findbe.c 6.2 KB
Newer Older
1 2
/*-------------------------------------------------------------------------
 *
Bruce Momjian's avatar
Bruce Momjian committed
3
 * findbe.c
4
 *
Bruce Momjian's avatar
Bruce Momjian committed
5
 * Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group
Bruce Momjian's avatar
Add:  
Bruce Momjian committed
6
 * Portions Copyright (c) 1994, Regents of the University of California
7 8 9
 *
 *
 * IDENTIFICATION
10
 *	  $Header: /cvsroot/pgsql/src/backend/utils/init/Attic/findbe.c,v 1.38 2003/11/11 03:53:33 momjian Exp $
11 12 13
 *
 *-------------------------------------------------------------------------
 */
14 15
#include "postgres.h"

16 17
#include <grp.h>
#include <pwd.h>
Bruce Momjian's avatar
Bruce Momjian committed
18
#include <sys/stat.h>
19
#include <unistd.h>
20

Bruce Momjian's avatar
Bruce Momjian committed
21
#include "miscadmin.h"
22

23 24 25 26 27 28 29 30 31 32
#ifndef S_IRUSR					/* XXX [TRH] should be in a header */
#define S_IRUSR		 S_IREAD
#define S_IWUSR		 S_IWRITE
#define S_IXUSR		 S_IEXEC
#define S_IRGRP		 ((S_IRUSR)>>3)
#define S_IWGRP		 ((S_IWUSR)>>3)
#define S_IXGRP		 ((S_IXUSR)>>3)
#define S_IROTH		 ((S_IRUSR)>>6)
#define S_IWOTH		 ((S_IWUSR)>>6)
#define S_IXOTH		 ((S_IXUSR)>>6)
33 34
#endif

35

36
/*
37
 * ValidateBinary -- validate "path" as a POSTMASTER/POSTGRES executable file
38 39
 *
 * returns 0 if the file is found and no error is encountered.
40 41
 *		  -1 if the regular file "path" does not exist or cannot be executed.
 *		  -2 if the file is otherwise valid but cannot be read.
42
 */
43
static int
44
ValidateBinary(char *path)
45
{
46
	struct stat buf;
Bruce Momjian's avatar
Bruce Momjian committed
47

48
#ifndef WIN32
49 50 51
	uid_t		euid;
	struct group *gp;
	struct passwd *pwp;
52
	char		path_exe[MAXPGPATH + 2 + strlen(".exe")];
53
#endif
54 55 56 57
	int			i;
	int			is_r = 0;
	int			is_x = 0;
	int			in_grp = 0;
58

59 60 61 62 63 64 65 66 67 68
#ifdef WIN32
	/* Win32 requires a .exe suffix for stat() */
	if (strlen(path) >= 4 && strcmp(path + strlen(path) - strlen(".exe"), ".exe") != 0)
	{
		strcpy(path_exe, path);
		strcat(path_exe, ".exe");
		path = path_exe;
	}
#endif

69 70 71 72 73 74 75 76
	/*
	 * Ensure that the file exists and is a regular file.
	 *
	 * XXX if you have a broken system where stat() looks at the symlink
	 * instead of the underlying file, you lose.
	 */
	if (stat(path, &buf) < 0)
	{
77
		elog(DEBUG3, "could not stat \"%s\": %m", path);
78
		return -1;
79
	}
80 81

	if ((buf.st_mode & S_IFMT) != S_IFREG)
82
	{
83
		elog(DEBUG3, "\"%s\" is not a regular file", path);
84
		return -1;
85 86 87 88 89 90
	}

	/*
	 * Ensure that we are using an authorized backend.
	 *
	 * XXX I'm open to suggestions here.  I would like to enforce ownership
91
	 * of binaries by user "postgres" but people seem to like to run as
92 93 94 95 96 97 98
	 * users other than "postgres"...
	 */

	/*
	 * Ensure that the file is both executable and readable (required for
	 * dynamic loading).
	 */
99
#ifdef WIN32
Bruce Momjian's avatar
Bruce Momjian committed
100 101 102
	is_r = buf.st_mode & S_IRUSR;
	is_x = buf.st_mode & S_IXUSR;
	return is_x ? (is_r ? 0 : -2) : -1;
103
#else
104 105 106 107 108
	euid = geteuid();
	if (euid == buf.st_uid)
	{
		is_r = buf.st_mode & S_IRUSR;
		is_x = buf.st_mode & S_IXUSR;
109
		if (!(is_r && is_x))
110
			elog(DEBUG3, "\"%s\" is not user read/execute", path);
111
		return is_x ? (is_r ? 0 : -2) : -1;
112 113 114 115 116 117 118
	}
	pwp = getpwuid(euid);
	if (pwp)
	{
		if (pwp->pw_gid == buf.st_gid)
			++in_grp;
		else if (pwp->pw_name &&
119 120
				 (gp = getgrgid(buf.st_gid)) != NULL &&
				 gp->gr_mem != NULL)
121 122 123 124 125 126 127 128 129 130 131 132 133 134
		{
			for (i = 0; gp->gr_mem[i]; ++i)
			{
				if (!strcmp(gp->gr_mem[i], pwp->pw_name))
				{
					++in_grp;
					break;
				}
			}
		}
		if (in_grp)
		{
			is_r = buf.st_mode & S_IRGRP;
			is_x = buf.st_mode & S_IXGRP;
135
			if (!(is_r && is_x))
136
				elog(DEBUG3, "\"%s\" is not group read/execute", path);
137
			return is_x ? (is_r ? 0 : -2) : -1;
138 139 140 141
		}
	}
	is_r = buf.st_mode & S_IROTH;
	is_x = buf.st_mode & S_IXOTH;
142
	if (!(is_r && is_x))
143
		elog(DEBUG3, "\"%s\" is not other read/execute", path);
144
	return is_x ? (is_r ? 0 : -2) : -1;
145
#endif
146 147 148
}

/*
Bruce Momjian's avatar
Bruce Momjian committed
149
 * FindExec -- find an absolute path to a valid backend executable
150 151
 *
 * The reason we have to work so hard to find an absolute path is that
152 153 154
 * on some platforms we can't do dynamic loading unless we know the
 * executable's location.  Also, we need a full path not a relative
 * path because we will later change working directory.
155 156
 */
int
157
FindExec(char *full_path, const char *argv0, const char *binary_name)
158
{
159 160 161 162 163
	char		buf[MAXPGPATH + 2];
	char	   *p;
	char	   *path,
			   *startp,
			   *endp;
164 165

	/*
166 167
	 * for the postmaster: First try: use the binary that's located in the
	 * same directory as the postmaster, if it was invoked with an
168 169 170 171 172 173 174 175
	 * explicit path. Presumably the user used an explicit path because it
	 * wasn't in PATH, and we don't want to use incompatible executables.
	 *
	 * This has the neat property that it works for installed binaries, old
	 * source trees (obj/support/post{master,gres}) and new marc source
	 * trees (obj/post{master,gres}) because they all put the two binaries
	 * in the same place.
	 *
176 177 178
	 * for the binary: First try: if we're given some kind of path, use it
	 * (making sure that a relative path is made absolute before returning
	 * it).
179
	 */
180
	if (argv0 && (p = last_path_separator(argv0)) && *++p)
181
	{
182
		if (is_absolute_path(argv0) || !getcwd(buf, MAXPGPATH))
183 184 185 186
			buf[0] = '\0';
		else
			strcat(buf, "/");
		strcat(buf, argv0);
187
		p = last_path_separator(buf);
188
		strcpy(++p, binary_name);
189
		if (ValidateBinary(buf) == 0)
190
		{
191
			strncpy(full_path, buf, MAXPGPATH);
192
			elog(DEBUG2, "found \"%s\" using argv[0]", full_path);
193
			return 0;
194
		}
195
		elog(DEBUG2, "invalid binary \"%s\"", buf);
196
		return -1;
197
	}
198 199 200 201 202 203 204

	/*
	 * Second try: since no explicit path was supplied, the user must have
	 * been relying on PATH.  We'll use the same PATH.
	 */
	if ((p = getenv("PATH")) && *p)
	{
205
		elog(DEBUG2, "searching PATH for executable");
206
		path = strdup(p);		/* make a modifiable copy */
207 208 209 210 211 212 213 214
		for (startp = path, endp = strchr(path, ':');
			 startp && *startp;
			 startp = endp + 1, endp = strchr(startp, ':'))
		{
			if (startp == endp) /* it's a "::" */
				continue;
			if (endp)
				*endp = '\0';
215
			if (is_absolute_path(startp) || !getcwd(buf, MAXPGPATH))
216
				buf[0] = '\0';
217 218
			else
				strcat(buf, "/");
219
			strcat(buf, startp);
220 221 222
			strcat(buf, "/");
			strcat(buf, binary_name);
			switch (ValidateBinary(buf))
223
			{
224
				case 0: /* found ok */
225
					strncpy(full_path, buf, MAXPGPATH);
226
					elog(DEBUG2, "found \"%s\" using PATH", full_path);
227
					free(path);
228
					return 0;
229 230 231
				case -1:		/* wasn't even a candidate, keep looking */
					break;
				case -2:		/* found but disqualified */
232
					elog(DEBUG2, "could not read binary \"%s\"", buf);
233
					free(path);
234
					return -1;
235 236 237 238
			}
			if (!endp)			/* last one */
				break;
		}
239 240 241
		free(path);
	}

242
	elog(DEBUG2, "could not find a \"%s\" to execute", binary_name);
243
	return -1;
244
}