[Pgpool-hackers] Reload does not help if password file changed

Tatsuo Ishii ishii at sraoss.co.jp
Wed Sep 28 14:27:05 UTC 2011 

Hi Gurjeet,

Sorry for delay.
I will take care of this tomorrow.
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp

> Hi Tatsuo,
> 
>     Any feedback on the correctness of the patch?
> 
> Thanks,
> 
> On Mon, Sep 26, 2011 at 10:18 PM, Gurjeet Singh <singh.gurjeet at gmail.com>wrote:
> 
>> Hi Tatsuo,
>>
>>     Please find an updated patch. I am now using strcmp() to check if we
>> need to reopne the file, just like the code in main.c, instead of comparing
>> the value with NULL.
>>
>> Regards,
>>
>>
>> On Mon, Sep 26, 2011 at 9:57 PM, Tatsuo Ishii <ishii at sraoss.co.jp> wrote:
>>
>>> Thanks for report and patches. I will take care of this.
>>> --
>>> Tatsuo Ishii
>>> SRA OSS, Inc. Japan
>>> English: http://www.sraoss.co.jp/index_en.php
>>> Japanese: http://www.sraoss.co.jp
>>>
>>> > Hi,
>>> >
>>> >     Maybe this is expected behaviour, but it definitely is not
>>> desirable. If
>>> > we add a new user:passwrod to the contents of pool_passwd file and send
>>> a
>>> > reload signal to pgpool, the child processes are still not able to honor
>>> the
>>> > new user and the trying to login using the new user causes error "MD5
>>> > authentication failed..."
>>> >
>>> >     I have diagnosed it back to the fact that pgpool uses stdio.h
>>> interface
>>> > (FILE *) to access the pool_passwd file, and it reads the contents of
>>> the
>>> > file for every new login that requests MD5 authentication. The problem
>>> with
>>> > the stdio.h interface is that it caches the contents of the file and it
>>> does
>>> > not refresh the cache even when the contents of the file change on-disk,
>>> so
>>> > every time pgpool tries to read new user's password it does not see the
>>> new
>>> > entry and hence fails.
>>> >
>>> >     To be able to connect as the new user we have to either restart
>>> pgpool
>>> > or wait for a new child to be forked which will see the new contents of
>>> the
>>> > file. All of these problems also apply to the case where we might alter
>>> the
>>> > password of an existing user and update the md5 password in pool_passwd
>>> > file.
>>> >
>>> >     I have attached a minimal patch to address this issue. In the patch,
>>> we
>>> > save the file path that was initially used to open the pool_passwd and
>>> upon
>>> > every reload the child closes and reopens the file so that the stdio.h
>>> > interface does not show it cached data.
>>> >
>>> > Regards,
>>> > --
>>> > Gurjeet Singh
>>> > EnterpriseDB Corporation
>>> > The Enterprise PostgreSQL Company
>>>
>>
>>
>>
>> --
>> Gurjeet Singh
>> EnterpriseDB Corporation
>> The Enterprise PostgreSQL Company
>>
>>
> 
> 
> -- 
> Gurjeet Singh
> EnterpriseDB Corporation
> The Enterprise PostgreSQL Company

More information about the Pgpool-hackers mailing list