Re: Patch : PGPASSFILE fix - Mailing list pgadmin-hackers

From Prasad
Subject Re: Patch : PGPASSFILE fix
Date
Msg-id trinity-6cae578f-b708-4a1e-bde3-40dd9484ce35-1425509420442@3capp-mailcom-lxa15
Whole thread Raw
In response to Re: Patch : PGPASSFILE fix  (Ashesh Vashi <ashesh.vashi@enterprisedb.com>)
Responses Re: Patch : PGPASSFILE fix
List pgadmin-hackers
Hi,

As mentioned in my earlier communication code calling this function is checking for file existence. So if we decide to
addcode for creation of full path, then similar code has to be removed from location of call to this function.
Otherwise,it will end up with multiple error messages. It's wxWidget's wxFile that throws error. 

So, I've created two patches, and we can go with one of them.
1. Let GetConfigFile function just read value from PGPASSFILE and return as it is as like, similar to way it creates
defaultpath(It doesn't create file in case of default path as well). And calling functions are taking care of path
validationand error messages. 
2. Let GetConfigFile function read value from PGPASSFILE and create file path ,it will show error message in case it
can't.In this case calling code only should check existence of file before going ahead, and not try to create or read
file,otherwise , user will end up with multiple message boxes with same error. 

regards,
Prasad


 
 

Sent: Wednesday, March 04, 2015 at 11:35 AM
From: "Ashesh Vashi" <ashesh.vashi@enterprisedb.com>, func
To: "Dave Page" <dpage@pgadmin.org>
Cc: Prasad <prasad.s@mail.com>, pgadmin-hackers <pgadmin-hackers@postgresql.org>
Subject: Re: [pgadmin-hackers] Patch : PGPASSFILE fix

On Wed, Mar 4, 2015 at 4:40 PM, Dave Page <dpage@pgadmin.org> wrote:

 
 
On Wed, Mar 4, 2015 at 11:06 AM, Ashesh Vashi <ashesh.vashi@enterprisedb.com[ashesh.vashi@enterprisedb.com]> wrote:
On Wed, Mar 4, 2015 at 4:09 PM, Dave Page <dpage@pgadmin.org[dpage@pgadmin.org]> wrote:

I think we should try to create the full path if necessary, and simply
throw an error if we can't.
 And, I think - we should switch back to default pgpass configuration file.
 
No, because that's a security risk (writing the password to a file that wasn't what the user intended).
Agree.

--
Thanks & Regards,

Ashesh Vashi
EnterpriseDB INDIA: Enterprise PostgreSQL Company[http://www.enterprisedb.com]
 
http://www.linkedin.com/in/asheshvashi[http://www.linkedin.com/in/asheshvashi]

 

 
--
Thanks & Regards,

Ashesh Vashi
EnterpriseDB INDIA: Enterprise PostgreSQL Company[http://www.enterprisedb.com]
 
http://www.linkedin.com/in/asheshvashi[http://www.linkedin.com/in/asheshvashi]

On Wed, Mar 4, 2015 at 10:01 AM, Prasad <prasad.s@mail.com[prasad.s@mail.com]> wrote:
> Alright , I'll revert to PGPASS check.
> Existing function only creates folder containing file. With this case, whats expected ? Reading value in PGPASSFILE
andtry to create folder containing pgpass file (Assuming it's valid path)? Remember, it's environment variable. User
canspecify anything in there. Some garbage value as well. If we don't do any validation there, user will automatically
seeerror with complain about file ? 
>
> thanks and regards,
> Prasad
>
>
> Sent: Wednesday, March 04, 2015 at 7:48 AM
> From: "Ashesh Vashi" <ashesh.vashi@enterprisedb.com[ashesh.vashi@enterprisedb.com]>
> To: Prasad <prasad.s@mail.com[prasad.s@mail.com]>
> Cc: pgadmin-hackers <pgadmin-hackers@postgresql.org[pgadmin-hackers@postgresql.org]>
> Subject: Re: [pgadmin-hackers] Patch : PGPASSFILE fix
>
> On Wed, Mar 4, 2015 at 8:44 AM, Prasad <prasad.s@mail.com[prasad.s@mail.com]> wrote:
>
> Ashesh,
>
> Thanks for reviewing patch,
> Code I have removed in I think, was switch statement inside if condition, which doesn't make sense.
> ie.
> if (var == 2)
> {
>      switch (var)
>           case 2:
>              .....
>              break;
> }
>
> that's why I removed it, because it's redundant.
> Agree about redundancy, but you've also removed the code for checking the PGPASS check at the start of the function.
> i.e.
> @@ -762,35 +762,33 @@ void sysSettings::SetCanonicalLanguage(const wxLanguage &lang)
>  //////////////////////////////////////////////////////////////////////////
>  wxString sysSettings::GetConfigFile(configFileName cfgname)
>  {
> -   if (cfgname == PGPASS)
> -   {
>
> I am not agree with that.
>  About creation of directory, I'm not sure if this validation is required. Existing code creates directory postgresql
(onlyon windows) according to
http://www.postgresql.org/docs/9.3/static/libpq-pgpass.html[http://www.postgresql.org/docs/9.3/static/libpq-pgpass.html][http://www.postgresql.org/docs/9.3/static/libpq-pgpass.html%5Bhttp://www.postgresql.org/docs/9.3/static/libpq-pgpass.html%5D]
,and it doesn't create file. I'm not sure whether this kind of validation is expected in this function. 
> I think - it is.
> Because - it could be used to save the updated password in the PGPASS file.
>
> -- Ashesh
> regards,
> Prasad
>
> Sent: Wednesday, March 04, 2015 at 7:15 AM
> From: "Ashesh Vashi"
<ashesh.vashi@enterprisedb.com[ashesh.vashi@enterprisedb.com][ashesh.vashi@enterprisedb.com[ashesh.vashi@enterprisedb.com]]>
> To: Prasad <prasad.s@mail.com[prasad.s@mail.com][prasad.s@mail.com[prasad.s@mail.com]]>
> Cc: pgadmin-hackers
<pgadmin-hackers@postgresql.org[pgadmin-hackers@postgresql.org][pgadmin-hackers@postgresql.org[pgadmin-hackers@postgresql.org]]>
> Subject: Re: [pgadmin-hackers] Patch : PGPASSFILE fix
>
> Hi Prasad,
>  I see couple of issues with your patch.* Please generate the patch using 'git diff'.
>   I could not apply your patch straight forwardly.
>   I had to use the patch utility.
>  * Please follow the coding style of pgAdmin.
>   You can find it at
https://wiki.postgresql.org/wiki/PgAdmin_Internals#Coding_Style.*[https://wiki.postgresql.org/wiki/PgAdmin_Internals#Coding_Style.*][https://wiki.postgresql.org/wiki/PgAdmin_Internals#Coding_Style.*[https://wiki.postgresql.org/wiki/PgAdmin_Internals%23Coding_Style.*]]
Donot remove any of the existing code. 
>   It has been kept there keeping in mind about future development extending support of the existing functionality.
>   You've removed couple of lines in the sysSettings::GetConfigFile(...) function, which is not good.
>
> In your code:* Checked only for PGPASSFILE environment variable.
> * Need to check the existence of the file.
> * Take required actions (if that file/parent directory does not exists).
>     i.e. Create parent directory
>
>
>
> --
> Thanks & Regards,
>
> Ashesh Vashi
> EnterpriseDB INDIA: Enterprise PostgreSQL
Company[http://www.enterprisedb.com[http://www.enterprisedb.com][http://www.enterprisedb.com[http://www.enterprisedb.com]]]
>
>
http://www.linkedin.com/in/asheshvashi[http://www.linkedin.com/in/asheshvashi][http://www.linkedin.com/in/asheshvashi[http://www.linkedin.com/in/asheshvashi]][http://www.linkedin.com/in/asheshvashi%5Bhttp://www.linkedin.com/in/asheshvashi%5D%5Bhttp://www.linkedin.com/in/asheshvashi%5Bhttp://www.linkedin.com/in/asheshvashi%5D%5D]
>
> On Sun, Mar 1, 2015 at 11:08 PM, Prasad
<prasad.s@mail.com[prasad.s@mail.com][prasad.s@mail.com[prasad.s@mail.com]][prasad.s@mail.com[prasad.s@mail.com][prasad.s@mail.com[prasad.s@mail.com]]]>
wrote:
> Hi,
>
> Find attached fix for reading PGPASSFILE environment variable for pg password file.
>
> regards,
> Prasad
>
> --
> Sent via pgadmin-hackers mailing list
(pgadmin-hackers@postgresql.org[pgadmin-hackers@postgresql.org][pgadmin-hackers@postgresql.org[pgadmin-hackers@postgresql.org]][pgadmin-hackers@postgresql.org[pgadmin-hackers@postgresql.org][pgadmin-hackers@postgresql.org[pgadmin-hackers@postgresql.org]]])
> To make changes to your subscription:
>
http://www.postgresql.org/mailpref/pgadmin-hackers[http://www.postgresql.org/mailpref/pgadmin-hackers][http://www.postgresql.org/mailpref/pgadmin-hackers[http://www.postgresql.org/mailpref/pgadmin-hackers]][http://www.postgresql.org/mailpref/pgadmin-hackers%5Bhttp://www.postgresql.org/mailpref/pgadmin-hackers%5D%5Bhttp://www.postgresql.org/mailpref/pgadmin-hackers%5Bhttp://www.postgresql.org/mailpref/pgadmin-hackers%5D%5D]
>
>
>
> --> Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org[pgadmin-hackers@postgresql.org])
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgadmin-hackers[http://www.postgresql.org/mailpref/pgadmin-hackers]


 

--
Dave Page
Blog: http://pgsnake.blogspot.com[http://pgsnake.blogspot.com]
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com[http://www.enterprisedb.com]
The Enterprise PostgreSQL Company

 
 --
Dave Page
Blog: http://pgsnake.blogspot.com[http://pgsnake.blogspot.com]
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com[http://www.enterprisedb.com]
The Enterprise PostgreSQL Company

Attachment

pgadmin-hackers by date:

Previous
From: Ashesh Vashi
Date:
Subject: Re: Patch : PGPASSFILE fix
Next
From: Sandeep Thakkar
Date:
Subject: Re: Patch for builddocs.bat