PostgreSQL Source Code  git master
dumputils.c
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * Utility routines for SQL dumping
4  *
5  * Basically this is stuff that is useful in both pg_dump and pg_dumpall.
6  *
7  *
8  * Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group
9  * Portions Copyright (c) 1994, Regents of the University of California
10  *
11  * src/bin/pg_dump/dumputils.c
12  *
13  *-------------------------------------------------------------------------
14  */
15 #include "postgres_fe.h"
16 
17 #include <ctype.h>
18 
19 #include "dumputils.h"
20 #include "fe_utils/string_utils.h"
21 
22 
23 static bool parseAclItem(const char *item, const char *type,
24  const char *name, const char *subname, int remoteVersion,
25  PQExpBuffer grantee, PQExpBuffer grantor,
26  PQExpBuffer privs, PQExpBuffer privswgo);
27 static char *dequoteAclUserName(PQExpBuffer output, char *input);
28 static void AddAcl(PQExpBuffer aclbuf, const char *keyword,
29  const char *subname);
30 
31 
32 /*
33  * Build GRANT/REVOKE command(s) for an object.
34  *
35  * name: the object name, in the form to use in the commands (already quoted)
36  * subname: the sub-object name, if any (already quoted); NULL if none
37  * nspname: the namespace the object is in (NULL if none); not pre-quoted
38  * type: the object type (as seen in GRANT command: must be one of
39  * TABLE, SEQUENCE, FUNCTION, PROCEDURE, LANGUAGE, SCHEMA, DATABASE, TABLESPACE,
40  * FOREIGN DATA WRAPPER, SERVER, PARAMETER or LARGE OBJECT)
41  * acls: the ACL string fetched from the database
42  * baseacls: the initial ACL string for this object
43  * owner: username of object owner (will be passed through fmtId); can be
44  * NULL or empty string to indicate "no owner known"
45  * prefix: string to prefix to each generated command; typically empty
46  * remoteVersion: version of database
47  *
48  * Returns true if okay, false if could not parse the acl string.
49  * The resulting commands (if any) are appended to the contents of 'sql'.
50  *
51  * baseacls is typically the result of acldefault() for the object's type
52  * and owner. However, if there is a pg_init_privs entry for the object,
53  * it should instead be the initprivs ACLs. When acls is itself a
54  * pg_init_privs entry, baseacls is what to dump that relative to; then
55  * it can be either an acldefault() value or an empty ACL "{}".
56  *
57  * Note: when processing a default ACL, prefix is "ALTER DEFAULT PRIVILEGES "
58  * or something similar, and name is an empty string.
59  *
60  * Note: beware of passing a fmtId() result directly as 'name' or 'subname',
61  * since this routine uses fmtId() internally.
62  */
63 bool
64 buildACLCommands(const char *name, const char *subname, const char *nspname,
65  const char *type, const char *acls, const char *baseacls,
66  const char *owner, const char *prefix, int remoteVersion,
67  PQExpBuffer sql)
68 {
69  bool ok = true;
70  char **aclitems = NULL;
71  char **baseitems = NULL;
72  char **grantitems = NULL;
73  char **revokeitems = NULL;
74  int naclitems = 0;
75  int nbaseitems = 0;
76  int ngrantitems = 0;
77  int nrevokeitems = 0;
78  int i;
79  PQExpBuffer grantee,
80  grantor,
81  privs,
82  privswgo;
83  PQExpBuffer firstsql,
84  secondsql;
85 
86  /*
87  * If the acl was NULL (initial default state), we need do nothing. Note
88  * that this is distinguishable from all-privileges-revoked, which will
89  * look like an empty array ("{}").
90  */
91  if (acls == NULL || *acls == '\0')
92  return true; /* object has default permissions */
93 
94  /* treat empty-string owner same as NULL */
95  if (owner && *owner == '\0')
96  owner = NULL;
97 
98  /* Parse the acls array */
99  if (!parsePGArray(acls, &aclitems, &naclitems))
100  {
101  free(aclitems);
102  return false;
103  }
104 
105  /* Parse the baseacls too */
106  if (!parsePGArray(baseacls, &baseitems, &nbaseitems))
107  {
108  free(aclitems);
109  free(baseitems);
110  return false;
111  }
112 
113  /*
114  * Compare the actual ACL with the base ACL, extracting the privileges
115  * that need to be granted (i.e., are in the actual ACL but not the base
116  * ACL) and the ones that need to be revoked (the reverse). We use plain
117  * string comparisons to check for matches. In principle that could be
118  * fooled by extraneous issues such as whitespace, but since all these
119  * strings are the work of aclitemout(), it should be OK in practice.
120  * Besides, a false mismatch will just cause the output to be a little
121  * more verbose than it really needed to be.
122  */
123  grantitems = (char **) pg_malloc(naclitems * sizeof(char *));
124  for (i = 0; i < naclitems; i++)
125  {
126  bool found = false;
127 
128  for (int j = 0; j < nbaseitems; j++)
129  {
130  if (strcmp(aclitems[i], baseitems[j]) == 0)
131  {
132  found = true;
133  break;
134  }
135  }
136  if (!found)
137  grantitems[ngrantitems++] = aclitems[i];
138  }
139  revokeitems = (char **) pg_malloc(nbaseitems * sizeof(char *));
140  for (i = 0; i < nbaseitems; i++)
141  {
142  bool found = false;
143 
144  for (int j = 0; j < naclitems; j++)
145  {
146  if (strcmp(baseitems[i], aclitems[j]) == 0)
147  {
148  found = true;
149  break;
150  }
151  }
152  if (!found)
153  revokeitems[nrevokeitems++] = baseitems[i];
154  }
155 
156  /* Prepare working buffers */
157  grantee = createPQExpBuffer();
158  grantor = createPQExpBuffer();
159  privs = createPQExpBuffer();
160  privswgo = createPQExpBuffer();
161 
162  /*
163  * At the end, these two will be pasted together to form the result.
164  */
165  firstsql = createPQExpBuffer();
166  secondsql = createPQExpBuffer();
167 
168  /*
169  * Build REVOKE statements for ACLs listed in revokeitems[].
170  */
171  for (i = 0; i < nrevokeitems; i++)
172  {
173  if (!parseAclItem(revokeitems[i],
174  type, name, subname, remoteVersion,
175  grantee, grantor, privs, NULL))
176  {
177  ok = false;
178  break;
179  }
180 
181  if (privs->len > 0)
182  {
183  appendPQExpBuffer(firstsql, "%sREVOKE %s ON %s ",
184  prefix, privs->data, type);
185  if (nspname && *nspname)
186  appendPQExpBuffer(firstsql, "%s.", fmtId(nspname));
187  if (name && *name)
188  appendPQExpBuffer(firstsql, "%s ", name);
189  appendPQExpBufferStr(firstsql, "FROM ");
190  if (grantee->len == 0)
191  appendPQExpBufferStr(firstsql, "PUBLIC;\n");
192  else
193  appendPQExpBuffer(firstsql, "%s;\n",
194  fmtId(grantee->data));
195  }
196  }
197 
198  /*
199  * At this point we have issued REVOKE statements for all initial and
200  * default privileges that are no longer present on the object, so we are
201  * almost ready to GRANT the privileges listed in grantitems[].
202  *
203  * We still need some hacking though to cover the case where new default
204  * public privileges are added in new versions: the REVOKE ALL will revoke
205  * them, leading to behavior different from what the old version had,
206  * which is generally not what's wanted. So add back default privs if the
207  * source database is too old to have had that particular priv. (As of
208  * right now, no such cases exist in supported versions.)
209  */
210 
211  /*
212  * Scan individual ACL items to be granted.
213  *
214  * The order in which privileges appear in the ACL string (the order they
215  * have been GRANT'd in, which the backend maintains) must be preserved to
216  * ensure that GRANTs WITH GRANT OPTION and subsequent GRANTs based on
217  * those are dumped in the correct order. However, some old server
218  * versions will show grants to PUBLIC before the owner's own grants; for
219  * consistency's sake, force the owner's grants to be output first.
220  */
221  for (i = 0; i < ngrantitems; i++)
222  {
223  if (parseAclItem(grantitems[i], type, name, subname, remoteVersion,
224  grantee, grantor, privs, privswgo))
225  {
226  /*
227  * If the grantor isn't the owner, we'll need to use SET SESSION
228  * AUTHORIZATION to become the grantor. Issue the SET/RESET only
229  * if there's something useful to do.
230  */
231  if (privs->len > 0 || privswgo->len > 0)
232  {
233  PQExpBuffer thissql;
234 
235  /* Set owner as grantor if that's not explicit in the ACL */
236  if (grantor->len == 0 && owner)
237  printfPQExpBuffer(grantor, "%s", owner);
238 
239  /* Make sure owner's own grants are output before others */
240  if (owner &&
241  strcmp(grantee->data, owner) == 0 &&
242  strcmp(grantor->data, owner) == 0)
243  thissql = firstsql;
244  else
245  thissql = secondsql;
246 
247  if (grantor->len > 0
248  && (!owner || strcmp(owner, grantor->data) != 0))
249  appendPQExpBuffer(thissql, "SET SESSION AUTHORIZATION %s;\n",
250  fmtId(grantor->data));
251 
252  if (privs->len > 0)
253  {
254  appendPQExpBuffer(thissql, "%sGRANT %s ON %s ",
255  prefix, privs->data, type);
256  if (nspname && *nspname)
257  appendPQExpBuffer(thissql, "%s.", fmtId(nspname));
258  if (name && *name)
259  appendPQExpBuffer(thissql, "%s ", name);
260  appendPQExpBufferStr(thissql, "TO ");
261  if (grantee->len == 0)
262  appendPQExpBufferStr(thissql, "PUBLIC;\n");
263  else
264  appendPQExpBuffer(thissql, "%s;\n", fmtId(grantee->data));
265  }
266  if (privswgo->len > 0)
267  {
268  appendPQExpBuffer(thissql, "%sGRANT %s ON %s ",
269  prefix, privswgo->data, type);
270  if (nspname && *nspname)
271  appendPQExpBuffer(thissql, "%s.", fmtId(nspname));
272  if (name && *name)
273  appendPQExpBuffer(thissql, "%s ", name);
274  appendPQExpBufferStr(thissql, "TO ");
275  if (grantee->len == 0)
276  appendPQExpBufferStr(thissql, "PUBLIC");
277  else
278  appendPQExpBufferStr(thissql, fmtId(grantee->data));
279  appendPQExpBufferStr(thissql, " WITH GRANT OPTION;\n");
280  }
281 
282  if (grantor->len > 0
283  && (!owner || strcmp(owner, grantor->data) != 0))
284  appendPQExpBufferStr(thissql, "RESET SESSION AUTHORIZATION;\n");
285  }
286  }
287  else
288  {
289  /* parseAclItem failed, give up */
290  ok = false;
291  break;
292  }
293  }
294 
295  destroyPQExpBuffer(grantee);
296  destroyPQExpBuffer(grantor);
297  destroyPQExpBuffer(privs);
298  destroyPQExpBuffer(privswgo);
299 
300  appendPQExpBuffer(sql, "%s%s", firstsql->data, secondsql->data);
301  destroyPQExpBuffer(firstsql);
302  destroyPQExpBuffer(secondsql);
303 
304  free(aclitems);
305  free(baseitems);
306  free(grantitems);
307  free(revokeitems);
308 
309  return ok;
310 }
311 
312 /*
313  * Build ALTER DEFAULT PRIVILEGES command(s) for a single pg_default_acl entry.
314  *
315  * type: the object type (TABLES, FUNCTIONS, etc)
316  * nspname: schema name, or NULL for global default privileges
317  * acls: the ACL string fetched from the database
318  * acldefault: the appropriate default ACL for the object type and owner
319  * owner: username of privileges owner (will be passed through fmtId)
320  * remoteVersion: version of database
321  *
322  * Returns true if okay, false if could not parse the acl string.
323  * The resulting commands (if any) are appended to the contents of 'sql'.
324  */
325 bool
326 buildDefaultACLCommands(const char *type, const char *nspname,
327  const char *acls, const char *acldefault,
328  const char *owner,
329  int remoteVersion,
330  PQExpBuffer sql)
331 {
332  PQExpBuffer prefix;
333 
334  prefix = createPQExpBuffer();
335 
336  /*
337  * We incorporate the target role directly into the command, rather than
338  * playing around with SET ROLE or anything like that. This is so that a
339  * permissions error leads to nothing happening, rather than changing
340  * default privileges for the wrong user.
341  */
342  appendPQExpBuffer(prefix, "ALTER DEFAULT PRIVILEGES FOR ROLE %s ",
343  fmtId(owner));
344  if (nspname)
345  appendPQExpBuffer(prefix, "IN SCHEMA %s ", fmtId(nspname));
346 
347  /*
348  * There's no such thing as initprivs for a default ACL, so the base ACL
349  * is always just the object-type-specific default.
350  */
351  if (!buildACLCommands("", NULL, NULL, type,
352  acls, acldefault, owner,
353  prefix->data, remoteVersion, sql))
354  {
355  destroyPQExpBuffer(prefix);
356  return false;
357  }
358 
359  destroyPQExpBuffer(prefix);
360 
361  return true;
362 }
363 
364 /*
365  * This will parse an aclitem string, having the general form
366  * username=privilegecodes/grantor
367  *
368  * Returns true on success, false on parse error. On success, the components
369  * of the string are returned in the PQExpBuffer parameters.
370  *
371  * The returned grantee string will be the dequoted username, or an empty
372  * string in the case of a grant to PUBLIC. The returned grantor is the
373  * dequoted grantor name. Privilege characters are translated to GRANT/REVOKE
374  * comma-separated privileges lists. If "privswgo" is non-NULL, the result is
375  * separate lists for privileges with grant option ("privswgo") and without
376  * ("privs"). Otherwise, "privs" bears every relevant privilege, ignoring the
377  * grant option distinction.
378  *
379  * Note: for cross-version compatibility, it's important to use ALL to
380  * represent the privilege sets whenever appropriate.
381  */
382 static bool
383 parseAclItem(const char *item, const char *type,
384  const char *name, const char *subname, int remoteVersion,
385  PQExpBuffer grantee, PQExpBuffer grantor,
386  PQExpBuffer privs, PQExpBuffer privswgo)
387 {
388  char *buf;
389  bool all_with_go = true;
390  bool all_without_go = true;
391  char *eqpos;
392  char *slpos;
393  char *pos;
394 
395  buf = pg_strdup(item);
396 
397  /* user or group name is string up to = */
398  eqpos = dequoteAclUserName(grantee, buf);
399  if (*eqpos != '=')
400  {
401  pg_free(buf);
402  return false;
403  }
404 
405  /* grantor should appear after / */
406  slpos = strchr(eqpos + 1, '/');
407  if (slpos)
408  {
409  *slpos++ = '\0';
410  slpos = dequoteAclUserName(grantor, slpos);
411  if (*slpos != '\0')
412  {
413  pg_free(buf);
414  return false;
415  }
416  }
417  else
418  {
419  pg_free(buf);
420  return false;
421  }
422 
423  /* privilege codes */
424 #define CONVERT_PRIV(code, keywd) \
425 do { \
426  if ((pos = strchr(eqpos + 1, code))) \
427  { \
428  if (*(pos + 1) == '*' && privswgo != NULL) \
429  { \
430  AddAcl(privswgo, keywd, subname); \
431  all_without_go = false; \
432  } \
433  else \
434  { \
435  AddAcl(privs, keywd, subname); \
436  all_with_go = false; \
437  } \
438  } \
439  else \
440  all_with_go = all_without_go = false; \
441 } while (0)
442 
443  resetPQExpBuffer(privs);
444  resetPQExpBuffer(privswgo);
445 
446  if (strcmp(type, "TABLE") == 0 || strcmp(type, "SEQUENCE") == 0 ||
447  strcmp(type, "TABLES") == 0 || strcmp(type, "SEQUENCES") == 0)
448  {
449  CONVERT_PRIV('r', "SELECT");
450 
451  if (strcmp(type, "SEQUENCE") == 0 ||
452  strcmp(type, "SEQUENCES") == 0)
453  /* sequence only */
454  CONVERT_PRIV('U', "USAGE");
455  else
456  {
457  /* table only */
458  CONVERT_PRIV('a', "INSERT");
459  CONVERT_PRIV('x', "REFERENCES");
460  /* rest are not applicable to columns */
461  if (subname == NULL)
462  {
463  CONVERT_PRIV('d', "DELETE");
464  CONVERT_PRIV('t', "TRIGGER");
465  CONVERT_PRIV('D', "TRUNCATE");
466  }
467  }
468 
469  /* UPDATE */
470  CONVERT_PRIV('w', "UPDATE");
471  }
472  else if (strcmp(type, "FUNCTION") == 0 ||
473  strcmp(type, "FUNCTIONS") == 0)
474  CONVERT_PRIV('X', "EXECUTE");
475  else if (strcmp(type, "PROCEDURE") == 0 ||
476  strcmp(type, "PROCEDURES") == 0)
477  CONVERT_PRIV('X', "EXECUTE");
478  else if (strcmp(type, "LANGUAGE") == 0)
479  CONVERT_PRIV('U', "USAGE");
480  else if (strcmp(type, "SCHEMA") == 0 ||
481  strcmp(type, "SCHEMAS") == 0)
482  {
483  CONVERT_PRIV('C', "CREATE");
484  CONVERT_PRIV('U', "USAGE");
485  }
486  else if (strcmp(type, "DATABASE") == 0)
487  {
488  CONVERT_PRIV('C', "CREATE");
489  CONVERT_PRIV('c', "CONNECT");
490  CONVERT_PRIV('T', "TEMPORARY");
491  }
492  else if (strcmp(type, "TABLESPACE") == 0)
493  CONVERT_PRIV('C', "CREATE");
494  else if (strcmp(type, "TYPE") == 0 ||
495  strcmp(type, "TYPES") == 0)
496  CONVERT_PRIV('U', "USAGE");
497  else if (strcmp(type, "FOREIGN DATA WRAPPER") == 0)
498  CONVERT_PRIV('U', "USAGE");
499  else if (strcmp(type, "FOREIGN SERVER") == 0)
500  CONVERT_PRIV('U', "USAGE");
501  else if (strcmp(type, "FOREIGN TABLE") == 0)
502  CONVERT_PRIV('r', "SELECT");
503  else if (strcmp(type, "PARAMETER") == 0)
504  {
505  CONVERT_PRIV('s', "SET");
506  CONVERT_PRIV('A', "ALTER SYSTEM");
507  }
508  else if (strcmp(type, "LARGE OBJECT") == 0)
509  {
510  CONVERT_PRIV('r', "SELECT");
511  CONVERT_PRIV('w', "UPDATE");
512  }
513  else
514  abort();
515 
516 #undef CONVERT_PRIV
517 
518  if (all_with_go)
519  {
520  resetPQExpBuffer(privs);
521  printfPQExpBuffer(privswgo, "ALL");
522  if (subname)
523  appendPQExpBuffer(privswgo, "(%s)", subname);
524  }
525  else if (all_without_go)
526  {
527  resetPQExpBuffer(privswgo);
528  printfPQExpBuffer(privs, "ALL");
529  if (subname)
530  appendPQExpBuffer(privs, "(%s)", subname);
531  }
532 
533  pg_free(buf);
534 
535  return true;
536 }
537 
538 /*
539  * Transfer the role name at *input into the output buffer, adding
540  * quoting according to the same rules as putid() in backend's acl.c.
541  */
542 void
544 {
545  const char *src;
546  bool safe = true;
547 
548  for (src = input; *src; src++)
549  {
550  /* This test had better match what putid() does */
551  if (!isalnum((unsigned char) *src) && *src != '_')
552  {
553  safe = false;
554  break;
555  }
556  }
557  if (!safe)
559  for (src = input; *src; src++)
560  {
561  /* A double quote character in a username is encoded as "" */
562  if (*src == '"')
565  }
566  if (!safe)
568 }
569 
570 /*
571  * Transfer a user or group name starting at *input into the output buffer,
572  * dequoting if needed. Returns a pointer to just past the input name.
573  * The name is taken to end at an unquoted '=' or end of string.
574  * Note: unlike quoteAclUserName(), this first clears the output buffer.
575  */
576 static char *
578 {
580 
581  while (*input && *input != '=')
582  {
583  /*
584  * If user name isn't quoted, then just add it to the output buffer
585  */
586  if (*input != '"')
588  else
589  {
590  /* Otherwise, it's a quoted username */
591  input++;
592  /* Loop until we come across an unescaped quote */
593  while (!(*input == '"' && *(input + 1) != '"'))
594  {
595  if (*input == '\0')
596  return input; /* really a syntax error... */
597 
598  /*
599  * Quoting convention is to escape " as "". Keep this code in
600  * sync with putid() in backend's acl.c.
601  */
602  if (*input == '"' && *(input + 1) == '"')
603  input++;
605  }
606  input++;
607  }
608  }
609  return input;
610 }
611 
612 /*
613  * Append a privilege keyword to a keyword list, inserting comma if needed.
614  */
615 static void
616 AddAcl(PQExpBuffer aclbuf, const char *keyword, const char *subname)
617 {
618  if (aclbuf->len > 0)
619  appendPQExpBufferChar(aclbuf, ',');
620  appendPQExpBufferStr(aclbuf, keyword);
621  if (subname)
622  appendPQExpBuffer(aclbuf, "(%s)", subname);
623 }
624 
625 
626 /*
627  * buildShSecLabelQuery
628  *
629  * Build a query to retrieve security labels for a shared object.
630  * The object is identified by its OID plus the name of the catalog
631  * it can be found in (e.g., "pg_database" for database names).
632  * The query is appended to "sql". (We don't execute it here so as to
633  * keep this file free of assumptions about how to deal with SQL errors.)
634  */
635 void
636 buildShSecLabelQuery(const char *catalog_name, Oid objectId,
637  PQExpBuffer sql)
638 {
639  appendPQExpBuffer(sql,
640  "SELECT provider, label FROM pg_catalog.pg_shseclabel "
641  "WHERE classoid = 'pg_catalog.%s'::pg_catalog.regclass "
642  "AND objoid = '%u'", catalog_name, objectId);
643 }
644 
645 /*
646  * emitShSecLabels
647  *
648  * Construct SECURITY LABEL commands using the data retrieved by the query
649  * generated by buildShSecLabelQuery, and append them to "buffer".
650  * Here, the target object is identified by its type name (e.g. "DATABASE")
651  * and its name (not pre-quoted).
652  */
653 void
655  const char *objtype, const char *objname)
656 {
657  int i;
658 
659  for (i = 0; i < PQntuples(res); i++)
660  {
661  char *provider = PQgetvalue(res, i, 0);
662  char *label = PQgetvalue(res, i, 1);
663 
664  /* must use fmtId result before calling it again */
665  appendPQExpBuffer(buffer,
666  "SECURITY LABEL FOR %s ON %s",
667  fmtId(provider), objtype);
668  appendPQExpBuffer(buffer,
669  " %s IS ",
670  fmtId(objname));
672  appendPQExpBufferStr(buffer, ";\n");
673  }
674 }
675 
676 
677 /*
678  * Detect whether the given GUC variable is of GUC_LIST_QUOTE type.
679  *
680  * It'd be better if we could inquire this directly from the backend; but even
681  * if there were a function for that, it could only tell us about variables
682  * currently known to guc.c, so that it'd be unsafe for extensions to declare
683  * GUC_LIST_QUOTE variables anyway. Lacking a solution for that, it doesn't
684  * seem worth the work to do more than have this list, which must be kept in
685  * sync with the variables actually marked GUC_LIST_QUOTE in guc_tables.c.
686  */
687 bool
689 {
690  if (pg_strcasecmp(name, "local_preload_libraries") == 0 ||
691  pg_strcasecmp(name, "search_path") == 0 ||
692  pg_strcasecmp(name, "session_preload_libraries") == 0 ||
693  pg_strcasecmp(name, "shared_preload_libraries") == 0 ||
694  pg_strcasecmp(name, "temp_tablespaces") == 0 ||
695  pg_strcasecmp(name, "unix_socket_directories") == 0)
696  return true;
697  else
698  return false;
699 }
700 
701 /*
702  * SplitGUCList --- parse a string containing identifiers or file names
703  *
704  * This is used to split the value of a GUC_LIST_QUOTE GUC variable, without
705  * presuming whether the elements will be taken as identifiers or file names.
706  * See comparable code in src/backend/utils/adt/varlena.c.
707  *
708  * Inputs:
709  * rawstring: the input string; must be overwritable! On return, it's
710  * been modified to contain the separated identifiers.
711  * separator: the separator punctuation expected between identifiers
712  * (typically '.' or ','). Whitespace may also appear around
713  * identifiers.
714  * Outputs:
715  * namelist: receives a malloc'd, null-terminated array of pointers to
716  * identifiers within rawstring. Caller should free this
717  * even on error return.
718  *
719  * Returns true if okay, false if there is a syntax error in the string.
720  */
721 bool
722 SplitGUCList(char *rawstring, char separator,
723  char ***namelist)
724 {
725  char *nextp = rawstring;
726  bool done = false;
727  char **nextptr;
728 
729  /*
730  * Since we disallow empty identifiers, this is a conservative
731  * overestimate of the number of pointers we could need. Allow one for
732  * list terminator.
733  */
734  *namelist = nextptr = (char **)
735  pg_malloc((strlen(rawstring) / 2 + 2) * sizeof(char *));
736  *nextptr = NULL;
737 
738  while (isspace((unsigned char) *nextp))
739  nextp++; /* skip leading whitespace */
740 
741  if (*nextp == '\0')
742  return true; /* allow empty string */
743 
744  /* At the top of the loop, we are at start of a new identifier. */
745  do
746  {
747  char *curname;
748  char *endp;
749 
750  if (*nextp == '"')
751  {
752  /* Quoted name --- collapse quote-quote pairs */
753  curname = nextp + 1;
754  for (;;)
755  {
756  endp = strchr(nextp + 1, '"');
757  if (endp == NULL)
758  return false; /* mismatched quotes */
759  if (endp[1] != '"')
760  break; /* found end of quoted name */
761  /* Collapse adjacent quotes into one quote, and look again */
762  memmove(endp, endp + 1, strlen(endp));
763  nextp = endp;
764  }
765  /* endp now points at the terminating quote */
766  nextp = endp + 1;
767  }
768  else
769  {
770  /* Unquoted name --- extends to separator or whitespace */
771  curname = nextp;
772  while (*nextp && *nextp != separator &&
773  !isspace((unsigned char) *nextp))
774  nextp++;
775  endp = nextp;
776  if (curname == nextp)
777  return false; /* empty unquoted name not allowed */
778  }
779 
780  while (isspace((unsigned char) *nextp))
781  nextp++; /* skip trailing whitespace */
782 
783  if (*nextp == separator)
784  {
785  nextp++;
786  while (isspace((unsigned char) *nextp))
787  nextp++; /* skip leading whitespace for next */
788  /* we expect another name, so done remains false */
789  }
790  else if (*nextp == '\0')
791  done = true;
792  else
793  return false; /* invalid syntax */
794 
795  /* Now safe to overwrite separator with a null */
796  *endp = '\0';
797 
798  /*
799  * Finished isolating current name --- add it to output array
800  */
801  *nextptr++ = curname;
802 
803  /* Loop back if we didn't reach end of string */
804  } while (!done);
805 
806  *nextptr = NULL;
807  return true;
808 }
809 
810 /*
811  * Helper function for dumping "ALTER DATABASE/ROLE SET ..." commands.
812  *
813  * Parse the contents of configitem (a "name=value" string), wrap it in
814  * a complete ALTER command, and append it to buf.
815  *
816  * type is DATABASE or ROLE, and name is the name of the database or role.
817  * If we need an "IN" clause, type2 and name2 similarly define what to put
818  * there; otherwise they should be NULL.
819  * conn is used only to determine string-literal quoting conventions.
820  */
821 void
822 makeAlterConfigCommand(PGconn *conn, const char *configitem,
823  const char *type, const char *name,
824  const char *type2, const char *name2,
826 {
827  char *mine;
828  char *pos;
829 
830  /* Parse the configitem. If we can't find an "=", silently do nothing. */
831  mine = pg_strdup(configitem);
832  pos = strchr(mine, '=');
833  if (pos == NULL)
834  {
835  pg_free(mine);
836  return;
837  }
838  *pos++ = '\0';
839 
840  /* Build the command, with suitable quoting for everything. */
841  appendPQExpBuffer(buf, "ALTER %s %s ", type, fmtId(name));
842  if (type2 != NULL && name2 != NULL)
843  appendPQExpBuffer(buf, "IN %s %s ", type2, fmtId(name2));
844  appendPQExpBuffer(buf, "SET %s TO ", fmtId(mine));
845 
846  /*
847  * Variables that are marked GUC_LIST_QUOTE were already fully quoted by
848  * flatten_set_variable_args() before they were put into the setconfig
849  * array. However, because the quoting rules used there aren't exactly
850  * like SQL's, we have to break the list value apart and then quote the
851  * elements as string literals. (The elements may be double-quoted as-is,
852  * but we can't just feed them to the SQL parser; it would do the wrong
853  * thing with elements that are zero-length or longer than NAMEDATALEN.)
854  *
855  * Variables that are not so marked should just be emitted as simple
856  * string literals. If the variable is not known to
857  * variable_is_guc_list_quote(), we'll do that; this makes it unsafe to
858  * use GUC_LIST_QUOTE for extension variables.
859  */
860  if (variable_is_guc_list_quote(mine))
861  {
862  char **namelist;
863  char **nameptr;
864 
865  /* Parse string into list of identifiers */
866  /* this shouldn't fail really */
867  if (SplitGUCList(pos, ',', &namelist))
868  {
869  for (nameptr = namelist; *nameptr; nameptr++)
870  {
871  if (nameptr != namelist)
872  appendPQExpBufferStr(buf, ", ");
873  appendStringLiteralConn(buf, *nameptr, conn);
874  }
875  }
876  pg_free(namelist);
877  }
878  else
880 
881  appendPQExpBufferStr(buf, ";\n");
882 
883  pg_free(mine);
884 }
Acl * acldefault(ObjectType objtype, Oid ownerId)
Definition: acl.c:777
bool buildACLCommands(const char *name, const char *subname, const char *nspname, const char *type, const char *acls, const char *baseacls, const char *owner, const char *prefix, int remoteVersion, PQExpBuffer sql)
Definition: dumputils.c:64
static char * dequoteAclUserName(PQExpBuffer output, char *input)
Definition: dumputils.c:577
void buildShSecLabelQuery(const char *catalog_name, Oid objectId, PQExpBuffer sql)
Definition: dumputils.c:636
void makeAlterConfigCommand(PGconn *conn, const char *configitem, const char *type, const char *name, const char *type2, const char *name2, PQExpBuffer buf)
Definition: dumputils.c:822
bool buildDefaultACLCommands(const char *type, const char *nspname, const char *acls, const char *acldefault, const char *owner, int remoteVersion, PQExpBuffer sql)
Definition: dumputils.c:326
bool variable_is_guc_list_quote(const char *name)
Definition: dumputils.c:688
void quoteAclUserName(PQExpBuffer output, const char *input)
Definition: dumputils.c:543
static bool parseAclItem(const char *item, const char *type, const char *name, const char *subname, int remoteVersion, PQExpBuffer grantee, PQExpBuffer grantor, PQExpBuffer privs, PQExpBuffer privswgo)
Definition: dumputils.c:383
static void AddAcl(PQExpBuffer aclbuf, const char *keyword, const char *subname)
Definition: dumputils.c:616
void emitShSecLabels(PGconn *conn, PGresult *res, PQExpBuffer buffer, const char *objtype, const char *objname)
Definition: dumputils.c:654
bool SplitGUCList(char *rawstring, char separator, char ***namelist)
Definition: dumputils.c:722
#define CONVERT_PRIV(code, keywd)
int PQntuples(const PGresult *res)
Definition: fe-exec.c:3395
char * PQgetvalue(const PGresult *res, int tup_num, int field_num)
Definition: fe-exec.c:3790
char * pg_strdup(const char *in)
Definition: fe_memutils.c:85
void pg_free(void *ptr)
Definition: fe_memutils.c:105
void * pg_malloc(size_t size)
Definition: fe_memutils.c:47
#define free(a)
Definition: header.h:65
FILE * input
FILE * output
int j
Definition: isn.c:74
int i
Definition: isn.c:73
static JitProviderCallbacks provider
Definition: jit.c:43
static char * label
NameData subname
static char * buf
Definition: pg_test_fsync.c:67
int pg_strcasecmp(const char *s1, const char *s2)
Definition: pgstrcasecmp.c:36
unsigned int Oid
Definition: postgres_ext.h:31
void printfPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition: pqexpbuffer.c:235
PQExpBuffer createPQExpBuffer(void)
Definition: pqexpbuffer.c:72
void resetPQExpBuffer(PQExpBuffer str)
Definition: pqexpbuffer.c:146
void appendPQExpBuffer(PQExpBuffer str, const char *fmt,...)
Definition: pqexpbuffer.c:265
void destroyPQExpBuffer(PQExpBuffer str)
Definition: pqexpbuffer.c:114
void appendPQExpBufferChar(PQExpBuffer str, char ch)
Definition: pqexpbuffer.c:378
void appendPQExpBufferStr(PQExpBuffer str, const char *data)
Definition: pqexpbuffer.c:367
PGconn * conn
Definition: streamutil.c:54
void appendStringLiteralConn(PQExpBuffer buf, const char *str, PGconn *conn)
Definition: string_utils.c:293
const char * fmtId(const char *rawid)
Definition: string_utils.c:64
bool parsePGArray(const char *atext, char ***itemarray, int *nitems)
Definition: string_utils.c:657
const char * type
const char * name