Postgres Pro
Downloads
Home   >   mailing lists

Re: Patch: update Bonjour support to the newer non-deprecated API - Mailing list pgsql-hackers

From Alvaro Herrera
Subject Re: Patch: update Bonjour support to the newer non-deprecated API
Date
Msg-id 20090907170918.GN8894@alvh.no-ip.org
Whole thread Raw
In response to Re: Patch: update Bonjour support to the newer non-deprecated API  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Patch: update Bonjour support to the newer non-deprecated API
Re: Patch: update Bonjour support to the newer non-deprecated API
List pgsql-hackers
Tree view 
Tom Lane wrote:
> Alvaro Herrera <alvherre@commandprompt.com> writes:
> > *** WARNING *** The program 'postgres' uses the Apple Bonjour compatibility layer of Avahi.
> > *** WARNING *** Please fix your application to use the native API of Avahi!
> > *** WARNING *** For more information see <http://0pointer.de/avahi-compat?s=libdns_sd&e=postgres>
> > LOG:  DNSServiceRegister() failed: error code -65540
> 
> Hmm, I read in their documentation that the dns_sd.h interface was
> deprecated, but not that it had been intentionally disabled.
> Seems like they want to drive users away rather than attract them.

I think it is supposed to work; the code suggests that it should.  I
can't quite find out what the error number is supposed to mean though.
The source is here:
http://avahi.sourcearchive.com/documentation/0.6.25-1ubuntu1/avahi-compat-libdns__sd_2compat_8c-source.html

... ah!  here it is -- BadParam:
http://avahi.sourcearchive.com/documentation/0.6.25-1ubuntu1/dns__sd_8h-source.html


> The patch as I gave it intentionally didn't change any user-visible
> behavior, but one thing that is bothering me is that if USE_BONJOUR
> is selected, the postmaster will *always* try to advertise itself
> via DNS-SD.  There's no provision for enabling the feature or not
> at run time, which is a bad thing for packagers: they have to decide
> for their users whether to turn it on.  There was discussion in
> connection with the Avahi patch last year to the effect that some
> people thought advertising the postmaster might be a security issue
> for them.  So I'm thinking we ought to fix that while we're messing
> with it.
> 
> The two possibilities for that seem to be to change the meaning of
> bonjour_name = '' (have it mean "no advertisement" instead of
> "default to service name = computer's name"), or to add a separate
> boolean GUC.  If the latter, is the default 'on' or 'off'?  Opinions?

I have a mild preference towards having a new GUC to shut it off
explicitely; and the default should be off to avoid the possible
security hole (equivalent to having listen_addresses default to
localhost, I think.  On the other hand, if listen_addresses is set to
that, there is no security hole.  I assume we're only publishing on
addresses we're listening on, not all addresses?)

-- 
Alvaro Herrera                                http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

pgsql-hackers by date:

Previous
From: David Fetter
Date:
Subject: Re: Triggers on columns
Next
From: David Fetter
Date:
Subject: Re: Patch: update Bonjour support to the newer non-deprecated API