Re: elog() patch

Here is a better patch I am inclined to apply. I fixes the debug
messages during authentication problem in a cleaner way, and removes
password echo to server logs and client.

---------------------------------------------------------------------------

Bruce Momjian wrote:
> Tom Lane wrote:
> > Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> > > Is this what you were looking for? I set client_min_messages to the max
> > > of debug5 and the output is attached.
> >
> > If the DBA wants to do that, I don't have a problem with it. I'm
> > wondering what happens if an unprivileged user tries to do it,
> > via either PGOPTIONS or Peter's new user/database-local options.
> >
> > Please note also that I'm wondering about the messages emitted during
> > an authorization *failure*, not a successful connection.
>
> You ask a very good question here. I never tested authentication with
> debug sent to the client. The answer is that it doesn't work without
> the attached patch. Now, I am not about to apply this because it does
> change getNotice() to an extern and moves its prototype to libpq-int.h.
> This is necessary because I now use getNotice() in fe-connect.c.
>
> The second issue is that this isn't going to work for pre-7.2 clients
> because the protocol doesn't expect 'N' messages during the
> authentication phase. I think we can live with a client_min_messages
> level of debug* not working on old clients, though we should make a
> mention of it in the release notes.
>
> And finally, here is the output from a failed password login with the
> patch applied:
>
> $ psql test
> Password:
> DEBUG: received password packet with len=12, pw=lkjasdf
>
> DEBUG: received password packet with len=12, pw=lkjasdf
>
> psql: FATAL: Password authentication failed for user "postgres"
>
> Basically it echoes the failed password back to the user. Again, this
> is only with client_min_messages set to debug1-5. I don't know how to
> fix this because we specifically set things up so the client could see
> everything the server logs see. I wonder if echoing the failed password
> into the logs is a good idea either. I don't think so.
>
> Someone please advise on patch application. Are there other places that
> don't expect a NOTICE in the middle of a protocol handshake?

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026