From d5e745ec42fa14f7fa9b22f8455c041e05b2a757 Mon Sep 17 00:00:00 2001 From: "Bryn M. Reeves" Date: Fri, 22 Aug 2014 17:28:14 +0100 Subject: [PATCH] [pgsql] backport PGPASSWORD changes Backport the upstream change to obtain PGPASSWORD from the environment: commit 8091f6619c9218244696401012da71581f8607d5 Author: Bryn M. Reeves Date: Thu Aug 21 18:29:50 2014 +0100 [postgresql] obtain PGPASSWORD from the environment Allow the value of PGPASSWORD to be inherited from the environment. This prevents the password being exposed in command line parameters that may be visible to other users on the system. Signed-off-by: Bryn M. Reeves --- sos/plugins/pgsql.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/sos/plugins/pgsql.py b/sos/plugins/pgsql.py index ca7972e..ae57f21 100644 --- a/sos/plugins/pgsql.py +++ b/sos/plugins/pgsql.py @@ -32,10 +32,12 @@ class pgsql(sos.plugintools.PluginBase): packages = [ 'postgresql' ] + password_warn_text = " (password visible in process listings)" + optionList = [ ("pghome", 'PostgreSQL server home directory (default=/var/lib/pgsql)', '', __pghome), ("username", 'username for pg_dump (default=postgres)', '', False), - ("password", 'password for pg_dump (default=None)', '', False), + ('password', 'password for pg_dump' + password_warn_text, '', False), ("dbname", 'database name to dump for pg_dump (default=None)', '', False), ("dbhost", 'hostname/IP of the server upon which the DB is running (default=localhost)', '', False), ("dbport", 'database server port number (default=5432)', '', False) @@ -48,8 +50,13 @@ class pgsql(sos.plugintools.PluginBase): os.makedirs(dest_dir) except: self.soslog.error("could not create pg_dump output path %s" % dest_dir) - old_env_pgpassword = os.environ.get("PGPASSWORD") - os.environ["PGPASSWORD"] = "%s" % (self.getOption("password")) + + # We're only modifying this for ourself and our children so there + # is no need to save and restore environment variables if the user + # decided to pass the password on the command line. + if self.getOption("password") is not False: + os.environ["PGPASSWORD"] = self.getOption("password") + if self.getOption("dbhost"): (status, output, rtime) = self.callExtProg("pg_dump -U %s -h %s -p %s -w -f %s -F t %s" % (self.__username, @@ -63,8 +70,6 @@ class pgsql(sos.plugintools.PluginBase): dest_file, self.getOption("dbname"))) - if old_env_pgpassword is not None: - os.environ["PGPASSWORD"] = str(old_env_pgpassword) if status != 0: self.soslog.error("unable to execute pg_dump. Error(%s)" % (output)) @@ -89,7 +94,7 @@ class pgsql(sos.plugintools.PluginBase): # dbname must have a value self.soslog.warn("pgsql.dbname requires a database name") return - if self.getOption("password") != False: + if self.getOption("password") or "PGPASSWORD" in os.environ: if self.getOption("username"): if self.getOption("username") == True: self.soslog.warn("pgsql.username requires a user name") -- 1.9.3