diff -uN lib_mysqludf_sys_0.0.2/install.sh lib_mysqludf_sys/install.sh --- lib_mysqludf_sys_0.0.2/install.sh 1970-01-01 01:00:00.000000000 +0100 +++ lib_mysqludf_sys/install.sh 2009-01-21 00:51:52.000000000 +0000 @@ -0,0 +1,43 @@ +#!/bin/bash +# lib_mysqludf_sys - a library with miscellaneous (operating) system level functions +# Copyright (C) 2007 Roland Bouman +# Copyright (C) 2008-2009 Roland Bouman and Bernardo Damele A. G. +# web: http://www.mysqludf.org/ +# email: mysqludfs@gmail.com, bernardo.damele@gmail.com +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +echo "Compiling the MySQL UDF" +make + +if test $? -ne 0; then + echo "ERROR: You need libmysqlclient development software installed " + echo "to be able to compile this UDF, on Debian/Ubuntu just run:" + echo "apt-get install libmysqlclient15-dev" + exit 1 +else + echo "MySQL UDF compiled successfully" +fi + +echo -e "\nPlease provide your MySQL root password" + +mysql -u root -p mysql < lib_mysqludf_sys.sql + +if test $? -ne 0; then + echo "ERROR: unable to install the UDF" + exit 1 +else + echo "MySQL UDF installed successfully" +fi Binary files lib_mysqludf_sys_0.0.2/lib_mysqludf_sys_0.0.2.tar.gz and lib_mysqludf_sys/lib_mysqludf_sys_0.0.2.tar.gz differ diff -uN lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.c lib_mysqludf_sys/lib_mysqludf_sys.c --- lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.c 2009-01-22 12:01:55.000000000 +0000 +++ lib_mysqludf_sys/lib_mysqludf_sys.c 2009-01-21 00:06:13.000000000 +0000 @@ -1,8 +1,9 @@ /* lib_mysqludf_sys - a library with miscellaneous (operating) system level functions Copyright (C) 2007 Roland Bouman - web: http://www.xcdsql.org/MySQL/UDF/ - email: mysqludfs@gmail.com + Copyright (C) 2008-2009 Roland Bouman and Bernardo Damele A. G. + web: http://www.mysqludf.org/ + email: mysqludfs@gmail.com, bernardo.damele@gmail.com This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -51,7 +52,7 @@ extern "C" { #endif -#define LIBVERSION "lib_mysqludf_sys version 0.0.2" +#define LIBVERSION "lib_mysqludf_sys version 0.0.3" #ifdef __WIN__ #define SETENV(name,value) SetEnvironmentVariable(name,value); @@ -139,7 +140,7 @@ /** * sys_exec * - * executes the argument commandstring. + * executes the argument commandstring and returns its exit status. * Beware that this can be a security hazard. */ DLLEXP @@ -162,6 +163,34 @@ , char *error ); +/** + * sys_eval + * + * executes the argument commandstring and returns its standard output. + * Beware that this can be a security hazard. + */ +DLLEXP +my_bool sys_eval_init( + UDF_INIT *initid +, UDF_ARGS *args +, char *message +); + +DLLEXP +void sys_eval_deinit( + UDF_INIT *initid +); + +DLLEXP +char* sys_eval( + UDF_INIT *initid +, UDF_ARGS *args +, char* result +, unsigned long* length +, char *is_null +, char *error +); + #ifdef __cplusplus } @@ -336,5 +365,62 @@ return system(args->args[0]); } +my_bool sys_eval_init( + UDF_INIT *initid +, UDF_ARGS *args +, char *message +){ + unsigned int i=0; + if(args->arg_count == 1 + && args->arg_type[i]==STRING_RESULT){ + return 0; + } else { + strcpy( + message + , "Expected exactly one string type parameter" + ); + return 1; + } +} +void sys_eval_deinit( + UDF_INIT *initid +){ +} +char* sys_eval( + UDF_INIT *initid +, UDF_ARGS *args +, char* result +, unsigned long* length +, char *is_null +, char *error +){ + FILE *pipe; + char line[1024]; + unsigned long outlen, linelen; + + result = malloc(1); + outlen = 0; + + pipe = popen(args->args[0], "r"); + + while (fgets(line, sizeof(line), pipe) != NULL) { + linelen = strlen(line); + result = realloc(result, outlen + linelen); + strncpy(result + outlen, line, linelen); + outlen = outlen + linelen; + } + + pclose(pipe); + + if (!(*result) || result == NULL) { + *is_null = 1; + } else { + result[outlen] = 0x00; + *length = strlen(result); + } + + return result; +} + #endif /* HAVE_DLOPEN */ diff -uN lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.html lib_mysqludf_sys/lib_mysqludf_sys.html --- lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.html 2009-01-22 12:01:55.000000000 +0000 +++ lib_mysqludf_sys/lib_mysqludf_sys.html 2009-01-22 10:21:46.000000000 +0000 @@ -23,7 +23,8 @@ This library lib_mysqludf_sys contains a number of functions that allows one to interact with the operating system.

    -
  1. sys_exec - executes an arbitrary command, and can thus be used to launch an external application.
    2. +
  2. sys_eval - executes an arbitrary command, and returns it's output.
    3. +
  3. sys_exec - executes an arbitrary command, and returns it's exit code.
  4. sys_get - gets the value of an environment variable.
  5. sys_set - create an environment variable, or update the value of an existing environment variable.
@@ -31,6 +32,72 @@ Use lib_mysqludf_sys_info() to obtain information about the currently installed version of lib_mysqludf_sys.

+ +

sys_eval

+

+ sys_eval takes one command string argument and executes it, returning its output. +

+

Syntax

+
sys_eval(arg1)
+

Parameters and Return Values

+
+
arg1
+
+ A command string valid for the current operating system or execution environment. +
+
returns
+
+ Whatever output the command pushed to the standard output stream. +
+
+

Installation

+

+ Place the shared library binary in an appropriate location. + Log in to mysql as root or as another user with sufficient privileges, and select any database. + Then, create the function using the following DDL statement: +

+ 
+CREATE FUNCTION sys_eval RETURNS STRING SONAME 'lib_mysqludf_sys.so';	
+
+

+ The function will be globally available in all databases. +

+

+ The deinstall the function, run the following statement: +

+ 
+DROP FUNCTION sys_eval;
+
+

Examples

+

+ None yet +

+

A Note of Caution

+

+ Be very careful in deciding whether you need this function. + UDFs are available to all database users - you cannot grant EXECUTE privileges for them. + As the commandstring passed to sys_exec can do pretty much everything, + exposing the function poses a very real security hazard. +

+

+ Even for a benign user, it is possible to accidentally do a lot of damage with it. + The call will be executed with the privileges of the os user that runs MySQL, + so it is entirely feasible to delete MySQL's data directory, or worse. +

+

+ The function is intended for specialized MySQL applications where one needs extended + control over the operating system. + Currently, we do not have UDF's for ftp, email and http, + and this function can be used to implement such functionality in case it is really necessary + (datawarehouse staging areas could be a case in example). +

+

+ You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this. +

+

+ If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using AppArmor. +

+

sys_exec

sys_exec takes one command string argument and executes it. @@ -92,6 +159,9 @@

You have been warned! If you don't see the hazard, please don't try to find it; just trust me on this.

+

+ If you do decide to use this library in a production environment, make sure that only specific commands can be run and file access is limited by using AppArmor. +

sys_get

sys_get takes the name of an environment variable and returns the value of the variable. Binary files lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.so and lib_mysqludf_sys/lib_mysqludf_sys.so differ diff -uN lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.sql lib_mysqludf_sys/lib_mysqludf_sys.sql --- lib_mysqludf_sys_0.0.2/lib_mysqludf_sys.sql 2009-01-22 12:01:55.000000000 +0000 +++ lib_mysqludf_sys/lib_mysqludf_sys.sql 2009-01-22 10:21:53.000000000 +0000 @@ -1,30 +1,33 @@ -/* - lib_mysqludf_sys - a library with miscellaneous (operating) system level functions - Copyright (C) 2007 Roland Bouman - web: http://www.xcdsql.org/MySQL/UDF/ - email: mysqludfs@gmail.com - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +/* + lib_mysqludf_sys - a library with miscellaneous (operating) system level functions + Copyright (C) 2007 Roland Bouman + Copyright (C) 2008-2009 Roland Bouman and Bernardo Damele A. G. + web: http://www.mysqludf.org/ + email: roland.bouman@gmail.com, bernardo.damele@gmail.com + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -drop function lib_mysqludf_sys_info; -drop function sys_get; -drop function sys_set; -drop function sys_exec; +DROP FUNCTION IF EXISTS lib_mysqludf_sys_info; +DROP FUNCTION IF EXISTS sys_get; +DROP FUNCTION IF EXISTS sys_set; +DROP FUNCTION IF EXISTS sys_exec; +DROP FUNCTION IF EXISTS sys_eval; -create function lib_mysqludf_sys_info returns string soname 'lib_mysqludf_sys.so'; -create function sys_get returns string soname 'lib_mysqludf_sys.so'; -create function sys_set returns int soname 'lib_mysqludf_sys.so'; -create function sys_exec returns int soname 'lib_mysqludf_sys.so'; +CREATE FUNCTION lib_mysqludf_sys_info RETURNS string SONAME 'lib_mysqludf_sys.so'; +CREATE FUNCTION sys_get RETURNS string SONAME 'lib_mysqludf_sys.so'; +CREATE FUNCTION sys_set RETURNS int SONAME 'lib_mysqludf_sys.so'; +CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.so'; +CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.so'; diff -uN lib_mysqludf_sys_0.0.2/Makefile lib_mysqludf_sys/Makefile --- lib_mysqludf_sys_0.0.2/Makefile 2009-01-22 12:01:55.000000000 +0000 +++ lib_mysqludf_sys/Makefile 2009-01-19 09:11:00.000000000 +0000 @@ -1,6 +1,4 @@ -linux: \ - lib_mysqludf_sys.so +LIBDIR=/usr/lib -lib_mysqludf_sys.so: \ - - gcc -Wall -I/opt/mysql/mysql/include -I. -shared lib_mysqludf_sys.c -o lib_mysqludf_sys.so +install: + gcc -Wall -I/usr/include/mysql -I. -shared lib_mysqludf_sys.c -o $(LIBDIR)/lib_mysqludf_sys.so Common subdirectories: lib_mysqludf_sys_0.0.2/.svn and lib_mysqludf_sys/.svn