Bruce Momjian [Sat, 15 Jun 2002 20:03:51 +0000 (20:03 +0000)]
Patch for current_schemas to optionally include implicit ...
Second cut attached. This one just adds a boolean option to the existing
function to indicate that implicit schemas are to be included (or not).
I remembered the docs as well this time :-)
Bruce Momjian [Sat, 15 Jun 2002 20:01:31 +0000 (20:01 +0000)]
PATCH SSL_pending() checks in libpq/fe-misc.c:
I am no longer pursuing a total non-blocking implementation. I haven't
found a good way to test it with the type of work that I do with
PostgreSQL. I do use blocking SSL sockets with this mod and have had no
problem whatsoever. The bug that I fixed in this patch is exceptionally
hard to reproduce reliably.
Bruce Momjian [Sat, 15 Jun 2002 19:54:24 +0000 (19:54 +0000)]
This patch wraps all accesses to t_xmin, t_cmin, t_xmax, and t_cmax in
HeapTupleHeaderData in setter and getter macros called
HeapTupleHeaderGetXmin, HeapTupleHeaderSetXmin etc.
It also introduces a "virtual" field xvac by defining
HeapTupleHeaderGetXvac and HeapTupleHeaderSetXvac. Xvac is used by
VACUUM, in fact it is stored in t_cmin.
Bruce Momjian [Sat, 15 Jun 2002 19:52:56 +0000 (19:52 +0000)]
The normal operation of our servers is to have tcpip_sockets enabled,
but occasionally I may need to shut down the server and restart it
w/o tcpip sockets. Postmaster has the -i option to turn on tcpip
connections, but it wasn't immediately clear how to easily or
temporarily turn it off (when it's been enabled in postgresql.conf).
In fact, it wasn't clear to me until digging in to postmaster.c that
I could pass '-c tcpip_socket=false' or '--tcpip_socket=false'.
(And then of course when I looked more closely at the man page I
realized I'd missed the proper part of the documentation.) What I'd
been looking for is a flag that would have the opposite effect of
'-i', and it's conceivable that others will be looking for specific
flags to do the opposite of '-F' and '-S'.
I was preparing to add options to postmaster until I realized that
maybe the solution is just to add some documentation.
If you'd rather have 1 character options to accomplish this, I'd be
happy to do that-- adding those 9 lines of code is definitely within
my ability. :) (Although, the "right" letter to be the opposite of -S
isn't clear to me, since -s is already taken.)
Bruce Momjian [Sat, 15 Jun 2002 19:39:33 +0000 (19:39 +0000)]
The macaddr datatype understands most formats of MAC address, except 12
hex digits with no separators, eg 00AABBCCDDEE. This is easily remedied
with the following patch (against 7.2.1):
Bruce Momjian [Sat, 15 Jun 2002 19:37:48 +0000 (19:37 +0000)]
Noted with versions 7.0.3, 7.1.3, and 7.2.1:
The psql interpreter becomes unstable if variable substitutions
are used. The debugger GDB was unable to help however mpatrol
reports that the sprintf at mainloop.c:389 is steping one byte
farther than the allocation.
Bruce Momjian [Sat, 15 Jun 2002 19:34:51 +0000 (19:34 +0000)]
On Wed, 2002-05-29 at 01:41, Tom Lane wrote:
>
> > Is it a good idea to provide an example (such as the above), or should I
> > just try and describe the behaviour?
>
> Examples are generally good things ...
OK, the attached documentation patch provides some simple examples of
use of tablename as a parameter, %ROWTYPE and %TYPE.
In the end I decided that the documentation is literally correct, but
hard to follow without any examples explicitly showing the use of a
table name as a parameter.
Bruce Momjian [Sat, 15 Jun 2002 19:30:40 +0000 (19:30 +0000)]
The method PgLargeObject::LOid() is missing an implementation in the .cc
file.
The program seems to compile ok, but when linking a program that uses
the call,
g++ chokes with an undefined reference error.
If you know how this problem might be fixed, list the solution below:
---------------------------------------------------------------------
I include the code:
Bruce Momjian [Sat, 15 Jun 2002 18:49:29 +0000 (18:49 +0000)]
This patch fixes a few minor problems with libpq++: remove the deprecated
PQExec(" ") in the wrapper around PQnotifies(), fix the Makefile for
the examples so that they will actually compile properly (with the
exception of #5, which depends on internal headers), make a minor change
to libpq++.h so that "make examples" now works on my machine, update
some documentation, fix some grammatical problems, and remove some of
the more hideous comments.
Add LOCALTIME and LOCALTIMESTAMP functions per SQL99 standard.
Remove ODBC-compatible empty parentheses from calls to SQL99 functions
for which these parentheses do not match the standard.
Update the ODBC driver to ensure compatibility with the ODBC standard
for these functions (e.g. CURRENT_TIMESTAMP, CURRENT_USER, etc).
Include a new appendix in the User's Guide which lists the labeled features
for SQL99 (the labeled features replaced the "basic", "intermediate",
and "advanced" categories from SQL92). features.sgml does not yet split
this list into "supported" and "unsupported" lists.
Search the existing regular expression cache as a ring buffer.
Will optimize the case for repeated calls for the same expression,
which seems to be the most common case. Formerly, always searched
from the first entry.
May want to look at the least-recently-used algorithm to make sure it
is identifying the right slots to reclaim. Seems silly to do math when
it seems that we could simply use an incrementing counter...
Bruce Momjian [Fri, 14 Jun 2002 04:36:58 +0000 (04:36 +0000)]
SSL patch that adds support for optional client certificates.
If the user has certificates in $HOME/.postgresql/postgresql.crt
and $HOME/.postgresql/postgresql.key exist, they are provided
to the server. The certificate used to sign this cert must be
known to the server, in $DataDir/root.crt. If successful, the
cert's "common name" is logged.
Client certs are not used for authentication, but they could be
via the port->peer (X509 *), port->peer_dn (char *) or
port->peer_cn (char *) fields. Or any other function could be
used, e.g., many sites like the issuer + serial number hash.
Bruce Momjian [Fri, 14 Jun 2002 04:35:02 +0000 (04:35 +0000)]
Patch that checks ownership and permissions on server static
private key. (You want it to be a regular file owned by the
database process, with 0400 or 0600 permissions.)
Bruce Momjian [Fri, 14 Jun 2002 04:33:53 +0000 (04:33 +0000)]
SSL patch to periodically renegotiate session key.
In order to reduce the risk of cryptanalysis during extended
sessions (or brief ones involving a substantial amount of data),
this patch renegotiates the session key after 64kib has been
transferred.
Bruce Momjian [Fri, 14 Jun 2002 04:31:49 +0000 (04:31 +0000)]
SSL support for ephemeral DH keys.
As the comment headers in be-secure.c discusses, EPH preserves
confidentiality even if the static private key (which is usually
kept unencrypted) is compromised.
Because of the value of this, common default values are hard-coded
to protect the confidentiality of the data even if an attacker
successfully deletes or modifies the external file.
Bruce Momjian [Fri, 14 Jun 2002 04:23:17 +0000 (04:23 +0000)]
UPDATED PATCH:
Attached are a revised set of SSL patches. Many of these patches
are motivated by security concerns, it's not just bug fixes. The key
differences (from stock 7.2.1) are:
*) almost all code that directly uses the OpenSSL library is in two
new files,
in the long run, it would be nice to merge these two files.
*) the legacy code to read and write network data have been
encapsulated into read_SSL() and write_SSL(). These functions
should probably be renamed - they handle both SSL and non-SSL
cases.
the remaining code should eliminate the problems identified
earlier, albeit not very cleanly.
*) both front- and back-ends will send a SSL shutdown via the
new close_SSL() function. This is necessary for sessions to
work properly.
(Sessions are not yet fully supported, but by cleanly closing
the SSL connection instead of just sending a TCP FIN packet
other SSL tools will be much happier.)
*) The client certificate and key are now expected in a subdirectory
of the user's home directory. Specifically,
- the directory .postgresql must be owned by the user, and
allow no access by 'group' or 'other.'
- the file .postgresql/postgresql.crt must be a regular file
owned by the user.
- the file .postgresql/postgresql.key must be a regular file
owned by the user, and allow no access by 'group' or 'other'.
At the current time encrypted private keys are not supported.
There should also be a way to support multiple client certs/keys.
*) the front-end performs minimal validation of the back-end cert.
Self-signed certs are permitted, but the common name *must*
match the hostname used by the front-end. (The cert itself
should always use a fully qualified domain name (FDQN) in its
common name field.)
This means that
psql -h eris db
will fail, but
psql -h eris.example.com db
will succeed. At the current time this must be an exact match;
future patches may support any FQDN that resolves to the address
returned by getpeername(2).
Another common "problem" is expiring certs. For now, it may be
a good idea to use a very-long-lived self-signed cert.
As a compile-time option, the front-end can specify a file
containing valid root certificates, but it is not yet required.
*) the back-end performs minimal validation of the client cert.
It allows self-signed certs. It checks for expiration. It
supports a compile-time option specifying a file containing
valid root certificates.
*) both front- and back-ends default to TLSv1, not SSLv3/SSLv2.
*) both front- and back-ends support DSA keys. DSA keys are
moderately more expensive on startup, but many people consider
them preferable than RSA keys. (E.g., SSH2 prefers DSA keys.)
*) if /dev/urandom exists, both client and server will read 16k
of randomization data from it.
*) the server can read empheral DH parameters from the files
if none are provided, the server will default to hardcoded
parameter files provided by the OpenSSL project.
Remaining tasks:
*) the select() clauses need to be revisited - the SSL abstraction
layer may need to absorb more of the current code to avoid rare
deadlock conditions. This also touches on a true solution to
the pg_eof() problem.
*) the SIGPIPE signal handler may need to be revisited.
*) support encrypted private keys.
*) sessions are not yet fully supported. (SSL sessions can span
multiple "connections," and allow the client and server to avoid
costly renegotiations.)
*) makecert - a script that creates back-end certs.
*) pgkeygen - a tool that creates front-end certs.
*) the whole protocol issue, SASL, etc.
*) certs are fully validated - valid root certs must be available.
This is a hassle, but it means that you *can* trust the identity
of the server.
*) the client library can handle hardcoded root certificates, to
avoid the need to copy these files.
*) host name of server cert must resolve to IP address, or be a
recognized alias. This is more liberal than the previous
iteration.
*) the number of bytes transferred is tracked, and the session
key is periodically renegotiated.
*) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The
configuration files have reasonable defaults for each type
of use.
Bruce Momjian [Fri, 14 Jun 2002 03:56:47 +0000 (03:56 +0000)]
Attached are a revised set of SSL patches. Many of these patches
are motivated by security concerns, it's not just bug fixes. The key
differences (from stock 7.2.1) are:
*) almost all code that directly uses the OpenSSL library is in two
new files,
in the long run, it would be nice to merge these two files.
*) the legacy code to read and write network data have been
encapsulated into read_SSL() and write_SSL(). These functions
should probably be renamed - they handle both SSL and non-SSL
cases.
the remaining code should eliminate the problems identified
earlier, albeit not very cleanly.
*) both front- and back-ends will send a SSL shutdown via the
new close_SSL() function. This is necessary for sessions to
work properly.
(Sessions are not yet fully supported, but by cleanly closing
the SSL connection instead of just sending a TCP FIN packet
other SSL tools will be much happier.)
*) The client certificate and key are now expected in a subdirectory
of the user's home directory. Specifically,
- the directory .postgresql must be owned by the user, and
allow no access by 'group' or 'other.'
- the file .postgresql/postgresql.crt must be a regular file
owned by the user.
- the file .postgresql/postgresql.key must be a regular file
owned by the user, and allow no access by 'group' or 'other'.
At the current time encrypted private keys are not supported.
There should also be a way to support multiple client certs/keys.
*) the front-end performs minimal validation of the back-end cert.
Self-signed certs are permitted, but the common name *must*
match the hostname used by the front-end. (The cert itself
should always use a fully qualified domain name (FDQN) in its
common name field.)
This means that
psql -h eris db
will fail, but
psql -h eris.example.com db
will succeed. At the current time this must be an exact match;
future patches may support any FQDN that resolves to the address
returned by getpeername(2).
Another common "problem" is expiring certs. For now, it may be
a good idea to use a very-long-lived self-signed cert.
As a compile-time option, the front-end can specify a file
containing valid root certificates, but it is not yet required.
*) the back-end performs minimal validation of the client cert.
It allows self-signed certs. It checks for expiration. It
supports a compile-time option specifying a file containing
valid root certificates.
*) both front- and back-ends default to TLSv1, not SSLv3/SSLv2.
*) both front- and back-ends support DSA keys. DSA keys are
moderately more expensive on startup, but many people consider
them preferable than RSA keys. (E.g., SSH2 prefers DSA keys.)
*) if /dev/urandom exists, both client and server will read 16k
of randomization data from it.
*) the server can read empheral DH parameters from the files
if none are provided, the server will default to hardcoded
parameter files provided by the OpenSSL project.
Remaining tasks:
*) the select() clauses need to be revisited - the SSL abstraction
layer may need to absorb more of the current code to avoid rare
deadlock conditions. This also touches on a true solution to
the pg_eof() problem.
*) the SIGPIPE signal handler may need to be revisited.
*) support encrypted private keys.
*) sessions are not yet fully supported. (SSL sessions can span
multiple "connections," and allow the client and server to avoid
costly renegotiations.)
*) makecert - a script that creates back-end certs.
*) pgkeygen - a tool that creates front-end certs.
*) the whole protocol issue, SASL, etc.
*) certs are fully validated - valid root certs must be available.
This is a hassle, but it means that you *can* trust the identity
of the server.
*) the client library can handle hardcoded root certificates, to
avoid the need to copy these files.
*) host name of server cert must resolve to IP address, or be a
recognized alias. This is more liberal than the previous
iteration.
*) the number of bytes transferred is tracked, and the session
key is periodically renegotiated.
*) basic cert generation scripts (mkcert.sh, pgkeygen.sh). The
configuration files have reasonable defaults for each type
of use.
Tom Lane [Thu, 13 Jun 2002 02:04:46 +0000 (02:04 +0000)]
Repair for bug #691 --- CREATE TABLE AS column aliases fail to be
applied when the select is a UNION (or other set-operation).
An alternative route to a fix would be to leave analyze.c alone and
change plan_set_operations in prepunion.c to take column names from
the topmost targetlist. But I am not sure that would work in all
cases. This patch seems the minimum-risk fix.
Implement SQL99 OVERLAY(). Allows substitution of a substring in a string.
Implement SQL99 SIMILAR TO as a synonym for our existing operator "~".
Implement SQL99 regular expression SUBSTRING(string FROM pat FOR escape).
Extend the definition to make the FOR clause optional.
Define textregexsubstr() to actually implement this feature.
Update the regression test to include these new string features.
All tests pass.
Rename the regular expression support routines from "pg95_xxx" to "pg_xxx".
Define CREATE CHARACTER SET in the parser per SQL99. No implementation yet.
Implement SQL99 OVERLAY(). Allows substitution of a substring in a string.
Implement SQL99 SIMILAR TO as a synonym for our existing operator "~".
Implement SQL99 regular expression SUBSTRING(string FROM pat FOR escape).
Extend the definition to make the FOR clause optional.
Define textregexsubstr() to actually implement this feature.
Update the regression test to include these new string features.
All tests pass.
Rename the regular expression support routines from "pg95_xxx" to "pg_xxx".
Define CREATE CHARACTER SET in the parser per SQL99. No implementation yet.
Barry Lind [Tue, 11 Jun 2002 02:55:16 +0000 (02:55 +0000)]
The patch does the following:
Allows you to set the loglevel at runtime by adding ?loglevel=X to the connection URL, where 1 = INFO and 2 = DEBUG.
Automatically turns on logging by calling DriverManager.setPrintWriter(new PrintWriter(System.out)) if one is not already set.
Adds a Driver.info() message that prints out the version number
Adds member variables logDebug and logInfo that can be checked before making logging methods calls
Adds a build number to the version number string. This build number will need to be manually incremented when we see fit.
Bruce Momjian [Fri, 7 Jun 2002 21:52:33 +0000 (21:52 +0000)]
Please apply attached patch to contrib/intarray (7.2, 7.3).
Fixed bug with '=' operator for gist__int_ops and
define '=' operator for gist__intbig_ops opclass.
Now '=' operator is consistent with standard 'array' type.
Thanks Achilleus Mantzios for bug report and suggestion.
Note that it appears that BeOS and Netware also have the above or
similar problem.
I have only verified that PostgreSQL builds under Cygwin with this
patch.
Since I cannot reproduce the problem, I cannot verify that the proposed
patch solves it. Nevertheless, both Barry Pederson and David P.
Caldwell
attest that this patch solves the problem. See the following for
details:
Bruce Momjian [Mon, 3 Jun 2002 17:42:11 +0000 (17:42 +0000)]
Small patch to correct the default arraysize associated
with the Cursor object's fetchmany() method. The API and
inline documentation state that the default is 1. It
currently defaults to 5.