On Fri, Jul 27, 2018 at 11:38 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> I noticed that there's some strange coding in libpq's choice of
> what hostname to use for searching ~/.pgpass for a password.
> Historically (pre-v10), it just used the pghost parameter:
>
> conn->pgpass = PasswordFromFile(conn->pghost, conn->pgport,
> conn->dbName, conn->pguser);
>
> no ifs, ands, or buts, except for the fact that PasswordFromFile
> replaces its hostname parameter with "localhost" if it's null or
> matches the default socket directory. This is per the documentation
> (see sections 34.1.2 and 34.15).
>
> Since v10 we've got this:
>
> char *pwhost = conn->connhost[i].host;
>
> if (conn->connhost[i].type == CHT_HOST_ADDRESS &&
> conn->connhost[i].host != NULL &&
> conn->connhost[i].host[0] != '\0')
> pwhost = conn->connhost[i].hostaddr;
>
> conn->connhost[i].password =
> passwordFromFile(pwhost,
> conn->connhost[i].port,
> conn->dbName,
> conn->pguser,
> conn->pgpassfile);
>
> Now that's just bizarre on its face: take hostaddr if it's specified,
> but only if host is also specified? And it certainly doesn't match
> the documentation.
Yeah, that's bad code. The intent was that if you set host=a,b you
probably want to use either 'a' or 'b' as the thing to look up in
.pgpass, not 'a,b', but the implementation leaves something to be
desired.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
