Alon Bar-Lev has uploaded a new change for review. Change subject: packaging: setup: database: support ':' within password ......................................................................
packaging: setup: database: support ':' within password at least in rhel postgresql 8.4 the pgpassfile is not read according to documentation, the password is read as plain, postgresql 9 seems to respect the documentation. this behavior is handled by client side postgresql libraries, the simplest way to detect what library we use is to query psql utility version. [1] http://www.postgresql.org/docs/8.4/static/libpq-pgpass.html Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1064428 Change-Id: I866680c853c1e1978d55828ff4efd710a1003f9a Signed-off-by: Alon Bar-Lev <[email protected]> --- M packaging/bin/engine-backup.sh M packaging/setup/plugins/ovirt-engine-common/db/pgpass.py M packaging/setup/plugins/ovirt-engine-setup/legacy/database.py 3 files changed, 84 insertions(+), 6 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/60/24460/1 diff --git a/packaging/bin/engine-backup.sh b/packaging/bin/engine-backup.sh index 4aea0ad..401986d 100755 --- a/packaging/bin/engine-backup.sh +++ b/packaging/bin/engine-backup.sh @@ -412,11 +412,26 @@ } generatePgPass() { + local password="${ENGINE_DB_PASSWORD}" MYPGPASS="${TEMP_FOLDER}/.pgpass" + touch "${MYPGPASS}" || logdie "Can't touch ${MYPGPASS}" chmod 0600 "${MYPGPASS}" || logdie "Can't chmod ${MYPGPASS}" + + # + # we need client side psql library + # version as at least in rhel for 8.4 + # the password within pgpassfile is + # not escaped. + # the simplest way is to checkout psql + # utility version. + # + if ! psql -V | grep -q ' 8\.'; then + password="$(echo "${password}" | sed -e 's/\\/\\\\/g' -e 's/:/\\:/g')" + fi + cat > "${MYPGPASS}" << __EOF__ -${ENGINE_DB_HOST}:${ENGINE_DB_PORT}:${ENGINE_DB_DATABASE}:${ENGINE_DB_USER}:${ENGINE_DB_PASSWORD} +${ENGINE_DB_HOST}:${ENGINE_DB_PORT}:${ENGINE_DB_DATABASE}:${ENGINE_DB_USER}:${password} __EOF__ } diff --git a/packaging/setup/plugins/ovirt-engine-common/db/pgpass.py b/packaging/setup/plugins/ovirt-engine-common/db/pgpass.py index 5ae517c..af9184c 100644 --- a/packaging/setup/plugins/ovirt-engine-common/db/pgpass.py +++ b/packaging/setup/plugins/ovirt-engine-common/db/pgpass.py @@ -36,10 +36,29 @@ @util.export class Plugin(plugin.PluginBase): """DB pgpass plugin.""" + def __init__(self, context): super(Plugin, self).__init__(context=context) + self._plainPassword = None def _createTempPgPass(self): + # + # we need client side psql library + # version as at least in rhel for 8.4 + # the password within pgpassfile is + # not escaped. + # the simplest way is to checkout psql + # utility version. + # + if self._plainPassword is None: + rc, stdout, stderr = self.execute( + args=( + self.command.get('psql'), + '-V', + ), + ) + self._plainPassword = ' 8.' in stdout[0] + pgpass = None if self.environment[ osetupcons.DBEnv.PGPASS_FILE @@ -69,9 +88,13 @@ port=self.environment[osetupcons.DBEnv.PORT], database=self.environment[osetupcons.DBEnv.DATABASE], user=self.environment[osetupcons.DBEnv.USER], - password=osetuputil.escape( - self.environment[osetupcons.DBEnv.PASSWORD], - ':\\', + password=( + self.environment[osetupcons.DBEnv.PASSWORD] + if self._plainPassword + else osetuputil.escape( + self.environment[osetupcons.DBEnv.PASSWORD], + ':\\', + ) ), ), ) diff --git a/packaging/setup/plugins/ovirt-engine-setup/legacy/database.py b/packaging/setup/plugins/ovirt-engine-setup/legacy/database.py index 734c344..307b40f 100644 --- a/packaging/setup/plugins/ovirt-engine-setup/legacy/database.py +++ b/packaging/setup/plugins/ovirt-engine-setup/legacy/database.py @@ -63,13 +63,53 @@ ]) legacy_user = config.get('ENGINE_DB_USER') self.logger.debug('legacy ENGINE_DB_USER: %s' % legacy_user) + + # + # we need client side psql library + # version as at least in rhel for 8.4 + # the password within pgpassfile is + # not escaped. + # the simplest way is to checkout psql + # utility version. + # + # we are at too early stage to use commands + # so we hardcode path in this case. + # + psql = self.command.get('psql', optional=True) + if not psql: + psql = '/usr/bin/psql' + rc, stdout, stderr = self.execute( + args=( + psql, + '-V', + ), + ) + plainPassword = ' 8.' in stdout[0] with open( osetupcons.FileLocations.LEGACY_PSQL_PASS_FILE, 'r', ) as f: for l in f: - l = l.rstrip('\n') - d = l.split(':') + if plainPassword: + d = l.rstrip('\n').split(':', 4) + else: + if l and l[-1] != '\n': + l += '\n' + d = [] + escape = False + s = '' + for c in l: + if escape: + escape = False + s += c + else: + if c == ':' or c == '\n': + d.append(s) + s = '' + elif c == '\\': + escape = True + else: + s += c if len(d) == 5 and d[3] == legacy_user: self._dbenv = { osetupcons.DBEnv.HOST: d[0], -- To view, visit http://gerrit.ovirt.org/24460 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I866680c853c1e1978d55828ff4efd710a1003f9a Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.3 Gerrit-Owner: Alon Bar-Lev <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
