|
28 | 28 | */
|
29 | 29 | #include "postgres.h"
|
30 | 30 |
|
| 31 | +#include <ctype.h> |
| 32 | + |
31 | 33 | #include "libpq-fe.h"
|
32 | 34 |
|
33 | 35 | #include "fmgr.h"
|
@@ -73,6 +75,7 @@ static void append_res_ptr(dblink_results * results);
|
73 | 75 | static void remove_res_ptr(dblink_results * results);
|
74 | 76 | static char *generate_relation_name(Oid relid);
|
75 | 77 | static char *connstr_strip_password(const char *connstr);
|
| 78 | +static void dblink_security_check(PGconn *conn, const char *connstr); |
76 | 79 |
|
77 | 80 | /* Global */
|
78 | 81 | List *res_id = NIL;
|
@@ -108,22 +111,10 @@ dblink_connect(PG_FUNCTION_ARGS)
|
108 | 111 |
|
109 | 112 | oldcontext = MemoryContextSwitchTo(TopMemoryContext);
|
110 | 113 |
|
111 |
| - /* for non-superusers, check that server requires a password */ |
112 |
| - if (!superuser()) |
113 |
| - { |
114 |
| - /* this attempt must fail */ |
115 |
| - persistent_conn = PQconnectdb(connstr_strip_password(connstr)); |
116 |
| - |
117 |
| - if (PQstatus(persistent_conn) == CONNECTION_OK) |
118 |
| - { |
119 |
| - PQfinish(persistent_conn); |
120 |
| - persistent_conn = NULL; |
121 |
| - elog(ERROR, "Non-superuser cannot connect if the server does not request a password."); |
122 |
| - } |
123 |
| - else |
124 |
| - PQfinish(persistent_conn); |
125 |
| - } |
| 114 | + /* check password used if not superuser */ |
| 115 | + dblink_security_check(persistent_conn, connstr); |
126 | 116 | persistent_conn = PQconnectdb(connstr);
|
| 117 | + |
127 | 118 | MemoryContextSwitchTo(oldcontext);
|
128 | 119 |
|
129 | 120 | if (PQstatus(persistent_conn) == CONNECTION_BAD)
|
@@ -468,6 +459,8 @@ dblink_record(PG_FUNCTION_ARGS)
|
468 | 459 | connstr = GET_STR(PG_GETARG_TEXT_P(0));
|
469 | 460 | sql = GET_STR(PG_GETARG_TEXT_P(1));
|
470 | 461 |
|
| 462 | + /* check password used if not superuser */ |
| 463 | + dblink_security_check(conn, connstr); |
471 | 464 | conn = PQconnectdb(connstr);
|
472 | 465 | if (PQstatus(conn) == CONNECTION_BAD)
|
473 | 466 | {
|
@@ -652,6 +645,8 @@ dblink_exec(PG_FUNCTION_ARGS)
|
652 | 645 | connstr = GET_STR(PG_GETARG_TEXT_P(0));
|
653 | 646 | sql = GET_STR(PG_GETARG_TEXT_P(1));
|
654 | 647 |
|
| 648 | + /* check password used if not superuser */ |
| 649 | + dblink_security_check(conn, connstr); |
655 | 650 | conn = PQconnectdb(connstr);
|
656 | 651 | if (PQstatus(conn) == CONNECTION_BAD)
|
657 | 652 | {
|
@@ -738,7 +733,8 @@ dblink(PG_FUNCTION_ARGS)
|
738 | 733 |
|
739 | 734 | if (fcinfo-><
103B1
/span>flinfo->fn_extra == NULL)
|
740 | 735 | {
|
741 |
| - |
| 736 | + /* check password used if not superuser */ |
| 737 | + dblink_security_check(conn, optstr); |
742 | 738 | conn = PQconnectdb(optstr);
|
743 | 739 | if (PQstatus(conn) == CONNECTION_BAD)
|
744 | 740 | {
|
@@ -2176,3 +2172,22 @@ connstr_strip_password(const char *connstr)
|
2176 | 2172 |
|
2177 | 2173 | return result.data;
|
2178 | 2174 | }
|
| 2175 | + |
| 2176 | +static void |
| 2177 | +dblink_security_check(PGconn *conn, const char *connstr) |
| 2178 | +{ |
| 2179 | + if (!superuser()) |
| 2180 | + { |
| 2181 | + /* this attempt must fail */ |
| 2182 | + conn = PQconnectdb(connstr_strip_password(connstr)); |
| 2183 | + |
| 2184 | + if (PQstatus(conn) == CONNECTION_OK) |
| 2185 | + { |
| 2186 | + PQfinish(conn); |
| 2187 | + conn = NULL; |
| 2188 | + elog(ERROR, "Non-superuser cannot connect if the server does not request a password."); |
| 2189 | + } |
| 2190 | + else |
| 2191 | + PQfinish(conn); |
| 2192 | + } |
| 2193 | +} |
0 commit comments