/usr/lib/python3/dist-packages/postgresql/pgpassfile.py is in python3-postgresql 1.1.0-1build1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 | ##
# .pgpassfile - parse and lookup passwords in a pgpassfile
##
'Parse pgpass files and subsequently lookup a password.'
from os.path import exists
def split(line, len = len):
line = line.strip()
if not line:
return None
r = []
continuation = False
for x in line.split(':'):
if continuation:
# The colon was preceded by a backslash, it's part
# of the last field. Substitute the trailing backslash
# with the colon and append the next value.
r[-1] = r[-1][:-1] + ':' + x.replace('\\\\', '\\')
continuation = False
else:
# Even number of backslashes preceded the split.
# Normal field.
r.append(x.replace('\\\\', '\\'))
# Determine if the next field is a continuation of this one.
if (len(x) - len(x.rstrip('\\'))) % 2 == 1:
continuation = True
if len(r) != 5:
# Too few or too many fields.
return None
return r
def parse(data):
'produce a list of [(word, (host,port,dbname,user))] from a pgpass file object'
return [
(x[-1], x[0:4]) for x in [split(line) for line in data] if x
]
def lookup_password(words, uhpd):
"""
lookup_password(words, (user, host, port, database)) -> password
Where 'words' is the output from pgpass.parse()
"""
user, host, port, database = uhpd
for word, (w_host, w_port, w_database, w_user) in words:
if (w_user == '*' or w_user == user) and \
(w_host == '*' or w_host == host) and \
(w_port == '*' or w_port == port) and \
(w_database == '*' or w_database == database):
return word
def lookup_password_file(path, t):
'like lookup_password, but takes a file path'
with open(path) as f:
return lookup_password(parse(f), t)
def lookup_pgpass(d, passfile, exists = exists):
# If the password file exists, lookup the password
# using the config's criteria.
if exists(passfile):
return lookup_password_file(passfile, (
str(d['user']), str(d['host']), str(d['port']),
str(d.get('database', d['user']))
))
|