PostgreSQL Source Code: contrib/basebackup_to_shell/basebackup_to_shell.c Source File

PostgreSQL Source Code git master
basebackup_to_shell.c
Go to the documentation of this file.
1/*-------------------------------------------------------------------------
2 *
3 * basebackup_to_shell.c
4 * target base backup files to a shell command
5 *
6 * Copyright (c) 2016-2025, PostgreSQL Global Development Group
7 *
8 * contrib/basebackup_to_shell/basebackup_to_shell.c
9 *-------------------------------------------------------------------------
10 */
11#include "postgres.h"
12
13#include "access/xact.h"
14#include "backup/basebackup_target.h"
15#include "common/percentrepl.h"
16#include "miscadmin.h"
17#include "storage/fd.h"
18#include "utils/acl.h"
19#include "utils/guc.h"
20
21 PG_MODULE_MAGIC_EXT(
22 .name = "basebackup_to_shell",
23 .version = PG_VERSION
24);
25
26 typedef struct bbsink_shell
27{
28 /* Common information for all types of sink. */
29 bbsink base;
30
31 /* User-supplied target detail string. */
32 char *target_detail;
33
34 /* Shell command pattern being used for this backup. */
35 char *shell_command;
36
37 /* The command that is currently running. */
38 char *current_command;
39
40 /* Pipe to the running command. */
41 FILE *pipe;
42 } bbsink_shell;
43
44static void *shell_check_detail(char *target, char *target_detail);
45static bbsink *shell_get_sink(bbsink *next_sink, void *detail_arg);
46
47static void bbsink_shell_begin_archive(bbsink *sink,
48 const char *archive_name);
49static void bbsink_shell_archive_contents(bbsink *sink, size_t len);
50static void bbsink_shell_end_archive(bbsink *sink);
51static void bbsink_shell_begin_manifest(bbsink *sink);
52static void bbsink_shell_manifest_contents(bbsink *sink, size_t len);
53static void bbsink_shell_end_manifest(bbsink *sink);
54
55 static const bbsink_ops bbsink_shell_ops = {
56 .begin_backup = bbsink_forward_begin_backup,
57 .begin_archive = bbsink_shell_begin_archive,
58 .archive_contents = bbsink_shell_archive_contents,
59 .end_archive = bbsink_shell_end_archive,
60 .begin_manifest = bbsink_shell_begin_manifest,
61 .manifest_contents = bbsink_shell_manifest_contents,
62 .end_manifest = bbsink_shell_end_manifest,
63 .end_backup = bbsink_forward_end_backup,
64 .cleanup = bbsink_forward_cleanup
65};
66
67 static char *shell_command = "";
68 static char *shell_required_role = "";
69
70void
71 _PG_init(void)
72{
73 DefineCustomStringVariable("basebackup_to_shell.command",
74 "Shell command to be executed for each backup file.",
75 NULL,
76 &shell_command,
77 "",
78 PGC_SIGHUP,
79 0,
80 NULL, NULL, NULL);
81
82 DefineCustomStringVariable("basebackup_to_shell.required_role",
83 "Backup user must be a member of this role to use shell backup target.",
84 NULL,
85 &shell_required_role,
86 "",
87 PGC_SIGHUP,
88 0,
89 NULL, NULL, NULL);
90
91 MarkGUCPrefixReserved("basebackup_to_shell");
92
93 BaseBackupAddTarget("shell", shell_check_detail, shell_get_sink);
94}
95
96/*
97 * We choose to defer sanity checking until shell_get_sink(), and so
98 * just pass the target detail through without doing anything. However, we do
99 * permissions checks here, before any real work has been done.
100 */
101static void *
102 shell_check_detail(char *target, char *target_detail)
103{
104 if (shell_required_role[0] != '0円')
105 {
106 Oid roleid;
107
108 StartTransactionCommand();
109 roleid = get_role_oid(shell_required_role, true);
110 if (!has_privs_of_role(GetUserId(), roleid))
111 ereport(ERROR,
112 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
113 errmsg("permission denied to use basebackup_to_shell")));
114 CommitTransactionCommand();
115 }
116
117 return target_detail;
118}
119
120/*
121 * Set up a bbsink to implement this base backup target.
122 *
123 * This is also a convenient place to sanity check that a target detail was
124 * given if and only if %d is present.
125 */
126static bbsink *
127 shell_get_sink(bbsink *next_sink, void *detail_arg)
128{
129 bbsink_shell *sink;
130 bool has_detail_escape = false;
131 char *c;
132
133 /*
134 * Set up the bbsink.
135 *
136 * We remember the current value of basebackup_to_shell.shell_command to
137 * be certain that it can't change under us during the backup.
138 */
139 sink = palloc0(sizeof(bbsink_shell));
140 *((const bbsink_ops **) &sink->base.bbs_ops) = &bbsink_shell_ops;
141 sink->base.bbs_next = next_sink;
142 sink->target_detail = detail_arg;
143 sink->shell_command = pstrdup(shell_command);
144
145 /* Reject an empty shell command. */
146 if (sink->shell_command[0] == '0円')
147 ereport(ERROR,
148 errcode(ERRCODE_INVALID_PARAMETER_VALUE),
149 errmsg("shell command for backup is not configured"));
150
151 /* Determine whether the shell command we're using contains %d. */
152 for (c = sink->shell_command; *c != '0円'; ++c)
153 {
154 if (c[0] == '%' && c[1] != '0円')
155 {
156 if (c[1] == 'd')
157 has_detail_escape = true;
158 ++c;
159 }
160 }
161
162 /* There should be a target detail if %d was used, and not otherwise. */
163 if (has_detail_escape && sink->target_detail == NULL)
164 ereport(ERROR,
165 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
166 errmsg("a target detail is required because the configured command includes %%d"),
167 errhint("Try \"pg_basebackup --target shell:DETAIL ...\"")));
168 else if (!has_detail_escape && sink->target_detail != NULL)
169 ereport(ERROR,
170 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
171 errmsg("a target detail is not permitted because the configured command does not include %%d")));
172
173 /*
174 * Since we're passing the string provided by the user to popen(), it will
175 * be interpreted by the shell, which is a potential security
176 * vulnerability, since the user invoking this module is not necessarily a
177 * superuser. To stay out of trouble, we must disallow any shell
178 * metacharacters here; to be conservative and keep things simple, we
179 * allow only alphanumerics.
180 */
181 if (sink->target_detail != NULL)
182 {
183 char *d;
184 bool scary = false;
185
186 for (d = sink->target_detail; *d != '0円'; ++d)
187 {
188 if (*d >= 'a' && *d <= 'z')
189 continue;
190 if (*d >= 'A' && *d <= 'Z')
191 continue;
192 if (*d >= '0' && *d <= '9')
193 continue;
194 scary = true;
195 break;
196 }
197
198 if (scary)
199 ereport(ERROR,
200 errcode(ERRCODE_INVALID_PARAMETER_VALUE),
201 errmsg("target detail must contain only alphanumeric characters"));
202 }
203
204 return &sink->base;
205}
206
207/*
208 * Construct the exact shell command that we're actually going to run,
209 * making substitutions as appropriate for escape sequences.
210 */
211static char *
212 shell_construct_command(const char *base_command, const char *filename,
213 const char *target_detail)
214{
215 return replace_percent_placeholders(base_command, "basebackup_to_shell.command",
216 "df", target_detail, filename);
217}
218
219/*
220 * Finish executing the shell command once all data has been written.
221 */
222static void
223 shell_finish_command(bbsink_shell *sink)
224{
225 int pclose_rc;
226
227 /* There should be a command running. */
228 Assert(sink->current_command != NULL);
229 Assert(sink->pipe != NULL);
230
231 /* Close down the pipe we opened. */
232 pclose_rc = ClosePipeStream(sink->pipe);
233 if (pclose_rc == -1)
234 ereport(ERROR,
235 (errcode_for_file_access(),
236 errmsg("could not close pipe to external command: %m")));
237 else if (pclose_rc != 0)
238 {
239 ereport(ERROR,
240 (errcode(ERRCODE_EXTERNAL_ROUTINE_EXCEPTION),
241 errmsg("shell command \"%s\" failed",
242 sink->current_command),
243 errdetail_internal("%s", wait_result_to_str(pclose_rc))));
244 }
245
246 /* Clean up. */
247 sink->pipe = NULL;
248 pfree(sink->current_command);
249 sink->current_command = NULL;
250}
251
252/*
253 * Start up the shell command, substituting %f in for the current filename.
254 */
255static void
256 shell_run_command(bbsink_shell *sink, const char *filename)
257{
258 /* There should not be anything already running. */
259 Assert(sink->current_command == NULL);
260 Assert(sink->pipe == NULL);
261
262 /* Construct a suitable command. */
263 sink->current_command = shell_construct_command(sink->shell_command,
264 filename,
265 sink->target_detail);
266
267 /* Run it. */
268 sink->pipe = OpenPipeStream(sink->current_command, PG_BINARY_W);
269 if (sink->pipe == NULL)
270 ereport(ERROR,
271 (errcode_for_file_access(),
272 errmsg("could not execute command \"%s\": %m",
273 sink->current_command)));
274}
275
276/*
277 * Send accumulated data to the running shell command.
278 */
279static void
280 shell_send_data(bbsink_shell *sink, size_t len)
281{
282 /* There should be a command running. */
283 Assert(sink->current_command != NULL);
284 Assert(sink->pipe != NULL);
285
286 /* Try to write the data. */
287 if (fwrite(sink->base.bbs_buffer, len, 1, sink->pipe) != 1 ||
288 ferror(sink->pipe))
289 {
290 if (errno == EPIPE)
291 {
292 /*
293 * The error we're about to throw would shut down the command
294 * anyway, but we may get a more meaningful error message by doing
295 * this. If not, we'll fall through to the generic error below.
296 */
297 shell_finish_command(sink);
298 errno = EPIPE;
299 }
300 ereport(ERROR,
301 (errcode_for_file_access(),
302 errmsg("could not write to shell backup program: %m")));
303 }
304}
305
306/*
307 * At start of archive, start up the shell command and forward to next sink.
308 */
309static void
310 bbsink_shell_begin_archive(bbsink *sink, const char *archive_name)
311{
312 bbsink_shell *mysink = (bbsink_shell *) sink;
313
314 shell_run_command(mysink, archive_name);
315 bbsink_forward_begin_archive(sink, archive_name);
316}
317
318/*
319 * Send archive contents to command's stdin and forward to next sink.
320 */
321static void
322 bbsink_shell_archive_contents(bbsink *sink, size_t len)
323{
324 bbsink_shell *mysink = (bbsink_shell *) sink;
325
326 shell_send_data(mysink, len);
327 bbsink_forward_archive_contents(sink, len);
328}
329
330/*
331 * At end of archive, shut down the shell command and forward to next sink.
332 */
333static void
334 bbsink_shell_end_archive(bbsink *sink)
335{
336 bbsink_shell *mysink = (bbsink_shell *) sink;
337
338 shell_finish_command(mysink);
339 bbsink_forward_end_archive(sink);
340}
341
342/*
343 * At start of manifest, start up the shell command and forward to next sink.
344 */
345static void
346 bbsink_shell_begin_manifest(bbsink *sink)
347{
348 bbsink_shell *mysink = (bbsink_shell *) sink;
349
350 shell_run_command(mysink, "backup_manifest");
351 bbsink_forward_begin_manifest(sink);
352}
353
354/*
355 * Send manifest contents to command's stdin and forward to next sink.
356 */
357static void
358 bbsink_shell_manifest_contents(bbsink *sink, size_t len)
359{
360 bbsink_shell *mysink = (bbsink_shell *) sink;
361
362 shell_send_data(mysink, len);
363 bbsink_forward_manifest_contents(sink, len);
364}
365
366/*
367 * At end of manifest, shut down the shell command and forward to next sink.
368 */
369static void
370 bbsink_shell_end_manifest(bbsink *sink)
371{
372 bbsink_shell *mysink = (bbsink_shell *) sink;
373
374 shell_finish_command(mysink);
375 bbsink_forward_end_manifest(sink);
376}
bool has_privs_of_role(Oid member, Oid role)
Definition: acl.c:5284
Oid get_role_oid(const char *rolname, bool missing_ok)
Definition: acl.c:5552
void bbsink_forward_begin_backup(bbsink *sink)
void bbsink_forward_begin_manifest(bbsink *sink)
void bbsink_forward_end_backup(bbsink *sink, XLogRecPtr endptr, TimeLineID endtli)
void bbsink_forward_cleanup(bbsink *sink)
void bbsink_forward_manifest_contents(bbsink *sink, size_t len)
void bbsink_forward_end_archive(bbsink *sink)
void bbsink_forward_archive_contents(bbsink *sink, size_t len)
void bbsink_forward_begin_archive(bbsink *sink, const char *archive_name)
void bbsink_forward_end_manifest(bbsink *sink)
void BaseBackupAddTarget(char *name, void *(*check_detail)(char *, char *), bbsink *(*get_sink)(bbsink *, void *))
static void * shell_check_detail(char *target, char *target_detail)
static char * shell_required_role
static void shell_finish_command(bbsink_shell *sink)
static void bbsink_shell_begin_manifest(bbsink *sink)
void _PG_init(void)
static bbsink * shell_get_sink(bbsink *next_sink, void *detail_arg)
static void bbsink_shell_end_manifest(bbsink *sink)
static char * shell_construct_command(const char *base_command, const char *filename, const char *target_detail)
static void bbsink_shell_end_archive(bbsink *sink)
static void shell_send_data(bbsink_shell *sink, size_t len)
struct bbsink_shell bbsink_shell
PG_MODULE_MAGIC_EXT(.name="basebackup_to_shell",.version=PG_VERSION)
static void shell_run_command(bbsink_shell *sink, const char *filename)
static void bbsink_shell_begin_archive(bbsink *sink, const char *archive_name)
static void bbsink_shell_archive_contents(bbsink *sink, size_t len)
static char * shell_command
static const bbsink_ops bbsink_shell_ops
static void bbsink_shell_manifest_contents(bbsink *sink, size_t len)
#define PG_BINARY_W
Definition: c.h:1275
int errdetail_internal(const char *fmt,...)
Definition: elog.c:1234
int errcode_for_file_access(void)
Definition: elog.c:877
int errhint(const char *fmt,...)
Definition: elog.c:1321
int errcode(int sqlerrcode)
Definition: elog.c:854
int errmsg(const char *fmt,...)
Definition: elog.c:1071
#define ERROR
Definition: elog.h:39
#define ereport(elevel,...)
Definition: elog.h:150
FILE * OpenPipeStream(const char *command, const char *mode)
Definition: fd.c:2744
int ClosePipeStream(FILE *file)
Definition: fd.c:3052
void DefineCustomStringVariable(const char *name, const char *short_desc, const char *long_desc, char **valueAddr, const char *bootValue, GucContext context, int flags, GucStringCheckHook check_hook, GucStringAssignHook assign_hook, GucShowHook show_hook)
Definition: guc.c:5241
void MarkGUCPrefixReserved(const char *className)
Definition: guc.c:5302
@ PGC_SIGHUP
Definition: guc.h:75
Assert(PointerIsAligned(start, uint64))
char * pstrdup(const char *in)
Definition: mcxt.c:1759
void pfree(void *pointer)
Definition: mcxt.c:1594
void * palloc0(Size size)
Definition: mcxt.c:1395
Oid GetUserId(void)
Definition: miscinit.c:469
char * replace_percent_placeholders(const char *instr, const char *param_name, const char *letters,...)
Definition: percentrepl.c:59
const void size_t len
static char * filename
Definition: pg_dumpall.c:120
unsigned int Oid
Definition: postgres_ext.h:32
c
char * c
Definition: preproc-cursor.c:31
void(* begin_backup)(bbsink *sink)
char * current_command
char * shell_command
bbsink base
char * target_detail
FILE * pipe
bbsink * bbs_next
char * bbs_buffer
const bbsink_ops * bbs_ops
char * wait_result_to_str(int exitstatus)
Definition: wait_error.c:33
const char * name
void StartTransactionCommand(void)
Definition: xact.c:3071
void CommitTransactionCommand(void)
Definition: xact.c:3169

AltStyle によって変換されたページ (->オリジナル) /