Re: pg_basebackup with -R option and start standby have problems with escaped password

2013-01-29 11:15 keltezéssel, Magnus Hagander írta:
> On Thu, Jan 24, 2013 at 7:04 AM, Hari Babu <haribabu(dot)kommi(at)huawei(dot)com> wrote:
>> On Wed, Jan 23, 2013 11:48 PM, Magnus Hagander wrote:
>>> On Wed, Jan 23, 2013 at 10:18 AM, Hari Babu <haribabu(dot)kommi(at)huawei(dot)com>
>> wrote:
>>>> Test scenario to reproduce:
>>>> 1. Start the server
>>>> 2. create the user as follows
>>>> ./psql postgres -c "create user user1 superuser login
>>>> password 'use''1'"
>>>>
>>>> 3. Take the backup with -R option as follows.
>>>> ./pg_basebackup -D ../../data1 -R -U user1 -W
>>>>
>>>> The following errors are occurring when the new standby on the backup
>>>> database starts.
>>>>
>>>> FATAL: could not connect to the primary server: missing "=" after "1'"
>> in
>>>> connection info string
>>> What does the resulting recovery.conf file look like?
>> The recovery.conf which is generated is as follows
>>
>> standby_mode = 'on'
>> primary_conninfo = 'user=''user1'' password=''use''1'' port=''5432'' '
>>
>>
>> I observed the problem is while reading primary_conninfo from the
>> recovery.conf file
>> the function "GUC_scanstr" removes the quotes of the string and also makes
>> the
>> continuos double quote('') as single quote(').
>>
>> By using the same connection string while connecting to primary server the
>> function "conninfo_parse" the escape quotes are not able to parse properly
>> and it is leading
>> to problem.
>>
>> please correct me if any thing wrong in my observation.
> Well, it's clearly broken at least :O
>
> Zoltan, do you have time to look at it? I won't have time until at
> least after FOSDEM, unfortunately.

I looked at it shortly. What I tried first is adding another pair of single
quotes manually like this:

primary_conninfo = 'user=''user1'' password=''use''''1'' host=''192.168.1.2''
port=''5432'' sslmode=''disable'' sslcompression=''1'' '

But it doesn't solve the problem either, I got:

FATAL: could not connect to the primary server: missing "=" after "'1'" in connection
info string

This worked though:

primary_conninfo = 'user=user1 password=use\'1 host=192.168.1.2 port=5432 sslmode=disable
sslcompression=1 '

When I added an elog() to print the conninfo string in libpqrcv_connect(),
I saw that the double quotes were properly eliminated by ParseConfigFp()
in the first case.

So, there is a bug in generating recovery.conf by not double-escaping
the values and another bug in parsing the connection string in libpq
when the parameter value starts with a single-quote character.

Attached are two patches to fix these two bugs, the libpq part can
be back-patched.

Best regards,
Zoltán Böszörményi

--
----------------------------------
Zoltán Böszörményi
Cybertec Schönig & Schönig GmbH
Gröhrmühlgasse 26
A-2700 Wiener Neustadt, Austria
Web: http://www.postgresql-support.de
http://www.postgresql.at/