Re: [PATCHES] [HACKERS] Kerberos brokenness and oops question in 8.1beta2
Now, our code has been modified since his patch was applied, but we now have: /* * If no hostname was specified, pg_krb_server_hostname is already * NULL. If it's set to blank, force it to NULL. */ khostname = pg_krb_server_hostname; if (khostname khostname[0] == '\0') khostname = NULL; retval = krb5_sname_to_principal(pg_krb5_context, khostname, pg_krb_srvnam, KRB5_NT_SRV_HST, pg_krb5_server); The basic affect is if the GUC krb_server_hostname is empty/NULL, krb5_sname_to_principal() gets called with a 2nd argument (hostname) of NULL. The documentation for this function says for this argument: Yup, that's correct it's the new behaviour. http://publib.boulder.ibm.com/iseries/v5r1/ic2924/index.htm?in fo/apis/krb5list.htm hostname (Input) The host containing the desired service instance. The local host is used if NULL is specified for this parameter. Which says it doesn't accept any service entry in keytab, but rather binds the server hostname to 'localhost'. I think this is why it wasn't working for Magnus. No. This is how it is now, after Tom applied my patch. It now works just fine for me. Previously, we set pg_krb5_server to NULL, which is something completely different than pg_krb_srvname=NULL (yes, they are named very closely, but they are completely different things). krb5_sname_to_principal() was never called. This is what wasn't working for me. I have applied the following patch which updates the documentation to reflect 'localhost', and improves the error message to always print the server name as well as the service name. (We have had complaints about poor Kerberos error messages before.) This is not correct. The default is *not* localhost. It's the local host name. As in what's returned by gethostname(). //Magnus ---(end of broadcast)--- TIP 2: Don't 'kill -9' the postmaster
Re: [PATCHES] [HACKERS] Kerberos brokenness and oops question in 8.1beta2
Magnus Hagander wrote: Previously, we set pg_krb5_server to NULL, which is something completely different than pg_krb_srvname=NULL (yes, they are named very closely, but they are completely different things). krb5_sname_to_principal() was never called. This is what wasn't working for me. I have applied the following patch which updates the documentation to reflect 'localhost', and improves the error message to always print the server name as well as the service name. (We have had complaints about poor Kerberos error messages before.) This is not correct. The default is *not* localhost. It's the local host name. As in what's returned by gethostname(). Ah, local host name, not localhost. Poor wording. Text updated: If not set, the default is the server hostname. See xref linkend=kerberos-auth for details. This parameter can only be set at server start. -- Bruce Momjian| http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [PATCHES] [HACKERS] Kerberos brokenness and oops question in 8.1beta2
Bruce Momjian pgman@candle.pha.pa.us writes: Magnus Hagander wrote: This is not correct. The default is *not* localhost. It's the local host name. As in what's returned by gethostname(). Ah, local host name, not localhost. Poor wording. Text updated: If not set, the default is the server hostname. See xref linkend=kerberos-auth for details. This parameter can only be set at server start. The code patch also assumed that localhost is a valid way to describe the default; you have to do something about that too. regards, tom lane ---(end of broadcast)--- TIP 6: explain analyze is your friend
Re: [PATCHES] [HACKERS] Kerberos brokenness and oops question in 8.1beta2
Previously, we set pg_krb5_server to NULL, which is something completely different than pg_krb_srvname=NULL (yes, they are named very closely, but they are completely different things). krb5_sname_to_principal() was never called. This is what wasn't working for me. I have applied the following patch which updates the documentation to reflect 'localhost', and improves the error message to always print the server name as well as the service name. (We have had complaints about poor Kerberos error messages before.) This is not correct. The default is *not* localhost. It's the local host name. As in what's returned by gethostname(). Ah, local host name, not localhost. Poor wording. Text updated: If not set, the default is the server hostname. See xref linkend=kerberos-auth for details. This parameter can only be set at server start. I htink you need to update the .c file as well - you changed a message there to read localhost last time around. //Magnus ---(end of broadcast)--- TIP 6: explain analyze is your friend
Re: [PATCHES] Documentation typos
On Thu, 2005-13-10 at 00:39 -0600, Michael Fuhr wrote: Correct several typos in the documentation. Applied to HEAD -- thanks for the patch. I also removed the comment from the cvs.sgml file. -Neil ---(end of broadcast)--- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [PATCHES] [HACKERS] Kerberos brokenness and oops question in 8.1beta2
Tom Lane wrote: Bruce Momjian pgman@candle.pha.pa.us writes: Magnus Hagander wrote: This is not correct. The default is *not* localhost. It's the local host name. As in what's returned by gethostname(). Ah, local host name, not localhost. Poor wording. Text updated: If not set, the default is the server hostname. See xref linkend=kerberos-auth for details. This parameter can only be set at server start. The code patch also assumed that localhost is a valid way to describe the default; you have to do something about that too. OK, I changed it to server hostname. Is there a cleaner way to do it? I don't see us printing the server name anywhere in the our code. I don't see us calling gethostname() anywhere in our code. -- Bruce Momjian| http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 6: explain analyze is your friend
Re: [PATCHES] [HACKERS] roundoff problem in time datatype
On Thu, 2005-13-10 at 22:54 -0400, Bruce Momjian wrote: I have written the attached patch which I think does what you suggested. I found all the places where we disallowed 24:00:00, and make it valid, including nabstime.c. Should this be added to the regression tests? -Neil ---(end of broadcast)--- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [PATCHES] [HACKERS] Patching dblink.c to avoid warning about
Bruce Momjian wrote: No problem -- thanks. I have slimmed down the patch by applying the cosmetic parts to CVS. Use the URL above to get the newest versions of the dblink.c and regression changes. Here is my counter-proposal to Bruce's dblink patch. Any comments? Is it too late to apply this for 8.1? I tend to agree with calling this a bugfix. Thanks, Joe Index: dblink.c === RCS file: /opt/src/cvs/pgsql/contrib/dblink/dblink.c,v retrieving revision 1.47 diff -c -r1.47 dblink.c *** dblink.c 15 Oct 2005 02:49:04 - 1.47 --- dblink.c 16 Oct 2005 02:04:13 - *** *** 60,68 typedef struct remoteConn { ! PGconn *conn; /* Hold the remote connection */ ! int autoXactCursors;/* Indicates the number of open cursors, ! * non-zero means we opened the xact ourselves */ } remoteConn; /* --- 60,68 typedef struct remoteConn { ! PGconn *conn;/* Hold the remote connection */ ! int openCursorCount; /* The number of open cursors */ ! bool newXactForCursor; /* Opened a transaction for a cursor */ } remoteConn; /* *** *** 84,93 static char *generate_relation_name(Oid relid); /* Global */ ! List *res_id = NIL; ! int res_id_index = 0; ! PGconn *persistent_conn = NULL; ! static HTAB *remoteConnHash = NULL; /* * Following is list that holds multiple remote connections. --- 84,91 static char *generate_relation_name(Oid relid); /* Global */ ! static remoteConn *pconn = NULL; ! static HTAB *remoteConnHash = NULL; /* * Following is list that holds multiple remote connections. *** *** 184,189 --- 182,197 } \ } while (0) + #define DBLINK_INIT \ + do { \ + if (!pconn) \ + { \ + pconn = (remoteConn *) MemoryContextAlloc(TopMemoryContext, sizeof(remoteConn)); \ + pconn-conn = NULL; \ + pconn-openCursorCount = 0; \ + pconn-newXactForCursor = FALSE; \ + } \ + } while (0) /* * Create a persistent connection to another database *** *** 199,204 --- 207,214 PGconn *conn = NULL; remoteConn *rconn = NULL; + DBLINK_INIT; + if (PG_NARGS() == 2) { connstr = GET_STR(PG_GETARG_TEXT_P(1)); *** *** 234,240 createNewConnection(connname, rconn); } else ! persistent_conn = conn; PG_RETURN_TEXT_P(GET_TEXT(OK)); } --- 244,250 createNewConnection(connname, rconn); } else ! pconn-conn = conn; PG_RETURN_TEXT_P(GET_TEXT(OK)); } *** *** 250,255 --- 260,267 remoteConn *rconn = NULL; PGconn *conn = NULL; + DBLINK_INIT; + if (PG_NARGS() == 1) { conname = GET_STR(PG_GETARG_TEXT_P(0)); *** *** 258,264 conn = rconn-conn; } else ! conn = persistent_conn; if (!conn) DBLINK_CONN_NOT_AVAIL; --- 270,276 conn = rconn-conn; } else ! conn = pconn-conn; if (!conn) DBLINK_CONN_NOT_AVAIL; *** *** 270,276 pfree(rconn); } else ! persistent_conn = NULL; PG_RETURN_TEXT_P(GET_TEXT(OK)); } --- 282,288 pfree(rconn); } else ! pconn-conn = NULL; PG_RETURN_TEXT_P(GET_TEXT(OK)); } *** *** 285,290 --- 297,304 char *msg; PGresult *res = NULL; PGconn *conn = NULL; + int *openCursorCount = NULL; + bool *newXactForCursor = NULL; char *curname = NULL; char *sql = NULL; char *conname = NULL; *** *** 292,303 remoteConn *rconn = NULL; bool fail = true; /* default to backward compatible behavior */ if (PG_NARGS() == 2) { /* text,text */ curname = GET_STR(PG_GETARG_TEXT_P(0)); sql = GET_STR(PG_GETARG_TEXT_P(1)); ! conn = persistent_conn; } else if (PG_NARGS() == 3) { --- 306,321 remoteConn *rconn = NULL; bool fail = true; /* default to backward compatible behavior */ + DBLINK_INIT; + if (PG_NARGS() == 2) { /* text,text */ curname = GET_STR(PG_GETARG_TEXT_P(0)); sql = GET_STR(PG_GETARG_TEXT_P(1)); ! conn = pconn-conn; ! openCursorCount = pconn-openCursorCount; ! newXactForCursor = pconn-newXactForCursor; } else if (PG_NARGS() == 3) { *** *** 307,313 curname = GET_STR(PG_GETARG_TEXT_P(0)); sql = GET_STR(PG_GETARG_TEXT_P(1)); fail = PG_GETARG_BOOL(2); ! conn = persistent_conn; } else { --- 325,333 curname = GET_STR(PG_GETARG_TEXT_P(0)); sql = GET_STR(PG_GETARG_TEXT_P(1)); fail = PG_GETARG_BOOL(2); ! conn = pconn-conn; ! openCursorCount = pconn-openCursorCount; ! newXactForCursor = pconn-newXactForCursor; } else { *** *** 316,322 --- 336,346 sql = GET_STR(PG_GETARG_TEXT_P(2)); rconn = getConnectionByName(conname); if (rconn) + { conn =