PostgreSQL Source Code  git master
libpq.h File Reference
#include <netinet/in.h>
#include "lib/stringinfo.h"
#include "libpq/libpq-be.h"
#include "storage/latch.h"
Include dependency graph for libpq.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  PQcommMethods
 

Macros

#define PQ_SMALL_MESSAGE_LIMIT   10000
 
#define PQ_LARGE_MESSAGE_LIMIT   (MaxAllocSize - 1)
 
#define pq_comm_reset()   (PqCommMethods->comm_reset())
 
#define pq_flush()   (PqCommMethods->flush())
 
#define pq_flush_if_writable()   (PqCommMethods->flush_if_writable())
 
#define pq_is_send_pending()   (PqCommMethods->is_send_pending())
 
#define pq_putmessage(msgtype, s, len)    (PqCommMethods->putmessage(msgtype, s, len))
 
#define pq_putmessage_noblock(msgtype, s, len)    (PqCommMethods->putmessage_noblock(msgtype, s, len))
 
#define FeBeWaitSetSocketPos   0
 
#define FeBeWaitSetLatchPos   1
 
#define FeBeWaitSetNEvents   3
 

Enumerations

enum  ssl_protocol_versions {
  PG_TLS_ANY = 0 , PG_TLS1_VERSION , PG_TLS1_1_VERSION , PG_TLS1_2_VERSION ,
  PG_TLS1_3_VERSION
}
 

Functions

int ListenServerPort (int family, const char *hostName, unsigned short portNumber, const char *unixSocketDir, pgsocket ListenSocket[], int *NumListenSockets, int MaxListen)
 
int AcceptConnection (pgsocket server_fd, ClientSocket *client_sock)
 
void TouchSocketFiles (void)
 
void RemoveSocketFiles (void)
 
Portpq_init (ClientSocket *client_sock)
 
int pq_getbytes (char *s, size_t len)
 
void pq_startmsgread (void)
 
void pq_endmsgread (void)
 
bool pq_is_reading_msg (void)
 
int pq_getmessage (StringInfo s, int maxlen)
 
int pq_getbyte (void)
 
int pq_peekbyte (void)
 
int pq_getbyte_if_available (unsigned char *c)
 
ssize_t pq_buffer_remaining_data (void)
 
int pq_putmessage_v2 (char msgtype, const char *s, size_t len)
 
bool pq_check_connection (void)
 
int secure_initialize (bool isServerStart)
 
bool secure_loaded_verify_locations (void)
 
void secure_destroy (void)
 
int secure_open_server (Port *port)
 
void secure_close (Port *port)
 
ssize_t secure_read (Port *port, void *ptr, size_t len)
 
ssize_t secure_write (Port *port, void *ptr, size_t len)
 
ssize_t secure_raw_read (Port *port, void *ptr, size_t len)
 
ssize_t secure_raw_write (Port *port, const void *ptr, size_t len)
 
int run_ssl_passphrase_command (const char *prompt, bool is_server_start, char *buf, int size)
 
bool check_ssl_key_file_permissions (const char *ssl_key_file, bool isServerStart)
 

Variables

const PGDLLIMPORT PQcommMethodsPqCommMethods
 
PGDLLIMPORT WaitEventSetFeBeWaitSet
 
PGDLLIMPORT char * ssl_library
 
PGDLLIMPORT char * ssl_cert_file
 
PGDLLIMPORT char * ssl_key_file
 
PGDLLIMPORT char * ssl_ca_file
 
PGDLLIMPORT char * ssl_crl_file
 
PGDLLIMPORT char * ssl_crl_dir
 
PGDLLIMPORT char * ssl_dh_params_file
 
PGDLLIMPORT char * ssl_passphrase_command
 
PGDLLIMPORT bool ssl_passphrase_command_supports_reload
 
PGDLLIMPORT char * SSLCipherSuites
 
PGDLLIMPORT char * SSLECDHCurve
 
PGDLLIMPORT bool SSLPreferServerCiphers
 
PGDLLIMPORT int ssl_min_protocol_version
 
PGDLLIMPORT int ssl_max_protocol_version
 

Macro Definition Documentation

◆ FeBeWaitSetLatchPos

#define FeBeWaitSetLatchPos   1

Definition at line 64 of file libpq.h.

◆ FeBeWaitSetNEvents

#define FeBeWaitSetNEvents   3

Definition at line 65 of file libpq.h.

◆ FeBeWaitSetSocketPos

#define FeBeWaitSetSocketPos   0

Definition at line 63 of file libpq.h.

◆ pq_comm_reset

#define pq_comm_reset ( )    (PqCommMethods->comm_reset())

Definition at line 45 of file libpq.h.

◆ pq_flush

#define pq_flush ( )    (PqCommMethods->flush())

Definition at line 46 of file libpq.h.

◆ pq_flush_if_writable

#define pq_flush_if_writable ( )    (PqCommMethods->flush_if_writable())

Definition at line 47 of file libpq.h.

◆ pq_is_send_pending

#define pq_is_send_pending ( )    (PqCommMethods->is_send_pending())

Definition at line 48 of file libpq.h.

◆ PQ_LARGE_MESSAGE_LIMIT

#define PQ_LARGE_MESSAGE_LIMIT   (MaxAllocSize - 1)

Definition at line 31 of file libpq.h.

◆ pq_putmessage

#define pq_putmessage (   msgtype,
  s,
  len 
)     (PqCommMethods->putmessage(msgtype, s, len))

Definition at line 49 of file libpq.h.

◆ pq_putmessage_noblock

#define pq_putmessage_noblock (   msgtype,
  s,
  len 
)     (PqCommMethods->putmessage_noblock(msgtype, s, len))

Definition at line 51 of file libpq.h.

◆ PQ_SMALL_MESSAGE_LIMIT

#define PQ_SMALL_MESSAGE_LIMIT   10000

Definition at line 30 of file libpq.h.

Enumeration Type Documentation

◆ ssl_protocol_versions

Enumerator
PG_TLS_ANY 
PG_TLS1_VERSION 
PG_TLS1_1_VERSION 
PG_TLS1_2_VERSION 
PG_TLS1_3_VERSION 

Definition at line 126 of file libpq.h.

127 {
128  PG_TLS_ANY = 0,
133 };
@ PG_TLS1_VERSION
Definition: libpq.h:129
@ PG_TLS1_3_VERSION
Definition: libpq.h:132
@ PG_TLS1_1_VERSION
Definition: libpq.h:130
@ PG_TLS1_2_VERSION
Definition: libpq.h:131
@ PG_TLS_ANY
Definition: libpq.h:128

Function Documentation

◆ AcceptConnection()

int AcceptConnection ( pgsocket  server_fd,
ClientSocket client_sock 
)

Definition at line 793 of file pqcomm.c.

794 {
795  /* accept connection and fill in the client (remote) address */
796  client_sock->raddr.salen = sizeof(client_sock->raddr.addr);
797  if ((client_sock->sock = accept(server_fd,
798  (struct sockaddr *) &client_sock->raddr.addr,
799  &client_sock->raddr.salen)) == PGINVALID_SOCKET)
800  {
801  ereport(LOG,
803  errmsg("could not accept new connection: %m")));
804 
805  /*
806  * If accept() fails then postmaster.c will still see the server
807  * socket as read-ready, and will immediately try again. To avoid
808  * uselessly sucking lots of CPU, delay a bit before trying again.
809  * (The most likely reason for failure is being out of kernel file
810  * table slots; we can do little except hope some will get freed up.)
811  */
812  pg_usleep(100000L); /* wait 0.1 sec */
813  return STATUS_ERROR;
814  }
815 
816  return STATUS_OK;
817 }
#define STATUS_OK
Definition: c.h:1169
#define STATUS_ERROR
Definition: c.h:1170
int errcode_for_socket_access(void)
Definition: elog.c:953
int errmsg(const char *fmt,...)
Definition: elog.c:1070
#define LOG
Definition: elog.h:31
#define ereport(elevel,...)
Definition: elog.h:149
#define PGINVALID_SOCKET
Definition: port.h:31
void pg_usleep(long microsec)
Definition: signal.c:53
SockAddr raddr
Definition: libpq-be.h:239
pgsocket sock
Definition: libpq-be.h:238
struct sockaddr_storage addr
Definition: pqcomm.h:32
socklen_t salen
Definition: pqcomm.h:33
#define accept(s, addr, addrlen)
Definition: win32_port.h:493

References accept, SockAddr::addr, ereport, errcode_for_socket_access(), errmsg(), LOG, pg_usleep(), PGINVALID_SOCKET, ClientSocket::raddr, SockAddr::salen, ClientSocket::sock, STATUS_ERROR, and STATUS_OK.

Referenced by ServerLoop().

◆ check_ssl_key_file_permissions()

bool check_ssl_key_file_permissions ( const char *  ssl_key_file,
bool  isServerStart 
)

Definition at line 114 of file be-secure-common.c.

115 {
116  int loglevel = isServerStart ? FATAL : LOG;
117  struct stat buf;
118 
119  if (stat(ssl_key_file, &buf) != 0)
120  {
121  ereport(loglevel,
123  errmsg("could not access private key file \"%s\": %m",
124  ssl_key_file)));
125  return false;
126  }
127 
128  /* Key file must be a regular file */
129  if (!S_ISREG(buf.st_mode))
130  {
131  ereport(loglevel,
132  (errcode(ERRCODE_CONFIG_FILE_ERROR),
133  errmsg("private key file \"%s\" is not a regular file",
134  ssl_key_file)));
135  return false;
136  }
137 
138  /*
139  * Refuse to load key files owned by users other than us or root, and
140  * require no public access to the key file. If the file is owned by us,
141  * require mode 0600 or less. If owned by root, require 0640 or less to
142  * allow read access through either our gid or a supplementary gid that
143  * allows us to read system-wide certificates.
144  *
145  * Note that roughly similar checks are performed in
146  * src/interfaces/libpq/fe-secure-openssl.c so any changes here may need
147  * to be made there as well. The environment is different though; this
148  * code can assume that we're not running as root.
149  *
150  * Ideally we would do similar permissions checks on Windows, but it is
151  * not clear how that would work since Unix-style permissions may not be
152  * available.
153  */
154 #if !defined(WIN32) && !defined(__CYGWIN__)
155  if (buf.st_uid != geteuid() && buf.st_uid != 0)
156  {
157  ereport(loglevel,
158  (errcode(ERRCODE_CONFIG_FILE_ERROR),
159  errmsg("private key file \"%s\" must be owned by the database user or root",
160  ssl_key_file)));
161  return false;
162  }
163 
164  if ((buf.st_uid == geteuid() && buf.st_mode & (S_IRWXG | S_IRWXO)) ||
165  (buf.st_uid == 0 && buf.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)))
166  {
167  ereport(loglevel,
168  (errcode(ERRCODE_CONFIG_FILE_ERROR),
169  errmsg("private key file \"%s\" has group or world access",
170  ssl_key_file),
171  errdetail("File must have permissions u=rw (0600) or less if owned by the database user, or permissions u=rw,g=r (0640) or less if owned by root.")));
172  return false;
173  }
174 #endif
175 
176  return true;
177 }
char * ssl_key_file
Definition: be-secure.c:37
int errcode_for_file_access(void)
Definition: elog.c:880
int errdetail(const char *fmt,...)
Definition: elog.c:1203
int errcode(int sqlerrcode)
Definition: elog.c:857
#define FATAL
Definition: elog.h:41
static char * buf
Definition: pg_test_fsync.c:73
#define S_IXGRP
Definition: win32_port.h:307
#define stat
Definition: win32_port.h:284
#define S_IRWXG
Definition: win32_port.h:310
#define S_IRWXO
Definition: win32_port.h:322
#define S_ISREG(m)
Definition: win32_port.h:328
#define S_IWGRP
Definition: win32_port.h:304

References buf, ereport, errcode(), errcode_for_file_access(), errdetail(), errmsg(), FATAL, LOG, S_IRWXG, S_IRWXO, S_ISREG, S_IWGRP, S_IXGRP, ssl_key_file, and stat.

Referenced by be_tls_init().

◆ ListenServerPort()

int ListenServerPort ( int  family,
const char *  hostName,
unsigned short  portNumber,
const char *  unixSocketDir,
pgsocket  ListenSocket[],
int *  NumListenSockets,
int  MaxListen 
)

Definition at line 417 of file pqcomm.c.

420 {
421  pgsocket fd;
422  int err;
423  int maxconn;
424  int ret;
425  char portNumberStr[32];
426  const char *familyDesc;
427  char familyDescBuf[64];
428  const char *addrDesc;
429  char addrBuf[NI_MAXHOST];
430  char *service;
431  struct addrinfo *addrs = NULL,
432  *addr;
433  struct addrinfo hint;
434  int added = 0;
435  char unixSocketPath[MAXPGPATH];
436 #if !defined(WIN32) || defined(IPV6_V6ONLY)
437  int one = 1;
438 #endif
439 
440  /* Initialize hint structure */
441  MemSet(&hint, 0, sizeof(hint));
442  hint.ai_family = family;
443  hint.ai_flags = AI_PASSIVE;
444  hint.ai_socktype = SOCK_STREAM;
445 
446  if (family == AF_UNIX)
447  {
448  /*
449  * Create unixSocketPath from portNumber and unixSocketDir and lock
450  * that file path
451  */
452  UNIXSOCK_PATH(unixSocketPath, portNumber, unixSocketDir);
453  if (strlen(unixSocketPath) >= UNIXSOCK_PATH_BUFLEN)
454  {
455  ereport(LOG,
456  (errmsg("Unix-domain socket path \"%s\" is too long (maximum %d bytes)",
457  unixSocketPath,
458  (int) (UNIXSOCK_PATH_BUFLEN - 1))));
459  return STATUS_ERROR;
460  }
461  if (Lock_AF_UNIX(unixSocketDir, unixSocketPath) != STATUS_OK)
462  return STATUS_ERROR;
463  service = unixSocketPath;
464  }
465  else
466  {
467  snprintf(portNumberStr, sizeof(portNumberStr), "%d", portNumber);
468  service = portNumberStr;
469  }
470 
471  ret = pg_getaddrinfo_all(hostName, service, &hint, &addrs);
472  if (ret || !addrs)
473  {
474  if (hostName)
475  ereport(LOG,
476  (errmsg("could not translate host name \"%s\", service \"%s\" to address: %s",
477  hostName, service, gai_strerror(ret))));
478  else
479  ereport(LOG,
480  (errmsg("could not translate service \"%s\" to address: %s",
481  service, gai_strerror(ret))));
482  if (addrs)
483  pg_freeaddrinfo_all(hint.ai_family, addrs);
484  return STATUS_ERROR;
485  }
486 
487  for (addr = addrs; addr; addr = addr->ai_next)
488  {
489  if (family != AF_UNIX && addr->ai_family == AF_UNIX)
490  {
491  /*
492  * Only set up a unix domain socket when they really asked for it.
493  * The service/port is different in that case.
494  */
495  continue;
496  }
497 
498  /* See if there is still room to add 1 more socket. */
499  if (*NumListenSockets == MaxListen)
500  {
501  ereport(LOG,
502  (errmsg("could not bind to all requested addresses: MAXLISTEN (%d) exceeded",
503  MaxListen)));
504  break;
505  }
506 
507  /* set up address family name for log messages */
508  switch (addr->ai_family)
509  {
510  case AF_INET:
511  familyDesc = _("IPv4");
512  break;
513  case AF_INET6:
514  familyDesc = _("IPv6");
515  break;
516  case AF_UNIX:
517  familyDesc = _("Unix");
518  break;
519  default:
520  snprintf(familyDescBuf, sizeof(familyDescBuf),
521  _("unrecognized address family %d"),
522  addr->ai_family);
523  familyDesc = familyDescBuf;
524  break;
525  }
526 
527  /* set up text form of address for log messages */
528  if (addr->ai_family == AF_UNIX)
529  addrDesc = unixSocketPath;
530  else
531  {
532  pg_getnameinfo_all((const struct sockaddr_storage *) addr->ai_addr,
533  addr->ai_addrlen,
534  addrBuf, sizeof(addrBuf),
535  NULL, 0,
536  NI_NUMERICHOST);
537  addrDesc = addrBuf;
538  }
539 
540  if ((fd = socket(addr->ai_family, SOCK_STREAM, 0)) == PGINVALID_SOCKET)
541  {
542  ereport(LOG,
544  /* translator: first %s is IPv4, IPv6, or Unix */
545  errmsg("could not create %s socket for address \"%s\": %m",
546  familyDesc, addrDesc)));
547  continue;
548  }
549 
550 #ifndef WIN32
551  /* Don't give the listen socket to any subprograms we execute. */
552  if (fcntl(fd, F_SETFD, FD_CLOEXEC) < 0)
553  elog(FATAL, "fcntl(F_SETFD) failed on socket: %m");
554 
555  /*
556  * Without the SO_REUSEADDR flag, a new postmaster can't be started
557  * right away after a stop or crash, giving "address already in use"
558  * error on TCP ports.
559  *
560  * On win32, however, this behavior only happens if the
561  * SO_EXCLUSIVEADDRUSE is set. With SO_REUSEADDR, win32 allows
562  * multiple servers to listen on the same address, resulting in
563  * unpredictable behavior. With no flags at all, win32 behaves as Unix
564  * with SO_REUSEADDR.
565  */
566  if (addr->ai_family != AF_UNIX)
567  {
568  if ((setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
569  (char *) &one, sizeof(one))) == -1)
570  {
571  ereport(LOG,
573  /* translator: third %s is IPv4, IPv6, or Unix */
574  errmsg("%s(%s) failed for %s address \"%s\": %m",
575  "setsockopt", "SO_REUSEADDR",
576  familyDesc, addrDesc)));
577  closesocket(fd);
578  continue;
579  }
580  }
581 #endif
582 
583 #ifdef IPV6_V6ONLY
584  if (addr->ai_family == AF_INET6)
585  {
586  if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY,
587  (char *) &one, sizeof(one)) == -1)
588  {
589  ereport(LOG,
591  /* translator: third %s is IPv4, IPv6, or Unix */
592  errmsg("%s(%s) failed for %s address \"%s\": %m",
593  "setsockopt", "IPV6_V6ONLY",
594  familyDesc, addrDesc)));
595  closesocket(fd);
596  continue;
597  }
598  }
599 #endif
600 
601  /*
602  * Note: This might fail on some OS's, like Linux older than
603  * 2.4.21-pre3, that don't have the IPV6_V6ONLY socket option, and map
604  * ipv4 addresses to ipv6. It will show ::ffff:ipv4 for all ipv4
605  * connections.
606  */
607  err = bind(fd, addr->ai_addr, addr->ai_addrlen);
608  if (err < 0)
609  {
610  int saved_errno = errno;
611 
612  ereport(LOG,
614  /* translator: first %s is IPv4, IPv6, or Unix */
615  errmsg("could not bind %s address \"%s\": %m",
616  familyDesc, addrDesc),
617  saved_errno == EADDRINUSE ?
618  (addr->ai_family == AF_UNIX ?
619  errhint("Is another postmaster already running on port %d?",
620  (int) portNumber) :
621  errhint("Is another postmaster already running on port %d?"
622  " If not, wait a few seconds and retry.",
623  (int) portNumber)) : 0));
624  closesocket(fd);
625  continue;
626  }
627 
628  if (addr->ai_family == AF_UNIX)
629  {
630  if (Setup_AF_UNIX(service) != STATUS_OK)
631  {
632  closesocket(fd);
633  break;
634  }
635  }
636 
637  /*
638  * Select appropriate accept-queue length limit. It seems reasonable
639  * to use a value similar to the maximum number of child processes
640  * that the postmaster will permit.
641  */
642  maxconn = MaxConnections * 2;
643 
644  err = listen(fd, maxconn);
645  if (err < 0)
646  {
647  ereport(LOG,
649  /* translator: first %s is IPv4, IPv6, or Unix */
650  errmsg("could not listen on %s address \"%s\": %m",
651  familyDesc, addrDesc)));
652  closesocket(fd);
653  continue;
654  }
655 
656  if (addr->ai_family == AF_UNIX)
657  ereport(LOG,
658  (errmsg("listening on Unix socket \"%s\"",
659  addrDesc)));
660  else
661  ereport(LOG,
662  /* translator: first %s is IPv4 or IPv6 */
663  (errmsg("listening on %s address \"%s\", port %d",
664  familyDesc, addrDesc, (int) portNumber)));
665 
667  (*NumListenSockets)++;
668  added++;
669  }
670 
671  pg_freeaddrinfo_all(hint.ai_family, addrs);
672 
673  if (!added)
674  return STATUS_ERROR;
675 
676  return STATUS_OK;
677 }
#define MemSet(start, val, len)
Definition: c.h:1020
int errhint(const char *fmt,...)
Definition: elog.c:1317
#define _(x)
Definition: elog.c:90
#define elog(elevel,...)
Definition: elog.h:224
void err(int eval, const char *fmt,...)
Definition: err.c:43
int MaxConnections
Definition: globals.c:140
void pg_freeaddrinfo_all(int hint_ai_family, struct addrinfo *ai)
Definition: ip.c:82
int pg_getnameinfo_all(const struct sockaddr_storage *addr, int salen, char *node, int nodelen, char *service, int servicelen, int flags)
Definition: ip.c:114
int pg_getaddrinfo_all(const char *hostname, const char *servname, const struct addrinfo *hintp, struct addrinfo **result)
Definition: ip.c:53
#define MAXPGPATH
int pgsocket
Definition: port.h:29
#define snprintf
Definition: port.h:238
#define closesocket
Definition: port.h:349
static pgsocket * ListenSockets
Definition: postmaster.c:222
static int NumListenSockets
Definition: postmaster.c:221
static int Lock_AF_UNIX(const char *unixSocketDir, const char *unixSocketPath)
Definition: pqcomm.c:684
static int Setup_AF_UNIX(const char *sock_path)
Definition: pqcomm.c:719
#define UNIXSOCK_PATH(path, port, sockdir)
Definition: pqcomm.h:44
#define UNIXSOCK_PATH_BUFLEN
Definition: pqcomm.h:60
static int fd(const char *x, int i)
Definition: preproc-init.c:105
const char * gai_strerror(int ecode)
#define bind(s, addr, addrlen)
Definition: win32_port.h:491
#define EADDRINUSE
Definition: win32_port.h:400
#define socket(af, type, protocol)
Definition: win32_port.h:490
#define listen(s, backlog)
Definition: win32_port.h:492

References _, bind, closesocket, EADDRINUSE, elog, ereport, err(), errcode_for_socket_access(), errhint(), errmsg(), FATAL, fd(), gai_strerror(), listen, ListenSockets, Lock_AF_UNIX(), LOG, MaxConnections, MAXPGPATH, MemSet, NumListenSockets, pg_freeaddrinfo_all(), pg_getaddrinfo_all(), pg_getnameinfo_all(), PGINVALID_SOCKET, Setup_AF_UNIX(), snprintf, socket, STATUS_ERROR, STATUS_OK, UNIXSOCK_PATH, and UNIXSOCK_PATH_BUFLEN.

Referenced by PostmasterMain().

◆ pq_buffer_remaining_data()

ssize_t pq_buffer_remaining_data ( void  )

Definition at line 1126 of file pqcomm.c.

1127 {
1129  return (PqRecvLength - PqRecvPointer);
1130 }
#define Assert(condition)
Definition: c.h:858
static int PqRecvLength
Definition: pqcomm.c:128
static int PqRecvPointer
Definition: pqcomm.c:127

References Assert, PqRecvLength, and PqRecvPointer.

Referenced by ProcessStartupPacket(), and secure_open_server().

◆ pq_check_connection()

bool pq_check_connection ( void  )

Definition at line 2053 of file pqcomm.c.

2054 {
2055  WaitEvent events[FeBeWaitSetNEvents];
2056  int rc;
2057 
2058  /*
2059  * It's OK to modify the socket event filter without restoring, because
2060  * all FeBeWaitSet socket wait sites do the same.
2061  */
2063 
2064 retry:
2065  rc = WaitEventSetWait(FeBeWaitSet, 0, events, lengthof(events), 0);
2066  for (int i = 0; i < rc; ++i)
2067  {
2068  if (events[i].events & WL_SOCKET_CLOSED)
2069  return false;
2070  if (events[i].events & WL_LATCH_SET)
2071  {
2072  /*
2073  * A latch event might be preventing other events from being
2074  * reported. Reset it and poll again. No need to restore it
2075  * because no code should expect latches to survive across
2076  * CHECK_FOR_INTERRUPTS().
2077  */
2079  goto retry;
2080  }
2081  }
2082 
2083  return true;
2084 }
#define lengthof(array)
Definition: c.h:788
struct Latch * MyLatch
Definition: globals.c:60
int i
Definition: isn.c:73
void ModifyWaitEvent(WaitEventSet *set, int pos, uint32 events, Latch *latch)
Definition: latch.c:1049
int WaitEventSetWait(WaitEventSet *set, long timeout, WaitEvent *occurred_events, int nevents, uint32 wait_event_info)
Definition: latch.c:1424
void ResetLatch(Latch *latch)
Definition: latch.c:724
#define WL_SOCKET_CLOSED
Definition: latch.h:139
#define WL_LATCH_SET
Definition: latch.h:127
#define FeBeWaitSetNEvents
Definition: libpq.h:65
#define FeBeWaitSetSocketPos
Definition: libpq.h:63
WaitEventSet * FeBeWaitSet
Definition: pqcomm.c:165

References FeBeWaitSet, FeBeWaitSetNEvents, FeBeWaitSetSocketPos, i, lengthof, ModifyWaitEvent(), MyLatch, ResetLatch(), WaitEventSetWait(), WL_LATCH_SET, and WL_SOCKET_CLOSED.

Referenced by ProcessInterrupts().

◆ pq_endmsgread()

void pq_endmsgread ( void  )

Definition at line 1164 of file pqcomm.c.

1165 {
1167 
1168  PqCommReadingMsg = false;
1169 }
static bool PqCommReadingMsg
Definition: pqcomm.c:134

References Assert, and PqCommReadingMsg.

Referenced by ProcessRepliesIfAny(), ProcessSSLStartup(), ProcessStartupPacket(), and secure_open_server().

◆ pq_getbyte()

int pq_getbyte ( void  )

Definition at line 963 of file pqcomm.c.

964 {
966 
967  while (PqRecvPointer >= PqRecvLength)
968  {
969  if (pq_recvbuf()) /* If nothing in buffer, then recv some */
970  return EOF; /* Failed to recv data */
971  }
972  return (unsigned char) PqRecvBuffer[PqRecvPointer++];
973 }
static int pq_recvbuf(void)
Definition: pqcomm.c:897
static char PqRecvBuffer[PQ_RECV_BUFFER_SIZE]
Definition: pqcomm.c:126

References Assert, pq_recvbuf(), PqCommReadingMsg, PqRecvBuffer, PqRecvLength, and PqRecvPointer.

Referenced by CheckSASLAuth(), CopyGetData(), HandleUploadManifestPacket(), recv_password_packet(), and SocketBackend().

◆ pq_getbyte_if_available()

int pq_getbyte_if_available ( unsigned char *  c)

Definition at line 1003 of file pqcomm.c.

1004 {
1005  int r;
1006 
1008 
1010  {
1012  return 1;
1013  }
1014 
1015  /* Put the socket into non-blocking mode */
1016  socket_set_nonblocking(true);
1017 
1018  errno = 0;
1019 
1020  r = secure_read(MyProcPort, c, 1);
1021  if (r < 0)
1022  {
1023  /*
1024  * Ok if no data available without blocking or interrupted (though
1025  * EINTR really shouldn't happen with a non-blocking socket). Report
1026  * other errors.
1027  */
1028  if (errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR)
1029  r = 0;
1030  else
1031  {
1032  /*
1033  * Careful: an ereport() that tries to write to the client would
1034  * cause recursion to here, leading to stack overflow and core
1035  * dump! This message must go *only* to the postmaster log.
1036  *
1037  * If errno is zero, assume it's EOF and let the caller complain.
1038  */
1039  if (errno != 0)
1042  errmsg("could not receive data from client: %m")));
1043  r = EOF;
1044  }
1045  }
1046  else if (r == 0)
1047  {
1048  /* EOF detected */
1049  r = EOF;
1050  }
1051 
1052  return r;
1053 }
ssize_t secure_read(Port *port, void *ptr, size_t len)
Definition: be-secure.c:175
#define COMMERROR
Definition: elog.h:33
struct Port * MyProcPort
Definition: globals.c:49
static void socket_set_nonblocking(bool nonblocking)
Definition: pqcomm.c:880
char * c
#define EINTR
Definition: win32_port.h:374
#define EWOULDBLOCK
Definition: win32_port.h:380
#define EAGAIN
Definition: win32_port.h:372

References Assert, COMMERROR, EAGAIN, EINTR, ereport, errcode_for_socket_access(), errmsg(), EWOULDBLOCK, MyProcPort, PqCommReadingMsg, PqRecvBuffer, PqRecvLength, PqRecvPointer, secure_read(), and socket_set_nonblocking().

Referenced by ProcessRepliesIfAny().

◆ pq_getbytes()

int pq_getbytes ( char *  s,
size_t  len 
)

Definition at line 1062 of file pqcomm.c.

1063 {
1064  size_t amount;
1065 
1067 
1068  while (len > 0)
1069  {
1070  while (PqRecvPointer >= PqRecvLength)
1071  {
1072  if (pq_recvbuf()) /* If nothing in buffer, then recv some */
1073  return EOF; /* Failed to recv data */
1074  }
1075  amount = PqRecvLength - PqRecvPointer;
1076  if (amount > len)
1077  amount = len;
1078  memcpy(s, PqRecvBuffer + PqRecvPointer, amount);
1079  PqRecvPointer += amount;
1080  s += amount;
1081  len -= amount;
1082  }
1083  return 0;
1084 }
const void size_t len

References Assert, len, pq_recvbuf(), PqCommReadingMsg, PqRecvBuffer, PqRecvLength, and PqRecvPointer.

Referenced by pq_getmessage(), ProcessStartupPacket(), and secure_open_server().

◆ pq_getmessage()

int pq_getmessage ( StringInfo  s,
int  maxlen 
)

Definition at line 1202 of file pqcomm.c.

1203 {
1204  int32 len;
1205 
1207 
1208  resetStringInfo(s);
1209 
1210  /* Read message length word */
1211  if (pq_getbytes((char *) &len, 4) == EOF)
1212  {
1214  (errcode(ERRCODE_PROTOCOL_VIOLATION),
1215  errmsg("unexpected EOF within message length word")));
1216  return EOF;
1217  }
1218 
1219  len = pg_ntoh32(len);
1220 
1221  if (len < 4 || len > maxlen)
1222  {
1224  (errcode(ERRCODE_PROTOCOL_VIOLATION),
1225  errmsg("invalid message length")));
1226  return EOF;
1227  }
1228 
1229  len -= 4; /* discount length itself */
1230 
1231  if (len > 0)
1232  {
1233  /*
1234  * Allocate space for message. If we run out of room (ridiculously
1235  * large message), we will elog(ERROR), but we want to discard the
1236  * message body so as not to lose communication sync.
1237  */
1238  PG_TRY();
1239  {
1240  enlargeStringInfo(s, len);
1241  }
1242  PG_CATCH();
1243  {
1244  if (pq_discardbytes(len) == EOF)
1246  (errcode(ERRCODE_PROTOCOL_VIOLATION),
1247  errmsg("incomplete message from client")));
1248 
1249  /* we discarded the rest of the message so we're back in sync. */
1250  PqCommReadingMsg = false;
1251  PG_RE_THROW();
1252  }
1253  PG_END_TRY();
1254 
1255  /* And grab the message */
1256  if (pq_getbytes(s->data, len) == EOF)
1257  {
1259  (errcode(ERRCODE_PROTOCOL_VIOLATION),
1260  errmsg("incomplete message from client")));
1261  return EOF;
1262  }
1263  s->len = len;
1264  /* Place a trailing null per StringInfo convention */
1265  s->data[len] = '\0';
1266  }
1267 
1268  /* finished reading the message. */
1269  PqCommReadingMsg = false;
1270 
1271  return 0;
1272 }
signed int int32
Definition: c.h:494
#define PG_RE_THROW()
Definition: elog.h:411
#define PG_TRY(...)
Definition: elog.h:370
#define PG_END_TRY(...)
Definition: elog.h:395
#define PG_CATCH(...)
Definition: elog.h:380
#define pg_ntoh32(x)
Definition: pg_bswap.h:125
static int pq_discardbytes(size_t len)
Definition: pqcomm.c:1096
int pq_getbytes(char *s, size_t len)
Definition: pqcomm.c:1062
void resetStringInfo(StringInfo str)
Definition: stringinfo.c:78
void enlargeStringInfo(StringInfo str, int needed)
Definition: stringinfo.c:289

References Assert, COMMERROR, StringInfoData::data, enlargeStringInfo(), ereport, errcode(), errmsg(), StringInfoData::len, len, PG_CATCH, PG_END_TRY, pg_ntoh32, PG_RE_THROW, PG_TRY, pq_discardbytes(), pq_getbytes(), PqCommReadingMsg, and resetStringInfo().

Referenced by CheckSASLAuth(), CopyGetData(), HandleUploadManifestPacket(), ProcessRepliesIfAny(), recv_password_packet(), and SocketBackend().

◆ pq_init()

Port* pq_init ( ClientSocket client_sock)

Definition at line 173 of file pqcomm.c.

174 {
175  Port *port;
176  int socket_pos PG_USED_FOR_ASSERTS_ONLY;
177  int latch_pos PG_USED_FOR_ASSERTS_ONLY;
178 
179  /* allocate the Port struct and copy the ClientSocket contents to it */
180  port = palloc0(sizeof(Port));
181  port->sock = client_sock->sock;
182  memcpy(&port->raddr.addr, &client_sock->raddr.addr, client_sock->raddr.salen);
183  port->raddr.salen = client_sock->raddr.salen;
184 
185  /* fill in the server (local) address */
186  port->laddr.salen = sizeof(port->laddr.addr);
187  if (getsockname(port->sock,
188  (struct sockaddr *) &port->laddr.addr,
189  &port->laddr.salen) < 0)
190  {
191  ereport(FATAL,
192  (errmsg("%s() failed: %m", "getsockname")));
193  }
194 
195  /* select NODELAY and KEEPALIVE options if it's a TCP connection */
196  if (port->laddr.addr.ss_family != AF_UNIX)
197  {
198  int on;
199 #ifdef WIN32
200  int oldopt;
201  int optlen;
202  int newopt;
203 #endif
204 
205 #ifdef TCP_NODELAY
206  on = 1;
207  if (setsockopt(port->sock, IPPROTO_TCP, TCP_NODELAY,
208  (char *) &on, sizeof(on)) < 0)
209  {
210  ereport(FATAL,
211  (errmsg("%s(%s) failed: %m", "setsockopt", "TCP_NODELAY")));
212  }
213 #endif
214  on = 1;
215  if (setsockopt(port->sock, SOL_SOCKET, SO_KEEPALIVE,
216  (char *) &on, sizeof(on)) < 0)
217  {
218  ereport(FATAL,
219  (errmsg("%s(%s) failed: %m", "setsockopt", "SO_KEEPALIVE")));
220  }
221 
222 #ifdef WIN32
223 
224  /*
225  * This is a Win32 socket optimization. The OS send buffer should be
226  * large enough to send the whole Postgres send buffer in one go, or
227  * performance suffers. The Postgres send buffer can be enlarged if a
228  * very large message needs to be sent, but we won't attempt to
229  * enlarge the OS buffer if that happens, so somewhat arbitrarily
230  * ensure that the OS buffer is at least PQ_SEND_BUFFER_SIZE * 4.
231  * (That's 32kB with the current default).
232  *
233  * The default OS buffer size used to be 8kB in earlier Windows
234  * versions, but was raised to 64kB in Windows 2012. So it shouldn't
235  * be necessary to change it in later versions anymore. Changing it
236  * unnecessarily can even reduce performance, because setting
237  * SO_SNDBUF in the application disables the "dynamic send buffering"
238  * feature that was introduced in Windows 7. So before fiddling with
239  * SO_SNDBUF, check if the current buffer size is already large enough
240  * and only increase it if necessary.
241  *
242  * See https://support.microsoft.com/kb/823764/EN-US/ and
243  * https://msdn.microsoft.com/en-us/library/bb736549%28v=vs.85%29.aspx
244  */
245  optlen = sizeof(oldopt);
246  if (getsockopt(port->sock, SOL_SOCKET, SO_SNDBUF, (char *) &oldopt,
247  &optlen) < 0)
248  {
249  ereport(FATAL,
250  (errmsg("%s(%s) failed: %m", "getsockopt", "SO_SNDBUF")));
251  }
252  newopt = PQ_SEND_BUFFER_SIZE * 4;
253  if (oldopt < newopt)
254  {
255  if (setsockopt(port->sock, SOL_SOCKET, SO_SNDBUF, (char *) &newopt,
256  sizeof(newopt)) < 0)
257  {
258  ereport(FATAL,
259  (errmsg("%s(%s) failed: %m", "setsockopt", "SO_SNDBUF")));
260  }
261  }
262 #endif
263 
264  /*
265  * Also apply the current keepalive parameters. If we fail to set a
266  * parameter, don't error out, because these aren't universally
267  * supported. (Note: you might think we need to reset the GUC
268  * variables to 0 in such a case, but it's not necessary because the
269  * show hooks for these variables report the truth anyway.)
270  */
275  }
276 
277  /* initialize state variables */
281  PqCommBusy = false;
282  PqCommReadingMsg = false;
283 
284  /* set up process-exit hook to close the socket */
286 
287  /*
288  * In backends (as soon as forked) we operate the underlying socket in
289  * nonblocking mode and use latches to implement blocking semantics if
290  * needed. That allows us to provide safely interruptible reads and
291  * writes.
292  */
293 #ifndef WIN32
294  if (!pg_set_noblock(port->sock))
295  ereport(FATAL,
296  (errmsg("could not set socket to nonblocking mode: %m")));
297 #endif
298 
299 #ifndef WIN32
300 
301  /* Don't give the socket to any subprograms we execute. */
302  if (fcntl(port->sock, F_SETFD, FD_CLOEXEC) < 0)
303  elog(FATAL, "fcntl(F_SETFD) failed on socket: %m");
304 #endif
305 
308  port->sock, NULL, NULL);
310  MyLatch, NULL);
312  NULL, NULL);
313 
314  /*
315  * The event positions match the order we added them, but let's sanity
316  * check them to be sure.
317  */
318  Assert(socket_pos == FeBeWaitSetSocketPos);
319  Assert(latch_pos == FeBeWaitSetLatchPos);
320 
321  return port;
322 }
#define PG_USED_FOR_ASSERTS_ONLY
Definition: c.h:182
int tcp_keepalives_idle
Definition: guc_tables.c:547
int tcp_keepalives_interval
Definition: guc_tables.c:548
int tcp_keepalives_count
Definition: guc_tables.c:549
int tcp_user_timeout
Definition: guc_tables.c:550
void on_proc_exit(pg_on_exit_callback function, Datum arg)
Definition: ipc.c:309
WaitEventSet * CreateWaitEventSet(ResourceOwner resowner, int nevents)
Definition: latch.c:751
int AddWaitEventToSet(WaitEventSet *set, uint32 events, pgsocket fd, Latch *latch, void *user_data)
Definition: latch.c:963
#define WL_POSTMASTER_DEATH
Definition: latch.h:131
#define WL_SOCKET_WRITEABLE
Definition: latch.h:129
#define FeBeWaitSetLatchPos
Definition: libpq.h:64
MemoryContext TopMemoryContext
Definition: mcxt.c:149
void * palloc0(Size size)
Definition: mcxt.c:1346
void * MemoryContextAlloc(MemoryContext context, Size size)
Definition: mcxt.c:1180
static int port
Definition: pg_regress.c:116
bool pg_set_noblock(pgsocket sock)
Definition: noblock.c:25
int pq_setkeepalivesinterval(int interval, Port *port)
Definition: pqcomm.c:1749
static size_t PqSendPointer
Definition: pqcomm.c:123
int pq_settcpusertimeout(int timeout, Port *port)
Definition: pqcomm.c:1903
#define PQ_SEND_BUFFER_SIZE
Definition: pqcomm.c:118
int pq_setkeepalivesidle(int idle, Port *port)
Definition: pqcomm.c:1664
static char * PqSendBuffer
Definition: pqcomm.c:121
static bool PqCommBusy
Definition: pqcomm.c:133
static void socket_close(int code, Datum arg)
Definition: pqcomm.c:348
static int PqSendBufferSize
Definition: pqcomm.c:122
int pq_setkeepalivescount(int count, Port *port)
Definition: pqcomm.c:1828
static size_t PqSendStart
Definition: pqcomm.c:124
Definition: libpq-be.h:133

References SockAddr::addr, AddWaitEventToSet(), Assert, CreateWaitEventSet(), elog, ereport, errmsg(), FATAL, FeBeWaitSet, FeBeWaitSetLatchPos, FeBeWaitSetNEvents, FeBeWaitSetSocketPos, MemoryContextAlloc(), MyLatch, on_proc_exit(), palloc0(), pg_set_noblock(), PG_USED_FOR_ASSERTS_ONLY, PGINVALID_SOCKET, port, PQ_SEND_BUFFER_SIZE, pq_setkeepalivescount(), pq_setkeepalivesidle(), pq_setkeepalivesinterval(), pq_settcpusertimeout(), PqCommBusy, PqCommReadingMsg, PqRecvLength, PqRecvPointer, PqSendBuffer, PqSendBufferSize, PqSendPointer, PqSendStart, ClientSocket::raddr, SockAddr::salen, ClientSocket::sock, socket_close(), tcp_keepalives_count, tcp_keepalives_idle, tcp_keepalives_interval, tcp_user_timeout, TopMemoryContext, WL_LATCH_SET, WL_POSTMASTER_DEATH, and WL_SOCKET_WRITEABLE.

Referenced by BackendInitialize().

◆ pq_is_reading_msg()

bool pq_is_reading_msg ( void  )

Definition at line 1180 of file pqcomm.c.

1181 {
1182  return PqCommReadingMsg;
1183 }

References PqCommReadingMsg.

Referenced by PostgresMain().

◆ pq_peekbyte()

int pq_peekbyte ( void  )

Definition at line 982 of file pqcomm.c.

983 {
985 
986  while (PqRecvPointer >= PqRecvLength)
987  {
988  if (pq_recvbuf()) /* If nothing in buffer, then recv some */
989  return EOF; /* Failed to recv data */
990  }
991  return (unsigned char) PqRecvBuffer[PqRecvPointer];
992 }

References Assert, pq_recvbuf(), PqCommReadingMsg, PqRecvBuffer, PqRecvLength, and PqRecvPointer.

Referenced by ProcessSSLStartup().

◆ pq_putmessage_v2()

int pq_putmessage_v2 ( char  msgtype,
const char *  s,
size_t  len 
)

Definition at line 1558 of file pqcomm.c.

1559 {
1560  Assert(msgtype != 0);
1561 
1562  if (PqCommBusy)
1563  return 0;
1564  PqCommBusy = true;
1565  if (internal_putbytes(&msgtype, 1))
1566  goto fail;
1567 
1568  if (internal_putbytes(s, len))
1569  goto fail;
1570  PqCommBusy = false;
1571  return 0;
1572 
1573 fail:
1574  PqCommBusy = false;
1575  return EOF;
1576 }
static int internal_putbytes(const char *s, size_t len)
Definition: pqcomm.c:1276

References Assert, internal_putbytes(), len, and PqCommBusy.

Referenced by send_message_to_frontend().

◆ pq_startmsgread()

void pq_startmsgread ( void  )

Definition at line 1140 of file pqcomm.c.

1141 {
1142  /*
1143  * There shouldn't be a read active already, but let's check just to be
1144  * sure.
1145  */
1146  if (PqCommReadingMsg)
1147  ereport(FATAL,
1148  (errcode(ERRCODE_PROTOCOL_VIOLATION),
1149  errmsg("terminating connection because protocol synchronization was lost")));
1150 
1151  PqCommReadingMsg = true;
1152 }

References ereport, errcode(), errmsg(), FATAL, and PqCommReadingMsg.

Referenced by CheckSASLAuth(), CopyGetData(), HandleUploadManifestPacket(), ProcessRepliesIfAny(), ProcessSSLStartup(), ProcessStartupPacket(), recv_password_packet(), secure_open_server(), and SocketBackend().

◆ RemoveSocketFiles()

void RemoveSocketFiles ( void  )

Definition at line 847 of file pqcomm.c.

848 {
849  ListCell *l;
850 
851  /* Loop through all created sockets... */
852  foreach(l, sock_paths)
853  {
854  char *sock_path = (char *) lfirst(l);
855 
856  /* Ignore any error. */
857  (void) unlink(sock_path);
858  }
859  /* Since we're about to exit, no need to reclaim storage */
860  sock_paths = NIL;
861 }
#define lfirst(lc)
Definition: pg_list.h:172
#define NIL
Definition: pg_list.h:68
static List * sock_paths
Definition: pqcomm.c:109

References lfirst, NIL, and sock_paths.

Referenced by CloseServerPorts().

◆ run_ssl_passphrase_command()

int run_ssl_passphrase_command ( const char *  prompt,
bool  is_server_start,
char *  buf,
int  size 
)

Definition at line 40 of file be-secure-common.c.

41 {
42  int loglevel = is_server_start ? ERROR : LOG;
43  char *command;
44  FILE *fh;
45  int pclose_rc;
46  size_t len = 0;
47 
48  Assert(prompt);
49  Assert(size > 0);
50  buf[0] = '\0';
51 
52  command = replace_percent_placeholders(ssl_passphrase_command, "ssl_passphrase_command", "p", prompt);
53 
54  fh = OpenPipeStream(command, "r");
55  if (fh == NULL)
56  {
57  ereport(loglevel,
59  errmsg("could not execute command \"%s\": %m",
60  command)));
61  goto error;
62  }
63 
64  if (!fgets(buf, size, fh))
65  {
66  if (ferror(fh))
67  {
69  ereport(loglevel,
71  errmsg("could not read from command \"%s\": %m",
72  command)));
73  goto error;
74  }
75  }
76 
77  pclose_rc = ClosePipeStream(fh);
78  if (pclose_rc == -1)
79  {
81  ereport(loglevel,
83  errmsg("could not close pipe to external command: %m")));
84  goto error;
85  }
86  else if (pclose_rc != 0)
87  {
88  char *reason;
89 
91  reason = wait_result_to_str(pclose_rc);
92  ereport(loglevel,
94  errmsg("command \"%s\" failed",
95  command),
96  errdetail_internal("%s", reason)));
97  pfree(reason);
98  goto error;
99  }
100 
101  /* strip trailing newline and carriage return */
102  len = pg_strip_crlf(buf);
103 
104 error:
105  pfree(command);
106  return len;
107 }
char * ssl_passphrase_command
Definition: be-secure.c:42
int errdetail_internal(const char *fmt,...)
Definition: elog.c:1230
#define ERROR
Definition: elog.h:39
int ClosePipeStream(FILE *file)
Definition: fd.c:2991
FILE * OpenPipeStream(const char *command, const char *mode)
Definition: fd.c:2686
void pfree(void *pointer)
Definition: mcxt.c:1520
char * replace_percent_placeholders(const char *instr, const char *param_name, const char *letters,...)
Definition: percentrepl.c:59
void explicit_bzero(void *buf, size_t len)
static pg_noinline void Size size
Definition: slab.c:607
static void error(void)
Definition: sql-dyntest.c:147
int pg_strip_crlf(char *str)
Definition: string.c:155
char * wait_result_to_str(int exitstatus)
Definition: wait_error.c:33

References Assert, buf, ClosePipeStream(), ereport, errcode_for_file_access(), errdetail_internal(), errmsg(), ERROR, error(), explicit_bzero(), len, LOG, OpenPipeStream(), pfree(), pg_strip_crlf(), replace_percent_placeholders(), size, ssl_passphrase_command, and wait_result_to_str().

Referenced by ssl_external_passwd_cb().

◆ secure_close()

void secure_close ( Port port)

Definition at line 163 of file be-secure.c.

164 {
165 #ifdef USE_SSL
166  if (port->ssl_in_use)
168 #endif
169 }
void be_tls_close(Port *port)

References be_tls_close(), and port.

Referenced by socket_close().

◆ secure_destroy()

void secure_destroy ( void  )

Definition at line 86 of file be-secure.c.

87 {
88 #ifdef USE_SSL
90 #endif
91 }
void be_tls_destroy(void)

References be_tls_destroy().

Referenced by process_pm_reload_request().

◆ secure_initialize()

int secure_initialize ( bool  isServerStart)

Definition at line 73 of file be-secure.c.

74 {
75 #ifdef USE_SSL
76  return be_tls_init(isServerStart);
77 #else
78  return 0;
79 #endif
80 }
int be_tls_init(bool isServerStart)

References be_tls_init().

Referenced by BackendMain(), PostmasterMain(), and process_pm_reload_request().

◆ secure_loaded_verify_locations()

bool secure_loaded_verify_locations ( void  )

Definition at line 97 of file be-secure.c.

98 {
99 #ifdef USE_SSL
100  return ssl_loaded_verify_locations;
101 #else
102  return false;
103 #endif
104 }

Referenced by ClientAuthentication().

◆ secure_open_server()

int secure_open_server ( Port port)

Definition at line 110 of file be-secure.c.

111 {
112 #ifdef USE_SSL
113  int r = 0;
114  ssize_t len;
115 
116  /* push unencrypted buffered data back through SSL setup */
118  if (len > 0)
119  {
120  char *buf = palloc(len);
121 
122  pq_startmsgread();
123  if (pq_getbytes(buf, len) == EOF)
124  return STATUS_ERROR; /* shouldn't be possible */
125  pq_endmsgread();
126  port->raw_buf = buf;
127  port->raw_buf_remaining = len;
128  port->raw_buf_consumed = 0;
129  }
131 
133 
134  if (port->raw_buf_remaining > 0)
135  {
136  /*
137  * This shouldn't be possible -- it would mean the client sent
138  * encrypted data before we established a session key...
139  */
140  elog(LOG, "buffered unencrypted data remains after negotiating SSL connection");
141  return STATUS_ERROR;
142  }
143  if (port->raw_buf != NULL)
144  {
145  pfree(port->raw_buf);
146  port->raw_buf = NULL;
147  }
148 
149  ereport(DEBUG2,
150  (errmsg_internal("SSL connection from DN:\"%s\" CN:\"%s\"",
151  port->peer_dn ? port->peer_dn : "(anonymous)",
152  port->peer_cn ? port->peer_cn : "(anonymous)")));
153  return r;
154 #else
155  return 0;
156 #endif
157 }
int be_tls_open_server(Port *port)
int errmsg_internal(const char *fmt,...)
Definition: elog.c:1157
#define DEBUG2
Definition: elog.h:29
void * palloc(Size size)
Definition: mcxt.c:1316
ssize_t pq_buffer_remaining_data(void)
Definition: pqcomm.c:1126
void pq_endmsgread(void)
Definition: pqcomm.c:1164
void pq_startmsgread(void)
Definition: pqcomm.c:1140

References Assert, be_tls_open_server(), buf, DEBUG2, elog, ereport, errmsg_internal(), len, LOG, palloc(), pfree(), port, pq_buffer_remaining_data(), pq_endmsgread(), pq_getbytes(), pq_startmsgread(), and STATUS_ERROR.

Referenced by ProcessSSLStartup(), and ProcessStartupPacket().

◆ secure_raw_read()

ssize_t secure_raw_read ( Port port,
void *  ptr,
size_t  len 
)

Definition at line 264 of file be-secure.c.

265 {
266  ssize_t n;
267 
268  /* Read from the "unread" buffered data first. c.f. libpq-be.h */
269  if (port->raw_buf_remaining > 0)
270  {
271  /* consume up to len bytes from the raw_buf */
272  if (len > port->raw_buf_remaining)
273  len = port->raw_buf_remaining;
274  Assert(port->raw_buf);
275  memcpy(ptr, port->raw_buf + port->raw_buf_consumed, len);
276  port->raw_buf_consumed += len;
277  port->raw_buf_remaining -= len;
278  return len;
279  }
280 
281  /*
282  * Try to read from the socket without blocking. If it succeeds we're
283  * done, otherwise we'll wait for the socket using the latch mechanism.
284  */
285 #ifdef WIN32
286  pgwin32_noblock = true;
287 #endif
288  n = recv(port->sock, ptr, len, 0);
289 #ifdef WIN32
290  pgwin32_noblock = false;
291 #endif
292 
293  return n;
294 }
int pgwin32_noblock
Definition: socket.c:28
#define recv(s, buf, len, flags)
Definition: win32_port.h:496

References Assert, len, pgwin32_noblock, port, and recv.

Referenced by be_gssapi_read(), my_sock_read(), read_or_wait(), and secure_read().

◆ secure_raw_write()

ssize_t secure_raw_write ( Port port,
const void *  ptr,
size_t  len 
)

Definition at line 373 of file be-secure.c.

374 {
375  ssize_t n;
376 
377 #ifdef WIN32
378  pgwin32_noblock = true;
379 #endif
380  n = send(port->sock, ptr, len, 0);
381 #ifdef WIN32
382  pgwin32_noblock = false;
383 #endif
384 
385  return n;
386 }
#define send(s, buf, len, flags)
Definition: win32_port.h:497

References len, pgwin32_noblock, port, and send.

Referenced by be_gssapi_write(), my_sock_write(), secure_open_gssapi(), and secure_write().

◆ secure_read()

ssize_t secure_read ( Port port,
void *  ptr,
size_t  len 
)

Definition at line 175 of file be-secure.c.

176 {
177  ssize_t n;
178  int waitfor;
179 
180  /* Deal with any already-pending interrupt condition. */
182 
183 retry:
184 #ifdef USE_SSL
185  waitfor = 0;
186  if (port->ssl_in_use)
187  {
188  n = be_tls_read(port, ptr, len, &waitfor);
189  }
190  else
191 #endif
192 #ifdef ENABLE_GSS
193  if (port->gss && port->gss->enc)
194  {
195  n = be_gssapi_read(port, ptr, len);
196  waitfor = WL_SOCKET_READABLE;
197  }
198  else
199 #endif
200  {
201  n = secure_raw_read(port, ptr, len);
202  waitfor = WL_SOCKET_READABLE;
203  }
204 
205  /* In blocking mode, wait until the socket is ready */
206  if (n < 0 && !port->noblock && (errno == EWOULDBLOCK || errno == EAGAIN))
207  {
208  WaitEvent event;
209 
210  Assert(waitfor);
211 
213 
214  WaitEventSetWait(FeBeWaitSet, -1 /* no timeout */ , &event, 1,
215  WAIT_EVENT_CLIENT_READ);
216 
217  /*
218  * If the postmaster has died, it's not safe to continue running,
219  * because it is the postmaster's job to kill us if some other backend
220  * exits uncleanly. Moreover, we won't run very well in this state;
221  * helper processes like walwriter and the bgwriter will exit, so
222  * performance may be poor. Finally, if we don't exit, pg_ctl will be
223  * unable to restart the postmaster without manual intervention, so no
224  * new connections can be accepted. Exiting clears the deck for a
225  * postmaster restart.
226  *
227  * (Note that we only make this check when we would otherwise sleep on
228  * our latch. We might still continue running for a while if the
229  * postmaster is killed in mid-query, or even through multiple queries
230  * if we never have to wait for read. We don't want to burn too many
231  * cycles checking for this very rare condition, and this should cause
232  * us to exit quickly in most cases.)
233  */
234  if (event.events & WL_POSTMASTER_DEATH)
235  ereport(FATAL,
236  (errcode(ERRCODE_ADMIN_SHUTDOWN),
237  errmsg("terminating connection due to unexpected postmaster exit")));
238 
239  /* Handle interrupt. */
240  if (event.events & WL_LATCH_SET)
241  {
244 
245  /*
246  * We'll retry the read. Most likely it will return immediately
247  * because there's still no data available, and we'll wait for the
248  * socket to become ready again.
249  */
250  }
251  goto retry;
252  }
253 
254  /*
255  * Process interrupts that happened during a successful (or non-blocking,
256  * or hard-failed) read.
257  */
259 
260  return n;
261 }
ssize_t be_gssapi_read(Port *port, void *ptr, size_t len)
ssize_t be_tls_read(Port *port, void *ptr, size_t len, int *waitfor)
ssize_t secure_raw_read(Port *port, void *ptr, size_t len)
Definition: be-secure.c:264
#define WL_SOCKET_READABLE
Definition: latch.h:128
void ProcessClientReadInterrupt(bool blocked)
Definition: postgres.c:509
uint32 events
Definition: latch.h:155

References Assert, be_gssapi_read(), be_tls_read(), EAGAIN, ereport, errcode(), errmsg(), WaitEvent::events, EWOULDBLOCK, FATAL, FeBeWaitSet, FeBeWaitSetSocketPos, len, ModifyWaitEvent(), MyLatch, port, ProcessClientReadInterrupt(), ResetLatch(), secure_raw_read(), WaitEventSetWait(), WL_LATCH_SET, WL_POSTMASTER_DEATH, and WL_SOCKET_READABLE.

Referenced by pq_getbyte_if_available(), and pq_recvbuf().

◆ secure_write()

ssize_t secure_write ( Port port,
void *  ptr,
size_t  len 
)

Definition at line 301 of file be-secure.c.

302 {
303  ssize_t n;
304  int waitfor;
305 
306  /* Deal with any already-pending interrupt condition. */
308 
309 retry:
310  waitfor = 0;
311 #ifdef USE_SSL
312  if (port->ssl_in_use)
313  {
314  n = be_tls_write(port, ptr, len, &waitfor);
315  }
316  else
317 #endif
318 #ifdef ENABLE_GSS
319  if (port->gss && port->gss->enc)
320  {
321  n = be_gssapi_write(port, ptr, len);
322  waitfor = WL_SOCKET_WRITEABLE;
323  }
324  else
325 #endif
326  {
327  n = secure_raw_write(port, ptr, len);
328  waitfor = WL_SOCKET_WRITEABLE;
329  }
330 
331  if (n < 0 && !port->noblock && (errno == EWOULDBLOCK || errno == EAGAIN))
332  {
333  WaitEvent event;
334 
335  Assert(waitfor);
336 
338 
339  WaitEventSetWait(FeBeWaitSet, -1 /* no timeout */ , &event, 1,
340  WAIT_EVENT_CLIENT_WRITE);
341 
342  /* See comments in secure_read. */
343  if (event.events & WL_POSTMASTER_DEATH)
344  ereport(FATAL,
345  (errcode(ERRCODE_ADMIN_SHUTDOWN),
346  errmsg("terminating connection due to unexpected postmaster exit")));
347 
348  /* Handle interrupt. */
349  if (event.events & WL_LATCH_SET)
350  {
353 
354  /*
355  * We'll retry the write. Most likely it will return immediately
356  * because there's still no buffer space available, and we'll wait
357  * for the socket to become ready again.
358  */
359  }
360  goto retry;
361  }
362 
363  /*
364  * Process interrupts that happened during a successful (or non-blocking,
365  * or hard-failed) write.
366  */
368 
369  return n;
370 }
ssize_t be_gssapi_write(Port *port, void *ptr, size_t len)
ssize_t be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
ssize_t secure_raw_write(Port *port, const void *ptr, size_t len)
Definition: be-secure.c:373
void ProcessClientWriteInterrupt(bool blocked)
Definition: postgres.c:555

References Assert, be_gssapi_write(), be_tls_write(), EAGAIN, ereport, errcode(), errmsg(), WaitEvent::events, EWOULDBLOCK, FATAL, FeBeWaitSet, FeBeWaitSetSocketPos, len, ModifyWaitEvent(), MyLatch, port, ProcessClientWriteInterrupt(), ResetLatch(), secure_raw_write(), WaitEventSetWait(), WL_LATCH_SET, WL_POSTMASTER_DEATH, and WL_SOCKET_WRITEABLE.

Referenced by internal_flush_buffer(), and ProcessStartupPacket().

◆ TouchSocketFiles()

void TouchSocketFiles ( void  )

Definition at line 829 of file pqcomm.c.

830 {
831  ListCell *l;
832 
833  /* Loop through all created sockets... */
834  foreach(l, sock_paths)
835  {
836  char *sock_path = (char *) lfirst(l);
837 
838  /* Ignore errors; there's no point in complaining */
839  (void) utime(sock_path, NULL);
840  }
841 }

References lfirst, and sock_paths.

Referenced by ServerLoop().

Variable Documentation

◆ FeBeWaitSet

◆ PqCommMethods

const PGDLLIMPORT PQcommMethods* PqCommMethods
extern

Definition at line 163 of file pqcomm.c.

Referenced by pq_redirect_to_shm_mq(), and pq_set_parallel_leader().

◆ ssl_ca_file

PGDLLIMPORT char* ssl_ca_file
extern

Definition at line 38 of file be-secure.c.

Referenced by be_tls_init().

◆ ssl_cert_file

PGDLLIMPORT char* ssl_cert_file
extern

Definition at line 36 of file be-secure.c.

Referenced by be_tls_init().

◆ ssl_crl_dir

PGDLLIMPORT char* ssl_crl_dir
extern

Definition at line 40 of file be-secure.c.

Referenced by be_tls_init().

◆ ssl_crl_file

PGDLLIMPORT char* ssl_crl_file
extern

Definition at line 39 of file be-secure.c.

Referenced by be_tls_init().

◆ ssl_dh_params_file

PGDLLIMPORT char* ssl_dh_params_file
extern

Definition at line 41 of file be-secure.c.

Referenced by initialize_dh().

◆ ssl_key_file

PGDLLIMPORT char* ssl_key_file
extern

Definition at line 37 of file be-secure.c.

Referenced by be_tls_init(), and check_ssl_key_file_permissions().

◆ ssl_library

PGDLLIMPORT char* ssl_library
extern

Definition at line 35 of file be-secure.c.

◆ ssl_max_protocol_version

PGDLLIMPORT int ssl_max_protocol_version
extern

Definition at line 59 of file be-secure.c.

Referenced by be_tls_init(), and be_tls_open_server().

◆ ssl_min_protocol_version

PGDLLIMPORT int ssl_min_protocol_version
extern

Definition at line 58 of file be-secure.c.

Referenced by be_tls_init(), and be_tls_open_server().

◆ ssl_passphrase_command

PGDLLIMPORT char* ssl_passphrase_command
extern

Definition at line 42 of file be-secure.c.

Referenced by default_openssl_tls_init(), run_ssl_passphrase_command(), and set_rot13().

◆ ssl_passphrase_command_supports_reload

PGDLLIMPORT bool ssl_passphrase_command_supports_reload
extern

Definition at line 43 of file be-secure.c.

Referenced by default_openssl_tls_init().

◆ SSLCipherSuites

PGDLLIMPORT char* SSLCipherSuites
extern

Definition at line 50 of file be-secure.c.

Referenced by be_tls_init().

◆ SSLECDHCurve

PGDLLIMPORT char* SSLECDHCurve
extern

Definition at line 53 of file be-secure.c.

Referenced by initialize_ecdh().

◆ SSLPreferServerCiphers

PGDLLIMPORT bool SSLPreferServerCiphers
extern

Definition at line 56 of file be-secure.c.

Referenced by be_tls_init().