Hi,
Commit f5580882 established that all supported computers have AF_UNIX.
One of the follow-up consequences that was left unfinished is that we
could simplify our test harness code to make it the same on all
platforms. Currently we have hundreds of lines of C and perl to use
secure TCP connections instead for the benefit of defunct Windows
versions. Here's a patch set for that. These patches and some
discussion of them were buried in the recent
clean-up-after-recently-dropped-obsolete-systems thread[1], and I
didn't want to lose track of them. I think they would need review and
testing from a Windows-based hacker to make progress. The patches
are:
1. Teach mkdtemp() to make a non-world-accessible directory. This is
required to be able to make a socket that other processes can't
connect to, to match the paranoia level used on Unix. This was
written just by reading documentation, because I am not a Windows
user, so I would be grateful for a second opinion and/or testing from
a Windows hacker, which would involve testing with two different
users. The idea is that Windows' mkdir() is completely ignoring the
permissions (we can see in the mingw headers that it literally throws
away the mode argument), so we shouldn't use that, but native
CreateDirectory() when given a pointer to a SECURITY_ATTRIBUTES with
lpSecurityDesciptor set to NULL should only allow the current user to
access the object (directory). Does this really work, and would it be
better to create some more explicit private-keep-out
SECURITY_ATTRIBUTE, and how would that look?
I'm fairly sure that filesystem permissions must be enough to stop
another OS user from connecting, because it's clear from documentation
that AF_UNIX works on Windows by opening the file and reading some
magic "reparse" data from inside it, so if you can't see into the
containing directory, you can't do it. This patch is the one the rest
are standing on, because the tests should match Unix in their level of
security.
2. Always use AF_UNIX for pg_regress. Remove a bunch of
no-longer-needed sspi auth stuff. Remove comments that worried about
signal handler safety (referring here to real Windows signals, not
fake PostgreSQL signals that are a backend-only concept). By my
reading of the Windows documentation and our code, there is no real
concern here, so the remove_temp() stuff should be fine, as I have
explained in a new comment. But I have not tested this signal safety
claim, not being a Windows user. I added an assertion that should
hold if I am right. If you run this on Windows and interrupt
pg_regress with ^C, does it hold?
3. Use AF_UNIX for TAP tests too.
4. In passing, remove our documentation's claim that Linux's
"abstract" AF_UNIX namespace is available on Windows. It does not
work at all, according to all reports (IMHO it seems like an
inherently insecure interface that other OSes would be unlikely to
adopt).
Note that this thread is not about libpq, which differs from Unix by
defaulting to host=localhost rather than AF_UNIX IIRC. That's a
user-facing policy decision I'm not touching; this thread is just
about cleaning up old test infrastructure of interest to hackers.
[1]
https://www.postgresql.org/message-id/flat/CA%2BhUKGJ3LHeP9w5Fgzdr4G8AnEtJ%3Dz%3Dp6hGDEm4qYGEUX5B6fQ%40mail.gmail.com
From 62b1cdbdc848f96eef02ed97f14be9c1f4557539 Mon Sep 17 00:00:00 2001
From: Thomas Munro <thomas.mu...@gmail.com>
Date: Wed, 7 Sep 2022 07:35:11 +1200
Subject: [PATCH 1/4] WIP: Make mkdtemp() more secure on Windows.
Our POSIX mkdtemp() implementation in src/port/mkdtemp.c code would
create directories with default permissions on Windows. Fix, using
native Windows API instead of mkdir().
---
src/port/mkdtemp.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/port/mkdtemp.c b/src/port/mkdtemp.c
index 8809957dcd..8116317435 100644
--- a/src/port/mkdtemp.c
+++ b/src/port/mkdtemp.c
@@ -187,8 +187,20 @@ GETTEMP(char *path, int *doopen, int domkdir)
}
else if (domkdir)
{
+#ifdef WIN32
+ SECURITY_ATTRIBUTES sa = {
+ .nLength = sizeof(SECURITY_ATTRIBUTES),
+ .lpSecurityDescriptor = NULL,
+ .bInheritHandle = false
+ };
+
+ if (CreateDirectory(path, &sa))
+ return 1;
+ _dosmaperr(GetLastError());
+#else
if (mkdir(path, 0700) >= 0)
return 1;
+#endif
if (errno != EEXIST)
return 0;
}
--
2.38.1
From 388719a6fbb45896ff87794ed4bfdbc0f0aac329 Mon Sep 17 00:00:00 2001
From: Thomas Munro <thomas.mu...@gmail.com>
Date: Fri, 19 Aug 2022 11:28:38 +1200
Subject: [PATCH 2/4] WIP: Always use Unix-domain sockets in pg_regress on
Windows.
Since we can now rely on Unix-domain sockets working on supported
Windows versions (10+), we can remove a source of instability and a
difference between Unix and Windows in pg_regress.
Previously, we thought the socket cleanup code was unsafe, so we made
Unix-domain sockets an option with a "use-at-your-own-risk" note. On
closer inspection, the concerns about signal handlers don't seem to
apply here. (initdb.c has similar concerns but needs separate
investigation.)
Previously, commit f6dc6dd5 secured temporary installations using TCP/IP
on Windows, while commit be76a6d3 used file system permissions for Unix
sockets on Unix. Now that our src/port/mkdtemp.c file creates
non-world-accessible directories on Windows, we can just do the same on
Windows.
---
src/test/regress/pg_regress.c | 274 ++++------------------------------
1 file changed, 32 insertions(+), 242 deletions(-)
diff --git a/src/test/regress/pg_regress.c b/src/test/regress/pg_regress.c
index f308da6c50..dc6b4663c0 100644
--- a/src/test/regress/pg_regress.c
+++ b/src/test/regress/pg_regress.c
@@ -55,6 +55,20 @@ char *host_platform = HOST_TUPLE;
static char *shellprog = SHELLPROG;
#endif
+/*
+ * The name of the environment variable that controls where we put temporary
+ * files, to override the defaut of "/tmp".
+ */
+#ifdef WIN32
+#define TMPDIR "TMP"
+#else
+#define TMPDIR "TMPDIR"
+#endif
+
+#if defined(WIN32) && defined(USE_ASSERT_CHECKING)
+static DWORD main_thread_id;
+#endif
+
/*
* On Windows we use -w in diff switches to avoid problems with inconsistent
* newline representation. The actual result files will generally have
@@ -286,9 +300,7 @@ stop_postmaster(void)
* postmaster exit, so it is indeterminate whether the postmaster has yet to
* unlink the socket and lock file. Unlink them here so we can proceed to
* remove the directory. Ignore errors; leaking a temporary directory is
- * unimportant. This can run from a signal handler. The code is not
- * acceptable in a Windows signal handler (see initdb.c:trapsig()), but
- * on Windows, pg_regress does not use Unix sockets by default.
+ * unimportant. This can run from a signal handler.
*/
static void
remove_temp(void)
@@ -305,6 +317,18 @@ remove_temp(void)
static void
signal_remove_temp(SIGNAL_ARGS)
{
+#ifdef WIN32
+ /*
+ * In general, it would not be acceptable to call remove_temp() in a
+ * Windows signal handler. It is safe in this program though, because
+ * SIGHUP and SIGPIPE don't really exist and SIGTERM is never raised by the
+ * system, leaving just SIGINT. SIGINT doesn't interrupt the main
+ * execution context on Windows, it runs the handler concurrently in
+ * another thread.
+ */
+ Assert(GetCurrentThreadId() != main_thread_id);
+#endif
+
remove_temp();
pqsignal(postgres_signal_arg, SIG_DFL);
@@ -327,7 +351,7 @@ static const char *
make_temp_sockdir(void)
{
char *template = psprintf("%s/pg_regress-XXXXXX",
- getenv("TMPDIR") ? getenv("TMPDIR") : "/tmp");
+ getenv(TMPDIR) ? getenv(TMPDIR) : "/tmp");
temp_sockdir = mkdtemp(template);
if (temp_sockdir == NULL)
@@ -344,6 +368,10 @@ make_temp_sockdir(void)
/* Remove the directory during clean exit. */
atexit(remove_temp);
+#if defined(WIN32) && defined(USE_ASSERT_CHECKING)
+ main_thread_id = GetCurrentThreadId();
+#endif
+
/*
* Remove the directory before dying to the usual signals. Omit SIGQUIT,
* preserving it as a quick, untidy exit.
@@ -754,211 +782,6 @@ initialize_environment(void)
load_resultmap();
}
-#ifdef ENABLE_SSPI
-
-/* support for config_sspi_auth() */
-static const char *
-fmtHba(const char *raw)
-{
- static char *ret;
- const char *rp;
- char *wp;
-
- wp = ret = pg_realloc(ret, 3 + strlen(raw) * 2);
-
- *wp++ = '"';
- for (rp = raw; *rp; rp++)
- {
- if (*rp == '"')
- *wp++ = '"';
- *wp++ = *rp;
- }
- *wp++ = '"';
- *wp++ = '\0';
-
- return ret;
-}
-
-/*
- * Get account and domain/realm names for the current user. This is based on
- * pg_SSPI_recvauth(). The returned strings use static storage.
- */
-static void
-current_windows_user(const char **acct, const char **dom)
-{
- static char accountname[MAXPGPATH];
- static char domainname[MAXPGPATH];
- HANDLE token;
- TOKEN_USER *tokenuser;
- DWORD retlen;
- DWORD accountnamesize = sizeof(accountname);
- DWORD domainnamesize = sizeof(domainname);
- SID_NAME_USE accountnameuse;
-
- if (!OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &token))
- {
- fprintf(stderr,
- _("%s: could not open process token: error code %lu\n"),
- progname, GetLastError());
- exit(2);
- }
-
- if (!GetTokenInformation(token, TokenUser, NULL, 0, &retlen) && GetLastError() != 122)
- {
- fprintf(stderr,
- _("%s: could not get token information buffer size: error code %lu\n"),
- progname, GetLastError());
- exit(2);
- }
- tokenuser = pg_malloc(retlen);
- if (!GetTokenInformation(token, TokenUser, tokenuser, retlen, &retlen))
- {
- fprintf(stderr,
- _("%s: could not get token information: error code %lu\n"),
- progname, GetLastError());
- exit(2);
- }
-
- if (!LookupAccountSid(NULL, tokenuser->User.Sid, accountname, &accountnamesize,
- domainname, &domainnamesize, &accountnameuse))
- {
- fprintf(stderr,
- _("%s: could not look up account SID: error code %lu\n"),
- progname, GetLastError());
- exit(2);
- }
-
- free(tokenuser);
-
- *acct = accountname;
- *dom = domainname;
-}
-
-/*
- * Rewrite pg_hba.conf and pg_ident.conf to use SSPI authentication. Permit
- * the current OS user to authenticate as the bootstrap superuser and as any
- * user named in a --create-role option.
- *
- * In --config-auth mode, the --user switch can be used to specify the
- * bootstrap superuser's name, otherwise we assume it is the default.
- */
-static void
-config_sspi_auth(const char *pgdata, const char *superuser_name)
-{
- const char *accountname,
- *domainname;
- char *errstr;
- bool have_ipv6;
- char fname[MAXPGPATH];
- int res;
- FILE *hba,
- *ident;
- _stringlist *sl;
-
- /* Find out the name of the current OS user */
- current_windows_user(&accountname, &domainname);
-
- /* Determine the bootstrap superuser's name */
- if (superuser_name == NULL)
- {
- /*
- * Compute the default superuser name the same way initdb does.
- *
- * It's possible that this result always matches "accountname", the
- * value SSPI authentication discovers. But the underlying system
- * functions do not clearly guarantee that.
- */
- superuser_name = get_user_name(&errstr);
- if (superuser_name == NULL)
- {
- fprintf(stderr, "%s: %s\n", progname, errstr);
- exit(2);
- }
- }
-
- /*
- * Like initdb.c:setup_config(), determine whether the platform recognizes
- * ::1 (IPv6 loopback) as a numeric host address string.
- */
- {
- struct addrinfo *gai_result;
- struct addrinfo hints;
- WSADATA wsaData;
-
- hints.ai_flags = AI_NUMERICHOST;
- hints.ai_family = AF_UNSPEC;
- hints.ai_socktype = 0;
- hints.ai_protocol = 0;
- hints.ai_addrlen = 0;
- hints.ai_canonname = NULL;
- hints.ai_addr = NULL;
- hints.ai_next = NULL;
-
- have_ipv6 = (WSAStartup(MAKEWORD(2, 2), &wsaData) == 0 &&
- getaddrinfo("::1", NULL, &hints, &gai_result) == 0);
- }
-
- /* Check a Write outcome and report any error. */
-#define CW(cond) \
- do { \
- if (!(cond)) \
- { \
- fprintf(stderr, _("%s: could not write to file \"%s\": %s\n"), \
- progname, fname, strerror(errno)); \
- exit(2); \
- } \
- } while (0)
-
- res = snprintf(fname, sizeof(fname), "%s/pg_hba.conf", pgdata);
- if (res < 0 || res >= sizeof(fname))
- {
- /*
- * Truncating this name is a fatal error, because we must not fail to
- * overwrite an original trust-authentication pg_hba.conf.
- */
- fprintf(stderr, _("%s: directory name too long\n"), progname);
- exit(2);
- }
- hba = fopen(fname, "w");
- if (hba == NULL)
- {
- fprintf(stderr, _("%s: could not open file \"%s\" for writing: %s\n"),
- progname, fname, strerror(errno));
- exit(2);
- }
- CW(fputs("# Configuration written by config_sspi_auth()\n", hba) >= 0);
- CW(fputs("host all all 127.0.0.1/32 sspi include_realm=1 map=regress\n",
- hba) >= 0);
- if (have_ipv6)
- CW(fputs("host all all ::1/128 sspi include_realm=1 map=regress\n",
- hba) >= 0);
- CW(fclose(hba) == 0);
-
- snprintf(fname, sizeof(fname), "%s/pg_ident.conf", pgdata);
- ident = fopen(fname, "w");
- if (ident == NULL)
- {
- fprintf(stderr, _("%s: could not open file \"%s\" for writing: %s\n"),
- progname, fname, strerror(errno));
- exit(2);
- }
- CW(fputs("# Configuration written by config_sspi_auth()\n", ident) >= 0);
-
- /*
- * Double-quote for the benefit of account names containing whitespace or
- * '#'. Windows forbids the double-quote character itself, so don't
- * bother escaping embedded double-quote characters.
- */
- CW(fprintf(ident, "regress \"%s@%s\" %s\n",
- accountname, domainname, fmtHba(superuser_name)) >= 0);
- for (sl = extraroles; sl; sl = sl->next)
- CW(fprintf(ident, "regress \"%s@%s\" %s\n",
- accountname, domainname, fmtHba(sl->str)) >= 0);
- CW(fclose(ident) == 0);
-}
-
-#endif /* ENABLE_SSPI */
-
/*
* psql_start_command, psql_add_command, psql_end_command
*
@@ -2039,7 +1862,6 @@ regression_main(int argc, char *argv[],
{NULL, 0, NULL, 0}
};
- bool use_unix_sockets;
_stringlist *sl;
int c;
int i;
@@ -2055,20 +1877,6 @@ regression_main(int argc, char *argv[],
atexit(stop_postmaster);
-#if defined(WIN32)
-
- /*
- * We don't use Unix-domain sockets on Windows by default (see comment at
- * remove_temp() for a reason). Override at your own risk.
- */
- use_unix_sockets = getenv("PG_TEST_USE_UNIX_SOCKETS") ? true : false;
-#else
- use_unix_sockets = true;
-#endif
-
- if (!use_unix_sockets)
- hostname = "localhost";
-
/*
* We call the initialization function here because that way we can set
* default parameters and let them be overwritten by the commandline.
@@ -2194,13 +2002,7 @@ regression_main(int argc, char *argv[],
}
if (config_auth_datadir)
- {
-#ifdef ENABLE_SSPI
- if (!use_unix_sockets)
- config_sspi_auth(config_auth_datadir, user);
-#endif
exit(0);
- }
if (temp_instance && !port_specified_by_user)
@@ -2319,18 +2121,6 @@ regression_main(int argc, char *argv[],
fclose(pg_conf);
-#ifdef ENABLE_SSPI
- if (!use_unix_sockets)
- {
- /*
- * Since we successfully used the same buffer for the much-longer
- * "initdb" command, this can't truncate.
- */
- snprintf(buf, sizeof(buf), "%s/data", temp_instance);
- config_sspi_auth(buf, NULL);
- }
-#endif
-
/*
* Check if there is a postmaster running already.
*/
--
2.38.1
From c4429b2ad41850b8e3a360d1093be8a57014a156 Mon Sep 17 00:00:00 2001
From: Thomas Munro <thomas.mu...@gmail.com>
Date: Fri, 19 Aug 2022 12:00:07 +1200
Subject: [PATCH 3/4] WIP: Stop using TCP in TAP tests on Windows.
Since Unix-domain sockets are available on our minimum target Windows
versions (10+), we can remove a source of instability and a point of
variation between Unix and Windows.
---
.cirrus.yml | 3 -
src/bin/pg_ctl/t/001_start_stop.pl | 13 +--
src/test/authentication/t/001_password.pl | 6 --
src/test/authentication/t/002_saslprep.pl | 7 --
src/test/authentication/t/003_peer.pl | 5 --
.../authentication/t/004_file_inclusion.pl | 5 --
src/test/perl/PostgreSQL/Test/Cluster.pm | 90 ++++---------------
src/test/perl/PostgreSQL/Test/Utils.pm | 9 +-
8 files changed, 19 insertions(+), 119 deletions(-)
diff --git a/.cirrus.yml b/.cirrus.yml
index f31923333e..e4aed541d8 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -502,9 +502,6 @@ WINDOWS_ENVIRONMENT_BASE: &WINDOWS_ENVIRONMENT_BASE
# git's tar doesn't deal with drive letters, see
# https://postgr.es/m/b6782dc3-a7b0-ed56-175f-f8f54cb08d67%40dunslane.net
TAR: "c:/windows/system32/tar.exe"
- # Avoids port conflicts between concurrent tap test runs
- PG_TEST_USE_UNIX_SOCKETS: 1
- PG_REGRESS_SOCK_DIR: "c:/cirrus/"
sysinfo_script: |
chcp
diff --git a/src/bin/pg_ctl/t/001_start_stop.pl b/src/bin/pg_ctl/t/001_start_stop.pl
index fdffd76d99..23f942a440 100644
--- a/src/bin/pg_ctl/t/001_start_stop.pl
+++ b/src/bin/pg_ctl/t/001_start_stop.pl
@@ -29,16 +29,9 @@ print $conf "port = $node_port\n";
print $conf PostgreSQL::Test::Utils::slurp_file($ENV{TEMP_CONFIG})
if defined $ENV{TEMP_CONFIG};
-if ($use_unix_sockets)
-{
- print $conf "listen_addresses = ''\n";
- $tempdir_short =~ s!\\!/!g if $PostgreSQL::Test::Utils::windows_os;
- print $conf "unix_socket_directories = '$tempdir_short'\n";
-}
-else
-{
- print $conf "listen_addresses = '127.0.0.1'\n";
-}
+print $conf "listen_addresses = ''\n";
+$tempdir_short =~ s!\\!/!g if $PostgreSQL::Test::Utils::windows_os;
+print $conf "unix_socket_directories = '$tempdir_short'\n";
close $conf;
my $ctlcmd = [
'pg_ctl', 'start', '-D', "$tempdir/data", '-l',
diff --git a/src/test/authentication/t/001_password.pl b/src/test/authentication/t/001_password.pl
index 42d3d4c79b..45d105717a 100644
--- a/src/test/authentication/t/001_password.pl
+++ b/src/test/authentication/t/001_password.pl
@@ -6,18 +6,12 @@
# - Plain
# - MD5-encrypted
# - SCRAM-encrypted
-# This test can only run with Unix-domain sockets.
use strict;
use warnings;
use PostgreSQL::Test::Cluster;
use PostgreSQL::Test::Utils;
use Test::More;
-if (!$use_unix_sockets)
-{
- plan skip_all =>
- "authentication tests cannot run without Unix-domain sockets";
-}
# Delete pg_hba.conf from the given node, add a new entry to it
# and then execute a reload to refresh it.
diff --git a/src/test/authentication/t/002_saslprep.pl b/src/test/authentication/t/002_saslprep.pl
index 5e87e21ee9..23849632c2 100644
--- a/src/test/authentication/t/002_saslprep.pl
+++ b/src/test/authentication/t/002_saslprep.pl
@@ -2,19 +2,12 @@
# Copyright (c) 2021-2022, PostgreSQL Global Development Group
# Test password normalization in SCRAM.
-#
-# This test can only run with Unix-domain sockets.
use strict;
use warnings;
use PostgreSQL::Test::Cluster;
use PostgreSQL::Test::Utils;
use Test::More;
-if (!$use_unix_sockets)
-{
- plan skip_all =>
- "authentication tests cannot run without Unix-domain sockets";
-}
# Delete pg_hba.conf from the given node, add a new entry to it
# and then execute a reload to refresh it.
diff --git a/src/test/authentication/t/003_peer.pl b/src/test/authentication/t/003_peer.pl
index 26c34d05d3..d9d8616e30 100644
--- a/src/test/authentication/t/003_peer.pl
+++ b/src/test/authentication/t/003_peer.pl
@@ -10,11 +10,6 @@ use warnings;
use PostgreSQL::Test::Cluster;
use PostgreSQL::Test::Utils;
use Test::More;
-if (!$use_unix_sockets)
-{
- plan skip_all =>
- "authentication tests cannot run without Unix-domain sockets";
-}
# Delete pg_hba.conf from the given node, add a new entry to it
# and then execute a reload to refresh it.
diff --git a/src/test/authentication/t/004_file_inclusion.pl b/src/test/authentication/t/004_file_inclusion.pl
index c420f3ebca..db4fcd962b 100644
--- a/src/test/authentication/t/004_file_inclusion.pl
+++ b/src/test/authentication/t/004_file_inclusion.pl
@@ -11,11 +11,6 @@ use PostgreSQL::Test::Utils;
use File::Basename qw(basename);
use Test::More;
use Data::Dumper;
-if (!$use_unix_sockets)
-{
- plan skip_all =>
- "authentication tests cannot run without Unix-domain sockets";
-}
# Stores the number of lines created for each file. hba_rule and ident_rule
# are used to respectively track pg_hba_file_rules.rule_number and
diff --git a/src/test/perl/PostgreSQL/Test/Cluster.pm b/src/test/perl/PostgreSQL/Test/Cluster.pm
index 7411188dc8..fdaed41f7b 100644
--- a/src/test/perl/PostgreSQL/Test/Cluster.pm
+++ b/src/test/perl/PostgreSQL/Test/Cluster.pm
@@ -116,7 +116,7 @@ use PostgreSQL::Test::Utils ();
use Time::HiRes qw(usleep);
use Scalar::Util qw(blessed);
-our ($use_tcp, $test_localhost, $test_pghost, $last_host_assigned,
+our ($test_pghost,
$last_port_assigned, @all_nodes, $died, $portdir);
# the minimum version we believe to be compatible with this package without
@@ -131,21 +131,11 @@ INIT
# Set PGHOST for backward compatibility. This doesn't work for own_host
# nodes, so prefer to not rely on this when writing new tests.
- $use_tcp = !$PostgreSQL::Test::Utils::use_unix_sockets;
- $test_localhost = "127.0.0.1";
- $last_host_assigned = 1;
- if ($use_tcp)
- {
- $test_pghost = $test_localhost;
- }
- else
- {
- # On windows, replace windows-style \ path separators with / when
- # putting socket directories either in postgresql.conf or libpq
- # connection strings, otherwise they are interpreted as escapes.
- $test_pghost = PostgreSQL::Test::Utils::tempdir_short;
- $test_pghost =~ s!\\!/!g if $PostgreSQL::Test::Utils::windows_os;
- }
+ # On windows, replace windows-style \ path separators with / when
+ # putting socket directories either in postgresql.conf or libpq
+ # connection strings, otherwise they are interpreted as escapes.
+ $test_pghost = PostgreSQL::Test::Utils::tempdir_short;
+ $test_pghost =~ s!\\!/!g if $PostgreSQL::Test::Utils::windows_os;
$ENV{PGHOST} = $test_pghost;
$ENV{PGDATABASE} = 'postgres';
@@ -470,12 +460,6 @@ sub set_replication_conf
open my $hba, '>>', "$pgdata/pg_hba.conf";
print $hba
"\n# Allow replication (set up by PostgreSQL::Test::Cluster.pm)\n";
- if ($PostgreSQL::Test::Utils::windows_os
- && !$PostgreSQL::Test::Utils::use_unix_sockets)
- {
- print $hba
- "host replication all $test_localhost/32 sspi include_realm=1 map=regress\n";
- }
close $hba;
return;
}
@@ -568,16 +552,8 @@ sub init
}
print $conf "port = $port\n";
- if ($use_tcp)
- {
- print $conf "unix_socket_directories = ''\n";
- print $conf "listen_addresses = '$host'\n";
- }
- else
- {
- print $conf "unix_socket_directories = '$host'\n";
- print $conf "listen_addresses = ''\n";
- }
+ print $conf "unix_socket_directories = '$host'\n";
+ print $conf "listen_addresses = ''\n";
close $conf;
chmod($self->group_access ? 0640 : 0600, "$pgdata/postgresql.conf")
@@ -796,15 +772,8 @@ sub init_from_backup
qq(
port = $port
));
- if ($use_tcp)
- {
- $self->append_conf('postgresql.conf', "listen_addresses = '$host'");
- }
- else
- {
- $self->append_conf('postgresql.conf',
- "unix_socket_directories = '$host'");
- }
+ $self->append_conf('postgresql.conf',
+ "unix_socket_directories = '$host'");
$self->enable_streaming($root_node) if $params{has_streaming};
$self->enable_restoring($root_node, $params{standby})
if $params{has_restoring};
@@ -1270,9 +1239,7 @@ sub new
else
{
# When selecting a port, we look for an unassigned TCP port number,
- # even if we intend to use only Unix-domain sockets. This is clearly
- # necessary on $use_tcp (Windows) configurations, and it seems like a
- # good idea on Unixen as well.
+ # even if we intend to use only Unix-domain sockets.
$port = get_free_port();
}
@@ -1280,17 +1247,8 @@ sub new
my $host = $test_pghost;
if ($params{own_host})
{
- if ($use_tcp)
- {
- $last_host_assigned++;
- $last_host_assigned > 254 and BAIL_OUT("too many own_host nodes");
- $host = '127.0.0.' . $last_host_assigned;
- }
- else
- {
- $host = "$test_pghost/$name"; # Assume $name =~ /^[-_a-zA-Z0-9]+$/
- mkdir $host;
- }
+ $host = "$test_pghost/$name"; # Assume $name =~ /^[-_a-zA-Z0-9]+$/
+ mkdir $host;
}
my $testname = basename($0);
@@ -1526,29 +1484,11 @@ sub get_free_port
}
# Check to see if anything else is listening on this TCP port.
- # Seek a port available for all possible listen_addresses values,
- # so callers can harness this port for the widest range of purposes.
- # The 0.0.0.0 test achieves that for MSYS, which automatically sets
- # SO_EXCLUSIVEADDRUSE. Testing 0.0.0.0 is insufficient for Windows
- # native Perl (https://stackoverflow.com/a/14388707), so we also
- # have to test individual addresses. Doing that for 127.0.0/24
- # addresses other than 127.0.0.1 might fail with EADDRNOTAVAIL on
- # non-Linux, non-Windows kernels.
- #
- # Thus, 0.0.0.0 and individual 127.0.0/24 addresses are tested
- # only on Windows and only when TCP usage is requested.
if ($found == 1)
{
- foreach my $addr (qw(127.0.0.1),
- ($use_tcp && $PostgreSQL::Test::Utils::windows_os)
- ? qw(127.0.0.2 127.0.0.3 0.0.0.0)
- : ())
+ if (!can_bind(qw(127.0.0.1), $port))
{
- if (!can_bind($addr, $port))
- {
- $found = 0;
- last;
- }
+ $found = 0;
}
$found = _reserve_port($port) if $found;
}
diff --git a/src/test/perl/PostgreSQL/Test/Utils.pm b/src/test/perl/PostgreSQL/Test/Utils.pm
index b139190cc8..631d8bd362 100644
--- a/src/test/perl/PostgreSQL/Test/Utils.pm
+++ b/src/test/perl/PostgreSQL/Test/Utils.pm
@@ -88,10 +88,9 @@ our @EXPORT = qw(
$windows_os
$is_msys2
- $use_unix_sockets
);
-our ($windows_os, $is_msys2, $use_unix_sockets, $timeout_default,
+our ($windows_os, $is_msys2, $timeout_default,
$tmp_check, $log_path, $test_logfile);
BEGIN
@@ -153,12 +152,6 @@ BEGIN
Win32API::File->import(qw(createFile OsFHandleOpen CloseHandle));
}
- # Specifies whether to use Unix sockets for test setups. On
- # Windows we don't use them by default since it's not universally
- # supported, but it can be overridden if desired.
- $use_unix_sockets =
- (!$windows_os || defined $ENV{PG_TEST_USE_UNIX_SOCKETS});
-
$timeout_default = $ENV{PG_TEST_TIMEOUT_DEFAULT};
$timeout_default = 180
if not defined $timeout_default or $timeout_default eq '';
--
2.38.1
From e645cc2ab80450b18227931082beefc2bb8ffb0a Mon Sep 17 00:00:00 2001
From: Thomas Munro <thomas.mu...@gmail.com>
Date: Mon, 15 Aug 2022 10:43:13 +1200
Subject: [PATCH 4/4] Doc: Abstract AF_UNIX sockets don't work on Windows after
all.
An early release of AF_UNIX in Windows might have supported Linux-style
"abstract" Unix sockets with a system-wide namespace, but they do not
seem to work in current Windows versions and there is no mention of any
of this in the Winsock documentation. Remove the claim that it works
from our documentation.
Back-patch to 14, where commit c9f0624b landed.
Discussion: https://postgr.es/m/20220813223646.oh2dkjrkj7jn7dpe%40awork3.anarazel.de
---
doc/src/sgml/config.sgml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index 39d1c89e33..55286375dc 100644
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -759,7 +759,7 @@ include_dir 'conf.d'
<para>
A value that starts with <literal>@</literal> specifies that a
Unix-domain socket in the abstract namespace should be created
- (currently supported on Linux and Windows). In that case, this value
+ (currently supported on Linux). In that case, this value
does not specify a <quote>directory</quote> but a prefix from which
the actual socket name is computed in the same manner as for the
file-system namespace. While the abstract socket name prefix can be
--
2.38.1
