27aa74
Back-port of upstream 9.3 patch to support multiple sockets
27aa74
(upstream git commits c9b0cbe98bd783e24a8c4d8d8ac472a494b81292 and
27aa74
d2286a98ef3fb88bafb57381b4c20b8b878827f1, plus updates of derived
27aa74
documentation files).
27aa74
27aa74
Note the patch also touches html-stamp and man-stamp in doc/src/sgml/;
27aa74
this is to keep the makefiles from trying to rebuild the derived doc
27aa74
files.  We don't want that to happen because the BuildRequires for the
27aa74
package don't include the necessary documentation tools.  Those diff
27aa74
hunks *must be at the end* so that those files are newer than the
27aa74
master doc files.
27aa74
5a600b
diff --git a/contrib/pg_upgrade/server.c b/contrib/pg_upgrade/server.c
5a600b
index 0940e00..c5ecb84 100644
5a600b
--- a/contrib/pg_upgrade/server.c
5a600b
+++ b/contrib/pg_upgrade/server.c
5a600b
@@ -197,7 +197,8 @@ start_postmaster(ClusterInfo *cluster)
27aa74
 		snprintf(socket_string + strlen(socket_string),
27aa74
 				 sizeof(socket_string) - strlen(socket_string),
27aa74
 				 " -c %s='%s'",
27aa74
-				 (GET_MAJOR_VERSION(cluster->major_version) < 903) ?
27aa74
+	/* assume 9.1 build will not have unix_socket_directories patch */
27aa74
+				 (GET_MAJOR_VERSION(cluster->major_version) < 902) ?
27aa74
 				 "unix_socket_directory" : "unix_socket_directories",
27aa74
 				 cluster->sockdir);
27aa74
 #endif
5a600b
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
5a600b
index b9664cb..94e166d 100644
5a600b
--- a/doc/src/sgml/client-auth.sgml
5a600b
+++ b/doc/src/sgml/client-auth.sgml
5a600b
@@ -838,7 +838,7 @@ omicron         bryanh                  guest1
27aa74
     <varname>unix_socket_permissions</varname> (and possibly
27aa74
     <varname>unix_socket_group</varname>) configuration parameters as
27aa74
     described in <xref linkend="runtime-config-connection">.  Or you
27aa74
-    could set the <varname>unix_socket_directory</varname>
27aa74
+    could set the <varname>unix_socket_directories</varname>
27aa74
     configuration parameter to place the socket file in a suitably
27aa74
     restricted directory.
27aa74
    </para>
5a600b
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
5a600b
index 51d7da9..cb5c5d2 100644
5a600b
--- a/doc/src/sgml/config.sgml
5a600b
+++ b/doc/src/sgml/config.sgml
5a600b
@@ -453,17 +453,24 @@ SET ENABLE_SEQSCAN TO OFF;
27aa74
       </listitem>
27aa74
      </varlistentry>
27aa74
 
27aa74
-     <varlistentry id="guc-unix-socket-directory" xreflabel="unix_socket_directory">
27aa74
-      <term><varname>unix_socket_directory</varname> (<type>string</type>)</term>
27aa74
+     <varlistentry id="guc-unix-socket-directories" xreflabel="unix_socket_directories">
27aa74
+      <term><varname>unix_socket_directories</varname> (<type>string</type>)</term>
27aa74
       <indexterm>
27aa74
-       <primary><varname>unix_socket_directory configuration parameter</primary>
27aa74
+       <primary><varname>unix_socket_directories configuration parameter</primary>
27aa74
       </indexterm>
27aa74
       <listitem>
27aa74
        <para>
27aa74
-        Specifies the directory of the Unix-domain socket on which the
27aa74
-        server is to listen for
27aa74
-        connections from client applications.  The default is normally
27aa74
-        <filename>/tmp</filename>, but can be changed at build time.
27aa74
+        Specifies the directory of the Unix-domain socket(s) on which the
27aa74
+        server is to listen for connections from client applications.
27aa74
+        Multiple sockets can be created by listing multiple directories
27aa74
+        separated by commas.  Whitespace between entries is
27aa74
+        ignored; surround a directory name with double quotes if you need
27aa74
+        to include whitespace or commas in the name.
27aa74
+        An empty value
27aa74
+        specifies not listening on any Unix-domain sockets, in which case
27aa74
+        only TCP/IP sockets can be used to connect to the server.
27aa74
+        The default value is normally
27aa74
+        <filename>/tmp</filename>, but that can be changed at build time.
27aa74
         This parameter can only be set at server start.
27aa74
        </para>
27aa74
 
5a600b
@@ -472,8 +479,8 @@ SET ENABLE_SEQSCAN TO OFF;
27aa74
         <literal>.s.PGSQL.<replaceable>nnnn</literal> where
27aa74
         <replaceable>nnnn is the server's port number, an ordinary file
27aa74
         named <literal>.s.PGSQL.<replaceable>nnnn.lock</literal> will be
27aa74
-        created in the <varname>unix_socket_directory directory.  Neither
27aa74
-        file should ever be removed manually.
27aa74
+        created in each of the <varname>unix_socket_directories directories.
27aa74
+        Neither file should ever be removed manually.
27aa74
        </para>
27aa74
 
27aa74
        <para>
5a600b
@@ -490,8 +497,8 @@ SET ENABLE_SEQSCAN TO OFF;
27aa74
       </indexterm>
27aa74
       <listitem>
27aa74
        <para>
27aa74
-        Sets the owning group of the Unix-domain socket.  (The owning
27aa74
-        user of the socket is always the user that starts the
27aa74
+        Sets the owning group of the Unix-domain socket(s).  (The owning
27aa74
+        user of the sockets is always the user that starts the
27aa74
         server.)  In combination with the parameter
27aa74
         <varname>unix_socket_permissions</varname> this can be used as
27aa74
         an additional access control mechanism for Unix-domain connections.
5a600b
@@ -514,7 +521,7 @@ SET ENABLE_SEQSCAN TO OFF;
27aa74
       </indexterm>
27aa74
       <listitem>
27aa74
        <para>
27aa74
-        Sets the access permissions of the Unix-domain socket.  Unix-domain
27aa74
+        Sets the access permissions of the Unix-domain socket(s).  Unix-domain
27aa74
         sockets use the usual Unix file system permission set.
27aa74
         The parameter value is expected to be a numeric mode
27aa74
         specified in the format accepted by the
5a600b
@@ -6624,7 +6631,7 @@ LOG:  CleanUpLock: deleting: lock(0xb7acd844) id(24688,24696,0,0,0,1)
27aa74
        </row>
27aa74
        <row>
27aa74
         <entry><option>-k <replaceable>x</replaceable></option></entry>
27aa74
-        <entry><literal>unix_socket_directory = <replaceable>x</replaceable></entry>
27aa74
+        <entry><literal>unix_socket_directories = <replaceable>x</replaceable></entry>
27aa74
        </row>
27aa74
        <row>
27aa74
         <entry><option>-l</option></entry>
5a600b
diff --git a/doc/src/sgml/html/app-postgres.html b/doc/src/sgml/html/app-postgres.html
5a600b
index b1f4e31..b6359a8 100644
5a600b
--- a/doc/src/sgml/html/app-postgres.html
5a600b
+++ b/doc/src/sgml/html/app-postgres.html
5a600b
@@ -574,11 +574,19 @@ CLASS="REPLACEABLE"
27aa74
 CLASS="COMMAND"
27aa74
 >postgres
27aa74
 > is to listen for
27aa74
-        connections from client applications.  The default is normally
27aa74
+        connections from client applications.  The value can also be a
27aa74
+        comma-separated list of directories.  An empty value
27aa74
+        specifies not listening on any Unix-domain sockets, in which case
27aa74
+        only TCP/IP sockets can be used to connect to the server.
27aa74
+        The default value is normally
27aa74
         
27aa74
 CLASS="FILENAME"
27aa74
 >/tmp
27aa74
->, but can be changed at build time.
27aa74
+>, but that can be changed at build time.
27aa74
+        Specifying this option is equivalent to setting the 
27aa74
+HREF="runtime-config-connection.html#GUC-UNIX-SOCKET-DIRECTORIES"
27aa74
+>unix_socket_directories
27aa74
+> configuration parameter.
27aa74
        
27aa74
 >
27aa74
 >
5a600b
diff --git a/doc/src/sgml/html/auth-methods.html b/doc/src/sgml/html/auth-methods.html
5a600b
index ab544a9..e1225d1 100644
5a600b
--- a/doc/src/sgml/html/auth-methods.html
5a600b
+++ b/doc/src/sgml/html/auth-methods.html
5a600b
@@ -161,7 +161,7 @@ HREF="runtime-config-connection.html"
27aa74
 >.  Or you
27aa74
     could set the 
27aa74
 CLASS="VARNAME"
27aa74
->unix_socket_directory
27aa74
+>unix_socket_directories
27aa74
 >
27aa74
     configuration parameter to place the socket file in a suitably
27aa74
     restricted directory.
5a600b
diff --git a/doc/src/sgml/html/bookindex.html b/doc/src/sgml/html/bookindex.html
5a600b
index 5e25f95..1562ffe 100644
5a600b
--- a/doc/src/sgml/html/bookindex.html
5a600b
+++ b/doc/src/sgml/html/bookindex.html
5a600b
@@ -17250,7 +17250,7 @@ HREF="xfunc-c.html#DFUNC"
27aa74
 >
27aa74
 >
27aa74
 >
27aa74
->unix_socket_directory configuration parameter,
27aa74
+>unix_socket_directories configuration parameter,
27aa74
     
27aa74
 HREF="runtime-config-connection.html#RUNTIME-CONFIG-CONNECTION-SETTINGS"
27aa74
 >Connection Settings
5a600b
diff --git a/doc/src/sgml/html/preventing-server-spoofing.html b/doc/src/sgml/html/preventing-server-spoofing.html
5a600b
index 77d11ab..6abc511 100644
5a600b
--- a/doc/src/sgml/html/preventing-server-spoofing.html
5a600b
+++ b/doc/src/sgml/html/preventing-server-spoofing.html
5a600b
@@ -115,8 +115,8 @@ CLASS="LITERAL"
27aa74
 >local
27aa74
 >
27aa74
    connections is to use a Unix domain socket directory (
27aa74
-HREF="runtime-config-connection.html#GUC-UNIX-SOCKET-DIRECTORY"
27aa74
->unix_socket_directory
27aa74
+HREF="runtime-config-connection.html#GUC-UNIX-SOCKET-DIRECTORIES"
27aa74
+>unix_socket_directories
27aa74
 >) that has write permission only
27aa74
    for a trusted local user.  This prevents a malicious user from creating
27aa74
    their own socket file in that directory.  If you are concerned that
5a600b
diff --git a/doc/src/sgml/html/runtime-config-connection.html b/doc/src/sgml/html/runtime-config-connection.html
5a600b
index 74f096e..0ba6987 100644
5a600b
--- a/doc/src/sgml/html/runtime-config-connection.html
5a600b
+++ b/doc/src/sgml/html/runtime-config-connection.html
5a600b
@@ -274,24 +274,31 @@ CLASS="VARNAME"
27aa74
 >
27aa74
 >
27aa74
 >
27aa74
-NAME="GUC-UNIX-SOCKET-DIRECTORY"
27aa74
+NAME="GUC-UNIX-SOCKET-DIRECTORIES"
27aa74
 >
27aa74
 >
27aa74
 CLASS="VARNAME"
27aa74
->unix_socket_directory
27aa74
+>unix_socket_directories
27aa74
 > (
27aa74
 CLASS="TYPE"
27aa74
 >string
27aa74
 >)
27aa74
 >
27aa74
 >
27aa74
->        Specifies the directory of the Unix-domain socket on which the
27aa74
-        server is to listen for
27aa74
-        connections from client applications.  The default is normally
27aa74
+>        Specifies the directory of the Unix-domain socket(s) on which the
27aa74
+        server is to listen for connections from client applications.
27aa74
+        Multiple sockets can be created by listing multiple directories
27aa74
+        separated by commas.  Whitespace between entries is
27aa74
+        ignored; surround a directory name with double quotes if you need
27aa74
+        to include whitespace or commas in the name.
27aa74
+        An empty value
27aa74
+        specifies not listening on any Unix-domain sockets, in which case
27aa74
+        only TCP/IP sockets can be used to connect to the server.
27aa74
+        The default value is normally
27aa74
         
27aa74
 CLASS="FILENAME"
27aa74
 >/tmp
27aa74
->, but can be changed at build time.
27aa74
+>, but that can be changed at build time.
27aa74
         This parameter can only be set at server start.
27aa74
        
27aa74
 >
5a600b
@@ -320,11 +327,11 @@ CLASS="REPLACEABLE"
27aa74
 >
27aa74
 >.lock
27aa74
 > will be
27aa74
-        created in the 
27aa74
+        created in each of the 
27aa74
 CLASS="VARNAME"
27aa74
->unix_socket_directory
27aa74
-> directory.  Neither
27aa74
-        file should ever be removed manually.
27aa74
+>unix_socket_directories
27aa74
+> directories.
27aa74
+        Neither file should ever be removed manually.
27aa74
        
27aa74
 >
27aa74
 >        This parameter is irrelevant on Windows, which does not have
5a600b
@@ -344,8 +351,8 @@ CLASS="TYPE"
27aa74
 >)
27aa74
 >
27aa74
 >
27aa74
->        Sets the owning group of the Unix-domain socket.  (The owning
27aa74
-        user of the socket is always the user that starts the
27aa74
+>        Sets the owning group of the Unix-domain socket(s).  (The owning
27aa74
+        user of the sockets is always the user that starts the
27aa74
         server.)  In combination with the parameter
27aa74
         
27aa74
 CLASS="VARNAME"
5a600b
@@ -374,7 +381,7 @@ CLASS="TYPE"
27aa74
 >)
27aa74
 >
27aa74
 >
27aa74
->        Sets the access permissions of the Unix-domain socket.  Unix-domain
27aa74
+>        Sets the access permissions of the Unix-domain socket(s).  Unix-domain
27aa74
         sockets use the usual Unix file system permission set.
27aa74
         The parameter value is expected to be a numeric mode
27aa74
         specified in the format accepted by the
5a600b
diff --git a/doc/src/sgml/html/runtime-config-short.html b/doc/src/sgml/html/runtime-config-short.html
5a600b
index 8c39c2f..f0d7080 100644
5a600b
--- a/doc/src/sgml/html/runtime-config-short.html
5a600b
+++ b/doc/src/sgml/html/runtime-config-short.html
5a600b
@@ -330,7 +330,7 @@ CLASS="REPLACEABLE"
27aa74
 >
27aa74
 >
27aa74
 CLASS="LITERAL"
27aa74
->unix_socket_directory = 
27aa74
+>unix_socket_directories = 
27aa74
 CLASS="REPLACEABLE"
27aa74
 >
27aa74
 >x
5a600b
diff --git a/doc/src/sgml/man1/postgres.1 b/doc/src/sgml/man1/postgres.1
5a600b
index 6ec18ee..3378dde 100644
5a600b
--- a/doc/src/sgml/man1/postgres.1
5a600b
+++ b/doc/src/sgml/man1/postgres.1
5a600b
@@ -195,8 +195,10 @@ directly\&.
27aa74
 .RS 4
27aa74
 Specifies the directory of the Unix\-domain socket on which
27aa74
 \fBpostgres\fR
27aa74
-is to listen for connections from client applications\&. The default is normally
27aa74
-/tmp, but can be changed at build time\&.
27aa74
+is to listen for connections from client applications\&. The value can also be a comma\-separated list of directories\&. An empty value specifies not listening on any Unix\-domain sockets, in which case only TCP/IP sockets can be used to connect to the server\&. The default value is normally
27aa74
+/tmp, but that can be changed at build time\&. Specifying this option is equivalent to setting the
27aa74
+unix_socket_directories
27aa74
+configuration parameter\&.
27aa74
 .RE
27aa74
 .PP
27aa74
 \fB\-l\fR
5a600b
diff --git a/doc/src/sgml/ref/postgres-ref.sgml b/doc/src/sgml/ref/postgres-ref.sgml
5a600b
index 4e5cd02..a1f36e1 100644
5a600b
--- a/doc/src/sgml/ref/postgres-ref.sgml
5a600b
+++ b/doc/src/sgml/ref/postgres-ref.sgml
5a600b
@@ -254,8 +254,14 @@ PostgreSQL documentation
27aa74
        <para>
27aa74
         Specifies the directory of the Unix-domain socket on which
27aa74
         <command>postgres</command> is to listen for
27aa74
-        connections from client applications.  The default is normally
27aa74
-        <filename>/tmp</filename>, but can be changed at build time.
27aa74
+        connections from client applications.  The value can also be a
27aa74
+        comma-separated list of directories.  An empty value
27aa74
+        specifies not listening on any Unix-domain sockets, in which case
27aa74
+        only TCP/IP sockets can be used to connect to the server.
27aa74
+        The default value is normally
27aa74
+        <filename>/tmp</filename>, but that can be changed at build time.
27aa74
+        Specifying this option is equivalent to setting the 
27aa74
+        linkend="guc-unix-socket-directories"> configuration parameter.
27aa74
        </para>
27aa74
       </listitem>
27aa74
      </varlistentry>
5a600b
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
5a600b
index cfd3532..e6c9eaa 100644
5a600b
--- a/doc/src/sgml/runtime.sgml
5a600b
+++ b/doc/src/sgml/runtime.sgml
5a600b
@@ -1800,7 +1800,7 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
27aa74
   <para>
27aa74
    The simplest way to prevent spoofing for <literal>local
27aa74
    connections is to use a Unix domain socket directory (
27aa74
-   linkend="guc-unix-socket-directory">) that has write permission only
27aa74
+   linkend="guc-unix-socket-directories">) that has write permission only
27aa74
    for a trusted local user.  This prevents a malicious user from creating
27aa74
    their own socket file in that directory.  If you are concerned that
27aa74
    some applications might still reference <filename>/tmp for the
5a600b
diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c
5a600b
index aeeffd7..b7e0d09 100644
5a600b
--- a/src/backend/libpq/pqcomm.c
5a600b
+++ b/src/backend/libpq/pqcomm.c
27aa74
@@ -42,7 +42,7 @@
27aa74
  *		StreamServerPort	- Open postmaster's server port
27aa74
  *		StreamConnection	- Create new connection with client
27aa74
  *		StreamClose			- Close a client/backend connection
27aa74
- *		TouchSocketFile		- Protect socket file against /tmp cleaners
27aa74
+ *		TouchSocketFiles	- Protect socket files against /tmp cleaners
27aa74
  *		pq_init			- initialize libpq at backend startup
27aa74
  *		pq_comm_reset	- reset libpq during error recovery
27aa74
  *		pq_close		- shutdown libpq at backend exit
5a600b
@@ -103,8 +103,8 @@ int			Unix_socket_permissions;
27aa74
 char	   *Unix_socket_group;
27aa74
 
27aa74
 
27aa74
-/* Where the Unix socket file is */
27aa74
-static char sock_path[MAXPGPATH];
27aa74
+/* Where the Unix socket files are (list of palloc'd strings) */
27aa74
+static List *sock_paths = NIL;
27aa74
 
27aa74
 
27aa74
 /*
5a600b
@@ -141,8 +141,8 @@ static int	internal_flush(void);
27aa74
 static void pq_set_nonblocking(bool nonblocking);
27aa74
 
27aa74
 #ifdef HAVE_UNIX_SOCKETS
27aa74
-static int	Lock_AF_UNIX(unsigned short portNumber, char *unixSocketName);
27aa74
-static int	Setup_AF_UNIX(void);
27aa74
+static int	Lock_AF_UNIX(char *unixSocketDir, char *unixSocketPath);
27aa74
+static int	Setup_AF_UNIX(char *sock_path);
27aa74
 #endif   /* HAVE_UNIX_SOCKETS */
27aa74
 
27aa74
 
5a600b
@@ -236,29 +236,43 @@ pq_close(int code, Datum arg)
27aa74
 
27aa74
 /* StreamDoUnlink()
27aa74
  * Shutdown routine for backend connection
27aa74
- * If a Unix socket is used for communication, explicitly close it.
27aa74
+ * If any Unix sockets are used for communication, explicitly close them.
27aa74
  */
27aa74
 #ifdef HAVE_UNIX_SOCKETS
27aa74
 static void
27aa74
 StreamDoUnlink(int code, Datum arg)
27aa74
 {
27aa74
-	Assert(sock_path[0]);
27aa74
-	unlink(sock_path);
27aa74
+	ListCell   *l;
27aa74
+
27aa74
+	/* Loop through all created sockets... */
27aa74
+	foreach(l, sock_paths)
27aa74
+	{
27aa74
+		char	   *sock_path = (char *) lfirst(l);
27aa74
+
27aa74
+		unlink(sock_path);
27aa74
+	}
27aa74
+	/* Since we're about to exit, no need to reclaim storage */
27aa74
+	sock_paths = NIL;
27aa74
 }
27aa74
 #endif   /* HAVE_UNIX_SOCKETS */
27aa74
 
27aa74
 /*
27aa74
  * StreamServerPort -- open a "listening" port to accept connections.
27aa74
  *
27aa74
- * Successfully opened sockets are added to the ListenSocket[] array,
27aa74
- * at the first position that isn't PGINVALID_SOCKET.
27aa74
+ * family should be AF_UNIX or AF_UNSPEC; portNumber is the port number.
27aa74
+ * For AF_UNIX ports, hostName should be NULL and unixSocketDir must be
27aa74
+ * specified.  For TCP ports, hostName is either NULL for all interfaces or
27aa74
+ * the interface to listen on, and unixSocketDir is ignored (can be NULL).
27aa74
+ *
27aa74
+ * Successfully opened sockets are added to the ListenSocket[] array (of
27aa74
+ * length MaxListen), at the first position that isn't PGINVALID_SOCKET.
27aa74
  *
27aa74
  * RETURNS: STATUS_OK or STATUS_ERROR
27aa74
  */
27aa74
 
27aa74
 int
27aa74
 StreamServerPort(int family, char *hostName, unsigned short portNumber,
27aa74
-				 char *unixSocketName,
27aa74
+				 char *unixSocketDir,
27aa74
 				 pgsocket ListenSocket[], int MaxListen)
27aa74
 {
27aa74
 	pgsocket	fd;
5a600b
@@ -275,6 +289,9 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber,
27aa74
 	int			listen_index = 0;
27aa74
 	int			added = 0;
27aa74
 
27aa74
+#ifdef HAVE_UNIX_SOCKETS
27aa74
+	char		unixSocketPath[MAXPGPATH];
27aa74
+#endif
27aa74
 #if !defined(WIN32) || defined(IPV6_V6ONLY)
27aa74
 	int			one = 1;
27aa74
 #endif
5a600b
@@ -288,10 +305,22 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber,
27aa74
 #ifdef HAVE_UNIX_SOCKETS
27aa74
 	if (family == AF_UNIX)
27aa74
 	{
27aa74
-		/* Lock_AF_UNIX will also fill in sock_path. */
27aa74
-		if (Lock_AF_UNIX(portNumber, unixSocketName) != STATUS_OK)
27aa74
+		/*
27aa74
+		 * Create unixSocketPath from portNumber and unixSocketDir and lock
27aa74
+		 * that file path
27aa74
+		 */
27aa74
+		UNIXSOCK_PATH(unixSocketPath, portNumber, unixSocketDir);
27aa74
+		if (strlen(unixSocketPath) >= UNIXSOCK_PATH_BUFLEN)
27aa74
+		{
27aa74
+			ereport(LOG,
27aa74
+					(errmsg("Unix-domain socket path \"%s\" is too long (maximum %d bytes)",
27aa74
+							unixSocketPath,
27aa74
+							(int) (UNIXSOCK_PATH_BUFLEN - 1))));
27aa74
 			return STATUS_ERROR;
27aa74
-		service = sock_path;
5a600b
+		}
5a600b
+		if (Lock_AF_UNIX(unixSocketDir, unixSocketPath) != STATUS_OK)
5a600b
+			return STATUS_ERROR;
27aa74
+		service = unixSocketPath;
27aa74
 	}
27aa74
 	else
27aa74
 #endif   /* HAVE_UNIX_SOCKETS */
5a600b
@@ -434,7 +463,7 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber,
27aa74
 					 (IS_AF_UNIX(addr->ai_family)) ?
27aa74
 				  errhint("Is another postmaster already running on port %d?"
27aa74
 						  " If not, remove socket file \"%s\" and retry.",
27aa74
-						  (int) portNumber, sock_path) :
27aa74
+						  (int) portNumber, service) :
27aa74
 				  errhint("Is another postmaster already running on port %d?"
27aa74
 						  " If not, wait a few seconds and retry.",
27aa74
 						  (int) portNumber)));
5a600b
@@ -445,7 +474,7 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber,
27aa74
 #ifdef HAVE_UNIX_SOCKETS
27aa74
 		if (addr->ai_family == AF_UNIX)
27aa74
 		{
27aa74
-			if (Setup_AF_UNIX() != STATUS_OK)
27aa74
+			if (Setup_AF_UNIX(service) != STATUS_OK)
27aa74
 			{
27aa74
 				closesocket(fd);
27aa74
 				break;
5a600b
@@ -492,18 +521,8 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber,
27aa74
  * Lock_AF_UNIX -- configure unix socket file path
27aa74
  */
27aa74
 static int
27aa74
-Lock_AF_UNIX(unsigned short portNumber, char *unixSocketName)
27aa74
+Lock_AF_UNIX(char *unixSocketDir, char *unixSocketPath)
27aa74
 {
27aa74
-	UNIXSOCK_PATH(sock_path, portNumber, unixSocketName);
27aa74
-	if (strlen(sock_path) >= UNIXSOCK_PATH_BUFLEN)
27aa74
-	{
27aa74
-		ereport(LOG,
27aa74
-				(errmsg("Unix-domain socket path \"%s\" is too long (maximum %d bytes)",
27aa74
-						sock_path,
27aa74
-						(int) (UNIXSOCK_PATH_BUFLEN - 1))));
27aa74
-		return STATUS_ERROR;
27aa74
-	}
27aa74
-
27aa74
 	/*
27aa74
 	 * Grab an interlock file associated with the socket file.
27aa74
 	 *
5a600b
@@ -512,13 +531,23 @@ Lock_AF_UNIX(unsigned short portNumber, char *unixSocketName)
27aa74
 	 * more portable, and second, it lets us remove any pre-existing socket
27aa74
 	 * file without race conditions.
27aa74
 	 */
27aa74
-	CreateSocketLockFile(sock_path, true);
27aa74
+	CreateSocketLockFile(unixSocketPath, true, unixSocketDir);
27aa74
 
27aa74
 	/*
27aa74
 	 * Once we have the interlock, we can safely delete any pre-existing
27aa74
 	 * socket file to avoid failure at bind() time.
27aa74
 	 */
27aa74
-	unlink(sock_path);
27aa74
+	unlink(unixSocketPath);
27aa74
+
27aa74
+	/*
27aa74
+	 * Arrange to unlink the socket file(s) at proc_exit.  If this is the
27aa74
+	 * first one, set up the on_proc_exit function to do it; then add this
27aa74
+	 * socket file to the list of files to unlink.
27aa74
+	 */
27aa74
+	if (sock_paths == NIL)
27aa74
+		on_proc_exit(StreamDoUnlink, 0);
27aa74
+
27aa74
+	sock_paths = lappend(sock_paths, pstrdup(unixSocketPath));
27aa74
 
27aa74
 	return STATUS_OK;
27aa74
 }
5a600b
@@ -528,11 +557,8 @@ Lock_AF_UNIX(unsigned short portNumber, char *unixSocketName)
27aa74
  * Setup_AF_UNIX -- configure unix socket permissions
27aa74
  */
27aa74
 static int
27aa74
-Setup_AF_UNIX(void)
27aa74
+Setup_AF_UNIX(char *sock_path)
27aa74
 {
27aa74
-	/* Arrange to unlink the socket file at exit */
27aa74
-	on_proc_exit(StreamDoUnlink, 0);
27aa74
-
27aa74
 	/*
27aa74
 	 * Fix socket ownership/permission if requested.  Note we must do this
27aa74
 	 * before we listen() to avoid a window where unwanted connections could
5a600b
@@ -714,20 +740,24 @@ StreamClose(pgsocket sock)
27aa74
 }
27aa74
 
27aa74
 /*
27aa74
- * TouchSocketFile -- mark socket file as recently accessed
27aa74
+ * TouchSocketFiles -- mark socket files as recently accessed
27aa74
  *
27aa74
  * This routine should be called every so often to ensure that the socket
27aa74
- * file has a recent mod date (ordinary operations on sockets usually won't
27aa74
- * change the mod date).  That saves it from being removed by
27aa74
+ * files have a recent mod date (ordinary operations on sockets usually won't
27aa74
+ * change the mod date).  That saves them from being removed by
27aa74
  * overenthusiastic /tmp-directory-cleaner daemons.  (Another reason we should
27aa74
  * never have put the socket file in /tmp...)
27aa74
  */
27aa74
 void
27aa74
-TouchSocketFile(void)
27aa74
+TouchSocketFiles(void)
27aa74
 {
27aa74
-	/* Do nothing if we did not create a socket... */
27aa74
-	if (sock_path[0] != '\0')
27aa74
+	ListCell   *l;
27aa74
+
27aa74
+	/* Loop through all created sockets... */
27aa74
+	foreach(l, sock_paths)
27aa74
 	{
27aa74
+		char	   *sock_path = (char *) lfirst(l);
27aa74
+
27aa74
 		/*
27aa74
 		 * utime() is POSIX standard, utimes() is a common alternative. If we
27aa74
 		 * have neither, there's no way to affect the mod or access time of
5a600b
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
5a600b
index 07aca31..e84a18c 100644
5a600b
--- a/src/backend/postmaster/postmaster.c
5a600b
+++ b/src/backend/postmaster/postmaster.c
5a600b
@@ -160,7 +160,9 @@ static Backend *ShmemBackendArray;
27aa74
 
27aa74
 /* The socket number we are listening for connections on */
27aa74
 int			PostPortNumber;
27aa74
-char	   *UnixSocketDir;
27aa74
+/* The directory names for Unix socket(s) */
27aa74
+char	   *Unix_socket_directories;
27aa74
+/* The TCP listen address(es) */
27aa74
 char	   *ListenAddresses;
27aa74
 
27aa74
 /*
5a600b
@@ -636,7 +638,7 @@ PostmasterMain(int argc, char *argv[])
27aa74
 				break;
27aa74
 
27aa74
 			case 'k':
27aa74
-				SetConfigOption("unix_socket_directory", optarg, PGC_POSTMASTER, PGC_S_ARGV);
27aa74
+				SetConfigOption("unix_socket_directories", optarg, PGC_POSTMASTER, PGC_S_ARGV);
27aa74
 				break;
27aa74
 
27aa74
 			case 'l':
5a600b
@@ -880,7 +882,7 @@ PostmasterMain(int argc, char *argv[])
27aa74
 		/* Need a modifiable copy of ListenAddresses */
27aa74
 		rawstring = pstrdup(ListenAddresses);
27aa74
 
27aa74
-		/* Parse string into list of identifiers */
27aa74
+		/* Parse string into list of hostnames */
27aa74
 		if (!SplitIdentifierString(rawstring, ',', &elemlist))
27aa74
 		{
27aa74
 			/* syntax error in list */
5a600b
@@ -896,12 +898,12 @@ PostmasterMain(int argc, char *argv[])
27aa74
 			if (strcmp(curhost, "*") == 0)
27aa74
 				status = StreamServerPort(AF_UNSPEC, NULL,
27aa74
 										  (unsigned short) PostPortNumber,
27aa74
-										  UnixSocketDir,
27aa74
+										  NULL,
27aa74
 										  ListenSocket, MAXLISTEN);
27aa74
 			else
27aa74
 				status = StreamServerPort(AF_UNSPEC, curhost,
27aa74
 										  (unsigned short) PostPortNumber,
27aa74
-										  UnixSocketDir,
27aa74
+										  NULL,
27aa74
 										  ListenSocket, MAXLISTEN);
27aa74
 
27aa74
 			if (status == STATUS_OK)
5a600b
@@ -920,7 +922,7 @@ PostmasterMain(int argc, char *argv[])
27aa74
 								curhost)));
27aa74
 		}
27aa74
 
27aa74
-		if (!success && list_length(elemlist))
27aa74
+		if (!success && elemlist != NIL)
27aa74
 			ereport(FATAL,
27aa74
 					(errmsg("could not create any TCP/IP sockets")));
27aa74
 
5a600b
@@ -967,13 +969,54 @@ PostmasterMain(int argc, char *argv[])
27aa74
 #endif
27aa74
 
27aa74
 #ifdef HAVE_UNIX_SOCKETS
27aa74
-	status = StreamServerPort(AF_UNIX, NULL,
27aa74
-							  (unsigned short) PostPortNumber,
27aa74
-							  UnixSocketDir,
27aa74
-							  ListenSocket, MAXLISTEN);
27aa74
-	if (status != STATUS_OK)
27aa74
-		ereport(WARNING,
27aa74
-				(errmsg("could not create Unix-domain socket")));
27aa74
+	if (Unix_socket_directories)
27aa74
+	{
27aa74
+		char	   *rawstring;
27aa74
+		List	   *elemlist;
27aa74
+		ListCell   *l;
27aa74
+		int			success = 0;
27aa74
+
27aa74
+		/* Need a modifiable copy of Unix_socket_directories */
27aa74
+		rawstring = pstrdup(Unix_socket_directories);
27aa74
+
27aa74
+		/* Parse string into list of directories */
27aa74
+		if (!SplitDirectoriesString(rawstring, ',', &elemlist))
27aa74
+		{
27aa74
+			/* syntax error in list */
27aa74
+			ereport(FATAL,
27aa74
+					(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
27aa74
+					 errmsg("invalid list syntax for \"unix_socket_directories\"")));
27aa74
+		}
27aa74
+
27aa74
+		foreach(l, elemlist)
27aa74
+		{
27aa74
+			char	   *socketdir = (char *) lfirst(l);
27aa74
+
27aa74
+			status = StreamServerPort(AF_UNIX, NULL,
27aa74
+									  (unsigned short) PostPortNumber,
27aa74
+									  socketdir,
27aa74
+									  ListenSocket, MAXLISTEN);
27aa74
+
27aa74
+			if (status == STATUS_OK)
27aa74
+			{
27aa74
+				success++;
27aa74
+				/* record the first successful Unix socket in lockfile */
27aa74
+				if (success == 1)
27aa74
+					AddToDataDirLockFile(LOCK_FILE_LINE_SOCKET_DIR, socketdir);
27aa74
+			}
27aa74
+			else
27aa74
+				ereport(WARNING,
27aa74
+						(errmsg("could not create Unix-domain socket in directory \"%s\"",
27aa74
+								socketdir)));
27aa74
+		}
27aa74
+
27aa74
+		if (!success && elemlist != NIL)
27aa74
+			ereport(FATAL,
27aa74
+					(errmsg("could not create any Unix-domain sockets")));
27aa74
+
27aa74
+		list_free_deep(elemlist);
27aa74
+		pfree(rawstring);
27aa74
+	}
27aa74
 #endif
27aa74
 
27aa74
 	/*
9f8fad
@@ -1561,14 +1604,14 @@ ServerLoop(void)
27aa74
 		}
27aa74
 
27aa74
 		/*
9f8fad
-		 * Touch Unix socket and lock file every 58 minutes, to ensure that
27aa74
+		 * Touch Unix socket and lock files every 58 minutes, to ensure that
27aa74
 		 * they are not removed by overzealous /tmp-cleaning tasks.  We assume
27aa74
 		 * no one runs cleaners with cutoff times of less than an hour ...
27aa74
 		 */
27aa74
 		if (now - last_touch_time >= 58 * SECS_PER_MINUTE)
27aa74
 		{
27aa74
-			TouchSocketFile();
27aa74
-			TouchSocketLockFile();
27aa74
+			TouchSocketFiles();
27aa74
+			TouchSocketLockFiles();
27aa74
 			last_touch_time = now;
27aa74
 		}
9f8fad
 	}
5a600b
diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c
5a600b
index 39017ff..318ac38 100644
5a600b
--- a/src/backend/tcop/postgres.c
5a600b
+++ b/src/backend/tcop/postgres.c
5a600b
@@ -3393,7 +3393,7 @@ process_postgres_switches(int argc, char *argv[], GucContext ctx,
27aa74
 				break;
27aa74
 
27aa74
 			case 'k':
27aa74
-				SetConfigOption("unix_socket_directory", optarg, ctx, gucsource);
27aa74
+				SetConfigOption("unix_socket_directories", optarg, ctx, gucsource);
27aa74
 				break;
27aa74
 
27aa74
 			case 'l':
5a600b
diff --git a/src/backend/utils/adt/varlena.c b/src/backend/utils/adt/varlena.c
5a600b
index d4abfe3..e8217ac 100644
5a600b
--- a/src/backend/utils/adt/varlena.c
5a600b
+++ b/src/backend/utils/adt/varlena.c
5a600b
@@ -2446,6 +2446,119 @@ SplitIdentifierString(char *rawstring, char separator,
27aa74
 }
27aa74
 
27aa74
 
27aa74
+/*
27aa74
+ * SplitDirectoriesString --- parse a string containing directory names
27aa74
+ *
27aa74
+ * This is similar to SplitIdentifierString, except that the parsing
27aa74
+ * rules are meant to handle pathnames instead of identifiers: there is
27aa74
+ * no downcasing, embedded spaces are allowed, the max length is MAXPGPATH-1,
27aa74
+ * and we apply canonicalize_path() to each extracted string.  Because of the
27aa74
+ * last, the returned strings are separately palloc'd rather than being
27aa74
+ * pointers into rawstring --- but we still scribble on rawstring.
27aa74
+ *
27aa74
+ * Inputs:
27aa74
+ *	rawstring: the input string; must be modifiable!
27aa74
+ *	separator: the separator punctuation expected between directories
27aa74
+ *			   (typically ',' or ';').	Whitespace may also appear around
27aa74
+ *			   directories.
27aa74
+ * Outputs:
27aa74
+ *	namelist: filled with a palloc'd list of directory names.
27aa74
+ *			  Caller should list_free_deep() this even on error return.
27aa74
+ *
27aa74
+ * Returns TRUE if okay, FALSE if there is a syntax error in the string.
27aa74
+ *
27aa74
+ * Note that an empty string is considered okay here.
27aa74
+ */
27aa74
+bool
27aa74
+SplitDirectoriesString(char *rawstring, char separator,
27aa74
+					   List **namelist)
27aa74
+{
27aa74
+	char	   *nextp = rawstring;
27aa74
+	bool		done = false;
27aa74
+
27aa74
+	*namelist = NIL;
27aa74
+
27aa74
+	while (isspace((unsigned char) *nextp))
27aa74
+		nextp++;				/* skip leading whitespace */
27aa74
+
27aa74
+	if (*nextp == '\0')
27aa74
+		return true;			/* allow empty string */
27aa74
+
27aa74
+	/* At the top of the loop, we are at start of a new directory. */
27aa74
+	do
27aa74
+	{
27aa74
+		char	   *curname;
27aa74
+		char	   *endp;
27aa74
+
27aa74
+		if (*nextp == '\"')
27aa74
+		{
27aa74
+			/* Quoted name --- collapse quote-quote pairs */
27aa74
+			curname = nextp + 1;
27aa74
+			for (;;)
27aa74
+			{
27aa74
+				endp = strchr(nextp + 1, '\"');
27aa74
+				if (endp == NULL)
27aa74
+					return false;		/* mismatched quotes */
27aa74
+				if (endp[1] != '\"')
27aa74
+					break;		/* found end of quoted name */
27aa74
+				/* Collapse adjacent quotes into one quote, and look again */
27aa74
+				memmove(endp, endp + 1, strlen(endp));
27aa74
+				nextp = endp;
27aa74
+			}
27aa74
+			/* endp now points at the terminating quote */
27aa74
+			nextp = endp + 1;
27aa74
+		}
27aa74
+		else
27aa74
+		{
27aa74
+			/* Unquoted name --- extends to separator or end of string */
27aa74
+			curname = endp = nextp;
27aa74
+			while (*nextp && *nextp != separator)
27aa74
+			{
27aa74
+				/* trailing whitespace should not be included in name */
27aa74
+				if (!isspace((unsigned char) *nextp))
27aa74
+					endp = nextp + 1;
27aa74
+				nextp++;
27aa74
+			}
27aa74
+			if (curname == endp)
27aa74
+				return false;	/* empty unquoted name not allowed */
27aa74
+		}
27aa74
+
27aa74
+		while (isspace((unsigned char) *nextp))
27aa74
+			nextp++;			/* skip trailing whitespace */
27aa74
+
27aa74
+		if (*nextp == separator)
27aa74
+		{
27aa74
+			nextp++;
27aa74
+			while (isspace((unsigned char) *nextp))
27aa74
+				nextp++;		/* skip leading whitespace for next */
27aa74
+			/* we expect another name, so done remains false */
27aa74
+		}
27aa74
+		else if (*nextp == '\0')
27aa74
+			done = true;
27aa74
+		else
27aa74
+			return false;		/* invalid syntax */
27aa74
+
27aa74
+		/* Now safe to overwrite separator with a null */
27aa74
+		*endp = '\0';
27aa74
+
27aa74
+		/* Truncate path if it's overlength */
27aa74
+		if (strlen(curname) >= MAXPGPATH)
27aa74
+			curname[MAXPGPATH - 1] = '\0';
27aa74
+
27aa74
+		/*
27aa74
+		 * Finished isolating current name --- add it to list
27aa74
+		 */
27aa74
+		curname = pstrdup(curname);
27aa74
+		canonicalize_path(curname);
27aa74
+		*namelist = lappend(*namelist, curname);
27aa74
+
27aa74
+		/* Loop back if we didn't reach end of string */
27aa74
+	} while (!done);
27aa74
+
27aa74
+	return true;
27aa74
+}
27aa74
+
27aa74
+
27aa74
 /*****************************************************************************
27aa74
  *	Comparison Functions used for bytea
27aa74
  *
5a600b
diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c
5a600b
index f994af6..db5303c 100644
5a600b
--- a/src/backend/utils/init/miscinit.c
5a600b
+++ b/src/backend/utils/init/miscinit.c
27aa74
@@ -49,8 +49,8 @@
27aa74
 
27aa74
 ProcessingMode Mode = InitProcessing;
27aa74
 
27aa74
-/* Note: we rely on this to initialize as zeroes */
27aa74
-static char socketLockFile[MAXPGPATH];
27aa74
+/* List of lock files to be removed at proc exit */
27aa74
+static List *lock_files = NIL;
27aa74
 
27aa74
 
27aa74
 /* ----------------------------------------------------------------
5a600b
@@ -640,32 +640,35 @@ GetUserNameFromId(Oid roleid)
27aa74
  */
27aa74
 
27aa74
 /*
27aa74
- * proc_exit callback to remove a lockfile.
27aa74
+ * proc_exit callback to remove lockfiles.
27aa74
  */
27aa74
 static void
27aa74
-UnlinkLockFile(int status, Datum filename)
27aa74
+UnlinkLockFiles(int status, Datum arg)
27aa74
 {
27aa74
-	char	   *fname = (char *) DatumGetPointer(filename);
27aa74
+	ListCell   *l;
27aa74
 
27aa74
-	if (fname != NULL)
27aa74
+	foreach(l, lock_files)
27aa74
 	{
27aa74
-		if (unlink(fname) != 0)
27aa74
-		{
27aa74
-			/* Should we complain if the unlink fails? */
27aa74
-		}
27aa74
-		free(fname);
27aa74
+		char	   *curfile = (char *) lfirst(l);
27aa74
+
27aa74
+		unlink(curfile);
27aa74
+		/* Should we complain if the unlink fails? */
27aa74
 	}
27aa74
+	/* Since we're about to exit, no need to reclaim storage */
27aa74
+	lock_files = NIL;
27aa74
 }
27aa74
 
27aa74
 /*
27aa74
  * Create a lockfile.
27aa74
  *
27aa74
- * filename is the name of the lockfile to create.
27aa74
+ * filename is the path name of the lockfile to create.
27aa74
  * amPostmaster is used to determine how to encode the output PID.
27aa74
+ * socketDir is the Unix socket directory path to include (possibly empty).
27aa74
  * isDDLock and refName are used to determine what error message to produce.
27aa74
  */
27aa74
 static void
27aa74
 CreateLockFile(const char *filename, bool amPostmaster,
27aa74
+			   const char *socketDir,
27aa74
 			   bool isDDLock, const char *refName)
27aa74
 {
27aa74
 	int			fd;
5a600b
@@ -891,12 +894,7 @@ CreateLockFile(const char *filename, bool amPostmaster,
27aa74
 			 DataDir,
27aa74
 			 (long) MyStartTime,
27aa74
 			 PostPortNumber,
27aa74
-#ifdef HAVE_UNIX_SOCKETS
27aa74
-			 (*UnixSocketDir != '\0') ? UnixSocketDir : DEFAULT_PGSOCKET_DIR
27aa74
-#else
27aa74
-			 ""
27aa74
-#endif
27aa74
-		);
27aa74
+			 socketDir);
27aa74
 
27aa74
 	/*
27aa74
 	 * In a standalone backend, the next line (LOCK_FILE_LINE_LISTEN_ADDR)
5a600b
@@ -941,9 +939,14 @@ CreateLockFile(const char *filename, bool amPostmaster,
27aa74
 	}
27aa74
 
27aa74
 	/*
27aa74
-	 * Arrange for automatic removal of lockfile at proc_exit.
27aa74
+	 * Arrange to unlink the lock file(s) at proc_exit.  If this is the
27aa74
+	 * first one, set up the on_proc_exit function to do it; then add this
27aa74
+	 * lock file to the list of files to unlink.
27aa74
 	 */
27aa74
-	on_proc_exit(UnlinkLockFile, PointerGetDatum(strdup(filename)));
27aa74
+	if (lock_files == NIL)
27aa74
+		on_proc_exit(UnlinkLockFiles, 0);
27aa74
+
27aa74
+	lock_files = lappend(lock_files, pstrdup(filename));
27aa74
 }
27aa74
 
27aa74
 /*
5a600b
@@ -952,41 +955,50 @@ CreateLockFile(const char *filename, bool amPostmaster,
27aa74
  * When this is called, we must have already switched the working
27aa74
  * directory to DataDir, so we can just use a relative path.  This
27aa74
  * helps ensure that we are locking the directory we should be.
27aa74
+ *
27aa74
+ * Note that the socket directory path line is initially written as empty.
27aa74
+ * postmaster.c will rewrite it upon creating the first Unix socket.
27aa74
  */
27aa74
 void
27aa74
 CreateDataDirLockFile(bool amPostmaster)
27aa74
 {
27aa74
-	CreateLockFile(DIRECTORY_LOCK_FILE, amPostmaster, true, DataDir);
27aa74
+	CreateLockFile(DIRECTORY_LOCK_FILE, amPostmaster, "", true, DataDir);
27aa74
 }
27aa74
 
27aa74
 /*
27aa74
  * Create a lockfile for the specified Unix socket file.
27aa74
  */
27aa74
 void
27aa74
-CreateSocketLockFile(const char *socketfile, bool amPostmaster)
27aa74
+CreateSocketLockFile(const char *socketfile, bool amPostmaster,
27aa74
+					 const char *socketDir)
27aa74
 {
27aa74
 	char		lockfile[MAXPGPATH];
27aa74
 
27aa74
 	snprintf(lockfile, sizeof(lockfile), "%s.lock", socketfile);
27aa74
-	CreateLockFile(lockfile, amPostmaster, false, socketfile);
27aa74
-	/* Save name of lockfile for TouchSocketLockFile */
27aa74
-	strcpy(socketLockFile, lockfile);
27aa74
+	CreateLockFile(lockfile, amPostmaster, socketDir, false, socketfile);
27aa74
 }
27aa74
 
27aa74
 /*
27aa74
- * TouchSocketLockFile -- mark socket lock file as recently accessed
27aa74
+ * TouchSocketLockFiles -- mark socket lock files as recently accessed
27aa74
  *
27aa74
- * This routine should be called every so often to ensure that the lock file
27aa74
- * has a recent mod or access date.  That saves it
27aa74
+ * This routine should be called every so often to ensure that the socket
27aa74
+ * lock files have a recent mod or access date.  That saves them
27aa74
  * from being removed by overenthusiastic /tmp-directory-cleaner daemons.
27aa74
  * (Another reason we should never have put the socket file in /tmp...)
27aa74
  */
27aa74
 void
27aa74
-TouchSocketLockFile(void)
27aa74
+TouchSocketLockFiles(void)
27aa74
 {
27aa74
-	/* Do nothing if we did not create a socket... */
27aa74
-	if (socketLockFile[0] != '\0')
27aa74
+	ListCell   *l;
27aa74
+
27aa74
+	foreach(l, lock_files)
27aa74
 	{
27aa74
+		char	   *socketLockFile = (char *) lfirst(l);
27aa74
+
27aa74
+		/* No need to touch the data directory lock file, we trust */
27aa74
+		if (strcmp(socketLockFile, DIRECTORY_LOCK_FILE) == 0)
27aa74
+			continue;
27aa74
+
27aa74
 		/*
27aa74
 		 * utime() is POSIX standard, utimes() is a common alternative; if we
27aa74
 		 * have neither, fall back to actually reading the file (which only
5a600b
@@ -1018,8 +1030,10 @@ TouchSocketLockFile(void)
27aa74
  * Add (or replace) a line in the data directory lock file.
27aa74
  * The given string should not include a trailing newline.
27aa74
  *
27aa74
- * Caution: this erases all following lines.  In current usage that is OK
27aa74
- * because lines are added in order.  We could improve it if needed.
27aa74
+ * Note: because we don't truncate the file, if we were to rewrite a line
27aa74
+ * with less data than it had before, there would be garbage after the last
27aa74
+ * line.  We don't ever actually do that, so not worth adding another kernel
27aa74
+ * call to cover the possibility.
27aa74
  */
27aa74
 void
27aa74
 AddToDataDirLockFile(int target_line, const char *str)
5a600b
@@ -1027,8 +1041,10 @@ AddToDataDirLockFile(int target_line, const char *str)
27aa74
 	int			fd;
27aa74
 	int			len;
27aa74
 	int			lineno;
27aa74
-	char	   *ptr;
27aa74
-	char		buffer[BLCKSZ];
27aa74
+	char	   *srcptr;
27aa74
+	char	   *destptr;
27aa74
+	char		srcbuffer[BLCKSZ];
27aa74
+	char		destbuffer[BLCKSZ];
27aa74
 
27aa74
 	fd = open(DIRECTORY_LOCK_FILE, O_RDWR | PG_BINARY, 0);
27aa74
 	if (fd < 0)
5a600b
@@ -1039,7 +1055,7 @@ AddToDataDirLockFile(int target_line, const char *str)
27aa74
 						DIRECTORY_LOCK_FILE)));
27aa74
 		return;
27aa74
 	}
27aa74
-	len = read(fd, buffer, sizeof(buffer) - 1);
27aa74
+	len = read(fd, srcbuffer, sizeof(srcbuffer) - 1);
27aa74
 	if (len < 0)
27aa74
 	{
27aa74
 		ereport(LOG,
5a600b
@@ -1049,37 +1065,51 @@ AddToDataDirLockFile(int target_line, const char *str)
27aa74
 		close(fd);
27aa74
 		return;
27aa74
 	}
27aa74
-	buffer[len] = '\0';
27aa74
+	srcbuffer[len] = '\0';
27aa74
 
27aa74
 	/*
27aa74
-	 * Skip over lines we are not supposed to rewrite.
27aa74
+	 * Advance over lines we are not supposed to rewrite, then copy them
27aa74
+	 * to destbuffer.
27aa74
 	 */
27aa74
-	ptr = buffer;
27aa74
+	srcptr = srcbuffer;
27aa74
 	for (lineno = 1; lineno < target_line; lineno++)
27aa74
 	{
27aa74
-		if ((ptr = strchr(ptr, '\n')) == NULL)
27aa74
+		if ((srcptr = strchr(srcptr, '\n')) == NULL)
27aa74
 		{
27aa74
 			elog(LOG, "incomplete data in \"%s\": found only %d newlines while trying to add line %d",
27aa74
 				 DIRECTORY_LOCK_FILE, lineno - 1, target_line);
27aa74
 			close(fd);
27aa74
 			return;
27aa74
 		}
27aa74
-		ptr++;
27aa74
+		srcptr++;
27aa74
 	}
27aa74
+	memcpy(destbuffer, srcbuffer, srcptr - srcbuffer);
27aa74
+	destptr = destbuffer + (srcptr - srcbuffer);
27aa74
 
27aa74
 	/*
27aa74
 	 * Write or rewrite the target line.
27aa74
 	 */
27aa74
-	snprintf(ptr, buffer + sizeof(buffer) - ptr, "%s\n", str);
27aa74
+	snprintf(destptr, destbuffer + sizeof(destbuffer) - destptr, "%s\n", str);
27aa74
+	destptr += strlen(destptr);
27aa74
+
27aa74
+	/*
27aa74
+	 * If there are more lines in the old file, append them to destbuffer.
27aa74
+	 */
27aa74
+	if ((srcptr = strchr(srcptr, '\n')) != NULL)
27aa74
+	{
27aa74
+		srcptr++;
27aa74
+		snprintf(destptr, destbuffer + sizeof(destbuffer) - destptr, "%s",
27aa74
+				 srcptr);
27aa74
+	}
27aa74
 
27aa74
 	/*
27aa74
 	 * And rewrite the data.  Since we write in a single kernel call, this
27aa74
 	 * update should appear atomic to onlookers.
27aa74
 	 */
27aa74
-	len = strlen(buffer);
27aa74
+	len = strlen(destbuffer);
27aa74
 	errno = 0;
27aa74
 	if (lseek(fd, (off_t) 0, SEEK_SET) != 0 ||
27aa74
-		(int) write(fd, buffer, len) != len)
27aa74
+		(int) write(fd, destbuffer, len) != len)
27aa74
 	{
27aa74
 		/* if write didn't set errno, assume problem is no disk space */
27aa74
 		if (errno == 0)
5a600b
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
5a600b
index e5ee0f8..1428cb6 100644
5a600b
--- a/src/backend/utils/misc/guc.c
5a600b
+++ b/src/backend/utils/misc/guc.c
5a600b
@@ -2894,14 +2894,18 @@ static struct config_string ConfigureNamesString[] =
27aa74
 	},
27aa74
 
27aa74
 	{
27aa74
-		{"unix_socket_directory", PGC_POSTMASTER, CONN_AUTH_SETTINGS,
27aa74
-			gettext_noop("Sets the directory where the Unix-domain socket will be created."),
27aa74
+		{"unix_socket_directories", PGC_POSTMASTER, CONN_AUTH_SETTINGS,
27aa74
+			gettext_noop("Sets the directories where Unix-domain sockets will be created."),
27aa74
 			NULL,
27aa74
 			GUC_SUPERUSER_ONLY
27aa74
 		},
27aa74
-		&UnixSocketDir,
27aa74
+		&Unix_socket_directories,
27aa74
+#ifdef HAVE_UNIX_SOCKETS
27aa74
+		DEFAULT_PGSOCKET_DIR,
27aa74
+#else
27aa74
 		"",
27aa74
-		check_canonical_path, NULL, NULL
27aa74
+#endif
27aa74
+		NULL, NULL, NULL
27aa74
 	},
27aa74
 
27aa74
 	{
5a600b
diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample
5a600b
index 013a91a..c0ab61c 100644
5a600b
--- a/src/backend/utils/misc/postgresql.conf.sample
5a600b
+++ b/src/backend/utils/misc/postgresql.conf.sample
5a600b
@@ -67,7 +67,8 @@
27aa74
 # Note:  Increasing max_connections costs ~400 bytes of shared memory per
27aa74
 # connection slot, plus lock space (see max_locks_per_transaction).
27aa74
 #superuser_reserved_connections = 3	# (change requires restart)
27aa74
-#unix_socket_directory = ''		# (change requires restart)
27aa74
+#unix_socket_directories = '/tmp'	# comma-separated list of directories
27aa74
+					# (change requires restart)
27aa74
 #unix_socket_group = ''			# (change requires restart)
27aa74
 #unix_socket_permissions = 0777		# begin with 0 to use octal notation
27aa74
 					# (change requires restart)
5a600b
diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c
5a600b
index 23fa468..452ac0b 100644
5a600b
--- a/src/bin/initdb/initdb.c
5a600b
+++ b/src/bin/initdb/initdb.c
5a600b
@@ -991,7 +991,7 @@ static void
27aa74
 setup_config(void)
27aa74
 {
27aa74
 	char	  **conflines;
27aa74
-	char		repltok[TZ_STRLEN_MAX + 100];
27aa74
+	char		repltok[MAXPGPATH];
27aa74
 	char		path[MAXPGPATH];
27aa74
 	const char *default_timezone;
27aa74
 
5a600b
@@ -1013,6 +1013,15 @@ setup_config(void)
27aa74
 				 n_buffers * (BLCKSZ / 1024));
27aa74
 	conflines = replace_token(conflines, "#shared_buffers = 32MB", repltok);
27aa74
 
27aa74
+#ifdef HAVE_UNIX_SOCKETS
27aa74
+	snprintf(repltok, sizeof(repltok), "#unix_socket_directories = '%s'",
27aa74
+			 DEFAULT_PGSOCKET_DIR);
27aa74
+#else
27aa74
+	snprintf(repltok, sizeof(repltok), "#unix_socket_directories = ''");
27aa74
+#endif
27aa74
+	conflines = replace_token(conflines, "#unix_socket_directories = '/tmp'",
27aa74
+							  repltok);
27aa74
+
27aa74
 #if DEF_PGPORT != 5432
27aa74
 	snprintf(repltok, sizeof(repltok), "#port = %d", DEF_PGPORT);
27aa74
 	conflines = replace_token(conflines, "#port = 5432", repltok);
5a600b
diff --git a/src/bin/pg_ctl/pg_ctl.c b/src/bin/pg_ctl/pg_ctl.c
5a600b
index 66ef6bd..b815ef2 100644
5a600b
--- a/src/bin/pg_ctl/pg_ctl.c
5a600b
+++ b/src/bin/pg_ctl/pg_ctl.c
5a600b
@@ -561,7 +561,7 @@ test_postmaster_connection(bool do_checkpoint)
27aa74
 						hostaddr = optlines[LOCK_FILE_LINE_LISTEN_ADDR - 1];
27aa74
 
27aa74
 						/*
27aa74
-						 * While unix_socket_directory can accept relative
27aa74
+						 * While unix_socket_directories can accept relative
27aa74
 						 * directories, libpq's host parameter must have a
27aa74
 						 * leading slash to indicate a socket directory.  So,
27aa74
 						 * ignore sockdir if it's relative, and try to use TCP
5a600b
diff --git a/src/include/libpq/libpq.h b/src/include/libpq/libpq.h
5a600b
index 6dd91ba..2bfec2b 100644
5a600b
--- a/src/include/libpq/libpq.h
5a600b
+++ b/src/include/libpq/libpq.h
5a600b
@@ -44,12 +44,12 @@ typedef struct
27aa74
 /*
27aa74
  * prototypes for functions in pqcomm.c
27aa74
  */
27aa74
-extern int StreamServerPort(int family, char *hostName,
27aa74
-	unsigned short portNumber, char *unixSocketName, pgsocket ListenSocket[],
27aa74
-				 int MaxListen);
27aa74
+extern int	StreamServerPort(int family, char *hostName,
27aa74
+				 unsigned short portNumber, char *unixSocketDir,
27aa74
+				 pgsocket ListenSocket[], int MaxListen);
27aa74
 extern int	StreamConnection(pgsocket server_fd, Port *port);
27aa74
 extern void StreamClose(pgsocket sock);
27aa74
-extern void TouchSocketFile(void);
27aa74
+extern void TouchSocketFiles(void);
27aa74
 extern void pq_init(void);
27aa74
 extern void pq_comm_reset(void);
27aa74
 extern int	pq_getbytes(char *s, size_t len);
5a600b
diff --git a/src/include/miscadmin.h b/src/include/miscadmin.h
5a600b
index 1051ca4..e6c663c 100644
5a600b
--- a/src/include/miscadmin.h
5a600b
+++ b/src/include/miscadmin.h
5a600b
@@ -424,7 +424,7 @@ extern char *local_preload_libraries_string;
27aa74
  *		2	data directory path
27aa74
  *		3	postmaster start timestamp (time_t representation)
27aa74
  *		4	port number
27aa74
- *		5	socket directory path (empty on Windows)
27aa74
+ *		5	first Unix socket directory path (empty if none)
27aa74
  *		6	first listen_address (IP address or "*"; empty if no TCP port)
27aa74
  *		7	shared memory key (not present on Windows)
27aa74
  *
9f8fad
@@ -443,8 +443,9 @@ extern char *local_preload_libraries_string;
27aa74
 #define LOCK_FILE_LINE_SHMEM_KEY	7
27aa74
 
27aa74
 extern void CreateDataDirLockFile(bool amPostmaster);
27aa74
-extern void CreateSocketLockFile(const char *socketfile, bool amPostmaster);
27aa74
-extern void TouchSocketLockFile(void);
27aa74
+extern void CreateSocketLockFile(const char *socketfile, bool amPostmaster,
27aa74
+					 const char *socketDir);
27aa74
+extern void TouchSocketLockFiles(void);
27aa74
 extern void AddToDataDirLockFile(int target_line, const char *str);
9f8fad
 extern bool RecheckDataDirLockFile(void);
27aa74
 extern void ValidatePgVersion(const char *path);
5a600b
diff --git a/src/include/postmaster/postmaster.h b/src/include/postmaster/postmaster.h
5a600b
index 683ce3c..080a8ca 100644
5a600b
--- a/src/include/postmaster/postmaster.h
5a600b
+++ b/src/include/postmaster/postmaster.h
5a600b
@@ -19,7 +19,7 @@ extern int	ReservedBackends;
27aa74
 extern int	PostPortNumber;
27aa74
 extern int	Unix_socket_permissions;
27aa74
 extern char *Unix_socket_group;
27aa74
-extern char *UnixSocketDir;
27aa74
+extern char *Unix_socket_directories;
27aa74
 extern char *ListenAddresses;
27aa74
 extern bool ClientAuthInProgress;
27aa74
 extern int	PreAuthDelay;
5a600b
diff --git a/src/include/utils/builtins.h b/src/include/utils/builtins.h
5a600b
index 4bf07e4..c830243 100644
5a600b
--- a/src/include/utils/builtins.h
5a600b
+++ b/src/include/utils/builtins.h
5a600b
@@ -754,6 +754,8 @@ extern int	varstr_cmp(char *arg1, int len1, char *arg2, int len2, Oid collid);
27aa74
 extern List *textToQualifiedNameList(text *textval);
27aa74
 extern bool SplitIdentifierString(char *rawstring, char separator,
27aa74
 					  List **namelist);
27aa74
+extern bool SplitDirectoriesString(char *rawstring, char separator,
27aa74
+					   List **namelist);
27aa74
 extern Datum replace_text(PG_FUNCTION_ARGS);
27aa74
 extern text *replace_text_regexp(text *src_text, void *regexp,
27aa74
 					text *replace_text, bool glob);
5a600b
diff --git a/doc/src/sgml/html-stamp b/doc/src/sgml/html-stamp
5a600b
index e69de29..fcf9276 100644
5a600b
--- a/doc/src/sgml/html-stamp
5a600b
+++ b/doc/src/sgml/html-stamp
27aa74
@@ -0,0 +1 @@
27aa74
+hack
5a600b
diff --git a/doc/src/sgml/man-stamp b/doc/src/sgml/man-stamp
5a600b
index e69de29..fcf9276 100644
5a600b
--- a/doc/src/sgml/man-stamp
5a600b
+++ b/doc/src/sgml/man-stamp
27aa74
@@ -0,0 +1 @@
27aa74
+hack