Hi,
AFAIC, pg_md5 shouldn't allow plain password parameter for security
reasons. I prepared a small patch which implements password prompt for
pg_md5 while preserving compatibility with previous versions. What do
developers think about this subject?
Regards.
Index: pg_md5.c
===================================================================
RCS file: /cvsroot/pgpool/pgpool-II/pg_md5.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 pg_md5.c
--- pg_md5.c 8 Sep 2006 03:36:03 -0000 1.1.1.1
+++ pg_md5.c 28 Feb 2008 10:45:09 -0000
@@ -1,20 +1,97 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+
#include "md5.h"
-int main(int argc, char *argv[])
+
+/* Maximum number of characters allowed for input. */
+#define MAX_INPUT_SIZE 32
+
+void print_usage(const char prog[], int exit_code);
+
+
+int
+main(int argc, char *argv[])
{
- char md5[33];
+#define PRINT_USAGE(exit_code) print_usage(argv[0], exit_code)
+#define COMPARE_ARG(arg) (!strcmp(argv[1], arg))
+
if (argc != 2)
+ PRINT_USAGE(EXIT_FAILURE);
+ else if (COMPARE_ARG("--help") || COMPARE_ARG("-h"))
+ PRINT_USAGE(EXIT_SUCCESS);
+
+ /* Prompt for password. */
+ else if (COMPARE_ARG("--prompt") || COMPARE_ARG("-p"))
+ {
+ char md5[MD5_PASSWD_LEN+1];
+ char buf[MAX_INPUT_SIZE+1];
+ int len;
+
+ if (!fgets(buf, (MAX_INPUT_SIZE+1), stdin))
+ {
+ int eno = errno;
+
+ fprintf(stderr, "Couldn't read input from stdin. (fgets(): %s)",
+ strerror(eno));
+
+ exit(EXIT_FAILURE);
+ }
+
+ /* Remove LF at the end of line, if there is any. */
+ len = strlen(buf);
+ if (len > 0 && buf[len-1] == '\n')
+ {
+ buf[len-1] = '\0';
+ len--;
+ }
+
+ pool_md5_hash(buf, len, md5);
+ printf("%s\n", md5);
+
+ }
+
+ /* Read password from argv[1]. */
+ else
{
- fprintf(stderr, "Usage: md5 _string_\n");
- exit(1);
+ char md5[MD5_PASSWD_LEN+1];
+ int len = strlen(argv[1]);
+
+ if (len > MAX_INPUT_SIZE)
+ {
+ fprintf(stderr, "Error: Input exceeds maximum password length!\n\n");
+ PRINT_USAGE(EXIT_FAILURE);
+ }
+
+ pool_md5_hash(argv[1], len, md5);
+ printf("%s\n", md5);
}
- pool_md5_hash(argv[1], strlen(argv[1]), md5);
- printf("%s\n", md5);
+ return EXIT_SUCCESS;
+}
+
+
+void
+print_usage(const char prog[], int exit_code)
+{
+ fprintf(((exit_code == EXIT_SUCCESS) ? stdout : stderr),
+ "Usage:\n\
+\n\
+ %s [OPTIONS]\n\
+ %s <PASSWORD>\n\
+\n\
+ --prompt, -p Prompt password using standard input.\n\
+ --help, -h This help menu.\n\
+\n\
+Warning: At most %d characters are allowed for input.\n\
+Warning: Plain password argument is deprecated for security concerns\n\
+ and kept for compatibility. Please prefer using password\n\
+ prompt.\n",
+ prog, prog, MAX_INPUT_SIZE);
- return 0;
+ exit(exit_code);
}
_______________________________________________
Pgpool-hackers mailing list
[email protected]
http://pgfoundry.org/mailman/listinfo/pgpool-hackers
