[pgpool-hackers: 4071] Re: Proposal: add validations of wd_lifecheck_password and recovery_password format.

KAWAMOTO Masaya kawamoto at sraoss.co.jp
Fri Dec 10 09:52:50 JST 2021 

Sorry, I typo.

On Fri, 10 Dec 2021 09:47:56 +0900
KAWAMOTO Masaya <kawamoto ¡÷ sraoss.co.jp> wrote:

> Hi,
> 
> I have confirmed that this patch works on a stable branch except V3_7.
I have confirmed that this patch works on each stable branches except V3_7.

> I'm thinking of committing this patch to V4_3, V4_2, V4_1, V4_0. 
> This is because pgpool allows the AES encryption format to be set for
> recovery_password and wd_lifecheck_password from V4_0, and up to V3_7
> they could only be set directly in pgpool.conf in plain text format.
> 
> I think V3_7 users are not confused without this fix. 
> 
> Best regards.
> 
> On Mon, 06 Dec 2021 17:24:54 +0900 (JST)
> Tatsuo Ishii <ishii ¡÷ sraoss.co.jp> wrote:
> 
> > Hi,
> > 
> > Any progress on this?
> > 
> > > Thank you for your proposal.
> > > 
> > >> Hi,
> > >> 
> > >> wd_lifecheck_password and recovery_password are not allowed to be md5 hashed format
> > >> but pgppol dont check their password format.
> > >> 
> > >> I think this proposal will help users to know why pcp_recovery_node fails and authentication
> > >> failure appears in pgpool log.
> > >> 
> > >> What do you think?
> > > 
> > > I think the proposal is good and should be applied to the all
> > > supported branches.
> > > 
> > > Some suggestions to the patch.
> > > 
> > > 1.
> > > +	if(chceck_password_type_is_not_md5(pool_config->recovery_user, pool_config->recovery_password) == -1)
> > > 
> > > You need a space between "if" and "(".
> > > 
> > > 2.
> > > Accoring to the PostgreSQL message guide, problably this:
> > > 
> > > +				(errmsg("the password of recovery_user %s is invalid format",
> > > +						pool_config->recovery_user),
> > > +				errdetail("recovery_password is not allowed to be md5 hashed format")));
> > > 
> > > would be better if descrbed:
> > > 
> > > +				(errmsg("invalid password format for recovery_user: %s",
> > > +						pool_config->recovery_user),
> > > +				errdetail("md5 hashed password is not allowed here")));
> > > 
> > > Best regards,
> > > --
> > > Tatsuo Ishii
> > > SRA OSS, Inc. Japan
> > > English: http://www.sraoss.co.jp/index_en.php
> > > Japanese:http://www.sraoss.co.jp
> > > _______________________________________________
> > > pgpool-hackers mailing list
> > > pgpool-hackers ¡÷ pgpool.net
> > > http://www.pgpool.net/mailman/listinfo/pgpool-hackers
> 
> 
> -- 
> KAWAMOTO Masaya <kawamoto ¡÷ sraoss.co.jp>
> SRA OSS, Inc. Japan
> _______________________________________________
> pgpool-hackers mailing list
> pgpool-hackers ¡÷ pgpool.net
> http://www.pgpool.net/mailman/listinfo/pgpool-hackers


-- 
KAWAMOTO Masaya <kawamoto ¡÷ sraoss.co.jp>
SRA OSS, Inc. Japan

More information about the pgpool-hackers mailing list