| 1 | /************************************************* |
| 2 | * Exim - an Internet mail transport agent * |
| 3 | *************************************************/ |
| 4 | |
| 5 | /* Copyright (c) University of Cambridge 1995 - 2017 */ |
| 6 | /* See the file NOTICE for conditions of use and distribution. */ |
| 7 | |
| 8 | /* Thanks to Petr Cech for contributing the original code for these |
| 9 | functions. Thanks to Joachim Wieland for the initial patch for the Unix domain |
| 10 | socket extension. */ |
| 11 | |
| 12 | #include "../exim.h" |
| 13 | #include "lf_functions.h" |
| 14 | |
| 15 | #include <libpq-fe.h> /* The system header */ |
| 16 | |
| 17 | /* Structure and anchor for caching connections. */ |
| 18 | |
| 19 | typedef struct pgsql_connection { |
| 20 | struct pgsql_connection *next; |
| 21 | uschar *server; |
| 22 | PGconn *handle; |
| 23 | } pgsql_connection; |
| 24 | |
| 25 | static pgsql_connection *pgsql_connections = NULL; |
| 26 | |
| 27 | |
| 28 | |
| 29 | /************************************************* |
| 30 | * Open entry point * |
| 31 | *************************************************/ |
| 32 | |
| 33 | /* See local README for interface description. */ |
| 34 | |
| 35 | static void * |
| 36 | pgsql_open(uschar *filename, uschar **errmsg) |
| 37 | { |
| 38 | return (void *)(1); /* Just return something non-null */ |
| 39 | } |
| 40 | |
| 41 | |
| 42 | |
| 43 | /************************************************* |
| 44 | * Tidy entry point * |
| 45 | *************************************************/ |
| 46 | |
| 47 | /* See local README for interface description. */ |
| 48 | |
| 49 | static void |
| 50 | pgsql_tidy(void) |
| 51 | { |
| 52 | pgsql_connection *cn; |
| 53 | while ((cn = pgsql_connections) != NULL) |
| 54 | { |
| 55 | pgsql_connections = cn->next; |
| 56 | DEBUG(D_lookup) debug_printf("close PGSQL connection: %s\n", cn->server); |
| 57 | PQfinish(cn->handle); |
| 58 | } |
| 59 | } |
| 60 | |
| 61 | |
| 62 | /************************************************* |
| 63 | * Notice processor function for pgsql * |
| 64 | *************************************************/ |
| 65 | |
| 66 | /* This function is passed to pgsql below, and called for any PostgreSQL |
| 67 | "notices". By default they are written to stderr, which is undesirable. |
| 68 | |
| 69 | Arguments: |
| 70 | arg an opaque user cookie (not used) |
| 71 | message the notice |
| 72 | |
| 73 | Returns: nothing |
| 74 | */ |
| 75 | |
| 76 | static void |
| 77 | notice_processor(void *arg, const char *message) |
| 78 | { |
| 79 | arg = arg; /* Keep compiler happy */ |
| 80 | DEBUG(D_lookup) debug_printf("PGSQL: %s\n", message); |
| 81 | } |
| 82 | |
| 83 | |
| 84 | |
| 85 | /************************************************* |
| 86 | * Internal search function * |
| 87 | *************************************************/ |
| 88 | |
| 89 | /* This function is called from the find entry point to do the search for a |
| 90 | single server. The server string is of the form "server/dbname/user/password". |
| 91 | |
| 92 | PostgreSQL supports connections through Unix domain sockets. This is usually |
| 93 | faster and costs less cpu time than a TCP/IP connection. However it can only be |
| 94 | used if the mail server runs on the same machine as the database server. A |
| 95 | configuration line for PostgreSQL via Unix domain sockets looks like this: |
| 96 | |
| 97 | hide pgsql_servers = (/tmp/.s.PGSQL.5432)/db/user/password[:<nextserver>] |
| 98 | |
| 99 | We enclose the path name in parentheses so that its slashes aren't visually |
| 100 | confused with the delimiters for the other pgsql_server settings. |
| 101 | |
| 102 | For TCP/IP connections, the server is a host name and optional port (with a |
| 103 | colon separator). |
| 104 | |
| 105 | NOTE: |
| 106 | 1) All three '/' must be present. |
| 107 | 2) If host is omitted the local unix socket is used. |
| 108 | |
| 109 | Arguments: |
| 110 | query the query string |
| 111 | server the server string; this is in dynamic memory and can be updated |
| 112 | resultptr where to store the result |
| 113 | errmsg where to point an error message |
| 114 | defer_break set TRUE if no more servers are to be tried after DEFER |
| 115 | do_cache set FALSE if data is changed |
| 116 | |
| 117 | Returns: OK, FAIL, or DEFER |
| 118 | */ |
| 119 | |
| 120 | static int |
| 121 | perform_pgsql_search(const uschar *query, uschar *server, uschar **resultptr, |
| 122 | uschar **errmsg, BOOL *defer_break, uint *do_cache) |
| 123 | { |
| 124 | PGconn *pg_conn = NULL; |
| 125 | PGresult *pg_result = NULL; |
| 126 | |
| 127 | int i; |
| 128 | gstring * result = NULL; |
| 129 | int yield = DEFER; |
| 130 | unsigned int num_fields, num_tuples; |
| 131 | pgsql_connection *cn; |
| 132 | uschar *server_copy = NULL; |
| 133 | uschar *sdata[3]; |
| 134 | |
| 135 | /* Disaggregate the parameters from the server argument. The order is host or |
| 136 | path, database, user, password. We can write to the string, since it is in a |
| 137 | nextinlist temporary buffer. The copy of the string that is used for caching |
| 138 | has the password removed. This copy is also used for debugging output. */ |
| 139 | |
| 140 | for (i = 2; i >= 0; i--) |
| 141 | { |
| 142 | uschar *pp = Ustrrchr(server, '/'); |
| 143 | if (pp == NULL) |
| 144 | { |
| 145 | *errmsg = string_sprintf("incomplete pgSQL server data: %s", |
| 146 | (i == 2)? server : server_copy); |
| 147 | *defer_break = TRUE; |
| 148 | return DEFER; |
| 149 | } |
| 150 | *pp++ = 0; |
| 151 | sdata[i] = pp; |
| 152 | if (i == 2) server_copy = string_copy(server); /* sans password */ |
| 153 | } |
| 154 | |
| 155 | /* The total server string has now been truncated so that what is left at the |
| 156 | start is the identification of the server (host or path). See if we have a |
| 157 | cached connection to the server. */ |
| 158 | |
| 159 | for (cn = pgsql_connections; cn != NULL; cn = cn->next) |
| 160 | { |
| 161 | if (Ustrcmp(cn->server, server_copy) == 0) |
| 162 | { |
| 163 | pg_conn = cn->handle; |
| 164 | break; |
| 165 | } |
| 166 | } |
| 167 | |
| 168 | /* If there is no cached connection, we must set one up. */ |
| 169 | |
| 170 | if (cn == NULL) |
| 171 | { |
| 172 | uschar *port = US""; |
| 173 | |
| 174 | /* For a Unix domain socket connection, the path is in parentheses */ |
| 175 | |
| 176 | if (*server == '(') |
| 177 | { |
| 178 | uschar *last_slash, *last_dot, *p; |
| 179 | |
| 180 | p = ++server; |
| 181 | while (*p != 0 && *p != ')') p++; |
| 182 | *p = 0; |
| 183 | |
| 184 | last_slash = Ustrrchr(server, '/'); |
| 185 | last_dot = Ustrrchr(server, '.'); |
| 186 | |
| 187 | DEBUG(D_lookup) debug_printf("PGSQL new connection: socket=%s " |
| 188 | "database=%s user=%s\n", server, sdata[0], sdata[1]); |
| 189 | |
| 190 | /* A valid socket name looks like this: /var/run/postgresql/.s.PGSQL.5432 |
| 191 | We have to call PQsetdbLogin with '/var/run/postgresql' as the hostname |
| 192 | argument and put '5432' into the port variable. */ |
| 193 | |
| 194 | if (last_slash == NULL || last_dot == NULL) |
| 195 | { |
| 196 | *errmsg = string_sprintf("PGSQL invalid filename for socket: %s", |
| 197 | server); |
| 198 | *defer_break = TRUE; |
| 199 | return DEFER; |
| 200 | } |
| 201 | |
| 202 | /* Terminate the path name and set up the port: we'll have something like |
| 203 | server = "/var/run/postgresql" and port = "5432". */ |
| 204 | |
| 205 | *last_slash = 0; |
| 206 | port = last_dot + 1; |
| 207 | } |
| 208 | |
| 209 | /* Host connection; sort out the port */ |
| 210 | |
| 211 | else |
| 212 | { |
| 213 | uschar *p; |
| 214 | if ((p = Ustrchr(server, ':')) != NULL) |
| 215 | { |
| 216 | *p++ = 0; |
| 217 | port = p; |
| 218 | } |
| 219 | |
| 220 | if (Ustrchr(server, '/') != NULL) |
| 221 | { |
| 222 | *errmsg = string_sprintf("unexpected slash in pgSQL server hostname: %s", |
| 223 | server); |
| 224 | *defer_break = TRUE; |
| 225 | return DEFER; |
| 226 | } |
| 227 | |
| 228 | DEBUG(D_lookup) debug_printf("PGSQL new connection: host=%s port=%s " |
| 229 | "database=%s user=%s\n", server, port, sdata[0], sdata[1]); |
| 230 | } |
| 231 | |
| 232 | /* If the database is the empty string, set it NULL - the query must then |
| 233 | define it. */ |
| 234 | |
| 235 | if (sdata[0][0] == 0) sdata[0] = NULL; |
| 236 | |
| 237 | /* Get store for a new handle, initialize it, and connect to the server */ |
| 238 | |
| 239 | pg_conn=PQsetdbLogin( |
| 240 | /* host port options tty database user passwd */ |
| 241 | CS server, CS port, NULL, NULL, CS sdata[0], CS sdata[1], CS sdata[2]); |
| 242 | |
| 243 | if(PQstatus(pg_conn) == CONNECTION_BAD) |
| 244 | { |
| 245 | store_reset(server_copy); |
| 246 | *errmsg = string_sprintf("PGSQL connection failed: %s", |
| 247 | PQerrorMessage(pg_conn)); |
| 248 | PQfinish(pg_conn); |
| 249 | goto PGSQL_EXIT; |
| 250 | } |
| 251 | |
| 252 | /* Set the client encoding to SQL_ASCII, which means that the server will |
| 253 | not try to interpret the query as being in any fancy encoding such as UTF-8 |
| 254 | or other multibyte code that might cause problems with escaping. */ |
| 255 | |
| 256 | PQsetClientEncoding(pg_conn, "SQL_ASCII"); |
| 257 | |
| 258 | /* Set the notice processor to prevent notices from being written to stderr |
| 259 | (which is what the default does). Our function (above) just produces debug |
| 260 | output. */ |
| 261 | |
| 262 | PQsetNoticeProcessor(pg_conn, notice_processor, NULL); |
| 263 | |
| 264 | /* Add the connection to the cache */ |
| 265 | |
| 266 | cn = store_get(sizeof(pgsql_connection)); |
| 267 | cn->server = server_copy; |
| 268 | cn->handle = pg_conn; |
| 269 | cn->next = pgsql_connections; |
| 270 | pgsql_connections = cn; |
| 271 | } |
| 272 | |
| 273 | /* Else use a previously cached connection */ |
| 274 | |
| 275 | else |
| 276 | { |
| 277 | DEBUG(D_lookup) debug_printf("PGSQL using cached connection for %s\n", |
| 278 | server_copy); |
| 279 | } |
| 280 | |
| 281 | /* Run the query */ |
| 282 | |
| 283 | pg_result = PQexec(pg_conn, CS query); |
| 284 | switch(PQresultStatus(pg_result)) |
| 285 | { |
| 286 | case PGRES_EMPTY_QUERY: |
| 287 | case PGRES_COMMAND_OK: |
| 288 | /* The command was successful but did not return any data since it was |
| 289 | not SELECT but either an INSERT, UPDATE or DELETE statement. Tell the |
| 290 | high level code to not cache this query, and clean the current cache for |
| 291 | this handle by setting *do_cache zero. */ |
| 292 | |
| 293 | result = string_cat(result, US PQcmdTuples(pg_result)); |
| 294 | *do_cache = 0; |
| 295 | DEBUG(D_lookup) debug_printf("PGSQL: command does not return any data " |
| 296 | "but was successful. Rows affected: %s\n", result->s); |
| 297 | break; |
| 298 | |
| 299 | case PGRES_TUPLES_OK: |
| 300 | break; |
| 301 | |
| 302 | default: |
| 303 | /* This was the original code: |
| 304 | *errmsg = string_sprintf("PGSQL: query failed: %s\n", |
| 305 | PQresultErrorMessage(pg_result)); |
| 306 | This was suggested by a user: |
| 307 | */ |
| 308 | |
| 309 | *errmsg = string_sprintf("PGSQL: query failed: %s (%s) (%s)\n", |
| 310 | PQresultErrorMessage(pg_result), |
| 311 | PQresStatus(PQresultStatus(pg_result)), query); |
| 312 | goto PGSQL_EXIT; |
| 313 | } |
| 314 | |
| 315 | /* Result is in pg_result. Find the number of fields returned. If this is one, |
| 316 | we don't add field names to the data. Otherwise we do. If the query did not |
| 317 | return anything we skip the for loop; this also applies to the case |
| 318 | PGRES_COMMAND_OK. */ |
| 319 | |
| 320 | num_fields = PQnfields(pg_result); |
| 321 | num_tuples = PQntuples(pg_result); |
| 322 | |
| 323 | /* Get the fields and construct the result string. If there is more than one |
| 324 | row, we insert '\n' between them. */ |
| 325 | |
| 326 | for (i = 0; i < num_tuples; i++) |
| 327 | { |
| 328 | if (result) |
| 329 | result = string_catn(result, US"\n", 1); |
| 330 | |
| 331 | if (num_fields == 1) |
| 332 | result = string_catn(NULL, |
| 333 | US PQgetvalue(pg_result, i, 0), PQgetlength(pg_result, i, 0)); |
| 334 | else |
| 335 | { |
| 336 | int j; |
| 337 | for (j = 0; j < num_fields; j++) |
| 338 | { |
| 339 | uschar *tmp = US PQgetvalue(pg_result, i, j); |
| 340 | result = lf_quote(US PQfname(pg_result, j), tmp, Ustrlen(tmp), result); |
| 341 | } |
| 342 | } |
| 343 | } |
| 344 | |
| 345 | /* If result is NULL then no data has been found and so we return FAIL. |
| 346 | Otherwise, we must terminate the string which has been built; string_cat() |
| 347 | always leaves enough room for a terminating zero. */ |
| 348 | |
| 349 | if (!result) |
| 350 | { |
| 351 | yield = FAIL; |
| 352 | *errmsg = US"PGSQL: no data found"; |
| 353 | } |
| 354 | else |
| 355 | store_reset(result->s + result->ptr + 1); |
| 356 | |
| 357 | /* Get here by goto from various error checks. */ |
| 358 | |
| 359 | PGSQL_EXIT: |
| 360 | |
| 361 | /* Free store for any result that was got; don't close the connection, as |
| 362 | it is cached. */ |
| 363 | |
| 364 | if (pg_result) PQclear(pg_result); |
| 365 | |
| 366 | /* Non-NULL result indicates a successful result */ |
| 367 | |
| 368 | if (result) |
| 369 | { |
| 370 | *resultptr = string_from_gstring(result); |
| 371 | return OK; |
| 372 | } |
| 373 | else |
| 374 | { |
| 375 | DEBUG(D_lookup) debug_printf("%s\n", *errmsg); |
| 376 | return yield; /* FAIL or DEFER */ |
| 377 | } |
| 378 | } |
| 379 | |
| 380 | |
| 381 | |
| 382 | |
| 383 | /************************************************* |
| 384 | * Find entry point * |
| 385 | *************************************************/ |
| 386 | |
| 387 | /* See local README for interface description. The handle and filename |
| 388 | arguments are not used. The code to loop through a list of servers while the |
| 389 | query is deferred with a retryable error is now in a separate function that is |
| 390 | shared with other SQL lookups. */ |
| 391 | |
| 392 | static int |
| 393 | pgsql_find(void *handle, uschar *filename, const uschar *query, int length, |
| 394 | uschar **result, uschar **errmsg, uint *do_cache) |
| 395 | { |
| 396 | return lf_sqlperform(US"PostgreSQL", US"pgsql_servers", pgsql_servers, query, |
| 397 | result, errmsg, do_cache, perform_pgsql_search); |
| 398 | } |
| 399 | |
| 400 | |
| 401 | |
| 402 | /************************************************* |
| 403 | * Quote entry point * |
| 404 | *************************************************/ |
| 405 | |
| 406 | /* The characters that always need to be quoted (with backslash) are newline, |
| 407 | tab, carriage return, backspace, backslash itself, and the quote characters. |
| 408 | |
| 409 | The original code quoted single quotes as \' which is documented as valid in |
| 410 | the O'Reilly book "Practical PostgreSQL" (first edition) as an alternative to |
| 411 | the SQL standard '' way of representing a single quote as data. However, in |
| 412 | June 2006 there was some security issue with using \' and so this has been |
| 413 | changed. |
| 414 | |
| 415 | [Note: There is a function called PQescapeStringConn() that quotes strings. |
| 416 | This cannot be used because it needs a PGconn argument (the connection handle). |
| 417 | Why, I don't know. Seems odd for just string escaping...] |
| 418 | |
| 419 | Arguments: |
| 420 | s the string to be quoted |
| 421 | opt additional option text or NULL if none |
| 422 | |
| 423 | Returns: the processed string or NULL for a bad option |
| 424 | */ |
| 425 | |
| 426 | static uschar * |
| 427 | pgsql_quote(uschar *s, uschar *opt) |
| 428 | { |
| 429 | register int c; |
| 430 | int count = 0; |
| 431 | uschar *t = s; |
| 432 | uschar *quoted; |
| 433 | |
| 434 | if (opt != NULL) return NULL; /* No options recognized */ |
| 435 | |
| 436 | while ((c = *t++) != 0) |
| 437 | if (Ustrchr("\n\t\r\b\'\"\\", c) != NULL) count++; |
| 438 | |
| 439 | if (count == 0) return s; |
| 440 | t = quoted = store_get(Ustrlen(s) + count + 1); |
| 441 | |
| 442 | while ((c = *s++) != 0) |
| 443 | { |
| 444 | if (c == '\'') |
| 445 | { |
| 446 | *t++ = '\''; |
| 447 | *t++ = '\''; |
| 448 | } |
| 449 | else if (Ustrchr("\n\t\r\b\"\\", c) != NULL) |
| 450 | { |
| 451 | *t++ = '\\'; |
| 452 | switch(c) |
| 453 | { |
| 454 | case '\n': *t++ = 'n'; |
| 455 | break; |
| 456 | case '\t': *t++ = 't'; |
| 457 | break; |
| 458 | case '\r': *t++ = 'r'; |
| 459 | break; |
| 460 | case '\b': *t++ = 'b'; |
| 461 | break; |
| 462 | default: *t++ = c; |
| 463 | break; |
| 464 | } |
| 465 | } |
| 466 | else *t++ = c; |
| 467 | } |
| 468 | |
| 469 | *t = 0; |
| 470 | return quoted; |
| 471 | } |
| 472 | |
| 473 | |
| 474 | /************************************************* |
| 475 | * Version reporting entry point * |
| 476 | *************************************************/ |
| 477 | |
| 478 | /* See local README for interface description. */ |
| 479 | |
| 480 | #include "../version.h" |
| 481 | |
| 482 | void |
| 483 | pgsql_version_report(FILE *f) |
| 484 | { |
| 485 | #ifdef DYNLOOKUP |
| 486 | fprintf(f, "Library version: PostgreSQL: Exim version %s\n", EXIM_VERSION_STR); |
| 487 | #endif |
| 488 | |
| 489 | /* Version reporting: there appears to be no available information about |
| 490 | the client library in libpq-fe.h; once you have a connection object, you |
| 491 | can access the server version and the chosen protocol version, but those |
| 492 | aren't really what we want. It might make sense to debug_printf those |
| 493 | when the connection is established though? */ |
| 494 | } |
| 495 | |
| 496 | |
| 497 | static lookup_info _lookup_info = { |
| 498 | US"pgsql", /* lookup name */ |
| 499 | lookup_querystyle, /* query-style lookup */ |
| 500 | pgsql_open, /* open function */ |
| 501 | NULL, /* no check function */ |
| 502 | pgsql_find, /* find function */ |
| 503 | NULL, /* no close function */ |
| 504 | pgsql_tidy, /* tidy function */ |
| 505 | pgsql_quote, /* quoting function */ |
| 506 | pgsql_version_report /* version reporting */ |
| 507 | }; |
| 508 | |
| 509 | #ifdef DYNLOOKUP |
| 510 | #define pgsql_lookup_module_info _lookup_module_info |
| 511 | #endif |
| 512 | |
| 513 | static lookup_info *_lookup_list[] = { &_lookup_info }; |
| 514 | lookup_module_info pgsql_lookup_module_info = { LOOKUP_MODULE_INFO_MAGIC, _lookup_list, 1 }; |
| 515 | |
| 516 | /* End of lookups/pgsql.c */ |