Re: [HACKERS] [PATCHES] .pgpass file and unix domain sockets
Patch applied. It will appear in 8.2. --- Bruce Momjian wrote: I have implemented the idea I listed below, patch attached. --- Bruce Momjian wrote: Uh, why wouldn't we allow localhost to match the default unix domain socket name, as well as an empty hostname? If you specify a non-default location, you then have to specify the full path. --- Andrew Dunstan wrote: hackers - any opinions? The biggest downside would be that a pgpass file would be version specific for this feature. The badness of this is somewhat mitigated by the ability we now have to specify an alternative pgpassfile location. cheers andrew Original Message Subject: Re: [PATCHES] .pgpass file and unix domain sockets Date: Tue, 16 May 2006 12:16:53 -0400 From: Tom Lane [EMAIL PROTECTED] To: Andrew Dunstan [EMAIL PROTECTED] CC: Joachim Wieland [EMAIL PROTECTED], pgsql-patches@postgresql.org References: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Andrew Dunstan [EMAIL PROTECTED] writes: Tom Lane wrote: Personally I wouldn't object to making it match localhost in all cases. That's what the documentation says, and the use-case for doing something more complicated seems pretty thin. I almost agree. If anything, I'd prefer to provide for an explicit entry covering all Unix Domain sockets - it took me by some surprise to find a while back that localhost covers that case - it seems a mismatch with how pg_hba.conf works. Well, that'd break existing .pgpass files (unless we match localhost too, which seems to defeat the purpose). But maybe it's worth doing for consistency's sake. I think we should bring it up on a more widely read list than -patches if you want to propose a non-backwards-compatible change ... ---(end of broadcast)--- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly -- Bruce Momjian http://candle.pha.pa.us EnterpriseDBhttp://www.enterprisedb.com + If your life is a hard drive, Christ can be your backup. + ---(end of broadcast)--- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly -- Bruce Momjian http://candle.pha.pa.us EnterpriseDBhttp://www.enterprisedb.com + If your life is a hard drive, Christ can be your backup. + Index: doc/src/sgml/libpq.sgml === RCS file: /cvsroot/pgsql/doc/src/sgml/libpq.sgml,v retrieving revision 1.208 diff -c -c -r1.208 libpq.sgml *** doc/src/sgml/libpq.sgml 6 May 2006 16:25:11 - 1.208 --- doc/src/sgml/libpq.sgml 17 May 2006 01:52:40 - *** *** 4000,4008 entries first when you are using wildcards.) If an entry needs to contain literal:/literal or literal\/literal, escape this character with literal\/literal. ! A hostname of literallocalhost/ matches both literalhost/ (TCP) ! and literallocal/ (Unix domain socket) connections coming from the ! local machine. /para para --- 4000,4008 entries first when you are using wildcards.) If an entry needs to contain literal:/literal or literal\/literal, escape this character with literal\/literal. ! A hostname of literallocalhost/ matches both TCP literalhost/ (hostname literallocalhost/) ! and Unix domain socket literallocal/ (literalpghost/ empty or the default socket directory) ! connections coming from the local machine. /para para Index: src/interfaces/libpq/fe-connect.c === RCS file: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v retrieving revision 1.328 diff -c -c -r1.328 fe-connect.c *** src/interfaces/libpq/fe-connect.c 14 Mar 2006 22:48:23 - 1.328 --- src/interfaces/libpq/fe-connect.c 17 May 2006 01:52:59 - *** *** 3106,3114 --- 3106,3129 if (username == NULL || strlen(username) == 0) return NULL; + /* 'localhost' matches pghost of '' or the default socket directory */ if (hostname == NULL) hostname = DefaultHost; + else if (is_absolute_path(hostname
[PATCHES] .pgpass file and unix domain sockets
Since no decision has been reached in http://archives.postgresql.org/pgsql-hackers/2006-05/msg00295.php I send in the appended documentation patch to fix at least the documentation. Personally I think that there is no need to invent a new syntax since we can express everything already with the current one. Joachim diff -cr cvs/pgsql/doc/src/sgml/libpq.sgml cvs.build/pgsql/doc/src/sgml/libpq.sgml *** cvs/pgsql/doc/src/sgml/libpq.sgml 2006-05-15 22:59:38.0 +0200 --- cvs.build/pgsql/doc/src/sgml/libpq.sgml 2006-05-16 11:13:47.0 +0200 *** *** 4000,4011 entries first when you are using wildcards.) If an entry needs to contain literal:/literal or literal\/literal, escape this character with literal\/literal. - A hostname of literallocalhost/ matches both literalhost/ (TCP) - and literallocal/ (Unix domain socket) connections coming from the - local machine. /para para The permissions on filename.pgpass/filename must disallow any access to world or group; achieve this by the command commandchmod 0600 ~/.pgpass/command. --- 4000,4032 entries first when you are using wildcards.) If an entry needs to contain literal:/literal or literal\/literal, escape this character with literal\/literal. /para para + To match literallocal/ (Unix domain socket) connections coming from the + local machine, put the path to the Unix domain socket file in the + replaceablehostname/replaceable field. So if the socket file you use to + access the database is for example + filename/var/run/postgresql/.s.PGSQL.5432/filename, you would set + replaceablehostname/replaceable to + literal\/var\/run\/postgresql/literal and port to literal5432/literal. + /para + + tip + para + In applicationpsql/application you can always find out the current values + of your connection by issuing the command\set/command command. If you want + to authenticate this very connection automatically via the + filename.pgpass/filename file, just use the shown values for + replaceablehostname/replaceable, replaceableport/replaceable, + replaceabledatabase/replaceable and replaceableusername/replaceable. + (Other applications can use the applicationlibpq/application functions + described in xref linkend=libpq-status to retrieve the respective values + for their current connection.) + /para + /tip + + para The permissions on filename.pgpass/filename must disallow any access to world or group; achieve this by the command commandchmod 0600 ~/.pgpass/command. ---(end of broadcast)--- TIP 2: Don't 'kill -9' the postmaster
Re: [PATCHES] .pgpass file and unix domain sockets
Joachim Wieland [EMAIL PROTECTED] writes: I send in the appended documentation patch to fix at least the documentation. This is wrong according to my tests. localhost *does* work, at least in some cases. regards, tom lane ---(end of broadcast)--- TIP 4: Have you searched our list archives? http://archives.postgresql.org
Re: [PATCHES] .pgpass file and unix domain sockets
Tom Lane wrote: Joachim Wieland [EMAIL PROTECTED] writes: I send in the appended documentation patch to fix at least the documentation. This is wrong according to my tests. localhost *does* work, at least in some cases. As I understand it, the only case where it doesn't is where an explicit host connection parameter pointing to the socket directory, or the same via PGHOST, is used, Is that right? cheers andrew ---(end of broadcast)--- TIP 6: explain analyze is your friend
Re: [PATCHES] .pgpass file and unix domain sockets
Andrew Dunstan [EMAIL PROTECTED] writes: Tom Lane wrote: This is wrong according to my tests. localhost *does* work, at least in some cases. As I understand it, the only case where it doesn't is where an explicit host connection parameter pointing to the socket directory, or the same via PGHOST, is used, Is that right? Well, the point is that if you do that then you have to write that socket directory as the hostname in .pgpass. What was on the table for discussion was whether we like that behavior as-is (in which case we'd better document it), or whether we should make it match localhost in all cases, or whether we should do some third thing. Personally I wouldn't object to making it match localhost in all cases. That's what the documentation says, and the use-case for doing something more complicated seems pretty thin. regards, tom lane ---(end of broadcast)--- TIP 6: explain analyze is your friend
Re: [PATCHES] .pgpass file and unix domain sockets
Tom Lane wrote: Andrew Dunstan [EMAIL PROTECTED] writes: Tom Lane wrote: This is wrong according to my tests. localhost *does* work, at least in some cases. As I understand it, the only case where it doesn't is where an explicit host connection parameter pointing to the socket directory, or the same via PGHOST, is used, Is that right? Well, the point is that if you do that then you have to write that socket directory as the hostname in .pgpass. What was on the table for discussion was whether we like that behavior as-is (in which case we'd better document it), or whether we should make it match localhost in all cases, or whether we should do some third thing. Personally I wouldn't object to making it match localhost in all cases. That's what the documentation says, and the use-case for doing something more complicated seems pretty thin. I almost agree. If anything, I'd prefer to provide for an explicit entry covering all Unix Domain sockets - it took me by some surprise to find a while back that localhost covers that case - it seems a mismatch with how pg_hba.conf works. cheers andrew ---(end of broadcast)--- TIP 5: don't forget to increase your free space map settings
Re: [PATCHES] .pgpass file and unix domain sockets
Andrew Dunstan [EMAIL PROTECTED] writes: Tom Lane wrote: Personally I wouldn't object to making it match localhost in all cases. That's what the documentation says, and the use-case for doing something more complicated seems pretty thin. I almost agree. If anything, I'd prefer to provide for an explicit entry covering all Unix Domain sockets - it took me by some surprise to find a while back that localhost covers that case - it seems a mismatch with how pg_hba.conf works. Well, that'd break existing .pgpass files (unless we match localhost too, which seems to defeat the purpose). But maybe it's worth doing for consistency's sake. I think we should bring it up on a more widely read list than -patches if you want to propose a non-backwards-compatible change ... regards, tom lane ---(end of broadcast)--- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [PATCHES] .pgpass file and unix domain sockets
On Tue, May 16, 2006 at 09:43:42AM -0400, Tom Lane wrote: Joachim Wieland [EMAIL PROTECTED] writes: I send in the appended documentation patch to fix at least the documentation. This is wrong according to my tests. localhost *does* work, at least in some cases. I see the problem now... I got confused by the debian package. There, psql is a wrapper that explicitly sets environment variables including PGHOST and then calls `the real' psql... So you're clearly right, the problem is less severe than I thought. Sorry for the noise. Joachim ---(end of broadcast)--- TIP 5: don't forget to increase your free space map settings
Re: [HACKERS] [PATCHES] .pgpass file and unix domain sockets
I have implemented the idea I listed below, patch attached. --- Bruce Momjian wrote: Uh, why wouldn't we allow localhost to match the default unix domain socket name, as well as an empty hostname? If you specify a non-default location, you then have to specify the full path. --- Andrew Dunstan wrote: hackers - any opinions? The biggest downside would be that a pgpass file would be version specific for this feature. The badness of this is somewhat mitigated by the ability we now have to specify an alternative pgpassfile location. cheers andrew Original Message Subject:Re: [PATCHES] .pgpass file and unix domain sockets Date: Tue, 16 May 2006 12:16:53 -0400 From: Tom Lane [EMAIL PROTECTED] To: Andrew Dunstan [EMAIL PROTECTED] CC: Joachim Wieland [EMAIL PROTECTED], pgsql-patches@postgresql.org References: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Andrew Dunstan [EMAIL PROTECTED] writes: Tom Lane wrote: Personally I wouldn't object to making it match localhost in all cases. That's what the documentation says, and the use-case for doing something more complicated seems pretty thin. I almost agree. If anything, I'd prefer to provide for an explicit entry covering all Unix Domain sockets - it took me by some surprise to find a while back that localhost covers that case - it seems a mismatch with how pg_hba.conf works. Well, that'd break existing .pgpass files (unless we match localhost too, which seems to defeat the purpose). But maybe it's worth doing for consistency's sake. I think we should bring it up on a more widely read list than -patches if you want to propose a non-backwards-compatible change ... ---(end of broadcast)--- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly -- Bruce Momjian http://candle.pha.pa.us EnterpriseDBhttp://www.enterprisedb.com + If your life is a hard drive, Christ can be your backup. + ---(end of broadcast)--- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly -- Bruce Momjian http://candle.pha.pa.us EnterpriseDBhttp://www.enterprisedb.com + If your life is a hard drive, Christ can be your backup. + Index: doc/src/sgml/libpq.sgml === RCS file: /cvsroot/pgsql/doc/src/sgml/libpq.sgml,v retrieving revision 1.208 diff -c -c -r1.208 libpq.sgml *** doc/src/sgml/libpq.sgml 6 May 2006 16:25:11 - 1.208 --- doc/src/sgml/libpq.sgml 17 May 2006 01:52:40 - *** *** 4000,4008 entries first when you are using wildcards.) If an entry needs to contain literal:/literal or literal\/literal, escape this character with literal\/literal. ! A hostname of literallocalhost/ matches both literalhost/ (TCP) ! and literallocal/ (Unix domain socket) connections coming from the ! local machine. /para para --- 4000,4008 entries first when you are using wildcards.) If an entry needs to contain literal:/literal or literal\/literal, escape this character with literal\/literal. ! A hostname of literallocalhost/ matches both TCP literalhost/ (hostname literallocalhost/) ! and Unix domain socket literallocal/ (literalpghost/ empty or the default socket directory) ! connections coming from the local machine. /para para Index: src/interfaces/libpq/fe-connect.c === RCS file: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v retrieving revision 1.328 diff -c -c -r1.328 fe-connect.c *** src/interfaces/libpq/fe-connect.c 14 Mar 2006 22:48:23 - 1.328 --- src/interfaces/libpq/fe-connect.c 17 May 2006 01:52:59 - *** *** 3106,3114 --- 3106,3129 if (username == NULL || strlen(username) == 0) return NULL; + /* 'localhost' matches pghost of '' or the default socket directory */ if (hostname == NULL) hostname = DefaultHost; + else if (is_absolute_path(hostname)) + { + charcanon_host[MAXPGPATH]; + charcanon_def_socket[MAXPGPATH]; + + StrNCpy(canon_host, hostname, MAXPGPATH); + StrNCpy(canon_def_socket