Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit4192f2d

Browse files
committed
Remove the -P options of oid2name and pgbench, as they are security
hazards. Instead teach these programs to prompt for a password whennecessary, just like all our other programs.I did not bother to invent -W switches for them, since the return oninvestment seems so low.
1 parent5eb5661 commit4192f2d

File tree

4 files changed

+85
-63
lines changed

4 files changed

+85
-63
lines changed

‎contrib/oid2name/oid2name.c‎

Lines changed: 43 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,8 @@
44
*
55
* Originally by
66
* B. Palmer, bpalmer@crimelabs.net 1-17-2001
7-
* $PostgreSQL: pgsql/contrib/oid2name/oid2name.c,v 1.32 2007/07/25 22:16:17 tgl Exp $
7+
*
8+
* $PostgreSQL: pgsql/contrib/oid2name/oid2name.c,v 1.33 2007/12/11 02:31:49 tgl Exp $
89
*/
910
#include"postgres_fe.h"
1011

@@ -43,7 +44,6 @@ struct options
4344
char*hostname;
4445
char*port;
4546
char*username;
46-
char*password;
4747
};
4848

4949
/* function prototypes */
@@ -76,10 +76,9 @@ get_opts(int argc, char **argv, struct options * my_opts)
7676
my_opts->hostname=NULL;
7777
my_opts->port=NULL;
7878
my_opts->username=NULL;
79-
my_opts->password=NULL;
8079

8180
/* get opts */
82-
while ((c=getopt(argc,argv,"H:p:U:P:d:t:o:f:qSxish?"))!=-1)
81+
while ((c=getopt(argc,argv,"H:p:U:d:t:o:f:qSxish?"))!=-1)
8382
{
8483
switch (c)
8584
{
@@ -123,11 +122,6 @@ get_opts(int argc, char **argv, struct options * my_opts)
123122
my_opts->username=mystrdup(optarg);
124123
break;
125124

126-
/* password */
127-
case'P':
128-
my_opts->password=mystrdup(optarg);
129-
break;
130-
131125
/* display system tables */
132126
case'S':
133127
my_opts->systables= true;
@@ -166,8 +160,6 @@ get_opts(int argc, char **argv, struct options * my_opts)
166160
" -H host connect to remote host\n"
167161
" -p port host port to connect to\n"
168162
" -U username username to connect with\n"
169-
" -P password password for username\n"
170-
" (see also $PGPASSWORD and ~/.pgpass)\n"
171163
);
172164
exit(1);
173165
break;
@@ -275,22 +267,49 @@ PGconn *
275267
sql_conn(structoptions*my_opts)
276268
{
277269
PGconn*conn;
270+
char*password=NULL;
271+
boolnew_pass;
278272

279-
/* login */
280-
conn=PQsetdbLogin(my_opts->hostname,
281-
my_opts->port,
282-
NULL,/* options */
283-
NULL,/* tty */
284-
my_opts->dbname,
285-
my_opts->username,
286-
my_opts->password);
287-
288-
/* deal with errors */
289-
if (PQstatus(conn)!=CONNECTION_OK)
273+
/*
274+
* Start the connection. Loop until we have a password if requested by
275+
* backend.
276+
*/
277+
do
290278
{
291-
fprintf(stderr,"%s: connection to database '%s' failed.\n","oid2name",my_opts->dbname);
292-
fprintf(stderr,"%s",PQerrorMessage(conn));
279+
new_pass= false;
280+
conn=PQsetdbLogin(my_opts->hostname,
281+
my_opts->port,
282+
NULL,/* options */
283+
NULL,/* tty */
284+
my_opts->dbname,
285+
my_opts->username,
286+
password);
287+
if (!conn)
288+
{
289+
fprintf(stderr,"%s: could not connect to database %s\n",
290+
"oid2name",my_opts->dbname);
291+
exit(1);
292+
}
293+
294+
if (PQstatus(conn)==CONNECTION_BAD&&
295+
PQconnectionNeedsPassword(conn)&&
296+
password==NULL&&
297+
!feof(stdin))
298+
{
299+
PQfinish(conn);
300+
password=simple_prompt("Password: ",100, false);
301+
new_pass= true;
302+
}
303+
}while (new_pass);
304+
305+
if (password)
306+
free(password);
293307

308+
/* check to see that the backend connection was successfully made */
309+
if (PQstatus(conn)==CONNECTION_BAD)
310+
{
311+
fprintf(stderr,"%s: could not connect to database %s: %s",
312+
"oid2name",my_opts->dbname,PQerrorMessage(conn));
294313
PQfinish(conn);
295314
exit(1);
296315
}

‎contrib/pgbench/pgbench.c‎

Lines changed: 40 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* $PostgreSQL: pgsql/contrib/pgbench/pgbench.c,v 1.74 2007/11/15 21:14:31 momjian Exp $
2+
* $PostgreSQL: pgsql/contrib/pgbench/pgbench.c,v 1.75 2007/12/11 02:31:49 tgl Exp $
33
*
44
* pgbench: a simple benchmark program for PostgreSQL
55
* written by Tatsuo Ishii
@@ -94,7 +94,6 @@ char *pgport = "";
9494
char*pgoptions=NULL;
9595
char*pgtty=NULL;
9696
char*login=NULL;
97-
char*pwd=NULL;
9897
char*dbName;
9998

10099
/* variable definitions */
@@ -188,8 +187,8 @@ static char *select_only = {
188187
staticvoid
189188
usage(void)
190189
{
191-
fprintf(stderr,"usage: pgbench [-h hostname][-p port][-c nclients][-t ntransactions][-s scaling_factor][-D varname=value][-n][-C][-v][-S][-N][-f filename][-l][-U login][-P password][-d][dbname]\n");
192-
fprintf(stderr,"(initialize mode): pgbench -i [-h hostname][-p port][-s scaling_factor] [-F fillfactor] [-U login][-P password][-d][dbname]\n");
190+
fprintf(stderr,"usage: pgbench [-h hostname][-p port][-c nclients][-t ntransactions][-s scaling_factor][-D varname=value][-n][-C][-v][-S][-N][-f filename][-l][-U login][-d][dbname]\n");
191+
fprintf(stderr,"(initialize mode): pgbench -i [-h hostname][-p port][-s scaling_factor] [-F fillfactor] [-U login][-d][dbname]\n");
193192
}
194193

195194
/* random number generator */
@@ -218,32 +217,50 @@ executeStatement(PGconn *con, const char *sql)
218217
staticPGconn*
219218
doConnect(void)
220219
{
221-
PGconn*con;
220+
PGconn*conn;
221+
staticchar*password=NULL;
222+
boolnew_pass;
222223

223-
con=PQsetdbLogin(pghost,pgport,pgoptions,pgtty,dbName,
224-
login,pwd);
225-
if (con==NULL)
224+
/*
225+
* Start the connection. Loop until we have a password if requested by
226+
* backend.
227+
*/
228+
do
226229
{
227-
fprintf(stderr,"Connection to database '%s' failed.\n",dbName);
228-
fprintf(stderr,"Memory allocatin problem?\n");
229-
return (NULL);
230-
}
230+
new_pass= false;
231231

232-
if (PQstatus(con)==CONNECTION_BAD)
233-
{
234-
fprintf(stderr,"Connection to database '%s' failed.\n",dbName);
232+
conn=PQsetdbLogin(pghost,pgport,pgoptions,pgtty,dbName,
233+
login,password);
234+
if (!conn)
235+
{
236+
fprintf(stderr,"Connection to database \"%s\" failed\n",
237+
dbName);
238+
returnNULL;
239+
}
235240

236-
if (PQerrorMessage(con))
237-
fprintf(stderr,"%s",PQerrorMessage(con));
238-
else
239-
fprintf(stderr,"No explanation from the backend\n");
241+
if (PQstatus(conn)==CONNECTION_BAD&&
242+
PQconnectionNeedsPassword(conn)&&
243+
password==NULL&&
244+
!feof(stdin))
245+
{
246+
PQfinish(conn);
247+
password=simple_prompt("Password: ",100, false);
248+
new_pass= true;
249+
}
250+
}while (new_pass);
240251

241-
return (NULL);
252+
/* check to see that the backend connection was successfully made */
253+
if (PQstatus(conn)==CONNECTION_BAD)
254+
{
255+
fprintf(stderr,"Connection to database \"%s\" failed:\n%s",
256+
dbName,PQerrorMessage(conn));
257+
PQfinish(conn);
258+
returnNULL;
242259
}
243260

244-
executeStatement(con,"SET search_path = public");
261+
executeStatement(conn,"SET search_path = public");
245262

246-
return(con);
263+
returnconn;
247264
}
248265

249266
/* throw away response from backend */
@@ -1258,7 +1275,7 @@ main(int argc, char **argv)
12581275

12591276
memset(state,0,sizeof(*state));
12601277

1261-
while ((c=getopt(argc,argv,"ih:nvp:dc:t:s:U:P:CNSlf:D:F:"))!=-1)
1278+
while ((c=getopt(argc,argv,"ih:nvp:dc:t:s:U:CNSlf:D:F:"))!=-1)
12621279
{
12631280
switch (c)
12641281
{
@@ -1333,9 +1350,6 @@ main(int argc, char **argv)
13331350
case'U':
13341351
login=optarg;
13351352
break;
1336-
case'P':
1337-
pwd=optarg;
1338-
break;
13391353
case'l':
13401354
use_log= true;
13411355
break;

‎doc/src/sgml/oid2name.sgml‎

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/oid2name.sgml,v 1.3 2007/12/10 05:32:51 tgl Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/oid2name.sgml,v 1.4 2007/12/11 02:31:49 tgl Exp $ -->
22

33
<sect1 id="oid2name">
44
<title>oid2name</title>
@@ -110,12 +110,6 @@
110110
<entry><literal>-U</literal> <replaceable>username</></entry>
111111
<entry>username to connect as</entry>
112112
</row>
113-
114-
<row>
115-
<entry><literal>-P</literal> <replaceable>password</></entry>
116-
<entry>password (deprecated &mdash; putting this on the command line
117-
is a security hazard)</entry>
118-
</row>
119113
</tbody>
120114
</tgroup>
121115
</table>

‎doc/src/sgml/pgbench.sgml‎

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/pgbench.sgml,v 1.4 2007/12/10 05:32:51 tgl Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/pgbench.sgml,v 1.5 2007/12/11 02:31:49 tgl Exp $ -->
22

33
<sect1 id="pgbench">
44
<title>pgbench</title>
@@ -282,11 +282,6 @@ pgbench <optional> <replaceable>options</> </optional> <replaceable>dbname</>
282282
<entry><literal>-U</literal> <replaceable>login</></entry>
283283
<entry>username to connect as</entry>
284284
</row>
285-
<row>
286-
<entry><literal>-P</literal> <replaceable>password</></entry>
287-
<entry>password (deprecated &mdash; putting this on the command line
288-
is a security hazard)</entry>
289-
</row>
290285
</tbody>
291286
</tgroup>
292287
</table>

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp