Commit d27c28fd authored by Bryan Henderson's avatar Bryan Henderson

Allow only superuser to do backend copy.

parent c9b05e55
No related merge requests found
......@@ -6,99 +6,92 @@
* $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.10 1996/10/23 07:39:53 scrappy Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.11 1996/11/02 02:01:47 bryanh Exp $
#include "postgres.h"
#include "catalog/pg_attribute.h"
#include "access/attnum.h"
#include "nodes/pg_list.h"
#include "access/tupdesc.h"
#include "storage/fd.h"
#include "catalog/pg_am.h"
#include "catalog/pg_class.h"
#include "nodes/nodes.h"
#include "rewrite/prs2lock.h"
#include "access/skey.h"
#include "access/strat.h"
#include "utils/rel.h"
#include "storage/block.h"
#include "storage/off.h"
#include "storage/itemptr.h"
#include <postgres.h>
#include <catalog/pg_attribute.h>
#include <access/attnum.h>
#include <nodes/pg_list.h>
#include <access/tupdesc.h>
#include <storage/fd.h>
#include <catalog/pg_am.h>
#include <catalog/pg_class.h>
#include <nodes/nodes.h>
#include <rewrite/prs2lock.h>
#include <access/skey.h>
#include <access/strat.h>
#include <utils/rel.h>
#include <storage/block.h>
#include <storage/off.h>
#include <storage/itemptr.h>
#include <time.h>
#include "utils/nabstime.h"
#include "access/htup.h"
#include <utils/nabstime.h>
#include <access/htup.h>
#include "utils/tqual.h"
#include "storage/buf.h"
#include "access/relscan.h"
#include "access/heapam.h"
#include <utils/tqual.h>
#include <storage/buf.h>
#include <access/relscan.h>
#include <access/heapam.h>
#include "access/itup.h"
#include <access/itup.h>
#include <stdio.h>
#include "tcop/dest.h"
#include <tcop/dest.h>
#include "fmgr.h"
#include <fmgr.h>
#include "utils/palloc.h"
#include <utils/palloc.h>
#include "miscadmin.h"
#include <miscadmin.h>
#include "utils/geo-decls.h"
#include "utils/builtins.h"
#include <utils/geo-decls.h>
#include <utils/builtins.h>
#include <sys/stat.h>
#include "access/funcindex.h"
#include <access/funcindex.h>
#include "catalog/pg_index.h"
#include <catalog/pg_index.h>
#include "utils/syscache.h"
#include <utils/syscache.h>
#include "nodes/params.h"
#include "access/sdir.h"
#include "executor/hashjoin.h"
#include "nodes/primnodes.h"
#include "nodes/memnodes.h"
#include "executor/tuptable.h"
#include "nodes/execnodes.h"
#include <nodes/params.h>
#include <access/sdir.h>
#include <executor/hashjoin.h>
#include <nodes/primnodes.h>
#include <nodes/memnodes.h>
#include <executor/tuptable.h>
#include <nodes/execnodes.h>
#include "utils/memutils.h"
#include <utils/memutils.h>
#include "nodes/plannodes.h"
#include "nodes/parsenodes.h"
#include "executor/execdesc.h"
#include "executor/executor.h"
#include <nodes/plannodes.h>
#include <nodes/parsenodes.h>
#include <executor/execdesc.h>
#include <executor/executor.h>
#include "storage/ipc.h"
#include "storage/bufmgr.h"
#include "access/transam.h"
#include <storage/ipc.h>
#include <storage/bufmgr.h>
#include <access/transam.h>
#include "catalog/index.h"
#include <catalog/index.h>
#include "access/genam.h"
#include <access/genam.h>
#include "catalog/pg_type.h"
#include <catalog/pg_type.h>
#include <catalog/catname.h>
#include "catalog/catname.h"
#define ISOCTAL(c) (((c) >= '0') && ((c) <= '7'))
#define VALUE(c) ((c) - '0')
* New copy code.
* This code "knows" the following about tuples:
static bool reading_from_input = false;
/* non-export function prototypes */
static void CopyTo(Relation rel, bool binary, bool oids, FILE *fp, char *delim);
......@@ -116,53 +109,104 @@ static int CountTuples(Relation relation);
extern FILE *Pfout, *Pfin;
* DoCopy executes a the SQL COPY statement.
DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe, char *filename,
char *delim)
DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
char *filename, char *delim) {
Either unload or reload contents of class <relname>, depending on <from>.
If <pipe> is false, transfer is between the class and the file named
<filename>. Otherwise, transfer is between the class and our regular
input/output stream. The latter could be either stdin/stdout or a
socket, depending on whether we're running under Postmaster control.
Iff <binary>, unload or reload in the binary format, as opposed to the
more wasteful but more robust and portable text format.
If in the text format, delimit columns with delimiter <delim>.
When loading in the text format from an input stream (as opposed to
a file), recognize a "." on a line by itself as EOF. Also recognize
a stream EOF. When unloading in the text format to an output stream,
write a "." on a line by itself at the end of the data.
Iff <oids>, unload or reload the format that includes OID information.
Do not allow a Postgres user without superuser privilege to read from
or write to a file.
Do not allow the copy if user doesn't have proper permission to access
the class.
FILE *fp;
Relation rel;
reading_from_input = pipe;
extern char *UserName; /* defined in global.c */
const AclMode required_access = from ? ACL_WR : ACL_RD;
rel = heap_openr(relname);
if (rel == NULL) elog(WARN, "Copy: class %s does not exist.", relname);
if (from) {
if (pipe && IsUnderPostmaster) ReceiveCopyBegin();
if (rel == NULL) elog(WARN, "COPY command failed. Class %s "
"does not exist.", relname);
if (!pg_aclcheck(relname, UserName, required_access))
elog(WARN, "%s %s", relname, ACL_NO_PRIV_WARNING);
/* Above should not return */
else if (!superuser() && !pipe)
elog(WARN, "You must have Postgres superuser privilege to do a COPY "
"directly to or from a file. Anyone can COPY to stdout or "
"from stdin. Psql's \\copy command also works for anyone.");
/* Above should not return. */
else {
if (from) { /* copy from file to database */
if (pipe) {
if (IsUnderPostmaster) {
fp = pipe ? Pfin : fopen(filename, "r");
}else {
fp = pipe ? stdin : fopen(filename, "r");
if (fp == NULL) {
elog(WARN, "COPY: file %s could not be open for reading", filename);
fp = Pfin;
} else fp = stdin;
} else {
fp = fopen(filename, "r");
if (fp == NULL)
elog(WARN, "COPY command, running in backend with "
"effective uid %d, could not open file '%s' for ",
"reading. Errno = %s (%d).",
geteuid(), filename, strerror(errno), errno);
/* Above should not return */
CopyFrom(rel, binary, oids, fp, delim);
}else {
mode_t oumask = umask((mode_t) 0);
if (pipe && IsUnderPostmaster) SendCopyBegin();
} else { /* copy from database to file */
if (pipe) {
if (IsUnderPostmaster) {
fp = pipe ? Pfout : fopen(filename, "w");
}else {
fp = pipe ? stdout : fopen(filename, "w");
fp = Pfout;
} else fp = stdout;
} else {
mode_t oumask; /* Pre-existing umask value */
(void) umask((mode_t) 0);
fp = fopen(filename, "w");
(void) umask(oumask);
if (fp == NULL) {
elog(WARN, "COPY: file %s could not be open for writing", filename);
if (fp == NULL)
elog(WARN, "COPY command, running in backend with "
"effective uid %d, could not open file '%s' for ",
"writing. Errno = %s (%d).",
geteuid(), filename, strerror(errno), errno);
/* Above should not return */
CopyTo(rel, binary, oids, fp, delim);
if (!pipe) {
}else if (!from && !binary) {
if (!pipe) fclose(fp);
else if (!from && !binary) {
fputs("\\.\n", fp);
if (IsUnderPostmaster) fflush(Pfout);
static void
CopyTo(Relation rel, bool binary, bool oids, FILE *fp, char *delim)
......@@ -176,8 +220,14 @@ CopyTo(Relation rel, bool binary, bool oids, FILE *fp, char *delim)
Oid out_func_oid;
Oid *elements;
Datum value;
bool isnull = (bool) true;
char *nulls = NULL;
bool isnull; /* The attribute we are copying is null */
char *nulls;
/* <nulls> is a (dynamically allocated) array with one character
per attribute in the instance being copied. nulls[I-1] is
'n' if Attribute Number I is null, and ' ' otherwise.
<nulls> is meaningful only if we are doing a binary copy.
char *string;
int32 ntuples;
TupleDesc tupDesc;
......@@ -196,6 +246,7 @@ CopyTo(Relation rel, bool binary, bool oids, FILE *fp, char *delim)
fmgr_info(out_func_oid, &out_functions[i], &dummy);
elements[i] = GetTypeElement(attr[i]->atttypid);
nulls = NULL; /* meaningless, but compiler doesn't know that */
}else {
elements = NULL;
out_functions = NULL;
......@@ -608,6 +659,8 @@ CopyFrom(Relation rel, bool binary, bool oids, FILE *fp, char *delim)
static Oid
GetOutputFunction(Oid type)
......@@ -879,7 +932,7 @@ CopyAttributeOut(FILE *fp, char *string, char *delim)
if (len && (string[0] == '{') && (string[len-1] == '}'))
is_array = true;
for ( ; (c = *string) != 0; string++) {
for ( ; (c = *string) != '\0'; string++) {
if (c == delim[0] || c == '\n' ||
(c == '\\' && !is_array))
fputc('\\', fp);
......@@ -9,7 +9,7 @@
* $Header: /cvsroot/pgsql/src/backend/commands/define.c,v 1.3 1996/10/31 09:07:41 bryanh Exp $
* $Header: /cvsroot/pgsql/src/backend/commands/define.c,v 1.4 1996/11/02 02:01:48 bryanh Exp $
* The "DefineFoo" routines take the parse tree and pick out the
......@@ -34,19 +34,16 @@
#include <string.h>
#include <ctype.h>
#include <math.h>
#include <postgres.h>
#include <access/heapam.h>
#include <access/htup.h>
#include <utils/tqual.h>
#include <catalog/catname.h>
#include <catalog/pg_aggregate.h>
#include <catalog/pg_operator.h>
#include <catalog/pg_proc.h>
#include <catalog/pg_type.h>
#include <catalog/pg_user.h> /* superuser() uses this */
#include <utils/syscache.h>
#include <nodes/pg_list.h>
#include <nodes/parsenodes.h>
......@@ -66,24 +63,6 @@ static int defGetTypeLength(DefElem *def);
superuser(void) {
The Postgres user running this command has Postgres superuser
HeapTuple utup;
char *userName;
userName = GetPgUserName();
utup = SearchSysCacheTuple(USENAME, PointerGetDatum(userName),
Assert(utup != NULL);
return ((Form_pg_user)GETSTRUCT(utup))->usesuper;
case_translate_language_name(const char *input, char *output) {
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment