[pgpool-general: 1539] Re: [pgPool-II 3.2.3] MD5 authentication and username longer than 32 characters.
Tatsuo Ishii
ishii at postgresql.org
Thu Mar 28 22:52:15 JST 2013
> Hello.
>
>> I think there's a problem with the user name length in pool_passwd.c:
>>
>> char name[32];
>>
>> Included is a patch trying to fix the problme. Can you please try it out?
>>
>> Instead of just changing above to 32, I create new define
>> MAX_USER_NAME_LEN (=128) in md5.h since both md5.c and pool_passwd.c
>> needs to agree with the user length limit.
>> --
>> Tatsuo Ishii
>> SRA OSS, Inc. Japan
>> English: http://www.sraoss.co.jp/index_en.php
>> Japanese: http://www.sraoss.co.jp
>
> I tried your patch but since I'm getting a strange behaviour.
Oops. I found one more place which has hard-coded constant. Included
is the modified patch (this is not a incremnetal patch against
previous patch. So you need to apply to the original source again).
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp
-------------- next part --------------
diff --git a/md5.h b/md5.h
index 2bd2353..2f3bc48 100644
--- a/md5.h
+++ b/md5.h
@@ -19,6 +19,7 @@
#ifndef MD5_H
#define MD5_H
+#define MAX_USER_NAME_LEN 128
#define MD5_PASSWD_LEN 32
extern int pool_md5_hash(const void *buff, size_t len, char *hexsum);
diff --git a/pg_md5.c b/pg_md5.c
index 0e3c3a5..c996bda 100644
--- a/pg_md5.c
+++ b/pg_md5.c
@@ -41,7 +41,7 @@
#include <libgen.h>
/* Maximum number of characters allowed for input. */
-#define MAX_INPUT_SIZE 128
+#define MAX_INPUT_SIZE MAX_USER_NAME_LEN
static void print_usage(const char prog[], int exit_code);
static void set_tio_attr(int enable);
diff --git a/pool_passwd.c b/pool_passwd.c
index dcbccb3..588eff2 100644
--- a/pool_passwd.c
+++ b/pool_passwd.c
@@ -6,7 +6,7 @@
* pgpool: a language independent connection pool server for PostgreSQL
* written by Tatsuo Ishii
*
- * Copyright (c) 2003-2010 PgPool Global Development Group
+ * Copyright (c) 2003-2013 PgPool Global Development Group
*
* Permission to use, copy, modify, and distribute this software and
* its documentation for any purpose and without fee is hereby
@@ -27,6 +27,7 @@
#include "pool.h"
#include "pool_passwd.h"
+#include "md5.h"
static FILE *passwd_fd = NULL; /* File descriptor for pool_passwd */
static char saved_passwd_filename[POOLMAXPATHLEN+1];
@@ -72,7 +73,7 @@ int pool_create_passwdent(char *username, char *passwd)
{
int len;
int c;
- char name[32];
+ char name[MAX_USER_NAME_LEN];
char *p;
int readlen;
@@ -129,6 +130,8 @@ int pool_create_passwdent(char *username, char *passwd)
}
}
+ fseek(passwd_fd, 0, SEEK_END);
+
/*
* Not found the user name.
* Create a new entry.
@@ -155,7 +158,7 @@ int pool_create_passwdent(char *username, char *passwd)
char *pool_get_passwd(char *username)
{
int c;
- char name[33];
+ char name[MAX_USER_NAME_LEN+1];
static char passwd[POOL_PASSWD_LEN+1];
char *p;
int readlen;
More information about the pgpool-general
mailing list