Participants
Tom Lane
Tom Lane
Bruce Momjian
Bruce Momjian
Attachments
Show all attachments
Thread Outline
#1Tom LaneTom Lane
Nov 01, 2001
#2Bruce MomjianBruce Momjianto Tom Lane (#1)
Nov 01, 2001

Password-file caching is broken

Started by Tom Laneover 24 years ago2 messageshackers
Jump to latest
#1Tom Lane
Tom Lane
tgl@sss.pgh.pa.us

The password-file cache implemented by src/backend/libpq/crypt.c is
now dysfunctional, because it is only loaded when a password check is
requested, which is after the postmaster's child process has forked
away from the postmaster. The cache is always empty in the postmaster,
and every new backend will read up and cache the whole file before
probing the cache ... once.

One fairly reasonable solution would be to have the postmaster load
the cache when receiving SIGHUP (when it also reloads its other config
files). Then we could remove the password-file-reload-flag-file
mechanism in favor of just kill(getppid(), SIGHUP), a mechanism we
already use in other places.

If we don't do that, I am strongly inclined to remove the password cache
mechanism and just allow the code to reread pg_pwd when checking a
password.

If we do keep the cache, I think I will also tweak crypt.c to store
the cache in PostmasterContext palloc space, rather than malloc space,
so that it will be freed when entering a new backend.

Comments?

regards, tom lane

#2Bruce Momjian
Bruce Momjian
bruce@momjian.us
In reply to: Tom Lane (#1)
Re: Password-file caching is broken

The password-file cache implemented by src/backend/libpq/crypt.c is
now dysfunctional, because it is only loaded when a password check is
requested, which is after the postmaster's child process has forked
away from the postmaster. The cache is always empty in the postmaster,
and every new backend will read up and cache the whole file before
probing the cache ... once.

Yikes.

One fairly reasonable solution would be to have the postmaster load
the cache when receiving SIGHUP (when it also reloads its other config
files). Then we could remove the password-file-reload-flag-file
mechanism in favor of just kill(getppid(), SIGHUP), a mechanism we
already use in other places.

I like kill() much better. I never liked that file-flag thing.

If we don't do that, I am strongly inclined to remove the password cache
mechanism and just allow the code to reread pg_pwd when checking a
password.

If we do keep the cache, I think I will also tweak crypt.c to store
the cache in PostmasterContext palloc space, rather than malloc space,
so that it will be freed when entering a new backend.

Good idea.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
← Back to Topics