NotificationsYou must be signed in to change notification settings
Fork5.2k
Star19k

Commitf35252d

committed

Fix pg_passwd's failure to cope with usernames > 8 chars.

1 parenta24b04d commitf35252dCopy full SHA for f35252d

File tree

2 files changed

+52

-50

lines changed

doc/src/sgml/ref
- pg_passwd.sgml
src/bin/pg_passwd
- pg_passwd.c

2 files changed

+52

-50

lines changed

`‎doc/src/sgml/ref/pg_passwd.sgml‎`

Lines changed: 10 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`<!--`
`2`		`-$Header: /cvsroot/pgsql/doc/src/sgml/ref/Attic/pg_passwd.sgml,v 1.5 2000/12/25 23:15:26 petere Exp $`
	`2`	`+$Header: /cvsroot/pgsql/doc/src/sgml/ref/Attic/pg_passwd.sgml,v 1.6 2001/02/20 01:16:49 tgl Exp $`
`3`	`3`	`Postgres documentation`
`4`	`4`	`-->`
`5`	`5`
`@@ -31,7 +31,7 @@ Postgres documentation`
`31`	`31`	`<para>`
`32`	`32`	`<application>pg_passwd</application> is a tool to manipulate a flat`
`33`	`33`	`text password file for the purpose of using that file to control`
`34`		`-theclient authentication of the`
	`34`	`+ client authentication of the`
`35`	`35`	`<productname>PostgreSQL</productname> server. More information`
`36`	`36`	`about setting up this authentication mechanism can be found in the`
`37`	`37`	`<citetitle>Administrator's Guide</citetitle>.`
`@@ -51,7 +51,7 @@ Postgres documentation`
`51`	`51`	`<para>`
`52`	`52`	`Supply the name of the password file as argument to the <application>pg_passwd</application>`
`53`	`53`	`command. To be of use for client authentication the file needs to`
`54`		`- belocation in the server's data directory, and the base name of`
	`54`	`+ belocated in the server's data directory, and the base name of`
`55`	`55`	`the file needs to be specified in the`
`56`	`56`	`<filename>pg_hba.conf</filename> access control file.`
`57`	`57`
`@@ -65,7 +65,9 @@ Postgres documentation`
`65`	`65`
`66`	`66`	`where the <literal>Password:</literal> and <literal>Re-enter`
`67`	`67`	`password:</literal> prompts require the same password input which`
`68`		`- is not displayed on the terminal.`
	`68`	`+ is not displayed on the terminal. Note that the password is limited`
	`69`	`+ to eight useful characters by restrictions of the standard crypt(3)`
	`70`	`+ library routine.`
`69`	`71`	`</para>`
`70`	`72`
`71`	`73`	`<para>`
`@@ -78,12 +80,12 @@ Postgres documentation`
`78`	`80`	`<filename>pg_hba.conf</filename>:`
`79`	`81`
`80`	`82`	`<programlisting>`
`81`		`-hostunv 133.65.96.250 255.255.255.255 password passwords`
	`83`	`+hostmydb 133.65.96.250 255.255.255.255 password passwords`
`82`	`84`	`</programlisting>`
`83`	`85`
`84`		`- which would allow access from host 133.65.96.250 using the`
`85`		`- passwords listed in the <filename>passwords</filename> file (and`
`86`		`- only to the users listed inthe file).`
	`86`	`+ which would allow accessto database mydbfrom host 133.65.96.250 using`
	`87`	`+thepasswords listed in the <filename>passwords</filename> file (and`
	`88`	`+ only to the users listed inthat file).`
`87`	`89`	`</para>`
`88`	`90`
`89`	`91`	`<note>`

`‎src/bin/pg_passwd/pg_passwd.c‎`

Lines changed: 42 additions & 42 deletions

Original file line number	Diff line number	Diff line change
`@@ -19,14 +19,23 @@ extern char crypt(const char , const char *);`
`19`	`19`
`20`	`20`	`#endif`
`21`	`21`
`22`		`-#definePG_PASSWD_LEN 13/* not including null */`
	`22`	`+/*`
	`23`	`+ * We assume that the output of crypt(3) is always 13 characters,`
	`24`	`+ * and that at most 8 characters can usefully be sent to it.`
	`25`	`+ *`
	`26`	`+ * Postgres usernames are assumed to be less than NAMEDATALEN chars long.`
	`27`	`+ */`
	`28`	`+#defineCLEAR_PASSWD_LEN 8/* not including null */`
	`29`	`+#defineCRYPTED_PASSWD_LEN 13/* not including null */`
`23`	`30`
`24`	`31`	`constchar*progname;`
`25`	`32`
`26`	`33`	`staticvoidusage(void);`
`27`	`34`	`staticvoidread_pwd_file(char*filename);`
`28`	`35`	`staticvoidwrite_pwd_file(charfilename,charbkname);`
`29`		`-staticvoidencrypt_pwd(charkey[9],charsalt[3],charpasswd[PG_PASSWD_LEN+1]);`
	`36`	`+staticvoidencrypt_pwd(charkey[CLEAR_PASSWD_LEN+1],`
	`37`	`+charsalt[3],`
	`38`	`+charpasswd[CRYPTED_PASSWD_LEN+1]);`
`30`	`39`	`staticvoidprompt_for_username(char*username);`
`31`	`40`	`staticvoidprompt_for_password(charprompt,charpassword);`
`32`	`41`
`@@ -94,7 +103,9 @@ read_pwd_file(char *filename)`
`94`	`103`	`}`
`95`	`104`
`96`	`105`	`/* read all the entries */`
`97`		`-for (npwds=0;npwds<MAXPWDS&&fgets(line,512,fp)!=NULL;++npwds)`
	`106`	`+for (npwds=0;`
	`107`	`+npwds<MAXPWDS&&fgets(line,sizeof(line),fp)!=NULL;`
	`108`	`+++npwds)`
`98`	`109`	`{`
`99`	`110`	`intl;`
`100`	`111`	`char*p,`
`@@ -123,13 +134,13 @@ read_pwd_file(char *filename)`
`123`	`134`	`}`
`124`	`135`	`pwds[npwds].uname=strdup(p);`
`125`	`136`
`126`		`-/* check duplicate */`
	`137`	`+/* checkforduplicate user name */`
`127`	`138`	`for (i=0;i<npwds;++i)`
`128`	`139`	`{`
`129`	`140`	`if (strcmp(pwds[i].uname,pwds[npwds].uname)==0)`
`130`	`141`	`{`
`131`		`-fprintf(stderr,"Duplicated entry: %s\n",`
`132`		`-pwds[npwds].uname);`
	`142`	`+fprintf(stderr,"Duplicate username %s in entry %d\n",`
	`143`	`+pwds[npwds].uname,npwds+1);`
`133`	`144`	`exit(1);`
`134`	`145`	`}`
`135`	`146`	`}`
`@@ -143,7 +154,7 @@ read_pwd_file(char *filename)`
`143`	`154`	`if (q!=NULL)`
`144`	`155`	`*(q++)='\0';`
`145`	`156`
`146`		`-if (strlen(p)!=PG_PASSWD_LEN&&strcmp(p,"+")!=0)`
	`157`	`+if (strlen(p)!=CRYPTED_PASSWD_LEN&&strcmp(p,"+")!=0)`
`147`	`158`	`{`
`148`	`159`	`fprintf(stderr,"%s:%d: warning: invalid password length\n",`
`149`	`160`	`filename,npwds+1);`
`@@ -209,11 +220,13 @@ write_pwd_file(char filename, char bkname)`
`209`	`220`	`}`
`210`	`221`
`211`	`222`	`staticvoid`
`212`		`-encrypt_pwd(charkey[9],charsalt[3],charpasswd[PG_PASSWD_LEN+1])`
	`223`	`+encrypt_pwd(charkey[CLEAR_PASSWD_LEN+1],`
	`224`	`+charsalt[3],`
	`225`	`+charpasswd[CRYPTED_PASSWD_LEN+1])`
`213`	`226`	`{`
`214`	`227`	`intn;`
`215`	`228`
`216`		`-/get encrypted password /`
	`229`	`+/select a salt, if not already given /`
`217`	`230`	`if (salt[0]=='\0')`
`218`	`231`	`{`
`219`	`232`	`srand(time(NULL));`
`@@ -229,32 +242,16 @@ encrypt_pwd(char key[9], char salt[3], char passwd[PG_PASSWD_LEN + 1])`
`229`	`242`	`salt[1]=n;`
`230`	`243`	`salt[2]='\0';`
`231`	`244`	`}`
	`245`	`+`
	`246`	`+/* get encrypted password */`
`232`	`247`	`strcpy(passwd,crypt(key,salt));`
`233`	`248`
	`249`	`+#ifdefPG_PASSWD_DEBUG`
`234`	`250`	`/* show it */`
`235`		`-`
`236`		`-/*`
`237`		`- * fprintf(stderr, "key = %s, salt = %s, password = %s\n", key, salt,`
`238`		`- * passwd);`
`239`		`- */`
`240`		`-}`
`241`		`-`
`242`		`-#ifdefNOT_USED`
`243`		`-staticint`
`244`		`-check_pwd(charkey[9],charpasswd[PG_PASSWD_LEN+1])`
`245`		`-{`
`246`		`-charshouldbe[PG_PASSWD_LEN+1];`
`247`		`-charsalt[3];`
`248`		`-`
`249`		`-salt[0]=passwd[0];`
`250`		`-salt[1]=passwd[1];`
`251`		`-salt[2]='\0';`
`252`		`-encrypt_pwd(key,salt,shouldbe);`
`253`		`-`
`254`		`-returnstrncmp(shouldbe,passwd,PG_PASSWD_LEN)==0 ?1 :0;`
`255`		`-}`
`256`		`-`
	`251`	`+fprintf(stderr,"key = %s, salt = %s, password = %s\n",`
	`252`	`+key,salt,passwd);`
`257`	`253`	`#endif`
	`254`	`+}`
`258`	`255`
`259`	`256`	`staticvoid`
`260`	`257`	`prompt_for_username(char*username)`
`@@ -263,7 +260,7 @@ prompt_for_username(char *username)`
`263`	`260`
`264`	`261`	`printf("Username: ");`
`265`	`262`	`fflush(stdout);`
`266`		`-if (fgets(username,9,stdin)==NULL)`
	`263`	`+if (fgets(username,NAMEDATALEN,stdin)==NULL)`
`267`	`264`	`username[0]='\0';`
`268`	`265`
`269`	`266`	`length=strlen(username);`
`@@ -295,16 +292,19 @@ prompt_for_password(char prompt, char password)`
`295`	`292`
`296`	`293`	`#endif`
`297`	`294`
`298`		`-printf(prompt);`
`299`		`-fflush(stdout);`
`300`	`295`	`#ifdefHAVE_TERMIOS_H`
`301`	`296`	`tcgetattr(0,&t);`
`302`	`297`	`t_orig=t;`
`303`	`298`	`t.c_lflag &= ~ECHO;`
`304`	`299`	`tcsetattr(0,TCSADRAIN,&t);`
`305`	`300`	`#endif`
`306`		`-if (fgets(password,9,stdin)==NULL)`
	`301`	`+`
	`302`	`+printf(prompt);`
	`303`	`+fflush(stdout);`
	`304`	`+`
	`305`	`+if (fgets(password,CLEAR_PASSWD_LEN+1,stdin)==NULL)`
`307`	`306`	`password[0]='\0';`
	`307`	`+`
`308`	`308`	`#ifdefHAVE_TERMIOS_H`
`309`	`309`	`tcsetattr(0,TCSADRAIN,&t_orig);`
`310`	`310`	`#endif`
`@@ -332,13 +332,13 @@ prompt_for_password(char prompt, char password)`
`332`	`332`	`int`
`333`	`333`	`main(intargc,char*argv[])`
`334`	`334`	`{`
`335`		`-staticcharbkname[MAXPGPATH];`
`336`	`335`	`char*filename;`
`337`		`-charusername[9];`
	`336`	`+charbkname[MAXPGPATH];`
	`337`	`+charusername[NAMEDATALEN];`
`338`	`338`	`charsalt[3];`
`339`		`-charkey[9],`
`340`		`-key2[9];`
`341`		`-chare_passwd[PG_PASSWD_LEN+1];`
	`339`	`+charkey[CLEAR_PASSWD_LEN+1],`
	`340`	`+key2[CLEAR_PASSWD_LEN+1];`
	`341`	`+chare_passwd[CRYPTED_PASSWD_LEN+1];`
`342`	`342`	`inti;`
`343`	`343`
`344`	`344`	`progname=argv[0];`
`@@ -376,7 +376,7 @@ main(int argc, char *argv[])`
`376`	`376`	`prompt_for_username(username);`
`377`	`377`	`prompt_for_password("New password: ",key);`
`378`	`378`	`prompt_for_password("Re-enter new password: ",key2);`
`379`		`-if (strncmp(key,key2,8)!=0)`
	`379`	`+if (strcmp(key,key2)!=0)`
`380`	`380`	`{`
`381`	`381`	`fprintf(stderr,"Password mismatch\n");`
`382`	`382`	`exit(1);`
`@@ -397,7 +397,7 @@ main(int argc, char *argv[])`
`397`	`397`	`{/* did not exist */`
`398`	`398`	`if (npwds==MAXPWDS)`
`399`	`399`	`{`
`400`		`-fprintf(stderr,"Cannot handle somay entries\n");`
	`400`	`+fprintf(stderr,"Cannot handle somany entries\n");`
`401`	`401`	`exit(1);`
`402`	`402`	`}`
`403`	`403`	`pwds[npwds].uname=strdup(username);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitf35252d

File tree

2 files changed

2 files changed

`‎doc/src/sgml/ref/pg_passwd.sgml‎`

`‎src/bin/pg_passwd/pg_passwd.c‎`

0 commit comments