[glom] Self hosting: Avoid use of unix-domain sockets.

From: Murray Cumming <murrayc src gnome org>
To: commits-list gnome org
Cc:
Subject: [glom] Self hosting: Avoid use of unix-domain sockets.
Date: Thu, 25 Oct 2012 19:32:48 +0000 (UTC)
commit 145bc61b7fde6048884a8e94174ba9b412d3e24e
Author: Murray Cumming <murrayc murrayc com>
Date:   Thu Oct 25 21:32:41 2012 +0200

    Self hosting: Avoid use of unix-domain sockets.
    
            * glom/libglom/connectionpool_backends/postgres_self.cc:
    Use -k '' with the postgres executable, and remove any local lines in
    pg_hba.conf, to (hopefully, presumably) allow only TCP connections
    and no unix-domain socket connections.
    This avoids the new restricitons on the characters allowed in the
    path given to -k (unix_socket_directory or unix_socket_directories
    in postgresql.conf).
    Therefore, this fixes the tests on Fedora 17.

 ChangeLog                                          |   13 +++++++++++
 .../connectionpool_backends/postgres_self.cc       |   22 ++++++++++---------
 2 files changed, 25 insertions(+), 10 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index d579431..99432f0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2012-10-25  Murray Cumming  <murrayc murrayc com>
+
+        Self hosting: Avoid use of unix-domain sockets.
+
+        * glom/libglom/connectionpool_backends/postgres_self.cc:
+	Use -k '' with the postgres executable, and remove any local lines in
+	pg_hba.conf, to (hopefully, presumably) allow only TCP connections
+	and no unix-domain socket connections.
+	This avoids the new restricitons on the characters allowed in the 
+	path given to -k (unix_socket_directory or unix_socket_directories 
+	in postgresql.conf).
+	Therefore, this fixes the tests on Fedora 17.
+
 2012-08-31  Murray Cumming  <murrayc murrayc com>
 
         Catch exceptions when updating the libgda metastore.
diff --git a/glom/libglom/connectionpool_backends/postgres_self.cc b/glom/libglom/connectionpool_backends/postgres_self.cc
index a6ad01b..ee4b1b0 100644
--- a/glom/libglom/connectionpool_backends/postgres_self.cc
+++ b/glom/libglom/connectionpool_backends/postgres_self.cc
@@ -67,11 +67,9 @@ namespace ConnectionPoolBackends
 #define DEFAULT_CONFIG_PG_HBA_LOCAL_8p3 \
 "# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD\n" \
 "\n" \
-"# local is for Unix domain socket connections only\n" \
 "# trust allows connection from the current PC without a password:\n" \
-"local   all         all                               trust\n" \
-"local   all         all                               ident sameuser\n" \
-"local   all         all                               md5\n" \
+"host    all         all         127.0.0.1    255.255.255.255    trust\n" \
+"host    all         all         ::1/128               trust\n" \
 "\n" \
 "# TCP connections from the same computer, with a password:\n" \
 "host    all         all         127.0.0.1    255.255.255.255    md5\n" \
@@ -81,11 +79,9 @@ namespace ConnectionPoolBackends
 #define DEFAULT_CONFIG_PG_HBA_LOCAL_8p4 \
 "# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD\n" \
 "\n" \
-"# local is for Unix domain socket connections only\n" \
 "# trust allows connection from the current PC without a password:\n" \
-"local   all         all                               trust\n" \
-"local   all         all                               ident\n" \
-"local   all         all                               md5\n" \
+"host    all         all         127.0.0.1    255.255.255.255    trust\n" \
+"host    all         all         ::1/128               trust\n" \
 "\n" \
 "# TCP connections from the same computer, with a password:\n" \
 "host    all         all         127.0.0.1    255.255.255.255    md5\n" \
@@ -430,10 +426,16 @@ Backend::StartupErrors PostgresSelfHosted::startup(const SlotProgress& slot_prog
   const std::string dbdir_pid = Glib::build_filename(dbdir, "pid");
   const std::string command_postgres_start = get_path_to_postgres_executable("postgres") + " -D " + Glib::shell_quote(dbdir_data)
                                   + " -p " + port_as_text
-                                  + " -i " //Equivalent to -h "*", which in turn is equivalent to listen_addresses in postgresql.conf. Listen to all IP addresses, so any client can connect (with a username+password)
+                                  + " -i " //Equivalent to -h "*", which in turn is equivalent to listen_addresses in postgresql.conf. Listen to all IP addresses, so any client can connect (with a username+password). TODO: -i is deprecated in favour of -h
                                   + " -c hba_file=" + Glib::shell_quote(dbdir_hba)
                                   + " -c ident_file=" + Glib::shell_quote(dbdir_ident)
-                                  + " -k " + Glib::shell_quote(dbdir)
+
+                                  // This seems to be a way to disable unix sockets.
+                                  // See http://archives.postgresql.org/pgsql-general/2012-10/msg00727.php
+                                  // Recent versions of PostgreSQL (patched 9.1 in Fedora)
+                                  // do not allow some unusual characters in the path, so it is better to avoid it altogether.
+                                  + " -k ''"
+
                                   + " --external_pid_file=" + Glib::shell_quote(dbdir_pid);
   //std::cout << G_STRFUNC << ": debug: " << command_postgres_start << std::endl;
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]