-<!-- $PostgreSQL: pgsql/doc/src/sgml/plperl.sgml,v 2.79 2010/02/05 18:11:46 momjian Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/plperl.sgml,v 2.80 2010/02/12 19:35:25 adunstan Exp $ -->
<chapter id="plperl">
<title>PL/Perl - Perl Procedural Language</title>
<literal>return $_SHARED{myquote}->($_[0]);</literal>
at the expense of readability.)
</para>
+
+ <para>
+ The <varname>%_SHARED</varname> variable and other global state within
+ the language is public data, available to all PL/Perl functions within a
+ session. Use with care, especially in situations that involve use of
+ multiple roles or <literal>SECURITY DEFINER</> functions.
+ </para>
</sect1>
<sect1 id="plperl-trusted">
<variablelist>
- <varlistentry id="guc-plperl-on-perl-init" xreflabel="plperl.on_perl_init">
- <term><varname>plperl.on_perl_init</varname> (<type>string</type>)</term>
+ <varlistentry id="guc-plperl-on-init" xreflabel="plperl.on_init">
+ <term><varname>plperl.on_init</varname> (<type>string</type>)</term>
<indexterm>
- <primary><varname>plperl.on_perl_init</> configuration parameter</primary>
+ <primary><varname>plperl.on_init</> configuration parameter</primary>
</indexterm>
<listitem>
<para>
- Specifies perl code to be executed when a perl interpreter is first initialized.
+ Specifies Perl code to be executed when a Perl interpreter is first initialized
+ and before it is specialized for use by <literal>plperl</> or <literal>plperlu</>.
The SPI functions are not available when this code is executed.
If the code fails with an error it will abort the initialization of the interpreter
and propagate out to the calling query, causing the current transaction
or subtransaction to be aborted.
</para>
<para>
- The perl code is limited to a single string. Longer code can be placed
- into a module and loaded by the <literal>on_perl_init</> string.
+ The Perl code is limited to a single string. Longer code can be placed
+ into a module and loaded by the <literal>on_init</> string.
Examples:
<programlisting>
-plplerl.on_perl_init = '$ENV{NYTPROF}="start=no"; require Devel::NYTProf::PgPLPerl'
-plplerl.on_perl_init = 'use lib "/my/app"; use MyApp::PgInit;'
+plplerl.on_init = '$ENV{NYTPROF}="start=no"; require Devel::NYTProf::PgPLPerl'
+plplerl.on_init = 'use lib "/my/app"; use MyApp::PgInit;'
</programlisting>
</para>
<para>
</listitem>
</varlistentry>
+ <varlistentry id="guc-plperl-on-plperl-init" xreflabel="plperl.on_plperl_init">
+ <term><varname>plperl.on_plperl_init</varname> (<type>string</type>)</term>
+ <term><varname>plperl.on_plperlu_init</varname> (<type>string</type>)</term>
+ <indexterm>
+ <primary><varname>plperl.on_plperl_init</> configuration parameter</primary>
+ </indexterm>
+ <indexterm>
+ <primary><varname>plperl.on_plperlu_init</> configuration parameter</primary>
+ </indexterm>
+ <listitem>
+ <para>
+ These parameters specify Perl code to be executed when the
+ <literal>plperl</>, or <literal>plperlu</> language is first used in a
+ session. Changes to these parameters after the corresponding language
+ has been used will have no effect.
+ The SPI functions are not available when this code is executed.
+ Only superusers can change these settings.
+ The Perl code in <literal>plperl.on_plperl_init</> can only perform trusted operations.
+ </para>
+ <para>
+ The effect of setting these parameters is very similar to executing a
+ <literal>DO</> command with the Perl code before any other use of the
+ language. The parameters are useful when you want to execute the Perl
+ code automatically on every connection, or when a connection is not
+ interactive. The parameters can be used by non-superusers by having a
+ superuser execute an <literal>ALTER USER ... SET ...</> command.
+ For example:
+<programlisting>
+ALTER USER joe SET plplerl.on_plperl_init = '$_SHARED{debug} = 1';
+</programlisting>
+ </para>
+ <para>
+ If the code fails with an error it will abort the initialization and
+ propagate out to the calling query, causing the current transaction or
+ subtransaction to be aborted. Any changes within Perl won't be undone.
+ If the language is used again the initialization will be repeated.
+ </para>
+ <para>
+ The difference between these two settings and the
+ <literal>plperl.on_init</> setting is that these can be used for
+ settings specific to the trusted or untrusted language variant, such
+ as setting values in the <varname>%_SHARED</> variable. By contrast,
+ <literal>plperl.on_init</> is more useful for doing things like
+ setting the library search path for <productname>Perl</> or
+ loading Perl modules that don't interact directly with
+ <productname>PostgreSQL</>.
+ </para>
+ </listitem>
+ </varlistentry>
+
<varlistentry id="guc-plperl-use-strict" xreflabel="plperl.use_strict">
<term><varname>plperl.use_strict</varname> (<type>boolean</type>)</term>
<indexterm>
/**********************************************************************
* plperl.c - perl as a procedural language for PostgreSQL
*
- * $PostgreSQL: pgsql/src/pl/plperl/plperl.c,v 1.164 2010/02/12 04:31:14 adunstan Exp $
+ * $PostgreSQL: pgsql/src/pl/plperl/plperl.c,v 1.165 2010/02/12 19:35:25 adunstan Exp $
*
**********************************************************************/
static HTAB *plperl_query_hash = NULL;
static bool plperl_use_strict = false;
-static char *plperl_on_perl_init = NULL;
+static char *plperl_on_init = NULL;
+static char *plperl_on_plperl_init = NULL;
+static char *plperl_on_plperlu_init = NULL;
static bool plperl_ending = false;
/* this is saved and restored by plperl_call_handler */
static SV *plperl_hash_from_tuple(HeapTuple tuple, TupleDesc tupdesc);
static void plperl_init_shared_libs(pTHX);
-static void plperl_safe_init(void);
+static void plperl_trusted_init(void);
+static void plperl_untrusted_init(void);
static HV *plperl_spi_execute_fetch_result(SPITupleTable *, int, int);
static SV *newSVstring(const char *str);
static SV **hv_store_string(HV *hv, const char *key, SV *val);
PGC_USERSET, 0,
NULL, NULL);
- DefineCustomStringVariable("plperl.on_perl_init",
- gettext_noop("Perl code to execute when the perl interpreter is initialized."),
+ DefineCustomStringVariable("plperl.on_init",
+ gettext_noop("Perl initialization code to execute when a perl interpreter is initialized."),
NULL,
- &plperl_on_perl_init,
+ &plperl_on_init,
NULL,
PGC_SIGHUP, 0,
NULL, NULL);
+ /*
+ * plperl.on_plperl_init is currently PGC_SUSET to avoid issues whereby a user
+ * who doesn't have USAGE privileges on the plperl language could possibly use
+ * SET plperl.on_plperl_init='...' to influence the behaviour of any existing
+ * plperl function that they can EXECUTE (which may be security definer).
+ * Set http://archives.postgresql.org/pgsql-hackers/2010-02/msg00281.php
+ * and the overall thread.
+ */
+ DefineCustomStringVariable("plperl.on_plperl_init",
+ gettext_noop("Perl initialization code to execute once when plperl is first used."),
+ NULL,
+ &plperl_on_plperl_init,
+ NULL,
+ PGC_SUSET, 0,
+ NULL, NULL);
+
+ DefineCustomStringVariable("plperl.on_plperlu_init",
+ gettext_noop("Perl initialization code to execute once when plperlu is first used."),
+ NULL,
+ &plperl_on_plperlu_init,
+ NULL,
+ PGC_SUSET, 0,
+ NULL, NULL);
+
EmitWarningsOnPlaceholders("plperl");
MemSet(&hash_ctl, 0, sizeof(hash_ctl));
elog(DEBUG3, "plperl_fini");
/*
- * Disable use of spi_* functions when running END/DESTROY code.
+ * Indicate that perl is terminating.
+ * Disables use of spi_* functions when running END/DESTROY code.
+ * See check_spi_usage_allowed().
* Could be enabled in future, with care, using a transaction
* http://archives.postgresql.org/pgsql-hackers/2010-01/msg02743.php
*/
if (trusted)
{
+ plperl_trusted_init();
plperl_trusted_interp = plperl_held_interp;
interp_state = INTERP_TRUSTED;
}
else
{
+ plperl_untrusted_init();
plperl_untrusted_interp = plperl_held_interp;
interp_state = INTERP_UNTRUSTED;
}
{
#ifdef MULTIPLICITY
PerlInterpreter *plperl = plperl_init_interp();
- if (trusted)
+ if (trusted) {
+ plperl_trusted_init();
plperl_trusted_interp = plperl;
- else
+ }
+ else {
+ plperl_untrusted_init();
plperl_untrusted_interp = plperl;
+ }
interp_state = INTERP_BOTH;
#else
elog(ERROR,
trusted_context = trusted;
/*
- * initialization - done after plperl_*_interp and trusted_context
- * updates above to ensure a clean state (and thereby avoid recursion via
- * plperl_safe_init caling plperl_call_perl_func for utf8fix)
- */
- if (trusted) {
- plperl_safe_init();
- PL_ppaddr[OP_REQUIRE] = pp_require_safe;
- }
-
- /*
- * enable access to the database
+ * Since the timing of first use of PL/Perl can't be predicted,
+ * any database interaction during initialization is problematic.
+ * Including, but not limited to, security definer issues.
+ * So we only enable access to the database AFTER on_*_init code has run.
+ * See http://archives.postgresql.org/message-id/20100127143318.GE713@timac.local
*/
newXS("PostgreSQL::InServer::SPI::bootstrap",
boot_PostgreSQL__InServer__SPI, __FILE__);
save_time = loc ? pstrdup(loc) : NULL;
#endif
- if (plperl_on_perl_init)
+ if (plperl_on_init)
{
embedding[nargs++] = "-e";
- embedding[nargs++] = plperl_on_perl_init;
+ embedding[nargs++] = plperl_on_init;
}
/****
static void
-plperl_safe_init(void)
+plperl_trusted_init(void)
{
SV *safe_version_sv;
IV safe_version_x100;
if (GetDatabaseEncoding() == PG_UTF8)
{
/*
- * Fill in just enough information to set up this perl function in
- * the safe container and call it. For some reason not entirely
- * clear, it prevents errors that can arise from the regex code
- * later trying to load utf8 modules.
+ * Force loading of utf8 module now to prevent errors that can
+ * arise from the regex code later trying to load utf8 modules.
* See http://rt.perl.org/rt3/Ticket/Display.html?id=47576
*/
- plperl_proc_desc desc;
- FunctionCallInfoData fcinfo;
- SV *perlret;
+ eval_pv("my $a=chr(0x100); return $a =~ /\\xa9/i", FALSE);
+ if (SvTRUE(ERRSV))
+ {
+ ereport(ERROR,
+ (errcode(ERRCODE_INTERNAL_ERROR),
+ errmsg("while executing utf8fix"),
+ errdetail("%s", strip_trailing_ws(SvPV_nolen(ERRSV))) ));
+ }
+ }
- desc.proname = "utf8fix";
- desc.lanpltrusted = true;
- desc.nargs = 1;
- desc.arg_is_rowtype[0] = false;
- fmgr_info(F_TEXTOUT, &(desc.arg_out_func[0]));
+ /* switch to the safe require opcode */
+ PL_ppaddr[OP_REQUIRE] = pp_require_safe;
- /* compile the function */
- plperl_create_sub(&desc,
- "return shift =~ /\\xa9/i ? 'true' : 'false' ;", 0);
+ if (plperl_on_plperl_init && *plperl_on_plperl_init)
+ {
+ dSP;
- /* set up to call the function with a single text argument 'a' */
- fcinfo.arg[0] = CStringGetTextDatum("a");
- fcinfo.argnull[0] = false;
+ PUSHMARK(SP);
+ XPUSHs(sv_2mortal(newSVstring(plperl_on_plperl_init)));
+ PUTBACK;
- /* and make the call */
- perlret = plperl_call_perl_func(&desc, &fcinfo);
+ call_pv("::safe_eval", G_VOID);
+ SPAGAIN;
- SvREFCNT_dec(perlret);
+ if (SvTRUE(ERRSV))
+ {
+ ereport(ERROR,
+ (errcode(ERRCODE_INTERNAL_ERROR),
+ errmsg("while executing plperl.on_plperl_init"),
+ errdetail("%s", strip_trailing_ws(SvPV_nolen(ERRSV))) ));
+ }
+ }
+
+ }
+}
+
+
+static void
+plperl_untrusted_init(void)
+{
+ if (plperl_on_plperlu_init && *plperl_on_plperlu_init)
+ {
+ eval_pv(plperl_on_plperlu_init, FALSE);
+ if (SvTRUE(ERRSV))
+ {
+ ereport(ERROR,
+ (errcode(ERRCODE_INTERNAL_ERROR),
+ errmsg("while executing plperl.on_plperlu_init"),
+ errdetail("%s", strip_trailing_ws(SvPV_nolen(ERRSV))) ));
}
}
}
+
/*
* Perl likes to put a newline after its error messages; clean up such
*/
newXS("DynaLoader::boot_DynaLoader", boot_DynaLoader, file);
newXS("PostgreSQL::InServer::Util::bootstrap",
boot_PostgreSQL__InServer__Util, file);
+ /* newXS for...::SPI::bootstrap is in select_perl_context() */
}
static void
check_spi_usage_allowed()
{
+ /* see comment in plperl_fini() */
if (plperl_ending) {
/* simple croak as we don't want to involve PostgreSQL code */
croak("SPI functions can not be used in END blocks");