[HACKERS] .pgpass's behavior has changed

Fri, 28 Apr 2017 00:56:08 -0700 

Hello.

I noticed that the precedence between host and hostaddr in a
connection string is reversed in regard to .pgpass lookup in
devel.

For example the following connection string uses a .pgpass entry
with "127.0.0.1", not "hoge".

"host=hoge hostaddr=127.0.0.1 port=5432 dbname=postgres"


This change was introdueced by the commit
274bb2b3857cc987cfa21d14775cae9b0dababa5 and the current behavior
contradicts the documentation.

https://www.postgresql.org/docs/devel/static/libpq-connect.html

> hostaddr
> ...
>   Note that authentication is likely to fail if host is not the
>   name of the server at network address hostaddr. Also, note that
>   host rather than hostaddr is used to identify the connection in
>   a password file (see Section 33.15, “The Password File”).

I think this should be fixed for the same reason with the
following commit.

> commit 11003eb55658df0caf183eef69c7a97d56a4f2d7
> Author: Robert Haas <rh...@postgresql.org>
> Date:   Thu Dec 1 14:36:39 2016 -0500
> 
>     libpq: Fix inadvertent change in PQhost() behavior.

But the above also leaves a bug so I sent another patch to fix
it. The attched patch restores the 9.6's beavior of looking up
.pgpass file in the same manner to the aother patch.

regards,

-- 
Kyotaro Horiguchi
NTT Open Source Software Center

*** a/src/interfaces/libpq/fe-connect.c
--- b/src/interfaces/libpq/fe-connect.c
***************
*** 978,986 **** connectOptions2(PGconn *conn)
  
  		for (i = 0; i < conn->nconnhost; i++)
  		{
! 			/* Try to get a password for this host from pgpassfile */
  			conn->connhost[i].password =
! 				passwordFromFile(conn->connhost[i].host,
  								 conn->connhost[i].port,
  								 conn->dbName,
  								 conn->pguser,
--- 978,995 ----
  
  		for (i = 0; i < conn->nconnhost; i++)
  		{
! 			/*
! 			 * Try to get a password for this host from pgpassfile. We use host
! 			 * name rather than host address in the same manner to PQhost().
! 			 */
! 			char *pwhost = conn->connhost[i].host;
! 
! 			if (conn->connhost[i].type == CHT_HOST_ADDRESS &&
! 				conn->pghost != NULL && conn->pghost[0] != '\0')
! 				pwhost = conn->pghost;
! 
  			conn->connhost[i].password =
! 				passwordFromFile(pwhost,
  								 conn->connhost[i].port,
  								 conn->dbName,
  								 conn->pguser,

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to