Re: [PATCHES] nested xacts: update password file

2004-07-12 Thread Bruce Momjian

Alvaro, you call GetParentTransactionId(), but I see not definition for
it in the code.

---

Alvaro Herrera wrote:
 An untested patch to update the password file.
 
 Something that bugged me a lot is that I tried to find the format of the
 file for testing the patch, and I couldn't find anything anywhere in the
 docs.  Apparently the docs for the file were ripped with the docs for
 the pg_passwd utility when it was ripped before the 7.3 release.
 
 -- 
 Alvaro Herrera (alvherre[a]dcc.uchile.cl)
 Some men are heterosexual, and some are bisexual, and some
 men don't think about sex at all... they become lawyers (Woody Allen)

[ Attachment, skipping... ]

 
 ---(end of broadcast)---
 TIP 5: Have you checked our extensive FAQ?
 
http://www.postgresql.org/docs/faqs/FAQ.html

-- 
  Bruce Momjian|  http://candle.pha.pa.us
  [EMAIL PROTECTED]   |  (610) 359-1001
  +  If your life is a hard drive, |  13 Roberts Road
  +  Christ can be your backup.|  Newtown Square, Pennsylvania 19073

---(end of broadcast)---
TIP 8: explain analyze is your friend


Re: [PATCHES] nested xacts: update password file

2004-07-12 Thread Alvaro Herrera
On Mon, Jul 12, 2004 at 12:05:40PM -0400, Bruce Momjian wrote:
 
 Alvaro, you call GetParentTransactionId(), but I see not definition for
 it in the code.

Let me include this patch in the next patch I'll submit shortly.

-- 
Alvaro Herrera (alvherre[a]dcc.uchile.cl)
I suspect most samba developers are already technically insane...
Of course, since many of them are Australians, you can't tell. (L. Torvalds)


---(end of broadcast)---
TIP 6: Have you searched our list archives?

   http://archives.postgresql.org


Re: [PATCHES] nested xacts: update password file

2004-07-12 Thread Bruce Momjian

OK.  Also, I would like you to post a list of the open items you have so
we can all know the status.

---

Alvaro Herrera wrote:
 On Mon, Jul 12, 2004 at 12:05:40PM -0400, Bruce Momjian wrote:
  
  Alvaro, you call GetParentTransactionId(), but I see not definition for
  it in the code.
 
 Let me include this patch in the next patch I'll submit shortly.
 
 -- 
 Alvaro Herrera (alvherre[a]dcc.uchile.cl)
 I suspect most samba developers are already technically insane...
 Of course, since many of them are Australians, you can't tell. (L. Torvalds)
 

-- 
  Bruce Momjian|  http://candle.pha.pa.us
  [EMAIL PROTECTED]   |  (610) 359-1001
  +  If your life is a hard drive, |  13 Roberts Road
  +  Christ can be your backup.|  Newtown Square, Pennsylvania 19073

---(end of broadcast)---
TIP 3: if posting/reading through Usenet, please send an appropriate
  subscribe-nomail command to [EMAIL PROTECTED] so that your
  message can get through to the mailing list cleanly


Re: [PATCHES] nested xacts: update password file

2004-07-12 Thread Bruce Momjian

Patch withdrawn by author.

---

Alvaro Herrera wrote:
 An untested patch to update the password file.
 
 Something that bugged me a lot is that I tried to find the format of the
 file for testing the patch, and I couldn't find anything anywhere in the
 docs.  Apparently the docs for the file were ripped with the docs for
 the pg_passwd utility when it was ripped before the 7.3 release.
 
 -- 
 Alvaro Herrera (alvherre[a]dcc.uchile.cl)
 Some men are heterosexual, and some are bisexual, and some
 men don't think about sex at all... they become lawyers (Woody Allen)

[ Attachment, skipping... ]

 
 ---(end of broadcast)---
 TIP 5: Have you checked our extensive FAQ?
 
http://www.postgresql.org/docs/faqs/FAQ.html

-- 
  Bruce Momjian|  http://candle.pha.pa.us
  [EMAIL PROTECTED]   |  (610) 359-1001
  +  If your life is a hard drive, |  13 Roberts Road
  +  Christ can be your backup.|  Newtown Square, Pennsylvania 19073

---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]


Re: [PATCHES] nested xacts: update password file

2004-07-12 Thread Tom Lane
Bruce Momjian [EMAIL PROTECTED] writes:
 Alvaro, you call GetParentTransactionId(), but I see not definition for
 it in the code.

It looks like Alvaro forgot to include diffs for xact.c in that patch.
I imagine what he had in mind was to add such a function to xact.c.

I would like to counsel *not* doing that, mainly because it wouldn't
have any well-defined result when not inside a subxact.  What we are
doing for other end-of-subxact functions is to pass the parent XID
explicitly as a parameter; it seems best to me to adopt that approach
for the password function too.

Another minor gripe is the comment that says this logic matches inval.c;
that's not true anymore, I think.

Other than that the patch looks okay to me, but I'll wait for Alvaro
to submit a combined patch rather than adjusting xact.c underneath him.

A todo item for you, Bruce, is to put back the missing documentation
that Alvaro complained of:

 Something that bugged me a lot is that I tried to find the format of the
 file for testing the patch, and I couldn't find anything anywhere in the
 docs.  Apparently the docs for the file were ripped with the docs for
 the pg_passwd utility when it was ripped before the 7.3 release.

regards, tom lane

---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster


Re: [PATCHES] nested xacts: update password file

2004-07-12 Thread Bruce Momjian
Tom Lane wrote:
 Bruce Momjian [EMAIL PROTECTED] writes:
  Alvaro, you call GetParentTransactionId(), but I see not definition for
  it in the code.
 
 It looks like Alvaro forgot to include diffs for xact.c in that patch.
 I imagine what he had in mind was to add such a function to xact.c.
 
 I would like to counsel *not* doing that, mainly because it wouldn't
 have any well-defined result when not inside a subxact.  What we are
 doing for other end-of-subxact functions is to pass the parent XID
 explicitly as a parameter; it seems best to me to adopt that approach
 for the password function too.
 
 Another minor gripe is the comment that says this logic matches inval.c;
 that's not true anymore, I think.
 
 Other than that the patch looks okay to me, but I'll wait for Alvaro
 to submit a combined patch rather than adjusting xact.c underneath him.

Alvaro is resubmitting.

 A todo item for you, Bruce, is to put back the missing documentation
 that Alvaro complained of:
 
  Something that bugged me a lot is that I tried to find the format of the
  file for testing the patch, and I couldn't find anything anywhere in the
  docs.  Apparently the docs for the file were ripped with the docs for
  the pg_passwd utility when it was ripped before the 7.3 release.

I was confused by this.  What docs for the password file did we have?

-- 
  Bruce Momjian|  http://candle.pha.pa.us
  [EMAIL PROTECTED]   |  (610) 359-1001
  +  If your life is a hard drive, |  13 Roberts Road
  +  Christ can be your backup.|  Newtown Square, Pennsylvania 19073

---(end of broadcast)---
TIP 7: don't forget to increase your free space map settings


Re: [PATCHES] nested xacts: update password file

2004-07-12 Thread Bruce Momjian

OK, but why would we document the contents of a file that are not to be
modified by the user?

---

Alvaro Herrera wrote:
 On Mon, Jul 12, 2004 at 02:18:40PM -0400, Bruce Momjian wrote:
 
Something that bugged me a lot is that I tried to find the format of the
file for testing the patch, and I couldn't find anything anywhere in the
docs.  Apparently the docs for the file were ripped with the docs for
the pg_passwd utility when it was ripped before the 7.3 release.
  
  I was confused by this.  What docs for the password file did we have?
 
 I see this in 7.2 docs.  This is not mentioned anywhere in current docs.
 Does it work with other auth mechanisms (md5, crypt)?
 
   para
The format of a text password file is one entry per line; the fields
of each entry are separated by colons. The first field is the user
name, the second field is the encrypted password. Other fields are
ignored (to allow password files to be shared between applications
that use similar formats). applicationpg_passwd/application
enables users to interactively add entries to such a file, to alter
passwords of existing entries, and to encrypt such passwords.
   /para
 
 [...]
 
   para
To make use of this password file, put a line like the following in
filenamepg_hba.conf/filename:
 
 programlisting
 host  mydb 133.65.96.250   255.255.255.255 password passwords
 /programlisting
 
which would allow access to database mydb from host 133.65.96.250 using
the passwords listed in the filenamepasswords/filename file (and
only to the users listed in that file).
   /para
 
   note
para
 It is also useful to have entries in a password file with empty
 password fields. (This is different from an empty password.) Such
 entries allow you to restrict users who can access the system. These
 entries cannot be managed by applicationpg_passwd/application,
 but you can edit password files manually.
/para
   /note
 
 
 -- 
 Alvaro Herrera (alvherre[a]dcc.uchile.cl)
 La primera ley de las demostraciones en vivo es: no trate de usar el sistema.
 Escriba un gui?n que no toque nada para no causar da?os. (Jakob Nielsen)
 

-- 
  Bruce Momjian|  http://candle.pha.pa.us
  [EMAIL PROTECTED]   |  (610) 359-1001
  +  If your life is a hard drive, |  13 Roberts Road
  +  Christ can be your backup.|  Newtown Square, Pennsylvania 19073

---(end of broadcast)---
TIP 5: Have you checked our extensive FAQ?

   http://www.postgresql.org/docs/faqs/FAQ.html


Re: [PATCHES] nested xacts: update password file

2004-07-12 Thread Alvaro Herrera
On Mon, Jul 12, 2004 at 02:18:40PM -0400, Bruce Momjian wrote:

   Something that bugged me a lot is that I tried to find the format of the
   file for testing the patch, and I couldn't find anything anywhere in the
   docs.  Apparently the docs for the file were ripped with the docs for
   the pg_passwd utility when it was ripped before the 7.3 release.
 
 I was confused by this.  What docs for the password file did we have?

I see this in 7.2 docs.  This is not mentioned anywhere in current docs.
Does it work with other auth mechanisms (md5, crypt)?

  para
   The format of a text password file is one entry per line; the fields
   of each entry are separated by colons. The first field is the user
   name, the second field is the encrypted password. Other fields are
   ignored (to allow password files to be shared between applications
   that use similar formats). applicationpg_passwd/application
   enables users to interactively add entries to such a file, to alter
   passwords of existing entries, and to encrypt such passwords.
  /para

[...]

  para
   To make use of this password file, put a line like the following in
   filenamepg_hba.conf/filename:

programlisting
host  mydb 133.65.96.250   255.255.255.255 password passwords
/programlisting

   which would allow access to database mydb from host 133.65.96.250 using
   the passwords listed in the filenamepasswords/filename file (and
   only to the users listed in that file).
  /para

  note
   para
It is also useful to have entries in a password file with empty
password fields. (This is different from an empty password.) Such
entries allow you to restrict users who can access the system. These
entries cannot be managed by applicationpg_passwd/application,
but you can edit password files manually.
   /para
  /note


-- 
Alvaro Herrera (alvherre[a]dcc.uchile.cl)
La primera ley de las demostraciones en vivo es: no trate de usar el sistema.
Escriba un guión que no toque nada para no causar daños. (Jakob Nielsen)


---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]


Re: [PATCHES] nested xacts: update password file

2004-07-12 Thread Tom Lane
Bruce Momjian [EMAIL PROTECTED] writes:
 OK, but why would we document the contents of a file that are not to be
 modified by the user?

Also note that the 7.2 docs are out of date anyway (looks to me like
we use spaces not colons as column separators...)

regards, tom lane

---(end of broadcast)---
TIP 6: Have you searched our list archives?

   http://archives.postgresql.org


Re: [PATCHES] nested xacts: update password file

2004-07-12 Thread Alvaro Herrera
On Mon, Jul 12, 2004 at 02:31:37PM -0400, Bruce Momjian wrote:

 OK, but why would we document the contents of a file that are not to be
 modified by the user?

But how is the file used?  Where do I put the file, what do I put in
pg_hba.conf to use the file?  Can I have several files, one per
pg_hba.conf entry?  Can I use multiple files with a single pg_hba.conf
entry?  What happens if I have a username that has the separator in it?

-- 
Alvaro Herrera (alvherre[a]dcc.uchile.cl)
Los dioses no protegen a los insensatos.  Éstos reciben protección de
otros insensatos mejor dotados (Luis Wu, Mundo Anillo)


---(end of broadcast)---
TIP 9: the planner will ignore your desire to choose an index scan if your
  joining column's datatypes do not match


Re: [PATCHES] nested xacts: update password file

2004-07-12 Thread Bruce Momjian
Alvaro Herrera wrote:
 On Mon, Jul 12, 2004 at 02:31:37PM -0400, Bruce Momjian wrote:
 
  OK, but why would we document the contents of a file that are not to be
  modified by the user?
 
 But how is the file used?  Where do I put the file, what do I put in
 pg_hba.conf to use the file?  Can I have several files, one per
 pg_hba.conf entry?  Can I use multiple files with a single pg_hba.conf
 entry?  What happens if I have a username that has the separator in it?

We no longer have the capability for external password files, which is
what the 7.2 docs were talking about.  We removed it when we went to
encrypted MD5 password and pg_hba.conf entries where you can reference
external lists of users and groups.

The file you were touching is a cache of usernames written by backends
modifing the pg_shadow table and read by the postmaster.

-- 
  Bruce Momjian|  http://candle.pha.pa.us
  [EMAIL PROTECTED]   |  (610) 359-1001
  +  If your life is a hard drive, |  13 Roberts Road
  +  Christ can be your backup.|  Newtown Square, Pennsylvania 19073

---(end of broadcast)---
TIP 6: Have you searched our list archives?

   http://archives.postgresql.org


Re: [PATCHES] nested xacts: update password file

2004-07-12 Thread Tom Lane
Alvaro Herrera [EMAIL PROTECTED] writes:
 But how is the file used?  Where do I put the file, what do I put in
 pg_hba.conf to use the file?  Can I have several files, one per
 pg_hba.conf entry?  Can I use multiple files with a single pg_hba.conf
 entry?  What happens if I have a username that has the separator in it?

You don't do anything with it directly.  Just create some users and
assign them some passwords and see if the file updates (or even
more directly, try to log in using password auth).  It's just a
transmission mechanism to put the important parts of pg_shadow and
pg_group in a place where the postmaster can read 'em.

regards, tom lane

---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster


Re: [PATCHES] nested xacts: update password file

2004-07-12 Thread Alvaro Herrera
On Mon, Jul 12, 2004 at 03:19:43PM -0400, Bruce Momjian wrote:
 Alvaro Herrera wrote:
  On Mon, Jul 12, 2004 at 02:31:37PM -0400, Bruce Momjian wrote:
  
   OK, but why would we document the contents of a file that are not to be
   modified by the user?
  
  But how is the file used?  Where do I put the file, what do I put in
  pg_hba.conf to use the file?  Can I have several files, one per
  pg_hba.conf entry?  Can I use multiple files with a single pg_hba.conf
  entry?  What happens if I have a username that has the separator in it?
 
 We no longer have the capability for external password files, which is
 what the 7.2 docs were talking about.  We removed it when we went to
 encrypted MD5 password and pg_hba.conf entries where you can reference
 external lists of users and groups.
 
 The file you were touching is a cache of usernames written by backends
 modifing the pg_shadow table and read by the postmaster.

Oh, I see!  Thanks for the clarification.

-- 
Alvaro Herrera (alvherre[a]dcc.uchile.cl)
XML! Exclaimed C++.  What are you doing here? You're not a programming
language.
Tell that to the people who use me, said XML.


---(end of broadcast)---
TIP 9: the planner will ignore your desire to choose an index scan if your
  joining column's datatypes do not match