e31bcb3cf1f54571e16f88e0c68bd7c
1 /*-------------------------------------------------------------------------
2 *
3 * pg_backup_db.c
4 *
5 * Implements the basic DB functions used by the archiver.
6 *
7 * IDENTIFICATION
8 * $PostgreSQL$
9 *
10 *-------------------------------------------------------------------------
11 */
12
13 #include "pg_backup_db.h"
14 #include "dumputils.h"
15
16 #include <unistd.h>
17
18 #include <ctype.h>
19
20 #ifdef HAVE_TERMIOS_H
21 #include <termios.h>
22 #endif
23
24
25 static const char *modulename = gettext_noop("archiver (db)");
26
27 static void _check_database_version(ArchiveHandle *AH);
28 static PGconn *_connectDB(ArchiveHandle *AH, const char *newdbname, const char *newUser);
29 static void notice_processor(void *arg, const char *message);
30 static char *_sendSQLLine(ArchiveHandle *AH, char *qry, char *eos);
31 static char *_sendCopyLine(ArchiveHandle *AH, char *qry, char *eos);
32
33 static bool _isIdentChar(unsigned char c);
34 static bool _isDQChar(unsigned char c, bool atStart);
35
36 #define DB_MAX_ERR_STMT 128
37
38 static int
39 _parse_version(ArchiveHandle *AH, const char *versionString)
40 {
41 int v;
42
43 v = parse_version(versionString);
44 if (v < 0)
45 die_horribly(AH, modulename, "could not parse version string \"%s\"\n", versionString);
46
47 return v;
48 }
49
50 static void
51 _check_database_version(ArchiveHandle *AH)
52 {
53 int myversion;
54 const char *remoteversion_str;
55 int remoteversion;
56
57 myversion = _parse_version(AH, PG_VERSION);
58
59 remoteversion_str = PQparameterStatus(AH->connection, "server_version");
60 if (!remoteversion_str)
61 die_horribly(AH, modulename, "could not get server_version from libpq\n");
62
63 remoteversion = _parse_version(AH, remoteversion_str);
64
65 AH->public.remoteVersionStr = strdup(remoteversion_str);
66 AH->public.remoteVersion = remoteversion;
67
68 if (myversion != remoteversion
69 && (remoteversion < AH->public.minRemoteVersion ||
70 remoteversion > AH->public.maxRemoteVersion))
71 {
72 write_msg(NULL, "server version: %s; %s version: %s\n",
73 remoteversion_str, progname, PG_VERSION);
74 die_horribly(AH, NULL, "aborting because of server version mismatch\n");
75 }
76 }
77
78 /*
79 * Reconnect to the server. If dbname is not NULL, use that database,
80 * else the one associated with the archive handle. If username is
81 * not NULL, use that user name, else the one from the handle. If
82 * both the database and the user match the existing connection already,
83 * nothing will be done.
84 *
85 * Returns 1 in any case.
86 */
87 int
88 ReconnectToServer(ArchiveHandle *AH, const char *dbname, const char *username)
89 {
90 PGconn *newConn;
91 const char *newdbname;
92 const char *newusername;
93
94 if (!dbname)
95 newdbname = PQdb(AH->connection);
96 else
97 newdbname = dbname;
98
99 if (!username)
100 newusername = PQuser(AH->connection);
101 else
102 newusername = username;
103
104 /* Let's see if the request is already satisfied */
105 if (strcmp(newdbname, PQdb(AH->connection)) == 0 &&
106 strcmp(newusername, PQuser(AH->connection)) == 0)
107 return 1;
108
109 newConn = _connectDB(AH, newdbname, newusername);
110
111 PQfinish(AH->connection);
112 AH->connection = newConn;
113
114 return 1;
115 }
116
117 /*
118 * Connect to the db again.
119 *
120 * Note: it's not really all that sensible to use a single-entry password
121 * cache if the username keeps changing. In current usage, however, the
122 * username never does change, so one savedPassword is sufficient. We do
123 * update the cache on the off chance that the password has changed since the
124 * start of the run.
125 */
126 static PGconn *
127 _connectDB(ArchiveHandle *AH, const char *reqdb, const char *requser)
128 {
129 PGconn *newConn;
130 const char *newdb;
131 const char *newuser;
132 char *password = AH->savedPassword;
133 bool new_pass;
134
135 if (!reqdb)
136 newdb = PQdb(AH->connection);
137 else
138 newdb = reqdb;
139
140 if (!requser || strlen(requser) == 0)
141 newuser = PQuser(AH->connection);
142 else
143 newuser = requser;
144
145 ahlog(AH, 1, "connecting to database \"%s\" as user \"%s\"\n",
146 newdb, newuser);
147
148 if (AH->promptPassword == TRI_YES && password == NULL)
149 {
150 password = simple_prompt("Password: ", 100, false);
151 if (password == NULL)
152 die_horribly(AH, modulename, "out of memory\n");
153 }
154
155 do
156 {
157 new_pass = false;
158 newConn = PQsetdbLogin(PQhost(AH->connection), PQport(AH->connection),
159 NULL, NULL, newdb,
160 newuser, password);
161 if (!newConn)
162 die_horribly(AH, modulename, "failed to reconnect to database\n");
163
164 if (PQstatus(newConn) == CONNECTION_BAD)
165 {
166 if (!PQconnectionNeedsPassword(newConn))
167 die_horribly(AH, modulename, "could not reconnect to database: %s",
168 PQerrorMessage(newConn));
169 PQfinish(newConn);
170
171 if (password)
172 fprintf(stderr, "Password incorrect\n");
173
174 fprintf(stderr, "Connecting to %s as %s\n",
175 newdb, newuser);
176
177 if (password)
178 free(password);
179
180 if (AH->promptPassword != TRI_NO)
181 password = simple_prompt("Password: ", 100, false);
182 else
183 die_horribly(AH, modulename, "connection needs password\n");
184
185 if (password == NULL)
186 die_horribly(AH, modulename, "out of memory\n");
187 new_pass = true;
188 }
189 } while (new_pass);
190
191 AH->savedPassword = password;
192
193 /* check for version mismatch */
194 _check_database_version(AH);
195
196 PQsetNoticeProcessor(newConn, notice_processor, NULL);
197
198 return newConn;
199 }
200
201
202 /*
203 * Make a database connection with the given parameters. The
204 * connection handle is returned, the parameters are stored in AHX.
205 * An interactive password prompt is automatically issued if required.
206 *
207 * Note: it's not really all that sensible to use a single-entry password
208 * cache if the username keeps changing. In current usage, however, the
209 * username never does change, so one savedPassword is sufficient.
210 */
211 PGconn *
212 ConnectDatabase(Archive *AHX,
213 const char *dbname,
214 const char *pghost,
215 const char *pgport,
216 const char *username,
217 enum trivalue prompt_password)
218 {
219 ArchiveHandle *AH = (ArchiveHandle *) AHX;
220 char *password = AH->savedPassword;
221 bool new_pass;
222
223 if (AH->connection)
224 die_horribly(AH, modulename, "already connected to a database\n");
225
226 if (prompt_password == TRI_YES && password == NULL)
227 {
228 password = simple_prompt("Password: ", 100, false);
229 if (password == NULL)
230 die_horribly(AH, modulename, "out of memory\n");
231 }
232 AH->promptPassword = prompt_password;
233
234 /*
235 * Start the connection. Loop until we have a password if requested by
236 * backend.
237 */
238 do
239 {
240 new_pass = false;
241 AH->connection = PQsetdbLogin(pghost, pgport, NULL, NULL,
242 dbname, username, password);
243
244 if (!AH->connection)
245 die_horribly(AH, modulename, "failed to connect to database\n");
246
247 if (PQstatus(AH->connection) == CONNECTION_BAD &&
248 PQconnectionNeedsPassword(AH->connection) &&
249 password == NULL &&
250 prompt_password != TRI_NO)
251 {
252 PQfinish(AH->connection);
253 password = simple_prompt("Password: ", 100, false);
254 if (password == NULL)
255 die_horribly(AH, modulename, "out of memory\n");
256 new_pass = true;
257 }
258 } while (new_pass);
259
260 AH->savedPassword = password;
261
262 /* check to see that the backend connection was successfully made */
263 if (PQstatus(AH->connection) == CONNECTION_BAD)
264 die_horribly(AH, modulename, "connection to database \"%s\" failed: %s",
265 PQdb(AH->connection), PQerrorMessage(AH->connection));
266
267 /* check for version mismatch */
268 _check_database_version(AH);
269
270 PQsetNoticeProcessor(AH->connection, notice_processor, NULL);
271
272 return AH->connection;
273 }
274
275
276 static void
277 notice_processor(void *arg, const char *message)
278 {
279 write_msg(NULL, "%s", message);
280 }
281
282
283 /* Public interface */
284 /* Convenience function to send a query. Monitors result to handle COPY statements */
285 static void
286 ExecuteSqlCommand(ArchiveHandle *AH, const char *qry, const char *desc)
287 {
288 PGconn *conn = AH->connection;
289 PGresult *res;
290 char errStmt[DB_MAX_ERR_STMT];
291
292 #ifdef NOT_USED
293 fprintf(stderr, "Executing: '%s'\n\n", qry);
294 #endif
295 res = PQexec(conn, qry);
296
297 switch (PQresultStatus(res))
298 {
299 case PGRES_COMMAND_OK:
300 case PGRES_TUPLES_OK:
301 /* A-OK */
302 break;
303 case PGRES_COPY_IN:
304 /* Assume this is an expected result */
305 AH->pgCopyIn = true;
306 break;
307 default:
308 /* trouble */
309 strncpy(errStmt, qry, DB_MAX_ERR_STMT);
310 if (errStmt[DB_MAX_ERR_STMT - 1] != '\0')
311 {
312 errStmt[DB_MAX_ERR_STMT - 4] = '.';
313 errStmt[DB_MAX_ERR_STMT - 3] = '.';
314 errStmt[DB_MAX_ERR_STMT - 2] = '.';
315 errStmt[DB_MAX_ERR_STMT - 1] = '\0';
316 }
317 warn_or_die_horribly(AH, modulename, "%s: %s Command was: %s\n",
318 desc, PQerrorMessage(conn), errStmt);
319 break;
320 }
321
322 PQclear(res);
323 }
324
325 /*
326 * Used by ExecuteSqlCommandBuf to send one buffered line when running a COPY command.
327 */
328 static char *
329 _sendCopyLine(ArchiveHandle *AH, char *qry, char *eos)
330 {
331 size_t loc; /* Location of next newline */
332 int pos = 0; /* Current position */
333 int sPos = 0; /* Last pos of a slash char */
334 int isEnd = 0;
335
336 /* loop to find unquoted newline ending the line of COPY data */
337 for (;;)
338 {
339 loc = strcspn(&qry[pos], "\n") + pos;
340
341 /* If no match, then wait */
342 if (loc >= (eos - qry)) /* None found */
343 {
344 appendBinaryPQExpBuffer(AH->pgCopyBuf, qry, (eos - qry));
345 return eos;
346 }
347
348 /*
349 * fprintf(stderr, "Found cr at %d, prev char was %c, next was %c\n",
350 * loc, qry[loc-1], qry[loc+1]);
351 */
352
353 /* Count the number of preceding slashes */
354 sPos = loc;
355 while (sPos > 0 && qry[sPos - 1] == '\\')
356 sPos--;
357
358 sPos = loc - sPos;
359
360 /*
361 * If an odd number of preceding slashes, then \n was escaped so set
362 * the next search pos, and loop (if any left).
363 */
364 if ((sPos & 1) == 1)
365 {
366 /* fprintf(stderr, "cr was escaped\n"); */
367 pos = loc + 1;
368 if (pos >= (eos - qry))
369 {
370 appendBinaryPQExpBuffer(AH->pgCopyBuf, qry, (eos - qry));
371 return eos;
372 }
373 }
374 else
375 break;
376 }
377
378 /* We found an unquoted newline */
379 qry[loc] = '\0';
380 appendPQExpBuffer(AH->pgCopyBuf, "%s\n", qry);
381 isEnd = (strcmp(AH->pgCopyBuf->data, "\\.\n") == 0);
382
383 /*
384 * Note that we drop the data on the floor if libpq has failed to enter
385 * COPY mode; this allows us to behave reasonably when trying to continue
386 * after an error in a COPY command.
387 */
388 if (AH->pgCopyIn &&
389 PQputCopyData(AH->connection, AH->pgCopyBuf->data,
390 AH->pgCopyBuf->len) <= 0)
391 die_horribly(AH, modulename, "error returned by PQputCopyData: %s",
392 PQerrorMessage(AH->connection));
393
394 resetPQExpBuffer(AH->pgCopyBuf);
395
396 if (isEnd && AH->pgCopyIn)
397 {
398 PGresult *res;
399
400 if (PQputCopyEnd(AH->connection, NULL) <= 0)
401 die_horribly(AH, modulename, "error returned by PQputCopyEnd: %s",
402 PQerrorMessage(AH->connection));
403
404 /* Check command status and return to normal libpq state */
405 res = PQgetResult(AH->connection);
406 if (PQresultStatus(res) != PGRES_COMMAND_OK)
407 warn_or_die_horribly(AH, modulename, "COPY failed: %s",
408 PQerrorMessage(AH->connection));
409 PQclear(res);
410
411 AH->pgCopyIn = false;
412 }
413
414 return qry + loc + 1;
415 }
416
417 /*
418 * Used by ExecuteSqlCommandBuf to send one buffered line of SQL
419 * (not data for the copy command).
420 */
421 static char *
422 _sendSQLLine(ArchiveHandle *AH, char *qry, char *eos)
423 {
424 /*
425 * The following is a mini state machine to assess the end of an SQL
426 * statement. It really only needs to parse good SQL, or at least that's
427 * the theory... End-of-statement is assumed to be an unquoted,
428 * un-commented semi-colon that's not within any parentheses.
429 *
430 * Note: the input can be split into bufferloads at arbitrary boundaries.
431 * Therefore all state must be kept in AH->sqlparse, not in local
432 * variables of this routine. We assume that AH->sqlparse was filled with
433 * zeroes when created.
434 */
435 for (; qry < eos; qry++)
436 {
437 switch (AH->sqlparse.state)
438 {
439 case SQL_SCAN: /* Default state == 0, set in _allocAH */
440 if (*qry == ';' && AH->sqlparse.braceDepth == 0)
441 {
442 /*
443 * We've found the end of a statement. Send it and reset
444 * the buffer.
445 */
446 appendPQExpBufferChar(AH->sqlBuf, ';'); /* inessential */
447 ExecuteSqlCommand(AH, AH->sqlBuf->data,
448 "could not execute query");
449 resetPQExpBuffer(AH->sqlBuf);
450 AH->sqlparse.lastChar = '\0';
451
452 /*
453 * Remove any following newlines - so that embedded COPY
454 * commands don't get a starting newline.
455 */
456 qry++;
457 while (qry < eos && *qry == '\n')
458 qry++;
459
460 /* We've finished one line, so exit */
461 return qry;
462 }
463 else if (*qry == '\'')
464 {
465 if (AH->sqlparse.lastChar == 'E')
466 AH->sqlparse.state = SQL_IN_E_QUOTE;
467 else
468 AH->sqlparse.state = SQL_IN_SINGLE_QUOTE;
469 AH->sqlparse.backSlash = false;
470 }
471 else if (*qry == '"')
472 {
473 AH->sqlparse.state = SQL_IN_DOUBLE_QUOTE;
474 }
475
476 /*
477 * Look for dollar-quotes. We make the assumption that
478 * $-quotes will not have an ident character just before them
479 * in pg_dump output. XXX is this good enough?
480 */
481 else if (*qry == '$' && !_isIdentChar(AH->sqlparse.lastChar))
482 {
483 AH->sqlparse.state = SQL_IN_DOLLAR_TAG;
484 /* initialize separate buffer with possible tag */
485 if (AH->sqlparse.tagBuf == NULL)
486 AH->sqlparse.tagBuf = createPQExpBuffer();
487 else
488 resetPQExpBuffer(AH->sqlparse.tagBuf);
489 appendPQExpBufferChar(AH->sqlparse.tagBuf, *qry);
490 }
491 else if (*qry == '-' && AH->sqlparse.lastChar == '-')
492 AH->sqlparse.state = SQL_IN_SQL_COMMENT;
493 else if (*qry == '*' && AH->sqlparse.lastChar == '/')
494 AH->sqlparse.state = SQL_IN_EXT_COMMENT;
495 else if (*qry == '(')
496 AH->sqlparse.braceDepth++;
497 else if (*qry == ')')
498 AH->sqlparse.braceDepth--;
499 break;
500
501 case SQL_IN_SQL_COMMENT:
502 if (*qry == '\n')
503 AH->sqlparse.state = SQL_SCAN;
504 break;
505
506 case SQL_IN_EXT_COMMENT:
507
508 /*
509 * This isn't fully correct, because we don't account for
510 * nested slash-stars, but pg_dump never emits such.
511 */
512 if (AH->sqlparse.lastChar == '*' && *qry == '/')
513 AH->sqlparse.state = SQL_SCAN;
514 break;
515
516 case SQL_IN_SINGLE_QUOTE:
517 /* We needn't handle '' specially */
518 if (*qry == '\'' && !AH->sqlparse.backSlash)
519 AH->sqlparse.state = SQL_SCAN;
520 else if (*qry == '\\')
521 AH->sqlparse.backSlash = !AH->sqlparse.backSlash;
522 else
523 AH->sqlparse.backSlash = false;
524 break;
525
526 case SQL_IN_E_QUOTE:
527
528 /*
529 * Eventually we will need to handle '' specially, because
530 * after E'...''... we should still be in E_QUOTE state.
531 *
532 * XXX problem: how do we tell whether the dump was made by a
533 * version that thinks backslashes aren't special in non-E
534 * literals??
535 */
536 if (*qry == '\'' && !AH->sqlparse.backSlash)
537 AH->sqlparse.state = SQL_SCAN;
538 else if (*qry == '\\')
539 AH->sqlparse.backSlash = !AH->sqlparse.backSlash;
540 else
541 AH->sqlparse.backSlash = false;
542 break;
543
544 case SQL_IN_DOUBLE_QUOTE:
545 /* We needn't handle "" specially */
546 if (*qry == '"')
547 AH->sqlparse.state = SQL_SCAN;
548 break;
549
550 case SQL_IN_DOLLAR_TAG:
551 if (*qry == '$')
552 {
553 /* Do not add the closing $ to tagBuf */
554 AH->sqlparse.state = SQL_IN_DOLLAR_QUOTE;
555 AH->sqlparse.minTagEndPos = AH->sqlBuf->len + AH->sqlparse.tagBuf->len + 1;
556 }
557 else if (_isDQChar(*qry, (AH->sqlparse.tagBuf->len == 1)))
558 {
559 /* Valid, so add to tag */
560 appendPQExpBufferChar(AH->sqlparse.tagBuf, *qry);
561 }
562 else
563 {
564 /*
565 * Ooops, we're not really in a dollar-tag. Valid tag
566 * chars do not include the various chars we look for in
567 * this state machine, so it's safe to just jump from this
568 * state back to SCAN. We have to back up the qry pointer
569 * so that the current character gets rescanned in SCAN
570 * state; and then "continue" so that the bottom-of-loop
571 * actions aren't done yet.
572 */
573 AH->sqlparse.state = SQL_SCAN;
574 qry--;
575 continue;
576 }
577 break;
578
579 case SQL_IN_DOLLAR_QUOTE:
580
581 /*
582 * If we are at a $, see whether what precedes it matches
583 * tagBuf. (Remember that the trailing $ of the tag was not
584 * added to tagBuf.) However, don't compare until we have
585 * enough data to be a possible match --- this is needed to
586 * avoid false match on '$a$a$...'
587 */
588 if (*qry == '$' &&
589 AH->sqlBuf->len >= AH->sqlparse.minTagEndPos &&
590 strcmp(AH->sqlparse.tagBuf->data,
591 AH->sqlBuf->data + AH->sqlBuf->len - AH->sqlparse.tagBuf->len) == 0)
592 AH->sqlparse.state = SQL_SCAN;
593 break;
594 }
595
596 appendPQExpBufferChar(AH->sqlBuf, *qry);
597 AH->sqlparse.lastChar = *qry;
598 }
599
600 /*
601 * If we get here, we've processed entire bufferload with no complete SQL
602 * stmt
603 */
604 return eos;
605 }
606
607
608 /* Convenience function to send one or more queries. Monitors result to handle COPY statements */
609 int
610 ExecuteSqlCommandBuf(ArchiveHandle *AH, void *qryv, size_t bufLen)
611 {
612 char *qry = (char *) qryv;
613 char *eos = qry + bufLen;
614
615 /*
616 * fprintf(stderr, "\n\n*****\n Buffer:\n\n%s\n*******************\n\n",
617 * qry);
618 */
619
620 /* Could switch between command and COPY IN mode at each line */
621 while (qry < eos)
622 {
623 /*
624 * If libpq is in CopyIn mode *or* if the archive structure shows we
625 * are sending COPY data, treat the data as COPY data. The pgCopyIn
626 * check is only needed for backwards compatibility with ancient
627 * archive files that might just issue a COPY command without marking
628 * it properly. Note that in an archive entry that has a copyStmt,
629 * all data up to the end of the entry will go to _sendCopyLine, and
630 * therefore will be dropped if libpq has failed to enter COPY mode.
631 * Also, if a "\." data terminator is found, anything remaining in the
632 * archive entry will be dropped.
633 */
634 if (AH->pgCopyIn || AH->writingCopyData)
635 qry = _sendCopyLine(AH, qry, eos);
636 else
637 qry = _sendSQLLine(AH, qry, eos);
638 }
639
640 return 1;
641 }
642
643 void
644 StartTransaction(ArchiveHandle *AH)
645 {
646 ExecuteSqlCommand(AH, "BEGIN", "could not start database transaction");
647 }
648
649 void
650 CommitTransaction(ArchiveHandle *AH)
651 {
652 ExecuteSqlCommand(AH, "COMMIT", "could not commit database transaction");
653 }
654
655 static bool
656 _isIdentChar(unsigned char c)
657 {
658 if ((c >= 'a' && c <= 'z')
659 || (c >= 'A' && c <= 'Z')
660 || (c >= '0' && c <= '9')
661 || (c == '_')
662 || (c == '$')
663 || (c >= (unsigned char) '\200') /* no need to check <= \377 */
664 )
665 return true;
666 else
667 return false;
668 }
669
670 static bool
671 _isDQChar(unsigned char c, bool atStart)
672 {
673 if ((c >= 'a' && c <= 'z')
674 || (c >= 'A' && c <= 'Z')
675 || (c == '_')
676 || (!atStart && c >= '0' && c <= '9')
677 || (c >= (unsigned char) '\200') /* no need to check <= \377 */
678 )
679 return true;
680 else
681 return false;
682 }
PostgreSQL from CVS