[Pgpool-hackers] Reload does not help if password file changed

Thu Sep 29 08:47:16 UTC 2011

Hi Gurjeet,

I have committed your patches to CVS HEAD with my minor editings. It's
great that we don't need to restart pgpool-II each time user changed
md5 password!

Here are my slight changes to original patch:

- Checking pool_config->pool_passwd is not correct way to judge if we
  need to reopen pool_passwd or not. Rather you should look into
  enable_pool_hba. Because pool_config->pool_passwd is the base file
  name of pool_passwd(can be used if you want to change standard
  "pool_passwd"), and md5 auth is not enabled if enable_pool_hba is
  off.

- Storing pointer to pool_passwd path will not work since the body is
  located at a stack area(char pool_passwd[POOLMAXPATHLEN+1] around
  line 425 of mainc.). I modify to copy it to static memory.

Chinese, French and German doc maintainer:

I have modified documentation around line 3279 of
pgpool-en.html. Please update other language. Thanks in advance.
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp

> Hi Gurjeet,
> 
> Sorry for delay.
> I will take care of this tomorrow.
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese: http://www.sraoss.co.jp
> 
>> Hi Tatsuo,
>> 
>>     Any feedback on the correctness of the patch?
>> 
>> Thanks,
>> 
>> On Mon, Sep 26, 2011 at 10:18 PM, Gurjeet Singh <singh.gurjeet at gmail.com>wrote:
>> 
>>> Hi Tatsuo,
>>>
>>>     Please find an updated patch. I am now using strcmp() to check if we
>>> need to reopne the file, just like the code in main.c, instead of comparing
>>> the value with NULL.
>>>
>>> Regards,
>>>
>>>
>>> On Mon, Sep 26, 2011 at 9:57 PM, Tatsuo Ishii <ishii at sraoss.co.jp> wrote:
>>>
>>>> Thanks for report and patches. I will take care of this.
>>>> --
>>>> Tatsuo Ishii
>>>> SRA OSS, Inc. Japan
>>>> English: http://www.sraoss.co.jp/index_en.php
>>>> Japanese: http://www.sraoss.co.jp
>>>>
>>>> > Hi,
>>>> >
>>>> >     Maybe this is expected behaviour, but it definitely is not
>>>> desirable. If
>>>> > we add a new user:passwrod to the contents of pool_passwd file and send
>>>> a
>>>> > reload signal to pgpool, the child processes are still not able to honor
>>>> the
>>>> > new user and the trying to login using the new user causes error "MD5
>>>> > authentication failed..."
>>>> >
>>>> >     I have diagnosed it back to the fact that pgpool uses stdio.h
>>>> interface
>>>> > (FILE *) to access the pool_passwd file, and it reads the contents of
>>>> the
>>>> > file for every new login that requests MD5 authentication. The problem
>>>> with
>>>> > the stdio.h interface is that it caches the contents of the file and it
>>>> does
>>>> > not refresh the cache even when the contents of the file change on-disk,
>>>> so
>>>> > every time pgpool tries to read new user's password it does not see the
>>>> new
>>>> > entry and hence fails.
>>>> >
>>>> >     To be able to connect as the new user we have to either restart
>>>> pgpool
>>>> > or wait for a new child to be forked which will see the new contents of
>>>> the
>>>> > file. All of these problems also apply to the case where we might alter
>>>> the
>>>> > password of an existing user and update the md5 password in pool_passwd
>>>> > file.
>>>> >
>>>> >     I have attached a minimal patch to address this issue. In the patch,
>>>> we
>>>> > save the file path that was initially used to open the pool_passwd and
>>>> upon
>>>> > every reload the child closes and reopens the file so that the stdio.h
>>>> > interface does not show it cached data.
>>>> >
>>>> > Regards,
>>>> > --
>>>> > Gurjeet Singh
>>>> > EnterpriseDB Corporation
>>>> > The Enterprise PostgreSQL Company
>>>>
>>>
>>>
>>>
>>> --
>>> Gurjeet Singh
>>> EnterpriseDB Corporation
>>> The Enterprise PostgreSQL Company
>>>
>>>
>> 
>> 
>> -- 
>> Gurjeet Singh
>> EnterpriseDB Corporation
>> The Enterprise PostgreSQL Company
> _______________________________________________
> Pgpool-hackers mailing list
> Pgpool-hackers at pgfoundry.org
> http://pgfoundry.org/mailman/listinfo/pgpool-hackers