Re: [pgAdmin][RM-2341]: Add menu option for starting PSQL

On Mon, Jun 14, 2021 at 3:35 PM Akshay Joshi <akshay(dot)joshi(at)enterprisedb(dot)com>
wrote:

> Hi Dave
>
> On Mon, Jun 14, 2021 at 7:57 PM Dave Page <dpage(at)pgadmin(dot)org> wrote:
>
>> Hi
>>
>> On Mon, Jun 14, 2021 at 3:18 PM Nikhil Mohite <
>> nikhil(dot)mohite(at)enterprisedb(dot)com> wrote:
>>
>>> Hi Akshay,
>>>
>>> I have added the following commands for invalid command check:
>>>
>>> 1. \lo_import
>>> 2. \lo_export
>>> 3. \w or write
>>> 4. \o or \output
>>> 5. \g
>>>
>>> \qecho? \ev?
>>
>> I'm very concerned we're missing more here, and will continue to miss new
>> commands that are added to psql in the future.
>>
>> I think we need to disable the feature entirely in server mode by
>> default, and probably remove the code that attempts to filter out commands.
>>
>
> If I understand correctly we need to change in config.py and make
> ENABLE_PSQL = False in server mode.
>

Right - but we'd also have the redundant command filtering code (and config
option), which we should remove.

>
>> Then it just becomes a case of "this can be dangerous in server mode, as
>> your user will be able to run arbitrary commands on the server. Enable at
>> your own risk".
>>
>
> The above note will go into the config.py as a comment or in the
> documentation.
>

I'm thinking the patch to config.py would be something like the following.
There would be other minor changes required of course, but this part of the
patch should indicate what would be required:

Index: web/config.py
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/web/config.py b/web/config.py
--- a/web/config.py (revision 4a3a5174b2b0793cea0a2575c10814a784f5f0a1)
+++ b/web/config.py (date 1623241653320)
@@ -645,18 +645,12 @@
##########################################################################
# PSQL tool settings
##########################################################################
-# This will enable PSQL tool in pgAdmin. So user can execute the commands
-# using PSQL terminal in pgAdmin.
-ENABLE_PSQL = True
+# This will enable PSQL tool in pgAdmin when running in server mode.
+# PSQL is always enabled in Desktop mode, however in server mode it is
+# disabled by default because users can run arbitrary commands on the
+# server through it.
+ENABLE_PSQL = False

-# ALLOW_PSQL_SHELL_COMMAND = True will disable the execution of os level
-# commands using meta command \! from PSQL terminal.
-# As PSQL allow user to execute the os level commands from the PSQL
terminal
-# user can execute any system level command as per the system login user
-# privileges. Default this setting is set to False but if it set to True
-# User will able to execute the system level commands through PSQL terminal
-# in pgAdmin.
-ALLOW_PSQL_SHELL_COMMANDS = False
##########################################################################
# ENABLE_BINARY_PATH_BROWSING setting is used to enable the browse button
# while selecting binary path for the database server in server mode.

>
>>
>>> I am referring to the https://www.postgresql.org/docs/12/app-psql.html
>>> link for finding the commands.
>>> PFA patch V10.
>>>
>>>
>>> On Mon, Jun 14, 2021 at 6:48 PM Dave Page <dpage(at)pgadmin(dot)org> wrote:
>>>
>>>> Hi
>>>>
>>>> On Mon, Jun 14, 2021 at 2:13 PM Nikhil Mohite <
>>>> nikhil(dot)mohite(at)enterprisedb(dot)com> wrote:
>>>>
>>>>> Hi Akshay,
>>>>>
>>>>> Please find the updated patch for psql, Updated invalid command logic
>>>>> added 3 more commands in it.
>>>>> 1. \copy or \COPY
>>>>> 2. \e or \E
>>>>> 3. \ef or \EF
>>>>>
>>>>
>>>> Should they just be case insensitive?
>>>>
>>> \ commands are case sensitive.
>>>
>>
>> So what are \E and \EF? I can't see them in the pg13 docs.
>>
>>
>>>
>>>>
>>>>>
>>>>> Now user can't execute these commands if allow shell commands is set
>>>>> to False.
>>>>>
>>>>
>>>> What about \lo_import and \lo_export? I think those are potentially
>>>> dangerous too. Also, \echo.
>>>>
>>> added this as well.
>>>
>>>>
>>>>
>>>>>
>>>>> If required any changes please let me know.
>>>>>
>>>>> Regards,
>>>>> Nikhil Mohite
>>>>>
>>>>> On Mon, Jun 14, 2021 at 11:48 AM Akshay Joshi <
>>>>> akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
>>>>>
>>>>>> Thanks, the patch applied.
>>>>>>
>>>>>> On Mon, Jun 14, 2021 at 10:55 AM Nikhil Mohite <
>>>>>> nikhil(dot)mohite(at)enterprisedb(dot)com> wrote:
>>>>>>
>>>>>>> Hi Team,
>>>>>>>
>>>>>>> PFA patch v8
>>>>>>>
>>>>>>> On Mon, Jun 14, 2021 at 10:25 AM Nikhil Mohite <
>>>>>>> nikhil(dot)mohite(at)enterprisedb(dot)com> wrote:
>>>>>>>
>>>>>>>> Hi Team,
>>>>>>>>
>>>>>>>> Please find the updated patch for the PSQL tool, Added check if the
>>>>>>>> Windows version is not supporting the ConPty or WinPty disable the PSQL for
>>>>>>>> that version. (PSQL option will not visible to the user).
>>>>>>>>
>>>>>>>> I have raised the issue with "pywinpty"
>>>>>>>> https://github.com/spyder-ide/pywinpty/issues/161
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Nikhil Mohite
>>>>>>>>
>>>>>>>> On Fri, Jun 11, 2021 at 6:25 PM Dave Page <dpage(at)pgadmin(dot)org>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hi
>>>>>>>>>
>>>>>>>>> On Fri, Jun 11, 2021 at 1:45 PM Fahar Abbas <
>>>>>>>>> fahar(dot)abbas(at)enterprisedb(dot)com> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Dave,
>>>>>>>>>>
>>>>>>>>>> On Fri, Jun 11, 2021 at 1:39 PM Dave Page <dpage(at)pgadmin(dot)org>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Fri, Jun 11, 2021 at 9:35 AM Fahar Abbas <
>>>>>>>>>>> fahar(dot)abbas(at)enterprisedb(dot)com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Sure Dave, I will create a new VM with the latest iso.
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Not the latest. 1809 please. And if that doesn't work, 1909. We
>>>>>>>>>>> need to understand exactly what versions work and which don't.
>>>>>>>>>>>
>>>>>>>>>>> pgadmin4 is working fine on Windows 10 x64(1809).
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Great, thanks!
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Do I also need to test pgadmin4 on 1909 iso?
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I don't think so. I'm 99% certain that what we're seeing is that
>>>>>>>>> it works on the versions of Windows that support conpty, but not the older
>>>>>>>>> ones where the pywinpty library is *supposed* to fall back to using winpty.
>>>>>>>>>
>>>>>>>>> Hopefully Nikhil can get to the bottom of the problem with the
>>>>>>>>> pywinpty folks.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> Nikhil is not able to reproduce the issue on Windows 10 with
>>>>>>>>>>>> the latest version. So the issue is reproducible with older versions.
>>>>>>>>>>>>
>>>>>>>>>>>> Kind Regards,
>>>>>>>>>>>> On Fri, Jun 11, 2021 at 1:28 PM Dave Page <dpage(at)pgadmin(dot)org>
>>>>>>>>>>>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Fri, Jun 11, 2021 at 9:25 AM Fahar Abbas <
>>>>>>>>>>>>> fahar(dot)abbas(at)enterprisedb(dot)com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Windows 10 Enterprise 2016 LTSB.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hmm, I assume that is version 1607. Can you test with 1809
>>>>>>>>>>>>> please? And if that doesn't work, try 1909.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Fri, Jun 11, 2021 at 1:12 PM Dave Page <dpage(at)pgadmin(dot)org>
>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hi
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Fri, Jun 11, 2021 at 7:44 AM Fahar Abbas <
>>>>>>>>>>>>>>> fahar(dot)abbas(at)enterprisedb(dot)com> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> pgadmin4 is failing on following operating systems :
>>>>>>>>>>>>>>>> Windows 2016
>>>>>>>>>>>>>>>> Windows 2012
>>>>>>>>>>>>>>>> Windows 07
>>>>>>>>>>>>>>>> Windows 2008R2
>>>>>>>>>>>>>>>> Windows 10 64
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> What version of Windows 10? I *think* conpty was introduced
>>>>>>>>>>>>>>> in 1809.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> pgadmin4 is working fine in following operating system:
>>>>>>>>>>>>>>>> Windows 2019
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Thu, Jun 10, 2021 at 7:51 PM Dave Page <
>>>>>>>>>>>>>>>> dpage(at)pgadmin(dot)org> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On Thu, Jun 10, 2021 at 2:22 PM Nikhil Mohite <
>>>>>>>>>>>>>>>>> nikhil(dot)mohite(at)enterprisedb(dot)com> wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Hi Dave,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On Thu, Jun 10, 2021 at 6:37 PM Dave Page <
>>>>>>>>>>>>>>>>>> dpage(at)pgadmin(dot)org> wrote:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Hi
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> On Thu, Jun 10, 2021 at 2:00 PM Nikhil Mohite <
>>>>>>>>>>>>>>>>>>> nikhil(dot)mohite(at)enterprisedb(dot)com> wrote:
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Hi Dave,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> On Thu, Jun 10, 2021 at 5:22 PM Dave Page <
>>>>>>>>>>>>>>>>>>>> dpage(at)pgadmin(dot)org> wrote:
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Hi
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> On Thu, Jun 10, 2021 at 11:08 AM Nikhil Mohite <
>>>>>>>>>>>>>>>>>>>>> nikhil(dot)mohite(at)enterprisedb(dot)com> wrote:
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Hi Dave/ Team,
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> We are facing an issue with winpty.dll on Windows
>>>>>>>>>>>>>>>>>>>>>> server 2016 and Windows 7(these are platforms on which we have tested).
>>>>>>>>>>>>>>>>>>>>>> Files required for winpty are present in the
>>>>>>>>>>>>>>>>>>>>>> site-packages but still, it is unable to load the winpty.dll file on these
>>>>>>>>>>>>>>>>>>>>>> specific platforms. We have tested it on Windows 10 pro and Windows server
>>>>>>>>>>>>>>>>>>>>>> 2019 and it is working fine. (Also tried building the local pywinpty but
>>>>>>>>>>>>>>>>>>>>>> unable to build it.) ref link for winPty
>>>>>>>>>>>>>>>>>>>>>> https://github.com/rprichard/winpty#:~:text=winpty%20is%20a%20Windows%20software,in%20a%20Cygwin%2FMSYS%20pty.
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Does winpty.exe run, if executed from the command line
>>>>>>>>>>>>>>>>>>>>> instead of pgAdmin? If not, does dependency walker show any missing
>>>>>>>>>>>>>>>>>>>>> libraries that are required?
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Not found the winpty.exe in site packages, but as per
>>>>>>>>>>>>>>>>>>>> the winpty documents "winpty-agent.exe" will start the process with a new,
>>>>>>>>>>>>>>>>>>>> hidden console window. It is not showing any error while installing the
>>>>>>>>>>>>>>>>>>>> package. I tried to use it outside the pgAdmin but still facing the same
>>>>>>>>>>>>>>>>>>>> error "Exception in import winpty DLL load failed while importing winpty:
>>>>>>>>>>>>>>>>>>>> The specified procedure could not be found."(created a separate python
>>>>>>>>>>>>>>>>>>>> environment for this)
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> 1. if try to run winpty-agent.exe from the command
>>>>>>>>>>>>>>>>>>>> line, it shows the user entered inputs on the same terminal, not showing
>>>>>>>>>>>>>>>>>>>> any errors.
>>>>>>>>>>>>>>>>>>>> [image: image.png]
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> 2. I found winpty.exe in the other installed app (Git
>>>>>>>>>>>>>>>>>>>> command line: C:\Program Files (x86)\Git\usr\bin) if try to run it through
>>>>>>>>>>>>>>>>>>>> the command line not getting any error, it is showing user entered inputs
>>>>>>>>>>>>>>>>>>>> on the same terminal. (It is not related to pgAdmin but just tried to check
>>>>>>>>>>>>>>>>>>>> winpty.exe throwing any error or not)
>>>>>>>>>>>>>>>>>>>> [image: image.png]
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Hmmm, that sounds oddly similar to an issue I had with
>>>>>>>>>>>>>>>>>>> Kerberos on Windows when I was mucking around with that. I can't remember
>>>>>>>>>>>>>>>>>>> the exact details, but as a test, does the problem go away if winpty.dll is
>>>>>>>>>>>>>>>>>>> copied into the Windows system32 directory?
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Tried it but still facing the same issue.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> OK, I had a fiddle around, and see the same thing. I can't
>>>>>>>>>>>>>>>>> do a simple import of winpty. On 2019 it's fine. I tried various tricks
>>>>>>>>>>>>>>>>> that I've used in the past to make sure libraries are found etc.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Could this be because it's trying to use the
>>>>>>>>>>>>>>>>> conpty interface in Windows 10 and above?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> If we can't get this to work tomorrow, I think it's fine
>>>>>>>>>>>>>>>>> to simply hide the menu options and button if the server detects it's
>>>>>>>>>>>>>>>>> running on an unsupported version of Windows. Of course, this should be
>>>>>>>>>>>>>>>>> documented. We also need to make sure we know *exactly* what versions it
>>>>>>>>>>>>>>>>> does and does not work on.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>> Dave Page
>>>>>>>>>>>>>>>>> Blog: https://pgsnake.blogspot.com
>>>>>>>>>>>>>>>>> Twitter: @pgsnake
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> EDB: https://www.enterprisedb.com
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>> Fahar Abbas
>>>>>>>>>>>>>>>> EnterpriseDB Corporation
>>>>>>>>>>>>>>>> Phone Office: +92-51-835-8874
>>>>>>>>>>>>>>>> Phone Direct: +92-51-8466803
>>>>>>>>>>>>>>>> Mobile: +92-333-5409707
>>>>>>>>>>>>>>>> Skype ID: *live:fahar.abbas*
>>>>>>>>>>>>>>>> Website: www.enterprisedb.com
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> Dave Page
>>>>>>>>>>>>>>> Blog: https://pgsnake.blogspot.com
>>>>>>>>>>>>>>> Twitter: @pgsnake
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> EDB: https://www.enterprisedb.com
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> Fahar Abbas
>>>>>>>>>>>>>> EnterpriseDB Corporation
>>>>>>>>>>>>>> Phone Office: +92-51-835-8874
>>>>>>>>>>>>>> Phone Direct: +92-51-8466803
>>>>>>>>>>>>>> Mobile: +92-333-5409707
>>>>>>>>>>>>>> Skype ID: *live:fahar.abbas*
>>>>>>>>>>>>>> Website: www.enterprisedb.com
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Dave Page
>>>>>>>>>>>>> Blog: https://pgsnake.blogspot.com
>>>>>>>>>>>>> Twitter: @pgsnake
>>>>>>>>>>>>>
>>>>>>>>>>>>> EDB: https://www.enterprisedb.com
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Fahar Abbas
>>>>>>>>>>>> EnterpriseDB Corporation
>>>>>>>>>>>> Phone Office: +92-51-835-8874
>>>>>>>>>>>> Phone Direct: +92-51-8466803
>>>>>>>>>>>> Mobile: +92-333-5409707
>>>>>>>>>>>> Skype ID: *live:fahar.abbas*
>>>>>>>>>>>> Website: www.enterprisedb.com
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Dave Page
>>>>>>>>>>> Blog: https://pgsnake.blogspot.com
>>>>>>>>>>> Twitter: @pgsnake
>>>>>>>>>>>
>>>>>>>>>>> EDB: https://www.enterprisedb.com
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Fahar Abbas
>>>>>>>>>> EnterpriseDB Corporation
>>>>>>>>>> Phone Office: +92-51-835-8874
>>>>>>>>>> Phone Direct: +92-51-8466803
>>>>>>>>>> Mobile: +92-333-5409707
>>>>>>>>>> Skype ID: *live:fahar.abbas*
>>>>>>>>>> Website: www.enterprisedb.com
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Dave Page
>>>>>>>>> Blog: https://pgsnake.blogspot.com
>>>>>>>>> Twitter: @pgsnake
>>>>>>>>>
>>>>>>>>> EDB: https://www.enterprisedb.com
>>>>>>>>>
>>>>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Thanks & Regards*
>>>>>> *Akshay Joshi*
>>>>>> *pgAdmin Hacker | Principal Software Architect*
>>>>>> *EDB Postgres <http://edbpostgres.com>*
>>>>>>
>>>>>> *Mobile: +91 976-788-8246*
>>>>>>
>>>>>
>>>>
>>>> --
>>>> Dave Page
>>>> Blog: https://pgsnake.blogspot.com
>>>> Twitter: @pgsnake
>>>>
>>>> EDB: https://www.enterprisedb.com
>>>>
>>>> Regards,
>>> Nikhil Mohite
>>>
>>
>>
>> --
>> Dave Page
>> Blog: https://pgsnake.blogspot.com
>> Twitter: @pgsnake
>>
>> EDB: https://www.enterprisedb.com
>>
>>
>
> --
> *Thanks & Regards*
> *Akshay Joshi*
> *pgAdmin Hacker | Principal Software Architect*
> *EDB Postgres <http://edbpostgres.com>*
>
> *Mobile: +91 976-788-8246*
>

--
Dave Page
Blog: https://pgsnake.blogspot.com
Twitter: @pgsnake

EDB: https://www.enterprisedb.com