diff options
author | Tom Lane <tgl@sss.pgh.pa.us> | 2004-03-23 01:23:48 +0000 |
---|---|---|
committer | Tom Lane <tgl@sss.pgh.pa.us> | 2004-03-23 01:23:48 +0000 |
commit | 2e45c143ef5963aa0f705350a017404c9b107f27 (patch) | |
tree | 7f3a3a56615529c3e83e595e68e27ea575740b9c | |
parent | 0d88dd1e50a9b0fc907936627baec70e0dcf63f0 (diff) |
Replace the virtual_host and tcpip_socket parameters with a unified
listen_addresses parameter, as per recent discussion. The default behavior
is now to listen on localhost, which eliminates the need for the -i
postmaster switch in many scenarios.
Andrew Dunstan
-rw-r--r-- | doc/FAQ_QNX4 | 9 | ||||
-rw-r--r-- | doc/src/sgml/client-auth.sgml | 34 | ||||
-rw-r--r-- | doc/src/sgml/ref/postmaster.sgml | 35 | ||||
-rw-r--r-- | doc/src/sgml/runtime.sgml | 79 | ||||
-rw-r--r-- | src/backend/postmaster/postmaster.c | 117 | ||||
-rw-r--r-- | src/backend/utils/misc/guc.c | 18 | ||||
-rw-r--r-- | src/backend/utils/misc/postgresql.conf.sample | 6 | ||||
-rw-r--r-- | src/bin/psql/tab-complete.c | 3 | ||||
-rw-r--r-- | src/include/miscadmin.h | 5 |
9 files changed, 147 insertions, 159 deletions
diff --git a/doc/FAQ_QNX4 b/doc/FAQ_QNX4 index 19ad033d5b7..a7eb083e993 100644 --- a/doc/FAQ_QNX4 +++ b/doc/FAQ_QNX4 @@ -1,6 +1,6 @@ PostgreSQL on QNX 4 -------------------- -last updated: $Date: 2002/07/09 04:47:07 $ +last updated: $Date: 2004/03/23 01:23:47 $ current maintainer: Bernd Tegge (tegge@repas-aeg.de) original author: Andreas Kardos (kardos@repas-aeg.de) @@ -23,10 +23,9 @@ functionality cannot be used. Shared library support could probably be implemented in future. QNX 4 does not support UNIX domain sockets. Clients must use TCP/IP -sockets. Therefore you either have to set "tcpip_socket = true" in -your postgresql.conf or to start postmaster with the -i option. -Furthermore it's advisable to set to set the PGHOST or SOCK environment -variable for postmaster in an environment using native QNX networking. +sockets. Therefore, do not set "listen_addresses" to empty in your +postgresql.conf file. In fact, it's advisable to explicitly set +"listen_addresses" in an environment using native QNX networking. Otherwise the postmaster might not use the IP-Address you think it does :-) Prerequisites: diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index 4b7846e34f6..d93e03f8e5f 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1,5 +1,5 @@ <!-- -$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.64 2004/03/09 16:57:46 neilc Exp $ +$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.65 2004/03/23 01:23:48 tgl Exp $ --> <chapter id="client-authentication"> @@ -112,13 +112,19 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable> <listitem> <para> This record matches connection attempts made using TCP/IP. - Note that TCP/IP connections are disabled unless the server is - started with the <option>-i</option> option or the <xref - linkend="guc-tcpip-socket"> configuration parameter is - enabled. <literal>host</literal> records match either + <literal>host</literal> records match either <acronym>SSL</acronym> or non-<acronym>SSL</acronym> connection attempts. </para> + <note> + <para> + Remote TCP/IP connections will not be possible unless + the server is started with an appropriate value for the + <xref linkend="guc-listen-addresses"> configuration parameter, + since the default behavior is to listen for TCP/IP connections + only on the local loopback address <literal>localhost</>. + </para> + </note> </listitem> </varlistentry> @@ -126,17 +132,17 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable> <term><literal>hostssl</literal></term> <listitem> <para> - This record matches connection attempts made using TCP/IP. In - addition, this record requires that the connection is made with - <acronym>SSL</acronym>. + This record matches connection attempts made using TCP/IP, + but only when the connection is made with <acronym>SSL</acronym> + encryption. </para> <para> To make use of this option the server must be built with - <acronym>SSL</acronym> support enabled. Furthermore, - <acronym>SSL</acronym> must be enabled by setting the <xref - linkend="guc-ssl"> configuration parameter (see <xref - linkend="ssl-tcp"> for more information). + <acronym>SSL</acronym> support. Furthermore, + <acronym>SSL</acronym> must be enabled at server start time + by setting the <xref linkend="guc-ssl"> configuration parameter (see + <xref linkend="ssl-tcp"> for more information). </para> </listitem> </varlistentry> @@ -146,8 +152,8 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable> <listitem> <para> This record is similar to <literal>hostssl</> but with the - opposite logic: it only matches connection attempts made over - TCP/IP that do not use <acronym>SSL</acronym>. + opposite logic: it only matches connection attempts made over + TCP/IP that do not use <acronym>SSL</acronym>. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/postmaster.sgml b/doc/src/sgml/ref/postmaster.sgml index 2affe14d613..cf74272b9bc 100644 --- a/doc/src/sgml/ref/postmaster.sgml +++ b/doc/src/sgml/ref/postmaster.sgml @@ -1,5 +1,5 @@ <!-- -$PostgreSQL: pgsql/doc/src/sgml/ref/postmaster.sgml,v 1.46 2004/03/09 16:57:47 neilc Exp $ +$PostgreSQL: pgsql/doc/src/sgml/ref/postmaster.sgml,v 1.47 2004/03/23 01:23:48 tgl Exp $ PostgreSQL documentation --> @@ -165,11 +165,17 @@ PostgreSQL documentation <term><option>-h <replaceable class="parameter">hostname</replaceable></option></term> <listitem> <para> - Specifies the IP host name or address on which the - <command>postmaster</command> is to listen for - connections from client applications. Defaults to - listening on all configured addresses (including - <systemitem class="systemname">localhost</systemitem>). + Specifies the IP host name or address on which the + <command>postmaster</command> is to listen for TCP/IP + connections from client applications. The value can also be + a space-separated list of addresses, or <literal>*</> to specify + listening on all available interfaces. An empty value specifies + not listening on any IP addresses, in which case only Unix-domain + sockets can be used to connect to the <command>postmaster</command>. + Defaults to listening only + on <systemitem class="systemname">localhost</systemitem>. + This option is equivalent to setting <literal>listen_addresses</> in + <filename>postgresql.conf</>. </para> </listitem> </varlistentry> @@ -178,14 +184,16 @@ PostgreSQL documentation <term><option>-i</option></term> <listitem> <para> - Allows clients to connect via TCP/IP (Internet domain) - connections. Without this option, only local Unix domain - socket connections are accepted. This option corresponds - to setting <literal>tcpip_socket=true</> in <filename>postgresql.conf</>. + Allows remote clients to connect via TCP/IP (Internet domain) + connections. Without this option, only local connections are + accepted. This option is equivalent to setting + <literal>listen_addresses</> to <literal>*</> in + <filename>postgresql.conf</> or via <option>-h</>. </para> <para> - <option>--tcpip-socket=false</option> has the opposite - effect of this option. + This option is deprecated since it does not allow access to the + full functionality of <literal>listen_addresses</>. It's usually + better to set <literal>listen_addresses</> directly. </para> </listitem> </varlistentry> @@ -206,8 +214,7 @@ PostgreSQL documentation <term><option>-l</option></term> <listitem> <para> - Enables secure connections using SSL. The <option>-i</option> - option is also required. You must have compiled with SSL + Enables secure connections using SSL. You must have compiled with SSL enabled to use this option. </para> </listitem> diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index 1469d7be532..7b56e192575 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -1,5 +1,5 @@ <!-- -$PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.251 2004/03/15 17:57:51 momjian Exp $ +$PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.252 2004/03/23 01:23:48 tgl Exp $ --> <Chapter Id="runtime"> @@ -186,11 +186,7 @@ $ <userinput>postmaster -D /usr/local/pgsql/data >logfile 2>&1 &</ <para> The <command>postmaster</command> also takes a number of other command line options. For more information, see the reference page - and <xref linkend="runtime-config"> below. In particular, in order - for the server to accept - TCP/IP<indexterm><primary>TCP/IP</primary></indexterm> connections - (rather than just Unix-domain socket ones), you must specify the - <option>-i</option> option. + and <xref linkend="runtime-config"> below. </para> <para> @@ -333,7 +329,7 @@ FATAL: could not create TCP/IP listen socket be a different problem. For example, trying to start a <command>postmaster</command> on a reserved port number may draw something like: <screen> -$ <userinput>postmaster -i -p 666</userinput> +$ <userinput>postmaster -p 666</userinput> LOG: could not bind IPv4 socket: Permission denied HINT: Is another postmaster already running on port 666? If not, wait a few seconds and retry. FATAL: could not create TCP/IP listen socket @@ -570,19 +566,38 @@ SET ENABLE_SEQSCAN TO OFF; <title>Connection Settings</title> <variablelist> - - <varlistentry id="guc-tcpip-socket" xreflabel="tcpip_socket"> - <term><varname>tcpip_socket</varname> (<type>boolean</type>)</term> + + <varlistentry id="guc-listen-addresses" xreflabel="listen_addresses"> + <term><varname>listen_addresses</varname> (<type>string</type>)</term> <listitem> <para> - If this is true, then the server will accept TCP/IP connections.<indexterm><primary>TCP/IP</></> - Otherwise only local Unix domain socket connections are - accepted. It is off by default. This option can only be set at - server start. + Specifies the TCP/IP address(es) on which the server is + to listen for connections from client applications. + The value takes the form of a space-separated list of host names + and/or numeric IP addresses. The special entry <literal>*</> + corresponds to all available IP interfaces. + If the list is empty, the server does not listen on any IP interface + at all, in which case only Unix-domain sockets can be used to connect + to it. + The default value is <systemitem class="systemname">localhost</>, + which allows only local <quote>loopback</> connections to be made. + This parameter can only be set at server start. </para> </listitem> </varlistentry> - + + <varlistentry id="guc-port" xreflabel="port"> + <term><varname>port</varname> (<type>integer</type>)</term> + <indexterm><primary>port</></> + <listitem> + <para> + The TCP port the server listens on; 5432 by default. Note that the + same port number is used for all IP addresses the server listens on. + This parameter can only be set at server start. + </para> + </listitem> + </varlistentry> + <varlistentry id="guc-max-connections" xreflabel="max_connections"> <term><varname>max_connections</varname> (<type>integer</type>)</term> <listitem> @@ -628,17 +643,6 @@ SET ENABLE_SEQSCAN TO OFF; </listitem> </varlistentry> - <varlistentry id="guc-port" xreflabel="port"> - <term><varname>port</varname> (<type>integer</type>)</term> - <indexterm><primary>port</></> - <listitem> - <para> - The TCP port the server listens on; 5432 by default. This - option can only be set at server start. - </para> - </listitem> - </varlistentry> - <varlistentry id="guc-unix-socket-directory" xreflabel="unix_socket_directory"> <term><varname>unix_socket_directory</varname> (<type>string</type>)</term> @@ -648,6 +652,7 @@ SET ENABLE_SEQSCAN TO OFF; server is to listen for connections from client applications. The default is normally <filename>/tmp</filename>, but can be changed at build time. + This parameter can only be set at server start. </para> </listitem> </varlistentry> @@ -701,27 +706,15 @@ SET ENABLE_SEQSCAN TO OFF; </para> </listitem> </varlistentry> - - <varlistentry id="guc-virtual-host" xreflabel="virtual_host"> - <term><varname>virtual_host</varname> (<type>string</type>)</term> - <listitem> - <para> - Specifies the IP address(es) on which the server is - to listen for connections from client applications. If specified, - it takes the form of a space-separated list of host names and/or - numeric IP addresses. If the list is empty, the server listens - on all available addresses (including - <systemitem class="systemname">localhost</>). - </para> - </listitem> - </varlistentry> <varlistentry id="guc-rendezvous-name" xreflabel="rendezvous_name"> <term><varname>rendezvous_name</varname> (<type>string</type>)</term> <listitem> <para> Specifies the Rendezvous broadcast name. By default, the - computer name is used, specified as ''. + computer name is used, specified as an empty string ''. + This option is only meaningful on platforms that support Rendezvous. + This option can only be set at server start. </para> </listitem> </varlistentry> @@ -3009,11 +3002,11 @@ dynamic_library_path = '/usr/local/lib/postgresql:/home/my_project/lib:$libdir' </row> <row> <entry><option>-h <replaceable>x</replaceable></option></entry> - <entry><literal>virtual_host = <replaceable>x</replaceable></></entry> + <entry><literal>listen_addresses = <replaceable>x</replaceable></></entry> </row> <row> <entry><option>-i</option></entry> - <entry><literal>tcpip_socket = on</></entry> + <entry><literal>listen_addresses = '*'</></entry> </row> <row> <entry><option>-k <replaceable>x</replaceable></option></entry> diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index 2e13838e70e..671e0644d7c 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -37,7 +37,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.375 2004/03/15 16:18:42 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.376 2004/03/23 01:23:48 tgl Exp $ * * NOTES * @@ -149,7 +149,7 @@ static Backend *ShmemBackendArray; /* The socket number we are listening for connections on */ int PostPortNumber; char *UnixSocketDir; -char *VirtualHost; +char *ListenAddresses; /* * MaxBackends is the limit on the number of backends we can start. @@ -202,7 +202,6 @@ static bool Reinit = true; static int SendStop = false; /* still more option variables */ -bool NetServer = false; /* listen on TCP/IP */ bool EnableSSL = false; bool SilentMode = false; /* silent mode (-S) */ @@ -513,10 +512,10 @@ PostmasterMain(int argc, char *argv[]) SetConfigOption("fsync", "false", PGC_POSTMASTER, PGC_S_ARGV); break; case 'h': - SetConfigOption("virtual_host", optarg, PGC_POSTMASTER, PGC_S_ARGV); + SetConfigOption("listen_addresses", optarg, PGC_POSTMASTER, PGC_S_ARGV); break; case 'i': - SetConfigOption("tcpip_socket", "true", PGC_POSTMASTER, PGC_S_ARGV); + SetConfigOption("listen_addresses", "*", PGC_POSTMASTER, PGC_S_ARGV); break; case 'k': SetConfigOption("unix_socket_directory", optarg, PGC_POSTMASTER, PGC_S_ARGV); @@ -704,11 +703,6 @@ PostmasterMain(int argc, char *argv[]) * Initialize SSL library, if specified. */ #ifdef USE_SSL - if (EnableSSL && !NetServer) - { - postmaster_error("TCP/IP connections must be enabled for SSL"); - ExitPostmaster(1); - } if (EnableSSL) secure_initialize(); #endif @@ -753,68 +747,60 @@ PostmasterMain(int argc, char *argv[]) for (i = 0; i < MAXLISTEN; i++) ListenSocket[i] = -1; - if (NetServer) + if (ListenAddresses) { - if (VirtualHost && VirtualHost[0]) - { - char *curhost, - *endptr; - char c = 0; + char *curhost, + *endptr; + char c; - curhost = VirtualHost; - for (;;) - { - while (*curhost == ' ') /* skip any extra spaces */ - curhost++; - if (*curhost == '\0') - break; - endptr = strchr(curhost, ' '); - if (endptr) - { - c = *endptr; - *endptr = '\0'; - } + curhost = ListenAddresses; + for (;;) + { + /* ignore whitespace */ + while (isspace((unsigned char) *curhost)) + curhost++; + if (*curhost == '\0') + break; + endptr = curhost; + while (*endptr != '\0' && !isspace((unsigned char) *endptr)) + endptr++; + c = *endptr; + *endptr = '\0'; + if (strcmp(curhost,"*") == 0) + status = StreamServerPort(AF_UNSPEC, NULL, + (unsigned short) PostPortNumber, + UnixSocketDir, + ListenSocket, MAXLISTEN); + else status = StreamServerPort(AF_UNSPEC, curhost, (unsigned short) PostPortNumber, UnixSocketDir, ListenSocket, MAXLISTEN); - if (status != STATUS_OK) - ereport(FATAL, - (errmsg("could not create listen socket for \"%s\"", - curhost))); - if (endptr) - { - *endptr = c; - curhost = endptr + 1; - } - else - break; - } - } - else - { - status = StreamServerPort(AF_UNSPEC, NULL, - (unsigned short) PostPortNumber, - UnixSocketDir, - ListenSocket, MAXLISTEN); if (status != STATUS_OK) - ereport(FATAL, - (errmsg("could not create TCP/IP listen socket"))); + ereport(WARNING, + (errmsg("could not create listen socket for \"%s\"", + curhost))); + *endptr = c; + if (c != '\0') + curhost = endptr+1; + else + break; } + } #ifdef USE_RENDEZVOUS - if (rendezvous_name != NULL) - { - DNSServiceRegistrationCreate(rendezvous_name, - "_postgresql._tcp.", - "", - htonl(PostPortNumber), - "", - (DNSServiceRegistrationReply) reg_reply, - NULL); - } -#endif + /* Register for Rendezvous only if we opened TCP socket(s) */ + if (ListenSocket[0] != -1 && rendezvous_name != NULL) + { + DNSServiceRegistrationCreate(rendezvous_name, + "_postgresql._tcp.", + "", + htonl(PostPortNumber), + "", + (DNSServiceRegistrationReply) reg_reply, + NULL); } +#endif #ifdef HAVE_UNIX_SOCKETS status = StreamServerPort(AF_UNIX, NULL, @@ -822,10 +808,17 @@ PostmasterMain(int argc, char *argv[]) UnixSocketDir, ListenSocket, MAXLISTEN); if (status != STATUS_OK) - ereport(FATAL, + ereport(WARNING, (errmsg("could not create Unix-domain socket"))); #endif + /* + * check that we have some socket to listen on + */ + if (ListenSocket[0] == -1) + ereport(FATAL, + (errmsg("no socket configured to listen on"))); + XLOGPathInit(); /* diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index 5c0f0a96f1f..280977d60c1 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -10,7 +10,7 @@ * Written by Peter Eisentraut <peter_e@gmx.net>. * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.191 2004/03/22 03:15:29 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.192 2004/03/23 01:23:48 tgl Exp $ * *-------------------------------------------------------------------- */ @@ -444,14 +444,6 @@ static struct config_bool ConfigureNamesBool[] = false, NULL, NULL }, { - {"tcpip_socket", PGC_POSTMASTER, CONN_AUTH_SETTINGS, - gettext_noop("Makes the server accept TCP/IP connections."), - NULL - }, - &NetServer, - false, NULL, NULL - }, - { {"ssl", PGC_POSTMASTER, CONN_AUTH_SECURITY, gettext_noop("Enables SSL connections."), NULL @@ -1711,12 +1703,12 @@ static struct config_string ConfigureNamesString[] = }, { - {"virtual_host", PGC_POSTMASTER, CONN_AUTH_SETTINGS, - gettext_noop("Sets the host name or IP address to listen to."), + {"listen_addresses", PGC_POSTMASTER, CONN_AUTH_SETTINGS, + gettext_noop("Sets the host name or IP addresses to listen to."), NULL }, - &VirtualHost, - "", NULL, NULL + &ListenAddresses, + "localhost", NULL, NULL }, { diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample index 91b0340963c..3bec1e9a757 100644 --- a/src/backend/utils/misc/postgresql.conf.sample +++ b/src/backend/utils/misc/postgresql.conf.sample @@ -27,17 +27,17 @@ # - Connection Settings - -#tcpip_socket = false +#listen_addresses = 'localhost' # what IP interface(s) to listen on; + # defaults to localhost, '*' = any +#port = 5432 #max_connections = 100 # note: increasing max_connections costs about 500 bytes of shared # memory per connection slot, in addition to costs from shared_buffers # and max_locks_per_transaction. #superuser_reserved_connections = 2 -#port = 5432 #unix_socket_directory = '' #unix_socket_group = '' #unix_socket_permissions = 0777 # octal -#virtual_host = '' # what interface to listen on; defaults to any #rendezvous_name = '' # defaults to the computer name # - Security & Authentication - diff --git a/src/bin/psql/tab-complete.c b/src/bin/psql/tab-complete.c index bea56852e43..8b607158219 100644 --- a/src/bin/psql/tab-complete.c +++ b/src/bin/psql/tab-complete.c @@ -3,7 +3,7 @@ * * Copyright (c) 2000-2003, PostgreSQL Global Development Group * - * $PostgreSQL: pgsql/src/bin/psql/tab-complete.c,v 1.101 2004/02/03 17:34:03 tgl Exp $ + * $PostgreSQL: pgsql/src/bin/psql/tab-complete.c,v 1.102 2004/03/23 01:23:48 tgl Exp $ */ /*---------------------------------------------------------------------- @@ -560,7 +560,6 @@ psql_completion(char *text, int start, int end) "syslog", "syslog_facility", "syslog_ident", - "tcpip_socket", "TimeZone", "trace_notify", "transform_null_equals", diff --git a/src/include/miscadmin.h b/src/include/miscadmin.h index b43d481c52a..f34ebb09865 100644 --- a/src/include/miscadmin.h +++ b/src/include/miscadmin.h @@ -12,7 +12,7 @@ * Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/include/miscadmin.h,v 1.153 2004/02/10 03:42:45 tgl Exp $ + * $PostgreSQL: pgsql/src/include/miscadmin.h,v 1.154 2004/03/23 01:23:48 tgl Exp $ * * NOTES * some of the information in this file should be moved to @@ -212,7 +212,6 @@ extern bool VacuumCostActive; * A few postmaster startup options are exported here so the * configuration file processor can access them. */ -extern bool NetServer; extern bool EnableSSL; extern bool SilentMode; extern int MaxBackends; @@ -222,7 +221,7 @@ extern int PostPortNumber; extern int Unix_socket_permissions; extern char *Unix_socket_group; extern char *UnixSocketDir; -extern char *VirtualHost; +extern char *ListenAddresses; /***************************************************************************** |