Skip to content

Commit

Permalink
Refrain from using PGPASSWORD for pg_basebackup connection. (#768)
Browse files Browse the repository at this point in the history 
Clean-up PGPASSWORD environment variable after pg_basebackup/pg_rewind.
  • Loading branch information
@DimCitus
DimCitus committed Aug 16, 2022
1 parent 8754aab commit 7efa0a0
Showing 1 changed file with 44 additions and 0 deletions.
44 changes: 44 additions & 0 deletions src/bin/pg_autoctl/pgctl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1268,6 +1268,7 @@ pg_basebackup(const char *pgdata,
int argsIndex = 0;

char command[BUFSIZE];
char pgpassword[BUFSIZE] = { 0 };

log_debug("mkdir -p \"%s\"", replicationSource->backupDir);
if (!ensure_empty_dir(replicationSource->backupDir, 0700))
Expand All @@ -1289,6 +1290,14 @@ pg_basebackup(const char *pgdata,

if (!IS_EMPTY_STRING_BUFFER(replicationSource->password))
{
if (env_exists("PGPASSWORD"))
{
if (!get_env_copy("PGPASSWORD", pgpassword, sizeof(pgpassword)))
{
/* errors have already been logged. */
return false;
}
}
setenv("PGPASSWORD", replicationSource->password, 1);
}
setenv("PGAPPNAME", replicationSource->applicationName, 1);
Expand Down Expand Up @@ -1356,6 +1365,19 @@ pg_basebackup(const char *pgdata,

(void) execute_subprogram(&program);

/* clean-up the environment again */
if (!IS_EMPTY_STRING_BUFFER(replicationSource->password))
{
if (IS_EMPTY_STRING_BUFFER(pgpassword))
{
unsetenv("PGPASSWORD");
}
else
{
setenv("PGPASSWORD", pgpassword, 1);
}
}

returnCode = program.returnCode;
free_program(&program);

Expand Down Expand Up @@ -1409,6 +1431,7 @@ pg_rewind(const char *pgdata,
int argsIndex = 0;

char command[BUFSIZE];
char pgpassword[BUFSIZE] = { 0 };

/* call pg_rewind*/
path_in_same_directory(pg_ctl, "pg_rewind", pg_rewind);
Expand All @@ -1417,6 +1440,14 @@ pg_rewind(const char *pgdata,

if (!IS_EMPTY_STRING_BUFFER(replicationSource->password))
{
if (env_exists("PGPASSWORD"))
{
if (!get_env_copy("PGPASSWORD", pgpassword, sizeof(pgpassword)))
{
/* errors have already been logged. */
return false;
}
}
setenv("PGPASSWORD", replicationSource->password, 1);
}

Expand Down Expand Up @@ -1468,6 +1499,19 @@ pg_rewind(const char *pgdata,

(void) execute_subprogram(&program);

/* clean-up the environment again */
if (!IS_EMPTY_STRING_BUFFER(replicationSource->password))
{
if (IS_EMPTY_STRING_BUFFER(pgpassword))
{
unsetenv("PGPASSWORD");
}
else
{
setenv("PGPASSWORD", pgpassword, 1);
}
}

returnCode = program.returnCode;
free_program(&program);

Expand Down

0 comments on commit 7efa0a0

Please sign in to comment.