NotificationsYou must be signed in to change notification settings
Fork28
Star153

Commita6c1cea

committed

Add libpq warning message if the .pgpass-retrieved password fails.

Add ERRCODE_INVALID_PASSWORD sqlstate error code.

1 parent8b2ae44 commita6c1ceaCopy full SHA for a6c1cea

File tree

6 files changed

+80

-20

lines changed

doc/src/sgml
- errcodes.sgml
src
- backend/libpq
  - auth.c
- include/utils
  - errcodes.h
- interfaces/libpq
  - fe-connect.c
  - libpq-int.h
- pl/plpgsql/src
  - plerrcodes.h

6 files changed

+80

-20

lines changed

`‎doc/src/sgml/errcodes.sgml‎`

Lines changed: 7 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-<!-- $PostgreSQL: pgsql/doc/src/sgml/errcodes.sgml,v 1.28 2009/12/07 05:22:21 tgl Exp $ -->`
	`1`	`+<!-- $PostgreSQL: pgsql/doc/src/sgml/errcodes.sgml,v 1.29 2010/03/13 14:55:57 momjian Exp $ -->`
`2`	`2`
`3`	`3`	`<appendix id="errcodes-appendix">`
`4`	`4`	`<title><productname>PostgreSQL</productname> Error Codes</title>`
`@@ -761,6 +761,12 @@`
`761`	`761`	`<entry>invalid_authorization_specification</entry>`
`762`	`762`	`</row>`
`763`	`763`
	`764`	`+<row>`
	`765`	`+<entry><literal>28P01</literal></entry>`
	`766`	`+<entry>INVALID PASSWORD</entry>`
	`767`	`+<entry>invalid_password</entry>`
	`768`	`+</row>`
	`769`	`+`
`764`	`770`
`765`	`771`	`<row>`
`766`	`772`	`<entry spanname="span13"><emphasis role="bold">Class 2B — Dependent Privilege Descriptors Still Exist</></entry>`

`‎src/backend/libpq/auth.c‎`

Lines changed: 6 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.195 2010/02/26 02:00:42 momjian Exp $`
	`11`	`+ * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.196 2010/03/13 14:55:57 momjian Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -232,7 +232,8 @@ static void`
`232`	`232`	`auth_failed(Port*port,intstatus)`
`233`	`233`	`{`
`234`	`234`	`constchar*errstr;`
`235`		`-`
	`235`	`+interrcode_return=ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION;`
	`236`	`+`
`236`	`237`	`/*`
`237`	`238`	`* If we failed due to EOF from client, just quit; there's no point in`
`238`	`239`	`* trying to send a message to the client, and not much point in logging`
`@@ -269,6 +270,8 @@ auth_failed(Port *port, int status)`
`269`	`270`	`caseuaMD5:`
`270`	`271`	`caseuaPassword:`
`271`	`272`	`errstr=gettext_noop("password authentication failed for user \"%s\"");`
	`273`	`+/* We use it to indicate if a .pgpass password failed. */`
	`274`	`+errcode_return=ERRCODE_INVALID_PASSWORD;`
`272`	`275`	`break;`
`273`	`276`	`caseuaPAM:`
`274`	`277`	`errstr=gettext_noop("PAM authentication failed for user \"%s\"");`
`@@ -285,7 +288,7 @@ auth_failed(Port *port, int status)`
`285`	`288`	`}`
`286`	`289`
`287`	`290`	`ereport(FATAL,`
`288`		`-(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),`
	`291`	`+(errcode(errcode_return),`
`289`	`292`	`errmsg(errstr,port->user_name)));`
`290`	`293`	`/* doesn't return */`
`291`	`294`	`}`

`‎src/include/utils/errcodes.h‎`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@`
`11`	`11`	`*`
`12`	`12`	`* Copyright (c) 2003-2010, PostgreSQL Global Development Group`
`13`	`13`	`*`
`14`		`- * $PostgreSQL: pgsql/src/include/utils/errcodes.h,v 1.31 2010/01/02 16:58:10 momjian Exp $`
	`14`	`+ * $PostgreSQL: pgsql/src/include/utils/errcodes.h,v 1.32 2010/03/13 14:55:57 momjian Exp $`
`15`	`15`	`*`
`16`	`16`	`*-------------------------------------------------------------------------`
`17`	`17`	`*/`
`@@ -194,6 +194,7 @@`
`194`	`194`
`195`	`195`	`/* Class 28 - Invalid Authorization Specification */`
`196`	`196`	`#defineERRCODE_INVALID_AUTHORIZATION_SPECIFICATION MAKE_SQLSTATE('2','8', '0','0','0')`
	`197`	`+#defineERRCODE_INVALID_PASSWORD MAKE_SQLSTATE('2','8', 'P','0','1')`
`197`	`198`
`198`	`199`	`/* Class 2B - Dependent Privilege Descriptors Still Exist */`
`199`	`200`	`#defineERRCODE_DEPENDENT_PRIVILEGE_DESCRIPTORS_STILL_EXISTMAKE_SQLSTATE('2','B', '0','0','0')`

`‎src/interfaces/libpq/fe-connect.c‎`

Lines changed: 58 additions & 13 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.389 2010/03/03 20:31:09 tgl Exp $`
	`11`	`+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.390 2010/03/13 14:55:57 momjian Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -91,6 +91,9 @@ static int ldapServiceLookup(const char purl, PQconninfoOption options,`
`91`	`91`	`*/`
`92`	`92`	`#defineERRCODE_APPNAME_UNKNOWN "42704"`
`93`	`93`
	`94`	`+/* This is part of the protocol so just define it */`
	`95`	`+#defineERRCODE_INVALID_PASSWORD "28P01"`
	`96`	`+`
`94`	`97`	`/*`
`95`	`98`	`* fall back options if they are not specified by arguments or defined`
`96`	`99`	`* by environment variables`
`@@ -284,6 +287,8 @@ static int parseServiceFile(const char *serviceFile,`
`284`	`287`	`staticcharpwdfMatchesString(charbuf,char*token);`
`285`	`288`	`staticcharPasswordFromFile(charhostname,charport,chardbname,`
`286`	`289`	`char*username);`
	`290`	`+staticboolgetPgPassFilename(char*pgpassfile);`
	`291`	`+staticvoiddot_pg_pass_warning(PGconn*conn);`
`287`	`292`	`staticvoiddefault_threadlock(intacquire);`
`288`	`293`
`289`	`294`
`@@ -652,6 +657,8 @@ connectOptions2(PGconn *conn)`
`652`	`657`	`conn->dbName,conn->pguser);`
`653`	`658`	`if (conn->pgpass==NULL)`
`654`	`659`	`conn->pgpass=strdup(DefaultPassword);`
	`660`	`+else`
	`661`	`+conn->dot_pgpass_used= true;`
`655`	`662`	`}`
`656`	`663`
`657`	`664`	`/*`
`@@ -2133,6 +2140,8 @@ PQconnectPoll(PGconn *conn)`
`2133`	`2140`
`2134`	`2141`	`error_return:`
`2135`	`2142`
	`2143`	`+dot_pg_pass_warning(conn);`
	`2144`	`+`
`2136`	`2145`	`/*`
`2137`	`2146`	`* We used to close the socket at this point, but that makes it awkward`
`2138`	`2147`	`* for those above us if they wish to remove this socket from their own`
`@@ -2191,6 +2200,7 @@ makeEmptyPGconn(void)`
`2191`	`2200`	`conn->verbosity=PQERRORS_DEFAULT;`
`2192`	`2201`	`conn->sock=-1;`
`2193`	`2202`	`conn->password_needed= false;`
	`2203`	`+conn->dot_pgpass_used= false;`
`2194`	`2204`	`#ifdefUSE_SSL`
`2195`	`2205`	`conn->allow_ssl_try= true;`
`2196`	`2206`	`conn->wait_ssl_try= false;`
`@@ -4323,7 +4333,6 @@ PasswordFromFile(char hostname, char port, char dbname, char username)`
`4323`	`4333`	`FILE*fp;`
`4324`	`4334`	`charpgpassfile[MAXPGPATH];`
`4325`	`4335`	`structstatstat_buf;`
`4326`		`-char*passfile_env;`
`4327`	`4336`
`4328`	`4337`	`#defineLINELEN NAMEDATALEN*5`
`4329`	`4338`	`charbuf[LINELEN];`
`@@ -4349,17 +4358,8 @@ PasswordFromFile(char hostname, char port, char dbname, char username)`
`4349`	`4358`	`if (port==NULL)`
`4350`	`4359`	`port=DEF_PGPORT_STR;`
`4351`	`4360`
`4352`		`-if ((passfile_env=getenv("PGPASSFILE"))!=NULL)`
`4353`		`-/* use the literal path from the environment, if set */`
`4354`		`-strlcpy(pgpassfile,passfile_env,sizeof(pgpassfile));`
`4355`		`-else`
`4356`		`-{`
`4357`		`-charhomedir[MAXPGPATH];`
`4358`		`-`
`4359`		`-if (!pqGetHomeDirectory(homedir,sizeof(homedir)))`
`4360`		`-returnNULL;`
`4361`		`-snprintf(pgpassfile,MAXPGPATH,"%s/%s",homedir,PGPASSFILE);`
`4362`		`-}`
	`4361`	`+if (!getPgPassFilename(pgpassfile))`
	`4362`	`+returnNULL;`
`4363`	`4363`
`4364`	`4364`	`/* If password file cannot be opened, ignore it. */`
`4365`	`4365`	`if (stat(pgpassfile,&stat_buf)!=0)`
`@@ -4426,6 +4426,51 @@ PasswordFromFile(char hostname, char port, char dbname, char username)`
`4426`	`4426`	`#undef LINELEN`
`4427`	`4427`	`}`
`4428`	`4428`
	`4429`	`+`
	`4430`	`+staticboolgetPgPassFilename(char*pgpassfile)`
	`4431`	`+{`
	`4432`	`+char*passfile_env;`
	`4433`	`+`
	`4434`	`+if ((passfile_env=getenv("PGPASSFILE"))!=NULL)`
	`4435`	`+/* use the literal path from the environment, if set */`
	`4436`	`+strlcpy(pgpassfile,passfile_env,MAXPGPATH);`
	`4437`	`+else`
	`4438`	`+{`
	`4439`	`+charhomedir[MAXPGPATH];`
	`4440`	`+`
	`4441`	`+if (!pqGetHomeDirectory(homedir,sizeof(homedir)))`
	`4442`	`+return false;`
	`4443`	`+snprintf(pgpassfile,MAXPGPATH,"%s/%s",homedir,PGPASSFILE);`
	`4444`	`+}`
	`4445`	`+return true;`
	`4446`	`+}`
	`4447`	`+`
	`4448`	`+/*`
	`4449`	`+ *If the connection failed, we should mention if`
	`4450`	`+ *we got the password from .pgpass in case that`
	`4451`	`+ *password is wrong.`
	`4452`	`+ */`
	`4453`	`+staticvoid`
	`4454`	`+dot_pg_pass_warning(PGconn*conn)`
	`4455`	`+{`
	`4456`	`+/* If it was 'invalid authorization', add .pgpass mention */`
	`4457`	`+if (conn->dot_pgpass_used&&conn->password_needed&&conn->result&&`
	`4458`	`+/* only works with >= 9.0 servers */`
	`4459`	`+strcmp(PQresultErrorField(conn->result,PG_DIAG_SQLSTATE),`
	`4460`	`+ERRCODE_INVALID_PASSWORD)==0)`
	`4461`	`+{`
	`4462`	`+charpgpassfile[MAXPGPATH];`
	`4463`	`+`
	`4464`	`+if (!getPgPassFilename(pgpassfile))`
	`4465`	`+return;`
	`4466`	`+appendPQExpBufferStr(&conn->errorMessage,`
	`4467`	`+libpq_gettext("password retrieved from "));`
	`4468`	`+appendPQExpBufferStr(&conn->errorMessage,pgpassfile);`
	`4469`	`+appendPQExpBufferChar(&conn->errorMessage,'\n');`
	`4470`	`+}`
	`4471`	`+}`
	`4472`	`+`
	`4473`	`+`
`4429`	`4474`	`/*`
`4430`	`4475`	`* Obtain user's home directory, return in given buffer`
`4431`	`4476`	`*`

`‎src/interfaces/libpq/libpq-int.h‎`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@`
`12`	`12`	`* Portions Copyright (c) 1996-2010, PostgreSQL Global Development Group`
`13`	`13`	`* Portions Copyright (c) 1994, Regents of the University of California`
`14`	`14`	`*`
`15`		`- * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.149 2010/02/26 02:01:33 momjian Exp $`
	`15`	`+ * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.150 2010/03/13 14:55:57 momjian Exp $`
`16`	`16`	`*`
`17`	`17`	`*-------------------------------------------------------------------------`
`18`	`18`	`*/`
`@@ -343,6 +343,7 @@ struct pg_conn`
`343`	`343`	`ProtocolVersionpversion;/* FE/BE protocol version in use */`
`344`	`344`	`intsversion;/* server version, e.g. 70401 for 7.4.1 */`
`345`	`345`	`boolpassword_needed;/* true if server demanded a password */`
	`346`	`+booldot_pgpass_used;/* true if used .pgpass */`
`346`	`347`	`boolsigpipe_so;/* have we masked SIGPIPE via SO_NOSIGPIPE? */`
`347`	`348`	`boolsigpipe_flag;/* can we mask SIGPIPE via MSG_NOSIGNAL? */`
`348`	`349`

`‎src/pl/plpgsql/src/plerrcodes.h‎`

Lines changed: 5 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@`
`9`	`9`	`*`
`10`	`10`	`* Copyright (c) 2003-2010, PostgreSQL Global Development Group`
`11`	`11`	`*`
`12`		`- * $PostgreSQL: pgsql/src/pl/plpgsql/src/plerrcodes.h,v 1.20 2010/01/02 16:58:13 momjian Exp $`
	`12`	`+ * $PostgreSQL: pgsql/src/pl/plpgsql/src/plerrcodes.h,v 1.21 2010/03/13 14:55:57 momjian Exp $`
`13`	`13`	`*`
`14`	`14`	`*-------------------------------------------------------------------------`
`15`	`15`	`*/`
`@@ -367,6 +367,10 @@`
`367`	`367`	`"invalid_authorization_specification",ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION`
`368`	`368`	`},`
`369`	`369`
	`370`	`+{`
	`371`	`+"invalid_password",ERRCODE_INVALID_PASSWORD`
	`372`	`+},`
	`373`	`+`
`370`	`374`	`{`
`371`	`375`	`"dependent_privilege_descriptors_still_exist",ERRCODE_DEPENDENT_PRIVILEGE_DESCRIPTORS_STILL_EXIST`
`372`	`376`	`},`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commita6c1cea

File tree

6 files changed

6 files changed

`‎doc/src/sgml/errcodes.sgml‎`

`‎src/backend/libpq/auth.c‎`

`‎src/include/utils/errcodes.h‎`

`‎src/interfaces/libpq/fe-connect.c‎`

`‎src/interfaces/libpq/libpq-int.h‎`

`‎src/pl/plpgsql/src/plerrcodes.h‎`

0 commit comments