exec.c 11.7 KB
Newer Older
1 2
/*-------------------------------------------------------------------------
 *
3
 * exec.c
4
 *
Bruce Momjian's avatar
Bruce Momjian committed
5
 * Portions Copyright (c) 1996-2004, PostgreSQL Global Development Group
Bruce Momjian's avatar
Add:  
Bruce Momjian committed
6
 * Portions Copyright (c) 1994, Regents of the University of California
7 8 9
 *
 *
 * IDENTIFICATION
10
 *	  $PostgreSQL: pgsql/src/port/exec.c,v 1.26 2004/09/27 22:06:41 momjian Exp $
11 12 13
 *
 *-------------------------------------------------------------------------
 */
14 15

#ifndef FRONTEND
16
#include "postgres.h"
17 18 19
#else
#include "postgres_fe.h"
#endif
20

21 22
#include <grp.h>
#include <pwd.h>
Bruce Momjian's avatar
Bruce Momjian committed
23
#include <sys/stat.h>
24
#include <sys/wait.h>
25
#if !defined(_MSC_VER) && !defined(__BORLANDC__)
26
#include <unistd.h>
27 28 29
#else
#include "port/win32.h"
#endif
30

31
#include "miscadmin.h"
32

33
#define _(x) gettext(x)
34

35 36 37 38 39 40 41 42 43 44
#ifndef S_IRUSR					/* XXX [TRH] should be in a header */
#define S_IRUSR		 S_IREAD
#define S_IWUSR		 S_IWRITE
#define S_IXUSR		 S_IEXEC
#define S_IRGRP		 ((S_IRUSR)>>3)
#define S_IWGRP		 ((S_IWUSR)>>3)
#define S_IXGRP		 ((S_IXUSR)>>3)
#define S_IROTH		 ((S_IRUSR)>>6)
#define S_IWOTH		 ((S_IWUSR)>>6)
#define S_IXOTH		 ((S_IXUSR)>>6)
45 46
#endif

47 48 49 50 51 52 53
#ifndef FRONTEND
/* We use only 3-parameter elog calls in this file, for simplicity */
#define log_error(str, param)	elog(LOG, (str), (param))
#else
#define log_error(str, param)	fprintf(stderr, (str), (param))
#endif

54

55
static void win32_make_absolute(char *path);
56

57

58
/*
59
 * validate_exec -- validate "path" as an executable file
60 61
 *
 * returns 0 if the file is found and no error is encountered.
62 63
 *		  -1 if the regular file "path" does not exist or cannot be executed.
 *		  -2 if the file is otherwise valid but cannot be read.
64
 */
65
static int
66
validate_exec(const char *path)
67
{
68
	struct stat buf;
Bruce Momjian's avatar
Bruce Momjian committed
69

70
#ifndef WIN32
71 72 73
	uid_t		euid;
	struct group *gp;
	struct passwd *pwp;
74 75
	int			i;
	int			in_grp = 0;
Bruce Momjian's avatar
Bruce Momjian committed
76

77
#else
78
	char		path_exe[MAXPGPATH + sizeof(".exe") - 1];
79
#endif
80 81
	int			is_r = 0;
	int			is_x = 0;
82

83 84
#ifdef WIN32
	/* Win32 requires a .exe suffix for stat() */
85 86
	if (strlen(path) >= strlen(".exe") &&
		pg_strcasecmp(path + strlen(path) - strlen(".exe"), ".exe") != 0)
87 88 89 90 91 92 93
	{
		strcpy(path_exe, path);
		strcat(path_exe, ".exe");
		path = path_exe;
	}
#endif

94 95 96 97 98 99 100
	/*
	 * Ensure that the file exists and is a regular file.
	 *
	 * XXX if you have a broken system where stat() looks at the symlink
	 * instead of the underlying file, you lose.
	 */
	if (stat(path, &buf) < 0)
101
		return -1;
102 103

	if ((buf.st_mode & S_IFMT) != S_IFREG)
104
		return -1;
105 106

	/*
107
	 * Ensure that we are using an authorized executable.
108 109 110 111 112 113
	 */

	/*
	 * Ensure that the file is both executable and readable (required for
	 * dynamic loading).
	 */
114
#ifdef WIN32
Bruce Momjian's avatar
Bruce Momjian committed
115 116 117
	is_r = buf.st_mode & S_IRUSR;
	is_x = buf.st_mode & S_IXUSR;
	return is_x ? (is_r ? 0 : -2) : -1;
118
#else
119
	euid = geteuid();
120 121

	/* If owned by us, just check owner bits */
122 123 124 125
	if (euid == buf.st_uid)
	{
		is_r = buf.st_mode & S_IRUSR;
		is_x = buf.st_mode & S_IXUSR;
126
		return is_x ? (is_r ? 0 : -2) : -1;
127
	}
128 129

	/* OK, check group bits */
Bruce Momjian's avatar
Bruce Momjian committed
130 131

	pwp = getpwuid(euid);		/* not thread-safe */
132 133
	if (pwp)
	{
134
		if (pwp->pw_gid == buf.st_gid)	/* my primary group? */
135 136
			++in_grp;
		else if (pwp->pw_name &&
137
				 (gp = getgrgid(buf.st_gid)) != NULL && /* not thread-safe */
138
				 gp->gr_mem != NULL)
Bruce Momjian's avatar
Bruce Momjian committed
139
		{						/* try list of member groups */
140 141 142 143 144 145 146 147 148 149 150 151 152
			for (i = 0; gp->gr_mem[i]; ++i)
			{
				if (!strcmp(gp->gr_mem[i], pwp->pw_name))
				{
					++in_grp;
					break;
				}
			}
		}
		if (in_grp)
		{
			is_r = buf.st_mode & S_IRGRP;
			is_x = buf.st_mode & S_IXGRP;
153
			return is_x ? (is_r ? 0 : -2) : -1;
154 155
		}
	}
156 157

	/* Check "other" bits */
158 159
	is_r = buf.st_mode & S_IROTH;
	is_x = buf.st_mode & S_IXOTH;
160
	return is_x ? (is_r ? 0 : -2) : -1;
161
#endif
162 163 164
}

/*
165
 * find_my_exec -- find an absolute path to a valid executable
166 167
 *
 * The reason we have to work so hard to find an absolute path is that
168 169 170
 * on some platforms we can't do dynamic loading unless we know the
 * executable's location.  Also, we need a full path not a relative
 * path because we will later change working directory.
171 172
 *
 * This function is not thread-safe because of it calls validate_exec(),
Bruce Momjian's avatar
Bruce Momjian committed
173
 * which calls getgrgid().	This function should be used only in
174
 * non-threaded binaries, not in library routines.
175 176
 */
int
177
find_my_exec(const char *argv0, char *retpath)
178
{
Bruce Momjian's avatar
Bruce Momjian committed
179 180 181
	char		cwd[MAXPGPATH],
				test_path[MAXPGPATH];
	char	   *path;
182

183
#if !defined(_MSC_VER) && !defined(__BORLANDC__)
184
	if (!getcwd(cwd, MAXPGPATH))
185 186 187
#else
	if (!GetCurrentDirectory(MAXPGPATH, cwd))
#endif
188 189
		cwd[0] = '\0';

190
	/*
Bruce Momjian's avatar
Bruce Momjian committed
191 192 193 194
	 * First try: use the binary that's located in the same directory if
	 * it was invoked with an explicit path. Presumably the user used an
	 * explicit path because it wasn't in PATH, and we don't want to use
	 * incompatible executables.
195
	 *
196
	 * For the binary: First try: if we're given some kind of path, use it
197 198
	 * (making sure that a relative path is made absolute before returning
	 * it).
199
	 */
200
	/* Does argv0 have a separator? */
201
	if ((path = last_dir_separator(argv0)))
202
	{
203
		if (*++path == '\0')
204
		{
205
			log_error("argv[0] ends with a path separator \"%s\"", argv0);
206 207
			return -1;
		}
208 209

		if (is_absolute_path(argv0))
210
			StrNCpy(retpath, argv0, MAXPGPATH);
211
		else
212
			snprintf(retpath, MAXPGPATH, "%s/%s", cwd, argv0);
Bruce Momjian's avatar
Bruce Momjian committed
213

214 215
		canonicalize_path(retpath);
		if (validate_exec(retpath) == 0)
216
		{
217
			win32_make_absolute(retpath);
218
			return 0;
219
		}
220 221
		else
		{
222
			log_error("invalid binary \"%s\"", retpath);
223 224
			return -1;
		}
225
	}
226

227 228 229 230
#ifdef WIN32
	/* Win32 checks the current directory first for names without slashes */
	if (validate_exec(argv0) == 0)
	{
231 232
		snprintf(retpath, MAXPGPATH, "%s/%s", cwd, argv0);
		win32_make_absolute(retpath);
233 234 235 236
		return 0;
	}
#endif

237 238 239 240
	/*
	 * Second try: since no explicit path was supplied, the user must have
	 * been relying on PATH.  We'll use the same PATH.
	 */
241
	if ((path = getenv("PATH")) && *path)
242
	{
Bruce Momjian's avatar
Bruce Momjian committed
243 244
		char	   *startp = NULL,
				   *endp = NULL;
245 246

		do
247
		{
248 249 250 251
			if (!startp)
				startp = path;
			else
				startp = endp + 1;
252

253
			endp = first_path_separator(startp);
254
			if (!endp)
Bruce Momjian's avatar
Bruce Momjian committed
255
				endp = startp + strlen(startp); /* point to end */
256 257 258 259 260

			StrNCpy(test_path, startp, Min(endp - startp + 1, MAXPGPATH));

			if (is_absolute_path(test_path))
				snprintf(retpath, MAXPGPATH, "%s/%s", test_path, argv0);
261
			else
262
				snprintf(retpath, MAXPGPATH, "%s/%s/%s", cwd, test_path, argv0);
263

264 265
			canonicalize_path(retpath);
			switch (validate_exec(retpath))
266
			{
267
				case 0: /* found ok */
268
					win32_make_absolute(retpath);
269
					return 0;
270
				case -1:		/* wasn't even a candidate, keep looking */
271
					continue;
272
				case -2:		/* found but disqualified */
273
					log_error("could not read binary \"%s\"", retpath);
274
					continue;
275
			}
276
		} while (*endp);
277 278
	}

279
	log_error("could not find a \"%s\" to execute", argv0);
280
	return -1;
281 282

#if 0
Bruce Momjian's avatar
Bruce Momjian committed
283

284
	/*
Bruce Momjian's avatar
Bruce Momjian committed
285 286
	 * Win32 has a native way to find the executable name, but the above
	 * method works too.
287
	 */
288
	if (GetModuleFileName(NULL, retpath, MAXPGPATH) == 0)
Bruce Momjian's avatar
Bruce Momjian committed
289
		log_error("GetModuleFileName failed (%i)", (int) GetLastError());
290
#endif
291
}
292

293 294 295 296 297 298 299 300
/*
 * The runtime librarys popen() on win32 does not work when being
 * called from a service when running on windows <= 2000, because
 * there is no stdin/stdout/stderr.
 *
 * Executing a command in a pipe and reading the first line from it
 * is all we need.
 */
Bruce Momjian's avatar
Bruce Momjian committed
301 302 303

static char *
pipe_read_line(char *cmd, char *line, int maxsize)
304 305
{
#ifndef WIN32
Bruce Momjian's avatar
Bruce Momjian committed
306
	FILE	   *pgver;
307 308 309 310 311 312 313

	/* flush output buffers in case popen does not... */
	fflush(stdout);
	fflush(stderr);

	if ((pgver = popen(cmd, "r")) == NULL)
		return NULL;
Bruce Momjian's avatar
Bruce Momjian committed
314

315 316 317 318 319 320 321 322
	if (fgets(line, maxsize, pgver) == NULL)
	{
		perror("fgets failure");
		return NULL;
	}

	if (pclose_check(pgver))
		return NULL;
Bruce Momjian's avatar
Bruce Momjian committed
323

324 325 326 327
	return line;
#else
	/* Win32 */
	SECURITY_ATTRIBUTES sattr;
Bruce Momjian's avatar
Bruce Momjian committed
328 329 330
	HANDLE		childstdoutrd,
				childstdoutwr,
				childstdoutrddup;
331 332
	PROCESS_INFORMATION pi;
	STARTUPINFO si;
Bruce Momjian's avatar
Bruce Momjian committed
333
	char	   *retval = NULL;
334 335 336 337 338 339 340

	sattr.nLength = sizeof(SECURITY_ATTRIBUTES);
	sattr.bInheritHandle = TRUE;
	sattr.lpSecurityDescriptor = NULL;

	if (!CreatePipe(&childstdoutrd, &childstdoutwr, &sattr, 0))
		return NULL;
Bruce Momjian's avatar
Bruce Momjian committed
341

342 343 344 345 346 347 348 349 350 351 352 353 354 355
	if (!DuplicateHandle(GetCurrentProcess(),
						 childstdoutrd,
						 GetCurrentProcess(),
						 &childstdoutrddup,
						 0,
						 FALSE,
						 DUPLICATE_SAME_ACCESS))
	{
		CloseHandle(childstdoutrd);
		CloseHandle(childstdoutwr);
		return NULL;
	}

	CloseHandle(childstdoutrd);
Bruce Momjian's avatar
Bruce Momjian committed
356 357 358

	ZeroMemory(&pi, sizeof(pi));
	ZeroMemory(&si, sizeof(si));
359 360 361 362 363
	si.cb = sizeof(si);
	si.dwFlags = STARTF_USESTDHANDLES;
	si.hStdError = childstdoutwr;
	si.hStdOutput = childstdoutwr;
	si.hStdInput = INVALID_HANDLE_VALUE;
Bruce Momjian's avatar
Bruce Momjian committed
364

365 366 367 368 369 370 371 372 373 374 375
	if (CreateProcess(NULL,
					  cmd,
					  NULL,
					  NULL,
					  TRUE,
					  0,
					  NULL,
					  NULL,
					  &si,
					  &pi))
	{
Bruce Momjian's avatar
Bruce Momjian committed
376 377
		DWORD		bytesread = 0;

378 379
		/* Successfully started the process */

Bruce Momjian's avatar
Bruce Momjian committed
380 381
		ZeroMemory(line, maxsize);

382
		/* Let's see if we can read */
Bruce Momjian's avatar
Bruce Momjian committed
383
		if (WaitForSingleObject(childstdoutrddup, 10000) != WAIT_OBJECT_0)
384 385 386 387 388 389 390 391
		{
			/* Got timeout */
			CloseHandle(pi.hProcess);
			CloseHandle(pi.hThread);
			CloseHandle(childstdoutwr);
			CloseHandle(childstdoutrddup);
			return NULL;
		}
392

393 394 395 396 397
		/* We try just once */
		if (ReadFile(childstdoutrddup, line, maxsize, &bytesread, NULL) &&
			bytesread > 0)
		{
			/* So we read some data */
Bruce Momjian's avatar
Bruce Momjian committed
398
			int			len = strlen(line);
399
			retval = line;
400

401
			/*
Bruce Momjian's avatar
Bruce Momjian committed
402 403 404 405 406
			 * If EOL is \r\n, convert to just \n. Because stdout is a
			 * text-mode stream, the \n output by the child process is
			 * received as \r\n, so we convert it to \n.  The server
			 * main.c sets setvbuf(stdout, NULL, _IONBF, 0) which has the
			 * effect of disabling \n to \r\n expansion for stdout.
407
			 */
Bruce Momjian's avatar
Bruce Momjian committed
408
			if (len >= 2 && line[len - 2] == '\r' && line[len - 1] == '\n')
409
			{
Bruce Momjian's avatar
Bruce Momjian committed
410 411
				line[len - 2] = '\n';
				line[len - 1] = '\0';
412
				len--;
413 414
			}

Bruce Momjian's avatar
Bruce Momjian committed
415
			/*
Bruce Momjian's avatar
Bruce Momjian committed
416 417
			 * We emulate fgets() behaviour. So if there is no newline at
			 * the end, we add one...
Bruce Momjian's avatar
Bruce Momjian committed
418
			 */
Bruce Momjian's avatar
Bruce Momjian committed
419 420
			if (len == 0 || line[len - 1] != '\n')
				strcat(line, "\n");
421 422 423 424 425
		}

		CloseHandle(pi.hProcess);
		CloseHandle(pi.hThread);
	}
Bruce Momjian's avatar
Bruce Momjian committed
426

427 428 429 430 431 432
	CloseHandle(childstdoutwr);
	CloseHandle(childstdoutrddup);

	return retval;
#endif
}
Bruce Momjian's avatar
Bruce Momjian committed
433

434

435 436 437 438 439

/*
 * Find our binary directory, then make sure the "target" executable
 * is the proper version.
 */
440 441 442
int
find_other_exec(const char *argv0, const char *target,
				const char *versionstr, char *retpath)
443 444 445
{
	char		cmd[MAXPGPATH];
	char		line[100];
Bruce Momjian's avatar
Bruce Momjian committed
446

447
	if (find_my_exec(argv0, retpath) < 0)
448 449
		return -1;

Bruce Momjian's avatar
Bruce Momjian committed
450
	/* Trim off program name and keep just directory */
451
	*last_dir_separator(retpath) = '\0';
452 453 454
	canonicalize_path(retpath);

	/* Now append the other program's name */
455 456 457 458 459
	snprintf(retpath + strlen(retpath), MAXPGPATH - strlen(retpath),
			 "/%s%s", target, EXE);

	if (validate_exec(retpath))
		return -1;
Bruce Momjian's avatar
Bruce Momjian committed
460

461 462
	snprintf(cmd, sizeof(cmd), "\"%s\" -V 2>%s", retpath, DEVNULL);

463
	if (!pipe_read_line(cmd, line, sizeof(line)))
464
		return -1;
Bruce Momjian's avatar
Bruce Momjian committed
465

466 467 468 469 470 471 472
	if (strcmp(line, versionstr) != 0)
		return -2;

	return 0;
}


473 474 475 476 477 478 479 480
/*
 * pclose() plus useful error reporting
 * Is this necessary?  bjm 2004-05-11
 * It is better here because pipe.c has win32 backend linkage.
 */
int
pclose_check(FILE *stream)
{
Bruce Momjian's avatar
Bruce Momjian committed
481
	int			exitstatus;
482 483 484 485

	exitstatus = pclose(stream);

	if (exitstatus == 0)
Bruce Momjian's avatar
Bruce Momjian committed
486
		return 0;				/* all is well */
487 488 489 490 491 492 493 494

	if (exitstatus == -1)
	{
		/* pclose() itself failed, and hopefully set errno */
		perror("pclose failed");
	}
	else if (WIFEXITED(exitstatus))
	{
495
		log_error(_("child process exited with exit code %d\n"),
Bruce Momjian's avatar
Bruce Momjian committed
496
				  WEXITSTATUS(exitstatus));
497 498 499
	}
	else if (WIFSIGNALED(exitstatus))
	{
500
		log_error(_("child process was terminated by signal %d\n"),
Bruce Momjian's avatar
Bruce Momjian committed
501
				  WTERMSIG(exitstatus));
502 503 504
	}
	else
	{
505
		log_error(_("child process exited with unrecognized status %d\n"),
Bruce Momjian's avatar
Bruce Momjian committed
506
				  exitstatus);
507 508 509 510 511 512
	}

	return -1;
}


513 514 515 516 517 518 519 520 521 522 523 524
/*
 * Windows doesn't like relative paths to executables (other things work fine)
 * so we call its builtin function to expand them. Elsewhere this is a NOOP
 */
static void
win32_make_absolute(char *path)
{
#ifdef WIN32
	char		abspath[MAXPGPATH];

	if (_fullpath(abspath, path, MAXPGPATH) == NULL)
	{
525
		log_error("Win32 path expansion failed: %s", strerror(errno));
526
		StrNCpy(abspath, path, MAXPGPATH);
527 528 529 530 531 532
	}
	canonicalize_path(abspath);

	StrNCpy(path, abspath, MAXPGPATH);
#endif
}