Re: [HACKERS] .pgpass file and unix domain sockets

hackers - any opinions?

The biggest downside would be that a pgpass file would be version
specific for this feature. The badness of this is somewhat mitigated by
the ability we now have to specify an alternative pgpassfile location.

cheers

andrew

-------- Original Message --------
Subject: Re: [PATCHES] .pgpass file and unix domain sockets
Date: Tue, 16 May 2006 12:16:53 -0400
From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Andrew Dunstan <andrew(at)dunslane(dot)net>
CC: Joachim Wieland <joe(at)mcknight(dot)de>, pgsql-patches(at)postgresql(dot)org
References: <20060516122554(dot)GA4009(at)mcknight(dot)de>
<11676(dot)1147787022(at)sss(dot)pgh(dot)pa(dot)us> <4469F499(dot)1040002(at)dunslane(dot)net>
<13302(dot)1147795016(at)sss(dot)pgh(dot)pa(dot)us> <4469FA5A(dot)3090504(at)dunslane(dot)net>

Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> Tom Lane wrote:
>> Personally I wouldn't object to making it match "localhost" in all
>> cases. That's what the documentation says, and the use-case for
>> doing something more complicated seems pretty thin.

> I almost agree. If anything, I'd prefer to provide for an explicit entry
> covering all Unix Domain sockets - it took me by some surprise to find a
> while back that "localhost" covers that case - it seems a mismatch with
> how pg_hba.conf works.

Well, that'd break existing .pgpass files (unless we match localhost
too, which seems to defeat the purpose). But maybe it's worth doing
for consistency's sake. I think we should bring it up on a more
widely read list than -patches if you want to propose a
non-backwards-compatible change ...

Uh, why wouldn't we allow "localhost" to match the default unix domain
socket name, as well as an empty hostname? If you specify a non-default
location, you then have to specify the full path.

---------------------------------------------------------------------------

Andrew Dunstan wrote:
>
> hackers - any opinions?
>
> The biggest downside would be that a pgpass file would be version
> specific for this feature. The badness of this is somewhat mitigated by
> the ability we now have to specify an alternative pgpassfile location.
>
> cheers
>
> andrew
>
> -------- Original Message --------
> Subject: Re: [PATCHES] .pgpass file and unix domain sockets
> Date: Tue, 16 May 2006 12:16:53 -0400
> From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
> To: Andrew Dunstan <andrew(at)dunslane(dot)net>
> CC: Joachim Wieland <joe(at)mcknight(dot)de>, pgsql-patches(at)postgresql(dot)org
> References: <20060516122554(dot)GA4009(at)mcknight(dot)de>
> <11676(dot)1147787022(at)sss(dot)pgh(dot)pa(dot)us> <4469F499(dot)1040002(at)dunslane(dot)net>
> <13302(dot)1147795016(at)sss(dot)pgh(dot)pa(dot)us> <4469FA5A(dot)3090504(at)dunslane(dot)net>
>
>
>
> Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> > Tom Lane wrote:
> >> Personally I wouldn't object to making it match "localhost" in all
> >> cases. That's what the documentation says, and the use-case for
> >> doing something more complicated seems pretty thin.
>
> > I almost agree. If anything, I'd prefer to provide for an explicit entry
> > covering all Unix Domain sockets - it took me by some surprise to find a
> > while back that "localhost" covers that case - it seems a mismatch with
> > how pg_hba.conf works.
>
> Well, that'd break existing .pgpass files (unless we match localhost
> too, which seems to defeat the purpose). But maybe it's worth doing
> for consistency's sake. I think we should bring it up on a more
> widely read list than -patches if you want to propose a
> non-backwards-compatible change ...
>
>
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
> message can get through to the mailing list cleanly
>

--
Bruce Momjian http://candle.pha.pa.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

I have implemented the idea I listed below, patch attached.

---------------------------------------------------------------------------

Bruce Momjian wrote:
>
> Uh, why wouldn't we allow "localhost" to match the default unix domain
> socket name, as well as an empty hostname? If you specify a non-default
> location, you then have to specify the full path.
>
> ---------------------------------------------------------------------------
>
> Andrew Dunstan wrote:
> >
> > hackers - any opinions?
> >
> > The biggest downside would be that a pgpass file would be version
> > specific for this feature. The badness of this is somewhat mitigated by
> > the ability we now have to specify an alternative pgpassfile location.
> >
> > cheers
> >
> > andrew
> >
> > -------- Original Message --------
> > Subject: Re: [PATCHES] .pgpass file and unix domain sockets
> > Date: Tue, 16 May 2006 12:16:53 -0400
> > From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
> > To: Andrew Dunstan <andrew(at)dunslane(dot)net>
> > CC: Joachim Wieland <joe(at)mcknight(dot)de>, pgsql-patches(at)postgresql(dot)org
> > References: <20060516122554(dot)GA4009(at)mcknight(dot)de>
> > <11676(dot)1147787022(at)sss(dot)pgh(dot)pa(dot)us> <4469F499(dot)1040002(at)dunslane(dot)net>
> > <13302(dot)1147795016(at)sss(dot)pgh(dot)pa(dot)us> <4469FA5A(dot)3090504(at)dunslane(dot)net>
> >
> >
> >
> > Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> > > Tom Lane wrote:
> > >> Personally I wouldn't object to making it match "localhost" in all
> > >> cases. That's what the documentation says, and the use-case for
> > >> doing something more complicated seems pretty thin.
> >
> > > I almost agree. If anything, I'd prefer to provide for an explicit entry
> > > covering all Unix Domain sockets - it took me by some surprise to find a
> > > while back that "localhost" covers that case - it seems a mismatch with
> > > how pg_hba.conf works.
> >
> > Well, that'd break existing .pgpass files (unless we match localhost
> > too, which seems to defeat the purpose). But maybe it's worth doing
> > for consistency's sake. I think we should bring it up on a more
> > widely read list than -patches if you want to propose a
> > non-backwards-compatible change ...
> >
> >
> >
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 1: if posting/reading through Usenet, please send an appropriate
> > subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
> > message can get through to the mailing list cleanly
> >
>
> --
> Bruce Momjian http://candle.pha.pa.us
> EnterpriseDB http://www.enterprisedb.com
>
> + If your life is a hard drive, Christ can be your backup. +
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
> message can get through to the mailing list cleanly
>

--
Bruce Momjian http://candle.pha.pa.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

Patch applied. It will appear in 8.2.

---------------------------------------------------------------------------

Bruce Momjian wrote:
>
> I have implemented the idea I listed below, patch attached.
>
> ---------------------------------------------------------------------------
>
> Bruce Momjian wrote:
> >
> > Uh, why wouldn't we allow "localhost" to match the default unix domain
> > socket name, as well as an empty hostname? If you specify a non-default
> > location, you then have to specify the full path.
> >
> > ---------------------------------------------------------------------------
> >
> > Andrew Dunstan wrote:
> > >
> > > hackers - any opinions?
> > >
> > > The biggest downside would be that a pgpass file would be version
> > > specific for this feature. The badness of this is somewhat mitigated by
> > > the ability we now have to specify an alternative pgpassfile location.
> > >
> > > cheers
> > >
> > > andrew
> > >
> > > -------- Original Message --------
> > > Subject: Re: [PATCHES] .pgpass file and unix domain sockets
> > > Date: Tue, 16 May 2006 12:16:53 -0400
> > > From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
> > > To: Andrew Dunstan <andrew(at)dunslane(dot)net>
> > > CC: Joachim Wieland <joe(at)mcknight(dot)de>, pgsql-patches(at)postgresql(dot)org
> > > References: <20060516122554(dot)GA4009(at)mcknight(dot)de>
> > > <11676(dot)1147787022(at)sss(dot)pgh(dot)pa(dot)us> <4469F499(dot)1040002(at)dunslane(dot)net>
> > > <13302(dot)1147795016(at)sss(dot)pgh(dot)pa(dot)us> <4469FA5A(dot)3090504(at)dunslane(dot)net>
> > >
> > >
> > >
> > > Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> > > > Tom Lane wrote:
> > > >> Personally I wouldn't object to making it match "localhost" in all
> > > >> cases. That's what the documentation says, and the use-case for
> > > >> doing something more complicated seems pretty thin.
> > >
> > > > I almost agree. If anything, I'd prefer to provide for an explicit entry
> > > > covering all Unix Domain sockets - it took me by some surprise to find a
> > > > while back that "localhost" covers that case - it seems a mismatch with
> > > > how pg_hba.conf works.
> > >
> > > Well, that'd break existing .pgpass files (unless we match localhost
> > > too, which seems to defeat the purpose). But maybe it's worth doing
> > > for consistency's sake. I think we should bring it up on a more
> > > widely read list than -patches if you want to propose a
> > > non-backwards-compatible change ...
> > >
> > >
> > >
> > >
> > >
> > > ---------------------------(end of broadcast)---------------------------
> > > TIP 1: if posting/reading through Usenet, please send an appropriate
> > > subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
> > > message can get through to the mailing list cleanly
> > >
> >
> > --
> > Bruce Momjian http://candle.pha.pa.us
> > EnterpriseDB http://www.enterprisedb.com
> >
> > + If your life is a hard drive, Christ can be your backup. +
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 1: if posting/reading through Usenet, please send an appropriate
> > subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
> > message can get through to the mailing list cleanly
> >
>
> --
> Bruce Momjian http://candle.pha.pa.us
> EnterpriseDB http://www.enterprisedb.com
>
> + If your life is a hard drive, Christ can be your backup. +

> Index: doc/src/sgml/libpq.sgml
> ===================================================================
> RCS file: /cvsroot/pgsql/doc/src/sgml/libpq.sgml,v
> retrieving revision 1.208
> diff -c -c -r1.208 libpq.sgml
> *** doc/src/sgml/libpq.sgml 6 May 2006 16:25:11 -0000 1.208
> --- doc/src/sgml/libpq.sgml 17 May 2006 01:52:40 -0000
> ***************
> *** 4000,4008 ****
> entries first when you are using wildcards.)
> If an entry needs to contain <literal>:</literal> or
> <literal>\</literal>, escape this character with <literal>\</literal>.
> ! A hostname of <literal>localhost</> matches both <literal>host</> (TCP)
> ! and <literal>local</> (Unix domain socket) connections coming from the
> ! local machine.
> </para>
>
> <para>
> --- 4000,4008 ----
> entries first when you are using wildcards.)
> If an entry needs to contain <literal>:</literal> or
> <literal>\</literal>, escape this character with <literal>\</literal>.
> ! A hostname of <literal>localhost</> matches both TCP <literal>host</> (hostname <literal>localhost</>)
> ! and Unix domain socket <literal>local</> (<literal>pghost</> empty or the default socket directory)
> ! connections coming from the local machine.
> </para>
>
> <para>
> Index: src/interfaces/libpq/fe-connect.c
> ===================================================================
> RCS file: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v
> retrieving revision 1.328
> diff -c -c -r1.328 fe-connect.c
> *** src/interfaces/libpq/fe-connect.c 14 Mar 2006 22:48:23 -0000 1.328
> --- src/interfaces/libpq/fe-connect.c 17 May 2006 01:52:59 -0000
> ***************
> *** 3106,3114 ****
> --- 3106,3129 ----
> if (username == NULL || strlen(username) == 0)
> return NULL;
>
> + /* 'localhost' matches pghost of '' or the default socket directory */
> if (hostname == NULL)
> hostname = DefaultHost;
> + else if (is_absolute_path(hostname))
> + {
> + char canon_host[MAXPGPATH];
> + char canon_def_socket[MAXPGPATH];
> +
> + StrNCpy(canon_host, hostname, MAXPGPATH);
> + StrNCpy(canon_def_socket, DEFAULT_PGSOCKET_DIR, MAXPGPATH);
>
> + canonicalize_path(canon_host);
> + canonicalize_path(canon_def_socket);
> +
> + if (strcmp(canon_host, canon_def_socket) == 0)
> + hostname = DefaultHost;
> + }
> +
> if (port == NULL)
> port = DEF_PGPORT_STR;
>

>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faq

--
Bruce Momjian http://candle.pha.pa.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +