NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitff402ae

committed

Improve handling of password reuse in src/bin/scripts programs.

This reverts most of commit83dec5a in favor of having connectDatabase()store the possibly-reusable password in a static variable, similar to thecoding we've had for a long time in pg_dump's version of that function.To avoid possible problems with unwanted password reuse, make callersspecify whether it's reasonable to attempt to re-use the password.This is a wash for cases where re-use isn't needed, but it is far simplerfor callers that do want that. Functionally there should be no difference.Even though we're past RC1, it seems like a good idea to back-patch thisinto 9.5, like the prior commit. Otherwise, if there are any third-partyusers of connectDatabase(), they'll have to deal with an API change in9.5 and then another one in 9.6.Michael Paquier

1 parent1aa41e3 commitff402aeCopy full SHA for ff402ae

File tree

9 files changed

+56

-98

lines changed

src/bin/scripts

9 files changed

+56

-98

lines changed

`‎src/bin/scripts/clusterdb.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -203,8 +203,8 @@ cluster_one_database(const char dbname, bool verbose, const char table,`
`203`	`203`	`appendPQExpBuffer(&sql," %s",table);`
`204`	`204`	`appendPQExpBufferChar(&sql,';');`
`205`	`205`
`206`		`-conn=connectDatabase(dbname,host,port,username,NULL,prompt_password,`
`207`		`-progname, false);`
	`206`	`+conn=connectDatabase(dbname,host,port,username,prompt_password,`
	`207`	`+progname, false, false);`
`208`	`208`	`if (!executeMaintenanceCommand(conn,sql.data,echo))`
`209`	`209`	`{`
`210`	`210`	`if (table)`

`‎src/bin/scripts/common.c`

Lines changed: 25 additions & 23 deletions

Original file line number	Diff line number	Diff line change
`@@ -54,22 +54,31 @@ handle_help_version_opts(int argc, char *argv[],`
`54`	`54`	`/*`
`55`	`55`	`* Make a database connection with the given parameters.`
`56`	`56`	`*`
`57`		`- * A password can be given, but if not (or if user forces us to) we prompt`
`58`		`- * interactively for one, unless caller prohibited us from doing so.`
	`57`	`+ * An interactive password prompt is automatically issued if needed and`
	`58`	`+ * allowed by prompt_password.`
	`59`	`+ *`
	`60`	`+ * If allow_password_reuse is true, we will try to re-use any password`
	`61`	`+ * given during previous calls to this routine. (Callers should not pass`
	`62`	`+ * allow_password_reuse=true unless reconnecting to the same database+user`
	`63`	`+ * as before, else we might create password exposure hazards.)`
`59`	`64`	`*/`
`60`	`65`	`PGconn*`
`61`	`66`	`connectDatabase(constchardbname,constcharpghost,constchar*pgport,`
`62`		`-constcharpguser,constcharpgpassword,`
`63`		`-enumtrivalueprompt_password,constchar*progname,`
`64`		`-boolfail_ok)`
	`67`	`+constchar*pguser,enumtrivalueprompt_password,`
	`68`	`+constchar*progname,boolfail_ok,boolallow_password_reuse)`
`65`	`69`	`{`
`66`	`70`	`PGconn*conn;`
`67`		`-char*password;`
	`71`	`+staticchar*password=NULL;`
`68`	`72`	`boolnew_pass;`
`69`	`73`
`70`		`-password=pgpassword ?strdup(pgpassword) :NULL;`
	`74`	`+if (!allow_password_reuse)`
	`75`	`+{`
	`76`	`+if (password)`
	`77`	`+free(password);`
	`78`	`+password=NULL;`
	`79`	`+}`
`71`	`80`
`72`		`-if (prompt_password==TRI_YES&&!pgpassword)`
	`81`	`+if (password==NULL&&prompt_password==TRI_YES)`
`73`	`82`	`password=simple_prompt("Password: ",100, false);`
`74`	`83`
`75`	`84`	`/*`
`@@ -78,9 +87,8 @@ connectDatabase(const char dbname, const char pghost, const char *pgport,`
`78`	`87`	`*/`
`79`	`88`	`do`
`80`	`89`	`{`
`81`		`-#definePARAMS_ARRAY_SIZE7`
`82`		`-constchar*keywords=pg_malloc(PARAMS_ARRAY_SIZEsizeof(*keywords));`
`83`		`-constchar*values=pg_malloc(PARAMS_ARRAY_SIZEsizeof(*values));`
	`90`	`+constchar*keywords[7];`
	`91`	`+constchar*values[7];`
`84`	`92`
`85`	`93`	`keywords[0]="host";`
`86`	`94`	`values[0]=pghost;`
`@@ -107,9 +115,6 @@ connectDatabase(const char dbname, const char pghost, const char *pgport,`
`107`	`115`	`exit(1);`
`108`	`116`	`}`
`109`	`117`
`110`		`-pg_free(keywords);`
`111`		`-pg_free(values);`
`112`		`-`
`113`	`118`	`/*`
`114`	`119`	`* No luck? Trying asking (again) for a password.`
`115`	`120`	`*/`
`@@ -125,9 +130,6 @@ connectDatabase(const char dbname, const char pghost, const char *pgport,`
`125`	`130`	`}`
`126`	`131`	`}while (new_pass);`
`127`	`132`
`128`		`-if (password)`
`129`		`-free(password);`
`130`		`-`
`131`	`133`	`/* check to see that the backend connection was successfully made */`
`132`	`134`	`if (PQstatus(conn)==CONNECTION_BAD)`
`133`	`135`	`{`
`@@ -157,15 +159,15 @@ connectMaintenanceDatabase(const char maintenance_db, const char pghost,`
`157`	`159`
`158`	`160`	`/* If a maintenance database name was specified, just connect to it. */`
`159`	`161`	`if (maintenance_db)`
`160`		`-returnconnectDatabase(maintenance_db,pghost,pgport,pguser,NULL,`
`161`		`-prompt_password,progname, false);`
	`162`	`+returnconnectDatabase(maintenance_db,pghost,pgport,pguser,`
	`163`	`+prompt_password,progname, false, false);`
`162`	`164`
`163`	`165`	`/* Otherwise, try postgres first and then template1. */`
`164`		`-conn=connectDatabase("postgres",pghost,pgport,pguser,NULL,`
`165`		`-prompt_password,progname, true);`
	`166`	`+conn=connectDatabase("postgres",pghost,pgport,pguser,prompt_password,`
	`167`	`+progname, true, false);`
`166`	`168`	`if (!conn)`
`167`		`-conn=connectDatabase("template1",pghost,pgport,pguser,NULL,`
`168`		`-prompt_password,progname, false);`
	`169`	`+conn=connectDatabase("template1",pghost,pgport,pguser,`
	`170`	`+prompt_password,progname, false, false);`
`169`	`171`
`170`	`172`	`returnconn;`
`171`	`173`	`}`

`‎src/bin/scripts/common.h`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -31,8 +31,8 @@ extern void handle_help_version_opts(int argc, char *argv[],`
`31`	`31`
`32`	`32`	`externPGconnconnectDatabase(constchardbname,constchar*pghost,`
`33`	`33`	`constcharpgport,constcharpguser,`
`34`		`-constchar*pgpassword,enumtrivalueprompt_password,`
`35`		`-constchar*progname,boolfail_ok);`
	`34`	`+enumtrivalueprompt_password,constchar*progname,`
	`35`	`+boolfail_ok,boolallow_password_reuse);`
`36`	`36`
`37`	`37`	`externPGconnconnectMaintenanceDatabase(constcharmaintenance_db,`
`38`	`38`	`constcharpghost,constcharpgport,constchar*pguser,`

`‎src/bin/scripts/createlang.c`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -140,8 +140,8 @@ main(int argc, char *argv[])`
`140`	`140`	`printQueryOptpopt;`
`141`	`141`	`staticconstbooltranslate_columns[]= {false, true};`
`142`	`142`
`143`		`-conn=connectDatabase(dbname,host,port,username,NULL,`
`144`		`-prompt_password,progname, false);`
	`143`	`+conn=connectDatabase(dbname,host,port,username,prompt_password,`
	`144`	`+progname, false, false);`
`145`	`145`
`146`	`146`	`printfPQExpBuffer(&sql,"SELECT lanname as \"%s\", "`
`147`	`147`	`"(CASE WHEN lanpltrusted THEN '%s' ELSE '%s' END) as \"%s\" "`
`@@ -180,8 +180,8 @@ main(int argc, char *argv[])`
`180`	`180`	`if (p >='A'&&p <='Z')`
`181`	`181`	`*p+= ('a'-'A');`
`182`	`182`
`183`		`-conn=connectDatabase(dbname,host,port,username,NULL,`
`184`		`-prompt_password,progname, false);`
	`183`	`+conn=connectDatabase(dbname,host,port,username,prompt_password,`
	`184`	`+progname, false, false);`
`185`	`185`
`186`	`186`	`/*`
`187`	`187`	`* Make sure the language isn't already installed`

`‎src/bin/scripts/createuser.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -250,8 +250,8 @@ main(int argc, char *argv[])`
`250`	`250`	`if (login==0)`
`251`	`251`	`login=TRI_YES;`
`252`	`252`
`253`		`-conn=connectDatabase("postgres",host,port,username,NULL,`
`254`		`-prompt_password,progname, false);`
	`253`	`+conn=connectDatabase("postgres",host,port,username,prompt_password,`
	`254`	`+progname, false, false);`
`255`	`255`
`256`	`256`	`initPQExpBuffer(&sql);`
`257`	`257`

`‎src/bin/scripts/droplang.c`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -139,8 +139,8 @@ main(int argc, char *argv[])`
`139`	`139`	`printQueryOptpopt;`
`140`	`140`	`staticconstbooltranslate_columns[]= {false, true};`
`141`	`141`
`142`		`-conn=connectDatabase(dbname,host,port,username,NULL,`
`143`		`-prompt_password,progname, false);`
	`142`	`+conn=connectDatabase(dbname,host,port,username,prompt_password,`
	`143`	`+progname, false, false);`
`144`	`144`
`145`	`145`	`printfPQExpBuffer(&sql,"SELECT lanname as \"%s\", "`
`146`	`146`	`"(CASE WHEN lanpltrusted THEN '%s' ELSE '%s' END) as \"%s\" "`
`@@ -181,8 +181,8 @@ main(int argc, char *argv[])`
`181`	`181`	`if (p >='A'&&p <='Z')`
`182`	`182`	`*p+= ('a'-'A');`
`183`	`183`
`184`		`-conn=connectDatabase(dbname,host,port,username,NULL,`
`185`		`-prompt_password,progname, false);`
	`184`	`+conn=connectDatabase(dbname,host,port,username,prompt_password,`
	`185`	`+progname, false, false);`
`186`	`186`
`187`	`187`	`/*`
`188`	`188`	`* Force schema search path to be just pg_catalog, so that we don't have`

`‎src/bin/scripts/dropuser.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -128,8 +128,8 @@ main(int argc, char *argv[])`
`128`	`128`	`appendPQExpBuffer(&sql,"DROP ROLE %s%s;",`
`129`	`129`	`(if_exists ?"IF EXISTS " :""),fmtId(dropuser));`
`130`	`130`
`131`		`-conn=connectDatabase("postgres",host,port,username,NULL,`
`132`		`-prompt_password,progname, false);`
	`131`	`+conn=connectDatabase("postgres",host,port,username,prompt_password,`
	`132`	`+progname, false, false);`
`133`	`133`
`134`	`134`	`if (echo)`
`135`	`135`	`printf("%s\n",sql.data);`

`‎src/bin/scripts/reindexdb.c`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -297,8 +297,8 @@ reindex_one_database(const char name, const char dbname, const char *type,`
`297`	`297`	`appendPQExpBuffer(&sql," DATABASE %s",fmtId(name));`
`298`	`298`	`appendPQExpBufferChar(&sql,';');`
`299`	`299`
`300`		`-conn=connectDatabase(dbname,host,port,username,NULL,`
`301`		`-prompt_password,progname, false);`
	`300`	`+conn=connectDatabase(dbname,host,port,username,prompt_password,`
	`301`	`+progname, false, false);`
`302`	`302`
`303`	`303`	`if (!executeMaintenanceCommand(conn,sql.data,echo))`
`304`	`304`	`{`
`@@ -372,8 +372,8 @@ reindex_system_catalogs(const char dbname, const char host, const char *port,`
`372`	`372`
`373`	`373`	`appendPQExpBuffer(&sql," SYSTEM %s;",dbname);`
`374`	`374`
`375`		`-conn=connectDatabase(dbname,host,port,username,NULL,`
`376`		`-prompt_password,progname, false);`
	`375`	`+conn=connectDatabase(dbname,host,port,username,prompt_password,`
	`376`	`+progname, false, false);`
`377`	`377`	`if (!executeMaintenanceCommand(conn,sql.data,echo))`
`378`	`378`	`{`
`379`	`379`	`fprintf(stderr,_("%s: reindexing of system catalogs failed: %s"),`

`‎src/bin/scripts/vacuumdb.c`

Lines changed: 11 additions & 55 deletions

Original file line number	Diff line number	Diff line change
`@@ -43,8 +43,7 @@ static void vacuum_one_database(const char dbname, vacuumingOptions vacopts,`
`43`	`43`	`constcharhost,constcharport,`
`44`	`44`	`constchar*username,enumtrivalueprompt_password,`
`45`	`45`	`intconcurrentCons,`
`46`		`-constchar*progname,boolecho,boolquiet,`
`47`		`-char**password);`
	`46`	`+constchar*progname,boolecho,boolquiet);`
`48`	`47`
`49`	`48`	`staticvoidvacuum_all_databases(vacuumingOptions*vacopts,`
`50`	`49`	`boolanalyze_in_stages,`
`@@ -276,8 +275,6 @@ main(int argc, char *argv[])`
`276`	`275`	`}`
`277`	`276`	`else`
`278`	`277`	`{`
`279`		`-char*password=NULL;`
`280`		`-`
`281`	`278`	`if (dbname==NULL)`
`282`	`279`	`{`
`283`	`280`	`if (getenv("PGDATABASE"))`
`@@ -299,8 +296,7 @@ main(int argc, char *argv[])`
`299`	`296`	`&tables,`
`300`	`297`	`host,port,username,prompt_password,`
`301`	`298`	`concurrentCons,`
`302`		`-progname,echo,quiet,`
`303`		`-&password);`
	`299`	`+progname,echo,quiet);`
`304`	`300`	`}`
`305`	`301`	`}`
`306`	`302`	`else`
`@@ -309,10 +305,7 @@ main(int argc, char *argv[])`
`309`	`305`	`&tables,`
`310`	`306`	`host,port,username,prompt_password,`
`311`	`307`	`concurrentCons,`
`312`		`-progname,echo,quiet,`
`313`		`-&password);`
`314`		`-`
`315`		`-pg_free(password);`
	`308`	`+progname,echo,quiet);`
`316`	`309`	`}`
`317`	`310`
`318`	`311`	`exit(0);`
`@@ -330,21 +323,15 @@ main(int argc, char *argv[])`
`330`	`323`	`* If concurrentCons is > 1, multiple connections are used to vacuum tables`
`331`	`324`	`* in parallel. In this case and if the table list is empty, we first obtain`
`332`	`325`	`* a list of tables from the database.`
`333`		`- *`
`334`		`- * 'password' is both an input and output parameter. If one is not passed,`
`335`		`- * then whatever is used in a connection is returned so that caller can`
`336`		`- * reuse it in future connections.`
`337`	`326`	`*/`
`338`	`327`	`staticvoid`
`339`	`328`	`vacuum_one_database(constchardbname,vacuumingOptionsvacopts,`
`340`	`329`	`intstage,`
`341`	`330`	`SimpleStringList*tables,`
`342`	`331`	`constcharhost,constcharport,`
`343`		`-constchar*username,`
`344`		`-enumtrivalueprompt_password,`
	`332`	`+constchar*username,enumtrivalueprompt_password,`
`345`	`333`	`intconcurrentCons,`
`346`		`-constchar*progname,boolecho,boolquiet,`
`347`		`-char**password)`
	`334`	`+constchar*progname,boolecho,boolquiet)`
`348`	`335`	`{`
`349`	`336`	`PQExpBufferDatasql;`
`350`	`337`	`PGconn*conn;`
`@@ -378,15 +365,8 @@ vacuum_one_database(const char dbname, vacuumingOptions vacopts,`
`378`	`365`	`fflush(stdout);`
`379`	`366`	`}`
`380`	`367`
`381`		`-conn=connectDatabase(dbname,host,port,username,*password,`
`382`		`-prompt_password,progname, false);`
`383`		`-`
`384`		`-/*`
`385`		`- * If no password was not specified by caller and the connection required`
`386`		`- * one, remember it; this suppresses further password prompts.`
`387`		`- */`
`388`		`-if (PQconnectionUsedPassword(conn)&&*password==NULL)`
`389`		`-*password=pg_strdup(PQpass(conn));`
	`368`	`+conn=connectDatabase(dbname,host,port,username,prompt_password,`
	`369`	`+progname, false, true);`
`390`	`370`
`391`	`371`	`initPQExpBuffer(&sql);`
`392`	`372`
`@@ -444,20 +424,10 @@ vacuum_one_database(const char dbname, vacuumingOptions vacopts,`
`444`	`424`	`init_slot(slots,conn);`
`445`	`425`	`if (parallel)`
`446`	`426`	`{`
`447`		`-constchar*pqpass;`
`448`		`-`
`449`		`-/*`
`450`		`- * If a password was supplied for the initial connection, use it for`
`451`		`- * subsequent ones too. (Note that since we're connecting to the same`
`452`		`- * database with the same user, there's no need to update the stored`
`453`		`- * password any further.)`
`454`		`- */`
`455`		`-pqpass=PQpass(conn);`
`456`		`-`
`457`	`427`	`for (i=1;i<concurrentCons;i++)`
`458`	`428`	`{`
`459`		`-conn=connectDatabase(dbname,host,port,username,pqpass,`
`460`		`-prompt_password,progname, false);`
	`429`	`+conn=connectDatabase(dbname,host,port,username,prompt_password,`
	`430`	`+progname, false, true);`
`461`	`431`	`init_slot(slots+i,conn);`
`462`	`432`	`}`
`463`	`433`	`}`
`@@ -572,23 +542,12 @@ vacuum_all_databases(vacuumingOptions *vacopts,`
`572`	`542`	`PGresult*result;`
`573`	`543`	`intstage;`
`574`	`544`	`inti;`
`575`		`-char*password=NULL;`
`576`	`545`
`577`	`546`	`conn=connectMaintenanceDatabase(maintenance_db,host,port,`
`578`	`547`	`username,prompt_password,progname);`
`579`		`-`
`580`	`548`	`result=executeQuery(conn,`
`581`	`549`	`"SELECT datname FROM pg_database WHERE datallowconn ORDER BY 1;",`
`582`	`550`	`progname,echo);`
`583`		`-`
`584`		`-/*`
`585`		`- * Remember the password for further connections. If no password was`
`586`		`- * required for the maintenance db connection, this gets updated for the`
`587`		`- * first connection that does.`
`588`		`- */`
`589`		`-if (PQconnectionUsedPassword(conn))`
`590`		`-password=pg_strdup(PQpass(conn));`
`591`		`-`
`592`	`551`	`PQfinish(conn);`
`593`	`552`
`594`	`553`	`if (analyze_in_stages)`
`@@ -613,8 +572,7 @@ vacuum_all_databases(vacuumingOptions *vacopts,`
`613`	`572`	`NULL,`
`614`	`573`	`host,port,username,prompt_password,`
`615`	`574`	`concurrentCons,`
`616`		`-progname,echo,quiet,`
`617`		`-&password);`
	`575`	`+progname,echo,quiet);`
`618`	`576`	`}`
`619`	`577`	`}`
`620`	`578`	`}`
`@@ -630,13 +588,11 @@ vacuum_all_databases(vacuumingOptions *vacopts,`
`630`	`588`	`NULL,`
`631`	`589`	`host,port,username,prompt_password,`
`632`	`590`	`concurrentCons,`
`633`		`-progname,echo,quiet,`
`634`		`-&password);`
	`591`	`+progname,echo,quiet);`
`635`	`592`	`}`
`636`	`593`	`}`
`637`	`594`
`638`	`595`	`PQclear(result);`
`639`		`-pg_free(password);`
`640`	`596`	`}`
`641`	`597`
`642`	`598`	`/*`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitff402ae

File tree

9 files changed

9 files changed

`‎src/bin/scripts/clusterdb.c`

`‎src/bin/scripts/common.c`

`‎src/bin/scripts/common.h`

`‎src/bin/scripts/createlang.c`

`‎src/bin/scripts/createuser.c`

`‎src/bin/scripts/droplang.c`

`‎src/bin/scripts/dropuser.c`

`‎src/bin/scripts/reindexdb.c`

`‎src/bin/scripts/vacuumdb.c`

0 commit comments