[FIX] web_services: fix db dump/restore when authentication requires a password on non-win32 systems

The various pg_* utilities require the password via a special environment variable or a special `pgpass` file in the user home, even on Unix, namely when the PostgreSQL connection is done via TCP and not via a unix socket. Setting the environment variable is relatively safe if it is removed from the environment immediately after the operation, and saves user the trouble of managing the pgpass file themselves. This had been fixed at revision 3992 but was incorrectly removed for non win32 platforms at revision 4424 (rev-id stw@openerp.com-20120912114651-8hcliparft1ep9tc) lp bug: https://launchpad.net/bugs/790164 fixed lp bug: https://launchpad.net/bugs/919100 fixed bzr revid: odo@openerp.com-20130313152020-suo2pyrabae0ecg4
2013-03-13 16:20:20 +01:00 · 2013-03-13 16:20:20 +01:00 · ab76b7a67f
parent 52e47a660a
commit ab76b7a67f
1 changed files with 12 additions and 4 deletions
--- a/openerp/service/web_services.py
+++ b/openerp/service/web_services.py
@ -234,14 +234,22 @@ class db(netsvc.ExportService):

    @contextlib.contextmanager
    def _set_pg_password_in_environment(self):
-        """ On Win32, pg_dump (and pg_restore) require that
-        :envvar:`PGPASSWORD` be set
+        """ On systems where pg_restore/pg_dump require an explicit
+        password (i.e. when not connecting via unix sockets, and most
+        importantly on Windows), it is necessary to pass the PG user
+        password in the environment or in a special .pgpass file.

        This context management method handles setting
-        :envvar:`PGPASSWORD` iif win32 and the envvar is not already
+        :envvar:`PGPASSWORD` if it is not already
        set, and removing it afterwards.
+
+        See also http://www.postgresql.org/docs/8.4/static/libpq-envars.html
+        
+        .. note:: This is not thread-safe, and should never be enabled for
+             SaaS (giving SaaS users the super-admin password is not a good idea
+             anyway)
        """
-        if os.name != 'nt' or os.environ.get('PGPASSWORD'):
+        if os.environ.get('PGPASSWORD'):
            yield
        else:
            os.environ['PGPASSWORD'] = tools.config['db_password']