Hi hackers,
Presently, if you want to only build trusted PL/Perl and PL/Tcl, you need
to make a couple of code changes to compile out the untrusted parts. I
suspect many users (e.g., anyone who wants to disallow file system access)
would benefit from a better supported way to do this. Thus, I've attached
some patches that introduce an optional argument for the --with-perl and
--with-tcl configuration options. This new argument can be used to build
only the trusted or untrusted version of the language. If the argument is
not provided, both the trusted and untrusted versions are built, so this
change is backward compatible.
The PL/Tcl patch (0003) is relatively straightforward, as there are already
separate handler functions for the trusted and untrusted versions of the
language. PL/Perl, however, is slightly more complicated. 0001 first
modifies PL/Perl to use separate handle/validator functions for the trusted
and untrusted versions. 0002 then adds support for building only trusted
or untrusted PL/Perl in a similar fashion to 0003. Since a few contrib
modules depend on PL/Perl, 0002 also modifies some modules' Makefiles to
handle whether trusted and/or untrusted PL/Perl is built.
I haven't made the required changes (if any) for MSVC, as I do not
currently have a way to test it. For now, I am parking these patches in
the July commitfest while I gauge interest in this feature and await any
feedback on the proposed approach.
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com
>From fc3b083b752d31975bf8530c09497a89dd3d9a35 Mon Sep 17 00:00:00 2001
From: Nathan Bossart <nathandboss...@gmail.com>
Date: Tue, 22 Feb 2022 15:26:35 -0800
Subject: [PATCH v1 1/3] Do not use pg_language to determine whether PL/Perl is
trusted.
Presently, PL/Perl and PL/PerlU use the same handler and validator
functions, and we determine whether to use the trusted or untrusted
code paths by inspecting the language's pg_language tuple. This
can lead to unexpected behavior (e.g., using the untrusted code
paths despite specifying the trusted handler/validator functions),
and it complicates building the trusted and untrusted versions of
the language separately, which we intend to support in a follow-up
change.
This change creates separate handler/validator functions for the
trusted and untrusted versions of PL/Perl so that we no longer need
to inspect pg_language to determine which code path to take. Since
this makes it easier to tell whether we are using trusted or
untrusted PL/Perl, this change has the added benefit of simplifying
function lookup in plperl_proc_hash.
---
src/pl/plperl/expected/plperl.out | 8 ++
src/pl/plperl/plperl.c | 117 ++++++++++++++++--------------
src/pl/plperl/sql/plperl.sql | 7 ++
3 files changed, 76 insertions(+), 56 deletions(-)
diff --git a/src/pl/plperl/expected/plperl.out b/src/pl/plperl/expected/plperl.out
index d8a1ff5dd8..f92848602b 100644
--- a/src/pl/plperl/expected/plperl.out
+++ b/src/pl/plperl/expected/plperl.out
@@ -792,3 +792,11 @@ SELECT self_modify(42);
126
(1 row)
+-- make sure lanpltrusted is ignored
+CREATE OR REPLACE LANGUAGE mylang
+ HANDLER plperl_call_handler
+ INLINE plperl_inline_handler
+ VALIDATOR plperl_validator;
+CREATE OR REPLACE FUNCTION myfunc(TEXT) RETURNS TEXT LANGUAGE mylang AS $$ return `$_[0]`; $$;
+ERROR: 'quoted execution (``, qx)' trapped by operation mask at line 1.
+CONTEXT: compilation of PL/Perl function "myfunc"
diff --git a/src/pl/plperl/plperl.c b/src/pl/plperl/plperl.c
index edb93ec1c4..9bc6793a30 100644
--- a/src/pl/plperl/plperl.c
+++ b/src/pl/plperl/plperl.c
@@ -252,15 +252,20 @@ static void plperl_destroy_interp(PerlInterpreter **);
static void plperl_fini(int code, Datum arg);
static void set_interp_require(bool trusted);
-static Datum plperl_func_handler(PG_FUNCTION_ARGS);
-static Datum plperl_trigger_handler(PG_FUNCTION_ARGS);
-static void plperl_event_trigger_handler(PG_FUNCTION_ARGS);
+static Datum plperl_call_handler_internal(PG_FUNCTION_ARGS, bool trusted);
+static Datum plperl_inline_handler_internal(PG_FUNCTION_ARGS, bool trusted);
+static Datum plperl_validator_internal(PG_FUNCTION_ARGS, bool trusted);
+
+static Datum plperl_func_handler(PG_FUNCTION_ARGS, bool trusted);
+static Datum plperl_trigger_handler(PG_FUNCTION_ARGS, bool trusted);
+static void plperl_event_trigger_handler(PG_FUNCTION_ARGS, bool trusted);
static void free_plperl_function(plperl_proc_desc *prodesc);
static plperl_proc_desc *compile_plperl_function(Oid fn_oid,
bool is_trigger,
- bool is_event_trigger);
+ bool is_event_trigger,
+ bool trusted);
static SV *plperl_hash_from_tuple(HeapTuple tuple, TupleDesc tupdesc, bool include_generated);
static SV *plperl_hash_from_datum(Datum attr);
@@ -1824,19 +1829,12 @@ plperl_modify_tuple(HV *hvTD, TriggerData *tdata, HeapTuple otup)
}
-/*
- * There are three externally visible pieces to plperl: plperl_call_handler,
- * plperl_inline_handler, and plperl_validator.
- */
-
/*
* The call handler is called to run normal functions (including trigger
* functions) that are defined in pg_proc.
*/
-PG_FUNCTION_INFO_V1(plperl_call_handler);
-
Datum
-plperl_call_handler(PG_FUNCTION_ARGS)
+plperl_call_handler_internal(PG_FUNCTION_ARGS, bool trusted)
{
Datum retval = (Datum) 0;
plperl_call_data *volatile save_call_data = current_call_data;
@@ -1851,14 +1849,14 @@ plperl_call_handler(PG_FUNCTION_ARGS)
{
current_call_data = &this_call_data;
if (CALLED_AS_TRIGGER(fcinfo))
- retval = PointerGetDatum(plperl_trigger_handler(fcinfo));
+ retval = PointerGetDatum(plperl_trigger_handler(fcinfo, trusted));
else if (CALLED_AS_EVENT_TRIGGER(fcinfo))
{
- plperl_event_trigger_handler(fcinfo);
+ plperl_event_trigger_handler(fcinfo, trusted);
retval = (Datum) 0;
}
else
- retval = plperl_func_handler(fcinfo);
+ retval = plperl_func_handler(fcinfo, trusted);
}
PG_FINALLY();
{
@@ -1875,10 +1873,8 @@ plperl_call_handler(PG_FUNCTION_ARGS)
/*
* The inline handler runs anonymous code blocks (DO blocks).
*/
-PG_FUNCTION_INFO_V1(plperl_inline_handler);
-
Datum
-plperl_inline_handler(PG_FUNCTION_ARGS)
+plperl_inline_handler_internal(PG_FUNCTION_ARGS, bool trusted)
{
LOCAL_FCINFO(fake_fcinfo, 0);
InlineCodeBlock *codeblock = (InlineCodeBlock *) PG_GETARG_POINTER(0);
@@ -1915,7 +1911,7 @@ plperl_inline_handler(PG_FUNCTION_ARGS)
desc.lang_oid = codeblock->langOid;
desc.trftypes = NIL;
- desc.lanpltrusted = codeblock->langIsTrusted;
+ desc.lanpltrusted = trusted;
desc.fn_retistuple = false;
desc.fn_retisset = false;
@@ -1970,10 +1966,8 @@ plperl_inline_handler(PG_FUNCTION_ARGS)
* being created/replaced. The precise behavior of the validator may be
* modified by the check_function_bodies GUC.
*/
-PG_FUNCTION_INFO_V1(plperl_validator);
-
Datum
-plperl_validator(PG_FUNCTION_ARGS)
+plperl_validator_internal(PG_FUNCTION_ARGS, bool trusted)
{
Oid funcoid = PG_GETARG_OID(0);
HeapTuple tuple;
@@ -2032,7 +2026,8 @@ plperl_validator(PG_FUNCTION_ARGS)
/* Postpone body checks if !check_function_bodies */
if (check_function_bodies)
{
- (void) compile_plperl_function(funcoid, is_trigger, is_event_trigger);
+ (void) compile_plperl_function(funcoid, is_trigger, is_event_trigger,
+ trusted);
}
/* the result of a validator is ignored */
@@ -2040,12 +2035,39 @@ plperl_validator(PG_FUNCTION_ARGS)
}
+/*
+ * There are three externally visible pieces to plperl: plperl_call_handler,
+ * plperl_inline_handler, and plperl_validator.
+ */
+
+PG_FUNCTION_INFO_V1(plperl_call_handler);
+
+Datum
+plperl_call_handler(PG_FUNCTION_ARGS)
+{
+ return plperl_call_handler_internal(fcinfo, true);
+}
+
+PG_FUNCTION_INFO_V1(plperl_inline_handler);
+
+Datum
+plperl_inline_handler(PG_FUNCTION_ARGS)
+{
+ return plperl_inline_handler_internal(fcinfo, true);
+}
+
+PG_FUNCTION_INFO_V1(plperl_validator);
+
+Datum
+plperl_validator(PG_FUNCTION_ARGS)
+{
+ return plperl_validator_internal(fcinfo, true);
+}
+
+
/*
* plperlu likewise requires three externally visible functions:
* plperlu_call_handler, plperlu_inline_handler, and plperlu_validator.
- * These are currently just aliases that send control to the plperl
- * handler functions, and we decide whether a particular function is
- * trusted or not by inspecting the actual pg_language tuple.
*/
PG_FUNCTION_INFO_V1(plperlu_call_handler);
@@ -2053,7 +2075,7 @@ PG_FUNCTION_INFO_V1(plperlu_call_handler);
Datum
plperlu_call_handler(PG_FUNCTION_ARGS)
{
- return plperl_call_handler(fcinfo);
+ return plperl_call_handler_internal(fcinfo, false);
}
PG_FUNCTION_INFO_V1(plperlu_inline_handler);
@@ -2061,7 +2083,7 @@ PG_FUNCTION_INFO_V1(plperlu_inline_handler);
Datum
plperlu_inline_handler(PG_FUNCTION_ARGS)
{
- return plperl_inline_handler(fcinfo);
+ return plperl_inline_handler_internal(fcinfo, false);
}
PG_FUNCTION_INFO_V1(plperlu_validator);
@@ -2070,7 +2092,7 @@ Datum
plperlu_validator(PG_FUNCTION_ARGS)
{
/* call plperl validator with our fcinfo so it gets our oid */
- return plperl_validator(fcinfo);
+ return plperl_validator_internal(fcinfo, false);
}
@@ -2386,7 +2408,7 @@ plperl_call_perl_event_trigger_func(plperl_proc_desc *desc,
}
static Datum
-plperl_func_handler(PG_FUNCTION_ARGS)
+plperl_func_handler(PG_FUNCTION_ARGS, bool trusted)
{
bool nonatomic;
plperl_proc_desc *prodesc;
@@ -2402,7 +2424,7 @@ plperl_func_handler(PG_FUNCTION_ARGS)
if (SPI_connect_ext(nonatomic ? SPI_OPT_NONATOMIC : 0) != SPI_OK_CONNECT)
elog(ERROR, "could not connect to SPI manager");
- prodesc = compile_plperl_function(fcinfo->flinfo->fn_oid, false, false);
+ prodesc = compile_plperl_function(fcinfo->flinfo->fn_oid, false, false, trusted);
current_call_data->prodesc = prodesc;
increment_prodesc_refcount(prodesc);
@@ -2505,7 +2527,7 @@ plperl_func_handler(PG_FUNCTION_ARGS)
static Datum
-plperl_trigger_handler(PG_FUNCTION_ARGS)
+plperl_trigger_handler(PG_FUNCTION_ARGS, bool trusted)
{
plperl_proc_desc *prodesc;
SV *perlret;
@@ -2526,7 +2548,7 @@ plperl_trigger_handler(PG_FUNCTION_ARGS)
Assert(rc >= 0);
/* Find or compile the function */
- prodesc = compile_plperl_function(fcinfo->flinfo->fn_oid, true, false);
+ prodesc = compile_plperl_function(fcinfo->flinfo->fn_oid, true, false, trusted);
current_call_data->prodesc = prodesc;
increment_prodesc_refcount(prodesc);
@@ -2618,7 +2640,7 @@ plperl_trigger_handler(PG_FUNCTION_ARGS)
static void
-plperl_event_trigger_handler(PG_FUNCTION_ARGS)
+plperl_event_trigger_handler(PG_FUNCTION_ARGS, bool trusted)
{
plperl_proc_desc *prodesc;
SV *svTD;
@@ -2629,7 +2651,7 @@ plperl_event_trigger_handler(PG_FUNCTION_ARGS)
elog(ERROR, "could not connect to SPI manager");
/* Find or compile the function */
- prodesc = compile_plperl_function(fcinfo->flinfo->fn_oid, false, true);
+ prodesc = compile_plperl_function(fcinfo->flinfo->fn_oid, false, true, trusted);
current_call_data->prodesc = prodesc;
increment_prodesc_refcount(prodesc);
@@ -2702,7 +2724,7 @@ free_plperl_function(plperl_proc_desc *prodesc)
static plperl_proc_desc *
-compile_plperl_function(Oid fn_oid, bool is_trigger, bool is_event_trigger)
+compile_plperl_function(Oid fn_oid, bool is_trigger, bool is_event_trigger, bool trusted)
{
HeapTuple procTup;
Form_pg_proc procStruct;
@@ -2719,31 +2741,14 @@ compile_plperl_function(Oid fn_oid, bool is_trigger, bool is_event_trigger)
elog(ERROR, "cache lookup failed for function %u", fn_oid);
procStruct = (Form_pg_proc) GETSTRUCT(procTup);
- /*
- * Try to find function in plperl_proc_hash. The reason for this
- * overcomplicated-seeming lookup procedure is that we don't know whether
- * it's plperl or plperlu, and don't want to spend a lookup in pg_language
- * to find out.
- */
+ /* Try to find function in plperl_proc_hash. */
proc_key.proc_id = fn_oid;
proc_key.is_trigger = is_trigger;
- proc_key.user_id = GetUserId();
- proc_ptr = hash_search(plperl_proc_hash, &proc_key,
- HASH_FIND, NULL);
- if (validate_plperl_function(proc_ptr, procTup))
- {
- /* Found valid plperl entry */
- ReleaseSysCache(procTup);
- return proc_ptr->proc_ptr;
- }
-
- /* If not found or obsolete, maybe it's plperlu */
- proc_key.user_id = InvalidOid;
+ proc_key.user_id = trusted ? GetUserId() : InvalidOid;
proc_ptr = hash_search(plperl_proc_hash, &proc_key,
HASH_FIND, NULL);
if (validate_plperl_function(proc_ptr, procTup))
{
- /* Found valid plperlu entry */
ReleaseSysCache(procTup);
return proc_ptr->proc_ptr;
}
@@ -2797,6 +2802,7 @@ compile_plperl_function(Oid fn_oid, bool is_trigger, bool is_event_trigger)
prodesc->arg_out_func = (FmgrInfo *) palloc0(prodesc->nargs * sizeof(FmgrInfo));
prodesc->arg_is_rowtype = (bool *) palloc0(prodesc->nargs * sizeof(bool));
prodesc->arg_arraytype = (Oid *) palloc0(prodesc->nargs * sizeof(Oid));
+ prodesc->lanpltrusted = trusted;
MemoryContextSwitchTo(oldcontext);
/* Remember if function is STABLE/IMMUTABLE */
@@ -2820,7 +2826,6 @@ compile_plperl_function(Oid fn_oid, bool is_trigger, bool is_event_trigger)
procStruct->prolang);
langStruct = (Form_pg_language) GETSTRUCT(langTup);
prodesc->lang_oid = langStruct->oid;
- prodesc->lanpltrusted = langStruct->lanpltrusted;
ReleaseSysCache(langTup);
/************************************************************
diff --git a/src/pl/plperl/sql/plperl.sql b/src/pl/plperl/sql/plperl.sql
index b0d950b230..1e4ced735c 100644
--- a/src/pl/plperl/sql/plperl.sql
+++ b/src/pl/plperl/sql/plperl.sql
@@ -521,3 +521,10 @@ $$ LANGUAGE plperl;
SELECT self_modify(42);
SELECT self_modify(42);
+
+-- make sure lanpltrusted is ignored
+CREATE OR REPLACE LANGUAGE mylang
+ HANDLER plperl_call_handler
+ INLINE plperl_inline_handler
+ VALIDATOR plperl_validator;
+CREATE OR REPLACE FUNCTION myfunc(TEXT) RETURNS TEXT LANGUAGE mylang AS $$ return `$_[0]`; $$;
--
2.25.1
>From 581992ed36da490f52d5eb31b7cd0e2303233318 Mon Sep 17 00:00:00 2001
From: Nathan Bossart <nathandboss...@gmail.com>
Date: Tue, 17 May 2022 13:28:17 -0700
Subject: [PATCH v1 2/3] Allow building only trusted or untrusted PL/Perl.
Presently, when the --with-perl configuration option is used, both
trusted and untrusted PL/Perl are built. However, some users may
only want to build one or the other. This change introduces an
optional argument that can be used to do so. If
--with-perl='trusted' is specified, only trusted PL/Perl is built.
If --with-perl='untrusted' is specified, only untrusted PL/Perl is
built. If --with-perl is given without an argument, both trusted
and untrusted PL/Perl are built.
---
configure | 47 ++++++++++++++++++++++---
configure.ac | 32 ++++++++++++++++-
contrib/bool_plperl/Makefile | 24 ++++++++++---
contrib/hstore_plperl/Makefile | 24 ++++++++++---
contrib/jsonb_plperl/Makefile | 24 ++++++++++---
doc/src/sgml/installation.sgml | 23 +++++++++++-
src/Makefile.global.in | 2 ++
src/include/pg_config.h.in | 6 ++++
src/pl/plperl/GNUmakefile | 37 +++++++++++++------
src/pl/plperl/expected/plperl_setup.out | 15 +++-----
src/pl/plperl/expected/plperlu.out | 27 ++++++++++++++
src/pl/plperl/plperl.c | 10 ++++++
src/pl/plperl/sql/plperl_setup.sql | 11 +++---
src/pl/plperl/sql/plperlu.sql | 29 +++++++++++++++
14 files changed, 265 insertions(+), 46 deletions(-)
diff --git a/configure b/configure
index 7dec6b7bf9..faa8b1a2e3 100755
--- a/configure
+++ b/configure
@@ -723,6 +723,8 @@ with_krb_srvnam
krb_srvtab
with_gssapi
with_python
+PERL_UNTRUSTED
+PERL_TRUSTED
with_perl
with_tcl
ICU_LIBS
@@ -1563,7 +1565,8 @@ Optional Packages:
--with-icu build with ICU support
--with-tcl build Tcl modules (PL/Tcl)
--with-tclconfig=DIR tclConfig.sh is in DIR
- --with-perl build Perl modules (PL/Perl)
+ --with-perl[=TRUSTWORTHINESS]
+ build Perl modules (PL/Perl)
--with-python build Python modules (PL/Python)
--with-gssapi build with GSSAPI support
--with-krb-srvnam=NAME default service principal name in Kerberos (GSSAPI)
@@ -8152,26 +8155,62 @@ if test "${with_perl+set}" = set; then :
withval=$with_perl;
case $withval in
yes)
- :
+
+ PERL_TRUSTED=yes
+ PERL_UNTRUSTED=yes
+
;;
no)
:
;;
*)
- as_fn_error $? "no argument expected for --with-perl option" "$LINENO" 5
+ with_perl=yes
+
+ if test "$withval" = trusted ; then
+ PERL_TRUSTED=yes
+ PERL_UNTRUSTED=no
+ elif test "$withval" = untrusted ; then
+ PERL_TRUSTED=no
+ PERL_UNTRUSTED=yes
+ else
+ as_fn_error $? "invalid --with-perl value: argument must be omitted or specified as 'trusted' or 'untrusted'" "$LINENO" 5
+ fi
+
;;
esac
else
with_perl=no
-
fi
+
+if test "$with_perl" = yes; then
+
+ if test "$PERL_TRUSTED" = yes ; then
+
+$as_echo "#define USE_PERL 1" >>confdefs.h
+
+ fi
+ if test "$PERL_UNTRUSTED" = yes ; then
+
+$as_echo "#define USE_PERLU 1" >>confdefs.h
+
+ fi
+
+else
+
+ PERL_TRUSTED=no
+ PERL_UNTRUSTED=no
+
+fi
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_perl" >&5
$as_echo "$with_perl" >&6; }
+
+
#
# Optionally build Python modules (PL/Python)
#
diff --git a/configure.ac b/configure.ac
index d093fb88dd..0dd440131b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -823,9 +823,39 @@ PGAC_ARG_REQ(with, tclconfig, [DIR], [tclConfig.sh is in DIR])
# Optionally build Perl modules (PL/Perl)
#
AC_MSG_CHECKING([whether to build Perl modules])
-PGAC_ARG_BOOL(with, perl, no, [build Perl modules (PL/Perl)])
+PGAC_ARG_OPTARG(with, perl,
+[TRUSTWORTHINESS], [build Perl modules (PL/Perl)],
+[
+ PERL_TRUSTED=yes
+ PERL_UNTRUSTED=yes
+],
+[
+ if test "$withval" = trusted ; then
+ PERL_TRUSTED=yes
+ PERL_UNTRUSTED=no
+ elif test "$withval" = untrusted ; then
+ PERL_TRUSTED=no
+ PERL_UNTRUSTED=yes
+ else
+ AC_MSG_ERROR([invalid --with-perl value: argument must be omitted or specified as 'trusted' or 'untrusted'])
+ fi
+],
+[
+ if test "$PERL_TRUSTED" = yes ; then
+ AC_DEFINE([USE_PERL], 1, [Define to 1 to build with trusted Perl support. (--with-perl='trusted')])
+ fi
+ if test "$PERL_UNTRUSTED" = yes ; then
+ AC_DEFINE([USE_PERLU], 1, [Define to 1 to build with untrusted Perl support. (--with-perl='untrusted')])
+ fi
+],
+[
+ PERL_TRUSTED=no
+ PERL_UNTRUSTED=no
+])
AC_MSG_RESULT([$with_perl])
AC_SUBST(with_perl)
+AC_SUBST(PERL_TRUSTED)
+AC_SUBST(PERL_UNTRUSTED)
#
# Optionally build Python modules (PL/Python)
diff --git a/contrib/bool_plperl/Makefile b/contrib/bool_plperl/Makefile
index efe1de986b..ae23e7e3f1 100644
--- a/contrib/bool_plperl/Makefile
+++ b/contrib/bool_plperl/Makefile
@@ -8,10 +8,12 @@ PGFILEDESC = "bool_plperl - bool transform for plperl"
PG_CPPFLAGS = -I$(top_srcdir)/src/pl/plperl
-EXTENSION = bool_plperlu bool_plperl
-DATA = bool_plperlu--1.0.sql bool_plperl--1.0.sql
-
-REGRESS = bool_plperl bool_plperlu
+# We do not yet know whether we are building with trusted PL/Perl, untrusted
+# PL/Perl, or both, so for now we assume we are just building trusted PL/Perl.
+# We'll adjust these later on if this assumption was accurate.
+EXTENSION = bool_plperl
+DATA = bool_plperl--1.0.sql
+REGRESS = bool_plperl
ifdef USE_PGXS
PG_CONFIG = pg_config
@@ -37,3 +39,17 @@ endif
# As with plperl we need to include the perl_includespec directory last.
override CPPFLAGS := $(CPPFLAGS) $(perl_embed_ccflags) $(perl_includespec)
+
+# Since we now know whether we are building trusted PL/Perl, untrusted PL/Perl,
+# or both, we should adjust the relevant variables accordingly.
+ifeq ($(PERL_TRUSTED), no)
+ override undefine EXTENSION
+ override undefine DATA
+ override undefine REGRESS
+endif
+
+ifeq ($(PERL_UNTRUSTED), yes)
+ override EXTENSION += bool_plperlu
+ override DATA += bool_plperlu--1.0.sql
+ override REGRESS += bool_plperlu
+endif
diff --git a/contrib/hstore_plperl/Makefile b/contrib/hstore_plperl/Makefile
index 9065f16408..32af5049a9 100644
--- a/contrib/hstore_plperl/Makefile
+++ b/contrib/hstore_plperl/Makefile
@@ -6,11 +6,13 @@ OBJS = \
hstore_plperl.o
PGFILEDESC = "hstore_plperl - hstore transform for plperl"
+# We do not yet know whether we are building with trusted PL/Perl, untrusted
+# PL/Perl, or both, so for now we assume we are just building trusted PL/Perl.
+# We'll adjust these later on if this assumption was accurate.
+EXTENSION = hstore_plperl
+DATA = hstore_plperl--1.0.sql
+REGRESS = hstore_plperl create_transform
-EXTENSION = hstore_plperl hstore_plperlu
-DATA = hstore_plperl--1.0.sql hstore_plperlu--1.0.sql
-
-REGRESS = hstore_plperl hstore_plperlu create_transform
EXTRA_INSTALL = contrib/hstore
ifdef USE_PGXS
@@ -39,3 +41,17 @@ endif
# As with plperl we need to include the perl_includespec directory last.
override CPPFLAGS := $(CPPFLAGS) $(perl_embed_ccflags) $(perl_includespec)
+
+# Since we now know whether we are building trusted PL/Perl, untrusted PL/Perl,
+# or both, we should adjust the relevant variables accordingly.
+ifeq ($(PERL_TRUSTED), no)
+ override undefine EXTENSION
+ override undefine DATA
+ override undefine REGRESS
+endif
+
+ifeq ($(PERL_UNTRUSTED), yes)
+ override EXTENSION += hstore_plperlu
+ override DATA += hstore_plperlu--1.0.sql
+ override REGRESS += hstore_plperlu
+endif
diff --git a/contrib/jsonb_plperl/Makefile b/contrib/jsonb_plperl/Makefile
index ba9480e819..218bd51c9e 100644
--- a/contrib/jsonb_plperl/Makefile
+++ b/contrib/jsonb_plperl/Makefile
@@ -8,10 +8,12 @@ PGFILEDESC = "jsonb_plperl - jsonb transform for plperl"
PG_CPPFLAGS = -I$(top_srcdir)/src/pl/plperl
-EXTENSION = jsonb_plperlu jsonb_plperl
-DATA = jsonb_plperlu--1.0.sql jsonb_plperl--1.0.sql
-
-REGRESS = jsonb_plperl jsonb_plperlu
+# We do not yet know whether we are building with trusted PL/Perl, untrusted
+# PL/Perl, or both, so for now we assume we are just building trusted PL/Perl.
+# We'll adjust these later on if this assumption was accurate.
+EXTENSION = jsonb_plperl
+DATA = jsonb_plperl--1.0.sql
+REGRESS = jsonb_plperl
SHLIB_LINK += $(filter -lm, $(LIBS))
@@ -39,3 +41,17 @@ endif
# As with plperl we need to include the perl_includespec directory last.
override CPPFLAGS := $(CPPFLAGS) $(perl_embed_ccflags) $(perl_includespec)
+
+# Since we now know whether we are building trusted PL/Perl, untrusted PL/Perl,
+# or both, we should adjust the relevant variables accordingly.
+ifeq ($(PERL_TRUSTED), no)
+ override undefine EXTENSION
+ override undefine DATA
+ override undefine REGRESS
+endif
+
+ifeq ($(PERL_UNTRUSTED), yes)
+ override EXTENSION += jsonb_plperlu
+ override DATA += jsonb_plperlu--1.0.sql
+ override REGRESS += jsonb_plperlu
+endif
diff --git a/doc/src/sgml/installation.sgml b/doc/src/sgml/installation.sgml
index c585078029..4377e9d51a 100644
--- a/doc/src/sgml/installation.sgml
+++ b/doc/src/sgml/installation.sgml
@@ -873,10 +873,31 @@ build-postgresql:
</varlistentry>
<varlistentry>
- <term><option>--with-perl</option></term>
+ <term><option>--with-perl<optional>=<replaceable>TRUSTWORTHINESS</replaceable></optional></option></term>
<listitem>
<para>
Build the <application>PL/Perl</application> server-side language.
+ <replaceable>TRUSTWORTHINESS</replaceable> is an optional argument and,
+ if provided, must be one of:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <option>trusted</option> to build only trusted
+ <application>PL/Perl</application>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <option>untrusted</option> to build only untrusted
+ <application>PL/Perl</application>
+ (<application>PL/PerlU</application>)
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ If <replaceable>TRUSTWORTHINESS</replaceable> is not specified, both
+ trusted and untrusted <application>PL/Perl</application> will be built.
</para>
</listitem>
</varlistentry>
diff --git a/src/Makefile.global.in b/src/Makefile.global.in
index 051718e4fe..53f367ca7a 100644
--- a/src/Makefile.global.in
+++ b/src/Makefile.global.in
@@ -526,6 +526,8 @@ GENHTML = @GENHTML@
DEF_PGPORT = @default_port@
WANTED_LANGUAGES = @WANTED_LANGUAGES@
+PERL_TRUSTED = @PERL_TRUSTED@
+PERL_UNTRUSTED = @PERL_UNTRUSTED@
##########################################################################
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index cdd742cb55..2779f5f671 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -931,6 +931,12 @@
/* Define to 1 to build with PAM support. (--with-pam) */
#undef USE_PAM
+/* Define to 1 to build with trusted Perl support. (--with-perl='trusted') */
+#undef USE_PERL
+
+/* Define to 1 to build with untrusted Perl support. (--with-perl='untrusted') */
+#undef USE_PERLU
+
/* Define to 1 to use software CRC-32C implementation (slicing-by-8). */
#undef USE_SLICING_BY_8_CRC32C
diff --git a/src/pl/plperl/GNUmakefile b/src/pl/plperl/GNUmakefile
index a2e6410f53..d01201bbac 100644
--- a/src/pl/plperl/GNUmakefile
+++ b/src/pl/plperl/GNUmakefile
@@ -27,8 +27,13 @@ NAME = plperl
OBJS = plperl.o SPI.o Util.o $(WIN32RES)
-DATA = plperl.control plperl--1.0.sql \
- plperlu.control plperlu--1.0.sql
+ifeq ($(PERL_TRUSTED), yes)
+ DATA += plperl.control plperl--1.0.sql
+endif
+
+ifeq ($(PERL_UNTRUSTED), yes)
+ DATA += plperlu.control plperlu--1.0.sql
+endif
PERLCHUNKS = plc_perlboot.pl plc_trusted.pl
@@ -56,14 +61,26 @@ endif # win32
SHLIB_LINK = $(perl_embed_ldflags)
REGRESS_OPTS = --dbname=$(PL_TESTDB)
-REGRESS = plperl_setup plperl plperl_lc plperl_trigger plperl_shared \
- plperl_elog plperl_util plperl_init plperlu plperl_array \
- plperl_call plperl_transaction
-# if Perl can support two interpreters in one backend,
-# test plperl-and-plperlu cases
-ifneq ($(PERL),)
-ifeq ($(shell $(PERL) -V:usemultiplicity), usemultiplicity='define';)
- REGRESS += plperl_plperlu
+
+ifeq ($(PERL_TRUSTED), yes)
+ REGRESS = plperl_setup plperl plperl_lc plperl_trigger plperl_shared \
+ plperl_elog plperl_util plperl_init plperl_array plperl_call \
+ plperl_transaction
+endif
+
+ifeq ($(PERL_UNTRUSTED), yes)
+ REGRESS += plperlu
+endif
+
+ifeq ($(PERL_TRUSTED), yes)
+ifeq ($(PERL_UNTRUSTED), yes)
+ # if Perl can support two interpreters in one backend,
+ # test plperl-and-plperlu cases
+ ifneq ($(PERL),)
+ ifeq ($(shell $(PERL) -V:usemultiplicity), usemultiplicity='define';)
+ REGRESS += plperl_plperlu
+ endif
+ endif
endif
endif
diff --git a/src/pl/plperl/expected/plperl_setup.out b/src/pl/plperl/expected/plperl_setup.out
index 5234febefd..d0682325b2 100644
--- a/src/pl/plperl/expected/plperl_setup.out
+++ b/src/pl/plperl/expected/plperl_setup.out
@@ -1,18 +1,15 @@
--
--- Install the plperl and plperlu extensions
+-- Install plperl
--
-- Before going ahead with the to-be-tested installations, verify that
--- a non-superuser is allowed to install plperl (but not plperlu) when
--- suitable permissions have been granted.
+-- a non-superuser is allowed to install plperl when suitable permissions
+-- have been granted.
CREATE USER regress_user1;
CREATE USER regress_user2;
SET ROLE regress_user1;
CREATE EXTENSION plperl; -- fail
ERROR: permission denied to create extension "plperl"
HINT: Must have CREATE privilege on current database to create this extension.
-CREATE EXTENSION plperlu; -- fail
-ERROR: permission denied to create extension "plperlu"
-HINT: Must be superuser to create this extension.
RESET ROLE;
DO $$
begin
@@ -22,9 +19,6 @@ end;
$$;
SET ROLE regress_user1;
CREATE EXTENSION plperl;
-CREATE EXTENSION plperlu; -- fail
-ERROR: permission denied to create extension "plperlu"
-HINT: Must be superuser to create this extension.
CREATE SCHEMA plperl_setup_scratch;
SET search_path = plperl_setup_scratch;
GRANT ALL ON SCHEMA plperl_setup_scratch TO regress_user2;
@@ -68,6 +62,5 @@ RESET ROLE;
DROP OWNED BY regress_user1;
DROP USER regress_user1;
DROP USER regress_user2;
--- Now install the versions that will be used by subsequent test scripts.
+-- Now install the version that will be used by subsequent test scripts.
CREATE EXTENSION plperl;
-CREATE EXTENSION plperlu;
diff --git a/src/pl/plperl/expected/plperlu.out b/src/pl/plperl/expected/plperlu.out
index a3edb38497..f759466a90 100644
--- a/src/pl/plperl/expected/plperlu.out
+++ b/src/pl/plperl/expected/plperlu.out
@@ -1,5 +1,32 @@
+-- Before going ahead with the to-be-tested installations, verify that
+-- only superusers can install plperlu.
+CREATE USER regress_user1;
+SET ROLE regress_user1;
+CREATE EXTENSION plperlu; -- fail
+ERROR: permission denied to create extension "plperlu"
+HINT: Must be superuser to create this extension.
+RESET ROLE;
+DO $$
+begin
+ execute format('grant create on database %I to regress_user1',
+ current_database());
+end;
+$$;
+SET ROLE regress_user1;
+CREATE EXTENSION plperlu; -- fail
+ERROR: permission denied to create extension "plperlu"
+HINT: Must be superuser to create this extension.
+RESET ROLE;
+DO $$
+begin
+ execute format('revoke create on database %I from regress_user1',
+ current_database());
+end;
+$$;
+DROP ROLE regress_user1;
-- Use ONLY plperlu tests here. For plperl/plerlu combined tests
-- see plperl_plperlu.sql
+CREATE EXTENSION plperlu;
-- This test tests setting on_plperlu_init after loading plperl
LOAD 'plperl';
-- Test plperl.on_plperlu_init gets run
diff --git a/src/pl/plperl/plperl.c b/src/pl/plperl/plperl.c
index 9bc6793a30..ff5f9641d5 100644
--- a/src/pl/plperl/plperl.c
+++ b/src/pl/plperl/plperl.c
@@ -445,6 +445,7 @@ _PG_init(void)
* OK since the worst result would be an error. Your code oughta pass
* use_strict anyway ;-)
*/
+#ifdef USE_PERL
DefineCustomStringVariable("plperl.on_plperl_init",
gettext_noop("Perl initialization code to execute once when plperl is first used."),
NULL,
@@ -452,7 +453,9 @@ _PG_init(void)
NULL,
PGC_SUSET, 0,
NULL, NULL, NULL);
+#endif /* USE_PERL */
+#ifdef USE_PERLU
DefineCustomStringVariable("plperl.on_plperlu_init",
gettext_noop("Perl initialization code to execute once when plperlu is first used."),
NULL,
@@ -460,6 +463,7 @@ _PG_init(void)
NULL,
PGC_SUSET, 0,
NULL, NULL, NULL);
+#endif /* USE_PERLU */
MarkGUCPrefixReserved("plperl");
@@ -2039,6 +2043,7 @@ plperl_validator_internal(PG_FUNCTION_ARGS, bool trusted)
* There are three externally visible pieces to plperl: plperl_call_handler,
* plperl_inline_handler, and plperl_validator.
*/
+#ifdef USE_PERL
PG_FUNCTION_INFO_V1(plperl_call_handler);
@@ -2064,11 +2069,14 @@ plperl_validator(PG_FUNCTION_ARGS)
return plperl_validator_internal(fcinfo, true);
}
+#endif /* USE_PERL */
+
/*
* plperlu likewise requires three externally visible functions:
* plperlu_call_handler, plperlu_inline_handler, and plperlu_validator.
*/
+#ifdef USE_PERLU
PG_FUNCTION_INFO_V1(plperlu_call_handler);
@@ -2095,6 +2103,8 @@ plperlu_validator(PG_FUNCTION_ARGS)
return plperl_validator_internal(fcinfo, false);
}
+#endif /* USE_PERLU */
+
/*
* Uses mkfunc to create a subroutine whose text is
diff --git a/src/pl/plperl/sql/plperl_setup.sql b/src/pl/plperl/sql/plperl_setup.sql
index a89cf56617..eb29cacdac 100644
--- a/src/pl/plperl/sql/plperl_setup.sql
+++ b/src/pl/plperl/sql/plperl_setup.sql
@@ -1,10 +1,10 @@
--
--- Install the plperl and plperlu extensions
+-- Install plperl
--
-- Before going ahead with the to-be-tested installations, verify that
--- a non-superuser is allowed to install plperl (but not plperlu) when
--- suitable permissions have been granted.
+-- a non-superuser is allowed to install plperl when suitable permissions
+-- have been granted.
CREATE USER regress_user1;
CREATE USER regress_user2;
@@ -12,7 +12,6 @@ CREATE USER regress_user2;
SET ROLE regress_user1;
CREATE EXTENSION plperl; -- fail
-CREATE EXTENSION plperlu; -- fail
RESET ROLE;
@@ -26,7 +25,6 @@ $$;
SET ROLE regress_user1;
CREATE EXTENSION plperl;
-CREATE EXTENSION plperlu; -- fail
CREATE SCHEMA plperl_setup_scratch;
SET search_path = plperl_setup_scratch;
GRANT ALL ON SCHEMA plperl_setup_scratch TO regress_user2;
@@ -68,6 +66,5 @@ DROP OWNED BY regress_user1;
DROP USER regress_user1;
DROP USER regress_user2;
--- Now install the versions that will be used by subsequent test scripts.
+-- Now install the version that will be used by subsequent test scripts.
CREATE EXTENSION plperl;
-CREATE EXTENSION plperlu;
diff --git a/src/pl/plperl/sql/plperlu.sql b/src/pl/plperl/sql/plperlu.sql
index be43df5d90..1e050e8237 100644
--- a/src/pl/plperl/sql/plperlu.sql
+++ b/src/pl/plperl/sql/plperlu.sql
@@ -1,5 +1,34 @@
+-- Before going ahead with the to-be-tested installations, verify that
+-- only superusers can install plperlu.
+CREATE USER regress_user1;
+
+SET ROLE regress_user1;
+CREATE EXTENSION plperlu; -- fail
+RESET ROLE;
+
+DO $$
+begin
+ execute format('grant create on database %I to regress_user1',
+ current_database());
+end;
+$$;
+
+SET ROLE regress_user1;
+CREATE EXTENSION plperlu; -- fail
+RESET ROLE;
+
+DO $$
+begin
+ execute format('revoke create on database %I from regress_user1',
+ current_database());
+end;
+$$;
+
+DROP ROLE regress_user1;
+
-- Use ONLY plperlu tests here. For plperl/plerlu combined tests
-- see plperl_plperlu.sql
+CREATE EXTENSION plperlu;
-- This test tests setting on_plperlu_init after loading plperl
LOAD 'plperl';
--
2.25.1
>From ee2b10d63b6714cb851e0f5e68cf005c864fcb27 Mon Sep 17 00:00:00 2001
From: Nathan Bossart <nathandboss...@gmail.com>
Date: Wed, 18 May 2022 14:33:48 -0700
Subject: [PATCH v1 3/3] Allow building only trusted or untrusted PL/Tcl.
Presently, when the --with-tcl configuration option is used, both
trusted and untrusted PL/Tcl are built. However, some users may
only want to build one or the other. This change introduces an
optional argument that can be used to do so. If
--with-tcl='trusted' is specified, only trusted PL/Tcl is built.
If --with-tcl='untrusted' is specified, only untrusted PL/Tcl is
built. If --with-tcl is given without an argument, both trusted
and untrusted PL/Tcl are built.
---
configure | 47 +++++++++++++++++++++++++++++++---
configure.ac | 32 ++++++++++++++++++++++-
doc/src/sgml/installation.sgml | 23 ++++++++++++++++-
src/Makefile.global.in | 2 ++
src/include/pg_config.h.in | 6 +++++
src/pl/tcl/Makefile | 12 ++++++---
src/pl/tcl/pltcl.c | 16 ++++++++++--
7 files changed, 126 insertions(+), 12 deletions(-)
diff --git a/configure b/configure
index faa8b1a2e3..046fc4dcf0 100755
--- a/configure
+++ b/configure
@@ -726,6 +726,8 @@ with_python
PERL_UNTRUSTED
PERL_TRUSTED
with_perl
+TCL_UNTRUSTED
+TCL_TRUSTED
with_tcl
ICU_LIBS
ICU_CFLAGS
@@ -1563,7 +1565,8 @@ Optional Packages:
--with-CC=CMD set compiler (deprecated)
--with-llvm build with LLVM based JIT support
--with-icu build with ICU support
- --with-tcl build Tcl modules (PL/Tcl)
+ --with-tcl[=TRUSTWORTHINESS]
+ build Tcl modules (PL/Tcl)
--with-tclconfig=DIR tclConfig.sh is in DIR
--with-perl[=TRUSTWORTHINESS]
build Perl modules (PL/Perl)
@@ -8097,26 +8100,62 @@ if test "${with_tcl+set}" = set; then :
withval=$with_tcl;
case $withval in
yes)
- :
+
+ TCL_TRUSTED=yes
+ TCL_UNTRUSTED=yes
+
;;
no)
:
;;
*)
- as_fn_error $? "no argument expected for --with-tcl option" "$LINENO" 5
+ with_tcl=yes
+
+ if test "$withval" = trusted ; then
+ TCL_TRUSTED=yes
+ TCL_UNTRUSTED=no
+ elif test "$withval" = untrusted ; then
+ TCL_TRUSTED=no
+ TCL_UNTRUSTED=yes
+ else
+ as_fn_error $? "invalid --with-tcl value: argument must be omitted or specified as 'trusted' or 'untrusted'" "$LINENO" 5
+ fi
+
;;
esac
else
with_tcl=no
-
fi
+
+if test "$with_tcl" = yes; then
+
+ if test "$TCL_TRUSTED" = yes ; then
+
+$as_echo "#define USE_TCL 1" >>confdefs.h
+
+ fi
+ if test "$TCL_UNTRUSTED" = yes ; then
+
+$as_echo "#define USE_TCLU 1" >>confdefs.h
+
+ fi
+
+else
+
+ TCL_TRUSTED=no
+ TCL_UNTRUSTED=no
+
+fi
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_tcl" >&5
$as_echo "$with_tcl" >&6; }
+
+
# We see if the path to the Tcl/Tk configuration scripts is specified.
# This will override the use of tclsh to find the paths to search.
diff --git a/configure.ac b/configure.ac
index 0dd440131b..8e7d96a6fe 100644
--- a/configure.ac
+++ b/configure.ac
@@ -810,9 +810,39 @@ fi
# Optionally build Tcl modules (PL/Tcl)
#
AC_MSG_CHECKING([whether to build with Tcl])
-PGAC_ARG_BOOL(with, tcl, no, [build Tcl modules (PL/Tcl)])
+PGAC_ARG_OPTARG(with, tcl,
+[TRUSTWORTHINESS], [build Tcl modules (PL/Tcl)],
+[
+ TCL_TRUSTED=yes
+ TCL_UNTRUSTED=yes
+],
+[
+ if test "$withval" = trusted ; then
+ TCL_TRUSTED=yes
+ TCL_UNTRUSTED=no
+ elif test "$withval" = untrusted ; then
+ TCL_TRUSTED=no
+ TCL_UNTRUSTED=yes
+ else
+ AC_MSG_ERROR([invalid --with-tcl value: argument must be omitted or specified as 'trusted' or 'untrusted'])
+ fi
+],
+[
+ if test "$TCL_TRUSTED" = yes ; then
+ AC_DEFINE([USE_TCL], 1, [Define to 1 to build with trusted Tcl support. (--with-tcl='trusted')])
+ fi
+ if test "$TCL_UNTRUSTED" = yes ; then
+ AC_DEFINE([USE_TCLU], 1, [Define to 1 to build with untrusted Tcl support. (--with-tcl='untrusted')])
+ fi
+],
+[
+ TCL_TRUSTED=no
+ TCL_UNTRUSTED=no
+])
AC_MSG_RESULT([$with_tcl])
AC_SUBST([with_tcl])
+AC_SUBST(TCL_TRUSTED)
+AC_SUBST(TCL_UNTRUSTED)
# We see if the path to the Tcl/Tk configuration scripts is specified.
# This will override the use of tclsh to find the paths to search.
diff --git a/doc/src/sgml/installation.sgml b/doc/src/sgml/installation.sgml
index 4377e9d51a..8d96152dd2 100644
--- a/doc/src/sgml/installation.sgml
+++ b/doc/src/sgml/installation.sgml
@@ -912,10 +912,31 @@ build-postgresql:
</varlistentry>
<varlistentry>
- <term><option>--with-tcl</option></term>
+ <term><option>--with_tcl<optional>=<replaceable>TRUSTWORTHINESS</replaceable></optional></option></term>
<listitem>
<para>
Build the <application>PL/Tcl</application> server-side language.
+ <replaceable>TRUSTWORTHINESS</replaceable> is an optional argument and,
+ if provided, must be one of:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <option>trusted</option> to build only trusted
+ <application>PL/Tcl</application>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <option>untrusted</option> to build only untrusted
+ <application>PL/Tcl</application>
+ (<application>PL/TclU</application>)
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ If <replaceable>TRUSTWORTHINESS</replaceable> is not specified, both
+ trusted and untrusted <application>PL/Tcl</application> will be built.
</para>
</listitem>
</varlistentry>
diff --git a/src/Makefile.global.in b/src/Makefile.global.in
index 53f367ca7a..0262ee6d96 100644
--- a/src/Makefile.global.in
+++ b/src/Makefile.global.in
@@ -528,6 +528,8 @@ DEF_PGPORT = @default_port@
WANTED_LANGUAGES = @WANTED_LANGUAGES@
PERL_TRUSTED = @PERL_TRUSTED@
PERL_UNTRUSTED = @PERL_UNTRUSTED@
+TCL_TRUSTED = @TCL_TRUSTED@
+TCL_UNTRUSTED = @TCL_UNTRUSTED@
##########################################################################
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index 2779f5f671..c7eb244050 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -955,6 +955,12 @@
/* Define to select SysV-style shared memory. */
#undef USE_SYSV_SHARED_MEMORY
+/* Define to 1 to build with trusted Tcl support. (--with-tcl='trusted') */
+#undef USE_TCL
+
+/* Define to 1 to build with untrusted Tcl support. (--with-tcl='untrusted') */
+#undef USE_TCLU
+
/* Define to select unnamed POSIX semaphores. */
#undef USE_UNNAMED_POSIX_SEMAPHORES
diff --git a/src/pl/tcl/Makefile b/src/pl/tcl/Makefile
index 25e65189b6..842d425969 100644
--- a/src/pl/tcl/Makefile
+++ b/src/pl/tcl/Makefile
@@ -26,11 +26,15 @@ OBJS = \
$(WIN32RES) \
pltcl.o
-DATA = pltcl.control pltcl--1.0.sql \
- pltclu.control pltclu--1.0.sql
+ifeq ($(TCL_TRUSTED), yes)
+ DATA += pltcl.control pltcl--1.0.sql
+ REGRESS_OPTS = --dbname=$(PL_TESTDB) --load-extension=pltcl
+ REGRESS = pltcl_setup pltcl_queries pltcl_trigger pltcl_call pltcl_start_proc pltcl_subxact pltcl_unicode pltcl_transaction
+endif
-REGRESS_OPTS = --dbname=$(PL_TESTDB) --load-extension=pltcl
-REGRESS = pltcl_setup pltcl_queries pltcl_trigger pltcl_call pltcl_start_proc pltcl_subxact pltcl_unicode pltcl_transaction
+ifeq ($(TCL_UNTRUSTED), yes)
+ DATA += pltclu.control pltclu--1.0.sql
+endif
# Tcl on win32 ships with import libraries only for Microsoft Visual C++,
# which are not compatible with mingw gcc. Therefore we need to build a
diff --git a/src/pl/tcl/pltcl.c b/src/pl/tcl/pltcl.c
index 0dd6d8ab2c..57c5fc79fb 100644
--- a/src/pl/tcl/pltcl.c
+++ b/src/pl/tcl/pltcl.c
@@ -459,6 +459,7 @@ _PG_init(void)
/************************************************************
* Define PL/Tcl's custom GUCs
************************************************************/
+#ifdef USE_TCL
DefineCustomStringVariable("pltcl.start_proc",
gettext_noop("PL/Tcl function to call once when pltcl is first used."),
NULL,
@@ -466,6 +467,10 @@ _PG_init(void)
NULL,
PGC_SUSET, 0,
NULL, NULL, NULL);
+ MarkGUCPrefixReserved("pltcl");
+#endif /* USE_TCL */
+
+#ifdef USE_TCLU
DefineCustomStringVariable("pltclu.start_proc",
gettext_noop("PL/TclU function to call once when pltclu is first used."),
NULL,
@@ -473,9 +478,8 @@ _PG_init(void)
NULL,
PGC_SUSET, 0,
NULL, NULL, NULL);
-
- MarkGUCPrefixReserved("pltcl");
MarkGUCPrefixReserved("pltclu");
+#endif /* USE_TCLU */
pltcl_pm_init_done = true;
}
@@ -690,6 +694,8 @@ start_proc_error_callback(void *arg)
* call this function for execution of
* PL/Tcl procedures.
**********************************************************************/
+#ifdef USE_TCL
+
PG_FUNCTION_INFO_V1(pltcl_call_handler);
/* keep non-static */
@@ -699,6 +705,10 @@ pltcl_call_handler(PG_FUNCTION_ARGS)
return pltcl_handler(fcinfo, true);
}
+#endif /* USE_TCL */
+
+#ifdef USE_TCLU
+
/*
* Alternative handler for unsafe functions
*/
@@ -711,6 +721,8 @@ pltclu_call_handler(PG_FUNCTION_ARGS)
return pltcl_handler(fcinfo, false);
}
+#endif /* USE_TCLU */
+
/**********************************************************************
* pltcl_handler() - Handler for function and trigger calls, for
--
2.25.1
