From 2e45c143ef5963aa0f705350a017404c9b107f27 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Tue, 23 Mar 2004 01:23:48 +0000 Subject: [PATCH] Replace the virtual_host and tcpip_socket parameters with a unified listen_addresses parameter, as per recent discussion. The default behavior is now to listen on localhost, which eliminates the need for the -i postmaster switch in many scenarios. Andrew Dunstan --- doc/FAQ_QNX4 | 9 +- doc/src/sgml/client-auth.sgml | 34 ++--- doc/src/sgml/ref/postmaster.sgml | 35 +++--- doc/src/sgml/runtime.sgml | 79 ++++++------ src/backend/postmaster/postmaster.c | 117 ++++++++---------- src/backend/utils/misc/guc.c | 18 +-- src/backend/utils/misc/postgresql.conf.sample | 6 +- src/bin/psql/tab-complete.c | 3 +- src/include/miscadmin.h | 5 +- 9 files changed, 147 insertions(+), 159 deletions(-) diff --git a/doc/FAQ_QNX4 b/doc/FAQ_QNX4 index 19ad033d5b7..a7eb083e993 100644 --- a/doc/FAQ_QNX4 +++ b/doc/FAQ_QNX4 @@ -1,6 +1,6 @@ PostgreSQL on QNX 4 -------------------- -last updated: $Date: 2002/07/09 04:47:07 $ +last updated: $Date: 2004/03/23 01:23:47 $ current maintainer: Bernd Tegge (tegge@repas-aeg.de) original author: Andreas Kardos (kardos@repas-aeg.de) @@ -23,10 +23,9 @@ functionality cannot be used. Shared library support could probably be implemented in future. QNX 4 does not support UNIX domain sockets. Clients must use TCP/IP -sockets. Therefore you either have to set "tcpip_socket = true" in -your postgresql.conf or to start postmaster with the -i option. -Furthermore it's advisable to set to set the PGHOST or SOCK environment -variable for postmaster in an environment using native QNX networking. +sockets. Therefore, do not set "listen_addresses" to empty in your +postgresql.conf file. In fact, it's advisable to explicitly set +"listen_addresses" in an environment using native QNX networking. Otherwise the postmaster might not use the IP-Address you think it does :-) Prerequisites: diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index 4b7846e34f6..d93e03f8e5f 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1,5 +1,5 @@ @@ -112,13 +112,19 @@ hostnossl database user This record matches connection attempts made using TCP/IP. - Note that TCP/IP connections are disabled unless the server is - started with the option or the configuration parameter is - enabled. host records match either + host records match either SSL or non-SSL connection attempts. + + + Remote TCP/IP connections will not be possible unless + the server is started with an appropriate value for the + configuration parameter, + since the default behavior is to listen for TCP/IP connections + only on the local loopback address localhost. + + @@ -126,17 +132,17 @@ hostnossl database user hostssl - This record matches connection attempts made using TCP/IP. In - addition, this record requires that the connection is made with - SSL. + This record matches connection attempts made using TCP/IP, + but only when the connection is made with SSL + encryption. To make use of this option the server must be built with - SSL support enabled. Furthermore, - SSL must be enabled by setting the configuration parameter (see for more information). + SSL support. Furthermore, + SSL must be enabled at server start time + by setting the configuration parameter (see + for more information). @@ -146,8 +152,8 @@ hostnossl database user This record is similar to hostssl but with the - opposite logic: it only matches connection attempts made over - TCP/IP that do not use SSL. + opposite logic: it only matches connection attempts made over + TCP/IP that do not use SSL. diff --git a/doc/src/sgml/ref/postmaster.sgml b/doc/src/sgml/ref/postmaster.sgml index 2affe14d613..cf74272b9bc 100644 --- a/doc/src/sgml/ref/postmaster.sgml +++ b/doc/src/sgml/ref/postmaster.sgml @@ -1,5 +1,5 @@ @@ -165,11 +165,17 @@ PostgreSQL documentation - Specifies the IP host name or address on which the - postmaster is to listen for - connections from client applications. Defaults to - listening on all configured addresses (including - localhost). + Specifies the IP host name or address on which the + postmaster is to listen for TCP/IP + connections from client applications. The value can also be + a space-separated list of addresses, or * to specify + listening on all available interfaces. An empty value specifies + not listening on any IP addresses, in which case only Unix-domain + sockets can be used to connect to the postmaster. + Defaults to listening only + on localhost. + This option is equivalent to setting listen_addresses in + postgresql.conf. @@ -178,14 +184,16 @@ PostgreSQL documentation - Allows clients to connect via TCP/IP (Internet domain) - connections. Without this option, only local Unix domain - socket connections are accepted. This option corresponds - to setting tcpip_socket=true in postgresql.conf. + Allows remote clients to connect via TCP/IP (Internet domain) + connections. Without this option, only local connections are + accepted. This option is equivalent to setting + listen_addresses to * in + postgresql.conf or via - has the opposite - effect of this option. + This option is deprecated since it does not allow access to the + full functionality of listen_addresses. It's usually + better to set listen_addresses directly. @@ -206,8 +214,7 @@ PostgreSQL documentation - Enables secure connections using SSL. The - option is also required. You must have compiled with SSL + Enables secure connections using SSL. You must have compiled with SSL enabled to use this option. diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index 1469d7be532..7b56e192575 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -1,5 +1,5 @@ @@ -186,11 +186,7 @@ $ postmaster -D /usr/local/pgsql/data >logfile 2>&1 & The postmaster also takes a number of other command line options. For more information, see the reference page - and below. In particular, in order - for the server to accept - TCP/IPTCP/IP connections - (rather than just Unix-domain socket ones), you must specify the - option. + and below. @@ -333,7 +329,7 @@ FATAL: could not create TCP/IP listen socket be a different problem. For example, trying to start a postmaster on a reserved port number may draw something like: -$ postmaster -i -p 666 +$ postmaster -p 666 LOG: could not bind IPv4 socket: Permission denied HINT: Is another postmaster already running on port 666? If not, wait a few seconds and retry. FATAL: could not create TCP/IP listen socket @@ -570,19 +566,38 @@ SET ENABLE_SEQSCAN TO OFF; Connection Settings - - - tcpip_socket (boolean) + + + listen_addresses (string) - If this is true, then the server will accept TCP/IP connections.TCP/IP - Otherwise only local Unix domain socket connections are - accepted. It is off by default. This option can only be set at - server start. + Specifies the TCP/IP address(es) on which the server is + to listen for connections from client applications. + The value takes the form of a space-separated list of host names + and/or numeric IP addresses. The special entry * + corresponds to all available IP interfaces. + If the list is empty, the server does not listen on any IP interface + at all, in which case only Unix-domain sockets can be used to connect + to it. + The default value is localhost, + which allows only local loopback connections to be made. + This parameter can only be set at server start. - + + + port (integer) + port + + + The TCP port the server listens on; 5432 by default. Note that the + same port number is used for all IP addresses the server listens on. + This parameter can only be set at server start. + + + + max_connections (integer) @@ -628,17 +643,6 @@ SET ENABLE_SEQSCAN TO OFF; - - port (integer) - port - - - The TCP port the server listens on; 5432 by default. This - option can only be set at server start. - - - - unix_socket_directory (string) @@ -648,6 +652,7 @@ SET ENABLE_SEQSCAN TO OFF; server is to listen for connections from client applications. The default is normally /tmp, but can be changed at build time. + This parameter can only be set at server start. @@ -701,27 +706,15 @@ SET ENABLE_SEQSCAN TO OFF; - - - virtual_host (string) - - - Specifies the IP address(es) on which the server is - to listen for connections from client applications. If specified, - it takes the form of a space-separated list of host names and/or - numeric IP addresses. If the list is empty, the server listens - on all available addresses (including - localhost). - - - rendezvous_name (string) Specifies the Rendezvous broadcast name. By default, the - computer name is used, specified as ''. + computer name is used, specified as an empty string ''. + This option is only meaningful on platforms that support Rendezvous. + This option can only be set at server start. @@ -3009,11 +3002,11 @@ dynamic_library_path = '/usr/local/lib/postgresql:/home/my_project/lib:$libdir' - virtual_host = x + listen_addresses = x - tcpip_socket = on + listen_addresses = '*' diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index 2e13838e70e..671e0644d7c 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -37,7 +37,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.375 2004/03/15 16:18:42 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.376 2004/03/23 01:23:48 tgl Exp $ * * NOTES * @@ -149,7 +149,7 @@ static Backend *ShmemBackendArray; /* The socket number we are listening for connections on */ int PostPortNumber; char *UnixSocketDir; -char *VirtualHost; +char *ListenAddresses; /* * MaxBackends is the limit on the number of backends we can start. @@ -202,7 +202,6 @@ static bool Reinit = true; static int SendStop = false; /* still more option variables */ -bool NetServer = false; /* listen on TCP/IP */ bool EnableSSL = false; bool SilentMode = false; /* silent mode (-S) */ @@ -513,10 +512,10 @@ PostmasterMain(int argc, char *argv[]) SetConfigOption("fsync", "false", PGC_POSTMASTER, PGC_S_ARGV); break; case 'h': - SetConfigOption("virtual_host", optarg, PGC_POSTMASTER, PGC_S_ARGV); + SetConfigOption("listen_addresses", optarg, PGC_POSTMASTER, PGC_S_ARGV); break; case 'i': - SetConfigOption("tcpip_socket", "true", PGC_POSTMASTER, PGC_S_ARGV); + SetConfigOption("listen_addresses", "*", PGC_POSTMASTER, PGC_S_ARGV); break; case 'k': SetConfigOption("unix_socket_directory", optarg, PGC_POSTMASTER, PGC_S_ARGV); @@ -704,11 +703,6 @@ PostmasterMain(int argc, char *argv[]) * Initialize SSL library, if specified. */ #ifdef USE_SSL - if (EnableSSL && !NetServer) - { - postmaster_error("TCP/IP connections must be enabled for SSL"); - ExitPostmaster(1); - } if (EnableSSL) secure_initialize(); #endif @@ -753,68 +747,60 @@ PostmasterMain(int argc, char *argv[]) for (i = 0; i < MAXLISTEN; i++) ListenSocket[i] = -1; - if (NetServer) + if (ListenAddresses) { - if (VirtualHost && VirtualHost[0]) - { - char *curhost, - *endptr; - char c = 0; + char *curhost, + *endptr; + char c; - curhost = VirtualHost; - for (;;) - { - while (*curhost == ' ') /* skip any extra spaces */ - curhost++; - if (*curhost == '\0') - break; - endptr = strchr(curhost, ' '); - if (endptr) - { - c = *endptr; - *endptr = '\0'; - } + curhost = ListenAddresses; + for (;;) + { + /* ignore whitespace */ + while (isspace((unsigned char) *curhost)) + curhost++; + if (*curhost == '\0') + break; + endptr = curhost; + while (*endptr != '\0' && !isspace((unsigned char) *endptr)) + endptr++; + c = *endptr; + *endptr = '\0'; + if (strcmp(curhost,"*") == 0) + status = StreamServerPort(AF_UNSPEC, NULL, + (unsigned short) PostPortNumber, + UnixSocketDir, + ListenSocket, MAXLISTEN); + else status = StreamServerPort(AF_UNSPEC, curhost, (unsigned short) PostPortNumber, UnixSocketDir, ListenSocket, MAXLISTEN); - if (status != STATUS_OK) - ereport(FATAL, - (errmsg("could not create listen socket for \"%s\"", - curhost))); - if (endptr) - { - *endptr = c; - curhost = endptr + 1; - } - else - break; - } - } - else - { - status = StreamServerPort(AF_UNSPEC, NULL, - (unsigned short) PostPortNumber, - UnixSocketDir, - ListenSocket, MAXLISTEN); if (status != STATUS_OK) - ereport(FATAL, - (errmsg("could not create TCP/IP listen socket"))); + ereport(WARNING, + (errmsg("could not create listen socket for \"%s\"", + curhost))); + *endptr = c; + if (c != '\0') + curhost = endptr+1; + else + break; } + } #ifdef USE_RENDEZVOUS - if (rendezvous_name != NULL) - { - DNSServiceRegistrationCreate(rendezvous_name, - "_postgresql._tcp.", - "", - htonl(PostPortNumber), - "", - (DNSServiceRegistrationReply) reg_reply, - NULL); - } -#endif + /* Register for Rendezvous only if we opened TCP socket(s) */ + if (ListenSocket[0] != -1 && rendezvous_name != NULL) + { + DNSServiceRegistrationCreate(rendezvous_name, + "_postgresql._tcp.", + "", + htonl(PostPortNumber), + "", + (DNSServiceRegistrationReply) reg_reply, + NULL); } +#endif #ifdef HAVE_UNIX_SOCKETS status = StreamServerPort(AF_UNIX, NULL, @@ -822,10 +808,17 @@ PostmasterMain(int argc, char *argv[]) UnixSocketDir, ListenSocket, MAXLISTEN); if (status != STATUS_OK) - ereport(FATAL, + ereport(WARNING, (errmsg("could not create Unix-domain socket"))); #endif + /* + * check that we have some socket to listen on + */ + if (ListenSocket[0] == -1) + ereport(FATAL, + (errmsg("no socket configured to listen on"))); + XLOGPathInit(); /* diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index 5c0f0a96f1f..280977d60c1 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -10,7 +10,7 @@ * Written by Peter Eisentraut . * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.191 2004/03/22 03:15:29 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.192 2004/03/23 01:23:48 tgl Exp $ * *-------------------------------------------------------------------- */ @@ -443,14 +443,6 @@ static struct config_bool ConfigureNamesBool[] = &session_auth_is_superuser, false, NULL, NULL }, - { - {"tcpip_socket", PGC_POSTMASTER, CONN_AUTH_SETTINGS, - gettext_noop("Makes the server accept TCP/IP connections."), - NULL - }, - &NetServer, - false, NULL, NULL - }, { {"ssl", PGC_POSTMASTER, CONN_AUTH_SECURITY, gettext_noop("Enables SSL connections."), @@ -1711,12 +1703,12 @@ static struct config_string ConfigureNamesString[] = }, { - {"virtual_host", PGC_POSTMASTER, CONN_AUTH_SETTINGS, - gettext_noop("Sets the host name or IP address to listen to."), + {"listen_addresses", PGC_POSTMASTER, CONN_AUTH_SETTINGS, + gettext_noop("Sets the host name or IP addresses to listen to."), NULL }, - &VirtualHost, - "", NULL, NULL + &ListenAddresses, + "localhost", NULL, NULL }, { diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample index 91b0340963c..3bec1e9a757 100644 --- a/src/backend/utils/misc/postgresql.conf.sample +++ b/src/backend/utils/misc/postgresql.conf.sample @@ -27,17 +27,17 @@ # - Connection Settings - -#tcpip_socket = false +#listen_addresses = 'localhost' # what IP interface(s) to listen on; + # defaults to localhost, '*' = any +#port = 5432 #max_connections = 100 # note: increasing max_connections costs about 500 bytes of shared # memory per connection slot, in addition to costs from shared_buffers # and max_locks_per_transaction. #superuser_reserved_connections = 2 -#port = 5432 #unix_socket_directory = '' #unix_socket_group = '' #unix_socket_permissions = 0777 # octal -#virtual_host = '' # what interface to listen on; defaults to any #rendezvous_name = '' # defaults to the computer name # - Security & Authentication - diff --git a/src/bin/psql/tab-complete.c b/src/bin/psql/tab-complete.c index bea56852e43..8b607158219 100644 --- a/src/bin/psql/tab-complete.c +++ b/src/bin/psql/tab-complete.c @@ -3,7 +3,7 @@ * * Copyright (c) 2000-2003, PostgreSQL Global Development Group * - * $PostgreSQL: pgsql/src/bin/psql/tab-complete.c,v 1.101 2004/02/03 17:34:03 tgl Exp $ + * $PostgreSQL: pgsql/src/bin/psql/tab-complete.c,v 1.102 2004/03/23 01:23:48 tgl Exp $ */ /*---------------------------------------------------------------------- @@ -560,7 +560,6 @@ psql_completion(char *text, int start, int end) "syslog", "syslog_facility", "syslog_ident", - "tcpip_socket", "TimeZone", "trace_notify", "transform_null_equals", diff --git a/src/include/miscadmin.h b/src/include/miscadmin.h index b43d481c52a..f34ebb09865 100644 --- a/src/include/miscadmin.h +++ b/src/include/miscadmin.h @@ -12,7 +12,7 @@ * Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/include/miscadmin.h,v 1.153 2004/02/10 03:42:45 tgl Exp $ + * $PostgreSQL: pgsql/src/include/miscadmin.h,v 1.154 2004/03/23 01:23:48 tgl Exp $ * * NOTES * some of the information in this file should be moved to @@ -212,7 +212,6 @@ extern bool VacuumCostActive; * A few postmaster startup options are exported here so the * configuration file processor can access them. */ -extern bool NetServer; extern bool EnableSSL; extern bool SilentMode; extern int MaxBackends; @@ -222,7 +221,7 @@ extern int PostPortNumber; extern int Unix_socket_permissions; extern char *Unix_socket_group; extern char *UnixSocketDir; -extern char *VirtualHost; +extern char *ListenAddresses; /***************************************************************************** -- 2.39.5