fix password handling in safeURI (#522)

* remove PGPASSWORD environment processing from pgsql.c instead use `pgsql->connectionString` containing the password and adjust related function comments and removed unused PASSWORD_MASK * fix mismatched safe{Source,Target}PGURI.password references
dimitri · Nov 2, 2023 · 44d6fdf · 44d6fdf
1 parent f80ee85
commit 44d6fdf
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 17 deletions.
diff --git a/src/bin/pgcopydb/defaults.h b/src/bin/pgcopydb/defaults.h
@@ -58,9 +58,6 @@
 
 #define POSTGRES_PORT 5432
 
-/* masqurade  passwords with that value in logs */
-#define PASSWORD_MASK "****"
-
 /* default replication slot and origin for logical replication */
 #define REPLICATION_ORIGIN "pgcopydb"
 #define REPLICATION_PLUGIN "test_decoding"

diff --git a/src/bin/pgcopydb/parsing_utils.c b/src/bin/pgcopydb/parsing_utils.c
@@ -936,9 +936,9 @@ escapeWithPercentEncoding(const char *str, char **dst)
 
 
 /*
- * uri_contains_password takes a Postgres connection string and checks to see
- * if it contains a parameter called password. Returns true if a password
- * keyword is present in the connection string.
+ * uri_grab_password takes a Postgres connection string and checks to see
+ * if it contains a parameter called password and if so stores a copy of it
+ * in safeURI->password.
  */
 static bool
 uri_grab_password(const char *pguri, SafeURI *safeURI)
@@ -984,8 +984,8 @@ uri_grab_password(const char *pguri, SafeURI *safeURI)
 
 /*
  * parse_and_scrub_connection_string takes a Postgres connection string and
- * populates scrubbedPguri with the password replaced with **** for logging.
- * The scrubbedPguri parameter should point to a memory area that has been
+ * populates safeURI without the password for logging purposes.
+ * The safeURI parameter should point to a memory area that has been
  * allocated by the caller and has at least MAXCONNINFO bytes.
  */
 bool

diff --git a/src/bin/pgcopydb/pgcmd.c b/src/bin/pgcopydb/pgcmd.c
@@ -793,7 +793,7 @@ pg_restore_db(PostgresPaths *pgPaths,
 	setenv("PGCONNECT_TIMEOUT", POSTGRES_CONNECT_TIMEOUT, 1);
 
 	/* override PGPASSWORD environment variable if the pguri contains one */
-	if (connStrings->safeSourcePGURI.password != NULL)
+	if (connStrings->safeTargetPGURI.password != NULL)
 	{
 		if (pgpassword_found_in_env && !get_env_dup("PGPASSWORD", &PGPASSWORD))
 		{
@@ -892,7 +892,7 @@ pg_restore_db(PostgresPaths *pgPaths,
 
 	/* make sure to reset the environment PGPASSWORD if we edited it */
 	if (pgpassword_found_in_env &&
-		connStrings->safeSourcePGURI.password != NULL)
+		connStrings->safeTargetPGURI.password != NULL)
 	{
 		setenv("PGPASSWORD", PGPASSWORD, 1);
 	}

diff --git a/src/bin/pgcopydb/pgsql.c b/src/bin/pgcopydb/pgsql.c
@@ -516,12 +516,6 @@ pgsql_open_connection(PGSQL *pgsql)
 		setenv("PGAPPNAME", PGCOPYDB_PGAPPNAME, 1);
 	}
 
-	/* use the parsed password, unless the environment already is set */
-	if (!env_exists("PGPASSWORD") && pgsql->safeURI.password != NULL)
-	{
-		setenv("PGPASSWORD", pgsql->safeURI.password, 1);
-	}
-
 	/* we implement our own retry strategy */
 	setenv("PGCONNECT_TIMEOUT", POSTGRES_CONNECT_TIMEOUT, 1);
 
@@ -530,7 +524,7 @@ pgsql_open_connection(PGSQL *pgsql)
 	INSTR_TIME_SET_ZERO(pgsql->retryPolicy.connectTime);
 
 	/* Make a connection to the database */
-	pgsql->connection = PQconnectdb(pgsql->safeURI.pguri);
+	pgsql->connection = PQconnectdb(pgsql->connectionString);
 
 	/* Check to see that the backend connection was successfully made */
 	if (PQstatus(pgsql->connection) != CONNECTION_OK)