Re: pgpool-II 3.0 + postgres 9rc1 + md5 authentication not working

Tatsuo Ishii <ishii@xxxxxxxxxxxx> · Mon, 20 Sep 2010 13:31:35 +0900 (JST)

Sorry for delay. I had a trip outside Japan.

> Thanks, I should have thought to try that location. :)
> 
> I put the pool_passwd file in the expected location (custom build,
> /opt/postgres/etc/pool_passwd and /etc/pool_passwd) and reran my test.  I'm
> still having the same connection problem.

I found nasty bug with pgpool. Please try attached patches.

> I think it would be good to add an additional command line parameter to
> pgpool to allow overriding the location of that file (the same way the
> location of pcp.conf, pgpool.conf, and pgpool_hba.conf can be overriden).

Thanks for the suggestion. I'm thinking about to include your idea in
the next major pgpool version up.
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp
Index: pool_auth.c
===================================================================
RCS file: /cvsroot/pgpool/pgpool-II/pool_auth.c,v
retrieving revision 1.25
diff -c -r1.25 pool_auth.c
*** pool_auth.c	17 Aug 2010 02:22:17 -0000	1.25
--- pool_auth.c	20 Sep 2010 04:27:36 -0000
***************
*** 5,11 ****
   * pgpool: a language independent connection pool server for PostgreSQL
   * written by Tatsuo Ishii
   *
!  * Copyright (c) 2003-2009	PgPool Global Development Group
   *
   * Permission to use, copy, modify, and distribute this software and
   * its documentation for any purpose and without fee is hereby
--- 5,11 ----
   * pgpool: a language independent connection pool server for PostgreSQL
   * written by Tatsuo Ishii
   *
!  * Copyright (c) 2003-2010	PgPool Global Development Group
   *
   * Permission to use, copy, modify, and distribute this software and
   * its documentation for any purpose and without fee is hereby
***************
*** 131,136 ****
--- 131,138 ----

  	authkind = ntohl(authkind);

+ 	pool_debug("pool_do_auth: auth kind:%d", authkind);
+ 
  	/* trust? */
  	if (authkind == 0)
  	{
***************
*** 833,838 ****
--- 835,848 ----

  	if (!RAW_MODE && NUM_BACKENDS > 1)
  	{
+ 		/* Read password entry from pool_passwd */
+ 		pool_passwd = pool_get_passwd(frontend->username);
+ 		if (!pool_passwd)
+ 		{
+ 			pool_debug("do_md5: %s does not exist in pool_passwd", frontend->username);
+ 			return -1;
+ 		}
+ 
  		/* master? */
  		if (IS_MASTER_NODE_ID(backend->db_node_id))
  		{
***************
*** 852,864 ****
  			}

  			/* Check the password using my salt + pool_passwd */
- 			pool_passwd = pool_get_passwd(frontend->username);
- 			if (!pool_passwd)
- 			{
- 				pool_debug("do_md5: %s does not exist in pool_passwd", frontend->username);
- 				return -1;
- 			}
- 
  			pg_md5_encrypt(pool_passwd+strlen("md5"), salt, sizeof(salt), encbuf);
  			if (strcmp(password, encbuf))
  			{
--- 862,867 ----
-- 
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general