Обсуждение: [HACKERS] .pgpass's behavior has changed
Hello. I noticed that the precedence between host and hostaddr in a connection string is reversed in regard to .pgpass lookup in devel. For example the following connection string uses a .pgpass entry with "127.0.0.1", not "hoge". "host=hoge hostaddr=127.0.0.1 port=5432 dbname=postgres" This change was introdueced by the commit 274bb2b3857cc987cfa21d14775cae9b0dababa5 and the current behavior contradicts the documentation. https://www.postgresql.org/docs/devel/static/libpq-connect.html > hostaddr > ... > Note that authentication is likely to fail if host is not the > name of the server at network address hostaddr. Also, note that > host rather than hostaddr is used to identify the connection in > a password file (see Section 33.15, “The Password File”). I think this should be fixed for the same reason with the following commit. > commit 11003eb55658df0caf183eef69c7a97d56a4f2d7 > Author: Robert Haas <rhaas@postgresql.org> > Date: Thu Dec 1 14:36:39 2016 -0500 > > libpq: Fix inadvertent change in PQhost() behavior. But the above also leaves a bug so I sent another patch to fix it. The attched patch restores the 9.6's beavior of looking up .pgpass file in the same manner to the aother patch. regards, -- Kyotaro Horiguchi NTT Open Source Software Center *** a/src/interfaces/libpq/fe-connect.c --- b/src/interfaces/libpq/fe-connect.c *************** *** 978,986 **** connectOptions2(PGconn *conn) for (i = 0; i < conn->nconnhost; i++) { ! /* Try to get a password for this host from pgpassfile */ conn->connhost[i].password = ! passwordFromFile(conn->connhost[i].host, conn->connhost[i].port, conn->dbName, conn->pguser, --- 978,995 ---- for (i = 0; i < conn->nconnhost; i++) { ! /* ! * Try to get a password for this host from pgpassfile. We use host ! * name rather than host address in the same manner to PQhost(). ! */ ! char *pwhost = conn->connhost[i].host; ! ! if (conn->connhost[i].type == CHT_HOST_ADDRESS && ! conn->pghost != NULL && conn->pghost[0] != '\0') ! pwhost = conn->pghost; ! conn->connhost[i].password = ! passwordFromFile(pwhost, conn->connhost[i].port, conn->dbName, conn->pguser,
On Fri, Apr 28, 2017 at 4:54 PM, Kyotaro HORIGUCHI <horiguchi.kyotaro@lab.ntt.co.jp> wrote: > I noticed that the precedence between host and hostaddr in a > connection string is reversed in regard to .pgpass lookup in > devel. > > For example the following connection string uses a .pgpass entry > with "127.0.0.1", not "hoge". > > "host=hoge hostaddr=127.0.0.1 port=5432 dbname=postgres" > > > This change was introdueced by the commit > 274bb2b3857cc987cfa21d14775cae9b0dababa5 and the current behavior > contradicts the documentation. > > https://www.postgresql.org/docs/devel/static/libpq-connect.html > >> hostaddr >> ... >> Note that authentication is likely to fail if host is not the >> name of the server at network address hostaddr. Also, note that >> host rather than hostaddr is used to identify the connection in >> a password file (see Section 33.15, “The Password File”). > > I think this should be fixed for the same reason with the > following commit. I am planning to look at your patch more closely, but thinking how painful it is going to be to check your patch, I think that it would be a good idea to have a TAP test for pgpass in src/test/authentication/ to be sure that this never breaks again in the future. We cannot test all combinations as servers only listen to unix domains but surely we can get some coverage with libpq. -- Michael
On Fri, Apr 28, 2017 at 04:54:32PM +0900, Kyotaro HORIGUCHI wrote: > I noticed that the precedence between host and hostaddr in a > connection string is reversed in regard to .pgpass lookup in > devel. > > For example the following connection string uses a .pgpass entry > with "127.0.0.1", not "hoge". > > "host=hoge hostaddr=127.0.0.1 port=5432 dbname=postgres" > > > This change was introdueced by the commit > 274bb2b3857cc987cfa21d14775cae9b0dababa5 and the current behavior > contradicts the documentation. > > https://www.postgresql.org/docs/devel/static/libpq-connect.html > > > hostaddr > > ... > > Note that authentication is likely to fail if host is not the > > name of the server at network address hostaddr. Also, note that > > host rather than hostaddr is used to identify the connection in > > a password file (see Section 33.15, “The Password File”). > > I think this should be fixed for the same reason with the > following commit. > > > commit 11003eb55658df0caf183eef69c7a97d56a4f2d7 > > Author: Robert Haas <rhaas@postgresql.org> > > Date: Thu Dec 1 14:36:39 2016 -0500 > > > > libpq: Fix inadvertent change in PQhost() behavior. > > But the above also leaves a bug so I sent another patch to fix > it. The attched patch restores the 9.6's beavior of looking up > .pgpass file in the same manner to the aother patch. [Action required within three days. This is a generic notification.] The above-described topic is currently a PostgreSQL 10 open item. Robert, since you committed the patch believed to have created it, you own this open item. If some other commit is more relevant or if this does not belong as a v10 open item, please let us know. Otherwise, please observe the policy on open item ownership[1] and send a status update within three calendar days of this message. Include a date for your subsequent status update. Testers may discover new open items at any time, and I want to plan to get them all fixed well in advance of shipping v10. Consequently, I will appreciate your efforts toward speedy resolution. Thanks. [1] https://www.postgresql.org/message-id/20170404140717.GA2675809%40tornado.leadboat.com
On Fri, Apr 28, 2017 at 3:54 AM, Kyotaro HORIGUCHI <horiguchi.kyotaro@lab.ntt.co.jp> wrote: > But the above also leaves a bug so I sent another patch to fix > it. The attched patch restores the 9.6's beavior of looking up > .pgpass file in the same manner to the aother patch. Thanks for catching this. Committed. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
At Mon, 1 May 2017 11:34:41 -0400, Robert Haas <robertmhaas@gmail.com> wrote in <CA+TgmoZngqbwA_kwgt6yE9ufW53QvbGDQH=ETwxgiCt-sZZpSg@mail.gmail.com> > On Fri, Apr 28, 2017 at 3:54 AM, Kyotaro HORIGUCHI > <horiguchi.kyotaro@lab.ntt.co.jp> wrote: > > But the above also leaves a bug so I sent another patch to fix > > it. The attched patch restores the 9.6's beavior of looking up > > .pgpass file in the same manner to the aother patch. > > Thanks for catching this. Committed. Thanks! -- Kyotaro Horiguchi NTT Open Source Software Center