Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit99a099d

Browse files
committed
With the attached patch, I have verified that long (> 8char anyway)
usernames and passwords work correctly in both "password" and"crypt" authorization mode. NOTE: at least on my machine, it seemsthat the crypt() routines ignore the part of the password beyond8 characters, so there's no security gain from longer passwords incrypt auth mode. But they don't fail.The login-related part of psql has apparently not been touchedsince roughly the fall of Rome ;-). It was going through hugepushups to get around the lack of username/login parameters toPQsetdb. I don't know when PQsetdbLogin was added to libpq, butit's there now ... so I was able to rip out quite a lot of cruftycode while I was at it.It's possible that there are still bogus length limits on usernameor password in some of the other PostgreSQL user interfaces besidespsql/libpq. I will leave it to other folks to check that code.regards, tom lane
1 parentc0d7304 commit99a099d

File tree

1 file changed

+24
-99
lines changed

1 file changed

+24
-99
lines changed

‎src/bin/psql/psql.c

Lines changed: 24 additions & 99 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
*
88
*
99
* IDENTIFICATION
10-
* $Header: /cvsroot/pgsql/src/bin/psql/Attic/psql.c,v 1.154 1998/08/17 03:50:17 scrappy Exp $
10+
* $Header: /cvsroot/pgsql/src/bin/psql/Attic/psql.c,v 1.155 1998/08/22 04:49:05 momjian Exp $
1111
*
1212
*-------------------------------------------------------------------------
1313
*/
@@ -132,9 +132,6 @@ static inttableDesc(PsqlSettings *pset, char *table, FILE *fout);
132132
staticintobjectDescription(PsqlSettings*pset,char*object);
133133
staticintrightsList(PsqlSettings*pset);
134134
staticvoidprompt_for_password(char*username,char*password);
135-
staticchar*
136-
make_connect_string(char*host,char*port,char*dbname,
137-
char*username,char*password);
138135

139136
staticchar*gets_noreadline(char*prompt,FILE*source);
140137
staticchar*gets_readline(char*prompt,FILE*source);
@@ -1402,35 +1399,28 @@ do_connect(const char *new_dbname,
14021399
else
14031400
{
14041401
PGconn*olddb=pset->db;
1405-
staticchar*userenv=NULL;
1406-
char*old_userenv=NULL;
14071402
constchar*dbparam;
1408-
1409-
if (new_user!=NULL)
1410-
{
1411-
1412-
/*
1413-
* PQsetdb() does not allow us to specify the user, so we have
1414-
* to do it via PGUSER
1415-
*/
1416-
if (userenv!=NULL)
1417-
old_userenv=userenv;
1418-
userenv=malloc(strlen("PGUSER=")+strlen(new_user)+1);
1419-
sprintf(userenv,"PGUSER=%s",new_user);
1420-
/* putenv() may continue to use memory as part of environment */
1421-
putenv(userenv);
1422-
/* can delete old memory if we malloc'ed it */
1423-
if (old_userenv!=NULL)
1424-
free(old_userenv);
1425-
}
1403+
constchar*userparam;
1404+
constchar*pwparam;
14261405

14271406
if (strcmp(new_dbname,"-")!=0)
14281407
dbparam=new_dbname;
14291408
else
14301409
dbparam=PQdb(olddb);
14311410

1432-
pset->db=PQsetdb(PQhost(olddb),PQport(olddb),
1433-
NULL,NULL,dbparam);
1411+
if (new_user!=NULL&&strcmp(new_user,"-")!=0)
1412+
userparam=new_user;
1413+
else
1414+
userparam=PQuser(olddb);
1415+
1416+
/* libpq doesn't provide an accessor function for the password,
1417+
* so we cheat here.
1418+
*/
1419+
pwparam=olddb->pgpass;
1420+
1421+
pset->db=PQsetdbLogin(PQhost(olddb),PQport(olddb),
1422+
NULL,NULL,dbparam,userparam,pwparam);
1423+
14341424
if (!pset->quiet)
14351425
{
14361426
if (!new_user)
@@ -2765,16 +2755,13 @@ main(int argc, char **argv)
27652755

27662756
if (settings.getPassword)
27672757
{
2768-
charusername[9];
2769-
charpassword[9];
2770-
char*connect_string;
2758+
charusername[100];
2759+
charpassword[100];
27712760

27722761
prompt_for_password(username,password);
27732762

2774-
/* now use PQconnectdb so we can pass these options */
2775-
connect_string=make_connect_string(host,port,dbname,username,password);
2776-
settings.db=PQconnectdb(connect_string);
2777-
free(connect_string);
2763+
settings.db=PQsetdbLogin(host,port,NULL,NULL,dbname,
2764+
username,password);
27782765
}
27792766
else
27802767
settings.db=PQsetdb(host,port,NULL,NULL,dbname);
@@ -2784,7 +2771,7 @@ main(int argc, char **argv)
27842771
if (PQstatus(settings.db)==CONNECTION_BAD)
27852772
{
27862773
fprintf(stderr,"Connection to database '%s' failed.\n",dbname);
2787-
fprintf(stderr,"%s",PQerrorMessage(settings.db));
2774+
fprintf(stderr,"%s\n",PQerrorMessage(settings.db));
27882775
PQfinish(settings.db);
27892776
exit(1);
27902777
}
@@ -3018,6 +3005,7 @@ setFout(PsqlSettings *pset, char *fname)
30183005
staticvoid
30193006
prompt_for_password(char*username,char*password)
30203007
{
3008+
charbuf[512];
30213009
intlength;
30223010

30233011
#ifdefHAVE_TERMIOS_H
@@ -3027,13 +3015,11 @@ prompt_for_password(char *username, char *password)
30273015
#endif
30283016

30293017
printf("Username: ");
3030-
fgets(username,9,stdin);
3018+
fgets(username,100,stdin);
30313019
length=strlen(username);
30323020
/* skip rest of the line */
30333021
if (length>0&&username[length-1]!='\n')
30343022
{
3035-
staticcharbuf[512];
3036-
30373023
do
30383024
{
30393025
fgets(buf,512,stdin);
@@ -3049,7 +3035,7 @@ prompt_for_password(char *username, char *password)
30493035
t.c_lflag &= ~ECHO;
30503036
tcsetattr(0,TCSADRAIN,&t);
30513037
#endif
3052-
fgets(password,9,stdin);
3038+
fgets(password,100,stdin);
30533039
#ifdefHAVE_TERMIOS_H
30543040
tcsetattr(0,TCSADRAIN,&t_orig);
30553041
#endif
@@ -3058,8 +3044,6 @@ prompt_for_password(char *username, char *password)
30583044
/* skip rest of the line */
30593045
if (length>0&&password[length-1]!='\n')
30603046
{
3061-
staticcharbuf[512];
3062-
30633047
do
30643048
{
30653049
fgets(buf,512,stdin);
@@ -3070,62 +3054,3 @@ prompt_for_password(char *username, char *password)
30703054

30713055
printf("\n\n");
30723056
}
3073-
3074-
staticchar*
3075-
make_connect_string(char*host,char*port,char*dbname,
3076-
char*username,char*password)
3077-
{
3078-
intconnect_string_len=0;
3079-
char*connect_string;
3080-
3081-
if (host)
3082-
connect_string_len+=6+strlen(host);/* 6 == "host=" + " " */
3083-
if (username)
3084-
connect_string_len+=6+strlen(username);/* 6 == "user=" + " " */
3085-
if (password)
3086-
connect_string_len+=10+strlen(password);/* 10 == "password=" + "
3087-
* " */
3088-
if (port)
3089-
connect_string_len+=6+strlen(port);/* 6 == "port=" + " " */
3090-
if (dbname)
3091-
connect_string_len+=8+strlen(dbname);/* 8 == "dbname=" + " " */
3092-
connect_string_len+=18;/* "authtype=password" + null */
3093-
3094-
connect_string= (char*)malloc(connect_string_len);
3095-
if (!connect_string)
3096-
return0;
3097-
connect_string[0]='\0';
3098-
if (host)
3099-
{
3100-
strcat(connect_string,"host=");
3101-
strcat(connect_string,host);
3102-
strcat(connect_string," ");
3103-
}
3104-
if (username)
3105-
{
3106-
strcat(connect_string,"user=");
3107-
strcat(connect_string,username);
3108-
strcat(connect_string," ");
3109-
}
3110-
if (password)
3111-
{
3112-
strcat(connect_string,"password=");
3113-
strcat(connect_string,password);
3114-
strcat(connect_string," ");
3115-
}
3116-
if (port)
3117-
{
3118-
strcat(connect_string,"port=");
3119-
strcat(connect_string,port);
3120-
strcat(connect_string," ");
3121-
}
3122-
if (dbname)
3123-
{
3124-
strcat(connect_string,"dbname=");
3125-
strcat(connect_string,dbname);
3126-
strcat(connect_string," ");
3127-
}
3128-
strcat(connect_string,"authtype=password");
3129-
3130-
returnconnect_string;
3131-
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp