From: Dan McGuirk <mcguirk@indirect.com>

Subject: [HACKERS] password authentication This patch adds support for plaintext password authentication. To use it, you add a line like host all 0.0.0.0 0.0.0.0 password pg_pwd.conf to your pg_hba.conf, where 'pg_pwd.conf' is the name of a file containing the usernames and password hashes in the format of the first two fields of a Unix /etc/passwd file. (Of course, you can use a specific database name or IP instead.) Then, to connect with a password through libpq, you use the PQconnectdb() function, specifying the "password=" tag in the connect string and also adding the tag "authtype=password". I also added a command-line switch '-u' to psql that tells it to prompt for a username and password and use password authentication.
2025-06-27 23:21:58 +03:00 · 1997-03-12 21:23:16 +00:00
parent 5dde558ce6
commit 3a7c93e7f3
13 changed files with 345 additions and 85 deletions
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@ -7,7 +7,7 @@
 *
 *
 * IDENTIFICATION
- *    $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.23 1997/02/13 08:32:08 scrappy Exp $
+ *    $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.24 1997/03/12 21:23:09 scrappy Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -28,6 +28,7 @@
 #include "postgres.h"
 #include "libpq/pqcomm.h" /* for decls of MsgType, PacketBuf, StartupInfo */
 #include "fe-auth.h"
+#include "fe-connect.h"
 #include "libpq-fe.h"

 #ifndef HAVE_STRDUP
@ -38,8 +39,6 @@
 /* use a local version instead of the one found in pqpacket.c */
 static ConnStatusType connectDB(PGconn *conn);

-static int packetSend(Port *port, PacketBuf *buf, PacketLen len,
-		      bool nonBlocking);
 static void startup2PacketBuf(StartupInfo* s, PacketBuf* res);
 static void freePGconn(PGconn *conn);
 static void closePGconn(PGconn *conn);
@ -73,9 +72,15 @@ static PQconninfoOption PQconninfoOptions[] = {
 /*    Option-name	Environment-Var	Compiled-in	Current value	*/
 /*			Label				Disp-Char	*/
 /*    ----------------- --------------- --------------- --------------- */
+    { "authtype",       "PGAUTHTYPE",   NULL,           NULL,
+                        "Database-Authtype",            "", 20  },
+
    { "user",		"PGUSER",	NULL,		NULL,
    			"Database-User",		"", 20	},

+    { "password",       "PGPASSWORD",   NULL,           NULL,
+                        "Database-Password",            "", 20  },
+
    { "dbname",		"PGDATABASE",	NULL,		NULL,
    			"Database-Name",		"", 20	},

@ -187,6 +192,8 @@ PQconnectdb(const char *conninfo)
    conn->pgtty     = strdup(conninfo_getval("tty"));
    conn->pgoptions = strdup(conninfo_getval("options"));
    conn->pguser    = strdup(conninfo_getval("user"));
+    conn->pgpass    = strdup(conninfo_getval("password"));
+    conn->pgauth    = strdup(conninfo_getval("authtype"));
    conn->dbName    = strdup(conninfo_getval("dbname"));

    /* ----------
@ -195,6 +202,13 @@ PQconnectdb(const char *conninfo)
     */
    conninfo_free();

+    /*
+     * try to set the auth service if one was specified
+     */
+    if(conn->pgauth) {
+      fe_setauthsvc(conn->pgauth, conn->errorMessage);
+    }
+
    /* ----------
     * Connect to the database
     * ----------
@ -260,6 +274,8 @@ PQconndefaults(void)
 *
 *    PGUSER       Postgres username to associate with the connection.
 *
+ *    PGPASSWORD   The user's password.
+ *
 *    PGDATABASE   name of database to which to connect if <pgdatabase> 
 *                 argument is NULL or a null string
 *
@ -336,6 +352,12 @@ PQsetdb(const char *pghost, const char* pgport, const char* pgoptions, const cha
      }
    }

+    if((tmp = getenv("PGPASSWORD"))) {
+      conn->pgpass = strdup(tmp);
+    } else {
+      conn->pgpass = 0;
+    }
+
    if (!error) {
      if (((tmp = (char *)dbName) && (dbName[0] != '\0')) ||
          ((tmp = getenv("PGDATABASE")))) {
@ -467,6 +489,7 @@ connectDB(PGconn *conn)

    /* authenticate as required*/
    if (fe_sendauth(msgtype, port, conn->pghost, 
+		    conn->pguser, conn->pgpass,
 		    conn->errorMessage) != STATUS_OK) {
      (void) sprintf(conn->errorMessage,
 	     "connectDB() --  authentication failed with %s\n",
@ -474,6 +497,11 @@ connectDB(PGconn *conn)
      goto connect_errReturn;	
    }
    
+    /* free the password so it's not hanging out in memory forever */
+    if(conn->pgpass) {
+      free(conn->pgpass);
+    }
+    
    /* set up the socket file descriptors */
    conn->Pfout = fdopen(port->sock, "w");
    conn->Pfin = fdopen(dup(port->sock), "r");
@ -595,7 +623,7 @@ PQreset(PGconn *conn)
 *	buffer management.  For now, we're not going to do it.
 *
 */
-static int
+int
 packetSend(Port *port,
 	   PacketBuf *buf,
 	   PacketLen len,