database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-04-25 21:42:33 +03:00
Code

Diagnose incompatible OpenLDAP versions during build and test.

Browse Source 
With OpenLDAP versions 2.4.24 through 2.4.31, inclusive, PostgreSQL
backends can crash at exit.  Raise a warning during "configure" based on
the compile-time OpenLDAP version number, and test the crash scenario in
the dblink test suite.  Back-patch to 9.0 (all supported versions).
This commit is contained in:
Noah Misch 2014-07-22 11:01:03 -04:00
parent f54d97c5ef
commit cec0c2182c
11 changed files with 244 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
configure vendored
View File

@ -13663,6 +13663,17 @@ fi
fi fi
# PGAC_LDAP_SAFE
# --------------
# PostgreSQL sometimes loads libldap_r and plain libldap into the same
# process. Check for OpenLDAP versions known not to tolerate doing so; assume
# non-OpenLDAP implementations are safe. The dblink test suite exercises the
# hazardous interaction directly.
if test "$with_ldap" = yes ; then if test "$with_ldap" = yes ; then
if test "$PORTNAME" != "win32"; then if test "$PORTNAME" != "win32"; then
@ -13820,6 +13831,72 @@ fi
done done
{ $as_echo "$as_me:$LINENO: checking for compatible LDAP implementation" >&5
$as_echo_n "checking for compatible LDAP implementation... " >&6; }
if test "${pgac_cv_ldap_safe+set}" = set; then
$as_echo_n "(cached) " >&6
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include <ldap.h>
#if !defined(LDAP_VENDOR_VERSION) || \
(defined(LDAP_API_FEATURE_X_OPENLDAP) && \
LDAP_VENDOR_VERSION >= 20424 && LDAP_VENDOR_VERSION <= 20431)
choke me
#endif
int
main ()
{
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext
if { (ac_try="$ac_compile"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
$as_echo "$ac_try_echo") >&5
(eval "$ac_compile") 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
$as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
} && test -s conftest.$ac_objext; then
pgac_cv_ldap_safe=yes
else
$as_echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
pgac_cv_ldap_safe=no
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
{ $as_echo "$as_me:$LINENO: result: $pgac_cv_ldap_safe" >&5
$as_echo "$pgac_cv_ldap_safe" >&6; }
if test "$pgac_cv_ldap_safe" != yes; then
{ $as_echo "$as_me:$LINENO: WARNING:
*** With OpenLDAP versions 2.4.24 through 2.4.31, inclusive, each backend
*** process that loads libpq (via WAL receiver, dblink, or postgres_fdw) and
*** also uses LDAP will crash on exit." >&5
$as_echo "$as_me: WARNING:
*** With OpenLDAP versions 2.4.24 through 2.4.31, inclusive, each backend
*** process that loads libpq (via WAL receiver, dblink, or postgres_fdw) and
*** also uses LDAP will crash on exit." >&2;}
fi
else else
for ac_header in winldap.h for ac_header in winldap.h

29
configure.in
View File

@ -1067,10 +1067,39 @@ if test "$with_libxslt" = yes ; then
AC_CHECK_HEADER(libxslt/xslt.h, [], [AC_MSG_ERROR([header file <libxslt/xslt.h> is required for XSLT support])]) AC_CHECK_HEADER(libxslt/xslt.h, [], [AC_MSG_ERROR([header file <libxslt/xslt.h> is required for XSLT support])])
fi fi
# PGAC_LDAP_SAFE
# --------------
# PostgreSQL sometimes loads libldap_r and plain libldap into the same
# process. Check for OpenLDAP versions known not to tolerate doing so; assume
# non-OpenLDAP implementations are safe. The dblink test suite exercises the
# hazardous interaction directly.
AC_DEFUN([PGAC_LDAP_SAFE],
[AC_CACHE_CHECK([for compatible LDAP implementation], [pgac_cv_ldap_safe],
[AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
[#include <ldap.h>
#if !defined(LDAP_VENDOR_VERSION) || \
(defined(LDAP_API_FEATURE_X_OPENLDAP) && \
LDAP_VENDOR_VERSION >= 20424 && LDAP_VENDOR_VERSION <= 20431)
choke me
#endif], [])],
[pgac_cv_ldap_safe=yes],
[pgac_cv_ldap_safe=no])])
if test "$pgac_cv_ldap_safe" != yes; then
AC_MSG_WARN([
*** With OpenLDAP versions 2.4.24 through 2.4.31, inclusive, each backend
*** process that loads libpq (via WAL receiver, dblink, or postgres_fdw) and
*** also uses LDAP will crash on exit.])
fi])
if test "$with_ldap" = yes ; then if test "$with_ldap" = yes ; then
if test "$PORTNAME" != "win32"; then if test "$PORTNAME" != "win32"; then
AC_CHECK_HEADERS(ldap.h, [], AC_CHECK_HEADERS(ldap.h, [],
[AC_MSG_ERROR([header file <ldap.h> is required for LDAP])]) [AC_MSG_ERROR([header file <ldap.h> is required for LDAP])])
PGAC_LDAP_SAFE
else else
AC_CHECK_HEADERS(winldap.h, [], AC_CHECK_HEADERS(winldap.h, [],
[AC_MSG_ERROR([header file <winldap.h> is required for LDAP])], [AC_MSG_ERROR([header file <winldap.h> is required for LDAP])],

4
contrib/dblink/Makefile
View File

@ -9,7 +9,9 @@ SHLIB_PREREQS = submake-libpq
EXTENSION = dblink EXTENSION = dblink
DATA = dblink--1.0.sql dblink--unpackaged--1.0.sql DATA = dblink--1.0.sql dblink--unpackaged--1.0.sql
REGRESS = dblink REGRESS = paths dblink
REGRESS_OPTS = --dlpath=$(top_builddir)/src/test/regress
EXTRA_CLEAN = sql/paths.sql expected/paths.out
# the db name is hard-coded in the tests # the db name is hard-coded in the tests
override USE_MODULE_DB = override USE_MODULE_DB =

1
contrib/dblink/expected/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
/paths.out

27
contrib/dblink/expected/dblink.out
View File

@ -105,6 +105,33 @@ SELECT *
FROM dblink('SELECT * FROM foo') AS t(a int, b text, c text[]) FROM dblink('SELECT * FROM foo') AS t(a int, b text, c text[])
WHERE t.a > 7; WHERE t.a > 7;
ERROR: connection not available ERROR: connection not available
-- The first-level connection's backend will crash on exit given OpenLDAP
-- [2.4.24, 2.4.31]. We won't see evidence of any crash until the victim
-- process terminates and the postmaster responds. If process termination
-- entails writing a core dump, that can take awhile. Wait for the process to
-- vanish. At that point, the postmaster has called waitpid() on the crashed
-- process, and it will accept no new connections until it has reinitialized
-- the cluster. (We can't exploit pg_stat_activity, because the crash happens
-- after the backend updates shared memory to reflect its impending exit.)
DO $pl$
DECLARE
detail text;
BEGIN
PERFORM wait_pid(crash_pid)
FROM dblink('dbname=contrib_regression', $$
SELECT pg_backend_pid() FROM dblink(
'service=test_ldap dbname=contrib_regression',
-- This string concatenation is a hack to shoehorn a
-- set_pgservicefile call into the SQL statement.
'SELECT 1' || set_pgservicefile('pg_service.conf')
) t(c int)
$$) AS t(crash_pid int);
EXCEPTION WHEN OTHERS THEN
GET STACKED DIAGNOSTICS detail = PG_EXCEPTION_DETAIL;
-- Expected error in a non-LDAP build.
IF NOT detail LIKE 'syntax error in service file%' THEN RAISE; END IF;
END
$pl$;
-- create a persistent connection -- create a persistent connection
SELECT dblink_connect('dbname=contrib_regression'); SELECT dblink_connect('dbname=contrib_regression');
dblink_connect dblink_connect

14
contrib/dblink/input/paths.source Normal file
View File

@ -0,0 +1,14 @@
-- Initialization that requires path substitution.
CREATE FUNCTION putenv(text)
RETURNS void
AS '@libdir@/regress@DLSUFFIX@', 'regress_putenv'
LANGUAGE C STRICT;
CREATE FUNCTION wait_pid(int)
RETURNS void
AS '@libdir@/regress@DLSUFFIX@'
LANGUAGE C STRICT;
CREATE FUNCTION set_pgservicefile(text) RETURNS void LANGUAGE SQL
AS $$SELECT putenv('PGSERVICEFILE=@abs_srcdir@/' || $1)$$;

11
contrib/dblink/output/paths.source Normal file
View File

@ -0,0 +1,11 @@
-- Initialization that requires path substitution.
CREATE FUNCTION putenv(text)
RETURNS void
AS '@libdir@/regress@DLSUFFIX@', 'regress_putenv'
LANGUAGE C STRICT;
CREATE FUNCTION wait_pid(int)
RETURNS void
AS '@libdir@/regress@DLSUFFIX@'
LANGUAGE C STRICT;
CREATE FUNCTION set_pgservicefile(text) RETURNS void LANGUAGE SQL
AS $$SELECT putenv('PGSERVICEFILE=@abs_srcdir@/' || $1)$$;

7
contrib/dblink/pg_service.conf Normal file
View File

@ -0,0 +1,7 @@
# pg_service.conf for minimally exercising libpq use of LDAP.
# Having failed to reach an LDAP server, libpq essentially ignores the
# "service=test_ldap" in its connection string. Contact the "discard"
# service; the test works whether or not it answers.
[test_ldap]
ldap://127.0.0.1:9/base?attribute?one?filter

1
contrib/dblink/sql/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
/paths.sql

28
contrib/dblink/sql/dblink.sql
View File

@ -65,6 +65,34 @@ SELECT *
FROM dblink('SELECT * FROM foo') AS t(a int, b text, c text[]) FROM dblink('SELECT * FROM foo') AS t(a int, b text, c text[])
WHERE t.a > 7; WHERE t.a > 7;
-- The first-level connection's backend will crash on exit given OpenLDAP
-- [2.4.24, 2.4.31]. We won't see evidence of any crash until the victim
-- process terminates and the postmaster responds. If process termination
-- entails writing a core dump, that can take awhile. Wait for the process to
-- vanish. At that point, the postmaster has called waitpid() on the crashed
-- process, and it will accept no new connections until it has reinitialized
-- the cluster. (We can't exploit pg_stat_activity, because the crash happens
-- after the backend updates shared memory to reflect its impending exit.)
DO $pl$
DECLARE
detail text;
BEGIN
PERFORM wait_pid(crash_pid)
FROM dblink('dbname=contrib_regression', $$
SELECT pg_backend_pid() FROM dblink(
'service=test_ldap dbname=contrib_regression',
-- This string concatenation is a hack to shoehorn a
-- set_pgservicefile call into the SQL statement.
'SELECT 1' || set_pgservicefile('pg_service.conf')
) t(c int)
$$) AS t(crash_pid int);
EXCEPTION WHEN OTHERS THEN
GET STACKED DIAGNOSTICS detail = PG_EXCEPTION_DETAIL;
-- Expected error in a non-LDAP build.
IF NOT detail LIKE 'syntax error in service file%' THEN RAISE; END IF;
END
$pl$;
-- create a persistent connection -- create a persistent connection
SELECT dblink_connect('dbname=contrib_regression'); SELECT dblink_connect('dbname=contrib_regression');

46
src/test/regress/regress.c
View File

@ -6,6 +6,7 @@
#include <float.h> #include <float.h>
#include <math.h> #include <math.h>
#include <signal.h>
#include "access/transam.h" #include "access/transam.h"
#include "access/xact.h" #include "access/xact.h"
@ -14,8 +15,10 @@
#include "commands/trigger.h" #include "commands/trigger.h"
#include "executor/executor.h" #include "executor/executor.h"
#include "executor/spi.h" #include "executor/spi.h"
#include "miscadmin.h"
#include "utils/builtins.h" #include "utils/builtins.h"
#include "utils/geo_decls.h" #include "utils/geo_decls.h"
#include "utils/memutils.h"
#include "utils/rel.h" #include "utils/rel.h"
@ -35,6 +38,8 @@ extern char *reverse_name(char *string);
extern int oldstyle_length(int n, text *t); extern int oldstyle_length(int n, text *t);
extern Datum int44in(PG_FUNCTION_ARGS); extern Datum int44in(PG_FUNCTION_ARGS);
extern Datum int44out(PG_FUNCTION_ARGS); extern Datum int44out(PG_FUNCTION_ARGS);
extern Datum regress_putenv(PG_FUNCTION_ARGS);
extern Datum wait_pid(PG_FUNCTION_ARGS);
#ifdef PG_MODULE_MAGIC #ifdef PG_MODULE_MAGIC
PG_MODULE_MAGIC; PG_MODULE_MAGIC;
@ -737,3 +742,44 @@ int44out(PG_FUNCTION_ARGS)
*--walk = '\0'; *--walk = '\0';
PG_RETURN_CSTRING(result); PG_RETURN_CSTRING(result);
} }
PG_FUNCTION_INFO_V1(regress_putenv);
Datum
regress_putenv(PG_FUNCTION_ARGS)
{
MemoryContext oldcontext;
char *envbuf;
if (!superuser())
elog(ERROR, "must be superuser to change environment variables");
oldcontext = MemoryContextSwitchTo(TopMemoryContext);
envbuf = text_to_cstring((text *) PG_GETARG_POINTER(0));
MemoryContextSwitchTo(oldcontext);
if (putenv(envbuf) != 0)
elog(ERROR, "could not set environment variable: %m");
PG_RETURN_VOID();
}
/* Sleep until no process has a given PID. */
PG_FUNCTION_INFO_V1(wait_pid);
Datum
wait_pid(PG_FUNCTION_ARGS)
{
int pid = PG_GETARG_INT32(0);
if (!superuser())
elog(ERROR, "must be superuser to check PID liveness");
while (kill(pid, 0) == 0)
pg_usleep(50000);
if (errno != ESRCH)
elog(ERROR, "could not check PID %d liveness: %m", pid);
PG_RETURN_VOID();
}