<!--
-$Header: /cvsroot/pgsql/doc/src/sgml/libpq.sgml,v 1.106 2003/01/19 00:13:28 momjian Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/libpq.sgml,v 1.107 2003/01/30 19:49:54 tgl Exp $
-->
<chapter id="libpq">
<term><literal>requiressl</literal></term>
<listitem>
<para>
- Set to 1 to require SSL connection to the backend. <application>Libpq</>
- will then refuse to connect if the server does not support
- SSL. Set to 0 (default) to negotiate with server.
+ Set to 1 to require <acronym>SSL</acronym> connection to the server.
+ <application>Libpq</> will then refuse to connect if the server does not
+ accept an <acronym>SSL</acronym> connection.
+ Set to 0 (default) to negotiate with server.
+ This option is only available if
+ <productname>PostgreSQL</> is compiled with SSL support.
</para>
</listitem>
</varlistentry>
<para>
The following environment variables can be used to select default
-connection parameter values, which will be used by <function>PQconnectdb</function> or
-<function>PQsetdbLogin</function> if no value is directly specified by the calling code.
-These are useful to avoid hard-coding database names into simple
-application programs.
+connection parameter values, which will be used by
+<function>PQconnectdb</>, <function>PQsetdbLogin</> and
+<function>PQsetdb</> if no value is directly specified by the calling
+code. These are useful to avoid hard-coding database connection
+information into simple client applications.
<itemizedlist>
<listitem>
messages from the backend server are displayed.
</para>
</listitem>
+<listitem>
+<para>
+<envar>PGREQUIRESSL</envar> sets whether or not the connection must be
+made over <acronym>SSL</acronym>. If set to
+<quote>1</quote>, <application>libpq</>
+will refuse to connect if the server does not accept
+an <acronym>SSL</acronym> connection.
+This option is only available if
+<productname>PostgreSQL</> is compiled with SSL support.
+</para>
+</listitem>
+<listitem>
+<para>
+<envar>PGCONNECT_TIMEOUT</envar> sets the maximum number of seconds
+that <application>libpq</application> will wait when attempting to
+connect to the <productname>PostgreSQL</productname> server. This
+option should be set to at least 2 seconds.
+</para>
+</listitem>
</itemizedlist>
</para>
<synopsis>
<replaceable>hostname</replaceable>:<replaceable>port</replaceable>:<replaceable>database</replaceable>:<replaceable>username</replaceable>:<replaceable>password</replaceable>
</synopsis>
-Any of these may be a literal name, or <literal>*</literal>, which matches
-anything. The first match will be used so put more specific entries first.
-Entries with <literal>:</literal> or <literal>\</literal> should be escaped
-with <literal>\</literal>.
+Any of these may be a literal name, or <literal>*</literal>, which
+matches anything. The first matching entry will be used, so put more-specific
+entries first. When an entry contains <literal>:</literal> or
+<literal>\</literal>, it must be escaped with <literal>\</literal>.
</para>
<para>
The permissions on <filename>.pgpass</filename> must disallow any
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.221 2003/01/08 21:33:27 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.222 2003/01/30 19:49:54 tgl Exp $
*
*-------------------------------------------------------------------------
*/
"Database-Password", "*", 20},
{"connect_timeout", "PGCONNECT_TIMEOUT", NULL, NULL,
- "Connect-timeout", "", 10}, /* strlen( INT32_MAX) == 10 */
+ "Connect-timeout", "", 10}, /* strlen(INT32_MAX) == 10 */
{"dbname", "PGDATABASE", NULL, NULL,
"Database-Name", "", 20},
tmp = conninfo_getval(connOptions, "password");
conn->pgpass = tmp ? strdup(tmp) : NULL;
if (conn->pgpass == NULL || conn->pgpass[0] == '\0')
+ {
+ if (conn->pgpass)
+ free(conn->pgpass);
conn->pgpass = PasswordFromFile(conn->pghost, conn->pgport,
- conn->dbName, conn->pguser);
+ conn->dbName, conn->pguser);
+ if (conn->pgpass == NULL)
+ conn->pgpass = strdup(DefaultPassword);
+ }
tmp = conninfo_getval(connOptions, "connect_timeout");
conn->connect_timeout = tmp ? strdup(tmp) : NULL;
#ifdef USE_SSL
else
conn->dbName = strdup(dbName);
- /*
- * getPasswordFromFile mallocs its result, so we don't need strdup
- * here
- */
if (pwd)
conn->pgpass = strdup(pwd);
else if ((tmp = getenv("PGPASSWORD")) != NULL)
conn->pgpass = strdup(tmp);
+ else if ((tmp = PasswordFromFile(conn->pghost, conn->pgport,
+ conn->dbName, conn->pguser)) != NULL)
+ conn->pgpass = tmp;
else
conn->pgpass = strdup(DefaultPassword);
return NULL;
}
-/* get a password from the password file. */
+/* Get a password from the password file. Return value is malloc'd. */
char *
PasswordFromFile(char *hostname, char *port, char *dbname, char *username)
{
/* Look for it in the home dir */
home = getenv("HOME");
- if (home)
+ if (!home)
+ return NULL;
+
+ pgpassfile = malloc(strlen(home) + 1 + strlen(PGPASSFILE) + 1);
+ if (!pgpassfile)
{
- pgpassfile = malloc(strlen(home) + 1 + strlen(PGPASSFILE) + 1);
- if (!pgpassfile)
- {
- fprintf(stderr, libpq_gettext("out of memory\n"));
- return NULL;
- }
- }
- else
+ fprintf(stderr, libpq_gettext("out of memory\n"));
return NULL;
+ }
sprintf(pgpassfile, "%s/%s", home, PGPASSFILE);
{
char *t = buf,
*ret;
+ int len;
fgets(buf, LINELEN - 1, fp);
- if (strlen(buf) == 0)
+
+ len = strlen(buf);
+ if (len == 0)
continue;
- buf[strlen(buf) - 1] = 0;
+ /* Remove trailing newline */
+ if (buf[len - 1] == '\n')
+ buf[len - 1] = 0;
+
if ((t = pwdfMatchesString(t, hostname)) == NULL ||
(t = pwdfMatchesString(t, port)) == NULL ||
(t = pwdfMatchesString(t, dbname)) == NULL ||
projects / postgresql / commitdiff