Postgres Pro
Downloads
Home   >   mailing lists

[HACKERS] .pgpass's behavior has changed - Mailing list pgsql-hackers

From Kyotaro HORIGUCHI
Subject [HACKERS] .pgpass's behavior has changed
Date
Msg-id 20170428.165432.60857995.horiguchi.kyotaro@lab.ntt.co.jp
Whole thread Raw
Responses Re: [HACKERS] .pgpass's behavior has changed
Re: [HACKERS] .pgpass's behavior has changed
Re: [HACKERS] .pgpass's behavior has changed
List pgsql-hackers
Tree view 
Hello.

I noticed that the precedence between host and hostaddr in a
connection string is reversed in regard to .pgpass lookup in
devel.

For example the following connection string uses a .pgpass entry
with "127.0.0.1", not "hoge".

"host=hoge hostaddr=127.0.0.1 port=5432 dbname=postgres"


This change was introdueced by the commit
274bb2b3857cc987cfa21d14775cae9b0dababa5 and the current behavior
contradicts the documentation.

https://www.postgresql.org/docs/devel/static/libpq-connect.html

> hostaddr
> ...
>   Note that authentication is likely to fail if host is not the
>   name of the server at network address hostaddr. Also, note that
>   host rather than hostaddr is used to identify the connection in
>   a password file (see Section 33.15, “The Password File”).

I think this should be fixed for the same reason with the
following commit.

> commit 11003eb55658df0caf183eef69c7a97d56a4f2d7
> Author: Robert Haas <rhaas@postgresql.org>
> Date:   Thu Dec 1 14:36:39 2016 -0500
> 
>     libpq: Fix inadvertent change in PQhost() behavior.

But the above also leaves a bug so I sent another patch to fix
it. The attched patch restores the 9.6's beavior of looking up
.pgpass file in the same manner to the aother patch.

regards,

-- 
Kyotaro Horiguchi
NTT Open Source Software Center
*** a/src/interfaces/libpq/fe-connect.c
--- b/src/interfaces/libpq/fe-connect.c
***************
*** 978,986 **** connectOptions2(PGconn *conn)          for (i = 0; i < conn->nconnhost; i++)         {
!             /* Try to get a password for this host from pgpassfile */             conn->connhost[i].password =
!                 passwordFromFile(conn->connhost[i].host,                                  conn->connhost[i].port,
                            conn->dbName,                                  conn->pguser,
 
--- 978,995 ----          for (i = 0; i < conn->nconnhost; i++)         {
!             /*
!              * Try to get a password for this host from pgpassfile. We use host
!              * name rather than host address in the same manner to PQhost().
!              */
!             char *pwhost = conn->connhost[i].host;
! 
!             if (conn->connhost[i].type == CHT_HOST_ADDRESS &&
!                 conn->pghost != NULL && conn->pghost[0] != '\0')
!                 pwhost = conn->pghost;
!              conn->connhost[i].password =
!                 passwordFromFile(pwhost,                                  conn->connhost[i].port,
            conn->dbName,                                  conn->pguser,

pgsql-hackers by date:

Previous
From: Kyotaro HORIGUCHI
Date:
Subject: [HACKERS] PQhost may return socket dir for network connection
Next
From: Michael Paquier
Date:
Subject: Re: [HACKERS] .pgpass's behavior has changed