Warning about invalid .pgpass passwords
| От | Bruce Momjian |
|---|---|
| Тема | Warning about invalid .pgpass passwords |
| Дата | |
| Msg-id | 201003100252.o2A2qdJ03357@momjian.us обсуждение исходный текст |
| Ответы |
Re: Warning about invalid .pgpass passwords
(Fujii Masao <masao.fujii@gmail.com>)
Re: Warning about invalid .pgpass passwords (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
Bruce Momjian wrote:
> Tom Lane wrote:
> > Alvaro Herrera <alvherre@commandprompt.com> writes:
> > > It had to do with me having a bogus password in .pgpass (so psql was
> > > first trying empty password, then the one in .pgpass, and both failing).
> > > Pilot error. However, I'd say that we ought to give a notice if the
> > > password in .pgpass fails.
> >
> > Can we do something like
> > ERROR: password authentication failed (using password from .pgpass)
> > ie, just tack on a comment to the error message?
>
> I looked into that but found it difficult to implement because only
> libpq knows about pgpass, while the message is printed by psql.
I just got confused for +10 minutes by an incorrect .pgpass password, so
I found new interest in improving this reported behavior. ;-)
The attached patch reports the fact that .pgpass was used if the libpq
connection fails:
$ psql -h localhost test
psql: FATAL: password authentication failed for user "postgres"
(password retrieved from .pgpass)
I am not sure if I like the parentheses or not. Ideally I would report
this only for password failures but that information is not passed back
from the server except as an error string.
I am thinking this could be in 9.0.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
PG East: http://www.enterprisedb.com/community/nav-pg-east-2010.do
Index: src/interfaces/libpq/fe-connect.c
===================================================================
RCS file: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v
retrieving revision 1.389
diff -c -c -r1.389 fe-connect.c
*** src/interfaces/libpq/fe-connect.c 3 Mar 2010 20:31:09 -0000 1.389
--- src/interfaces/libpq/fe-connect.c 10 Mar 2010 02:37:20 -0000
***************
*** 652,657 ****
--- 652,659 ----
conn->dbName, conn->pguser);
if (conn->pgpass == NULL)
conn->pgpass = strdup(DefaultPassword);
+ else
+ conn->used_dot_pgpass = true;
}
/*
***************
*** 1144,1149 ****
--- 1146,1161 ----
default:
/* Just in case we failed to set it in PQconnectPoll */
conn->status = CONNECTION_BAD;
+
+ /*
+ * If the connection failed, we should mention that
+ * we got the password from .pgpass in case that
+ * password is wrong.
+ */
+ if (conn->used_dot_pgpass && conn->password_needed)
+ appendPQExpBufferStr(&conn->errorMessage,
+ libpq_gettext("(password retrieved from .pgpass)\n"));
+
return 0;
}
***************
*** 2191,2196 ****
--- 2203,2209 ----
conn->verbosity = PQERRORS_DEFAULT;
conn->sock = -1;
conn->password_needed = false;
+ conn->used_dot_pgpass = false;
#ifdef USE_SSL
conn->allow_ssl_try = true;
conn->wait_ssl_try = false;
Index: src/interfaces/libpq/libpq-int.h
===================================================================
RCS file: /cvsroot/pgsql/src/interfaces/libpq/libpq-int.h,v
retrieving revision 1.149
diff -c -c -r1.149 libpq-int.h
*** src/interfaces/libpq/libpq-int.h 26 Feb 2010 02:01:33 -0000 1.149
--- src/interfaces/libpq/libpq-int.h 10 Mar 2010 02:37:20 -0000
***************
*** 343,348 ****
--- 343,349 ----
ProtocolVersion pversion; /* FE/BE protocol version in use */
int sversion; /* server version, e.g. 70401 for 7.4.1 */
bool password_needed; /* true if server demanded a password */
+ bool used_dot_pgpass; /* true if used .pgpass */
bool sigpipe_so; /* have we masked SIGPIPE via SO_NOSIGPIPE? */
bool sigpipe_flag; /* can we mask SIGPIPE via MSG_NOSIGNAL? */
В списке pgsql-hackers по дате отправления:
Предыдущее
От: Takahiro ItagakiДата:
Сообщение: Re: lock mode for ControlFileLock which pg_start_backup uses