Hi,
Maybe this is expected behaviour, but it definitely is not desirable. If
we add a new user:passwrod to the contents of pool_passwd file and send a
reload signal to pgpool, the child processes are still not able to honor the
new user and the trying to login using the new user causes error "MD5
authentication failed..."
I have diagnosed it back to the fact that pgpool uses stdio.h interface
(FILE *) to access the pool_passwd file, and it reads the contents of the
file for every new login that requests MD5 authentication. The problem with
the stdio.h interface is that it caches the contents of the file and it does
not refresh the cache even when the contents of the file change on-disk, so
every time pgpool tries to read new user's password it does not see the new
entry and hence fails.
To be able to connect as the new user we have to either restart pgpool
or wait for a new child to be forked which will see the new contents of the
file. All of these problems also apply to the case where we might alter the
password of an existing user and update the md5 password in pool_passwd
file.
I have attached a minimal patch to address this issue. In the patch, we
save the file path that was initially used to open the pool_passwd and upon
every reload the child closes and reopens the file so that the stdio.h
interface does not show it cached data.
Regards,
--
Gurjeet Singh
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
diff --git a/child.c b/child.c
index b06b97d..b0d04e6 100644
--- a/child.c
+++ b/child.c
@@ -638,6 +638,8 @@ static POOL_CONNECTION *do_accept(int unix_fd, int inet_fd, struct timeval *time
load_hba(get_hba_file_name());
if (pool_config->parallel_mode)
pool_memset_system_db_info(system_db_info->info);
+ if (pool_config->pool_passwd)
+ pool_reopen_passwd_file();
got_sighup = 0;
}
diff --git a/pool_passwd.c b/pool_passwd.c
index 3242389..b1d7f62 100644
--- a/pool_passwd.c
+++ b/pool_passwd.c
@@ -29,6 +29,7 @@
#include "pool_passwd.h"
static FILE *passwd_fd = NULL; /* File descriptor for pool_passwd */
+static char *saved_passwd_filename = NULL;
/*
* Initialize this module.
@@ -40,6 +41,9 @@ void pool_init_pool_passwd(char *pool_passwd_filename)
if (passwd_fd)
return;
+ if (saved_passwd_filename == NULL)
+ saved_passwd_filename = pool_passwd_filename;
+
passwd_fd = fopen(pool_passwd_filename, "r+");
if (!passwd_fd)
{
@@ -224,3 +227,9 @@ void pool_finish_pool_passwd(void)
passwd_fd = NULL;
}
}
+
+void pool_reopen_passwd_file(void)
+{
+ pool_finish_pool_passwd();
+ pool_init_pool_passwd(saved_passwd_filename);
+}
diff --git a/pool_passwd.h b/pool_passwd.h
index 48ef2a4..0babf64 100644
--- a/pool_passwd.h
+++ b/pool_passwd.h
@@ -36,5 +36,6 @@ extern int pool_create_passwdent(char *username, char *passwd);
extern char *pool_get_passwd(char *username);
extern void pool_delete_passwdent(char *username);
extern void pool_finish_pool_passwd(void);
+extern void pool_reopen_passwd_file(void);
#endif /* POOL_PASSWD_H */
_______________________________________________
Pgpool-hackers mailing list
Pgpool-hackers@pgfoundry.org
http://pgfoundry.org/mailman/listinfo/pgpool-hackers
