Bug 1020671 - connect() method should forward password down to libpq correctly
connect() method should forward password down to libpq correctly
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: python-psycopg2 (Show other bugs)
6.6
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Pavel Raiskup
qe-baseos-daemons
:
Depends On:
Blocks: 1070830 1159820 811234
  Show dependency treegraph
 
Reported: 2013-10-18 03:15 EDT by Pavel Raiskup
Modified: 2016-07-25 04:09 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-07-25 04:09:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed downstream fix. (2.45 KB, patch)
2013-10-22 04:15 EDT, Pavel Raiskup
no flags Details | Diff
Proposed downstream fix. (2.36 KB, patch)
2013-10-22 04:18 EDT, Pavel Raiskup
no flags Details | Diff
Proposed downstream fix. (2.40 KB, patch)
2013-10-22 04:40 EDT, Pavel Raiskup
no flags Details | Diff
exporting PSYCOPG2_RHEL_CONNECT_FIXUP=0 will opt-out this fix (3.51 KB, patch)
2013-10-22 07:40 EDT, Pavel Raiskup
no flags Details | Diff

  None (edit)
Description Pavel Raiskup 2013-10-18 03:15:21 EDT
Currently, if using "connect(user='user', password='PASS :')", psycopg2 module
is not able to parse 'password' parameter correctly.  Spaces and colons cause
problems and to fix that - these symbols should be properly escaped (or whole
password should be wrapped by ' symbol).

Initially created based on discussion in bug #968532.
Comment 2 Pavel Raiskup 2013-10-22 04:15:20 EDT
Created attachment 814886 [details]
Proposed downstream fix.

In the time 2.0.14 was released, the 'connect()' method was not wrapped by
python function — it was direct 'C' plugin call.  So the upstream patch
(commit 625cc1b402b33) is not usable at all for RHEL6.

Proposed patch escapes single quote characters inside parameter value of
connect() method and wraps each parameter value by single quotes.  This patch
does not make sense to send (or consult with) upstream as they are too far
from 2.0.14.
Comment 4 Pavel Raiskup 2013-10-22 04:18:48 EDT
Created attachment 814888 [details]
Proposed downstream fix.

I have uploaded bad (upstream) fix, now it is correct.
Comment 6 Pavel Raiskup 2013-10-22 04:40:17 EDT
Created attachment 814904 [details]
Proposed downstream fix.

Escape also backslashes.
Comment 12 Pavel Raiskup 2013-10-22 07:40:36 EDT
Created attachment 814946 [details]
exporting PSYCOPG2_RHEL_CONNECT_FIXUP=0 will opt-out this fix
Comment 17 Mike McCune 2016-03-28 19:21:47 EDT
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions

Note You need to log in before you can comment on or make changes to this bug.