Re: [BUGS] Bug #756: suggestion: file with password instead of - Mailing list pgsql-patches

From Bruce Momjian
Subject Re: [BUGS] Bug #756: suggestion: file with password instead of
Date
Msg-id 200209052206.g85M6Fb01163@candle.pha.pa.us
Whole thread Raw
Responses Re: [BUGS] Bug #756: suggestion: file with password instead of
List pgsql-patches
Tom Lane wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > OK, next question.  Is this something that can be fixed during beta.
>
> Yeah, I think so --- it's not forcing an initdb, so it won't be too
> painful for beta testers.  And once we release it will be very hard
> to change the definition of the feature; better to get it right now.

OK, patch applied.  I will update HISTORY now and send an email to
hackers outlining the change.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073
Index: doc/src/sgml/libpq.sgml
===================================================================
RCS file: /cvsroot/pgsql-server/doc/src/sgml/libpq.sgml,v
retrieving revision 1.94
diff -c -c -r1.94 libpq.sgml
*** doc/src/sgml/libpq.sgml    2 Sep 2002 20:21:32 -0000    1.94
--- doc/src/sgml/libpq.sgml    5 Sep 2002 21:46:31 -0000
***************
*** 2052,2074 ****
  </listitem>
  <listitem>
  <para>
- <indexterm>
-  <primary><envar>PGPASSWORDFILE</envar></primary>
- </indexterm>
- <envar>PGPASSWORDFILE</envar>
- sets the password file used if the backend demands password authentication.
- This file should have the format
- <screen>
-
<replaceable>hostname</replaceable>:<replaceable>port</replaceable>:<replaceable>database</replaceable>:<replaceable>username</replaceable>:<replaceable>password</replaceable>
- </screen>
- Any of these may be a literal name, or a <literal>*</literal> that matches
- anything.  The first match will be the one used, so put more specific entries first.
- Entries with <literal>:</literal> or <literal>\</literal> should be escaped
- with <literal>\</literal>.
- </para>
- </listitem>
- <listitem>
- <para>
  <envar>PGREALM</envar> sets the Kerberos realm to  use  with
  <productname>PostgreSQL</productname>, if  it is different from the local realm.
  If <envar>PGREALM</envar> is set, <productname>PostgreSQL</productname>
--- 2052,2057 ----
***************
*** 2139,2144 ****
--- 2122,2148 ----
  for information on correct values for these environment variables.
  </para>

+ </sect1>
+
+
+ <sect1 id="libpq-files">
+ <title>Files</title>
+
+ <indexterm zone="libpq-files">
+  <primary>files</primary>
+ </indexterm>
+ <para>
+ <filename>$HOME/.pgpass</filename> is a file that can contain passwords
+ to be used if the connection requires a password. This file should have the
+ format:
+ <screen>
+
<replaceable>hostname</replaceable>:<replaceable>port</replaceable>:<replaceable>database</replaceable>:<replaceable>username</replaceable>:<replaceable>password</replaceable>
+ </screen>
+ Any of these may be a literal name, or <literal>*</literal>, which matches
+ anything.  The first match will be used so put more specific entries first.
+ Entries with <literal>:</literal> or <literal>\</literal> should be escaped
+ with <literal>\</literal>.
+ </para>
  </sect1>

  <sect1 id="libpq-threading">
Index: doc/src/sgml/ref/clusterdb.sgml
===================================================================
RCS file: /cvsroot/pgsql-server/doc/src/sgml/ref/clusterdb.sgml,v
retrieving revision 1.2
diff -c -c -r1.2 clusterdb.sgml
*** doc/src/sgml/ref/clusterdb.sgml    3 Sep 2002 01:11:37 -0000    1.2
--- doc/src/sgml/ref/clusterdb.sgml    5 Sep 2002 21:46:32 -0000
***************
*** 54,63 ****
    </para>

    <para>
!   <application>clusterdb</application> will need to connect several times to the
!   <productname>PostgreSQL</productname> server.  If you are using password
!   authentication, it will ask for the password each time. It will probably be
!   very convenient to have a PGPASSWORDFILE in that case.
    </para>

   </refsect1>
--- 54,63 ----
    </para>

    <para>
!   <application>clusterdb</application> might need to connect several
!   times to the <productname>PostgreSQL</productname> server, asking for
!   a password each time. It is convenient to have a
!   <filename>$HOME/.pgpass</> file in such cases.
    </para>

   </refsect1>
Index: doc/src/sgml/ref/pg_dumpall.sgml
===================================================================
RCS file: /cvsroot/pgsql-server/doc/src/sgml/ref/pg_dumpall.sgml,v
retrieving revision 1.32
diff -c -c -r1.32 pg_dumpall.sgml
*** doc/src/sgml/ref/pg_dumpall.sgml    27 Aug 2002 18:57:26 -0000    1.32
--- doc/src/sgml/ref/pg_dumpall.sgml    5 Sep 2002 21:46:34 -0000
***************
*** 61,66 ****
--- 61,74 ----
     The SQL script will be written to the standard output.  Shell
     operators should be used to redirect it into a file.
    </para>
+
+   <para>
+   <application>pg_dumpall</application> might need to connect several
+   times to the <productname>PostgreSQL</productname> server, asking for
+   a password each time. It is convenient to have a
+   <filename>$HOME/.pgpass</> file in such cases.
+   </para>
+
   </refsect1>

   <refsect1>
Index: doc/src/sgml/ref/vacuumdb.sgml
===================================================================
RCS file: /cvsroot/pgsql-server/doc/src/sgml/ref/vacuumdb.sgml,v
retrieving revision 1.24
diff -c -c -r1.24 vacuumdb.sgml
*** doc/src/sgml/ref/vacuumdb.sgml    27 Aug 2002 03:55:17 -0000    1.24
--- doc/src/sgml/ref/vacuumdb.sgml    5 Sep 2002 21:46:34 -0000
***************
*** 62,70 ****


    <para>
!   <application>vacuumdb</application> will need to connect several times to the
!   <productname>PostgreSQL</productname> server, asking for the password each
!   time. It will probably be very convenient to have a PGPASSWORDFILE in that case.
    </para>

   </refsect1>
--- 62,71 ----


    <para>
!   <application>vacuumdb</application> might need to connect several
!   times to the <productname>PostgreSQL</productname> server, asking for
!   a password each time. It is convenient to have a
!   <filename>$HOME/.pgpass</> file in such cases.
    </para>

   </refsect1>
Index: src/bin/psql/input.c
===================================================================
RCS file: /cvsroot/pgsql-server/src/bin/psql/input.c,v
retrieving revision 1.19
diff -c -c -r1.19 input.c
*** src/bin/psql/input.c    10 Apr 2002 22:46:58 -0000    1.19
--- src/bin/psql/input.c    5 Sep 2002 21:46:38 -0000
***************
*** 30,35 ****
--- 30,37 ----
  static void finishInput(int, void *);
  #endif

+ #define PSQLHISTORY    "/.psql_history"
+

  /*
   * gets_interactive()
***************
*** 142,152 ****
          home = getenv("HOME");
          if (home)
          {
!             char       *psql_history = (char *) malloc(strlen(home) + 20);

              if (psql_history)
              {
!                 sprintf(psql_history, "%s/.psql_history", home);
                  read_history(psql_history);
                  free(psql_history);
              }
--- 144,155 ----
          home = getenv("HOME");
          if (home)
          {
!             char       *psql_history = (char *) malloc(strlen(home) +
!                                                 strlen(PSQLHISTORY) + 1);

              if (psql_history)
              {
!                 sprintf(psql_history, "%s" PSQLHISTORY, home);
                  read_history(psql_history);
                  free(psql_history);
              }
***************
*** 201,214 ****
          home = getenv("HOME");
          if (home)
          {
!             psql_history = (char *) malloc(strlen(home) + 20);
              if (psql_history)
              {
                  const char *var = GetVariable(pset.vars, "HISTSIZE");

                  if (var)
                      stifle_history(atoi(var));
!                 sprintf(psql_history, "%s/.psql_history", home);
                  write_history(psql_history);
                  free(psql_history);
              }
--- 204,218 ----
          home = getenv("HOME");
          if (home)
          {
!             psql_history = (char *) malloc(strlen(home) +
!                                     strlen(PSQLHISTORY) + 1);
              if (psql_history)
              {
                  const char *var = GetVariable(pset.vars, "HISTSIZE");

                  if (var)
                      stifle_history(atoi(var));
!                 sprintf(psql_history, "%s" PSQLHISTORY, home);
                  write_history(psql_history);
                  free(psql_history);
              }
Index: src/bin/psql/startup.c
===================================================================
RCS file: /cvsroot/pgsql-server/src/bin/psql/startup.c,v
retrieving revision 1.64
diff -c -c -r1.64 startup.c
*** src/bin/psql/startup.c    4 Sep 2002 20:31:36 -0000    1.64
--- src/bin/psql/startup.c    5 Sep 2002 21:46:41 -0000
***************
*** 599,622 ****
  #define R_OK 0
  #endif

      /* Look for one in the home dir */
      home = getenv("HOME");

      if (home)
      {
!         psqlrc = malloc(strlen(home) + 20);
          if (!psqlrc)
          {
              fprintf(stderr, gettext("%s: out of memory\n"), pset.progname);
              exit(EXIT_FAILURE);
          }

!         sprintf(psqlrc, "%s/.psqlrc-" PG_VERSION, home);
          if (access(psqlrc, R_OK) == 0)
              process_file(psqlrc);
          else
          {
!             sprintf(psqlrc, "%s/.psqlrc", home);
              if (access(psqlrc, R_OK) == 0)
                  process_file(psqlrc);
          }
--- 599,625 ----
  #define R_OK 0
  #endif

+ #define PSQLRC "/.psqlrc"
+
      /* Look for one in the home dir */
      home = getenv("HOME");

      if (home)
      {
!         psqlrc = malloc(strlen(home) + strlen(PSQLRC) + 1 +
!                  strlen(PG_VERSION) + 1);
          if (!psqlrc)
          {
              fprintf(stderr, gettext("%s: out of memory\n"), pset.progname);
              exit(EXIT_FAILURE);
          }

!         sprintf(psqlrc, "%s" PSQLRC "-" PG_VERSION, home);
          if (access(psqlrc, R_OK) == 0)
              process_file(psqlrc);
          else
          {
!             sprintf(psqlrc, "%s" PSQLRC, home);
              if (access(psqlrc, R_OK) == 0)
                  process_file(psqlrc);
          }
Index: src/interfaces/libpq/fe-connect.c
===================================================================
RCS file: /cvsroot/pgsql-server/src/interfaces/libpq/fe-connect.c,v
retrieving revision 1.201
diff -c -c -r1.201 fe-connect.c
*** src/interfaces/libpq/fe-connect.c    4 Sep 2002 20:31:46 -0000    1.201
--- src/interfaces/libpq/fe-connect.c    5 Sep 2002 21:46:55 -0000
***************
*** 66,71 ****
--- 66,72 ----
  #define NOTIFYLIST_INITIAL_SIZE 10
  #define NOTIFYLIST_GROWBY 10

+ #define PGPASSFILE "/.pgpass"

  /* ----------
   * Definition of the conninfo parameters and their fallback resources.
***************
*** 186,192 ****
                   PQExpBuffer errorMessage);
  char       *pwdfMatchesString(char *buf, char *token);
  char *PasswordFromFile(char *hostname, char *port, char *dbname,
!                  char *username, char *pwdfile);

  /*
   *        Connecting to a Database
--- 187,193 ----
                   PQExpBuffer errorMessage);
  char       *pwdfMatchesString(char *buf, char *token);
  char *PasswordFromFile(char *hostname, char *port, char *dbname,
!                        char *username);

  /*
   *        Connecting to a Database
***************
*** 395,404 ****
   *
   *      PGPASSWORD   The user's password.
   *
-  *      PGPASSWORDFILE
-  *                   A file that contains host:port:database:user:password
-  *                   for authentication
-  *
   *      PGDATABASE   name of database to which to connect if <pgdatabase>
   *                   argument is NULL or a null string
   *
--- 396,401 ----
***************
*** 506,513 ****
      else if ((tmp = getenv("PGPASSWORD")) != NULL)
          conn->pgpass = strdup(tmp);
      else if ((tmp = PasswordFromFile(conn->pghost, conn->pgport,
!                                      conn->dbName, conn->pguser,
!                                      getenv("PGPASSWORDFILE"))) != NULL)
          conn->pgpass = tmp;
      else
          conn->pgpass = strdup(DefaultPassword);
--- 503,509 ----
      else if ((tmp = getenv("PGPASSWORD")) != NULL)
          conn->pgpass = strdup(tmp);
      else if ((tmp = PasswordFromFile(conn->pghost, conn->pgport,
!                                      conn->dbName, conn->pguser)))
          conn->pgpass = tmp;
      else
          conn->pgpass = strdup(DefaultPassword);
***************
*** 2905,2926 ****

  /* get a password from the password file. */
  char *
! PasswordFromFile(char *hostname, char *port, char *dbname,
!                  char *username, char *pwdfile)
  {
      FILE       *fp;

  #define LINELEN NAMEDATALEN*5
      char        buf[LINELEN];
-     struct stat stat_buf;
-
-     if (pwdfile == NULL || strcmp(pwdfile, "") == 0)
-         return NULL;

!     if (dbname == NULL || strcmp(dbname, "") == 0)
          return NULL;

!     if (username == NULL || strcmp(username, "") == 0)
          return NULL;

      if (hostname == NULL)
--- 2901,2920 ----

  /* get a password from the password file. */
  char *
! PasswordFromFile(char *hostname, char *port, char *dbname, char *username)
  {
      FILE       *fp;
+     char       *pgpassfile;
+     char       *home;
+     struct stat stat_buf;

  #define LINELEN NAMEDATALEN*5
      char        buf[LINELEN];

!     if (dbname == NULL || strlen(dbname) == 0)
          return NULL;

!     if (username == NULL || strlen(username) == 0)
          return NULL;

      if (hostname == NULL)
***************
*** 2929,2948 ****
      if (port == NULL)
          port = DEF_PGPORT_STR;

      /* If password file cannot be opened, ignore it. */
!     if (stat(pwdfile, &stat_buf) == -1)
          return NULL;

      /* If password file is insecure, alert the user and ignore it. */
      if (stat_buf.st_mode & (S_IRWXG | S_IRWXO))
      {
          fprintf(stderr,
                  libpq_gettext("WARNING: Password file %s has world or group read access; permission should be u=rw
(0600)"),
!                 pwdfile);
          return NULL;
      }

!     fp = fopen(pwdfile, "r");
      if (fp == NULL)
          return NULL;

--- 2923,2963 ----
      if (port == NULL)
          port = DEF_PGPORT_STR;

+     /* Look for it in the home dir */
+     home = getenv("HOME");
+     if (home)
+     {
+         pgpassfile = malloc(strlen(home) + strlen(PGPASSFILE) + 1);
+         if (!pgpassfile)
+         {
+             fprintf(stderr, gettext("%s: out of memory\n"), pset.progname);
+             exit(EXIT_FAILURE);
+         }
+     }
+     else
+         return NULL;
+
+     sprintf(pgpassfile, "%s" PGPASSFILE, home);
+
      /* If password file cannot be opened, ignore it. */
!     if (stat(pgpassfile, &stat_buf) == -1)
!     {
!         free(pgpassfile);
          return NULL;
+     }

      /* If password file is insecure, alert the user and ignore it. */
      if (stat_buf.st_mode & (S_IRWXG | S_IRWXO))
      {
          fprintf(stderr,
                  libpq_gettext("WARNING: Password file %s has world or group read access; permission should be u=rw
(0600)"),
!                 pgpassfile);
!         free(pgpassfile);
          return NULL;
      }

!     fp = fopen(pgpassfile, "r");
!     free(pgpassfile);
      if (fp == NULL)
          return NULL;

***************
*** 2965,2970 ****
--- 2980,2986 ----
          fclose(fp);
          return ret;
      }
+
      fclose(fp);
      return NULL;


pgsql-patches by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: [CYGWIN] 7.3 Beta 1 Build Error on Cygwin
Next
From: Tom Lane
Date:
Subject: Re: [BUGS] Bug #756: suggestion: file with password instead of