PostgreSQL Source Code  git master
backend_startup.c
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * backend_startup.c
4  * Backend startup code
5  *
6  * Portions Copyright (c) 1996-2024, PostgreSQL Global Development Group
7  * Portions Copyright (c) 1994, Regents of the University of California
8  *
9  *
10  * IDENTIFICATION
11  * src/backend/tcop/backend_startup.c
12  *
13  *-------------------------------------------------------------------------
14  */
15 
16 #include "postgres.h"
17 
18 #include <unistd.h>
19 
20 #include "access/xlog.h"
21 #include "common/ip.h"
22 #include "common/string.h"
23 #include "libpq/libpq.h"
24 #include "libpq/libpq-be.h"
25 #include "libpq/pqformat.h"
26 #include "libpq/pqsignal.h"
27 #include "miscadmin.h"
28 #include "postmaster/postmaster.h"
29 #include "replication/walsender.h"
30 #include "storage/fd.h"
31 #include "storage/ipc.h"
32 #include "storage/proc.h"
33 #include "tcop/backend_startup.h"
34 #include "tcop/tcopprot.h"
35 #include "utils/builtins.h"
36 #include "utils/memutils.h"
37 #include "utils/ps_status.h"
38 #include "utils/timeout.h"
39 
40 /* GUCs */
42 
43 static void BackendInitialize(ClientSocket *client_sock, CAC_state cac);
44 static int ProcessSSLStartup(Port *port);
45 static int ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done);
46 static void SendNegotiateProtocolVersion(List *unrecognized_protocol_options);
48 static void StartupPacketTimeoutHandler(void);
49 
50 /*
51  * Entry point for a new backend process.
52  *
53  * Initialize the connection, read the startup packet, authenticate the
54  * client, and start the main processing loop.
55  */
56 void
57 BackendMain(char *startup_data, size_t startup_data_len)
58 {
59  BackendStartupData *bsdata = (BackendStartupData *) startup_data;
60 
61  Assert(startup_data_len == sizeof(BackendStartupData));
62  Assert(MyClientSocket != NULL);
63 
64 #ifdef EXEC_BACKEND
65 
66  /*
67  * Need to reinitialize the SSL library in the backend, since the context
68  * structures contain function pointers and cannot be passed through the
69  * parameter file.
70  *
71  * If for some reason reload fails (maybe the user installed broken key
72  * files), soldier on without SSL; that's better than all connections
73  * becoming impossible.
74  *
75  * XXX should we do this in all child processes? For the moment it's
76  * enough to do it in backend children.
77  */
78 #ifdef USE_SSL
79  if (EnableSSL)
80  {
81  if (secure_initialize(false) == 0)
82  LoadedSSL = true;
83  else
84  ereport(LOG,
85  (errmsg("SSL configuration could not be loaded in child process")));
86  }
87 #endif
88 #endif
89 
90  /* Perform additional initialization and collect startup packet */
92 
93  /*
94  * Create a per-backend PGPROC struct in shared memory. We must do this
95  * before we can use LWLocks or access any shared memory.
96  */
97  InitProcess();
98 
99  /*
100  * Make sure we aren't in PostmasterContext anymore. (We can't delete it
101  * just yet, though, because InitPostgres will need the HBA data.)
102  */
104 
106 }
107 
108 
109 /*
110  * BackendInitialize -- initialize an interactive (postmaster-child)
111  * backend process, and collect the client's startup packet.
112  *
113  * returns: nothing. Will not return at all if there's any failure.
114  *
115  * Note: this code does not depend on having any access to shared memory.
116  * Indeed, our approach to SIGTERM/timeout handling *requires* that
117  * shared memory not have been touched yet; see comments within.
118  * In the EXEC_BACKEND case, we are physically attached to shared memory
119  * but have not yet set up most of our local pointers to shmem structures.
120  */
121 static void
123 {
124  int status;
125  int ret;
126  Port *port;
127  char remote_host[NI_MAXHOST];
128  char remote_port[NI_MAXSERV];
129  StringInfoData ps_data;
130  MemoryContext oldcontext;
131 
132  /* Tell fd.c about the long-lived FD associated with the client_sock */
134 
135  /*
136  * PreAuthDelay is a debugging aid for investigating problems in the
137  * authentication cycle: it can be set in postgresql.conf to allow time to
138  * attach to the newly-forked backend with a debugger. (See also
139  * PostAuthDelay, which we allow clients to pass through PGOPTIONS, but it
140  * is not honored until after authentication.)
141  */
142  if (PreAuthDelay > 0)
143  pg_usleep(PreAuthDelay * 1000000L);
144 
145  /* This flag will remain set until InitPostgres finishes authentication */
146  ClientAuthInProgress = true; /* limit visibility of log messages */
147 
148  /*
149  * Initialize libpq and enable reporting of ereport errors to the client.
150  * Must do this now because authentication uses libpq to send messages.
151  *
152  * The Port structure and all data structures attached to it are allocated
153  * in TopMemoryContext, so that they survive into PostgresMain execution.
154  * We need not worry about leaking this storage on failure, since we
155  * aren't in the postmaster process anymore.
156  */
158  port = MyProcPort = pq_init(client_sock);
159  MemoryContextSwitchTo(oldcontext);
160 
161  whereToSendOutput = DestRemote; /* now safe to ereport to client */
162 
163  /* set these to empty in case they are needed before we set them up */
164  port->remote_host = "";
165  port->remote_port = "";
166 
167  /*
168  * We arrange to do _exit(1) if we receive SIGTERM or timeout while trying
169  * to collect the startup packet; while SIGQUIT results in _exit(2).
170  * Otherwise the postmaster cannot shutdown the database FAST or IMMED
171  * cleanly if a buggy client fails to send the packet promptly.
172  *
173  * Exiting with _exit(1) is only possible because we have not yet touched
174  * shared memory; therefore no outside-the-process state needs to get
175  * cleaned up.
176  */
178  /* SIGQUIT handler was already set up by InitPostmasterChild */
179  InitializeTimeouts(); /* establishes SIGALRM handler */
180  sigprocmask(SIG_SETMASK, &StartupBlockSig, NULL);
181 
182  /*
183  * Get the remote host name and port for logging and status display.
184  */
185  remote_host[0] = '\0';
186  remote_port[0] = '\0';
187  if ((ret = pg_getnameinfo_all(&port->raddr.addr, port->raddr.salen,
188  remote_host, sizeof(remote_host),
189  remote_port, sizeof(remote_port),
190  (log_hostname ? 0 : NI_NUMERICHOST) | NI_NUMERICSERV)) != 0)
192  (errmsg_internal("pg_getnameinfo_all() failed: %s",
193  gai_strerror(ret))));
194 
195  /*
196  * Save remote_host and remote_port in port structure (after this, they
197  * will appear in log_line_prefix data for log messages).
198  */
200  port->remote_host = pstrdup(remote_host);
201  port->remote_port = pstrdup(remote_port);
202 
203  /* And now we can issue the Log_connections message, if wanted */
204  if (Log_connections)
205  {
206  if (remote_port[0])
207  ereport(LOG,
208  (errmsg("connection received: host=%s port=%s",
209  remote_host,
210  remote_port)));
211  else
212  ereport(LOG,
213  (errmsg("connection received: host=%s",
214  remote_host)));
215  }
216 
217  /*
218  * If we did a reverse lookup to name, we might as well save the results
219  * rather than possibly repeating the lookup during authentication.
220  *
221  * Note that we don't want to specify NI_NAMEREQD above, because then we'd
222  * get nothing useful for a client without an rDNS entry. Therefore, we
223  * must check whether we got a numeric IPv4 or IPv6 address, and not save
224  * it into remote_hostname if so. (This test is conservative and might
225  * sometimes classify a hostname as numeric, but an error in that
226  * direction is safe; it only results in a possible extra lookup.)
227  */
228  if (log_hostname &&
229  ret == 0 &&
230  strspn(remote_host, "0123456789.") < strlen(remote_host) &&
231  strspn(remote_host, "0123456789ABCDEFabcdef:") < strlen(remote_host))
232  {
233  port->remote_hostname = pstrdup(remote_host);
234  }
235  MemoryContextSwitchTo(oldcontext);
236 
237  /*
238  * Ready to begin client interaction. We will give up and _exit(1) after
239  * a time delay, so that a broken client can't hog a connection
240  * indefinitely. PreAuthDelay and any DNS interactions above don't count
241  * against the time limit.
242  *
243  * Note: AuthenticationTimeout is applied here while waiting for the
244  * startup packet, and then again in InitPostgres for the duration of any
245  * authentication operations. So a hostile client could tie up the
246  * process for nearly twice AuthenticationTimeout before we kick him off.
247  *
248  * Note: because PostgresMain will call InitializeTimeouts again, the
249  * registration of STARTUP_PACKET_TIMEOUT will be lost. This is okay
250  * since we never use it again after this function.
251  */
254 
255  /* Handle direct SSL handshake */
256  status = ProcessSSLStartup(port);
257 
258  /*
259  * Receive the startup packet (which might turn out to be a cancel request
260  * packet).
261  */
262  if (status == STATUS_OK)
263  status = ProcessStartupPacket(port, false, false);
264 
265  /*
266  * If we're going to reject the connection due to database state, say so
267  * now instead of wasting cycles on an authentication exchange. (This also
268  * allows a pg_ping utility to be written.)
269  */
270  if (status == STATUS_OK)
271  {
272  switch (cac)
273  {
274  case CAC_STARTUP:
275  ereport(FATAL,
277  errmsg("the database system is starting up")));
278  break;
279  case CAC_NOTCONSISTENT:
280  if (EnableHotStandby)
281  ereport(FATAL,
283  errmsg("the database system is not yet accepting connections"),
284  errdetail("Consistent recovery state has not been yet reached.")));
285  else
286  ereport(FATAL,
288  errmsg("the database system is not accepting connections"),
289  errdetail("Hot standby mode is disabled.")));
290  break;
291  case CAC_SHUTDOWN:
292  ereport(FATAL,
294  errmsg("the database system is shutting down")));
295  break;
296  case CAC_RECOVERY:
297  ereport(FATAL,
299  errmsg("the database system is in recovery mode")));
300  break;
301  case CAC_TOOMANY:
302  ereport(FATAL,
303  (errcode(ERRCODE_TOO_MANY_CONNECTIONS),
304  errmsg("sorry, too many clients already")));
305  break;
306  case CAC_OK:
307  break;
308  }
309  }
310 
311  /*
312  * Disable the timeout, and prevent SIGTERM again.
313  */
315  sigprocmask(SIG_SETMASK, &BlockSig, NULL);
316 
317  /*
318  * As a safety check that nothing in startup has yet performed
319  * shared-memory modifications that would need to be undone if we had
320  * exited through SIGTERM or timeout above, check that no on_shmem_exit
321  * handlers have been registered yet. (This isn't terribly bulletproof,
322  * since someone might misuse an on_proc_exit handler for shmem cleanup,
323  * but it's a cheap and helpful check. We cannot disallow on_proc_exit
324  * handlers unfortunately, since pq_init() already registered one.)
325  */
327 
328  /*
329  * Stop here if it was bad or a cancel packet. ProcessStartupPacket
330  * already did any appropriate error reporting.
331  */
332  if (status != STATUS_OK)
333  proc_exit(0);
334 
335  /*
336  * Now that we have the user and database name, we can set the process
337  * title for ps. It's good to do this as early as possible in startup.
338  */
339  initStringInfo(&ps_data);
340  if (am_walsender)
342  appendStringInfo(&ps_data, "%s ", port->user_name);
343  if (port->database_name[0] != '\0')
344  appendStringInfo(&ps_data, "%s ", port->database_name);
345  appendStringInfoString(&ps_data, port->remote_host);
346  if (port->remote_port[0] != '\0')
347  appendStringInfo(&ps_data, "(%s)", port->remote_port);
348 
349  init_ps_display(ps_data.data);
350  pfree(ps_data.data);
351 
352  set_ps_display("initializing");
353 }
354 
355 /*
356  * Check for a direct SSL connection.
357  *
358  * This happens before the startup packet so we are careful not to actually
359  * read any bytes from the stream if it's not a direct SSL connection.
360  */
361 static int
363 {
364  int firstbyte;
365 
366  Assert(!port->ssl_in_use);
367 
368  pq_startmsgread();
369  firstbyte = pq_peekbyte();
370  pq_endmsgread();
371  if (firstbyte == EOF)
372  {
373  /*
374  * Like in ProcessStartupPacket, if we get no data at all, don't
375  * clutter the log with a complaint.
376  */
377  return STATUS_ERROR;
378  }
379 
380  if (firstbyte != 0x16)
381  {
382  /* Not an SSL handshake message */
383  return STATUS_OK;
384  }
385 
386  /*
387  * First byte indicates standard SSL handshake message
388  *
389  * (It can't be a Postgres startup length because in network byte order
390  * that would be a startup packet hundreds of megabytes long)
391  */
392 
393 #ifdef USE_SSL
394  if (!LoadedSSL || port->laddr.addr.ss_family == AF_UNIX)
395  {
396  /* SSL not supported */
397  goto reject;
398  }
399 
400  if (secure_open_server(port) == -1)
401  {
402  /*
403  * we assume secure_open_server() sent an appropriate TLS alert
404  * already
405  */
406  goto reject;
407  }
408  Assert(port->ssl_in_use);
409 
410  if (!port->alpn_used)
411  {
413  (errcode(ERRCODE_PROTOCOL_VIOLATION),
414  errmsg("received direct SSL connection request without ALPN protocol negotiation extension")));
415  goto reject;
416  }
417 
419  ereport(LOG,
420  (errmsg("direct SSL connection accepted")));
421  return STATUS_OK;
422 #else
423  /* SSL not supported by this build */
424  goto reject;
425 #endif
426 
427 reject:
429  ereport(LOG,
430  (errmsg("direct SSL connection rejected")));
431  return STATUS_ERROR;
432 }
433 
434 /*
435  * Read a client's startup packet and do something according to it.
436  *
437  * Returns STATUS_OK or STATUS_ERROR, or might call ereport(FATAL) and
438  * not return at all.
439  *
440  * (Note that ereport(FATAL) stuff is sent to the client, so only use it
441  * if that's what you want. Return STATUS_ERROR if you don't want to
442  * send anything to the client, which would typically be appropriate
443  * if we detect a communications failure.)
444  *
445  * Set ssl_done and/or gss_done when negotiation of an encrypted layer
446  * (currently, TLS or GSSAPI) is completed. A successful negotiation of either
447  * encryption layer sets both flags, but a rejected negotiation sets only the
448  * flag for that layer, since the client may wish to try the other one. We
449  * should make no assumption here about the order in which the client may make
450  * requests.
451  */
452 static int
453 ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done)
454 {
455  int32 len;
456  char *buf;
457  ProtocolVersion proto;
458  MemoryContext oldcontext;
459 
460  pq_startmsgread();
461 
462  /*
463  * Grab the first byte of the length word separately, so that we can tell
464  * whether we have no data at all or an incomplete packet. (This might
465  * sound inefficient, but it's not really, because of buffering in
466  * pqcomm.c.)
467  */
468  if (pq_getbytes((char *) &len, 1) == EOF)
469  {
470  /*
471  * If we get no data at all, don't clutter the log with a complaint;
472  * such cases often occur for legitimate reasons. An example is that
473  * we might be here after responding to NEGOTIATE_SSL_CODE, and if the
474  * client didn't like our response, it'll probably just drop the
475  * connection. Service-monitoring software also often just opens and
476  * closes a connection without sending anything. (So do port
477  * scanners, which may be less benign, but it's not really our job to
478  * notice those.)
479  */
480  return STATUS_ERROR;
481  }
482 
483  if (pq_getbytes(((char *) &len) + 1, 3) == EOF)
484  {
485  /* Got a partial length word, so bleat about that */
486  if (!ssl_done && !gss_done)
488  (errcode(ERRCODE_PROTOCOL_VIOLATION),
489  errmsg("incomplete startup packet")));
490  return STATUS_ERROR;
491  }
492 
493  len = pg_ntoh32(len);
494  len -= 4;
495 
496  if (len < (int32) sizeof(ProtocolVersion) ||
498  {
500  (errcode(ERRCODE_PROTOCOL_VIOLATION),
501  errmsg("invalid length of startup packet")));
502  return STATUS_ERROR;
503  }
504 
505  /*
506  * Allocate space to hold the startup packet, plus one extra byte that's
507  * initialized to be zero. This ensures we will have null termination of
508  * all strings inside the packet.
509  */
510  buf = palloc(len + 1);
511  buf[len] = '\0';
512 
513  if (pq_getbytes(buf, len) == EOF)
514  {
516  (errcode(ERRCODE_PROTOCOL_VIOLATION),
517  errmsg("incomplete startup packet")));
518  return STATUS_ERROR;
519  }
520  pq_endmsgread();
521 
522  /*
523  * The first field is either a protocol version number or a special
524  * request code.
525  */
526  port->proto = proto = pg_ntoh32(*((ProtocolVersion *) buf));
527 
528  if (proto == CANCEL_REQUEST_CODE)
529  {
530  CancelRequestPacket *canc;
531  int backendPID;
532  int32 cancelAuthCode;
533 
534  if (len != sizeof(CancelRequestPacket))
535  {
537  (errcode(ERRCODE_PROTOCOL_VIOLATION),
538  errmsg("invalid length of startup packet")));
539  return STATUS_ERROR;
540  }
541  canc = (CancelRequestPacket *) buf;
542  backendPID = (int) pg_ntoh32(canc->backendPID);
543  cancelAuthCode = (int32) pg_ntoh32(canc->cancelAuthCode);
544 
545  processCancelRequest(backendPID, cancelAuthCode);
546  /* Not really an error, but we don't want to proceed further */
547  return STATUS_ERROR;
548  }
549 
550  if (proto == NEGOTIATE_SSL_CODE && !ssl_done)
551  {
552  char SSLok;
553 
554 #ifdef USE_SSL
555 
556  /*
557  * No SSL when disabled or on Unix sockets.
558  *
559  * Also no SSL negotiation if we already have a direct SSL connection
560  */
561  if (!LoadedSSL || port->laddr.addr.ss_family == AF_UNIX || port->ssl_in_use)
562  SSLok = 'N';
563  else
564  SSLok = 'S'; /* Support for SSL */
565 #else
566  SSLok = 'N'; /* No support for SSL */
567 #endif
568 
570  {
571  if (SSLok == 'S')
572  ereport(LOG,
573  (errmsg("SSLRequest accepted")));
574  else
575  ereport(LOG,
576  (errmsg("SSLRequest rejected")));
577  }
578 
579  while (secure_write(port, &SSLok, 1) != 1)
580  {
581  if (errno == EINTR)
582  continue; /* if interrupted, just retry */
585  errmsg("failed to send SSL negotiation response: %m")));
586  return STATUS_ERROR; /* close the connection */
587  }
588 
589 #ifdef USE_SSL
590  if (SSLok == 'S' && secure_open_server(port) == -1)
591  return STATUS_ERROR;
592 #endif
593 
594  /*
595  * At this point we should have no data already buffered. If we do,
596  * it was received before we performed the SSL handshake, so it wasn't
597  * encrypted and indeed may have been injected by a man-in-the-middle.
598  * We report this case to the client.
599  */
600  if (pq_buffer_remaining_data() > 0)
601  ereport(FATAL,
602  (errcode(ERRCODE_PROTOCOL_VIOLATION),
603  errmsg("received unencrypted data after SSL request"),
604  errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
605 
606  /*
607  * regular startup packet, cancel, etc packet should follow, but not
608  * another SSL negotiation request, and a GSS request should only
609  * follow if SSL was rejected (client may negotiate in either order)
610  */
611  return ProcessStartupPacket(port, true, SSLok == 'S');
612  }
613  else if (proto == NEGOTIATE_GSS_CODE && !gss_done)
614  {
615  char GSSok = 'N';
616 
617 #ifdef ENABLE_GSS
618  /* No GSSAPI encryption when on Unix socket */
619  if (port->laddr.addr.ss_family != AF_UNIX)
620  GSSok = 'G';
621 #endif
622 
624  {
625  if (GSSok == 'G')
626  ereport(LOG,
627  (errmsg("GSSENCRequest accepted")));
628  else
629  ereport(LOG,
630  (errmsg("GSSENCRequest rejected")));
631  }
632 
633  while (secure_write(port, &GSSok, 1) != 1)
634  {
635  if (errno == EINTR)
636  continue;
639  errmsg("failed to send GSSAPI negotiation response: %m")));
640  return STATUS_ERROR; /* close the connection */
641  }
642 
643 #ifdef ENABLE_GSS
644  if (GSSok == 'G' && secure_open_gssapi(port) == -1)
645  return STATUS_ERROR;
646 #endif
647 
648  /*
649  * At this point we should have no data already buffered. If we do,
650  * it was received before we performed the GSS handshake, so it wasn't
651  * encrypted and indeed may have been injected by a man-in-the-middle.
652  * We report this case to the client.
653  */
654  if (pq_buffer_remaining_data() > 0)
655  ereport(FATAL,
656  (errcode(ERRCODE_PROTOCOL_VIOLATION),
657  errmsg("received unencrypted data after GSSAPI encryption request"),
658  errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
659 
660  /*
661  * regular startup packet, cancel, etc packet should follow, but not
662  * another GSS negotiation request, and an SSL request should only
663  * follow if GSS was rejected (client may negotiate in either order)
664  */
665  return ProcessStartupPacket(port, GSSok == 'G', true);
666  }
667 
668  /* Could add additional special packet types here */
669 
670  /*
671  * Set FrontendProtocol now so that ereport() knows what format to send if
672  * we fail during startup.
673  */
674  FrontendProtocol = proto;
675 
676  /* Check that the major protocol version is in range. */
679  ereport(FATAL,
680  (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
681  errmsg("unsupported frontend protocol %u.%u: server supports %u.0 to %u.%u",
682  PG_PROTOCOL_MAJOR(proto), PG_PROTOCOL_MINOR(proto),
686 
687  /*
688  * Now fetch parameters out of startup packet and save them into the Port
689  * structure.
690  */
692 
693  /* Handle protocol version 3 startup packet */
694  {
695  int32 offset = sizeof(ProtocolVersion);
696  List *unrecognized_protocol_options = NIL;
697 
698  /*
699  * Scan packet body for name/option pairs. We can assume any string
700  * beginning within the packet body is null-terminated, thanks to
701  * zeroing extra byte above.
702  */
703  port->guc_options = NIL;
704 
705  while (offset < len)
706  {
707  char *nameptr = buf + offset;
708  int32 valoffset;
709  char *valptr;
710 
711  if (*nameptr == '\0')
712  break; /* found packet terminator */
713  valoffset = offset + strlen(nameptr) + 1;
714  if (valoffset >= len)
715  break; /* missing value, will complain below */
716  valptr = buf + valoffset;
717 
718  if (strcmp(nameptr, "database") == 0)
719  port->database_name = pstrdup(valptr);
720  else if (strcmp(nameptr, "user") == 0)
721  port->user_name = pstrdup(valptr);
722  else if (strcmp(nameptr, "options") == 0)
723  port->cmdline_options = pstrdup(valptr);
724  else if (strcmp(nameptr, "replication") == 0)
725  {
726  /*
727  * Due to backward compatibility concerns the replication
728  * parameter is a hybrid beast which allows the value to be
729  * either boolean or the string 'database'. The latter
730  * connects to a specific database which is e.g. required for
731  * logical decoding while.
732  */
733  if (strcmp(valptr, "database") == 0)
734  {
735  am_walsender = true;
736  am_db_walsender = true;
737  }
738  else if (!parse_bool(valptr, &am_walsender))
739  ereport(FATAL,
740  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
741  errmsg("invalid value for parameter \"%s\": \"%s\"",
742  "replication",
743  valptr),
744  errhint("Valid values are: \"false\", 0, \"true\", 1, \"database\".")));
745  }
746  else if (strncmp(nameptr, "_pq_.", 5) == 0)
747  {
748  /*
749  * Any option beginning with _pq_. is reserved for use as a
750  * protocol-level option, but at present no such options are
751  * defined.
752  */
753  unrecognized_protocol_options =
754  lappend(unrecognized_protocol_options, pstrdup(nameptr));
755  }
756  else
757  {
758  /* Assume it's a generic GUC option */
759  port->guc_options = lappend(port->guc_options,
760  pstrdup(nameptr));
761  port->guc_options = lappend(port->guc_options,
762  pstrdup(valptr));
763 
764  /*
765  * Copy application_name to port if we come across it. This
766  * is done so we can log the application_name in the
767  * connection authorization message. Note that the GUC would
768  * be used but we haven't gone through GUC setup yet.
769  */
770  if (strcmp(nameptr, "application_name") == 0)
771  {
772  port->application_name = pg_clean_ascii(valptr, 0);
773  }
774  }
775  offset = valoffset + strlen(valptr) + 1;
776  }
777 
778  /*
779  * If we didn't find a packet terminator exactly at the end of the
780  * given packet length, complain.
781  */
782  if (offset != len - 1)
783  ereport(FATAL,
784  (errcode(ERRCODE_PROTOCOL_VIOLATION),
785  errmsg("invalid startup packet layout: expected terminator as last byte")));
786 
787  /*
788  * If the client requested a newer protocol version or if the client
789  * requested any protocol options we didn't recognize, let them know
790  * the newest minor protocol version we do support and the names of
791  * any unrecognized options.
792  */
794  unrecognized_protocol_options != NIL)
795  SendNegotiateProtocolVersion(unrecognized_protocol_options);
796  }
797 
798  /* Check a user name was given. */
799  if (port->user_name == NULL || port->user_name[0] == '\0')
800  ereport(FATAL,
801  (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
802  errmsg("no PostgreSQL user name specified in startup packet")));
803 
804  /* The database defaults to the user name. */
805  if (port->database_name == NULL || port->database_name[0] == '\0')
806  port->database_name = pstrdup(port->user_name);
807 
808  if (am_walsender)
810  else
812 
813  /*
814  * Normal walsender backends, e.g. for streaming replication, are not
815  * connected to a particular database. But walsenders used for logical
816  * replication need to connect to a specific database. We allow streaming
817  * replication commands to be issued even if connected to a database as it
818  * can make sense to first make a basebackup and then stream changes
819  * starting from that.
820  */
822  port->database_name[0] = '\0';
823 
824  /*
825  * Done filling the Port structure
826  */
827  MemoryContextSwitchTo(oldcontext);
828 
829  return STATUS_OK;
830 }
831 
832 /*
833  * Send a NegotiateProtocolVersion to the client. This lets the client know
834  * that they have requested a newer minor protocol version than we are able
835  * to speak. We'll speak the highest version we know about; the client can,
836  * of course, abandon the connection if that's a problem.
837  *
838  * We also include in the response a list of protocol options we didn't
839  * understand. This allows clients to include optional parameters that might
840  * be present either in newer protocol versions or third-party protocol
841  * extensions without fear of having to reconnect if those options are not
842  * understood, while at the same time making certain that the client is aware
843  * of which options were actually accepted.
844  */
845 static void
846 SendNegotiateProtocolVersion(List *unrecognized_protocol_options)
847 {
849  ListCell *lc;
850 
853  pq_sendint32(&buf, list_length(unrecognized_protocol_options));
854  foreach(lc, unrecognized_protocol_options)
855  pq_sendstring(&buf, lfirst(lc));
856  pq_endmessage(&buf);
857 
858  /* no need to flush, some other message will follow */
859 }
860 
861 
862 /*
863  * SIGTERM while processing startup packet.
864  *
865  * Running proc_exit() from a signal handler would be quite unsafe.
866  * However, since we have not yet touched shared memory, we can just
867  * pull the plug and exit without running any atexit handlers.
868  *
869  * One might be tempted to try to send a message, or log one, indicating
870  * why we are disconnecting. However, that would be quite unsafe in itself.
871  * Also, it seems undesirable to provide clues about the database's state
872  * to a client that has not yet completed authentication, or even sent us
873  * a startup packet.
874  */
875 static void
877 {
878  _exit(1);
879 }
880 
881 /*
882  * Timeout while processing startup packet.
883  * As for process_startup_packet_die(), we exit via _exit(1).
884  */
885 static void
887 {
888  _exit(1);
889 }
sigset_t StartupBlockSig
Definition: pqsignal.c:24
sigset_t BlockSig
Definition: pqsignal.c:23
bool Trace_connection_negotiation
static void SendNegotiateProtocolVersion(List *unrecognized_protocol_options)
void BackendMain(char *startup_data, size_t startup_data_len)
static void process_startup_packet_die(SIGNAL_ARGS)
static void StartupPacketTimeoutHandler(void)
static void BackendInitialize(ClientSocket *client_sock, CAC_state cac)
static int ProcessSSLStartup(Port *port)
static int ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done)
CAC_state
@ CAC_TOOMANY
@ CAC_OK
@ CAC_RECOVERY
@ CAC_NOTCONSISTENT
@ CAC_STARTUP
@ CAC_SHUTDOWN
ssize_t secure_open_gssapi(Port *port)
int secure_initialize(bool isServerStart)
Definition: be-secure.c:73
ssize_t secure_write(Port *port, void *ptr, size_t len)
Definition: be-secure.c:301
int secure_open_server(Port *port)
Definition: be-secure.c:110
bool parse_bool(const char *value, bool *result)
Definition: bool.c:30
#define STATUS_OK
Definition: c.h:1169
signed int int32
Definition: c.h:494
#define SIGNAL_ARGS
Definition: c.h:1345
#define Assert(condition)
Definition: c.h:858
#define STATUS_ERROR
Definition: c.h:1170
@ DestRemote
Definition: dest.h:89
int errcode_for_socket_access(void)
Definition: elog.c:953
int errmsg_internal(const char *fmt,...)
Definition: elog.c:1157
int errdetail(const char *fmt,...)
Definition: elog.c:1203
int errhint(const char *fmt,...)
Definition: elog.c:1317
int errcode(int sqlerrcode)
Definition: elog.c:857
int errmsg(const char *fmt,...)
Definition: elog.c:1070
#define LOG
Definition: elog.h:31
#define COMMERROR
Definition: elog.h:33
#define FATAL
Definition: elog.h:41
#define WARNING
Definition: elog.h:36
#define ereport(elevel,...)
Definition: elog.h:149
void ReserveExternalFD(void)
Definition: fd.c:1221
#define ERRCODE_CANNOT_CONNECT_NOW
Definition: fe-connect.c:91
struct ClientSocket * MyClientSocket
Definition: globals.c:48
ProtocolVersion FrontendProtocol
Definition: globals.c:28
struct Port * MyProcPort
Definition: globals.c:49
int pg_getnameinfo_all(const struct sockaddr_storage *addr, int salen, char *node, int nodelen, char *service, int servicelen, int flags)
Definition: ip.c:114
void check_on_shmem_exit_lists_are_empty(void)
Definition: ipc.c:432
void proc_exit(int code)
Definition: ipc.c:104
List * lappend(List *list, void *datum)
Definition: list.c:339
char * pstrdup(const char *in)
Definition: mcxt.c:1695
void pfree(void *pointer)
Definition: mcxt.c:1520
MemoryContext TopMemoryContext
Definition: mcxt.c:149
void * palloc(Size size)
Definition: mcxt.c:1316
@ B_WAL_SENDER
Definition: miscadmin.h:342
@ B_BACKEND
Definition: miscadmin.h:338
const char * GetBackendTypeDesc(BackendType backendType)
Definition: miscinit.c:263
BackendType MyBackendType
Definition: miscinit.c:63
#define pg_ntoh32(x)
Definition: pg_bswap.h:125
const void size_t len
#define lfirst(lc)
Definition: pg_list.h:172
static int list_length(const List *l)
Definition: pg_list.h:152
#define NIL
Definition: pg_list.h:68
static int port
Definition: pg_regress.c:116
static char * buf
Definition: pg_test_fsync.c:73
pqsigfunc pqsignal(int signo, pqsigfunc func)
CommandDest whereToSendOutput
Definition: postgres.c:90
void PostgresMain(const char *dbname, const char *username)
Definition: postgres.c:4152
int PreAuthDelay
Definition: postmaster.c:227
bool log_hostname
Definition: postmaster.c:230
bool Log_connections
Definition: postmaster.c:231
bool ClientAuthInProgress
Definition: postmaster.c:350
void processCancelRequest(int backendPID, int32 cancelAuthCode)
Definition: postmaster.c:1835
int AuthenticationTimeout
Definition: postmaster.c:228
bool EnableSSL
Definition: postmaster.c:225
PGDLLIMPORT bool LoadedSSL
int pq_peekbyte(void)
Definition: pqcomm.c:982
int pq_getbytes(char *s, size_t len)
Definition: pqcomm.c:1062
Port * pq_init(ClientSocket *client_sock)
Definition: pqcomm.c:173
ssize_t pq_buffer_remaining_data(void)
Definition: pqcomm.c:1126
void pq_endmsgread(void)
Definition: pqcomm.c:1164
void pq_startmsgread(void)
Definition: pqcomm.c:1140
#define PG_PROTOCOL_MAJOR(v)
Definition: pqcomm.h:87
#define PG_PROTOCOL_EARLIEST
Definition: pqcomm.h:96
#define CANCEL_REQUEST_CODE
Definition: pqcomm.h:132
#define MAX_STARTUP_PACKET_LENGTH
Definition: pqcomm.h:118
#define PG_PROTOCOL_LATEST
Definition: pqcomm.h:97
#define NEGOTIATE_GSS_CODE
Definition: pqcomm.h:167
#define NEGOTIATE_SSL_CODE
Definition: pqcomm.h:166
uint32 ProtocolVersion
Definition: pqcomm.h:99
#define PG_PROTOCOL_MINOR(v)
Definition: pqcomm.h:88
void pq_sendstring(StringInfo buf, const char *str)
Definition: pqformat.c:195
void pq_endmessage(StringInfo buf)
Definition: pqformat.c:296
void pq_beginmessage(StringInfo buf, char msgtype)
Definition: pqformat.c:88
static void pq_sendint32(StringInfo buf, uint32 i)
Definition: pqformat.h:144
#define PqMsg_NegotiateProtocolVersion
Definition: protocol.h:59
void init_ps_display(const char *fixed_part)
Definition: ps_status.c:267
static void set_ps_display(const char *activity)
Definition: ps_status.h:40
MemoryContextSwitchTo(old_ctx)
void pg_usleep(long microsec)
Definition: signal.c:53
const char * gai_strerror(int ecode)
void InitProcess(void)
Definition: proc.c:296
char * pg_clean_ascii(const char *str, int alloc_flags)
Definition: string.c:86
void appendStringInfo(StringInfo str, const char *fmt,...)
Definition: stringinfo.c:97
void appendStringInfoString(StringInfo str, const char *s)
Definition: stringinfo.c:182
void initStringInfo(StringInfo str)
Definition: stringinfo.c:59
CAC_state canAcceptConnections
uint32 backendPID
Definition: pqcomm.h:138
uint32 cancelAuthCode
Definition: pqcomm.h:139
Definition: pg_list.h:54
Definition: libpq-be.h:133
char * user_name
Definition: libpq-be.h:152
char * database_name
Definition: libpq-be.h:151
void enable_timeout_after(TimeoutId id, int delay_ms)
Definition: timeout.c:560
void InitializeTimeouts(void)
Definition: timeout.c:470
void disable_timeout(TimeoutId id, bool keep_indicator)
Definition: timeout.c:685
TimeoutId RegisterTimeout(TimeoutId id, timeout_handler_proc handler)
Definition: timeout.c:505
@ STARTUP_PACKET_TIMEOUT
Definition: timeout.h:26
bool am_walsender
Definition: walsender.c:115
bool am_db_walsender
Definition: walsender.c:118
#define EINTR
Definition: win32_port.h:374
bool EnableHotStandby
Definition: xlog.c:121