NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitc9b0cbe

committed

Support having multiple Unix-domain sockets per postmaster.

Replace unix_socket_directory with unix_socket_directories, which is a listof socket directories, and adjust postmaster's code to allow zero or moreUnix-domain sockets to be created.This is mostly a straightforward change, but since the Unix sockets oughtto be created after the TCP/IP sockets for safety reasons (better chanceof detecting a port number conflict), AddToDataDirLockFile needs to befixed to support out-of-order updates of data directory lockfile lines.That's a change that had been foreseen to be necessary someday anyway.Honza Horak, reviewed and revised by Tom Lane

1 parent85642ec commitc9b0cbeCopy full SHA for c9b0cbe

File tree

17 files changed

+369

-126

lines changed

doc/src/sgml
src
- backend
  - libpq
    - pqcomm.c
  - postmaster
    - postmaster.c
  - tcop
    - postgres.c
  - utils
    - adt
      - varlena.c
    - init
      - miscinit.c
    - misc
      - guc.c
      - postgresql.conf.sample
- bin
  - initdb
    - initdb.c
  - pg_ctl
    - pg_ctl.c
- include
  - libpq
    - libpq.h
  - miscadmin.h
  - postmaster
    - postmaster.h
  - utils
    - builtins.h

17 files changed

+369

-126

lines changed

`‎doc/src/sgml/client-auth.sgml‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -838,7 +838,7 @@ omicron bryanh guest1`
`838`	`838`	`<varname>unix_socket_permissions</varname> (and possibly`
`839`	`839`	`<varname>unix_socket_group</varname>) configuration parameters as`
`840`	`840`	`described in <xref linkend="runtime-config-connection">. Or you`
`841`		`- could set the <varname>unix_socket_directory</varname>`
	`841`	`+ could set the <varname>unix_socket_directories</varname>`
`842`	`842`	`configuration parameter to place the socket file in a suitably`
`843`	`843`	`restricted directory.`
`844`	`844`	`</para>`

`‎doc/src/sgml/config.sgml‎`

Lines changed: 21 additions & 14 deletions

Original file line number	Diff line number	Diff line change
`@@ -445,17 +445,24 @@ SET ENABLE_SEQSCAN TO OFF;`
`445`	`445`	`</listitem>`
`446`	`446`	`</varlistentry>`
`447`	`447`
`448`		`- <varlistentry id="guc-unix-socket-directory" xreflabel="unix_socket_directory">`
`449`		`- <term><varname>unix_socket_directory</varname> (<type>string</type>)</term>`
	`448`	`+ <varlistentry id="guc-unix-socket-directories" xreflabel="unix_socket_directories">`
	`449`	`+ <term><varname>unix_socket_directories</varname> (<type>string</type>)</term>`
`450`	`450`	`<indexterm>`
`451`		`- <primary><varname>unix_socket_directory</> configuration parameter</primary>`
	`451`	`+ <primary><varname>unix_socket_directories</> configuration parameter</primary>`
`452`	`452`	`</indexterm>`
`453`	`453`	`<listitem>`
`454`	`454`	`<para>`
`455`		`- Specifies the directory of the Unix-domain socket on which the`
`456`		`- server is to listen for`
`457`		`- connections from client applications. The default is normally`
`458`		`- <filename>/tmp</filename>, but can be changed at build time.`
	`455`	`+ Specifies the directory of the Unix-domain socket(s) on which the`
	`456`	`+ server is to listen for connections from client applications.`
	`457`	`+ Multiple sockets can be created by listing multiple directories`
	`458`	`+ separated by commas. Whitespace between entries is`
	`459`	`+ ignored; surround a directory name with double quotes if you need`
	`460`	`+ to include whitespace or commas in the name.`
	`461`	`+ An empty value`
	`462`	`+ specifies not listening on any Unix-domain sockets, in which case`
	`463`	`+ only TCP/IP sockets can be used to connect to the server.`
	`464`	`+ The default value is normally`
	`465`	`+ <filename>/tmp</filename>, but that can be changed at build time.`
`459`	`466`	`This parameter can only be set at server start.`
`460`	`467`	`</para>`
`461`	`468`
`@@ -464,8 +471,8 @@ SET ENABLE_SEQSCAN TO OFF;`
`464`	`471`	`<literal>.s.PGSQL.<replaceable>nnnn</></literal> where`
`465`	`472`	`<replaceable>nnnn</> is the server's port number, an ordinary file`
`466`	`473`	`named <literal>.s.PGSQL.<replaceable>nnnn</>.lock</literal> will be`
`467`		`- created in the <varname>unix_socket_directory</>directory. Neither`
`468`		`- file should ever be removed manually.`
	`474`	`+ created ineach ofthe <varname>unix_socket_directories</>directories.`
	`475`	`+Neitherfile should ever be removed manually.`
`469`	`476`	`</para>`
`470`	`477`
`471`	`478`	`<para>`
`@@ -482,8 +489,8 @@ SET ENABLE_SEQSCAN TO OFF;`
`482`	`489`	`</indexterm>`
`483`	`490`	`<listitem>`
`484`	`491`	`<para>`
`485`		`- Sets the owning group of the Unix-domain socket. (The owning`
`486`		`- user of thesocket is always the user that starts the`
	`492`	`+ Sets the owning group of the Unix-domain socket(s). (The owning`
	`493`	`+ user of thesockets is always the user that starts the`
`487`	`494`	`server.) In combination with the parameter`
`488`	`495`	`<varname>unix_socket_permissions</varname> this can be used as`
`489`	`496`	`an additional access control mechanism for Unix-domain connections.`
`@@ -506,7 +513,7 @@ SET ENABLE_SEQSCAN TO OFF;`
`506`	`513`	`</indexterm>`
`507`	`514`	`<listitem>`
`508`	`515`	`<para>`
`509`		`- Sets the access permissions of the Unix-domain socket. Unix-domain`
	`516`	`+ Sets the access permissions of the Unix-domain socket(s). Unix-domain`
`510`	`517`	`sockets use the usual Unix file system permission set.`
`511`	`518`	`The parameter value is expected to be a numeric mode`
`512`	`519`	`specified in the format accepted by the`
`@@ -1852,7 +1859,7 @@ SET ENABLE_SEQSCAN TO OFF;`
`1852`	`1859`	`<varname>commit_delay</varname> behaved differently and was much`
`1853`	`1860`	`less effective: it affected only commits, rather than all WAL flushes,`
`1854`	`1861`	`and waited for the entire configured delay even if the WAL flush`
`1855`		`- was completed sooner. Beginning in <productname>PostgreSQL</> 9.3,`
	`1862`	`+ was completed sooner. Beginning in <productname>PostgreSQL</> 9.3,`
`1856`	`1863`	`the first process that becomes ready to flush waits for the configured`
`1857`	`1864`	`interval, while subsequent processes wait only until the leader`
`1858`	`1865`	`completes the flush. The default <varname>commit_delay</> is zero`
`@@ -6556,7 +6563,7 @@ LOG: CleanUpLock: deleting: lock(0xb7acd844) id(24688,24696,0,0,0,1)`
`6556`	`6563`	`</row>`
`6557`	`6564`	`<row>`
`6558`	`6565`	`<entry><option>-k <replaceable>x</replaceable></option></entry>`
`6559`		`- <entry><literal>unix_socket_directory = <replaceable>x</replaceable></></entry>`
	`6566`	`+ <entry><literal>unix_socket_directories = <replaceable>x</replaceable></></entry>`
`6560`	`6567`	`</row>`
`6561`	`6568`	`<row>`
`6562`	`6569`	`<entry><option>-l</option></entry>`

`‎doc/src/sgml/ref/postgres-ref.sgml‎`

Lines changed: 8 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -254,8 +254,14 @@ PostgreSQL documentation`
`254`	`254`	`<para>`
`255`	`255`	`Specifies the directory of the Unix-domain socket on which`
`256`	`256`	`<command>postgres</command> is to listen for`
`257`		`- connections from client applications. The default is normally`
`258`		`- <filename>/tmp</filename>, but can be changed at build time.`
	`257`	`+ connections from client applications. The value can also be a`
	`258`	`+ comma-separated list of directories. An empty value`
	`259`	`+ specifies not listening on any Unix-domain sockets, in which case`
	`260`	`+ only TCP/IP sockets can be used to connect to the server.`
	`261`	`+ The default value is normally`
	`262`	`+ <filename>/tmp</filename>, but that can be changed at build time.`
	`263`	`+ Specifying this option is equivalent to setting the <xref`
	`264`	`+ linkend="guc-unix-socket-directories"> configuration parameter.`
`259`	`265`	`</para>`
`260`	`266`	`</listitem>`
`261`	`267`	`</varlistentry>`

`‎doc/src/sgml/runtime.sgml‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1718,7 +1718,7 @@ pg_dumpall -p 5432 \| psql -d postgres -p 5433`
`1718`	`1718`	`<para>`
`1719`	`1719`	`The simplest way to prevent spoofing for <literal>local</>`
`1720`	`1720`	`connections is to use a Unix domain socket directory (<xref`
`1721`		`- linkend="guc-unix-socket-directory">) that has write permission only`
	`1721`	`+ linkend="guc-unix-socket-directories">) that has write permission only`
`1722`	`1722`	`for a trusted local user. This prevents a malicious user from creating`
`1723`	`1723`	`their own socket file in that directory. If you are concerned that`
`1724`	`1724`	`some applications might still reference <filename>/tmp</> for the`

`‎src/backend/libpq/pqcomm.c‎`

Lines changed: 61 additions & 31 deletions

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@`
`42`	`42`	`*StreamServerPort- Open postmaster's server port`
`43`	`43`	`*StreamConnection- Create new connection with client`
`44`	`44`	`*StreamClose- Close a client/backend connection`
`45`		`- *TouchSocketFile- Protect socketfile against /tmp cleaners`
	`45`	`+ *TouchSocketFiles- Protect socketfiles against /tmp cleaners`
`46`	`46`	`*pq_init- initialize libpq at backend startup`
`47`	`47`	`*pq_comm_reset- reset libpq during error recovery`
`48`	`48`	`*pq_close- shutdown libpq at backend exit`
`@@ -103,8 +103,8 @@ intUnix_socket_permissions;`
`103`	`103`	`char*Unix_socket_group;`
`104`	`104`
`105`	`105`
`106`		`-/* Where the Unix socketfile is */`
`107`		`-staticcharsock_path[MAXPGPATH];`
	`106`	`+/* Where the Unix socketfiles are (list of palloc'd strings) */`
	`107`	`+staticList*sock_paths=NIL;`
`108`	`108`
`109`	`109`
`110`	`110`	`/*`
`@@ -140,8 +140,8 @@ static intinternal_flush(void);`
`140`	`140`	`staticvoidpq_set_nonblocking(boolnonblocking);`
`141`	`141`
`142`	`142`	`#ifdefHAVE_UNIX_SOCKETS`
`143`		`-staticintLock_AF_UNIX(unsigned shortportNumber,char*unixSocketName);`
`144`		`-staticintSetup_AF_UNIX(void);`
	`143`	`+staticintLock_AF_UNIX(charunixSocketDir,charunixSocketPath);`
	`144`	`+staticintSetup_AF_UNIX(char*sock_path);`
`145`	`145`	`#endif/* HAVE_UNIX_SOCKETS */`
`146`	`146`
`147`	`147`
`@@ -234,29 +234,43 @@ pq_close(int code, Datum arg)`
`234`	`234`
`235`	`235`	`/* StreamDoUnlink()`
`236`	`236`	`* Shutdown routine for backend connection`
`237`		`- * Ifa Unixsocket is used for communication, explicitly closeit.`
	`237`	`+ * Ifany Unixsockets are used for communication, explicitly closethem.`
`238`	`238`	`*/`
`239`	`239`	`#ifdefHAVE_UNIX_SOCKETS`
`240`	`240`	`staticvoid`
`241`	`241`	`StreamDoUnlink(intcode,Datumarg)`
`242`	`242`	`{`
`243`		`-Assert(sock_path[0]);`
`244`		`-unlink(sock_path);`
	`243`	`+ListCell*l;`
	`244`	`+`
	`245`	`+/* Loop through all created sockets... */`
	`246`	`+foreach(l,sock_paths)`
	`247`	`+{`
	`248`	`+charsock_path= (char)lfirst(l);`
	`249`	`+`
	`250`	`+unlink(sock_path);`
	`251`	`+}`
	`252`	`+/* Since we're about to exit, no need to reclaim storage */`
	`253`	`+sock_paths=NIL;`
`245`	`254`	`}`
`246`	`255`	`#endif/* HAVE_UNIX_SOCKETS */`
`247`	`256`
`248`	`257`	`/*`
`249`	`258`	`* StreamServerPort -- open a "listening" port to accept connections.`
`250`	`259`	`*`
`251`		`- * Successfully opened sockets are added to the ListenSocket[] array,`
`252`		`- * at the first position that isn't PGINVALID_SOCKET.`
	`260`	`+ * family should be AF_UNIX or AF_UNSPEC; portNumber is the port number.`
	`261`	`+ * For AF_UNIX ports, hostName should be NULL and unixSocketDir must be`
	`262`	`+ * specified. For TCP ports, hostName is either NULL for all interfaces or`
	`263`	`+ * the interface to listen on, and unixSocketDir is ignored (can be NULL).`
	`264`	`+ *`
	`265`	`+ * Successfully opened sockets are added to the ListenSocket[] array (of`
	`266`	`+ * length MaxListen), at the first position that isn't PGINVALID_SOCKET.`
`253`	`267`	`*`
`254`	`268`	`* RETURNS: STATUS_OK or STATUS_ERROR`
`255`	`269`	`*/`
`256`	`270`
`257`	`271`	`int`
`258`	`272`	`StreamServerPort(intfamily,char*hostName,unsigned shortportNumber,`
`259`		`-char*unixSocketName,`
	`273`	`+char*unixSocketDir,`
`260`	`274`	`pgsocketListenSocket[],intMaxListen)`
`261`	`275`	`{`
`262`	`276`	`pgsocketfd;`
`@@ -273,6 +287,9 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber,`
`273`	`287`	`intlisten_index=0;`
`274`	`288`	`intadded=0;`
`275`	`289`
	`290`	`+#ifdefHAVE_UNIX_SOCKETS`
	`291`	`+charunixSocketPath[MAXPGPATH];`
	`292`	`+#endif`
`276`	`293`	`#if !defined(WIN32)\|\| defined(IPV6_V6ONLY)`
`277`	`294`	`intone=1;`
`278`	`295`	`#endif`
`@@ -286,10 +303,14 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber,`
`286`	`303`	`#ifdefHAVE_UNIX_SOCKETS`
`287`	`304`	`if (family==AF_UNIX)`
`288`	`305`	`{`
`289`		`-/* Lock_AF_UNIX will also fill in sock_path. */`
`290`		`-if (Lock_AF_UNIX(portNumber,unixSocketName)!=STATUS_OK)`
	`306`	`+/*`
	`307`	`+ * Create unixSocketPath from portNumber and unixSocketDir and lock`
	`308`	`+ * that file path`
	`309`	`+ */`
	`310`	`+UNIXSOCK_PATH(unixSocketPath,portNumber,unixSocketDir);`
	`311`	`+if (Lock_AF_UNIX(unixSocketDir,unixSocketPath)!=STATUS_OK)`
`291`	`312`	`returnSTATUS_ERROR;`
`292`		`-service=sock_path;`
	`313`	`+service=unixSocketPath;`
`293`	`314`	`}`
`294`	`315`	`else`
`295`	`316`	`#endif/* HAVE_UNIX_SOCKETS */`
`@@ -432,7 +453,7 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber,`
`432`	`453`	`(IS_AF_UNIX(addr->ai_family)) ?`
`433`	`454`	`errhint("Is another postmaster already running on port %d?"`
`434`	`455`	`" If not, remove socket file \"%s\" and retry.",`
`435`		`- (int)portNumber,sock_path) :`
	`456`	`+ (int)portNumber,service) :`
`436`	`457`	`errhint("Is another postmaster already running on port %d?"`
`437`	`458`	`" If not, wait a few seconds and retry.",`
`438`	`459`	`(int)portNumber)));`
`@@ -443,7 +464,7 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber,`
`443`	`464`	`#ifdefHAVE_UNIX_SOCKETS`
`444`	`465`	`if (addr->ai_family==AF_UNIX)`
`445`	`466`	`{`
`446`		`-if (Setup_AF_UNIX()!=STATUS_OK)`
	`467`	`+if (Setup_AF_UNIX(service)!=STATUS_OK)`
`447`	`468`	`{`
`448`	`469`	`closesocket(fd);`
`449`	`470`	`break;`
`@@ -490,10 +511,8 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber,`
`490`	`511`	`* Lock_AF_UNIX -- configure unix socket file path`
`491`	`512`	`*/`
`492`	`513`	`staticint`
`493`		`-Lock_AF_UNIX(unsigned shortportNumber,char*unixSocketName)`
	`514`	`+Lock_AF_UNIX(charunixSocketDir,charunixSocketPath)`
`494`	`515`	`{`
`495`		`-UNIXSOCK_PATH(sock_path,portNumber,unixSocketName);`
`496`		`-`
`497`	`516`	`/*`
`498`	`517`	`* Grab an interlock file associated with the socket file.`
`499`	`518`	`*`
`@@ -502,13 +521,23 @@ Lock_AF_UNIX(unsigned short portNumber, char *unixSocketName)`
`502`	`521`	`* more portable, and second, it lets us remove any pre-existing socket`
`503`	`522`	`* file without race conditions.`
`504`	`523`	`*/`
`505`		`-CreateSocketLockFile(sock_path, true);`
	`524`	`+CreateSocketLockFile(unixSocketPath, true,unixSocketDir);`
`506`	`525`
`507`	`526`	`/*`
`508`	`527`	`* Once we have the interlock, we can safely delete any pre-existing`
`509`	`528`	`* socket file to avoid failure at bind() time.`
`510`	`529`	`*/`
`511`		`-unlink(sock_path);`
	`530`	`+unlink(unixSocketPath);`
	`531`	`+`
	`532`	`+/*`
	`533`	`+ * Arrange to unlink the socket file(s) at proc_exit. If this is the`
	`534`	`+ * first one, set up the on_proc_exit function to do it; then add this`
	`535`	`+ * socket file to the list of files to unlink.`
	`536`	`+ */`
	`537`	`+if (sock_paths==NIL)`
	`538`	`+on_proc_exit(StreamDoUnlink,0);`
	`539`	`+`
	`540`	`+sock_paths=lappend(sock_paths,pstrdup(unixSocketPath));`
`512`	`541`
`513`	`542`	`returnSTATUS_OK;`
`514`	`543`	`}`
`@@ -518,11 +547,8 @@ Lock_AF_UNIX(unsigned short portNumber, char *unixSocketName)`
`518`	`547`	`* Setup_AF_UNIX -- configure unix socket permissions`
`519`	`548`	`*/`
`520`	`549`	`staticint`
`521`		`-Setup_AF_UNIX(void)`
	`550`	`+Setup_AF_UNIX(char*sock_path)`
`522`	`551`	`{`
`523`		`-/* Arrange to unlink the socket file at exit */`
`524`		`-on_proc_exit(StreamDoUnlink,0);`
`525`		`-`
`526`	`552`	`/*`
`527`	`553`	`* Fix socket ownership/permission if requested. Note we must do this`
`528`	`554`	`* before we listen() to avoid a window where unwanted connections could`
`@@ -704,20 +730,24 @@ StreamClose(pgsocket sock)`
`704`	`730`	`}`
`705`	`731`
`706`	`732`	`/*`
`707`		`- *TouchSocketFile -- mark socketfile as recently accessed`
	`733`	`+ *TouchSocketFiles -- mark socketfiles as recently accessed`
`708`	`734`	`*`
`709`	`735`	`* This routine should be called every so often to ensure that the socket`
`710`		`- *file has a recent mod date (ordinary operations on sockets usually won't`
`711`		`- * change the mod date). That savesit from being removed by`
	`736`	`+ *files have a recent mod date (ordinary operations on sockets usually won't`
	`737`	`+ * change the mod date). That savesthem from being removed by`
`712`	`738`	`* overenthusiastic /tmp-directory-cleaner daemons. (Another reason we should`
`713`	`739`	`* never have put the socket file in /tmp...)`
`714`	`740`	`*/`
`715`	`741`	`void`
`716`		`-TouchSocketFile(void)`
	`742`	`+TouchSocketFiles(void)`
`717`	`743`	`{`
`718`		`-/* Do nothing if we did not create a socket... */`
`719`		`-if (sock_path[0]!='\0')`
	`744`	`+ListCell*l;`
	`745`	`+`
	`746`	`+/* Loop through all created sockets... */`
	`747`	`+foreach(l,sock_paths)`
`720`	`748`	`{`
	`749`	`+charsock_path= (char)lfirst(l);`
	`750`	`+`
`721`	`751`	`/*`
`722`	`752`	`* utime() is POSIX standard, utimes() is a common alternative. If we`
`723`	`753`	`* have neither, there's no way to affect the mod or access time of`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitc9b0cbe

File tree

17 files changed

17 files changed

`‎doc/src/sgml/client-auth.sgml‎`

`‎doc/src/sgml/config.sgml‎`

`‎doc/src/sgml/ref/postgres-ref.sgml‎`

`‎doc/src/sgml/runtime.sgml‎`

`‎src/backend/libpq/pqcomm.c‎`

0 commit comments