I have applied this patch, but restructured it to better work in our
code. Patch attached. I also added documentation.
Another new addition is that we now will check to see that the password
file is a regular file and not a symlink or something. This was part of
your patch for PGPASSFILE but I extended it to ~/.pgpass too.
---------------------------------------------------------------------------
Andrew Dunstan wrote:
>
> Here's a patch that I think (hope) does this right, by using the file
> pointed to by the environment var PGPASSFILE, if set, in preference to
> $HOME/.pgpass. I assume that at this stage it would be held over for 8.1
> as a new feature - if not I'll put together some docco in a hurry.
>
> cheers
>
> andrew
>
>
>
> Andrew Dunstan wrote:
>
> >
> >
> > Tom Lane wrote:
> >
> >> Andrew Dunstan <[EMAIL PROTECTED]> writes:
> >>
> >>
> >>> How about an environment variable that points to a .pgpass type file.
> >>>
> >>
> >>
> >> You can do that today: point $HOME at some temp directory or other.
> >> AFAIR pg_dump doesn't make any other use of $HOME ...
> >>
> >>
> >>
> >>> Or we could even play games with PGPASSWORD - if it names an
> >>> existing file that satisfies the .pgpass criteria then it will be
> >>> taken as the location of the .pgpass file instead of $HOME/.pgpass -
> >>> otherwise its value will be considered to be the password itself.
> >>>
> >>
> >>
> >> Gaack... if you want a separate variable, we can talk about that, but
> >> let's not overload PGPASSWORD like that. Consider even just the
> >> implications of whether libpq error messages should echo back the
> >> "filename" ...
> >>
> >>
> >>
> >>
> >
> > Yeah. as usual you're right :-)
> >
> > So let's go woth PGPASSFILE
> >
> > cheers
> >
> > andrew
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
> >
>
> ---------------------------(end of broadcast)---------------------------
> TIP 7: don't forget to increase your free space map settings
--
Bruce Momjian | http://candle.pha.pa.us
[email protected] | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
Index: doc/src/sgml/libpq.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/libpq.sgml,v
retrieving revision 1.182
diff -c -c -r1.182 libpq.sgml
*** doc/src/sgml/libpq.sgml 4 Jun 2005 20:42:41 -0000 1.182
--- doc/src/sgml/libpq.sgml 10 Jun 2005 02:55:48 -0000
***************
*** 3713,3718 ****
--- 3713,3729 ----
<listitem>
<para>
<indexterm>
+ <primary><envar>PGPASSFILE</envar></primary>
+ </indexterm>
+ <envar>PGPASSFILE</envar>
+ specifies the name of the password file to use for lookups.
+ If not set, it defaults to <filename>~/.pgpass</>
+ (see <xref linkend="libpq-pgpass">).
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <indexterm>
<primary><envar>PGSERVICE</envar></primary>
</indexterm>
<envar>PGSERVICE</envar>
***************
*** 3902,3913 ****
</indexterm>
<para>
! The file <filename>.pgpass</filename> in a user's home directory is a file
! that can contain passwords to be used if the connection requires a
! password (and no password has been specified otherwise).
! On Microsoft Windows the file is named
! <filename>%APPDATA%\postgresql\pgpass.conf</> (where <filename>%APPDATA%</>
! refers to the Application Data subdirectory in the user's profile).
</para>
<para>
--- 3913,3925 ----
</indexterm>
<para>
! The file <filename>.pgpass</filename> in a user's home directory or the
! file referenced by <envar>PGPASSFILE</envar> can contain passwords to
! be used if the connection requires a password (and no password has been
! specified otherwise). On Microsoft Windows the file is named
! <filename>%APPDATA%\postgresql\pgpass.conf</> (where
! <filename>%APPDATA%</> refers to the Application Data subdirectory in
! the user's profile).
</para>
<para>
Index: src/interfaces/libpq/fe-connect.c
===================================================================
RCS file: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v
retrieving revision 1.307
diff -c -c -r1.307 fe-connect.c
*** src/interfaces/libpq/fe-connect.c 4 Jun 2005 20:42:43 -0000 1.307
--- src/interfaces/libpq/fe-connect.c 10 Jun 2005 02:55:52 -0000
***************
*** 3217,3225 ****
PasswordFromFile(char *hostname, char *port, char *dbname, char *username)
{
FILE *fp;
- char homedir[MAXPGPATH];
char pgpassfile[MAXPGPATH];
struct stat stat_buf;
#define LINELEN NAMEDATALEN*5
char buf[LINELEN];
--- 3217,3225 ----
PasswordFromFile(char *hostname, char *port, char *dbname, char *username)
{
FILE *fp;
char pgpassfile[MAXPGPATH];
struct stat stat_buf;
+ char *passfile_env;
#define LINELEN NAMEDATALEN*5
char buf[LINELEN];
***************
*** 3236,3250 ****
if (port == NULL)
port = DEF_PGPORT_STR;
! if (!pqGetHomeDirectory(homedir, sizeof(homedir)))
! return NULL;
! snprintf(pgpassfile, sizeof(pgpassfile), "%s/%s", homedir, PGPASSFILE);
/* If password file cannot be opened, ignore it. */
if (stat(pgpassfile, &stat_buf) == -1)
return NULL;
#ifndef WIN32
/* If password file is insecure, alert the user and ignore it. */
if (stat_buf.st_mode & (S_IRWXG | S_IRWXO))
--- 3236,3273 ----
if (port == NULL)
port = DEF_PGPORT_STR;
! if ((passfile_env = getenv("PGPASSFILE")) != NULL)
! {
! /* use the literal path from the environment, if set */
! StrNCpy(pgpassfile, passfile_env, MAXPGPATH);
! if (!pgpassfile)
! {
! fprintf(stderr, libpq_gettext("out of memory\n"));
! return NULL;
! }
! }
! else
! {
! char homedir[MAXPGPATH];
! if (!pqGetHomeDirectory(homedir, sizeof(homedir)))
! return NULL;
! snprintf(pgpassfile, sizeof(pgpassfile), "%s/%s", homedir,
PGPASSFILE);
! }
/* If password file cannot be opened, ignore it. */
if (stat(pgpassfile, &stat_buf) == -1)
return NULL;
+ if (!S_ISREG(stat_buf.st_mode))
+ {
+ fprintf(stderr,
+ libpq_gettext("WARNING: Password file %s is not
a plain file.\n"),
+ pgpassfile);
+ free(pgpassfile);
+ return NULL;
+ }
+
#ifndef WIN32
/* If password file is insecure, alert the user and ignore it. */
if (stat_buf.st_mode & (S_IRWXG | S_IRWXO))
---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend
