66 * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
77 * Portions Copyright (c) 1994, Regents of the University of California
88 *
9- * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.86 2001/10/28 06:25:42 momjian Exp $
9+ * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.87 2001/11/01 18:09:58 tgl Exp $
1010 *
1111 *-------------------------------------------------------------------------
1212 */
@@ -44,6 +44,10 @@ extern bool Password_encryption;
4444 *
4545 * This function set is both a trigger function for direct updates to pg_shadow
4646 * as well as being called directly from create/alter/drop user.
47+ *
48+ * We raise an error to force transaction rollback if we detect an illegal
49+ * username or password --- illegal being defined as values that would
50+ * mess up the pg_pwd parser.
4751 *---------------------------------------------------------------------
4852 */
4953static void
@@ -85,26 +89,51 @@ write_password_file(Relation rel)
8589bool null_n ,
8690null_p ,
8791null_v ;
92+ char * str_n ,
93+ * str_p ,
94+ * str_v ;
95+ int i ;
8896
8997datum_n = heap_getattr (tuple ,Anum_pg_shadow_usename ,dsc ,& null_n );
9098if (null_n )
91- continue ;/*don't allow empty users */
92- datum_p = heap_getattr ( tuple , Anum_pg_shadow_passwd , dsc , & null_p );
99+ continue ;/*ignore NULL usernames */
100+ str_n = DatumGetCString ( DirectFunctionCall1 ( nameout , datum_n ) );
93101
102+ datum_p = heap_getattr (tuple ,Anum_pg_shadow_passwd ,dsc ,& null_p );
94103/*
95- * It could be argued that people having a null password shouldn't
96- * be allowed to connect, because they need to have a password set
97- * up first. If you think assuming an empty password in that case
98- * is better, erase the following line.
104+ * It can be argued that people having a null password shouldn't
105+ * be allowed to connect under password authentication, because
106+ * they need to have a password set up first. If you think assuming an
107+ * empty password in that case is better, change this logic to look
108+ * something like the code for valuntil.
99109 */
100110if (null_p )
111+ {
112+ pfree (str_n );
101113continue ;
114+ }
115+ str_p = DatumGetCString (DirectFunctionCall1 (textout ,datum_p ));
116+
102117datum_v = heap_getattr (tuple ,Anum_pg_shadow_valuntil ,dsc ,& null_v );
118+ if (null_v )
119+ str_v = pstrdup ("\\N" );
120+ else
121+ str_v = DatumGetCString (DirectFunctionCall1 (nabstimeout ,datum_v ));
122+
123+ /*
124+ * Check for illegal characters in the username and password.
125+ */
126+ i = strcspn (str_n ,CRYPT_PWD_FILE_SEPSTR "\n" );
127+ if (str_n [i ]!= '\0' )
128+ elog (ERROR ,"Invalid user name '%s'" ,str_n );
129+ i = strcspn (str_p ,CRYPT_PWD_FILE_SEPSTR "\n" );
130+ if (str_p [i ]!= '\0' )
131+ elog (ERROR ,"Invalid user password '%s'" ,str_p );
103132
104133/*
105- *These fake entries are not really necessary. To remove them,
106- * the parser in backend/libpq/crypt.c would need to be adjusted.
107- * Initdb might also need adjustments.
134+ *The extra columns we emit here are not really necessary. To remove
135+ *them, the parser in backend/libpq/crypt.c would need to be
136+ *adjusted. Initdb might also need adjustments.
108137 */
109138fprintf (fp ,
110139"%s"
@@ -122,12 +151,13 @@ write_password_file(Relation rel)
122151"%s"
123152CRYPT_PWD_FILE_SEPSTR
124153"%s\n" ,
125- DatumGetCString (DirectFunctionCall1 (nameout ,datum_n )),
126- null_p ?"" :
127- DatumGetCString (DirectFunctionCall1 (textout ,datum_p )),
128- null_v ?"\\N" :
129- DatumGetCString (DirectFunctionCall1 (nabstimeout ,datum_v ))
130- );
154+ str_n ,
155+ str_p ,
156+ str_v );
157+
158+ pfree (str_n );
159+ pfree (str_p );
160+ pfree (str_v );
131161}
132162heap_endscan (scan );
133163
@@ -137,8 +167,7 @@ write_password_file(Relation rel)
137167FreeFile (fp );
138168
139169/*
140- * And rename the temp file to its final name, deleting the old
141- * pg_pwd.
170+ * Rename the temp file to its final name, deleting the old pg_pwd.
142171 */
143172if (rename (tempname ,filename ))
144173elog (ERROR ,"rename %s to %s: %m" ,tempname ,filename );