[pgpool-general: 1527] Re: [pgPool-II 3.2.3] MD5 authentication and username longer than 32 characters.

Tatsuo Ishii ishii at postgresql.org
Wed Mar 27 23:56:15 JST 2013 

> Hello everyone.
> 
> I compiled pgPool-II 3.2.3 and try to use md5 authentication on pgpool
> and postgresql.
> Everything is working fine expect for users with more than 32
> characters in their name.
> 
> 
> Example with pgpool in replication mode and two postgresql nodes.
> 
> 1) Pgpool and postgresql are configured to use md5 for everything (all
> users, all hosts).
> 
> 
> 2) I created a user with a name of 32 characters
> (abcdefghijklmnopqrstuvwxyzabcdef) and another one with 33 characters
> (abcdefghijklmnopqrstuvwxyzabcdefg):
> 
> a) Both postgresqls configuration:
> postgres=# SELECT * FROM pg_authid WHERE
> rolname='abcdefghijklmnopqrstuvwxyzabcdef' OR
> rolname='abcdefghijklmnopqrstuvwxyzabcdefg';              rolname
>         | rolsuper | rolinherit | rolcreaterole | rolcreatedb |
> rolcatupdate | rolcanlogin | rolconnlimit |             rolpassword
>          | rolvaliduntil
> -----------------------------------+----------+------------+---------------+-------------+--------------+-------------+--------------+-------------------------------------+---------------
>  abcdefghijklmnopqrstuvwxyzabcdef  | f        | t          | f
>     | f           | f            | t           |           -1 |
> md575fa91abcca51c07330b0a9559670646 |
>  abcdefghijklmnopqrstuvwxyzabcdefg | f        | t          | f
>     | f           | f            | t           |           -1 |
> md5f753edf600600a57fd8423a2b32f92b9 |
> 
> b) pool_passwd for pgPool is like this:
> # grep abcdefghijklmnopqrstuvwxyzabcdef pool_passwd
> abcdefghijklmnopqrstuvwxyzabcdefmd575fa91abcca51c07330b0a9559670646
> abcdefghijklmnopqrstuvwxyzabcdefg:md5f753edf600600a57fd8423a2b32f92b9
> 
> 
> 3) pgpass is correctly configured:
> # grep abcdefghijklmnopqrstuvwxyzabcdef .pgpass
> *:5432:*:abcdefghijklmnopqrstuvwxyzabcdef:testtest
> *:5432:*:abcdefghijklmnopqrstuvwxyzabcdefg:testtest
> 
> 
> 4) I can connect directly to both postgresqls with both users:
> # psql -h postgresql1 db -U abcdefghijklmnopqrstuvwxyzabcdef -c
> "SELECT 1;" ; psql -h postgresql2 db -U
> abcdefghijklmnopqrstuvwxyzabcdef -c "SELECT 1;"
>  ?column?
> ----------
>         1
> (1 row)
> 
>  ?column?
> ----------
>         1
> (1 row)
> # psql -h postgresql1 db -U abcdefghijklmnopqrstuvwxyzabcdefg -c
> "SELECT 1;" ; psql -h postgresql2 db -U
> abcdefghijklmnopqrstuvwxyzabcdefg -c "SELECT 1;"
>  ?column?
> ----------
>         1
> (1 row)
> 
>  ?column?
> ----------
>         1
> 
> 
> 5) But the pgpool's authentication is only working for the 32 characters user:
> # psql -h pgpool db -U abcdefghijklmnopqrstuvwxyzabcdef -c "SELECT 1;"
>  ?column?
> ----------
>         1
> (1 row)
> # psql -h pgpool db -U abcdefghijklmnopqrstuvwxyzabcdefg -c "SELECT 1;"
> psql: ERROR:  "MD5" authentication with pgpool failed for user
> "abcdefghijklmnopqrstuvwxyzabcdefg"
> 
> 
> 6) Finally if I try to change the password of the 33 characters
> username with pg_md5 the entry is duplicated instead of overwrited:
> # grep abcdefghijklmnopqrstuvwxyzabcdefg /etc/itf-pgpool2/pool_passwd
> abcdefghijklmnopqrstuvwxyzabcdefg:md5f753edf600600a57fd8423a2b32f92b9
> # pg_md5 -p -m -u abcdefghijklmnopqrstuvwxyzabcdefg
> password:
> # grep abcdefghijklmnopqrstuvwxyzabcdefg /etc/itf-pgpool2/pool_passwd
> abcdefghijklmnopqrstuvwxyzabcdefg:md5f753edf600600a57fd8423a2b32f92b9
> abcdefghijklmnopqrstuvwxyzabcdefg:md570cf6675cfa0b963085cd7aa75d302f9
> 
> 
> 
> Does anyone experienced an issue like this?
> I double-checked everything and I'm pretty sure there is no mistake in
> my configuration.
> 
> I take a short look to the source code (unfortunately I'm not really
> friend with C) and it seems that the supposed limitation is 128.
> 
> Thanks for reading me until this ;)

I think there's a problem with the user name length in pool_passwd.c:

	char name[32];

Included is a patch trying to fix the problme. Can you please try it out?

Instead of just changing above to 32, I create new define
MAX_USER_NAME_LEN (=128) in md5.h since both md5.c and pool_passwd.c
needs to agree with the user length limit.
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pool_passwd.patch
Type: text/x-patch
Size: 1498 bytes
Desc: not available
URL: <http://www.sraoss.jp/pipermail/pgpool-general/attachments/20130327/4e3e5a98/attachment.bin>

More information about the pgpool-general mailing list