[pgpool-general: 1539] Re: [pgPool-II 3.2.3] MD5 authentication and username longer than 32 characters.

Tatsuo Ishii ishii at postgresql.org
Thu Mar 28 22:52:15 JST 2013 

> Hello.
> 
>> I think there's a problem with the user name length in pool_passwd.c:
>>
>>         char name[32];
>>
>> Included is a patch trying to fix the problme. Can you please try it out?
>>
>> Instead of just changing above to 32, I create new define
>> MAX_USER_NAME_LEN (=128) in md5.h since both md5.c and pool_passwd.c
>> needs to agree with the user length limit.
>> --
>> Tatsuo Ishii
>> SRA OSS, Inc. Japan
>> English: http://www.sraoss.co.jp/index_en.php
>> Japanese: http://www.sraoss.co.jp
> 
> I tried your patch but since I'm getting a strange behaviour.

Oops. I found one more place which has hard-coded constant.  Included
is the modified patch (this is not a incremnetal patch against
previous patch. So you need to apply to the original source again).
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp
-------------- next part --------------
diff --git a/md5.h b/md5.h
index 2bd2353..2f3bc48 100644
--- a/md5.h
+++ b/md5.h
@@ -19,6 +19,7 @@
 #ifndef MD5_H
 #define MD5_H
 
+#define MAX_USER_NAME_LEN 128
 #define MD5_PASSWD_LEN 32
 
 extern int pool_md5_hash(const void *buff, size_t len, char *hexsum);
diff --git a/pg_md5.c b/pg_md5.c
index 0e3c3a5..c996bda 100644
--- a/pg_md5.c
+++ b/pg_md5.c
@@ -41,7 +41,7 @@
 #include <libgen.h>
 
 /* Maximum number of characters allowed for input. */
-#define MAX_INPUT_SIZE	128
+#define MAX_INPUT_SIZE	MAX_USER_NAME_LEN
 
 static void	print_usage(const char prog[], int exit_code);
 static void	set_tio_attr(int enable);
diff --git a/pool_passwd.c b/pool_passwd.c
index dcbccb3..588eff2 100644
--- a/pool_passwd.c
+++ b/pool_passwd.c
@@ -6,7 +6,7 @@
  * pgpool: a language independent connection pool server for PostgreSQL 
  * written by Tatsuo Ishii
  *
- * Copyright (c) 2003-2010	PgPool Global Development Group
+ * Copyright (c) 2003-2013	PgPool Global Development Group
  *
  * Permission to use, copy, modify, and distribute this software and
  * its documentation for any purpose and without fee is hereby
@@ -27,6 +27,7 @@
 
 #include "pool.h"
 #include "pool_passwd.h"
+#include "md5.h"
 
 static FILE *passwd_fd = NULL;	/* File descriptor for pool_passwd */
 static char saved_passwd_filename[POOLMAXPATHLEN+1];
@@ -72,7 +73,7 @@ int pool_create_passwdent(char *username, char *passwd)
 {
 	int len;
 	int c;
-	char name[32];
+	char name[MAX_USER_NAME_LEN];
 	char *p;
 	int readlen;
 
@@ -129,6 +130,8 @@ int pool_create_passwdent(char *username, char *passwd)
 		}
 	}
 
+	fseek(passwd_fd, 0, SEEK_END);
+
 	/*
 	 * Not found the user name.
 	 * Create a new entry.
@@ -155,7 +158,7 @@ int pool_create_passwdent(char *username, char *passwd)
 char *pool_get_passwd(char *username)
 {
 	int c;
-	char name[33];
+	char name[MAX_USER_NAME_LEN+1];
 	static char passwd[POOL_PASSWD_LEN+1];
 	char *p;
 	int readlen;

More information about the pgpool-general mailing list