Skip to content

Commit 7efa0a0

Browse files
DimCitusDimCitus
authored
Refrain from using PGPASSWORD for pg_basebackup connection. (#768)
Clean-up PGPASSWORD environment variable after pg_basebackup/pg_rewind.
1 parent 8754aab commit 7efa0a0

1 file changed

Lines changed: 44 additions & 0 deletions

File tree

src/bin/pg_autoctl/pgctl.c

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1268,6 +1268,7 @@ pg_basebackup(const char *pgdata,
12681268
int argsIndex = 0;
12691269

12701270
char command[BUFSIZE];
1271+
char pgpassword[BUFSIZE] = { 0 };
12711272

12721273
log_debug("mkdir -p \"%s\"", replicationSource->backupDir);
12731274
if (!ensure_empty_dir(replicationSource->backupDir, 0700))
@@ -1289,6 +1290,14 @@ pg_basebackup(const char *pgdata,
12891290

12901291
if (!IS_EMPTY_STRING_BUFFER(replicationSource->password))
12911292
{
1293+
if (env_exists("PGPASSWORD"))
1294+
{
1295+
if (!get_env_copy("PGPASSWORD", pgpassword, sizeof(pgpassword)))
1296+
{
1297+
/* errors have already been logged. */
1298+
return false;
1299+
}
1300+
}
12921301
setenv("PGPASSWORD", replicationSource->password, 1);
12931302
}
12941303
setenv("PGAPPNAME", replicationSource->applicationName, 1);
@@ -1356,6 +1365,19 @@ pg_basebackup(const char *pgdata,
13561365

13571366
(void) execute_subprogram(&program);
13581367

1368+
/* clean-up the environment again */
1369+
if (!IS_EMPTY_STRING_BUFFER(replicationSource->password))
1370+
{
1371+
if (IS_EMPTY_STRING_BUFFER(pgpassword))
1372+
{
1373+
unsetenv("PGPASSWORD");
1374+
}
1375+
else
1376+
{
1377+
setenv("PGPASSWORD", pgpassword, 1);
1378+
}
1379+
}
1380+
13591381
returnCode = program.returnCode;
13601382
free_program(&program);
13611383

@@ -1409,6 +1431,7 @@ pg_rewind(const char *pgdata,
14091431
int argsIndex = 0;
14101432

14111433
char command[BUFSIZE];
1434+
char pgpassword[BUFSIZE] = { 0 };
14121435

14131436
/* call pg_rewind*/
14141437
path_in_same_directory(pg_ctl, "pg_rewind", pg_rewind);
@@ -1417,6 +1440,14 @@ pg_rewind(const char *pgdata,
14171440

14181441
if (!IS_EMPTY_STRING_BUFFER(replicationSource->password))
14191442
{
1443+
if (env_exists("PGPASSWORD"))
1444+
{
1445+
if (!get_env_copy("PGPASSWORD", pgpassword, sizeof(pgpassword)))
1446+
{
1447+
/* errors have already been logged. */
1448+
return false;
1449+
}
1450+
}
14201451
setenv("PGPASSWORD", replicationSource->password, 1);
14211452
}
14221453

@@ -1468,6 +1499,19 @@ pg_rewind(const char *pgdata,
14681499

14691500
(void) execute_subprogram(&program);
14701501

1502+
/* clean-up the environment again */
1503+
if (!IS_EMPTY_STRING_BUFFER(replicationSource->password))
1504+
{
1505+
if (IS_EMPTY_STRING_BUFFER(pgpassword))
1506+
{
1507+
unsetenv("PGPASSWORD");
1508+
}
1509+
else
1510+
{
1511+
setenv("PGPASSWORD", pgpassword, 1);
1512+
}
1513+
}
1514+
14711515
returnCode = program.returnCode;
14721516
free_program(&program);
14731517

0 commit comments

Comments
 (0)