[pgpool-hackers: 3578] Re: [PATCH] Feature: Add support for an user/password input file to pg_md5
Tatsuo Ishii
ishii at sraoss.co.jp
Fri Apr 10 20:38:12 JST 2020
> Thanks Bo Peng.
>
> Ishii-san,
> Can you please move following to DONE in TODO wiki.
> *https://pgpool.net/mediawiki/index.php/TODO#Add_support_for_an_user/password_input_file_to_pg_md5
> <https://pgpool.net/mediawiki/index.php/TODO#Add_support_for_an_user/password_input_file_to_pg_md5>*
>
> Thanks
> Umar Hayat
Done. Thank you!
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
> On Tue, Apr 7, 2020 at 7:53 AM Bo Peng <pengbo at sraoss.co.jp> wrote:
>
>> Thank you.
>>
>> Patch is committed.
>>
>> https://git.postgresql.org/gitweb/?p=pgpool2.git;a=commit;h=68d66a66f55099d7ef2fdf0e7fb48ba6577e98c3
>>
>> On Mon, 30 Mar 2020 17:14:12 +0500
>> Umar Hayat <m.umarkiani at gmail.com> wrote:
>>
>> > Hi Usama,
>> > Any feedback ?
>> >
>> > On Thu, Mar 19, 2020 at 7:07 AM Bo Peng <pengbo at sraoss.co.jp> wrote:
>> >
>> > > Hello,
>> > >
>> > > On Wed, 18 Mar 2020 11:51:05 +0500
>> > > Umar Hayat <m.umarkiani at gmail.com> wrote:
>> > >
>> > > > Hi,
>> > > > Please updated patch based on feedback from Tatsu Ishii on pg_enc
>> patch.
>> > >
>> > > I tested your patch and it works fine.
>> > >
>> > > Usama,
>> > >
>> > > If you don't have any feedback, I am going to update
>> > > the patch based on Ishii-san's feedback and commit it.
>> > >
>> > > > Regards
>> > > > Umar Hayat
>> > > >
>> > > > On Tue, Mar 10, 2020 at 3:39 PM Umar Hayat <m.umarkiani at gmail.com>
>> > > wrote:
>> > > >
>> > > > > Any further updated needed for this patch from my end?
>> > > > >
>> > > > > Regards
>> > > > > Umar Hayat
>> > > > >
>> > > > > On Thu, Mar 5, 2020 at 1:45 AM Umar Hayat <m.umarkiani at gmail.com>
>> > > wrote:
>> > > > >
>> > > > >> Hi Usama,
>> > > > >> Thanks for feedback, updated patch is attached.
>> > > > >> Please see comments inline.
>> > > > >>
>> > > > >> Regards
>> > > > >> Umar Hayat
>> > > > >>
>> > > > >>
>> > > > >> On Wed, Mar 4, 2020 at 8:05 PM Muhammad Usama <m.usama at gmail.com>
>> > > wrote:
>> > > > >>
>> > > > >>> Hi Umar,
>> > > > >>>
>> > > > >>> Here are some of the comments on your patch on top of Peng's
>> > > comments.
>> > > > >>>
>> > > > >>> 1- The patch breaks the -f short option, by removing the :
>> (colon)
>> > > after
>> > > > >>> f from the optstring argument to getopt_long function
>> > > > >>>
>> > > > >>> i.e
>> > > > >>> while ((opt = getopt_long(argc, argv, "hpmfi:u:", long_options,
>> > > > >>> &optindex)) != -1)
>> > > > >>> should be
>> > > > >>> while ((opt = getopt_long(argc, argv, "hpmf:i:u:", long_options,
>> > > > >>> &optindex)) != -1)
>> > > > >>>
>> > > > >> Fixed.
>> > > > >>
>> > > > >>> 2- The input file has no option to specify escape characters. For
>> > > > >>> example, there is no way to specify a user name or password
>> > > > >>> in the input file that contains : (colon)
>> > > > >>>
>> > > > >> It does handle colon in password as it consider only left most
>> colon
>> > > as
>> > > > >> separator. For example for pair like 'user:pass:word', user name
>> will
>> > > be
>> > > > >> 'user' and password will be 'pass:word'
>> > > > >> I am not sure user name with colon is valid scenario? If its
>> true, we
>> > > can
>> > > > >> add a note otherwise IMO there could be ton of negative scenarios.
>> > > > >>
>> > > > >>> 3- Specifying the input file disregards the "-m" "--md5auth"
>> option
>> > > > >>>
>> > > > >>> Fixed. That was purposefully disregarded previously as mention
>> > > > >> in mentisbt-422, input-file mode as only for md5auth.
>> > > > >> Now It honour -m flag and in absence of this it will print md5
>> value
>> > > > >> stdout.
>> > > > >>
>> > > > >>> 4- The patch is not considering the length of username and
>> password
>> > > > >>> buffers while copying into them
>> > > > >>>
>> > > > >>>
>> > > > >>> + strncpy(username, buf, pch-buf);
>> > > > >>> + strncpy(password, pch+1, strlen(pch+1));
>> > > > >>>
>> > > > >>>
>> > > > >>> The len (3rd) argument of strncpy is intended to guard against
>> the
>> > > > >>> buffer overflow of the destination string.
>> > > > >>>
>> > > > >>> Fixed.
>> > > > >>
>> > > > >>> Thanks
>> > > > >>> Best regards
>> > > > >>> Muhammad Usama
>> > > > >>>
>> > > > >>>
>> > > > >>> On Wed, Mar 4, 2020 at 11:03 AM Umar Hayat <
>> m.umarkiani at gmail.com>
>> > > > >>> wrote:
>> > > > >>>
>> > > > >>>> Hi Bo Peng,
>> > > > >>>> Please find updated patch with following changes.
>> > > > >>>> 1. Trailing whitespaces warning removed
>> > > > >>>> 2. Documentation added in "doc/src/sgml/ref/pg_md5.sgml" with
>> > > options
>> > > > >>>> update and example usage.
>> > > > >>>>
>> > > > >>>> Regards,
>> > > > >>>> Umar Hayat
>> > > > >>>>
>> > > > >>>> On Wed, Mar 4, 2020 at 7:40 AM Bo Peng <pengbo at sraoss.co.jp>
>> wrote:
>> > > > >>>>
>> > > > >>>>> hello,
>> > > > >>>>>
>> > > > >>>>> On Tue, 3 Mar 2020 14:13:33 +0500
>> > > > >>>>> Umar Hayat <m.umarkiani at gmail.com> wrote:
>> > > > >>>>>
>> > > > >>>>> > Hi Bo Peng,
>> > > > >>>>> > Any feedback, If this looks ok to you? I should send the
>> same for
>> > > > >>>>> pg_enc
>> > > > >>>>> > utility.
>> > > > >>>>>
>> > > > >>>>> Sorry for late response.
>> > > > >>>>>
>> > > > >>>>> First, when I apply this patch, I found some extra trailing
>> spaces.
>> > > > >>>>>
>> > > > >>>>> -----------------
>> > > > >>>>> $ git apply pg_md5_input_file.diff
>> > > > >>>>> pg_md5_input_file.diff:85: trailing whitespace.
>> > > > >>>>> static void
>> > > > >>>>> warning: 1 line adds whitespace errors.
>> > > > >>>>> -----------------
>> > > > >>>>>
>> > > > >>>>> Could you add documentation in "doc/src/sgml/ref/pg_md5.sgml"
>> to
>> > > > >>>>> explain how to use this option?
>> > > > >>>>>
>> > > > >>>>> >
>> > > > >>>>> > Regards
>> > > > >>>>> > Umar Hayat
>> > > > >>>>> > Principal Software Engineer
>> > > > >>>>> > EnterpriseDB: https://www.enterprisedb.com
>> > > > >>>>> >
>> > > > >>>>> > On Thu, Feb 13, 2020 at 9:54 AM Bo Peng <pengbo at sraoss.co.jp
>> >
>> > > wrote:
>> > > > >>>>> >
>> > > > >>>>> > > Thank you for your patch.
>> > > > >>>>> > > I will review your patch.
>> > > > >>>>> > >
>> > > > >>>>> > > On Tue, 11 Feb 2020 16:45:50 +0500
>> > > > >>>>> > > Umar Hayat <m.umarkiani at gmail.com> wrote:
>> > > > >>>>> > >
>> > > > >>>>> > > > Hello Hackers,
>> > > > >>>>> > > >
>> > > > >>>>> > > > I saw "Add support for an user/password input file to
>> pg_md5"
>> > > > >>>>> enhancement
>> > > > >>>>> > > > in PgPool-II TODO list
>> > > > >>>>> > > > <
>> > > > >>>>> > >
>> > > > >>>>>
>> > >
>> https://pgpool.net/mediawiki/index.php/TODO#Add_support_for_an_user/password_input_file_to_pg_md5
>> > > > >>>>> > > >,
>> > > > >>>>> > > > (mentisbt-422 <
>> > > https://www.pgpool.net/mantisbt/view.php?id=422>),
>> > > > >>>>> so I
>> > > > >>>>> > > > implemented this in pg_md5 utility. Please find attached
>> > > patch
>> > > > >>>>> for
>> > > > >>>>> > > > enhancement.
>> > > > >>>>> > > >
>> > > > >>>>> > > > As suggested, a new --input-file option added in pg_md5.
>> > > Using
>> > > > >>>>> this
>> > > > >>>>> > > option,
>> > > > >>>>> > > > pg_md5 will parse the *user:password* pairs from provide
>> file
>> > > > >>>>> and will
>> > > > >>>>> > > > create *user:md5xxxxxx* value in pool_passwd file.
>> > > > >>>>> > > >
>> > > > >>>>> > > > Regards,
>> > > > >>>>> > > > Umar Hayat
>> > > > >>>>> > >
>> > > > >>>>> > >
>> > > > >>>>> > > --
>> > > > >>>>> > > Bo Peng <pengbo at sraoss.co.jp>
>> > > > >>>>> > > SRA OSS, Inc. Japan
>> > > > >>>>> > >
>> > > > >>>>>
>> > > > >>>>>
>> > > > >>>>> --
>> > > > >>>>> Bo Peng <pengbo at sraoss.co.jp>
>> > > > >>>>> SRA OSS, Inc. Japan
>> > > > >>>>>
>> > > > >>>> _______________________________________________
>> > > > >>>> pgpool-hackers mailing list
>> > > > >>>> pgpool-hackers at pgpool.net
>> > > > >>>> http://www.pgpool.net/mailman/listinfo/pgpool-hackers
>> > > > >>>>
>> > > > >>>
>> > >
>> > >
>> > > --
>> > > Bo Peng <pengbo at sraoss.co.jp>
>> > > SRA OSS, Inc. Japan
>> > >
>>
>>
>> --
>> Bo Peng <pengbo at sraoss.co.jp>
>> SRA OSS, Inc. Japan
>>
More information about the pgpool-hackers
mailing list