With the attached patch, I have verified that long (> 8char anyway)

usernames and passwords work correctly in both "password" and
"crypt" authorization mode.  NOTE: at least on my machine, it seems
that the crypt() routines ignore the part of the password beyond
8 characters, so there's no security gain from longer passwords in
crypt auth mode.  But they don't fail.

The login-related part of psql has apparently not been touched
since roughly the fall of Rome ;-).  It was going through huge
pushups to get around the lack of username/login parameters to
PQsetdb.  I don't know when PQsetdbLogin was added to libpq, but
it's there now ... so I was able to rip out quite a lot of crufty
code while I was at it.

It's possible that there are still bogus length limits on username
or password in some of the other PostgreSQL user interfaces besides
psql/libpq.  I will leave it to other folks to check that code.

			regards, tom lane

diff --git a/src/bin/psql/psql.c b/src/bin/psql/psql.c
index d4bf4cdf1e02a8b73be07c317b34a958521744d1..96f8269e8e7be58cbb7ddfdffcd3abc2c9220ff1 100644 (file)
--- a/src/bin/psql/psql.c
+++ b/src/bin/psql/psql.c
@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/bin/psql/Attic/psql.c,v 1.154 1998/08/17 03:50:17 scrappy Exp $
+ *   $Header: /cvsroot/pgsql/src/bin/psql/Attic/psql.c,v 1.155 1998/08/22 04:49:05 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -132,9 +132,6 @@ static int  tableDesc(PsqlSettings *pset, char *table, FILE *fout);
 static int objectDescription(PsqlSettings *pset, char *object);
 static int rightsList(PsqlSettings *pset);
 static void prompt_for_password(char *username, char *password);
-static char *
-make_connect_string(char *host, char *port, char *dbname,
-                   char *username, char *password);
 
 static char *gets_noreadline(char *prompt, FILE *source);
 static char *gets_readline(char *prompt, FILE *source);
@@ -1402,35 +1399,28 @@ do_connect(const char *new_dbname,
    else
    {
        PGconn     *olddb = pset->db;
-       static char *userenv = NULL;
-       char       *old_userenv = NULL;
        const char *dbparam;
-
-       if (new_user != NULL)
-       {
-
-           /*
-            * PQsetdb() does not allow us to specify the user, so we have
-            * to do it via PGUSER
-            */
-           if (userenv != NULL)
-               old_userenv = userenv;
-           userenv = malloc(strlen("PGUSER=") + strlen(new_user) + 1);
-           sprintf(userenv, "PGUSER=%s", new_user);
-           /* putenv() may continue to use memory as part of environment */
-           putenv(userenv);
-           /* can delete old memory if we malloc'ed it */
-           if (old_userenv != NULL)
-               free(old_userenv);
-       }
+       const char *userparam;
+       const char *pwparam;
 
        if (strcmp(new_dbname, "-") != 0)
            dbparam = new_dbname;
        else
            dbparam = PQdb(olddb);
 
-       pset->db = PQsetdb(PQhost(olddb), PQport(olddb),
-                          NULL, NULL, dbparam);
+       if (new_user != NULL && strcmp(new_user, "-") != 0)
+           userparam = new_user;
+       else
+           userparam = PQuser(olddb);
+
+       /* libpq doesn't provide an accessor function for the password,
+        * so we cheat here.
+        */
+       pwparam = olddb->pgpass;
+
+       pset->db = PQsetdbLogin(PQhost(olddb), PQport(olddb),
+                               NULL, NULL, dbparam, userparam, pwparam);
+
        if (!pset->quiet)
        {
            if (!new_user)
@@ -2765,16 +2755,13 @@ main(int argc, char **argv)
 
    if (settings.getPassword)
    {
-       char        username[9];
-       char        password[9];
-       char       *connect_string;
+       char        username[100];
+       char        password[100];
 
        prompt_for_password(username, password);
 
-       /* now use PQconnectdb so we can pass these options */
-       connect_string = make_connect_string(host, port, dbname, username, password);
-       settings.db = PQconnectdb(connect_string);
-       free(connect_string);
+       settings.db = PQsetdbLogin(host, port, NULL, NULL, dbname,
+                                  username, password);
    }
    else
        settings.db = PQsetdb(host, port, NULL, NULL, dbname);
@@ -2784,7 +2771,7 @@ main(int argc, char **argv)
    if (PQstatus(settings.db) == CONNECTION_BAD)
    {
        fprintf(stderr, "Connection to database '%s' failed.\n", dbname);
-       fprintf(stderr, "%s", PQerrorMessage(settings.db));
+       fprintf(stderr, "%s\n", PQerrorMessage(settings.db));
        PQfinish(settings.db);
        exit(1);
    }
@@ -3018,6 +3005,7 @@ setFout(PsqlSettings *pset, char *fname)
 static void
 prompt_for_password(char *username, char *password)
 {
+   char buf[512];
    int         length;
 
 #ifdef HAVE_TERMIOS_H
@@ -3027,13 +3015,11 @@ prompt_for_password(char *username, char *password)
 #endif
 
    printf("Username: ");
-   fgets(username, 9, stdin);
+   fgets(username, 100, stdin);
    length = strlen(username);
    /* skip rest of the line */
    if (length > 0 && username[length - 1] != '\n')
    {
-       static char buf[512];
-
        do
        {
            fgets(buf, 512, stdin);
@@ -3049,7 +3035,7 @@ prompt_for_password(char *username, char *password)
    t.c_lflag &= ~ECHO;
    tcsetattr(0, TCSADRAIN, &t);
 #endif
-   fgets(password, 9, stdin);
+   fgets(password, 100, stdin);
 #ifdef HAVE_TERMIOS_H
    tcsetattr(0, TCSADRAIN, &t_orig);
 #endif
@@ -3058,8 +3044,6 @@ prompt_for_password(char *username, char *password)
    /* skip rest of the line */
    if (length > 0 && password[length - 1] != '\n')
    {
-       static char buf[512];
-
        do
        {
            fgets(buf, 512, stdin);
@@ -3070,62 +3054,3 @@ prompt_for_password(char *username, char *password)
 
    printf("\n\n");
 }
-
-static char *
-make_connect_string(char *host, char *port, char *dbname,
-                   char *username, char *password)
-{
-   int         connect_string_len = 0;
-   char       *connect_string;
-
-   if (host)
-       connect_string_len += 6 + strlen(host); /* 6 == "host=" + " " */
-   if (username)
-       connect_string_len += 6 + strlen(username);     /* 6 == "user=" + " " */
-   if (password)
-       connect_string_len += 10 + strlen(password);    /* 10 == "password=" + "
-                                                        * " */
-   if (port)
-       connect_string_len += 6 + strlen(port); /* 6 == "port=" + " " */
-   if (dbname)
-       connect_string_len += 8 + strlen(dbname);       /* 8 == "dbname=" + " " */
-   connect_string_len += 18;   /* "authtype=password" + null */
-
-   connect_string = (char *) malloc(connect_string_len);
-   if (!connect_string)
-       return 0;
-   connect_string[0] = '\0';
-   if (host)
-   {
-       strcat(connect_string, "host=");
-       strcat(connect_string, host);
-       strcat(connect_string, " ");
-   }
-   if (username)
-   {
-       strcat(connect_string, "user=");
-       strcat(connect_string, username);
-       strcat(connect_string, " ");
-   }
-   if (password)
-   {
-       strcat(connect_string, "password=");
-       strcat(connect_string, password);
-       strcat(connect_string, " ");
-   }
-   if (port)
-   {
-       strcat(connect_string, "port=");
-       strcat(connect_string, port);
-       strcat(connect_string, " ");
-   }
-   if (dbname)
-   {
-       strcat(connect_string, "dbname=");
-       strcat(connect_string, dbname);
-       strcat(connect_string, " ");
-   }
-   strcat(connect_string, "authtype=password");
-
-   return connect_string;
-}