From 4ec457ad581fff37dda7739ac61d6912c6538e48 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Thu, 30 Jan 2003 19:49:54 +0000 Subject: [PATCH] Fix regression in .pgpass support. From Neil Conway. --- doc/src/sgml/libpq.sgml | 47 +++++++++++++++++++++-------- src/interfaces/libpq/fe-connect.c | 49 ++++++++++++++++++------------- 2 files changed, 64 insertions(+), 32 deletions(-) diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index 562604f182..55ad984318 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -1,5 +1,5 @@ @@ -203,9 +203,12 @@ PGconn *PQconnectdb(const char *conninfo) requiressl - Set to 1 to require SSL connection to the backend. Libpq - will then refuse to connect if the server does not support - SSL. Set to 0 (default) to negotiate with server. + Set to 1 to require SSL connection to the server. + Libpq will then refuse to connect if the server does not + accept an SSL connection. + Set to 0 (default) to negotiate with server. + This option is only available if + PostgreSQL is compiled with SSL support. @@ -2010,10 +2013,11 @@ routines like PQgetvalue. The following environment variables can be used to select default -connection parameter values, which will be used by PQconnectdb or -PQsetdbLogin if no value is directly specified by the calling code. -These are useful to avoid hard-coding database names into simple -application programs. +connection parameter values, which will be used by +PQconnectdb, PQsetdbLogin and +PQsetdb if no value is directly specified by the calling +code. These are useful to avoid hard-coding database connection +information into simple client applications. @@ -2091,6 +2095,25 @@ the PostgreSQL backend. messages from the backend server are displayed. + + +PGREQUIRESSL sets whether or not the connection must be +made over SSL. If set to +1, libpq +will refuse to connect if the server does not accept +an SSL connection. +This option is only available if +PostgreSQL is compiled with SSL support. + + + + +PGCONNECT_TIMEOUT sets the maximum number of seconds +that libpq will wait when attempting to +connect to the PostgreSQL server. This +option should be set to at least 2 seconds. + + @@ -2161,10 +2184,10 @@ a password. This file should have the format: hostname:port:database:username:password -Any of these may be a literal name, or *, which matches -anything. The first match will be used so put more specific entries first. -Entries with : or \ should be escaped -with \. +Any of these may be a literal name, or *, which +matches anything. The first matching entry will be used, so put more-specific +entries first. When an entry contains : or +\, it must be escaped with \. The permissions on .pgpass must disallow any diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index 57108df1ff..a3368a83b5 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.221 2003/01/08 21:33:27 momjian Exp $ + * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.222 2003/01/30 19:49:54 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -123,7 +123,7 @@ static const PQconninfoOption PQconninfoOptions[] = { "Database-Password", "*", 20}, {"connect_timeout", "PGCONNECT_TIMEOUT", NULL, NULL, - "Connect-timeout", "", 10}, /* strlen( INT32_MAX) == 10 */ + "Connect-timeout", "", 10}, /* strlen(INT32_MAX) == 10 */ {"dbname", "PGDATABASE", NULL, NULL, "Database-Name", "", 20}, @@ -315,8 +315,14 @@ PQconnectStart(const char *conninfo) tmp = conninfo_getval(connOptions, "password"); conn->pgpass = tmp ? strdup(tmp) : NULL; if (conn->pgpass == NULL || conn->pgpass[0] == '\0') + { + if (conn->pgpass) + free(conn->pgpass); conn->pgpass = PasswordFromFile(conn->pghost, conn->pgport, - conn->dbName, conn->pguser); + conn->dbName, conn->pguser); + if (conn->pgpass == NULL) + conn->pgpass = strdup(DefaultPassword); + } tmp = conninfo_getval(connOptions, "connect_timeout"); conn->connect_timeout = tmp ? strdup(tmp) : NULL; #ifdef USE_SSL @@ -506,14 +512,13 @@ PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions, else conn->dbName = strdup(dbName); - /* - * getPasswordFromFile mallocs its result, so we don't need strdup - * here - */ if (pwd) conn->pgpass = strdup(pwd); else if ((tmp = getenv("PGPASSWORD")) != NULL) conn->pgpass = strdup(tmp); + else if ((tmp = PasswordFromFile(conn->pghost, conn->pgport, + conn->dbName, conn->pguser)) != NULL) + conn->pgpass = tmp; else conn->pgpass = strdup(DefaultPassword); @@ -2946,7 +2951,7 @@ pwdfMatchesString(char *buf, char *token) return NULL; } -/* get a password from the password file. */ +/* Get a password from the password file. Return value is malloc'd. */ char * PasswordFromFile(char *hostname, char *port, char *dbname, char *username) { @@ -2972,18 +2977,16 @@ PasswordFromFile(char *hostname, char *port, char *dbname, char *username) /* Look for it in the home dir */ home = getenv("HOME"); - if (home) - { - pgpassfile = malloc(strlen(home) + 1 + strlen(PGPASSFILE) + 1); - if (!pgpassfile) - { - fprintf(stderr, libpq_gettext("out of memory\n")); - return NULL; - } - } - else + if (!home) return NULL; + pgpassfile = malloc(strlen(home) + 1 + strlen(PGPASSFILE) + 1); + if (!pgpassfile) + { + fprintf(stderr, libpq_gettext("out of memory\n")); + return NULL; + } + sprintf(pgpassfile, "%s/%s", home, PGPASSFILE); /* If password file cannot be opened, ignore it. */ @@ -3014,12 +3017,18 @@ PasswordFromFile(char *hostname, char *port, char *dbname, char *username) { char *t = buf, *ret; + int len; fgets(buf, LINELEN - 1, fp); - if (strlen(buf) == 0) + + len = strlen(buf); + if (len == 0) continue; - buf[strlen(buf) - 1] = 0; + /* Remove trailing newline */ + if (buf[len - 1] == '\n') + buf[len - 1] = 0; + if ((t = pwdfMatchesString(t, hostname)) == NULL || (t = pwdfMatchesString(t, port)) == NULL || (t = pwdfMatchesString(t, dbname)) == NULL ||