Added PostgreSQL UDF to execute commands on the underlying system:

bdamele · bdamele · commit 9631dc115e65 · 2009-01-22T00:35:17.000Z
* sys_eval() to return the standard output * sys_exec() to return the exit status Inspired by lib_mysqludf_sys 0.0.3 (https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/mysqludfsys/)
diff --git a/extra/postgresqludfsys/lib_postgresqludf_sys/Makefile b/extra/postgresqludfsys/lib_postgresqludf_sys/Makefile
@@ -0,0 +1,4 @@
+LIBDIR=/usr/lib
+
+install:
+	gcc -Wall -I/usr/include/postgresql/8.3/server -I. -shared lib_postgresqludf_sys.c -o $(LIBDIR)/lib_postgresqludf_sys.so
diff --git a/extra/postgresqludfsys/lib_postgresqludf_sys/install.sh b/extra/postgresqludfsys/lib_postgresqludf_sys/install.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+# lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
+# Copyright (C) 2009  Bernardo Damele A. G.
+# web: http://bernardodamele.blogspot.com/
+# email: bernardo.damele@gmail.com
+# 
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+echo "Compiling the PostgreSQL UDF"
+make
+
+if test $? -ne 0; then
+	echo "ERROR: You need postgresql-server development software installed "
+	echo "to be able to compile this UDF, on Debian/Ubuntu just run:"
+	echo "apt-get install postgresql-server-dev-8.3"
+	exit 1
+else
+	echo "PostgreSQL UDF compiled successfully"
+fi
+
+echo -e "\nPlease provide your PostgreSQL 'postgres' user's password"
+
+/usr/lib/postgresql/8.3/bin/psql -h 127.0.0.1 -p 5432 -U postgres -q template1 < lib_postgresqludf_sys.sql
+#psql -h 127.0.0.1 -p 5432 -U postgres -q template1 < lib_postgresqludf_sys.sql
+
+if test $? -ne 0; then
+	echo "ERROR: unable to install the UDF"
+	exit 1
+else
+	echo "PostgreSQL UDF installed successfully"
+fi
diff --git a/extra/postgresqludfsys/lib_postgresqludf_sys/lib_postgresqludf_sys.c b/extra/postgresqludfsys/lib_postgresqludf_sys/lib_postgresqludf_sys.c
@@ -0,0 +1,100 @@
+/* 
+	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
+	Copyright (C) 2009  Bernardo Damele A. G.
+	web: http://bernardodamele.blogspot.com/
+	email: bernardo.damele@gmail.com
+	
+	This library is free software; you can redistribute it and/or
+	modify it under the terms of the GNU Lesser General Public
+	License as published by the Free Software Foundation; either
+	version 2.1 of the License, or (at your option) any later version.
+	
+	This library is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+	Lesser General Public License for more details.
+	
+	You should have received a copy of the GNU Lesser General Public
+	License along with this library; if not, write to the Free Software
+	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+#include <stdlib.h>
+#include <postgres.h>
+#include <fmgr.h>
+
+#ifdef PG_MODULE_MAGIC
+PG_MODULE_MAGIC;
+#endif
+
+PG_FUNCTION_INFO_V1(sys_exec);
+Datum sys_exec(PG_FUNCTION_ARGS) {
+	text *argv0 = PG_GETARG_TEXT_P(0);
+	int32 argv0_size;
+	int32 result = 0;
+	char *command;
+
+	argv0_size = VARSIZE(argv0) - VARHDRSZ;
+	command = (char *)palloc(argv0_size + 1);
+
+	memcpy(command, VARDATA(argv0), argv0_size);
+	command[argv0_size] = '\0';
+
+	/*
+	Only if you want to log
+	elog(NOTICE, "Command execution: %s", command);
+	*/
+
+	result = system(command);
+	pfree(command);
+
+	PG_FREE_IF_COPY(argv0, 0);
+	PG_RETURN_INT32(result);
+}
+
+PG_FUNCTION_INFO_V1(sys_eval);
+Datum sys_eval(PG_FUNCTION_ARGS) {
+	text *argv0 = PG_GETARG_TEXT_P(0);
+	text *result_text;
+	int32 argv0_size;
+	char *command;
+	char *result;
+	FILE *pipe;
+	char line[1024];
+	int32 outlen, linelen;
+
+	argv0_size = VARSIZE(argv0) - VARHDRSZ;
+	command = (char *)palloc(argv0_size + 1);
+
+	memcpy(command, VARDATA(argv0), argv0_size);
+	command[argv0_size] = '\0';
+
+	/*
+	Only if you want to log
+	elog(NOTICE, "Command evaluated: %s", command);
+	*/
+
+	result = malloc(1);
+	outlen = 0;
+
+	pipe = popen(command, "r");
+
+	while (fgets(line, sizeof(line), pipe) != NULL) {
+		linelen = strlen(line);
+		result = realloc(result, outlen + linelen);
+		strncpy(result + outlen, line, linelen);
+		outlen = outlen + linelen;
+	}
+
+	pclose(pipe);
+
+	if (*result) {
+		result[outlen] = 0x00;
+	}
+
+	result_text = (text *)palloc(VARHDRSZ + strlen(result));
+	SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
+	memcpy(VARDATA(result_text), result, strlen(result));
+
+	PG_RETURN_POINTER(result_text);
+}
diff --git a/extra/postgresqludfsys/lib_postgresqludf_sys/lib_postgresqludf_sys.so b/extra/postgresqludfsys/lib_postgresqludf_sys/lib_postgresqludf_sys.so
diff --git a/extra/postgresqludfsys/lib_postgresqludf_sys/lib_postgresqludf_sys.sql b/extra/postgresqludfsys/lib_postgresqludf_sys/lib_postgresqludf_sys.sql
@@ -0,0 +1,23 @@
+/* 
+	lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
+	Copyright (C) 2009  Bernardo Damele A. G.
+	web: http://bernardodamele.blogspot.com/
+	email: bernardo.damele@gmail.com
+	
+	This library is free software; you can redistribute it and/or
+	modify it under the terms of the GNU Lesser General Public
+	License as published by the Free Software Foundation; either
+	version 2.1 of the License, or (at your option) any later version.
+	
+	This library is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+	Lesser General Public License for more details.
+	
+	You should have received a copy of the GNU Lesser General Public
+	License along with this library; if not, write to the Free Software
+	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS '/usr/lib/lib_postgresqludf_sys.so', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
+CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS '/usr/lib/lib_postgresqludf_sys.so', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
diff --git a/extra/postgresqludfsys/lib_postgresqludf_sys_0.0.1.tar.gz b/extra/postgresqludfsys/lib_postgresqludf_sys_0.0.1.tar.gz
