NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit080eabe

committed

Fix libpq's behavior when /etc/passwd isn't readable.

Some users run their applications in chroot environments that lack an/etc/passwd file. This means that the current UID's user name and homedirectory are not obtainable. libpq used to be all right with that,so long as the database role name to use was specified explicitly.But commita4c8f14 broke such cases bycausing any failure of pg_fe_getauthname() to be treated as a hard error.In any case it did little to advance its nominal goal of causing errorsin pg_fe_getauthname() to be reported better. So revert that and insteadput some real error-reporting code in place. This requires changes to theAPIs of pg_fe_getauthname() and pqGetpwuid(), since the latter haddeparted from the POSIX-specified API of getpwuid_r() in a way that madeit impossible to distinguish actual lookup errors from "no such user".To allow such failures to be reported, while not failing if the callersupplies a role name, add a second call of pg_fe_getauthname() inconnectOptions2(). This is a tad ugly, and could perhaps be avoided withsome refactoring of PQsetdbLogin(), but I'll leave that idea for later.(Note that the complained-of misbehavior only occurs in PQsetdbLogin,not when using the PQconnect functions, because in the latter we willnever bother to call pg_fe_getauthname() if the user gives a role name.)In passing also clean up the Windows-side usage of GetUserName(): therecommended buffer size is 257 bytes, the passed buffer length shouldbe the buffer size not buffer size less 1, and any error is reportedby GetLastError() not errno.Per report from Christoph Berg. Back-patch to 9.4 where the chrootfailure case was introduced. The generally poor reporting of errorshere is of very long standing, of course, but given the lack of fieldcomplaints about it we won't risk changing these APIs further back(even though they're theoretically internal to libpq).

1 parentde6429a commit080eabeCopy full SHA for 080eabe

File tree

7 files changed

+97

-43

lines changed

src
- common
  - username.c
- include
  - port.h
- interfaces/libpq
- port
  - path.c
  - thread.c

7 files changed

+97

-43

lines changed

`‎src/common/username.c`

Lines changed: 7 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -26,8 +26,8 @@`
`26`	`26`	`#include"common/username.h"`
`27`	`27`
`28`	`28`	`/*`
`29`		`- * Returns the current user name in a static buffer, or NULL on error and`
`30`		`- * sets errstr`
	`29`	`+ * Returns the current user name in a static buffer`
	`30`	`+ On error, returns NULL andsetserrstr to point to a palloc'd message`
`31`	`31`	`*/`
`32`	`32`	`constchar*`
`33`	`33`	`get_user_name(char**errstr)`
`@@ -50,15 +50,17 @@ get_user_name(char **errstr)`
`50`	`50`
`51`	`51`	`returnpw->pw_name;`
`52`	`52`	`#else`
`53`		`-/* UNLEN = 256, 'static' variable remains after function exit */`
	`53`	`+/* Microsoft recommends buffer size of UNLEN+1, where UNLEN = 256 */`
	`54`	`+/* "static" variable remains after function exit */`
`54`	`55`	`staticcharusername[256+1];`
`55`		`-DWORDlen=sizeof(username)-1;`
	`56`	`+DWORDlen=sizeof(username);`
`56`	`57`
`57`	`58`	`*errstr=NULL;`
`58`	`59`
`59`	`60`	`if (!GetUserName(username,&len))`
`60`	`61`	`{`
`61`		`-*errstr=psprintf(_("user name lookup failure: %s"),strerror(errno));`
	`62`	`+*errstr=psprintf(_("user name lookup failure: error code %lu"),`
	`63`	`+GetLastError());`
`62`	`64`	`returnNULL;`
`63`	`65`	`}`
`64`	`66`

`‎src/include/port.h`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -433,7 +433,7 @@ extern void srandom(unsigned int seed);`
`433`	`433`	`/* thread.h */`
`434`	`434`	`externcharpqStrerror(interrnum,charstrerrbuf,size_tbuflen);`
`435`	`435`
`436`		`-#if !defined(WIN32)\|\| defined(__CYGWIN__)`
	`436`	`+#ifndefWIN32`
`437`	`437`	`externintpqGetpwuid(uid_tuid,structpasswdresultbuf,charbuffer,`
`438`	`438`	`size_tbuflen,structpasswd**result);`
`439`	`439`	`#endif`

`‎src/interfaces/libpq/fe-auth.c`

Lines changed: 36 additions & 14 deletions

Original file line number	Diff line number	Diff line change
`@@ -714,22 +714,26 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn)`
`714`	`714`	`/*`
`715`	`715`	`* pg_fe_getauthname`
`716`	`716`	`*`
`717`		`- * Returns a pointer to dynamic space containing whatever name the user`
`718`		`- * has authenticated to the system. If there is an error, return NULL.`
	`717`	`+ * Returns a pointer to malloc'd space containing whatever name the user`
	`718`	`+ * has authenticated to the system. If there is an error, return NULL,`
	`719`	`+ * and put a suitable error message in *errorMessage if that's not NULL.`
`719`	`720`	`*/`
`720`	`721`	`char*`
`721`		`-pg_fe_getauthname(void)`
	`722`	`+pg_fe_getauthname(PQExpBuffererrorMessage)`
`722`	`723`	`{`
	`724`	`+char*result=NULL;`
`723`	`725`	`constchar*name=NULL;`
`724`		`-char*authn;`
`725`	`726`
`726`	`727`	`#ifdefWIN32`
`727`		`-charusername[128];`
`728`		`-DWORDnamesize=sizeof(username)-1;`
	`728`	`+/* Microsoft recommends buffer size of UNLEN+1, where UNLEN = 256 */`
	`729`	`+charusername[256+1];`
	`730`	`+DWORDnamesize=sizeof(username);`
`729`	`731`	`#else`
	`732`	`+uid_tuser_id=geteuid();`
`730`	`733`	`charpwdbuf[BUFSIZ];`
`731`	`734`	`structpasswdpwdstr;`
`732`	`735`	`structpasswd*pw=NULL;`
	`736`	`+intpwerr;`
`733`	`737`	`#endif`
`734`	`738`
`735`	`739`	`/*`
`@@ -741,24 +745,42 @@ pg_fe_getauthname(void)`
`741`	`745`	`*/`
`742`	`746`	`pglock_thread();`
`743`	`747`
`744`		`-/*`
`745`		`- * We document PQconndefaults() to return NULL for a memory allocation`
`746`		`- * failure. We don't have an API to return a user name lookup failure, so`
`747`		`- * we just assume it always succeeds.`
`748`		`- */`
`749`	`748`	`#ifdefWIN32`
`750`	`749`	`if (GetUserName(username,&namesize))`
`751`	`750`	`name=username;`
	`751`	`+elseif (errorMessage)`
	`752`	`+printfPQExpBuffer(errorMessage,`
	`753`	`+libpq_gettext("user name lookup failure: error code %lu\n"),`
	`754`	`+GetLastError());`
`752`	`755`	`#else`
`753`		`-if (pqGetpwuid(geteuid(),&pwdstr,pwdbuf,sizeof(pwdbuf),&pw)==0)`
	`756`	`+pwerr=pqGetpwuid(user_id,&pwdstr,pwdbuf,sizeof(pwdbuf),&pw);`
	`757`	`+if (pw!=NULL)`
`754`	`758`	`name=pw->pw_name;`
	`759`	`+elseif (errorMessage)`
	`760`	`+{`
	`761`	`+if (pwerr!=0)`
	`762`	`+printfPQExpBuffer(errorMessage,`
	`763`	`+libpq_gettext("could not look up local user ID %d: %s\n"),`
	`764`	`+ (int)user_id,`
	`765`	`+pqStrerror(pwerr,pwdbuf,sizeof(pwdbuf)));`
	`766`	`+else`
	`767`	`+printfPQExpBuffer(errorMessage,`
	`768`	`+libpq_gettext("local user with ID %d does not exist\n"),`
	`769`	`+ (int)user_id);`
	`770`	`+}`
`755`	`771`	`#endif`
`756`	`772`
`757`		`-authn=name ?strdup(name) :NULL;`
	`773`	`+if (name)`
	`774`	`+{`
	`775`	`+result=strdup(name);`
	`776`	`+if (result==NULL&&errorMessage)`
	`777`	`+printfPQExpBuffer(errorMessage,`
	`778`	`+libpq_gettext("out of memory\n"));`
	`779`	`+}`
`758`	`780`
`759`	`781`	`pgunlock_thread();`
`760`	`782`
`761`		`-returnauthn;`
	`783`	`+returnresult;`
`762`	`784`	`}`
`763`	`785`
`764`	`786`

`‎src/interfaces/libpq/fe-auth.h`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,6 @@`
`19`	`19`
`20`	`20`
`21`	`21`	`externintpg_fe_sendauth(AuthRequestareq,PGconn*conn);`
`22`		`-externchar*pg_fe_getauthname(void);`
	`22`	`+externchar*pg_fe_getauthname(PQExpBuffererrorMessage);`
`23`	`23`
`24`	`24`	`#endif/* FE_AUTH_H */`

`‎src/interfaces/libpq/fe-connect.c`

Lines changed: 37 additions & 17 deletions

Original file line number	Diff line number	Diff line change
`@@ -764,11 +764,27 @@ connectOptions1(PGconn conn, const char conninfo)`
`764`	`764`	`staticbool`
`765`	`765`	`connectOptions2(PGconn*conn)`
`766`	`766`	`{`
	`767`	`+/*`
	`768`	`+ * If user name was not given, fetch it. (Most likely, the fetch will`
	`769`	`+ * fail, since the only way we get here is if pg_fe_getauthname() failed`
	`770`	`+ * during conninfo_add_defaults(). But now we want an error message.)`
	`771`	`+ */`
	`772`	`+if (conn->pguser==NULL\|\|conn->pguser[0]=='\0')`
	`773`	`+{`
	`774`	`+if (conn->pguser)`
	`775`	`+free(conn->pguser);`
	`776`	`+conn->pguser=pg_fe_getauthname(&conn->errorMessage);`
	`777`	`+if (!conn->pguser)`
	`778`	`+{`
	`779`	`+conn->status=CONNECTION_BAD;`
	`780`	`+return false;`
	`781`	`+}`
	`782`	`+}`
	`783`	`+`
`767`	`784`	`/*`
`768`	`785`	`* If database name was not given, default it to equal user name`
`769`	`786`	`*/`
`770`		`-if ((conn->dbName==NULL\|\|conn->dbName[0]=='\0')`
`771`		`-&&conn->pguser!=NULL)`
	`787`	`+if (conn->dbName==NULL\|\|conn->dbName[0]=='\0')`
`772`	`788`	`{`
`773`	`789`	`if (conn->dbName)`
`774`	`790`	`free(conn->dbName);`
`@@ -1967,6 +1983,7 @@ PQconnectPoll(PGconn *conn)`
`1967`	`1983`	`charpwdbuf[BUFSIZ];`
`1968`	`1984`	`structpasswdpass_buf;`
`1969`	`1985`	`structpasswd*pass;`
	`1986`	`+intpasserr;`
`1970`	`1987`	`uid_tuid;`
`1971`	`1988`	`gid_tgid;`
`1972`	`1989`
`@@ -1987,13 +2004,18 @@ PQconnectPoll(PGconn *conn)`
`1987`	`2004`	`gotoerror_return;`
`1988`	`2005`	`}`
`1989`	`2006`
`1990`		`-pqGetpwuid(uid,&pass_buf,pwdbuf,sizeof(pwdbuf),&pass);`
`1991`		`-`
	`2007`	`+passerr=pqGetpwuid(uid,&pass_buf,pwdbuf,sizeof(pwdbuf),&pass);`
`1992`	`2008`	`if (pass==NULL)`
`1993`	`2009`	`{`
`1994`		`-appendPQExpBuffer(&conn->errorMessage,`
`1995`		`-libpq_gettext("local user with ID %d does not exist\n"),`
`1996`		`- (int)uid);`
	`2010`	`+if (passerr!=0)`
	`2011`	`+appendPQExpBuffer(&conn->errorMessage,`
	`2012`	`+libpq_gettext("could not look up local user ID %d: %s\n"),`
	`2013`	`+ (int)uid,`
	`2014`	`+pqStrerror(passerr,sebuf,sizeof(sebuf)));`
	`2015`	`+else`
	`2016`	`+appendPQExpBuffer(&conn->errorMessage,`
	`2017`	`+libpq_gettext("local user with ID %d does not exist\n"),`
	`2018`	`+ (int)uid);`
`1997`	`2019`	`gotoerror_return;`
`1998`	`2020`	`}`
`1999`	`2021`
`@@ -4605,18 +4627,15 @@ conninfo_add_defaults(PQconninfoOption *options, PQExpBuffer errorMessage)`
`4605`	`4627`	`}`
`4606`	`4628`
`4607`	`4629`	`/*`
`4608`		`- * Special handling for "user" option`
	`4630`	`+ * Special handling for "user" option. Note that if pg_fe_getauthname`
	`4631`	`+ * fails, we just leave the value as NULL; there's no need for this to`
	`4632`	`+ * be an error condition if the caller provides a user name. The only`
	`4633`	`+ * reason we do this now at all is so that callers of PQconndefaults`
	`4634`	`+ * will see a correct default (barring error, of course).`
`4609`	`4635`	`*/`
`4610`	`4636`	`if (strcmp(option->keyword,"user")==0)`
`4611`	`4637`	`{`
`4612`		`-option->val=pg_fe_getauthname();`
`4613`		`-if (!option->val)`
`4614`		`-{`
`4615`		`-if (errorMessage)`
`4616`		`-printfPQExpBuffer(errorMessage,`
`4617`		`-libpq_gettext("out of memory\n"));`
`4618`		`-return false;`
`4619`		`-}`
	`4638`	`+option->val=pg_fe_getauthname(NULL);`
`4620`	`4639`	`continue;`
`4621`	`4640`	`}`
`4622`	`4641`	`}`
`@@ -5843,7 +5862,8 @@ pqGetHomeDirectory(char *buf, int bufsize)`
`5843`	`5862`	`structpasswdpwdstr;`
`5844`	`5863`	`structpasswd*pwd=NULL;`
`5845`	`5864`
`5846`		`-if (pqGetpwuid(geteuid(),&pwdstr,pwdbuf,sizeof(pwdbuf),&pwd)!=0)`
	`5865`	`+(void)pqGetpwuid(geteuid(),&pwdstr,pwdbuf,sizeof(pwdbuf),&pwd);`
	`5866`	`+if (pwd==NULL)`
`5847`	`5867`	`return false;`
`5848`	`5868`	`strlcpy(buf,pwd->pw_dir,bufsize);`
`5849`	`5869`	`return true;`

`‎src/port/path.c`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -777,7 +777,8 @@ get_home_path(char *ret_path)`
`777`	`777`	`structpasswdpwdstr;`
`778`	`778`	`structpasswd*pwd=NULL;`
`779`	`779`
`780`		`-if (pqGetpwuid(geteuid(),&pwdstr,pwdbuf,sizeof(pwdbuf),&pwd)!=0)`
	`780`	`+(void)pqGetpwuid(geteuid(),&pwdstr,pwdbuf,sizeof(pwdbuf),&pwd);`
	`781`	`+if (pwd==NULL)`
`781`	`782`	`return false;`
`782`	`783`	`strlcpy(ret_path,pwd->pw_dir,MAXPGPATH);`
`783`	`784`	`return true;`

`‎src/port/thread.c`

Lines changed: 13 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -83,6 +83,12 @@ pqStrerror(int errnum, char *strerrbuf, size_t buflen)`
`83`	`83`	`/*`
`84`	`84`	`* Wrapper around getpwuid() or getpwuid_r() to mimic POSIX getpwuid_r()`
`85`	`85`	`* behaviour, if it is not available or required.`
	`86`	`+ *`
	`87`	`+ * Per POSIX, the possible cases are:`
	`88`	`+ * success: returns zero, *result is non-NULL`
	`89`	`+ * uid not found: returns zero, *result is NULL`
	`90`	`+ * error during lookup: returns an errno code, *result is NULL`
	`91`	`+ * (caller should not assume that the errno variable is set)`
`86`	`92`	`*/`
`87`	`93`	`#ifndefWIN32`
`88`	`94`	`int`
`@@ -93,22 +99,25 @@ pqGetpwuid(uid_t uid, struct passwd * resultbuf, char *buffer,`
`93`	`99`
`94`	`100`	`#ifdefGETPWUID_R_5ARG`
`95`	`101`	`/* POSIX version */`
`96`		`-getpwuid_r(uid,resultbuf,buffer,buflen,result);`
	`102`	`+returngetpwuid_r(uid,resultbuf,buffer,buflen,result);`
`97`	`103`	`#else`
`98`	`104`
`99`	`105`	`/*`
`100`	`106`	`* Early POSIX draft of getpwuid_r() returns 'struct passwd *'.`
`101`	`107`	`* getpwuid_r(uid, resultbuf, buffer, buflen)`
`102`	`108`	`*/`
	`109`	`+errno=0;`
`103`	`110`	`*result=getpwuid_r(uid,resultbuf,buffer,buflen);`
	`111`	`+/* paranoia: ensure we return zero on success */`
	`112`	`+return (*result==NULL) ?errno :0;`
`104`	`113`	`#endif`
`105`	`114`	`#else`
`106`		`-`
`107`	`115`	`/* no getpwuid_r() available, just use getpwuid() */`
	`116`	`+errno=0;`
`108`	`117`	`*result=getpwuid(uid);`
	`118`	`+/* paranoia: ensure we return zero on success */`
	`119`	`+return (*result==NULL) ?errno :0;`
`109`	`120`	`#endif`
`110`		`-`
`111`		`-return (*result==NULL) ?-1 :0;`
`112`	`121`	`}`
`113`	`122`	`#endif`
`114`	`123`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit080eabe

File tree

7 files changed

7 files changed

`‎src/common/username.c`

`‎src/include/port.h`

`‎src/interfaces/libpq/fe-auth.c`

`‎src/interfaces/libpq/fe-auth.h`

`‎src/interfaces/libpq/fe-connect.c`

`‎src/port/path.c`

`‎src/port/thread.c`

0 commit comments