Line data Source code
1 : /*-------------------------------------------------------------------------
2 : *
3 : * connection.c
4 : * Connection management functions for postgres_fdw
5 : *
6 : * Portions Copyright (c) 2012-2026, PostgreSQL Global Development Group
7 : *
8 : * IDENTIFICATION
9 : * contrib/postgres_fdw/connection.c
10 : *
11 : *-------------------------------------------------------------------------
12 : */
13 : #include "postgres.h"
14 :
15 : #if HAVE_POLL_H
16 : #include <poll.h>
17 : #endif
18 :
19 : #include "access/htup_details.h"
20 : #include "access/xact.h"
21 : #include "catalog/pg_user_mapping.h"
22 : #include "commands/defrem.h"
23 : #include "common/base64.h"
24 : #include "funcapi.h"
25 : #include "libpq/libpq-be.h"
26 : #include "libpq/libpq-be-fe-helpers.h"
27 : #include "mb/pg_wchar.h"
28 : #include "miscadmin.h"
29 : #include "pgstat.h"
30 : #include "postgres_fdw.h"
31 : #include "storage/latch.h"
32 : #include "utils/builtins.h"
33 : #include "utils/hsearch.h"
34 : #include "utils/inval.h"
35 : #include "utils/syscache.h"
36 : #include "utils/tuplestore.h"
37 :
38 : /*
39 : * Connection cache hash table entry
40 : *
41 : * The lookup key in this hash table is the user mapping OID. We use just one
42 : * connection per user mapping ID, which ensures that all the scans use the
43 : * same snapshot during a query. Using the user mapping OID rather than
44 : * the foreign server OID + user OID avoids creating multiple connections when
45 : * the public user mapping applies to all user OIDs.
46 : *
47 : * The "conn" pointer can be NULL if we don't currently have a live connection.
48 : * When we do have a connection, xact_depth tracks the current depth of
49 : * transactions and subtransactions open on the remote side. We need to issue
50 : * commands at the same nesting depth on the remote as we're executing at
51 : * ourselves, so that rolling back a subtransaction will kill the right
52 : * queries and not the wrong ones.
53 : */
54 : typedef Oid ConnCacheKey;
55 :
56 : typedef struct ConnCacheEntry
57 : {
58 : ConnCacheKey key; /* hash key (must be first) */
59 : PGconn *conn; /* connection to foreign server, or NULL */
60 : /* Remaining fields are invalid when conn is NULL: */
61 : int xact_depth; /* 0 = no xact open, 1 = main xact open, 2 =
62 : * one level of subxact open, etc */
63 : bool xact_read_only; /* xact r/o state */
64 : bool have_prep_stmt; /* have we prepared any stmts in this xact? */
65 : bool have_error; /* have any subxacts aborted in this xact? */
66 : bool changing_xact_state; /* xact state change in process */
67 : bool parallel_commit; /* do we commit (sub)xacts in parallel? */
68 : bool parallel_abort; /* do we abort (sub)xacts in parallel? */
69 : bool invalidated; /* true if reconnect is pending */
70 : bool keep_connections; /* setting value of keep_connections
71 : * server option */
72 : Oid serverid; /* foreign server OID used to get server name */
73 : uint32 server_hashvalue; /* hash value of foreign server OID */
74 : uint32 mapping_hashvalue; /* hash value of user mapping OID */
75 : PgFdwConnState state; /* extra per-connection state */
76 : } ConnCacheEntry;
77 :
78 : /*
79 : * Connection cache (initialized on first use)
80 : */
81 : static HTAB *ConnectionHash = NULL;
82 :
83 : /* for assigning cursor numbers and prepared statement numbers */
84 : static unsigned int cursor_number = 0;
85 : static unsigned int prep_stmt_number = 0;
86 :
87 : /* tracks whether any work is needed in callback functions */
88 : static bool xact_got_connection = false;
89 :
90 : /*
91 : * tracks the topmost read-only local transaction's nesting level determined
92 : * by GetTopReadOnlyTransactionNestLevel()
93 : */
94 : static int read_only_level = 0;
95 :
96 : /* custom wait event values, retrieved from shared memory */
97 : static uint32 pgfdw_we_cleanup_result = 0;
98 : static uint32 pgfdw_we_connect = 0;
99 : static uint32 pgfdw_we_get_result = 0;
100 :
101 : /*
102 : * Milliseconds to wait to cancel an in-progress query or execute a cleanup
103 : * query; if it takes longer than 30 seconds to do these, we assume the
104 : * connection is dead.
105 : */
106 : #define CONNECTION_CLEANUP_TIMEOUT 30000
107 :
108 : /*
109 : * Milliseconds to wait before issuing another cancel request. This covers
110 : * the race condition where the remote session ignored our cancel request
111 : * because it arrived while idle.
112 : */
113 : #define RETRY_CANCEL_TIMEOUT 1000
114 :
115 : /* Macro for constructing abort command to be sent */
116 : #define CONSTRUCT_ABORT_COMMAND(sql, entry, toplevel) \
117 : do { \
118 : if (toplevel) \
119 : snprintf((sql), sizeof(sql), \
120 : "ABORT TRANSACTION"); \
121 : else \
122 : snprintf((sql), sizeof(sql), \
123 : "ROLLBACK TO SAVEPOINT s%d; RELEASE SAVEPOINT s%d", \
124 : (entry)->xact_depth, (entry)->xact_depth); \
125 : } while(0)
126 :
127 : /*
128 : * Extension version number, for supporting older extension versions' objects
129 : */
130 : enum pgfdwVersion
131 : {
132 : PGFDW_V1_1 = 0,
133 : PGFDW_V1_2,
134 : };
135 :
136 : /*
137 : * SQL functions
138 : */
139 4 : PG_FUNCTION_INFO_V1(postgres_fdw_get_connections);
140 5 : PG_FUNCTION_INFO_V1(postgres_fdw_get_connections_1_2);
141 5 : PG_FUNCTION_INFO_V1(postgres_fdw_disconnect);
142 5 : PG_FUNCTION_INFO_V1(postgres_fdw_disconnect_all);
143 13 : PG_FUNCTION_INFO_V1(postgres_fdw_connection);
144 :
145 : /* prototypes of private functions */
146 : static void make_new_connection(ConnCacheEntry *entry, UserMapping *user);
147 : static PGconn *connect_pg_server(ForeignServer *server, UserMapping *user);
148 : static void disconnect_pg_server(ConnCacheEntry *entry);
149 : static void check_conn_params(const char **keywords, const char **values, UserMapping *user);
150 : static void configure_remote_session(PGconn *conn);
151 : static void do_sql_command_begin(PGconn *conn, const char *sql);
152 : static void do_sql_command_end(PGconn *conn, const char *sql,
153 : bool consume_input);
154 : static void begin_remote_xact(ConnCacheEntry *entry);
155 : static void pgfdw_report_internal(int elevel, PGresult *res, PGconn *conn,
156 : const char *sql);
157 : static void pgfdw_xact_callback(XactEvent event, void *arg);
158 : static void pgfdw_subxact_callback(SubXactEvent event,
159 : SubTransactionId mySubid,
160 : SubTransactionId parentSubid,
161 : void *arg);
162 : static void pgfdw_inval_callback(Datum arg, SysCacheIdentifier cacheid,
163 : uint32 hashvalue);
164 : static void pgfdw_reject_incomplete_xact_state_change(ConnCacheEntry *entry);
165 : static void pgfdw_reset_xact_state(ConnCacheEntry *entry, bool toplevel);
166 : static bool pgfdw_cancel_query(PGconn *conn);
167 : static bool pgfdw_cancel_query_begin(PGconn *conn, TimestampTz endtime);
168 : static bool pgfdw_cancel_query_end(PGconn *conn, TimestampTz endtime,
169 : TimestampTz retrycanceltime,
170 : bool consume_input);
171 : static bool pgfdw_exec_cleanup_query(PGconn *conn, const char *query,
172 : bool ignore_errors);
173 : static bool pgfdw_exec_cleanup_query_begin(PGconn *conn, const char *query);
174 : static bool pgfdw_exec_cleanup_query_end(PGconn *conn, const char *query,
175 : TimestampTz endtime,
176 : bool consume_input,
177 : bool ignore_errors);
178 : static bool pgfdw_get_cleanup_result(PGconn *conn, TimestampTz endtime,
179 : TimestampTz retrycanceltime,
180 : PGresult **result, bool *timed_out);
181 : static void pgfdw_abort_cleanup(ConnCacheEntry *entry, bool toplevel);
182 : static bool pgfdw_abort_cleanup_begin(ConnCacheEntry *entry, bool toplevel,
183 : List **pending_entries,
184 : List **cancel_requested);
185 : static void pgfdw_finish_pre_commit_cleanup(List *pending_entries);
186 : static void pgfdw_finish_pre_subcommit_cleanup(List *pending_entries,
187 : int curlevel);
188 : static void pgfdw_finish_abort_cleanup(List *pending_entries,
189 : List *cancel_requested,
190 : bool toplevel);
191 : static void pgfdw_security_check(const char **keywords, const char **values,
192 : UserMapping *user, PGconn *conn);
193 : static bool UserMappingPasswordRequired(UserMapping *user);
194 : static bool UseScramPassthrough(ForeignServer *server, UserMapping *user);
195 : static bool disconnect_cached_connections(Oid serverid);
196 : static void postgres_fdw_get_connections_internal(FunctionCallInfo fcinfo,
197 : enum pgfdwVersion api_version);
198 : static int pgfdw_conn_check(PGconn *conn);
199 : static bool pgfdw_conn_checkable(void);
200 : static bool pgfdw_has_required_scram_options(const char **keywords, const char **values);
201 :
202 : /*
203 : * Get a PGconn which can be used to execute queries on the remote PostgreSQL
204 : * server with the user's authorization. A new connection is established
205 : * if we don't already have a suitable one, and a transaction is opened at
206 : * the right subtransaction nesting depth if we didn't do that already.
207 : *
208 : * will_prep_stmt must be true if caller intends to create any prepared
209 : * statements. Since those don't go away automatically at transaction end
210 : * (not even on error), we need this flag to cue manual cleanup.
211 : *
212 : * If state is not NULL, *state receives the per-connection state associated
213 : * with the PGconn.
214 : */
215 : PGconn *
216 2292 : GetConnection(UserMapping *user, bool will_prep_stmt, PgFdwConnState **state)
217 : {
218 : bool found;
219 2292 : bool retry = false;
220 : ConnCacheEntry *entry;
221 : ConnCacheKey key;
222 2292 : MemoryContext ccxt = CurrentMemoryContext;
223 :
224 : /* First time through, initialize connection cache hashtable */
225 2292 : if (ConnectionHash == NULL)
226 : {
227 : HASHCTL ctl;
228 :
229 12 : if (pgfdw_we_get_result == 0)
230 12 : pgfdw_we_get_result =
231 12 : WaitEventExtensionNew("PostgresFdwGetResult");
232 :
233 12 : ctl.keysize = sizeof(ConnCacheKey);
234 12 : ctl.entrysize = sizeof(ConnCacheEntry);
235 12 : ConnectionHash = hash_create("postgres_fdw connections", 8,
236 : &ctl,
237 : HASH_ELEM | HASH_BLOBS);
238 :
239 : /*
240 : * Register some callback functions that manage connection cleanup.
241 : * This should be done just once in each backend.
242 : */
243 12 : RegisterXactCallback(pgfdw_xact_callback, NULL);
244 12 : RegisterSubXactCallback(pgfdw_subxact_callback, NULL);
245 12 : CacheRegisterSyscacheCallback(FOREIGNSERVEROID,
246 : pgfdw_inval_callback, (Datum) 0);
247 12 : CacheRegisterSyscacheCallback(USERMAPPINGOID,
248 : pgfdw_inval_callback, (Datum) 0);
249 : }
250 :
251 : /* Set flag that we did GetConnection during the current transaction */
252 2292 : xact_got_connection = true;
253 :
254 : /* Create hash key for the entry. Assume no pad bytes in key struct */
255 2292 : key = user->umid;
256 :
257 : /*
258 : * Find or create cached entry for requested connection.
259 : */
260 2292 : entry = hash_search(ConnectionHash, &key, HASH_ENTER, &found);
261 2292 : if (!found)
262 : {
263 : /*
264 : * We need only clear "conn" here; remaining fields will be filled
265 : * later when "conn" is set.
266 : */
267 23 : entry->conn = NULL;
268 : }
269 :
270 : /* Reject further use of connections which failed abort cleanup. */
271 2292 : pgfdw_reject_incomplete_xact_state_change(entry);
272 :
273 : /*
274 : * If the connection needs to be remade due to invalidation, disconnect as
275 : * soon as we're out of all transactions.
276 : */
277 2290 : if (entry->conn != NULL && entry->invalidated && entry->xact_depth == 0)
278 : {
279 0 : elog(DEBUG3, "closing connection %p for option changes to take effect",
280 : entry->conn);
281 0 : disconnect_pg_server(entry);
282 : }
283 :
284 : /*
285 : * If cache entry doesn't have a connection, we have to establish a new
286 : * connection. (If connect_pg_server throws an error, the cache entry
287 : * will remain in a valid empty state, ie conn == NULL.)
288 : */
289 2290 : if (entry->conn == NULL)
290 85 : make_new_connection(entry, user);
291 :
292 : /*
293 : * We check the health of the cached connection here when using it. In
294 : * cases where we're out of all transactions, if a broken connection is
295 : * detected, we try to reestablish a new connection later.
296 : */
297 2282 : PG_TRY();
298 : {
299 : /* Process a pending asynchronous request if any. */
300 2282 : if (entry->state.pendingAreq)
301 0 : process_pending_request(entry->state.pendingAreq);
302 : /* Start a new transaction or subtransaction if needed. */
303 2282 : begin_remote_xact(entry);
304 : }
305 3 : PG_CATCH();
306 : {
307 3 : MemoryContext ecxt = MemoryContextSwitchTo(ccxt);
308 3 : ErrorData *errdata = CopyErrorData();
309 :
310 : /*
311 : * Determine whether to try to reestablish the connection.
312 : *
313 : * After a broken connection is detected in libpq, any error other
314 : * than connection failure (e.g., out-of-memory) can be thrown
315 : * somewhere between return from libpq and the expected ereport() call
316 : * in pgfdw_report_error(). In this case, since PQstatus() indicates
317 : * CONNECTION_BAD, checking only PQstatus() causes the false detection
318 : * of connection failure. To avoid this, we also verify that the
319 : * error's sqlstate is ERRCODE_CONNECTION_FAILURE. Note that also
320 : * checking only the sqlstate can cause another false detection
321 : * because pgfdw_report_error() may report ERRCODE_CONNECTION_FAILURE
322 : * for any libpq-originated error condition.
323 : */
324 3 : if (errdata->sqlerrcode != ERRCODE_CONNECTION_FAILURE ||
325 3 : PQstatus(entry->conn) != CONNECTION_BAD ||
326 3 : entry->xact_depth > 0)
327 : {
328 1 : MemoryContextSwitchTo(ecxt);
329 1 : PG_RE_THROW();
330 : }
331 :
332 : /* Clean up the error state */
333 2 : FlushErrorState();
334 2 : FreeErrorData(errdata);
335 2 : errdata = NULL;
336 :
337 2 : retry = true;
338 : }
339 2281 : PG_END_TRY();
340 :
341 : /*
342 : * If a broken connection is detected, disconnect it, reestablish a new
343 : * connection and retry a new remote transaction. If connection failure is
344 : * reported again, we give up getting a connection.
345 : */
346 2281 : if (retry)
347 : {
348 : Assert(entry->xact_depth == 0);
349 :
350 2 : ereport(DEBUG3,
351 : (errmsg_internal("could not start remote transaction on connection %p",
352 : entry->conn)),
353 : errdetail_internal("%s", pchomp(PQerrorMessage(entry->conn))));
354 :
355 2 : elog(DEBUG3, "closing connection %p to reestablish a new one",
356 : entry->conn);
357 2 : disconnect_pg_server(entry);
358 :
359 2 : make_new_connection(entry, user);
360 :
361 2 : begin_remote_xact(entry);
362 : }
363 :
364 : /* Remember if caller will prepare statements */
365 2281 : entry->have_prep_stmt |= will_prep_stmt;
366 :
367 : /* If caller needs access to the per-connection state, return it. */
368 2281 : if (state)
369 779 : *state = &entry->state;
370 :
371 2281 : return entry->conn;
372 : }
373 :
374 : /*
375 : * Reset all transient state fields in the cached connection entry and
376 : * establish new connection to the remote server.
377 : */
378 : static void
379 87 : make_new_connection(ConnCacheEntry *entry, UserMapping *user)
380 : {
381 87 : ForeignServer *server = GetForeignServer(user->serverid);
382 : ListCell *lc;
383 :
384 : Assert(entry->conn == NULL);
385 :
386 : /* Reset all transient state fields, to be sure all are clean */
387 87 : entry->xact_depth = 0;
388 87 : entry->xact_read_only = false;
389 87 : entry->have_prep_stmt = false;
390 87 : entry->have_error = false;
391 87 : entry->changing_xact_state = false;
392 87 : entry->invalidated = false;
393 87 : entry->serverid = server->serverid;
394 87 : entry->server_hashvalue =
395 87 : GetSysCacheHashValue1(FOREIGNSERVEROID,
396 : ObjectIdGetDatum(server->serverid));
397 87 : entry->mapping_hashvalue =
398 87 : GetSysCacheHashValue1(USERMAPPINGOID,
399 : ObjectIdGetDatum(user->umid));
400 87 : memset(&entry->state, 0, sizeof(entry->state));
401 :
402 : /*
403 : * Determine whether to keep the connection that we're about to make here
404 : * open even after the transaction using it ends, so that the subsequent
405 : * transactions can re-use it.
406 : *
407 : * By default, all the connections to any foreign servers are kept open.
408 : *
409 : * Also determine whether to commit/abort (sub)transactions opened on the
410 : * remote server in parallel at (sub)transaction end, which is disabled by
411 : * default.
412 : *
413 : * Note: it's enough to determine these only when making a new connection
414 : * because if these settings for it are changed, it will be closed and
415 : * re-made later.
416 : */
417 87 : entry->keep_connections = true;
418 87 : entry->parallel_commit = false;
419 87 : entry->parallel_abort = false;
420 405 : foreach(lc, server->options)
421 : {
422 318 : DefElem *def = (DefElem *) lfirst(lc);
423 :
424 318 : if (strcmp(def->defname, "keep_connections") == 0)
425 16 : entry->keep_connections = defGetBoolean(def);
426 302 : else if (strcmp(def->defname, "parallel_commit") == 0)
427 2 : entry->parallel_commit = defGetBoolean(def);
428 300 : else if (strcmp(def->defname, "parallel_abort") == 0)
429 2 : entry->parallel_abort = defGetBoolean(def);
430 : }
431 :
432 : /* Now try to make the connection */
433 87 : entry->conn = connect_pg_server(server, user);
434 :
435 79 : elog(DEBUG3, "new postgres_fdw connection %p for server \"%s\" (user mapping oid %u, userid %u)",
436 : entry->conn, server->servername, user->umid, user->userid);
437 79 : }
438 :
439 : /*
440 : * Check that non-superuser has used password or delegated credentials
441 : * to establish connection; otherwise, he's piggybacking on the
442 : * postgres server's user identity. See also dblink_security_check()
443 : * in contrib/dblink and check_conn_params.
444 : */
445 : static void
446 81 : pgfdw_security_check(const char **keywords, const char **values, UserMapping *user, PGconn *conn)
447 : {
448 : /* Superusers bypass the check */
449 81 : if (superuser_arg(user->userid))
450 73 : return;
451 :
452 : #ifdef ENABLE_GSS
453 : /* Connected via GSSAPI with delegated credentials- all good. */
454 : if (PQconnectionUsedGSSAPI(conn) && be_gssapi_get_delegation(MyProcPort))
455 : return;
456 : #endif
457 :
458 : /* Ok if superuser set PW required false. */
459 8 : if (!UserMappingPasswordRequired(user))
460 2 : return;
461 :
462 : /* Connected via PW, with PW required true, and provided non-empty PW. */
463 6 : if (PQconnectionUsedPassword(conn))
464 : {
465 : /* ok if params contain a non-empty password */
466 40 : for (int i = 0; keywords[i] != NULL; i++)
467 : {
468 36 : if (strcmp(keywords[i], "password") == 0 && values[i][0] != '\0')
469 0 : return;
470 : }
471 : }
472 :
473 : /*
474 : * Ok if SCRAM pass-through is being used and all required SCRAM options
475 : * are set correctly. If pgfdw_has_required_scram_options returns true we
476 : * assume that UseScramPassthrough is also true since SCRAM options are
477 : * only set when UseScramPassthrough is enabled.
478 : */
479 6 : if (MyProcPort != NULL && MyProcPort->has_scram_keys && pgfdw_has_required_scram_options(keywords, values))
480 4 : return;
481 :
482 2 : ereport(ERROR,
483 : (errcode(ERRCODE_S_R_E_PROHIBITED_SQL_STATEMENT_ATTEMPTED),
484 : errmsg("password or GSSAPI delegated credentials required"),
485 : errdetail("Non-superuser cannot connect if the server does not request a password or use GSSAPI with delegated credentials."),
486 : errhint("Target server's authentication method must be changed or password_required=false set in the user mapping attributes.")));
487 : }
488 :
489 : /*
490 : * Construct connection params from generic options of ForeignServer and
491 : * UserMapping. (Some of them might not be libpq options, in which case we'll
492 : * just waste a few array slots.)
493 : */
494 : static void
495 97 : construct_connection_params(ForeignServer *server, UserMapping *user,
496 : const char ***p_keywords, const char ***p_values,
497 : char **p_appname)
498 : {
499 : const char **keywords;
500 : const char **values;
501 97 : char *appname = NULL;
502 : int n;
503 :
504 : /*
505 : * Add 4 extra slots for application_name, fallback_application_name,
506 : * client_encoding, end marker, and 3 extra slots for scram keys and
507 : * required scram pass-through options.
508 : */
509 97 : n = list_length(server->options) + list_length(user->options) + 4 + 3;
510 97 : keywords = (const char **) palloc(n * sizeof(char *));
511 97 : values = (const char **) palloc(n * sizeof(char *));
512 :
513 97 : n = 0;
514 194 : n += ExtractConnectionOptions(server->options,
515 97 : keywords + n, values + n);
516 194 : n += ExtractConnectionOptions(user->options,
517 97 : keywords + n, values + n);
518 :
519 : /*
520 : * Use pgfdw_application_name as application_name if set.
521 : *
522 : * PQconnectdbParams() processes the parameter arrays from start to end.
523 : * If any key word is repeated, the last value is used. Therefore note
524 : * that pgfdw_application_name must be added to the arrays after options
525 : * of ForeignServer are, so that it can override application_name set in
526 : * ForeignServer.
527 : */
528 97 : if (pgfdw_application_name && *pgfdw_application_name != '\0')
529 : {
530 1 : keywords[n] = "application_name";
531 1 : values[n] = pgfdw_application_name;
532 1 : n++;
533 : }
534 :
535 : /*
536 : * Search the parameter arrays to find application_name setting, and
537 : * replace escape sequences in it with status information if found. The
538 : * arrays are searched backwards because the last value is used if
539 : * application_name is repeatedly set.
540 : */
541 291 : for (int i = n - 1; i >= 0; i--)
542 : {
543 222 : if (strcmp(keywords[i], "application_name") == 0 &&
544 28 : *(values[i]) != '\0')
545 : {
546 : /*
547 : * Use this application_name setting if it's not empty string even
548 : * after any escape sequences in it are replaced.
549 : */
550 28 : appname = process_pgfdw_appname(values[i]);
551 28 : if (appname[0] != '\0')
552 : {
553 28 : values[i] = appname;
554 28 : break;
555 : }
556 :
557 : /*
558 : * This empty application_name is not used, so we set values[i] to
559 : * NULL and keep searching the array to find the next one.
560 : */
561 0 : values[i] = NULL;
562 0 : pfree(appname);
563 0 : appname = NULL;
564 : }
565 : }
566 :
567 97 : *p_appname = appname;
568 :
569 : /* Use "postgres_fdw" as fallback_application_name */
570 97 : keywords[n] = "fallback_application_name";
571 97 : values[n] = "postgres_fdw";
572 97 : n++;
573 :
574 : /* Set client_encoding so that libpq can convert encoding properly. */
575 97 : keywords[n] = "client_encoding";
576 97 : values[n] = GetDatabaseEncodingName();
577 97 : n++;
578 :
579 : /* Add required SCRAM pass-through connection options if it's enabled. */
580 97 : if (MyProcPort != NULL && MyProcPort->has_scram_keys && UseScramPassthrough(server, user))
581 : {
582 : int len;
583 : int encoded_len;
584 :
585 5 : keywords[n] = "scram_client_key";
586 5 : len = pg_b64_enc_len(sizeof(MyProcPort->scram_ClientKey));
587 : /* don't forget the zero-terminator */
588 5 : values[n] = palloc0(len + 1);
589 5 : encoded_len = pg_b64_encode(MyProcPort->scram_ClientKey,
590 : sizeof(MyProcPort->scram_ClientKey),
591 5 : (char *) values[n], len);
592 5 : if (encoded_len < 0)
593 0 : elog(ERROR, "could not encode SCRAM client key");
594 5 : n++;
595 :
596 5 : keywords[n] = "scram_server_key";
597 5 : len = pg_b64_enc_len(sizeof(MyProcPort->scram_ServerKey));
598 : /* don't forget the zero-terminator */
599 5 : values[n] = palloc0(len + 1);
600 5 : encoded_len = pg_b64_encode(MyProcPort->scram_ServerKey,
601 : sizeof(MyProcPort->scram_ServerKey),
602 5 : (char *) values[n], len);
603 5 : if (encoded_len < 0)
604 0 : elog(ERROR, "could not encode SCRAM server key");
605 5 : n++;
606 :
607 : /*
608 : * Require scram-sha-256 to ensure that no other auth method is used
609 : * when connecting with foreign server.
610 : */
611 5 : keywords[n] = "require_auth";
612 5 : values[n] = "scram-sha-256";
613 5 : n++;
614 : }
615 :
616 97 : keywords[n] = values[n] = NULL;
617 :
618 : /* Verify the set of connection parameters. */
619 97 : check_conn_params(keywords, values, user);
620 :
621 94 : *p_keywords = keywords;
622 94 : *p_values = values;
623 94 : }
624 :
625 : /*
626 : * Connect to remote server using specified server and user mapping properties.
627 : */
628 : static PGconn *
629 87 : connect_pg_server(ForeignServer *server, UserMapping *user)
630 : {
631 87 : PGconn *volatile conn = NULL;
632 :
633 : /*
634 : * Use PG_TRY block to ensure closing connection on error.
635 : */
636 87 : PG_TRY();
637 : {
638 : const char **keywords;
639 : const char **values;
640 : char *appname;
641 : PGconn *start_conn;
642 :
643 87 : construct_connection_params(server, user, &keywords, &values, &appname);
644 :
645 : /* first time, allocate or get the custom wait event */
646 84 : if (pgfdw_we_connect == 0)
647 11 : pgfdw_we_connect = WaitEventExtensionNew("PostgresFdwConnect");
648 :
649 : /* OK to make connection */
650 84 : start_conn = libpqsrv_connect_params_start(keywords, values,
651 : /* expand_dbname = */ false);
652 84 : PQsetNoticeReceiver(start_conn, libpqsrv_notice_receiver,
653 : "received message via remote connection");
654 84 : libpqsrv_connect_complete(start_conn, pgfdw_we_connect);
655 84 : conn = start_conn;
656 :
657 84 : if (!conn || PQstatus(conn) != CONNECTION_OK)
658 3 : ereport(ERROR,
659 : (errcode(ERRCODE_SQLCLIENT_UNABLE_TO_ESTABLISH_SQLCONNECTION),
660 : errmsg("could not connect to server \"%s\"",
661 : server->servername),
662 : errdetail_internal("%s", pchomp(PQerrorMessage(conn)))));
663 :
664 : /* Perform post-connection security checks. */
665 81 : pgfdw_security_check(keywords, values, user, conn);
666 :
667 : /* Prepare new session for use */
668 79 : configure_remote_session(conn);
669 :
670 79 : if (appname != NULL)
671 26 : pfree(appname);
672 79 : pfree(keywords);
673 79 : pfree(values);
674 : }
675 8 : PG_CATCH();
676 : {
677 8 : libpqsrv_disconnect(conn);
678 8 : PG_RE_THROW();
679 : }
680 79 : PG_END_TRY();
681 :
682 79 : return conn;
683 : }
684 :
685 : /*
686 : * Disconnect any open connection for a connection cache entry.
687 : */
688 : static void
689 70 : disconnect_pg_server(ConnCacheEntry *entry)
690 : {
691 70 : if (entry->conn != NULL)
692 : {
693 70 : libpqsrv_disconnect(entry->conn);
694 70 : entry->conn = NULL;
695 : }
696 70 : }
697 :
698 : /*
699 : * Check and return the value of password_required, if defined; otherwise,
700 : * return true, which is the default value of it. The mapping has been
701 : * pre-validated.
702 : */
703 : static bool
704 17 : UserMappingPasswordRequired(UserMapping *user)
705 : {
706 : ListCell *cell;
707 :
708 31 : foreach(cell, user->options)
709 : {
710 17 : DefElem *def = (DefElem *) lfirst(cell);
711 :
712 17 : if (strcmp(def->defname, "password_required") == 0)
713 3 : return defGetBoolean(def);
714 : }
715 :
716 14 : return true;
717 : }
718 :
719 : /*
720 : * Return whether SCRAM pass-through is enabled.
721 : *
722 : * If use_scram_passthrough is specified in both the foreign server
723 : * and the user mapping, the user mapping setting takes precedence.
724 : */
725 : static bool
726 6 : UseScramPassthrough(ForeignServer *server, UserMapping *user)
727 : {
728 : ListCell *cell;
729 :
730 12 : foreach(cell, user->options)
731 : {
732 7 : DefElem *def = (DefElem *) lfirst(cell);
733 :
734 7 : if (strcmp(def->defname, "use_scram_passthrough") == 0)
735 1 : return defGetBoolean(def);
736 : }
737 :
738 20 : foreach(cell, server->options)
739 : {
740 20 : DefElem *def = (DefElem *) lfirst(cell);
741 :
742 20 : if (strcmp(def->defname, "use_scram_passthrough") == 0)
743 5 : return defGetBoolean(def);
744 : }
745 :
746 0 : return false;
747 : }
748 :
749 : /*
750 : * For non-superusers, insist that the connstr specify a password or that the
751 : * user provided their own GSSAPI delegated credentials. This
752 : * prevents a password from being picked up from .pgpass, a service file, the
753 : * environment, etc. We don't want the postgres user's passwords,
754 : * certificates, etc to be accessible to non-superusers. (See also
755 : * dblink_connstr_check in contrib/dblink.)
756 : */
757 : static void
758 97 : check_conn_params(const char **keywords, const char **values, UserMapping *user)
759 : {
760 : int i;
761 :
762 : /* no check required if superuser */
763 97 : if (superuser_arg(user->userid))
764 85 : return;
765 :
766 : #ifdef ENABLE_GSS
767 : /* ok if the user provided their own delegated credentials */
768 : if (be_gssapi_get_delegation(MyProcPort))
769 : return;
770 : #endif
771 :
772 : /* ok if params contain a non-empty password */
773 81 : for (i = 0; keywords[i] != NULL; i++)
774 : {
775 72 : if (strcmp(keywords[i], "password") == 0 && values[i][0] != '\0')
776 3 : return;
777 : }
778 :
779 : /* ok if the superuser explicitly said so at user mapping creation time */
780 9 : if (!UserMappingPasswordRequired(user))
781 1 : return;
782 :
783 : /*
784 : * Ok if SCRAM pass-through is being used and all required scram options
785 : * are set correctly. If pgfdw_has_required_scram_options returns true we
786 : * assume that UseScramPassthrough is also true since SCRAM options are
787 : * only set when UseScramPassthrough is enabled.
788 : */
789 8 : if (MyProcPort != NULL && MyProcPort->has_scram_keys && pgfdw_has_required_scram_options(keywords, values))
790 5 : return;
791 :
792 3 : ereport(ERROR,
793 : (errcode(ERRCODE_S_R_E_PROHIBITED_SQL_STATEMENT_ATTEMPTED),
794 : errmsg("password or GSSAPI delegated credentials required"),
795 : errdetail("Non-superusers must delegate GSSAPI credentials, provide a password, or enable SCRAM pass-through in user mapping.")));
796 : }
797 :
798 : /*
799 : * Issue SET commands to make sure remote session is configured properly.
800 : *
801 : * We do this just once at connection, assuming nothing will change the
802 : * values later. Since we'll never send volatile function calls to the
803 : * remote, there shouldn't be any way to break this assumption from our end.
804 : * It's possible to think of ways to break it at the remote end, eg making
805 : * a foreign table point to a view that includes a set_config call ---
806 : * but once you admit the possibility of a malicious view definition,
807 : * there are any number of ways to break things.
808 : */
809 : static void
810 79 : configure_remote_session(PGconn *conn)
811 : {
812 79 : int remoteversion = PQserverVersion(conn);
813 :
814 : /* Force the search path to contain only pg_catalog (see deparse.c) */
815 79 : do_sql_command(conn, "SET search_path = pg_catalog");
816 :
817 : /*
818 : * Set remote timezone; this is basically just cosmetic, since all
819 : * transmitted and returned timestamptzs should specify a zone explicitly
820 : * anyway. However it makes the regression test outputs more predictable.
821 : *
822 : * We don't risk setting remote zone equal to ours, since the remote
823 : * server might use a different timezone database. Instead, use GMT
824 : * (quoted, because very old servers are picky about case). That's
825 : * guaranteed to work regardless of the remote's timezone database,
826 : * because pg_tzset() hard-wires it (at least in PG 9.2 and later).
827 : */
828 79 : do_sql_command(conn, "SET timezone = 'GMT'");
829 :
830 : /*
831 : * Set values needed to ensure unambiguous data output from remote. (This
832 : * logic should match what pg_dump does. See also set_transmission_modes
833 : * in postgres_fdw.c.)
834 : */
835 79 : do_sql_command(conn, "SET datestyle = ISO");
836 79 : if (remoteversion >= 80400)
837 79 : do_sql_command(conn, "SET intervalstyle = postgres");
838 79 : if (remoteversion >= 90000)
839 79 : do_sql_command(conn, "SET extra_float_digits = 3");
840 : else
841 0 : do_sql_command(conn, "SET extra_float_digits = 2");
842 79 : }
843 :
844 : /*
845 : * Convenience subroutine to issue a non-data-returning SQL command to remote
846 : */
847 : void
848 1921 : do_sql_command(PGconn *conn, const char *sql)
849 : {
850 1921 : do_sql_command_begin(conn, sql);
851 1921 : do_sql_command_end(conn, sql, false);
852 1917 : }
853 :
854 : static void
855 1939 : do_sql_command_begin(PGconn *conn, const char *sql)
856 : {
857 1939 : if (!PQsendQuery(conn, sql))
858 0 : pgfdw_report_error(NULL, conn, sql);
859 1939 : }
860 :
861 : static void
862 1939 : do_sql_command_end(PGconn *conn, const char *sql, bool consume_input)
863 : {
864 : PGresult *res;
865 :
866 : /*
867 : * If requested, consume whatever data is available from the socket. (Note
868 : * that if all data is available, this allows pgfdw_get_result to call
869 : * PQgetResult without forcing the overhead of WaitLatchOrSocket, which
870 : * would be large compared to the overhead of PQconsumeInput.)
871 : */
872 1939 : if (consume_input && !PQconsumeInput(conn))
873 0 : pgfdw_report_error(NULL, conn, sql);
874 1939 : res = pgfdw_get_result(conn);
875 1939 : if (PQresultStatus(res) != PGRES_COMMAND_OK)
876 4 : pgfdw_report_error(res, conn, sql);
877 1935 : PQclear(res);
878 1935 : }
879 :
880 : /*
881 : * Start remote transaction or subtransaction, if needed.
882 : *
883 : * Note that we always use at least REPEATABLE READ in the remote session.
884 : * This is so that, if a query initiates multiple scans of the same or
885 : * different foreign tables, we will get snapshot-consistent results from
886 : * those scans. A disadvantage is that we can't provide sane emulation of
887 : * READ COMMITTED behavior --- it would be nice if we had some other way to
888 : * control which remote queries share a snapshot.
889 : *
890 : * Note also that we always start the remote transaction with the same
891 : * read/write and deferrable properties as the local transaction, and start
892 : * the remote subtransaction with the same read/write property as the local
893 : * subtransaction.
894 : */
895 : static void
896 2284 : begin_remote_xact(ConnCacheEntry *entry)
897 : {
898 2284 : int curlevel = GetCurrentTransactionNestLevel();
899 :
900 : /*
901 : * If the current local (sub)transaction is read-only, set the topmost
902 : * read-only local transaction's nesting level if we haven't yet.
903 : *
904 : * Note: once it's set, it's retained until the topmost read-only local
905 : * transaction is committed/aborted (see pgfdw_xact_callback and
906 : * pgfdw_subxact_callback).
907 : */
908 2284 : if (XactReadOnly)
909 : {
910 10 : if (read_only_level == 0)
911 9 : read_only_level = GetTopReadOnlyTransactionNestLevel();
912 : Assert(read_only_level > 0);
913 : }
914 : else
915 : Assert(read_only_level == 0);
916 :
917 : /*
918 : * Start main transaction if we haven't yet; otherwise, change the current
919 : * remote (sub)transaction's read/write mode if needed.
920 : */
921 2284 : if (entry->xact_depth <= 0)
922 : {
923 : /*
924 : * This is the case when we haven't yet started a main transaction.
925 : */
926 : StringInfoData sql;
927 780 : bool ro = (read_only_level == 1);
928 :
929 780 : elog(DEBUG3, "starting remote transaction on connection %p",
930 : entry->conn);
931 :
932 780 : initStringInfo(&sql);
933 780 : appendStringInfoString(&sql, "START TRANSACTION ISOLATION LEVEL ");
934 780 : if (IsolationIsSerializable())
935 3 : appendStringInfoString(&sql, "SERIALIZABLE");
936 : else
937 777 : appendStringInfoString(&sql, "REPEATABLE READ");
938 780 : if (ro)
939 3 : appendStringInfoString(&sql, " READ ONLY");
940 780 : if (XactDeferrable)
941 2 : appendStringInfoString(&sql, " DEFERRABLE");
942 780 : entry->changing_xact_state = true;
943 780 : do_sql_command(entry->conn, sql.data);
944 778 : entry->xact_depth = 1;
945 778 : if (ro)
946 : {
947 : Assert(!entry->xact_read_only);
948 3 : entry->xact_read_only = true;
949 : }
950 778 : entry->changing_xact_state = false;
951 : }
952 1504 : else if (!entry->xact_read_only)
953 : {
954 : /*
955 : * The remote (sub)transaction has been opened in read-write mode.
956 : */
957 : Assert(read_only_level == 0 ||
958 : entry->xact_depth <= read_only_level);
959 :
960 : /*
961 : * If its nesting depth matches read_only_level, it means that the
962 : * local read-write (sub)transaction that started it has changed to
963 : * read-only after that; in which case change it to read-only as well.
964 : * Otherwise, the local (sub)transaction is still read-write, so there
965 : * is no need to do anything.
966 : */
967 1503 : if (entry->xact_depth == read_only_level)
968 : {
969 4 : entry->changing_xact_state = true;
970 4 : do_sql_command(entry->conn, "SET transaction_read_only = on");
971 4 : entry->xact_read_only = true;
972 4 : entry->changing_xact_state = false;
973 : }
974 : }
975 : else
976 : {
977 : /*
978 : * The remote (sub)transaction has been opened in read-only mode.
979 : */
980 : Assert(read_only_level > 0 &&
981 : entry->xact_depth >= read_only_level);
982 :
983 : /*
984 : * The local read-only (sub)transaction that started it is guaranteed
985 : * to be still read-only (see check_transaction_read_only), so there
986 : * is no need to do anything.
987 : */
988 : }
989 :
990 : /*
991 : * If we're in a subtransaction, stack up savepoints to match our level.
992 : * This ensures we can rollback just the desired effects when a
993 : * subtransaction aborts.
994 : */
995 2303 : while (entry->xact_depth < curlevel)
996 : {
997 : StringInfoData sql;
998 22 : bool ro = (entry->xact_depth + 1 == read_only_level);
999 :
1000 22 : initStringInfo(&sql);
1001 22 : appendStringInfo(&sql, "SAVEPOINT s%d", entry->xact_depth + 1);
1002 22 : if (ro)
1003 2 : appendStringInfoString(&sql, "; SET transaction_read_only = on");
1004 22 : entry->changing_xact_state = true;
1005 22 : do_sql_command(entry->conn, sql.data);
1006 21 : entry->xact_depth++;
1007 21 : if (ro)
1008 : {
1009 : Assert(!entry->xact_read_only);
1010 2 : entry->xact_read_only = true;
1011 : }
1012 21 : entry->changing_xact_state = false;
1013 : }
1014 2281 : }
1015 :
1016 : /*
1017 : * Release connection reference count created by calling GetConnection.
1018 : */
1019 : void
1020 2206 : ReleaseConnection(PGconn *conn)
1021 : {
1022 : /*
1023 : * Currently, we don't actually track connection references because all
1024 : * cleanup is managed on a transaction or subtransaction basis instead. So
1025 : * there's nothing to do here.
1026 : */
1027 2206 : }
1028 :
1029 : /*
1030 : * Assign a "unique" number for a cursor.
1031 : *
1032 : * These really only need to be unique per connection within a transaction.
1033 : * For the moment we ignore the per-connection point and assign them across
1034 : * all connections in the transaction, but we ask for the connection to be
1035 : * supplied in case we want to refine that.
1036 : *
1037 : * Note that even if wraparound happens in a very long transaction, actual
1038 : * collisions are highly improbable; just be sure to use %u not %d to print.
1039 : */
1040 : unsigned int
1041 577 : GetCursorNumber(PGconn *conn)
1042 : {
1043 577 : return ++cursor_number;
1044 : }
1045 :
1046 : /*
1047 : * Assign a "unique" number for a prepared statement.
1048 : *
1049 : * This works much like GetCursorNumber, except that we never reset the counter
1050 : * within a session. That's because we can't be 100% sure we've gotten rid
1051 : * of all prepared statements on all connections, and it's not really worth
1052 : * increasing the risk of prepared-statement name collisions by resetting.
1053 : */
1054 : unsigned int
1055 187 : GetPrepStmtNumber(PGconn *conn)
1056 : {
1057 187 : return ++prep_stmt_number;
1058 : }
1059 :
1060 : /*
1061 : * Submit a query and wait for the result.
1062 : *
1063 : * Since we don't use non-blocking mode, this can't process interrupts while
1064 : * pushing the query text to the server. That risk is relatively small, so we
1065 : * ignore that for now.
1066 : *
1067 : * Caller is responsible for the error handling on the result.
1068 : */
1069 : PGresult *
1070 4185 : pgfdw_exec_query(PGconn *conn, const char *query, PgFdwConnState *state)
1071 : {
1072 : /* First, process a pending asynchronous request, if any. */
1073 4185 : if (state && state->pendingAreq)
1074 4 : process_pending_request(state->pendingAreq);
1075 :
1076 4185 : if (!PQsendQuery(conn, query))
1077 1 : return NULL;
1078 4184 : return pgfdw_get_result(conn);
1079 : }
1080 :
1081 : /*
1082 : * Wrap libpqsrv_get_result_last(), adding wait event.
1083 : *
1084 : * Caller is responsible for the error handling on the result.
1085 : */
1086 : PGresult *
1087 8443 : pgfdw_get_result(PGconn *conn)
1088 : {
1089 8443 : return libpqsrv_get_result_last(conn, pgfdw_we_get_result);
1090 : }
1091 :
1092 : /*
1093 : * Report an error we got from the remote server.
1094 : *
1095 : * Callers should use pgfdw_report_error() to throw an error, or use
1096 : * pgfdw_report() for lesser message levels. (We make this distinction
1097 : * so that pgfdw_report_error() can be marked noreturn.)
1098 : *
1099 : * res: PGresult containing the error (might be NULL)
1100 : * conn: connection we did the query on
1101 : * sql: NULL, or text of remote command we tried to execute
1102 : *
1103 : * If "res" is not NULL, it'll be PQclear'ed here (unless we throw error,
1104 : * in which case memory context cleanup will clear it eventually).
1105 : *
1106 : * Note: callers that choose not to throw ERROR for a remote error are
1107 : * responsible for making sure that the associated ConnCacheEntry gets
1108 : * marked with have_error = true.
1109 : */
1110 : void
1111 27 : pgfdw_report_error(PGresult *res, PGconn *conn, const char *sql)
1112 : {
1113 27 : pgfdw_report_internal(ERROR, res, conn, sql);
1114 0 : pg_unreachable();
1115 : }
1116 :
1117 : void
1118 2 : pgfdw_report(int elevel, PGresult *res, PGconn *conn, const char *sql)
1119 : {
1120 : Assert(elevel < ERROR); /* use pgfdw_report_error for that */
1121 2 : pgfdw_report_internal(elevel, res, conn, sql);
1122 2 : }
1123 :
1124 : static void
1125 29 : pgfdw_report_internal(int elevel, PGresult *res, PGconn *conn,
1126 : const char *sql)
1127 : {
1128 29 : char *diag_sqlstate = PQresultErrorField(res, PG_DIAG_SQLSTATE);
1129 29 : char *message_primary = PQresultErrorField(res, PG_DIAG_MESSAGE_PRIMARY);
1130 29 : char *message_detail = PQresultErrorField(res, PG_DIAG_MESSAGE_DETAIL);
1131 29 : char *message_hint = PQresultErrorField(res, PG_DIAG_MESSAGE_HINT);
1132 29 : char *message_context = PQresultErrorField(res, PG_DIAG_CONTEXT);
1133 : int sqlstate;
1134 :
1135 29 : if (diag_sqlstate)
1136 22 : sqlstate = MAKE_SQLSTATE(diag_sqlstate[0],
1137 : diag_sqlstate[1],
1138 : diag_sqlstate[2],
1139 : diag_sqlstate[3],
1140 : diag_sqlstate[4]);
1141 : else
1142 7 : sqlstate = ERRCODE_CONNECTION_FAILURE;
1143 :
1144 : /*
1145 : * If we don't get a message from the PGresult, try the PGconn. This is
1146 : * needed because for connection-level failures, PQgetResult may just
1147 : * return NULL, not a PGresult at all.
1148 : */
1149 29 : if (message_primary == NULL)
1150 7 : message_primary = pchomp(PQerrorMessage(conn));
1151 :
1152 29 : ereport(elevel,
1153 : (errcode(sqlstate),
1154 : (message_primary != NULL && message_primary[0] != '\0') ?
1155 : errmsg_internal("%s", message_primary) :
1156 : errmsg("could not obtain message string for remote error"),
1157 : message_detail ? errdetail_internal("%s", message_detail) : 0,
1158 : message_hint ? errhint("%s", message_hint) : 0,
1159 : message_context ? errcontext("%s", message_context) : 0,
1160 : sql ? errcontext("remote SQL command: %s", sql) : 0));
1161 2 : PQclear(res);
1162 2 : }
1163 :
1164 : /*
1165 : * pgfdw_xact_callback --- cleanup at main-transaction end.
1166 : *
1167 : * This runs just late enough that it must not enter user-defined code
1168 : * locally. (Entering such code on the remote side is fine. Its remote
1169 : * COMMIT TRANSACTION may run deferred triggers.)
1170 : */
1171 : static void
1172 4226 : pgfdw_xact_callback(XactEvent event, void *arg)
1173 : {
1174 : HASH_SEQ_STATUS scan;
1175 : ConnCacheEntry *entry;
1176 4226 : List *pending_entries = NIL;
1177 4226 : List *cancel_requested = NIL;
1178 :
1179 : /* Quick exit if no connections were touched in this transaction. */
1180 4226 : if (!xact_got_connection)
1181 3478 : return;
1182 :
1183 : /*
1184 : * Scan all connection cache entries to find open remote transactions, and
1185 : * close them.
1186 : */
1187 748 : hash_seq_init(&scan, ConnectionHash);
1188 3948 : while ((entry = (ConnCacheEntry *) hash_seq_search(&scan)))
1189 : {
1190 : PGresult *res;
1191 :
1192 : /* Ignore cache entry if no open connection right now */
1193 3201 : if (entry->conn == NULL)
1194 1876 : continue;
1195 :
1196 : /* If it has an open remote transaction, try to close it */
1197 1325 : if (entry->xact_depth > 0)
1198 : {
1199 779 : elog(DEBUG3, "closing remote transaction on connection %p",
1200 : entry->conn);
1201 :
1202 779 : switch (event)
1203 : {
1204 719 : case XACT_EVENT_PARALLEL_PRE_COMMIT:
1205 : case XACT_EVENT_PRE_COMMIT:
1206 :
1207 : /*
1208 : * If abort cleanup previously failed for this connection,
1209 : * we can't issue any more commands against it.
1210 : */
1211 719 : pgfdw_reject_incomplete_xact_state_change(entry);
1212 :
1213 : /* Commit all remote transactions during pre-commit */
1214 719 : entry->changing_xact_state = true;
1215 719 : if (entry->parallel_commit)
1216 : {
1217 16 : do_sql_command_begin(entry->conn, "COMMIT TRANSACTION");
1218 16 : pending_entries = lappend(pending_entries, entry);
1219 16 : continue;
1220 : }
1221 703 : do_sql_command(entry->conn, "COMMIT TRANSACTION");
1222 703 : entry->changing_xact_state = false;
1223 :
1224 : /*
1225 : * If there were any errors in subtransactions, and we
1226 : * made prepared statements, do a DEALLOCATE ALL to make
1227 : * sure we get rid of all prepared statements. This is
1228 : * annoying and not terribly bulletproof, but it's
1229 : * probably not worth trying harder.
1230 : *
1231 : * DEALLOCATE ALL only exists in 8.3 and later, so this
1232 : * constrains how old a server postgres_fdw can
1233 : * communicate with. We intentionally ignore errors in
1234 : * the DEALLOCATE, so that we can hobble along to some
1235 : * extent with older servers (leaking prepared statements
1236 : * as we go; but we don't really support update operations
1237 : * pre-8.3 anyway).
1238 : */
1239 703 : if (entry->have_prep_stmt && entry->have_error)
1240 : {
1241 0 : res = pgfdw_exec_query(entry->conn, "DEALLOCATE ALL",
1242 : NULL);
1243 0 : PQclear(res);
1244 : }
1245 703 : entry->have_prep_stmt = false;
1246 703 : entry->have_error = false;
1247 703 : break;
1248 1 : case XACT_EVENT_PRE_PREPARE:
1249 :
1250 : /*
1251 : * We disallow any remote transactions, since it's not
1252 : * very reasonable to hold them open until the prepared
1253 : * transaction is committed. For the moment, throw error
1254 : * unconditionally; later we might allow read-only cases.
1255 : * Note that the error will cause us to come right back
1256 : * here with event == XACT_EVENT_ABORT, so we'll clean up
1257 : * the connection state at that point.
1258 : */
1259 1 : ereport(ERROR,
1260 : (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1261 : errmsg("cannot PREPARE a transaction that has operated on postgres_fdw foreign tables")));
1262 : break;
1263 0 : case XACT_EVENT_PARALLEL_COMMIT:
1264 : case XACT_EVENT_COMMIT:
1265 : case XACT_EVENT_PREPARE:
1266 : /* Pre-commit should have closed the open transaction */
1267 0 : elog(ERROR, "missed cleaning up connection during pre-commit");
1268 : break;
1269 59 : case XACT_EVENT_PARALLEL_ABORT:
1270 : case XACT_EVENT_ABORT:
1271 : /* Rollback all remote transactions during abort */
1272 59 : if (entry->parallel_abort)
1273 : {
1274 4 : if (pgfdw_abort_cleanup_begin(entry, true,
1275 : &pending_entries,
1276 : &cancel_requested))
1277 4 : continue;
1278 : }
1279 : else
1280 55 : pgfdw_abort_cleanup(entry, true);
1281 55 : break;
1282 : }
1283 : }
1284 :
1285 : /* Reset state to show we're out of a transaction */
1286 1304 : pgfdw_reset_xact_state(entry, true);
1287 : }
1288 :
1289 : /* If there are any pending connections, finish cleaning them up */
1290 747 : if (pending_entries || cancel_requested)
1291 : {
1292 15 : if (event == XACT_EVENT_PARALLEL_PRE_COMMIT ||
1293 : event == XACT_EVENT_PRE_COMMIT)
1294 : {
1295 : Assert(cancel_requested == NIL);
1296 13 : pgfdw_finish_pre_commit_cleanup(pending_entries);
1297 : }
1298 : else
1299 : {
1300 : Assert(event == XACT_EVENT_PARALLEL_ABORT ||
1301 : event == XACT_EVENT_ABORT);
1302 2 : pgfdw_finish_abort_cleanup(pending_entries, cancel_requested,
1303 : true);
1304 : }
1305 : }
1306 :
1307 : /*
1308 : * Regardless of the event type, we can now mark ourselves as out of the
1309 : * transaction. (Note: if we are here during PRE_COMMIT or PRE_PREPARE,
1310 : * this saves a useless scan of the hashtable during COMMIT or PREPARE.)
1311 : */
1312 747 : xact_got_connection = false;
1313 :
1314 : /* Also reset cursor numbering for next transaction */
1315 747 : cursor_number = 0;
1316 :
1317 : /* Likewise for read_only_level */
1318 747 : read_only_level = 0;
1319 : }
1320 :
1321 : /*
1322 : * pgfdw_subxact_callback --- cleanup at subtransaction end.
1323 : */
1324 : static void
1325 72 : pgfdw_subxact_callback(SubXactEvent event, SubTransactionId mySubid,
1326 : SubTransactionId parentSubid, void *arg)
1327 : {
1328 : HASH_SEQ_STATUS scan;
1329 : ConnCacheEntry *entry;
1330 : int curlevel;
1331 72 : List *pending_entries = NIL;
1332 72 : List *cancel_requested = NIL;
1333 :
1334 : /* Nothing to do at subxact start, nor after commit. */
1335 72 : if (!(event == SUBXACT_EVENT_PRE_COMMIT_SUB ||
1336 : event == SUBXACT_EVENT_ABORT_SUB))
1337 43 : return;
1338 :
1339 : /* Quick exit if no connections were touched in this transaction. */
1340 29 : if (!xact_got_connection)
1341 0 : return;
1342 :
1343 : /*
1344 : * Scan all connection cache entries to find open remote subtransactions
1345 : * of the current level, and close them.
1346 : */
1347 29 : curlevel = GetCurrentTransactionNestLevel();
1348 29 : hash_seq_init(&scan, ConnectionHash);
1349 242 : while ((entry = (ConnCacheEntry *) hash_seq_search(&scan)))
1350 : {
1351 : char sql[100];
1352 :
1353 : /*
1354 : * We only care about connections with open remote subtransactions of
1355 : * the current level.
1356 : */
1357 213 : if (entry->conn == NULL || entry->xact_depth < curlevel)
1358 198 : continue;
1359 :
1360 21 : if (entry->xact_depth > curlevel)
1361 0 : elog(ERROR, "missed cleaning up remote subtransaction at level %d",
1362 : entry->xact_depth);
1363 :
1364 21 : if (event == SUBXACT_EVENT_PRE_COMMIT_SUB)
1365 : {
1366 : /*
1367 : * If abort cleanup previously failed for this connection, we
1368 : * can't issue any more commands against it.
1369 : */
1370 7 : pgfdw_reject_incomplete_xact_state_change(entry);
1371 :
1372 : /* Commit all remote subtransactions during pre-commit */
1373 7 : snprintf(sql, sizeof(sql), "RELEASE SAVEPOINT s%d", curlevel);
1374 7 : entry->changing_xact_state = true;
1375 7 : if (entry->parallel_commit)
1376 : {
1377 2 : do_sql_command_begin(entry->conn, sql);
1378 2 : pending_entries = lappend(pending_entries, entry);
1379 2 : continue;
1380 : }
1381 5 : do_sql_command(entry->conn, sql);
1382 5 : entry->changing_xact_state = false;
1383 : }
1384 : else
1385 : {
1386 : /* Rollback all remote subtransactions during abort */
1387 14 : if (entry->parallel_abort)
1388 : {
1389 4 : if (pgfdw_abort_cleanup_begin(entry, false,
1390 : &pending_entries,
1391 : &cancel_requested))
1392 4 : continue;
1393 : }
1394 : else
1395 10 : pgfdw_abort_cleanup(entry, false);
1396 : }
1397 :
1398 : /* OK, we're outta that level of subtransaction */
1399 15 : pgfdw_reset_xact_state(entry, false);
1400 : }
1401 :
1402 : /* If there are any pending connections, finish cleaning them up */
1403 29 : if (pending_entries || cancel_requested)
1404 : {
1405 3 : if (event == SUBXACT_EVENT_PRE_COMMIT_SUB)
1406 : {
1407 : Assert(cancel_requested == NIL);
1408 1 : pgfdw_finish_pre_subcommit_cleanup(pending_entries, curlevel);
1409 : }
1410 : else
1411 : {
1412 : Assert(event == SUBXACT_EVENT_ABORT_SUB);
1413 2 : pgfdw_finish_abort_cleanup(pending_entries, cancel_requested,
1414 : false);
1415 : }
1416 : }
1417 :
1418 : /* If in read_only_level, reset it */
1419 29 : if (curlevel == read_only_level)
1420 3 : read_only_level = 0;
1421 : }
1422 :
1423 : /*
1424 : * Connection invalidation callback function
1425 : *
1426 : * After a change to a pg_foreign_server or pg_user_mapping catalog entry,
1427 : * close connections depending on that entry immediately if current transaction
1428 : * has not used those connections yet. Otherwise, mark those connections as
1429 : * invalid and then make pgfdw_xact_callback() close them at the end of current
1430 : * transaction, since they cannot be closed in the midst of the transaction
1431 : * using them. Closed connections will be remade at the next opportunity if
1432 : * necessary.
1433 : *
1434 : * Although most cache invalidation callbacks blow away all the related stuff
1435 : * regardless of the given hashvalue, connections are expensive enough that
1436 : * it's worth trying to avoid that.
1437 : *
1438 : * NB: We could avoid unnecessary disconnection more strictly by examining
1439 : * individual option values, but it seems too much effort for the gain.
1440 : */
1441 : static void
1442 188 : pgfdw_inval_callback(Datum arg, SysCacheIdentifier cacheid, uint32 hashvalue)
1443 : {
1444 : HASH_SEQ_STATUS scan;
1445 : ConnCacheEntry *entry;
1446 :
1447 : Assert(cacheid == FOREIGNSERVEROID || cacheid == USERMAPPINGOID);
1448 :
1449 : /* ConnectionHash must exist already, if we're registered */
1450 188 : hash_seq_init(&scan, ConnectionHash);
1451 1222 : while ((entry = (ConnCacheEntry *) hash_seq_search(&scan)))
1452 : {
1453 : /* Ignore invalid entries */
1454 1034 : if (entry->conn == NULL)
1455 838 : continue;
1456 :
1457 : /* hashvalue == 0 means a cache reset, must clear all state */
1458 196 : if (hashvalue == 0 ||
1459 140 : (cacheid == FOREIGNSERVEROID &&
1460 196 : entry->server_hashvalue == hashvalue) ||
1461 56 : (cacheid == USERMAPPINGOID &&
1462 56 : entry->mapping_hashvalue == hashvalue))
1463 : {
1464 : /*
1465 : * Close the connection immediately if it's not used yet in this
1466 : * transaction. Otherwise mark it as invalid so that
1467 : * pgfdw_xact_callback() can close it at the end of this
1468 : * transaction.
1469 : */
1470 59 : if (entry->xact_depth == 0)
1471 : {
1472 56 : elog(DEBUG3, "discarding connection %p", entry->conn);
1473 56 : disconnect_pg_server(entry);
1474 : }
1475 : else
1476 3 : entry->invalidated = true;
1477 : }
1478 : }
1479 188 : }
1480 :
1481 : /*
1482 : * Raise an error if the given connection cache entry is marked as being
1483 : * in the middle of an xact state change. This should be called at which no
1484 : * such change is expected to be in progress; if one is found to be in
1485 : * progress, it means that we aborted in the middle of a previous state change
1486 : * and now don't know what the remote transaction state actually is.
1487 : * Such connections can't safely be further used. Re-establishing the
1488 : * connection would change the snapshot and roll back any writes already
1489 : * performed, so that's not an option, either. Thus, we must abort.
1490 : *
1491 : * Note: there might be open cursors that use the connection, so even if the
1492 : * connection cache entry is marked as such, we will retain it until abort
1493 : * cleanup of the main transaction, to ensure such open cursors can safely
1494 : * refer to the PGconn for the connection.
1495 : */
1496 : static void
1497 3018 : pgfdw_reject_incomplete_xact_state_change(ConnCacheEntry *entry)
1498 : {
1499 : ForeignServer *server;
1500 :
1501 : /* nothing to do for inactive entries and entries of sane state */
1502 3018 : if (entry->conn == NULL || !entry->changing_xact_state)
1503 3016 : return;
1504 :
1505 : /* find server name to be shown in the message below */
1506 2 : server = GetForeignServer(entry->serverid);
1507 :
1508 2 : ereport(ERROR,
1509 : (errcode(ERRCODE_CONNECTION_EXCEPTION),
1510 : errmsg("connection to server \"%s\" cannot be used due to abort cleanup failure",
1511 : server->servername)));
1512 : }
1513 :
1514 : /*
1515 : * Reset state to show we're out of a (sub)transaction.
1516 : */
1517 : static void
1518 1345 : pgfdw_reset_xact_state(ConnCacheEntry *entry, bool toplevel)
1519 : {
1520 1345 : if (toplevel)
1521 : {
1522 : /* Reset state to show we're out of a transaction */
1523 1324 : entry->xact_depth = 0;
1524 :
1525 : /* Reset xact r/o state */
1526 1324 : entry->xact_read_only = false;
1527 :
1528 : /*
1529 : * If the connection isn't in a good idle state, it is marked as
1530 : * invalid or keep_connections option of its server is disabled, then
1531 : * discard it to recover. Next GetConnection will open a new
1532 : * connection.
1533 : */
1534 2645 : if (PQstatus(entry->conn) != CONNECTION_OK ||
1535 1321 : PQtransactionStatus(entry->conn) != PQTRANS_IDLE ||
1536 1321 : entry->changing_xact_state ||
1537 1321 : entry->invalidated ||
1538 1319 : !entry->keep_connections)
1539 : {
1540 6 : elog(DEBUG3, "discarding connection %p", entry->conn);
1541 6 : disconnect_pg_server(entry);
1542 : }
1543 : }
1544 : else
1545 : {
1546 : /* Reset state to show we're out of a subtransaction */
1547 21 : entry->xact_depth--;
1548 :
1549 : /* If in read_only_level, reset xact r/o state */
1550 21 : if (entry->xact_depth + 1 == read_only_level)
1551 4 : entry->xact_read_only = false;
1552 : }
1553 1345 : }
1554 :
1555 : /*
1556 : * Cancel the currently-in-progress query (whose query text we do not have)
1557 : * and ignore the result. Returns true if we successfully cancel the query
1558 : * and discard any pending result, and false if not.
1559 : *
1560 : * It's not a huge problem if we throw an ERROR here, but if we get into error
1561 : * recursion trouble, we'll end up slamming the connection shut, which will
1562 : * necessitate failing the entire toplevel transaction even if subtransactions
1563 : * were used. Try to use WARNING where we can.
1564 : *
1565 : * XXX: if the query was one sent by fetch_more_data_begin(), we could get the
1566 : * query text from the pendingAreq saved in the per-connection state, then
1567 : * report the query using it.
1568 : */
1569 : static bool
1570 2 : pgfdw_cancel_query(PGconn *conn)
1571 : {
1572 2 : TimestampTz now = GetCurrentTimestamp();
1573 : TimestampTz endtime;
1574 : TimestampTz retrycanceltime;
1575 :
1576 : /*
1577 : * If it takes too long to cancel the query and discard the result, assume
1578 : * the connection is dead.
1579 : */
1580 2 : endtime = TimestampTzPlusMilliseconds(now, CONNECTION_CLEANUP_TIMEOUT);
1581 :
1582 : /*
1583 : * Also, lose patience and re-issue the cancel request after a little bit.
1584 : * (This serves to close some race conditions.)
1585 : */
1586 2 : retrycanceltime = TimestampTzPlusMilliseconds(now, RETRY_CANCEL_TIMEOUT);
1587 :
1588 2 : if (!pgfdw_cancel_query_begin(conn, endtime))
1589 0 : return false;
1590 2 : return pgfdw_cancel_query_end(conn, endtime, retrycanceltime, false);
1591 : }
1592 :
1593 : /*
1594 : * Submit a cancel request to the given connection, waiting only until
1595 : * the given time.
1596 : *
1597 : * We sleep interruptibly until we receive confirmation that the cancel
1598 : * request has been accepted, and if it is, return true; if the timeout
1599 : * lapses without that, or the request fails for whatever reason, return
1600 : * false.
1601 : */
1602 : static bool
1603 2 : pgfdw_cancel_query_begin(PGconn *conn, TimestampTz endtime)
1604 : {
1605 2 : const char *errormsg = libpqsrv_cancel(conn, endtime);
1606 :
1607 2 : if (errormsg != NULL)
1608 0 : ereport(WARNING,
1609 : errcode(ERRCODE_CONNECTION_FAILURE),
1610 : errmsg("could not send cancel request: %s", errormsg));
1611 :
1612 2 : return errormsg == NULL;
1613 : }
1614 :
1615 : static bool
1616 2 : pgfdw_cancel_query_end(PGconn *conn, TimestampTz endtime,
1617 : TimestampTz retrycanceltime, bool consume_input)
1618 : {
1619 : PGresult *result;
1620 : bool timed_out;
1621 :
1622 : /*
1623 : * If requested, consume whatever data is available from the socket. (Note
1624 : * that if all data is available, this allows pgfdw_get_cleanup_result to
1625 : * call PQgetResult without forcing the overhead of WaitLatchOrSocket,
1626 : * which would be large compared to the overhead of PQconsumeInput.)
1627 : */
1628 2 : if (consume_input && !PQconsumeInput(conn))
1629 : {
1630 0 : ereport(WARNING,
1631 : (errcode(ERRCODE_CONNECTION_FAILURE),
1632 : errmsg("could not get result of cancel request: %s",
1633 : pchomp(PQerrorMessage(conn)))));
1634 0 : return false;
1635 : }
1636 :
1637 : /* Get and discard the result of the query. */
1638 2 : if (pgfdw_get_cleanup_result(conn, endtime, retrycanceltime,
1639 : &result, &timed_out))
1640 : {
1641 0 : if (timed_out)
1642 0 : ereport(WARNING,
1643 : (errmsg("could not get result of cancel request due to timeout")));
1644 : else
1645 0 : ereport(WARNING,
1646 : (errcode(ERRCODE_CONNECTION_FAILURE),
1647 : errmsg("could not get result of cancel request: %s",
1648 : pchomp(PQerrorMessage(conn)))));
1649 :
1650 0 : return false;
1651 : }
1652 2 : PQclear(result);
1653 :
1654 2 : return true;
1655 : }
1656 :
1657 : /*
1658 : * Submit a query during (sub)abort cleanup and wait up to 30 seconds for the
1659 : * result. If the query is executed without error, the return value is true.
1660 : * If the query is executed successfully but returns an error, the return
1661 : * value is true if and only if ignore_errors is set. If the query can't be
1662 : * sent or times out, the return value is false.
1663 : *
1664 : * It's not a huge problem if we throw an ERROR here, but if we get into error
1665 : * recursion trouble, we'll end up slamming the connection shut, which will
1666 : * necessitate failing the entire toplevel transaction even if subtransactions
1667 : * were used. Try to use WARNING where we can.
1668 : */
1669 : static bool
1670 87 : pgfdw_exec_cleanup_query(PGconn *conn, const char *query, bool ignore_errors)
1671 : {
1672 : TimestampTz endtime;
1673 :
1674 : /*
1675 : * If it takes too long to execute a cleanup query, assume the connection
1676 : * is dead. It's fairly likely that this is why we aborted in the first
1677 : * place (e.g. statement timeout, user cancel), so the timeout shouldn't
1678 : * be too long.
1679 : */
1680 87 : endtime = TimestampTzPlusMilliseconds(GetCurrentTimestamp(),
1681 : CONNECTION_CLEANUP_TIMEOUT);
1682 :
1683 87 : if (!pgfdw_exec_cleanup_query_begin(conn, query))
1684 0 : return false;
1685 87 : return pgfdw_exec_cleanup_query_end(conn, query, endtime,
1686 : false, ignore_errors);
1687 : }
1688 :
1689 : static bool
1690 99 : pgfdw_exec_cleanup_query_begin(PGconn *conn, const char *query)
1691 : {
1692 : Assert(query != NULL);
1693 :
1694 : /*
1695 : * Submit a query. Since we don't use non-blocking mode, this also can
1696 : * block. But its risk is relatively small, so we ignore that for now.
1697 : */
1698 99 : if (!PQsendQuery(conn, query))
1699 : {
1700 0 : pgfdw_report(WARNING, NULL, conn, query);
1701 0 : return false;
1702 : }
1703 :
1704 99 : return true;
1705 : }
1706 :
1707 : static bool
1708 99 : pgfdw_exec_cleanup_query_end(PGconn *conn, const char *query,
1709 : TimestampTz endtime, bool consume_input,
1710 : bool ignore_errors)
1711 : {
1712 : PGresult *result;
1713 : bool timed_out;
1714 :
1715 : Assert(query != NULL);
1716 :
1717 : /*
1718 : * If requested, consume whatever data is available from the socket. (Note
1719 : * that if all data is available, this allows pgfdw_get_cleanup_result to
1720 : * call PQgetResult without forcing the overhead of WaitLatchOrSocket,
1721 : * which would be large compared to the overhead of PQconsumeInput.)
1722 : */
1723 99 : if (consume_input && !PQconsumeInput(conn))
1724 : {
1725 0 : pgfdw_report(WARNING, NULL, conn, query);
1726 0 : return false;
1727 : }
1728 :
1729 : /* Get the result of the query. */
1730 99 : if (pgfdw_get_cleanup_result(conn, endtime, endtime, &result, &timed_out))
1731 : {
1732 2 : if (timed_out)
1733 0 : ereport(WARNING,
1734 : (errmsg("could not get query result due to timeout"),
1735 : errcontext("remote SQL command: %s", query)));
1736 : else
1737 2 : pgfdw_report(WARNING, NULL, conn, query);
1738 :
1739 2 : return false;
1740 : }
1741 :
1742 : /* Issue a warning if not successful. */
1743 97 : if (PQresultStatus(result) != PGRES_COMMAND_OK)
1744 : {
1745 0 : pgfdw_report(WARNING, result, conn, query);
1746 0 : return ignore_errors;
1747 : }
1748 97 : PQclear(result);
1749 :
1750 97 : return true;
1751 : }
1752 :
1753 : /*
1754 : * Get, during abort cleanup, the result of a query that is in progress.
1755 : * This might be a query that is being interrupted by a cancel request or by
1756 : * transaction abort, or it might be a query that was initiated as part of
1757 : * transaction abort to get the remote side back to the appropriate state.
1758 : *
1759 : * endtime is the time at which we should give up and assume the remote side
1760 : * is dead. retrycanceltime is the time at which we should issue a fresh
1761 : * cancel request (pass the same value as endtime if this is not wanted).
1762 : *
1763 : * Returns true if the timeout expired or connection trouble occurred,
1764 : * false otherwise. Sets *result except in case of a true result.
1765 : * Sets *timed_out to true only when the timeout expired.
1766 : */
1767 : static bool
1768 101 : pgfdw_get_cleanup_result(PGconn *conn, TimestampTz endtime,
1769 : TimestampTz retrycanceltime,
1770 : PGresult **result,
1771 : bool *timed_out)
1772 : {
1773 101 : bool failed = false;
1774 101 : PGresult *last_res = NULL;
1775 101 : int canceldelta = RETRY_CANCEL_TIMEOUT * 2;
1776 :
1777 101 : *result = NULL;
1778 101 : *timed_out = false;
1779 : for (;;)
1780 113 : {
1781 : PGresult *res;
1782 :
1783 311 : while (PQisBusy(conn))
1784 : {
1785 : int wc;
1786 99 : TimestampTz now = GetCurrentTimestamp();
1787 : long cur_timeout;
1788 :
1789 : /* If timeout has expired, give up. */
1790 99 : if (now >= endtime)
1791 : {
1792 0 : *timed_out = true;
1793 0 : failed = true;
1794 0 : goto exit;
1795 : }
1796 :
1797 : /* If we need to re-issue the cancel request, do that. */
1798 99 : if (now >= retrycanceltime)
1799 : {
1800 : /* We ignore failure to issue the repeated request. */
1801 0 : (void) libpqsrv_cancel(conn, endtime);
1802 :
1803 : /* Recompute "now" in case that took measurable time. */
1804 0 : now = GetCurrentTimestamp();
1805 :
1806 : /* Adjust re-cancel timeout in increasing steps. */
1807 0 : retrycanceltime = TimestampTzPlusMilliseconds(now,
1808 : canceldelta);
1809 0 : canceldelta += canceldelta;
1810 : }
1811 :
1812 : /* If timeout has expired, give up, else get sleep time. */
1813 99 : cur_timeout = TimestampDifferenceMilliseconds(now,
1814 : Min(endtime,
1815 : retrycanceltime));
1816 99 : if (cur_timeout <= 0)
1817 : {
1818 0 : *timed_out = true;
1819 0 : failed = true;
1820 0 : goto exit;
1821 : }
1822 :
1823 : /* first time, allocate or get the custom wait event */
1824 99 : if (pgfdw_we_cleanup_result == 0)
1825 2 : pgfdw_we_cleanup_result = WaitEventExtensionNew("PostgresFdwCleanupResult");
1826 :
1827 : /* Sleep until there's something to do */
1828 99 : wc = WaitLatchOrSocket(MyLatch,
1829 : WL_LATCH_SET | WL_SOCKET_READABLE |
1830 : WL_TIMEOUT | WL_EXIT_ON_PM_DEATH,
1831 : PQsocket(conn),
1832 : cur_timeout, pgfdw_we_cleanup_result);
1833 99 : ResetLatch(MyLatch);
1834 :
1835 99 : CHECK_FOR_INTERRUPTS();
1836 :
1837 : /* Data available in socket? */
1838 99 : if (wc & WL_SOCKET_READABLE)
1839 : {
1840 99 : if (!PQconsumeInput(conn))
1841 : {
1842 : /* connection trouble */
1843 2 : failed = true;
1844 2 : goto exit;
1845 : }
1846 : }
1847 : }
1848 :
1849 212 : res = PQgetResult(conn);
1850 212 : if (res == NULL)
1851 99 : break; /* query is complete */
1852 :
1853 113 : PQclear(last_res);
1854 113 : last_res = res;
1855 : }
1856 101 : exit:
1857 101 : if (failed)
1858 2 : PQclear(last_res);
1859 : else
1860 99 : *result = last_res;
1861 101 : return failed;
1862 : }
1863 :
1864 : /*
1865 : * Abort remote transaction or subtransaction.
1866 : *
1867 : * "toplevel" should be set to true if toplevel (main) transaction is
1868 : * rollbacked, false otherwise.
1869 : *
1870 : * Set entry->changing_xact_state to false on success, true on failure.
1871 : */
1872 : static void
1873 65 : pgfdw_abort_cleanup(ConnCacheEntry *entry, bool toplevel)
1874 : {
1875 : char sql[100];
1876 :
1877 : /*
1878 : * Don't try to clean up the connection if we're already in error
1879 : * recursion trouble.
1880 : */
1881 65 : if (in_error_recursion_trouble())
1882 0 : entry->changing_xact_state = true;
1883 :
1884 : /*
1885 : * If connection is already unsalvageable, don't touch it further.
1886 : */
1887 65 : if (entry->changing_xact_state)
1888 5 : return;
1889 :
1890 : /*
1891 : * Mark this connection as in the process of changing transaction state.
1892 : */
1893 62 : entry->changing_xact_state = true;
1894 :
1895 : /* Assume we might have lost track of prepared statements */
1896 62 : entry->have_error = true;
1897 :
1898 : /*
1899 : * If a command has been submitted to the remote server by using an
1900 : * asynchronous execution function, the command might not have yet
1901 : * completed. Check to see if a command is still being processed by the
1902 : * remote server, and if so, request cancellation of the command.
1903 : */
1904 62 : if (PQtransactionStatus(entry->conn) == PQTRANS_ACTIVE &&
1905 2 : !pgfdw_cancel_query(entry->conn))
1906 0 : return; /* Unable to cancel running query */
1907 :
1908 62 : CONSTRUCT_ABORT_COMMAND(sql, entry, toplevel);
1909 62 : if (!pgfdw_exec_cleanup_query(entry->conn, sql, false))
1910 2 : return; /* Unable to abort remote (sub)transaction */
1911 :
1912 60 : if (toplevel)
1913 : {
1914 52 : if (entry->have_prep_stmt && entry->have_error &&
1915 25 : !pgfdw_exec_cleanup_query(entry->conn,
1916 : "DEALLOCATE ALL",
1917 : true))
1918 0 : return; /* Trouble clearing prepared statements */
1919 :
1920 52 : entry->have_prep_stmt = false;
1921 52 : entry->have_error = false;
1922 : }
1923 :
1924 : /*
1925 : * If pendingAreq of the per-connection state is not NULL, it means that
1926 : * an asynchronous fetch begun by fetch_more_data_begin() was not done
1927 : * successfully and thus the per-connection state was not reset in
1928 : * fetch_more_data(); in that case reset the per-connection state here.
1929 : */
1930 60 : if (entry->state.pendingAreq)
1931 1 : memset(&entry->state, 0, sizeof(entry->state));
1932 :
1933 : /* Disarm changing_xact_state if it all worked */
1934 60 : entry->changing_xact_state = false;
1935 : }
1936 :
1937 : /*
1938 : * Like pgfdw_abort_cleanup, submit an abort command or cancel request, but
1939 : * don't wait for the result.
1940 : *
1941 : * Returns true if the abort command or cancel request is successfully issued,
1942 : * false otherwise. If the abort command is successfully issued, the given
1943 : * connection cache entry is appended to *pending_entries. Otherwise, if the
1944 : * cancel request is successfully issued, it is appended to *cancel_requested.
1945 : */
1946 : static bool
1947 8 : pgfdw_abort_cleanup_begin(ConnCacheEntry *entry, bool toplevel,
1948 : List **pending_entries, List **cancel_requested)
1949 : {
1950 : /*
1951 : * Don't try to clean up the connection if we're already in error
1952 : * recursion trouble.
1953 : */
1954 8 : if (in_error_recursion_trouble())
1955 0 : entry->changing_xact_state = true;
1956 :
1957 : /*
1958 : * If connection is already unsalvageable, don't touch it further.
1959 : */
1960 8 : if (entry->changing_xact_state)
1961 0 : return false;
1962 :
1963 : /*
1964 : * Mark this connection as in the process of changing transaction state.
1965 : */
1966 8 : entry->changing_xact_state = true;
1967 :
1968 : /* Assume we might have lost track of prepared statements */
1969 8 : entry->have_error = true;
1970 :
1971 : /*
1972 : * If a command has been submitted to the remote server by using an
1973 : * asynchronous execution function, the command might not have yet
1974 : * completed. Check to see if a command is still being processed by the
1975 : * remote server, and if so, request cancellation of the command.
1976 : */
1977 8 : if (PQtransactionStatus(entry->conn) == PQTRANS_ACTIVE)
1978 : {
1979 : TimestampTz endtime;
1980 :
1981 0 : endtime = TimestampTzPlusMilliseconds(GetCurrentTimestamp(),
1982 : CONNECTION_CLEANUP_TIMEOUT);
1983 0 : if (!pgfdw_cancel_query_begin(entry->conn, endtime))
1984 0 : return false; /* Unable to cancel running query */
1985 0 : *cancel_requested = lappend(*cancel_requested, entry);
1986 : }
1987 : else
1988 : {
1989 : char sql[100];
1990 :
1991 8 : CONSTRUCT_ABORT_COMMAND(sql, entry, toplevel);
1992 8 : if (!pgfdw_exec_cleanup_query_begin(entry->conn, sql))
1993 0 : return false; /* Unable to abort remote transaction */
1994 8 : *pending_entries = lappend(*pending_entries, entry);
1995 : }
1996 :
1997 8 : return true;
1998 : }
1999 :
2000 : /*
2001 : * Finish pre-commit cleanup of connections on each of which we've sent a
2002 : * COMMIT command to the remote server.
2003 : */
2004 : static void
2005 13 : pgfdw_finish_pre_commit_cleanup(List *pending_entries)
2006 : {
2007 : ConnCacheEntry *entry;
2008 13 : List *pending_deallocs = NIL;
2009 : ListCell *lc;
2010 :
2011 : Assert(pending_entries);
2012 :
2013 : /*
2014 : * Get the result of the COMMIT command for each of the pending entries
2015 : */
2016 29 : foreach(lc, pending_entries)
2017 : {
2018 16 : entry = (ConnCacheEntry *) lfirst(lc);
2019 :
2020 : Assert(entry->changing_xact_state);
2021 :
2022 : /*
2023 : * We might already have received the result on the socket, so pass
2024 : * consume_input=true to try to consume it first
2025 : */
2026 16 : do_sql_command_end(entry->conn, "COMMIT TRANSACTION", true);
2027 16 : entry->changing_xact_state = false;
2028 :
2029 : /* Do a DEALLOCATE ALL in parallel if needed */
2030 16 : if (entry->have_prep_stmt && entry->have_error)
2031 : {
2032 : /* Ignore errors (see notes in pgfdw_xact_callback) */
2033 2 : if (PQsendQuery(entry->conn, "DEALLOCATE ALL"))
2034 : {
2035 2 : pending_deallocs = lappend(pending_deallocs, entry);
2036 2 : continue;
2037 : }
2038 : }
2039 14 : entry->have_prep_stmt = false;
2040 14 : entry->have_error = false;
2041 :
2042 14 : pgfdw_reset_xact_state(entry, true);
2043 : }
2044 :
2045 : /* No further work if no pending entries */
2046 13 : if (!pending_deallocs)
2047 12 : return;
2048 :
2049 : /*
2050 : * Get the result of the DEALLOCATE command for each of the pending
2051 : * entries
2052 : */
2053 3 : foreach(lc, pending_deallocs)
2054 : {
2055 : PGresult *res;
2056 :
2057 2 : entry = (ConnCacheEntry *) lfirst(lc);
2058 :
2059 : /* Ignore errors (see notes in pgfdw_xact_callback) */
2060 4 : while ((res = PQgetResult(entry->conn)) != NULL)
2061 : {
2062 2 : PQclear(res);
2063 : /* Stop if the connection is lost (else we'll loop infinitely) */
2064 2 : if (PQstatus(entry->conn) == CONNECTION_BAD)
2065 0 : break;
2066 : }
2067 2 : entry->have_prep_stmt = false;
2068 2 : entry->have_error = false;
2069 :
2070 2 : pgfdw_reset_xact_state(entry, true);
2071 : }
2072 : }
2073 :
2074 : /*
2075 : * Finish pre-subcommit cleanup of connections on each of which we've sent a
2076 : * RELEASE command to the remote server.
2077 : */
2078 : static void
2079 1 : pgfdw_finish_pre_subcommit_cleanup(List *pending_entries, int curlevel)
2080 : {
2081 : ConnCacheEntry *entry;
2082 : char sql[100];
2083 : ListCell *lc;
2084 :
2085 : Assert(pending_entries);
2086 :
2087 : /*
2088 : * Get the result of the RELEASE command for each of the pending entries
2089 : */
2090 1 : snprintf(sql, sizeof(sql), "RELEASE SAVEPOINT s%d", curlevel);
2091 3 : foreach(lc, pending_entries)
2092 : {
2093 2 : entry = (ConnCacheEntry *) lfirst(lc);
2094 :
2095 : Assert(entry->changing_xact_state);
2096 :
2097 : /*
2098 : * We might already have received the result on the socket, so pass
2099 : * consume_input=true to try to consume it first
2100 : */
2101 2 : do_sql_command_end(entry->conn, sql, true);
2102 2 : entry->changing_xact_state = false;
2103 :
2104 2 : pgfdw_reset_xact_state(entry, false);
2105 : }
2106 1 : }
2107 :
2108 : /*
2109 : * Finish abort cleanup of connections on each of which we've sent an abort
2110 : * command or cancel request to the remote server.
2111 : */
2112 : static void
2113 4 : pgfdw_finish_abort_cleanup(List *pending_entries, List *cancel_requested,
2114 : bool toplevel)
2115 : {
2116 4 : List *pending_deallocs = NIL;
2117 : ListCell *lc;
2118 :
2119 : /*
2120 : * For each of the pending cancel requests (if any), get and discard the
2121 : * result of the query, and submit an abort command to the remote server.
2122 : */
2123 4 : if (cancel_requested)
2124 : {
2125 0 : foreach(lc, cancel_requested)
2126 : {
2127 0 : ConnCacheEntry *entry = (ConnCacheEntry *) lfirst(lc);
2128 0 : TimestampTz now = GetCurrentTimestamp();
2129 : TimestampTz endtime;
2130 : TimestampTz retrycanceltime;
2131 : char sql[100];
2132 :
2133 : Assert(entry->changing_xact_state);
2134 :
2135 : /*
2136 : * Set end time. You might think we should do this before issuing
2137 : * cancel request like in normal mode, but that is problematic,
2138 : * because if, for example, it took longer than 30 seconds to
2139 : * process the first few entries in the cancel_requested list, it
2140 : * would cause a timeout error when processing each of the
2141 : * remaining entries in the list, leading to slamming that entry's
2142 : * connection shut.
2143 : */
2144 0 : endtime = TimestampTzPlusMilliseconds(now,
2145 : CONNECTION_CLEANUP_TIMEOUT);
2146 0 : retrycanceltime = TimestampTzPlusMilliseconds(now,
2147 : RETRY_CANCEL_TIMEOUT);
2148 :
2149 0 : if (!pgfdw_cancel_query_end(entry->conn, endtime,
2150 : retrycanceltime, true))
2151 : {
2152 : /* Unable to cancel running query */
2153 0 : pgfdw_reset_xact_state(entry, toplevel);
2154 0 : continue;
2155 : }
2156 :
2157 : /* Send an abort command in parallel if needed */
2158 0 : CONSTRUCT_ABORT_COMMAND(sql, entry, toplevel);
2159 0 : if (!pgfdw_exec_cleanup_query_begin(entry->conn, sql))
2160 : {
2161 : /* Unable to abort remote (sub)transaction */
2162 0 : pgfdw_reset_xact_state(entry, toplevel);
2163 : }
2164 : else
2165 0 : pending_entries = lappend(pending_entries, entry);
2166 : }
2167 : }
2168 :
2169 : /* No further work if no pending entries */
2170 4 : if (!pending_entries)
2171 0 : return;
2172 :
2173 : /*
2174 : * Get the result of the abort command for each of the pending entries
2175 : */
2176 12 : foreach(lc, pending_entries)
2177 : {
2178 8 : ConnCacheEntry *entry = (ConnCacheEntry *) lfirst(lc);
2179 : TimestampTz endtime;
2180 : char sql[100];
2181 :
2182 : Assert(entry->changing_xact_state);
2183 :
2184 : /*
2185 : * Set end time. We do this now, not before issuing the command like
2186 : * in normal mode, for the same reason as for the cancel_requested
2187 : * entries.
2188 : */
2189 8 : endtime = TimestampTzPlusMilliseconds(GetCurrentTimestamp(),
2190 : CONNECTION_CLEANUP_TIMEOUT);
2191 :
2192 8 : CONSTRUCT_ABORT_COMMAND(sql, entry, toplevel);
2193 8 : if (!pgfdw_exec_cleanup_query_end(entry->conn, sql, endtime,
2194 : true, false))
2195 : {
2196 : /* Unable to abort remote (sub)transaction */
2197 0 : pgfdw_reset_xact_state(entry, toplevel);
2198 4 : continue;
2199 : }
2200 :
2201 8 : if (toplevel)
2202 : {
2203 : /* Do a DEALLOCATE ALL in parallel if needed */
2204 4 : if (entry->have_prep_stmt && entry->have_error)
2205 : {
2206 4 : if (!pgfdw_exec_cleanup_query_begin(entry->conn,
2207 : "DEALLOCATE ALL"))
2208 : {
2209 : /* Trouble clearing prepared statements */
2210 0 : pgfdw_reset_xact_state(entry, toplevel);
2211 : }
2212 : else
2213 4 : pending_deallocs = lappend(pending_deallocs, entry);
2214 4 : continue;
2215 : }
2216 0 : entry->have_prep_stmt = false;
2217 0 : entry->have_error = false;
2218 : }
2219 :
2220 : /* Reset the per-connection state if needed */
2221 4 : if (entry->state.pendingAreq)
2222 0 : memset(&entry->state, 0, sizeof(entry->state));
2223 :
2224 : /* We're done with this entry; unset the changing_xact_state flag */
2225 4 : entry->changing_xact_state = false;
2226 4 : pgfdw_reset_xact_state(entry, toplevel);
2227 : }
2228 :
2229 : /* No further work if no pending entries */
2230 4 : if (!pending_deallocs)
2231 2 : return;
2232 : Assert(toplevel);
2233 :
2234 : /*
2235 : * Get the result of the DEALLOCATE command for each of the pending
2236 : * entries
2237 : */
2238 6 : foreach(lc, pending_deallocs)
2239 : {
2240 4 : ConnCacheEntry *entry = (ConnCacheEntry *) lfirst(lc);
2241 : TimestampTz endtime;
2242 :
2243 : Assert(entry->changing_xact_state);
2244 : Assert(entry->have_prep_stmt);
2245 : Assert(entry->have_error);
2246 :
2247 : /*
2248 : * Set end time. We do this now, not before issuing the command like
2249 : * in normal mode, for the same reason as for the cancel_requested
2250 : * entries.
2251 : */
2252 4 : endtime = TimestampTzPlusMilliseconds(GetCurrentTimestamp(),
2253 : CONNECTION_CLEANUP_TIMEOUT);
2254 :
2255 4 : if (!pgfdw_exec_cleanup_query_end(entry->conn, "DEALLOCATE ALL",
2256 : endtime, true, true))
2257 : {
2258 : /* Trouble clearing prepared statements */
2259 0 : pgfdw_reset_xact_state(entry, toplevel);
2260 0 : continue;
2261 : }
2262 4 : entry->have_prep_stmt = false;
2263 4 : entry->have_error = false;
2264 :
2265 : /* Reset the per-connection state if needed */
2266 4 : if (entry->state.pendingAreq)
2267 0 : memset(&entry->state, 0, sizeof(entry->state));
2268 :
2269 : /* We're done with this entry; unset the changing_xact_state flag */
2270 4 : entry->changing_xact_state = false;
2271 4 : pgfdw_reset_xact_state(entry, toplevel);
2272 : }
2273 : }
2274 :
2275 : /* Number of output arguments (columns) for various API versions */
2276 : #define POSTGRES_FDW_GET_CONNECTIONS_COLS_V1_1 2
2277 : #define POSTGRES_FDW_GET_CONNECTIONS_COLS_V1_2 6
2278 : #define POSTGRES_FDW_GET_CONNECTIONS_COLS 6 /* maximum of above */
2279 :
2280 : /*
2281 : * Internal function used by postgres_fdw_get_connections variants.
2282 : *
2283 : * For API version 1.1, this function takes no input parameter and
2284 : * returns a set of records with the following values:
2285 : *
2286 : * - server_name - server name of active connection. In case the foreign server
2287 : * is dropped but still the connection is active, then the server name will
2288 : * be NULL in output.
2289 : * - valid - true/false representing whether the connection is valid or not.
2290 : * Note that connections can become invalid in pgfdw_inval_callback.
2291 : *
2292 : * For API version 1.2 and later, this function takes an input parameter
2293 : * to check a connection status and returns the following
2294 : * additional values along with the four values from version 1.1:
2295 : *
2296 : * - user_name - the local user name of the active connection. In case the
2297 : * user mapping is dropped but the connection is still active, then the
2298 : * user name will be NULL in the output.
2299 : * - used_in_xact - true if the connection is used in the current transaction.
2300 : * - closed - true if the connection is closed.
2301 : * - remote_backend_pid - process ID of the remote backend, on the foreign
2302 : * server, handling the connection.
2303 : *
2304 : * No records are returned when there are no cached connections at all.
2305 : */
2306 : static void
2307 13 : postgres_fdw_get_connections_internal(FunctionCallInfo fcinfo,
2308 : enum pgfdwVersion api_version)
2309 : {
2310 13 : ReturnSetInfo *rsinfo = (ReturnSetInfo *) fcinfo->resultinfo;
2311 : HASH_SEQ_STATUS scan;
2312 : ConnCacheEntry *entry;
2313 :
2314 13 : InitMaterializedSRF(fcinfo, 0);
2315 :
2316 : /* If cache doesn't exist, we return no records */
2317 13 : if (!ConnectionHash)
2318 0 : return;
2319 :
2320 : /* Check we have the expected number of output arguments */
2321 13 : switch (rsinfo->setDesc->natts)
2322 : {
2323 0 : case POSTGRES_FDW_GET_CONNECTIONS_COLS_V1_1:
2324 0 : if (api_version != PGFDW_V1_1)
2325 0 : elog(ERROR, "incorrect number of output arguments");
2326 0 : break;
2327 13 : case POSTGRES_FDW_GET_CONNECTIONS_COLS_V1_2:
2328 13 : if (api_version != PGFDW_V1_2)
2329 0 : elog(ERROR, "incorrect number of output arguments");
2330 13 : break;
2331 0 : default:
2332 0 : elog(ERROR, "incorrect number of output arguments");
2333 : }
2334 :
2335 13 : hash_seq_init(&scan, ConnectionHash);
2336 113 : while ((entry = (ConnCacheEntry *) hash_seq_search(&scan)))
2337 : {
2338 : ForeignServer *server;
2339 100 : Datum values[POSTGRES_FDW_GET_CONNECTIONS_COLS] = {0};
2340 100 : bool nulls[POSTGRES_FDW_GET_CONNECTIONS_COLS] = {0};
2341 100 : int i = 0;
2342 :
2343 : /* We only look for open remote connections */
2344 100 : if (!entry->conn)
2345 87 : continue;
2346 :
2347 13 : server = GetForeignServerExtended(entry->serverid, FSV_MISSING_OK);
2348 :
2349 : /*
2350 : * The foreign server may have been dropped in current explicit
2351 : * transaction. It is not possible to drop the server from another
2352 : * session when the connection associated with it is in use in the
2353 : * current transaction, if tried so, the drop query in another session
2354 : * blocks until the current transaction finishes.
2355 : *
2356 : * Even though the server is dropped in the current transaction, the
2357 : * cache can still have associated active connection entry, say we
2358 : * call such connections dangling. Since we can not fetch the server
2359 : * name from system catalogs for dangling connections, instead we show
2360 : * NULL value for server name in output.
2361 : *
2362 : * We could have done better by storing the server name in the cache
2363 : * entry instead of server oid so that it could be used in the output.
2364 : * But the server name in each cache entry requires 64 bytes of
2365 : * memory, which is huge, when there are many cached connections and
2366 : * the use case i.e. dropping the foreign server within the explicit
2367 : * current transaction seems rare. So, we chose to show NULL value for
2368 : * server name in output.
2369 : *
2370 : * Such dangling connections get closed either in next use or at the
2371 : * end of current explicit transaction in pgfdw_xact_callback.
2372 : */
2373 13 : if (!server)
2374 : {
2375 : /*
2376 : * If the server has been dropped in the current explicit
2377 : * transaction, then this entry would have been invalidated in
2378 : * pgfdw_inval_callback at the end of drop server command. Note
2379 : * that this connection would not have been closed in
2380 : * pgfdw_inval_callback because it is still being used in the
2381 : * current explicit transaction. So, assert that here.
2382 : */
2383 : Assert(entry->conn && entry->xact_depth > 0 && entry->invalidated);
2384 :
2385 : /* Show null, if no server name was found */
2386 1 : nulls[i++] = true;
2387 : }
2388 : else
2389 12 : values[i++] = CStringGetTextDatum(server->servername);
2390 :
2391 13 : if (api_version >= PGFDW_V1_2)
2392 : {
2393 : HeapTuple tp;
2394 :
2395 : /* Use the system cache to obtain the user mapping */
2396 13 : tp = SearchSysCache1(USERMAPPINGOID, ObjectIdGetDatum(entry->key));
2397 :
2398 : /*
2399 : * Just like in the foreign server case, user mappings can also be
2400 : * dropped in the current explicit transaction. Therefore, the
2401 : * similar check as in the server case is required.
2402 : */
2403 13 : if (!HeapTupleIsValid(tp))
2404 : {
2405 : /*
2406 : * If we reach here, this entry must have been invalidated in
2407 : * pgfdw_inval_callback, same as in the server case.
2408 : */
2409 : Assert(entry->conn && entry->xact_depth > 0 &&
2410 : entry->invalidated);
2411 :
2412 1 : nulls[i++] = true;
2413 : }
2414 : else
2415 : {
2416 : Oid userid;
2417 :
2418 12 : userid = ((Form_pg_user_mapping) GETSTRUCT(tp))->umuser;
2419 12 : values[i++] = CStringGetTextDatum(MappingUserName(userid));
2420 12 : ReleaseSysCache(tp);
2421 : }
2422 : }
2423 :
2424 13 : values[i++] = BoolGetDatum(!entry->invalidated);
2425 :
2426 13 : if (api_version >= PGFDW_V1_2)
2427 : {
2428 13 : bool check_conn = PG_GETARG_BOOL(0);
2429 :
2430 : /* Is this connection used in the current transaction? */
2431 13 : values[i++] = BoolGetDatum(entry->xact_depth > 0);
2432 :
2433 : /*
2434 : * If a connection status check is requested and supported, return
2435 : * whether the connection is closed. Otherwise, return NULL.
2436 : */
2437 13 : if (check_conn && pgfdw_conn_checkable())
2438 2 : values[i++] = BoolGetDatum(pgfdw_conn_check(entry->conn) != 0);
2439 : else
2440 11 : nulls[i++] = true;
2441 :
2442 : /* Return process ID of remote backend */
2443 13 : values[i++] = Int32GetDatum(PQbackendPID(entry->conn));
2444 : }
2445 :
2446 13 : tuplestore_putvalues(rsinfo->setResult, rsinfo->setDesc, values, nulls);
2447 : }
2448 : }
2449 :
2450 : /*
2451 : * Values in connection strings must be enclosed in single quotes. Single
2452 : * quotes and backslashes must be escaped with backslash. NB: these rules are
2453 : * different from the rules for escaping a SQL literal.
2454 : */
2455 : static void
2456 90 : appendEscapedValue(StringInfo str, const char *val)
2457 : {
2458 90 : appendStringInfoChar(str, '\'');
2459 704 : for (int i = 0; val[i] != '\0'; i++)
2460 : {
2461 614 : if (val[i] == '\\' || val[i] == '\'')
2462 0 : appendStringInfoChar(str, '\\');
2463 614 : appendStringInfoChar(str, val[i]);
2464 : }
2465 90 : appendStringInfoChar(str, '\'');
2466 90 : }
2467 :
2468 : Datum
2469 10 : postgres_fdw_connection(PG_FUNCTION_ARGS)
2470 : {
2471 10 : Oid userid = PG_GETARG_OID(0);
2472 10 : Oid serverid = PG_GETARG_OID(1);
2473 10 : ForeignServer *server = GetForeignServer(serverid);
2474 10 : UserMapping *user = GetUserMapping(userid, serverid);
2475 : StringInfoData str;
2476 : const char **keywords;
2477 : const char **values;
2478 : char *appname;
2479 10 : char *sep = "";
2480 :
2481 10 : construct_connection_params(server, user, &keywords, &values, &appname);
2482 :
2483 10 : initStringInfo(&str);
2484 100 : for (int i = 0; keywords[i] != NULL; i++)
2485 : {
2486 90 : if (values[i] == NULL)
2487 0 : continue;
2488 90 : appendStringInfo(&str, "%s%s = ", sep, keywords[i]);
2489 90 : appendEscapedValue(&str, values[i]);
2490 90 : sep = " ";
2491 : }
2492 :
2493 10 : if (appname != NULL)
2494 2 : pfree(appname);
2495 10 : pfree(keywords);
2496 10 : pfree(values);
2497 10 : PG_RETURN_TEXT_P(cstring_to_text(str.data));
2498 : }
2499 :
2500 : /*
2501 : * List active foreign server connections.
2502 : *
2503 : * The SQL API of this function has changed multiple times, and will likely
2504 : * do so again in future. To support the case where a newer version of this
2505 : * loadable module is being used with an old SQL declaration of the function,
2506 : * we continue to support the older API versions.
2507 : */
2508 : Datum
2509 13 : postgres_fdw_get_connections_1_2(PG_FUNCTION_ARGS)
2510 : {
2511 13 : postgres_fdw_get_connections_internal(fcinfo, PGFDW_V1_2);
2512 :
2513 13 : PG_RETURN_VOID();
2514 : }
2515 :
2516 : Datum
2517 0 : postgres_fdw_get_connections(PG_FUNCTION_ARGS)
2518 : {
2519 0 : postgres_fdw_get_connections_internal(fcinfo, PGFDW_V1_1);
2520 :
2521 0 : PG_RETURN_VOID();
2522 : }
2523 :
2524 : /*
2525 : * Disconnect the specified cached connections.
2526 : *
2527 : * This function discards the open connections that are established by
2528 : * postgres_fdw from the local session to the foreign server with
2529 : * the given name. Note that there can be multiple connections to
2530 : * the given server using different user mappings. If the connections
2531 : * are used in the current local transaction, they are not disconnected
2532 : * and warning messages are reported. This function returns true
2533 : * if it disconnects at least one connection, otherwise false. If no
2534 : * foreign server with the given name is found, an error is reported.
2535 : */
2536 : Datum
2537 4 : postgres_fdw_disconnect(PG_FUNCTION_ARGS)
2538 : {
2539 : ForeignServer *server;
2540 : char *servername;
2541 :
2542 4 : servername = text_to_cstring(PG_GETARG_TEXT_PP(0));
2543 4 : server = GetForeignServerByName(servername, false);
2544 :
2545 3 : PG_RETURN_BOOL(disconnect_cached_connections(server->serverid));
2546 : }
2547 :
2548 : /*
2549 : * Disconnect all the cached connections.
2550 : *
2551 : * This function discards all the open connections that are established by
2552 : * postgres_fdw from the local session to the foreign servers.
2553 : * If the connections are used in the current local transaction, they are
2554 : * not disconnected and warning messages are reported. This function
2555 : * returns true if it disconnects at least one connection, otherwise false.
2556 : */
2557 : Datum
2558 5 : postgres_fdw_disconnect_all(PG_FUNCTION_ARGS)
2559 : {
2560 5 : PG_RETURN_BOOL(disconnect_cached_connections(InvalidOid));
2561 : }
2562 :
2563 : /*
2564 : * Workhorse to disconnect cached connections.
2565 : *
2566 : * This function scans all the connection cache entries and disconnects
2567 : * the open connections whose foreign server OID matches with
2568 : * the specified one. If InvalidOid is specified, it disconnects all
2569 : * the cached connections.
2570 : *
2571 : * This function emits a warning for each connection that's used in
2572 : * the current transaction and doesn't close it. It returns true if
2573 : * it disconnects at least one connection, otherwise false.
2574 : *
2575 : * Note that this function disconnects even the connections that are
2576 : * established by other users in the same local session using different
2577 : * user mappings. This leads even non-superuser to be able to close
2578 : * the connections established by superusers in the same local session.
2579 : *
2580 : * XXX As of now we don't see any security risk doing this. But we should
2581 : * set some restrictions on that, for example, prevent non-superuser
2582 : * from closing the connections established by superusers even
2583 : * in the same session?
2584 : */
2585 : static bool
2586 8 : disconnect_cached_connections(Oid serverid)
2587 : {
2588 : HASH_SEQ_STATUS scan;
2589 : ConnCacheEntry *entry;
2590 8 : bool all = !OidIsValid(serverid);
2591 8 : bool result = false;
2592 :
2593 : /*
2594 : * Connection cache hashtable has not been initialized yet in this
2595 : * session, so return false.
2596 : */
2597 8 : if (!ConnectionHash)
2598 0 : return false;
2599 :
2600 8 : hash_seq_init(&scan, ConnectionHash);
2601 67 : while ((entry = (ConnCacheEntry *) hash_seq_search(&scan)))
2602 : {
2603 : /* Ignore cache entry if no open connection right now. */
2604 59 : if (!entry->conn)
2605 47 : continue;
2606 :
2607 12 : if (all || entry->serverid == serverid)
2608 : {
2609 : /*
2610 : * Emit a warning because the connection to close is used in the
2611 : * current transaction and cannot be disconnected right now.
2612 : */
2613 9 : if (entry->xact_depth > 0)
2614 : {
2615 : ForeignServer *server;
2616 :
2617 3 : server = GetForeignServerExtended(entry->serverid,
2618 : FSV_MISSING_OK);
2619 :
2620 3 : if (!server)
2621 : {
2622 : /*
2623 : * If the foreign server was dropped while its connection
2624 : * was used in the current transaction, the connection
2625 : * must have been marked as invalid by
2626 : * pgfdw_inval_callback at the end of DROP SERVER command.
2627 : */
2628 : Assert(entry->invalidated);
2629 :
2630 0 : ereport(WARNING,
2631 : (errmsg("cannot close dropped server connection because it is still in use")));
2632 : }
2633 : else
2634 3 : ereport(WARNING,
2635 : (errmsg("cannot close connection for server \"%s\" because it is still in use",
2636 : server->servername)));
2637 : }
2638 : else
2639 : {
2640 6 : elog(DEBUG3, "discarding connection %p", entry->conn);
2641 6 : disconnect_pg_server(entry);
2642 6 : result = true;
2643 : }
2644 : }
2645 : }
2646 :
2647 8 : return result;
2648 : }
2649 :
2650 : /*
2651 : * Check if the remote server closed the connection.
2652 : *
2653 : * Returns 1 if the connection is closed, -1 if an error occurred,
2654 : * and 0 if it's not closed or if the connection check is unavailable
2655 : * on this platform.
2656 : */
2657 : static int
2658 2 : pgfdw_conn_check(PGconn *conn)
2659 : {
2660 2 : int sock = PQsocket(conn);
2661 :
2662 2 : if (PQstatus(conn) != CONNECTION_OK || sock == -1)
2663 0 : return -1;
2664 :
2665 : #if (defined(HAVE_POLL) && defined(POLLRDHUP))
2666 : {
2667 : struct pollfd input_fd;
2668 : int result;
2669 :
2670 2 : input_fd.fd = sock;
2671 2 : input_fd.events = POLLRDHUP;
2672 2 : input_fd.revents = 0;
2673 :
2674 : do
2675 2 : result = poll(&input_fd, 1, 0);
2676 2 : while (result < 0 && errno == EINTR);
2677 :
2678 2 : if (result < 0)
2679 0 : return -1;
2680 :
2681 2 : return (input_fd.revents &
2682 2 : (POLLRDHUP | POLLHUP | POLLERR | POLLNVAL)) ? 1 : 0;
2683 : }
2684 : #else
2685 : return 0;
2686 : #endif
2687 : }
2688 :
2689 : /*
2690 : * Check if connection status checking is available on this platform.
2691 : *
2692 : * Returns true if available, false otherwise.
2693 : */
2694 : static bool
2695 2 : pgfdw_conn_checkable(void)
2696 : {
2697 : #if (defined(HAVE_POLL) && defined(POLLRDHUP))
2698 2 : return true;
2699 : #else
2700 : return false;
2701 : #endif
2702 : }
2703 :
2704 : /*
2705 : * Ensure that require_auth and SCRAM keys are correctly set on values. SCRAM
2706 : * keys used to pass-through are coming from the initial connection from the
2707 : * client with the server.
2708 : *
2709 : * All required SCRAM options are set by postgres_fdw, so we just need to
2710 : * ensure that these options are not overwritten by the user.
2711 : */
2712 : static bool
2713 10 : pgfdw_has_required_scram_options(const char **keywords, const char **values)
2714 : {
2715 10 : bool has_scram_server_key = false;
2716 10 : bool has_scram_client_key = false;
2717 10 : bool has_require_auth = false;
2718 10 : bool has_scram_keys = false;
2719 :
2720 : /*
2721 : * Continue iterating even if we found the keys that we need to validate
2722 : * to make sure that there is no other declaration of these keys that can
2723 : * overwrite the first.
2724 : */
2725 97 : for (int i = 0; keywords[i] != NULL; i++)
2726 : {
2727 87 : if (strcmp(keywords[i], "scram_client_key") == 0)
2728 : {
2729 9 : if (values[i] != NULL && values[i][0] != '\0')
2730 9 : has_scram_client_key = true;
2731 : else
2732 0 : has_scram_client_key = false;
2733 : }
2734 :
2735 87 : if (strcmp(keywords[i], "scram_server_key") == 0)
2736 : {
2737 9 : if (values[i] != NULL && values[i][0] != '\0')
2738 9 : has_scram_server_key = true;
2739 : else
2740 0 : has_scram_server_key = false;
2741 : }
2742 :
2743 87 : if (strcmp(keywords[i], "require_auth") == 0)
2744 : {
2745 9 : if (values[i] != NULL && strcmp(values[i], "scram-sha-256") == 0)
2746 9 : has_require_auth = true;
2747 : else
2748 0 : has_require_auth = false;
2749 : }
2750 : }
2751 :
2752 10 : has_scram_keys = has_scram_client_key && has_scram_server_key && MyProcPort != NULL && MyProcPort->has_scram_keys;
2753 :
2754 10 : return (has_scram_keys && has_require_auth);
2755 : }
|
